Test against all rubies that rubygems supports

Since rubygems->rubygems-generate_index->compact index now

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+custom: https://rubycentral.org/#/portal/signup
+github: rubytogether

.github/config.yml

@@ -0,0 +1,8 @@
+newPRWelcomeComment: |
+  Thanks for opening a pull request and helping make compact_index better! Someone from the RubyGems team will take a look at your pull request shortly and leave any feedback. Please make sure that your pull request has tests for any changes or added functionality.
+
+  We use GitHub Actions to test and make sure your change works functionally and uses acceptable conventions, you can review the current progress of GitHub Actions in the PR status window below.
+
+  If you have any questions or concerns that you wish to ask, feel free to leave a comment in this PR or join our #rubygems or #bundler channel on [Slack](http://slack.bundler.io/).
+
+  For more information about contributing to the RubyGems project feel free to review our [CONTRIBUTING](https://github.com/rubygems/rubygems/blob/master/CONTRIBUTING.md) guide

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/pull_request_template.md

@@ -0,0 +1,24 @@
+<!--
+Thanks so much for the contribution!
+
+Note that you must abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md) to contribute to this project.
+
+To make reviewing this PR a bit easier, please fill out answers to the following questions.
+-->
+
+## What was the end-user or developer problem that led to this PR?
+
+<!-- Write a clear and complete description of the problem -->
+
+## What is your fix for the problem, implemented in this PR?
+
+<!-- Explain the fix being implemented. Include any diagnosis you run to
+determine the cause of the issue and your conclusions. If you considered other
+alternatives, explain why you end up choosing the current implementation -->
+
+## Make sure the following tasks are checked
+
+- [ ] Describe the problem / feature
+- [ ] Write [tests](https://github.com/rubygems/rubygems/blob/master/bundler/doc/development/PULL_REQUESTS.md#tests) for features and bug fixes
+- [ ] Write code to solve the problem
+- [ ] Make sure you follow the [current code style](https://github.com/rubygems/rubygems/blob/master/bundler/doc/development/PULL_REQUESTS.md#code-formatting) and [write meaningful commit messages without tags](https://github.com/rubygems/rubygems/blob/master/bundler/doc/development/PULL_REQUESTS.md#commit-messages)

.github/workflows/push_gem.yml

@@ -0,0 +1,39 @@
+---
+"on":
+  push:
+    tags:
+      - v*
+name: Push Gem
+jobs:
+  push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - uses: rubygems/configure-rubygems-credentials@main
+        with:
+          role-to-assume: rg_oidc_akr_e3gvf8d8qwrffk7gjno7
+      - uses: actions/checkout@v4
+      - name: Set remote URL
+        run: |
+          # Attribute commits to the last committer on HEAD
+          git config --global user.email "$(git log -1 --pretty=format:'%ae')"
+          git config --global user.name "$(git log -1 --pretty=format:'%an')"
+          git remote set-url origin "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/$GITHUB_REPOSITORY"
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+          ruby-version: ruby
+      - name: Release
+        run: bundle exec rake release
+      - name: Wait for release to propagate
+        run: |
+          gem install rubygems-await
+          gem_tuple="$(ruby -rbundler/setup -rbundler -e '
+              spec = Bundler.definition.specs.find {|s| s.name == ARGV[0] }
+              raise "No spec for #{ARGV[0]}" unless spec
+              print [spec.name, spec.version, spec.platform].join(":")
+            ' "compact_index")"
+          gem await "${gem_tuple}"

.github/workflows/rubygems.yml

@@ -0,0 +1,87 @@
+name: rubygems
+
+on:
+  pull_request:
+
+  push:
+    branches:
+      - master
+
+concurrency:
+  group: ci-${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+permissions: # added using https://github.com/step-security/secure-workflows
+  contents: read
+
+jobs:
+  rubygems:
+    name: RubyGems on ${{ matrix.os.name }} (${{ matrix.ruby.name }})
+    runs-on: ${{ matrix.os.value }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - { name: Ubuntu, value: ubuntu-22.04 }
+          - { name: macOS, value: macos-12 }
+          - { name: Windows, value: windows-2022 }
+
+        ruby:
+          - { name: "3.0", value: 3.0.6 }
+          - { name: "3.1", value: 3.1.4 }
+          - { name: "3.2", value: 3.2.2 }
+
+        include:
+          - ruby: { name: "3.2", value: 3.2.2 }
+            os: { name: macOS, value: macos-12 }
+
+          - ruby: { name: jruby-9.4, value: jruby-9.4.2.0 }
+            os: { name: Ubuntu, value: ubuntu-22.04 }
+
+          - ruby: { name: truffleruby-22, value: truffleruby-22.3.0 }
+            os: { name: Ubuntu, value: ubuntu-22.04 }
+
+          - os: { name: Windows, value: windows-2022 }
+            ruby: { name: mswin, value: mswin }
+
+          - os: { name: Ubuntu, value: ubuntu-22.04 }
+            ruby: { name: ruby-head, value: ruby-head }
+
+          - os: { name: Ubuntu, value: ubuntu-22.04 }
+            ruby: { name: truffleruby-head, value: truffleruby-head }
+
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Setup ruby (Ubuntu/macOS)
+        uses: ruby/setup-ruby@8575951200e472d5f2d95c625da0c7bec8217c42 # v1.161.0
+        with:
+          ruby-version: ${{ matrix.ruby.value }}
+          bundler-cache: true
+        if: matrix.os.name != 'Windows'
+      - name: Setup ruby (Windows)
+        uses: ruby/setup-ruby-pkgs@c7f324bc4a9434f2ce3e55fa1cc19e41daecb231 # v1.33.1
+        with:
+          ruby-version: ${{ matrix.ruby.value }}
+          bundler-cache: true
+          mingw: clang
+        if: matrix.os.name == 'Windows'
+      - name: Configure bindgen
+        shell: pwsh
+        run: |
+          echo "LIBCLANG_PATH=$((gcm clang).source -replace "clang.exe")" >> $env:GITHUB_ENV
+          echo "BINDGEN_EXTRA_CLANG_ARGS=$((gcm clang).source -replace "bin\clang.exe","include")" >> $env:GITHUB_ENV
+        if: matrix.ruby.name == 'mswin'
+      - name: Run Test
+        run: bundle exec rake test
+        if: "!startsWith(matrix.ruby.name, 'truffleruby') && !startsWith(matrix.ruby.name, 'jruby')"
+      - name: Run Test isolatedly
+        run: bundle exec rake test:isolated
+        if: matrix.ruby.name == '3.2' && matrix.os.name != 'Windows'
+      - name: Run Test (JRuby)
+        run: JRUBY_OPTS=--debug bundle exec rake test
+        if: startsWith(matrix.ruby.name, 'jruby')
+      - name: Run Test (Truffleruby)
+        run: TRUFFLERUBYOPT="--experimental-options --testing-rubygems" bundle exec rake test
+        if: startsWith(matrix.ruby.name, 'truffleruby')
+
+    timeout-minutes: 20

.github/workflows/scorecards.yml

@@ -0,0 +1,54 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecards supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '22 4 * * 2'
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
+
+          # - Publish results to OpenSSF REST API for easy access by consumers
+          # - Allows the repository to include the Scorecard badge.
+          # - See https://github.com/ossf/scorecard-action#publishing-results.
+          publish_results: true
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
+        with:
+          sarif_file: results.sarif

.github/workflows/spell.yml

@@ -0,0 +1,19 @@
+name: spell
+
+on:
+  pull_request:
+
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  spell:
+    name: Check spelling
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: codespell-project/actions-codespell@94259cd8be02ad2903ba34a22d9c13de21a74461 # v2.0

.github/workflows/ubuntu-lint.yml

@@ -0,0 +1,30 @@
+name: ubuntu-lint
+
+on:
+  pull_request:
+
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ci-${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+permissions: # added using https://github.com/step-security/secure-workflows
+  contents: read
+
+jobs:
+  ubuntu_lint:
+    name: Lint
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Setup ruby
+        uses: ruby/setup-ruby@8575951200e472d5f2d95c625da0c7bec8217c42 # v1.161.0
+        with:
+          ruby-version: 3.2.2
+          bundler-cache: true
+      - name: Run Lint
+        run: bundle exec rake rubocop
+    timeout-minutes: 15

bin/rake

@@ -0,0 +1,27 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rake' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+bundle_binstub = File.expand_path("bundle", __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rake", "rake")