configure_trusted_publisher 0.1.5 → 0.1.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5df3ee4bdd488d5f14ee555fb5a9d1604615f523fab0397b992b7afcee8a0527
4
- data.tar.gz: acfed99642dd587cb9bc0e03719de8349415b69704df949132653f984457ae98
3
+ metadata.gz: 62e88e6f8fe2b2d276cb12750fa89c2197510a32c2c0f173f8d1fb0882c48195
4
+ data.tar.gz: 1aca9105419c282a2e007f9d0289425bfddbdca0508a008d9142fddb79aa7072
5
5
  SHA512:
6
- metadata.gz: 48d61e87dd4240916c505a6adad16eeb7a3d85d426d37c6692775fd4921fef00885285b95476de49a86085a716ea85aec028d12e2e457d9b5532432c8048f407
7
- data.tar.gz: e9db9496d534fb4025f8bc3ca058a47a3cb5ef9ba741e8a13c2c3e3a34bac740c334b1ae55258412b38e820d9043f61a81ba9da7a4f2c7f68cd0b6b96c6b8335
6
+ metadata.gz: 593966c8a3b809875c88151be176f7e6c62feeb934f337cf1e54479668fd24dbc4e763fb3bb1eb579292b9f1b4e758fef4c9b9e3db8f59c9677446df9eca974a
7
+ data.tar.gz: 9ea13772ac9bd771cdf766cdfed92e906aaf05498744172a225c055d5e71a1fd5b2f598ba86e4c5700b78c3c3b42c4d61aab8c1b29b3c52325dd3c0f797032f5
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # ConfigureTrustedPublisher
2
2
 
3
- A small CLI to automate the process of configuring a trusted publisher for a gem.
3
+ A small CLI to automate the process of configuring a [trusted publisher](https://guides.rubygems.org/trusted-publishing/) for a gem and [automating gem releases](https://guides.rubygems.org/trusted-publishing/releasing-gems/) with GitHub Actions!.
4
4
 
5
5
  ## Usage
6
6
 
@@ -9,6 +9,7 @@ To configure a trusted publisher for a gem, run the following command:
9
9
  ```console
10
10
  $ gem exec configure_trusted_publisher rubygem
11
11
  Configuring trusted publisher for rubygem0 in /Users/segiddins/Development/github.com/rubygems/configure_trusted_publisher for rubygems/configure_trusted_publisher
12
+
12
13
  Enter your https://rubygems.org credentials.
13
14
  Don't have an account yet? Create one at https://rubygems.org/sign_up
14
15
  Username/email: : gem-author
@@ -9,6 +9,7 @@ require "bundler"
9
9
  require "json"
10
10
  require "open3"
11
11
  require "rubygems/gemcutter_utilities"
12
+ require "yaml"
12
13
 
13
14
  Gem.configuration.verbose = true
14
15
 
@@ -153,17 +154,26 @@ module ConfigureTrustedPublisher
153
154
  puts "Configuring trusted publisher for #{rubygem_name} in #{File.expand_path(repository)} for " \
154
155
  "#{github_repository.join('/')}"
155
156
 
157
+ write_release_action(repository, rubygem_name, environment: add_environment)
158
+
156
159
  gc = GemcutterUtilities.new(
157
160
  say: ->(msg) { puts msg },
158
- ask: ->(msg) { ask msg.chomp(":") },
159
- ask_for_password: ->(msg) { ask_secret msg.chomp(":") },
160
- terminate_interaction: ->(msg) { exit msg },
161
+ ask: lambda { |msg|
162
+ puts
163
+ ask msg.chomp(":")
164
+ },
165
+ ask_for_password: lambda { |msg|
166
+ puts
167
+ ask_secret msg.chomp(":")
168
+ },
169
+ terminate_interaction: lambda { |msg|
170
+ puts
171
+ exit msg
172
+ },
161
173
  otp: options[:otp]
162
174
  )
163
175
  gc.sign_in(scope: "configure_trusted_publishers") unless gc.api_key
164
176
 
165
- write_release_action(repository, rubygem_name)
166
-
167
177
  owner, name = github_repository
168
178
  config = {
169
179
  "trusted_publisher" => {
@@ -235,15 +245,49 @@ module ConfigureTrustedPublisher
235
245
  raise "No GitHub repository found for #{gemspec.name}"
236
246
  end
237
247
 
248
+ def add_environment
249
+ puts
250
+ return unless ask_yes_or_no("Would you like to add a github environment to allow customizing " \
251
+ "prerequisites for the action?")
252
+
253
+ env_name = "rubygems.org"
254
+
255
+ owner, name = github_repository
256
+ puts "Adding GitHub environment to #{owner}/#{name} to protect the action"
257
+ if (env = Open3.capture2e("gh", "api", "repos/#{owner}/#{name}/environments").then do |output, status|
258
+ exit "Failed to list environments for #{owner}/#{name} using `gh api`:\n#{output}" unless status.success?
259
+
260
+ JSON.parse(output)["environments"].find { |e| e["name"] == env_name }
261
+ end)
262
+
263
+ puts
264
+ puts "Environment 'rubygems.org' already exists for #{owner}/#{name}:\n #{env['html_url']}"
265
+ else
266
+ Open3.capture2e("gh", "api", "--method", "PUT",
267
+ "repos/#{owner}/#{name}/environments/#{env_name}").then do |output, status|
268
+ unless status.success?
269
+ exit "Failed to create rubygems.org environment for #{owner}/#{name} using `gh api`:\n#{output}"
270
+ end
271
+
272
+ env = JSON.parse(output)
273
+ puts
274
+ puts "Created environment 'rubygems.org' for #{owner}/#{name}:\n #{env['html_url']}"
275
+ end
276
+ end
277
+
278
+ env_name
279
+ end
280
+
238
281
  attr_reader :gemspec_source
239
282
 
240
283
  def gemspec
241
284
  gemspec_source.specs.first
242
285
  end
243
286
 
244
- def write_release_action(repository, rubygem_name)
287
+ def write_release_action(repository, rubygem_name, environment: nil)
245
288
  tag = "Automatically when a new tag matching v* is pushed"
246
289
  manual = "Manually by running a GitHub Action"
290
+ puts
247
291
  response = ask_multiple_choice(
248
292
  "How would you like releases for #{rubygem_name} to be triggered?", [
249
293
  tag,
@@ -251,103 +295,50 @@ module ConfigureTrustedPublisher
251
295
  ],
252
296
  default: "2"
253
297
  )
254
- case response
255
- when tag
256
- write_tag_action(repository)
257
- when manual
258
- write_manual_action(repository)
259
- end
260
- end
261
298
 
262
- def write_tag_action(repository)
263
299
  action_file = File.expand_path(".github/workflows/push_gem.yml", repository)
264
300
  return unless check_action(action_file)
265
301
 
266
302
  File.write(
267
303
  action_file,
268
- <<~YAML
269
- name: Push Gem
270
-
271
- on:
272
- push:
273
- tags:
274
- - v*
275
-
276
- permissions:
277
- contents: read
278
-
279
- jobs:
280
- push:
281
- if: github.repository == 'rubygems/configure_trusted_publisher'
282
- runs-on: ubuntu-latest
283
-
284
- permissions:
285
- contents: write
286
- id-token: write
287
-
288
- steps:
289
- # Set up
290
- - name: Harden Runner
291
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
292
- with:
293
- egress-policy: audit
294
-
295
- - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
296
- - name: Set up Ruby
297
- uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0
298
- with:
299
- bundler-cache: true
300
- ruby-version: ruby
301
-
302
- # Release
303
- - uses: rubygems/release-gem@612653d273a73bdae1df8453e090060bb4db5f31 # v1
304
- YAML
305
- )
306
- puts "Created #{action_file}"
307
- end
308
-
309
- def write_manual_action(repository)
310
- action_file = File.expand_path(".github/workflows/push_gem.yml", repository)
311
- return unless check_action(action_file)
312
-
313
- File.write(
314
- action_file,
315
- <<~YAML
316
- name: Push Gem
317
-
318
- on:
319
- workflow_dispatch:
320
-
321
- permissions:
322
- contents: read
323
-
324
- jobs:
325
- push:
326
- if: github.repository == 'rubygems/configure_trusted_publisher'
327
- runs-on: ubuntu-latest
328
-
329
- permissions:
330
- contents: write
331
- id-token: write
332
-
333
- steps:
334
- # Set up
335
- - name: Harden Runner
336
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
337
- with:
338
- egress-policy: audit
339
-
340
- - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
341
- - name: Set up Ruby
342
- uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0
343
- with:
344
- bundler-cache: true
345
- ruby-version: ruby
346
-
347
- # Release
348
- - uses: rubygems/release-gem@612653d273a73bdae1df8453e090060bb4db5f31 # v1
349
- YAML
350
-
304
+ [
305
+ "name: Push Gem",
306
+ nil,
307
+ "on:",
308
+ " #{response == tag ? "push:\n tags:\n - 'v*'" : 'workflow_dispatch:'}",
309
+ nil,
310
+ "permissions:",
311
+ " contents: read",
312
+ nil,
313
+ "jobs:",
314
+ " push:",
315
+ " if: github.repository == '#{github_repository.join('/')}'",
316
+ " runs-on: ubuntu-latest",
317
+ if environment
318
+ "\n environment:\n name: #{environment}\n url: https://rubygems.org/gems/#{rubygem_name}\n"
319
+ end,
320
+ " permissions:",
321
+ " contents: write",
322
+ " id-token: write",
323
+ nil,
324
+ " steps:",
325
+ " # Set up",
326
+ " - name: Harden Runner",
327
+ " uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1",
328
+ " with:",
329
+ " egress-policy: audit",
330
+ nil,
331
+ " - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4",
332
+ " - name: Set up Ruby",
333
+ " uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0",
334
+ " with:",
335
+ " bundler-cache: true",
336
+ " ruby-version: ruby",
337
+ nil,
338
+ " # Release",
339
+ " - uses: rubygems/release-gem@612653d273a73bdae1df8453e090060bb4db5f31 # v1",
340
+ nil
341
+ ].join("\n")
351
342
  )
352
343
  puts "Created #{action_file}"
353
344
  end
@@ -355,9 +346,10 @@ module ConfigureTrustedPublisher
355
346
  def check_action(action_file)
356
347
  return FileUtils.mkdir_p(File.dirname(action_file)) || true unless File.exist?(action_file)
357
348
 
358
- response = ask_multiple_choice(
359
- "#{action_file} already exists, overwrite?", { "y" => "Yes", "n" => "No" },
360
- default: "n"
349
+ puts
350
+ response = ask_yes_or_no(
351
+ "#{action_file} already exists, overwrite?",
352
+ default: false
361
353
  )
362
354
  return if response == "No"
363
355
 
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ConfigureTrustedPublisher
4
- VERSION = "0.1.5"
4
+ VERSION = "0.1.7"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: configure_trusted_publisher
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.5
4
+ version: 0.1.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Samuel Giddins