Merge pull request #3531 from DataDog/ivoanjo/gem-file-permission-val…

…idation

[NO-TICKET] Add validation for gem file permissions

Rakefile

@@ -353,7 +353,7 @@ namespace :spec do
   RSpec::Core::RakeTask.new(:main) do |t, args|
     t.pattern = 'spec/**/*_spec.rb'
     t.exclude_pattern = 'spec/**/{contrib,benchmark,redis,opentracer,auto_instrument,opentelemetry,profiling}/**/*_spec.rb,'\
-                        ' spec/**/{auto_instrument,opentelemetry}_spec.rb'
+                        ' spec/**/{auto_instrument,opentelemetry}_spec.rb, spec/ddtrace/gem_packaging_spec.rb'
     t.rspec_opts = args.to_a.join(' ')
   end
 

spec/ddtrace/gem_packaging_spec.rb

@@ -0,0 +1,35 @@
+require 'rubygems'
+require 'rubygems/package'
+require 'rubygems/package/tar_reader'
+
+RSpec.describe 'gem release process (after packaging)' do
+  # TODO: This will need to be updated for the 2.0 branch
+  let(:gem_name) { 'ddtrace' }
+  let(:gem_version) { DDTrace::VERSION::STRING }
+  let(:packaged_gem_file) { "pkg/#{gem_name}-#{gem_version}.gem" }
+  let(:executable_permissions) { ['bin/ddprofrb', 'bin/ddtracerb'] }
+
+  it 'sets the right permissions on the gem files' do
+    gem_files = Dir.glob('pkg/*.gem')
+    expect(gem_files).to include(packaged_gem_file)
+
+    gem_files.each do |gem_file|
+      Gem::Package::TarReader.new(File.open(gem_file)) do |tar|
+        data = tar.find { |entry| entry.header.name == 'data.tar.gz' }
+
+        Gem::Package::TarReader.new(Zlib::GzipReader.new(StringIO.new(data.read))) do |data_tar|
+          data_tar.each do |entry|
+            filename = entry.header.name
+            octal_permissions = entry.header.mode.to_s(8)[-3..-1]
+
+            expected_permissions = executable_permissions.include?(filename) ? '755' : '644'
+
+            expect(octal_permissions).to eq(expected_permissions),
+              "Unexpected permissions for #{filename} inside #{gem_file} (got #{octal_permissions}, " \
+              "expected #{expected_permissions})"
+          end
+        end
+      end
+    end
+  end
+end

tasks/release_gem.rake

@@ -1,12 +1,25 @@
 Rake::Task["build"].enhance(["build:pre_check"])
+Rake::Task["build"].enhance do
+  # This syntax makes this task run after build -- see https://dev.to/molly/rake-task-enhance-method-explained-3bo0
+  Rake::Task["build:after_check"].execute
+end
 
 desc 'Checks executed before gem is built'
 task :'build:pre_check' do
   require 'rspec'
+  RSpec.world.reset # If any other tests ran before, flushes them
   ret = RSpec::Core::Runner.run(['spec/ddtrace/release_gem_spec.rb'])
   raise "Release tests failed! See error output above." if ret != 0
 end
 
+desc 'Checks executed after gem is built'
+task :'build:after_check' do
+  require 'rspec'
+  RSpec.world.reset # If any other tests ran before, flushes them
+  ret = RSpec::Core::Runner.run(['spec/ddtrace/gem_packaging_spec.rb'])
+  raise "Release tests failed! See error output above." if ret != 0
+end
+
 desc 'Create a new indexed repository'
 task :'release:gem' do
   raise 'Missing environment variable S3_DIR' if !S3_DIR || S3_DIR.empty?