kettle-dev 1.1.29 → 1.1.31

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32d2a6e6c00c9ad677e9e450b1f26e7f8b6250ece42abbe7738aeb8a9f51451c
-  data.tar.gz: ffe7fa735f910e42676c52dfb4e6e13004cef7085fa3e9350a06c825c8829a3b
+  metadata.gz: 94de7d823ad51d4a1b86c9b982c7d91b01af35e16d2f042682c1ba792774a066
+  data.tar.gz: f8e64e6615a0dd2ce0315cc56ee5095aa6c786e8767d7aefadbe90f2362054c5
 SHA512:
-  metadata.gz: 786999aa20c92df3aaf8de9d49a56ab0282ade211d06473456a7cd26b7c63d401735c3c57bd5773cbdb2805ee78f5c378315e23a054719670a40cb0bf1841bda
-  data.tar.gz: c3768bdd213afb598dbb853c78ee5f5951d3337d6d477bb4de84f6d1ae2a81027b2ad6b2c42a3a9de08d4ab6091c9044a9a47fe1c5e6b6624cd213d93bdd0d40
+  metadata.gz: 964a6e1a5b82820272c9638039566609f3ef78a44800355db416b3cef0414a44985fc3720e34279e430322f70f6b188689b53008998cc5b0227185ad38e1969f
+  data.tar.gz: f4316fc97d2443957f63f9d19407ac97ba948a4f7702636d165cf507c8313dba5e043175cb443a2716ea6f60b6f2d1b6a2f96669d498c09499675c017435d69a

data/CHANGELOG.md

@@ -30,6 +30,30 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Security
 
+## [1.1.31] - 2025-09-21
+
+- TAG: [v1.1.31][1.1.31t]
+- COVERAGE: 96.39% -- 3929/4076 lines in 26 files
+- BRANCH COVERAGE: 81.07% -- 1619/1997 branches in 26 files
+- 79.12% documented
+
+### Fixed
+
+- order of checksums and release / tag reversed
+  - remove all possibility of gem rebuild (part of reproducible builds) including checksums in the rebuilt gem
+
+## [1.1.30] - 2025-09-21
+
+- TAG: [v1.1.30][1.1.30t]
+- COVERAGE: 96.27% -- 3926/4078 lines in 26 files
+- BRANCH COVERAGE: 80.97% -- 1617/1997 branches in 26 files
+- 79.12% documented
+
+### Added
+
+- kettle-changelog: handle legacy tag-in-release-heading style
+  - convert to tag-in-list style
+
 ## [1.1.29] - 2025-09-21
 
 - TAG: [v1.1.29][1.1.29t]
@@ -1018,7 +1042,11 @@ Please file a bug if you notice a violation of semantic versioning.
   - Selecting will run the selected workflow via `act`
   - This may move to its own gem in the future.
 
-[Unreleased]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.29...HEAD
+[Unreleased]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.31...HEAD
+[1.1.31]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.30...v1.1.31
+[1.1.31t]: https://github.com/kettle-rb/kettle-dev/releases/tag/v1.1.31
+[1.1.30]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.29...v1.1.30
+[1.1.30t]: https://github.com/kettle-rb/kettle-dev/releases/tag/v1.1.30
 [1.1.29]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.28...v1.1.29
 [1.1.29t]: https://github.com/kettle-rb/kettle-dev/releases/tag/v1.1.29
 [1.1.28]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.27...v1.1.28

data/README.md

@@ -442,8 +442,8 @@ What it does:
     - 12: Checkout trunk and pull latest
     - 13: Signing checks and guidance (abort when signing enabled but cert missing); respect SKIP_GEM_SIGNING
     - 14: Build gem (honors SKIP_GEM_SIGNING via env prefix)
-    - 15: Generate and validate gem checksums (bin/gem_checksums)
-    - 16: Release via `bundle exec rake release` and validate checksums again
+    - 15: Release via `bundle exec rake release` (also creates git tag)
+    - 16: Generate and validate gem checksums (bin/gem_checksums)
     - 17: Create GitHub release from CHANGELOG when GITHUB_TOKEN present
     - 18: Push git tags to remotes (to "all" remote only when present; otherwise to each remote)
 - Examples:
@@ -925,7 +925,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-4.014-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-4.076-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year

data/README.md.example

@@ -519,7 +519,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-4.014-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-4.076-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year

data/Rakefile.example

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# kettle-dev Rakefile v1.1.29 - 2025-09-21
+# kettle-dev Rakefile v1.1.31 - 2025-09-22
 # Ruby 2.3 (Safe Navigation) or higher required
 #
 # MIT License (see License.txt)

data/lib/kettle/dev/changelog_cli.rb

@@ -31,7 +31,8 @@ module Kettle
           print("Proceed with reformat only? [y/N]: ")
           ans = Kettle::Dev::InputAdapter.gets&.strip&.downcase
           if ans == "y" || ans == "yes"
-            updated = normalize_heading_spacing(changelog)
+            updated = convert_heading_tag_suffix_to_list(changelog)
+            updated = normalize_heading_spacing(updated)
             updated = ensure_footer_spacing(updated)
             updated = updated.rstrip + "\n"
             File.write(@changelog_path, updated)
@@ -99,6 +100,9 @@ module Kettle
 
         updated = update_link_refs(updated, owner, repo, prev_version, version)
 
+        # Transform legacy heading suffix tags into list items under headings
+        updated = convert_heading_tag_suffix_to_list(updated)
+
         # Normalize spacing around headings to aid Markdown renderers
         updated = normalize_heading_spacing(updated)
 
@@ -262,6 +266,109 @@ module Kettle
         nil
       end
 
+      # Transform legacy release headings that include a tag suffix, e.g.:
+      #   "## [1.2.3] 2022-08-29 ([tag][1.2.3t])"
+      # into a heading followed by a list item:
+      #   "## [1.2.3] 2022-08-29\n\n- TAG: [v1.2.3][1.2.3t]"
+      # The method is idempotent: if the next non-blank line already starts with "- TAG:",
+      # no new list item is inserted. Case-insensitive match for [tag].
+      def convert_heading_tag_suffix_to_list(text)
+        lines = text.lines
+        # Build a set of versions that have a tag reference (e.g., "[1.2.3t]: ...").
+        # IMPORTANT: Only scan the footer link-ref block (starting at the [Unreleased]: line)
+        # to avoid accidentally picking up body content.
+        scan_start = lines.index { |l| l.start_with?(UNRELEASED_SECTION_HEADING) } || lines.length
+        t_versions = {}
+        non_t_tag_refs = {}
+        lines[scan_start..-1].to_a.each do |l|
+          # Case A: explicit tag ref key like [1.2.3t]: ...
+          if (m = l.match(/^\[(\d+\.\d+\.\d+)t\]:\s+(\S+)/))
+            t_versions[m[1]] = true
+            next
+          end
+          # Case B: non-t ref that nevertheless points to a tag URL (GitHub or GitLab)
+          if (m2 = l.match(/^\[(\d+\.\d+\.\d+)\]:\s+(\S+)/))
+            url = m2[2]
+            # Accept only when the URL clearly points to a tag for the SAME version
+            # Support both GitHub and GitLab style tag URLs
+            if (murl = url.match(%r{/(?:releases/)?tags?/v(\d+\.\d+\.\d+)}i))
+              version_in_url = murl[1]
+              if version_in_url == m2[1]
+                non_t_tag_refs[m2[1]] = url
+              end
+            end
+          end
+        end
+        # Any version that has either explicit t-ref or a non-t tag-ref is considered tagged
+        tag_ref_versions = {}
+        t_versions.keys.each { |v| tag_ref_versions[v] = true }
+        non_t_tag_refs.keys.each { |v| tag_ref_versions[v] = true }
+
+        out = []
+        i = 0
+        while i < lines.length
+          line = lines[i]
+          # Case 1: Heading contains legacy tag suffix we should convert
+          m = line.match(/^## \[(\d+\.\d+\.\d+)\](.*)\(\[tag\]\[(\d+\.\d+\.\d+)t\]\)\s*$/i)
+          if m && m[1] == m[3]
+            ver = m[1]
+            middle = m[2]
+            new_heading = ("## [#{ver}]" + middle).rstrip + "\n"
+            out << new_heading
+            # If the next non-blank line is already a TAG list item, don't add another
+            k = i + 1
+            k += 1 while k < lines.length && lines[k].strip == ""
+            unless k < lines.length && lines[k].lstrip.start_with?("- TAG:")
+              out << "\n"
+              out << "- TAG: [v#{ver}][#{ver}t]\n"
+              out << "\n"
+            end
+            # Skip any existing blank lines following the heading to avoid duplicate spacing
+            i = k
+            next
+          end
+
+          # Case 2: Heading does NOT contain suffix, but a matching tag ref exists; ensure a TAG list item
+          if (m2 = line.match(/^## \[(\d+\.\d+\.\d+)\](.*)$/))
+            ver2 = m2[1]
+            # Skip Unreleased heading and non-release headings
+            unless ver2.nil?
+              k = i + 1
+              k += 1 while k < lines.length && lines[k].strip == ""
+              needs_tag = tag_ref_versions[ver2] && !(k < lines.length && lines[k].lstrip.start_with?("- TAG:"))
+              if needs_tag
+                out << (line.end_with?("\n") ? line : line + "\n")
+                out << "\n"
+                out << "- TAG: [v#{ver2}][#{ver2}t]\n"
+                out << "\n"
+                i = k
+                next
+              end
+            end
+          end
+
+          # Footer duplication: if we are in the footer block and encounter a non-t tag-ref
+          # without a matching t-ref, emit the t-ref immediately after with the same URL.
+          if i >= scan_start
+            if (mref = line.match(/^\[(\d+\.\d+\.\d+)\]:\s+(\S+)/))
+              vref = mref[1]
+              mref[2]
+              if non_t_tag_refs[vref] && !t_versions[vref]
+                out << line
+                out << "[#{vref}t]: #{non_t_tag_refs[vref]}\n"
+                t_versions[vref] = true
+                i += 1
+                next
+              end
+            end
+          end
+
+          out << line
+          i += 1
+        end
+        out.join
+      end
+
       def update_link_refs(content, owner, repo, prev_version, new_version)
         # Convert any GitLab links to GitHub
         content = content.gsub(%r{https://gitlab\.com/([^/]+)/([^/]+)/-/compare/([^\.]+)\.\.\.([^\s]+)}) do

data/lib/kettle/dev/release_cli.rb

@@ -260,17 +260,19 @@ module Kettle
           run_cmd!("bundle exec rake build")
         end
 
-        # 15. checksums validate
+        # 15. release and tag
         if @start_step <= 15
-          run_cmd!("bin/gem_checksums")
-          version ||= detect_version
-          validate_checksums!(version, stage: "after build + gem_checksums")
+          puts "Running release (you may be prompted for signing key password and RubyGems MFA OTP)..."
+          run_cmd!("bundle exec rake release")
         end
 
-        # 16. release and validate
+        # 16. generate checksums
+        #    Checksums are generated after release to avoid including checksums/ in gem package
+        #    Rationale: Running gem_checksums before release may commit checksums/ and cause Bundler's
+        #    release build to include them in the gem, altering the artifact.
         if @start_step <= 16
-          puts "Running release (you may be prompted for signing key password and RubyGems MFA OTP)..."
-          run_cmd!("bundle exec rake release")
+          # Generate checksums for the just-built artifact, then validate
+          run_cmd!("bin/gem_checksums")
           version ||= detect_version
           validate_checksums!(version, stage: "after release")
         end

data/lib/kettle/dev/version.rb

@@ -6,7 +6,7 @@ module Kettle
     module Version
       # The gem version.
       # @return [String]
-      VERSION = "1.1.29"
+      VERSION = "1.1.31"
 
       module_function
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kettle-dev
 version: !ruby/object:Gem::Version
-  version: 1.1.29
+  version: 1.1.31
 platform: ruby
 authors:
 - Peter H. Boling
@@ -404,10 +404,10 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://kettle-dev.galtzo.com/
-  source_code_uri: https://github.com/kettle-rb/kettle-dev/tree/v1.1.29
-  changelog_uri: https://github.com/kettle-rb/kettle-dev/blob/v1.1.29/CHANGELOG.md
+  source_code_uri: https://github.com/kettle-rb/kettle-dev/tree/v1.1.31
+  changelog_uri: https://github.com/kettle-rb/kettle-dev/blob/v1.1.31/CHANGELOG.md
   bug_tracker_uri: https://github.com/kettle-rb/kettle-dev/issues
-  documentation_uri: https://www.rubydoc.info/gems/kettle-dev/1.1.29
+  documentation_uri: https://www.rubydoc.info/gems/kettle-dev/1.1.31
   funding_uri: https://github.com/sponsors/pboling
   wiki_uri: https://github.com/kettle-rb/kettle-dev/wiki
   news_uri: https://www.railsbling.com/tags/kettle-dev