oidc-test 0.8.1 → 0.8.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +7 -1
- data/Gemfile +4 -0
- data/Gemfile.lock +21 -1
- data/Rakefile +58 -0
- data/lib/oidc/test/version.rb +1 -1
- data/tasks/rubygems_patch.rb +18 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 04f405f2eab5a94aa9178413897d87911dacdfa138c67ba3316fc6c6a24bd152
|
|
4
|
+
data.tar.gz: b1a9417381fd097c046b07d68ee11a4e3c9a8c9b7edb27ff586fa6ae4b65a062
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 14e5d54d31e99764e6e3685b4b221a601df88dd597467a8920a6089407294a042a5a3c4dece640e9f4881f469b807309ab2564136a899438b855b3a01786a758
|
|
7
|
+
data.tar.gz: c9b2b662e5a783f42337e6bc62e93b25a61a10aa0b862d70b733547fc4f51829a4378ad2b320f4d0d556e4d2a308c9341ed4569900f7d918dd1436dd72be6be0
|
data/.rubocop.yml
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
AllCops:
|
|
2
|
-
TargetRubyVersion:
|
|
2
|
+
TargetRubyVersion: 3.1
|
|
3
3
|
|
|
4
4
|
Style/StringLiterals:
|
|
5
5
|
Enabled: true
|
|
@@ -11,3 +11,9 @@ Style/StringLiteralsInInterpolation:
|
|
|
11
11
|
|
|
12
12
|
Layout/LineLength:
|
|
13
13
|
Max: 120
|
|
14
|
+
|
|
15
|
+
Style/Documentation:
|
|
16
|
+
Enabled: false
|
|
17
|
+
|
|
18
|
+
Metrics:
|
|
19
|
+
Enabled: false
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
oidc-test (0.8.
|
|
4
|
+
oidc-test (0.8.2)
|
|
5
5
|
|
|
6
6
|
GEM
|
|
7
7
|
remote: https://rubygems.org/
|
|
@@ -9,9 +9,22 @@ GEM
|
|
|
9
9
|
ast (2.4.2)
|
|
10
10
|
diff-lcs (1.5.0)
|
|
11
11
|
json (2.6.3)
|
|
12
|
+
net-http (0.5.0)
|
|
13
|
+
uri
|
|
12
14
|
parallel (1.22.1)
|
|
13
15
|
parser (3.2.2.0)
|
|
14
16
|
ast (~> 2.4.1)
|
|
17
|
+
protobug (0.1.0)
|
|
18
|
+
protobug_googleapis_field_behavior_protos (0.1.0)
|
|
19
|
+
protobug (= 0.1.0)
|
|
20
|
+
protobug_well_known_protos (= 0.1.0)
|
|
21
|
+
protobug_sigstore_protos (0.1.0)
|
|
22
|
+
protobug (= 0.1.0)
|
|
23
|
+
protobug_googleapis_field_behavior_protos (= 0.1.0)
|
|
24
|
+
protobug_well_known_protos (= 0.1.0)
|
|
25
|
+
protobug_well_known_protos (0.1.0)
|
|
26
|
+
protobug (= 0.1.0)
|
|
27
|
+
racc (1.8.1)
|
|
15
28
|
rainbow (3.1.1)
|
|
16
29
|
rake (13.0.6)
|
|
17
30
|
regexp_parser (2.7.0)
|
|
@@ -42,16 +55,23 @@ GEM
|
|
|
42
55
|
rubocop-ast (1.28.0)
|
|
43
56
|
parser (>= 3.2.1.0)
|
|
44
57
|
ruby-progressbar (1.13.0)
|
|
58
|
+
sigstore (0.1.1)
|
|
59
|
+
net-http
|
|
60
|
+
protobug_sigstore_protos (~> 0.1.0)
|
|
61
|
+
uri
|
|
45
62
|
unicode-display_width (2.4.2)
|
|
63
|
+
uri (1.0.2)
|
|
46
64
|
|
|
47
65
|
PLATFORMS
|
|
48
66
|
ruby
|
|
49
67
|
|
|
50
68
|
DEPENDENCIES
|
|
51
69
|
oidc-test!
|
|
70
|
+
racc
|
|
52
71
|
rake (~> 13.0)
|
|
53
72
|
rspec (~> 3.0)
|
|
54
73
|
rubocop (~> 1.21)
|
|
74
|
+
sigstore (~> 0.1.1)
|
|
55
75
|
|
|
56
76
|
BUNDLED WITH
|
|
57
77
|
2.5.10
|
data/Rakefile
CHANGED
|
@@ -1,5 +1,63 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "bundler/gem_helper"
|
|
4
|
+
|
|
5
|
+
module Bundler
|
|
6
|
+
class GemHelper
|
|
7
|
+
prepend(Module.new do
|
|
8
|
+
def install
|
|
9
|
+
super
|
|
10
|
+
|
|
11
|
+
namespace :release do
|
|
12
|
+
task attest: :build do
|
|
13
|
+
attest if attest?
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
task rubygem_push: :attest
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def build_gem
|
|
21
|
+
@build_gem_path = super
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def rubygem_push(path)
|
|
25
|
+
return super unless attest?
|
|
26
|
+
|
|
27
|
+
cmd = [{ "RUBYOPT" => "-r#{File.expand_path("tasks/rubygems_patch.rb", __dir__)} #{ENV["RUBYOPT"]}",
|
|
28
|
+
"gem_attestation_path" => "#{path}.sigstore.json" }, *gem_command, "push", path]
|
|
29
|
+
cmd << "--key" << gem_key if gem_key
|
|
30
|
+
cmd << "--host" << gem_push_host if gem_push_host
|
|
31
|
+
sh_with_input(cmd)
|
|
32
|
+
Bundler.ui.confirm "Pushed #{name} #{version} to #{gem_push_host}"
|
|
33
|
+
end
|
|
34
|
+
end)
|
|
35
|
+
|
|
36
|
+
def attest?
|
|
37
|
+
return true if %w[y yes true on 1].include?(ENV["gem_attest"])
|
|
38
|
+
return false if %w[n no nil false off 0].include?(ENV["gem_attest"])
|
|
39
|
+
|
|
40
|
+
ENV["ACTIONS_ID_TOKEN_REQUEST_URL"] && ENV["ACTIONS_ID_TOKEN_REQUEST_TOKEN"]
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def attest
|
|
44
|
+
ruby "-rnet/http", "-rsigstore/signer", "-e", <<~RUBY
|
|
45
|
+
file = @build_gem_path
|
|
46
|
+
jwt = Net::HTTP.get_response(
|
|
47
|
+
URI(ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_URL") + "&audience=sigstore"),
|
|
48
|
+
{ "Authorization" => "bearer #{ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_TOKEN")}" },
|
|
49
|
+
&:value
|
|
50
|
+
).body.then { JSON.parse(_1).fetch("value") }
|
|
51
|
+
|
|
52
|
+
contents = File.binread(file)
|
|
53
|
+
bundle = Sigstore::Signer.new(jwt:, trusted_root: Sigstore::TrustedRoot.production).sign(contents)
|
|
54
|
+
|
|
55
|
+
File.binwrite("#{file}.sigstore.json", bundle.to_json)
|
|
56
|
+
RUBY
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
3
61
|
require "bundler/gem_tasks"
|
|
4
62
|
|
|
5
63
|
Bundler::GemHelper.tag_prefix = ENV["TAG_PREFIX"] if ENV["TAG_PREFIX"]
|
data/lib/oidc/test/version.rb
CHANGED
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "rubygems/commands/push_command"
|
|
4
|
+
|
|
5
|
+
Gem::Commands::PushCommand.prepend(Module.new do
|
|
6
|
+
def send_push_request(name, args)
|
|
7
|
+
return super unless ENV["gem_attestation_path"]
|
|
8
|
+
|
|
9
|
+
rubygems_api_request(*args, scope: get_push_scope) do |request|
|
|
10
|
+
request.set_form([
|
|
11
|
+
["gem", Gem.read_binary(name), { filename: name, content_type: "application/octet-stream" }],
|
|
12
|
+
["attestations", "[#{Gem.read_binary(ENV["gem_attestation_path"])}]",
|
|
13
|
+
{ content_type: "application/json" }]
|
|
14
|
+
], "multipart/form-data")
|
|
15
|
+
request.add_field "Authorization", api_key
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oidc-test
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.8.
|
|
4
|
+
version: 0.8.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Samuel Giddins
|
|
@@ -29,6 +29,7 @@ files:
|
|
|
29
29
|
- lib/oidc/test.rb
|
|
30
30
|
- lib/oidc/test/version.rb
|
|
31
31
|
- sig/oidc/test.rbs
|
|
32
|
+
- tasks/rubygems_patch.rb
|
|
32
33
|
homepage: https://github.com/segiddins/oidc-test
|
|
33
34
|
licenses:
|
|
34
35
|
- MIT
|
|
@@ -43,7 +44,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
43
44
|
requirements:
|
|
44
45
|
- - ">="
|
|
45
46
|
- !ruby/object:Gem::Version
|
|
46
|
-
version:
|
|
47
|
+
version: 3.1.0
|
|
47
48
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
48
49
|
requirements:
|
|
49
50
|
- - ">="
|