diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 0f8efb6bd..000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,188 +0,0 @@ -# Ruby CircleCI 2.0 configuration file -# -# Check https://circleci.com/docs/2.0/language-ruby/ for more details -# -version: 2.1 - -orbs: - slack: circleci/slack@3.4.2 - -jobs: - build: - docker: - # Specify the Ruby version you desire here - - image: cimg/ruby:3.0.3 - environment: - RAILS_ENV: test - CC_TEST_REPORTER_ID: c88a6f4af1fbf80e0fc9a5593ebff124b2f940645b1eacb5adb681522bbf650e - COVERAGE: true - # PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - - # Specify service dependencies here if necessary - # CircleCI maintains a library of pre-built images - # documented at https://circleci.com/docs/2.0/circleci-images/ - - image: cimg/postgres:13.4 - environment: - POSTGRES_USER: circleci - - - image: redis:4.0.1 - - working_directory: ~/identity-pki - - steps: - - checkout - - install-deps - - - run: - name: Install Code Climate Test Reporter - command: | - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter - chmod +x ./cc-test-reporter - - run: - name: Wait for DB - command: dockerize -wait tcp://localhost:5432 -timeout 1m - - - run: - name: Test Setup - command: | - cp config/application.yml.default config/application.yml - bundle exec rake db:setup --trace - - - run: - name: Run Tests - command: | - mkdir /tmp/test-results - ./cc-test-reporter before-build - bundle exec rake spec - - - run: - name: Run Lints - command: make lint - - - run: - name: Code Climate Test Coverage - command: | - ./cc-test-reporter format-coverage -t simplecov -o "coverage/codeclimate.$CIRCLE_NODE_INDEX.json" - - # collect reports - - store_test_results: - path: /tmp/test-results - - store_artifacts: - path: /tmp/test-results - destination: test-results - - deploy: - command: | - ./cc-test-reporter sum-coverage --output - --parts $CIRCLE_NODE_TOTAL coverage/codeclimate.*.json | ./cc-test-reporter upload-coverage --debug --input - - check_certificate_bundle: - docker: - # Specify the Ruby version you desire here - - image: cimg/ruby:3.0.3 - environment: - RAILS_ENV: test - - image: cimg/postgres:13.4 - environment: - POSTGRES_USER: circleci - - steps: - - checkout - - install-deps - - run: - name: Test Setup - command: | - cp config/application.yml.default config/application.yml - bundle exec rake db:setup --trace - - run: - name: Check certificate bundle - command: | - bundle exec rake certs:check_certificate_bundle - build-release-container: - working_directory: ~/identity-pki - docker: - - image: cimg/ruby:3.0.3 - steps: - - checkout - - setup_remote_docker - - run: | - if [ -z "$CIRCLE_TAG" ]; then exit 0; fi # this shouldn't be necessary... - docker build -t logindotgov/pki:$CIRCLE_TAG -f Dockerfile . - echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin - docker push logindotgov/pki:$CIRCLE_TAG - - check-expiring-certs-config: - docker: - # Specify the Ruby version you desire here - - image: cimg/ruby:3.0.3-browsers - environment: - RAILS_ENV: test - CC_TEST_REPORTER_ID: c88a6f4af1fbf80e0fc9a5593ebff124b2f940645b1eacb5adb681522bbf650e - COVERAGE: true - # PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - - # Specify service dependencies here if necessary - # CircleCI maintains a library of pre-built images - # documented at https://circleci.com/docs/2.0/circleci-images/ - - image: cimg/postgres:13.4 - environment: - POSTGRES_USER: circleci - - - image: redis:4.0.1 - - working_directory: ~/identity-pki - - steps: - - checkout - - install-deps - - run: - name: Test Setup - command: | - cp config/application.yml.default config/application.yml - bundle exec rake db:setup --trace - - run: - name: Check for expiring certs - command: | - bundle exec rake certs:print_expiring - - - slack/status: - fail_only: true - failure_message: ":piv-card::red_circle::scream: identity-pki has certs expiring within 30 days" - include_project_field: false - -commands: - install-deps: - steps: - - restore_cache: - keys: - - v2-identity-pki-bundle-{{ checksum "Gemfile.lock" }} - - run: - name: Install dependencies - command: | - gem install bundler - bundle check || bundle install --deployment --jobs=4 --retry=3 --without deploy development doc production --path vendor/bundle - - save_cache: - key: v2-identity-pki-bundle-{{ checksum "Gemfile.lock" }} - paths: - - vendor/bundle - -workflows: - version: 2 - release: - jobs: - - build - - check_certificate_bundle - - build-release-container: - requires: - - build - filters: - tags: - only: "/^[0-9]{4}-[0-9]{2}-[0-9]{2,}.*/" - daily-30d-expiring-cert: - jobs: - - check-expiring-certs-config - triggers: - - schedule: - # Once a day at 12pm - cron: "0 12 * * *" - filters: - branches: - only: - - master diff --git a/.codeclimate.yml b/.codeclimate.yml deleted file mode 100644 index a8869406f..000000000 --- a/.codeclimate.yml +++ /dev/null @@ -1,11 +0,0 @@ -plugins: - brakeman: - enabled: true - reek: - enabled: false - rubocop: - enabled: false - -checks: - method-complexity: - enabled: false diff --git a/Gemfile b/Gemfile index 95283e3cc..1097bcd51 100644 --- a/Gemfile +++ b/Gemfile @@ -20,6 +20,7 @@ gem 'rgl' group :development, :test do gem 'bullet', '>= 6.0.2' + gem 'brakeman', require: false gem 'pry-byebug' gem 'rspec-rails', '>= 3.8.3' gem 'rubocop', require: false @@ -29,7 +30,6 @@ end group :development do gem 'better_errors', '>= 2.5.1' - gem 'brakeman', require: false gem 'bummr', require: false gem 'guard-rspec', require: false gem 'overcommit', require: false @@ -39,6 +39,7 @@ end group :test do gem 'axe-matchers', '~> 1.3.4' + gem 'bundler-audit', require: false gem 'database_cleaner' gem 'factory_bot_rails', '>= 5.2.0' gem 'fakefs', require: 'fakefs/safe' diff --git a/Gemfile.lock b/Gemfile.lock index 6c77f7faa..ad0bd45ef 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -112,7 +112,7 @@ GEM rack (>= 0.9.0) bloomfilter-rb (2.1.1) redis - brakeman (4.10.0) + brakeman (6.0.1) builder (3.2.4) bullet (6.1.4) activesupport (>= 3.0.0) @@ -120,6 +120,9 @@ GEM bummr (0.5.0) rainbow thor + bundler-audit (0.9.1) + bundler (>= 1.2.0, < 3) + thor (~> 1.0) byebug (11.1.3) childprocess (4.0.0) choice (0.2.0) @@ -384,6 +387,7 @@ DEPENDENCIES brakeman bullet (>= 6.0.2) bummr + bundler-audit database_cleaner factory_bot_rails (>= 5.2.0) fakefs diff --git a/Makefile b/Makefile index afe92b5db..78007b684 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,16 @@ check: lint test lint: @echo "--- rubocop ---" bundle exec rubocop + @echo "--- brakeman ---" + bundle exec brakeman + @echo "--- bundler-audit ---" + bundle exec bundler-audit check --update + @echo "--- lint Gemfile.lock ---" + make lint_gemfile_lock + +lint_gemfile_lock: Gemfile Gemfile.lock ## Lints the Gemfile and its lockfile + @bundle check + @git diff-index --quiet HEAD Gemfile.lock || (echo "Error: There are uncommitted changes after running 'bundle install'"; exit 1) lintfix: @echo "--- rubocop fix ---" diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 6254c5cd7..8612ff2fd 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -34,6 +34,6 @@ end require 'webmock/rspec' -WebMock.disable_net_connect!(allow: [/localhost/, /127\.0\.0\.1/, /codeclimate.com/]) +WebMock.disable_net_connect!(allow: [/localhost/, /127\.0\.0\.1/]) require 'zonebie/rspec'