Fix verification of signed gems (#56) (#58)

* Fix ruby gems verification Signed-off-by: Sayali Gaikawad <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
opensearch-project · Nov 30, 2022 · 2224876 · 2224876
1 parent 3d5176e
commit 2224876
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 10 deletions.
diff --git a/build.gradle b/build.gradle
@@ -120,7 +120,7 @@ jacocoTestReport {
     }
 }
 
-String version = '1.4.1'
+String version = '1.4.2'
 
 task updateVersion {
     doLast {

diff --git a/tests/jenkins/TestPublishToRubyGems.groovy b/tests/jenkins/TestPublishToRubyGems.groovy
@@ -24,9 +24,11 @@ class TestPublishToRubyGems extends BuildPipelineTest {
         super.setUp()
         super.testPipeline('tests/jenkins/jobs/PublishToRubyGems_JenkinsFile')
         def curlCommands = getCommands('sh', 'curl')
+        def gemCommands = getCommands('sh', 'gem')
         assertThat(curlCommands, hasItem(
-            "gem cert --add /tmp/workspace/certs/opensearch-rubygems.pem &&             cd /tmp/workspace/dist && gem install `ls *.gem` -P HighSecurity &&             curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems"
+            "cd /tmp/workspace/dist && curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems".toString()
         ))
+        assertThat(gemCommands, hasItem("\n        gem cert --add /tmp/workspace/certs/opensearch-rubygems.pem\n        cd /tmp/workspace/dist && gemNameWithVersion=\$(ls *.gem)\n        gem install \$gemNameWithVersion\n        gemName=\$(echo \$gemNameWithVersion | sed -E 's/(-[0-9.]+.gem\$)//g')\n        gem uninstall \$gemName\n        gem install \$gemNameWithVersion -P HighSecurity\n    "))
     }
 
     @Test
@@ -35,9 +37,10 @@ class TestPublishToRubyGems extends BuildPipelineTest {
         super.setUp()
         super.testPipeline('tests/jenkins/jobs/PublishToRubyGemWithArgs_Jenkinsfile')
         def curlCommands = getCommands('sh', 'curl')
+        def gemCommands = getCommands('sh', 'gem')
         assertThat(curlCommands, hasItem(
-            "gem cert --add /tmp/workspace/certificate/path &&             cd /tmp/workspace/test && gem install `ls *.gem` -P HighSecurity &&             curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems"
-        ))
+            "cd /tmp/workspace/test && curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems".toString()))
+        assertThat(gemCommands, hasItem("\n        gem cert --add /tmp/workspace/certificate/path\n        cd /tmp/workspace/test && gemNameWithVersion=\$(ls *.gem)\n        gem install \$gemNameWithVersion\n        gemName=\$(echo \$gemNameWithVersion | sed -E 's/(-[0-9.]+.gem\$)//g')\n        gem uninstall \$gemName\n        gem install \$gemNameWithVersion -P HighSecurity\n    "))
     }
 
     def getCommands(method, text) {

diff --git a/tests/jenkins/jobs/PublishToRubyGemWithArgs_Jenkinsfile.txt b/tests/jenkins/jobs/PublishToRubyGemWithArgs_Jenkinsfile.txt
@@ -4,6 +4,14 @@
          PublishToRubyGemWithArgs_Jenkinsfile.stage(publishRubyGems, groovy.lang.Closure)
             PublishToRubyGemWithArgs_Jenkinsfile.script(groovy.lang.Closure)
                PublishToRubyGemWithArgs_Jenkinsfile.publishToRubyGems({apiKeyCredentialId=ruby-api-key, gemsDir=test, publicCertPath=certificate/path})
+                  publishToRubyGems.sh(
+        gem cert --add /tmp/workspace/certificate/path
+        cd /tmp/workspace/test && gemNameWithVersion=$(ls *.gem)
+        gem install $gemNameWithVersion
+        gemName=$(echo $gemNameWithVersion | sed -E 's/(-[0-9.]+.gem$)//g')
+        gem uninstall $gemName
+        gem install $gemNameWithVersion -P HighSecurity
+    )
                   publishToRubyGems.string({credentialsId=ruby-api-key, variable=API_KEY})
                   publishToRubyGems.withCredentials([API_KEY], groovy.lang.Closure)
-                     publishToRubyGems.sh(gem cert --add /tmp/workspace/certificate/path &&             cd /tmp/workspace/test && gem install `ls *.gem` -P HighSecurity &&             curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems)
+                     publishToRubyGems.sh(cd /tmp/workspace/test && curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems)
diff --git a/tests/jenkins/jobs/PublishToRubyGems_JenkinsFile.txt b/tests/jenkins/jobs/PublishToRubyGems_JenkinsFile.txt
@@ -4,6 +4,14 @@
          PublishToRubyGems_JenkinsFile.stage(publishRubyGems, groovy.lang.Closure)
             PublishToRubyGems_JenkinsFile.script(groovy.lang.Closure)
                PublishToRubyGems_JenkinsFile.publishToRubyGems({apiKeyCredentialId=ruby-api-key})
+                  publishToRubyGems.sh(
+        gem cert --add /tmp/workspace/certs/opensearch-rubygems.pem
+        cd /tmp/workspace/dist && gemNameWithVersion=$(ls *.gem)
+        gem install $gemNameWithVersion
+        gemName=$(echo $gemNameWithVersion | sed -E 's/(-[0-9.]+.gem$)//g')
+        gem uninstall $gemName
+        gem install $gemNameWithVersion -P HighSecurity
+    )
                   publishToRubyGems.string({credentialsId=ruby-api-key, variable=API_KEY})
                   publishToRubyGems.withCredentials([API_KEY], groovy.lang.Closure)
-                     publishToRubyGems.sh(gem cert --add /tmp/workspace/certs/opensearch-rubygems.pem &&             cd /tmp/workspace/dist && gem install `ls *.gem` -P HighSecurity &&             curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems)
+                     publishToRubyGems.sh(cd /tmp/workspace/dist && curl --fail --data-binary @`ls *.gem` -H 'Authorization:API_KEY' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems)
diff --git a/vars/publishToRubyGems.groovy b/vars/publishToRubyGems.groovy
@@ -14,13 +14,22 @@ Note: Please make sure the gem is already signed.
 @param args.gemsDir <optional> - The directory containing the gem to be published. Defaults to 'dist'
 @params args.publicCertPath <optional> - The relative path to public key. Defaults to 'certs/opensearch-rubygems.pem'
 */
+
+
 void call(Map args = [:]) {
     String releaseArtifactsDir = args.gemsDir ? "${WORKSPACE}/${args.gemsDir}" : "${WORKSPACE}/dist"
     String certPath = args.publicCertPath ? "${WORKSPACE}/${args.publicCertPath}" : "${WORKSPACE}/certs/opensearch-rubygems.pem"
 
+    sh """
+        gem cert --add ${certPath}
+        cd ${releaseArtifactsDir} && gemNameWithVersion=\$(ls *.gem)
+        gem install \$gemNameWithVersion
+        gemName=\$(echo \$gemNameWithVersion | sed -E 's/(-[0-9.]+.gem\$)//g')
+        gem uninstall \$gemName
+        gem install \$gemNameWithVersion -P HighSecurity
+    """
+
     withCredentials([string(credentialsId: "${args.apiKeyCredentialId}", variable: 'API_KEY')]) {
-        sh """gem cert --add ${certPath} && \
-            cd ${releaseArtifactsDir} && gem install `ls *.gem` -P HighSecurity && \
-            curl --fail --data-binary @`ls *.gem` -H 'Authorization:${API_KEY}' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems"""
-        }
+        sh "cd ${releaseArtifactsDir} && curl --fail --data-binary @`ls *.gem` -H 'Authorization:${API_KEY}' -H 'Content-Type: application/octet-stream' https://rubygems.org/api/v1/gems"
+    }
 }