Skip to content
CI

chore(deps-dev): bump brakeman from 8.0.4 to 8.0.5 #562

Sign in to view logs

chore(deps-dev): bump brakeman from 8.0.4 to 8.0.5

chore(deps-dev): bump brakeman from 8.0.4 to 8.0.5 #562

Workflow file for this run

.github/workflows/ci.yml at 7d120f8
name: CI
on:
push:
branches:
- '**' # matches every branch
pull_request:
branches:
- 'main'
types: [opened]
jobs:
testing:
name: 🧪 Testing
runs-on: ubuntu-latest
# Postgres service
services:
postgres:
image: postgres
env:
POSTGRES_USER: postgres
POSTGRES_DB: pastel_api_test
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports: ["5432:5432"]
steps:
- uses: actions/checkout@v6
- name: 🔧 Set up Ruby
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
# Run bundle install
- name: 📦 Install dependencies
run: |
sudo apt-get -yqq install libpq-dev build-essential
bundle install
# Create and migrate DB
- name: ⚙️ Setup test database
env:
PGHOST: localhost
POSTGRES_DB: pastel_api_test
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: ${{ secrets.ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: ${{ secrets.ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: ${{ secrets.ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT }}
DEVISE_JWT_SECRET_KEY: ${{ secrets.DEVISE_JWT_SECRET_KEY }}
DEVISE_JWT_EXPIRATION_TIME: ${{ secrets.DEVISE_JWT_EXPIRATION_TIME }}
CONTACT_EMAIL: ${{ secrets.CONTACT_EMAIL }}
WEB_BASE_URL: ${{ secrets.WEB_BASE_URL }}
RAILS_ENV: test
STAGING_ENV: 'false'
run: |
bundle exec rails db:create db:migrate
# Run rspec command
- name: 🧪 Run tests
env:
CONTACT_EMAIL: ${{ secrets.CONTACT_EMAIL }}
WEB_BASE_URL: ${{ secrets.WEB_BASE_URL }}
DEVISE_JWT_SECRET_KEY: ${{ secrets.DEVISE_JWT_SECRET_KEY }}
DEVISE_JWT_EXPIRATION_TIME: ${{ secrets.DEVISE_JWT_EXPIRATION_TIME }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: ${{ secrets.ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: ${{ secrets.ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: ${{ secrets.ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT }}
PGHOST: localhost
POSTGRES_DB: pastel_api_test
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
PGPORT: 5432
RAILS_ENV: test
STAGING_ENV: 'false'
run: bundle exec rspec --profile -f j -o tmp/rspec_results.json -f p
# TODO: fix this job and enable it again
# licenses:
# name: ©️ Licenses
# if: success()
# needs: testing
# runs-on: ubuntu-latest
# steps:
# - name: 🔧 Checkout code
# uses: actions/checkout@v6
# - uses: oven-sh/setup-bun@v2
# with:
# bun-version: latest
# - name: 🧪 Run licenses check
# uses: fralps/github-actions/check-licenses@main
# with:
# package-manager: bun
security:
name: 🔒 Security
if: success()
needs: testing
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: 🔧 Set up Ruby
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
# Run Brakeman analyser
- name: 👹 Security checks
uses: reviewdog/action-brakeman@v2
with:
brakeman_version: gemfile
fail_level: 'error'
- name: 🐽 Run TruffleHog Scan
uses: trufflesecurity/trufflehog@main
with:
base: ""
head: ${{ github.ref_name }}
extra_args: --results=verified,unknown
analytics:
name: 🔬 Analytics
if: success()
needs: testing
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: 🔧 Set up Ruby
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
# Run Rubocop analyser
- name: 🔮 Analytics
uses: reviewdog/action-rubocop@v2
with:
rubocop_version: gemfile
rubocop_extensions: rubocop-rails:gemfile rubocop-rspec:gemfile rubocop-performance:gemfile rubocop-factory_bot:gemfile
use_bundler: true
fail_level: 'error'