release: 0.1.0

.env.example

@@ -0,0 +1,11 @@
+# Values are read in test/privy/integration/integration_test_helper.rb
+
+# Details of the Privy APP used for the integration tests
+TEST_APP_ID=
+TEST_APP_SECRET=
+
+# Details of the custom auth JWT used for resource ownership
+JWT_AUTH_SK=
+
+# Test account details
+TEST_APP_TEST_ACCOUNT_OTP=

.github/workflows/branch-target.yml

@@ -0,0 +1,76 @@
+name: Branch Target
+
+on:
+  pull_request:
+    types: [opened, reopened, edited, synchronize]
+
+concurrency:
+  group: branch-target-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  check:
+    name: check
+    runs-on: ubuntu-24.04
+    timeout-minutes: 5
+    steps:
+      - name: Validate base branch and manage sticky comment
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const MARKER = '<!-- privy-branch-target-check -->';
+            const EXEMPT_AUTHORS = new Set(['stainless-app[bot]']);
+
+            const pr = context.payload.pull_request;
+            const baseRef = pr.base.ref;
+            const author = pr.user.login;
+            const isExempt = EXEMPT_AUTHORS.has(author);
+            const targetsMain = baseRef === 'main';
+            const shouldFail = targetsMain && !isExempt;
+
+            const { owner, repo } = context.repo;
+            const issue_number = pr.number;
+
+            const comments = await github.paginate(
+              github.rest.issues.listComments,
+              { owner, repo, issue_number, per_page: 100 },
+            );
+            const existing = comments.find(
+              c => c.user?.login === 'github-actions[bot]' && c.body?.includes(MARKER),
+            );
+
+            if (shouldFail) {
+              const body = [
+                `:warning: **This PR targets \`${baseRef}\`.**`,
+                '',
+                'Feature branches in this SDK should target `next` — `main` is reserved for release PRs.',
+                'Please change the base branch to `next` (or another stacked feature branch). If you believe `main` really is the right target, let a maintainer know.',
+                '',
+                MARKER,
+              ].join('\n');
+
+              if (existing) {
+                if (existing.body !== body) {
+                  await github.rest.issues.updateComment({ owner, repo, comment_id: existing.id, body });
+                }
+              } else {
+                await github.rest.issues.createComment({ owner, repo, issue_number, body });
+              }
+
+              core.setFailed(`PR #${issue_number} targets \`${baseRef}\`. Retarget to \`next\`.`);
+              return;
+            }
+
+            if (existing) {
+              await github.rest.issues.deleteComment({ owner, repo, comment_id: existing.id });
+            }
+
+            core.info(
+              isExempt
+                ? `Author ${author} is exempt; skipping base-ref check.`
+                : `PR targets \`${baseRef}\`; no action needed.`,
+            );

.github/workflows/ci.yml

@@ -0,0 +1,112 @@
+name: CI
+on:
+  push:
+    branches:
+      - '**'
+      - '!integrated/**'
+      - '!stl-preview-head/**'
+      - '!stl-preview-base/**'
+      - '!generated'
+      - '!codegen/**'
+      - 'codegen/stl/**'
+  pull_request:
+    branches-ignore:
+      - 'stl-preview-head/**'
+      - 'stl-preview-base/**'
+
+jobs:
+  build:
+    timeout-minutes: 10
+    name: build
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ${{ github.repository == 'stainless-sdks/privy-api-client-ruby' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
+    if: |-
+      github.repository == 'stainless-sdks/privy-api-client-ruby' &&
+      (github.event_name == 'push' || github.event.pull_request.head.repo.fork) && (github.event_name != 'push' || github.event.head_commit.message != 'codegen metadata')
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
+        with:
+          bundler-cache: false
+      - run: |-
+          bundle install
+
+      - name: Get GitHub OIDC Token
+        if: |-
+          github.repository == 'stainless-sdks/privy-api-client-ruby' &&
+          !startsWith(github.ref, 'refs/heads/stl/')
+        id: github-oidc
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          script: core.setOutput('github_token', await core.getIDToken());
+
+      - name: Build and upload gem artifacts
+        if: |-
+          github.repository == 'stainless-sdks/privy-api-client-ruby' &&
+          !startsWith(github.ref, 'refs/heads/stl/')
+        env:
+          URL: https://pkg.stainless.com/s
+          AUTH: ${{ steps.github-oidc.outputs.github_token }}
+          SHA: ${{ github.sha }}
+          PACKAGE_NAME: privy
+        run: ./scripts/utils/upload-artifact.sh
+  lint:
+    timeout-minutes: 10
+    name: lint
+    runs-on: ${{ github.repository == 'stainless-sdks/privy-api-client-ruby' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.fork
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
+        with:
+          bundler-cache: false
+      - run: |-
+          bundle install
+
+      - name: Run lints
+        run: ./scripts/lint
+  test:
+    timeout-minutes: 10
+    name: test
+    runs-on: ${{ github.repository == 'stainless-sdks/privy-api-client-ruby' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.fork
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
+        with:
+          bundler-cache: false
+      - run: |-
+          bundle install
+
+      - name: Run tests
+        run: ./scripts/test
+  integration:
+    timeout-minutes: 10
+    name: integration
+    runs-on: ${{ github.repository == 'stainless-sdks/privy-api-client-ruby' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
+    if: |-
+      (github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/next')) ||
+      (github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork)
+    steps:
+      - uses: actions/checkout@v6
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: false
+      - run: |-
+          bundle install
+
+      - name: Run integration tests
+        env:
+          TEST_APP_ID: ${{ secrets.TEST_APP_ID }}
+          TEST_APP_SECRET: ${{ secrets.TEST_APP_SECRET }}
+          JWT_AUTH_SK: ${{ secrets.JWT_AUTH_SK }}
+          TEST_APP_TEST_ACCOUNT_OTP: ${{ secrets.TEST_APP_TEST_ACCOUNT_OTP }}
+          TESTOPTS: "-v"
+        run: bundle exec rake test:integration

.github/workflows/pr-title.yml

@@ -0,0 +1,19 @@
+name: PR Title
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened]
+
+permissions:
+  pull-requests: read   # Read PR details
+  contents: read        # Read repository content
+
+jobs:
+  conventional-commits:
+    timeout-minutes: 5
+    name: conventional-commits
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: ytanikin/pr-conventional-commits@639145d78959c53c43112365837e3abd21ed67c1
+        with:
+          task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert","style","build","release"]'
+          add_label: 'false'

.github/workflows/publish-gem.yml

@@ -0,0 +1,31 @@
+# This workflow is triggered when a GitHub release is created.
+# It can also be run manually to re-publish to rubygems.org in case it failed for some reason.
+# You can run this workflow by navigating to https://www.github.com/privy-io/ruby-sdk/actions/workflows/publish-gem.yml
+name: Publish Gem
+on:
+  workflow_dispatch:
+
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    name: publish
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
+        with:
+          bundler-cache: false
+      - run: |-
+          bundle install
+
+      - name: Publish to RubyGems.org
+        run: |
+          bash ./bin/publish-gem
+        env:
+          # `RUBYGEMS_HOST` is only required for private gem repositories, not https://rubygems.org
+          RUBYGEMS_HOST: ${{ secrets.PRIVY_API_RUBYGEMS_HOST || secrets.RUBYGEMS_HOST }}
+          GEM_HOST_API_KEY: ${{ secrets.PRIVY_API_GEM_HOST_API_KEY || secrets.GEM_HOST_API_KEY }}

.github/workflows/release-doctor.yml

@@ -0,0 +1,22 @@
+name: Release Doctor
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  release_doctor:
+    name: release doctor
+    runs-on: ubuntu-latest
+    if: github.repository == 'privy-io/ruby-sdk' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || startsWith(github.head_ref, 'release-please') || github.head_ref == 'next')
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Check release environment
+        run: |
+          bash ./bin/check-release-environment
+        env:
+          RUBYGEMS_HOST: ${{ secrets.PRIVY_API_RUBYGEMS_HOST || secrets.RUBYGEMS_HOST }}
+          GEM_HOST_API_KEY: ${{ secrets.PRIVY_API_GEM_HOST_API_KEY || secrets.GEM_HOST_API_KEY }}

.gitignore

@@ -0,0 +1,12 @@
+*.gem
+.env
+.idea/
+.ignore
+.prism.log
+.stdy.log
+.ruby-lsp/
+.yardoc/
+bin/tapioca
+Brewfile.lock.json
+doc/
+sorbet/tapioca/*

.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "0.1.0"
+}