oidc-test 0.8.1 → 0.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +7 -1
- data/Gemfile +4 -0
- data/Gemfile.lock +21 -1
- data/Rakefile +58 -0
- data/lib/oidc/test/version.rb +1 -1
- data/tasks/rubygems_patch.rb +18 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 04f405f2eab5a94aa9178413897d87911dacdfa138c67ba3316fc6c6a24bd152
|
|
4
|
+
data.tar.gz: b1a9417381fd097c046b07d68ee11a4e3c9a8c9b7edb27ff586fa6ae4b65a062
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 14e5d54d31e99764e6e3685b4b221a601df88dd597467a8920a6089407294a042a5a3c4dece640e9f4881f469b807309ab2564136a899438b855b3a01786a758
|
|
7
|
+
data.tar.gz: c9b2b662e5a783f42337e6bc62e93b25a61a10aa0b862d70b733547fc4f51829a4378ad2b320f4d0d556e4d2a308c9341ed4569900f7d918dd1436dd72be6be0
|
data/.rubocop.yml
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
AllCops:
|
|
2
|
-
TargetRubyVersion:
|
|
2
|
+
TargetRubyVersion: 3.1
|
|
3
3
|
|
|
4
4
|
Style/StringLiterals:
|
|
5
5
|
Enabled: true
|
|
@@ -11,3 +11,9 @@ Style/StringLiteralsInInterpolation:
|
|
|
11
11
|
|
|
12
12
|
Layout/LineLength:
|
|
13
13
|
Max: 120
|
|
14
|
+
|
|
15
|
+
Style/Documentation:
|
|
16
|
+
Enabled: false
|
|
17
|
+
|
|
18
|
+
Metrics:
|
|
19
|
+
Enabled: false
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
oidc-test (0.8.
|
|
4
|
+
oidc-test (0.8.2)
|
|
5
5
|
|
|
6
6
|
GEM
|
|
7
7
|
remote: https://rubygems.org/
|
|
@@ -9,9 +9,22 @@ GEM
|
|
|
9
9
|
ast (2.4.2)
|
|
10
10
|
diff-lcs (1.5.0)
|
|
11
11
|
json (2.6.3)
|
|
12
|
+
net-http (0.5.0)
|
|
13
|
+
uri
|
|
12
14
|
parallel (1.22.1)
|
|
13
15
|
parser (3.2.2.0)
|
|
14
16
|
ast (~> 2.4.1)
|
|
17
|
+
protobug (0.1.0)
|
|
18
|
+
protobug_googleapis_field_behavior_protos (0.1.0)
|
|
19
|
+
protobug (= 0.1.0)
|
|
20
|
+
protobug_well_known_protos (= 0.1.0)
|
|
21
|
+
protobug_sigstore_protos (0.1.0)
|
|
22
|
+
protobug (= 0.1.0)
|
|
23
|
+
protobug_googleapis_field_behavior_protos (= 0.1.0)
|
|
24
|
+
protobug_well_known_protos (= 0.1.0)
|
|
25
|
+
protobug_well_known_protos (0.1.0)
|
|
26
|
+
protobug (= 0.1.0)
|
|
27
|
+
racc (1.8.1)
|
|
15
28
|
rainbow (3.1.1)
|
|
16
29
|
rake (13.0.6)
|
|
17
30
|
regexp_parser (2.7.0)
|
|
@@ -42,16 +55,23 @@ GEM
|
|
|
42
55
|
rubocop-ast (1.28.0)
|
|
43
56
|
parser (>= 3.2.1.0)
|
|
44
57
|
ruby-progressbar (1.13.0)
|
|
58
|
+
sigstore (0.1.1)
|
|
59
|
+
net-http
|
|
60
|
+
protobug_sigstore_protos (~> 0.1.0)
|
|
61
|
+
uri
|
|
45
62
|
unicode-display_width (2.4.2)
|
|
63
|
+
uri (1.0.2)
|
|
46
64
|
|
|
47
65
|
PLATFORMS
|
|
48
66
|
ruby
|
|
49
67
|
|
|
50
68
|
DEPENDENCIES
|
|
51
69
|
oidc-test!
|
|
70
|
+
racc
|
|
52
71
|
rake (~> 13.0)
|
|
53
72
|
rspec (~> 3.0)
|
|
54
73
|
rubocop (~> 1.21)
|
|
74
|
+
sigstore (~> 0.1.1)
|
|
55
75
|
|
|
56
76
|
BUNDLED WITH
|
|
57
77
|
2.5.10
|
data/Rakefile
CHANGED
|
@@ -1,5 +1,63 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "bundler/gem_helper"
|
|
4
|
+
|
|
5
|
+
module Bundler
|
|
6
|
+
class GemHelper
|
|
7
|
+
prepend(Module.new do
|
|
8
|
+
def install
|
|
9
|
+
super
|
|
10
|
+
|
|
11
|
+
namespace :release do
|
|
12
|
+
task attest: :build do
|
|
13
|
+
attest if attest?
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
task rubygem_push: :attest
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def build_gem
|
|
21
|
+
@build_gem_path = super
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def rubygem_push(path)
|
|
25
|
+
return super unless attest?
|
|
26
|
+
|
|
27
|
+
cmd = [{ "RUBYOPT" => "-r#{File.expand_path("tasks/rubygems_patch.rb", __dir__)} #{ENV["RUBYOPT"]}",
|
|
28
|
+
"gem_attestation_path" => "#{path}.sigstore.json" }, *gem_command, "push", path]
|
|
29
|
+
cmd << "--key" << gem_key if gem_key
|
|
30
|
+
cmd << "--host" << gem_push_host if gem_push_host
|
|
31
|
+
sh_with_input(cmd)
|
|
32
|
+
Bundler.ui.confirm "Pushed #{name} #{version} to #{gem_push_host}"
|
|
33
|
+
end
|
|
34
|
+
end)
|
|
35
|
+
|
|
36
|
+
def attest?
|
|
37
|
+
return true if %w[y yes true on 1].include?(ENV["gem_attest"])
|
|
38
|
+
return false if %w[n no nil false off 0].include?(ENV["gem_attest"])
|
|
39
|
+
|
|
40
|
+
ENV["ACTIONS_ID_TOKEN_REQUEST_URL"] && ENV["ACTIONS_ID_TOKEN_REQUEST_TOKEN"]
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def attest
|
|
44
|
+
ruby "-rnet/http", "-rsigstore/signer", "-e", <<~RUBY
|
|
45
|
+
file = @build_gem_path
|
|
46
|
+
jwt = Net::HTTP.get_response(
|
|
47
|
+
URI(ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_URL") + "&audience=sigstore"),
|
|
48
|
+
{ "Authorization" => "bearer #{ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_TOKEN")}" },
|
|
49
|
+
&:value
|
|
50
|
+
).body.then { JSON.parse(_1).fetch("value") }
|
|
51
|
+
|
|
52
|
+
contents = File.binread(file)
|
|
53
|
+
bundle = Sigstore::Signer.new(jwt:, trusted_root: Sigstore::TrustedRoot.production).sign(contents)
|
|
54
|
+
|
|
55
|
+
File.binwrite("#{file}.sigstore.json", bundle.to_json)
|
|
56
|
+
RUBY
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
3
61
|
require "bundler/gem_tasks"
|
|
4
62
|
|
|
5
63
|
Bundler::GemHelper.tag_prefix = ENV["TAG_PREFIX"] if ENV["TAG_PREFIX"]
|
data/lib/oidc/test/version.rb
CHANGED
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "rubygems/commands/push_command"
|
|
4
|
+
|
|
5
|
+
Gem::Commands::PushCommand.prepend(Module.new do
|
|
6
|
+
def send_push_request(name, args)
|
|
7
|
+
return super unless ENV["gem_attestation_path"]
|
|
8
|
+
|
|
9
|
+
rubygems_api_request(*args, scope: get_push_scope) do |request|
|
|
10
|
+
request.set_form([
|
|
11
|
+
["gem", Gem.read_binary(name), { filename: name, content_type: "application/octet-stream" }],
|
|
12
|
+
["attestations", "[#{Gem.read_binary(ENV["gem_attestation_path"])}]",
|
|
13
|
+
{ content_type: "application/json" }]
|
|
14
|
+
], "multipart/form-data")
|
|
15
|
+
request.add_field "Authorization", api_key
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oidc-test
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.8.
|
|
4
|
+
version: 0.8.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Samuel Giddins
|
|
@@ -29,6 +29,7 @@ files:
|
|
|
29
29
|
- lib/oidc/test.rb
|
|
30
30
|
- lib/oidc/test/version.rb
|
|
31
31
|
- sig/oidc/test.rbs
|
|
32
|
+
- tasks/rubygems_patch.rb
|
|
32
33
|
homepage: https://github.com/segiddins/oidc-test
|
|
33
34
|
licenses:
|
|
34
35
|
- MIT
|
|
@@ -43,7 +44,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
43
44
|
requirements:
|
|
44
45
|
- - ">="
|
|
45
46
|
- !ruby/object:Gem::Version
|
|
46
|
-
version:
|
|
47
|
+
version: 3.1.0
|
|
47
48
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
48
49
|
requirements:
|
|
49
50
|
- - ">="
|