oidc-test 0.8.12 → 0.8.13

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 50d77c3bd27cccbc5baf01ec407067a0847389c1cda9c25e2a0c614e4762422c
4
- data.tar.gz: 614d40f64514f5165f46c1217a46f712a766d6a4fb39200d42fb38046addc444
3
+ metadata.gz: '0128ce5ab176c0e6f2117e6404ab318768b4008c3024bd22cc3bf41f019c87bd'
4
+ data.tar.gz: 89307a3a2014c34283c24c9a9813a553b66449a9aa0d30b4af4931daddc749c6
5
5
  SHA512:
6
- metadata.gz: cac40bcb0d6a02568bc8c81391d69f4b7d2a1d16827e6cbf17faef05cf9fe89d13a9a0930e6164caee64d8a45f44af3fffa037d6aaf78e7082343de73160cd64
7
- data.tar.gz: 6275e9e76d6003accab302391f6b2e75fb879200b80bfca8da1fb099ca0093d0e565ee533136db9dbbb08b7575626edd914782548af38ecacba39c4bbef70908
6
+ metadata.gz: 825c9c39b0374bff999712a0c1840291d367759e8806c95f7c47b7543d1646ab3ab4d70e210501a9551eaee54ee4957e5be6ab724c29fc49198f2d3feac30f57
7
+ data.tar.gz: cffdae8f2c1f572839c2254a600eec7e0b24a9ee618f3103efbd90295f4a18754bb7582b9051ea3ea323a4f4064047706ca5d459096485a27d437c783780978e
data/Gemfile CHANGED
@@ -5,12 +5,7 @@ source "https://rubygems.org"
5
5
  # Specify your gem's dependencies in oidc-test.gemspec
6
6
  gemspec
7
7
 
8
+ gem "racc"
8
9
  gem "rake", "~> 13.0"
9
-
10
10
  gem "rspec", "~> 3.0"
11
-
12
11
  gem "rubocop", "~> 1.21"
13
-
14
- gem "racc"
15
-
16
- gem "sigstore", "~> 0.1.1"
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oidc-test (0.8.12)
4
+ oidc-test (0.8.13)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
@@ -9,21 +9,9 @@ GEM
9
9
  ast (2.4.2)
10
10
  diff-lcs (1.5.0)
11
11
  json (2.6.3)
12
- net-http (0.5.0)
13
- uri
14
12
  parallel (1.22.1)
15
13
  parser (3.2.2.0)
16
14
  ast (~> 2.4.1)
17
- protobug (0.1.0)
18
- protobug_googleapis_field_behavior_protos (0.1.0)
19
- protobug (= 0.1.0)
20
- protobug_well_known_protos (= 0.1.0)
21
- protobug_sigstore_protos (0.1.0)
22
- protobug (= 0.1.0)
23
- protobug_googleapis_field_behavior_protos (= 0.1.0)
24
- protobug_well_known_protos (= 0.1.0)
25
- protobug_well_known_protos (0.1.0)
26
- protobug (= 0.1.0)
27
15
  racc (1.8.1)
28
16
  rainbow (3.1.1)
29
17
  rake (13.0.6)
@@ -55,12 +43,7 @@ GEM
55
43
  rubocop-ast (1.28.0)
56
44
  parser (>= 3.2.1.0)
57
45
  ruby-progressbar (1.13.0)
58
- sigstore (0.1.1)
59
- net-http
60
- protobug_sigstore_protos (~> 0.1.0)
61
- uri
62
46
  unicode-display_width (2.4.2)
63
- uri (1.0.2)
64
47
 
65
48
  PLATFORMS
66
49
  ruby
@@ -71,7 +54,6 @@ DEPENDENCIES
71
54
  rake (~> 13.0)
72
55
  rspec (~> 3.0)
73
56
  rubocop (~> 1.21)
74
- sigstore (~> 0.1.1)
75
57
 
76
58
  BUNDLED WITH
77
59
  2.5.10
data/Rakefile CHANGED
@@ -1,66 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "bundler/gem_helper"
4
-
5
- module Bundler
6
- class GemHelper
7
- prepend(Module.new do
8
- def install
9
- super
10
-
11
- task "release:attest" => "build" do
12
- Bundler.ui.confirm "Attesting? #{attest?}"
13
- attest if attest?
14
- end
15
-
16
- task "release:rubygem_push" => "release:attest"
17
- end
18
-
19
- def build_gem
20
- @build_gem_path = super
21
- end
22
-
23
- def rubygem_push(path)
24
- return super unless attest?
25
-
26
- cmd = [{ "RUBYOPT" => "-r#{File.expand_path("tasks/rubygems_patch.rb", __dir__)} #{ENV["RUBYOPT"]}",
27
- "gem_attestation_path" => "#{path}.sigstore.json" }, *gem_command, "push", path]
28
- cmd << "--key" << gem_key if gem_key
29
- cmd << "--host" << allowed_push_host if allowed_push_host
30
- sh_with_input(cmd)
31
- Bundler.ui.confirm "Pushed #{name} #{version} to #{gem_push_host}"
32
- end
33
- end)
34
-
35
- def attest?
36
- return true if %w[y yes true on 1].include?(ENV["gem_attest"])
37
- return false if %w[n no nil false off 0].include?(ENV["gem_attest"])
38
-
39
- ENV["ACTIONS_ID_TOKEN_REQUEST_URL"] && ENV["ACTIONS_ID_TOKEN_REQUEST_TOKEN"]
40
- end
41
-
42
- def attest
43
- Bundler.ui.confirm "Signing #{@build_gem_path}..."
44
- sh [Gem.ruby, "-S", "gem", "install", "sigstore"]
45
- sh [Gem.ruby, "-rnet/http", "-rsigstore", "-rsigstore/signer", "-e", <<~RUBY, @build_gem_path]
46
- file = ARGV.first
47
- jwt = Net::HTTP.get_response(
48
- URI(ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_URL") + "&audience=sigstore"),
49
- { "Authorization" => "bearer \#{ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_TOKEN")}" },
50
- &:value
51
- ).body.then { JSON.parse(_1).fetch("value") }
52
-
53
- contents = File.binread(file)
54
- bundle = Sigstore::Signer.new(jwt:, trusted_root: Sigstore::TrustedRoot.production).sign(contents)
55
-
56
- json = "\#{file}.sigstore.json"
57
- File.binwrite(json, bundle.to_json)
58
- puts "Signed \#{file}, wrote \#{json}"
59
- RUBY
60
- end
61
- end
62
- end
63
-
64
3
  require "bundler/gem_tasks"
65
4
 
66
5
  Bundler::GemHelper.tag_prefix = ENV["TAG_PREFIX"] if ENV["TAG_PREFIX"]
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Oidc
4
4
  module Test
5
- VERSION = "0.8.12"
5
+ VERSION = "0.8.13"
6
6
  end
7
7
  end
@@ -1,18 +1,46 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ return unless defined?(Gem)
4
+
3
5
  require "rubygems/commands/push_command"
4
6
 
5
7
  Gem::Commands::PushCommand.prepend(Module.new do
6
8
  def send_push_request(name, args)
7
- return super unless ENV["gem_attestation_path"]
9
+ return super if options[:attestations]&.any? || @host != "https://rubygems.org"
10
+
11
+ begin
12
+ send_push_request_with_attestation(name, args)
13
+ rescue StandardError => e
14
+ alert_warning "Failed to push with attestation, retrying without attestation.\n#{e.full_message}"
15
+ super
16
+ end
17
+ end
8
18
 
9
- rubygems_api_request(*args, scope: get_push_scope) do |request|
10
- request.set_form([
11
- ["gem", Gem.read_binary(name), { filename: name, content_type: "application/octet-stream" }],
12
- ["attestations", "[#{Gem.read_binary(ENV["gem_attestation_path"])}]",
13
- { content_type: "application/json" }]
14
- ], "multipart/form-data")
15
- request.add_field "Authorization", api_key
19
+ def send_push_request_with_attestation(name, args)
20
+ attestation = attest!(name)
21
+ if options[:attestations]
22
+ options[:attestations] << attestation
23
+ send_push_request(name, args)
24
+ else
25
+ rubygems_api_request(*args, scope: get_push_scope) do |request|
26
+ request.set_form([
27
+ ["gem", Gem.read_binary(name), { filename: name, content_type: "application/octet-stream" }],
28
+ ["attestations", "[#{Gem.read_binary(attestation)}]", { content_type: "application/json" }]
29
+ ], "multipart/form-data")
30
+ request.add_field "Authorization", api_key
31
+ end
16
32
  end
17
33
  end
34
+
35
+ def attest!(name)
36
+ require "open3"
37
+ bundle = "#{name}.sigstore.json"
38
+ out, st = Open3.capture2e(
39
+ Gem.ruby, "-S", "gem", "exec",
40
+ "sigstore-cli:0.2.1", "sign", name, "--bundle", bundle
41
+ )
42
+ raise Gem::Exception, "Failed to sign gem:\n\n#{out}" unless st.success?
43
+
44
+ bundle
45
+ end
18
46
  end)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oidc-test
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.12
4
+ version: 0.8.13
5
5
  platform: ruby
6
6
  authors:
7
7
  - Samuel Giddins
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-11-14 00:00:00.000000000 Z
11
+ date: 2024-11-19 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description:
14
14
  email: