diff --git a/.github/workflows/continuous-delivery.yml b/.github/workflows/continuous-delivery.yml index c3fdf3010..ac9725e53 100644 --- a/.github/workflows/continuous-delivery.yml +++ b/.github/workflows/continuous-delivery.yml @@ -135,7 +135,6 @@ jobs: with: sha: ${{ needs.merge.outputs.sha }} secrets: - rails_master_key: ${{ secrets.RAILS_MASTER_KEY }} sentry_auth_token: ${{ secrets.SENTRY_AUTH_TOKEN }} deploy: diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 5415ec8c3..1a071f80f 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -76,14 +76,20 @@ jobs: name: app - name: Lint - env: - RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} run: | EXIT_STATUS=0 - ./actionlint -ignore 'SC2153:' -ignore 'property "sha" is not defined in object type {}' || \ - EXIT_STATUS=$? - docker run -e POSTGRES_USER=postgres -e POSTGRES_PASSWORD=postgres -e POSTGRES_HOST=localhost -e \ - RAILS_MASTER_KEY --network=host app bin/ci.sh lint || EXIT_STATUS=$? + ./actionlint \ + -ignore 'property "gh_app_private_key" is not defined' \ + -ignore 'SC2153:' \ + -ignore 'property "sha" is not defined in object type {}' || \ + EXIT_STATUS=$? + docker run \ + -e POSTGRES_USER=postgres \ + -e POSTGRES_PASSWORD=postgres \ + -e POSTGRES_HOST=localhost \ + --network=host \ + app bin/ci.sh lint || \ + EXIT_STATUS=$? exit $EXIT_STATUS test: @@ -123,8 +129,15 @@ jobs: RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} run: | mkdir coverage - docker run -e POSTGRES_USER=postgres -e POSTGRES_PASSWORD=postgres -e POSTGRES_HOST=localhost -e \ - RAILS_MASTER_KEY --network=host -v "$(pwd)"'/coverage:/app/coverage' app bin/ci.sh spec + docker run \ + -e RAILS_MASTER_KEY \ + -e POSTGRES_USER=postgres \ + -e POSTGRES_PASSWORD=postgres \ + -e POSTGRES_HOST=localhost \ + --network=host \ + -v "$(pwd)"'/coverage:/app/coverage' \ + app bin/ci.sh spec + - name: Upload coverage report to Codecov if: ${{ !cancelled() }} diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml index 8e1f103af..f347bb8b5 100644 --- a/.github/workflows/publish-image.yml +++ b/.github/workflows/publish-image.yml @@ -10,9 +10,6 @@ on: required: false type: string secrets: - rails_master_key: - description: The Rails master key - required: true sentry_auth_token: description: The Sentry integration's token required: true @@ -73,8 +70,6 @@ jobs: push: true context: . build-args: ${{ needs.metadata.outputs.build_args }} - secrets: | - rails_master_key=${{ secrets.RAILS_MASTER_KEY }} cache-from: type=gha,scope=main cache-to: type=gha,scope=main tags: | diff --git a/.rubocop.yml b/.rubocop.yml index 1a742be2e..9644b14d7 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -4,7 +4,7 @@ require: - rubocop-performance AllCops: - TargetRailsVersion: 7.0 + TargetRailsVersion: 7.1 TargetRubyVersion: 3.2 Exclude: - 'bin/**/*' diff --git a/Dockerfile b/Dockerfile index c43ecb67e..3b4a79010 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,6 @@ ARG BUILD_HASH='unknown' ENV BUILD_HASH=$BUILD_HASH ARG RAILS_ENV='production' ARG NODE_ENV='production' -ARG RAILS_MASTER_KEY # Pre-install gems, so that they can be cached. COPY Gemfile* /app/ @@ -43,10 +42,8 @@ RUN yarn install --immutable COPY . /app/ # Precompile assets after copying app because whole Rails pipeline is needed. -RUN --mount=type=secret,id=rails_master_key \ - if [ "$RAILS_ENV" = 'production' ] || [ "$RAILS_ENV" = 'staging' ] || [ "$RAILS_ENV" = 'luxproduction' ]; then \ - # Use secret if RAILS_MASTER_KEY build arg is not set. - RAILS_MASTER_KEY="${RAILS_MASTER_KEY:-$(cat /run/secrets/rails_master_key)}" bundle exec rails assets:precompile; \ +RUN if [ "$RAILS_ENV" = 'production' ] || [ "$RAILS_ENV" = 'staging' ] || [ "$RAILS_ENV" = 'luxproduction' ]; then \ + SECRET_KEY_BASE_DUMMY=1 bundle exec rails assets:precompile; \ else \ echo "Skipping assets:precompile"; \ fi diff --git a/Gemfile b/Gemfile index 50272367b..41107bb89 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,6 @@ gem 'http', '~> 5.2.0' gem 'jbuilder', '~> 2.13.0' gem 'jquery-rails', '~> 4.6.0' gem 'kaminari', '~> 1.2.2' -gem 'mini_racer', '~> 0.16.0' gem 'mollie-api-ruby', '~> 4.15.0' gem 'net-imap', require: false gem 'net-pop', require: false @@ -26,7 +25,7 @@ gem 'pg', '~> 1.5.9' gem 'puma', '~> 6.5.0' gem 'pundit', '~> 2.4.0' gem 'rack-attack', '~> 6.7.0' -gem 'rails', '~> 7.0.4', '>= 7.0.4.3' +gem 'rails', '~> 7.1.0' gem 'rails-i18n', '~> 7.0.10' gem 'redis-rails', '~> 5.0.2' gem 'rest-client', '~> 2.1.0' diff --git a/Gemfile.lock b/Gemfile.lock index 0574909c0..b2671b368 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,70 +1,82 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.0.8.7) - actionpack (= 7.0.8.7) - activesupport (= 7.0.8.7) + actioncable (7.1.5.1) + actionpack (= 7.1.5.1) + activesupport (= 7.1.5.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.8.7) - actionpack (= 7.0.8.7) - activejob (= 7.0.8.7) - activerecord (= 7.0.8.7) - activestorage (= 7.0.8.7) - activesupport (= 7.0.8.7) + zeitwerk (~> 2.6) + actionmailbox (7.1.5.1) + actionpack (= 7.1.5.1) + activejob (= 7.1.5.1) + activerecord (= 7.1.5.1) + activestorage (= 7.1.5.1) + activesupport (= 7.1.5.1) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.8.7) - actionpack (= 7.0.8.7) - actionview (= 7.0.8.7) - activejob (= 7.0.8.7) - activesupport (= 7.0.8.7) + actionmailer (7.1.5.1) + actionpack (= 7.1.5.1) + actionview (= 7.1.5.1) + activejob (= 7.1.5.1) + activesupport (= 7.1.5.1) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp - rails-dom-testing (~> 2.0) - actionpack (7.0.8.7) - actionview (= 7.0.8.7) - activesupport (= 7.0.8.7) - rack (~> 2.0, >= 2.2.4) + rails-dom-testing (~> 2.2) + actionpack (7.1.5.1) + actionview (= 7.1.5.1) + activesupport (= 7.1.5.1) + nokogiri (>= 1.8.5) + racc + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.8.7) - actionpack (= 7.0.8.7) - activerecord (= 7.0.8.7) - activestorage (= 7.0.8.7) - activesupport (= 7.0.8.7) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actiontext (7.1.5.1) + actionpack (= 7.1.5.1) + activerecord (= 7.1.5.1) + activestorage (= 7.1.5.1) + activesupport (= 7.1.5.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.8.7) - activesupport (= 7.0.8.7) + actionview (7.1.5.1) + activesupport (= 7.1.5.1) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.8.7) - activesupport (= 7.0.8.7) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (7.1.5.1) + activesupport (= 7.1.5.1) globalid (>= 0.3.6) - activemodel (7.0.8.7) - activesupport (= 7.0.8.7) - activerecord (7.0.8.7) - activemodel (= 7.0.8.7) - activesupport (= 7.0.8.7) - activestorage (7.0.8.7) - actionpack (= 7.0.8.7) - activejob (= 7.0.8.7) - activerecord (= 7.0.8.7) - activesupport (= 7.0.8.7) + activemodel (7.1.5.1) + activesupport (= 7.1.5.1) + activerecord (7.1.5.1) + activemodel (= 7.1.5.1) + activesupport (= 7.1.5.1) + timeout (>= 0.4.0) + activestorage (7.1.5.1) + actionpack (= 7.1.5.1) + activejob (= 7.1.5.1) + activerecord (= 7.1.5.1) + activesupport (= 7.1.5.1) marcel (~> 1.0) - mini_mime (>= 1.1.0) - activesupport (7.0.8.7) + activesupport (7.1.5.1) + base64 + benchmark (>= 0.3) + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) + mutex_m + securerandom (>= 0.3) tzinfo (~> 2.0) addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) @@ -74,6 +86,7 @@ GEM awesome_print (1.9.2) base64 (0.2.0) bcrypt (3.1.20) + benchmark (0.4.0) better_errors (2.9.1) coderay (>= 1.0.0) erubi (>= 1.0.0) @@ -123,6 +136,8 @@ GEM dotenv-rails (3.1.7) dotenv (= 3.1.7) railties (>= 6.1) + drb (2.1.1) + ruby2_keywords em-websocket (0.5.3) eventmachine (>= 0.12.9) http_parser.rb (~> 0) @@ -188,6 +203,10 @@ GEM http_parser.rb (0.8.0) i18n (1.14.6) concurrent-ruby (~> 1.0) + io-console (0.8.0) + irb (1.14.3) + rdoc (>= 4.0.0) + reline (>= 0.4.2) jbuilder (2.13.0) actionview (>= 5.0.0) activesupport (>= 5.0.0) @@ -209,8 +228,6 @@ GEM activerecord kaminari-core (= 1.2.2) kaminari-core (1.2.2) - libv8-node (18.19.0.0) - libv8-node (18.19.0.0-x86_64-linux) listen (3.7.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) @@ -236,8 +253,6 @@ GEM rake mini_mime (1.1.5) mini_portile2 (2.8.8) - mini_racer (0.16.0) - libv8-node (~> 18.19.0.0) minitest (5.25.4) mollie-api-ruby (4.15.0) bigdecimal (~> 3.1, >= 3.1.8) @@ -245,7 +260,10 @@ GEM msgpack (1.5.2) multi_json (1.15.0) multi_xml (0.6.0) + mutex_m (0.1.2) nenv (0.3.0) + date + net-protocol net-imap (0.5.5) date net-protocol @@ -304,6 +322,9 @@ GEM pry (>= 0.13, < 0.15) pry-rails (0.3.9) pry (>= 0.10.4) + psych (5.2.2) + date + stringio public_suffix (4.0.7) puma (6.5.0) nio4r (~> 2.0) @@ -318,22 +339,27 @@ GEM rack rack-proxy (0.7.2) rack + rack-session (1.0.2) + rack (< 3) rack-test (2.2.0) rack (>= 1.3) - rails (7.0.8.7) - actioncable (= 7.0.8.7) - actionmailbox (= 7.0.8.7) - actionmailer (= 7.0.8.7) - actionpack (= 7.0.8.7) - actiontext (= 7.0.8.7) - actionview (= 7.0.8.7) - activejob (= 7.0.8.7) - activemodel (= 7.0.8.7) - activerecord (= 7.0.8.7) - activestorage (= 7.0.8.7) - activesupport (= 7.0.8.7) + rackup (1.0.1) + rack (< 3) + webrick + rails (7.1.5.1) + actioncable (= 7.1.5.1) + actionmailbox (= 7.1.5.1) + actionmailer (= 7.1.5.1) + actionpack (= 7.1.5.1) + actiontext (= 7.1.5.1) + actionview (= 7.1.5.1) + activejob (= 7.1.5.1) + activemodel (= 7.1.5.1) + activerecord (= 7.1.5.1) + activestorage (= 7.1.5.1) + activesupport (= 7.1.5.1) bundler (>= 1.15.0) - railties (= 7.0.8.7) + railties (= 7.1.5.1) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -348,19 +374,22 @@ GEM rails-i18n (7.0.10) i18n (>= 0.7, < 2) railties (>= 6.0.0, < 8) - railties (7.0.8.7) - actionpack (= 7.0.8.7) - activesupport (= 7.0.8.7) - method_source + railties (7.1.5.1) + actionpack (= 7.1.5.1) + activesupport (= 7.1.5.1) + irb + rackup (>= 1.0.0) rake (>= 12.2) - thor (~> 1.0) - zeitwerk (~> 2.5) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) rainbow (3.1.1) rake (13.2.1) rb-fsevent (0.11.1) rb-inotify (0.10.1) ffi (~> 1.0) rb-readline (0.5.5) + rdoc (6.10.0) + psych (>= 4.0.0) redis (4.8.1) redis-actionpack (5.3.0) actionpack (>= 5, < 8) @@ -381,6 +410,8 @@ GEM redis-store (1.9.1) redis (>= 4, < 5) regexp_parser (2.10.0) + reline (0.6.0) + io-console (~> 0.5) request_store (1.7.0) rack (>= 1.4) responders (3.0.1) @@ -446,6 +477,7 @@ GEM sprockets (> 3.0) sprockets-rails tilt + securerandom (0.4.1) semantic_range (3.0.0) sentry-rails (5.22.1) railties (>= 5.0) @@ -493,6 +525,7 @@ GEM sshkit (1.21.2) net-scp (>= 1.1.2) net-ssh (>= 2.8.0) + stringio (3.1.2) terminal-notifier-guard (1.7.0) thor (1.3.2) tilt (2.1.0) @@ -526,6 +559,7 @@ GEM rack-proxy (>= 0.6.1) railties (>= 5.2) semantic_range (>= 2.3.0) + webrick (1.9.1) websocket-driver (0.7.7) base64 websocket-extensions (>= 0.1.0) @@ -565,7 +599,6 @@ DEPENDENCIES kaminari (~> 1.2.2) listen mina (~> 1.2.5) - mini_racer (~> 0.16.0) mollie-api-ruby (~> 4.15.0) net-imap net-pop @@ -581,7 +614,7 @@ DEPENDENCIES puma (~> 6.5.0) pundit (~> 2.4.0) rack-attack (~> 6.7.0) - rails (~> 7.0.4, >= 7.0.4.3) + rails (~> 7.1.0) rails-controller-testing (~> 1.0.5) rails-i18n (~> 7.0.10) rb-readline diff --git a/config/application.rb b/config/application.rb index 89fbae712..69b6ee8e4 100644 --- a/config/application.rb +++ b/config/application.rb @@ -7,7 +7,7 @@ module Sofia class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 7.0 + config.load_defaults 7.1 config.time_zone = 'Europe/Amsterdam' @@ -24,14 +24,14 @@ class Application < Rails::Application # See https://github.com/kickstarter/rack-attack#getting-started config.middleware.use Rack::Attack - config.x.amber_api_host = credentials.dig(Rails.env.to_sym, :amber_host) - config.x.amber_api_url = "#{Rails.env.development? ? 'http' : 'https'}://#{credentials.dig(Rails.env.to_sym, :amber_host)}" + config.x.amber_api_host = credentials.dig(Rails.env.to_sym, :amber_host) + config.x.amber_api_url = "#{Rails.env.development? ? 'http' : 'https'}://#{credentials.dig(Rails.env.to_sym, :amber_host)}" - config.x.amber_client_id = credentials.dig(Rails.env.to_sym, :amber_client_id) || ENV.fetch('AMBER_CLIENT_ID', nil) - config.x.amber_client_secret = credentials.dig(Rails.env.to_sym, :amber_client_secret) || ENV.fetch('AMBER_CLIENT_SECRET', nil) + config.x.amber_client_id = credentials.dig(Rails.env.to_sym, :amber_client_id) || ENV.fetch('AMBER_CLIENT_ID', nil) + config.x.amber_client_secret = credentials.dig(Rails.env.to_sym, :amber_client_secret) || ENV.fetch('AMBER_CLIENT_SECRET', nil) - config.x.amber_host = credentials.dig(Rails.env.to_sym, :amber_host) - config.x.sofia_host = credentials.dig(Rails.env.to_sym, :sofia_host) + config.x.amber_host = credentials.dig(Rails.env.to_sym, :amber_host) + config.x.sofia_host = credentials.dig(Rails.env.to_sym, :sofia_host) config.x.slack_webhook = credentials.dig(Rails.env.to_sym, :slack_webhook) || '' config.x.slack_channel = '#monitoring' diff --git a/config/environments/production.rb b/config/environments/production.rb index 6ade5d8ed..97ba0a7e3 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -19,7 +19,7 @@ # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). - config.require_master_key = true + # config.require_master_key = true # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this.