gemsmith 7.2.0 → 7.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 662e814586c4f37d3a10ff89ae864438cf65210d
-  data.tar.gz: 8d9b0b9e1555391015ad315566ed829d18bdf922
+  metadata.gz: 28d4c64a7cb8cc5819196a8c3ee614e2da031350
+  data.tar.gz: 1dfec05ae110a647cc69134ed9f2e522d7a0a830
 SHA512:
-  metadata.gz: 41fcb36f790fed31f7950f9f14329ae720f51ba6bb4a61be2d93c12f4978b302b117cd7c8b02f45edaa1dc94fd972e1addbf246bdfef8db4e9f2cf51619d55cf
-  data.tar.gz: 6e8bdefb5e12f7e88e85661a3aaa81379871d8f181c118b7ae92403782fa63c2d3152a5caa737ea973e82de9b819cb33b3db31c1a3083c83052e64a4755afd71
+  metadata.gz: 410efca04dbfdd99d472a4d986a4a15192afbf86766397be24d4af210dde4532294a286dc2206132156aa8f3dc6f3fe822b71d7171d30dd9aa06884d12172e99
+  data.tar.gz: ebf4fa5d837dbd5eda29f22080fceddd1545cc5034e2f0834a38346f2db5327fb0290fc9196a6243acf0fb69637cdd6c9bfa1df6c987a03160bb95e6111bb506

data/README.md

@@ -14,7 +14,7 @@ A command line interface for smithing new Ruby gems.
 # Table of Contents
 
 - [Features](#features)
-- [Screencast](#screencast)
+- [Screencasts](#screencasts)
 - [Requirements](#requirements)
 - [Setup](#setup)
 - [Usage](#usage)
@@ -24,6 +24,10 @@ A command line interface for smithing new Ruby gems.
 - [Security](#security)
   - [Git Signing Key](#git-signing-key)
   - [Gem Certificates](#gem-certificates)
+- [Private Gem Servers](#private-gem-servers)
+  - [Gem Specification Metadata](#gem-specification-metadata)
+  - [RubyGems Credentials](#rubygems-credentials)
+  - [Generating Credentials](#generating-credentials)
 - [Promotion](#promotion)
 - [Versioning](#versioning)
 - [Code of Conduct](#code-of-conduct)
@@ -56,7 +60,7 @@ A command line interface for smithing new Ruby gems.
 - Provides the ability to open the source code of any gem within your favorite editor.
 - Provides the ability to read the documentation of any gem within your default browser.
 
-# Screencast
+# Screencasts
 
 [![asciicast](https://asciinema.org/a/30728.png)](https://asciinema.org/a/30728)
 
@@ -71,7 +75,7 @@ A command line interface for smithing new Ruby gems.
 
 For a secure install, type the following from the command line (recommended):
 
-    gem cert --add <(curl -Ls https://www.alchemists.io/gem-public.pem)
+    gem cert --add <(curl --location --silent https://www.alchemists.io/gem-public.pem)
     gem install gemsmith --trust-policy MediumSecurity
 
 NOTE: A HighSecurity trust policy would be best but MediumSecurity enables signed gem verification while
@@ -173,15 +177,15 @@ For more gem creation options, type: `gemsmith --help --create`
 
 Once a gem skeleton has been created, the following tasks are available (i.e. `bundle exec rake -T`):
 
-    rake build                 # Build gemsmith-7.0.0.gem into the pkg directory
+    rake build                 # Build example-0.1.0.gem into the pkg directory
     rake clean                 # Remove any temporary products / Clean gem artifacts
     rake clobber               # Remove any generated files
     rake console               # Open IRB console for gem development environment
     rake doc                   # Update README (table of contents)
-    rake install               # Build and install gemsmith-7.0.0.gem into system gems
-    rake install:local         # Build and install gemsmith-7.0.0.gem into system gems without network access
-    rake publish               # Build, tag v7.0.0 (signed), and push gemsmith-7.0.0.gem to RubyGems
-    rake release[remote]       # Create tag v7.0.0 and build and push gemsmith-7.0.0.gem to Rubygems
+    rake install               # Build and install example-0.1.0.gem into system gems
+    rake install:local         # Build and install example-0.1.0.gem into system gems without network access
+    rake publish               # Build, tag v0.1.0 (signed), and push example-0.1.0.gem to RubyGems
+    rake release[remote]       # Build, tag v0.1.0 (unsigned), and push example-0.1.0.gem to RubyGems
     rake rubocop               # Run RuboCop
     rake rubocop:auto_correct  # Auto-correct RuboCop offenses
     rake spec                  # Run RSpec code examples
@@ -192,7 +196,7 @@ Gemsmith:
     rake build - Cleans and regenerates the README table of contents in addition to building the gem.
     rake install - Inherits the `build` modifications mentioned above.
     rake install:local - Inherits the `build` modifications mentioned above.
-    rake release - Inherits the `build` modifications mentioned above.
+    rake release - Identical to the `publish` tasks but does not securely sign the Git tag.
 
 When building/testing your gem locally, a typical workflow is:
 
@@ -261,6 +265,77 @@ To learn more about gem certificates, read the following:
 - [A Practical Guide to Using Signed Ruby Gems - Part 1: Bundler](http://blog.meldium.com/home/2013/3/3/signed-rubygems-part)
 - [A Practical Guide to Using Signed Ruby Gems - Part 2: Heroku](http://blog.meldium.com/home/2013/3/6/signed-gems-on-heroku)
 
+# Private Gem Servers
+
+By default, the following Rake tasks will publish your gem to [RubyGems](https://rubygems.org):
+
+    rake release
+    rake publish
+
+You can change this behavior by adding metadata to your gemspec that will allow the Rake tasks, mentioned above, to
+publish your gem to an alternate/private gem server instead. This can be done by updating your gem specification and
+RubyGems credentials.
+
+## Gem Specification Metadata
+
+Add the following metadata to your gemspec:
+
+    Gem::Specification.new do |spec|
+      spec.metadata = {
+        "allowed_push_key" => "example_key",
+        "allowed_push_host" => "https://gems.example.com"
+      }
+    end
+
+The gemspec metadata keys and values *must* be strings per the
+[RubyGems Specification](http://guides.rubygems.org/specification-reference/#metadata). Each key represents the
+following:
+
+- `allowed_push_key`: Provides a reference (look up) to the key defined the RubyGems credentials file so that sensitive
+  credentials are not used within your gemspec.
+- `allowed_push_host`: Provides the URL of the private gem server to push your gem to.
+
+## RubyGems Credentials
+
+The "example_key" defined within the gem specification, mentioned above, *must* be defined withing your
+`~/.gem/credentials` file and should look like this:
+
+    ---
+    :example_key: "Basic dXNlcjpwYXNzd29yZA=="
+
+The "example_key" *must* be a symbol (hence the double colons) due to RubyGems requirements.
+
+## Generating Credentials
+
+RubyGems uses an `Authorization` HTTP header when pushing a gem to a remote server. This can be an API key, HTTP Basic
+Auth, etc. When pushing a gem to RubyGems, you'll want to use the API key associated with your account. If that is the
+case, you're credentials would contain the following:
+
+    ---
+    :rubygems_api_key: 2a0b460650e67d9b85a60e183defa376
+
+For a server that might use HTTP Basic auth, you can generate the key value by launching IRB and running the following:
+
+    require "net/http"
+    Net::HTTP::Get.new("http://gems.example.com").basic_auth "user", "password"
+
+The URL is arbitrary but the user and password should be your account credentials. The output, from running the code
+above, should look like the following:
+
+    ["Basic dXNlcjpwYXNzd29yZA=="]
+
+You can then add this value to your credentials file like so:
+
+    ---
+    :example_key: "Basic dXNlcjpwYXNzd29yZA=="
+
+You can add multiple accounts to your RubyGems credentials (there is no limit to the number of accounts you might need
+to have access to). Example:
+
+    ---
+    :rubygems_api_key: 2a0b460650e67d9b85a60e183defa376
+    :example_key: "Basic dXNlcjpwYXNzd29yZA=="
+
 # Promotion
 
 Once your gem is released, you might want to let the world know about your accomplishment:

data/lib/gemsmith/cli_helpers.rb

@@ -39,10 +39,10 @@ module Gemsmith
 
       case
         when specs.size == 1
-          spec_aid.send method, specs.first
+          spec_aid.public_send method, specs.first
         when specs.size > 1
           print_gems specs
-          spec_aid.send method, pick_gem(specs, name)
+          spec_aid.public_send method, pick_gem(specs, name)
         else
           error("Unable to find gem: #{name}.") && ""
       end

data/lib/gemsmith/identity.rb

@@ -12,7 +12,7 @@ module Gemsmith
     end
 
     def self.version
-      "7.2.0"
+      "7.3.0"
     end
 
     def self.version_label

data/lib/gemsmith/rake/release.rb

@@ -5,15 +5,25 @@ require "milestoner"
 module Gemsmith
   module Rake
     # Provides gem release functionality. Meant to be wrapped in Rake tasks.
+    # rubocop:disable Metrics/MethodLength
+    # rubocop:disable Metrics/ParameterLists
     class Release
+      def self.default_gem_host
+        Gem::DEFAULT_HOST
+      end
+
       def initialize gem_spec_path = Dir.glob("#{Dir.pwd}/*.gemspec").first,
+                     gem_config: Gem::ConfigFile.new([]),
                      bundler: Bundler,
                      publisher: Milestoner::Publisher.new,
-                     shell: Bundler::UI::Shell.new
+                     shell: Bundler::UI::Shell.new,
+                     kernel: Kernel
 
         @gem_spec_path = gem_spec_path
+        @gem_config = gem_config
         @publisher = publisher
         @shell = shell
+        @kernel = kernel
         @gem_spec = bundler.load_gemspec gem_spec_path.to_s
       rescue Errno::ENOENT
         @shell.error "Invalid gemspec file path: #{@gem_spec_path}."
@@ -31,15 +41,51 @@ module Gemsmith
         "#{gem_spec.name}-#{version_number}.gem"
       end
 
-      def publish
-        publisher.publish version_number, sign: true
+      def allowed_push_key
+        gem_spec.metadata.fetch("allowed_push_key") { "rubygems_api_key" }
+      end
+
+      def allowed_push_host
+        gem_spec.metadata.fetch("allowed_push_host") { self.class.default_gem_host }
+      end
+
+      def push
+        return false unless gem_credentials? && gem_credential_value?
+
+        kernel.system %(gem push "pkg/#{gem_file_name}" --key "#{translated_api_key}" --host "#{allowed_push_host}")
+        shell.confirm "Pushed #{gem_file_name} to #{allowed_push_host}."
+        true
+      end
+
+      def publish sign: true
+        publisher.publish version_number, sign: sign
+        push
       rescue Milestoner::Errors::Base => error
         shell.error error.message
       end
 
       private
 
-      attr_reader :gem_spec_path, :gem_spec, :publisher, :shell
+      attr_reader :gem_spec_path, :gem_config, :gem_spec, :publisher, :shell, :kernel
+
+      def gem_credentials?
+        return true if File.exist?(gem_config.credentials_path)
+        shell.error "Unable to load gem credentials: #{gem_config.credentials_path}."
+        false
+      end
+
+      def translated_api_key
+        return :rubygems if allowed_push_key == "rubygems_api_key"
+        allowed_push_key.to_sym
+      end
+
+      def gem_credential_value?
+        value = gem_config.api_keys[translated_api_key]
+        return true unless value.nil? || value.empty?
+
+        shell.error %(Invalid credential (#{gem_config.credentials_path}): :#{allowed_push_key}: "#{value}".)
+        false
+      end
     end
   end
 end

data/lib/gemsmith/rake/tasks.rb

@@ -14,12 +14,14 @@ module Gemsmith
         new.install
       end
 
-      def install
-        build = Gemsmith::Rake::Build.new
-        release = Gemsmith::Rake::Release.new
+      def initialize
+        @build = Gemsmith::Rake::Build.new
+        @release = Gemsmith::Rake::Release.new
+      end
 
+      def install
         ::Rake::Task[:build].enhance [:clean, :doc, :validate]
-        ::Rake::Task[:release].enhance { ::Rake::Task[:clean].invoke }
+        ::Rake::Task[:release].clear
 
         desc "Update README (table of contents)"
         task :doc do
@@ -35,12 +37,20 @@ module Gemsmith
           build.validate
         end
 
+        desc "Build, tag #{release.version_label} (unsigned), and push #{release.gem_file_name} to RubyGems"
+        task release: :build do
+          release.publish sign: false
+        end
+
         desc "Build, tag #{release.version_label} (signed), and push #{release.gem_file_name} to RubyGems"
-        task publish: [:build, "release:guard_clean"] do
+        task publish: :build do
           release.publish
-          ::Rake::Task["release:rubygem_push"].invoke
         end
       end
+
+      private
+
+      attr_reader :build, :release
     end
   end
 end

data/lib/gemsmith/templates/%gem_name%/README.md.tt

@@ -20,6 +20,8 @@
 
 # Features
 
+# Screencasts
+
 # Requirements
 
 0. [MRI <%= config.dig(:versions, :ruby) %>](https://www.ruby-lang.org)
@@ -32,7 +34,7 @@
 <%- if config.dig(:create, :security) -%>
 For a secure install, type the following (recommended):
 
-    gem cert --add <(curl -Ls <%= config.dig :organization, :url %>/gem-public.pem)
+    gem cert --add <(curl --location --silent <%= config.dig :organization, :url %>/gem-public.pem)
     gem install <%= config.dig(:gem, :name) %> --trust-policy MediumSecurity
 
 NOTE: A HighSecurity trust policy would be best but MediumSecurity enables signed gem verification while

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gemsmith
 version: !ruby/object:Gem::Version
-  version: 7.2.0
+  version: 7.3.0
 platform: ruby
 authors:
 - Brooke Kuhlmann
@@ -30,7 +30,7 @@ cert_chain:
   aSif+qBc6oHD7EQWPF5cZkzkIURuwNwPBngZGxIKaMAgRhjGFXzUMAaq++r59cS9
   xTfQ4k6fglKEgpnLAXiKdo2c8Ym+X4rIKFfedQ==
   -----END CERTIFICATE-----
-date: 2016-02-20 00:00:00.000000000 Z
+date: 2016-02-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -411,7 +411,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.6.1
 signing_key: 
 specification_version: 4
 summary: A command line interface for smithing new Ruby gems.