RubyGems - puppet_forge - Versions diffs - 3.2.0 → 4.1.0 - Mend

puppet_forge 3.2.0 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/.github/workflows/ruby-rspec.yml +7 -5
data/.github/workflows/snyk_merge.yml +24 -0
data/CHANGELOG.md +10 -0
data/README.md +16 -0
data/lib/puppet_forge/connection/connection_failure.rb +1 -1
data/lib/puppet_forge/connection.rb +2 -2
data/lib/puppet_forge/error.rb +21 -5
data/lib/puppet_forge/v3/base.rb +3 -0
data/lib/puppet_forge/v3/release.rb +33 -0
data/lib/puppet_forge/version.rb +1 -1
data/puppet_forge.gemspec +4 -7
data/spec/unit/forge/v3/release_spec.rb +38 -0
metadata +13 -12

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 14fb262a13e9382bc404ebf162e70c8fa48ccd73f33f53113e75524da106bed9
-  data.tar.gz: 0316cbac8bd7c7d3dc18d792a0dfc25a4cca095fce0974a5f54a50e546ef1c92
+  metadata.gz: bf36457b8298a66e2b7af77d53a0bf476b4881c2dd29de7b1e8a49a523400f53
+  data.tar.gz: e5926f236dbe38b61bf3e1b9e96677ef352db5afabb9de836d40d1be136830f5
 SHA512:
-  metadata.gz: f909a3a4b8bf942f104f1a9f5a798edeb8a29e03adaaa24dbd4170efd97f2e09c23ef44b3b88ad406d32d5d10aba98d382d21ce10e1db115ee5c87d8cd01e30f
-  data.tar.gz: 2da931edf4e563a6e0962d834c9e3db3dec6ff33fd9a172f5d50a12066863b336fae173c8ad860d6c85f6df1ef02da4e1e0fc61e0a3182e92552ac988db3ce7b
+  metadata.gz: d604d660f74c37ea1bdeeb048d94edf557b1037d46bc6e83963f1d8b9d1652ceb66d3aafb3b498c470ffc1083c7d2fbb5d22a410b3ae2e91e12b7381f2ee9c26
+  data.tar.gz: fbf2a345b0c6b538a7a0424965d13aa1ab54f9e064273fe983176b60516a1076b1f3bd7b8edca3bed5272b0380de1fb6448d81dde147d31f3961c99ea49fde26

data/.github/workflows/ruby-rspec.yml CHANGED Viewed

@@ -14,7 +14,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby: [2.7, 2.6, 2.5]
+        ruby:
+          - '3.1'
+          - '3.0'
+          - '2.7'
+          - '2.6'
     steps:
       - uses: actions/checkout@v1
@@ -22,9 +26,7 @@ jobs:
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
       - name: Build and test with Rspec
-        run: |
-          gem install bundler
-          bundle install --jobs 4 --retry 3
-          bundle exec rspec
+        run: bundle exec rspec

data/.github/workflows/snyk_merge.yml ADDED Viewed

@@ -0,0 +1,24 @@
+name: snyk_merge
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: setup ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.7
+      - name: create lock
+        run: bundle lock
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/ruby@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_FORGE_KEY }}
+        with:
+          command: monitor
+          args: --org=puppet-forge

data/CHANGELOG.md CHANGED Viewed

@@ -3,6 +3,16 @@
 Starting with v2.0.0, all notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
+## v4.1.0 - 2023-02-21
+* Add upload method functionality.
+* Allows the user to search by an array of endorsements.
+## v4.0.0 - 2022-11-30
+* Breaking: The `puppet_forge` gem now requires at least Ruby 2.6.0
+* Update `faraday` gem to 2.x series
 ## v3.2.0 - 2021-11-09
 * Allow requests to follow redirects

data/README.md CHANGED Viewed

@@ -136,7 +136,23 @@ release.verify(Pathname(release_tarball))
 # @raise RuntimeError if it fails to extract the contents of the release tarball
 PuppetForge::Unpacker.unpack(release_tarball, dest_dir, tmp_dir)
 ```
+### Uploading a module release
+You can upload new module versions to the forge by following the steps below.
+> Note: This API requires authorization. See [Authorization](#authorization) for more information.
+```ruby
+release_tarball = 'pkg/puppetlabs-apache-1.6.0.tar.gz'
+# Upload a module tarball to the Puppet Forge
+# Returns an instance of V3::Release class and the response from the forge upload
+# @raise PuppetForge::ReleaseForbidden if a 403 response is recieved from the server
+# @raise PuppetForge::ReleaseBadContent if the module to upload is not valid
+# @raise Faraday::ClientError if any errors encountered in the upload
+# @raise PuppetForge::FileNotFound if the given tarball cannot be found
+release, response = PuppetForge::V3::Release.upload(release_tarball)
+```
 ### Paginated Collections

data/lib/puppet_forge/connection/connection_failure.rb CHANGED Viewed

@@ -22,4 +22,4 @@ module PuppetForge
   end
 end
-Faraday::Middleware.register_middleware(:connection_failure => lambda { PuppetForge::Connection::ConnectionFailure })
+Faraday::Middleware.register_middleware(:connection_failure => PuppetForge::Connection::ConnectionFailure)

data/lib/puppet_forge/connection.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 require 'puppet_forge/connection/connection_failure'
 require 'faraday'
-require 'faraday_middleware'
+require 'faraday/follow_redirects'
 module PuppetForge
   # Provide a common mixin for adding a HTTP connection to classes.
@@ -115,7 +115,7 @@ module PuppetForge
       end
       Faraday.new(url, options) do |builder|
-        builder.use FaradayMiddleware::FollowRedirects
+        builder.use Faraday::FollowRedirects::Middleware
         builder.response(:json, :content_type => /\bjson$/, :parser_options => { :symbolize_names => true })
         builder.response(:raise_error)
         builder.use(:connection_failure)

data/lib/puppet_forge/error.rb CHANGED Viewed

@@ -28,16 +28,32 @@ Could not install package
     end
   end
+  class ErrorWithDetail < PuppetForge::Error
+    def self.from_response(response)
+      body = JSON.parse(response[:body])
+      message = body['message']
+      if body.key?('errors') && !body['errors']&.empty?
+        message << "\nThe following errors were returned from the server:\n - #{body['errors'].join("\n - ")}"
+      end
+      new(message)
+    end
+  end
+  class FileNotFound < PuppetForge::Error
+  end
   class ModuleNotFound < PuppetForge::Error
   end
   class ReleaseNotFound < PuppetForge::Error
   end
-  class ReleaseForbidden < PuppetForge::Error
-    def self.from_response(response)
-      body = JSON.parse(response[:body])
-      new(body["message"])
-    end
+  class ReleaseForbidden < PuppetForge::ErrorWithDetail
+  end
+  class ReleaseBadContent < PuppetForge::ErrorWithDetail
   end
 end

data/lib/puppet_forge/v3/base.rb CHANGED Viewed

@@ -66,6 +66,9 @@ module PuppetForge
             uri_path = "v3/#{resource}/#{item}"
           end
+          # The API expects a space separated string. This allows the user to invoke it with a more natural feeling array.
+          params['endorsements'] = params['endorsements'].join(' ') if params['endorsements'].is_a? Array
           PuppetForge::V3::Base.conn.get uri_path, params
         end

data/lib/puppet_forge/v3/release.rb CHANGED Viewed

@@ -2,6 +2,7 @@ require 'puppet_forge/v3/base'
 require 'puppet_forge/v3/module'
 require 'digest'
+require 'base64'
 module PuppetForge
   module V3
@@ -38,6 +39,38 @@ module PuppetForge
         end
       end
+      # Uploads the tarbarll to the forge
+      #
+      # @param path [Pathname] tarball file path
+      # @return resp
+      def self.upload(path)
+        # We want to make sure that the file exists before trying to upload it
+        raise PuppetForge::FileNotFound, "The file '#{path}' does not exist." unless File.file?(path)
+        file = File.open(path, 'rb')
+        encoded_string = Base64.encode64(file.read)
+        data = { file: encoded_string }
+        resp = conn.post do |req|
+          req.url '/v3/releases'
+          req.headers['Content-Type'] = 'application/json'
+          req.body = data.to_json
+        end
+        [self, resp]
+      rescue Faraday::ClientError => e
+        if e.response
+          case e.response[:status]
+          when 403
+            raise PuppetForge::ReleaseForbidden.from_response(e.response)
+          when 400
+            raise PuppetForge::ReleaseBadContent.from_response(e.response)
+          end
+        end
+        raise e
+      end
       # Verify that a downloaded module matches the best available checksum in the metadata for this release,
       # validates SHA-256 checksum if available, otherwise validates MD5 checksum
       #

data/lib/puppet_forge/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module PuppetForge
-  VERSION = '3.2.0' # Library version
+  VERSION = '4.1.0' # Library version
 end

data/puppet_forge.gemspec CHANGED Viewed

@@ -18,10 +18,10 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
-  spec.required_ruby_version = '>= 2.4.0'
+  spec.required_ruby_version = '>= 2.6.0'
-  spec.add_runtime_dependency "faraday", "~> 1.3"
-  spec.add_runtime_dependency "faraday_middleware", "~> 1.0"
+  spec.add_runtime_dependency "faraday", "~> 2.0"
+  spec.add_runtime_dependency "faraday-follow_redirects", "~> 0.3.0"
   spec.add_dependency "semantic_puppet", "~> 1.0"
   spec.add_dependency "minitar"
@@ -31,8 +31,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "cane"
   spec.add_development_dependency "yard"
   spec.add_development_dependency "redcarpet"
-  # Install the right pry debugging combo depending on ruby version.
-  spec.add_development_dependency "pry-debugger" if RUBY_VERSION <= '1.9.3'
-  spec.add_development_dependency "pry-byebug" if RUBY_VERSION >= '2.0.0'
+  spec.add_development_dependency "pry-byebug"
 end

data/spec/unit/forge/v3/release_spec.rb CHANGED Viewed

@@ -218,5 +218,43 @@ describe PuppetForge::V3::Release do
         expect(release.created_at).to_not be nil
       end
     end
+    describe '#upload' do
+      let(:tarball) { "#{PROJECT_ROOT}/spec/tmp/module.tgz" }
+      let(:file_object) { double('file', read: 'file contents') }
+      let(:release) { PuppetForge::V3::Release.upload(tarball) }
+      let(:mock_conn) { instance_double('PuppetForge::V3::Connection', url_prefix: PuppetForge.host) }
+      context 'when there is no auth token provided' do
+        it 'raises PuppetForge::ReleaseForbidden' do
+          allow(File).to receive(:file?).and_return(true)
+          allow(File).to receive(:open).and_return(file_object)
+          allow(described_class).to receive(:conn).and_return(mock_conn)
+          response = { status: 403, body: { 'message' => 'Forbidden' }.to_json }
+          expect(mock_conn).to receive(:post).and_raise(Faraday::ClientError.new('Forbidden', response))
+          expect { release }.to raise_error(PuppetForge::ReleaseForbidden)
+        end
+      end
+      context 'when the module is not valid' do
+        it 'raises PuppetForge::ReleaseBadRequest' do
+          allow(File).to receive(:file?).and_return(true)
+          allow(File).to receive(:open).and_return(file_object)
+          allow(described_class).to receive(:conn).and_return(mock_conn)
+          response = { status: 400, body: { message: 'Bad Content' }.to_json }
+          expect(mock_conn).to receive(:post).and_raise(Faraday::ClientError.new('400', response))
+          expect { release }.to raise_error(PuppetForge::ReleaseBadContent)
+        end
+      end
+      context 'when the tarball does not exist' do
+        it 'raises PuppetForge::FileNotFound' do
+          expect { PuppetForge::V3::Release.upload(tarball) }.to raise_error(PuppetForge::FileNotFound)
+        end
+      end
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet_forge
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 4.1.0
 platform: ruby
 authors:
 - Puppet Labs
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-11-09 00:00:00.000000000 Z
+date: 2023-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: faraday_middleware
+  name: faraday-follow_redirects
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: semantic_puppet
   requirement: !ruby/object:Gem::Requirement
@@ -173,6 +173,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/workflows/ruby-rspec.yml"
+- ".github/workflows/snyk_merge.yml"
 - ".gitignore"
 - CHANGELOG.md
 - CODEOWNERS
@@ -250,7 +251,7 @@ homepage: https://github.com/puppetlabs/forge-ruby
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -258,15 +259,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key:
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: Access the Puppet Forge API from Ruby for resource information and to download
   releases.