feat: switch to bazel-contrib/portable-ruby

[p0deje]

Switch portable Ruby source from jdx/ruby to bazel-contrib/portable-ruby

New release source

• All download URLs updated from https://github.com/jdx/ruby to https://github.com/bazel-contrib/portable-ruby
• Release tags now use a versioned suffix format: {version}-{suffix} (e.g. 3.4.8-1)

Platform naming alignment

• macOS platform key changed from "macos" to "darwin" (matching new repo's naming: arm64_darwin, x86_64_darwin)
• x86_64 macOS is now supported (previously it would warn and fall back to compiling from source)

New portable_ruby_release_suffix attribute

• Added to rb_register_toolchains, the tag class in extensions.bzl, and the downloader rule
• Allows pinning to a specific rebuild (e.g. "2" → downloads X.Y.Z-2)
• When omitted, uses the built-in PORTABLE_RUBY_DEFAULT_SUFFIXES map from portable_ruby_checksums.bzl

Checksum data restructured

• PORTABLE_RUBY_CHECKSUMS is now a nested dict keyed by suffix, then artifact name
• PORTABLE_RUBY_DEFAULT_SUFFIXES map added to track the default suffix per Ruby version
• Checksum generation tooling (generate_portable_ruby_checksums.sh) updated to work with the new repo's API and release format; test data updated accordingly

[Copilot]

Pull request overview

Updates the portable Ruby integration in rules_ruby to use bazel-contrib/portable-ruby releases, adding support for release “suffixes” (rebuilds like X.Y.Z-2) and updating the checksum source data accordingly.

Changes:

• Switch portable Ruby download URLs/platform naming from jdx/ruby to bazel-contrib/portable-ruby.
• Add portable_ruby_release_suffix plumbing through the module extension/toolchain registration and download rule.
• Regenerate/reshape portable Ruby checksum data to be keyed by release suffix and add a “default suffix per version” mapping.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
tools/generate_portable_ruby_checksums/generate_portable_ruby_checksums.sh	Updates checksum generation to target bazel-contrib/portable-ruby, adds --release-suffix, and generates suffix-keyed checksum data + default suffix mapping.
ruby/private/toolchain.bzl	Extends rb_register_toolchains() API with portable_ruby_release_suffix and updates docs for the new upstream.
ruby/private/portable_ruby_checksums.bzl	Replaces the flat checksum map with PORTABLE_RUBY_DEFAULT_SUFFIXES plus suffix-keyed PORTABLE_RUBY_CHECKSUMS.
ruby/private/download.bzl	Downloads portable Ruby from the new repo using {version}-{suffix} tags and resolves checksums using the new nested mapping.
ruby/extensions.bzl	Adds portable_ruby_release_suffix to the bzlmod tag schema and passes it through to registration.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Copilot reviewed 17 out of 17 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[alexeagle]

@jdx any chance we could upstream to your repo, so new releases get a suffix rather than being overwritten? Mutable releases cause supply-chain security problems, not just under Bazel.