From b3621ab3162116309578b0e55dc6e24263b68b5c Mon Sep 17 00:00:00 2001 From: Samuel Giddins Date: Thu, 7 Dec 2023 10:15:10 -0800 Subject: [PATCH 1/7] Test against all rubies that rubygems supports Since rubygems->rubygems-generate_index->compact index now --- .github/FUNDING.yml | 2 + .github/config.yml | 8 +++ .github/dependabot.yml | 6 +++ .github/pull_request_template.md | 24 +++++++++ .github/workflows/ci.yml | 20 -------- .github/workflows/push_gem.yml | 39 ++++++++++++++ .github/workflows/rubygems.yml | 84 +++++++++++++++++++++++++++++++ .github/workflows/scorecards.yml | 54 ++++++++++++++++++++ .github/workflows/spell.yml | 19 +++++++ .github/workflows/ubuntu-lint.yml | 30 +++++++++++ bin/rake | 27 ++++++++++ 11 files changed, 293 insertions(+), 20 deletions(-) create mode 100644 .github/FUNDING.yml create mode 100644 .github/config.yml create mode 100644 .github/dependabot.yml create mode 100644 .github/pull_request_template.md delete mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/push_gem.yml create mode 100644 .github/workflows/rubygems.yml create mode 100644 .github/workflows/scorecards.yml create mode 100644 .github/workflows/spell.yml create mode 100644 .github/workflows/ubuntu-lint.yml create mode 100755 bin/rake diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..5f9e66d --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,2 @@ +custom: https://rubycentral.org/#/portal/signup +github: rubytogether diff --git a/.github/config.yml b/.github/config.yml new file mode 100644 index 0000000..76a16bd --- /dev/null +++ b/.github/config.yml @@ -0,0 +1,8 @@ +newPRWelcomeComment: | + Thanks for opening a pull request and helping make compact_index better! Someone from the RubyGems team will take a look at your pull request shortly and leave any feedback. Please make sure that your pull request has tests for any changes or added functionality. + + We use GitHub Actions to test and make sure your change works functionally and uses acceptable conventions, you can review the current progress of GitHub Actions in the PR status window below. + + If you have any questions or concerns that you wish to ask, feel free to leave a comment in this PR or join our #rubygems or #bundler channel on [Slack](http://slack.bundler.io/). + + For more information about contributing to the RubyGems project feel free to review our [CONTRIBUTING](https://github.com/rubygems/rubygems/blob/master/CONTRIBUTING.md) guide diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..5ace460 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..1471b1a --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,24 @@ + + +## What was the end-user or developer problem that led to this PR? + + + +## What is your fix for the problem, implemented in this PR? + + + +## Make sure the following tasks are checked + +- [ ] Describe the problem / feature +- [ ] Write [tests](https://github.com/rubygems/rubygems/blob/master/bundler/doc/development/PULL_REQUESTS.md#tests) for features and bug fixes +- [ ] Write code to solve the problem +- [ ] Make sure you follow the [current code style](https://github.com/rubygems/rubygems/blob/master/bundler/doc/development/PULL_REQUESTS.md#code-formatting) and [write meaningful commit messages without tags](https://github.com/rubygems/rubygems/blob/master/bundler/doc/development/PULL_REQUESTS.md#commit-messages) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index ea0716a..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Ruby CI - -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] - -jobs: - test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up Ruby - uses: ruby/setup-ruby@6cecb48364174b0952995175c55f9bf5527e6682 - with: - ruby-version: '2.7' - bundler-cache: true - - name: Run tests - run: bundle exec rake diff --git a/.github/workflows/push_gem.yml b/.github/workflows/push_gem.yml new file mode 100644 index 0000000..68bb8d3 --- /dev/null +++ b/.github/workflows/push_gem.yml @@ -0,0 +1,39 @@ +--- +"on": + push: + tags: + - v* +name: Push Gem +jobs: + push: + runs-on: ubuntu-latest + permissions: + contents: write + id-token: write + steps: + - uses: rubygems/configure-rubygems-credentials@main + with: + role-to-assume: rg_oidc_akr_e3gvf8d8qwrffk7gjno7 + - uses: actions/checkout@v4 + - name: Set remote URL + run: | + # Attribute commits to the last committer on HEAD + git config --global user.email "$(git log -1 --pretty=format:'%ae')" + git config --global user.name "$(git log -1 --pretty=format:'%an')" + git remote set-url origin "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/$GITHUB_REPOSITORY" + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + bundler-cache: true + ruby-version: ruby + - name: Release + run: bundle exec rake release + - name: Wait for release to propagate + run: | + gem install rubygems-await + gem_tuple="$(ruby -rbundler/setup -rbundler -e ' + spec = Bundler.definition.specs.find {|s| s.name == ARGV[0] } + raise "No spec for #{ARGV[0]}" unless spec + print [spec.name, spec.version, spec.platform].join(":") + ' "compact_index")" + gem await "${gem_tuple}" diff --git a/.github/workflows/rubygems.yml b/.github/workflows/rubygems.yml new file mode 100644 index 0000000..bb53ff4 --- /dev/null +++ b/.github/workflows/rubygems.yml @@ -0,0 +1,84 @@ +name: rubygems + +on: + pull_request: + + push: + branches: + - master + +concurrency: + group: ci-${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +permissions: # added using https://github.com/step-security/secure-workflows + contents: read + +jobs: + rubygems: + name: RubyGems on ${{ matrix.os.name }} (${{ matrix.ruby.name }}) + runs-on: ${{ matrix.os.value }} + strategy: + fail-fast: false + matrix: + os: + - { name: Ubuntu, value: ubuntu-22.04 } + - { name: macOS, value: macos-12 } + - { name: Windows, value: windows-2022 } + + ruby: + - { name: "3.0", value: 3.0.6 } + - { name: "3.1", value: 3.1.4 } + - { name: "3.2", value: 3.2.2 } + + include: + - ruby: { name: "3.2", value: 3.2.2 } + os: { name: macOS, value: macos-12 } + + - ruby: { name: jruby-9.4, value: jruby-9.4.2.0 } + os: { name: Ubuntu, value: ubuntu-22.04 } + + - ruby: { name: truffleruby-22, value: truffleruby-22.3.0 } + os: { name: Ubuntu, value: ubuntu-22.04 } + + - os: { name: Windows, value: windows-2022 } + ruby: { name: mswin, value: mswin } + + - os: { name: Ubuntu, value: ubuntu-22.04 } + ruby: { name: ruby-head, value: ruby-head } + + - os: { name: Ubuntu, value: ubuntu-22.04 } + ruby: { name: truffleruby-head, value: truffleruby-head } + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Setup ruby (Ubuntu/macOS) + uses: ruby/setup-ruby@8575951200e472d5f2d95c625da0c7bec8217c42 # v1.161.0 + with: + ruby-version: ${{ matrix.ruby.value }} + bundler-cache: true + if: matrix.os.name != 'Windows' + - name: Setup ruby (Windows) + uses: ruby/setup-ruby-pkgs@c7f324bc4a9434f2ce3e55fa1cc19e41daecb231 # v1.33.1 + with: + ruby-version: ${{ matrix.ruby.value }} + bundler-cache: true + mingw: clang + if: matrix.os.name == 'Windows' + - name: Configure bindgen + shell: pwsh + run: | + echo "LIBCLANG_PATH=$((gcm clang).source -replace "clang.exe")" >> $env:GITHUB_ENV + echo "BINDGEN_EXTRA_CLANG_ARGS=$((gcm clang).source -replace "bin\clang.exe","include")" >> $env:GITHUB_ENV + if: matrix.ruby.name == 'mswin' + - name: Run Test + run: bin/rake spec + if: "!startsWith(matrix.ruby.name, 'truffleruby') && !startsWith(matrix.ruby.name, 'jruby')" + - name: Run Test (JRuby) + run: JRUBY_OPTS=--debug bin/rake spec + if: startsWith(matrix.ruby.name, 'jruby') + - name: Run Test (Truffleruby) + run: TRUFFLERUBYOPT="--experimental-options --testing-rubygems" bin/rake spec + if: startsWith(matrix.ruby.name, 'truffleruby') + + timeout-minutes: 20 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml new file mode 100644 index 0000000..d29b1ec --- /dev/null +++ b/.github/workflows/scorecards.yml @@ -0,0 +1,54 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecards supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '22 4 * * 2' + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecards analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + + steps: + - name: "Checkout code" + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + with: + results_file: results.sarif + results_format: sarif + # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecards on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} + + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + publish_results: true + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 + with: + sarif_file: results.sarif diff --git a/.github/workflows/spell.yml b/.github/workflows/spell.yml new file mode 100644 index 0000000..3496a9e --- /dev/null +++ b/.github/workflows/spell.yml @@ -0,0 +1,19 @@ +name: spell + +on: + pull_request: + + push: + branches: + - main + +permissions: + contents: read + +jobs: + spell: + name: Check spelling + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: codespell-project/actions-codespell@94259cd8be02ad2903ba34a22d9c13de21a74461 # v2.0 diff --git a/.github/workflows/ubuntu-lint.yml b/.github/workflows/ubuntu-lint.yml new file mode 100644 index 0000000..f60895e --- /dev/null +++ b/.github/workflows/ubuntu-lint.yml @@ -0,0 +1,30 @@ +name: ubuntu-lint + +on: + pull_request: + + push: + branches: + - main + +concurrency: + group: ci-${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +permissions: # added using https://github.com/step-security/secure-workflows + contents: read + +jobs: + ubuntu_lint: + name: Lint + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Setup ruby + uses: ruby/setup-ruby@8575951200e472d5f2d95c625da0c7bec8217c42 # v1.161.0 + with: + ruby-version: 3.2.2 + bundler-cache: true + - name: Run Lint + run: bundle exec rake rubocop + timeout-minutes: 15 diff --git a/bin/rake b/bin/rake new file mode 100755 index 0000000..4eb7d7b --- /dev/null +++ b/bin/rake @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'rake' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("rake", "rake") From 841b7f62c6d522721e0cae4942808053de5d49ef Mon Sep 17 00:00:00 2001 From: Samuel Giddins Date: Thu, 7 Dec 2023 10:19:08 -0800 Subject: [PATCH 2/7] Bump required_ruby_version to >= 3.0 In line with rubygems --- .rubocop-bundler.yml | 2 +- compact_index.gemspec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.rubocop-bundler.yml b/.rubocop-bundler.yml index e393578..e29d6a2 100644 --- a/.rubocop-bundler.yml +++ b/.rubocop-bundler.yml @@ -2,7 +2,7 @@ inherit_from: - .rubocop_todo.yml AllCops: - TargetRubyVersion: 2.7 + TargetRubyVersion: 3.0 Exclude: - tmp/**/* - lib/bundler/vendor/**/* diff --git a/compact_index.gemspec b/compact_index.gemspec index fa40ca6..a86f6d0 100644 --- a/compact_index.gemspec +++ b/compact_index.gemspec @@ -23,5 +23,5 @@ Gem::Specification.new do |spec| spec.add_development_dependency "rspec", "~> 3" spec.metadata["rubygems_mfa_required"] = "true" - spec.required_ruby_version = ">= 2.7.0" + spec.required_ruby_version = ">= 3.0.0" end From 82d26b73b4df2f33dd26f13dfe9679e3622c2eaf Mon Sep 17 00:00:00 2001 From: Samuel Giddins Date: Thu, 7 Dec 2023 10:22:41 -0800 Subject: [PATCH 3/7] Fix spelling --- CHANGELOG.md | 4 ++-- README.md | 2 +- db/migrations/05_create_checksums.rb | 2 +- lib/compact_index.rb | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d79dc15..e01db22 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -75,7 +75,7 @@ Features: Features: - - Remove sort responsability from compact_index + - Remove sort responsibility from compact_index - Change interface for versions_file in order to receive sorted gems @@ -123,7 +123,7 @@ Bugfixes: Bugfixes: - - Drop unecessary dependencies + - Drop unnecessary dependencies - Remove unused files imported on V0.1.0 ## 0.4.0 (July 10, 2015) diff --git a/README.md b/README.md index 28e2b37..b203f16 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ CompactIndex.names(%W(a_test b_test c_test)) ### `/versions` -The body of this endpoint can be rendered calling the `CompactIndex.versions` method. It receives two paremeters: a `CompactIndex::VersionsFile` object and a set of extra gems that aren't in the file yet. The gems lists should be ordered consistently by the user. +The body of this endpoint can be rendered calling the `CompactIndex.versions` method. It receives two parameters: a `CompactIndex::VersionsFile` object and a set of extra gems that aren't in the file yet. The gems lists should be ordered consistently by the user. ```ruby gem 'compact_index' diff --git a/db/migrations/05_create_checksums.rb b/db/migrations/05_create_checksums.rb index eea3536..68e120b 100644 --- a/db/migrations/05_create_checksums.rb +++ b/db/migrations/05_create_checksums.rb @@ -7,7 +7,7 @@ String :name String :md5 - index [:name], :name => :index_checksums_on_name, :unqiue => true + index [:name], :name => :index_checksums_on_name, :unique => true end end end diff --git a/lib/compact_index.rb b/lib/compact_index.rb index d53825c..eaaca47 100644 --- a/lib/compact_index.rb +++ b/lib/compact_index.rb @@ -9,7 +9,7 @@ module CompactIndex # Formats a list of gem names, to be used on the /names endpoint. - # @param gem_names [Array] array with gem names to be formated, in alphabetical order + # @param gem_names [Array] array with gem names to be formatted, in alphabetical order # @return [String] names on the specified format for new index /names endpoint. Example: # ```ruby # --- @@ -37,7 +37,7 @@ def self.names(gem_names) # ]) # ] # ``` - # @return [String] The formated output. Example: + # @return [String] The formatted output. Example: # ```ruby # created_at: 2001-01-01T01:01:01-01:01 # --- @@ -63,7 +63,7 @@ def self.versions(versions_file, gems = nil, args = {}) # ] # ``` # - # @return [String] The formated output. Example: + # @return [String] The formatted output. Example: # ```ruby # -- # 1.0.1 requirement:<2.0&>1.0|checksum:abc1 From b60d9ebf4c46d951159abe7398808a8b07703a9f Mon Sep 17 00:00:00 2001 From: Samuel Giddins Date: Thu, 7 Dec 2023 10:25:56 -0800 Subject: [PATCH 4/7] Add platforms to lockfile --- Gemfile.lock | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 93b317f..8ed3ded 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,7 +8,8 @@ GEM specs: ast (2.4.2) diff-lcs (1.5.0) - json (2.6.3) + json (2.7.1) + json (2.7.1-java) parallel (1.23.0) parser (3.2.2.1) ast (~> 2.4.1) @@ -50,7 +51,11 @@ GEM yard (0.9.34) PLATFORMS + arm64-darwin + java ruby + x86_64-darwin + x86_64-linux DEPENDENCIES compact_index! From 6c95389e54aa72aeca59cf2a974c172e8e581fa5 Mon Sep 17 00:00:00 2001 From: Samuel Giddins Date: Thu, 7 Dec 2023 10:28:50 -0800 Subject: [PATCH 5/7] Update role for pushing gem on tag --- .github/workflows/push_gem.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push_gem.yml b/.github/workflows/push_gem.yml index 68bb8d3..85d79a5 100644 --- a/.github/workflows/push_gem.yml +++ b/.github/workflows/push_gem.yml @@ -13,7 +13,7 @@ jobs: steps: - uses: rubygems/configure-rubygems-credentials@main with: - role-to-assume: rg_oidc_akr_e3gvf8d8qwrffk7gjno7 + role-to-assume: rg_oidc_akr_4dfqnvsems9z1dyszgd6 - uses: actions/checkout@v4 - name: Set remote URL run: | From 2e8107ded0d9abb48ae72e57bf65fa695c840e18 Mon Sep 17 00:00:00 2001 From: Samuel Giddins Date: Thu, 7 Dec 2023 10:30:57 -0800 Subject: [PATCH 6/7] Make doc gems optional Redcarpet cant install on jruby --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index c9133f4..ef3e460 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org" # Specify your gem's dependencies in compact_index.gemspec gemspec -group :documentation do +group :documentation, optional: true do gem "redcarpet", "~> 3.5" gem "yard", "~> 0.9" end From 0402deedbe4dccb0fd6c85de5b28930426694b2a Mon Sep 17 00:00:00 2001 From: Samuel Giddins Date: Thu, 7 Dec 2023 10:32:39 -0800 Subject: [PATCH 7/7] Fix rubocop --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index ef3e460..dda06f4 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org" # Specify your gem's dependencies in compact_index.gemspec gemspec -group :documentation, optional: true do +group :documentation, :optional => true do gem "redcarpet", "~> 3.5" gem "yard", "~> 0.9" end