Merge branch 'release/v1.1.8' into 'main'

Release v1.1.8

See merge request oauth-xx/version_gem!4

Author: pboling

.github/workflows/coverage.yml

@@ -49,12 +49,6 @@ jobs:
             bundler: latest
 
     steps:
-      - uses: amancevice/setup-code-climate@v2
-        name: CodeClimate Install
-        if: ${{ github.event_name != 'pull_request' }}
-        with:
-          cc_test_reporter_id: ${{ secrets.CC_TEST_REPORTER_ID }}
-
       - name: Checkout
         uses: actions/checkout@v4
 

.gitlab-ci.yml

@@ -0,0 +1,39 @@
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
+#stages:
+#  - test
+#sast:
+#  stage: test
+#include:
+#  - template: Security/SAST.gitlab-ci.yml
+
+variables:
+  K_SOUP_COV_DEBUG: true
+  K_SOUP_COV_DO: true
+  K_SOUP_COV_HARD: true
+  K_SOUP_COV_MIN_BRANCH: 100
+  K_SOUP_COV_MIN_LINE: 100
+  K_SOUP_COV_VERBOSE: true
+  K_SOUP_COV_FORMATTERS: "html,rcov,lcov,json,tty"
+  K_SOUP_COV_MULTI_FORMATTERS: true
+  K_SOUP_COV_COMMAND_NAME: "RSpec Coverage"
+
+default:
+  image: ruby:3.4.3
+
+  before_script:
+    - gem update --silent --system
+    - mkdir -p vendor/bundle
+    - bundle config set path 'vendor/bundle'
+    - chmod +t -R vendor/bundle
+    - chmod o-w -R vendor/bundle
+    - bundle install --jobs 4 --retry 3
+
+run_tests:
+  script:
+    - bundle exec rake

Appraisal.root.gemfile

@@ -6,8 +6,8 @@ source "https://rubygems.org"
 
 # Appraisal Root Gemfile is for running appraisal to generate the Appraisal Gemfiles
 #   in gemfiles/*gemfile.
-# On CI, we use it for the Appraisal-based builds.
-# We do not load the standard Gemfile, as it is tailored for local development.
+# On GHA CI, we use it for the Appraisal-based builds.
+# We do not load the standard Gemfile, as it is tailored for local development & GitLab CI.
 
 gemspec
 

CHANGELOG.md

@@ -22,12 +22,24 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Fixed
 ### Removed
 
+## [1.1.8] 2025-05-06 ([tag][1.1.8t])
+- Line Coverage: 100.0% (117 / 117)
+- Branch Coverage: 100.0% (4 / 4)
+- 84.62% documented
+### Added
+- CITATION.cff (@pboling)
+- Cryptographically signed with new 20-year cert (@pboling)
+  - expires 2045-04-29
+- Improved documentation (@pboling)
+- Addressed entire REEK list (@pboling)
+- GitLab CI, as an addition to existing GHA (@pboling)
+
 ## [1.1.7] 2025-04-15 ([tag][1.1.7t])
 - Line Coverage: 100.0% (117 / 117)
 - Branch Coverage: 100.0% (4 / 4)
--  76.92% documented
+- 76.92% documented
 ### Added
-- Support for Epoch Semantic Versioning
+- Support for Epoch Semantic Versioning (@pboling)
   - `extend VersionGem::Epoch` in your library's `MyLib::Version` module
 - Support for JRuby 10 (@pboling)
 - More documentation (@pboling)
@@ -130,7 +142,9 @@ Please file a bug if you notice a violation of semantic versioning.
 ### Added
 - Initial release, with basic version parsing API (@pboling)
 
-[Unreleased]: https://gitlab.com/oauth-xx/version_gem/-/compare/v1.1.7...main
+[Unreleased]: https://gitlab.com/oauth-xx/version_gem/-/compare/v1.1.8...main
+[1.1.8]: https://gitlab.com/oauth-xx/version_gem/-/compare/v1.1.7...v1.1.8
+[1.1.8t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.1.8
 [1.1.7]: https://gitlab.com/oauth-xx/version_gem/-/compare/v1.1.6...v1.1.7
 [1.1.7t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v1.1.7
 [1.1.6]: https://gitlab.com/oauth-xx/version_gem/-/compare/v1.1.5...v1.1.6

CITATION.cff

@@ -0,0 +1,20 @@
+cff-version: 1.2.0
+title: VersionGem
+message: >-
+  If you use this work and you want to cite it,
+  then you can use the metadata from this file.
+type: software
+authors:
+  - given-names: Peter Hurn
+    family-names: Boling
+    email: [email protected]
+    affiliation: railsbling.com
+    orcid: 'https://orcid.org/0009-0008-8519-441X'
+identifiers:
+  - type: url
+    value: 'https://github.com/oauth-xx/version_gem/'
+    description: VersionGem
+repository-code: 'https://github.com/oauth-xx/version_gem/'
+abstract: >-
+  VersionGem
+license: See license file

CONTRIBUTING.md

@@ -84,11 +84,14 @@ Also see GitLab Contributors: [https://gitlab.com/oauth-xx/version_gem/-/graphs/
 
 ### One-time, Per-maintainer, Setup
 
-**IMPORTANT**: Your public key for signing gems will need to be picked up by the line in the
-`gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there),
-in order to sign the new release.
+**IMPORTANT**: If you want to sign the build you create,
+your public key for signing gems will need to be picked up by the line in the
+`gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there).
+All releases to RubyGems.org will be signed.
 See: [RubyGems Security Guide][🔒️rubygems-security-guide]
 
+NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some value in your environment.
+
 ### To release a new version:
 
 1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check

Gemfile

@@ -6,7 +6,8 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" }
 
 #### IMPORTANT #######################################################
-# Gemfile is for local development ONLY; Gemfile is NOT loaded in CI #
+# Gemfile is for local development and GitLab CI                     #
+# Gemfile is NOT loaded in GitHub Actions CI                         #
 ####################################################### IMPORTANT ####
 
 # For Ruby version specific dependencies
@@ -27,8 +28,6 @@ platform :mri do
 
   # Dev Console - Binding.pry - Irb replacement
   gem "pry", "~> 0.14"                     # ruby >= 2.0
-
-  gem "reek", "~> 6.4"
 end
 
 # Security Audit

Gemfile.lock

@@ -8,10 +8,22 @@ GIT
       rake (>= 10)
       thor (>= 0.14)
 
+GIT
+  remote: https://github.com/pboling/yard-junk
+  revision: 54ccebabbfa9a9cd44d0b991687ebbfd22c32b55
+  branch: next
+  specs:
+    yard-junk (0.0.10)
+      backports (>= 3.18)
+      benchmark
+      ostruct
+      rainbow
+      yard
+
 PATH
   remote: .
   specs:
-    version_gem (1.1.7)
+    version_gem (1.1.8)
 
 GEM
   remote: https://rubygems.org/
@@ -123,11 +135,11 @@ GEM
     rspec-expectations (3.13.4)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.3)
+    rspec-mocks (3.13.4)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.3)
-    rubocop (1.75.4)
+    rubocop (1.75.5)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -224,11 +236,6 @@ GEM
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
     yard (0.9.37)
-    yard-junk (0.0.10)
-      backports (>= 3.18)
-      ostruct
-      rainbow
-      yard
     zeitwerk (2.7.2)
 
 PLATFORMS
@@ -252,14 +259,15 @@ DEPENDENCIES
   reek (~> 6.4)
   rspec (~> 3.13)
   rspec-block_is_expected (~> 1.0)
+  rubocop (~> 1.73, >= 1.73.2)
   rubocop-lts (~> 8.1, >= 8.1.1)
   rubocop-packaging (~> 0.5, >= 0.5.2)
   rubocop-rspec (~> 3.2)
-  standard (>= 1.35.1, != 1.42.0, != 1.41.1)
+  standard (~> 1.47)
   stone_checksums (~> 1.0)
   version_gem!
   yard (~> 0.9, >= 0.9.37)
-  yard-junk (~> 0.0, >= 0.0.10)
+  yard-junk (~> 0.0, >= 0.0.10)!
 
 BUNDLED WITH
    2.6.8

README.md

@@ -1,4 +1,4 @@
-# VersionGem
+# 🔖 VersionGem
 
 [![Version][👽versioni]][👽version]
 [![License: MIT][📄license-img]][📄license-ref]
@@ -29,7 +29,7 @@
 [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi]
 [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
 
-## Alternatives
+## 🧐 Alternatives
 
 This gem has a very niche purpose, which is:
 
@@ -47,7 +47,7 @@ gem from the Alchemists, or _[version_sorter](https://rubygems.org/gems/version_
 
 For more discussion about this [see issue #2](https://gitlab.com/oauth-xx/version_gem/-/issues/2)
 
-## Still here?
+## 🚀 Still here?
 
 Give your next library an introspectable `Version` module without breaking your Gemspec.
 
@@ -65,7 +65,7 @@ This library was extracted from the gem _[oauth2](https://gitlab.com/oauth-xx/oa
 
 This gem has no runtime dependencies.
 
-## Info you can shake a stick at
+## 💡 Info you can shake a stick at
 
 | Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                          |
 |-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -79,9 +79,9 @@ This gem has no runtime dependencies.
 | Expert 1:1 Support      | [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] `or` [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                                                                                                                                                                    |
 | Enterprise Support      | [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]<br/>💡Subscribe for support guarantees covering _all_ FLOSS dependencies!<br/>💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]!<br/>💡Tidelift pays maintainers to maintain the software you depend on!<br/>📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers! |
 | Comrade BDFL 🎖️        | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                              |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme]                                                                                                                                                                                                                             |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                   |
 
-## Installation
+## ✨ Installation
 
 Install the gem and add to the application's Gemfile by executing:
 
@@ -91,7 +91,36 @@ If bundler is not being used to manage dependencies, install the gem by executin
 
     $ gem install version_gem
 
-## Basic Usage
+### 🔒 Secure Installation
+
+`version_gem` is cryptographically signed. Be sure the gem you install hasn’t been tampered with
+by following the instructions below.
+
+Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
+
+```shell
+gem cert --add <(curl -Ls https://raw.github.com/oauth-xx/version_gem/master/certs/pboling.pem)
+```
+
+You only need to do that once.  Then proceed to install with:
+
+```shell
+gem install version_gem -P MediumSecurity
+```
+
+The `MediumSecurity` trust profile will verify signed gems, but allow the installation of unsigned dependencies.
+
+This is necessary because not all of `version_gem`’s dependencies are signed, so we cannot use `HighSecurity`.
+
+If you want to up your security game full-time:
+
+```shell
+bundle config set --global trust-policy MediumSecurity
+```
+
+NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.
+
+## 🔧 Basic Usage
 
 In the standard `bundle gem my_lib` code you get the following in `lib/my_lib/version.rb`:
 
@@ -250,7 +279,7 @@ MyLib::Version.to_a # => [1, 24, 3, 8]
 MyLib::Version.to_h # => { epoch: 1, major: 24, minor: 3, patch: 8, pre: "" }
 ```
 
-## Usage with Zeitwerk
+### Usage with Zeitwerk
 
 The pattern of `version.rb` breaking the ruby convention of directory / path matching the namespace / class
 is so entrenched that the `zeitwerk` library has a special carve-out for it. 🥺
@@ -420,7 +449,7 @@ It is obvious to many, but not all, and since the spec is silent, the bike shedd
 
 > dropping support for a platform is both obviously and objectively a breaking change
 
-- Jordan Harband (@ljharb) [in SemVer issue 716][📌semver-breaking]
+- Jordan Harband (@ljharb, maintainer of SemVer) [in SemVer issue 716][📌semver-breaking]
 
 To get a better understanding of how SemVer is intended to work over a project's lifetime,
 read this article from the creator of SemVer:
@@ -487,14 +516,18 @@ or one of the others at the head of this README.
 [💖💲crunchbase-img]: https://img.shields.io/badge/peter--boling-purple?style=flat&logo=crunchbase
 [💖🐘ruby-mast]: https://ruby.social/@galtzo
 [💖🐘ruby-mast-img]: https://img.shields.io/mastodon/follow/109447111526622197?domain=https%3A%2F%2Fruby.social&style=flat&logo=mastodon&label=Ruby%20%40galtzo
-[💖🦋bluesky]: https://galtzo.bsky.social
-[💖🦋bluesky-img]: https://img.shields.io/badge/@galtzo.bsky.social-0285FF?style=flat&logo=bluesky&logoColor=white
+[💖🦋bluesky]: https://bsky.app/profile/galtzo.com
+[💖🦋bluesky-img]: https://img.shields.io/badge/@galtzo.com-0285FF?style=flat&logo=bluesky&logoColor=white
 [💖🌳linktree]: https://linktr.ee/galtzo
 [💖🌳linktree-img]: https://img.shields.io/badge/galtzo-purple?style=flat&logo=linktree
 [💖💁🏼‍♂️devto]: https://dev.to/galtzo
 [💖💁🏼‍♂️devto-img]: https://img.shields.io/badge/dev.to-0A0A0A?style=flat&logo=devdotto&logoColor=white
 [💖💁🏼‍♂️aboutme]: https://about.me/peter.boling
 [💖💁🏼‍♂️aboutme-img]: https://img.shields.io/badge/about.me-0A0A0A?style=flat&logo=aboutme&logoColor=white
+[💖🧊berg]: https://codeberg.org/pboling
+[💖🐙hub]: https://github.org/pboling
+[💖🛖hut]: https://sr.ht/~galtzo/
+[💖🧪lab]: https://gitlab.com/pboling
 [👨🏼‍🏫expsup-upwork]: https://www.upwork.com/freelancers/~014942e9b056abdf86?mp_source=share
 [👨🏼‍🏫expsup-upwork-img]: https://img.shields.io/badge/UpWork-13544E?style=for-the-badge&logo=Upwork&logoColor=white
 [👨🏼‍🏫expsup-codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github
@@ -550,7 +583,7 @@ or one of the others at the head of this README.
 [🚎10-j-wfi]: https://github.com/oauth-xx/version_gem/actions/workflows/jruby.yml/badge.svg
 [🚎11-c-wf]: https://github.com/oauth-xx/version_gem/actions/workflows/current.yml
 [🚎11-c-wfi]: https://github.com/oauth-xx/version_gem/actions/workflows/current.yml/badge.svg
-[⛳liberapay-img]: https://img.shields.io/liberapay/patrons/pboling.svg?logo=liberapay
+[⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay
 [⛳liberapay]: https://liberapay.com/pboling/donate
 [🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github
 [🖇sponsor]: https://github.com/sponsors/pboling

REEK

@@ -1,9 +1 @@
-spec/helpers/faux.rb -- 1 warning:
-  [14, 15]:DuplicateMethodCall: VersionGem::Faux#actual_minor_version? calls 'RUBY_VER.segments' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-lib/version_gem/epoch.rb -- 1 warning:
-  [21]:IrresponsibleModule: VersionGem::Epoch::OverloadApiForEpoch has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-lib/version_gem/error.rb -- 1 warning:
-  [4]:IrresponsibleModule: VersionGem::Error has no descriptive comment [https://github.com/troessner/reek/blob/v6.5.0/docs/Irresponsible-Module.md]
-lib/version_gem/ruby.rb -- 1 warning:
-  [14, 15]:DuplicateMethodCall: VersionGem::Ruby#actual_minor_version? calls 'RUBY_VER.segments' 2 times [https://github.com/troessner/reek/blob/v6.5.0/docs/Duplicate-Method-Call.md]
-4 total warnings
+0 total warnings

Rakefile

@@ -42,7 +42,7 @@ begin
 
   RSpec::Core::RakeTask.new(:spec)
   # This takes the place of `coverage` task when running as CI=true
-  defaults << "spec" if Kettle::Soup::Cover::IS_CI
+  defaults << "spec" if !defined?(Kettle::Soup::Cover) || Kettle::Soup::Cover::IS_CI
 rescue LoadError
   desc("spec task stub")
   task(:spec) do