Skip to content

Commit

Permalink
Fix verification of signed gems (#56)
Browse files Browse the repository at this point in the history
* Fix ruby gems verification

Signed-off-by: Sayali Gaikawad <[email protected]>
  • Loading branch information
gaiksaya authored Nov 30, 2022
1 parent 9b63f3e commit d9eb3fe
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 10 deletions.
2 changes: 1 addition & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ jacocoTestReport {
}
}

String version = '1.4.1'
String version = '1.4.2'

task updateVersion {
doLast {
Expand Down
9 changes: 6 additions & 3 deletions tests/jenkins/TestPublishToRubyGems.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,11 @@ class TestPublishToRubyGems extends BuildPipelineTest {
super.setUp()
super.testPipeline('tests/jenkins/jobs/PublishToRubyGems_JenkinsFile')
def curlCommands = getCommands('sh', 'curl')
def gemCommands = getCommands('sh', 'gem')
assertThat(curlCommands, hasItem(
"gem cert --add /tmp/workspace/certs/opensearch-rubygems.pem && cd /tmp/workspace/dist && gem install `ls *.gem` -P HighSecurity && curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems"
"cd /tmp/workspace/dist && curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems".toString()
))
assertThat(gemCommands, hasItem("\n gem cert --add /tmp/workspace/certs/opensearch-rubygems.pem\n cd /tmp/workspace/dist && gemNameWithVersion=\$(ls *.gem)\n gem install \$gemNameWithVersion\n gemName=\$(echo \$gemNameWithVersion | sed -E 's/(-[0-9.]+.gem\$)//g')\n gem uninstall \$gemName\n gem install \$gemNameWithVersion -P HighSecurity\n "))
}

@Test
Expand All @@ -35,9 +37,10 @@ class TestPublishToRubyGems extends BuildPipelineTest {
super.setUp()
super.testPipeline('tests/jenkins/jobs/PublishToRubyGemWithArgs_Jenkinsfile')
def curlCommands = getCommands('sh', 'curl')
def gemCommands = getCommands('sh', 'gem')
assertThat(curlCommands, hasItem(
"gem cert --add /tmp/workspace/certificate/path && cd /tmp/workspace/test && gem install `ls *.gem` -P HighSecurity && curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems"
))
"cd /tmp/workspace/test && curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems".toString()))
assertThat(gemCommands, hasItem("\n gem cert --add /tmp/workspace/certificate/path\n cd /tmp/workspace/test && gemNameWithVersion=\$(ls *.gem)\n gem install \$gemNameWithVersion\n gemName=\$(echo \$gemNameWithVersion | sed -E 's/(-[0-9.]+.gem\$)//g')\n gem uninstall \$gemName\n gem install \$gemNameWithVersion -P HighSecurity\n "))
}

def getCommands(method, text) {
Expand Down
10 changes: 9 additions & 1 deletion tests/jenkins/jobs/PublishToRubyGemWithArgs_Jenkinsfile.txt
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@
PublishToRubyGemWithArgs_Jenkinsfile.stage(publishRubyGems, groovy.lang.Closure)
PublishToRubyGemWithArgs_Jenkinsfile.script(groovy.lang.Closure)
PublishToRubyGemWithArgs_Jenkinsfile.publishToRubyGems({apiKeyCredentialId=ruby-api-key, gemsDir=test, publicCertPath=certificate/path})
publishToRubyGems.sh(
gem cert --add /tmp/workspace/certificate/path
cd /tmp/workspace/test && gemNameWithVersion=$(ls *.gem)
gem install $gemNameWithVersion
gemName=$(echo $gemNameWithVersion | sed -E 's/(-[0-9.]+.gem$)//g')
gem uninstall $gemName
gem install $gemNameWithVersion -P HighSecurity
)
publishToRubyGems.string({credentialsId=ruby-api-key, variable=API_KEY})
publishToRubyGems.withCredentials([API_KEY], groovy.lang.Closure)
publishToRubyGems.sh(gem cert --add /tmp/workspace/certificate/path && cd /tmp/workspace/test && gem install `ls *.gem` -P HighSecurity && curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems)
publishToRubyGems.sh(cd /tmp/workspace/test && curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems)
10 changes: 9 additions & 1 deletion tests/jenkins/jobs/PublishToRubyGems_JenkinsFile.txt
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@
PublishToRubyGems_JenkinsFile.stage(publishRubyGems, groovy.lang.Closure)
PublishToRubyGems_JenkinsFile.script(groovy.lang.Closure)
PublishToRubyGems_JenkinsFile.publishToRubyGems({apiKeyCredentialId=ruby-api-key})
publishToRubyGems.sh(
gem cert --add /tmp/workspace/certs/opensearch-rubygems.pem
cd /tmp/workspace/dist && gemNameWithVersion=$(ls *.gem)
gem install $gemNameWithVersion
gemName=$(echo $gemNameWithVersion | sed -E 's/(-[0-9.]+.gem$)//g')
gem uninstall $gemName
gem install $gemNameWithVersion -P HighSecurity
)
publishToRubyGems.string({credentialsId=ruby-api-key, variable=API_KEY})
publishToRubyGems.withCredentials([API_KEY], groovy.lang.Closure)
publishToRubyGems.sh(gem cert --add /tmp/workspace/certs/opensearch-rubygems.pem && cd /tmp/workspace/dist && gem install `ls *.gem` -P HighSecurity && curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems)
publishToRubyGems.sh(cd /tmp/workspace/dist && curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems)
17 changes: 13 additions & 4 deletions vars/publishToRubyGems.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,22 @@ Note: Please make sure the gem is already signed.
@param args.gemsDir <optional> - The directory containing the gem to be published. Defaults to 'dist'
@params args.publicCertPath <optional> - The relative path to public key. Defaults to 'certs/opensearch-rubygems.pem'
*/


void call(Map args = [:]) {
String releaseArtifactsDir = args.gemsDir ? "${WORKSPACE}/${args.gemsDir}" : "${WORKSPACE}/dist"
String certPath = args.publicCertPath ? "${WORKSPACE}/${args.publicCertPath}" : "${WORKSPACE}/certs/opensearch-rubygems.pem"

sh """
gem cert --add ${certPath}
cd ${releaseArtifactsDir} && gemNameWithVersion=\$(ls *.gem)
gem install \$gemNameWithVersion
gemName=\$(echo \$gemNameWithVersion | sed -E 's/(-[0-9.]+.gem\$)//g')
gem uninstall \$gemName
gem install \$gemNameWithVersion -P HighSecurity
"""

withCredentials([string(credentialsId: "${args.apiKeyCredentialId}", variable: 'API_KEY')]) {
sh """gem cert --add ${certPath} && \
cd ${releaseArtifactsDir} && gem install `ls *.gem` -P HighSecurity && \
curl --fail --data-binary @`ls *.gem` -H 'Authorization:${API_KEY}' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems"""
}
sh "cd ${releaseArtifactsDir} && curl --fail --data-binary @`ls *.gem` -H 'Authorization:${API_KEY}' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems"
}
}

0 comments on commit d9eb3fe

Please sign in to comment.