[ruby/rubygems] Use Tempfile for auto-attestation bundles and clean up after use

ruby/rubygems@498401c010

Co-authored-by: hsbt <12301+hsbt@users.noreply.github.com>

Author: 2 people

lib/rubygems/commands/push_command.rb

@@ -121,7 +121,12 @@ def send_push_request_with_attestation(name, args)
         Gem.read_binary(attestation)
       end
     else
-      [Gem.read_binary(attest!(name))]
+      bundle_path = attest!(name)
+      begin
+        [Gem.read_binary(bundle_path)]
+      ensure
+        File.unlink(bundle_path) if bundle_path && File.exist?(bundle_path)
+      end
     end
     bundles = "[" + attestations.join(",") + "]"
 
@@ -136,8 +141,12 @@ def send_push_request_with_attestation(name, args)
 
   def attest!(name)
     require "open3"
+    require "tempfile"
+
+    tempfile = Tempfile.new([File.basename(name, ".*"), ".sigstore.json"])
+    bundle = tempfile.path
+    tempfile.close(false)
 
-    bundle = "#{name}.sigstore.json"
     env = defined?(Bundler.unbundled_env) ? Bundler.unbundled_env : ENV.to_h
     out, st = Open3.capture2e(
       env,

test/rubygems/test_gem_commands_push_command.rb

@@ -123,7 +123,8 @@ def test_execute_attestation_auto
     @fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK")
 
     attestation_path = "#{@path}.sigstore.json"
-    File.write(attestation_path, "auto-attestation")
+    attestation_content = "auto-attestation"
+    File.write(attestation_path, attestation_content)
     @cmd.options[:args] = [@path]
 
     @cmd.stub(:attest!, attestation_path) do
@@ -133,7 +134,7 @@ def test_execute_attestation_auto
     assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class
     content_length = @fetcher.last_request["Content-Length"].to_i
     assert_equal content_length, @fetcher.last_request.body.length
-    assert_attestation_multipart Gem.read_binary(attestation_path)
+    assert_attestation_multipart attestation_content
   end
 
   def test_execute_attestation_fallback