Class: Gem::Guardian::GitHubReleaseVerifier

Inherits:

Object

Object
Gem::Guardian::GitHubReleaseVerifier

show all

Defined in:: lib/gem/guardian/github_release_verifier.rb

Overview

Verifies GitHub release checksum, signature, and attestation metadata. rubocop:disable Metrics/ClassLength, Metrics/MethodLength, Metrics/ParameterLists, Metrics/CyclomaticComplexity

Instance Method Summary collapse

#initialize(client: GitHubClient.new) ⇒ GitHubReleaseVerifier constructor
A new instance of GitHubReleaseVerifier.
#verify(provenance) ⇒ Object
Verifies GitHub release metadata for +provenance+.

Constructor Details

#initialize(client: GitHubClient.new) ⇒ `GitHubReleaseVerifier`

Returns a new instance of GitHubReleaseVerifier.



19
20
21

# File 'lib/gem/guardian/github_release_verifier.rb', line 19

def initialize(client: GitHubClient.new)
  @client = client
end

Instance Method Details

#verify(provenance) ⇒ `Object`

Verifies GitHub release metadata for +provenance+. rubocop:disable Metrics/AbcSize

# File 'lib/gem/guardian/github_release_verifier.rb', line 25

def verify(provenance)
  repository = github_repository(provenance.repository)
  tag_candidates = github_tag_candidates(provenance)
  return unsupported_result(provenance, repository, tag_candidates.first) unless repository && tag_candidates.any?

  release, tag = release_for(repository, tag_candidates)
  return unsupported_result(provenance, repository, tag) unless release

  checksum_assets = discovered_assets(release, checksum_asset_name?)
  signature_assets = discovered_assets(release, signature_asset_name?)
  tag_verification = @client.tag_verification(repository, tag)
  build_release_result(provenance, repository, tag, checksum_assets, signature_assets, tag_verification, release)
rescue StandardError => e
  error_result(provenance, repository, tag, e)
end