Rakefile in oidc-test-0.8.12 vs Rakefile in oidc-test-0.8.13
- old
+ new
@@ -1,67 +1,6 @@
# frozen_string_literal: true
-require "bundler/gem_helper"
-
-module Bundler
- class GemHelper
- prepend(Module.new do
- def install
- super
-
- task "release:attest" => "build" do
- Bundler.ui.confirm "Attesting? #{attest?}"
- attest if attest?
- end
-
- task "release:rubygem_push" => "release:attest"
- end
-
- def build_gem
- @build_gem_path = super
- end
-
- def rubygem_push(path)
- return super unless attest?
-
- cmd = [{ "RUBYOPT" => "-r#{File.expand_path("tasks/rubygems_patch.rb", __dir__)} #{ENV["RUBYOPT"]}",
- "gem_attestation_path" => "#{path}.sigstore.json" }, *gem_command, "push", path]
- cmd << "--key" << gem_key if gem_key
- cmd << "--host" << allowed_push_host if allowed_push_host
- sh_with_input(cmd)
- Bundler.ui.confirm "Pushed #{name} #{version} to #{gem_push_host}"
- end
- end)
-
- def attest?
- return true if %w[y yes true on 1].include?(ENV["gem_attest"])
- return false if %w[n no nil false off 0].include?(ENV["gem_attest"])
-
- ENV["ACTIONS_ID_TOKEN_REQUEST_URL"] && ENV["ACTIONS_ID_TOKEN_REQUEST_TOKEN"]
- end
-
- def attest
- Bundler.ui.confirm "Signing #{@build_gem_path}..."
- sh [Gem.ruby, "-S", "gem", "install", "sigstore"]
- sh [Gem.ruby, "-rnet/http", "-rsigstore", "-rsigstore/signer", "-e", <<~RUBY, @build_gem_path]
- file = ARGV.first
- jwt = Net::HTTP.get_response(
- URI(ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_URL") + "&audience=sigstore"),
- { "Authorization" => "bearer \#{ENV.fetch("ACTIONS_ID_TOKEN_REQUEST_TOKEN")}" },
- &:value
- ).body.then { JSON.parse(_1).fetch("value") }
-
- contents = File.binread(file)
- bundle = Sigstore::Signer.new(jwt:, trusted_root: Sigstore::TrustedRoot.production).sign(contents)
-
- json = "\#{file}.sigstore.json"
- File.binwrite(json, bundle.to_json)
- puts "Signed \#{file}, wrote \#{json}"
- RUBY
- end
- end
-end
-
require "bundler/gem_tasks"
Bundler::GemHelper.tag_prefix = ENV["TAG_PREFIX"] if ENV["TAG_PREFIX"]
begin