RubyGems - puppet_forge - Versions diffs - 3.2.0 → 4.1.0 - Mend

puppet_forge 3.2.0 → 4.1.0

Files changed (14) hide show

checksums.yaml +4 -4
data/.github/workflows/ruby-rspec.yml +7 -5
data/.github/workflows/snyk_merge.yml +24 -0
data/CHANGELOG.md +10 -0
data/README.md +16 -0
data/lib/puppet_forge/connection/connection_failure.rb +1 -1
data/lib/puppet_forge/connection.rb +2 -2
data/lib/puppet_forge/error.rb +21 -5
data/lib/puppet_forge/v3/base.rb +3 -0
data/lib/puppet_forge/v3/release.rb +33 -0
data/lib/puppet_forge/version.rb +1 -1
data/puppet_forge.gemspec +4 -7
data/spec/unit/forge/v3/release_spec.rb +38 -0
metadata +13 -12

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 14fb262a13e9382bc404ebf162e70c8fa48ccd73f33f53113e75524da106bed9
-  data.tar.gz: 0316cbac8bd7c7d3dc18d792a0dfc25a4cca095fce0974a5f54a50e546ef1c92
+  metadata.gz: bf36457b8298a66e2b7af77d53a0bf476b4881c2dd29de7b1e8a49a523400f53
+  data.tar.gz: e5926f236dbe38b61bf3e1b9e96677ef352db5afabb9de836d40d1be136830f5
 SHA512:
-  metadata.gz: f909a3a4b8bf942f104f1a9f5a798edeb8a29e03adaaa24dbd4170efd97f2e09c23ef44b3b88ad406d32d5d10aba98d382d21ce10e1db115ee5c87d8cd01e30f
-  data.tar.gz: 2da931edf4e563a6e0962d834c9e3db3dec6ff33fd9a172f5d50a12066863b336fae173c8ad860d6c85f6df1ef02da4e1e0fc61e0a3182e92552ac988db3ce7b
+  metadata.gz: d604d660f74c37ea1bdeeb048d94edf557b1037d46bc6e83963f1d8b9d1652ceb66d3aafb3b498c470ffc1083c7d2fbb5d22a410b3ae2e91e12b7381f2ee9c26
+  data.tar.gz: fbf2a345b0c6b538a7a0424965d13aa1ab54f9e064273fe983176b60516a1076b1f3bd7b8edca3bed5272b0380de1fb6448d81dde147d31f3961c99ea49fde26

data/.github/workflows/ruby-rspec.yml CHANGED Viewed

@@ -14,7 +14,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby: [2.7, 2.6, 2.5]
+        ruby:
+          - '3.1'
+          - '3.0'
+          - '2.7'
+          - '2.6'
     steps:
       - uses: actions/checkout@v1
@@ -22,9 +26,7 @@ jobs:
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
       - name: Build and test with Rspec
-        run: |
-          gem install bundler
-          bundle install --jobs 4 --retry 3
-          bundle exec rspec
+        run: bundle exec rspec

data/.github/workflows/snyk_merge.yml ADDED Viewed

@@ -0,0 +1,24 @@
+name: snyk_merge
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: setup ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.7
+      - name: create lock
+        run: bundle lock
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/ruby@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_FORGE_KEY }}
+        with:
+          command: monitor
+          args: --org=puppet-forge

data/CHANGELOG.md CHANGED Viewed

@@ -3,6 +3,16 @@
 Starting with v2.0.0, all notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
+## v4.1.0 - 2023-02-21
+* Add upload method functionality.
+* Allows the user to search by an array of endorsements.
+## v4.0.0 - 2022-11-30
+* Breaking: The `puppet_forge` gem now requires at least Ruby 2.6.0
+* Update `faraday` gem to 2.x series
 ## v3.2.0 - 2021-11-09
 * Allow requests to follow redirects

data/README.md CHANGED Viewed

@@ -136,7 +136,23 @@ release.verify(Pathname(release_tarball))
 # @raise RuntimeError if it fails to extract the contents of the release tarball
 PuppetForge::Unpacker.unpack(release_tarball, dest_dir, tmp_dir)
 ```
+### Uploading a module release
+You can upload new module versions to the forge by following the steps below.
+> Note: This API requires authorization. See [Authorization](#authorization) for more information.
+```ruby
+release_tarball = 'pkg/puppetlabs-apache-1.6.0.tar.gz'
+# Upload a module tarball to the Puppet Forge
+# Returns an instance of V3::Release class and the response from the forge upload
+# @raise PuppetForge::ReleaseForbidden if a 403 response is recieved from the server
+# @raise PuppetForge::ReleaseBadContent if the module to upload is not valid
+# @raise Faraday::ClientError if any errors encountered in the upload
+# @raise PuppetForge::FileNotFound if the given tarball cannot be found
+release, response = PuppetForge::V3::Release.upload(release_tarball)
+```
 ### Paginated Collections

data/lib/puppet_forge/connection/connection_failure.rb CHANGED Viewed

@@ -22,4 +22,4 @@ module PuppetForge
   end
 end
-Faraday::Middleware.register_middleware(:connection_failure => lambda { PuppetForge::Connection::ConnectionFailure })
+Faraday::Middleware.register_middleware(:connection_failure => PuppetForge::Connection::ConnectionFailure)

data/lib/puppet_forge/connection.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 require 'puppet_forge/connection/connection_failure'
 require 'faraday'
-require 'faraday_middleware'
+require 'faraday/follow_redirects'
 module PuppetForge
   # Provide a common mixin for adding a HTTP connection to classes.
@@ -115,7 +115,7 @@ module PuppetForge
       end
       Faraday.new(url, options) do |builder|
-        builder.use FaradayMiddleware::FollowRedirects
+        builder.use Faraday::FollowRedirects::Middleware
         builder.response(:json, :content_type => /\bjson$/, :parser_options => { :symbolize_names => true })
         builder.response(:raise_error)
         builder.use(:connection_failure)

data/lib/puppet_forge/error.rb CHANGED Viewed

@@ -28,16 +28,32 @@ Could not install package
     end
   end
+  class ErrorWithDetail < PuppetForge::Error
+    def self.from_response(response)
+      body = JSON.parse(response[:body])
+      message = body['message']
+      if body.key?('errors') && !body['errors']&.empty?
+        message << "\nThe following errors were returned from the server:\n - #{body['errors'].join("\n - ")}"
+      end
+      new(message)
+    end
+  end
+  class FileNotFound < PuppetForge::Error
+  end
   class ModuleNotFound < PuppetForge::Error
   end
   class ReleaseNotFound < PuppetForge::Error
   end
-  class ReleaseForbidden < PuppetForge::Error
-    def self.from_response(response)
-      body = JSON.parse(response[:body])
-      new(body["message"])
-    end
+  class ReleaseForbidden < PuppetForge::ErrorWithDetail
+  end
+  class ReleaseBadContent < PuppetForge::ErrorWithDetail
   end
 end

data/lib/puppet_forge/v3/base.rb CHANGED Viewed

@@ -66,6 +66,9 @@ module PuppetForge
             uri_path = "v3/#{resource}/#{item}"
           end
+          # The API expects a space separated string. This allows the user to invoke it with a more natural feeling array.
+          params['endorsements'] = params['endorsements'].join(' ') if params['endorsements'].is_a? Array
           PuppetForge::V3::Base.conn.get uri_path, params
         end

data/lib/puppet_forge/v3/release.rb CHANGED Viewed

@@ -2,6 +2,7 @@ require 'puppet_forge/v3/base'
 require 'puppet_forge/v3/module'
 require 'digest'
+require 'base64'
 module PuppetForge
   module V3
@@ -38,6 +39,38 @@ module PuppetForge
         end
       end
+      # Uploads the tarbarll to the forge
+      #
+      # @param path [Pathname] tarball file path
+      # @return resp
+      def self.upload(path)
+        # We want to make sure that the file exists before trying to upload it
+        raise PuppetForge::FileNotFound, "The file '#{path}' does not exist." unless File.file?(path)
+        file = File.open(path, 'rb')
+        encoded_string = Base64.encode64(file.read)
+        data = { file: encoded_string }
+        resp = conn.post do |req|
+          req.url '/v3/releases'
+          req.headers['Content-Type'] = 'application/json'
+          req.body = data.to_json
+        end
+        [self, resp]
+      rescue Faraday::ClientError => e
+        if e.response
+          case e.response[:status]
+          when 403
+            raise PuppetForge::ReleaseForbidden.from_response(e.response)
+          when 400
+            raise PuppetForge::ReleaseBadContent.from_response(e.response)
+          end
+        end
+        raise e
+      end
       # Verify that a downloaded module matches the best available checksum in the metadata for this release,
       # validates SHA-256 checksum if available, otherwise validates MD5 checksum
       #

data/lib/puppet_forge/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module PuppetForge
-  VERSION = '3.2.0' # Library version
+  VERSION = '4.1.0' # Library version
 end

data/puppet_forge.gemspec CHANGED Viewed

@@ -18,10 +18,10 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
-  spec.required_ruby_version = '>= 2.4.0'
+  spec.required_ruby_version = '>= 2.6.0'
-  spec.add_runtime_dependency "faraday", "~> 1.3"
-  spec.add_runtime_dependency "faraday_middleware", "~> 1.0"
+  spec.add_runtime_dependency "faraday", "~> 2.0"
+  spec.add_runtime_dependency "faraday-follow_redirects", "~> 0.3.0"
   spec.add_dependency "semantic_puppet", "~> 1.0"
   spec.add_dependency "minitar"
@@ -31,8 +31,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "cane"
   spec.add_development_dependency "yard"
   spec.add_development_dependency "redcarpet"
-  # Install the right pry debugging combo depending on ruby version.
-  spec.add_development_dependency "pry-debugger" if RUBY_VERSION <= '1.9.3'
-  spec.add_development_dependency "pry-byebug" if RUBY_VERSION >= '2.0.0'
+  spec.add_development_dependency "pry-byebug"
 end

data/spec/unit/forge/v3/release_spec.rb CHANGED Viewed

@@ -218,5 +218,43 @@ describe PuppetForge::V3::Release do
         expect(release.created_at).to_not be nil
       end
     end
+    describe '#upload' do
+      let(:tarball) { "#{PROJECT_ROOT}/spec/tmp/module.tgz" }
+      let(:file_object) { double('file', read: 'file contents') }
+      let(:release) { PuppetForge::V3::Release.upload(tarball) }
+      let(:mock_conn) { instance_double('PuppetForge::V3::Connection', url_prefix: PuppetForge.host) }
+      context 'when there is no auth token provided' do
+        it 'raises PuppetForge::ReleaseForbidden' do
+          allow(File).to receive(:file?).and_return(true)
+          allow(File).to receive(:open).and_return(file_object)
+          allow(described_class).to receive(:conn).and_return(mock_conn)
+          response = { status: 403, body: { 'message' => 'Forbidden' }.to_json }
+          expect(mock_conn).to receive(:post).and_raise(Faraday::ClientError.new('Forbidden', response))
+          expect { release }.to raise_error(PuppetForge::ReleaseForbidden)
+        end
+      end
+      context 'when the module is not valid' do
+        it 'raises PuppetForge::ReleaseBadRequest' do
+          allow(File).to receive(:file?).and_return(true)
+          allow(File).to receive(:open).and_return(file_object)
+          allow(described_class).to receive(:conn).and_return(mock_conn)
+          response = { status: 400, body: { message: 'Bad Content' }.to_json }
+          expect(mock_conn).to receive(:post).and_raise(Faraday::ClientError.new('400', response))
+          expect { release }.to raise_error(PuppetForge::ReleaseBadContent)
+        end
+      end
+      context 'when the tarball does not exist' do
+        it 'raises PuppetForge::FileNotFound' do
+          expect { PuppetForge::V3::Release.upload(tarball) }.to raise_error(PuppetForge::FileNotFound)
+        end
+      end
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet_forge
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 4.1.0
 platform: ruby
 authors:
 - Puppet Labs
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-11-09 00:00:00.000000000 Z
+date: 2023-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: faraday_middleware
+  name: faraday-follow_redirects
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: semantic_puppet
   requirement: !ruby/object:Gem::Requirement
@@ -173,6 +173,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/workflows/ruby-rspec.yml"
+- ".github/workflows/snyk_merge.yml"
 - ".gitignore"
 - CHANGELOG.md
 - CODEOWNERS
@@ -250,7 +251,7 @@ homepage: https://github.com/puppetlabs/forge-ruby
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -258,15 +259,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key:
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: Access the Puppet Forge API from Ruby for resource information and to download
   releases.