kettle-family 0.1.15 → 0.1.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f34f86e4bbc4ff6d79503e62d90a5f5942f2cf5ca71889d28e9580467e1cbf62
4
- data.tar.gz: 5b930341c10d8dbd8f254cfdd1cd38ffd553ce42801e43bc7d53be1feb794127
3
+ metadata.gz: 927846e1574bcad8790c8cabb3a7c06cd9afbf8e0637354cd52bd8d5c08e959b
4
+ data.tar.gz: 958338770647aabe0a916d81a9ec7ed76fac09feec4670d53a25c57120b1e59b
5
5
  SHA512:
6
- metadata.gz: 4728fe4ae1ee4c04ab01034ccc2443b7d77379912ec38aa0838c63f1ee08c902ce0db06c4d4753521a5461a34bd62a97715b4f3594eac960f4b4e0d3c0ea32b8
7
- data.tar.gz: e51a4793bb4b96ac610165217d143cba66976ef4e0ac2c106e87c9c7197ba5a238af032b3e9b5f360e67134668a11f9fce70e70ac9d6fa4cc545e2fd7b2689ac
6
+ metadata.gz: b750b13b10b5433d06d79a35a62bc7169e9321a3ca44b0af45bffb30b5fa713a12e4f026612c336a2bb761ef66f92abef17c66f35d0ebeceaf2ff3b75d9d8f6a
7
+ data.tar.gz: f36e586239ca4a3560dbae7d79357ac0ee2d6482e40b375c9e8c262849424b97395a230afc27f97d2770788cc81bc2a69b9ae5142670162c4abc66caea7d9709
checksums.yaml.gz.sig CHANGED
Binary file
data/CHANGELOG.md CHANGED
@@ -22,6 +22,9 @@ Please file a bug if you notice a violation of semantic versioning.
22
22
 
23
23
  - `kettle-family push`, `kettle-family pull`, and `kettle-family up` now plan
24
24
  or execute family-wide git synchronization commands.
25
+ - `kettle-family gha-sha-pins` now plans or executes
26
+ `kettle-gha-sha-pins` across family members, including branch stacks that
27
+ include `main`.
25
28
  - `kettle-family bump-version` now accepts the same relative bump targets as
26
29
  `kettle-bump` (`major`, `minor`, `patch`, and `pre`) and applies them per
27
30
  member from each member's current version.
data/README.md CHANGED
@@ -242,6 +242,15 @@ The release-state report lists each gem's current `version.rb`, latest published
242
242
  release, latest versioned `CHANGELOG.md` section, and whether pending changelog
243
243
  work exists in either `Unreleased` or an unpublished prepared release section.
244
244
 
245
+ Plan or update GitHub Actions workflow SHA pins across the selected family
246
+ members:
247
+
248
+ ```console
249
+ kettle-family gha-sha-pins
250
+ kettle-family gha-sha-pins --execute
251
+ kettle-family gha-sha-pins --execute --upgrade minor
252
+ ```
253
+
245
254
  Run release prep/build phases without publishing:
246
255
 
247
256
  ```console
@@ -6,8 +6,8 @@ require "optparse"
6
6
  module Kettle
7
7
  module Family
8
8
  class CLI
9
- COMMANDS = %w[discover plan report metadata check test lint docs template install bump-version add-changelog release push pull up branch-lanes release-state].freeze
10
- WORKFLOW_COMMANDS = %w[check test lint docs template release push pull up].freeze
9
+ COMMANDS = %w[discover plan report metadata check test lint docs template gha-sha-pins install bump-version add-changelog release push pull up branch-lanes release-state].freeze
10
+ WORKFLOW_COMMANDS = %w[check test lint docs template gha-sha-pins release push pull up].freeze
11
11
  MAIN_BRANCH_SKIPPING_COMMANDS = %w[install release].freeze
12
12
 
13
13
  def self.call(argv, out: $stdout, err: $stderr)
@@ -61,6 +61,7 @@ module Kettle
61
61
  lint Plan or execute configured lint command per member
62
62
  docs Plan or execute configured docs command per member
63
63
  template Plan or execute kettle-jem templating per member
64
+ gha-sha-pins Plan or execute kettle-gha-sha-pins per member
64
65
  install Build and install selected local family gems
65
66
  bump-version Check, plan, or execute family version alignment
66
67
  add-changelog Add an entry to an existing Unreleased changelog section
@@ -83,8 +84,9 @@ module Kettle
83
84
  --env KEY=VALUE Override an environment variable for each member workflow command
84
85
  --section NAME Changelog section for add-changelog
85
86
  --entry TEXT Changelog entry for add-changelog
86
- --check Check whether bump-version would need edits
87
+ --check Check whether bump-version or gha-sha-pins would need edits
87
88
  --from VERSION Require selected members to currently match VERSION
89
+ --upgrade LEVEL GitHub Actions SHA pin upgrade strategy: major, minor, patch
88
90
  --publish Use publish release command instead of build command
89
91
  --build-only Use build release command (default)
90
92
  --start-step N Pass start_step=N through to kettle-release commands
@@ -115,6 +117,7 @@ module Kettle
115
117
  changelog_entry: nil,
116
118
  check: false,
117
119
  from_version: nil,
120
+ gha_sha_pins_upgrade: "patch",
118
121
  publish: false,
119
122
  release_start_step: nil,
120
123
  release_local_ci: false,
@@ -138,6 +141,7 @@ module Kettle
138
141
  parser.on("--entry TEXT") { |value| options[:changelog_entry] = value }
139
142
  parser.on("--check") { options[:check] = true }
140
143
  parser.on("--from VERSION") { |value| options[:from_version] = value }
144
+ parser.on("--upgrade LEVEL") { |value| options[:gha_sha_pins_upgrade] = parse_gha_sha_pins_upgrade(value) }
141
145
  parser.on("--publish") { options[:publish] = true }
142
146
  parser.on("--build-only") { options[:publish] = false }
143
147
  parser.on("--start-step N", Integer) { |value| options[:release_start_step] = value }
@@ -216,6 +220,8 @@ module Kettle
216
220
  start_step: options[:release_start_step],
217
221
  local_ci: options[:release_local_ci],
218
222
  continue_ci_failures: options[:release_continue_ci_failures],
223
+ gha_sha_pins_upgrade: options[:gha_sha_pins_upgrade],
224
+ gha_sha_pins_check: options[:check],
219
225
  env_overrides: options[:workflow_env]
220
226
  ).results
221
227
  end
@@ -309,6 +315,13 @@ module Kettle
309
315
  env[key] = env_value
310
316
  end
311
317
 
318
+ def parse_gha_sha_pins_upgrade(value)
319
+ normalized = value.to_s.downcase
320
+ return normalized if %w[major minor patch].include?(normalized)
321
+
322
+ raise OptionParser::InvalidArgument, "--upgrade must be one of: major, minor, patch"
323
+ end
324
+
312
325
  def bump_version_results(members:, options:)
313
326
  results = VersionBump.new(
314
327
  members: members,
@@ -3,7 +3,7 @@
3
3
  module Kettle
4
4
  module Family
5
5
  module Version
6
- VERSION = "0.1.15"
6
+ VERSION = "0.1.16"
7
7
  end
8
8
  VERSION = Version::VERSION # Traditional Constant Location
9
9
  end
@@ -12,7 +12,8 @@ module Kettle
12
12
  "template" => "bundle exec kettle-jem install",
13
13
  "test" => "bundle exec kettle-test",
14
14
  "lint" => "bundle exec rake rubocop_gradual",
15
- "docs" => "bundle exec rake yard"
15
+ "docs" => "bundle exec rake yard",
16
+ "gha-sha-pins" => "bundle exec kettle-gha-sha-pins"
16
17
  }.freeze
17
18
  GIT_SYNC_COMMANDS = {
18
19
  "push" => [["push", %w[git push]]],
@@ -21,7 +22,7 @@ module Kettle
21
22
  }.freeze
22
23
  MAIN_BRANCH_SKIPPING_COMMANDS = %w[release].freeze
23
24
 
24
- def initialize(command:, config:, members:, execute: false, commit: true, allow_dirty: false, publish: false, push: false, tag: false, start_step: nil, local_ci: false, continue_ci_failures: false, env_overrides: {}, gem_signing_password: nil)
25
+ def initialize(command:, config:, members:, execute: false, commit: true, allow_dirty: false, publish: false, push: false, tag: false, start_step: nil, local_ci: false, continue_ci_failures: false, gha_sha_pins_upgrade: "patch", gha_sha_pins_check: false, env_overrides: {}, gem_signing_password: nil)
25
26
  @command = command
26
27
  @config = config
27
28
  @members = members
@@ -34,6 +35,8 @@ module Kettle
34
35
  @start_step = start_step
35
36
  @local_ci = local_ci
36
37
  @continue_ci_failures = continue_ci_failures
38
+ @gha_sha_pins_upgrade = gha_sha_pins_upgrade
39
+ @gha_sha_pins_check = gha_sha_pins_check
37
40
  @env_overrides = env_overrides
38
41
  @gem_signing_password = gem_signing_password
39
42
  end
@@ -48,7 +51,7 @@ module Kettle
48
51
 
49
52
  private
50
53
 
51
- attr_reader :command, :config, :members, :execute, :commit, :allow_dirty, :publish, :push, :tag, :start_step, :local_ci, :continue_ci_failures, :env_overrides
54
+ attr_reader :command, :config, :members, :execute, :commit, :allow_dirty, :publish, :push, :tag, :start_step, :local_ci, :continue_ci_failures, :gha_sha_pins_upgrade, :gha_sha_pins_check, :env_overrides
52
55
 
53
56
  def current_branch_results(workflow_members)
54
57
  return check_results(workflow_members) if command == "check"
@@ -72,6 +75,7 @@ module Kettle
72
75
  break memo unless result.ok?
73
76
 
74
77
  normalize_lockfiles(member: member, runner: runner, memo: memo, phase: "normalize_lockfiles") if command == "template"
78
+ commit_gha_sha_pins(member: member, runner: runner, memo: memo) if command == "gha-sha-pins"
75
79
  end
76
80
  end
77
81
 
@@ -141,6 +145,8 @@ module Kettle
141
145
  start_step: start_step,
142
146
  local_ci: local_ci,
143
147
  continue_ci_failures: continue_ci_failures,
148
+ gha_sha_pins_upgrade: gha_sha_pins_upgrade,
149
+ gha_sha_pins_check: gha_sha_pins_check,
144
150
  env_overrides: env_overrides,
145
151
  gem_signing_password: @gem_signing_password
146
152
  )
@@ -358,10 +364,34 @@ module Kettle
358
364
 
359
365
  def workflow_command(member = nil)
360
366
  return template_command(member) if command == "template"
367
+ return gha_sha_pins_command if command == "gha-sha-pins"
361
368
 
362
369
  command_for(command)
363
370
  end
364
371
 
372
+ def gha_sha_pins_command
373
+ command_text = command_for(command)
374
+ args = []
375
+ args << (gha_sha_pins_check ? "--check" : "--write") unless command_includes_any?(command_text, %w[--check --write])
376
+ args.concat(["--upgrade", gha_sha_pins_upgrade]) unless command_includes_arg?(command_text, "--upgrade")
377
+ append_command_args(command_text, args)
378
+ end
379
+
380
+ def append_command_args(command_text, args)
381
+ return command_text if args.empty?
382
+ return [*command_text, *args] if command_text.is_a?(Array)
383
+
384
+ "#{command_text} #{args.join(" ")}"
385
+ end
386
+
387
+ def command_includes_any?(command_text, args)
388
+ args.any? { |arg| command_includes_arg?(command_text, arg) }
389
+ end
390
+
391
+ def command_includes_arg?(command_text, arg)
392
+ command_text.is_a?(Array) ? command_text.map(&:to_s).include?(arg) : command_text.to_s.include?(arg)
393
+ end
394
+
365
395
  def command_for(name)
366
396
  configured = config.command_for(name)
367
397
  configured || DEFAULT_COMMANDS.fetch(name)
@@ -457,6 +487,21 @@ module Kettle
457
487
  end
458
488
  end
459
489
 
490
+ def commit_gha_sha_pins(member:, runner:, memo:)
491
+ return if gha_sha_pins_check || !commit
492
+
493
+ result = runner.call(
494
+ member: member,
495
+ phase: "commit_gha_sha_pins",
496
+ command: [
497
+ "sh",
498
+ "-lc",
499
+ "if ! git diff --quiet -- .github/workflows; then git add -- .github/workflows && git commit -m '🔒 Pin GitHub Actions SHAs'; fi"
500
+ ]
501
+ )
502
+ memo << result
503
+ end
504
+
460
505
  def family_member
461
506
  Member.new(
462
507
  name: config.family_name,
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kettle-family
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.15
4
+ version: 0.1.16
5
5
  platform: ruby
6
6
  authors:
7
7
  - Peter H. Boling
@@ -309,10 +309,10 @@ licenses:
309
309
  - AGPL-3.0-only
310
310
  metadata:
311
311
  homepage_uri: https://kettle-family.galtzo.com
312
- source_code_uri: https://github.com/kettle-dev/kettle-family/tree/v0.1.15
313
- changelog_uri: https://github.com/kettle-dev/kettle-family/blob/v0.1.15/CHANGELOG.md
312
+ source_code_uri: https://github.com/kettle-dev/kettle-family/tree/v0.1.16
313
+ changelog_uri: https://github.com/kettle-dev/kettle-family/blob/v0.1.16/CHANGELOG.md
314
314
  bug_tracker_uri: https://github.com/kettle-dev/kettle-family/issues
315
- documentation_uri: https://www.rubydoc.info/gems/kettle-family/0.1.15
315
+ documentation_uri: https://www.rubydoc.info/gems/kettle-family/0.1.16
316
316
  funding_uri: https://github.com/sponsors/pboling
317
317
  wiki_uri: https://github.com/kettle-dev/kettle-family/wiki
318
318
  news_uri: https://www.railsbling.com/tags/kettle-family
metadata.gz.sig CHANGED
Binary file