Class: Gem::Guardian::ProvenanceVerifier

Inherits:

Object

Object
Gem::Guardian::ProvenanceVerifier

show all

Defined in:: lib/gem/guardian/provenance_verifier.rb

Overview

Verifies RubyGems Trusted Publishing provenance metadata.

Instance Method Summary collapse

#initialize(client: RubygemsClient.new, github_release_verifier: GitHubReleaseVerifier.new) ⇒ ProvenanceVerifier constructor
A new instance of ProvenanceVerifier.
#verify(dependency, artifact_sha256: nil) ⇒ Object
Verifies Trusted Publishing provenance for +dependency+.
#verify_all(results) ⇒ Object
Verifies provenance for each dependency-result pair.

Constructor Details

#initialize(client: RubygemsClient.new, github_release_verifier: GitHubReleaseVerifier.new) ⇒ `ProvenanceVerifier`

Returns a new instance of ProvenanceVerifier.

# File 'lib/gem/guardian/provenance_verifier.rb', line 18

def initialize(client: RubygemsClient.new, github_release_verifier: GitHubReleaseVerifier.new)
  @client = client
  @github_release_verifier = github_release_verifier
end

Instance Method Details

#verify(dependency, artifact_sha256: nil) ⇒ `Object`

Verifies Trusted Publishing provenance for +dependency+.

# File 'lib/gem/guardian/provenance_verifier.rb', line 24

def verify(dependency, artifact_sha256: nil)
  provenance = @client.trusted_publishing_provenance(dependency)
  return unsupported_result(dependency) unless provenance

  build_result(dependency, provenance, artifact_sha256)
rescue StandardError => e
  error_result(dependency, artifact_sha256, e)
end

#verify_all(results) ⇒ `Object`

Verifies provenance for each dependency-result pair.



34
35
36

# File 'lib/gem/guardian/provenance_verifier.rb', line 34

def verify_all(results)
  results.map { |result| verify(result.dependency, artifact_sha256: result.actual_sha256) }
end