rake-gem-maintenance 0.1.7 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5b787e033da5eee96ab47d3b7aef6db19b4ba37cd00c5a6399df65382b7931cb
-  data.tar.gz: b621f3b580ade530a9da0848f65fa734f0bd5555cfb47ebed826ec91a9535727
+  metadata.gz: 1025716123e134ab6db2ffcfc5655a59208dd038691b73e270c92c6bd35ea977
+  data.tar.gz: 1445566f68985cdd2b915c9958ec9daddaf07caa5002c62277481b72a122d561
 SHA512:
-  metadata.gz: ccdac7428f63ab9a174667221f0071099784643d2a0087190fac484265cf8e54424c9f6b999778b5d00a5e1443f7f3eea307be8aa90599989d72d51aedac2487
-  data.tar.gz: 64c1c90ac23717da73b24edcb6b6753fd6f2fc5c6b1b0b1f090c43d5502c5f21ab549fee8bc3847ab705f335fc787d49732b9b5ccf2c9b198672576746fdde90
+  metadata.gz: ba35f363319b323fe927da2cc3a9e8934d7b4310f5995b31d1cc91a759b34c8462262c449ef59fa1debe3c35615c733ef8f0dc96e6f270b592a76f1f6cc76153
+  data.tar.gz: 892b319be15819eb07cf5f254e9e7144e8387393a586442e9831585602600ade156e6d6c7c0b1dc41b6e60ee9e58b411c10a1bcebbff5e08f8510ec56f32ffad

data/CLAUDE.md

@@ -22,7 +22,7 @@ rake rubocop
 
 ## Architecture
 
-### Core Classes (lib/rake/gem_maintenance/)
+### Core Classes (lib/rake/gem/maintenance/)
 
 - **UpgradeTask** — Rake::TaskLib subclass defining upgrade:* tasks (branch, gems, commit, push, auto)
   - Default repositories: rubygems.org
@@ -36,21 +36,21 @@ rake rubocop
 
 ### Entry Points
 
-- `rake/gem_maintenance.rb` — requires all task classes
-- `rake/gem_maintenance/install_tasks.rb` — auto-instantiates UpgradeTask and VersionBumpTask with defaults
+- `rake/gem/maintenance.rb` — requires all task classes
+- `rake/gem/maintenance/install_tasks.rb` — auto-instantiates UpgradeTask and VersionBumpTask with defaults
 
 ### Quick Usage
 
 ```ruby
 # Internal gems only (cbp-org.internal)
-Rake::GemMaintenance::InternalUpgradeTask.new
+Rake::Gem::Maintenance::InternalUpgradeTask.new
 
 # Both repositories
-Rake::GemMaintenance::DualUpgradeTask.new
+Rake::Gem::Maintenance::DualUpgradeTask.new
 
 # Default (rubygems.org) - can also use Repos module
-Rake::GemMaintenance::UpgradeTask.new do |t|
-  t.gem_repositories = Rake::GemMaintenance::Repos.internal  # or Repos.all
+Rake::Gem::Maintenance::UpgradeTask.new do |t|
+  t.gem_repositories = Rake::Gem::Maintenance::Repos.internal  # or Repos.all
 end
 ```
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rake-gem-maintenance (0.1.7)
+    rake-gem-maintenance (0.2.0)
       bundler-audit
       gem-release
       rake
@@ -254,7 +254,7 @@ CHECKSUMS
   racc (1.8.1) sha256=4a7f6929691dbec8b5209a0b373bc2614882b55fc5d2e447a21aaa691303d62f
   rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a
   rake (13.4.2) sha256=cb825b2bd5f1f8e91ca37bddb4b9aaf345551b4731da62949be002fa89283701
-  rake-gem-maintenance (0.1.7)
+  rake-gem-maintenance (0.2.0)
   rb-fsevent (0.11.2) sha256=43900b972e7301d6570f64b850a5aa67833ee7d87b458ee92805d56b7318aefe
   rb-inotify (0.11.1) sha256=a0a700441239b0ff18eb65e3866236cd78613d6b9f78fea1f9ac47a85e47be6e
   rdoc (7.2.0) sha256=8650f76cd4009c3b54955eb5d7e3a075c60a57276766ebf36f9085e8c9f23192

data/README.md

@@ -1,4 +1,4 @@
-# Rake::GemMaintenance
+# Rake::Gem::Maintenance
 
 [![Ruby](https://github.com/cbroult/rake-gem-maintenance/actions/workflows/main.yml/badge.svg)](https://github.com/cbroult/rake-gem-maintenance/actions/workflows/main.yml)
 [![Dependabot](https://img.shields.io/badge/dependabot-enabled-blue?logo=dependabot)](https://github.com/cbroult/rake-gem-maintenance/network/updates)
@@ -18,7 +18,7 @@ gem "rake-gem-maintenance"
 Add to your Rakefile for default behavior:
 
 ```ruby
-require "rake/gem_maintenance/install_tasks"
+require "rake/gem/maintenance/install_tasks"
 ```
 
 This defines:
@@ -33,15 +33,15 @@ This defines:
 ## Customization
 
 ```ruby
-require "rake/gem_maintenance"
+require "rake/gem/maintenance"
 
-Rake::GemMaintenance::UpgradeTask.new do |t|
+Rake::Gem::Maintenance::UpgradeTask.new do |t|
   t.main_branch = "develop"
   t.upgrade_branch = "chore/upgrade-deps"
   t.commit_message = "chore: upgrade dependencies"
 end
 
-Rake::GemMaintenance::VersionBumpTask.new do |t|
+Rake::Gem::Maintenance::VersionBumpTask.new do |t|
   t.default_type = "minor"
 end
 ```
@@ -76,7 +76,7 @@ The file is `0600` (owner-read-only on Unix). The **password is never written to
 
 ### Step 2 — All future local runs are automatic
 
-Any project using `require "rake/gem_maintenance/install_tasks"` automatically reads the
+Any project using `require "rake/gem/maintenance/install_tasks"` automatically reads the
 credential file at startup and sets `GEM_HOST_API_KEY` and `RUBYGEMS_OTP_SEED` in the process
 environment. Running `rake upgrade` needs no manual credential setup from this point on.
 
@@ -106,10 +106,10 @@ See [features/upgrade_task/renew_api_key.feature](features/upgrade_task/renew_ap
 ```ruby
 require "rake/gem/maintenance"
 
-Rake::GemMaintenance::Repos.rubygems_api_key_env_var  = "MY_RUBYGEMS_KEY"
-Rake::GemMaintenance::Repos.rubygems_otp_seed_env_var = "MY_OTP_SEED"
+Rake::Gem::Maintenance::Repos.rubygems_api_key_env_var  = "MY_RUBYGEMS_KEY"
+Rake::Gem::Maintenance::Repos.rubygems_otp_seed_env_var = "MY_OTP_SEED"
 
-Rake::GemMaintenance::UpgradeTask.new
+Rake::Gem::Maintenance::UpgradeTask.new
 ```
 
 See [features/upgrade_task/repos_configuration.feature](features/upgrade_task/repos_configuration.feature)

data/TODO.md

@@ -1 +1,4 @@
-* Relocate to Rake::Gem::Maintenance so that `rake bump` works (it fails currently).
+# Packwerk
+
+Packwerk is Shopify's package enforcement tool designed for large Rails monoliths.
+With ~15 files in this library gem, the overhead is not warranted — close without implementing.

data/lib/rake/gem/maintenance/api_key_renewer.rb

@@ -1,47 +1,49 @@
 # frozen_string_literal: true
 
 module Rake
-  module GemMaintenance
-    # Renews a rubygems.org API key using credentials from env vars and
-    # persists the new key to Woodpecker CI when server details are available.
-    class ApiKeyRenewer
-      def initialize(otp_provider:,
-                     username_env_var: "RUBYGEMS_USERNAME",
-                     password_env_var: "RUBYGEMS_PASSWORD")
-        @otp_provider = otp_provider
-        @username_env_var = username_env_var
-        @password_env_var = password_env_var
-      end
+  module Gem
+    module Maintenance
+      # Renews a rubygems.org API key using credentials from env vars and
+      # persists the new key to Woodpecker CI when server details are available.
+      class ApiKeyRenewer
+        def initialize(otp_provider:,
+                       username_env_var: "RUBYGEMS_USERNAME",
+                       password_env_var: "RUBYGEMS_PASSWORD")
+          @otp_provider = otp_provider
+          @username_env_var = username_env_var
+          @password_env_var = password_env_var
+        end
 
-      def renew(repository)
-        username = env_credential(@username_env_var)
-        password = env_credential(@password_env_var)
-        return nil if username.nil? || password.nil?
+        def renew(repository)
+          username = env_credential(@username_env_var)
+          password = env_credential(@password_env_var)
+          return nil if username.nil? || password.nil?
 
-        otp = @otp_provider.otp_for(repository[:name], otp_seed_env_var: repository[:otp_seed_env_var])
-        new_key = RubyGemsApiKeyCreator.new(host: repository.fetch(:url, "https://rubygems.org"))
-                                       .create(username, password, otp: otp)
-        persist_to_woodpecker(new_key)
-        new_key
-      rescue StandardError
-        nil
-      end
+          otp = @otp_provider.otp_for(repository[:name], otp_seed_env_var: repository[:otp_seed_env_var])
+          new_key = RubyGemsApiKeyCreator.new(host: repository.fetch(:url, "https://rubygems.org"))
+                                         .create(username, password, otp: otp)
+          persist_to_woodpecker(new_key)
+          new_key
+        rescue StandardError
+          nil
+        end
 
-      private
+        private
 
-      def env_credential(var)
-        value = ENV.fetch(var, nil)
-        value&.empty? ? nil : value
-      end
+        def env_credential(var)
+          value = ENV.fetch(var, nil)
+          value&.empty? ? nil : value
+        end
 
-      def persist_to_woodpecker(new_key)
-        server = ENV.fetch("WOODPECKER_SERVER", nil)
-        token = ENV.fetch("WOODPECKER_TOKEN", nil)
-        return unless server && token
+        def persist_to_woodpecker(new_key)
+          server = ENV.fetch("WOODPECKER_SERVER", nil)
+          token = ENV.fetch("WOODPECKER_TOKEN", nil)
+          return unless server && token
 
-        org = ENV.fetch("WOODPECKER_ORG", "cbp-org")
-        WoodpeckerSecretStore.new(server: server, org: org, token: token)
-                             .store("rubygems_api_key", new_key)
+          org = ENV.fetch("WOODPECKER_ORG", "cbp-org")
+          WoodpeckerSecretStore.new(server: server, org: org, token: token)
+                               .store("rubygems_api_key", new_key)
+        end
       end
     end
   end

data/lib/rake/gem/maintenance/ci_environment.rb

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
 
 module Rake
-  module GemMaintenance
-    # Detects whether the current process is running inside a CI environment.
-    module CIEnvironment
-      def self.ci?
-        ENV["CI"].to_s != ""
+  module Gem
+    module Maintenance
+      # Detects whether the current process is running inside a CI environment.
+      module CIEnvironment
+        def self.ci?
+          ENV["CI"].to_s != ""
+        end
       end
     end
   end

data/lib/rake/gem/maintenance/credential_store.rb

@@ -5,60 +5,62 @@ require "fileutils"
 require "rubygems"
 
 module Rake
-  module GemMaintenance
-    # Persists rubygems.org credentials (username, API key, OTP seed) to a local config file.
-    class CredentialStore
-      def self.default_path
-        base = if Gem.win_platform?
-                 ENV.fetch("APPDATA", File.expand_path("~"))
-               else
-                 ENV.fetch("XDG_CONFIG_HOME", File.join(Dir.home, ".config"))
-               end
-        File.join(base, "rake-gem-maintenance", "credentials.yml")
-      end
+  module Gem
+    module Maintenance
+      # Persists rubygems.org credentials (username, API key, OTP seed) to a local config file.
+      class CredentialStore
+        def self.default_path
+          base = if ::Gem.win_platform?
+                   ENV.fetch("APPDATA", File.expand_path("~"))
+                 else
+                   ENV.fetch("XDG_CONFIG_HOME", File.join(Dir.home, ".config"))
+                 end
+          File.join(base, "rake-gem-maintenance", "credentials.yml")
+        end
 
-      def initialize(path: self.class.default_path)
-        @path = path
-      end
+        def initialize(path: self.class.default_path)
+          @path = path
+        end
 
-      attr_reader :path
+        attr_reader :path
 
-      def read
-        return {} unless File.exist?(@path)
+        def read
+          return {} unless File.exist?(@path)
 
-        YAML.safe_load_file(@path, symbolize_names: true) || {}
-      rescue StandardError
-        {}
-      end
+          YAML.safe_load_file(@path, symbolize_names: true) || {}
+        rescue StandardError
+          {}
+        end
 
-      def write(credentials)
-        FileUtils.mkdir_p(File.dirname(@path))
-        File.write(@path, credentials.transform_keys(&:to_s).to_yaml)
-        File.chmod(0o600, @path) unless Gem.win_platform?
-      end
+        def write(credentials)
+          FileUtils.mkdir_p(File.dirname(@path))
+          File.write(@path, credentials.transform_keys(&:to_s).to_yaml)
+          File.chmod(0o600, @path) unless ::Gem.win_platform?
+        end
 
-      def apply_to_env(username_env_var:, api_key_env_var:)
-        creds = read
-        set_env_if_absent(username_env_var, creds[:username])
-        set_env_if_absent("RUBYGEMS_OTP_SEED", creds[:rubygems_otp_seed])
-        set_env_if_absent(api_key_env_var, creds[:gem_host_api_key])
-      end
+        def apply_to_env(username_env_var:, api_key_env_var:)
+          creds = read
+          set_env_if_absent(username_env_var, creds[:username])
+          set_env_if_absent("RUBYGEMS_OTP_SEED", creds[:rubygems_otp_seed])
+          set_env_if_absent(api_key_env_var, creds[:gem_host_api_key])
+        end
 
-      def update(username:, api_key:, api_key_env_var:)
-        otp_seed = ENV.fetch("RUBYGEMS_OTP_SEED", nil)
-        updated = read.merge(username: username, gem_host_api_key: api_key)
-        updated[:rubygems_otp_seed] = otp_seed if otp_seed && !otp_seed.empty?
-        write(updated)
-        ENV[api_key_env_var] = api_key
-      end
+        def update(username:, api_key:, api_key_env_var:)
+          otp_seed = ENV.fetch("RUBYGEMS_OTP_SEED", nil)
+          updated = read.merge(username: username, gem_host_api_key: api_key)
+          updated[:rubygems_otp_seed] = otp_seed if otp_seed && !otp_seed.empty?
+          write(updated)
+          ENV[api_key_env_var] = api_key
+        end
 
-      private
+        private
 
-      def set_env_if_absent(env_var, value)
-        return unless value && !value.empty?
-        return if (existing = ENV.fetch(env_var, nil)) && !existing.empty?
+        def set_env_if_absent(env_var, value)
+          return unless value && !value.empty?
+          return if (existing = ENV.fetch(env_var, nil)) && !existing.empty?
 
-        ENV[env_var] = value
+          ENV[env_var] = value
+        end
       end
     end
   end

data/lib/rake/gem/maintenance/gem_publisher.rb

@@ -4,113 +4,115 @@ require "json"
 require "open-uri"
 
 module Rake
-  module GemMaintenance
-    # Publishes gems to multiple gem repositories, with version checking and warning handling.
-    class GemPublisher
-      attr_reader :repositories, :warnings, :failed_repositories, :successful_repos
-
-      def initialize(repositories = default_repositories,
-                     otp_provider: OtpProvider.new,
-                     ci_environment: CIEnvironment)
-        @repositories = repositories
-        @otp_provider = otp_provider
-        @ci_environment = ci_environment
-        @warnings = []
-        @failed_pushes = []
-        @failed_repositories = []
-        @published_files = []
-        @successful_repos = []
-      end
+  module Gem
+    module Maintenance
+      # Publishes gems to multiple gem repositories, with version checking and warning handling.
+      class GemPublisher
+        attr_reader :repositories, :warnings, :failed_repositories, :successful_repos
+
+        def initialize(repositories = default_repositories,
+                       otp_provider: OtpProvider.new,
+                       ci_environment: CIEnvironment)
+          @repositories = repositories
+          @otp_provider = otp_provider
+          @ci_environment = ci_environment
+          @warnings = []
+          @failed_pushes = []
+          @failed_repositories = []
+          @published_files = []
+          @successful_repos = []
+        end
 
-      def default_repositories
-        [{ name: "rubygems", url: "https://rubygems.org" }]
-      end
+        def default_repositories
+          [{ name: "rubygems", url: "https://rubygems.org" }]
+        end
 
-      def publish(gem_file)
-        @failed_pushes = []
-        @published_files = []
-        build_and_push(gem_file)
-        print_warnings
-      end
+        def publish(gem_file)
+          @failed_pushes = []
+          @published_files = []
+          build_and_push(gem_file)
+          print_warnings
+        end
 
-      def check_all_repositories(gem_name)
-        @failed_repositories = []
-        repositories.each do |repo|
-          versions_on_repository(gem_name, repo)
+        def check_all_repositories(gem_name)
+          @failed_repositories = []
+          repositories.each do |repo|
+            versions_on_repository(gem_name, repo)
+          end
         end
-      end
 
-      def versions_on_repository(gem_name, repository)
-        url = "#{repository[:url]}/api/v1/gems/#{gem_name}.json"
-        uri = URI.parse(url)
-        response = uri.read(accept: "application/json")
-        data = JSON.parse(response)
-        data["versions"].map { |v| v["number"] }
-      rescue StandardError => e
-        @failed_repositories << repository[:name]
-        @warnings << { repository: repository[:name], error: "Cannot fetch versions: #{e.message}" }
-        []
-      end
+        def versions_on_repository(gem_name, repository)
+          url = "#{repository[:url]}/api/v1/gems/#{gem_name}.json"
+          uri = URI.parse(url)
+          response = uri.read(accept: "application/json")
+          data = JSON.parse(response)
+          data["versions"].map { |v| v["number"] }
+        rescue StandardError => e
+          @failed_repositories << repository[:name]
+          @warnings << { repository: repository[:name], error: "Cannot fetch versions: #{e.message}" }
+          []
+        end
 
-      def next_version(gem_name, current_version)
-        return current_version unless current_version
+        def next_version(gem_name, current_version)
+          return current_version unless current_version
 
-        ver = Gem::Version.new(current_version)
-        loop do
-          return ver.to_s unless version_exists_on_all_repos?(gem_name, ver)
+          ver = ::Gem::Version.new(current_version)
+          loop do
+            return ver.to_s unless version_exists_on_all_repos?(gem_name, ver)
 
-          ver = ver.bump
+            ver = ver.bump
+          end
         end
-      end
 
-      def available_repositories
-        repositories.map { |r| r[:name] } - @failed_repositories
-      end
+        def available_repositories
+          repositories.map { |r| r[:name] } - @failed_repositories
+        end
 
-      def any_available?
-        @failed_repositories.size < repositories.size
-      end
+        def any_available?
+          @failed_repositories.size < repositories.size
+        end
 
-      private
+        private
 
-      def build_and_push(gem_file)
-        repositories.each do |repo|
-          push(gem_file, repository: repo)
+        def build_and_push(gem_file)
+          repositories.each do |repo|
+            push(gem_file, repository: repo)
+          end
         end
-      end
 
-      def push(gem_file, repository:)
-        result = GemPush.new(gem_file, repository, @otp_provider).attempt
-        return record_success(gem_file, repository) if result.success
+        def push(gem_file, repository:)
+          result = GemPush.new(gem_file, repository, @otp_provider).attempt
+          return record_success(gem_file, repository) if result.success
 
-        record_push_failure(repository, result.error)
-      rescue StandardError => e
-        @failed_pushes << { repository: repository[:name], error: e.message }
-      end
+          record_push_failure(repository, result.error)
+        rescue StandardError => e
+          @failed_pushes << { repository: repository[:name], error: e.message }
+        end
 
-      def record_success(gem_file, repository)
-        @published_files << gem_file
-        @successful_repos << repository[:name]
-      end
+        def record_success(gem_file, repository)
+          @published_files << gem_file
+          @successful_repos << repository[:name]
+        end
 
-      def record_push_failure(repository, message)
-        @failed_pushes << { repository: repository[:name], error: message.strip }
-      end
+        def record_push_failure(repository, message)
+          @failed_pushes << { repository: repository[:name], error: message.strip }
+        end
 
-      def version_exists_on_all_repos?(gem_name, version)
-        repositories.all? do |repo|
-          versions_on_repository(gem_name, repo).include?(version.to_s)
+        def version_exists_on_all_repos?(gem_name, version)
+          repositories.all? do |repo|
+            versions_on_repository(gem_name, repo).include?(version.to_s)
+          end
         end
-      end
 
-      def print_warnings
-        return if @failed_pushes.empty?
+        def print_warnings
+          return if @failed_pushes.empty?
 
-        puts "[WARN] The following repositories were unavailable:"
-        @failed_pushes.each do |failure|
-          puts "  - #{failure[:repository]}: #{failure[:error]}"
+          puts "[WARN] The following repositories were unavailable:"
+          @failed_pushes.each do |failure|
+            puts "  - #{failure[:repository]}: #{failure[:error]}"
+          end
+          puts "[WARN] Warning: Published to #{@published_files.size} of #{repositories.size} repositories"
         end
-        puts "[WARN] Warning: Published to #{@published_files.size} of #{repositories.size} repositories"
       end
     end
   end

data/lib/rake/gem/maintenance/gem_push.rb

@@ -3,58 +3,60 @@
 require "open3"
 
 module Rake
-  module GemMaintenance
-    # Pushes a single gem file to one repository, retrying with a renewed API key on auth failure.
-    class GemPush
-      Result = Struct.new(:success, :error)
-
-      def initialize(gem_file, repository, otp_provider)
-        @gem_file = gem_file
-        @repository = repository
-        @otp_provider = otp_provider
-      end
+  module Gem
+    module Maintenance
+      # Pushes a single gem file to one repository, retrying with a renewed API key on auth failure.
+      class GemPush
+        Result = Struct.new(:success, :error)
 
-      def attempt
-        out_err, status = Open3.capture2e(env, command)
-        return Result.new(true, nil) if status.success?
-        return retry_with_renewed_key if auth_failure?(out_err)
+        def initialize(gem_file, repository, otp_provider)
+          @gem_file = gem_file
+          @repository = repository
+          @otp_provider = otp_provider
+        end
 
-        Result.new(false, out_err)
-      end
+        def attempt
+          out_err, status = Open3.capture2e(env, command)
+          return Result.new(true, nil) if status.success?
+          return retry_with_renewed_key if auth_failure?(out_err)
 
-      private
+          Result.new(false, out_err)
+        end
 
-      def command
-        cmd = "gem push #{@gem_file} --host #{@repository[:url]}"
-        otp = @otp_provider.otp_for(@repository[:name], otp_seed_env_var: @repository[:otp_seed_env_var])
-        cmd += " --otp #{otp}" if otp
-        cmd
-      end
+        private
 
-      def env
-        env_var = @repository[:api_key_env_var]
-        return {} unless env_var
+        def command
+          cmd = "gem push #{@gem_file} --host #{@repository[:url]}"
+          otp = @otp_provider.otp_for(@repository[:name], otp_seed_env_var: @repository[:otp_seed_env_var])
+          cmd += " --otp #{otp}" if otp
+          cmd
+        end
 
-        key = ENV.fetch(env_var, nil)
-        return {} if key.nil? || key.empty?
+        def env
+          env_var = @repository[:api_key_env_var]
+          return {} unless env_var
 
-        { "GEM_HOST_API_KEY" => key }
-      end
+          key = ENV.fetch(env_var, nil)
+          return {} if key.nil? || key.empty?
 
-      def auth_failure?(output)
-        output.match?(/unauthorized|api.key|forbidden/i) ||
-          output.include?("401") || output.include?("403")
-      end
+          { "GEM_HOST_API_KEY" => key }
+        end
+
+        def auth_failure?(output)
+          output.match?(/unauthorized|api.key|forbidden/i) ||
+            output.include?("401") || output.include?("403")
+        end
 
-      def retry_with_renewed_key
-        new_key = ApiKeyRenewer.new(otp_provider: @otp_provider).renew(@repository)
-        return Result.new(false, "Auth failed and renewal credentials unavailable.") unless new_key
+        def retry_with_renewed_key
+          new_key = ApiKeyRenewer.new(otp_provider: @otp_provider).renew(@repository)
+          return Result.new(false, "Auth failed and renewal credentials unavailable.") unless new_key
 
-        _out_err, status = Open3.capture2e(env.merge("GEM_HOST_API_KEY" => new_key), command)
-        if status.success?
-          Result.new(true, nil)
-        else
-          Result.new(false, "Push failed after key renewal.")
+          _out_err, status = Open3.capture2e(env.merge("GEM_HOST_API_KEY" => new_key), command)
+          if status.success?
+            Result.new(true, nil)
+          else
+            Result.new(false, "Push failed after key renewal.")
+          end
         end
       end
     end