From 109ab9c245670e910104f9bd0dff1ed8e7fedfd1 Mon Sep 17 00:00:00 2001 From: Mitchell Henke Date: Thu, 31 Aug 2023 12:51:19 -0500 Subject: [PATCH 1/7] make ecr scan status check more robust (#398) --- .gitlab-ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ac60fc9b6..4cfde9b50 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -339,9 +339,10 @@ ecr-scan: - > while true; do SCAN_STATUS=$(aws ecr describe-image-scan-findings --repository-name identity-pivcac/review --image-id imageTag=$CI_COMMIT_SHA --query 'imageScanStatus.status' --output text || true) - if [ "$SCAN_STATUS" == "ACTIVE" ]; then + if echo "$SCAN_STATUS" | grep -q "ACTIVE"; then + echo "Scan Complete" break - elif [ "$SCAN_STATUS" == "FAILED" ]; then + elif echo "$SCAN_STATUS" | grep -q "FAILED"; then echo "ECR scan failed" exit 1 else From f9e2e2dc46ebaeb9b7ba068f26faeed630a139ec Mon Sep 17 00:00:00 2001 From: Mitchell Henke Date: Thu, 31 Aug 2023 13:24:51 -0500 Subject: [PATCH 2/7] Remove CircleCI and CodeClimate in favor of GitLab CI (#395) * Remove CircleCI * remove code climate * add bundler audit * add other checks to lint * move brakeman to test and development * update brakeman --- .circleci/config.yml | 188 ------------------------------------------- .codeclimate.yml | 11 --- Gemfile | 3 +- Gemfile.lock | 6 +- Makefile | 10 +++ spec/spec_helper.rb | 2 +- 6 files changed, 18 insertions(+), 202 deletions(-) delete mode 100644 .circleci/config.yml delete mode 100644 .codeclimate.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 0f8efb6bd..000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,188 +0,0 @@ -# Ruby CircleCI 2.0 configuration file -# -# Check https://circleci.com/docs/2.0/language-ruby/ for more details -# -version: 2.1 - -orbs: - slack: circleci/slack@3.4.2 - -jobs: - build: - docker: - # Specify the Ruby version you desire here - - image: cimg/ruby:3.0.3 - environment: - RAILS_ENV: test - CC_TEST_REPORTER_ID: c88a6f4af1fbf80e0fc9a5593ebff124b2f940645b1eacb5adb681522bbf650e - COVERAGE: true - # PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - - # Specify service dependencies here if necessary - # CircleCI maintains a library of pre-built images - # documented at https://circleci.com/docs/2.0/circleci-images/ - - image: cimg/postgres:13.4 - environment: - POSTGRES_USER: circleci - - - image: redis:4.0.1 - - working_directory: ~/identity-pki - - steps: - - checkout - - install-deps - - - run: - name: Install Code Climate Test Reporter - command: | - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter - chmod +x ./cc-test-reporter - - run: - name: Wait for DB - command: dockerize -wait tcp://localhost:5432 -timeout 1m - - - run: - name: Test Setup - command: | - cp config/application.yml.default config/application.yml - bundle exec rake db:setup --trace - - - run: - name: Run Tests - command: | - mkdir /tmp/test-results - ./cc-test-reporter before-build - bundle exec rake spec - - - run: - name: Run Lints - command: make lint - - - run: - name: Code Climate Test Coverage - command: | - ./cc-test-reporter format-coverage -t simplecov -o "coverage/codeclimate.$CIRCLE_NODE_INDEX.json" - - # collect reports - - store_test_results: - path: /tmp/test-results - - store_artifacts: - path: /tmp/test-results - destination: test-results - - deploy: - command: | - ./cc-test-reporter sum-coverage --output - --parts $CIRCLE_NODE_TOTAL coverage/codeclimate.*.json | ./cc-test-reporter upload-coverage --debug --input - - check_certificate_bundle: - docker: - # Specify the Ruby version you desire here - - image: cimg/ruby:3.0.3 - environment: - RAILS_ENV: test - - image: cimg/postgres:13.4 - environment: - POSTGRES_USER: circleci - - steps: - - checkout - - install-deps - - run: - name: Test Setup - command: | - cp config/application.yml.default config/application.yml - bundle exec rake db:setup --trace - - run: - name: Check certificate bundle - command: | - bundle exec rake certs:check_certificate_bundle - build-release-container: - working_directory: ~/identity-pki - docker: - - image: cimg/ruby:3.0.3 - steps: - - checkout - - setup_remote_docker - - run: | - if [ -z "$CIRCLE_TAG" ]; then exit 0; fi # this shouldn't be necessary... - docker build -t logindotgov/pki:$CIRCLE_TAG -f Dockerfile . - echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin - docker push logindotgov/pki:$CIRCLE_TAG - - check-expiring-certs-config: - docker: - # Specify the Ruby version you desire here - - image: cimg/ruby:3.0.3-browsers - environment: - RAILS_ENV: test - CC_TEST_REPORTER_ID: c88a6f4af1fbf80e0fc9a5593ebff124b2f940645b1eacb5adb681522bbf650e - COVERAGE: true - # PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - - # Specify service dependencies here if necessary - # CircleCI maintains a library of pre-built images - # documented at https://circleci.com/docs/2.0/circleci-images/ - - image: cimg/postgres:13.4 - environment: - POSTGRES_USER: circleci - - - image: redis:4.0.1 - - working_directory: ~/identity-pki - - steps: - - checkout - - install-deps - - run: - name: Test Setup - command: | - cp config/application.yml.default config/application.yml - bundle exec rake db:setup --trace - - run: - name: Check for expiring certs - command: | - bundle exec rake certs:print_expiring - - - slack/status: - fail_only: true - failure_message: ":piv-card::red_circle::scream: identity-pki has certs expiring within 30 days" - include_project_field: false - -commands: - install-deps: - steps: - - restore_cache: - keys: - - v2-identity-pki-bundle-{{ checksum "Gemfile.lock" }} - - run: - name: Install dependencies - command: | - gem install bundler - bundle check || bundle install --deployment --jobs=4 --retry=3 --without deploy development doc production --path vendor/bundle - - save_cache: - key: v2-identity-pki-bundle-{{ checksum "Gemfile.lock" }} - paths: - - vendor/bundle - -workflows: - version: 2 - release: - jobs: - - build - - check_certificate_bundle - - build-release-container: - requires: - - build - filters: - tags: - only: "/^[0-9]{4}-[0-9]{2}-[0-9]{2,}.*/" - daily-30d-expiring-cert: - jobs: - - check-expiring-certs-config - triggers: - - schedule: - # Once a day at 12pm - cron: "0 12 * * *" - filters: - branches: - only: - - master diff --git a/.codeclimate.yml b/.codeclimate.yml deleted file mode 100644 index a8869406f..000000000 --- a/.codeclimate.yml +++ /dev/null @@ -1,11 +0,0 @@ -plugins: - brakeman: - enabled: true - reek: - enabled: false - rubocop: - enabled: false - -checks: - method-complexity: - enabled: false diff --git a/Gemfile b/Gemfile index 95283e3cc..1097bcd51 100644 --- a/Gemfile +++ b/Gemfile @@ -20,6 +20,7 @@ gem 'rgl' group :development, :test do gem 'bullet', '>= 6.0.2' + gem 'brakeman', require: false gem 'pry-byebug' gem 'rspec-rails', '>= 3.8.3' gem 'rubocop', require: false @@ -29,7 +30,6 @@ end group :development do gem 'better_errors', '>= 2.5.1' - gem 'brakeman', require: false gem 'bummr', require: false gem 'guard-rspec', require: false gem 'overcommit', require: false @@ -39,6 +39,7 @@ end group :test do gem 'axe-matchers', '~> 1.3.4' + gem 'bundler-audit', require: false gem 'database_cleaner' gem 'factory_bot_rails', '>= 5.2.0' gem 'fakefs', require: 'fakefs/safe' diff --git a/Gemfile.lock b/Gemfile.lock index 6c77f7faa..ad0bd45ef 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -112,7 +112,7 @@ GEM rack (>= 0.9.0) bloomfilter-rb (2.1.1) redis - brakeman (4.10.0) + brakeman (6.0.1) builder (3.2.4) bullet (6.1.4) activesupport (>= 3.0.0) @@ -120,6 +120,9 @@ GEM bummr (0.5.0) rainbow thor + bundler-audit (0.9.1) + bundler (>= 1.2.0, < 3) + thor (~> 1.0) byebug (11.1.3) childprocess (4.0.0) choice (0.2.0) @@ -384,6 +387,7 @@ DEPENDENCIES brakeman bullet (>= 6.0.2) bummr + bundler-audit database_cleaner factory_bot_rails (>= 5.2.0) fakefs diff --git a/Makefile b/Makefile index afe92b5db..78007b684 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,16 @@ check: lint test lint: @echo "--- rubocop ---" bundle exec rubocop + @echo "--- brakeman ---" + bundle exec brakeman + @echo "--- bundler-audit ---" + bundle exec bundler-audit check --update + @echo "--- lint Gemfile.lock ---" + make lint_gemfile_lock + +lint_gemfile_lock: Gemfile Gemfile.lock ## Lints the Gemfile and its lockfile + @bundle check + @git diff-index --quiet HEAD Gemfile.lock || (echo "Error: There are uncommitted changes after running 'bundle install'"; exit 1) lintfix: @echo "--- rubocop fix ---" diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 6254c5cd7..8612ff2fd 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -34,6 +34,6 @@ end require 'webmock/rspec' -WebMock.disable_net_connect!(allow: [/localhost/, /127\.0\.0\.1/, /codeclimate.com/]) +WebMock.disable_net_connect!(allow: [/localhost/, /127\.0\.0\.1/]) require 'zonebie/rspec' From 2dd038c627c6192490c5339ba79783c307c412b5 Mon Sep 17 00:00:00 2001 From: Mitchell Henke Date: Thu, 31 Aug 2023 13:34:03 -0500 Subject: [PATCH 3/7] Upgrade to Rails 7 (#399) * try rails 7 * update newrelic * move certificate store loading into after_initialize * update import gem --- .gitlab-ci.yml | 1 + Gemfile | 6 +- Gemfile.lock | 147 +++++++++++------------ bin/rails | 5 - bin/rake | 5 - bin/setup | 2 +- config/environments/development.rb | 21 ++++ config/environments/test.rb | 29 +++-- config/initializers/certificate_store.rb | 6 +- config/newrelic.yml | 18 ++- db/schema.rb | 2 +- 11 files changed, 138 insertions(+), 104 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4cfde9b50..b2b357e1f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,6 +7,7 @@ variables: ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com' IDP_WORKER_IMAGE_TAG: 'main' PIVCAC_CI_SHA: 'sha256:87767eb8daa6703c247d5a4baa5e19eddc58bc051f01070903f24d9f8a6c9267' + CI: 'true' default: image: '${ECR_REGISTRY}/pivcac/ci@${PIVCAC_CI_SHA}' diff --git a/Gemfile b/Gemfile index 1097bcd51..96c5d834e 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" } ruby '~> 3.0' -gem 'rails', '~> 6.1.6' +gem 'rails', '~> 7.0.7' gem 'activerecord-import', '>= 1.0.2' gem 'aws-sdk-s3' @@ -11,7 +11,7 @@ gem 'bloomfilter-rb' gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v3.4.1' gem 'identity-logging', github: '18F/identity-logging', tag: 'v0.1.0' gem 'mini_cache' -gem 'newrelic_rpm' +gem 'newrelic_rpm', '~> 8.0' gem 'pg' gem 'pry-rails' gem 'puma' @@ -19,7 +19,7 @@ gem 'redacted_struct', '~> 1.0' gem 'rgl' group :development, :test do - gem 'bullet', '>= 6.0.2' + gem 'bullet', '~> 7.0' gem 'brakeman', require: false gem 'pry-byebug' gem 'rspec-rails', '>= 3.8.3' diff --git a/Gemfile.lock b/Gemfile.lock index ad0bd45ef..d97fbd10f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -19,67 +19,73 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.6) - actionpack (= 6.1.7.6) - activesupport (= 6.1.7.6) + actioncable (7.0.7.2) + actionpack (= 7.0.7.2) + activesupport (= 7.0.7.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.6) - actionpack (= 6.1.7.6) - activejob (= 6.1.7.6) - activerecord (= 6.1.7.6) - activestorage (= 6.1.7.6) - activesupport (= 6.1.7.6) + actionmailbox (7.0.7.2) + actionpack (= 7.0.7.2) + activejob (= 7.0.7.2) + activerecord (= 7.0.7.2) + activestorage (= 7.0.7.2) + activesupport (= 7.0.7.2) mail (>= 2.7.1) - actionmailer (6.1.7.6) - actionpack (= 6.1.7.6) - actionview (= 6.1.7.6) - activejob (= 6.1.7.6) - activesupport (= 6.1.7.6) + net-imap + net-pop + net-smtp + actionmailer (7.0.7.2) + actionpack (= 7.0.7.2) + actionview (= 7.0.7.2) + activejob (= 7.0.7.2) + activesupport (= 7.0.7.2) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (6.1.7.6) - actionview (= 6.1.7.6) - activesupport (= 6.1.7.6) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.7.2) + actionview (= 7.0.7.2) + activesupport (= 7.0.7.2) + rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.6) - actionpack (= 6.1.7.6) - activerecord (= 6.1.7.6) - activestorage (= 6.1.7.6) - activesupport (= 6.1.7.6) + actiontext (7.0.7.2) + actionpack (= 7.0.7.2) + activerecord (= 7.0.7.2) + activestorage (= 7.0.7.2) + activesupport (= 7.0.7.2) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7.6) - activesupport (= 6.1.7.6) + actionview (7.0.7.2) + activesupport (= 7.0.7.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.6) - activesupport (= 6.1.7.6) + activejob (7.0.7.2) + activesupport (= 7.0.7.2) globalid (>= 0.3.6) - activemodel (6.1.7.6) - activesupport (= 6.1.7.6) - activerecord (6.1.7.6) - activemodel (= 6.1.7.6) - activesupport (= 6.1.7.6) - activerecord-import (1.0.8) - activerecord (>= 3.2) - activestorage (6.1.7.6) - actionpack (= 6.1.7.6) - activejob (= 6.1.7.6) - activerecord (= 6.1.7.6) - activesupport (= 6.1.7.6) + activemodel (7.0.7.2) + activesupport (= 7.0.7.2) + activerecord (7.0.7.2) + activemodel (= 7.0.7.2) + activesupport (= 7.0.7.2) + activerecord-import (1.5.0) + activerecord (>= 4.2) + activestorage (7.0.7.2) + actionpack (= 7.0.7.2) + activejob (= 7.0.7.2) + activerecord (= 7.0.7.2) + activesupport (= 7.0.7.2) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.6) + activesupport (7.0.7.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) ast (2.4.2) @@ -114,7 +120,7 @@ GEM redis brakeman (6.0.1) builder (3.2.4) - bullet (6.1.4) + bullet (7.0.7) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) bummr (0.5.0) @@ -148,7 +154,7 @@ GEM factory_bot (~> 6.1.0) railties (>= 5.0.0) fakefs (1.2.2) - ffi (1.13.1) + ffi (1.15.5) formatador (0.2.5) globalid (1.1.0) activesupport (>= 5.0) @@ -174,7 +180,7 @@ GEM jmespath (1.6.1) json (2.6.3) lazy_priority_queue (0.1.1) - listen (3.3.1) + listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) lograge (0.11.2) @@ -207,7 +213,7 @@ GEM timeout net-smtp (0.3.3) net-protocol - newrelic_rpm (6.13.1) + newrelic_rpm (8.16.0) nio4r (2.5.9) nokogiri (1.15.4) mini_portile2 (~> 2.8.2) @@ -239,21 +245,20 @@ GEM rack (>= 1.2.0) rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.6) - actioncable (= 6.1.7.6) - actionmailbox (= 6.1.7.6) - actionmailer (= 6.1.7.6) - actionpack (= 6.1.7.6) - actiontext (= 6.1.7.6) - actionview (= 6.1.7.6) - activejob (= 6.1.7.6) - activemodel (= 6.1.7.6) - activerecord (= 6.1.7.6) - activestorage (= 6.1.7.6) - activesupport (= 6.1.7.6) + rails (7.0.7.2) + actioncable (= 7.0.7.2) + actionmailbox (= 7.0.7.2) + actionmailer (= 7.0.7.2) + actionpack (= 7.0.7.2) + actiontext (= 7.0.7.2) + actionview (= 7.0.7.2) + activejob (= 7.0.7.2) + activemodel (= 7.0.7.2) + activerecord (= 7.0.7.2) + activestorage (= 7.0.7.2) + activesupport (= 7.0.7.2) bundler (>= 1.15.0) - railties (= 6.1.7.6) - sprockets-rails (>= 2.0.0) + railties (= 7.0.7.2) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -270,15 +275,16 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (6.1.7.6) - actionpack (= 6.1.7.6) - activesupport (= 6.1.7.6) + railties (7.0.7.2) + actionpack (= 7.0.7.2) + activesupport (= 7.0.7.2) method_source rake (>= 12.2) thor (~> 1.0) + zeitwerk (~> 2.5) rainbow (3.1.1) rake (13.0.6) - rb-fsevent (0.10.4) + rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) redacted_struct (1.1.0) @@ -344,13 +350,6 @@ GEM simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) - sprockets (4.2.0) - concurrent-ruby (~> 1.0) - rack (>= 2.2.4, < 4) - sprockets-rails (3.4.2) - actionpack (>= 5.2) - activesupport (>= 5.2) - sprockets (>= 3.0.0) stream (0.5.2) thor (1.2.2) thread_safe (0.3.6) @@ -359,7 +358,7 @@ GEM tzinfo (2.0.6) concurrent-ruby (~> 1.0) unicode-display_width (2.4.2) - uniform_notifier (1.14.0) + uniform_notifier (1.16.0) virtus (1.0.5) axiom-types (~> 0.1) coercible (~> 1.0) @@ -385,7 +384,7 @@ DEPENDENCIES better_errors (>= 2.5.1) bloomfilter-rb brakeman - bullet (>= 6.0.2) + bullet (~> 7.0) bummr bundler-audit database_cleaner @@ -395,14 +394,14 @@ DEPENDENCIES identity-hostdata! identity-logging! mini_cache - newrelic_rpm + newrelic_rpm (~> 8.0) overcommit pg pry-byebug pry-rails puma rack-mini-profiler (>= 1.0.2) - rails (~> 6.1.6) + rails (~> 7.0.7) rails-controller-testing (>= 1.0.4) rails-erd (>= 1.6.0) redacted_struct (~> 1.0) diff --git a/bin/rails b/bin/rails index 5badb2fde..073966023 100755 --- a/bin/rails +++ b/bin/rails @@ -1,9 +1,4 @@ #!/usr/bin/env ruby -begin - load File.expand_path('../spring', __FILE__) -rescue LoadError => e - raise unless e.message.include?('spring') -end APP_PATH = File.expand_path('../config/application', __dir__) require_relative '../config/boot' require 'rails/commands' diff --git a/bin/rake b/bin/rake index d87d5f578..17240489f 100755 --- a/bin/rake +++ b/bin/rake @@ -1,9 +1,4 @@ #!/usr/bin/env ruby -begin - load File.expand_path('../spring', __FILE__) -rescue LoadError => e - raise unless e.message.include?('spring') -end require_relative '../config/boot' require 'rake' Rake.application.run diff --git a/bin/setup b/bin/setup index b86c57d7a..c7a1b0441 100755 --- a/bin/setup +++ b/bin/setup @@ -5,7 +5,7 @@ require 'yaml' include FileUtils # path to your application root. -APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) +APP_ROOT = File.expand_path('..', __dir__) def run(command) abort "command failed (#{$?}): #{command}" unless system command diff --git a/config/environments/development.rb b/config/environments/development.rb index e72085711..827ef5f06 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,3 +1,5 @@ +require 'active_support/core_ext/integer/time' + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -14,9 +16,13 @@ # Show full error reports. config.consider_all_requests_local = true + # Enable server timing + config.server_timing = true + # Enable/disable caching. By default caching is disabled. if Rails.root.join('tmp', 'caching-dev.txt').exist? config.action_controller.perform_caching = true + config.action_controller.enable_fragment_cache_logging = true config.cache_store = :memory_store config.public_file_server.headers = { @@ -31,13 +37,28 @@ # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load + # Highlight code that triggered database queries in logs. + config.active_record.verbose_query_logs = true + # Raises error for missing translations # config.action_view.raise_on_missing_translations = true # Use an evented file watcher to asynchronously detect changes in source code, # routes, locales, etc. This feature depends on the listen gem. config.file_watcher = ActiveSupport::EventedFileUpdateChecker + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true + + # Uncomment if you wish to allow Action Cable access from any origin. + # config.action_cable.disable_request_forgery_protection = true end diff --git a/config/environments/test.rb b/config/environments/test.rb index 369a28193..4819cd667 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,26 +1,29 @@ +require 'active_support/core_ext/integer/time' + +# The test environment is used exclusively to run your application's +# test suite. You never need to work with it otherwise. Remember that +# your test database is "scratch space" for the test suite and is wiped +# and recreated between test runs. Don't rely on the data there! + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - - # The test environment is used exclusively to run your application's - # test suite. You never need to work with it otherwise. Remember that - # your test database is "scratch space" for the test suite and is wiped - # and recreated between test runs. Don't rely on the data there! config.cache_classes = true - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. + config.eager_load = ENV['CI'].present? # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{1.hour.seconds.to_i}", + 'Cache-Control' => "public, max-age=#{1.hour.to_i}", } # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false + config.cache_store = :null_store # Raise exceptions instead of rendering exception templates. config.action_dispatch.show_exceptions = false @@ -31,6 +34,12 @@ # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raises error for missing translations # config.action_view.raise_on_missing_translations = true end diff --git a/config/initializers/certificate_store.rb b/config/initializers/certificate_store.rb index 79d97a029..6c659a2e3 100644 --- a/config/initializers/certificate_store.rb +++ b/config/initializers/certificate_store.rb @@ -1,3 +1,5 @@ -unless File.basename($PROGRAM_NAME) == 'rake' && ARGV.any? { |arg| arg.start_with?('db:') } - CertificateStore.instance.load_certs! +Rails.application.config.after_initialize do + unless File.basename($PROGRAM_NAME) == 'rake' && ARGV.any? { |arg| arg.start_with?('db:') } + CertificateStore.instance.load_certs! + end end diff --git a/config/newrelic.yml b/config/newrelic.yml index 151b5ab1b..a3ff69dee 100644 --- a/config/newrelic.yml +++ b/config/newrelic.yml @@ -1,13 +1,22 @@ -production: - agent_enabled: true - app_name: pivcac.<%= Identity::Hostdata.env %>.<%= Identity::Hostdata.domain %> +common: &default_settings + code_level_metrics: + enabled: false # Application log forwarding should always be disabled application_logging: forwarding: enabled: false +development: + <<: *default_settings + monitor_mode: false +production: + <<: *default_settings + agent_enabled: true + app_name: pivcac.<%= Identity::Hostdata.env %>.<%= Identity::Hostdata.domain %> host: gov-collector.newrelic.com audit_log: enabled: false + browser_monitoring: + auto_instrument: false error_collector: capture_source: true enabled: true @@ -27,3 +36,6 @@ production: record_sql: obfuscated proxy_host: proxy_port: +test: + <<: *default_settings + monitor_mode: false diff --git a/db/schema.rb b/db/schema.rb index 2203b62a5..94863af40 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2018_05_23_205303) do +ActiveRecord::Schema[6.1].define(version: 2018_05_23_205303) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" From 66a51019b50efaca7b5ce5b6f32b49dd5d83fd82 Mon Sep 17 00:00:00 2001 From: Mitchell Henke Date: Thu, 31 Aug 2023 15:26:39 -0500 Subject: [PATCH 4/7] Update to Ruby 3.2 (#393) * Update to Ruby 3.2 * update bundler * update CI sha * update request_store * bullseye * update sha --- .gitlab-ci.yml | 2 +- .ruby-version | 2 +- Gemfile | 4 ++-- Gemfile.lock | 44 ++++++++++++++++++++++---------------------- k8.Dockerfile | 2 +- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b2b357e1f..c64abec3d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,7 +6,7 @@ variables: ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com' IDP_WORKER_IMAGE_TAG: 'main' - PIVCAC_CI_SHA: 'sha256:87767eb8daa6703c247d5a4baa5e19eddc58bc051f01070903f24d9f8a6c9267' + PIVCAC_CI_SHA: 'sha256:831676006259d22aee1e7fc36331bb90ba8bbca90aee8efdb8bfb0299b4f9635' CI: 'true' default: diff --git a/.ruby-version b/.ruby-version index 9f55b2ccb..a3ec5a4bd 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.0 +3.2 diff --git a/Gemfile b/Gemfile index 96c5d834e..8c040e848 100644 --- a/Gemfile +++ b/Gemfile @@ -1,14 +1,14 @@ source 'https://rubygems.org' git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" } -ruby '~> 3.0' +ruby '~> 3.2' gem 'rails', '~> 7.0.7' gem 'activerecord-import', '>= 1.0.2' gem 'aws-sdk-s3' gem 'bloomfilter-rb' -gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v3.4.1' +gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v3.4.2' gem 'identity-logging', github: '18F/identity-logging', tag: 'v0.1.0' gem 'mini_cache' gem 'newrelic_rpm', '~> 8.0' diff --git a/Gemfile.lock b/Gemfile.lock index d97fbd10f..e3a9d952c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/18F/identity-hostdata.git - revision: 25a7e98919b1eb0d61dbcce314807a412aff62ad - tag: v3.4.1 + revision: 9e2e0441cd93307cbfc5d5b8d4b3b7b4219394fb + tag: v3.4.2 specs: - identity-hostdata (3.4.1) + identity-hostdata (3.4.2) activesupport (>= 6.1, < 8) aws-sdk-s3 (~> 1.8) @@ -153,7 +153,7 @@ GEM factory_bot_rails (6.1.0) factory_bot (~> 6.1.0) railties (>= 5.0.0) - fakefs (1.2.2) + fakefs (2.5.0) ffi (1.15.5) formatador (0.2.5) globalid (1.1.0) @@ -227,13 +227,13 @@ GEM parallel (1.22.1) parser (3.2.2.0) ast (~> 2.4.1) - pg (1.2.3) - pry (0.13.1) + pg (1.5.3) + pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) - pry-byebug (3.9.0) + pry-byebug (3.10.1) byebug (~> 11.0) - pry (~> 0.13.0) + pry (>= 0.13, < 0.15) pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (4.0.6) @@ -290,24 +290,24 @@ GEM redacted_struct (1.1.0) redis (4.2.4) regexp_parser (2.7.0) - request_store (1.5.0) + request_store (1.5.1) rack (>= 1.4) rexml (3.2.5) rgl (0.5.6) lazy_priority_queue (~> 0.1.0) stream (~> 0.5.2) - rspec (3.10.0) - rspec-core (~> 3.10.0) - rspec-expectations (~> 3.10.0) - rspec-mocks (~> 3.10.0) - rspec-core (3.10.1) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.1) + rspec (3.12.0) + rspec-core (~> 3.12.0) + rspec-expectations (~> 3.12.0) + rspec-mocks (~> 3.12.0) + rspec-core (3.12.2) + rspec-support (~> 3.12.0) + rspec-expectations (3.12.3) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.2) + rspec-support (~> 3.12.0) + rspec-mocks (3.12.6) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) + rspec-support (~> 3.12.0) rspec-rails (4.0.1) actionpack (>= 4.2) activesupport (>= 4.2) @@ -316,7 +316,7 @@ GEM rspec-expectations (~> 3.9) rspec-mocks (~> 3.9) rspec-support (~> 3.9) - rspec-support (3.10.3) + rspec-support (3.12.1) rspec_junit_formatter (0.6.0) rspec-core (>= 2, < 4, != 2.12.0) rubocop (1.50.1) @@ -419,7 +419,7 @@ DEPENDENCIES zonebie RUBY VERSION - ruby 3.0.3p157 + ruby 3.2.2p53 BUNDLED WITH - 2.2.33 + 2.4.19 diff --git a/k8.Dockerfile b/k8.Dockerfile index 813923d2f..39fd1730c 100644 --- a/k8.Dockerfile +++ b/k8.Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:3.0.5-slim +FROM ruby:3.2.2-slim-bullseye SHELL ["/bin/bash", "-c"] From 8712c49956fef9ba801a998d66f4eb7c15c6e695 Mon Sep 17 00:00:00 2001 From: Sudheer Dandamudi <134308185+dskgsa@users.noreply.github.com> Date: Tue, 5 Sep 2023 14:02:46 -0400 Subject: [PATCH 5/7] update nginx conf file to redirect access and error logs to stdout (#403) * update nginx conf file to redirect access and error logs to stdout * try different sha --------- Co-authored-by: Mitchell Henke --- .gitlab-ci.yml | 2 +- k8files/nginx.conf | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c64abec3d..f04f0dc8b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,7 +6,7 @@ variables: ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com' IDP_WORKER_IMAGE_TAG: 'main' - PIVCAC_CI_SHA: 'sha256:831676006259d22aee1e7fc36331bb90ba8bbca90aee8efdb8bfb0299b4f9635' + PIVCAC_CI_SHA: 'sha256:1b280037c653d00685e10890afe01f83c943ed409a810c398ee9dcb90cdfbd11' CI: 'true' default: diff --git a/k8files/nginx.conf b/k8files/nginx.conf index 0e65c9af8..07566e781 100644 --- a/k8files/nginx.conf +++ b/k8files/nginx.conf @@ -91,11 +91,14 @@ http { '"tls_protocol": "$ssl_protocol", ' '"tls_cipher": "$ssl_cipher", ' '"uri_path": "$uri", ' - '"uri_query": "$query_string"' + '"uri_query": "$query_string",' + '"log_filename": "nginx_access.log"' '}'; access_log /var/log/nginx/access.log kv; + access_log /dev/stdout kv; error_log /var/log/nginx/error.log info; + error_log /dev/stdout info; # Get $status_reason variable, a human readable version of $status include status-map.conf; From 6b6122127d5ccca646aef0775ea6aa4cb8ad7650 Mon Sep 17 00:00:00 2001 From: Mitchell Henke Date: Tue, 5 Sep 2023 13:13:37 -0500 Subject: [PATCH 6/7] disable new relic in review apps (#404) --- k8.Dockerfile | 1 + k8files/newrelic.yml | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 k8files/newrelic.yml diff --git a/k8.Dockerfile b/k8.Dockerfile index 39fd1730c..e67539735 100644 --- a/k8.Dockerfile +++ b/k8.Dockerfile @@ -141,6 +141,7 @@ RUN mkdir -p ${RAILS_ROOT}/keys; chmod -R 0755 ${RAILS_ROOT}/keys; \ mkdir -p ${RAILS_ROOT}/tmp/sockets; chmod -R 0755 ${RAILS_ROOT}/tmp/sockets; \ mkdir -p ${RAILS_ROOT}/config/puma; chmod -R 0755 ${RAILS_ROOT}/config/puma; COPY --chown=app --chmod=755 ./k8files/application.yml.default.docker ./config/application.yml +COPY --chown=app --chmod=755 ./k8files/newrelic.yml ./config/newrelic.yml COPY --chown=app --chmod=755 ./k8files/puma_production ./config/puma/production.rb # Expose port the app runs on diff --git a/k8files/newrelic.yml b/k8files/newrelic.yml new file mode 100644 index 000000000..410afe936 --- /dev/null +++ b/k8files/newrelic.yml @@ -0,0 +1,17 @@ +common: &default_settings + code_level_metrics: + enabled: false + # Application log forwarding should always be disabled + application_logging: + forwarding: + enabled: false +production: + <<: *default_settings + agent_enabled: false + audit_log: + enabled: false + browser_monitoring: + auto_instrument: false + log_level: info + monitor_mode: false + log_file_path: 'STDOUT' From 68a02aa8b84e19ae53a5122c7810a506a12504c7 Mon Sep 17 00:00:00 2001 From: Mitchell Henke Date: Thu, 14 Sep 2023 09:45:56 -0500 Subject: [PATCH 7/7] Update CI Image (#406) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f04f0dc8b..6b49bdedd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,7 +6,7 @@ variables: ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com' IDP_WORKER_IMAGE_TAG: 'main' - PIVCAC_CI_SHA: 'sha256:1b280037c653d00685e10890afe01f83c943ed409a810c398ee9dcb90cdfbd11' + PIVCAC_CI_SHA: 'sha256:41c2b811ee61aa06c662e2d631812cda04d06a0dd15e177ec04997dcaeb1cc9c' CI: 'true' default: