shopify_empty_gem 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d36dcab1b3e476be2898bdf40c4805e64ed38371020d3c37d0282d33720d7a2
-  data.tar.gz: a94723daea6353f087b41b1dbfc0c48f70a8b95b5bcd66ed445cafb8d1658639
+  metadata.gz: 8e52f8fc30567f058b24f22850d42202590664c0d2059c46885ea56b97ebce5f
+  data.tar.gz: c8b77d7ccd7f43e3ac908c4369d03ac2b4e7bf9edd7819e579d0c2f1535b61df
 SHA512:
-  metadata.gz: 64e81b8188f76b3fcfa4dd01c947fe13db43c10b64aff78ee3ce1deb9994e14f5e86a928ff99ca1026cf0c3920cc341b16169f9020eebbf95723d729fdb5a5db
-  data.tar.gz: dbb3d932670f26751fcf8bb767a55e29fc0542e7a560e17c50e0f2b8ffcec68d003ee43ca343f166cc69c5f862bd0895ef814cb7cac99ecb728f21d5ece42a3f
+  metadata.gz: 53f6959f88d236eb86d27cd0fcf8dd71866eb980f3b63612f98b17e17fcca603376a2c94768eacd0b047a62dee10fbdd2953ad5a323165fd9b6606966dd4cd59
+  data.tar.gz: 2c1677e3b6ec2aae883a853128445dc1ed3336741827a459082862256e56b1b426418f30b89e0834dd475ec106623d8ee0ff57faf1e76a934c84e8ff51e50faa

data/Gemfile.lock

@@ -0,0 +1,22 @@
+PATH
+  remote: .
+  specs:
+    shopify_empty_gem (0.1.2)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    rake (12.3.3)
+
+PLATFORMS
+  -darwin-21
+  arm64-darwin-21
+  x86_64-linux
+
+DEPENDENCIES
+  bundler (~> 2)
+  rake (~> 12.3, >= 12.3.3)
+  shopify_empty_gem!
+
+BUNDLED WITH
+   2.2.22

data/lib/shopify_empty_gem/version.rb

@@ -1,3 +1,3 @@
 module ShopifyEmptyGem
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

data/lib/snippets/release-gem-with-otp

@@ -0,0 +1,143 @@
+#!/usr/bin/env ruby
+
+require 'net/https'
+require 'uri'
+require 'json'
+
+module RubygemsAPI
+  extend self
+
+  def published?(name, version)
+    uri = URI.parse("https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json")
+    Net::HTTP.get_response(uri).is_a?(Net::HTTPSuccess)
+  end
+end
+
+module Git
+  extend self
+
+  def tag_and_push(version)
+    if tag_exists?(version)
+      yield
+    else
+      tag(version) && yield && push_tags
+    end
+  end
+
+  def tag_exists?(version)
+    system('git', 'rev-parse', '--verify', "v#{version}^{commit}", out: File::NULL, err: File::NULL)
+  end
+
+  def tag(version)
+    puts "Running: git tag -m 'Version #{version}' v#{version}"
+    system('git', 'tag', '-m', "Version #{version}", "v#{version}")
+  end
+
+  def delete_tag(version)
+    puts "Running: git tag -d v#{version}"
+    system('git', 'tag', '-d', "v#{version}")
+  end
+
+  def push_tags
+    puts "Running: git push --tags"
+    system('git', 'push', '--tag')
+  end
+end
+
+module Poll
+  extend self
+
+  def fetch_otp(wait_time: 3, timeout_threshold: 300, gem_name:)
+    # The wait_time and time_threshold configs are temp placeholders, we can adjust as needed
+    # TODO: Consider whether we should implement exponential backoff 
+    #       Potential risk: Timing may be precarious given the 30 second time frame for otp expiry
+    #       If we don't implement an exponential backoff strategy, will we accidentally DDOS ourselves?  
+    
+    puts "Polling for OTP code"
+    otp_code = nil
+    start_time = Time.now.utc
+
+    until Time.now.utc > start_time + timeout_threshold
+      # Printing '.' to the log to indicate each time we poll for an OTP code
+      # This will also help prevent timing out on Shipit 
+      # Shipit's default task timeout is 5 minutes; if no new output is logged within 5 minutes, shipit will kill the task.
+      print "." 
+      
+      # Make GET request to web app's endpont
+      uri = URI('https://api.agify.io/') # TODO: update endpoint when web service is created
+      params = { :name => 'bella' }
+      # params = { :gem_name => gem_name }
+      uri.query = URI.encode_www_form(params)  
+
+      res = Net::HTTP.get_response(uri)
+      otp_code = JSON.parse(res.body)["count"] if res.is_a?(Net::HTTPSuccess)
+      
+      return otp_code if !otp_code.nil? 
+
+      # TODO: Need to figure out what other responses we want to send back from web service when OTP does not exist
+      # TODO: How do we handle OTP submissions on the web app side? 
+      #       Do we persist the OTP for <x> time frame? 
+      #       Do we create a job to destroy the OTP code after <x> time frame?
+
+      sleep wait_time 
+    end 
+
+    # TODO: Opportunity for retry mechanism?
+    # Exiting script, as OTP was not retrieved - will lead to a failed deploy 
+    exit(1)
+  end
+end
+
+puts "Kicking off the release-gem-with-otp script!!"
+
+spec_path, temp_otp_code, *release_command = ARGV
+
+spec = Gem::Specification.load(spec_path)
+if RubygemsAPI.published?(spec.name, spec.version)
+  puts "#{spec.name} version #{spec.version} is already published."
+  exit 0
+elsif !spec.metadata['allowed_push_host']
+  puts "Can't release the gem: spec.metadata['allowed_push_host'] must be defined."
+  exit 1
+else
+  is_successful = Git.tag_and_push(spec.version) do
+    
+    if release_command.any? 
+      # If a custom release command is called with this script, just execute the custom command 
+      system(*release_command)
+    else
+      # TODO: If mechanism to check if account has mfa enabled, do the check here (is otp required?)
+
+      # TODO: Notify user via Slack to enter OTP in web app
+        # QUESTIONS:
+        # How do we know who to notify?
+      
+
+
+      # Start polling web app's endpoint
+      otp = Poll.fetch_otp(gem_name: spec.name)
+
+      # Set the environment variable to the user inputted OTP code
+      # See: https://guides.rubygems.org/command-reference/ under otp option for environment variable
+      #
+      # According to the docs: https://ruby-doc.org/core-3.1.0/Kernel.html#method-i-spawn
+      # The keys and values passed to spawn (or system), except for `nil`, must be strings. 
+      # So we're calling `to_s` on the `otp_code` just to be safe.
+      #
+      # Since we've already tagged and built the gem with `bundle exec gem_push=no rake release`, the last step is to push the gem
+      # Instead of re-building and re-tagging the gem, we'll complete the last step of the `rake release` command => (gem push)
+      system(
+        {'GEM_HOST_OTP_CODE' => temp_otp_code.to_s},
+        'bundle',
+        'exec',
+        'rake',
+        'release'
+      )
+
+      # TODO: What if OTP has expired? Add mechanism to retry. 
+    end
+  end
+  is_successful ? exit(0) : exit(1)
+end
+
+

data/shipit.rubygems_otp.yml

@@ -0,0 +1,4 @@
+deploy:
+  override: 
+    - lib/snippets/release-gem-with-otp shopify_empty_gem.gemspec 008596
+

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_empty_gem
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Shopify
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-02-15 00:00:00.000000000 Z
+date: 2022-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -44,7 +44,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 12.3.3
-description:
+description: 
 email:
 - admins@shopify.com
 executables: []
@@ -53,15 +53,18 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - Gemfile
+- Gemfile.lock
 - Rakefile
 - lib/shopify_empty_gem.rb
 - lib/shopify_empty_gem/version.rb
+- lib/snippets/release-gem-with-otp
+- shipit.rubygems_otp.yml
 homepage: https://example.com
 licenses:
 - MIT
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -76,8 +79,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
-signing_key:
+rubygems_version: 3.2.20
+signing_key: 
 specification_version: 4
 summary: Empty gem for testing purposes
 test_files: []