rake-gem-maintenance 0.2.2 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 65b010085edf81afe7c8233594c9b8e115889cdfd02f15527d354d5482cf24d1
-  data.tar.gz: ea5de615c2d4c76e9fd1f89fd222beb804060206ca6319feb0635ac114e2b7da
+  metadata.gz: 136f349f402dea79359c72b2090f93ca0c7fcb42ac20f6b8970d10790f26d3ea
+  data.tar.gz: 30922beac4518bb29e76412d2b0fe82a89e9bdf751f1dffe7dadcbc91daa8b81
 SHA512:
-  metadata.gz: f263f65817da2c6afcef96d0968679f84905f7c7c51e4ddc96cae2b1372b0a0231137eb9685752b0aa88017c913da9e86f51d29953761891a8700fc152b71cd2
-  data.tar.gz: 9abdac846de81dda6854f396b757051847a10bf3fc36c2f4ec72cd13f04d2d0f5fce7a814ee0a164b3f509923639c4b5785fbc102074a48e55f465d4a67c6ff2
+  metadata.gz: 6df527a5b44a190381ed74b2de006c26dccf6a11333357fc0baf16d6a14b10ceb2c41d6b58bf48d29a0667d9f01acb55b612b1226e5e29b2d1155d0358d65933
+  data.tar.gz: d725b94d57c9f266495639b326e171d06857a80283e6e71e08746a1e518624c8db8ce19753c8e40f6a2c2a00bb95343c67f4f3caced4753098be8e1e4afe2a8d

data/.woodpecker/publish.yml

@@ -10,7 +10,7 @@
 #   badge_service_token — write token for badge.cbp-org.internal
 
 when:
-  event: [push, manual]
+  event: push
   branch: main
 
 labels:
@@ -34,7 +34,7 @@ steps:
       RUBYGEMS_OTP_SEED:
         from_secret: rubygems_otp_seed
     commands:
-      - apk add --no-cache build-base git
+      - apk add --no-cache build-base git yaml-dev
       - bundle install --jobs 4 --retry 3
       - ruby scripts/ci_publish_rubygems.rb
 

data/.woodpecker/renew_api_key.yml

@@ -1,7 +1,6 @@
 when:
   - event: cron
     cron: monthly-renew-api-key
-  - event: manual
 
 labels:
   platform: linux
@@ -29,7 +28,7 @@ steps:
         from_secret: woodpecker_api_token
       WOODPECKER_SERVER: "https://ci.cbp-org.internal"
     commands:
-      - apk add --no-cache build-base
+      - apk add --no-cache build-base git yaml-dev
       - bundle install --jobs 4 --retry 3
       - bundle exec rake upgrade:renew_api_key
 

data/.woodpecker/verify.yml

@@ -19,7 +19,7 @@ steps:
     environment:
       CUCUMBER_PUBLISH_QUIET: "true"
     commands:
-      - apk add --no-cache build-base git
+      - apk add --no-cache build-base git yaml-dev
       - mkdir -p /root/.local/share/ruby-advisory-db/gems
       - bundle install --jobs 4 --retry 3
       - bundle exec rake verify

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rake-gem-maintenance (0.2.2)
+    rake-gem-maintenance (0.3.0)
       bundler-audit
       gem-release
       rake
@@ -254,7 +254,7 @@ CHECKSUMS
   racc (1.8.1) sha256=4a7f6929691dbec8b5209a0b373bc2614882b55fc5d2e447a21aaa691303d62f
   rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a
   rake (13.4.2) sha256=cb825b2bd5f1f8e91ca37bddb4b9aaf345551b4731da62949be002fa89283701
-  rake-gem-maintenance (0.2.2)
+  rake-gem-maintenance (0.3.0)
   rb-fsevent (0.11.2) sha256=43900b972e7301d6570f64b850a5aa67833ee7d87b458ee92805d56b7318aefe
   rb-inotify (0.11.1) sha256=a0a700441239b0ff18eb65e3866236cd78613d6b9f78fea1f9ac47a85e47be6e
   rdoc (7.2.0) sha256=8650f76cd4009c3b54955eb5d7e3a075c60a57276766ebf36f9085e8c9f23192

data/lib/rake/gem/maintenance/ci_version_bump_task.rb

@@ -0,0 +1,149 @@
+# frozen_string_literal: true
+
+require "rake"
+require "rake/tasklib"
+require "net/http"
+require "openssl"
+require "base64"
+require "open3"
+
+module Rake
+  module Gem
+    module Maintenance
+      # Defines `version:ci_bump` — auto-bump for CI push pipelines.
+      #
+      # Checks whether the current version is already published at the configured
+      # registry. If yes: patch-bumps, commits with [skip ci], tags, and pushes.
+      # If no: assumes the developer already bumped and does nothing.
+      # Either way skips if the HEAD commit message contains any skip_pattern.
+      #
+      # Usage in Rakefile:
+      #   Rake::Gem::Maintenance::CiVersionBumpTask.new do |t|
+      #     t.registry_url   = 'https://gems.cbp-org.internal'
+      #     t.ca_cert_env    = 'CBP_ORG_CA_CERT'      # base64-encoded PEM, optional
+      #     t.push_token_env = 'FORGEJO_PUSH_TOKEN'    # token for git push auth, optional
+      #   end
+      class CiVersionBumpTask < ::Rake::TaskLib
+        attr_accessor :registry_url, :ca_cert_env, :push_token_env,
+                      :skip_patterns, :push_branch, :git_author_email, :git_author_name
+
+        def initialize
+          super
+          @registry_url     = "https://rubygems.org"
+          @ca_cert_env      = nil
+          @push_token_env   = nil
+          @skip_patterns    = ["[skip bump]", "[skip ci]"]
+          @push_branch      = "main"
+          @git_author_email = "ci@cbp-org.internal"
+          @git_author_name  = "CBP-Org-CI"
+          yield self if block_given?
+          define_tasks
+        end
+
+        private
+
+        def define_tasks
+          desc "CI auto-bump: patch-bump if already published; skip if developer already bumped"
+          task "version:ci_bump" do
+            run_ci_bump
+          end
+        end
+
+        def run_ci_bump
+          return if head_opts_out?
+
+          current = current_version
+          if already_published?(current)
+            puts "auto-bump: #{current} is already published — bumping patch"
+            perform_bump(current)
+          else
+            puts "auto-bump: #{current} not yet published — no action needed"
+          end
+        end
+
+        def head_opts_out?
+          msg = head_commit_message
+          return false unless skip?(msg)
+
+          puts "auto-bump: HEAD opts out — leaving version alone"
+          true
+        end
+
+        def perform_bump(current)
+          system("git checkout -- .") or abort("auto-bump: git checkout failed")
+          system("bundle exec gem bump --version patch --file #{version_file} --no-commit") or
+            abort("auto-bump: gem bump failed")
+          new_version = current_version
+          abort("auto-bump: gem bump did not change version") if new_version == current
+          puts "auto-bump: bumped to #{new_version}"
+          commit_and_push(new_version)
+        end
+
+        def commit_and_push(new_version)
+          git_cfg = ["-c", "user.email=#{git_author_email}", "-c", "user.name=#{git_author_name}"]
+          system("git", *git_cfg, "add", version_file) or abort("auto-bump: git add failed")
+          system("git", *git_cfg, "commit", "-m",
+                 "chore: auto-bump version to #{new_version} [skip ci]") or
+            abort("auto-bump: git commit failed")
+          system("git", "tag", "v#{new_version}") or abort("auto-bump: git tag failed")
+          system("git", "push", authenticated_url(origin_url), "HEAD:#{push_branch}",
+                 "--tags") or abort("auto-bump: git push failed")
+          puts "auto-bump: pushed v#{new_version}"
+        end
+
+        def skip?(message)
+          skip_patterns.any? { |pattern| message.include?(pattern) }
+        end
+
+        def head_commit_message
+          stdout, status = Open3.capture2("git log -1 --pretty=%B")
+          status.success? ? stdout.strip : abort("auto-bump: git log failed")
+        end
+
+        def origin_url
+          url, status = Open3.capture2("git remote get-url origin")
+          status.success? ? url.strip : abort("auto-bump: could not determine origin URL")
+        end
+
+        def current_version
+          content = File.read(version_file)
+          content[/VERSION\s*=\s*['"]([^'"]+)['"]/, 1] ||
+            abort("auto-bump: could not parse VERSION from #{version_file}")
+        end
+
+        def already_published?(version)
+          uri = URI("#{registry_url}/gems/#{gem_name}-#{version}.gem")
+          res = Net::HTTP.start(uri.host, uri.port,
+                                use_ssl: true, cert_store: build_cert_store,
+                                verify_mode: OpenSSL::SSL::VERIFY_PEER) { |h| h.head(uri.path) }
+          res.is_a?(Net::HTTPSuccess)
+        rescue StandardError
+          false
+        end
+
+        def build_cert_store
+          store = OpenSSL::X509::Store.new
+          store.set_default_paths
+          if ca_cert_env && (b64 = ENV.fetch(ca_cert_env, nil))
+            store.add_cert(OpenSSL::X509::Certificate.new(Base64.decode64(b64)))
+          end
+          store
+        end
+
+        def authenticated_url(url)
+          return url unless push_token_env && (token = ENV.fetch(push_token_env, nil))
+
+          url.sub("https://", "https://x-access-token:#{token}@")
+        end
+
+        def version_file
+          @version_file ||= Dir.glob("lib/**/version.rb").first
+        end
+
+        def gem_name
+          @gem_name ||= ::Gem::Specification.load(Dir.glob("*.gemspec").first).name
+        end
+      end
+    end
+  end
+end

data/lib/rake/gem/maintenance/version.rb

@@ -3,7 +3,7 @@
 module Rake
   module Gem
     module Maintenance
-      VERSION = "0.2.2"
+      VERSION = "0.3.0"
     end
   end
 end

data/lib/rake/gem/maintenance.rb

@@ -2,6 +2,7 @@
 
 require_relative "maintenance/version"
 require_relative "maintenance/version_bump_task"
+require_relative "maintenance/ci_version_bump_task"
 require_relative "maintenance/ci_environment"
 require_relative "maintenance/credential_store"
 require_relative "maintenance/ruby_version_checker"

data/rake-gem-maintenance.gemspec

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require_relative "lib/rake/gem/maintenance/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "rake-gem-maintenance"
+  spec.version = Rake::Gem::Maintenance::VERSION
+  spec.authors = ["Christophe Broult"]
+  spec.email = ["cbroult@yahoo.com"]
+
+  spec.summary = "Rake tasks for gem maintenance: dependency upgrades and version bumps."
+  spec.description = "Provides reusable Rake::TaskLib subclasses for upgrading gem dependencies and bumping versions."
+  spec.homepage = "https://github.com/cbroult/rake-gem-maintenance"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.3.7"
+
+  spec.metadata["allowed_push_host"] = "https://rubygems.org"
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["changelog_uri"] = File.join(spec.homepage, "Changelog")
+  spec.metadata["rubygems_mfa_required"] = "true"
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (f == __FILE__) || f.match(%r{\A(?:(?:test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
+    end
+  end
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "bundler-audit"
+  spec.add_dependency "gem-release"
+  spec.add_dependency "rake"
+  spec.add_dependency "rotp"
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rake-gem-maintenance
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.3.0
 platform: ruby
 authors:
 - Christophe Broult
@@ -89,6 +89,7 @@ files:
 - lib/rake/gem/maintenance.rb
 - lib/rake/gem/maintenance/api_key_renewer.rb
 - lib/rake/gem/maintenance/ci_environment.rb
+- lib/rake/gem/maintenance/ci_version_bump_task.rb
 - lib/rake/gem/maintenance/credential_store.rb
 - lib/rake/gem/maintenance/gem_publisher.rb
 - lib/rake/gem/maintenance/gem_push.rb
@@ -104,6 +105,7 @@ files:
 - lib/rake/gem/maintenance/version.rb
 - lib/rake/gem/maintenance/version_bump_task.rb
 - lib/rake/gem/maintenance/woodpecker_secret_store.rb
+- rake-gem-maintenance.gemspec
 - scripts/ci_publish_rubygems.rb
 homepage: https://github.com/cbroult/rake-gem-maintenance
 licenses:
@@ -127,7 +129,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.10
+rubygems_version: 4.0.11
 specification_version: 4
 summary: 'Rake tasks for gem maintenance: dependency upgrades and version bumps.'
 test_files: []