diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 00000000..8843fbbd --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,19 @@ +name: RuboCop + +on: [push] + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + bundler-cache: true + cache-version: 321 + + - name: Run RuboCop + run: bundle exec rubocop --parallel diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 00000000..d23ade0e --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,22 @@ +name: Security + +on: [push] + +jobs: + security: + name: Brakeman (Static security) + if: "${{ github.actor != 'dependabot[bot]' }}" + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + bundler-cache: true + cache-version: 321 + + - name: Run Brakeman + run: bundle exec brakeman -q diff --git a/.github/workflows/specs.yml b/.github/workflows/specs.yml new file mode 100644 index 00000000..41955257 --- /dev/null +++ b/.github/workflows/specs.yml @@ -0,0 +1,42 @@ +name: Tests + +on: + pull_request: + push: + branches: [ main ] + +jobs: + test: + runs-on: ubuntu-latest + + services: + postgres: + image: postgres + env: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + ports: + - 5432:5432 + options: --health-cmd="pg_isready" --health-interval=10s --health-timeout=5s --health-retries=3 + + steps: + - name: Install packages + run: sudo apt-get update && sudo apt-get install --no-install-recommends -y postgresql-client libpq-dev + + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: .ruby-version + bundler-cache: true + cache-version: 321 + + - name: Run tests + env: + RAILS_ENV: test + RAILS_TEST_KEY: ${{ secrets.RAILS_TEST_KEY }} + RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} + DATABASE_URL: postgres://postgres:postgres@localhost:5432 + run: bin/rails db:setup spec diff --git a/Gemfile b/Gemfile index 57b12771..a51720b0 100644 --- a/Gemfile +++ b/Gemfile @@ -70,6 +70,7 @@ group :development do # Speed up commands on slow machines / big apps [https://github.com/rails/spring] gem "spring" gem "spring-commands-rspec" + gem "brakeman" end group :test do diff --git a/Gemfile.lock b/Gemfile.lock index b44fe30c..36cce3a8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -86,6 +86,8 @@ GEM bindex (0.8.1) bootsnap (1.18.3) msgpack (~> 1.2) + brakeman (6.1.2) + racc builder (3.2.4) capybara (3.40.0) addressable @@ -396,6 +398,7 @@ PLATFORMS DEPENDENCIES bootsnap + brakeman capybara config debug diff --git a/config/application.rb b/config/application.rb index 8871a410..9e6920b5 100644 --- a/config/application.rb +++ b/config/application.rb @@ -11,7 +11,8 @@ # require "action_mailbox/engine" # require "action_text/engine" require "action_view/railtie" -# require "action_cable/engine" +# TODO: remove when https://github.com/hotwired/turbo-rails/pull/601 gets released +require "action_cable/engine" require "rails/test_unit/railtie" # Require the gems listed in Gemfile, including any gems