Skip to content

Add test coverage for auto-attestation skipping on non-rubygems.org hosts and JRuby #9326

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hsbt merged 3 commits into from
Feb 10, 2026
Merged

Add test coverage for auto-attestation skipping on non-rubygems.org hosts and JRuby #9326

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
53b5cb2
Initial plan
Copilot Feb 10, 2026
a235849
Add test coverage for skipping auto-attestation
Copilot Feb 10, 2026
4cd2f18
Remove raise from stub to rely on flag for test assertions
Copilot Feb 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions test/rubygems/test_gem_commands_push_command.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,55 @@ def test_execute_attestation_fallback
@fetcher.last_request["Content-Type"]
end

def test_execute_attestation_skipped_on_non_rubygems_host
@spec, @path = util_gem "freebird", "1.0.1" do |spec|
spec.metadata["allowed_push_host"] = "https://privategemserver.example"
end

@response = "Successfully registered gem: freebird (1.0.1)"
@fetcher.data["#{@spec.metadata["allowed_push_host"]}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK")

@cmd.options[:args] = [@path]

attest_called = false
@cmd.stub(:attest!, proc { attest_called = true }) do
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The attest! stub returns true, so if the code path regresses and attest! is invoked, the test will likely fail with an unrelated Gem.read_binary(true) type error before reaching the refute attest_called assertion. Consider making the stub explicitly fail (e.g., raising/flunking) to produce a clearer failure reason tied to the behavior being tested.

Suggested change
@cmd.stub(:attest!, proc { attest_called = true }) do
@cmd.stub(:attest!, proc {
attest_called = true
flunk "attest! should not be called for non-rubygems.org hosts"
}) do

Copilot uses AI. Check for mistakes.
@cmd.execute
end

refute attest_called, "attest! should not be called for non-rubygems.org hosts"
assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class
assert_equal Gem.read_binary(@path), @fetcher.last_request.body
assert_equal "application/octet-stream",
@fetcher.last_request["Content-Type"]
end

def test_execute_attestation_skipped_on_jruby
@response = "Successfully registered gem: freewill (1.0.0)"
@fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK")

@cmd.options[:args] = [@path]

attest_called = false
engine = RUBY_ENGINE
Object.send :remove_const, :RUBY_ENGINE
Object.const_set :RUBY_ENGINE, "jruby"

begin
Comment on lines +187 to +191
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RUBY_ENGINE is modified outside the begin/ensure region, so if an unexpected exception occurs during the constant swap, the original value may not be restored and could leak into other tests. Consider moving the constant swap inside the begin/ensure (or using the existing helper methods in test/rubygems/helper.rb that manage Ruby version/engine constants) to guarantee cleanup.

Suggested change
engine = RUBY_ENGINE
Object.send :remove_const, :RUBY_ENGINE
Object.const_set :RUBY_ENGINE, "jruby"
begin
begin
engine = RUBY_ENGINE
Object.send :remove_const, :RUBY_ENGINE
Object.const_set :RUBY_ENGINE, "jruby"

Copilot uses AI. Check for mistakes.
@cmd.stub(:attest!, proc { attest_called = true }) do
@cmd.execute
end
Comment on lines +192 to +194
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue as above: the attest! stub returns true, so if attest! is unexpectedly called this test will likely error out during request construction rather than failing with a clear assertion message. Prefer a stub that explicitly fails if invoked so the failure points directly at the regression.

Copilot uses AI. Check for mistakes.

refute attest_called, "attest! should not be called on JRuby"
assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class
assert_equal Gem.read_binary(@path), @fetcher.last_request.body
assert_equal "application/octet-stream",
@fetcher.last_request["Content-Type"]
ensure
Object.send :remove_const, :RUBY_ENGINE
Object.const_set :RUBY_ENGINE, engine
end
end

def test_execute_allowed_push_host
@spec, @path = util_gem "freebird", "1.0.1" do |spec|
spec.metadata["allowed_push_host"] = "https://privategemserver.example"
Expand Down
Loading