Module: Makit::RubyGems

Defined in:: lib/makit/rubygems.rb

Overview

RubyGems operations helper module Provides centralized RubyGems functionality, starting with credential management

Class Method Summary collapse

.credential_setup_instructions ⇒ String

Generates context-aware credential setup instructions Prioritizes methods based on detected configuration (Azure Key Vault, LocalSecrets, or neither).
.get_api_key ⇒ String^?

Retrieves RubyGems API key from secrets management system or credentials file Priority: 1) Secrets (RUBYGEMS_API_KEY or rubygems_api_key), 2) ~/.gem/credentials file.
.sync_credentials_from_secrets(api_key) ⇒ void

Syncs API key from secrets to ~/.gem/credentials file Only updates if file doesn’t exist or API key is different Sets file permissions to 600 (owner read/write only) for security.
.validate_api_key_format(api_key) ⇒ Boolean

Validates API key format (basic validation) Checks: non-empty, length >= 20, valid characters (alphanumeric, hyphens, underscores).

Class Method Details

.credential_setup_instructions ⇒ `String`

Generates context-aware credential setup instructions Prioritizes methods based on detected configuration (Azure Key Vault, LocalSecrets, or neither)

Returns:

(String) —

Formatted error message with setup instructions

# File 'lib/makit/rubygems.rb', line 93

def self.credential_setup_instructions
  methods = []
  
  # Detect configuration and prioritize
  azure_configured = ENV["AZURE_SERVICE_PRINCIPAL_APP_ID"] && !ENV["AZURE_SERVICE_PRINCIPAL_APP_ID"].empty? &&
                     ENV["AZURE_KEYVAULT_NAME"] && !ENV["AZURE_KEYVAULT_NAME"].empty?

  if azure_configured
    methods << "1. Using Azure Key Vault (recommended for your setup):"
    methods << "   az login"
    methods << "   az keyvault secret set \\"
    methods << "     --vault-name '#{ENV["AZURE_KEYVAULT_NAME"]}' \\"
    methods << "     --name RUBYGEMS_API_KEY \\"
    methods << "     --value 'your-api-key-here'"
    methods << ""
    methods << "   For full Azure Key Vault setup, see: docs/azure-keyvault-permissions.md"
    methods << ""
    methods << "2. Using Local Secrets:"
    methods << "   rake secrets  # Check current secrets"
    methods << "   # Edit ~/.makit/secrets.json and add:"
    methods << "   #   \"RUBYGEMS_API_KEY\": \"your-api-key-here\""
  else
    methods << "1. Using Secrets Management (recommended):"
    methods << "   rake secrets  # Check current secrets"
    methods << "   # Edit ~/.makit/secrets.json and add:"
    methods << "   #   \"RUBYGEMS_API_KEY\": \"your-api-key-here\""
    methods << ""
    methods << "   For Azure Key Vault setup, see: docs/azure-keyvault-permissions.md"
  end

  methods << ""
  methods << "3. Using gem signin:"
  methods << "   gem signin"
  methods << "   Follow the prompts to enter your RubyGems username and password."
  methods << ""
  methods << "4. Manual credentials file:"
  methods << "   a. Get your API key from: https://rubygems.org/api_keys"
  methods << "   b. Create ~/.gem/credentials with the following content:"
  methods << "      :rubygems_api_key: YOUR_API_KEY_HERE"

  "Error: RubyGems credentials not found\n\nTo set up credentials, choose one of the following methods:\n\n#{methods.join("\n")}\n\nFor detailed instructions, see: docs/RUBYGEMS_PUBLISHING.md"
end

.get_api_key ⇒ `String`^?

Retrieves RubyGems API key from secrets management system or credentials file Priority: 1) Secrets (RUBYGEMS_API_KEY or rubygems_api_key), 2) ~/.gem/credentials file

Returns:

(String, nil) —

API key if found, nil otherwise

# File 'lib/makit/rubygems.rb', line 15

def self.get_api_key
  # Priority 1: Check secrets management system
  begin
    secrets = Makit::Secrets.new
    api_key = secrets.get("RUBYGEMS_API_KEY") || secrets.get("rubygems_api_key")
    return api_key if api_key && !api_key.empty?
  rescue StandardError => e
    # Secrets backend may be unavailable (network error, auth failure, etc.)
    # Fall back to credentials file with warning
    credentials_file = File.expand_path("~/.gem/credentials")
    if File.exist?(credentials_file)
      warn "  Warning: Secrets backend unavailable (#{e.class.name}), falling back to ~/.gem/credentials".colorize(:yellow)
    end
  end

  # Priority 2: Check ~/.gem/credentials file
  credentials_file = File.expand_path("~/.gem/credentials")
  if File.exist?(credentials_file)
    begin
      credentials = YAML.load_file(credentials_file)
      api_key = credentials[:rubygems_api_key] if credentials && credentials[:rubygems_api_key]
      return api_key if api_key && !api_key.empty?
    rescue StandardError => e
      # Credentials file may be malformed
      # Will be handled by error messages
    end
  end

  nil
end

.sync_credentials_from_secrets(api_key) ⇒ `void`

This method returns an undefined value.

Syncs API key from secrets to ~/.gem/credentials file Only updates if file doesn’t exist or API key is different Sets file permissions to 600 (owner read/write only) for security

Parameters:

api_key (String) —

The API key to sync

# File 'lib/makit/rubygems.rb', line 62

def self.sync_credentials_from_secrets(api_key)
  return if api_key.nil? || api_key.empty?

  credentials_file = File.expand_path("~/.gem/credentials")
  
  # Check if file exists and has same API key
  if File.exist?(credentials_file)
    begin
      require "yaml"
      existing_credentials = YAML.load_file(credentials_file)
      existing_key = existing_credentials[:rubygems_api_key] if existing_credentials
      return if existing_key == api_key # No update needed
    rescue StandardError
      # File may be malformed, proceed with update
    end
  end

  # Create or update credentials file
  credentials_dir = File.dirname(credentials_file)
  FileUtils.mkdir_p(credentials_dir) unless Dir.exist?(credentials_dir)

  credentials_content = { rubygems_api_key: api_key }.to_yaml
  File.write(credentials_file, credentials_content)
  File.chmod(0o600, credentials_file) # rw------- (owner read/write only)

  puts "  Updated ~/.gem/credentials from secrets".colorize(:green)
end

.validate_api_key_format(api_key) ⇒ `Boolean`

Validates API key format (basic validation) Checks: non-empty, length >= 20, valid characters (alphanumeric, hyphens, underscores)

Parameters:

api_key (String, nil) —

The API key to validate

Returns:

(Boolean) —

true if valid, false otherwise

# File 'lib/makit/rubygems.rb', line 50

def self.validate_api_key_format(api_key)
  return false if api_key.nil? || api_key.strip.empty?
  return false if api_key.length < 20
  return false unless api_key.match?(/\A[a-zA-Z0-9_-]+\z/)
  true
end

Module: Makit::RubyGems

Overview

Class Method Summary collapse

Class Method Details

.credential_setup_instructions ⇒ String

.get_api_key ⇒ String?

.sync_credentials_from_secrets(api_key) ⇒ void

.validate_api_key_format(api_key) ⇒ Boolean

.credential_setup_instructions ⇒ `String`

.get_api_key ⇒ `String`^?

.sync_credentials_from_secrets(api_key) ⇒ `void`

.validate_api_key_format(api_key) ⇒ `Boolean`