oidc-test 0.8.12 → 0.8.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -6
- data/Gemfile.lock +1 -19
- data/Rakefile +0 -61
- data/lib/oidc/test/version.rb +1 -1
- data/tasks/rubygems_patch.rb +36 -8
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0128ce5ab176c0e6f2117e6404ab318768b4008c3024bd22cc3bf41f019c87bd'
|
|
4
|
+
data.tar.gz: 89307a3a2014c34283c24c9a9813a553b66449a9aa0d30b4af4931daddc749c6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 825c9c39b0374bff999712a0c1840291d367759e8806c95f7c47b7543d1646ab3ab4d70e210501a9551eaee54ee4957e5be6ab724c29fc49198f2d3feac30f57
|
|
7
|
+
data.tar.gz: cffdae8f2c1f572839c2254a600eec7e0b24a9ee618f3103efbd90295f4a18754bb7582b9051ea3ea323a4f4064047706ca5d459096485a27d437c783780978e
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
oidc-test (0.8.
|
|
4
|
+
oidc-test (0.8.13)
|
|
5
5
|
|
|
6
6
|
GEM
|
|
7
7
|
remote: https://rubygems.org/
|
|
@@ -9,21 +9,9 @@ GEM
|
|
|
9
9
|
ast (2.4.2)
|
|
10
10
|
diff-lcs (1.5.0)
|
|
11
11
|
json (2.6.3)
|
|
12
|
-
net-http (0.5.0)
|
|
13
|
-
uri
|
|
14
12
|
parallel (1.22.1)
|
|
15
13
|
parser (3.2.2.0)
|
|
16
14
|
ast (~> 2.4.1)
|
|
17
|
-
protobug (0.1.0)
|
|
18
|
-
protobug_googleapis_field_behavior_protos (0.1.0)
|
|
19
|
-
protobug (= 0.1.0)
|
|
20
|
-
protobug_well_known_protos (= 0.1.0)
|
|
21
|
-
protobug_sigstore_protos (0.1.0)
|
|
22
|
-
protobug (= 0.1.0)
|
|
23
|
-
protobug_googleapis_field_behavior_protos (= 0.1.0)
|
|
24
|
-
protobug_well_known_protos (= 0.1.0)
|
|
25
|
-
protobug_well_known_protos (0.1.0)
|
|
26
|
-
protobug (= 0.1.0)
|
|
27
15
|
racc (1.8.1)
|
|
28
16
|
rainbow (3.1.1)
|
|
29
17
|
rake (13.0.6)
|
|
@@ -55,12 +43,7 @@ GEM
|
|
|
55
43
|
rubocop-ast (1.28.0)
|
|
56
44
|
parser (>= 3.2.1.0)
|
|
57
45
|
ruby-progressbar (1.13.0)
|
|
58
|
-
sigstore (0.1.1)
|
|
59
|
-
net-http
|
|
60
|
-
protobug_sigstore_protos (~> 0.1.0)
|
|
61
|
-
uri
|
|
62
46
|
unicode-display_width (2.4.2)
|
|
63
|
-
uri (1.0.2)
|
|
64
47
|
|
|
65
48
|
PLATFORMS
|
|
66
49
|
ruby
|
|
@@ -71,7 +54,6 @@ DEPENDENCIES
|
|
|
71
54
|
rake (~> 13.0)
|
|
72
55
|
rspec (~> 3.0)
|
|
73
56
|
rubocop (~> 1.21)
|
|
74
|
-
sigstore (~> 0.1.1)
|
|
75
57
|
|
|
76
58
|
BUNDLED WITH
|
|
77
59
|
2.5.10
|
data/Rakefile
CHANGED
|
@@ -1,66 +1,5 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require "bundler/gem_helper"
|
|
4
|
-
|
|
5
|
-
module Bundler
|
|
6
|
-
class GemHelper
|
|
7
|
-
prepend(Module.new do
|
|
8
|
-
def install
|
|
9
|
-
super
|
|
10
|
-
|
|
11
|
-
task "release:attest" => "build" do
|
|
12
|
-
Bundler.ui.confirm "Attesting? #{attest?}"
|
|
13
|
-
attest if attest?
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
task "release:rubygem_push" => "release:attest"
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
def build_gem
|
|
20
|
-
@build_gem_path = super
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def rubygem_push(path)
|
|
24
|
-
return super unless attest?
|
|
25
|
-
|
|
26
|
-
cmd = [{ "RUBYOPT" => "-r#{File.expand_path("tasks/rubygems_patch.rb", __dir__)} #{ENV["RUBYOPT"]}",
|
|
27
|
-
"gem_attestation_path" => "#{path}.sigstore.json" }, *gem_command, "push", path]
|
|
28
|
-
cmd << "--key" << gem_key if gem_key
|
|
29
|
-
cmd << "--host" << allowed_push_host if allowed_push_host
|
|
30
|
-
sh_with_input(cmd)
|
|
31
|
-
Bundler.ui.confirm "Pushed #{name} #{version} to #{gem_push_host}"
|
|
32
|
-
end
|
|
33
|
-
end)
|
|
34
|
-
|
|
35
|
-
def attest?
|
|
36
|
-
return true if %w[y yes true on 1].include?(ENV["gem_attest"])
|
|
37
|
-
return false if %w[n no nil false off 0].include?(ENV["gem_attest"])
|
|
38
|
-
|
|
39
|
-
ENV["ACTIONS_ID_TOKEN_REQUEST_URL"] && ENV["ACTIONS_ID_TOKEN_REQUEST_TOKEN"]
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
def attest
|
|
43
|
-
Bundler.ui.confirm "Signing #{@build_gem_path}..."
|
|
44
|
-
sh [Gem.ruby, "-S", "gem", "install", "sigstore"]
|
|
45
|
-
sh [Gem.ruby, "-rnet/http", "-rsigstore", "-rsigstore/signer", "-e", <<~RUBY, @build_gem_path]
|
|
46
|
-
file = ARGV.first
|
|
47
|
-
jwt = Net::HTTP.get_response(
|
|
48
|
-
URI(ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_URL") + "&audience=sigstore"),
|
|
49
|
-
{ "Authorization" => "bearer \#{ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_TOKEN")}" },
|
|
50
|
-
&:value
|
|
51
|
-
).body.then { JSON.parse(_1).fetch("value") }
|
|
52
|
-
|
|
53
|
-
contents = File.binread(file)
|
|
54
|
-
bundle = Sigstore::Signer.new(jwt:, trusted_root: Sigstore::TrustedRoot.production).sign(contents)
|
|
55
|
-
|
|
56
|
-
json = "\#{file}.sigstore.json"
|
|
57
|
-
File.binwrite(json, bundle.to_json)
|
|
58
|
-
puts "Signed \#{file}, wrote \#{json}"
|
|
59
|
-
RUBY
|
|
60
|
-
end
|
|
61
|
-
end
|
|
62
|
-
end
|
|
63
|
-
|
|
64
3
|
require "bundler/gem_tasks"
|
|
65
4
|
|
|
66
5
|
Bundler::GemHelper.tag_prefix = ENV["TAG_PREFIX"] if ENV["TAG_PREFIX"]
|
data/lib/oidc/test/version.rb
CHANGED
data/tasks/rubygems_patch.rb
CHANGED
|
@@ -1,18 +1,46 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
return unless defined?(Gem)
|
|
4
|
+
|
|
3
5
|
require "rubygems/commands/push_command"
|
|
4
6
|
|
|
5
7
|
Gem::Commands::PushCommand.prepend(Module.new do
|
|
6
8
|
def send_push_request(name, args)
|
|
7
|
-
return super
|
|
9
|
+
return super if options[:attestations]&.any? || @host != "https://rubygems.org"
|
|
10
|
+
|
|
11
|
+
begin
|
|
12
|
+
send_push_request_with_attestation(name, args)
|
|
13
|
+
rescue StandardError => e
|
|
14
|
+
alert_warning "Failed to push with attestation, retrying without attestation.\n#{e.full_message}"
|
|
15
|
+
super
|
|
16
|
+
end
|
|
17
|
+
end
|
|
8
18
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
19
|
+
def send_push_request_with_attestation(name, args)
|
|
20
|
+
attestation = attest!(name)
|
|
21
|
+
if options[:attestations]
|
|
22
|
+
options[:attestations] << attestation
|
|
23
|
+
send_push_request(name, args)
|
|
24
|
+
else
|
|
25
|
+
rubygems_api_request(*args, scope: get_push_scope) do |request|
|
|
26
|
+
request.set_form([
|
|
27
|
+
["gem", Gem.read_binary(name), { filename: name, content_type: "application/octet-stream" }],
|
|
28
|
+
["attestations", "[#{Gem.read_binary(attestation)}]", { content_type: "application/json" }]
|
|
29
|
+
], "multipart/form-data")
|
|
30
|
+
request.add_field "Authorization", api_key
|
|
31
|
+
end
|
|
16
32
|
end
|
|
17
33
|
end
|
|
34
|
+
|
|
35
|
+
def attest!(name)
|
|
36
|
+
require "open3"
|
|
37
|
+
bundle = "#{name}.sigstore.json"
|
|
38
|
+
out, st = Open3.capture2e(
|
|
39
|
+
Gem.ruby, "-S", "gem", "exec",
|
|
40
|
+
"sigstore-cli:0.2.1", "sign", name, "--bundle", bundle
|
|
41
|
+
)
|
|
42
|
+
raise Gem::Exception, "Failed to sign gem:\n\n#{out}" unless st.success?
|
|
43
|
+
|
|
44
|
+
bundle
|
|
45
|
+
end
|
|
18
46
|
end)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oidc-test
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.8.
|
|
4
|
+
version: 0.8.13
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Samuel Giddins
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-11-
|
|
11
|
+
date: 2024-11-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|