kettle-dev 1.0.2 → 1.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ecdb3d6d039419832299b33679576735dc54bb4a0a2e3e6eadbc0025a8dc12d7
-  data.tar.gz: 0f83cc1bcaf33136687b4374830318a3621123c20300a6b97b7acab310ea4d34
+  metadata.gz: d8deda6f16a7ffb26b4122b469c1b74a79e3213146eabe11d694f5685759daed
+  data.tar.gz: 39576c04b2224fc95d9a9c12f37a04de6db556f3aab6f92f8733eb5742a0ff2d
 SHA512:
-  metadata.gz: 516fe50f03c591f5501b056fda8cdeadca1a0f743117c04c651159f6b4b3bf53069460ed28369cba9f9964277457513fcd76051add3fdda7d8fb0f4e579723a2
-  data.tar.gz: 625d8c9ecc7b900aa60f6e758f1467ec7114ebb26017ae5bbae3eebe6cd259ac808b6b67acbb163998a091b2a369c55cc45dc532c6b24006bc4fcd00674f120b
+  metadata.gz: 97f743744b2a0ecaf4b7107886508e94b45a0c77152e3c1e14944ad0f3799a04cb26a8ad7bec59f3372a9c5f4a1a245b3630e7d518a889936e9adae186a39ee8
+  data.tar.gz: 3e7b3a47b47925c57f349932a8205a705ea44c288428ad35026241957aed25ec5c7bed835775a49db8616c0736e40f790b4ea6dcfacc195b09dfdc59960c2e3e

data/.envrc

@@ -20,7 +20,7 @@ export K_SOUP_COV_DO=true # Means you want code coverage
 export K_SOUP_COV_COMMAND_NAME="Test Coverage"
 # Available formats are html, xml, rcov, lcov, json, tty
 export K_SOUP_COV_FORMATTERS="html,xml,rcov,lcov,json,tty"
-export K_SOUP_COV_MIN_BRANCH=100 # Means you want to enforce X% branch coverage
+export K_SOUP_COV_MIN_BRANCH=96 # Means you want to enforce X% branch coverage
 export K_SOUP_COV_MIN_LINE=100 # Means you want to enforce X% line coverage
 export K_SOUP_COV_MIN_HARD=true # Means you want the build to fail if the coverage thresholds are not met
 export K_SOUP_COV_MULTI_FORMATTERS=true

data/CHANGELOG.md

@@ -12,6 +12,30 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 ### Fixed
 ### Security
 
+## [1.0.4] - 2025-08-24
+- TAG: [v1.0.4][1.0.4t]
+- COVERAGE: 100.00% -- 130/130 lines in 7 files
+- BRANCH COVERAGE:  96.00% -- 48/50 branches in 7 files
+- 95.35% documented
+### Added
+- kettle-release: checks all remotes for a GitHub remote and syncs origin/trunk with it; prompts to rebase or --no-ff merge when histories diverge; pushes to both origin and the GitHub remote on merge; uses the GitHub remote for GitHub Actions CI checks, and also checks GitLab CI when a GitLab remote and .gitlab-ci.yml are present.
+- kettle-release: push logic improved — if a remote named `all` exists, push the current branch to it (assumed to cover multiple push URLs). Otherwise push the current branch to `origin` and to any GitHub, GitLab, and Codeberg remotes (whatever their names are).
+### Fixed
+- kettle-release now validates SHA256 checksums of the built gem against the recorded checksums and aborts on mismatch; helps ensure reproducible artifacts (honoring SOURCE_DATE_EPOCH).
+- kettle-release now enforces CI checks and aborts if CI cannot be verified; supports GitHub Actions and GitLab pipelines, including releases from trunk/main.
+- kettle-release no longer requires bundler/setup, preventing silent exits when invoked from a dependent project; adds robust output flushing.
+
+## [1.0.3] - 2025-08-24
+- TAG: [v1.0.3][1.0.3t]
+- COVERAGE: 100.00% -- 98/98 lines in 7 files
+- BRANCH COVERAGE: 100.00% -- 30/30 branches in 7 files
+- 94.59% documented
+### Added
+- template task now copies .git-hooks files necessary for git hooks to work
+### Fixed
+- kettle-release now uses the host project's root, instead of this gem's installed root.
+- Added .git-hooks files necessary for git hooks to work
+
 ## [1.0.2] - 2025-08-24
 - TAG: [v1.0.2][1.0.2t]
 - COVERAGE: 100.00% -- 98/98 lines in 7 files
@@ -59,7 +83,11 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
   - Selecting will run the selected workflow via `act`
   - This may move to its own gem in the future.
 
-[Unreleased]: https://gitlab.com/kettle-rb/kettle-dev/-/compare/v1.0.2...HEAD
+[Unreleased]: https://gitlab.com/kettle-rb/kettle-dev/-/compare/v1.0.4...HEAD
+[1.0.4]: https://gitlab.com/kettle-rb/kettle-dev/-/compare/v1.0.3...v1.0.4
+[1.0.4t]: https://gitlab.com/kettle-rb/kettle-dev/-/tags/v1.0.4
+[1.0.3]: https://gitlab.com/kettle-rb/kettle-dev/-/compare/v1.0.2...v1.0.3
+[1.0.3t]: https://gitlab.com/kettle-rb/kettle-dev/-/tags/v1.0.3
 [1.0.2]: https://gitlab.com/kettle-rb/kettle-dev/-/compare/v1.0.1...v1.0.2
 [1.0.2t]: https://gitlab.com/kettle-rb/kettle-dev/-/tags/v1.0.2
 [1.0.1]: https://gitlab.com/kettle-rb/kettle-dev/-/compare/v1.0.0...v1.0.1

data/CONTRIBUTING.md

@@ -127,7 +127,9 @@ Run `kettle-release`.
     to create SHA-256 and SHA-512 checksums. This functionality is provided by the `stone_checksums`
     [gem][💎stone_checksums].
     - The script automatically commits but does not push the checksums
-12. Run `bundle exec rake release` which will create a git tag for the version,
+12. Sanity check the SHA256, comparing with the output from the `bin/gem_checksums` command:
+    - `sha256sum pkg/<gem name>-<version>.gem`
+13. Run `bundle exec rake release` which will create a git tag for the version,
     push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
 
 [🚎src-main]: https://gitlab.com/kettle-rb/kettle-dev

data/checksums/kettle-dev-1.0.4.gem.sha256

@@ -0,0 +1 @@
+772ba761ef205f134e3a096fbfde418b3d699093482ff345bd755f8f596f9de7

data/checksums/kettle-dev-1.0.4.gem.sha512

@@ -0,0 +1 @@
+5e791a2feaa44cfcede4c5e933f2d44725dd6c84d5b44511d8e26147a1540ed3455508fd9c2e1ed8d07093009863b2db38ff9532939404aed7f047091c495e36

data/exe/kettle-release

@@ -12,10 +12,14 @@
 # - Runs bin/gem_checksums
 # - Runs `bundle exec rake release` (expects PEM password and RubyGems MFA OTP)
 
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
-
+$stdout.sync = true
 require "rubygems"
-require "bundler/setup"
+# Ensure we run within the host project's Bundler context (do not override BUNDLE_GEMFILE)
+begin
+  require "bundler/setup"
+rescue LoadError
+  # Allow running outside of Bundler; runtime deps should still be available via rubygems
+end
 
 require "open3"
 require "shellwords"
@@ -31,7 +35,8 @@ module Kettle
   module Dev
     class ReleaseCLI
       def initialize
-        @root = File.expand_path("..", __dir__)
+        # Use the host project's root, not the installed gem's directory
+        @root = Kettle::Dev::CIHelpers.project_root
       end
 
       def run
@@ -89,10 +94,13 @@ module Kettle
 
         # Checksums (commits, but does not push)
         run_cmd!("bin/gem_checksums")
+        validate_checksums!(version, stage: "after build + gem_checksums")
 
         # Release: expect PEM password + RubyGems MFA OTP
         puts "Running release (you may be prompted for signing key password and RubyGems MFA OTP)..."
         run_cmd!("bundle exec rake release")
+        # Some release tasks rebuild the gem; re-validate to ensure reproducibility
+        validate_checksums!(version, stage: "after release")
 
         puts "\nRelease complete. Don't forget to push the checksums commit if needed."
       end
@@ -104,53 +112,89 @@ module Kettle
       def monitor_workflows_after_push!
         root = Kettle::Dev::CIHelpers.project_root
         workflows = Kettle::Dev::CIHelpers.workflows_list(root)
-        if workflows.empty?
-          puts "No workflows detected under .github/workflows; skipping CI checks."
-          return
-        end
+        gitlab_ci = File.exist?(File.join(root, ".gitlab-ci.yml"))
 
-        owner, repo = Kettle::Dev::CIHelpers.repo_info
         branch = Kettle::Dev::CIHelpers.current_branch
-        unless owner && repo && branch
-          puts "Unable to determine repository or branch; skipping CI checks."
-          return
+        abort("Could not determine current branch for CI checks.") unless branch
+
+        # Prefer an explicit GitHub remote if available; fall back to origin repo_info
+        gh_remote = preferred_github_remote
+        gh_owner = nil
+        gh_repo = nil
+        if gh_remote && !workflows.empty?
+          url = remote_url(gh_remote)
+          gh_owner, gh_repo = parse_github_owner_repo(url)
         end
 
-        total = workflows.size
-        passed = {}
-        idx = 0
-        puts "Ensuring CI workflows pass on branch #{branch} (#{owner}/#{repo})"
-        pbar = ProgressBar.create(title: "CI", total: total, format: "%t %b %c/%C", length: 30)
-
-        loop do
-          wf = workflows[idx]
-          run = Kettle::Dev::CIHelpers.latest_run(owner: owner, repo: repo, workflow_file: wf, branch: branch)
-          if run
-            if Kettle::Dev::CIHelpers.success?(run)
-              unless passed[wf]
-                passed[wf] = true
-                pbar.increment
+        checks_any = false
+
+        if gh_owner && gh_repo && !workflows.empty?
+          checks_any = true
+          total = workflows.size
+          abort("No GitHub workflows found under .github/workflows; aborting.") if total.zero?
+
+          passed = {}
+          idx = 0
+          puts "Ensuring GitHub Actions workflows pass on #{branch} (#{gh_owner}/#{gh_repo}) via remote '#{gh_remote}'"
+          pbar = ProgressBar.create(title: "CI", total: total, format: "%t %b %c/%C", length: 30)
+
+          loop do
+            wf = workflows[idx]
+            run = Kettle::Dev::CIHelpers.latest_run(owner: gh_owner, repo: gh_repo, workflow_file: wf, branch: branch)
+            if run
+              if Kettle::Dev::CIHelpers.success?(run)
+                unless passed[wf]
+                  passed[wf] = true
+                  pbar.increment
+                end
+              elsif Kettle::Dev::CIHelpers.failed?(run)
+                puts
+                url = run["html_url"] || "https://github.com/#{gh_owner}/#{gh_repo}/actions/workflows/#{wf}"
+                abort("Workflow failed: #{wf} -> #{url}")
               end
-            elsif Kettle::Dev::CIHelpers.failed?(run)
-              # Fail fast with link to the failed run
-              puts
-              url = run["html_url"] || "https://github.com/#{owner}/#{repo}/actions/workflows/#{wf}"
-              abort("Workflow failed: #{wf} -> #{url}")
             end
+            break if passed.size == total
+            idx = (idx + 1) % total
+            sleep(1)
           end
+          pbar.finish unless pbar.finished?
+          puts "\nAll GitHub workflows passing (#{passed.size}/#{total})."
+        end
 
-          break if passed.size == total
-
-          idx = (idx + 1) % total
-          sleep(1)
+        # Additionally, check GitLab if configured
+        gl_remote = gitlab_remote_candidates.first
+        if gitlab_ci && gl_remote
+          owner, repo = Kettle::Dev::CIHelpers.repo_info_gitlab
+          if owner && repo
+            checks_any = true
+            puts "Ensuring GitLab pipeline passes on #{branch} (#{owner}/#{repo}) via remote '#{gl_remote}'"
+            pbar = ProgressBar.create(title: "CI", total: 1, format: "%t %b %c/%C", length: 30)
+            loop do
+              pipe = Kettle::Dev::CIHelpers.gitlab_latest_pipeline(owner: owner, repo: repo, branch: branch)
+              if pipe
+                if Kettle::Dev::CIHelpers.gitlab_success?(pipe)
+                  pbar.increment unless pbar.finished?
+                  break
+                elsif Kettle::Dev::CIHelpers.gitlab_failed?(pipe)
+                  puts
+                  url = pipe["web_url"] || "https://gitlab.com/#{owner}/#{repo}/-/pipelines"
+                  abort("Pipeline failed: #{url}")
+                end
+              end
+              sleep(1)
+            end
+            pbar.finish unless pbar.finished?
+            puts "\nGitLab pipeline passing."
+          end
         end
-        pbar.finish unless pbar.finished?
-        puts "\nAll workflows passing (#{passed.size}/#{total})."
+
+        abort("CI configuration not detected (GitHub or GitLab). Ensure CI is configured and remotes point to the correct hosts.") unless checks_any
       end
 
       def run_cmd!(cmd)
         puts "$ #{cmd}"
-        success = system(cmd)
+        # Ensure current ENV (including SOURCE_DATE_EPOCH) is propagated explicitly
+        success = system(ENV, cmd)
         abort("Command failed: #{cmd}") unless success
       end
 
@@ -193,11 +237,45 @@ module Kettle
       end
 
       def push!
-        puts "$ git push"
-        success = system("git push")
-        unless success
-          warn("Normal push failed; retrying with force push...")
-          run_cmd!("git push -f")
+        branch = current_branch
+        abort("Could not determine current branch to push.") unless branch
+
+        if has_remote?("all")
+          puts "$ git push all #{branch}"
+          success = system("git push all #{Shellwords.escape(branch)}")
+          unless success
+            warn("Normal push to 'all' failed; retrying with force push...")
+            run_cmd!("git push -f all #{Shellwords.escape(branch)}")
+          end
+          return
+        end
+
+        # Build the list of remotes to push to
+        remotes = []
+        remotes << "origin" if has_remote?("origin")
+        remotes |= github_remote_candidates
+        remotes |= gitlab_remote_candidates
+        remotes |= codeberg_remote_candidates
+        remotes.uniq!
+
+        if remotes.empty?
+          # Fallback to default behavior if we couldn't detect any remotes
+          puts "$ git push #{branch}"
+          success = system("git push #{Shellwords.escape(branch)}")
+          unless success
+            warn("Normal push failed; retrying with force push...")
+            run_cmd!("git push -f #{Shellwords.escape(branch)}")
+          end
+          return
+        end
+
+        remotes.each do |remote|
+          puts "$ git push #{remote} #{branch}"
+          success = system("git push #{Shellwords.escape(remote)} #{Shellwords.escape(branch)}")
+          unless success
+            warn("Push to #{remote} failed; retrying with force push...")
+            run_cmd!("git push -f #{Shellwords.escape(remote)} #{Shellwords.escape(branch)}")
+          end
         end
       end
 
@@ -227,6 +305,56 @@ module Kettle
         ok ? out.split(/\s+/).reject(&:empty?) : []
       end
 
+      def remotes_with_urls
+        out, ok = git_output(["remote", "-v"])
+        return {} unless ok
+        urls = {}
+        out.each_line do |line|
+          if line =~ /(\S+)\s+(\S+)\s+\((fetch|push)\)/
+            name = Regexp.last_match(1)
+            url = Regexp.last_match(2)
+            kind = Regexp.last_match(3)
+            # prefer fetch URL when available
+            urls[name] = url if kind == "fetch" || !urls.key?(name)
+          end
+        end
+        urls
+      end
+
+      def remote_url(name)
+        remotes_with_urls[name]
+      end
+
+      def github_remote_candidates
+        remotes_with_urls.select { |n, u| u.include?("github.com") }.keys
+      end
+
+      def gitlab_remote_candidates
+        remotes_with_urls.select { |n, u| u.include?("gitlab.com") }.keys
+      end
+
+      def codeberg_remote_candidates
+        remotes_with_urls.select { |n, u| u.include?("codeberg.org") }.keys
+      end
+
+      def preferred_github_remote
+        cands = github_remote_candidates
+        return if cands.empty?
+        # Prefer a remote literally named 'github', otherwise the first
+        cands.find { |n| n == "github" } || cands.first
+      end
+
+      def parse_github_owner_repo(url)
+        return [nil, nil] unless url
+        if url =~ %r{git@github.com:(.+?)/(.+?)(\.git)?$}
+          [Regexp.last_match(1), Regexp.last_match(2).sub(/\.git\z/, "")]
+        elsif url =~ %r{https://github.com/(.+?)/(.+?)(\.git)?$}
+          [Regexp.last_match(1), Regexp.last_match(2).sub(/\.git\z/, "")]
+        else
+          [nil, nil]
+        end
+      end
+
       def has_remote?(name)
         list_remotes.include?(name)
       end
@@ -272,7 +400,7 @@ module Kettle
           return
         end
 
-        # Default behavior: ensure local trunk is not behind origin/trunk; if it is, rebase flows
+        # Ensure local trunk is in sync with origin/trunk
         run_cmd!("git fetch origin #{Shellwords.escape(trunk)}")
         if trunk_behind_remote?(trunk, "origin")
           puts "Local #{trunk} is behind origin/#{trunk}. Rebasing..."
@@ -285,6 +413,56 @@ module Kettle
         else
           puts "Local #{trunk} is up to date with origin/#{trunk}."
         end
+
+        # If there is a GitHub remote that is not origin, ensure origin/#{trunk} incorporates it
+        gh_remote = preferred_github_remote
+        if gh_remote && gh_remote != "origin"
+          puts "GitHub remote detected: #{gh_remote}. Fetching #{trunk}..."
+          run_cmd!("git fetch #{gh_remote} #{Shellwords.escape(trunk)}")
+
+          # Compare origin/trunk vs github/trunk to see if they differ
+          left, right = ahead_behind_counts("origin/#{trunk}", "#{gh_remote}/#{trunk}")
+          if left.zero? && right.zero?
+            puts "origin/#{trunk} and #{gh_remote}/#{trunk} are already in sync."
+            return
+          end
+
+          checkout!(trunk)
+          run_cmd!("git pull --rebase origin #{Shellwords.escape(trunk)}")
+
+          if left.positive? && right.positive?
+            # Histories have diverged -> let user choose
+            puts "origin/#{trunk} and #{gh_remote}/#{trunk} have diverged (#{left} ahead of GH, #{right} behind GH)."
+            puts "Choose how to reconcile:"
+            puts "  [r] Rebase local/#{trunk} on top of #{gh_remote}/#{trunk} (push to origin)"
+            puts "  [m] Merge --no-ff #{gh_remote}/#{trunk} into #{trunk} (push to origin and #{gh_remote})"
+            puts "  [a] Abort"
+            print("> ")
+            choice = $stdin.gets&.strip&.downcase
+            case choice
+            when "r"
+              run_cmd!("git rebase #{Shellwords.escape("#{gh_remote}/#{trunk}")}")
+              run_cmd!("git push origin #{Shellwords.escape(trunk)}")
+              puts "Rebased #{trunk} onto #{gh_remote}/#{trunk} and pushed to origin."
+            when "m"
+              run_cmd!("git merge --no-ff #{Shellwords.escape("#{gh_remote}/#{trunk}")}")
+              run_cmd!("git push origin #{Shellwords.escape(trunk)}")
+              run_cmd!("git push #{Shellwords.escape(gh_remote)} #{Shellwords.escape(trunk)}")
+              puts "Merged #{gh_remote}/#{trunk} into #{trunk} and pushed to origin and #{gh_remote}."
+            else
+              abort("Aborted by user. Please reconcile trunks and re-run.")
+            end
+          elsif right.positive? && left.zero?
+            # One side can be fast-forwarded
+            puts "Fast-forwarding #{trunk} to include #{gh_remote}/#{trunk}..."
+            run_cmd!("git merge --ff-only #{Shellwords.escape("#{gh_remote}/#{trunk}")}")
+            run_cmd!("git push origin #{Shellwords.escape(trunk)}")
+          # origin is behind GH -> fast-forward merge
+          elsif left.positive? && right.zero?
+            # origin ahead of GH -> nothing required for origin, optionally inform user
+            puts "origin/#{trunk} is ahead of #{gh_remote}/#{trunk}; no action required before push."
+          end
+        end
       end
 
       def merge_feature_into_trunk_and_push!(trunk, feature)
@@ -318,6 +496,60 @@ module Kettle
         puts "Found signing cert: #{cert_path}"
         puts "When prompted during build/release, enter the PEM password for ~/.ssh/gem-private_key.pem"
       end
+
+      # --- Checksum validation ---
+      # Validate that the sha256 of the built gem in pkg/ matches the recorded
+      # checksum stored under checksums/<gem>.gem.sha256. Abort with guidance if not.
+      # @param version [String]
+      # @param stage [String] human-readable context (e.g., "after release")
+      def validate_checksums!(version, stage: "")
+        gem_path = gem_file_for_version(version)
+        unless gem_path && File.file?(gem_path)
+          abort("Unable to locate built gem for version #{version} in pkg/. Did the build succeed?")
+        end
+        actual = compute_sha256(gem_path)
+        checks_path = File.join(@root, "checksums", "#{File.basename(gem_path)}.sha256")
+        unless File.file?(checks_path)
+          abort("Expected checksum file not found: #{checks_path}. Did bin/gem_checksums run?")
+        end
+        expected = File.read(checks_path).strip
+        if actual != expected
+          abort(<<~MSG)
+            SHA256 mismatch #{stage}:
+              gem:   #{gem_path}
+              sha256sum: #{actual}
+              file: #{checks_path}
+              file: #{expected}
+            Ensure SOURCE_DATE_EPOCH is set consistently and that the artifact used by release is identical to the one checksummed.
+            You can retry: export SOURCE_DATE_EPOCH=$EPOCHSECONDS; bundle exec rake build && bin/gem_checksums && bundle exec rake release
+          MSG
+        else
+          puts "Checksum OK #{stage}: #{File.basename(gem_path)}"
+        end
+      end
+
+      # Find the gem file in pkg/ that matches the given version
+      def gem_file_for_version(version)
+        pkg = File.join(@root, "pkg")
+        pattern = File.join(pkg, "*.gem")
+        gems = Dir[pattern].select { |p| File.basename(p).include?("-#{version}.gem") }
+        gems.sort.last
+      end
+
+      # Compute sha256 using system utilities (sha256sum or shasum -a 256),
+      # falling back to Ruby Digest if neither is available.
+      def compute_sha256(path)
+        if system("which sha256sum > /dev/null 2>&1")
+          out, _ = Open3.capture2e("sha256sum", path)
+          out.split.first
+        elsif system("which shasum > /dev/null 2>&1")
+          out, _ = Open3.capture2e("shasum", "-a", "256", path)
+          out.split.first
+        else
+          require "digest"
+          Digest::SHA256.file(path).hexdigest
+        end
+      end
     end
   end
 end

data/lib/kettle/dev/ci_helpers.rb

@@ -16,11 +16,6 @@ module Kettle
       module_function
 
       # Determine the project root directory.
-      #
-      # Prefers the directory Rake was invoked from (Rake.application.original_dir)
-      # so that tasks shipped with this gem operate relative to the host project.
-      # Falls back to the current working directory when Rake context is absent.
-      #
       # @return [String] absolute path to the project root
       def project_root
         # Too difficult to test every possible branch here, so ignoring
@@ -33,10 +28,8 @@ module Kettle
       end
 
       # Parse the GitHub owner/repo from the configured origin remote.
-      #
       # Supports SSH (git@github.com:owner/repo(.git)) and HTTPS
       # (https://github.com/owner/repo(.git)) forms.
-      #
       # @return [Array(String, String), nil] [owner, repo] or nil when unavailable
       def repo_info
         out, status = Open3.capture2("git", "config", "--get", "remote.origin.url")
@@ -57,9 +50,7 @@ module Kettle
       end
 
       # List workflow YAML basenames under .github/workflows at the given root.
-      #
       # Excludes maintenance workflows defined by {#exclusions}.
-      #
       # @param root [String] project root (defaults to {#project_root})
       # @return [Array<String>] sorted list of basenames (e.g., "ci.yml")
       def workflows_list(root = project_root)
@@ -75,35 +66,6 @@ module Kettle
       end
 
       # List of workflow files to exclude from interactive menus and checks.
-      #
-      # For reference...
-      #
-      # A list of all worlflows,
-      #   with each marked relative to if they exist in this repo,
-      #   or at the top of the README marked.
-      #
-      #   - ancient                 (+)
-      #   - auto-assign.yml         (-)
-      #   - codeql-analysis.yml     (-)
-      #   - coverage.yml            (+)
-      #   - current.yml             (+)
-      #   - danger.yml              (x)
-      #   - dependency-review.yml   (-)
-      #   - discord-notifier.yml    (-)
-      #   - heads.yml               (+)
-      #   - jruby.yml               (+)
-      #   - legacy.yml              (+)
-      #   - locked_deps.yml         (+)
-      #   - opencollective.yml      (-)
-      #   - style.yml               (+)
-      #   - supported.yml           (+)
-      #   - truffle.yml             (+)
-      #   - unlocked_deps.yml       (+)
-      #   - unsupported.yml         (+)
-      #
-      # All those marked as (-) or (x) are excluded from interactive menus and checks.
-      # The (x) exist because they may be common in other repos.
-      #
       # @return [Array<String>]
       def exclusions
         %w[
@@ -117,7 +79,6 @@ module Kettle
       end
 
       # Fetch latest workflow run info for a given workflow and branch via GitHub API.
-      #
       # @param owner [String]
       # @param repo [String]
       # @param workflow_file [String] the workflow basename (e.g., "ci.yml")
@@ -166,6 +127,77 @@ module Kettle
       def default_token
         ENV["GITHUB_TOKEN"] || ENV["GH_TOKEN"]
       end
+
+      # --- GitLab support ---
+
+      # Raw origin URL string from git config
+      # @return [String, nil]
+      def origin_url
+        out, status = Open3.capture2("git", "config", "--get", "remote.origin.url")
+        status.success? ? out.strip : nil
+      end
+
+      # Parse GitLab owner/repo from origin if pointing to gitlab.com
+      # @return [Array(String, String), nil]
+      def repo_info_gitlab
+        url = origin_url
+        return unless url
+        if url =~ %r{git@gitlab.com:(.+?)/(.+?)(\.git)?$}
+          [Regexp.last_match(1), Regexp.last_match(2).sub(/\.git\z/, "")]
+        elsif url =~ %r{https://gitlab.com/(.+?)/(.+?)(\.git)?$}
+          [Regexp.last_match(1), Regexp.last_match(2).sub(/\.git\z/, "")]
+        end
+      end
+
+      # Default GitLab token from environment
+      # @return [String, nil]
+      def default_gitlab_token
+        ENV["GITLAB_TOKEN"] || ENV["GL_TOKEN"]
+      end
+
+      # Fetch the latest pipeline for a branch on GitLab
+      # @param owner [String]
+      # @param repo [String]
+      # @param branch [String, nil]
+      # @param host [String]
+      # @param token [String, nil]
+      # @return [Hash{String=>String,Integer}, nil]
+      def gitlab_latest_pipeline(owner:, repo:, branch: nil, host: "gitlab.com", token: default_gitlab_token)
+        return unless owner && repo
+        b = branch || current_branch
+        return unless b
+        project = URI.encode_www_form_component("#{owner}/#{repo}")
+        uri = URI("https://#{host}/api/v4/projects/#{project}/pipelines?ref=#{URI.encode_www_form_component(b)}&per_page=1")
+        req = Net::HTTP::Get.new(uri)
+        req["User-Agent"] = "kettle-dev/ci-helpers"
+        req["PRIVATE-TOKEN"] = token if token && !token.empty?
+        res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http| http.request(req) }
+        return unless res.is_a?(Net::HTTPSuccess)
+        data = JSON.parse(res.body)
+        pipe = data&.first
+        return unless pipe
+        {
+          "status" => pipe["status"],
+          "web_url" => pipe["web_url"],
+          "id" => pipe["id"],
+        }
+      rescue StandardError
+        nil
+      end
+
+      # Whether a GitLab pipeline has succeeded
+      # @param pipeline [Hash, nil]
+      # @return [Boolean]
+      def gitlab_success?(pipeline)
+        pipeline && pipeline["status"] == "success"
+      end
+
+      # Whether a GitLab pipeline has failed
+      # @param pipeline [Hash, nil]
+      # @return [Boolean]
+      def gitlab_failed?(pipeline)
+        pipeline && pipeline["status"] == "failed"
+      end
     end
   end
 end

data/lib/kettle/dev/rakelib/template.rake

@@ -358,11 +358,18 @@ namespace :kettle do
         puts "WARNING: Could not determine env file changes: #{e.class}: #{e.message}"
       end
 
-      # Handle .git-hooks template files (commit-subjects-goalie.txt, footer-template.erb.txt)
+      # Handle .git-hooks files
+      # - Two template files (.txt) are offered with a location prompt (local/global/skip).
+      # - Two hook scripts are always copied to both local and global locations by default;
+      #   if they already exist, ask before overwriting.
       source_hooks_dir = File.join(gem_checkout_root, ".git-hooks")
       if Dir.exist?(source_hooks_dir)
         goalie_src = File.join(source_hooks_dir, "commit-subjects-goalie.txt")
         footer_src = File.join(source_hooks_dir, "footer-template.erb.txt")
+        hook_ruby_src = File.join(source_hooks_dir, "commit-msg")
+        hook_sh_src = File.join(source_hooks_dir, "prepare-commit-msg")
+
+        # First: templates (.txt) — keep the existing single question which applies only to these
         if File.file?(goalie_src) && File.file?(footer_src)
           puts
           puts "Git hooks templates found:"
@@ -394,19 +401,60 @@ namespace :kettle do
             FileUtils.mkdir_p(dest_dir)
             [[goalie_src, "commit-subjects-goalie.txt"], [footer_src, "footer-template.erb.txt"]].each do |src, base|
               dest = File.join(dest_dir, base)
-              FileUtils.cp(src, dest)
+              # Use helpers to allow create/replace prompts for these files (question applies to them)
+              helpers.copy_file_with_prompt(src, dest, allow_create: true, allow_replace: true)
               # Ensure readable (0644). These are data/templates, not executables.
               begin
-                File.chmod(0o644, dest)
+                File.chmod(0o644, dest) if File.exist?(dest)
               rescue StandardError
                 # ignore permission issues
               end
-              puts "Copied #{base} -> #{dest}"
             end
           else
             puts "Skipping copy of .git-hooks templates."
           end
         end
+
+        # Second: hook scripts — copy only to the local project; prompt only on overwrite
+        # Per requirements: do not install hook scripts to global ~/.git-hooks
+        hook_dests = [File.join(project_root, ".git-hooks")]
+        hook_pairs = [[hook_ruby_src, "commit-msg", 0o755], [hook_sh_src, "prepare-commit-msg", 0o755]]
+        hook_pairs.each do |src, base, mode|
+          next unless File.file?(src)
+          hook_dests.each do |dstdir|
+            begin
+              FileUtils.mkdir_p(dstdir)
+              dest = File.join(dstdir, base)
+              # Create without prompt if missing; if exists, ask to replace
+              if File.exist?(dest)
+                # ask to overwrite
+                if helpers.ask("Overwrite existing #{dest}?", true)
+                  content = File.read(src)
+                  helpers.write_file(dest, content)
+                  begin
+                    File.chmod(mode, dest)
+                  rescue StandardError
+                    # ignore permission issues
+                  end
+                  puts "Replaced #{dest}"
+                else
+                  puts "Kept existing #{dest}"
+                end
+              else
+                content = File.read(src)
+                helpers.write_file(dest, content)
+                begin
+                  File.chmod(mode, dest)
+                rescue StandardError
+                  # ignore permission issues
+                end
+                puts "Installed #{dest}"
+              end
+            rescue StandardError => e
+              puts "WARNING: Could not install hook #{base} to #{dstdir}: #{e.class}: #{e.message}"
+            end
+          end
+        end
       end
     end
   end

data/lib/kettle/dev/version.rb

@@ -6,7 +6,7 @@ module Kettle
     module Version
       # The gem version.
       # @return [String]
-      VERSION = "1.0.2"
+      VERSION = "1.0.4"
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kettle-dev
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.0.4
 platform: ruby
 authors:
 - Peter H. Boling
@@ -203,12 +203,8 @@ extra_rdoc_files:
 - REEK
 - RUBOCOP.md
 - SECURITY.md
-- checksums/kettle-dev-1.0.0.gem.sha256
-- checksums/kettle-dev-1.0.0.gem.sha512
-- checksums/kettle-dev-1.0.1.gem.sha256
-- checksums/kettle-dev-1.0.1.gem.sha512
-- checksums/kettle-dev-1.0.2.gem.sha256
-- checksums/kettle-dev-1.0.2.gem.sha512
+- checksums/kettle-dev-1.0.4.gem.sha256
+- checksums/kettle-dev-1.0.4.gem.sha512
 files:
 - ".devcontainer/devcontainer.json"
 - ".envrc"
@@ -260,12 +256,8 @@ files:
 - RUBOCOP.md
 - Rakefile
 - SECURITY.md
-- checksums/kettle-dev-1.0.0.gem.sha256
-- checksums/kettle-dev-1.0.0.gem.sha512
-- checksums/kettle-dev-1.0.1.gem.sha256
-- checksums/kettle-dev-1.0.1.gem.sha512
-- checksums/kettle-dev-1.0.2.gem.sha256
-- checksums/kettle-dev-1.0.2.gem.sha512
+- checksums/kettle-dev-1.0.4.gem.sha256
+- checksums/kettle-dev-1.0.4.gem.sha512
 - exe/kettle-commit-msg
 - exe/kettle-readme-backers
 - exe/kettle-release
@@ -298,10 +290,10 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://kettle-dev.galtzo.com/
-  source_code_uri: https://github.com/galtzo-floss/kettle-dev/tree/v1.0.2
-  changelog_uri: https://github.com/galtzo-floss/kettle-dev/blob/v1.0.2/CHANGELOG.md
+  source_code_uri: https://github.com/galtzo-floss/kettle-dev/tree/v1.0.4
+  changelog_uri: https://github.com/galtzo-floss/kettle-dev/blob/v1.0.4/CHANGELOG.md
   bug_tracker_uri: https://github.com/galtzo-floss/kettle-dev/issues
-  documentation_uri: https://www.rubydoc.info/gems/kettle-dev/1.0.2
+  documentation_uri: https://www.rubydoc.info/gems/kettle-dev/1.0.4
   funding_uri: https://github.com/sponsors/pboling
   wiki_uri: https://github.com/galtzo-floss/kettle-dev/wiki
   news_uri: https://www.railsbling.com/tags/kettle-dev

metadata.gz.sig

@@ -1,3 +1,3 @@
-��e_Б�7'�P��J,��?q�6}f��S3��‹.��p(���n��*���·��iʝ��������!����QR�r�˽�w��K$��Wx�.~�1 FXT$#!��)X5[��ֆN#z�*Q�Ki�i��x�����rt{����wZa�Sw�H�����N��,���E�ԕo&c�9��n\�w���擕��h�'u1�����餎m�Mc��D7�w�������Jw�WU��a�VF�7��jq���m`�@���p2b9�!hE8�{�:�ZmGVs����V���O�tkx�t
-s��<%�h��CAl�6���VXn&ْ�e��|UX�
-f�n���V����VY�*u5�	��l�N4ά��¯�e7�����P
+0"O[KE౸�B��b�����$�f��k��2�:��6�İ�@�zn�ZG�/#胸�P����*�዆̞Rz*qa߻��v��r򎶖�Z����i`�.�-�
+2�[�G��X�h]�*A�5�/�Z��y����æ�H�E�v�`��=���_�Gڼ�N�ۋ/��󸲤�H9n,�?C���҈��E�_Tˤ-�Q� �js��APn�ʆM�l�K�B0�i�;��Q�
+�./T���C�I�]
A9�4�P]5������u7�z

data/checksums/kettle-dev-1.0.0.gem.sha256

@@ -1 +0,0 @@
-b4c6725b40f3e0906cd314309dfa6a9f4a8fda0394dacd99f16aa32376275ab9

data/checksums/kettle-dev-1.0.0.gem.sha512

@@ -1 +0,0 @@
-1273b5c26da368293af8c2d0b87efabf5f8af66e89fbeea1a20e26c960dedb130eb1388c151cba85682110cf4fea577680c3a1e7171606b0f913dce7750e5f45

data/checksums/kettle-dev-1.0.1.gem.sha256

@@ -1 +0,0 @@
-5b92c8a76f54954791e4154bb22594dbc9dd4f0e06d9d4c5db15a32aa2718ede

data/checksums/kettle-dev-1.0.1.gem.sha512

@@ -1 +0,0 @@
-5cac18505a8f780d3897f1d900a662c896537056441b1a8178531355a4b10198bee0bdc62216ab2036b640adada34911bc30b813f715a14a464d797718d7a065

data/checksums/kettle-dev-1.0.2.gem.sha256

@@ -1 +0,0 @@
-2338f9fc4e14a03c39c6509d11fdcfad85faaa7615d855703cb511bc9f95351c

data/checksums/kettle-dev-1.0.2.gem.sha512

@@ -1 +0,0 @@
-ccc6a5c3cd36a8c40d78458166adfbd7ad452b62055579ee4333089a56313170bf97d0aca1f8c3d4f15287bb3d396cfbfcce2174665feb7a77f0b6b03ac8096c