bundled cacert.pem with --ssl-ca-file PATH option (#480)

* Add a bundled cacert.pem from curl's website
* Using the --ssl-ca-file PATH option overrides ENV var SSL_CA_PATH
* Having none of those allow you to use the default, the bundled cacert.pem
* Octokit's SSL config uses this new setting
* Rake task to update_ssl_ca_file
* Rubocop target 2.2
This commit is contained in:
Olle Jonsson 2017-05-24 23:43:31 +02:00 committed by GitHub
parent 4798a8a3d8
commit 26b124a67c
7 changed files with 4071 additions and 29 deletions

View File

@ -1,6 +1,7 @@
inherit_from: .rubocop_todo.yml
AllCops:
TargetRubyVersion: 2.2
DisplayCopNames: true
DisplayStyleGuide: true
Exclude:

View File

@ -1,4 +1,5 @@
# frozen_string_literal: true
require "bundler"
require "bundler/gem_tasks"
require "rubocop/rake_task"
@ -10,31 +11,10 @@ require "overcommit"
RuboCop::RakeTask.new
RSpec::Core::RakeTask.new(:rspec)
task :copy_man_page_to_manpath do |_t|
known_manpath_paths = %w(/etc/manpath.config /etc/manpaths)
manpath = known_manpath_paths.find do |f|
path = Pathname(f)
path.file? && path.readable?
end
next unless manpath
writable_man_path = Pathname(manpath).each_line.find do |line|
path = Pathname(line.chomp)
path.directory? && path.writable?
end
next unless writable_man_path
man_prefix = Pathname("#{writable_man_path.chomp}/man1")
man_pages = "man/git-*.1"
Pathname.glob(man_pages) do |path|
if path.exist? && man_prefix.exist? && man_prefix.writable?
FileUtils.cp(path, man_prefix + path.basename)
end
end
desc "When releasing the gem, re-fetch latest cacert.pem from curl.haxx.se. Developer task."
task :update_ssl_ca_file do
`pushd lib/github_changelog_generator/ssl_certs && curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pem && popd`
end
task checks: [:rubocop, :rspec]
task default: [:rubocop, :rspec]
task checks: %i[rubocop rspec]
task default: %i[rubocop rspec]

View File

@ -1,4 +1,5 @@
# frozen_string_literal: true
require "tmpdir"
require "retriable"
module GitHubChangelogGenerator
@ -42,9 +43,16 @@ module GitHubChangelogGenerator
@github_options[:access_token] = @github_token unless @github_token.nil?
@github_options[:api_endpoint] = @options[:github_endpoint] unless @options[:github_endpoint].nil?
configure_octokit_ssl
@client = Octokit::Client.new(@github_options)
end
def configure_octokit_ssl
ca_file = @options[:ssl_ca_file] || ENV["SSL_CA_FILE"] || File.expand_path("../ssl_certs/cacert.pem", __FILE__)
Octokit.connection_options = { ssl: { ca_file: ca_file } }
end
def init_cache
middleware_opts = {
serializer: Marshal,

View File

@ -43,6 +43,7 @@ module GitHubChangelogGenerator
:release_url,
:simple_list,
:since_tag,
:ssl_ca_file,
:token,
:unreleased,
:unreleased_label,

View File

@ -1,5 +1,6 @@
#!/usr/bin/env ruby
# frozen_string_literal: true
require "optparse"
require "pp"
require_relative "version"
@ -176,6 +177,9 @@ module GitHubChangelogGenerator
opts.on("--cache-log [CACHE-LOG]", "Filename to use for cache log. Default is github-changelog-logger.log in a temporary directory.") do |cache_log|
options[:cache_log] = cache_log
end
opts.on("--ssl-ca-file [PATH]", "Path to cacert.pem file. Default is a bundled lib/github_changelog_generator/ssl_certs/cacert.pem. Respects SSL_CA_PATH.") do |ssl_ca_file|
options[:ssl_ca_file] = ssl_ca_file
end
opts.on("--[no-]verbose", "Run verbosely. Default is true") do |v|
options[:verbose] = v
end
@ -206,12 +210,13 @@ module GitHubChangelogGenerator
unreleased: true,
unreleased_label: "Unreleased",
compare_link: true,
enhancement_labels: %w(enhancement Enhancement),
bug_labels: %w(bug Bug),
exclude_labels: %w(duplicate question invalid wontfix Duplicate Question Invalid Wontfix),
enhancement_labels: %w[enhancement Enhancement],
bug_labels: %w[bug Bug],
exclude_labels: %w[duplicate question invalid wontfix Duplicate Question Invalid Wontfix],
issue_line_labels: [],
max_issues: nil,
simple_list: false,
ssl_ca_file: nil,
verbose: true,
header: "# Change Log",
merge_prefix: "**Merged pull requests:**",

File diff suppressed because it is too large Load Diff

View File

@ -179,6 +179,10 @@ Automatically generate change log from your tags, issues, labels and pull reques
Filename to use for cache log. Default is github-changelog-logger.log in a temporary directory.
--ssl-ca-file [PATH]
Path to cacert.pem file. Default is a bundled lib/github_changelog_generator/ssl_certs/cacert.pem. Respects SSL_CA_PATH.
--[no-]verbose
Run verbosely. Default is true