Enhance GitHub Actions CI with multi-Ruby testing, coverage reporting, and security audit

[Copilot]

Overview

This PR enhances the GitHub Actions CI workflow to provide comprehensive testing across multiple Ruby versions, automated code coverage reporting, and dependency vulnerability scanning.

Changes

🔄 Multi-Ruby Version Testing

Extended the Ruby version matrix to test against all supported versions:

• Previous: Ruby 2.7, 3.0, 3.1
• Now: Ruby 2.7, 3.0, 3.1, 3.2, 3.3

Added fail-fast: false to ensure all versions are tested even if one fails, providing complete visibility into compatibility issues.

🖥️ Multi-OS Testing

Added macOS testing alongside Ubuntu for the latest Ruby version (3.3) to catch platform-specific issues early.

📊 Test Coverage Reporting

Integrated SimpleCov for comprehensive test coverage analysis:

• Tracks both line coverage (81.82%) and branch coverage (71.88%)
• Configured to run automatically in CI with COVERAGE=true
• Coverage reports uploaded as GitHub Actions artifacts for easy review
• Filters exclude /spec/ and /vendor/ directories from coverage metrics

Example output:

Coverage report generated for RSpec to /home/runner/work/dirfy/dirfy/coverage.
Line Coverage: 81.82% (108 / 132)
Branch Coverage: 71.88% (23 / 32)

🔒 Security Vulnerability Scanning

Added bundler-audit for automated dependency security checks:

• Runs as a separate CI job for clear visibility
• Updates vulnerability database on each run
• Scans all dependencies for known CVEs

📦 Dependencies Added

spec.add_development_dependency "simplecov", "~> 0.22"
spec.add_development_dependency "bundler-audit", "~> 0.9"

CI Workflow Structure

The enhanced workflow now includes two jobs:

1. build-and-test: Runs specs with coverage across 6 configurations (5 Ruby versions on Ubuntu + Ruby 3.3 on macOS)
2. security-audit: Checks for dependency vulnerabilities using bundler-audit

Testing

All changes have been tested locally:

• ✅ Tests pass with and without coverage enabled
• ✅ Coverage reports generate correctly
• ✅ Bundle audit runs successfully with no vulnerabilities found
• ✅ YAML workflow file is syntactically valid
• ✅ No breaking changes to existing functionality

Benefits

• Quality Assurance: Catch compatibility issues across Ruby versions early
• Visibility: Clear coverage metrics help identify untested code paths
• Security: Automated vulnerability scanning protects against known CVEs
• Reliability: Platform testing on both Ubuntu and macOS ensures broad compatibility

Notes

• RuboCop linting is intentionally not included as it depends on issue Add RuboCop linting (rake lint is documented but missing) #9
• Performance/benchmark testing is not included to keep changes minimal (can be added in future if needed)
• Coverage directory already properly excluded via existing .gitignore rules

Closes #10

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Enhance GitHub Actions CI with multi-Ruby testing and quality checks</issue_title>
<issue_description>## Enhancement

Enhance GitHub Actions CI to include multi-Ruby version testing, linting, and better coverage.

Current State

• Basic Ruby CI with single Ruby version
• Only runs RSpec tests
• No code quality checks

Proposed Improvements

1. Multi-Ruby Version Testing

Test against Ruby versions: 2.7, 3.0, 3.1, 3.2, 3.3

2. Add Code Quality Checks

• RuboCop linting (once Add RuboCop linting (rake lint is documented but missing) #9 is implemented)
• Test coverage reporting (simplecov)
• Dependency vulnerability scanning

3. Enhanced Workflow

strategy:
  matrix:
    ruby-version: ['2.7', '3.0', '3.1', '3.2', '3.3']
    os: [ubuntu-latest, macos-latest]

steps:
  - name: Run tests
    run: bundle exec rake spec
  
  - name: Run linting
    run: bundle exec rake lint
  
  - name: Check security
    run: bundle exec bundle audit

4. Performance Testing

• Basic benchmark run to catch regressions
• Memory usage checks for large trees

Benefits

• Ensure compatibility across Ruby versions
• Catch issues early in development
• Better code quality assurance
• Automated security checks

Implementation

1. Update .github/workflows/ruby.yml
2. Add matrix strategy for multiple Ruby versions
3. Add linting step (after Add RuboCop linting (rake lint is documented but missing) #9)
4. Add coverage reporting
5. Consider adding Windows testing

Dependencies

• Issue Add RuboCop linting (rake lint is documented but missing) #9 (RuboCop setup) should be completed first
• May need to add gems: simplecov, bundle-audit</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #13

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.