Merge branch 'staging' into refactor/no-ci-secrets

.env.example

@@ -18,10 +18,10 @@ TREASURER_NAME=
 TREASURER_PHONE=
 
 AUTHORIZE_URL=/oauth/authorize
-TOKEN_URL=/oauth/token
-ME_URL=/oauth/me
+TOKEN_URL=/api/v1/oauth/token
+ME_URL=/api/v1/users?filter[me]&include="active_groups"
 
-COMPANY_NAME=Stichting Sociëteit Flux
+COMPANY_NAME=Stichting Societeit Flux
 COMPANY_IBAN=NL68 INGB 0008 1654 20
 COMPANY_ADDRESS=Oude Markt 24-3, 7511 GB Enschede
 COMPANY_WEBSITE=https://societeitflux.nl

.github/workflows/cleanup-registry.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Delete untagged images
-        uses: actions/delete-package-versions@0d39a63126868f5eefaa47169615edd3c0f61e20 # v4.1.1
+        uses: actions/delete-package-versions@e5bc658cc4c965c472efe991f8beea3981499c55 # v5.0.0
         with:
           package-name: ${{ github.event.repository.name }}
           package-type: container

.github/workflows/continuous-delivery.yml

@@ -124,6 +124,7 @@ jobs:
     with:
       sha: ${{ needs.merge.outputs.sha }}
     secrets:
+      codecov_token: ${{ secrets.CODECOV_TOKEN }}
       rails_master_key: ${{ secrets.RAILS_MASTER_KEY }}
 
   publish_image:

.github/workflows/continuous-integration.yml

@@ -12,6 +12,9 @@ on:
         required: false
         type: string
     secrets:
+      codecov_token:
+        description: Codecov token
+        required: true
       rails_master_key:
         description: The Rails master key
         required: true
@@ -125,10 +128,27 @@ jobs:
         env:
           RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
         run: |
-          docker run \
+          mkdir coverage
+          docker run \ 
           -e RAILS_MASTER_KEY \
           -e POSTGRES_USER=postgres \
-          -e POSTGRES_PASSWORD=postgres \
-          -e POSTGRES_HOST=localhost \
+          -e POSTGRES_PASSWORD=postgres \ 
+          -e POSTGRES_HOST=localhost \ 
           --network=host \
+          -v "$(pwd)"'/coverage:/app/coverage' \ 
           app bin/ci.sh spec
+
+      - name: Upload coverage report to Codecov
+        if: ${{ !cancelled() }}
+        uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7
+        with:
+          fail_ci_if_error: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+      - name: Upload coverage report artifact
+        if: ${{ !cancelled() }}
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: coverage
+          path: coverage/
+          if-no-files-found: error

.github/workflows/publish-image.yml

@@ -65,7 +65,7 @@ jobs:
 
       - name: Build and push image
         id: build_push_image
-        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
         with:
           push: true
           context: .

Gemfile

@@ -22,7 +22,7 @@ gem 'omniauth-rails_csrf_protection', '~> 1.0'
 gem 'paper_trail', '~> 14.0.0'
 gem 'paranoia', '~> 3.0.0'
 gem 'pg', '~> 1.3.0'
-gem 'puma', '~> 6.1.1'
+gem 'puma', '~> 6.4.0'
 gem 'pundit', '~> 2.2.0'
 gem 'rack-attack', '~> 6.6.0'
 gem 'rails', '~> 7.1.0'
@@ -78,6 +78,7 @@ group :test do
   gem 'rubocop-rails'
   gem 'rubocop-rspec'
   gem 'simplecov', require: false
+  gem 'simplecov-lcov', '~> 0.8.0', require: false
   gem 'terminal-notifier-guard'
   gem 'timecop'
 end

Gemfile.lock

@@ -1,6 +1,7 @@
 GEM
   remote: https://rubygems.org/
   specs:
+
     actioncable (7.1.0)
       actionpack (= 7.1.0)
       activesupport (= 7.1.0)
@@ -195,7 +196,7 @@ GEM
       domain_name (~> 0.5)
     http-form_data (2.3.0)
     http_parser.rb (0.8.0)
-    i18n (1.14.5)
+    i18n (1.14.6)
       concurrent-ruby (~> 1.0)
     io-console (0.6.0)
     irb (1.8.1)
@@ -236,7 +237,7 @@ GEM
       net-imap
       net-pop
       net-smtp
-    marcel (1.0.2)
+    marcel (1.0.4)
     method_source (1.0.0)
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
@@ -245,7 +246,9 @@ GEM
       open4 (~> 1.3.4)
       rake
     mini_mime (1.1.5)
-    mini_portile2 (2.8.4)
+    mini_portile2 (2.8.8)
+    mini_racer (0.6.2)
+      libv8-node (~> 16.10.0.0)
     minitest (5.24.1)
     mollie-api-ruby (4.7.1)
     msgpack (1.5.2)
@@ -313,13 +316,13 @@ GEM
     psych (5.1.1)
       stringio
     public_suffix (4.0.7)
-    puma (6.1.1)
+    puma (6.4.3)
       nio4r (~> 2.0)
     pundit (2.2.0)
       activesupport (>= 3.0.0)
     raabro (1.4.0)
     racc (1.7.1)
-    rack (2.2.8)
+    rack (2.2.10)
     rack-attack (6.6.1)
       rack (>= 1.0, < 3)
     rack-protection (3.0.2)
@@ -490,6 +493,7 @@ GEM
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
+    simplecov-lcov (0.8.0)
     simplecov_json_formatter (0.1.4)
     slack-notifier (2.4.0)
     spring (2.1.1)
@@ -508,7 +512,7 @@ GEM
     sshkit (1.21.2)
       net-scp (>= 1.1.2)
       net-ssh (>= 2.8.0)
-    stringio (3.0.8)
+    strscan (3.0.9)
     terminal-notifier-guard (1.7.0)
     thor (1.2.2)
     tilt (2.1.0)
@@ -549,7 +553,7 @@ GEM
     wicked_pdf (2.6.3)
       activesupport
     wkhtmltopdf-binary (0.12.6.5)
-    zeitwerk (2.6.12)
+    zeitwerk (2.6.18)
 
 PLATFORMS
   ruby
@@ -593,7 +597,7 @@ DEPENDENCIES
   pg (~> 1.3.0)
   pry-byebug
   pry-rails
-  puma (~> 6.1.1)
+  puma (~> 6.4.0)
   pundit (~> 2.2.0)
   rack-attack (~> 6.6.0)
   rails (~> 7.1.0)
@@ -615,6 +619,7 @@ DEPENDENCIES
   sidekiq-scheduler (~> 5.0.2)
   simple_form (~> 5.1.0)
   simplecov
+  simplecov-lcov (~> 0.8.0)
   slack-notifier (~> 2.4.0)
   spring
   spring-commands-rspec

README.md

@@ -3,6 +3,7 @@ Alpha SOFIA
 
 [![Continuous Integration](https://github.com/csvalpha/sofia/actions/workflows/continuous-integration.yml/badge.svg)](https://github.com/csvalpha/sofia/actions/workflows/continuous-integration.yml)
 [![Continuous Delivery](https://github.com/csvalpha/sofia/actions/workflows/continuous-delivery.yml/badge.svg)](https://github.com/csvalpha/sofia/actions/workflows/continuous-delivery.yml)
+[![codecov](https://codecov.io/github/csvalpha/sofia/graph/badge.svg?token=RGR5PARLD5)](https://codecov.io/github/csvalpha/sofia)
 
 The source code belonging to Alpha SOFIA. It is a system built with Ruby on Rails with Turbolinks and a little VueJS, used to manage orders in our own bar "Flux". Users authenticate via OAuth API (currently "Alpha AMBER") to see how much credit they got left, or to be able to register new orders and/or payments.
 
@@ -54,7 +55,7 @@ $ EDITOR="code --wait" bundle exec rails credentials:edit
 In OAuth AMBER (github.com/csvalpha/amber-api), execute the following command (in `rails console`):
 
 ```ruby
-app = Doorkeeper::Application.create(name: 'SOFIA - Streepsysteem der C.S.V. Alpha', redirect_uri: 'http://localhost:5000/users/auth/amber_oauth2/callback', scopes: 'public tomato')
+app = Doorkeeper::Application.create(name: 'SOFIA - Streepsysteem der C.S.V. Alpha', redirect_uri: 'http://localhost:5000/users/auth/amber_oauth2/callback', scopes: 'public sofia')
 app.uid
 app.plaintext_secret
 ```

app/models/payment.rb

@@ -33,7 +33,7 @@ def self.create_with_mollie(description, attributes = nil)
     mollie_payment = Mollie::Payment.create(
       amount: { value: format('%<amount>.2f', amount: attributes[:amount]), currency: 'EUR' },
       description: description,
-      redirect_url: "http://#{Rails.application.config.x.tomato_host}/payments/#{obj.id}/callback"
+      redirect_url: "http://#{Rails.application.config.x.sofia_host}/payments/#{obj.id}/callback"
     )
 
     obj.update(mollie_id: mollie_payment.id)

app/views/partials/_footer.html.erb

@@ -1,8 +1,8 @@
 <footer class="footer d-flex justify-content-between">
   <span class="text-danger text-uppercase fw-bold mx-2">
-    <% if Rails.application.config.x.tomato_host == 'stagingstreep.csvalpha.nl' %>
+    <% if Rails.application.config.x.sofia_host == 'stagingstreep.csvalpha.nl' %>
       For demo and testing purposes only
-    <% elsif Rails.application.config.x.tomato_host != 'streep.csvalpha.nl' %>
+    <% elsif Rails.application.config.x.sofia_host != 'streep.csvalpha.nl' && Rails.application.config.x.sofia_host != 'luxstreep.csvalpha.nl' %>
       Development mode
     <% end %>
   </span>

config/application.rb

@@ -32,42 +32,43 @@ class Application < Rails::Application
       Rails.env.to_sym, :amber_client_secret
     ) || ENV.fetch('AMBER_CLIENT_SECRET', nil)
 
-    config.x.amber_host = credentials.dig(Rails.env.to_sym, :amber_host)
-    config.x.tomato_host = credentials.dig(Rails.env.to_sym, :tomato_host)
-
-    config.x.slack_webhook = credentials.dig(Rails.env.to_sym, :slack_webhook) || ''
-    config.x.slack_channel = '#monitoring'
-
-    config.x.smtp_username = credentials.dig(:production, :smtp_username)
-    config.x.smtp_password = credentials.dig(:production, :smtp_password)
-    config.x.sentry_dsn = credentials.dig(Rails.env.to_sym, :sentry_dsn)
-    config.x.sumup_key = credentials.dig(Rails.env.to_sym, :sumup_affiliate_key)
-    config.x.healthcheck_ids = credentials.dig(Rails.env.to_sym, :healthcheck_ids)
-    config.x.mollie_api_key = credentials.dig(Rails.env.to_sym, :mollie_api_key)
-
-    config.x.authorize_url = ENV.fetch('AUTHORIZE_URL', '/oauth/authorize')
-    config.x.token_url = ENV.fetch('TOKEN_URL', '/api/v1/oauth/token')
-    config.x.me_url = ENV.fetch('ME_URL', '/api/v1/users?filter[me]&include="active_groups"')
-
-    config.x.from_email = ENV.fetch('FROM_EMAIL', '[email protected]')
-    config.x.ict_email = ENV.fetch('ICT_EMAIL', '[email protected]')
-    config.x.admin_email = ENV.fetch('ADMIN_EMAIL', '[email protected]')
-    config.x.treasurer_email = ENV.fetch('TREASURER_EMAIL', '[email protected]')
-    config.x.treasurer_name = ENV.fetch('TREASURER_NAME', nil)
-    config.x.treasurer_phone = ENV.fetch('TREASURER_PHONE', nil)
-
-    config.x.company_name = ENV.fetch('COMPANY_NAME', nil)
-    config.x.company_iban = ENV.fetch('COMPANY_IBAN', nil)
-    config.x.company_address = ENV.fetch('COMPANY_ADDRESS', nil)
-    config.x.company_website = ENV.fetch('COMPANY_WEBSITE', nil)
-    config.x.company_kvk = ENV.fetch('COMPANY_KVK', nil)
-
-    config.x.site_name = ENV.fetch('SITE_NAME', 'S.O.F.I.A.')
-    config.x.site_short_name = ENV.fetch('SITE_SHORT_NAME', 'SOFIA')
-    config.x.site_long_name = ENV.fetch('SITE_LONG_NAME', 'Streepsysteem voor de Ordentelijke Festiviteiten van Inleggend Alpha')
-    config.x.site_association = ENV.fetch('SITE_ASSOCIATION', 'C.S.V. Alpha')
-
-    config.x.codes = {
+    config.x.amber_host          = credentials.dig(Rails.env.to_sym, :amber_host)
+    config.x.sofia_host          = credentials.dig(Rails.env.to_sym, :sofia_host)
+
+    config.x.slack_webhook        = credentials.dig(Rails.env.to_sym, :slack_webhook) || ''
+    config.x.slack_channel        = '#monitoring'
+
+    config.x.smtp_username        = credentials.dig(:production, :smtp_username)
+    config.x.smtp_password        = credentials.dig(:production, :smtp_password)
+    config.x.sentry_dsn           = credentials.dig(Rails.env.to_sym, :sentry_dsn)
+    config.x.sumup_key            = credentials.dig(Rails.env.to_sym, :sumup_affiliate_key)
+    config.x.healthcheck_ids      = credentials.dig(Rails.env.to_sym, :healthcheck_ids)
+    config.x.mollie_api_key       = credentials.dig(Rails.env.to_sym, :mollie_api_key)
+
+    config.x.authorize_url        = ENV.fetch('AUTHORIZE_URL', '/oauth/authorize')
+    config.x.token_url            = ENV.fetch('TOKEN_URL', '/api/v1/oauth/token')
+    config.x.me_url               = ENV.fetch('ME_URL', '/api/v1/users?filter[me]&include="active_groups"')
+
+    config.x.from_email           = ENV.fetch('FROM_EMAIL', '[email protected]')
+    config.x.ict_email            = ENV.fetch('ICT_EMAIL', '[email protected]')
+    config.x.admin_email          = ENV.fetch('ADMIN_EMAIL', '[email protected]')
+    config.x.treasurer_title      = ENV.fetch('TREASURER_TITLE', 'penningmeester')
+    config.x.treasurer_email      = ENV.fetch('TREASURER_EMAIL', '[email protected]')
+    config.x.treasurer_name       = ENV.fetch('TREASURER_NAME', nil)
+    config.x.treasurer_phone      = ENV.fetch('TREASURER_PHONE', nil)
+
+    config.x.company_name         = ENV.fetch('COMPANY_NAME', nil)
+    config.x.company_iban         = ENV.fetch('COMPANY_IBAN', nil)
+    config.x.company_address      = ENV.fetch('COMPANY_ADDRESS', nil)
+    config.x.company_website      = ENV.fetch('COMPANY_WEBSITE', nil)
+    config.x.company_kvk          = ENV.fetch('COMPANY_KVK', nil)
+
+    config.x.site_name            = ENV.fetch('SITE_NAME', 'S.O.F.I.A.')
+    config.x.site_short_name      = ENV.fetch('SITE_SHORT_NAME', 'SOFIA')
+    config.x.site_long_name       = ENV.fetch('SITE_LONG_NAME', 'Streepsysteem voor de Ordentelijke Festiviteiten van Inleggend Alpha')
+    config.x.site_association     = ENV.fetch('SITE_ASSOCIATION', 'C.S.V. Alpha')
+
+    config.x.codes                = {
       beer: ENV.fetch('CODE_BEER', nil),
       low_alcohol_beer: ENV.fetch('CODE_LOW_ALCOHOL_BEER', nil),
       craft_beer: ENV.fetch('CODE_CRAFT_BEER', nil),