Ajoute rubocop et brakeman

Local brakeman Missing bundle cache Brakeman bundle exec fun Add specs Add secret test env key Move test key to right place... Try adding rails master key in the test env ActionCable workaround for CI tests
etalab · May 24, 2024 · fc6a96b · fc6a96b
1 parent df545f7
commit fc6a96b
Show file tree

Hide file tree

Showing 6 changed files with 89 additions and 1 deletion.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,19 @@
+name: RuboCop
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        bundler-cache: true
+        cache-version: 321
+
+    - name: Run RuboCop
+      run: bundle exec rubocop --parallel
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -0,0 +1,22 @@
+name: Security
+
+on: [push]
+
+jobs:
+  security:
+    name: Brakeman (Static security)
+    if: "${{ github.actor != 'dependabot[bot]' }}"
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+          cache-version: 321
+
+      - name: Run Brakeman
+        run: bundle exec brakeman -q
diff --git a/.github/workflows/specs.yml b/.github/workflows/specs.yml
@@ -0,0 +1,42 @@
+name: Tests
+
+on:
+  pull_request:
+  push:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+        ports:
+          - 5432:5432
+        options: --health-cmd="pg_isready" --health-interval=10s --health-timeout=5s --health-retries=3
+
+    steps:
+      - name: Install packages
+        run: sudo apt-get update && sudo apt-get install --no-install-recommends -y postgresql-client libpq-dev
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+          cache-version: 321
+
+      - name: Run tests
+        env:
+          RAILS_ENV: test
+          RAILS_TEST_KEY: ${{ secrets.RAILS_TEST_KEY }}
+          RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
+          DATABASE_URL: postgres://postgres:postgres@localhost:5432
+        run: bin/rails db:setup spec
diff --git a/Gemfile b/Gemfile
@@ -70,6 +70,7 @@ group :development do
   # Speed up commands on slow machines / big apps [https://github.com/rails/spring]
   gem "spring"
   gem "spring-commands-rspec"
+  gem "brakeman"
 end
 
 group :test do

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -86,6 +86,8 @@ GEM
     bindex (0.8.1)
     bootsnap (1.18.3)
       msgpack (~> 1.2)
+    brakeman (6.1.2)
+      racc
     builder (3.2.4)
     capybara (3.40.0)
       addressable
@@ -396,6 +398,7 @@ PLATFORMS
 
 DEPENDENCIES
   bootsnap
+  brakeman
   capybara
   config
   debug

diff --git a/config/application.rb b/config/application.rb
@@ -11,7 +11,8 @@
 # require "action_mailbox/engine"
 # require "action_text/engine"
 require "action_view/railtie"
-# require "action_cable/engine"
+# TODO: remove when https://github.com/hotwired/turbo-rails/pull/601 gets released
+require "action_cable/engine"
 require "rails/test_unit/railtie"
 
 # Require the gems listed in Gemfile, including any gems