forked from dependabot/dependabot-core
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathRakefile
More file actions
151 lines (135 loc) · 4.7 KB
/
Rakefile
File metadata and controls
151 lines (135 loc) · 4.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# frozen_string_literal: true
require "fileutils"
require "English"
require "net/http"
require "uri"
require "json"
require "rubygems/package"
require "bundler"
require "./common/lib/dependabot"
require "yaml"
# ./dependabot-core.gemspec is purposefully excluded from this list
# because it's an empty gem as a placeholder to prevent namesquatting.
GEMSPECS = %w(
common/dependabot-common.gemspec
bun/dependabot-bun.gemspec
bundler/dependabot-bundler.gemspec
cargo/dependabot-cargo.gemspec
composer/dependabot-composer.gemspec
conda/dependabot-conda.gemspec
devcontainers/dependabot-devcontainers.gemspec
docker_compose/dependabot-docker_compose.gemspec
docker/dependabot-docker.gemspec
dotnet_sdk/dependabot-dotnet_sdk.gemspec
elm/dependabot-elm.gemspec
git_submodules/dependabot-git_submodules.gemspec
github_actions/dependabot-github_actions.gemspec
go_modules/dependabot-go_modules.gemspec
gradle/dependabot-gradle.gemspec
helm/dependabot-helm.gemspec
hex/dependabot-hex.gemspec
maven/dependabot-maven.gemspec
npm_and_yarn/dependabot-npm_and_yarn.gemspec
nuget/dependabot-nuget.gemspec
omnibus/dependabot-omnibus.gemspec
pub/dependabot-pub.gemspec
python/dependabot-python.gemspec
rust_toolchain/dependabot-rust_toolchain.gemspec
silent/dependabot-silent.gemspec
swift/dependabot-swift.gemspec
terraform/dependabot-terraform.gemspec
uv/dependabot-uv.gemspec
vcpkg/dependabot-vcpkg.gemspec
).freeze
def run_command(command)
puts "> #{command}"
exit 1 unless system(command)
end
# rubocop:disable Metrics/BlockLength
namespace :gems do
task build: :clean do
root_path = Dir.getwd
pkg_path = File.join(root_path, "pkg")
Dir.mkdir(pkg_path) unless File.directory?(pkg_path)
GEMSPECS.each do |gemspec_path|
puts "> Building #{gemspec_path}"
Dir.chdir(File.dirname(gemspec_path)) do
gemspec = Bundler.load_gemspec_uncached(File.basename(gemspec_path))
pkg = ::Gem::Package.build(gemspec)
FileUtils.mv(pkg, File.join(pkg_path, pkg))
end
end
end
task release: [:build] do
guard_tag_match
GEMSPECS.each do |gemspec_path|
gem_name = File.basename(gemspec_path).sub(/\.gemspec$/, "")
gem_name_and_version = "#{gem_name}-#{Dependabot::VERSION}"
gem_path = "pkg/#{gem_name_and_version}.gem"
gem_attestation_path = "pkg/#{gem_name_and_version}.sigstore.json"
attempts = 0
loop do
if rubygems_release_exists?(gem_name, Dependabot::VERSION)
puts "- Skipping #{gem_path} as it already exists on rubygems"
break
else
puts "> Releasing #{gem_path}"
attempts += 1
begin
if ENV["GITHUB_ACTIONS"] == "true"
sh "gem exec sigstore-cli:0.2.1 sign #{gem_path} --bundle #{gem_attestation_path}"
sh "gem push #{gem_path} --attestation #{gem_attestation_path}"
else
puts "- Skipping sigstore signing (not in GitHub Actions environment, so no OIDC token available)"
sh "gem push #{gem_path}"
end
break
rescue StandardError => e
puts "! `gem push` failed with error: #{e}"
raise if attempts >= 3
sleep(2)
end
end
end
end
end
task :clean do
FileUtils.rm(Dir["pkg/*.gem", "pkg/*.sigstore.json"])
end
end
class Hash
def sort_by_key(recursive = false, &block)
keys.sort(&block).each_with_object({}) do |key, seed|
seed[key] = self[key]
seed[key] = seed[key].sort_by_key(true, &block) if recursive && seed[key].is_a?(Hash)
seed
end
end
end
namespace :rubocop do
task :sort do
File.write(
"omnibus/.rubocop.yml",
YAML.load_file("omnibus/.rubocop.yml").sort_by_key(true).to_yaml
)
end
end
def guard_tag_match
tag = "v#{Dependabot::VERSION}"
tag_commit = `git rev-list -n 1 #{tag} 2> /dev/null`.strip
abort_msg = "Can't release - tag #{tag} does not exist. " \
"This may be due to a bug in the Actions runner resulting in a stale copy of the git repo. " \
"Please delete the failing git tag and then recreate the GitHub release for this version. " \
"This will retrigger the gems-release-to-rubygems.yml workflow."
abort abort_msg unless $CHILD_STATUS == 0
head_commit = `git rev-parse HEAD`.strip
return if tag_commit == head_commit
abort "Can't release - HEAD (#{head_commit[0..9]}) does not match " \
"tag #{tag} (#{tag_commit[0..9]})"
end
def rubygems_release_exists?(name, version)
uri = URI.parse("https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json")
response = Net::HTTP.get_response(uri)
response.code == "200"
end
# rubocop:enable Metrics/BlockLength