kettle-dev 2.2.3 → 2.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fa3fa8282c2b534ba8d14a5ff998db809e15c577e3e7b65bd7592c7bd8e568d7
-  data.tar.gz: ffa804162693d265c3a250d39f37324806d00a44676c50ca35c0a12cbecce771
+  metadata.gz: ba33ed9512e4bc65a82886c163c0c01c3b8c59895326fb64c64b01c97fbbbf77
+  data.tar.gz: 9c14bb68844fd3c46315215b6e60a9f35b3ebd9c416a8fad96552e361e061f30
 SHA512:
-  metadata.gz: cfffdbc293252d77553ba59d5e9179121c7b537ae676a1380c38a8a7af30b85266e1f07487f0368fd61671cee3a0324b2889537fbe89780225a54c8c6287c10e
-  data.tar.gz: 9e59b4fc95c59873b928adaa4a4ff75bab63247e60e5fbb8c39b8f6ef9cb7aad0f433efaa957dab32ec8c18a64cab5be63a7cd697566ef93590859821cb81b63
+  metadata.gz: fd4cb6930f617bcbc033d1366a69a0f11911b6293145e37a30d149ecb7a3b54fc2c2cda287294105ca4a5d1b9598765318a9291e5999bafefe6a066be27b1ecb
+  data.tar.gz: 9cf023ac4edeb2d13bb063e62f5fb73b61405e3e7d12e63b5350de1dab920ff5fa8a9bb3425f76648e4fa8bc1254392d1fb0a7b7dbfb13603cf8dc77415ad2d3

checksums.yaml.gz.sig

@@ -1,4 +1,5 @@
-���q��=��Q}9��e��F���gB�_��G'
��Ɇ����
-�}2�
-��v�Q,u���l��7��Y;�E}��$QL+_�Υ�砱M Z�
-�WJ�F�8��Y
+�p!��pOH�����Kh�&Y+��-YH2p�����1˚ܴ�k1
+
~
+.!�;b�\Q��z[��o�m� �/�Q����?��a�����P�.�z��<t�y�z�{� 1�#z~#��{�B��
+韗Cs�������6�{�H�U��L�F�����ϕ
+�3����t���/c�q~�Z�ƈ�)�t��hN;�

data/CHANGELOG.md

@@ -30,6 +30,44 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Security
 
+## [2.2.5] - 2026-06-13
+
+- TAG: [v2.2.5][2.2.5t]
+- COVERAGE: 92.29% -- 3818/4137 lines in 28 files
+- BRANCH COVERAGE: 73.49% -- 1516/2063 branches in 28 files
+- 67.00% documented
+
+### Changed
+
+- `kettle-gha-sha-pins --upgrade major` now supports major-line action tags
+  such as `v2`, while patch and minor upgrade targeting remain limited to full
+  `x.y.z` SemVer tags.
+
+### Fixed
+
+- `kettle-gha-sha-pins` persistent cache writes no longer crash for actions
+  whose releases and tags only include major-line versions such as `v2`.
+
+## [2.2.4] - 2026-06-12
+
+- TAG: [v2.2.4][2.2.4t]
+- COVERAGE: 92.18% -- 3806/4129 lines in 28 files
+- BRANCH COVERAGE: 73.26% -- 1507/2057 branches in 28 files
+- 67.00% documented
+
+### Changed
+
+- Retemplated generated project files with the current `kettle-jem` template,
+  refreshing development dependency floors, binstubs, README metadata, and RBS
+  validation workflow output.
+
+### Fixed
+
+- `kettle-gha-sha-pins --upgrade` no longer downgrades action pins when the
+  current SHA matches a newer version-like tag that is a prerelease or lacks a
+  GitHub Release, including transferred action repositories that require GitHub
+  API redirects.
+
 ## [2.2.3] - 2026-06-09
 
 - TAG: [v2.2.3][2.2.3t]
@@ -2022,7 +2060,11 @@ Please file a bug if you notice a violation of semantic versioning.
   - Selecting will run the selected workflow via `act`
   - This may move to its own gem in the future.
 
-[Unreleased]: https://github.com/kettle-dev/kettle-dev/compare/v2.2.3...HEAD
+[Unreleased]: https://github.com/kettle-dev/kettle-dev/compare/v2.2.5...HEAD
+[2.2.5]: https://github.com/kettle-dev/kettle-dev/compare/v2.2.4...v2.2.5
+[2.2.5t]: https://github.com/kettle-dev/kettle-dev/releases/tag/v2.2.5
+[2.2.4]: https://github.com/kettle-dev/kettle-dev/compare/v2.2.3...v2.2.4
+[2.2.4t]: https://github.com/kettle-dev/kettle-dev/releases/tag/v2.2.4
 [2.2.3]: https://github.com/kettle-dev/kettle-dev/compare/v2.2.2...v2.2.3
 [2.2.3t]: https://github.com/kettle-dev/kettle-dev/releases/tag/v2.2.3
 [2.2.2]: https://github.com/kettle-dev/kettle-dev/compare/v2.2.1...v2.2.2

data/README.md

@@ -854,7 +854,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]: https://gitmoji.dev
 [📌gitmoji-img]: https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-4.100-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-4.137-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: https://github.com/kettle-dev/kettle-dev/blob/main/SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
@@ -882,7 +882,7 @@ Thanks for RTFM. ☺️
 | Package | kettle-dev |
 | Description | 🍲 Kettle::Dev is a meta tool from kettle-rb to streamline development and testing. Acts as a shim dependency, pulling in many other dependencies, to give you OOTB productivity with a RubyGem, or Ruby app project. Configures a complete set of Rake tasks, for all the libraries is brings in, so they arrive ready to go. Fund overlooked open source projects - bottom of stack, dev/test dependencies: floss-funding.dev |
 | Homepage | https://github.com/kettle-dev/kettle-dev |
-| Source | https://github.com/kettle-dev/kettle-dev/tree/v2.2.1 |
+| Source | https://github.com/kettle-dev/kettle-dev/tree/v2.2.4 |
 | License | `AGPL-3.0-only` |
 | Funding | https://github.com/sponsors/pboling, https://issuehunt.io/u/pboling, https://ko-fi.com/pboling, https://liberapay.com/pboling/donate, https://opencollective.com/kettle-dev, https://opencollective.com/kettle-rb, https://patreon.com/galtzo, https://polar.sh/pboling, https://thanks.dev/u/gh/pboling, https://tidelift.com/funding/github/rubygems/kettle-dev, https://www.buymeacoffee.com/pboling |
 <!-- kettle-jem:metadata:end -->

data/lib/kettle/dev/gha_sha_pins_cli.rb

@@ -478,7 +478,7 @@ module Kettle
 
       def parse_release_version(value)
         normalized = value.to_s.sub(/\A[vV]/, "")
-        return nil unless normalized.match?(/\A\d+\.\d+\.\d+(?:[-.]?[0-9A-Za-z.-]+)?\z/)
+        return nil unless normalized.match?(/\A(?:\d+|\d+\.\d+\.\d+(?:[-.]?[0-9A-Za-z.-]+)?)\z/)
 
         Gem::Version.new(normalized)
       rescue ArgumentError
@@ -504,10 +504,13 @@ module Kettle
       def choose_upgrade_target(current_version, versions, level)
         current = parse_release_version(current_version)
         return nil if current.nil?
+        return nil if level != "major" && major_line_version?(current_version)
 
         candidates = versions.select do |entry|
           next false unless entry[:version_obj].is_a?(Gem::Version)
           next false unless entry[:version_obj] > current
+          next false if entry[:version_obj].prerelease? && !current.prerelease?
+          next false if level != "major" && major_line_version?(entry[:version])
 
           case level
           when "patch"
@@ -522,12 +525,20 @@ module Kettle
         candidates.max_by { |entry| entry[:version_obj] }
       end
 
+      def major_line_version?(value)
+        value.to_s.match?(/\A\d+\z/)
+      end
+
       def latest_outdated_target(current_version, versions)
         current = parse_release_version(current_version)
         return nil if current.nil?
 
         versions
-          .select { |entry| entry[:version_obj].is_a?(Gem::Version) && entry[:version_obj] > current }
+          .select do |entry|
+            entry[:version_obj].is_a?(Gem::Version) &&
+              entry[:version_obj] > current &&
+              (!entry[:version_obj].prerelease? || current.prerelease?)
+          end
           .max_by { |entry| entry[:version_obj] }
       end
 
@@ -902,7 +913,7 @@ module Kettle
 
       # Persistent cache of GitHub Action release versions and target SHAs.
       class PersistentActionCache
-        VERSION = 1
+        VERSION = 2
 
         def self.default_path
           state_home = ENV["XDG_STATE_HOME"]
@@ -1008,6 +1019,7 @@ module Kettle
             JSON.parse(File.read(@path))
           end
           return empty_data unless parsed.is_a?(Hash)
+          return empty_data unless parsed["version"].to_i == VERSION
 
           parsed["version"] ||= VERSION
           parsed["actions"] = {} unless parsed["actions"].is_a?(Hash)
@@ -1045,11 +1057,13 @@ module Kettle
 
             deserialized.merge(cached_at: entry["cached_at"].to_s)
           end
+          return {} if entries.empty?
 
+          full_semver_entries = entries.reject { |entry| major_line_version?(entry[:version]) }
           {
-            "patch" => entries.group_by { |entry| entry[:version_obj].segments[0, 2].join(".") }
+            "patch" => full_semver_entries.group_by { |entry| entry[:version_obj].segments[0, 2].join(".") }
               .transform_values { |group| serialize_target(group.max_by { |entry| entry[:version_obj] }) },
-            "minor" => entries.group_by { |entry| entry[:version_obj].segments[0].to_s }
+            "minor" => full_semver_entries.group_by { |entry| entry[:version_obj].segments[0].to_s }
               .transform_values { |group| serialize_target(group.max_by { |entry| entry[:version_obj] }) },
             "major" => {"*" => serialize_target(entries.max_by { |entry| entry[:version_obj] })}
           }
@@ -1070,6 +1084,10 @@ module Kettle
           nil
         end
 
+        def major_line_version?(value)
+          value.to_s.match?(/\A\d+\z/)
+        end
+
         def fresh_entry?(entry)
           cached_at = Time.iso8601(entry["cached_at"].to_s)
           cached_at >= @clock.call - @ttl_seconds
@@ -1113,7 +1131,6 @@ module Kettle
           tag_shas = tag_ref_shas(repo_ref)
           releases = data.filter_map do |release|
             next unless release.is_a?(Hash)
-            next if release["prerelease"] == true
 
             tag = release["tag_name"].to_s
             parsed = parse_release_version_text(tag)
@@ -1126,6 +1143,21 @@ module Kettle
               sha: tag_shas[tag]
             }
           end
+          released_tags = releases.each_with_object({}) { |release, memo| memo[release[:tag]] = true }
+          tag_versions = tag_shas.filter_map do |tag, sha|
+            next if released_tags[tag]
+
+            parsed = parse_release_version_text(tag)
+            next unless parsed
+
+            {
+              tag: tag,
+              version_obj: parsed,
+              version: parsed.to_s,
+              sha: sha
+            }
+          end
+          releases.concat(tag_versions)
 
           releases.sort_by! { |release| release[:version_obj] }
           releases.reverse!
@@ -1171,7 +1203,7 @@ module Kettle
 
         def parse_release_version_text(value)
           normalized = value.to_s.sub(/\A[vV]/, "")
-          return nil unless normalized.match?(/\A\d+\.\d+\.\d+(?:[-.]?[0-9A-Za-z.-]+)?\z/)
+          return nil unless normalized.match?(/\A(?:\d+|\d+\.\d+\.\d+(?:[-.]?[0-9A-Za-z.-]+)?)\z/)
 
           Gem::Version.new(normalized)
         rescue ArgumentError
@@ -1190,20 +1222,53 @@ module Kettle
             object = entry["object"]
             next unless object.is_a?(Hash)
 
-            memo[tag] = object["sha"].to_s[0, 40] if object["type"] == "commit"
+            sha = object["sha"].to_s[0, 40]
+            case object["type"]
+            when "commit"
+              memo[tag] = sha
+            when "tag"
+              dereferenced_sha = annotated_tag_commit_sha(repo_ref, sha)
+              memo[tag] = dereferenced_sha if dereferenced_sha
+            end
           end
         end
 
-        def request_json(path)
+        def annotated_tag_commit_sha(repo_ref, tag_sha)
+          return nil if tag_sha.to_s.empty?
+
+          data = request_json("/repos/#{repo_ref}/git/tags/#{tag_sha}")
+          return nil unless data.is_a?(Hash)
+
+          object = data["object"]
+          return nil unless object.is_a?(Hash)
+          return nil unless object["type"] == "commit"
+
+          object["sha"].to_s[0, 40]
+        end
+
+        def request_json(path, redirects: 3)
           uri = URI.join(@api_base + "/", path)
-          request = Net::HTTP::Get.new(uri)
-          request["Accept"] = "application/vnd.github+json"
-          request["User-Agent"] = @user_agent
-          request["X-GitHub-Api-Version"] = "2022-11-28"
-          request["Authorization"] = "Bearer #{@token}" if @token && !@token.empty?
-
-          response = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == "https") do |http|
-            http.request(request)
+
+          response = nil
+          loop do
+            request = Net::HTTP::Get.new(uri)
+            request["Accept"] = "application/vnd.github+json"
+            request["User-Agent"] = @user_agent
+            request["X-GitHub-Api-Version"] = "2022-11-28"
+            request["Authorization"] = "Bearer #{@token}" if @token && !@token.empty?
+
+            response = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == "https") do |http|
+              http.request(request)
+            end
+
+            break unless response.code.to_i.between?(300, 399)
+            redirects -= 1
+            return nil if redirects.negative?
+
+            location = response["location"].to_s
+            return nil if location.empty?
+
+            uri = URI.join(uri.to_s, location)
           end
 
           return nil unless response.code.to_i == 200

data/lib/kettle/dev/version.rb

@@ -3,7 +3,7 @@
 module Kettle
   module Dev
     module Version
-      VERSION = "2.2.3"
+      VERSION = "2.2.5"
     end
     VERSION = Version::VERSION # Traditional Constant Location
   end

data/sig/kettle/dev.rbs

@@ -1,7 +1,6 @@
 module Kettle
   module Dev
     module Version
-      VERSION: String
     end
 
     class Error < ::StandardError

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kettle-dev
 version: !ruby/object:Gem::Version
-  version: 2.2.3
+  version: 2.2.5
 platform: ruby
 authors:
 - Peter H. Boling
@@ -134,7 +134,7 @@ dependencies:
         version: '3.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.1
+        version: 3.1.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -144,7 +144,7 @@ dependencies:
         version: '3.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.1
+        version: 3.1.2
 - !ruby/object:Gem::Dependency
   name: turbo_tests2
   requirement: !ruby/object:Gem::Requirement
@@ -338,10 +338,10 @@ licenses:
 - AGPL-3.0-only
 metadata:
   homepage_uri: https://kettle-dev.galtzo.com
-  source_code_uri: https://github.com/kettle-dev/kettle-dev/tree/v2.2.3
-  changelog_uri: https://github.com/kettle-dev/kettle-dev/blob/v2.2.3/CHANGELOG.md
+  source_code_uri: https://github.com/kettle-dev/kettle-dev/tree/v2.2.5
+  changelog_uri: https://github.com/kettle-dev/kettle-dev/blob/v2.2.5/CHANGELOG.md
   bug_tracker_uri: https://github.com/kettle-dev/kettle-dev/issues
-  documentation_uri: https://www.rubydoc.info/gems/kettle-dev/2.2.3
+  documentation_uri: https://www.rubydoc.info/gems/kettle-dev/2.2.5
   funding_uri: https://github.com/sponsors/pboling
   wiki_uri: https://github.com/kettle-dev/kettle-dev/wiki
   news_uri: https://www.railsbling.com/tags/kettle-dev