From af9ce3660fcda5cf10077022a4f11b98847e014d Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Fri, 18 Jun 2021 13:55:53 +0700 Subject: [PATCH 01/11] Add Run undercover before run danger in Review workflow --- log/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 log/.keep diff --git a/log/.keep b/log/.keep deleted file mode 100644 index e69de29b..00000000 From 566a869d6e7f9d0287af23a86ae2cde70e6f4dd1 Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Fri, 18 Jun 2021 14:16:53 +0700 Subject: [PATCH 02/11] Add Run undercover before run danger in Review workflow --- .github/workflows/review_code.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/review_code.yml b/.github/workflows/review_code.yml index 56bc0c53..4bcd1f17 100644 --- a/.github/workflows/review_code.yml +++ b/.github/workflows/review_code.yml @@ -52,5 +52,8 @@ jobs: if: steps.yarn-cache.outputs.cache-hit != 'true' || steps.node-modules-cache.outputs.cache-hit != 'true' run: yarn + - name: Run Undercover + run: bundle exec undercover-report -c origin/develop --lcov coverage/lcov/*.lcov + - name: Run Danger run: bundle exec danger From 180fd812c067a3ed075c794153baeae41238a604 Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Fri, 18 Jun 2021 14:19:24 +0700 Subject: [PATCH 03/11] Add Run rspec to generate code coverage data --- .github/workflows/review_code.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/review_code.yml b/.github/workflows/review_code.yml index 4bcd1f17..eafa0f44 100644 --- a/.github/workflows/review_code.yml +++ b/.github/workflows/review_code.yml @@ -52,6 +52,9 @@ jobs: if: steps.yarn-cache.outputs.cache-hit != 'true' || steps.node-modules-cache.outputs.cache-hit != 'true' run: yarn + - name: Run Rspec + run: rspec + - name: Run Undercover run: bundle exec undercover-report -c origin/develop --lcov coverage/lcov/*.lcov From 3d8c5cf9b05dc42356458e275873bcdea2103ad2 Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Fri, 18 Jun 2021 14:23:07 +0700 Subject: [PATCH 04/11] Add Run rspec to generate code coverage data --- .github/workflows/review_code.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/review_code.yml b/.github/workflows/review_code.yml index eafa0f44..d621d7ef 100644 --- a/.github/workflows/review_code.yml +++ b/.github/workflows/review_code.yml @@ -53,7 +53,7 @@ jobs: run: yarn - name: Run Rspec - run: rspec + run: bundle exec rspec - name: Run Undercover run: bundle exec undercover-report -c origin/develop --lcov coverage/lcov/*.lcov From 1f0d44da8f354a72d6f8ecdbdb2f90d78f2c306f Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Fri, 18 Jun 2021 14:44:52 +0700 Subject: [PATCH 05/11] Refactor workflow review to use docker container --- .github/workflows/review_code.yml | 64 +++++++++++++++++++++++-------- 1 file changed, 49 insertions(+), 15 deletions(-) diff --git a/.github/workflows/review_code.yml b/.github/workflows/review_code.yml index d621d7ef..80a44be0 100644 --- a/.github/workflows/review_code.yml +++ b/.github/workflows/review_code.yml @@ -8,27 +8,64 @@ env: DANGER_GITHUB_API_TOKEN: ${{ github.token }} jobs: + build: + name: Build Docker image + runs-on: ubuntu-latest + steps: + - name: Cancel previous runs + uses: styfle/cancel-workflow-action@0.6.0 + with: + access_token: ${{ github.token }} + + - uses: actions/checkout@v2.3.4 + + - name: Set env BRANCH_TAG + uses: nimblehq/branch-tag-action@v1.2 + + - name: Login to Docker registry + uses: docker/login-action@v1.6.0 + with: + registry: ${{ env.DOCKER_REGISTRY_HOST }} + username: ${{ env.DOCKER_REGISTRY_USERNAME }} + password: ${{ env.DOCKER_REGISTRY_TOKEN }} + + - name: Pull Docker image + if: ${{ env.BRANCH_TAG != 'latest' && env.BRANCH_TAG != 'development' }} + run: docker-compose pull test || true + + - name: Build Docker image + run: bin/docker-prepare && docker-compose build + + - name: Push Docker image + run: docker-compose push test + automated_code_review: name: Run Danger runs-on: ubuntu-latest + needs: build steps: - uses: actions/checkout@v2.3.4 + + - name: Set env BRANCH_TAG + uses: nimblehq/branch-tag-action@v1.2 + + - name: Login to Docker registry + uses: docker/login-action@v1.6.0 with: fetch-depth: 0 + registry: ${{ env.DOCKER_REGISTRY_HOST }} + username: ${{ env.DOCKER_REGISTRY_USERNAME }} + password: ${{ env.DOCKER_REGISTRY_TOKEN }} - - name: Setup Ruby - uses: ruby/setup-ruby@v1 - with: - bundler-cache: true + - name: Pull Docker image + run: docker-compose pull test || true - - name: Setup Node - uses: actions/setup-node@v2 - with: - node-version: '14.17.0' + - name: Run tests + run: docker-compose run test bundle exec rspec --profile - name: Get yarn cache directory path id: yarn-cache-dir-path - run: echo "::set-output name=dir::$(yarn cache dir)" + run: docker-compose run test echo "::set-output name=dir::$(yarn cache dir)" - name: Cache Yarn uses: actions/cache@v2 @@ -50,13 +87,10 @@ jobs: - name: Yarn install if: steps.yarn-cache.outputs.cache-hit != 'true' || steps.node-modules-cache.outputs.cache-hit != 'true' - run: yarn - - - name: Run Rspec - run: bundle exec rspec + run: docker-compose run test yarn - name: Run Undercover - run: bundle exec undercover-report -c origin/develop --lcov coverage/lcov/*.lcov + run: docker-compose run test bundle exec undercover-report -c origin/develop --lcov coverage/lcov/*.lcov - name: Run Danger - run: bundle exec danger + run: docker-compose run test bundle exec danger From 17af3ee4b3935fedc59259f20f2995a6f425199a Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Fri, 18 Jun 2021 14:46:31 +0700 Subject: [PATCH 06/11] Add missing env var --- .github/workflows/review_code.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/review_code.yml b/.github/workflows/review_code.yml index 80a44be0..4271b686 100644 --- a/.github/workflows/review_code.yml +++ b/.github/workflows/review_code.yml @@ -6,6 +6,10 @@ on: env: DANGER_GITHUB_API_TOKEN: ${{ github.token }} + DOCKER_REGISTRY_HOST: ${{ secrets.DOCKER_REGISTRY_HOST }} + DOCKER_REGISTRY_USERNAME: ${{ github.repository_owner }} + DOCKER_REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DOCKER_IMAGE: ${{ github.repository }} jobs: build: From 90cd9967c8d6770a3a4b55ba2f9a540517400353 Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Fri, 18 Jun 2021 14:52:58 +0700 Subject: [PATCH 07/11] Add missing docker-compase.yml --- .github/workflows/review_code.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/review_code.yml b/.github/workflows/review_code.yml index 4271b686..5686b9ee 100644 --- a/.github/workflows/review_code.yml +++ b/.github/workflows/review_code.yml @@ -11,6 +11,9 @@ env: DOCKER_REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }} DOCKER_IMAGE: ${{ github.repository }} + # Set the default docker-compose file + COMPOSE_FILE: docker-compose.test.yml + jobs: build: name: Build Docker image From bbff7da0d0980ba3b5f1f30bdfa7d703f940f1ee Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Fri, 18 Jun 2021 15:04:37 +0700 Subject: [PATCH 08/11] Comment undercover in dangerfile --- .github/workflows/review_code.yml | 69 +++++-------------------------- Dangerfile | 3 +- 2 files changed, 13 insertions(+), 59 deletions(-) diff --git a/.github/workflows/review_code.yml b/.github/workflows/review_code.yml index 5686b9ee..56bc0c53 100644 --- a/.github/workflows/review_code.yml +++ b/.github/workflows/review_code.yml @@ -6,73 +6,29 @@ on: env: DANGER_GITHUB_API_TOKEN: ${{ github.token }} - DOCKER_REGISTRY_HOST: ${{ secrets.DOCKER_REGISTRY_HOST }} - DOCKER_REGISTRY_USERNAME: ${{ github.repository_owner }} - DOCKER_REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }} - DOCKER_IMAGE: ${{ github.repository }} - - # Set the default docker-compose file - COMPOSE_FILE: docker-compose.test.yml jobs: - build: - name: Build Docker image - runs-on: ubuntu-latest - steps: - - name: Cancel previous runs - uses: styfle/cancel-workflow-action@0.6.0 - with: - access_token: ${{ github.token }} - - - uses: actions/checkout@v2.3.4 - - - name: Set env BRANCH_TAG - uses: nimblehq/branch-tag-action@v1.2 - - - name: Login to Docker registry - uses: docker/login-action@v1.6.0 - with: - registry: ${{ env.DOCKER_REGISTRY_HOST }} - username: ${{ env.DOCKER_REGISTRY_USERNAME }} - password: ${{ env.DOCKER_REGISTRY_TOKEN }} - - - name: Pull Docker image - if: ${{ env.BRANCH_TAG != 'latest' && env.BRANCH_TAG != 'development' }} - run: docker-compose pull test || true - - - name: Build Docker image - run: bin/docker-prepare && docker-compose build - - - name: Push Docker image - run: docker-compose push test - automated_code_review: name: Run Danger runs-on: ubuntu-latest - needs: build steps: - uses: actions/checkout@v2.3.4 - - - name: Set env BRANCH_TAG - uses: nimblehq/branch-tag-action@v1.2 - - - name: Login to Docker registry - uses: docker/login-action@v1.6.0 with: fetch-depth: 0 - registry: ${{ env.DOCKER_REGISTRY_HOST }} - username: ${{ env.DOCKER_REGISTRY_USERNAME }} - password: ${{ env.DOCKER_REGISTRY_TOKEN }} - - name: Pull Docker image - run: docker-compose pull test || true + - name: Setup Ruby + uses: ruby/setup-ruby@v1 + with: + bundler-cache: true - - name: Run tests - run: docker-compose run test bundle exec rspec --profile + - name: Setup Node + uses: actions/setup-node@v2 + with: + node-version: '14.17.0' - name: Get yarn cache directory path id: yarn-cache-dir-path - run: docker-compose run test echo "::set-output name=dir::$(yarn cache dir)" + run: echo "::set-output name=dir::$(yarn cache dir)" - name: Cache Yarn uses: actions/cache@v2 @@ -94,10 +50,7 @@ jobs: - name: Yarn install if: steps.yarn-cache.outputs.cache-hit != 'true' || steps.node-modules-cache.outputs.cache-hit != 'true' - run: docker-compose run test yarn - - - name: Run Undercover - run: docker-compose run test bundle exec undercover-report -c origin/develop --lcov coverage/lcov/*.lcov + run: yarn - name: Run Danger - run: docker-compose run test bundle exec danger + run: bundle exec danger diff --git a/Dangerfile b/Dangerfile index 91faaa0b..224d155d 100644 --- a/Dangerfile +++ b/Dangerfile @@ -22,4 +22,5 @@ eslint.lint simplecov.report 'coverage/coverage.json' # Report missing test coverage of new changes in Danger -undercover.report +# Commented as Danger is missing undercover reports which needs tests run ahead +# undercover.report From 4baed9947a06a15de451101e5c8ce2004a022a11 Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Fri, 18 Jun 2021 15:20:33 +0700 Subject: [PATCH 09/11] Comment undercover in dangerfile - simplecov.report --- Dangerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dangerfile b/Dangerfile index 224d155d..87c734a6 100644 --- a/Dangerfile +++ b/Dangerfile @@ -19,8 +19,8 @@ suggester.suggest eslint.lint # Report your Ruby app test suite code coverage in Danger. -simplecov.report 'coverage/coverage.json' +# simplecov.report 'coverage/coverage.json' # Report missing test coverage of new changes in Danger -# Commented as Danger is missing undercover reports which needs tests run ahead +# Commented as undercover reports needs tests to run, which needs a different env # undercover.report From 88cd76ac7aa95b8cc57f316f1c2913188e7e3f61 Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Fri, 18 Jun 2021 15:29:01 +0700 Subject: [PATCH 10/11] Adding false positive for package vulnerability warning --- config/brakeman.ignore | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 config/brakeman.ignore diff --git a/config/brakeman.ignore b/config/brakeman.ignore new file mode 100644 index 00000000..d1d3bbe1 --- /dev/null +++ b/config/brakeman.ignore @@ -0,0 +1,22 @@ +{ + "ignored_warnings": [ + { + "warning_type": "Cross-Site Scripting", + "warning_code": 106, + "fingerprint": "c8adc1c0caf2c9251d1d8de588fb949070212d0eed5e1580aee88bab2287b772", + "check_name": "SanitizeMethods", + "message": "loofah gem 2.10.0 is vulnerable (CVE-2018-8048). Upgrade to 2.2.1", + "file": "Gemfile.lock", + "line": 214, + "link": "https://github.com/flavorjones/loofah/issues/144", + "code": null, + "render_path": null, + "location": null, + "user_input": null, + "confidence": "Medium", + "note": "" + } + ], + "updated": "2021-06-18 15:28:26 +0700", + "brakeman_version": "5.0.1" +} From 8044a7aafeefe1f03c6a714a935935f01e1198d3 Mon Sep 17 00:00:00 2001 From: Xavier MALPARTY Date: Fri, 18 Jun 2021 15:29:56 +0700 Subject: [PATCH 11/11] Update ignore comment --- config/brakeman.ignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/brakeman.ignore b/config/brakeman.ignore index d1d3bbe1..777a653e 100644 --- a/config/brakeman.ignore +++ b/config/brakeman.ignore @@ -14,7 +14,7 @@ "location": null, "user_input": null, "confidence": "Medium", - "note": "" + "note": "2.10.0 is HIGHER than 2.2.1, thus already patched!" } ], "updated": "2021-06-18 15:28:26 +0700",