Skip to content

Commit

Permalink
Merge pull request #190 from ifad/security/improve-workflows-security
Browse files Browse the repository at this point in the history 
Security/improve workflows security
  • Loading branch information
@tagliala
tagliala authored Jan 6, 2023
2 parents 1b42ef1 + bfd9132 commit e9444bd
Show file tree
Hide file tree
Showing 3 changed files with 93 additions and 44 deletions.
78 changes: 78 additions & 0 deletions .github/workflows/legacy_ruby.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
name: Legacy Ruby specs

on:
push:
branches: [ master ]
pull_request:
branches: [ master ]

permissions:
contents: read

jobs:
test:
name: Legacy Ruby specs
runs-on: ubuntu-20.04

services:
db:
image: postgres:12
ports: ['5432:5432']
env:
POSTGRES_HOST_AUTH_METHOD: trust

options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
strategy:
matrix:
ruby-version: ['2.2', '2.3', '2.4', '2.5']
gemfile: [rails_5.0, rails_5.1, rails_5.2, rails_6.0]

exclude:
- ruby-version: '2.2'
gemfile: rails_6.0
- ruby-version: '2.2'
gemfile: rails_6.1
- ruby-version: '2.2'
gemfile: rails_7.0
- ruby-version: '2.3'
gemfile: rails_6.0
- ruby-version: '2.3'
gemfile: rails_6.1
- ruby-version: '2.3'
gemfile: rails_7.0
- ruby-version: '2.4'
gemfile: rails_6.0
- ruby-version: '2.4'
gemfile: rails_6.1
- ruby-version: '2.4'
gemfile: rails_7.0
- ruby-version: '2.5'
gemfile: rails_7.0

env:
BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
TEST_CONFIG: ./spec/config.github.yml

steps:
- uses: actions/checkout@v3
- name: Set up Database
run: |
psql -c "CREATE ROLE runner SUPERUSER LOGIN CREATEDB;" -U postgres -h localhost
psql -c "CREATE DATABASE chronomodel;" -U postgres -h localhost
psql -c "CREATE DATABASE chronomodel_railsapp;" -U postgres -h localhost
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby-version }}
bundler-cache: true
- name: Run specs and publish code coverage
uses: paambaati/[email protected]
env:
CC_TEST_REPORTER_ID: dedfb7472ee410eec459bff3681d9a8fd8dd237e9bd7e8675a7c8eb7e253bba9
with:
coverageCommand: bundle exec rake
57 changes: 13 additions & 44 deletions .github/workflows/ruby.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ on:
pull_request:
branches: [ master ]

permissions:
contents: read

jobs:
test:
name: Ruby specs
Expand All @@ -26,8 +29,8 @@ jobs:
strategy:
matrix:
ruby-version: ['2.2', '2.3', '2.4', '2.5', '2.6', '2.7', '3.0', '3.1']
gemfile: [ rails_5.0, rails_5.1, rails_5.2, rails_6.0, rails_6.1, rails_7.0 ]
ruby-version: ['2.6', '2.7', '3.0', '3.1', '3.2']
gemfile: [rails_6.0, rails_6.1, rails_7.0]
experimental: [false]

include:
Expand All @@ -40,6 +43,9 @@ jobs:
- ruby-version: '3.1'
gemfile: rails_edge
experimental: true
- ruby-version: '3.2'
gemfile: rails_edge
experimental: true
- ruby-version: 'head'
gemfile: rails_7.0
experimental: true
Expand All @@ -48,54 +54,16 @@ jobs:
experimental: true

exclude:
- ruby-version: '2.2'
gemfile: rails_6.0
- ruby-version: '2.2'
gemfile: rails_6.1
- ruby-version: '2.2'
gemfile: rails_7.0
- ruby-version: '2.3'
gemfile: rails_6.0
- ruby-version: '2.3'
gemfile: rails_6.1
- ruby-version: '2.3'
gemfile: rails_7.0
- ruby-version: '2.4'
gemfile: rails_6.0
- ruby-version: '2.4'
gemfile: rails_6.1
- ruby-version: '2.4'
gemfile: rails_7.0
- ruby-version: '2.5'
gemfile: rails_7.0
- ruby-version: '2.6'
gemfile: rails_7.0
- ruby-version: '2.6'
gemfile: rails_5.0
- ruby-version: '2.6'
gemfile: rails_5.1
- ruby-version: '2.7'
gemfile: rails_5.0
- ruby-version: '2.7'
gemfile: rails_5.1
- ruby-version: '2.7'
gemfile: rails_5.2
- ruby-version: '3.0'
gemfile: rails_5.0
- ruby-version: '3.0'
gemfile: rails_5.1
- ruby-version: '3.0'
gemfile: rails_5.2
- ruby-version: '3.1'
gemfile: rails_5.0
- ruby-version: '3.1'
gemfile: rails_5.1
- ruby-version: '3.1'
gemfile: rails_5.2
- ruby-version: '3.1'
gemfile: rails_6.0
- ruby-version: '3.1'
gemfile: rails_6.1
- ruby-version: '3.2'
gemfile: rails_6.0
- ruby-version: '3.2'
gemfile: rails_6.1

env:
BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
Expand All @@ -114,6 +82,7 @@ jobs:
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby-version }}
rubygems: latest
bundler-cache: true
- name: Run specs and publish code coverage
uses: paambaati/[email protected]
Expand Down
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Temporal database system on PostgreSQL using [updatable views][pg-updatable-views], [table inheritance][pg-table-inheritance] and [INSTEAD OF triggers][pg-instead-of-triggers].

[![Build Status][build-status-badge]][build-status]
[![Legacy Build Status][legacy-build-status-badge]][build-status]
[![Code Climate][code-analysis-badge]][code-analysis]
[![Test Coverage][test-coverage-badge]][test-coverage]
[![Gem Version][gem-version-badge]][gem-version]
Expand Down Expand Up @@ -391,6 +392,7 @@ This software is Made in Italy :it: :smile:.
[docs-analysis-badge]: http://inch-ci.org/github/ifad/chronomodel.svg?branch=master
[gem-version]: https://rubygems.org/gems/chrono_model
[gem-version-badge]: https://badge.fury.io/rb/chrono_model.svg
[legacy-build-status-badge]: https://github.com/ifad/chronomodel/actions/workflows/legacy_ruby.yml/badge.svg
[test-coverage]: https://codeclimate.com/github/ifad/chronomodel
[test-coverage-badge]: https://codeclimate.com/github/ifad/chronomodel/badges/coverage.svg

Expand Down

0 comments on commit e9444bd

Please sign in to comment.