diff --git a/.github/workflows/rubyonrails.yml b/.github/workflows/rubyonrails.yml index c6aa692..95204d9 100644 --- a/.github/workflows/rubyonrails.yml +++ b/.github/workflows/rubyonrails.yml @@ -1,55 +1,130 @@ -# This workflow uses actions that are not certified by GitHub. They are -# provided by a third-party and are governed by separate terms of service, -# privacy policy, and support documentation. -# -# This workflow will install a prebuilt Ruby version, install dependencies, and -# run tests and linters. name: "Ruby on Rails CI" + on: push: branches: ["main"] pull_request: branches: ["main"] + jobs: + # scan_ruby: + # runs-on: ubuntu-latest + + # steps: + # - name: Checkout code + # uses: actions/checkout@v6 + + # - name: Set up Ruby + # uses: ruby/setup-ruby@v1 + # with: + # ruby-version: .ruby-version + # bundler-cache: true + + # - name: Scan for common Rails security vulnerabilities using static analysis + # run: bin/brakeman --no-pager + # - name: Security audit dependencies + # run: bin/bundler-audit --update + + scan_js: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v6 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: .ruby-version + bundler-cache: true + cache-version: 1 # Increment this to clear cache if needed + - name: Unfreeze Bundler for Dependabot + if: github.actor == 'dependabot[bot]' + run: bundle config set frozen false + + - name: Scan for security vulnerabilities in JavaScript dependencies + run: bin/importmap audit + + lint_ruby: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v6 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: .ruby-version + bundler-cache: true + cache-version: 1 # Increment this to clear cache if needed + - name: Unfreeze Bundler for Dependabot + if: github.actor == 'dependabot[bot]' + run: bundle config set frozen false + + - name: Lint code for consistent style + run: bundle exec standardrb + # Add or replace any other linters here + # - name: Reek + # run: bundle exec reek + test: runs-on: ubuntu-latest services: postgres: - image: postgres:16-alpine + image: postgres:11-alpine ports: - "5432:5432" env: POSTGRES_DB: rails_test POSTGRES_USER: rails POSTGRES_PASSWORD: password + # redis: + # image: redis + # ports: + # - 6379:6379 + # options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5 env: RAILS_ENV: test DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test" steps: + - name: Install packages + run: sudo apt-get update && sudo apt-get install --no-install-recommends -y google-chrome-stable curl libjemalloc2 libvips imagemagick sqlite3 + - name: Checkout code uses: actions/checkout@v6 - # Add or replace dependency steps here - - name: Unfreeze Bundler for Dependabot - if: github.actor == 'dependabot[bot]' - run: bundle config set frozen false - - name: Install Ruby and gems + + - name: Set up Ruby uses: ruby/setup-ruby@v1 with: + ruby-version: .ruby-version bundler-cache: true cache-version: 1 # Increment this to clear cache if needed - # Add or replace database setup steps here - - name: Set up database schema - run: bin/rails db:schema:load + - name: Unfreeze Bundler for Dependabot + if: github.actor == 'dependabot[bot]' + run: bundle config set frozen false - # Add or replace test runners here - - name: Run tests - run: bundle exec rspec + - name: Run testsgb + env: + RAILS_ENV: test + # REDIS_URL: redis://localhost:6379/0 + run: bin/rails db:schema:load && bundle exec rspec + + - name: Keep screenshots from failed system tests + uses: actions/upload-artifact@v7 + if: failure() + with: + name: screenshots + path: ${{ github.workspace }}/tmp/screenshots + if-no-files-found: ignore check_seeds: runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write services: postgres: - image: postgres:16-alpine + image: postgres:11-alpine ports: - "5432:5432" env: @@ -62,41 +137,18 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v6 + # Add or replace dependency steps here - - name: Unfreeze Bundler for Dependabot - if: github.actor == 'dependabot[bot]' - run: bundle config set frozen false - name: Install Ruby and gems uses: ruby/setup-ruby@v1 with: bundler-cache: true cache-version: 1 # Increment this to clear cache if needed + - name: Unfreeze Bundler for Dependabot + if: github.actor == 'dependabot[bot]' + run: bundle config set frozen false # Add or replace database setup steps here - name: Set up database schema run: bin/rails db:schema:load - name: Check Seeds run: bundle exec rake db:seed - - lint: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v6 - # Add or replace dependency steps here - - name: Unfreeze Bundler for Dependabot - if: github.actor == 'dependabot[bot]' - run: bundle config set frozen false - - name: Install Ruby and gems - uses: ruby/setup-ruby@v1 - with: - bundler-cache: true - cache-version: 1 # Increment this to clear cache if needed - - name: Standard RB - run: bundle exec standardrb - # #Add or replace any other lints here - # - name: Reek - # run: bundle exec reek - # - name: Security audit dependencies - # run: bin/bundler-audit --update - # - name: Security audit application code - # run: bin/brakeman -q -w2 diff --git a/Gemfile.lock b/Gemfile.lock index 67d6724..5101d0a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -280,7 +280,7 @@ GEM bigdecimal (>= 3.1, < 5) net-http (0.9.1) uri (>= 0.11.1) - net-imap (0.6.4) + net-imap (0.6.4.1) date net-protocol net-pop (0.1.2) @@ -353,7 +353,7 @@ GEM date stringio public_suffix (7.0.5) - puma (7.2.0) + puma (7.2.1) nio4r (~> 2.0) pundit (2.5.2) activesupport (>= 3.0.0) @@ -685,7 +685,7 @@ CHECKSUMS brakeman (8.0.2) sha256=7b02065ce8b1de93949cefd3f2ad78e8eb370e644b95c8556a32a912a782426a builder (3.3.0) sha256=497918d2f9dca528fdca4b88d84e4ef4387256d984b8154e9d5d3fe5a9c8835f bullet (8.1.0) sha256=604b7e2636ec2137dcab3ba61a56248c39a0004a0c9405d58bad0686d23b98ff - bundler (4.0.12) sha256=7f8b757d28dfb636e7b24fba2344ac6dd13b5b24f4b46d62573d483f211825ac + bundler (4.0.14) sha256=d09a0a965cf772266a7e49e83610be7c2f4e49e61134c42a56804bb383cc24b8 bundler-audit (0.9.3) sha256=81c8766c71e47d0d28a0f98c7eed028539f21a6ea3cd8f685eb6f42333c9b4e9 byebug (13.0.0) sha256=d2263efe751941ca520fa29744b71972d39cbc41839496706f5d9b22e92ae05d capybara (3.40.0) sha256=42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef @@ -753,7 +753,7 @@ CHECKSUMS multi_json (1.19.1) sha256=7aefeff8f2c854bf739931a238e4aea64592845e0c0395c8a7d2eea7fdd631b7 multi_xml (0.8.1) sha256=addba0290bac34e9088bfe73dc4878530297a82a7bbd66cb44dcd0a4b86edf5a net-http (0.9.1) sha256=25ba0b67c63e89df626ed8fac771d0ad24ad151a858af2cc8e6a716ca4336996 - net-imap (0.6.4) sha256=9a5598c67a3022c284d98430ef1d4948e7dbdb62596f61081ea8ca933270a02b + net-imap (0.6.4.1) sha256=29f0360d75a7efd3539f16ac1957dea5c0a51ddeceb348db4553c3120914ea0d net-pop (0.1.2) sha256=848b4e982013c15b2f0382792268763b748cce91c9e91e36b0f27ed26420dff3 net-protocol (0.2.2) sha256=aa73e0cba6a125369de9837b8d8ef82a61849360eba0521900e2c3713aa162a8 net-scp (4.1.0) sha256=a99b0b92a1e5d360b0de4ffbf2dc0c91531502d3d4f56c28b0139a7c093d1a5d @@ -791,7 +791,7 @@ CHECKSUMS pry-rails (0.3.11) sha256=a69e28e24a34d75d1f60bcf241192a54253f8f7ef8a62cba1e75750a9653593d psych (5.3.1) sha256=eb7a57cef10c9d70173ff74e739d843ac3b2c019a003de48447b2963d81b1974 public_suffix (7.0.5) sha256=1a8bb08f1bbea19228d3bed6e5ed908d1cb4f7c2726d18bd9cadf60bc676f623 - puma (7.2.0) sha256=bf8ef4ab514a4e6d4554cb4326b2004eba5036ae05cf765cfe51aba9706a72a8 + puma (7.2.1) sha256=d7bf0e9cabd532e0d401e142cd94e3ac531e993610e2d80e6fbf9c26961414b0 pundit (2.5.2) sha256=e374152baa24f90b630428293faf4b4c5468fc3cc010165f7d8fcb44ce108bbd raabro (1.4.0) sha256=d4fa9ff5172391edb92b242eed8be802d1934b1464061ae5e70d80962c5da882 racc (1.8.1) sha256=4a7f6929691dbec8b5209a0b373bc2614882b55fc5d2e447a21aaa691303d62f