[ruby/rubygems] Honor explicit --attestation option regardless of platform and host

The send_push_request method previously skipped all attestation handling
on JRuby, non-rubygems.org hosts, or outside GitHub Actions. This meant
that even when a user explicitly passed --attestation with a local
sigstore bundle, the attestation was silently ignored. Now we check
options[:attestations] first and always use them when provided, only
gating the auto-attestation path behind the platform/host/CI checks.

ruby/rubygems@0178a0dc56

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: 2 people

lib/rubygems/commands/push_command.rb

@@ -92,8 +92,9 @@ def send_gem(name)
   private
 
   def send_push_request(name, args)
-    # Attestation is only supported on rubygems.org with GitHub Actions (not JRuby)
-    if RUBY_ENGINE != "jruby" && attestation_supported_host? && ENV["GITHUB_ACTIONS"]
+    # Always honor explicit --attestation option
+    # Auto-attestation is only supported on rubygems.org with GitHub Actions (not JRuby)
+    if options[:attestations].any? || (RUBY_ENGINE != "jruby" && attestation_supported_host? && ENV["GITHUB_ACTIONS"])
       send_push_request_with_attestation(name, args)
     else
       send_push_request_without_attestation(name, args)

test/rubygems/test_gem_commands_push_command.rb

@@ -103,26 +103,19 @@ def test_execute_host
   end
 
   def test_execute_attestation
-    omit if RUBY_ENGINE == "jruby"
-
-    ENV["GITHUB_ACTIONS"] = "true"
-    begin
-      @response = "Successfully registered gem: freewill (1.0.0)"
-      @fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK")
+    @response = "Successfully registered gem: freewill (1.0.0)"
+    @fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK")
 
-      File.write("#{@path}.sigstore.json", "attestation")
-      @cmd.options[:args] = [@path]
-      @cmd.options[:attestations] = ["#{@path}.sigstore.json"]
+    File.write("#{@path}.sigstore.json", "attestation")
+    @cmd.options[:args] = [@path]
+    @cmd.options[:attestations] = ["#{@path}.sigstore.json"]
 
-      @cmd.execute
+    @cmd.execute
 
-      assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class
-      content_length = @fetcher.last_request["Content-Length"].to_i
-      assert_equal content_length, @fetcher.last_request.body.length
-      assert_attestation_multipart Gem.read_binary("#{@path}.sigstore.json")
-    ensure
-      ENV.delete("GITHUB_ACTIONS")
-    end
+    assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class
+    content_length = @fetcher.last_request["Content-Length"].to_i
+    assert_equal content_length, @fetcher.last_request.body.length
+    assert_attestation_multipart Gem.read_binary("#{@path}.sigstore.json")
   end
 
   def test_execute_attestation_auto