kettle-dev 1.1.33 → 1.1.34

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 75a1e2bd3427f4cb693a7c57c69e733c6ac5e92df56aeba02ad85fcbb8eaf677
-  data.tar.gz: 4fda8487beb40b94941c32a18066ffc3f995c2cef351e9b289f91d6098213253
+  metadata.gz: 7bed8f3120c4a6e802739f3a9ad89e6c287bf46daddaf60f76d590a19f181655
+  data.tar.gz: 7a27825799903260664be7e83b9de1bb4ec209c10fe0e485b78262f4acd051b2
 SHA512:
-  metadata.gz: 3c80c576bbf97d1e25d21b8e4d28d3ef09dd3ca1e13912105e81d73c4682dedd83492df7eccbe10b730cc40b237f1e154709b4fe45de2450723aa129567d981c
-  data.tar.gz: 272a2cce9ed40731e78eb0f09a600072c0430c088a836ec6d297e67b43f6b3cde09ad5ee1c9c603c75231320e764c87ecdc915da60fcb950d22f6c22590f7708
+  metadata.gz: 14da5405b5541fd3df74d20880853bb09d3a5d5c9186c212b6d40a02deb686ac6fb65294a0dd9bc5dec4a2e17678993951cbd22165ad6dd78c7ad6ef48aa6250
+  data.tar.gz: 951fceacca3fc66a3b607778bb630193ec3853c24d8f3f2d0cd7abdb1f68d6f483171b5b5fe2d0da1b2b8b7a54bdc88094cbb83c42254bf7e1d56609fbd24cc7

data/CHANGELOG.md

@@ -30,6 +30,25 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Security
 
+## [1.1.34] - 2025-10-20
+
+- TAG: [v1.1.34][1.1.34t]
+- COVERAGE: 96.10% -- 3938/4098 lines in 26 files
+- BRANCH COVERAGE: 80.92% -- 1624/2007 branches in 26 files
+- 79.68% documented
+
+### Changed
+
+- kettle-release: Make step 17 only push the checksum commit; bin/gem_checksums creates the commit internally.
+- kettle-release: Ensure a final push of tags occurs after checksums and optional GitHub release; supports an 'all' remote aggregator when configured.
+
+### Fixed
+
+- fixed rake task compatibility with BUNDLE_PATH (i.e. vendored bundle)
+  - appraisal tasks
+  - bench tasks
+  - reek tasks
+
 ## [1.1.33] - 2025-10-13
 
 - TAG: [v1.1.33][1.1.33t]
@@ -1081,7 +1100,9 @@ Please file a bug if you notice a violation of semantic versioning.
   - Selecting will run the selected workflow via `act`
   - This may move to its own gem in the future.
 
-[Unreleased]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.33...HEAD
+[Unreleased]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.34...HEAD
+[1.1.34]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.33...v1.1.34
+[1.1.34t]: https://github.com/kettle-rb/kettle-dev/releases/tag/v1.1.34
 [1.1.33]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.32...v1.1.33
 [1.1.33t]: https://github.com/kettle-rb/kettle-dev/releases/tag/v1.1.33
 [1.1.32]: https://github.com/kettle-rb/kettle-dev/compare/v1.1.31...v1.1.32

data/README.md

@@ -1,9 +1,9 @@
-| 📍 NOTE                                                                                                                                                     |
-|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| RubyGems.org was [recently compromised][draper-security] in a [hostile takeover][draper-takeover] about which [many lies][draper-lies] have been told.      |
-| I'm in the process of adding warnings to some important gems because I [don't condone the theft][draper-theft] of the bundler and rubygems-update projects. |
-| Once publishing to [gem.coop][gem-coop] is available I will stop publishing to RubyGems.org.                                                                |
-| Please see [here][gem-coop] and [here][martin-ann] for more info on what comes next.                                                                        |
+| 📍 NOTE                                                                                                                                                                                      |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| RubyGems.org was [recently compromised][draper-security] in a [hostile takeover][draper-takeover] about which [many lies][draper-lies] have been told.                                       |
+| I'm in the process of adding warnings to some important gems because I [don't condone the theft][draper-theft] of the bundler and rubygems-update projects.                                  |
+| Once publishing to [gem.coop][gem-coop] is available I will stop publishing to RubyGems.org, unless they make amends. I am writing my a new federated gem-server.                            |
+| Please see [here][gem-coop] and [here][martin-ann] for more info on what comes next. This ["Technology for Humans" podcast episode][reinteractive-podcast] is the best summary I'm aware of. |
 
 [draper-security]: https://joel.drapper.me/p/ruby-central-security-measures/
 [draper-takeover]: https://joel.drapper.me/p/ruby-central-takeover/
@@ -11,6 +11,7 @@
 [draper-theft]: https://joel.drapper.me/p/ruby-central/
 [gem-coop]: https://gem.coop
 [martin-ann]: https://martinemde.com/2025/10/05/announcing-gem-coop.html
+[reinteractive-podcast]: https://youtu.be/_H4qbtC5qzU?si=BvuBU90R2wAqD2E6
 
 [![Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0][🖼️galtzo-i]][🖼️galtzo-discord] [![ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5][🖼️ruby-lang-i]][🖼️ruby-lang] [![kettle-dev Logo by Aboling0, CC BY-SA 4.0][🖼️kettle-dev-i]][🖼️kettle-dev]
 
@@ -939,7 +940,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-1.176-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-4.098-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year

data/README.md.example

@@ -1,9 +1,9 @@
-| 📍 NOTE                                                                                                                                                     |
-|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| RubyGems.org was [recently compromised][draper-security] in a [hostile takeover][draper-takeover] about which [many lies][draper-lies] have been told.      |
-| I'm in the process of adding warnings to some important gems because I [don't condone the theft][draper-theft] of the bundler and rubygems-update projects. |
-| Once publishing to [gem.coop][gem-coop] is available I will stop publishing to RubyGems.org.                                                                |
-| Please see [here][gem-coop] and [here][martin-ann] for more info on what comes next.                                                                        |
+| 📍 NOTE                                                                                                                                                                                      |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| RubyGems.org was [recently compromised][draper-security] in a [hostile takeover][draper-takeover] about which [many lies][draper-lies] have been told.                                       |
+| I'm in the process of adding warnings to some important gems because I [don't condone the theft][draper-theft] of the bundler and rubygems-update projects.                                  |
+| Once publishing to [gem.coop][gem-coop] is available I will stop publishing to RubyGems.org, unless they make amends. I am writing my a new federated gem-server.                            |
+| Please see [here][gem-coop] and [here][martin-ann] for more info on what comes next. This ["Technology for Humans" podcast episode][reinteractive-podcast] is the best summary I'm aware of. |
 
 [draper-security]: https://joel.drapper.me/p/ruby-central-security-measures/
 [draper-takeover]: https://joel.drapper.me/p/ruby-central-takeover/
@@ -11,6 +11,7 @@
 [draper-theft]: https://joel.drapper.me/p/ruby-central/
 [gem-coop]: https://gem.coop
 [martin-ann]: https://martinemde.com/2025/10/05/announcing-gem-coop.html
+[reinteractive-podcast]: https://youtu.be/_H4qbtC5qzU?si=BvuBU90R2wAqD2E6
 
 [![Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0][🖼️galtzo-i]][🖼️galtzo-discord] [![ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5][🖼️ruby-lang-i]][🖼️ruby-lang] [![kettle-dev Logo by Aboling0, CC BY-SA 4.0][🖼️kettle-dev-i]][🖼️kettle-dev]
 
@@ -533,7 +534,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-1.176-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-4.098-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year

data/README.md.no-osc.example

@@ -1,9 +1,9 @@
-| 📍 NOTE                                                                                                                                                     |
-|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| RubyGems.org was [recently compromised][draper-security] in a [hostile takeover][draper-takeover] about which [many lies][draper-lies] have been told.      |
-| I'm in the process of adding warnings to some important gems because I [don't condone the theft][draper-theft] of the bundler and rubygems-update projects. |
-| Once publishing to [gem.coop][gem-coop] is available I will stop publishing to RubyGems.org.                                                                |
-| Please see [here][gem-coop] and [here][martin-ann] for more info on what comes next.                                                                        |
+| 📍 NOTE                                                                                                                                                                                      |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| RubyGems.org was [recently compromised][draper-security] in a [hostile takeover][draper-takeover] about which [many lies][draper-lies] have been told.                                       |
+| I'm in the process of adding warnings to some important gems because I [don't condone the theft][draper-theft] of the bundler and rubygems-update projects.                                  |
+| Once publishing to [gem.coop][gem-coop] is available I will stop publishing to RubyGems.org, unless they make amends. I am writing my a new federated gem-server.                            |
+| Please see [here][gem-coop] and [here][martin-ann] for more info on what comes next. This ["Technology for Humans" podcast episode][reinteractive-podcast] is the best summary I'm aware of. |
 
 [draper-security]: https://joel.drapper.me/p/ruby-central-security-measures/
 [draper-takeover]: https://joel.drapper.me/p/ruby-central-takeover/
@@ -11,6 +11,7 @@
 [draper-theft]: https://joel.drapper.me/p/ruby-central/
 [gem-coop]: https://gem.coop
 [martin-ann]: https://martinemde.com/2025/10/05/announcing-gem-coop.html
+[reinteractive-podcast]: https://youtu.be/_H4qbtC5qzU?si=BvuBU90R2wAqD2E6
 
 [![Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0][🖼️galtzo-i]][🖼️galtzo-discord] [![ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5][🖼️ruby-lang-i]][🖼️ruby-lang] [![kettle-dev Logo by Aboling0, CC BY-SA 4.0][🖼️kettle-dev-i]][🖼️kettle-dev]
 

data/Rakefile.example

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# kettle-dev Rakefile v1.1.33 - 2025-10-13
+# kettle-dev Rakefile v1.1.34 - 2025-10-20
 # Ruby 2.3 (Safe Navigation) or higher required
 #
 # MIT License (see License.txt)

data/exe/kettle-release

@@ -11,8 +11,10 @@
 # - Builds and releases using Bundler/Rake (reproducible by default in Bundler 2.7+)
 # - Runs `bundle exec rake build` (expects PEM password unless SKIP_GEM_SIGNING)
 #   - If signing not skipped and no public cert in certs/<user>.pem, aborts with guidance
-# - Runs bin/gem_checksums
 # - Runs `bundle exec rake release` (expects PEM password and RubyGems MFA OTP)
+# - Runs bin/gem_checksums (which creates the checksum commit), then pushes it
+# - Optionally creates a GitHub Release when GITHUB_TOKEN is present
+# - Finally pushes tags to remotes (including an 'all' aggregator if configured)
 
 # Immediate, unbuffered output
 $stdout.sync = true
@@ -52,7 +54,10 @@ if ARGV.include?("-h") || ARGV.include?("--help")
       - Commits a release prep change
       - Ensures trunk is up-to-date, pushes branch, and monitors CI (GitHub/GitLab)
       - Merges feature into trunk upon CI success
-      - Builds, records checksums, and releases (requires Bundler >= 2.7.0)
+      - Builds and releases the gem
+      - Generates checksums (via bin/gem_checksums), then pushes the checksum commit
+      - Optionally creates a GitHub Release
+      - Pushes tags to remotes at the end
 
     Environment:
       SKIP_GEM_SIGNING=true        # skip gem signing during build/release

data/lib/kettle/dev/git_adapter.rb

@@ -104,6 +104,36 @@ module Kettle
         end
       end
 
+      # Push all tags to a remote.
+      # Notes:
+      # - The ruby-git gem does not provide a stable API for pushing all tags across
+      #   versions, so we intentionally shell out to `git push --tags` for both
+      #   backends. Tests should stub this method in higher-level code to avoid
+      #   mutating any repositories.
+      #
+      # @param remote [String, nil] The remote name. When nil or empty, uses the
+      #   repository's default remote (same behavior as running `git push --tags`)
+      #   which typically uses the current branch's upstream.
+      # @return [Boolean] true if the system call reports success; false on failure
+      def push_tags(remote)
+        if @backend == :gem
+          # The ruby-git gem does not expose a dedicated API for "--tags" consistently across versions.
+          # Use a shell fallback even when the gem backend is active. Tests should stub this method.
+          if remote && !remote.to_s.empty?
+            system("git", "push", remote.to_s, "--tags")
+          else
+            system("git", "push", "--tags")
+          end
+        elsif remote && !remote.to_s.empty?
+          system("git", "push", remote.to_s, "--tags")
+        else
+          system("git", "push", "--tags")
+        end
+      rescue StandardError => e
+        Kettle::Dev.debug_error(e, __method__)
+        false
+      end
+
       # @return [String, nil] current branch name, or nil on error
       def current_branch
         if @backend == :gem

data/lib/kettle/dev/rakelib/appraisal.rake

@@ -6,14 +6,14 @@ begin
 
   desc("Install Appraisal gemfiles (initial setup for projects that didn't previously use Appraisal)")
   task("appraisal:install") do
-    bundle = Gem.bindir ? File.join(Gem.bindir, "bundle") : "bundle"
+    bundle = "bundle"
 
     run_in_unbundled = proc do
       env = {"BUNDLE_GEMFILE" => "Appraisal.root.gemfile"}
 
-      # 1) bundle install --gemfile Appraisal.root.gemfile
-      ok = system(bundle, "install", "--gemfile", "Appraisal.root.gemfile")
-      abort("appraisal:install failed: bundle install --gemfile Appraisal.root.gemfile") unless ok
+      # 1) BUNDLE_GEMFILE=Appraisal.root.gemfile bundle install
+      ok = system(env, bundle, "install")
+      abort("appraisal:install failed: BUNDLE_GEMFILE=Appraisal.root.gemfile bundle install") unless ok
 
       # 2) BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal install
       ok = system(env, bundle, "exec", "appraisal", "install")
@@ -33,22 +33,22 @@ begin
 
   desc("Update Appraisal gemfiles and run RuboCop Gradual autocorrect")
   task("appraisal:update") do
-    bundle = Gem.bindir ? File.join(Gem.bindir, "bundle") : "bundle"
+    bundle = "bundle"
 
     run_in_unbundled = proc do
       env = {"BUNDLE_GEMFILE" => "Appraisal.root.gemfile"}
 
       # 1) BUNDLE_GEMFILE=Appraisal.root.gemfile bundle update --bundler
       ok = system(env, bundle, "update", "--bundler")
-      abort("appraisal:update failed: bundle update --bundler under Appraisal.root.gemfile") unless ok
+      abort("appraisal:update failed: BUNDLE_GEMFILE=Appraisal.root.gemfile bundle update --bundler") unless ok
 
-      # 2) BUNDLE_GEMFILE=Appraisal.root.gemfile bundle (install)
-      ok = system(env, bundle)
-      abort("appraisal:update failed: bundler install under Appraisal.root.gemfile") unless ok
+      # 2) BUNDLE_GEMFILE=Appraisal.root.gemfile bundle install
+      ok = system(env, bundle, "install")
+      abort("appraisal:update failed: BUNDLE_GEMFILE=Appraisal.root.gemfile bundle install") unless ok
 
       # 3) BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update
       ok = system(env, bundle, "exec", "appraisal", "update")
-      abort("appraisal:update failed: bundle exec appraisal update") unless ok
+      abort("appraisal:update failed: BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update") unless ok
 
       # 4) bundle exec rake rubocop_gradual:autocorrect
       ok = system(bundle, "exec", "rake", "rubocop_gradual:autocorrect")

data/lib/kettle/dev/rakelib/bench.rake

@@ -22,7 +22,7 @@ namespace :bench do
     end
 
     ruby = RbConfig.ruby
-    bundle = Gem.bindir ? File.join(Gem.bindir, "bundle") : "bundle"
+    bundle = "bundle"
     bench_files = Dir[File.join(__dir__, "benchmarks", "*.rb")].sort
     if bench_files.empty?
       puts "No benchmark scripts found under benchmarks/."

data/lib/kettle/dev/rakelib/reek.rake

@@ -15,7 +15,7 @@ begin
   desc("Run reek and store the output into the REEK file")
   task("reek:update") do
     # Run via Bundler if available to ensure the right gem version is used
-    cmd = [Gem.bindir ? File.join(Gem.bindir, "bundle") : "bundle", "exec", "reek"]
+    cmd = %w[bundle exec reek]
 
     output, status = Open3.capture2e(*cmd)
 

data/lib/kettle/dev/release_cli.rb

@@ -269,22 +269,25 @@ module Kettle
         # 16. generate checksums
         #    Checksums are generated after release to avoid including checksums/ in gem package
         #    Rationale: Running gem_checksums before release may commit checksums/ and cause Bundler's
-        #    release build to include them in the gem, altering the artifact.
+        #    release build to include them in the gem, thus altering the artifact, and invalidating the checksums.
         if @start_step <= 16
-          # Generate checksums for the just-built artifact, then validate
+          # Generate checksums for the just-built artifact, commit them, then validate
           run_cmd!("bin/gem_checksums")
           version ||= detect_version
           validate_checksums!(version, stage: "after release")
         end
 
-        # 17. create GitHub release (optional)
-        if @start_step <= 17
+        # 17. push checksum commit (gem_checksums already commits)
+        push! if @start_step <= 17
+
+        # 18. create GitHub release (optional)
+        if @start_step <= 18
           version ||= detect_version
           maybe_create_github_release!(version)
         end
 
-        # 18. push tags to remotes (new final step)
-        push_tags! if @start_step <= 18
+        # 19. push tags to remotes (final step)
+        push_tags! if @start_step <= 19
 
         # Final success message
         begin
@@ -708,17 +711,20 @@ module Kettle
         # 2) Otherwise, if other remotes exist, push tags to each of them.
         # 3) If no remotes are configured, push tags using default remote.
         if has_remote?("all")
-          run_cmd!("git push all --tags")
+          ok = @git.push_tags("all")
+          warn("Push tags to 'all' reported failure.") unless ok
           return
         end
 
         remotes = list_remotes
         remotes -= ["all"] if remotes
         if remotes.nil? || remotes.empty?
-          run_cmd!("git push --tags")
+          ok = @git.push_tags(nil)
+          warn("Push tags (default remote) reported failure.") unless ok
         else
           remotes.each do |remote|
-            run_cmd!("git push #{Shellwords.escape(remote)} --tags")
+            ok = @git.push_tags(remote)
+            warn("Push tags to #{remote} reported failure.") unless ok
           end
         end
       end

data/lib/kettle/dev/version.rb

@@ -6,7 +6,7 @@ module Kettle
     module Version
       # The gem version.
       # @return [String]
-      VERSION = "1.1.33"
+      VERSION = "1.1.34"
 
       module_function
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kettle-dev
 version: !ruby/object:Gem::Version
-  version: 1.1.33
+  version: 1.1.34
 platform: ruby
 authors:
 - Peter H. Boling
@@ -409,10 +409,10 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://kettle-dev.galtzo.com/
-  source_code_uri: https://github.com/kettle-rb/kettle-dev/tree/v1.1.33
-  changelog_uri: https://github.com/kettle-rb/kettle-dev/blob/v1.1.33/CHANGELOG.md
+  source_code_uri: https://github.com/kettle-rb/kettle-dev/tree/v1.1.34
+  changelog_uri: https://github.com/kettle-rb/kettle-dev/blob/v1.1.34/CHANGELOG.md
   bug_tracker_uri: https://github.com/kettle-rb/kettle-dev/issues
-  documentation_uri: https://www.rubydoc.info/gems/kettle-dev/1.1.33
+  documentation_uri: https://www.rubydoc.info/gems/kettle-dev/1.1.34
   funding_uri: https://github.com/sponsors/pboling
   wiki_uri: https://github.com/kettle-rb/kettle-dev/wiki
   news_uri: https://www.railsbling.com/tags/kettle-dev