Merge branch 'jamis-3505-ssdlc-2.1' into 2.1-stable

Author: jamis

.github/workflows/cleanup.yml

@@ -0,0 +1,44 @@
+name: "Dry-Run Cleanup"
+run-name: "Dry Run Cleanup for ${{ github.ref }}"
+
+on:
+  workflow_dispatch:
+    inputs:
+      confirm:
+        description: Indicate whether you want this workflow to run (must be "true")
+        required: true
+        type: string
+      tag:
+        description: The name of the tag (and release) to clean up
+        required: true
+        type: string
+
+jobs:
+  release:
+    name: "Dry-Run Cleanup"
+    environment: release
+    runs-on: 'ubuntu-latest'
+    if: ${{ inputs.confirm == 'true' }}
+
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: write
+
+      # required by the mongodb-labs/drivers-github-tools/setup@v2 step
+      # also required by `rubygems/release-gem`
+      id-token: write
+
+    steps:
+      - name: "Run the cleanup action"
+        uses: mongodb-labs/drivers-github-tools/ruby/cleanup@v2
+        with:
+          app_id: ${{ vars.APP_ID }}
+          app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
+          tag: ${{ inputs.tag }}

.github/workflows/codeql.yml

@@ -0,0 +1,67 @@
+name: "CodeQL"
+
+on: [ push, pull_request ]
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: 'ubuntu-latest'
+    timeout-minutes: 360
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: ruby
+            build-mode: none
+          - language: c
+            build-mode: manual
+          - language: java
+            build-mode: none
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        config: |
+          paths-ignore:
+            - spec
+            - tmp
+
+    - name: Setup Ruby
+      if: matrix.build-mode == 'manual'
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: '3.2'
+        bundler-cache: true
+
+    - name: Install libsasl
+      if: matrix.build-mode == 'manual'
+      shell: bash
+      run: sudo apt-get -y install libsasl2-dev
+
+    - name: Manually build the native code
+      if: matrix.build-mode == 'manual'
+      shell: bash
+      run: bundle exec rake compile
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
+

.github/workflows/release.yml

@@ -0,0 +1,165 @@
+name: "Release"
+run-name: "Release for ${{ github.ref }}"
+
+on:
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: Is this a dry run?
+        required: true
+        default: true
+        type: boolean
+
+env:
+  RELEASE_MESSAGE_TEMPLATE: |
+    Version {0} of [Ruby Kerberos Authentication for MongoDB](https://rubygems.org/gems/mongo_kerberos) is now available.
+
+    **Release Highlights**
+
+    TODO: one or more paragraphs describing important changes in this release
+
+    **Installation**
+
+    You may install this version via RubyGems, with:
+
+    gem install --version {0} mongo_kerberos
+
+permissions:
+  # required for all workflows
+  security-events: write
+
+  # required to fetch internal or private CodeQL packs
+  packages: read
+
+  # only required for workflows in private repositories
+  actions: read
+  contents: write
+
+  # required by the mongodb-labs/drivers-github-tools/setup@v2 step
+  # also required by `rubygems/release-gem`
+  id-token: write
+
+jobs:
+  build:
+    name: "Build Gems"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: [ '3.2', jruby ]
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Set output gem file name
+        shell: bash
+        run: |
+          echo "GEM_FILE_NAME=$(bundle exec rake gem_file_name)" >> "$GITHUB_ENV"
+
+      - name: Build the gem
+        shell: bash
+        run: bundle exec rake build
+
+      - name: Save the generated gem file for later
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.GEM_FILE_NAME }}
+          path: ${{ env.GEM_FILE_NAME }}
+          retention-days: 1
+          overwrite: true
+
+  publish:
+    name: Publish Gems
+    needs: build
+    environment: release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
+        with:
+          app_id: ${{ vars.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.2'
+          bundler-cache: true
+
+      - name: Get the release version
+        shell: bash
+        run: echo "RELEASE_VERSION=$(bundle exec rake version)" >> "$GITHUB_ENV"
+
+      - name: Setup GitHub tooling for DBX Drivers
+        uses: mongodb-labs/drivers-github-tools/setup@v2
+        with:
+          aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
+          aws_region_name: ${{ vars.AWS_REGION_NAME }}
+          aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
+
+      - name: Fetch the gem artifacts
+        uses: actions/download-artifact@v4
+        with:
+          merge-multiple: true
+
+      - name: Sign the gems
+        uses: mongodb-labs/drivers-github-tools/gpg-sign@v2
+        with:
+          filenames: '*.gem'
+
+      - name: Generate SSDLC Reports
+        uses: mongodb-labs/drivers-github-tools/full-report@v2
+        with:
+          product_name: Mongo Kerberos for Ruby
+          release_version: ${{ env.RELEASE_VERSION }}
+          dist_filenames: '*.gem'
+          silk_asset_group: mongo-ruby-kerberos
+
+      - name: Create the tag
+        uses: mongodb-labs/drivers-github-tools/tag-version@v2
+        with:
+          version: ${{ env.RELEASE_VERSION }}
+          tag_template: "v${VERSION}"
+          tag_message_template: "Release tag for v${VERSION}"
+
+      - name: Create a new release
+        shell: bash
+        run: gh release create v${{ env.RELEASE_VERSION }} --title ${{ env.RELEASE_VERSION }} --generate-notes --draft
+
+      - name: Capture the changelog
+        shell: bash
+        run: gh release view v${{ env.RELEASE_VERSION }} --json body --template '{{ .body }}' >> changelog
+
+      - name: Prepare release message
+        shell: bash
+        run: |
+          echo "${{ format(env.RELEASE_MESSAGE_TEMPLATE, env.RELEASE_VERSION) }}" > release-message
+          cat changelog >> release-message
+
+      - name: Update release information
+        shell: bash
+        run: |
+          echo "RELEASE_URL=$(gh release edit v${{ env.RELEASE_VERSION }} --notes-file release-message)" >> "$GITHUB_ENV"
+
+      - name: Upload release artifacts
+        shell: bash
+        run: gh release upload v${{ env.RELEASE_VERSION }} *.gem ${{ env.RELEASE_ASSETS }}/*.sig
+
+      - name: Upload S3 assets
+        uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
+        with:
+          version: ${{ env.RELEASE_VERSION }}
+          product_name: mongo-ruby-kerberos
+          dry_run: ${{ inputs.dry_run }}
+
+      - name: Publish the gems
+        uses: rubygems/release-gem@v1
+        if: inputs.dry_run == 'false'
+        with:
+          await-release: false

.github/workflows/test.yml

@@ -0,0 +1,42 @@
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: >-
+      ruby:${{ matrix.ruby }}
+    env:
+      CI: true
+      TESTOPTS: -v
+
+    runs-on: ${{ matrix.os }}-latest
+    if: |
+      !(   contains(github.event.pull_request.title,  '[ci skip]')
+        || contains(github.event.pull_request.title,  '[skip ci]')
+        || contains(github.event.head_commit.message, '[ci skip]')
+        || contains(github.event.head_commit.message, '[skip ci]'))
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu ]
+        ruby: [ 2.7, 3.0, 3.1, 3.2, 3.3, jruby-9.3, jruby-9.4 ]
+
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Install libsasl
+        shell: bash
+        run: sudo apt-get -y install libsasl2-dev
+
+      - name: Run the tests
+        timeout-minutes: 10
+        shell: bash
+        run: bundle exec rake spec

.travis.yml

@@ -8,17 +8,4 @@ gem 'yard'
 group :development, :test do
   gem 'rspec'
   gem 'rake-compiler'
-
-  if ENV['CI']
-    gem 'coveralls', :require => false
-    gem 'mime-types', '1.25' # v2.0+ does not supporty ruby 1.8
-  else
-    gem 'ruby-prof', :platforms => :mri
-    gem 'pry'
-    gem 'guard-rspec', :platforms => [ :ruby_19, :ruby_24, :ruby_25 ]
-    gem 'rb-inotify', :require => false # Linux
-    gem 'rb-fsevent', :require => false # OS X
-    gem 'rb-fchange', :require => false # Windows
-    gem 'terminal-notifier-guard'
-  end
 end