diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 0f8efb6bd..000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,188 +0,0 @@ -# Ruby CircleCI 2.0 configuration file -# -# Check https://circleci.com/docs/2.0/language-ruby/ for more details -# -version: 2.1 - -orbs: - slack: circleci/slack@3.4.2 - -jobs: - build: - docker: - # Specify the Ruby version you desire here - - image: cimg/ruby:3.0.3 - environment: - RAILS_ENV: test - CC_TEST_REPORTER_ID: c88a6f4af1fbf80e0fc9a5593ebff124b2f940645b1eacb5adb681522bbf650e - COVERAGE: true - # PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - - # Specify service dependencies here if necessary - # CircleCI maintains a library of pre-built images - # documented at https://circleci.com/docs/2.0/circleci-images/ - - image: cimg/postgres:13.4 - environment: - POSTGRES_USER: circleci - - - image: redis:4.0.1 - - working_directory: ~/identity-pki - - steps: - - checkout - - install-deps - - - run: - name: Install Code Climate Test Reporter - command: | - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter - chmod +x ./cc-test-reporter - - run: - name: Wait for DB - command: dockerize -wait tcp://localhost:5432 -timeout 1m - - - run: - name: Test Setup - command: | - cp config/application.yml.default config/application.yml - bundle exec rake db:setup --trace - - - run: - name: Run Tests - command: | - mkdir /tmp/test-results - ./cc-test-reporter before-build - bundle exec rake spec - - - run: - name: Run Lints - command: make lint - - - run: - name: Code Climate Test Coverage - command: | - ./cc-test-reporter format-coverage -t simplecov -o "coverage/codeclimate.$CIRCLE_NODE_INDEX.json" - - # collect reports - - store_test_results: - path: /tmp/test-results - - store_artifacts: - path: /tmp/test-results - destination: test-results - - deploy: - command: | - ./cc-test-reporter sum-coverage --output - --parts $CIRCLE_NODE_TOTAL coverage/codeclimate.*.json | ./cc-test-reporter upload-coverage --debug --input - - check_certificate_bundle: - docker: - # Specify the Ruby version you desire here - - image: cimg/ruby:3.0.3 - environment: - RAILS_ENV: test - - image: cimg/postgres:13.4 - environment: - POSTGRES_USER: circleci - - steps: - - checkout - - install-deps - - run: - name: Test Setup - command: | - cp config/application.yml.default config/application.yml - bundle exec rake db:setup --trace - - run: - name: Check certificate bundle - command: | - bundle exec rake certs:check_certificate_bundle - build-release-container: - working_directory: ~/identity-pki - docker: - - image: cimg/ruby:3.0.3 - steps: - - checkout - - setup_remote_docker - - run: | - if [ -z "$CIRCLE_TAG" ]; then exit 0; fi # this shouldn't be necessary... - docker build -t logindotgov/pki:$CIRCLE_TAG -f Dockerfile . - echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin - docker push logindotgov/pki:$CIRCLE_TAG - - check-expiring-certs-config: - docker: - # Specify the Ruby version you desire here - - image: cimg/ruby:3.0.3-browsers - environment: - RAILS_ENV: test - CC_TEST_REPORTER_ID: c88a6f4af1fbf80e0fc9a5593ebff124b2f940645b1eacb5adb681522bbf650e - COVERAGE: true - # PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - - # Specify service dependencies here if necessary - # CircleCI maintains a library of pre-built images - # documented at https://circleci.com/docs/2.0/circleci-images/ - - image: cimg/postgres:13.4 - environment: - POSTGRES_USER: circleci - - - image: redis:4.0.1 - - working_directory: ~/identity-pki - - steps: - - checkout - - install-deps - - run: - name: Test Setup - command: | - cp config/application.yml.default config/application.yml - bundle exec rake db:setup --trace - - run: - name: Check for expiring certs - command: | - bundle exec rake certs:print_expiring - - - slack/status: - fail_only: true - failure_message: ":piv-card::red_circle::scream: identity-pki has certs expiring within 30 days" - include_project_field: false - -commands: - install-deps: - steps: - - restore_cache: - keys: - - v2-identity-pki-bundle-{{ checksum "Gemfile.lock" }} - - run: - name: Install dependencies - command: | - gem install bundler - bundle check || bundle install --deployment --jobs=4 --retry=3 --without deploy development doc production --path vendor/bundle - - save_cache: - key: v2-identity-pki-bundle-{{ checksum "Gemfile.lock" }} - paths: - - vendor/bundle - -workflows: - version: 2 - release: - jobs: - - build - - check_certificate_bundle - - build-release-container: - requires: - - build - filters: - tags: - only: "/^[0-9]{4}-[0-9]{2}-[0-9]{2,}.*/" - daily-30d-expiring-cert: - jobs: - - check-expiring-certs-config - triggers: - - schedule: - # Once a day at 12pm - cron: "0 12 * * *" - filters: - branches: - only: - - master diff --git a/.codeclimate.yml b/.codeclimate.yml deleted file mode 100644 index a8869406f..000000000 --- a/.codeclimate.yml +++ /dev/null @@ -1,11 +0,0 @@ -plugins: - brakeman: - enabled: true - reek: - enabled: false - rubocop: - enabled: false - -checks: - method-complexity: - enabled: false diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ac60fc9b6..6b49bdedd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,7 +6,8 @@ variables: ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com' IDP_WORKER_IMAGE_TAG: 'main' - PIVCAC_CI_SHA: 'sha256:87767eb8daa6703c247d5a4baa5e19eddc58bc051f01070903f24d9f8a6c9267' + PIVCAC_CI_SHA: 'sha256:41c2b811ee61aa06c662e2d631812cda04d06a0dd15e177ec04997dcaeb1cc9c' + CI: 'true' default: image: '${ECR_REGISTRY}/pivcac/ci@${PIVCAC_CI_SHA}' @@ -339,9 +340,10 @@ ecr-scan: - > while true; do SCAN_STATUS=$(aws ecr describe-image-scan-findings --repository-name identity-pivcac/review --image-id imageTag=$CI_COMMIT_SHA --query 'imageScanStatus.status' --output text || true) - if [ "$SCAN_STATUS" == "ACTIVE" ]; then + if echo "$SCAN_STATUS" | grep -q "ACTIVE"; then + echo "Scan Complete" break - elif [ "$SCAN_STATUS" == "FAILED" ]; then + elif echo "$SCAN_STATUS" | grep -q "FAILED"; then echo "ECR scan failed" exit 1 else diff --git a/.ruby-version b/.ruby-version index 9f55b2ccb..a3ec5a4bd 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.0 +3.2 diff --git a/Gemfile b/Gemfile index 95283e3cc..8c040e848 100644 --- a/Gemfile +++ b/Gemfile @@ -1,17 +1,17 @@ source 'https://rubygems.org' git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" } -ruby '~> 3.0' +ruby '~> 3.2' -gem 'rails', '~> 6.1.6' +gem 'rails', '~> 7.0.7' gem 'activerecord-import', '>= 1.0.2' gem 'aws-sdk-s3' gem 'bloomfilter-rb' -gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v3.4.1' +gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v3.4.2' gem 'identity-logging', github: '18F/identity-logging', tag: 'v0.1.0' gem 'mini_cache' -gem 'newrelic_rpm' +gem 'newrelic_rpm', '~> 8.0' gem 'pg' gem 'pry-rails' gem 'puma' @@ -19,7 +19,8 @@ gem 'redacted_struct', '~> 1.0' gem 'rgl' group :development, :test do - gem 'bullet', '>= 6.0.2' + gem 'bullet', '~> 7.0' + gem 'brakeman', require: false gem 'pry-byebug' gem 'rspec-rails', '>= 3.8.3' gem 'rubocop', require: false @@ -29,7 +30,6 @@ end group :development do gem 'better_errors', '>= 2.5.1' - gem 'brakeman', require: false gem 'bummr', require: false gem 'guard-rspec', require: false gem 'overcommit', require: false @@ -39,6 +39,7 @@ end group :test do gem 'axe-matchers', '~> 1.3.4' + gem 'bundler-audit', require: false gem 'database_cleaner' gem 'factory_bot_rails', '>= 5.2.0' gem 'fakefs', require: 'fakefs/safe' diff --git a/Gemfile.lock b/Gemfile.lock index 6c77f7faa..e3a9d952c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/18F/identity-hostdata.git - revision: 25a7e98919b1eb0d61dbcce314807a412aff62ad - tag: v3.4.1 + revision: 9e2e0441cd93307cbfc5d5b8d4b3b7b4219394fb + tag: v3.4.2 specs: - identity-hostdata (3.4.1) + identity-hostdata (3.4.2) activesupport (>= 6.1, < 8) aws-sdk-s3 (~> 1.8) @@ -19,67 +19,73 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.6) - actionpack (= 6.1.7.6) - activesupport (= 6.1.7.6) + actioncable (7.0.7.2) + actionpack (= 7.0.7.2) + activesupport (= 7.0.7.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.6) - actionpack (= 6.1.7.6) - activejob (= 6.1.7.6) - activerecord (= 6.1.7.6) - activestorage (= 6.1.7.6) - activesupport (= 6.1.7.6) + actionmailbox (7.0.7.2) + actionpack (= 7.0.7.2) + activejob (= 7.0.7.2) + activerecord (= 7.0.7.2) + activestorage (= 7.0.7.2) + activesupport (= 7.0.7.2) mail (>= 2.7.1) - actionmailer (6.1.7.6) - actionpack (= 6.1.7.6) - actionview (= 6.1.7.6) - activejob (= 6.1.7.6) - activesupport (= 6.1.7.6) + net-imap + net-pop + net-smtp + actionmailer (7.0.7.2) + actionpack (= 7.0.7.2) + actionview (= 7.0.7.2) + activejob (= 7.0.7.2) + activesupport (= 7.0.7.2) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (6.1.7.6) - actionview (= 6.1.7.6) - activesupport (= 6.1.7.6) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.7.2) + actionview (= 7.0.7.2) + activesupport (= 7.0.7.2) + rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.6) - actionpack (= 6.1.7.6) - activerecord (= 6.1.7.6) - activestorage (= 6.1.7.6) - activesupport (= 6.1.7.6) + actiontext (7.0.7.2) + actionpack (= 7.0.7.2) + activerecord (= 7.0.7.2) + activestorage (= 7.0.7.2) + activesupport (= 7.0.7.2) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7.6) - activesupport (= 6.1.7.6) + actionview (7.0.7.2) + activesupport (= 7.0.7.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.6) - activesupport (= 6.1.7.6) + activejob (7.0.7.2) + activesupport (= 7.0.7.2) globalid (>= 0.3.6) - activemodel (6.1.7.6) - activesupport (= 6.1.7.6) - activerecord (6.1.7.6) - activemodel (= 6.1.7.6) - activesupport (= 6.1.7.6) - activerecord-import (1.0.8) - activerecord (>= 3.2) - activestorage (6.1.7.6) - actionpack (= 6.1.7.6) - activejob (= 6.1.7.6) - activerecord (= 6.1.7.6) - activesupport (= 6.1.7.6) + activemodel (7.0.7.2) + activesupport (= 7.0.7.2) + activerecord (7.0.7.2) + activemodel (= 7.0.7.2) + activesupport (= 7.0.7.2) + activerecord-import (1.5.0) + activerecord (>= 4.2) + activestorage (7.0.7.2) + actionpack (= 7.0.7.2) + activejob (= 7.0.7.2) + activerecord (= 7.0.7.2) + activesupport (= 7.0.7.2) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.6) + activesupport (7.0.7.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) ast (2.4.2) @@ -112,14 +118,17 @@ GEM rack (>= 0.9.0) bloomfilter-rb (2.1.1) redis - brakeman (4.10.0) + brakeman (6.0.1) builder (3.2.4) - bullet (6.1.4) + bullet (7.0.7) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) bummr (0.5.0) rainbow thor + bundler-audit (0.9.1) + bundler (>= 1.2.0, < 3) + thor (~> 1.0) byebug (11.1.3) childprocess (4.0.0) choice (0.2.0) @@ -144,8 +153,8 @@ GEM factory_bot_rails (6.1.0) factory_bot (~> 6.1.0) railties (>= 5.0.0) - fakefs (1.2.2) - ffi (1.13.1) + fakefs (2.5.0) + ffi (1.15.5) formatador (0.2.5) globalid (1.1.0) activesupport (>= 5.0) @@ -171,7 +180,7 @@ GEM jmespath (1.6.1) json (2.6.3) lazy_priority_queue (0.1.1) - listen (3.3.1) + listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) lograge (0.11.2) @@ -204,7 +213,7 @@ GEM timeout net-smtp (0.3.3) net-protocol - newrelic_rpm (6.13.1) + newrelic_rpm (8.16.0) nio4r (2.5.9) nokogiri (1.15.4) mini_portile2 (~> 2.8.2) @@ -218,13 +227,13 @@ GEM parallel (1.22.1) parser (3.2.2.0) ast (~> 2.4.1) - pg (1.2.3) - pry (0.13.1) + pg (1.5.3) + pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) - pry-byebug (3.9.0) + pry-byebug (3.10.1) byebug (~> 11.0) - pry (~> 0.13.0) + pry (>= 0.13, < 0.15) pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (4.0.6) @@ -236,21 +245,20 @@ GEM rack (>= 1.2.0) rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.6) - actioncable (= 6.1.7.6) - actionmailbox (= 6.1.7.6) - actionmailer (= 6.1.7.6) - actionpack (= 6.1.7.6) - actiontext (= 6.1.7.6) - actionview (= 6.1.7.6) - activejob (= 6.1.7.6) - activemodel (= 6.1.7.6) - activerecord (= 6.1.7.6) - activestorage (= 6.1.7.6) - activesupport (= 6.1.7.6) + rails (7.0.7.2) + actioncable (= 7.0.7.2) + actionmailbox (= 7.0.7.2) + actionmailer (= 7.0.7.2) + actionpack (= 7.0.7.2) + actiontext (= 7.0.7.2) + actionview (= 7.0.7.2) + activejob (= 7.0.7.2) + activemodel (= 7.0.7.2) + activerecord (= 7.0.7.2) + activestorage (= 7.0.7.2) + activesupport (= 7.0.7.2) bundler (>= 1.15.0) - railties (= 6.1.7.6) - sprockets-rails (>= 2.0.0) + railties (= 7.0.7.2) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -267,38 +275,39 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (6.1.7.6) - actionpack (= 6.1.7.6) - activesupport (= 6.1.7.6) + railties (7.0.7.2) + actionpack (= 7.0.7.2) + activesupport (= 7.0.7.2) method_source rake (>= 12.2) thor (~> 1.0) + zeitwerk (~> 2.5) rainbow (3.1.1) rake (13.0.6) - rb-fsevent (0.10.4) + rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) redacted_struct (1.1.0) redis (4.2.4) regexp_parser (2.7.0) - request_store (1.5.0) + request_store (1.5.1) rack (>= 1.4) rexml (3.2.5) rgl (0.5.6) lazy_priority_queue (~> 0.1.0) stream (~> 0.5.2) - rspec (3.10.0) - rspec-core (~> 3.10.0) - rspec-expectations (~> 3.10.0) - rspec-mocks (~> 3.10.0) - rspec-core (3.10.1) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.1) + rspec (3.12.0) + rspec-core (~> 3.12.0) + rspec-expectations (~> 3.12.0) + rspec-mocks (~> 3.12.0) + rspec-core (3.12.2) + rspec-support (~> 3.12.0) + rspec-expectations (3.12.3) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.2) + rspec-support (~> 3.12.0) + rspec-mocks (3.12.6) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) + rspec-support (~> 3.12.0) rspec-rails (4.0.1) actionpack (>= 4.2) activesupport (>= 4.2) @@ -307,7 +316,7 @@ GEM rspec-expectations (~> 3.9) rspec-mocks (~> 3.9) rspec-support (~> 3.9) - rspec-support (3.10.3) + rspec-support (3.12.1) rspec_junit_formatter (0.6.0) rspec-core (>= 2, < 4, != 2.12.0) rubocop (1.50.1) @@ -341,13 +350,6 @@ GEM simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) - sprockets (4.2.0) - concurrent-ruby (~> 1.0) - rack (>= 2.2.4, < 4) - sprockets-rails (3.4.2) - actionpack (>= 5.2) - activesupport (>= 5.2) - sprockets (>= 3.0.0) stream (0.5.2) thor (1.2.2) thread_safe (0.3.6) @@ -356,7 +358,7 @@ GEM tzinfo (2.0.6) concurrent-ruby (~> 1.0) unicode-display_width (2.4.2) - uniform_notifier (1.14.0) + uniform_notifier (1.16.0) virtus (1.0.5) axiom-types (~> 0.1) coercible (~> 1.0) @@ -382,8 +384,9 @@ DEPENDENCIES better_errors (>= 2.5.1) bloomfilter-rb brakeman - bullet (>= 6.0.2) + bullet (~> 7.0) bummr + bundler-audit database_cleaner factory_bot_rails (>= 5.2.0) fakefs @@ -391,14 +394,14 @@ DEPENDENCIES identity-hostdata! identity-logging! mini_cache - newrelic_rpm + newrelic_rpm (~> 8.0) overcommit pg pry-byebug pry-rails puma rack-mini-profiler (>= 1.0.2) - rails (~> 6.1.6) + rails (~> 7.0.7) rails-controller-testing (>= 1.0.4) rails-erd (>= 1.6.0) redacted_struct (~> 1.0) @@ -416,7 +419,7 @@ DEPENDENCIES zonebie RUBY VERSION - ruby 3.0.3p157 + ruby 3.2.2p53 BUNDLED WITH - 2.2.33 + 2.4.19 diff --git a/Makefile b/Makefile index afe92b5db..78007b684 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,16 @@ check: lint test lint: @echo "--- rubocop ---" bundle exec rubocop + @echo "--- brakeman ---" + bundle exec brakeman + @echo "--- bundler-audit ---" + bundle exec bundler-audit check --update + @echo "--- lint Gemfile.lock ---" + make lint_gemfile_lock + +lint_gemfile_lock: Gemfile Gemfile.lock ## Lints the Gemfile and its lockfile + @bundle check + @git diff-index --quiet HEAD Gemfile.lock || (echo "Error: There are uncommitted changes after running 'bundle install'"; exit 1) lintfix: @echo "--- rubocop fix ---" diff --git a/bin/rails b/bin/rails index 5badb2fde..073966023 100755 --- a/bin/rails +++ b/bin/rails @@ -1,9 +1,4 @@ #!/usr/bin/env ruby -begin - load File.expand_path('../spring', __FILE__) -rescue LoadError => e - raise unless e.message.include?('spring') -end APP_PATH = File.expand_path('../config/application', __dir__) require_relative '../config/boot' require 'rails/commands' diff --git a/bin/rake b/bin/rake index d87d5f578..17240489f 100755 --- a/bin/rake +++ b/bin/rake @@ -1,9 +1,4 @@ #!/usr/bin/env ruby -begin - load File.expand_path('../spring', __FILE__) -rescue LoadError => e - raise unless e.message.include?('spring') -end require_relative '../config/boot' require 'rake' Rake.application.run diff --git a/bin/setup b/bin/setup index b86c57d7a..c7a1b0441 100755 --- a/bin/setup +++ b/bin/setup @@ -5,7 +5,7 @@ require 'yaml' include FileUtils # path to your application root. -APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) +APP_ROOT = File.expand_path('..', __dir__) def run(command) abort "command failed (#{$?}): #{command}" unless system command diff --git a/config/environments/development.rb b/config/environments/development.rb index e72085711..827ef5f06 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,3 +1,5 @@ +require 'active_support/core_ext/integer/time' + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -14,9 +16,13 @@ # Show full error reports. config.consider_all_requests_local = true + # Enable server timing + config.server_timing = true + # Enable/disable caching. By default caching is disabled. if Rails.root.join('tmp', 'caching-dev.txt').exist? config.action_controller.perform_caching = true + config.action_controller.enable_fragment_cache_logging = true config.cache_store = :memory_store config.public_file_server.headers = { @@ -31,13 +37,28 @@ # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load + # Highlight code that triggered database queries in logs. + config.active_record.verbose_query_logs = true + # Raises error for missing translations # config.action_view.raise_on_missing_translations = true # Use an evented file watcher to asynchronously detect changes in source code, # routes, locales, etc. This feature depends on the listen gem. config.file_watcher = ActiveSupport::EventedFileUpdateChecker + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true + + # Uncomment if you wish to allow Action Cable access from any origin. + # config.action_cable.disable_request_forgery_protection = true end diff --git a/config/environments/test.rb b/config/environments/test.rb index 369a28193..4819cd667 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,26 +1,29 @@ +require 'active_support/core_ext/integer/time' + +# The test environment is used exclusively to run your application's +# test suite. You never need to work with it otherwise. Remember that +# your test database is "scratch space" for the test suite and is wiped +# and recreated between test runs. Don't rely on the data there! + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - - # The test environment is used exclusively to run your application's - # test suite. You never need to work with it otherwise. Remember that - # your test database is "scratch space" for the test suite and is wiped - # and recreated between test runs. Don't rely on the data there! config.cache_classes = true - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. + config.eager_load = ENV['CI'].present? # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{1.hour.seconds.to_i}", + 'Cache-Control' => "public, max-age=#{1.hour.to_i}", } # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false + config.cache_store = :null_store # Raise exceptions instead of rendering exception templates. config.action_dispatch.show_exceptions = false @@ -31,6 +34,12 @@ # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raises error for missing translations # config.action_view.raise_on_missing_translations = true end diff --git a/config/initializers/certificate_store.rb b/config/initializers/certificate_store.rb index 79d97a029..6c659a2e3 100644 --- a/config/initializers/certificate_store.rb +++ b/config/initializers/certificate_store.rb @@ -1,3 +1,5 @@ -unless File.basename($PROGRAM_NAME) == 'rake' && ARGV.any? { |arg| arg.start_with?('db:') } - CertificateStore.instance.load_certs! +Rails.application.config.after_initialize do + unless File.basename($PROGRAM_NAME) == 'rake' && ARGV.any? { |arg| arg.start_with?('db:') } + CertificateStore.instance.load_certs! + end end diff --git a/config/newrelic.yml b/config/newrelic.yml index 151b5ab1b..a3ff69dee 100644 --- a/config/newrelic.yml +++ b/config/newrelic.yml @@ -1,13 +1,22 @@ -production: - agent_enabled: true - app_name: pivcac.<%= Identity::Hostdata.env %>.<%= Identity::Hostdata.domain %> +common: &default_settings + code_level_metrics: + enabled: false # Application log forwarding should always be disabled application_logging: forwarding: enabled: false +development: + <<: *default_settings + monitor_mode: false +production: + <<: *default_settings + agent_enabled: true + app_name: pivcac.<%= Identity::Hostdata.env %>.<%= Identity::Hostdata.domain %> host: gov-collector.newrelic.com audit_log: enabled: false + browser_monitoring: + auto_instrument: false error_collector: capture_source: true enabled: true @@ -27,3 +36,6 @@ production: record_sql: obfuscated proxy_host: proxy_port: +test: + <<: *default_settings + monitor_mode: false diff --git a/db/schema.rb b/db/schema.rb index 2203b62a5..94863af40 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2018_05_23_205303) do +ActiveRecord::Schema[6.1].define(version: 2018_05_23_205303) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" diff --git a/k8.Dockerfile b/k8.Dockerfile index 813923d2f..e67539735 100644 --- a/k8.Dockerfile +++ b/k8.Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:3.0.5-slim +FROM ruby:3.2.2-slim-bullseye SHELL ["/bin/bash", "-c"] @@ -141,6 +141,7 @@ RUN mkdir -p ${RAILS_ROOT}/keys; chmod -R 0755 ${RAILS_ROOT}/keys; \ mkdir -p ${RAILS_ROOT}/tmp/sockets; chmod -R 0755 ${RAILS_ROOT}/tmp/sockets; \ mkdir -p ${RAILS_ROOT}/config/puma; chmod -R 0755 ${RAILS_ROOT}/config/puma; COPY --chown=app --chmod=755 ./k8files/application.yml.default.docker ./config/application.yml +COPY --chown=app --chmod=755 ./k8files/newrelic.yml ./config/newrelic.yml COPY --chown=app --chmod=755 ./k8files/puma_production ./config/puma/production.rb # Expose port the app runs on diff --git a/k8files/newrelic.yml b/k8files/newrelic.yml new file mode 100644 index 000000000..410afe936 --- /dev/null +++ b/k8files/newrelic.yml @@ -0,0 +1,17 @@ +common: &default_settings + code_level_metrics: + enabled: false + # Application log forwarding should always be disabled + application_logging: + forwarding: + enabled: false +production: + <<: *default_settings + agent_enabled: false + audit_log: + enabled: false + browser_monitoring: + auto_instrument: false + log_level: info + monitor_mode: false + log_file_path: 'STDOUT' diff --git a/k8files/nginx.conf b/k8files/nginx.conf index 0e65c9af8..07566e781 100644 --- a/k8files/nginx.conf +++ b/k8files/nginx.conf @@ -91,11 +91,14 @@ http { '"tls_protocol": "$ssl_protocol", ' '"tls_cipher": "$ssl_cipher", ' '"uri_path": "$uri", ' - '"uri_query": "$query_string"' + '"uri_query": "$query_string",' + '"log_filename": "nginx_access.log"' '}'; access_log /var/log/nginx/access.log kv; + access_log /dev/stdout kv; error_log /var/log/nginx/error.log info; + error_log /dev/stdout info; # Get $status_reason variable, a human readable version of $status include status-map.conf; diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 6254c5cd7..8612ff2fd 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -34,6 +34,6 @@ end require 'webmock/rspec' -WebMock.disable_net_connect!(allow: [/localhost/, /127\.0\.0\.1/, /codeclimate.com/]) +WebMock.disable_net_connect!(allow: [/localhost/, /127\.0\.0\.1/]) require 'zonebie/rspec'