From 05bdd260c128d910f87513b87623cf5110190957 Mon Sep 17 00:00:00 2001 From: Yatish Mehta Date: Thu, 18 Apr 2024 22:47:15 -0700 Subject: [PATCH] Added Bundler audit --- .github/workflows/ci.yml | 15 +++++++++++---- Gemfile | 2 ++ Gemfile.lock | 20 ++++++++++++++++++++ README.md | 2 +- bin/erblint | 27 +++++++++++++++++++++++++++ 5 files changed, 61 insertions(+), 5 deletions(-) create mode 100755 bin/erblint diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 04ec9ab..93ffcff 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,11 +27,9 @@ jobs: - uses: ruby/setup-ruby@v1 with: bundler-cache: true - - uses: actions/setup-node@v4 + - uses: oven-sh/setup-bun@v1 with: - node-version-file: ".node-version" - cache: yarn - - run: npx --yes ci + bun-version: latest - run: bundle exec rake db:prepare - run: bundle exec rake test:all rubocop: @@ -52,3 +50,12 @@ jobs: with: bundler-cache: true - run: bundle exec brakeman --exit-on-warn --no-progress --color --output /dev/stdout + bundle-audit: + name: "Security / bundle-audit" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: ruby/setup-ruby@v1 + with: + bundler-cache: true + - run: bundle exec bundle-audit check --update -v diff --git a/Gemfile b/Gemfile index 736c753..cb9e29e 100644 --- a/Gemfile +++ b/Gemfile @@ -28,4 +28,6 @@ group :development do gem "rubocop-rails", ">= 2.22.0", require: false gem "web-console" gem "foreman", "~> 0.88.1" + gem "erb_lint", "~> 0.5", require: false + gem "bundler-audit", require: false end diff --git a/Gemfile.lock b/Gemfile.lock index 44b01c0..77f1db3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -79,6 +79,13 @@ GEM public_suffix (>= 2.0.2, < 6.0) ast (2.4.2) base64 (0.2.0) + better_html (2.1.1) + actionview (>= 6.0) + activesupport (>= 6.0) + ast (~> 2.0) + erubi (~> 1.4) + parser (>= 2.4) + smart_properties bigdecimal (3.1.7) bindex (0.8.1) bootsnap (1.18.3) @@ -86,6 +93,9 @@ GEM brakeman (6.1.2) racc builder (3.2.4) + bundler-audit (0.9.1) + bundler (>= 1.2.0, < 3) + thor (~> 1.0) childprocess (5.0.0) concurrent-ruby (1.2.3) connection_pool (2.4.1) @@ -97,6 +107,13 @@ GEM dotenv (3.1.0) drb (2.2.1) dry-cli (1.0.0) + erb_lint (0.5.0) + activesupport + better_html (>= 2.0.1) + parser (>= 2.7.1.4) + rainbow + rubocop + smart_properties erubi (1.12.0) factory_bot (6.4.6) activesupport (>= 5.0.0) @@ -242,6 +259,7 @@ GEM rubocop (>= 1.33.0, < 2.0) rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (1.13.0) + smart_properties (1.17.0) stimulus-rails (1.3.3) railties (>= 6.0.0) stringio (3.1.0) @@ -283,8 +301,10 @@ PLATFORMS DEPENDENCIES bootsnap brakeman + bundler-audit debug dotenv (>= 3.0) + erb_lint (~> 0.5) factory_bot_rails foreman (~> 0.88.1) jbuilder diff --git a/README.md b/README.md index 9bc907e..3eda598 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# shore +# Shore This is a Rails 7.1 app. diff --git a/bin/erblint b/bin/erblint new file mode 100755 index 0000000..63d662c --- /dev/null +++ b/bin/erblint @@ -0,0 +1,27 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'erblint' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) + +bundle_binstub = File.expand_path("bundle", __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("erb_lint", "erblint")