[ruby/rubygems] Reverse to use attestation condition

ruby/rubygems@ea1f43c4ae

Author: hsbt

lib/rubygems/commands/push_command.rb

@@ -92,14 +92,10 @@ def send_gem(name)
   private
 
   def send_push_request(name, args)
-    if RUBY_ENGINE == "jruby" || !attestation_supported_host?
-      return send_push_request_without_attestation(name, args)
-    end
-
-    begin
+    # Attestation is only supported on rubygems.org with GitHub Actions (not JRuby)
+    if RUBY_ENGINE != "jruby" && attestation_supported_host? && ENV["GITHUB_ACTIONS"]
       send_push_request_with_attestation(name, args)
-    rescue StandardError => e
-      alert_warning "Failed to push with attestation, retrying without attestation.\n#{e.full_message}"
+    else
       send_push_request_without_attestation(name, args)
     end
   end
@@ -137,6 +133,9 @@ def send_push_request_with_attestation(name, args)
       ], "multipart/form-data")
       request.add_field "Authorization", api_key
     end
+  rescue StandardError => e
+    alert_warning "Failed to push with attestation, retrying without attestation.\n#{e.full_message}"
+    send_push_request_without_attestation(name, args)
   end
 
   def attest!(name)

test/rubygems/test_gem_commands_push_command.rb

@@ -105,61 +105,76 @@ def test_execute_host
   def test_execute_attestation
     omit if RUBY_ENGINE == "jruby"
 
-    @response = "Successfully registered gem: freewill (1.0.0)"
-    @fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK")
+    ENV["GITHUB_ACTIONS"] = "true"
+    begin
+      @response = "Successfully registered gem: freewill (1.0.0)"
+      @fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK")
 
-    File.write("#{@path}.sigstore.json", "attestation")
-    @cmd.options[:args] = [@path]
-    @cmd.options[:attestations] = ["#{@path}.sigstore.json"]
+      File.write("#{@path}.sigstore.json", "attestation")
+      @cmd.options[:args] = [@path]
+      @cmd.options[:attestations] = ["#{@path}.sigstore.json"]
 
-    @cmd.execute
+      @cmd.execute
 
-    assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class
-    content_length = @fetcher.last_request["Content-Length"].to_i
-    assert_equal content_length, @fetcher.last_request.body.length
-    assert_attestation_multipart Gem.read_binary("#{@path}.sigstore.json")
+      assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class
+      content_length = @fetcher.last_request["Content-Length"].to_i
+      assert_equal content_length, @fetcher.last_request.body.length
+      assert_attestation_multipart Gem.read_binary("#{@path}.sigstore.json")
+    ensure
+      ENV.delete("GITHUB_ACTIONS")
+    end
   end
 
   def test_execute_attestation_auto
     omit if RUBY_ENGINE == "jruby"
 
-    @response = "Successfully registered gem: freewill (1.0.0)"
-    @fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK")
+    ENV["GITHUB_ACTIONS"] = "true"
+    begin
+      @response = "Successfully registered gem: freewill (1.0.0)"
+      @fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK")
 
-    attestation_path = "#{@path}.sigstore.json"
-    attestation_content = "auto-attestation"
-    File.write(attestation_path, attestation_content)
-    @cmd.options[:args] = [@path]
+      attestation_path = "#{@path}.sigstore.json"
+      attestation_content = "auto-attestation"
+      File.write(attestation_path, attestation_content)
+      @cmd.options[:args] = [@path]
 
-    @cmd.stub(:attest!, attestation_path) do
-      @cmd.execute
-    end
+      @cmd.stub(:attest!, attestation_path) do
+        @cmd.execute
+      end
 
-    assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class
-    content_length = @fetcher.last_request["Content-Length"].to_i
-    assert_equal content_length, @fetcher.last_request.body.length
-    assert_attestation_multipart attestation_content
+      assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class
+      content_length = @fetcher.last_request["Content-Length"].to_i
+      assert_equal content_length, @fetcher.last_request.body.length
+      assert_attestation_multipart attestation_content
+    ensure
+      ENV.delete("GITHUB_ACTIONS")
+    end
   end
 
   def test_execute_attestation_fallback
     omit if RUBY_ENGINE == "jruby"
 
-    @response = "Successfully registered gem: freewill (1.0.0)"
-    @fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK")
+    ENV["GITHUB_ACTIONS"] = "true"
+    begin
+      @response = "Successfully registered gem: freewill (1.0.0)"
+      @fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK")
 
-    @cmd.options[:args] = [@path]
+      @cmd.options[:args] = [@path]
 
-    @cmd.stub(:attest!, proc { raise Gem::Exception, "boom" }) do
-      use_ui @ui do
-        @cmd.execute
+      @cmd.stub(:attest!, proc { raise Gem::Exception, "boom" }) do
+        use_ui @ui do
+          @cmd.execute
+        end
       end
-    end
 
-    assert_match "Failed to push with attestation, retrying without attestation.", @ui.error
-    assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class
-    assert_equal Gem.read_binary(@path), @fetcher.last_request.body
-    assert_equal "application/octet-stream",
-                 @fetcher.last_request["Content-Type"]
+      assert_match "Failed to push with attestation, retrying without attestation.", @ui.error
+      assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class
+      assert_equal Gem.read_binary(@path), @fetcher.last_request.body
+      assert_equal "application/octet-stream",
+                   @fetcher.last_request["Content-Type"]
+    ensure
+      ENV.delete("GITHUB_ACTIONS")
+    end
   end
 
   def test_execute_attestation_skipped_on_non_rubygems_host