Lint

Author: tagliala

.github/workflows/ci.yml

@@ -1,101 +1,60 @@
 name: CI
 
+# TODO: Don't do this! Use GitHub's encrypted secrets and set the value of the
+# variable as ${{ secrets.RAILS_MASTER_KEY }}
+# Ref: https://docs.github.com/en/actions/reference/encrypted-secrets
+env:
+  RAILS_MASTER_KEY: 02a9ea770b4985659e8ce92699f218dc
+
 on:
-  pull_request:
   push:
     branches: [ main ]
+  pull_request:
+    branches: [ main ]
 
-jobs:
-  scan_ruby:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: .ruby-version
-          bundler-cache: true
-
-      - name: Scan for common Rails security vulnerabilities using static analysis
-        run: bin/brakeman --no-pager
-
-  scan_js:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: .ruby-version
-          bundler-cache: true
-
-      - name: Scan for security vulnerabilities in JavaScript dependencies
-        run: bin/importmap audit
+permissions:
+  contents: read
 
-  lint:
+jobs:
+  test:
+    name: Ruby specs
     runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
+    timeout-minutes: 60
 
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: .ruby-version
-          bundler-cache: true
+    concurrency:
+      group: "${{ github.workflow }} @ ${{ github.ref }}"
+      cancel-in-progress: true
 
-      - name: Lint code for consistent style
-        run: bin/rubocop -f github
-
-  test:
-    runs-on: ubuntu-latest
+    env:
+      DATABASE_URL: postgres://postgres:postgres@localhost/ruby3_rails8_flowbite_render_development
+      RAILS_ENV: test
 
     services:
-      postgres:
-        image: postgres
+      db:
+        image: postgres:12
+        ports: ['5432:5432']
         env:
-          POSTGRES_USER: postgres
           POSTGRES_PASSWORD: postgres
-        ports:
-          - 5432:5432
-        options: --health-cmd="pg_isready" --health-interval=10s --health-timeout=5s --health-retries=3
 
-      # redis:
-      #   image: redis
-      #   ports:
-      #     - 6379:6379
-      #   options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
 
     steps:
-      - name: Install packages
-        run: sudo apt-get update && sudo apt-get install --no-install-recommends -y build-essential git libpq-dev pkg-config google-chrome-stable
-
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: .ruby-version
-          bundler-cache: true
-
-      - name: Run tests
-        env:
-          RAILS_ENV: test
-          DATABASE_URL: postgres://postgres:postgres@localhost:5432
-          # REDIS_URL: redis://localhost:6379/0
-        run: bin/rails db:test:prepare test test:system
-
-      - name: Keep screenshots from failed system tests
-        uses: actions/upload-artifact@v4
-        if: failure()
-        with:
-          name: screenshots
-          path: ${{ github.workspace }}/tmp/screenshots
-          if-no-files-found: ignore
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: '3.4.1'
+        bundler-cache: true
+    - name: Set up Database
+      run: bundle exec rails db:prepare
+    - name: Run specs
+      run: bundle exec rake spec
+    - name: Coveralls
+      uses: coverallsapp/github-action@v2
+      with:
+        github-token: ${{ secrets.github_token }}
+        path-to-lcov: 'coverage/lcov.info'

.github/workflows/lint.yml

@@ -0,0 +1,165 @@
+name: Lint
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  rubocop:
+    name: RuboCop
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    concurrency:
+      group: "${{ github.workflow }} / rubocop @ ${{ github.ref }}"
+      cancel-in-progress: true
+
+    steps:
+    - uses: actions/checkout@v4
+    - uses: tj-actions/changed-files@v45
+      id: changed-files
+      with:
+        files: |
+          .github/workflows/lint.yml
+          .rubocop.yml
+          **.rb
+          **.rake
+          Gemfile*
+          Rakefile
+    - name: Set up Ruby
+      if: steps.changed-files.outputs.any_changed == 'true'
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: .ruby-version
+        bundler-cache: true
+    - name: Run RuboCop
+      if: steps.changed-files.outputs.any_changed == 'true'
+      run: bundle exec rubocop --format github
+
+  i18n:
+    name: I18n tasks
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    concurrency:
+      group: "${{ github.workflow }} / i18n @ ${{ github.ref }}"
+      cancel-in-progress: true
+
+    steps:
+    - uses: actions/checkout@v4
+    - uses: tj-actions/changed-files@v45
+      id: changed-files
+      with:
+        files: |
+          .github/workflows/lint.yml
+          config/i18n-tasks.yml
+          config/locales/**/*.yml
+          app/**/*
+          Gemfile*
+    - name: Setup Ruby
+      if: steps.changed-files.outputs.any_changed == 'true'
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: '3.4.1'
+        bundler-cache: true
+    - name: Run i18n-tasks health
+      if: steps.changed-files.outputs.any_changed == 'true'
+      run: bundle exec i18n-tasks health
+
+  slimlint:
+    name: Slim-Lint
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    concurrency:
+      group: "${{ github.workflow }} / slimlint @ ${{ github.ref }}"
+      cancel-in-progress: true
+
+    steps:
+    - uses: actions/checkout@v4
+    - uses: tj-actions/changed-files@v45
+      id: changed-files
+      with:
+        files: |
+          .github/workflows/lint.yml
+          .slim-lint.yml
+          **.slim
+    - name: Set up Ruby
+      if: steps.changed-files.outputs.any_changed == 'true'
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: .ruby-version
+        bundler-cache: true
+    - name: Run Slim-Lint
+      if: steps.changed-files.outputs.any_changed == 'true'
+      run: bundle exec slim-lint . -r github
+
+  eslint:
+    name: ESLint
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    concurrency:
+      group: "${{ github.workflow }} / eslint @ ${{ github.ref }}"
+      cancel-in-progress: true
+
+    steps:
+    - uses: actions/checkout@v4
+    - uses: tj-actions/changed-files@v45
+      id: changed-files
+      with:
+        files: |
+          .eslintignore
+          .eslintrc.cjs
+          .github/workflows/lint.yml
+          app/**/*.js
+    - uses: pnpm/action-setup@v4
+    - name: Set up Node
+      if: steps.changed-files.outputs.any_changed == 'true'
+      uses: actions/setup-node@v4
+      with:
+        node-version: '22'
+        cache: 'pnpm'
+    - name: Install node dependencies
+      run: pnpm install
+    - name: Run ESLint
+      if: steps.changed-files.outputs.any_changed == 'true'
+      run: pnpm eslint app/**/*.js
+
+  stylelint:
+    name: Stylelint
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    concurrency:
+      group: "${{ github.workflow }} / stylelint @ ${{ github.ref }}"
+      cancel-in-progress: true
+
+    steps:
+    - uses: actions/checkout@v4
+    - uses: tj-actions/changed-files@v45
+      id: changed-files
+      with:
+        files: |
+          .github/workflows/lint.yml
+          .stylelintrc
+          app/**/*.{scss,css}
+    - uses: pnpm/action-setup@v4
+    - name: Set up Node
+      if: steps.changed-files.outputs.any_changed == 'true'
+      uses: actions/setup-node@v4
+      with:
+        node-version: '22'
+        cache: 'pnpm'
+    - name: Install node dependencies
+      run: pnpm install
+    - name: Install stylelint GitHub formatter
+      run: pnpm install @csstools/stylelint-formatter-github
+    - name: Run Stylelint
+      if: steps.changed-files.outputs.any_changed == 'true'
+      run: pnpm stylelint app/**/*.{scss,css} --custom-formatter @csstools/stylelint-formatter-github

.github/workflows/security.yml

@@ -0,0 +1,71 @@
+name: Security Audits
+
+on:
+  schedule:
+    - cron: '30 8 * * 5'
+
+permissions:
+  contents: read
+
+jobs:
+  bundle_audit:
+    name: Bundle audit
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    concurrency:
+      group: "${{ github.workflow }} / bundle_audit @ ${{ github.ref }}"
+      cancel-in-progress: true
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: .ruby-version
+        bundler-cache: false
+    - name: Bundle audit
+      run: |
+        gem install bundler-audit
+        bundle audit check --update
+
+  bundle_leak:
+    name: Bundle leak
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    concurrency:
+      group: "${{ github.workflow }} / bundle_leak @ ${{ github.ref }}"
+      cancel-in-progress: true
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: .ruby-version
+        bundler-cache: false
+    - name: Bundle leak
+      run: |
+        gem install bundler-leak
+        bundle leak check --update
+
+  importmap_audit:
+    name: importmap audit
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    concurrency:
+      group: "${{ github.workflow }} / importmap_audit @ ${{ github.ref }}"
+      cancel-in-progress: true
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: .ruby-version
+        bundler-cache: true
+
+    - name: Scan for security vulnerabilities in JavaScript dependencies
+      run: bin/importmap audit

.gitignore

@@ -37,3 +37,4 @@
 !/app/assets/builds/.keep
 
 /spec/examples.txt
+/coverage