stone_checksums 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 10c24907c04341700760f767dee6961380dad863a854e27311ea5bad4adbbe87
-  data.tar.gz: ae70388ffc487abe1212908966cdc766257334aa35d0fc8cbfc8003783e492e2
+  metadata.gz: 53958cb29bf4368670d6559ed4980432987e6f376059b2e93258c420d6aefefa
+  data.tar.gz: aeca2d93a773bc50c617439e46546349d3fbf16f322c1b6b8da02c3d30188b52
 SHA512:
-  metadata.gz: 739fecf5f505e1d3233d93b6dab4ad7ce25f1ebf92a9dc493436cc2b24aa605ba25d24402ae5297015f622414e7e226a8df264ea5844cc6b94f34ea89373224a
-  data.tar.gz: 72194ebfe4981c8d4477572c72cb82bde815e65c94df3509511c27364d91b99b072ced8bc2cf0204473bef0704a42e4504c845ece9ea219463d6c505d92020d1
+  metadata.gz: ab4dec6052f0f4284e6ac425588b12f0ee08ea2d07ef9c71a1ed84f5a44a02707d6dcaf16c1daf26856f78f73aa4c2deebb4065b2e3839b154745b9ccf98d48e
+  data.tar.gz: c6ad4db779904e0787866fb3e45c5d6775a83c983e5bbeded283ea183d9223d641237a524eefe9aebe7e6a20a6162ad747fd1aa374a821cc11aef4b6aa8c22ba

data/CHANGELOG.md

@@ -19,16 +19,40 @@ Please file a bug if you notice a violation of semantic versioning.
 ## [Unreleased]
 ### Added
 ### Changed
-### Fixed
+### Deprecated
 ### Removed
+### Fixed
+### Security
+
+## [1.0.1] - 2025-08-26
+- TAG: [v1.0.1][1.0.1t]
+- COVERAGE: 100.00% -- 97/97 lines in 6 files
+- BRANCH COVERAGE: 92.86% -- 26/28 branches in 6 files
+- 68.42% documented
+### Added
+- Added proper namespace: StoneChecksums
+  - Namespace now matches gem name according to RubyGems convention
+  - Old Namespace, GemChecksums, will be dropped in next major version
+### Changed
+- Improve error help text on old bundler, recommend upgrading
+### Fixed
+- Support for bundler >= v2.7, which no longer relies on SOURCE_DATE_EPOCH
+  - NOTE: Bundler v2.7+ defaults to a constant build date in 1980 to make all builds reproducible.
+### Documentation
+- Updated README with checksum usage, Bundler version guidance, and env vars.
+- Added YARD docstrings for public APIs.
+- Expanded RBS signatures for public constants and methods.
 
-## [1.0.0] - 2025-02-23 ([tag][1.0.0t])
-- COVERAGE:  98.67% -- 74/75 lines in 5 files
-- BRANCH COVERAGE:  79.17% -- 19/24 branches in 5 files
+## [1.0.0] - 2025-02-23
+- TAG: [v1.0.0][1.0.0t]
+- COVERAGE: 98.67% -- 74/75 lines in 5 files
+- BRANCH COVERAGE: 79.17% -- 19/24 branches in 5 files
 - 38.46% documented
 ### Added
 - Initial release
 
-[Unreleased]: https://github.com/pboling/gem_checksums/compare/v1.0.0...HEAD
-[1.0.0]: https://github.com/pboling/gem_checksums/compare/SHA_HERE...v1.0.0
-[1.0.0t]: https://github.com/pboling/gem_checksums/tags/v1.0.0
+[Unreleased]: https://gitlab.com/galtzo-floss/stone_checksums/-/compare/v1.0.0...HEAD
+[1.0.1]: https://gitlab.com/galtzo-floss/stone_checksums/-/compare/v1.0.0...v1.0.1
+[1.0.1t]: https://gitlab.com/galtzo-floss/stone_checksums/-/tags/v1.0.1
+[1.0.0]: https://gitlab.com/galtzo-floss/stone_checksums/-/compare/1fd75630d9d3c4a1ef8fed384fda98755ae01d5e...v1.0.0
+[1.0.0t]: https://gitlab.com/galtzo-floss/stone_checksums/-/tags/v1.0.0

data/CODE_OF_CONDUCT.md

@@ -1,4 +1,3 @@
-
 # Contributor Covenant Code of Conduct
 
 ## Our Pledge
@@ -61,7 +60,7 @@ representative at an online or offline event.
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported to the community leaders responsible for enforcement at
-[![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact].
+[![Contact Maintainer][🚂maint-contact-img]][🚂maint-contact].
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the
@@ -131,5 +130,5 @@ For answers to common questions about this code of conduct, see the FAQ at
 [Mozilla CoC]: https://github.com/mozilla/diversity
 [FAQ]: https://www.contributor-covenant.org/faq
 [translations]: https://www.contributor-covenant.org/translations
-[🚂bdfl-contact]: http://www.railsbling.com/contact
-[🚂bdfl-contact-img]: https://img.shields.io/badge/Contact-BDFL-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red
+[🚂maint-contact]: http://www.railsbling.com/contact
+[🚂maint-contact-img]: https://img.shields.io/badge/Contact-Maintainer-0093D0.svg?style=flat&logo=rubyonrails&logoColor=red

data/CONTRIBUTING.md

@@ -1,38 +1,70 @@
 # Contributing
 
-Bug reports and pull requests are welcome on GitHub at [https://github.com/pboling/gem_checksums][🚎src-main]
-. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
+Bug reports and pull requests are welcome on GitHub, CodeBerg, or [GitLab][🚎src-main].
+This project should be a safe, welcoming space for collaboration, so contributors agree to adhere to
 the [code of conduct][🤝conduct].
 
-To submit a patch, please fork the project and create a patch with tests.
-Once you're happy with it send a pull request.
+To submit a patch, please fork the project, create a patch with tests, and send a pull request.
 
-We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it.
+Remember to [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog].
 
-## You can help!
+## Help out!
 
-Simply follow these instructions:
+Take a look at the `reek` list which is the file called `REEK` and find something to improve.
+
+Follow these instructions:
 
 1. Fork the repository
-2. Create your feature branch (`git checkout -b my-new-feature`)
+2. Create a feature branch (`git checkout -b my-new-feature`)
 3. Make some fixes.
-4. Commit your changes (`git commit -am 'Added some feature'`)
+4. Commit changes (`git commit -am 'Added some feature'`)
 5. Push to the branch (`git push origin my-new-feature`)
 6. Make sure to add tests for it. This is important, so it doesn't break in a future release.
 7. Create new Pull Request.
 
-## Appraisals
+## Environment Variables for Local Development
 
-From time to time the appraisal gemfiles in `gemfiles/` will need to be updated.
-They are created and updated with the commands:
+Below are the primary environment variables recognized by stone_checksums (and its integrated tools). Unless otherwise noted, set boolean values to the string "true" to enable.
+
+General/runtime
+- DEBUG: Enable extra internal logging for this library (default: false)
+- REQUIRE_BENCH: Enable `require_bench` to profile requires (default: false)
+- CI: When set to true, adjusts default rake tasks toward CI behavior
+
+Coverage (kettle-soup-cover / SimpleCov)
+- K_SOUP_COV_DO: Enable coverage collection (default: true in .envrc)
+- K_SOUP_COV_FORMATTERS: Comma-separated list of formatters (html, xml, rcov, lcov, json, tty)
+- K_SOUP_COV_MIN_LINE: Minimum line coverage threshold (integer, e.g., 100)
+- K_SOUP_COV_MIN_BRANCH: Minimum branch coverage threshold (integer, e.g., 100)
+- K_SOUP_COV_MIN_HARD: Fail the run if thresholds are not met (true/false)
+- K_SOUP_COV_MULTI_FORMATTERS: Enable multiple formatters at once (true/false)
+- K_SOUP_COV_OPEN_BIN: Path to browser opener for HTML (empty disables auto-open)
+- MAX_ROWS: Limit console output rows for simplecov-console (e.g., 1)
+  Tip: When running a single spec file locally, you may want `K_SOUP_COV_MIN_HARD=false` to avoid failing thresholds for a partial run.
 
-NOTE: We run on a [fork][🚎appraisal-fork] of Appraisal.
+GitHub API and CI helpers
+- GITHUB_TOKEN or GH_TOKEN: Token used by `ci:act` and release workflow checks to query GitHub Actions status at higher rate limits
 
-Please upvote the PR for `eval_gemfile` [support][🚎appraisal-eval-gemfile-pr]
+Releasing and signing
+- SKIP_GEM_SIGNING: If set, skip gem signing during build/release
+- GEM_CERT_USER: Username for selecting your public cert in `certs/<USER>.pem` (defaults to $USER)
+- SOURCE_DATE_EPOCH: Reproducible build timestamp. `kettle-release` will set this automatically for the session.
+
+Git hooks and commit message helpers (exe/kettle-commit-msg)
+- GIT_HOOK_BRANCH_VALIDATE: Branch name validation mode (e.g., `jira`) or `false` to disable
+- GIT_HOOK_FOOTER_APPEND: Append a footer to commit messages when goalie allows (true/false)
+- GIT_HOOK_FOOTER_SENTINEL: Required when footer append is enabled — a unique first-line sentinel to prevent duplicates
+- GIT_HOOK_FOOTER_APPEND_DEBUG: Extra debug output in the footer template (true/false)
+
+For a quick starting point, this repository’s `.envrc` shows sane defaults, and `.env.local` can override them locally.
+
+## Appraisals
+
+From time to time the Appraisal2 gemfiles in `gemfiles/` will need to be updated.
+They are created and updated with the commands:
 
-```shell
-BUNDLE_GEMFILE=Appraisal.root.gemfile bundle
-BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update
+```console
+bin/rake appraisal:update
 ```
 
 When adding an appraisal to CI check the [runner tool cache][🏃‍♂️runner-tool-cache] to see which runner to use.
@@ -43,7 +75,7 @@ Take a look at the `reek` list which is the file called `REEK` and find somethin
 
 To refresh the `reek` list:
 
-```bash
+```console
 bundle exec reek > REEK
 ```
 
@@ -51,24 +83,43 @@ bundle exec reek > REEK
 
 To run all tests
 
-```bash
+```console
 bundle exec rake test
 ```
 
+### Spec organization (required)
+
+- For each class or module under `lib/`, keep all of its unit tests in a single spec file under `spec/` that mirrors the path and file name (e.g., specs for `lib/kettle/dev/release_cli.rb` live in `spec/kettle/dev/release_cli_spec.rb`).
+- Do not create ad-hoc "_more" or split spec files for the same class/module. Consolidate all unit tests into the main spec file for that class/module.
+- Only integration scenarios that intentionally span multiple classes belong in `spec/integration/`.
+
 ## Lint It
 
 Run all the default tasks, which includes running the gradually autocorrecting linter, `rubocop-gradual`.
 
-```bash
+```console
 bundle exec rake
 ```
 
 Or just run the linter.
 
-```bash
+```console
 bundle exec rake rubocop_gradual:autocorrect
 ```
 
+For more detailed information about using RuboCop in this project, please see the [RUBOCOP.md](RUBOCOP.md) guide. This project uses `rubocop_gradual` instead of vanilla RuboCop, which requires specific commands for checking violations.
+
+### Important: Do not add inline RuboCop disables
+
+Never add `# rubocop:disable ...` / `# rubocop:enable ...` comments to code or specs (except when following the few existing `rubocop:disable` patterns for a rule already being disabled elsewhere in the code). Instead:
+
+- Prefer configuration-based exclusions when a rule should not apply to certain paths or files (e.g., via `.rubocop.yml`).
+- When a violation is temporary and you plan to fix it later, record it in `.rubocop_gradual.lock` using the gradual workflow:
+  - `bundle exec rake rubocop_gradual:autocorrect` (preferred)
+  - `bundle exec rake rubocop_gradual:force_update` (only when you cannot fix the violations immediately)
+
+As a general rule, fix style issues rather than ignoring them. For example, our specs should follow RSpec conventions like using `described_class` for the class under test.
+
 ## Contributors
 
 Your picture could be here!
@@ -77,55 +128,67 @@ Your picture could be here!
 
 Made with [contributors-img][🖐contrib-rocks].
 
-Also see GitLab Contributors: [https://gitlab.com/pboling/gem_checksums/-/graphs/main][🚎contributors-gl]
+Also see GitLab Contributors: [https://gitlab.com/galtzo-floss/stone_checksums/-/graphs/main][🚎contributors-gl]
 
 ## For Maintainers
 
 ### One-time, Per-maintainer, Setup
 
-**IMPORTANT**: Your public key for signing gems will need to be picked up by the line in the
-`gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there),
-in order to sign the new release.
+**IMPORTANT**: If you want to sign the build you create,
+your public key for signing gems will need to be picked up by the line in the
+`gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there).
+All releases to RubyGems.org will be signed.
 See: [RubyGems Security Guide][🔒️rubygems-security-guide]
 
+NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some value in your environment.
+
 ### To release a new version:
 
-1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check
+#### Automated process
+
+Run `kettle-release`.
+
+#### Manual process
+
+1. Run `bin/setup && bin/rake` as a "test, coverage, & linting" sanity check
 2. Update the version number in `version.rb`, and ensure `CHANGELOG.md` reflects changes
 3. Run `bin/setup && bin/rake` again as a secondary check, and to update `Gemfile.lock`
 4. Run `git commit -am "🔖 Prepare release v<VERSION>"` to commit the changes
-5. Run `git push` to trigger the final CI pipeline before release, & merge PRs
-   - NOTE: Remember to [check the build][🧪build]!
+5. Run `git push` to trigger the final CI pipeline before release, and merge PRs
+    - NOTE: Remember to [check the build][🧪build].
 6. Run `export GIT_TRUNK_BRANCH_NAME="$(git remote show origin | grep 'HEAD branch' | cut -d ' ' -f5)" && echo $GIT_TRUNK_BRANCH_NAME`
 7. Run `git checkout $GIT_TRUNK_BRANCH_NAME`
-8. Run `git pull origin $GIT_TRUNK_BRANCH_NAME` to ensure you will release the latest trunk code
-9. Set `SOURCE_DATE_EPOCH` so `rake build` and `rake release` use same timestamp, and generate same checksums
-   - Run `export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH`
-   - If the echo above has no output, then it didn't work.
-   - Note that you'll need the `zsh/datetime` module, if running `zsh`.
-   - In `bash` you can use `date +%s` instead, i.e. `export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH`
+8. Run `git pull origin $GIT_TRUNK_BRANCH_NAME` to ensure latest trunk code
+9. Optional for older Bundler (< 2.7.0): Set `SOURCE_DATE_EPOCH` so `rake build` and `rake release` use the same timestamp and generate the same checksums
+    - If your Bundler is >= 2.7.0, you can skip this; builds are reproducible by default.
+    - Run `export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH`
+    - If the echo above has no output, then it didn't work.
+    - Note: `zsh/datetime` module is needed, if running `zsh`.
+    - In older versions of `bash` you can use `date +%s` instead, i.e. `export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH`
 10. Run `bundle exec rake build`
-11. Run `gem_checksums` (more context [1][🔒️rubygems-checksums-pr] and [2][🔒️rubygems-guides-pr])
-   to create SHA-256 and SHA-512 checksums
-    - Checksums will be committed automatically by the script, but not pushed
-12. Run `bundle exec rake release` which will create a git tag for the version,
-   push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
-
-[🚎src-main]: https://gitlab.com/pboling/gem_checksums
-[🧪build]: https://github.com/pboling/gem_checksums/actions
-[🤝conduct]: https://gitlab.com/pboling/gem_checksums/-/blob/main/CODE_OF_CONDUCT.md
+11. Run `bin/gem_checksums` (more context [1][🔒️rubygems-checksums-pr], [2][🔒️rubygems-guides-pr])
+    to create SHA-256 and SHA-512 checksums. This functionality is provided by the `stone_checksums`
+    [gem][💎stone_checksums].
+    - The script automatically commits but does not push the checksums
+12. Sanity check the SHA256, comparing with the output from the `bin/gem_checksums` command:
+    - `sha256sum pkg/<gem name>-<version>.gem`
+13. Run `bundle exec rake release` which will create a git tag for the version,
+    push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
+
+[🚎src-main]: https://gitlab.com/galtzo-floss/stone_checksums
+[🧪build]: https://github.com/galtzo-floss/stone_checksums/actions
+[🤝conduct]: https://gitlab.com/galtzo-floss/stone_checksums/-/blob/main/CODE_OF_CONDUCT.md
 [🖐contrib-rocks]: https://contrib.rocks
-[🖐contributors]: https://github.com/pboling/gem_checksums/graphs/contributors
-[🚎contributors-gl]: https://gitlab.com/pboling/gem_checksums/-/graphs/main
-[🖐contributors-img]: https://contrib.rocks/image?repo=pboling/gem_checksums
+[🖐contributors]: https://github.com/galtzo-floss/stone_checksums/graphs/contributors
+[🚎contributors-gl]: https://gitlab.com/galtzo-floss/stone_checksums/-/graphs/main
+[🖐contributors-img]: https://contrib.rocks/image?repo=galtzo-floss/stone_checksums
 [💎rubygems]: https://rubygems.org
 [🔒️rubygems-security-guide]: https://guides.rubygems.org/security/#building-gems
 [🔒️rubygems-checksums-pr]: https://github.com/rubygems/rubygems/pull/6022
 [🔒️rubygems-guides-pr]: https://github.com/rubygems/guides/pull/325
+[💎stone_checksums]: https://github.com/galtzo-floss/stone_checksums
 [📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
 [📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat
 [📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139
 [📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
-[🚎appraisal-eval-gemfile-pr]: https://github.com/thoughtbot/appraisal/pull/248
-[🚎appraisal-fork]: https://github.com/pboling/appraisal/tree/galtzo
 [🏃‍♂️runner-tool-cache]: https://github.com/ruby/ruby-builder/releases/tag/toolcache