kettle-dev 1.1.30 → 1.1.31

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 24950b17a0a1ee458861480335acd45429b027a17fd133f72d17f732b403f415
-  data.tar.gz: e68596a5a5055a3858b59e0c8ae8ac92f5e5bdcd5bbd3387755762b736c02f88
+  metadata.gz: 94de7d823ad51d4a1b86c9b982c7d91b01af35e16d2f042682c1ba792774a066
+  data.tar.gz: f8e64e6615a0dd2ce0315cc56ee5095aa6c786e8767d7aefadbe90f2362054c5
 SHA512:
-  metadata.gz: 796b0154e4776325371c10d084145fc0e7e137dfc5dd306e11f2f7f2cf15977521530d4ea8871ad68975096e55148df10714dfda6b15a54c1b47afa5dfa35849
-  data.tar.gz: 251c64190d20d26286d36cfbfed62c4d9243b1bd2897feb0f3ba1c438f7bcba479db53370416695f6f04cd083934ab69b8f7576125aca0e0fe7cca7b0e95837b
+  metadata.gz: 964a6e1a5b82820272c9638039566609f3ef78a44800355db416b3cef0414a44985fc3720e34279e430322f70f6b188689b53008998cc5b0227185ad38e1969f
+  data.tar.gz: f4316fc97d2443957f63f9d19407ac97ba948a4f7702636d165cf507c8313dba5e043175cb443a2716ea6f60b6f2d1b6a2f96669d498c09499675c017435d69a

data/CHANGELOG.md

@@ -30,6 +30,18 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Security
 
+## [1.1.31] - 2025-09-21
+
+- TAG: [v1.1.31][1.1.31t]
+- COVERAGE: 96.39% -- 3929/4076 lines in 26 files
+- BRANCH COVERAGE: 81.07% -- 1619/1997 branches in 26 files
+- 79.12% documented
+
+### Fixed
+
+- order of checksums and release / tag reversed
+  - remove all possibility of gem rebuild (part of reproducible builds) including checksums in the rebuilt gem
+
 ## [1.1.30] - 2025-09-21
 
 - TAG: [v1.1.30][1.1.30t]
@@ -1030,7 +1042,9 @@ Please file a bug if you notice a violation of semantic versioning.
   - Selecting will run the selected workflow via `act`
   - This may move to its own gem in the future.
 
-[Unreleased]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.30...HEAD
+[Unreleased]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.31...HEAD
+[1.1.31]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.30...v1.1.31
+[1.1.31t]: https://github.com/kettle-rb/kettle-dev/releases/tag/v1.1.31
 [1.1.30]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.29...v1.1.30
 [1.1.30t]: https://github.com/kettle-rb/kettle-dev/releases/tag/v1.1.30
 [1.1.29]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.28...v1.1.29

data/README.md

@@ -442,8 +442,8 @@ What it does:
     - 12: Checkout trunk and pull latest
     - 13: Signing checks and guidance (abort when signing enabled but cert missing); respect SKIP_GEM_SIGNING
     - 14: Build gem (honors SKIP_GEM_SIGNING via env prefix)
-    - 15: Generate and validate gem checksums (bin/gem_checksums)
-    - 16: Release via `bundle exec rake release` and validate checksums again
+    - 15: Release via `bundle exec rake release` (also creates git tag)
+    - 16: Generate and validate gem checksums (bin/gem_checksums)
     - 17: Create GitHub release from CHANGELOG when GITHUB_TOKEN present
     - 18: Push git tags to remotes (to "all" remote only when present; otherwise to each remote)
 - Examples:
@@ -925,7 +925,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-4.078-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-4.076-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year

data/README.md.example

@@ -519,7 +519,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-4.078-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-4.076-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year

data/Rakefile.example

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# kettle-dev Rakefile v1.1.30 - 2025-09-21
+# kettle-dev Rakefile v1.1.31 - 2025-09-22
 # Ruby 2.3 (Safe Navigation) or higher required
 #
 # MIT License (see License.txt)

data/lib/kettle/dev/release_cli.rb

@@ -260,17 +260,19 @@ module Kettle
           run_cmd!("bundle exec rake build")
         end
 
-        # 15. checksums validate
+        # 15. release and tag
         if @start_step <= 15
-          run_cmd!("bin/gem_checksums")
-          version ||= detect_version
-          validate_checksums!(version, stage: "after build + gem_checksums")
+          puts "Running release (you may be prompted for signing key password and RubyGems MFA OTP)..."
+          run_cmd!("bundle exec rake release")
         end
 
-        # 16. release and validate
+        # 16. generate checksums
+        #    Checksums are generated after release to avoid including checksums/ in gem package
+        #    Rationale: Running gem_checksums before release may commit checksums/ and cause Bundler's
+        #    release build to include them in the gem, altering the artifact.
         if @start_step <= 16
-          puts "Running release (you may be prompted for signing key password and RubyGems MFA OTP)..."
-          run_cmd!("bundle exec rake release")
+          # Generate checksums for the just-built artifact, then validate
+          run_cmd!("bin/gem_checksums")
           version ||= detect_version
           validate_checksums!(version, stage: "after release")
         end

data/lib/kettle/dev/version.rb

@@ -6,7 +6,7 @@ module Kettle
     module Version
       # The gem version.
       # @return [String]
-      VERSION = "1.1.30"
+      VERSION = "1.1.31"
 
       module_function
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kettle-dev
 version: !ruby/object:Gem::Version
-  version: 1.1.30
+  version: 1.1.31
 platform: ruby
 authors:
 - Peter H. Boling
@@ -404,10 +404,10 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://kettle-dev.galtzo.com/
-  source_code_uri: https://github.com/kettle-rb/kettle-dev/tree/v1.1.30
-  changelog_uri: https://github.com/kettle-rb/kettle-dev/blob/v1.1.30/CHANGELOG.md
+  source_code_uri: https://github.com/kettle-rb/kettle-dev/tree/v1.1.31
+  changelog_uri: https://github.com/kettle-rb/kettle-dev/blob/v1.1.31/CHANGELOG.md
   bug_tracker_uri: https://github.com/kettle-rb/kettle-dev/issues
-  documentation_uri: https://www.rubydoc.info/gems/kettle-dev/1.1.30
+  documentation_uri: https://www.rubydoc.info/gems/kettle-dev/1.1.31
   funding_uri: https://github.com/sponsors/pboling
   wiki_uri: https://github.com/kettle-rb/kettle-dev/wiki
   news_uri: https://www.railsbling.com/tags/kettle-dev

metadata.gz.sig

@@ -1 +1 @@
-%�
0Y�˕�X���,��F�?���1x���5�
����n۵��M���vѿ����N�J��h�0@|�!^�wR\i`�Ef��%�5�GA+��g�=�jO�of:*�"�fiK��WB�9^&��K�3'��bA9;�K�7��d��E�	�m��i��TJֆdbm��"�/#�i�lT*Rm�8-ּƩN4jh��-< j2��DP�
�*T>Z��*f�����1�����H�+��1�v�A�aG+��������������;:���AJt�}��)y�~���<7g3�(�6��o�XS���k���^�aK�+�_�á�5����������`�1L��q�ac�s��ŨJ>v�_��N���VA�
F�x
+��S�3Y�!�pynq�Yll�v�Nb���i0