autotrace 0.1.0 → 0.1.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dce37787636a8564e56fc6694fea1bbc27b2a484ff3f1ae0bf6bba498e1e76e0
-  data.tar.gz: dce6102e09ddcfa1f46187a8935b118ea9a2094cbfbb1f7375caebe2fc14b349
+  metadata.gz: 7272a2b850e301d77b91293d841e67f51ae38f37ca7fe4ba5f1fff695a536f73
+  data.tar.gz: 0afb61a635355976b6f6ed9277da2f427e9f67b8e73cb572b7b4a3a266e2cd92
 SHA512:
-  metadata.gz: b78ce717031ce4189cfd0ad409f948da4be9747d53d585b8c0726fa81d300d0fbd1493b2ed65e210b4a2cee1e91bc3977449bd4306fc0e0833c270f64cc6ed5a
-  data.tar.gz: 83553a622e9900f3ad94b5d0594a7763a3c5278619c126d13d45680deeea04390a91bafe258f452f38cf3ebd1737c45b50e32fab88aeb935094f9a69e722ffde
+  metadata.gz: 3eb0e1ac38c154a616b3abf32e422cc645c4c6510c3aa15936cab379eb7b1517fb1ef991f1a213388a555f11c5748e2dc6834507820e2dcba50d115f4f19ebfb
+  data.tar.gz: f7a219dbc8d55b7adf142901cc2c3ead7b18155b9484a124250248b8a94c94bc37aeb98ac8557a93fff82d71d1bf6b8de4ed62cdbc6a2a155d386b26131f24e0

data/lib/autotrace/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Autotrace
-  VERSION = "0.1.0"
+  VERSION = "0.1.9"
 end

data/rubygems_attestation_patch.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+return if RUBY_ENGINE == "jruby"
+return unless defined?(Gem)
+
+require "rubygems/commands/push_command"
+
+Gem::Commands::PushCommand.prepend(Module.new do
+  def send_push_request(name, args)
+    return super if options[:attestations]&.any? || @host != "https://rubygems.org"
+
+    begin
+      send_push_request_with_attestation(name, args)
+    rescue StandardError => e
+      alert_warning "Failed to push with attestation, retrying without attestation.\n#{e.full_message}"
+      super
+    end
+  end
+
+  def send_push_request_with_attestation(name, args)
+    attestation = attest!(name)
+    if options[:attestations]
+      options[:attestations] << attestation
+      send_push_request(name, args)
+    else
+      rubygems_api_request(*args, scope: get_push_scope) do |request|
+        request.set_form([
+                           ["gem", Gem.read_binary(name), { filename: name, content_type: "application/octet-stream" }],
+                           ["attestations", "[#{Gem.read_binary(attestation)}]", { content_type: "application/json" }]
+                         ], "multipart/form-data")
+        request.add_field "Authorization", api_key
+      end
+    end
+  end
+
+  def attest!(name)
+    require "open3"
+    bundle = "#{name}.sigstore.json"
+    env = defined?(Bundler.unbundled_env) ? Bundler.unbundled_env : ENV.to_h
+    out, st = Open3.capture2e(
+      env,
+      Gem.ruby, "-S", "gem", "exec",
+      "sigstore-cli:0.2.1", "sign", name, "--bundle", bundle,
+      unsetenv_others: true
+    )
+    raise Gem::Exception, "Failed to sign gem:\n\n#{out}" unless st.success?
+
+    bundle
+  end
+end)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: autotrace
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.9
 platform: ruby
 authors:
 - Dylan Player
@@ -50,6 +50,7 @@ files:
 - lib/autotrace.rb
 - lib/autotrace/ffi.rb
 - lib/autotrace/version.rb
+- rubygems_attestation_patch.rb
 homepage: https://github.com/851-labs/autotrace
 licenses:
 - MIT
@@ -72,7 +73,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.16
+rubygems_version: 3.5.23
 signing_key:
 specification_version: 4
 summary: Ruby bindings for the Autotrace library