bundled cacert.pem with --ssl-ca-file PATH option (#480)

* Add a bundled cacert.pem from curl's website
* Using the --ssl-ca-file PATH option overrides ENV var SSL_CA_PATH
* Having none of those allow you to use the default, the bundled cacert.pem
* Octokit's SSL config uses this new setting
* Rake task to update_ssl_ca_file
* Rubocop target 2.2

.rubocop.yml

@@ -1,6 +1,7 @@
 inherit_from: .rubocop_todo.yml
 
 AllCops:
+  TargetRubyVersion: 2.2
   DisplayCopNames: true
   DisplayStyleGuide: true
   Exclude:

Rakefile

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require "bundler"
 require "bundler/gem_tasks"
 require "rubocop/rake_task"
@@ -10,31 +11,10 @@ require "overcommit"
 RuboCop::RakeTask.new
 RSpec::Core::RakeTask.new(:rspec)
 
-task :copy_man_page_to_manpath do |_t|
+desc "When releasing the gem, re-fetch latest cacert.pem from curl.haxx.se. Developer task."
-  known_manpath_paths = %w(/etc/manpath.config /etc/manpaths)
+task :update_ssl_ca_file do
-  manpath = known_manpath_paths.find do |f|
+  `pushd lib/github_changelog_generator/ssl_certs && curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pem && popd`
-    path = Pathname(f)
-    path.file? && path.readable?
 end
 
-  next unless manpath
+task checks: %i[rubocop rspec]
-
+task default: %i[rubocop rspec]
-  writable_man_path = Pathname(manpath).each_line.find do |line|
-    path = Pathname(line.chomp)
-    path.directory? && path.writable?
-  end
-
-  next unless writable_man_path
-
-  man_prefix = Pathname("#{writable_man_path.chomp}/man1")
-  man_pages = "man/git-*.1"
-
-  Pathname.glob(man_pages) do |path|
-    if path.exist? && man_prefix.exist? && man_prefix.writable?
-      FileUtils.cp(path, man_prefix + path.basename)
-    end
-  end
-end
-
-task checks: [:rubocop, :rspec]
-task default: [:rubocop, :rspec]

lib/github_changelog_generator/octo_fetcher.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require "tmpdir"
 require "retriable"
 module GitHubChangelogGenerator
@@ -42,9 +43,16 @@ module GitHubChangelogGenerator
       @github_options[:access_token] = @github_token unless @github_token.nil?
       @github_options[:api_endpoint] = @options[:github_endpoint] unless @options[:github_endpoint].nil?
 
+      configure_octokit_ssl
+
       @client = Octokit::Client.new(@github_options)
     end
 
+    def configure_octokit_ssl
+      ca_file = @options[:ssl_ca_file] || ENV["SSL_CA_FILE"] || File.expand_path("../ssl_certs/cacert.pem", __FILE__)
+      Octokit.connection_options = { ssl: { ca_file: ca_file } }
+    end
+
     def init_cache
       middleware_opts = {
         serializer: Marshal,

lib/github_changelog_generator/options.rb

@@ -43,6 +43,7 @@ module GitHubChangelogGenerator
       :release_url,
       :simple_list,
       :since_tag,
+      :ssl_ca_file,
       :token,
       :unreleased,
       :unreleased_label,

lib/github_changelog_generator/parser.rb

@@ -1,5 +1,6 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
+
 require "optparse"
 require "pp"
 require_relative "version"
@@ -176,6 +177,9 @@ module GitHubChangelogGenerator
         opts.on("--cache-log [CACHE-LOG]", "Filename to use for cache log. Default is github-changelog-logger.log in a temporary directory.") do |cache_log|
           options[:cache_log] = cache_log
         end
+        opts.on("--ssl-ca-file [PATH]", "Path to cacert.pem file. Default is a bundled lib/github_changelog_generator/ssl_certs/cacert.pem. Respects SSL_CA_PATH.") do |ssl_ca_file|
+          options[:ssl_ca_file] = ssl_ca_file
+        end
         opts.on("--[no-]verbose", "Run verbosely. Default is true") do |v|
           options[:verbose] = v
         end
@@ -206,12 +210,13 @@ module GitHubChangelogGenerator
         unreleased: true,
         unreleased_label: "Unreleased",
         compare_link: true,
-        enhancement_labels: %w(enhancement Enhancement),
+        enhancement_labels: %w[enhancement Enhancement],
-        bug_labels: %w(bug Bug),
+        bug_labels: %w[bug Bug],
-        exclude_labels: %w(duplicate question invalid wontfix Duplicate Question Invalid Wontfix),
+        exclude_labels: %w[duplicate question invalid wontfix Duplicate Question Invalid Wontfix],
         issue_line_labels: [],
         max_issues: nil,
         simple_list: false,
+        ssl_ca_file: nil,
         verbose: true,
         header: "# Change Log",
         merge_prefix: "**Merged pull requests:**",

man/git-generate-changelog.md

@@ -179,6 +179,10 @@ Automatically generate change log from your tags, issues, labels and pull reques
 
    Filename to use for cache log. Default is github-changelog-logger.log in a temporary directory.
 
+    --ssl-ca-file [PATH]
+
+   Path to cacert.pem file. Default is a bundled lib/github_changelog_generator/ssl_certs/cacert.pem.  Respects SSL_CA_PATH.
+
    --[no-]verbose
 
    Run verbosely. Default is true