[Feat#10] Add GitHub CI

.github/workflows/rubyonrails.yml

@@ -1,17 +1,12 @@
-# This workflow uses actions that are not certified by GitHub.  They are
-# provided by a third-party and are governed by separate terms of service,
-# privacy policy, and support documentation.
-#
-# This workflow will install a prebuilt Ruby version, install dependencies, and
-# run tests and linters.
 name: "Ruby on Rails CI"
 on:
   push:
     branches: [ "main" ]
   pull_request:
     branches: [ "*" ]
 jobs:
-  test:
+  rspec:
+    name: RSpec
     runs-on: ubuntu-latest
     services:
       postgres:
@@ -38,9 +33,10 @@ jobs:
         run: bin/rails db:schema:load
       # Add or replace test runners here
       - name: Run tests
-        run: bin/rake
+        run: bundle exec rspec spec
 
-  lint:
+  rubocop:
+    name: Rubocop
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code

.rubocop.yml

@@ -1,4 +1,3 @@
-# See https://docs.rubocop.org/rubocop/configuration
 
 require:
   - rubocop-rails
@@ -27,7 +26,38 @@ RSpec/NestedGroups:
   Max: 4
 
 RSpec/MultipleMemoizedHelpers:
-  Max: 7
+  Max: 8
 
 Style/Documentation:
   Enabled: false
+
+
+Metrics/CyclomaticComplexity:
+  Max: 8
+
+Naming/FileName:
+  Exclude:
+    - 'config/initializers/rswag-ui.rb'
+
+RSpec/LetSetup:
+  Exclude:
+    - 'spec/requests/tags_spec.rb'
+
+Rails/BulkChangeTable:
+  Exclude:
+    - 'db/migrate/20220909204735_add_profile_fields_to_users.rb'
+
+Style/GuardClause:
+  Exclude:
+    - 'db/migrate/20220929000432_change_collation_for_tag_names.acts_as_taggable_on_engine.rb'
+
+Style/IfUnlessModifier:
+  Exclude:
+    - 'db/migrate/20220929000433_add_missing_indexes_on_taggings.acts_as_taggable_on_engine.rb'
+
+Layout/LineLength:
+  Max: 154
+
+Rails/ApplicationRecord:
+  Exclude:
+    - 'app/models/user.rb'

Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
@@ -22,11 +24,11 @@ gem 'jwt', '~> 2.5'
 group :development, :test do
   gem 'debug', platforms: %i[mri mingw x64_mingw]
 
+  gem 'dotenv-rails', '~> 2.8.1'
   gem 'factory_bot_rails', '~> 6.2.0'
   gem 'faker', '~> 2.21.0'
   gem 'pry', '~> 0.14.1'
   gem 'rspec-rails', '~> 5.1'
-  gem 'dotenv-rails', '~> 2.8.1'
 
   gem 'rdoc'
   gem 'rswag-specs', '~> 2.5'
@@ -37,12 +39,16 @@ group :development, :test do
   gem 'shoulda-matchers', '~> 5.1'
   gem 'simplecov', '~> 0.21.2'
   gem 'super_diff', '~> 0.9.0'
+
+  gem 'brakeman', '~> 5.4.0'
+  gem 'bundler-audit', '~> 0.9.1'
+  gem 'ruby_audit', '~> 2.1.0'
 end
 
-gem 'acts-as-taggable-on', '~> 9.0'
 gem 'acts_as_follower', '~> 0.2.1'
+gem 'acts-as-taggable-on', '~> 9.0'
 
-gem "rack-cors", "~> 1.1"
+gem 'rack-cors', '~> 1.1'
 
-gem "sentry-ruby", "~> 5.7"
-gem "sentry-rails", "~> 5.7"
+gem 'sentry-rails', '~> 5.7'
+gem 'sentry-ruby', '~> 5.7'

Gemfile.lock

@@ -76,7 +76,11 @@ GEM
     bcrypt (3.1.18)
     bootsnap (1.12.0)
       msgpack (~> 1.2)
+    brakeman (5.4.0)
     builder (3.2.4)
+    bundler-audit (0.9.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
     coderay (1.1.3)
     concurrent-ruby (1.1.10)
     crass (1.0.6)
@@ -118,7 +122,7 @@ GEM
     json-schema (2.8.1)
       addressable (>= 2.4)
     jwt (2.5.0)
-    loofah (2.18.0)
+    loofah (2.19.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -143,7 +147,7 @@ GEM
       net-protocol
       timeout
     nio4r (2.5.8)
-    nokogiri (1.13.7-x86_64-linux)
+    nokogiri (1.13.10-x86_64-linux)
       racc (~> 1.4)
     optimist (3.0.1)
     orm_adapter (0.5.0)
@@ -161,7 +165,7 @@ GEM
     public_suffix (4.0.7)
     puma (5.6.4)
       nio4r (~> 2.0)
-    racc (1.6.0)
+    racc (1.6.2)
     rack (2.2.4)
     rack-cors (1.1.1)
       rack (>= 2.0.0)
@@ -184,8 +188,8 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.3)
+    rails-html-sanitizer (1.4.4)
+      loofah (~> 2.19, >= 2.19.1)
     railties (7.0.3.1)
       actionpack (= 7.0.3.1)
       activesupport (= 7.0.3.1)
@@ -252,6 +256,8 @@ GEM
     rubocop-rspec (2.12.1)
       rubocop (~> 1.31)
     ruby-progressbar (1.11.0)
+    ruby_audit (2.1.0)
+      bundler-audit (~> 0.9.0)
     sentry-rails (5.7.0)
       railties (>= 5.0)
       sentry-ruby (~> 5.7.0)
@@ -290,6 +296,8 @@ DEPENDENCIES
   acts-as-taggable-on (~> 9.0)
   acts_as_follower (~> 0.2.1)
   bootsnap
+  brakeman (~> 5.4.0)
+  bundler-audit (~> 0.9.1)
   debug
   devise (~> 4.8)
   dotenv-rails (~> 2.8.1)
@@ -311,6 +319,7 @@ DEPENDENCIES
   rubocop-performance (~> 1.14)
   rubocop-rails (~> 2.14)
   rubocop-rspec (~> 2.11)
+  ruby_audit (~> 2.1.0)
   sentry-rails (~> 5.7)
   sentry-ruby (~> 5.7)
   shoulda-matchers (~> 5.1)

Rakefile

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require_relative "config/application"
+require_relative 'config/application'
 
 Rails.application.load_tasks

app/controllers/articles_controller.rb

@@ -84,7 +84,7 @@ def user_is_article_author?
   def setup_pagination_info
     total = @articles.size
     total_pages = (total / per_page).floor
-
+    total_pages = 1 if total_pages.zero?
     @pagination_info = {
       page: page,
       perPage: per_page,

app/controllers/comments_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class CommentsController < ApplicationController
   before_action :find_article!
   before_action :authenticate_user!, only: %i[create destroy]

app/models/article.rb

@@ -23,6 +23,11 @@ class Article < ApplicationRecord
 
   acts_as_taggable_on :tags
 
+  def tag_list
+    list = super
+    list.sort
+  end
+
   private
 
   def set_slug

app/models/comment.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Comment < ApplicationRecord
   belongs_to :user
   belongs_to :article

config.ru

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 # This file is used by Rack-based servers to start the application.
 
-require_relative "config/environment"
+require_relative 'config/environment'
 
 run Rails.application
 Rails.application.load_server

config/application.rb

@@ -7,6 +7,7 @@
 require 'active_record/railtie'
 require 'action_controller/railtie'
 require 'action_view/railtie'
+require 'action_mailer/railtie'
 
 Bundler.require(*Rails.groups)
 

config/boot.rb

@@ -1,4 +1,6 @@
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+# frozen_string_literal: true
 
-require "bundler/setup" # Set up gems listed in the Gemfile.
-require "bootsnap/setup" # Speed up boot time by caching expensive operations.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
+
+require 'bundler/setup' # Set up gems listed in the Gemfile.
+require 'bootsnap/setup' # Speed up boot time by caching expensive operations.

config/environment.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 # Load the Rails application.
-require_relative "application"
+require_relative 'application'
 
 # Initialize the Rails application.
 Rails.application.initialize!

config/environments/development.rb

@@ -14,7 +14,7 @@
       'Cache-Control' => "public, max-age=#{2.days.to_i}"
     }
   else
-    #config.action_controller.perform_caching = false
+    # config.action_controller.perform_caching = false
     config.cache_store = :null_store
   end
 

config/environments/production.rb

@@ -1,4 +1,6 @@
-require "active_support/core_ext/integer/time"
+# frozen_string_literal: true
+
+require 'active_support/core_ext/integer/time'
 
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
@@ -13,15 +15,15 @@
   config.eager_load = true
 
   # Full error reports are disabled and caching is turned on.
-  config.consider_all_requests_local       = false
+  config.consider_all_requests_local = false
 
   # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"]
   # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
   # config.require_master_key = true
 
   # Disable serving static files from the `/public` folder by default since
   # Apache or NGINX already handles this.
-  config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present?
+  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
 
   # Enable serving of images, stylesheets, and JavaScripts from an asset server.
   # config.asset_host = "http://assets.example.com"
@@ -46,7 +48,7 @@
   config.log_level = :info
 
   # Prepend all log lines with the following tags.
-  config.log_tags = [ :request_id ]
+  config.log_tags = [:request_id]
 
   # Use a different cache store in production.
   # config.cache_store = :mem_cache_store
@@ -75,8 +77,8 @@
   # require "syslog/logger"
   # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name")
 
-  if ENV["RAILS_LOG_TO_STDOUT"].present?
-    logger           = ActiveSupport::Logger.new(STDOUT)
+  if ENV['RAILS_LOG_TO_STDOUT'].present?
+    logger           = ActiveSupport::Logger.new($stdout)
     logger.formatter = config.log_formatter
     config.logger    = ActiveSupport::TaggedLogging.new(logger)
   end

config/initializers/cors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Avoid CORS issues when API is called from the frontend app.
@@ -7,10 +9,10 @@
 
 Rails.application.config.middleware.insert_before 0, Rack::Cors do
   allow do
-    origins "*"
+    origins '*'
 
-    resource "*",
-      headers: :any,
-      methods: [:get, :post, :put, :patch, :delete, :options, :head]
+    resource '*',
+             headers: :any,
+             methods: %i[get post put patch delete options head]
   end
 end

config/initializers/filter_parameter_logging.rb

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Configure parameters to be filtered from the log file. Use this to limit dissemination of
 # sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
 # notations and behaviors.
-Rails.application.config.filter_parameters += [
-  :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
+Rails.application.config.filter_parameters += %i[
+  passw secret token _key crypt salt certificate otp ssn
 ]

config/initializers/inflections.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Be sure to restart your server when you modify this file.
 
 # Add new inflection rules using the following format. Inflections

config/initializers/json_param_key_transform.rb

@@ -2,7 +2,7 @@
 
 # Transform JSON request param keys from JSON-conventional camelCase to
 # Rails-conventional snake_case:
-ActionDispatch::Request.parameter_parsers[:json] = ->(raw_post) {
+ActionDispatch::Request.parameter_parsers[:json] = lambda { |raw_post|
   # Modified from action_dispatch/http/parameters.rb
   data = ActiveSupport::JSON.decode(raw_post)
   data = { _json: data } unless data.is_a?(Hash)

config/initializers/rswag-ui.rb

@@ -1,5 +1,6 @@
-Rswag::Ui.configure do |c|
+# frozen_string_literal: true
 
+Rswag::Ui.configure do |c|
   # List the Swagger endpoints that you want to be documented through the swagger-ui
   # The first parameter is the path (absolute or relative to the UI host) to the corresponding
   # endpoint and the second is a title that will be displayed in the document selector