From b783086e165dbfc34fa94f6796d408a7047a1f6c Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 15:35:11 +0700 Subject: [PATCH 01/13] =?UTF-8?q?=F0=9F=93=9D=20Improve=20documentation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 20 year cert, expires 2045-04-29 --- README.md | 57 +++++++++++++++++++++++++++++++++++++---------- certs/pboling.pem | 42 +++++++++++++++++----------------- 2 files changed, 66 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index d206288..18660bf 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# VersionGem +# 🔖 VersionGem [![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] @@ -29,7 +29,7 @@ [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon] -## Alternatives +## 🧐 Alternatives This gem has a very niche purpose, which is: @@ -47,7 +47,7 @@ gem from the Alchemists, or _[version_sorter](https://rubygems.org/gems/version_ For more discussion about this [see issue #2](https://gitlab.com/oauth-xx/version_gem/-/issues/2) -## Still here? +## 🚀 Still here? Give your next library an introspectable `Version` module without breaking your Gemspec. @@ -65,7 +65,7 @@ This library was extracted from the gem _[oauth2](https://gitlab.com/oauth-xx/oa This gem has no runtime dependencies. -## Info you can shake a stick at +## 💡 Info you can shake a stick at | Tokens to Remember | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace] | |-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| @@ -79,9 +79,9 @@ This gem has no runtime dependencies. | Expert 1:1 Support | [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] `or` [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor] | | Enterprise Support | [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]
💡Subscribe for support guarantees covering _all_ FLOSS dependencies!
💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]!
💡Tidelift pays maintainers to maintain the software you depend on!
📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers! | | Comrade BDFL 🎖️ | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto] | -| `...` 💖 | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] | +| `...` 💖 | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub] [🛖][💖🛖hut] [🧪][💖🧪lab] | -## Installation +## ✨ Installation Install the gem and add to the application's Gemfile by executing: @@ -91,7 +91,36 @@ If bundler is not being used to manage dependencies, install the gem by executin $ gem install version_gem -## Basic Usage +### 🔒 Secure Installation + +`version_gem` is cryptographically signed. Be sure the gem you install hasn’t been tampered with +by following the instructions below. + +Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate: + +```shell +gem cert --add <(curl -Ls https://raw.github.com/oauth-xx/version_gem/master/certs/pboling.pem) +``` + +You only need to do that once. Then proceed to install with: + +```shell +gem install version_gem -P MediumSecurity +``` + +The `MediumSecurity` trust profile will verify signed gems, but allow the installation of unsigned dependencies. + +This is necessary because not all of `version_gem`’s dependencies are signed, so we cannot use `HighSecurity`. + +If you want to up your security game full-time: + +```shell +bundle config set --global trust-policy MediumSecurity +``` + +NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine. + +## 🔧 Basic Usage In the standard `bundle gem my_lib` code you get the following in `lib/my_lib/version.rb`: @@ -250,7 +279,7 @@ MyLib::Version.to_a # => [1, 24, 3, 8] MyLib::Version.to_h # => { epoch: 1, major: 24, minor: 3, patch: 8, pre: "" } ``` -## Usage with Zeitwerk +### Usage with Zeitwerk The pattern of `version.rb` breaking the ruby convention of directory / path matching the namespace / class is so entrenched that the `zeitwerk` library has a special carve-out for it. 🥺 @@ -420,7 +449,7 @@ It is obvious to many, but not all, and since the spec is silent, the bike shedd > dropping support for a platform is both obviously and objectively a breaking change -- Jordan Harband (@ljharb) [in SemVer issue 716][📌semver-breaking] +- Jordan Harband (@ljharb, maintainer of SemVer) [in SemVer issue 716][📌semver-breaking] To get a better understanding of how SemVer is intended to work over a project's lifetime, read this article from the creator of SemVer: @@ -487,14 +516,18 @@ or one of the others at the head of this README. [💖💲crunchbase-img]: https://img.shields.io/badge/peter--boling-purple?style=flat&logo=crunchbase [💖🐘ruby-mast]: https://ruby.social/@galtzo [💖🐘ruby-mast-img]: https://img.shields.io/mastodon/follow/109447111526622197?domain=https%3A%2F%2Fruby.social&style=flat&logo=mastodon&label=Ruby%20%40galtzo -[💖🦋bluesky]: https://galtzo.bsky.social -[💖🦋bluesky-img]: https://img.shields.io/badge/@galtzo.bsky.social-0285FF?style=flat&logo=bluesky&logoColor=white +[💖🦋bluesky]: https://bsky.app/profile/galtzo.com +[💖🦋bluesky-img]: https://img.shields.io/badge/@galtzo.com-0285FF?style=flat&logo=bluesky&logoColor=white [💖🌳linktree]: https://linktr.ee/galtzo [💖🌳linktree-img]: https://img.shields.io/badge/galtzo-purple?style=flat&logo=linktree [💖💁🏼‍♂️devto]: https://dev.to/galtzo [💖💁🏼‍♂️devto-img]: https://img.shields.io/badge/dev.to-0A0A0A?style=flat&logo=devdotto&logoColor=white [💖💁🏼‍♂️aboutme]: https://about.me/peter.boling [💖💁🏼‍♂️aboutme-img]: https://img.shields.io/badge/about.me-0A0A0A?style=flat&logo=aboutme&logoColor=white +[💖🧊berg]: https://codeberg.org/pboling +[💖🐙hub]: https://github.org/pboling +[💖🛖hut]: https://sr.ht/~galtzo/ +[💖🧪lab]: https://gitlab.com/pboling [👨🏼‍🏫expsup-upwork]: https://www.upwork.com/freelancers/~014942e9b056abdf86?mp_source=share [👨🏼‍🏫expsup-upwork-img]: https://img.shields.io/badge/UpWork-13544E?style=for-the-badge&logo=Upwork&logoColor=white [👨🏼‍🏫expsup-codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github @@ -550,7 +583,7 @@ or one of the others at the head of this README. [🚎10-j-wfi]: https://github.com/oauth-xx/version_gem/actions/workflows/jruby.yml/badge.svg [🚎11-c-wf]: https://github.com/oauth-xx/version_gem/actions/workflows/current.yml [🚎11-c-wfi]: https://github.com/oauth-xx/version_gem/actions/workflows/current.yml/badge.svg -[⛳liberapay-img]: https://img.shields.io/liberapay/patrons/pboling.svg?logo=liberapay +[⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay [⛳liberapay]: https://liberapay.com/pboling/donate [🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github [🖇sponsor]: https://github.com/sponsors/pboling diff --git a/certs/pboling.pem b/certs/pboling.pem index b33ee80..d5c7e8b 100644 --- a/certs/pboling.pem +++ b/certs/pboling.pem @@ -1,27 +1,27 @@ -----BEGIN CERTIFICATE----- MIIEgDCCAuigAwIBAgIBATANBgkqhkiG9w0BAQsFADBDMRUwEwYDVQQDDAxwZXRl ci5ib2xpbmcxFTATBgoJkiaJk/IsZAEZFgVnbWFpbDETMBEGCgmSJomT8ixkARkW -A2NvbTAeFw0yNDA5MjAwODU4NDJaFw0yNTA5MjAwODU4NDJaMEMxFTATBgNVBAMM +A2NvbTAeFw0yNTA1MDQxNTMzMDlaFw00NTA0MjkxNTMzMDlaMEMxFTATBgNVBAMM DHBldGVyLmJvbGluZzEVMBMGCgmSJomT8ixkARkWBWdtYWlsMRMwEQYKCZImiZPy -LGQBGRYDY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAjrxsKObI -rFQjBpzvVfqnT6JlF8/pkpgEEjFh7ex3zIerfuHzZvSrx+sRDGxQ8koWWG0Wjx8s -wkBZ5dIqvl0g3sWP5asa28u/09opxkQTC1Ao77iYxcBcwoCe/Dpf1m4Q/m6oH0kL -2AZVNJQL3UkqAcLS0tsj/s/jAKnVlsaZZE5gQiIIi8HtkvSsajtx+Cq2AxDvcWvV -/CliD+pmzYkTjvjwGm8yeyFGGGgrisJMryiZdZlkTwrQSjCzudIKbLeuG8Se4JTD -TAcT+rPubr27v1jwmtIjtiot3rf4nof7LHLb122a/0VR7cC7xPLnXw0Cq1BShvoq -/GKRdSwMNinTOGkFTK1gKnjN+3iD4zyXU3XO3CXoTr+Ju8fXPN1x4tpOMgbv8dme -WbcQMOH9ZjmA5w0bSVRL1c3NhRRpUzrKTNXBEvqOyWjUnintxWKj+cRXx+z+dUgI -dL3kj68fcsiTgl75In3C485pnCMmq1eLuVoiy3jkLNOn2lHeLt9ZK63LAgMBAAGj -fzB9MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBRhfc+2UaVYd74p -yJ1JclGiUYN8+jAhBgNVHREEGjAYgRZwZXRlci5ib2xpbmdAZ21haWwuY29tMCEG +LGQBGRYDY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAruUoo0WA +uoNuq6puKWYeRYiZekz/nsDeK5x/0IEirzcCEvaHr3Bmz7rjo1I6On3gGKmiZs61 +LRmQ3oxy77ydmkGTXBjruJB+pQEn7UfLSgQ0xa1/X3kdBZt6RmabFlBxnHkoaGY5 +mZuZ5+Z7walmv6sFD9ajhzj+oIgwWfnEHkXYTR8I6VLN7MRRKGMPoZ/yvOmxb2DN +coEEHWKO9CvgYpW7asIihl/9GMpKiRkcYPm9dGQzZc6uTwom1COfW0+ZOFrDVBuV +FMQRPswZcY4Wlq0uEBLPU7hxnCL9nKK6Y9IhdDcz1mY6HZ91WImNslOSI0S8hRpj +yGOWxQIhBT3fqCBlRIqFQBudrnD9jSNpSGsFvbEijd5ns7Z9ZMehXkXDycpGAUj1 +to/5cuTWWw1JqUWrKJYoifnVhtE1o1DZ+LkPtWxHtz5kjDG/zR3MG0Ula0UOavlD +qbnbcXPBnwXtTFeZ3C+yrWpE4pGnl3yGkZj9SMTlo9qnTMiPmuWKQDatAgMBAAGj +fzB9MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQE8uWvNbPVNRXZ +HlgPbc2PCzC4bjAhBgNVHREEGjAYgRZwZXRlci5ib2xpbmdAZ21haWwuY29tMCEG A1UdEgQaMBiBFnBldGVyLmJvbGluZ0BnbWFpbC5jb20wDQYJKoZIhvcNAQELBQAD -ggGBAA4fLU2+mQ++jBhVM2IeyvQdw1nm+0thkH4Ldv8ZOBm5ZxCPGIMoYliDDzg4 -4JDFxZR1wR4sdrz/K5tWtEkN23SKzopwbNb1NIQRSLQ7nOoc+4bkuz9xwKinmIvF -D+5qsl2S27WLKFreMDtGoh0CREIMBUxU4rGTh0gtzmweGR+fnOShg4Jo0kxrjU5h -uYk/uVE+bn/jOEGs43GvKXZLyshpBrZjQ+ArbvxDht5t35zbSxerbUxUPZUbXUCW -tTyh38a9UYjAAHvnh6Y4Fi9wd4/pGNsektrzB3z/zlVj4YF2TMLX9XfNJWEGRGpO -sSkLYdtEX1WQAmuZtActVW2cL3HdQaRbiv7VbfpA0eSk0ZdZHvBCl516ZZu10uX6 -82W1mg6fuezdpeBOiXwrEbZSt/oGiF4V511F6nd55p0okwHc/6nS10F/3aKJ4gwC -I5o+DRfXQHqKucx1ldFHvI2rE/kSCWqGTHN2eyu1sqCPeOoIMxrltJhaejKPkxqj -zaF9Og== +ggGBAJbnUwfJQFPkBgH9cL7hoBfRtmWiCvdqdjeTmi04u8zVNCUox0A4gT982DE9 +wmuN12LpdajxZONqbXuzZvc+nb0StFwmFYZG6iDwaf4BPywm2e/Vmq0YG45vZXGR +L8yMDSK1cQXjmA+ZBKOHKWavxP6Vp7lWvjAhz8RFwqF9GuNIdhv9NpnCAWcMZtpm +GUPyIWw/Cw/2wZp74QzZj6Npx+LdXoLTF1HMSJXZ7/pkxLCsB8m4EFVdb/IrW/0k +kNSfjtAfBHO8nLGuqQZVH9IBD1i9K6aSs7pT6TW8itXUIlkIUI2tg5YzW6OFfPzq +QekSkX3lZfY+HTSp/o+YvKkqWLUV7PQ7xh1ZYDtocpaHwgxe/j3bBqHE+CUPH2vA +0V/FwdTRWcwsjVoOJTrYcff8pBZ8r2MvtAc54xfnnhGFzeRHfcltobgFxkAXdE6p +DVjBtqT23eugOqQ73umLcYDZkc36vnqGxUBSsXrzY9pzV5gGr2I8YUxMqf6ATrZt +L9nRqA== -----END CERTIFICATE----- From 6462b9f0f2579b3b09d5441ee80fd5662d610712 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 15:39:33 +0700 Subject: [PATCH 02/13] =?UTF-8?q?=F0=9F=93=9D=20CITATION.cff?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CITATION.cff | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 CITATION.cff diff --git a/CITATION.cff b/CITATION.cff new file mode 100644 index 0000000..46659bb --- /dev/null +++ b/CITATION.cff @@ -0,0 +1,20 @@ +cff-version: 1.2.0 +title: VersionGem +message: >- + If you use this work and you want to cite it, + then you can use the metadata from this file. +type: software +authors: + - given-names: Peter Hurn + family-names: Boling + email: peter@railsbling.com + affiliation: railsbling.com + orcid: 'https://orcid.org/0009-0008-8519-441X' +identifiers: + - type: url + value: 'https://github.com/oauth-xx/version_gem/' + description: VersionGem +repository-code: 'https://github.com/oauth-xx/version_gem/' +abstract: >- + VersionGem +license: See license file From 5c6122b0beb084f5ed26edeeb5a0ec55ad2ba0b5 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 15:41:49 +0700 Subject: [PATCH 03/13] =?UTF-8?q?=F0=9F=90=9B=20Fix=20ability=20to=20build?= =?UTF-8?q?=20gem=20without=20signing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - for linux package maintainers --- CONTRIBUTING.md | 9 ++++++--- version_gem.gemspec | 14 +++++++------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1125b50..bec282b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -84,11 +84,14 @@ Also see GitLab Contributors: [https://gitlab.com/oauth-xx/version_gem/-/graphs/ ### One-time, Per-maintainer, Setup -**IMPORTANT**: Your public key for signing gems will need to be picked up by the line in the -`gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there), -in order to sign the new release. +**IMPORTANT**: If you want to sign the build you create, +your public key for signing gems will need to be picked up by the line in the +`gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there). +All releases to RubyGems.org will be signed. See: [RubyGems Security Guide][🔒️rubygems-security-guide] +NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some value in your environment. + ### To release a new version: 1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check diff --git a/version_gem.gemspec b/version_gem.gemspec index 97144cb..41f7791 100644 --- a/version_gem.gemspec +++ b/version_gem.gemspec @@ -11,16 +11,16 @@ Gem::Specification.new do |spec| # Linux distros may package ruby gems differently, # and securely certify them independently via alternate package management systems. # Ref: https://gitlab.com/oauth-xx/version_gem/-/issues/3 - # Hence, only enable signing if the cert_file is present. + # Hence, only enable signing if `SKIP_GEM_SIGNING` is not set in ENV. # See CONTRIBUTING.md - default_user_cert = "certs/#{ENV.fetch("GEM_CERT_USER", ENV["USER"])}.pem" - default_user_cert_path = File.join(__dir__, default_user_cert) - cert_file_path = ENV.fetch("GEM_CERT_PATH", default_user_cert_path) + user_cert = "certs/#{ENV.fetch("GEM_CERT_USER", ENV["USER"])}.pem" + cert_file_path = File.join(__dir__, user_cert) cert_chain = cert_file_path.split(",") - if cert_file_path && cert_chain.map { |fp| File.exist?(fp) } + cert_chain.select! { |fp| File.exist?(fp) } + if cert_file_path && cert_chain.any? spec.cert_chain = cert_chain - if $PROGRAM_NAME.end_with?("gem", "rake") && ARGV[0] == "build" - spec.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") + if $PROGRAM_NAME.end_with?("gem") && ARGV[0] == "build" && !ENV.include?("SKIP_GEM_SIGNING") + spec.signing_key = File.join(Gem.user_home, ".ssh", "gem-private_key.pem") end end From b74124592813f123d89ed6cb4cfc3fb514adc8d4 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 15:57:23 +0700 Subject: [PATCH 04/13] =?UTF-8?q?=F0=9F=8E=A8=20Upgrade=20dev=20dependenci?= =?UTF-8?q?es?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Improve documentation --- Gemfile | 2 -- Gemfile.lock | 7 ++++--- gemfiles/modular/style.gemfile | 4 +++- lib/version_gem/epoch.rb | 1 + lib/version_gem/error.rb | 1 + lib/version_gem/rspec.rb | 1 + lib/version_gem/ruby.rb | 2 ++ version_gem.gemspec | 2 +- 8 files changed, 13 insertions(+), 7 deletions(-) diff --git a/Gemfile b/Gemfile index 00bfc49..f984b8e 100644 --- a/Gemfile +++ b/Gemfile @@ -27,8 +27,6 @@ platform :mri do # Dev Console - Binding.pry - Irb replacement gem "pry", "~> 0.14" # ruby >= 2.0 - - gem "reek", "~> 6.4" end # Security Audit diff --git a/Gemfile.lock b/Gemfile.lock index 611899e..ed8fd54 100755 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -123,11 +123,11 @@ GEM rspec-expectations (3.13.4) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) - rspec-mocks (3.13.3) + rspec-mocks (3.13.4) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) rspec-support (3.13.3) - rubocop (1.75.4) + rubocop (1.75.5) json (~> 2.3) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.1.0) @@ -252,10 +252,11 @@ DEPENDENCIES reek (~> 6.4) rspec (~> 3.13) rspec-block_is_expected (~> 1.0) + rubocop (~> 1.73, >= 1.73.2) rubocop-lts (~> 8.1, >= 8.1.1) rubocop-packaging (~> 0.5, >= 0.5.2) rubocop-rspec (~> 3.2) - standard (>= 1.35.1, != 1.42.0, != 1.41.1) + standard (~> 1.47) stone_checksums (~> 1.0) version_gem! yard (~> 0.9, >= 0.9.37) diff --git a/gemfiles/modular/style.gemfile b/gemfiles/modular/style.gemfile index 7c1b174..f09c5e5 100644 --- a/gemfiles/modular/style.gemfile +++ b/gemfiles/modular/style.gemfile @@ -3,10 +3,12 @@ # We run rubocop on the latest version of Ruby, # but in support of the oldest supported version of Ruby +gem "reek", "~> 6.4" +gem "rubocop", "~> 1.73", ">= 1.73.2" gem "rubocop-lts", "~> 8.1", ">= 8.1.1" # Linting for Ruby >= 2.2 gem "rubocop-packaging", "~> 0.5", ">= 0.5.2" gem "rubocop-rspec", "~> 3.2" -gem "standard", ">= 1.35.1", "!= 1.41.1", "!= 1.42.0" +gem "standard", "~> 1.47" # Std Lib extractions gem "benchmark", "~> 0.4" # Removed from Std Lib in Ruby 3.5 diff --git a/lib/version_gem/epoch.rb b/lib/version_gem/epoch.rb index 8db4472..ad6fef2 100644 --- a/lib/version_gem/epoch.rb +++ b/lib/version_gem/epoch.rb @@ -18,6 +18,7 @@ def extended(base) end end + # Tweak the basic API so it will support Epoch Semantic Versioning module OverloadApiForEpoch # *** OVERLOAD METHODS FROM API *** # diff --git a/lib/version_gem/error.rb b/lib/version_gem/error.rb index ad478b4..4dacb7c 100644 --- a/lib/version_gem/error.rb +++ b/lib/version_gem/error.rb @@ -1,5 +1,6 @@ # frozen_string_literal: true module VersionGem + # Errors raised by VersionGem will be of this class class Error < RuntimeError; end end diff --git a/lib/version_gem/rspec.rb b/lib/version_gem/rspec.rb index 2fac74a..02edee3 100644 --- a/lib/version_gem/rspec.rb +++ b/lib/version_gem/rspec.rb @@ -59,6 +59,7 @@ end end +# This one is more Epoch ;) RSpec.shared_examples_for("an Epoch Version module") do |version_mod| it "is introspectable" do aggregate_failures "introspectable api" do diff --git a/lib/version_gem/ruby.rb b/lib/version_gem/ruby.rb index 0bf9574..ec09198 100644 --- a/lib/version_gem/ruby.rb +++ b/lib/version_gem/ruby.rb @@ -5,11 +5,13 @@ module VersionGem module Ruby RUBY_VER = ::Gem::Version.new(RUBY_VERSION) + # Check if the current Ruby version is greater than or equal to the given version def gte_minimum_version?(version, engine = "ruby") RUBY_VER >= ::Gem::Version.new(version) && ::RUBY_ENGINE == engine end module_function :gte_minimum_version? + # Check if the current Ruby version (MAJOR.MINOR) is equal to the given version def actual_minor_version?(major, minor, engine = "ruby") major.to_i == RUBY_VER.segments[0] && minor.to_i == RUBY_VER.segments[1] && diff --git a/version_gem.gemspec b/version_gem.gemspec index 41f7791..f142f44 100644 --- a/version_gem.gemspec +++ b/version_gem.gemspec @@ -47,7 +47,7 @@ Gem::Specification.new do |spec| spec.files = Dir[ # Files (alphabetical) - "lib/**/*" + "lib/**/*", ] # Automatically included with gem package, no need to list again in files. spec.extra_rdoc_files = Dir[ From 21cda6c3d44b081ccf3940204cda01fae3a4d2e2 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 16:01:47 +0700 Subject: [PATCH 05/13] =?UTF-8?q?=F0=9F=8E=A8=20Address=20REEK=20list=20is?= =?UTF-8?q?sues?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- REEK | 10 +--------- lib/version_gem/ruby.rb | 5 +++-- spec/helpers/faux.rb | 5 +++-- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/REEK b/REEK index b21f045..a33f1c1 100644 --- a/REEK +++ b/REEK @@ -1,9 +1 @@ -spec/helpers/faux.rb -- 1 warning: - [14, 15]:DuplicateMethodCall: VersionGem::Faux#actual_minor_version? calls 'RUBY_VER.segments' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] -lib/version_gem/epoch.rb -- 1 warning: - [21]:IrresponsibleModule: VersionGem::Epoch::OverloadApiForEpoch has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md] -lib/version_gem/error.rb -- 1 warning: - [4]:IrresponsibleModule: VersionGem::Error has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md] -lib/version_gem/ruby.rb -- 1 warning: - [14, 15]:DuplicateMethodCall: VersionGem::Ruby#actual_minor_version? calls 'RUBY_VER.segments' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md] -4 total warnings +0 total warnings diff --git a/lib/version_gem/ruby.rb b/lib/version_gem/ruby.rb index ec09198..ae7e8ee 100644 --- a/lib/version_gem/ruby.rb +++ b/lib/version_gem/ruby.rb @@ -13,8 +13,9 @@ def gte_minimum_version?(version, engine = "ruby") # Check if the current Ruby version (MAJOR.MINOR) is equal to the given version def actual_minor_version?(major, minor, engine = "ruby") - major.to_i == RUBY_VER.segments[0] && - minor.to_i == RUBY_VER.segments[1] && + segs = RUBY_VER.segments + major.to_i == segs[0] && + minor.to_i == segs[1] && ::RUBY_ENGINE == engine end module_function :actual_minor_version? diff --git a/spec/helpers/faux.rb b/spec/helpers/faux.rb index 7608116..5717063 100644 --- a/spec/helpers/faux.rb +++ b/spec/helpers/faux.rb @@ -11,8 +11,9 @@ def gte_minimum_version?(version, engine = "ruby") module_function :gte_minimum_version? def actual_minor_version?(major, minor, engine = "ruby") - major.to_i == RUBY_VER.segments[0] && - minor.to_i == RUBY_VER.segments[1] && + segs = RUBY_VER.segments + major.to_i == segs[0] && + minor.to_i == segs[1] && ::RUBY_ENGINE == engine end module_function :actual_minor_version? From 5aa621fc2cea9740bd10a7643cd5a808f1bba500 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 16:04:51 +0700 Subject: [PATCH 06/13] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20switch=20to=20fixed?= =?UTF-8?q?=20fork=20of=20yard-junk?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gemfiles/modular/documentation.gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gemfiles/modular/documentation.gemfile b/gemfiles/modular/documentation.gemfile index d33cb4d..fdfa2fb 100644 --- a/gemfiles/modular/documentation.gemfile +++ b/gemfiles/modular/documentation.gemfile @@ -4,7 +4,7 @@ gem "github-markup", "~> 5.0", ">= 5.0.1" gem "redcarpet", "~> 3.6" gem "yard", "~> 0.9", ">= 0.9.37", require: false -gem "yard-junk", "~> 0.0", ">= 0.0.10" +gem "yard-junk", "~> 0.0", ">= 0.0.10", github: "pboling/yard-junk", branch: "next" # Std Lib extractions gem "rdoc", "~> 6.11" From 4e868d03698bce9e6d45bd25478bbe015b196c0d Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 16:06:23 +0700 Subject: [PATCH 07/13] =?UTF-8?q?=F0=9F=94=A5=20Remove=20old=20codeclimate?= =?UTF-8?q?=20uploader?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/coverage.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 3d836fb..5fba3e5 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -49,12 +49,6 @@ jobs: bundler: latest steps: - - uses: amancevice/setup-code-climate@v2 - name: CodeClimate Install - if: ${{ github.event_name != 'pull_request' }} - with: - cc_test_reporter_id: ${{ secrets.CC_TEST_REPORTER_ID }} - - name: Checkout uses: actions/checkout@v4 From 3f5307a5aaef03142e526dd9bb4e39d4817e0d1c Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 16:12:48 +0700 Subject: [PATCH 08/13] =?UTF-8?q?=F0=9F=91=B7=20Add=20GitLab=20CI?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitlab-ci.yml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..22e6b3e --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,39 @@ +# You can override the included template(s) by including variable overrides +# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings +# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings +# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings +# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings +# Note that environment variables can be set in several places +# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence +#stages: +# - test +#sast: +# stage: test +#include: +# - template: Security/SAST.gitlab-ci.yml + +variables: + K_SOUP_COV_DEBUG: true + K_SOUP_COV_DO: true + K_SOUP_COV_HARD: true + K_SOUP_COV_MIN_BRANCH: 100 + K_SOUP_COV_MIN_LINE: 100 + K_SOUP_COV_VERBOSE: true + K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,json,tty" + K_SOUP_COV_MULTI_FORMATTERS: true + K_SOUP_COV_COMMAND_NAME: "RSpec Coverage" + +default: + image: ruby:3.4.3 + + before_script: + - gem update --silent --system + - mkdir -p vendor/bundle + - bundle config set path 'vendor/bundle' + - chmod +t -R vendor/bundle + - chmod o-w -R vendor/bundle + - bundle install --jobs 4 --retry 3 + +run_tests: + script: + - bundle exec rake From e37bd8effcd9cc5d9390eee837851311ee0f5a3f Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 16:18:21 +0700 Subject: [PATCH 09/13] =?UTF-8?q?=F0=9F=91=B7=20Remove=20XML?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://github.com/dashingrocket/simplecov-cobertura/issues/30 --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 22e6b3e..67c1b3b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -19,7 +19,7 @@ variables: K_SOUP_COV_MIN_BRANCH: 100 K_SOUP_COV_MIN_LINE: 100 K_SOUP_COV_VERBOSE: true - K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,json,tty" + K_SOUP_COV_FORMATTERS: "html,rcov,lcov,json,tty" K_SOUP_COV_MULTI_FORMATTERS: true K_SOUP_COV_COMMAND_NAME: "RSpec Coverage" From 3a132bdfd12aab162422fa095d9f90404a7bc423 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 16:19:39 +0700 Subject: [PATCH 10/13] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=20v1.1.8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 20 +++++++++++++++++--- Gemfile.lock | 21 ++++++++++++++------- lib/version_gem/version.rb | 2 +- 3 files changed, 32 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5482031..f374743 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,12 +22,24 @@ Please file a bug if you notice a violation of semantic versioning. ### Fixed ### Removed +## [1.1.8] 2025-05-06 ([tag][1.1.8t]) +- Line Coverage: 100.0% (117 / 117) +- Branch Coverage: 100.0% (4 / 4) +- 84.62% documented +### Added +- CITATION.cff (@pboling) +- Cryptographically signed with new 20-year cert (@pboling) + - expires 2045-04-29 +- Improved documentation (@pboling) +- Addressed entire REEK list (@pboling) +- GitLab CI, as an addition to existing GHA (@pboling) + ## [1.1.7] 2025-04-15 ([tag][1.1.7t]) - Line Coverage: 100.0% (117 / 117) - Branch Coverage: 100.0% (4 / 4) -- 76.92% documented +- 76.92% documented ### Added -- Support for Epoch Semantic Versioning +- Support for Epoch Semantic Versioning (@pboling) - `extend VersionGem::Epoch` in your library's `MyLib::Version` module - Support for JRuby 10 (@pboling) - More documentation (@pboling) @@ -130,7 +142,9 @@ Please file a bug if you notice a violation of semantic versioning. ### Added - Initial release, with basic version parsing API (@pboling) -[Unreleased]: https://gitlab.com/oauth-xx/version_gem/-/compare/v1.1.7...main +[Unreleased]: https://gitlab.com/oauth-xx/version_gem/-/compare/v1.1.8...main +[1.1.8]: https://gitlab.com/oauth-xx/version_gem/-/compare/v1.1.7...v1.1.8 +[1.1.8t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.1.8 [1.1.7]: https://gitlab.com/oauth-xx/version_gem/-/compare/v1.1.6...v1.1.7 [1.1.7t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.1.7 [1.1.6]: https://gitlab.com/oauth-xx/version_gem/-/compare/v1.1.5...v1.1.6 diff --git a/Gemfile.lock b/Gemfile.lock index ed8fd54..812b866 100755 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,10 +8,22 @@ GIT rake (>= 10) thor (>= 0.14) +GIT + remote: https://github.com/pboling/yard-junk + revision: 54ccebabbfa9a9cd44d0b991687ebbfd22c32b55 + branch: next + specs: + yard-junk (0.0.10) + backports (>= 3.18) + benchmark + ostruct + rainbow + yard + PATH remote: . specs: - version_gem (1.1.7) + version_gem (1.1.8) GEM remote: https://rubygems.org/ @@ -224,11 +236,6 @@ GEM unicode-emoji (~> 4.0, >= 4.0.4) unicode-emoji (4.0.4) yard (0.9.37) - yard-junk (0.0.10) - backports (>= 3.18) - ostruct - rainbow - yard zeitwerk (2.7.2) PLATFORMS @@ -260,7 +267,7 @@ DEPENDENCIES stone_checksums (~> 1.0) version_gem! yard (~> 0.9, >= 0.9.37) - yard-junk (~> 0.0, >= 0.0.10) + yard-junk (~> 0.0, >= 0.0.10)! BUNDLED WITH 2.6.8 diff --git a/lib/version_gem/version.rb b/lib/version_gem/version.rb index 2942396..a91bbe3 100644 --- a/lib/version_gem/version.rb +++ b/lib/version_gem/version.rb @@ -2,7 +2,7 @@ module VersionGem module Version - VERSION = "1.1.7" + VERSION = "1.1.8" # This would work in this gem, but not in external libraries, # because version files are loaded in Gemspecs before bundler # has a chance to load dependencies. From 1d626c0868f06f0bc79834e6eec97817bb3e515d Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 16:24:10 +0700 Subject: [PATCH 11/13] =?UTF-8?q?=F0=9F=94=A8=20Fix=20Rakefile=20when=20no?= =?UTF-8?q?t=20using=20primary=20Gemfile?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Rakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index 3c9a4bd..9c50514 100644 --- a/Rakefile +++ b/Rakefile @@ -42,7 +42,7 @@ begin RSpec::Core::RakeTask.new(:spec) # This takes the place of `coverage` task when running as CI=true - defaults << "spec" if Kettle::Soup::Cover::IS_CI + defaults << "spec" if !defined(Kettle::Soup::Cover) || Kettle::Soup::Cover::IS_CI rescue LoadError desc("spec task stub") task(:spec) do From 4c8a2f511bdce06c0ada80bbcafec72f5fe9cf45 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 16:26:44 +0700 Subject: [PATCH 12/13] =?UTF-8?q?=F0=9F=93=9D=20Improve=20documentation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Appraisal.root.gemfile | 4 ++-- Gemfile | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Appraisal.root.gemfile b/Appraisal.root.gemfile index 3d53a93..89968f9 100644 --- a/Appraisal.root.gemfile +++ b/Appraisal.root.gemfile @@ -6,8 +6,8 @@ source "https://rubygems.org" # Appraisal Root Gemfile is for running appraisal to generate the Appraisal Gemfiles # in gemfiles/*gemfile. -# On CI, we use it for the Appraisal-based builds. -# We do not load the standard Gemfile, as it is tailored for local development. +# On GHA CI, we use it for the Appraisal-based builds. +# We do not load the standard Gemfile, as it is tailored for local development & GitLab CI. gemspec diff --git a/Gemfile b/Gemfile index f984b8e..ea12543 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,8 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" } #### IMPORTANT ####################################################### -# Gemfile is for local development ONLY; Gemfile is NOT loaded in CI # +# Gemfile is for local development and GitLab CI # +# Gemfile is NOT loaded in GitHub Actions CI # ####################################################### IMPORTANT #### # For Ruby version specific dependencies From 4ad1e3759603fef5484b478a416350ae6181f2f6 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Tue, 6 May 2025 16:27:35 +0700 Subject: [PATCH 13/13] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Rakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index 9c50514..585c6be 100644 --- a/Rakefile +++ b/Rakefile @@ -42,7 +42,7 @@ begin RSpec::Core::RakeTask.new(:spec) # This takes the place of `coverage` task when running as CI=true - defaults << "spec" if !defined(Kettle::Soup::Cover) || Kettle::Soup::Cover::IS_CI + defaults << "spec" if !defined?(Kettle::Soup::Cover) || Kettle::Soup::Cover::IS_CI rescue LoadError desc("spec task stub") task(:spec) do