oidc-test-trusted_publisher 0.8.1 → 0.8.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +7 -1
- data/Gemfile +4 -0
- data/Gemfile.lock +21 -1
- data/Rakefile +61 -0
- data/lib/oidc/test/version.rb +1 -1
- data/tasks/rubygems_patch.rb +18 -0
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b6d5e8eee0c9142ddd08bdcf26bf4de221eee9dc2ab9f95f0e48f9ba7e2a5987
|
4
|
+
data.tar.gz: bcb135a9e17fc25fc1f38ff8573a4fc1cda457290ecdab6671458fef8fed5d27
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8053e1f807129eaafdc9b936160d4aed2db9a6459f830334e0dbcad90735ee168b6a9d4708a11dc3493bea73881fa0d5d7824933af9b60ce99ccff83a6af0fd1
|
7
|
+
data.tar.gz: eaccd42042d2118cda9ab96f2e86ac377de30c5f531d27b209d1ce738dc5d30a2fc26c1127ecffaed68ff34f699584aac4f95007ea2cad125b6b749a686764ec
|
data/.rubocop.yml
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
AllCops:
|
2
|
-
TargetRubyVersion:
|
2
|
+
TargetRubyVersion: 3.1
|
3
3
|
|
4
4
|
Style/StringLiterals:
|
5
5
|
Enabled: true
|
@@ -11,3 +11,9 @@ Style/StringLiteralsInInterpolation:
|
|
11
11
|
|
12
12
|
Layout/LineLength:
|
13
13
|
Max: 120
|
14
|
+
|
15
|
+
Style/Documentation:
|
16
|
+
Enabled: false
|
17
|
+
|
18
|
+
Metrics:
|
19
|
+
Enabled: false
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
oidc-test (0.8.
|
4
|
+
oidc-test (0.8.12)
|
5
5
|
|
6
6
|
GEM
|
7
7
|
remote: https://rubygems.org/
|
@@ -9,9 +9,22 @@ GEM
|
|
9
9
|
ast (2.4.2)
|
10
10
|
diff-lcs (1.5.0)
|
11
11
|
json (2.6.3)
|
12
|
+
net-http (0.5.0)
|
13
|
+
uri
|
12
14
|
parallel (1.22.1)
|
13
15
|
parser (3.2.2.0)
|
14
16
|
ast (~> 2.4.1)
|
17
|
+
protobug (0.1.0)
|
18
|
+
protobug_googleapis_field_behavior_protos (0.1.0)
|
19
|
+
protobug (= 0.1.0)
|
20
|
+
protobug_well_known_protos (= 0.1.0)
|
21
|
+
protobug_sigstore_protos (0.1.0)
|
22
|
+
protobug (= 0.1.0)
|
23
|
+
protobug_googleapis_field_behavior_protos (= 0.1.0)
|
24
|
+
protobug_well_known_protos (= 0.1.0)
|
25
|
+
protobug_well_known_protos (0.1.0)
|
26
|
+
protobug (= 0.1.0)
|
27
|
+
racc (1.8.1)
|
15
28
|
rainbow (3.1.1)
|
16
29
|
rake (13.0.6)
|
17
30
|
regexp_parser (2.7.0)
|
@@ -42,16 +55,23 @@ GEM
|
|
42
55
|
rubocop-ast (1.28.0)
|
43
56
|
parser (>= 3.2.1.0)
|
44
57
|
ruby-progressbar (1.13.0)
|
58
|
+
sigstore (0.1.1)
|
59
|
+
net-http
|
60
|
+
protobug_sigstore_protos (~> 0.1.0)
|
61
|
+
uri
|
45
62
|
unicode-display_width (2.4.2)
|
63
|
+
uri (1.0.2)
|
46
64
|
|
47
65
|
PLATFORMS
|
48
66
|
ruby
|
49
67
|
|
50
68
|
DEPENDENCIES
|
51
69
|
oidc-test!
|
70
|
+
racc
|
52
71
|
rake (~> 13.0)
|
53
72
|
rspec (~> 3.0)
|
54
73
|
rubocop (~> 1.21)
|
74
|
+
sigstore (~> 0.1.1)
|
55
75
|
|
56
76
|
BUNDLED WITH
|
57
77
|
2.5.10
|
data/Rakefile
CHANGED
@@ -1,5 +1,66 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "bundler/gem_helper"
|
4
|
+
|
5
|
+
module Bundler
|
6
|
+
class GemHelper
|
7
|
+
prepend(Module.new do
|
8
|
+
def install
|
9
|
+
super
|
10
|
+
|
11
|
+
task "release:attest" => "build" do
|
12
|
+
Bundler.ui.confirm "Attesting? #{attest?}"
|
13
|
+
attest if attest?
|
14
|
+
end
|
15
|
+
|
16
|
+
task "release:rubygem_push" => "release:attest"
|
17
|
+
end
|
18
|
+
|
19
|
+
def build_gem
|
20
|
+
@build_gem_path = super
|
21
|
+
end
|
22
|
+
|
23
|
+
def rubygem_push(path)
|
24
|
+
return super unless attest?
|
25
|
+
|
26
|
+
cmd = [{ "RUBYOPT" => "-r#{File.expand_path("tasks/rubygems_patch.rb", __dir__)} #{ENV["RUBYOPT"]}",
|
27
|
+
"gem_attestation_path" => "#{path}.sigstore.json" }, *gem_command, "push", path]
|
28
|
+
cmd << "--key" << gem_key if gem_key
|
29
|
+
cmd << "--host" << allowed_push_host if allowed_push_host
|
30
|
+
sh_with_input(cmd)
|
31
|
+
Bundler.ui.confirm "Pushed #{name} #{version} to #{gem_push_host}"
|
32
|
+
end
|
33
|
+
end)
|
34
|
+
|
35
|
+
def attest?
|
36
|
+
return true if %w[y yes true on 1].include?(ENV["gem_attest"])
|
37
|
+
return false if %w[n no nil false off 0].include?(ENV["gem_attest"])
|
38
|
+
|
39
|
+
ENV["ACTIONS_ID_TOKEN_REQUEST_URL"] && ENV["ACTIONS_ID_TOKEN_REQUEST_TOKEN"]
|
40
|
+
end
|
41
|
+
|
42
|
+
def attest
|
43
|
+
Bundler.ui.confirm "Signing #{@build_gem_path}..."
|
44
|
+
sh [Gem.ruby, "-S", "gem", "install", "sigstore"]
|
45
|
+
sh [Gem.ruby, "-rnet/http", "-rsigstore", "-rsigstore/signer", "-e", <<~RUBY, @build_gem_path]
|
46
|
+
file = ARGV.first
|
47
|
+
jwt = Net::HTTP.get_response(
|
48
|
+
URI(ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_URL") + "&audience=sigstore"),
|
49
|
+
{ "Authorization" => "bearer \#{ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_TOKEN")}" },
|
50
|
+
&:value
|
51
|
+
).body.then { JSON.parse(_1).fetch("value") }
|
52
|
+
|
53
|
+
contents = File.binread(file)
|
54
|
+
bundle = Sigstore::Signer.new(jwt:, trusted_root: Sigstore::TrustedRoot.production).sign(contents)
|
55
|
+
|
56
|
+
json = "\#{file}.sigstore.json"
|
57
|
+
File.binwrite(json, bundle.to_json)
|
58
|
+
puts "Signed \#{file}, wrote \#{json}"
|
59
|
+
RUBY
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
3
64
|
require "bundler/gem_tasks"
|
4
65
|
|
5
66
|
Bundler::GemHelper.tag_prefix = ENV["TAG_PREFIX"] if ENV["TAG_PREFIX"]
|
data/lib/oidc/test/version.rb
CHANGED
@@ -0,0 +1,18 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "rubygems/commands/push_command"
|
4
|
+
|
5
|
+
Gem::Commands::PushCommand.prepend(Module.new do
|
6
|
+
def send_push_request(name, args)
|
7
|
+
return super unless ENV["gem_attestation_path"]
|
8
|
+
|
9
|
+
rubygems_api_request(*args, scope: get_push_scope) do |request|
|
10
|
+
request.set_form([
|
11
|
+
["gem", Gem.read_binary(name), { filename: name, content_type: "application/octet-stream" }],
|
12
|
+
["attestations", "[#{Gem.read_binary(ENV["gem_attestation_path"])}]",
|
13
|
+
{ content_type: "application/json" }]
|
14
|
+
], "multipart/form-data")
|
15
|
+
request.add_field "Authorization", api_key
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oidc-test-trusted_publisher
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.12
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Samuel Giddins
|
@@ -29,10 +29,12 @@ files:
|
|
29
29
|
- lib/oidc/test.rb
|
30
30
|
- lib/oidc/test/version.rb
|
31
31
|
- sig/oidc/test.rbs
|
32
|
+
- tasks/rubygems_patch.rb
|
32
33
|
homepage: https://github.com/segiddins/oidc-test
|
33
34
|
licenses:
|
34
35
|
- MIT
|
35
36
|
metadata:
|
37
|
+
allowed_push_host: https://rubygems.org
|
36
38
|
homepage_uri: https://github.com/segiddins/oidc-test
|
37
39
|
source_code_uri: https://github.com/segiddins/oidc-test
|
38
40
|
post_install_message:
|
@@ -43,14 +45,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
43
45
|
requirements:
|
44
46
|
- - ">="
|
45
47
|
- !ruby/object:Gem::Version
|
46
|
-
version:
|
48
|
+
version: 3.1.0
|
47
49
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
48
50
|
requirements:
|
49
51
|
- - ">="
|
50
52
|
- !ruby/object:Gem::Version
|
51
53
|
version: '0'
|
52
54
|
requirements: []
|
53
|
-
rubygems_version: 3.
|
55
|
+
rubygems_version: 3.5.16
|
54
56
|
signing_key:
|
55
57
|
specification_version: 4
|
56
58
|
summary: Test gem
|