puma-release 0.1.0

data/lib/puma_release/context.rb

@@ -0,0 +1,167 @@
+# frozen_string_literal: true
+
+require "json"
+require "shellwords"
+
+module PumaRelease
+  class Context
+    attr_reader :env, :options, :events, :ui, :shell
+
+    def initialize(options, env: ENV, events: Events.new, ui: UI.new)
+      @options = options
+      @env = env
+      @events = events
+      @ui = ui
+      @shell = Shell.new(env:, cwd: repo_dir.to_s)
+    end
+
+    def repo_dir = options.fetch(:repo_dir)
+    def metadata_repo = options.fetch(:metadata_repo)
+    def allow_unknown_ci? = options.fetch(:allow_unknown_ci)
+    def skip_ci_check? = options.fetch(:skip_ci_check, false)
+    def yes? = options.fetch(:yes)
+    def live? = options.fetch(:live, false)
+    def debug? = options.fetch(:debug, false) || env["DEBUG"] == "true"
+    def changelog_backend = env.fetch("PUMA_RELEASE_CHANGELOG_BACKEND", options.fetch(:changelog_backend))
+    def codename = options.fetch(:codename)
+
+    def base_branch
+      @base_branch ||= options[:base_branch] || shell.output("git", "rev-parse", "--abbrev-ref", "HEAD").strip
+    end
+
+    def agent_cmd = env.fetch("AGENT_CMD", "claude")
+    TOOL_URL = "https://github.com/nateberkopec/puma-release"
+
+    def version_file = repo_dir.join("lib/puma/const.rb")
+    def history_file = repo_dir.join("History.md")
+    def security_file = repo_dir.join("SECURITY.md")
+
+    def release_repo
+      @release_repo ||= options[:release_repo] || infer_release_repo
+    end
+
+    def agent_binary
+      shell.split(agent_cmd).first || "claude"
+    end
+
+    def github_token
+      @github_token ||= begin
+        token = env.fetch("GITHUB_TOKEN", "")
+        token.empty? ? shell.optional_output("gh", "auth", "token") : token
+      end
+    end
+
+    def check_dependencies!(*commands)
+      missing = commands.flatten.compact.uniq.reject { |command| shell.available?(command) }
+      raise Error, "Missing required dependencies: #{missing.join(" ")}" unless missing.empty?
+    end
+
+    def comment_author_model_name(fallback: env["AGENT_MODEL_NAME"])
+      value = fallback.to_s.strip
+      return value unless value.empty?
+
+      agent_binary
+    end
+
+    def comment_attribution(model_name)
+      "This comment was written by #{model_name} working on behalf of [puma-release](#{TOOL_URL})."
+    end
+
+    def announce_live_mode!
+      return unless live?
+      return if @live_mode_announced
+
+      ui.warn("LIVE MODE: writes will go to #{release_repo}")
+      @live_mode_announced = true
+    end
+
+    def ensure_release_writes_allowed!
+      return if live?
+      return unless release_repo == metadata_repo
+
+      raise Error,
+        "Refusing to write release state to #{release_repo} without --live. " \
+        "Use --release-repo OWNER/REPO to target a fork, or pass --live to operate on #{metadata_repo}."
+    end
+
+    def confirm_live_github_write!(description)
+      return true unless live?
+      return true if yes?
+      return true if ui.confirm("LIVE MODE: #{description} on GitHub for #{release_repo}. Continue?")
+
+      raise Error, "Aborted live GitHub action: #{description}"
+    end
+
+    def confirm_live_git_command!(*command)
+      return true unless live?
+      return true if yes?
+
+      rendered = Shellwords.join(command)
+      return true if ui.confirm("LIVE MODE: about to run git command: #{rendered}. Continue?")
+
+      raise Error, "Aborted live git action: #{rendered}"
+    end
+
+    def confirm_live_gh_command!(*command)
+      return true unless live?
+      return true if yes?
+
+      rendered = Shellwords.join(command)
+      return true if ui.confirm("LIVE MODE: about to run gh command: #{rendered}. Continue?")
+
+      raise Error, "Aborted live gh action: #{rendered}"
+    end
+
+    private
+
+    def infer_release_repo
+      return metadata_repo if live?
+
+      preferred_fork_repo || metadata_repo
+    end
+
+    def preferred_fork_repo
+      candidates = github_remotes.reject { |_remote, repo| repo == metadata_repo }
+      return candidates.first&.last if candidates.one?
+
+      login_match = candidates.find { |_remote, repo| repo_owner(repo) == github_login }
+      return login_match.last if login_match
+
+      origin_match = candidates.find { |remote, _repo| remote == "origin" }
+      origin_match&.last
+    end
+
+    def github_login
+      return @github_login if defined?(@github_login)
+
+      @github_login = fetch_github_login
+    end
+
+    def repo_owner(repo)
+      repo.split("/", 2).first
+    end
+
+    def fetch_github_login
+      return nil unless shell.available?("gh")
+
+      result = shell.run("gh", "api", "user", allow_failure: true)
+      return nil unless result.success?
+
+      login = JSON.parse(result.stdout).fetch("login", "").strip
+      login.empty? ? nil : login
+    rescue Errno::ENOENT, JSON::ParserError
+      nil
+    end
+
+    def github_remotes
+      shell.output("git", "remote").lines(chomp: true).filter_map do |remote|
+        repo = github_repo_from_url(shell.output("git", "remote", "get-url", remote).strip)
+        repo ? [remote, repo] : nil
+      end
+    end
+
+    def github_repo_from_url(url)
+      url[%r{github\.com[:/]([^/]+/[^/.]+?)(?:\.git)?$}, 1]
+    end
+  end
+end

data/lib/puma_release/contributor_resolver.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module PumaRelease
+  class ContributorResolver
+    attr_reader :context, :git_repo, :github
+
+    def initialize(context, git_repo: GitRepo.new(context), github: GitHubClient.new(context))
+      @context = context
+      @git_repo = git_repo
+      @github = github
+    end
+
+    def codename_earner(tag)
+      contributor = top_contributors_since(tag).first
+      return nil unless contributor
+
+      contributor.merge(login: resolve_login(tag, contributor))
+    end
+
+    def top_contributors_since(tag)
+      git_repo.top_contributors_since_with_email(tag).map do |line|
+        count, name, email = line.match(/^\s*(\d+)\s+(.+?)\s+<([^>]+)>$/)&.captures
+        next unless count
+
+        {count: count.to_i, name:, email:}
+      end.compact
+    end
+
+    private
+
+    def resolve_login(tag, contributor)
+      logins = commits_for(tag, contributor).filter_map { |commit| github.commit_author_login(context.metadata_repo, commit.fetch(:sha)) }
+      return most_common(logins) unless logins.empty?
+
+      login_from_noreply_email(contributor.fetch(:email))
+    end
+
+    def commits_for(tag, contributor)
+      git_repo.commit_authors_since(tag).select do |commit|
+        commit.fetch(:name) == contributor.fetch(:name) && commit.fetch(:email) == contributor.fetch(:email)
+      end
+    end
+
+    def most_common(values)
+      values.tally.max_by { |_value, count| count }&.first
+    end
+
+    def login_from_noreply_email(email)
+      email[%r{\A(?:\d+\+)?([^@]+)@users\.noreply\.github\.com\z}, 1]
+    end
+  end
+end

data/lib/puma_release/error.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module PumaRelease
+  class Error < StandardError; end
+end

data/lib/puma_release/events.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module PumaRelease
+  class Events
+    def initialize
+      @subscribers = Hash.new { |hash, key| hash[key] = [] }
+    end
+
+    def subscribe(name = :all, &block)
+      @subscribers[name] << block
+    end
+
+    def publish(name, payload = {})
+      @subscribers.fetch(:all, []).each { |subscriber| subscriber.call(name, payload) }
+      @subscribers.fetch(name, []).each { |subscriber| subscriber.call(name, payload) }
+    end
+  end
+end

data/lib/puma_release/git_repo.rb

@@ -0,0 +1,169 @@
+# frozen_string_literal: true
+
+module PumaRelease
+  class GitRepo
+    attr_reader :context
+
+    def initialize(context)
+      @context = context
+    end
+
+    def current_branch = shell.output("git", "rev-parse", "--abbrev-ref", "HEAD").strip
+    def clean? = shell.output("git", "status", "--porcelain").strip.empty?
+    def head_sha = shell.output("git", "rev-parse", "HEAD").strip
+    def commits_since(tag) = shell.output("git", "rev-list", "--count", "#{tag}..HEAD").strip.to_i
+
+    def ensure_clean_base!
+      base = context.base_branch
+      raise Error, "Must be on '#{base}' branch (currently on '#{current_branch}')" unless current_branch == base
+      raise Error, "Working directory not clean. Commit or stash first." unless clean?
+
+      run_git!("fetch", metadata_remote, "--quiet")
+      remote_sha = shell.output("git", "rev-parse", "#{metadata_remote}/#{base}").strip
+      raise Error, "Local #{base} differs from #{metadata_remote}/#{base}. Pull or push first." unless head_sha == remote_sha
+    end
+
+    def last_tag
+      tags = shell.output("git", "tag", "--sort=-v:refname", "--merged", "HEAD").lines(chomp: true)
+      tags.find { |tag| tag.match?(/^v\d/) } || raise(Error, "Could not determine last release tag")
+    end
+
+    def bump_version(version, bump_type)
+      major, minor, patch = version.split(".").map(&:to_i)
+      return "#{major + 1}.0.0" if bump_type == "major"
+      return "#{major}.#{minor + 1}.0" if bump_type == "minor"
+      return "#{major}.#{minor}.#{patch + 1}" if bump_type == "patch"
+
+      raise Error, "Unknown bump type: #{bump_type}"
+    end
+
+    def top_contributors_since(tag)
+      shell.output("git", "shortlog", "-s", "-n", "--no-merges", "#{tag}..HEAD").lines(chomp: true)
+    end
+
+    def top_contributors_since_with_email(tag)
+      shell.output("git", "shortlog", "-s", "-n", "-e", "--no-merges", "#{tag}..HEAD").lines(chomp: true)
+    end
+
+    def commit_authors_since(tag)
+      shell.output("git", "log", "--format=%H%x09%aN%x09%aE", "#{tag}..HEAD").lines(chomp: true).map do |line|
+        sha, name, email = line.split("\t", 3)
+        {sha:, name:, email:}
+      end
+    end
+
+    def release_tag(version) = "v#{version}"
+    def proposal_tag(version) = "#{release_tag(version)}-proposal"
+
+    def checkout_release_branch!(branch)
+      run_git!("checkout", "-b", branch)
+    end
+
+    def commit_release!(version, extra_files: [])
+      run_git!("add", context.version_file.to_s, context.history_file.to_s, *extra_files.map(&:to_s))
+      run_git!("commit", "-S", "-m", "Release v#{version}")
+    end
+
+    def push_branch!(branch)
+      command = ["push"]
+      command << "-u" if release_remote
+      command += [release_push_target, branch]
+      run_git!(*command)
+    end
+
+    def remote_tag_sha(tag, repo: context.release_repo)
+      refs = shell.output("git", "ls-remote", "--tags", remote_target_for(repo), "refs/tags/#{tag}", "refs/tags/#{tag}^{}").lines(chomp: true)
+      peeled = refs.find { |line| line.end_with?("refs/tags/#{tag}^{}") }
+      direct = refs.find { |line| line.end_with?("refs/tags/#{tag}") }
+      (peeled || direct).to_s.split.first.to_s
+    end
+
+    def remote_tag_object_sha(tag, repo: context.release_repo)
+      shell.output("git", "ls-remote", "--tags", remote_target_for(repo), "refs/tags/#{tag}").split.first.to_s
+    end
+
+    def local_tag_sha(tag)
+      shell.optional_output("git", "rev-parse", "-q", "--verify", "refs/tags/#{tag}^{commit}")
+    end
+
+    def local_tag_object_sha(tag)
+      shell.optional_output("git", "rev-parse", "-q", "--verify", "refs/tags/#{tag}")
+    end
+
+    def create_signed_tag!(tag, message: "Release #{tag}")
+      run_git!("tag", "-s", tag, "-m", message)
+    end
+
+    def local_tag_signed?(tag)
+      return false if local_tag_sha(tag).empty?
+
+      shell.output("git", "cat-file", "-p", "refs/tags/#{tag}").include?("-----BEGIN PGP SIGNATURE-----")
+    end
+
+    def ensure_release_tag_pushed!(tag)
+      head = head_sha
+      local = local_tag_sha(tag)
+      remote = remote_tag_sha(tag)
+
+      raise Error, "Remote tag #{tag} already exists at #{remote}, not HEAD #{head}." if !remote.empty? && remote != head
+      raise Error, "Local tag #{tag} already exists at #{local}, not HEAD #{head}." if !local.empty? && local != head
+      raise Error, "Local tag #{tag} exists at #{head} but is not GPG-signed." if !local.empty? && !local_tag_signed?(tag)
+
+      create_signed_tag!(tag) if local.empty?
+
+      local_object = local_tag_object_sha(tag)
+      remote_object = remote_tag_object_sha(tag)
+      return if !remote_object.empty? && remote_object == local_object
+
+      raise Error, "Remote tag #{tag} already exists but does not match the local signed tag." unless remote_object.empty?
+
+      run_git!("push", release_push_target, tag)
+    end
+
+    def delete_local_tag!(tag, allow_failure: false)
+      run_git!("tag", "-d", tag, allow_failure:)
+    end
+
+    private
+
+    def shell = context.shell
+
+    def run_git!(*command, **options)
+      context.confirm_live_git_command!("git", *command) if context.respond_to?(:confirm_live_git_command!)
+      shell.run("git", *command, **options)
+    end
+
+    def metadata_remote
+      remote_name_for(context.metadata_repo) || "origin"
+    end
+
+    def release_remote
+      remote_name_for(context.release_repo)
+    end
+
+    def release_push_target
+      release_remote || github_url_for(context.release_repo)
+    end
+
+    def remote_target_for(repo)
+      remote_name_for(repo) || github_url_for(repo)
+    end
+
+    def remote_name_for(repo)
+      shell.output("git", "remote").lines(chomp: true).find do |remote|
+        github_repo_from_url(shell.output("git", "remote", "get-url", remote).strip) == repo
+      end
+    end
+
+    def github_url_for(repo)
+      origin_url = shell.output("git", "remote", "get-url", "origin").strip
+      return "git@github.com:#{repo}.git" if origin_url.match?(%r{\A(?:git@github\.com:|ssh://git@github\.com/)})
+
+      "https://github.com/#{repo}.git"
+    end
+
+    def github_repo_from_url(url)
+      url[%r{github\.com[:/]([^/]+/[^/.]+?)(?:\.git)?$}, 1]
+    end
+  end
+end

data/lib/puma_release/github_client.rb

@@ -0,0 +1,163 @@
+# frozen_string_literal: true
+
+require "json"
+require "tempfile"
+
+module PumaRelease
+  class GitHubClient
+    attr_reader :context
+
+    def initialize(context)
+      @context = context
+    end
+
+    def commit_pulls(repo, sha)
+      json("gh", "api", "repos/#{repo}/commits/#{sha}/pulls") || []
+    end
+
+    def commit_author_login(repo, sha)
+      commit = json("gh", "api", "repos/#{repo}/commits/#{sha}")
+      login = commit&.dig("author", "login") || commit&.dig("committer", "login")
+      return login if login && !login.empty?
+
+      commit_pulls(repo, sha).first&.dig("user", "login")
+    end
+
+    def pr(number, repo: context.release_repo)
+      json("gh", "pr", "view", number.to_s, "--repo", repo, "--json", "number,title,url,state,mergedAt,author,labels,headRefName")
+    end
+
+    def issue(number, repo: context.metadata_repo)
+      json("gh", "issue", "view", number.to_s, "--repo", repo, "--json", "number,title,url,closedAt,author")
+    end
+
+    def user(login)
+      json("gh", "api", "users/#{login}")
+    end
+
+    def open_release_pr
+      owner = context.release_repo.split("/").first
+      prs = json(
+        "gh", "pr", "list", "--repo", context.release_repo,
+        "--state", "open",
+        "--search", "head:#{owner}:release-v",
+        "--json", "number,title,url,headRefName"
+      ) || []
+      prs.find { |pr| pr.fetch("headRefName", "").start_with?("release-v") }
+    end
+
+    def create_release_pr(title, branch, body: "")
+      output_gh!(
+        "pr", "create",
+        "--repo", context.release_repo,
+        "--base", context.base_branch,
+        "--head", branch,
+        "--title", title,
+        "--body", body
+      ).strip
+    end
+
+    def update_pr_body(pr_url, body)
+      run_gh!("pr", "edit", pr_url, "--body", body)
+    end
+
+    def comment_on_pr(pr_url, body)
+      run_gh!("pr", "comment", pr_url, "--body", body)
+    end
+
+    def release(tag)
+      json("gh", "release", "view", tag, "--repo", context.release_repo, "--json", "tagName,name,isDraft,body,url,assets,targetCommitish")
+    end
+
+    def retag_release(old_tag, new_tag, target: nil)
+      release_id = release_id(old_tag)
+      command = ["api", "-X", "PATCH", "repos/#{context.release_repo}/releases/#{release_id}", "-f", "tag_name=#{new_tag}"]
+      command += ["-f", "target_commitish=#{target}"] if target
+      run_gh!(*command)
+      release(new_tag)
+    end
+
+    def delete_release(tag, allow_failure: false)
+      release_id = release_id(tag, allow_failure:)
+      return false unless release_id
+
+      run_gh!("api", "-X", "DELETE", "repos/#{context.release_repo}/releases/#{release_id}", allow_failure:)
+      true
+    end
+
+    def delete_tag_ref(tag, allow_failure: false)
+      run_gh!("api", "-X", "DELETE", "repos/#{context.release_repo}/git/refs/tags/#{tag}", allow_failure:)
+      true
+    end
+
+    def create_release(tag, body, title: tag, draft: true, target: nil)
+      with_notes_file(body) do |path|
+        command = ["release", "create", tag, "--repo", context.release_repo, "--title", title, "--notes-file", path]
+        command += ["--target", target] if target
+        command << "--draft" if draft
+        run_gh!(*command)
+      end
+      release(tag)
+    end
+
+    def edit_release_notes(tag, body)
+      with_notes_file(body) { |path| run_gh!("release", "edit", tag, "--repo", context.release_repo, "--notes-file", path) }
+      release(tag)
+    end
+
+    def edit_release_target(tag, target)
+      run_gh!("release", "edit", tag, "--repo", context.release_repo, "--target", target)
+      release(tag)
+    end
+
+    def edit_release_title(tag, title)
+      run_gh!("release", "edit", tag, "--repo", context.release_repo, "--title", title)
+      release(tag)
+    end
+
+    def publish_release(tag)
+      run_gh!("release", "edit", tag, "--repo", context.release_repo, "--draft=false")
+      release(tag)
+    end
+
+    def upload_release_assets(tag, *paths)
+      run_gh!("release", "upload", tag, "--repo", context.release_repo, "--clobber", *paths)
+    end
+
+    private
+
+    def json(*command)
+      result = context.shell.run(*command, allow_failure: true)
+      return nil unless result.success?
+
+      body = result.stdout.strip
+      body.empty? ? {} : JSON.parse(body)
+    end
+
+    def run_gh!(*command, **options)
+      context.confirm_live_gh_command!("gh", *command) if context.respond_to?(:confirm_live_gh_command!)
+      context.shell.run("gh", *command, **options)
+    end
+
+    def output_gh!(*command, **options)
+      context.confirm_live_gh_command!("gh", *command) if context.respond_to?(:confirm_live_gh_command!)
+      context.shell.output("gh", *command, **options)
+    end
+
+    def release_id(tag, allow_failure: false)
+      payload = json("gh", "api", "repos/#{context.release_repo}/releases/tags/#{tag}")
+      return payload&.fetch("id", nil) if payload
+      return nil if allow_failure
+
+      raise Error, "Could not find release for tag #{tag}"
+    end
+
+    def with_notes_file(body)
+      Tempfile.create("puma-release-notes") do |file|
+        file.write(body)
+        file.flush
+        yield file.path
+      end
+    end
+  end
+end

data/lib/puma_release/link_reference_builder.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module PumaRelease
+  class LinkReferenceBuilder
+    attr_reader :context
+
+    def initialize(context)
+      @context = context
+    end
+
+    def build(changelog)
+      numbers = changelog.scan(/\[#(\d+)\]/).flatten.map(&:to_i).uniq.sort.reverse
+      existing = context.history_file.read
+      numbers.filter_map { |number| reference_for(number, existing) }.join("\n")
+    end
+
+    private
+
+    def reference_for(number, existing)
+      return if existing.match?(/^\[##{number}\]:/)
+
+      context.ui.info("  Looking up ##{number}...")
+      pr = github.pr(number, repo: context.metadata_repo)
+      return pr_reference(number, pr) if pr
+
+      issue = github.issue(number, repo: context.metadata_repo)
+      return issue_reference(number, issue) if issue
+
+      context.ui.warn("Could not look up ##{number}")
+      nil
+    end
+
+    def pr_reference(number, pr)
+      login = pr.dig("author", "login")
+      author = github.user(login)&.fetch("name", nil).to_s
+      author = login if author.empty?
+      merged_at = pr.fetch("mergedAt", "").split("T").first
+      "[##{number}]:https://github.com/#{context.metadata_repo}/pull/#{number}     \"PR by #{author}, merged #{merged_at}\""
+    end
+
+    def issue_reference(number, issue)
+      login = issue.dig("author", "login")
+      closed_at = issue.fetch("closedAt", "").split("T").first
+      "[##{number}]:https://github.com/#{context.metadata_repo}/issues/#{number}     \"Issue by @#{login}, closed #{closed_at}\""
+    end
+
+    def github = @github ||= GitHubClient.new(context)
+  end
+end

data/lib/puma_release/options.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require "optparse"
+
+module PumaRelease
+  class Options
+    DEFAULTS = {
+      command: "run",
+      repo_dir: Dir.pwd,
+      metadata_repo: "puma/puma",
+      changelog_backend: "auto",
+      allow_unknown_ci: false,
+      skip_ci_check: false,
+      yes: false,
+      live: false,
+      debug: false,
+      codename: nil,
+      base_branch: nil
+    }.freeze
+
+    def self.parse(argv)
+      options = DEFAULTS.dup
+      parser = OptionParser.new do |opts|
+        opts.banner = "Usage: puma-release [options] [command]"
+
+        opts.on("--repo-dir PATH", "Path to the Puma checkout") { |value| options[:repo_dir] = value }
+        opts.on("--release-repo OWNER/REPO", "Repo for PRs, tags, and releases") { |value| options[:release_repo] = value }
+        opts.on("--metadata-repo OWNER/REPO", "Repo for PR metadata and commit links") { |value| options[:metadata_repo] = value }
+        opts.on("--live", "Allow writes to the metadata repo for the real release") { options[:live] = true }
+        opts.on("--allow-unknown-ci", "Proceed when CI status cannot be determined") { options[:allow_unknown_ci] = true }
+        opts.on("--skip-ci-check", "Skip the CI check entirely during prepare") { options[:skip_ci_check] = true }
+        opts.on("--changelog-backend NAME", "auto, agent, or communique") { |value| options[:changelog_backend] = value }
+        opts.on("-y", "--yes", "Skip interactive confirmations") { options[:yes] = true }
+        opts.on("--debug", "Enable debug logging") { options[:debug] = true }
+        opts.on("--codename NAME", "Set the release codename directly") { |value| options[:codename] = value }
+        opts.on("--base-branch BRANCH", "Base branch for the release (default: current branch)") { |value| options[:base_branch] = value }
+      end
+
+      remaining = parser.parse(argv)
+      options[:command] = remaining.first if remaining.first
+      options[:repo_dir] = Pathname(options[:repo_dir]).expand_path
+      options
+    rescue OptionParser::ParseError => e
+      raise Error, e.message
+    end
+  end
+end