oidc-test-trusted_publisher 0.8.1 → 0.8.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +7 -1
- data/Gemfile +4 -0
- data/Gemfile.lock +21 -1
- data/Rakefile +61 -0
- data/lib/oidc/test/version.rb +1 -1
- data/tasks/rubygems_patch.rb +18 -0
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d026d0971c1b1145718132536e6bbb4e3ce5e784b88db4063c5234289edadf3e
|
4
|
+
data.tar.gz: 1b129193dcf766ca04818a56be6205373c230e65914e125baefbff418bd8a67d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fce2e41277c017a2b30809f0434e02033bc9afecf98cf5dcea630378c937175bdc9db73b5163a4a36154b7b2ce7748e8473678366dde8e9f35ce8624cdd411d1
|
7
|
+
data.tar.gz: 161f5e0178e01ce0a5d8a2f8ffad23f26483e75ce4b014909f6fcc45a825f8ec4d4f8c37cee0552182ca103b41238ddbb51261a580d98516fdeda97310a9a6ec
|
data/.rubocop.yml
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
AllCops:
|
2
|
-
TargetRubyVersion:
|
2
|
+
TargetRubyVersion: 3.1
|
3
3
|
|
4
4
|
Style/StringLiterals:
|
5
5
|
Enabled: true
|
@@ -11,3 +11,9 @@ Style/StringLiteralsInInterpolation:
|
|
11
11
|
|
12
12
|
Layout/LineLength:
|
13
13
|
Max: 120
|
14
|
+
|
15
|
+
Style/Documentation:
|
16
|
+
Enabled: false
|
17
|
+
|
18
|
+
Metrics:
|
19
|
+
Enabled: false
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
oidc-test (0.8.
|
4
|
+
oidc-test (0.8.11)
|
5
5
|
|
6
6
|
GEM
|
7
7
|
remote: https://rubygems.org/
|
@@ -9,9 +9,22 @@ GEM
|
|
9
9
|
ast (2.4.2)
|
10
10
|
diff-lcs (1.5.0)
|
11
11
|
json (2.6.3)
|
12
|
+
net-http (0.5.0)
|
13
|
+
uri
|
12
14
|
parallel (1.22.1)
|
13
15
|
parser (3.2.2.0)
|
14
16
|
ast (~> 2.4.1)
|
17
|
+
protobug (0.1.0)
|
18
|
+
protobug_googleapis_field_behavior_protos (0.1.0)
|
19
|
+
protobug (= 0.1.0)
|
20
|
+
protobug_well_known_protos (= 0.1.0)
|
21
|
+
protobug_sigstore_protos (0.1.0)
|
22
|
+
protobug (= 0.1.0)
|
23
|
+
protobug_googleapis_field_behavior_protos (= 0.1.0)
|
24
|
+
protobug_well_known_protos (= 0.1.0)
|
25
|
+
protobug_well_known_protos (0.1.0)
|
26
|
+
protobug (= 0.1.0)
|
27
|
+
racc (1.8.1)
|
15
28
|
rainbow (3.1.1)
|
16
29
|
rake (13.0.6)
|
17
30
|
regexp_parser (2.7.0)
|
@@ -42,16 +55,23 @@ GEM
|
|
42
55
|
rubocop-ast (1.28.0)
|
43
56
|
parser (>= 3.2.1.0)
|
44
57
|
ruby-progressbar (1.13.0)
|
58
|
+
sigstore (0.1.1)
|
59
|
+
net-http
|
60
|
+
protobug_sigstore_protos (~> 0.1.0)
|
61
|
+
uri
|
45
62
|
unicode-display_width (2.4.2)
|
63
|
+
uri (1.0.2)
|
46
64
|
|
47
65
|
PLATFORMS
|
48
66
|
ruby
|
49
67
|
|
50
68
|
DEPENDENCIES
|
51
69
|
oidc-test!
|
70
|
+
racc
|
52
71
|
rake (~> 13.0)
|
53
72
|
rspec (~> 3.0)
|
54
73
|
rubocop (~> 1.21)
|
74
|
+
sigstore (~> 0.1.1)
|
55
75
|
|
56
76
|
BUNDLED WITH
|
57
77
|
2.5.10
|
data/Rakefile
CHANGED
@@ -1,5 +1,66 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "bundler/gem_helper"
|
4
|
+
|
5
|
+
module Bundler
|
6
|
+
class GemHelper
|
7
|
+
prepend(Module.new do
|
8
|
+
def install
|
9
|
+
super
|
10
|
+
|
11
|
+
task "release:attest" => "build" do
|
12
|
+
Bundler.ui.confirm "Attesting? #{attest?}"
|
13
|
+
attest if attest?
|
14
|
+
end
|
15
|
+
|
16
|
+
task "release:rubygem_push" => "release:attest"
|
17
|
+
end
|
18
|
+
|
19
|
+
def build_gem
|
20
|
+
@build_gem_path = super
|
21
|
+
end
|
22
|
+
|
23
|
+
def rubygem_push(path)
|
24
|
+
return super unless attest?
|
25
|
+
|
26
|
+
cmd = [{ "RUBYOPT" => "-r#{File.expand_path("tasks/rubygems_patch.rb", __dir__)} #{ENV["RUBYOPT"]}",
|
27
|
+
"gem_attestation_path" => "#{path}.sigstore.json" }, *gem_command, "push", path]
|
28
|
+
cmd << "--key" << gem_key if gem_key
|
29
|
+
cmd << "--host" << allowed_push_host if allowed_push_host
|
30
|
+
sh_with_input(cmd)
|
31
|
+
Bundler.ui.confirm "Pushed #{name} #{version} to #{gem_push_host}"
|
32
|
+
end
|
33
|
+
end)
|
34
|
+
|
35
|
+
def attest?
|
36
|
+
return true if %w[y yes true on 1].include?(ENV["gem_attest"])
|
37
|
+
return false if %w[n no nil false off 0].include?(ENV["gem_attest"])
|
38
|
+
|
39
|
+
ENV["ACTIONS_ID_TOKEN_REQUEST_URL"] && ENV["ACTIONS_ID_TOKEN_REQUEST_TOKEN"]
|
40
|
+
end
|
41
|
+
|
42
|
+
def attest
|
43
|
+
Bundler.ui.confirm "Signing #{@build_gem_path}..."
|
44
|
+
sh [Gem.ruby, "-S", "gem", "install", "sigstore"]
|
45
|
+
sh [Gem.ruby, "-rnet/http", "-rsigstore", "-rsigstore/signer", "-e", <<~RUBY, @build_gem_path]
|
46
|
+
file = ARGV.first
|
47
|
+
jwt = Net::HTTP.get_response(
|
48
|
+
URI(ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_URL") + "&audience=sigstore"),
|
49
|
+
{ "Authorization" => "bearer \#{ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_TOKEN")}" },
|
50
|
+
&:value
|
51
|
+
).body.then { JSON.parse(_1).fetch("value") }
|
52
|
+
|
53
|
+
contents = File.binread(file)
|
54
|
+
bundle = Sigstore::Signer.new(jwt:, trusted_root: Sigstore::TrustedRoot.production).sign(contents)
|
55
|
+
|
56
|
+
json = "\#{file}.sigstore.json"
|
57
|
+
File.binwrite(json, bundle.to_json)
|
58
|
+
puts "Signed \#{file}, wrote \#{json}"
|
59
|
+
RUBY
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
3
64
|
require "bundler/gem_tasks"
|
4
65
|
|
5
66
|
Bundler::GemHelper.tag_prefix = ENV["TAG_PREFIX"] if ENV["TAG_PREFIX"]
|
data/lib/oidc/test/version.rb
CHANGED
@@ -0,0 +1,18 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "rubygems/commands/push_command"
|
4
|
+
|
5
|
+
Gem::Commands::PushCommand.prepend(Module.new do
|
6
|
+
def send_push_request(name, args)
|
7
|
+
return super unless ENV["gem_attestation_path"]
|
8
|
+
|
9
|
+
rubygems_api_request(*args, scope: get_push_scope) do |request|
|
10
|
+
request.set_form([
|
11
|
+
["gem", Gem.read_binary(name), { filename: name, content_type: "application/octet-stream" }],
|
12
|
+
["attestations", "[#{Gem.read_binary(ENV["gem_attestation_path"])}]",
|
13
|
+
{ content_type: "application/json" }]
|
14
|
+
], "multipart/form-data")
|
15
|
+
request.add_field "Authorization", api_key
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oidc-test-trusted_publisher
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.11
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Samuel Giddins
|
@@ -29,6 +29,7 @@ files:
|
|
29
29
|
- lib/oidc/test.rb
|
30
30
|
- lib/oidc/test/version.rb
|
31
31
|
- sig/oidc/test.rbs
|
32
|
+
- tasks/rubygems_patch.rb
|
32
33
|
homepage: https://github.com/segiddins/oidc-test
|
33
34
|
licenses:
|
34
35
|
- MIT
|
@@ -43,14 +44,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
43
44
|
requirements:
|
44
45
|
- - ">="
|
45
46
|
- !ruby/object:Gem::Version
|
46
|
-
version:
|
47
|
+
version: 3.1.0
|
47
48
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
48
49
|
requirements:
|
49
50
|
- - ">="
|
50
51
|
- !ruby/object:Gem::Version
|
51
52
|
version: '0'
|
52
53
|
requirements: []
|
53
|
-
rubygems_version: 3.
|
54
|
+
rubygems_version: 3.5.16
|
54
55
|
signing_key:
|
55
56
|
specification_version: 4
|
56
57
|
summary: Test gem
|