diff --git a/.idea/galc-api.iml b/.idea/galc-api.iml
index 89d37f3..0dbeb90 100644
--- a/.idea/galc-api.iml
+++ b/.idea/galc-api.iml
@@ -27,130 +27,157 @@
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -164,9 +191,11 @@
+
+
@@ -178,13 +207,13 @@
+
-
@@ -195,22 +224,10 @@
+
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
@@ -234,13 +253,13 @@
+
-
@@ -251,22 +270,10 @@
+
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/.idea/misc.xml b/.idea/misc.xml
index 723a6ca..420ebb5 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -1,4 +1,7 @@
-
+
+
+ true
+
\ No newline at end of file
diff --git a/.rubocop.yml b/.rubocop.yml
index df1abec..88f66da 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -2,7 +2,7 @@ plugins:
- rubocop-rails
AllCops:
- TargetRailsVersion: 8.0
+ TargetRailsVersion: 8.1
UseCache: false
Exclude:
# Exclude generated files
@@ -12,6 +12,12 @@ AllCops:
# Exclude vendor files in GitHub build
- 'vendor/**/*'
+# Disable block length check in spec files.
+Layout/BlockLength:
+ Exclude:
+ - 'config/environments/*'
+ - 'spec/**/*'
+
# Allow one line around block body (Layout/EmptyLines will still disallow two or more)
Layout/EmptyLinesAroundBlockBody:
Enabled: false
diff --git a/.simplecov b/.simplecov
index bedb0f5..1248e57 100644
--- a/.simplecov
+++ b/.simplecov
@@ -1,8 +1,7 @@
require 'simplecov-rcov'
-SimpleCov.start 'rails' do
- add_filter %w[/bin/ /db/]
- coverage_dir 'artifacts'
- formatter SimpleCov::Formatter::RcovFormatter
- minimum_coverage 100
-end
+SimpleCov.load_profile 'rails'
+SimpleCov.skip %w[/bin/ /db/]
+SimpleCov.coverage_dir 'artifacts'
+SimpleCov.formatter SimpleCov::Formatter::RcovFormatter
+SimpleCov.minimum_coverage 100
diff --git a/Dockerfile b/Dockerfile
index 7562713..369a98f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@
# The base stage scaffolds elements which are common to building and running
# the application, such as installing ca-certificates, creating the app user,
# and installing runtime system dependencies.
-FROM ruby:3.3-slim AS base
+FROM ruby:3.4-slim AS base
# ------------------------------------------------------------
# Declarative metadata
@@ -88,7 +88,7 @@ RUN apt-get update -qq && apt-get install -y --no-install-recommends \
USER $APP_USER
# Base image ships with an older version of bundler
-RUN gem install bundler --version 2.7.2
+RUN gem install bundler --version 4.0.8
# Install gems. We don't enforce the validity of the Gemfile.lock until the
# final (production) stage.
diff --git a/Gemfile b/Gemfile
index f4ecfe8..1d07cb6 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,7 +1,7 @@
source 'https://rubygems.org'
git_source(:github) { |repo| "https://github.com/#{repo}.git" }
-ruby '~> 3.3'
+ruby '~> 3.4'
gem 'berkeley_library-alma', '~> 0.1.1'
gem 'berkeley_library-logging', '~> 0.3'
@@ -10,16 +10,16 @@ gem 'drb'
gem 'image_processing', '~> 1.12'
gem 'jsonapi.rb', '~> 2.0'
gem 'jsonapi-serializer', '~> 2.2'
-gem 'jwt', '~> 2.4'
+gem 'jwt', '~> 2.10', '>= 2.10.3'
gem 'mutex_m'
gem 'omniauth', '~> 2.1'
gem 'omniauth-cas', '~> 3.0'
gem 'pg', '~> 1.4'
gem 'pg_search', '~> 2.3'
-gem 'puma', '~> 7.2'
+gem 'puma', '~> 7.2', '>= 7.2.1'
gem 'puma-plugin-delayed_stop', '~> 0.1.2'
gem 'rack-cors'
-gem 'rails', '~> 8.0.5'
+gem 'rails', '~> 8.1.3'
gem 'ransack', '~> 4.2'
gem 'zaru', '~> 0.3.0'
@@ -44,7 +44,7 @@ group :test do
gem 'rspec', '~> 3.13'
gem 'rspec_junit_formatter', '~> 0.6'
gem 'rspec-rails', '~> 8.0'
- gem 'simplecov', '~> 0.22', require: false
+ gem 'simplecov', '~> 1.0.0.rc4', require: false
gem 'simplecov-rcov', '~> 0.3', require: false
gem 'webmock', require: false
end
diff --git a/Gemfile.lock b/Gemfile.lock
index bd037cb..be46a55 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,29 +1,31 @@
GEM
remote: https://rubygems.org/
specs:
- actioncable (8.0.5)
- actionpack (= 8.0.5)
- activesupport (= 8.0.5)
+ action_text-trix (2.1.19)
+ railties
+ actioncable (8.1.3)
+ actionpack (= 8.1.3)
+ activesupport (= 8.1.3)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
zeitwerk (~> 2.6)
- actionmailbox (8.0.5)
- actionpack (= 8.0.5)
- activejob (= 8.0.5)
- activerecord (= 8.0.5)
- activestorage (= 8.0.5)
- activesupport (= 8.0.5)
+ actionmailbox (8.1.3)
+ actionpack (= 8.1.3)
+ activejob (= 8.1.3)
+ activerecord (= 8.1.3)
+ activestorage (= 8.1.3)
+ activesupport (= 8.1.3)
mail (>= 2.8.0)
- actionmailer (8.0.5)
- actionpack (= 8.0.5)
- actionview (= 8.0.5)
- activejob (= 8.0.5)
- activesupport (= 8.0.5)
+ actionmailer (8.1.3)
+ actionpack (= 8.1.3)
+ actionview (= 8.1.3)
+ activejob (= 8.1.3)
+ activesupport (= 8.1.3)
mail (>= 2.8.0)
rails-dom-testing (~> 2.2)
- actionpack (8.0.5)
- actionview (= 8.0.5)
- activesupport (= 8.0.5)
+ actionpack (8.1.3)
+ actionview (= 8.1.3)
+ activesupport (= 8.1.3)
nokogiri (>= 1.8.5)
rack (>= 2.2.4)
rack-session (>= 1.0.1)
@@ -31,42 +33,43 @@ GEM
rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6)
useragent (~> 0.16)
- actiontext (8.0.5)
- actionpack (= 8.0.5)
- activerecord (= 8.0.5)
- activestorage (= 8.0.5)
- activesupport (= 8.0.5)
+ actiontext (8.1.3)
+ action_text-trix (~> 2.1.15)
+ actionpack (= 8.1.3)
+ activerecord (= 8.1.3)
+ activestorage (= 8.1.3)
+ activesupport (= 8.1.3)
globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
- actionview (8.0.5)
- activesupport (= 8.0.5)
+ actionview (8.1.3)
+ activesupport (= 8.1.3)
builder (~> 3.1)
erubi (~> 1.11)
rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6)
- activejob (8.0.5)
- activesupport (= 8.0.5)
+ activejob (8.1.3)
+ activesupport (= 8.1.3)
globalid (>= 0.3.6)
- activemodel (8.0.5)
- activesupport (= 8.0.5)
- activerecord (8.0.5)
- activemodel (= 8.0.5)
- activesupport (= 8.0.5)
+ activemodel (8.1.3)
+ activesupport (= 8.1.3)
+ activerecord (8.1.3)
+ activemodel (= 8.1.3)
+ activesupport (= 8.1.3)
timeout (>= 0.4.0)
- activestorage (8.0.5)
- actionpack (= 8.0.5)
- activejob (= 8.0.5)
- activerecord (= 8.0.5)
- activesupport (= 8.0.5)
+ activestorage (8.1.3)
+ actionpack (= 8.1.3)
+ activejob (= 8.1.3)
+ activerecord (= 8.1.3)
+ activesupport (= 8.1.3)
marcel (~> 1.0)
- activesupport (8.0.5)
+ activesupport (8.1.3)
base64
- benchmark (>= 0.3)
bigdecimal
concurrent-ruby (~> 1.0, >= 1.3.1)
connection_pool (>= 2.2.5)
drb
i18n (>= 1.6, < 2)
+ json
logger (>= 1.4.2)
minitest (>= 5.1)
securerandom (>= 0.3)
@@ -77,7 +80,6 @@ GEM
amazing_print (1.8.1)
ast (2.4.3)
base64 (0.3.0)
- benchmark (0.5.0)
berkeley_library-alma (0.1.1)
berkeley_library-logging (~> 0.2)
berkeley_library-marc (~> 0.3.1)
@@ -107,19 +109,18 @@ GEM
bundler (>= 1.2.0)
thor (~> 1.0)
colorize (1.1.0)
- concurrent-ruby (1.3.6)
+ concurrent-ruby (1.3.7)
connection_pool (3.0.2)
crack (1.0.1)
bigdecimal
rexml
- crass (1.0.6)
+ crass (1.0.7)
database_cleaner-active_record (2.2.2)
activerecord (>= 5.a)
database_cleaner-core (~> 2.0)
database_cleaner-core (2.0.1)
date (3.5.1)
diff-lcs (1.6.2)
- docile (1.4.1)
domain_name (0.6.20240107)
drb (2.2.3)
erb (6.0.4)
@@ -137,7 +138,7 @@ GEM
ffi (1.17.4-x86_64-darwin)
ffi (1.17.4-x86_64-linux-gnu)
ffi (1.17.4-x86_64-linux-musl)
- globalid (1.3.0)
+ globalid (1.4.0)
activesupport (>= 6.1)
hashdiff (1.0.1)
hashie (5.1.0)
@@ -145,7 +146,7 @@ GEM
http-accept (1.7.0)
http-cookie (1.1.6)
domain_name (~> 0.5)
- i18n (1.14.8)
+ i18n (1.15.2)
concurrent-ruby (~> 1.0)
image_processing (1.14.0)
mini_magick (>= 4.9.5, < 6)
@@ -156,13 +157,13 @@ GEM
prism (>= 1.3.0)
rdoc (>= 4.0.0)
reline (>= 0.4.2)
- json (2.19.5)
+ json (2.20.0)
jsonapi-serializer (2.2.0)
activesupport (>= 4.2)
jsonapi.rb (2.1.1)
jsonapi-serializer
rack
- jwt (2.10.2)
+ jwt (2.10.3)
base64
language_server-protocol (3.17.0.5)
lint_roller (1.1.0)
@@ -184,7 +185,7 @@ GEM
marc (1.4.0)
nokogiri (~> 1.0)
rexml
- marcel (1.1.0)
+ marcel (1.2.1)
mime-types (3.7.0)
logger
mime-types-data (~> 3.2025, >= 3.2025.0507)
@@ -196,7 +197,7 @@ GEM
drb (~> 2.0)
prism (~> 1.5)
mutex_m (0.3.0)
- net-imap (0.6.4)
+ net-imap (0.6.4.1)
date
net-protocol
net-pop (0.1.2)
@@ -207,23 +208,23 @@ GEM
net-protocol
netrc (0.11.0)
nio4r (2.7.5)
- nokogiri (1.19.3-aarch64-linux-gnu)
+ nokogiri (1.19.4-aarch64-linux-gnu)
racc (~> 1.4)
- nokogiri (1.19.3-aarch64-linux-musl)
+ nokogiri (1.19.4-aarch64-linux-musl)
racc (~> 1.4)
- nokogiri (1.19.3-arm-linux-gnu)
+ nokogiri (1.19.4-arm-linux-gnu)
racc (~> 1.4)
- nokogiri (1.19.3-arm-linux-musl)
+ nokogiri (1.19.4-arm-linux-musl)
racc (~> 1.4)
- nokogiri (1.19.3-arm64-darwin)
+ nokogiri (1.19.4-arm64-darwin)
racc (~> 1.4)
- nokogiri (1.19.3-x86_64-darwin)
+ nokogiri (1.19.4-x86_64-darwin)
racc (~> 1.4)
- nokogiri (1.19.3-x86_64-linux-gnu)
+ nokogiri (1.19.4-x86_64-linux-gnu)
racc (~> 1.4)
- nokogiri (1.19.3-x86_64-linux-musl)
+ nokogiri (1.19.4-x86_64-linux-musl)
racc (~> 1.4)
- oj (3.17.0)
+ oj (3.17.3)
bigdecimal (>= 3.0)
ostruct (>= 0.2)
omniauth (2.1.4)
@@ -253,15 +254,12 @@ GEM
pg_search (2.3.7)
activerecord (>= 6.1)
activesupport (>= 6.1)
- pp (0.6.3)
+ pp (0.6.4)
prettyprint
prettyprint (0.2.0)
prism (1.9.0)
- psych (5.3.1)
- date
- stringio
public_suffix (7.0.5)
- puma (7.2.0)
+ puma (7.2.1)
nio4r (~> 2.0)
puma-plugin-delayed_stop (0.1.2)
puma (>= 5.0, < 8)
@@ -281,20 +279,20 @@ GEM
rack (>= 1.3)
rackup (2.3.1)
rack (>= 3)
- rails (8.0.5)
- actioncable (= 8.0.5)
- actionmailbox (= 8.0.5)
- actionmailer (= 8.0.5)
- actionpack (= 8.0.5)
- actiontext (= 8.0.5)
- actionview (= 8.0.5)
- activejob (= 8.0.5)
- activemodel (= 8.0.5)
- activerecord (= 8.0.5)
- activestorage (= 8.0.5)
- activesupport (= 8.0.5)
+ rails (8.1.3)
+ actioncable (= 8.1.3)
+ actionmailbox (= 8.1.3)
+ actionmailer (= 8.1.3)
+ actionpack (= 8.1.3)
+ actiontext (= 8.1.3)
+ actionview (= 8.1.3)
+ activejob (= 8.1.3)
+ activemodel (= 8.1.3)
+ activerecord (= 8.1.3)
+ activestorage (= 8.1.3)
+ activesupport (= 8.1.3)
bundler (>= 1.15.0)
- railties (= 8.0.5)
+ railties (= 8.1.3)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
actionview (>= 5.0.1.rc1)
@@ -306,9 +304,9 @@ GEM
rails-html-sanitizer (1.7.0)
loofah (~> 2.25)
nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
- railties (8.0.5)
- actionpack (= 8.0.5)
- activesupport (= 8.0.5)
+ railties (8.1.3)
+ actionpack (= 8.1.3)
+ activesupport (= 8.1.3)
irb (~> 1.13)
rackup (>= 1.0.0)
rake (>= 12.2)
@@ -321,9 +319,14 @@ GEM
activerecord (>= 7.2)
activesupport (>= 7.2)
i18n
- rdoc (7.2.0)
+ rbs (4.0.3)
+ logger
+ prism (>= 1.6.0)
+ tsort
+ rdoc (8.0.0)
erb
- psych (>= 4.0.0)
+ prism (>= 1.6.0)
+ rbs (>= 4.0.0)
tsort
regexp_parser (2.12.0)
reline (0.6.3)
@@ -395,15 +398,9 @@ GEM
ffi (~> 1.12)
logger
securerandom (0.4.1)
- simplecov (0.22.0)
- docile (~> 1.1)
- simplecov-html (~> 0.11)
- simplecov_json_formatter (~> 0.1)
- simplecov-html (0.13.2)
+ simplecov (1.0.0.rc4)
simplecov-rcov (0.3.7)
simplecov (>= 0.4.1)
- simplecov_json_formatter (0.1.4)
- stringio (3.2.0)
thor (1.5.0)
timeout (0.6.1)
tsort (0.2.0)
@@ -419,12 +416,12 @@ GEM
addressable (>= 2.8.0)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
- websocket-driver (0.8.0)
+ websocket-driver (0.8.2)
base64
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
zaru (0.3.0)
- zeitwerk (2.7.5)
+ zeitwerk (2.8.2)
PLATFORMS
aarch64-linux-gnu
@@ -451,16 +448,16 @@ DEPENDENCIES
image_processing (~> 1.12)
jsonapi-serializer (~> 2.2)
jsonapi.rb (~> 2.0)
- jwt (~> 2.4)
+ jwt (~> 2.10, >= 2.10.3)
mutex_m
omniauth (~> 2.1)
omniauth-cas (~> 3.0)
pg (~> 1.4)
pg_search (~> 2.3)
- puma (~> 7.2)
+ puma (~> 7.2, >= 7.2.1)
puma-plugin-delayed_stop (~> 0.1.2)
rack-cors
- rails (~> 8.0.5)
+ rails (~> 8.1.3)
rails-controller-testing
ransack (~> 4.2)
rspec (~> 3.13)
@@ -470,13 +467,13 @@ DEPENDENCIES
rubocop-rails (~> 2.34)
rubocop-rspec (~> 3.6)
rubocop-rspec_rails (~> 2.30)
- simplecov (~> 0.22)
+ simplecov (~> 1.0.0.rc4)
simplecov-rcov (~> 0.3)
webmock
zaru (~> 0.3.0)
RUBY VERSION
- ruby 3.3.11p205
+ ruby 3.4.5p51
BUNDLED WITH
- 2.7.2
+ 4.0.8
diff --git a/app/controllers/concerns/exception_handlers.rb b/app/controllers/concerns/exception_handlers.rb
index 79c7682..0296bbb 100644
--- a/app/controllers/concerns/exception_handlers.rb
+++ b/app/controllers/concerns/exception_handlers.rb
@@ -128,6 +128,6 @@ def record_from(exception)
return exception.send(attr) if exception.respond_to?(attr)
end
- nil
+ nil # simplecov:disable
end
end
diff --git a/bin/brakeman b/bin/brakeman
new file mode 100755
index 0000000..ace1c9b
--- /dev/null
+++ b/bin/brakeman
@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+require "rubygems"
+require "bundler/setup"
+
+ARGV.unshift("--ensure-latest")
+
+load Gem.bin_path("brakeman", "brakeman")
diff --git a/bin/bundler-audit b/bin/bundler-audit
new file mode 100755
index 0000000..e2ef226
--- /dev/null
+++ b/bin/bundler-audit
@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+require_relative "../config/boot"
+require "bundler/audit/cli"
+
+ARGV.concat %w[ --config config/bundler-audit.yml ] if ARGV.empty? || ARGV.include?("check")
+Bundler::Audit::CLI.start
diff --git a/bin/ci b/bin/ci
new file mode 100755
index 0000000..4137ad5b
--- /dev/null
+++ b/bin/ci
@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+require_relative "../config/boot"
+require "active_support/continuous_integration"
+
+CI = ActiveSupport::ContinuousIntegration
+require_relative "../config/ci.rb"
diff --git a/bin/dev b/bin/dev
new file mode 100755
index 0000000..5f91c20
--- /dev/null
+++ b/bin/dev
@@ -0,0 +1,2 @@
+#!/usr/bin/env ruby
+exec "./bin/rails", "server", *ARGV
diff --git a/bin/rubocop b/bin/rubocop
new file mode 100755
index 0000000..5a20504
--- /dev/null
+++ b/bin/rubocop
@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+require "rubygems"
+require "bundler/setup"
+
+# Explicit RuboCop config increases performance slightly while avoiding config confusion.
+ARGV.unshift("--config", File.expand_path("../.rubocop.yml", __dir__))
+
+load Gem.bin_path("rubocop", "rubocop")
diff --git a/bin/setup b/bin/setup
index 57b65c8..79f824d 100755
--- a/bin/setup
+++ b/bin/setup
@@ -1,11 +1,10 @@
#!/usr/bin/env ruby
require "fileutils"
-# path to your application root.
-APP_ROOT = File.expand_path("..", __dir__)
+APP_ROOT = File.expand_path('..', __dir__)
def system!(*args)
- system(*args) || abort("\n== Command #{args} failed ==")
+ system(*args, exception: true)
end
FileUtils.chdir APP_ROOT do
@@ -13,13 +12,19 @@ FileUtils.chdir APP_ROOT do
# This script is idempotent, so that you can run it at any time and get an expectable outcome.
# Add necessary setup steps to this file.
- puts "== Installing dependencies =="
- system! "gem install bundler --conservative"
- system("bundle check") || system!("bundle install")
+ puts '== Installing dependencies =='
+ system('bundle check') || system!('bundle install')
+
+ puts "\n== Preparing database =="
+ system! 'bin/rails db:prepare'
+ system! 'bin/rails db:reset' if ARGV.include?('--reset')
puts "\n== Removing old logs and tempfiles =="
- system! "bin/rails log:clear tmp:clear"
+ system! 'bin/rails log:clear tmp:clear'
- puts "\n== Restarting application server =="
- system! "bin/rails restart"
+ unless ARGV.include?('--skip-server')
+ puts "\n== Starting development server =="
+ STDOUT.flush # flush the output before exec(2) so that it displays
+ exec 'bin/dev'
+ end
end
diff --git a/config/application.rb b/config/application.rb
index 551a648..4a55088 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -25,7 +25,7 @@
module GalcApi
class Application < Rails::Application
- config.load_defaults 8.0
+ config.load_defaults 8.1
config.api_only = true
diff --git a/config/bundler-audit.yml b/config/bundler-audit.yml
new file mode 100644
index 0000000..e74b3af
--- /dev/null
+++ b/config/bundler-audit.yml
@@ -0,0 +1,5 @@
+# Audit all gems listed in the Gemfile for known security problems by running bin/bundler-audit.
+# CVEs that are not relevant to the application can be enumerated on the ignore list below.
+
+ignore:
+ - CVE-THAT-DOES-NOT-APPLY
diff --git a/config/ci.rb b/config/ci.rb
new file mode 100644
index 0000000..c8ffd66
--- /dev/null
+++ b/config/ci.rb
@@ -0,0 +1,18 @@
+# Run using bin/ci
+
+CI.run do
+ step 'Setup', 'bin/setup --skip-server'
+
+ step 'Style: Ruby', 'bin/rubocop'
+
+ step 'Security: Gem audit', 'bin/bundler-audit'
+ step 'Security: Brakeman code analysis', 'bin/brakeman --quiet --no-pager --exit-on-warn --exit-on-error'
+
+ # Optional: set a green GitHub commit status to unblock PR merge.
+ # Requires the `gh` CLI and `gh extension install basecamp/gh-signoff`.
+ # if success?
+ # step 'Signoff: All systems go. Ready for merge and deploy.', 'gh signoff'
+ # else
+ # failure 'Signoff: CI failed. Do not merge or deploy.', 'Fix the issues and try again.'
+ # end
+end
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 46a8354..bb0e81f 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -3,10 +3,8 @@
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
- # In the development environment your application's code is reloaded any time
- # it changes. This slows down response time but is perfect for development
- # since you don't have to restart the web server when you make code changes.
- config.cache_classes = false
+ # Make code changes take effect immediately without server restart.
+ config.enable_reloading = true
# Do not eager load code on boot.
config.eager_load = false
@@ -14,47 +12,52 @@
# Show full error reports.
config.consider_all_requests_local = true
- # Enable server timing
+ # Enable server timing.
config.server_timing = true
# Disable serving static files from the `/public` folder by default since
# we don't have any, except public.html which is served by AuthController#index
config.public_file_server.enabled = false
- # Enable/disable caching. By default caching is disabled.
- # Run rails dev:cache to toggle caching.
- if Rails.root.join('tmp', 'caching-dev.txt').exist?
+ # Enable/disable Action Controller caching. By default Action Controller caching is disabled.
+ # Run rails dev:cache to toggle Action Controller caching.
+ if Rails.root.join('tmp/caching-dev.txt').exist?
config.cache_store = :memory_store
- # config.public_file_server.headers = {
- # 'Cache-Control' => "public, max-age=#{2.days.to_i}"
- # }
else
config.action_controller.perform_caching = false
config.cache_store = :null_store
end
+ # Don't care if the mailer can't send.
+ config.action_mailer.raise_delivery_errors = false
+
+ # Make template changes take effect immediately.
+ config.action_mailer.perform_caching = false
+
# Print deprecation notices to the Rails logger.
config.active_support.deprecation = :log
- # Raise exceptions for disallowed deprecations.
- config.active_support.disallowed_deprecation = :raise
+ # Highlight code that triggered database queries in logs.
+ config.active_record.verbose_query_logs = true
+
+ # Append comments with runtime information tags to SQL queries in logs.
+ config.active_record.query_log_tags_enabled = true
- # Tell Active Support which deprecation messages to disallow.
- config.active_support.disallowed_deprecation_warnings = []
+ # Highlight code that enqueued background job in logs.
+ config.active_job.verbose_enqueue_logs = true
+
+ # Highlight code that triggered redirect in logs.
+ config.action_dispatch.verbose_redirect_logs = true
# Raises error for missing translations.
# config.i18n.raise_on_missing_translations = true
# Annotate rendered view with file names.
- # config.action_view.annotate_rendered_view_with_filenames = true
-
- # Uncomment if you wish to allow Action Cable access from any origin.
- # config.action_cable.disable_request_forgery_protection = true
+ config.action_view.annotate_rendered_view_with_filenames = true
- # Fake sending of emails
- config.action_mailer.delivery_method = :test
- config.action_mailer.perform_caching = false
+ # Raise error when a before_action's only/except options reference missing actions.
+ config.action_controller.raise_on_missing_callback_actions = true
Rails.application.config.hosts = [
IPAddr.new('0.0.0.0/0'), # All IPv4 addresses.
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 465f00f..e8e3447 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -4,22 +4,15 @@
# Settings specified here will take precedence over those in config/application.rb.
# Code is not reloaded between requests.
- config.cache_classes = true
+ config.enable_reloading = false
- # Eager load code on boot. This eager loads most of Rails and
- # your application in memory, allowing both threaded web servers
- # and those relying on copy on write to perform better.
- # Rake tasks automatically ignore this option for performance.
+ # Eager load code on boot for better performance and memory savings (ignored by Rake tasks).
# config.eager_load = true
config.eager_load = false
- # Full error reports are disabled and caching is turned on.
+ # Full error reports are disabled.
config.consider_all_requests_local = false
- # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"]
- # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
- # config.require_master_key = true
-
# Disable serving static files from the `/public` folder by default since
# we don't have any, except public.html which is served by AuthController#index
config.public_file_server.enabled = false
@@ -27,42 +20,33 @@
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
# config.asset_host = "http://assets.example.com"
- # Specifies the header that your server uses for sending files.
- # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache
- # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
-
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
- # Include generic and useful information about system operation, but avoid logging too much
- # information to avoid inadvertent exposure of personally identifiable information (PII).
+ # Change to "debug" to log everything (including potentially personally-identifiable information!).
config.log_level = :info
# Prepend all log lines with the following tags.
config.log_tags = [:request_id]
- # Use a different cache store in production.
- # config.cache_store = :mem_cache_store
-
- # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
- # the I18n.default_locale when a translation cannot be found).
- config.i18n.fallbacks = true
-
# Don't log any deprecations.
config.active_support.report_deprecations = false
+ # Replace the default in-process memory cache store with a durable alternative.
+ # config.cache_store = :mem_cache_store
+
# Use default logging formatter so that PID and timestamp are not suppressed.
config.log_formatter = ::Logger::Formatter.new
- # Use a different logger for distributed setups.
- # require "syslog/logger"
- # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name")
+ # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+ # the I18n.default_locale when a translation cannot be found).
+ config.i18n.fallbacks = true
+
+ # Do not dump schema after migrations.
+ config.active_record.dump_schema_after_migration = false
- # if ENV['RAILS_LOG_TO_STDOUT'].present?
- # logger = ActiveSupport::Logger.new($stdout)
- # logger.formatter = config.log_formatter
- # config.logger = ActiveSupport::TaggedLogging.new(logger)
- # end
+ # Only use :id for inspections in production.
+ config.active_record.attributes_for_inspect = [:id]
# ------------------------------------------------------------
# Mailer configuration
diff --git a/config/environments/test.rb b/config/environments/test.rb
index aada6ff..c63ac55 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -1,5 +1,3 @@
-require 'active_support/core_ext/integer/time'
-
# The test environment is used exclusively to run your application's
# test suite. You never need to work with it otherwise. Remember that
# your test database is "scratch space" for the test suite and is wiped
@@ -8,21 +6,21 @@
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
- # Turn false under Spring and add config.action_view.cache_template_loading = true.
- config.cache_classes = true
+ # While tests run files are not watched, reloading is not necessary.
+ config.enable_reloading = false
- # Eager loading loads your whole application. When running a single test locally,
- # this probably isn't necessary. It's a good idea to do in a continuous integration
- # system, or in some way before deploying your code.
+ # Eager loading loads your entire application. When running a single test locally,
+ # this is usually not necessary, and can slow down your test suite. However, it's
+ # recommended that you enable it in continuous integration systems to ensure eager
+ # loading is working properly before deploying your code.
config.eager_load = ENV['CI'].present?
# Disable serving static files from the `/public` folder by default since
# we don't have any, except public.html which is served by AuthController#index
config.public_file_server.enabled = false
- # Show full error reports and disable caching.
- config.consider_all_requests_local = true
- config.action_controller.perform_caching = false
+ # Show full error reports.
+ config.consider_all_requests_local = true
config.cache_store = :null_store
# Raise exceptions instead of rendering exception templates.
@@ -31,24 +29,23 @@
# Disable request forgery protection in test environment.
config.action_controller.allow_forgery_protection = false
+ # Tell Action Mailer not to deliver emails to the real world.
+ # The :test delivery method accumulates sent emails in the
+ # ActionMailer::Base.deliveries array.
+ config.action_mailer.delivery_method = :test
+ config.action_mailer.perform_caching = false
+
# Print deprecation notices to the stderr.
config.active_support.deprecation = :stderr
- # Raise exceptions for disallowed deprecations.
- config.active_support.disallowed_deprecation = :raise
-
- # Tell Active Support which deprecation messages to disallow.
- config.active_support.disallowed_deprecation_warnings = []
-
# Raises error for missing translations.
# config.i18n.raise_on_missing_translations = true
# Annotate rendered view with file names.
# config.action_view.annotate_rendered_view_with_filenames = true
- # Fake sending of emails
- config.action_mailer.delivery_method = :test
- config.action_mailer.perform_caching = false
+ # Raise error when a before_action's only/except options reference missing actions.
+ config.action_controller.raise_on_missing_callback_actions = true
Rails.application.config.hosts.append(
ActionDispatch::Integration::Session::DEFAULT_HOST,
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
index f0ac234..5023a98 100644
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -1,7 +1,7 @@
# Be sure to restart your server when you modify this file.
# Avoid CORS issues when API is called from the frontend app.
-# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests.
+# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin Ajax requests.
# Read more: https://github.com/cyu/rack-cors
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb
index eafcd36..f72dcdf 100644
--- a/config/initializers/filter_parameter_logging.rb
+++ b/config/initializers/filter_parameter_logging.rb
@@ -1,8 +1,8 @@
# Be sure to restart your server when you modify this file.
-# Configure parameters to be filtered from the log file. Use this to limit dissemination of
-# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
-# notations and behaviors.
+# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file.
+# Use this to limit dissemination of sensitive information.
+# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
Rails.application.config.filter_parameters += %i[
passw email secret token _key crypt salt certificate otp ssn cvv cvc
]
diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb
index b736630..ae0a666 100644
--- a/config/initializers/inflections.rb
+++ b/config/initializers/inflections.rb
@@ -1,3 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
ActiveSupport::Inflector.inflections(:en) do |inflect|
%w[JWT MMS].each { |a| inflect.acronym(a) }
end
diff --git a/lib/docker.rb b/lib/docker.rb
index 397b13f..7ffc22b 100644
--- a/lib/docker.rb
+++ b/lib/docker.rb
@@ -13,6 +13,8 @@ def setup_environment!(fileglob = '/run/secrets/*')
# rubocop:disable Naming/AccessorMethodName
def set_env_from(filepath)
+ return unless File.file?(filepath)
+
secret = File.read(filepath)
secret_name = File.basename(filepath)
return logger.warn("Can't set ENV[#{secret_name}]; #{filepath} is empty") if secret.empty?
diff --git a/spec/models/image_spec.rb b/spec/models/image_spec.rb
index 8e2fd58..5886856 100644
--- a/spec/models/image_spec.rb
+++ b/spec/models/image_spec.rb
@@ -22,11 +22,7 @@ def uploaded_file
t.rewind
end
- options = {
- tempfile: tmp,
- filename: File.basename(source_file_path),
- type: 'image/jpeg'
- }
+ options = { tempfile: tmp, filename: File.basename(source_file_path), type: 'image/jpeg' }
@uploaded_file = ActionDispatch::Http::UploadedFile.new(options)
end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index fa0aaf4..c297666 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -29,3 +29,5 @@
WebMock.allow_net_connect!
end
end
+
+SimpleCov.start if ENV['COVERAGE']