Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add trusted publishers #4239

Merged
merged 1 commit into from Dec 11, 2023
Merged

Add trusted publishers #4239

merged 1 commit into from Dec 11, 2023

Conversation

segiddins
Copy link
Member

@segiddins segiddins commented Nov 24, 2023
edited

For now, only supports GH Actions. Guides in rubygems/guides#348. Heavily inspired by PyPi's trusted publisher feature (https://docs.pypi.org/trusted-publishers/).

UI demo:
CleanShot 2023-12-08 at 12 28 24

https://docs.google.com/document/d/1iJBiH4xSx9ZqvwQpeWu8fzb8UjrwV3Ta7M7azXKtJhA/edit?usp=sharing

@codecov Codecov
Copy link

codecov bot commented Nov 24, 2023
edited

Codecov Report

Attention: 4 lines in your changes are missing coverage. Please review.

Comparison is base (05f6813) 98.67% compared to head (89a8202) 98.71%.

Files Patch % Lines
...lers/oidc/pending_trusted_publishers_controller.rb 96.00% 1 Missing ⚠️
...lers/oidc/rubygem_trusted_publishers_controller.rb 97.29% 1 Missing ⚠️
app/helpers/rubygems_helper.rb 83.33% 1 Missing ⚠️
app/models/oidc/trusted_publisher/github_action.rb 98.59% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4239      +/-   ##
==========================================
+ Coverage   98.67%   98.71%   +0.04%     
==========================================
  Files         306      330      +24     
  Lines        6889     7340     +451     
==========================================
+ Hits         6798     7246     +448     
- Misses         91       94       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

martinemde
martinemde reviewed Nov 25, 2023
View reviewed changes
Copy link
Member

@martinemde martinemde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lots to read. Here's a first pass at the controllers mostly.

.rubocop.yml Show resolved Hide resolved
app/controllers/api/v1/oidc/trusted_publisher_controller.rb Show resolved Hide resolved
app/controllers/api/v1/oidc/trusted_publisher_controller.rb Show resolved Hide resolved
app/models/oidc/trusted_publisher/github_action.rb Outdated Show resolved Hide resolved
app/controllers/oidc/concerns/trusted_publisher_controller.rb Outdated Show resolved Hide resolved
app/controllers/oidc/concerns/trusted_publisher_controller.rb Outdated Show resolved Hide resolved
app/controllers/oidc/concerns/trusted_publisher_controller.rb Outdated Show resolved Hide resolved
app/controllers/api/v1/oidc/trusted_publisher_controller.rb Outdated Show resolved Hide resolved
@segiddins segiddins force-pushed the segiddins/trusted-publishers branch 2 times, most recently from c16f55f to 170448d Compare November 27, 2023 00:56
Base automatically changed from segiddins/api-key-use-owner to master November 27, 2023 17:43
@segiddins segiddins force-pushed the segiddins/trusted-publishers branch 3 times, most recently from 2303d50 to a8de46f Compare December 7, 2023 19:58
martinemde
martinemde approved these changes Dec 7, 2023
View reviewed changes
Copy link
Member

@martinemde martinemde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, impressive work. I like how the controllers look now. They look much more canonical and are easier to read. I'm excited to see this feature in action.

@segiddins segiddins force-pushed the segiddins/trusted-publishers branch 2 times, most recently from 62c19a9 to 820758f Compare December 8, 2023 20:30
@segiddins segiddins marked this pull request as ready for review December 8, 2023 20:32
indirect
indirect approved these changes Dec 9, 2023
View reviewed changes
Copy link
Member

@indirect indirect left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it worked! when we are announcing and publicizing this, can we also publish a streamlined GitHub action, so our docs/examples can look something like this:

jobs:
  push:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write
    steps:
    - uses: actions/checkout@v4
    - uses: ruby/setup-ruby@v1
    - uses: rubygems/release@v1

Moving all of the steps inside our first-party action also means that we can update the code that our clients are running if necessary.

app/avo/resources/oidc_pending_trusted_publisher_resource.rb Outdated Show resolved Hide resolved
app/views/components/oidc/trusted_publisher/github_action/form_component.rb Outdated Show resolved Hide resolved
app/views/oidc/pending_trusted_publishers/index_view.rb Show resolved Hide resolved
app/controllers/oidc/pending_trusted_publishers_controller.rb Outdated Show resolved Hide resolved
@segiddins segiddins mentioned this pull request Dec 11, 2023
Merged
@segiddins segiddins merged commit 080b8e3 into master Dec 11, 2023
17 checks passed
@segiddins segiddins deleted the segiddins/trusted-publishers branch December 11, 2023 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@indirect indirect indirect approved these changes

@martinemde martinemde martinemde approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@segiddins @indirect @martinemde