diff --git a/.github/pre-commit b/.github/pre-commit index 41ee58a..be70354 100755 --- a/.github/pre-commit +++ b/.github/pre-commit @@ -14,12 +14,12 @@ rubyfiles=$(git diff --cached --name-only --diff-filter=ACM "*.rb" "Gemfile" | # Standardize all ruby files echo "๐Ÿงน Formatting staged Ruby files using standardrb ($(echo $rubyfiles | wc -w | awk '{print $1}') total)" -echo "$rubyfiles" | xargs docker-compose run --rm web bundle exec standardrb --fix +echo "$rubyfiles" | xargs docker compose run -T --rm web bundle exec standardrb --fix # Add back the modified/prettified files to staging echo "$rubyfiles" | xargs git add echo "๐Ÿ“‹ Running tests with rspec" -docker-compose run --rm web bundle exec rspec --format progress +docker compose run --rm -T web bundle exec rspec --format progress exit 0 diff --git a/.github/workflows/build-deploy-release.yaml b/.github/workflows/build-deploy-release.yaml index db2edb6..1b7c0a7 100644 --- a/.github/workflows/build-deploy-release.yaml +++ b/.github/workflows/build-deploy-release.yaml @@ -17,6 +17,20 @@ jobs: dockerfile: Dockerfile secrets: inherit + scan-image: + needs: build-production + runs-on: ubuntu-latest + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ghcr.io/mlibrary/${{ vars.IMAGE_NAME }}:${{ github.event.release.tag_name }} + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + deploy-production: needs: build-production runs-on: ubuntu-latest diff --git a/.github/workflows/build-main.yml b/.github/workflows/build-main.yml index 34d6ef2..8d762a3 100644 --- a/.github/workflows/build-main.yml +++ b/.github/workflows/build-main.yml @@ -16,6 +16,20 @@ jobs: dockerfile: Dockerfile secrets: inherit + scan-image: + needs: build-unstable + runs-on: ubuntu-latest + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ needs.build-unstable.outputs.image }} + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + deploy-testing: needs: build-unstable runs-on: ubuntu-latest diff --git a/.github/workflows/manual-deploy-unstable.yaml b/.github/workflows/manual-deploy-unstable.yaml index 18c8a65..b04b33e 100644 --- a/.github/workflows/manual-deploy-unstable.yaml +++ b/.github/workflows/manual-deploy-unstable.yaml @@ -25,6 +25,20 @@ jobs: tag: ${{ github.event.inputs.tag }} dockerfile: Dockerfile secrets: inherit + + scan-image: + needs: build-unstable + runs-on: ubuntu-latest + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ needs.build-unstable.outputs.image }} + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' deploy: needs: build-unstable diff --git a/Gemfile.lock b/Gemfile.lock index 10fce56..5f1ddf3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -3,7 +3,7 @@ GEM specs: addressable (2.8.5) public_suffix (>= 2.0.2, < 6.0) - anyway_config (2.5.3) + anyway_config (2.5.4) ruby-next-core (>= 0.14.0) ast (2.4.2) base64 (0.1.1) @@ -38,7 +38,7 @@ GEM parser (3.2.2.4) ast (~> 2.4.1) racc - prometheus-client (4.2.1) + prometheus-client (4.2.2) pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) @@ -48,7 +48,7 @@ GEM public_suffix (5.0.3) puma (6.4.0) nio4r (~> 2.0) - racc (1.7.1) + racc (1.7.3) rack (2.2.8) rack-protection (3.1.0) rack (~> 2.2, >= 2.2.4) @@ -58,7 +58,7 @@ GEM rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - regexp_parser (2.8.1) + regexp_parser (2.8.2) rexml (3.2.6) rspec (3.12.0) rspec-core (~> 3.12.0) @@ -85,7 +85,7 @@ GEM rubocop-ast (>= 1.28.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.29.0) + rubocop-ast (1.30.0) parser (>= 3.2.1.0) rubocop-performance (1.19.1) rubocop (>= 1.7.0, < 2.0) @@ -110,18 +110,18 @@ GEM rack-protection (= 3.1.0) sinatra (= 3.1.0) tilt (~> 2.0) - standard (1.31.1) + standard (1.31.2) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.0) - rubocop (~> 1.56.2) + rubocop (~> 1.56.4) standard-custom (~> 1.0.0) standard-performance (~> 1.2) standard-custom (1.0.2) lint_roller (~> 1.0) rubocop (~> 1.50) - standard-performance (1.2.0) + standard-performance (1.2.1) lint_roller (~> 1.1) - rubocop-performance (~> 1.19.0) + rubocop-performance (~> 1.19.1) tilt (2.3.0) unicode-display_width (2.5.0) webmock (3.19.1) diff --git a/README.md b/README.md index 36c1e75..8f4b98a 100644 --- a/README.md +++ b/README.md @@ -15,12 +15,12 @@ edit .env with the appropriate environment variables start containers ```bash -docker-compose up -d +docker compose up -d ``` Run the tests ``` -docker-compose run web bundle exec rspec +docker compose run web bundle exec rspec ``` In a browser go to http://localhost:4567/callnumber?query=UM1 diff --git a/docker-compose.yml b/compose.yml similarity index 94% rename from docker-compose.yml rename to compose.yml index 65862b8..c07ed1c 100644 --- a/docker-compose.yml +++ b/compose.yml @@ -1,5 +1,3 @@ -version: '3.8' - services: web: build: diff --git a/init.sh b/init.sh index 29eff30..adb0e12 100755 --- a/init.sh +++ b/init.sh @@ -16,13 +16,13 @@ else fi echo "๐Ÿšข Build docker images" -docker-compose build +docker compose build echo "๐Ÿ“ฆ Installing Gems" -docker-compose run --rm web bundle +docker compose run --rm web bundle echo "๐Ÿ“ฆ Installing Node modules" -docker-compose run --rm web npm install +docker compose run --rm web npm install echo "๐Ÿ“ฆ Building js and css" -docker-compose run --rm web npm run build +docker compose run --rm web npm run build diff --git a/package-lock.json b/package-lock.json index 3292f8e..6d6a79e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -168,9 +168,9 @@ } }, "node_modules/caniuse-lite": { - "version": "1.0.30001542", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001542.tgz", - "integrity": "sha512-UrtAXVcj1mvPBFQ4sKd38daP8dEcXXr5sQe6QNNinaPd0iA/cxg9/l3VrSdL73jgw5sKyuQ6jNgiKO12W3SsVA==", + "version": "1.0.30001561", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001561.tgz", + "integrity": "sha512-NTt0DNoKe958Q0BE0j0c1V9jbUzhBxHIEJy7asmGrpE0yG63KTV7PLHPnK2E1O9RsQrQ081I3NLuXGS6zht3cw==", "dev": true, "funding": [ { @@ -511,9 +511,9 @@ } }, "node_modules/electron-to-chromium": { - "version": "1.4.537", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.537.tgz", - "integrity": "sha512-W1+g9qs9hviII0HAwOdehGYkr+zt7KKdmCcJcjH0mYg6oL8+ioT3Skjmt7BLoAQqXhjf40AXd+HlR4oAWMlXjA==", + "version": "1.4.576", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.576.tgz", + "integrity": "sha512-yXsZyXJfAqzWk1WKryr0Wl0MN2D47xodPvEEwlVePBnhU5E7raevLQR+E6b9JAD3GfL/7MbAL9ZtWQQPcLx7wA==", "dev": true }, "node_modules/emoji-regex": { @@ -544,9 +544,9 @@ } }, "node_modules/fast-glob": { - "version": "3.3.1", - "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.1.tgz", - "integrity": "sha512-kNFPyjhh5cKjrUltxs+wFx+ZkbRaxxmZ+X0ZU31SOsxCEtP9VPgtq2teZw1DebupL5GmDaNQ6yKMMVcM41iqDg==", + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==", "dev": true, "dependencies": { "@nodelib/fs.stat": "^2.0.2", @@ -609,10 +609,13 @@ } }, "node_modules/function-bind": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", - "dev": true + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "dev": true, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, "node_modules/get-caller-file": { "version": "2.0.5", @@ -684,16 +687,16 @@ "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", "dev": true }, - "node_modules/has": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", - "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "node_modules/hasown": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.0.tgz", + "integrity": "sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==", "dev": true, "dependencies": { - "function-bind": "^1.1.1" + "function-bind": "^1.1.2" }, "engines": { - "node": ">= 0.4.0" + "node": ">= 0.4" } }, "node_modules/ignore": { @@ -718,12 +721,12 @@ } }, "node_modules/is-core-module": { - "version": "2.13.0", - "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.0.tgz", - "integrity": "sha512-Z7dk6Qo8pOCp3l4tsX2C5ZVas4V+UxwQodwZhLopL91TX8UyyHEXafPcyoeeWuLrwzHcr3igO78wNLwHJHsMCQ==", + "version": "2.13.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "integrity": "sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==", "dev": true, "dependencies": { - "has": "^1.0.3" + "hasown": "^2.0.0" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -830,9 +833,9 @@ } }, "node_modules/nanoid": { - "version": "3.3.6", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz", - "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==", + "version": "3.3.7", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", "dev": true, "funding": [ { @@ -1525,9 +1528,9 @@ } }, "node_modules/resolve": { - "version": "1.22.6", - "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.6.tgz", - "integrity": "sha512-njhxM7mV12JfufShqGy3Rz8j11RPdLy4xi15UurGJeoHLfJpVXKdh3ueuOqbYUcDZnffr6X739JBo5LzyahEsw==", + "version": "1.22.8", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "integrity": "sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==", "dev": true, "dependencies": { "is-core-module": "^2.13.0", @@ -1692,9 +1695,9 @@ } }, "node_modules/universalify": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", - "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==", "dev": true, "engines": { "node": ">= 10.0.0" @@ -1763,9 +1766,9 @@ } }, "node_modules/yaml": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.2.tgz", - "integrity": "sha512-N/lyzTPaJasoDmfV7YTrYCI0G/3ivm/9wdG0aHuheKowWQwGTsK0Eoiw6utmzAnI6pkJa0DUVygvp3spqqEKXg==", + "version": "2.3.4", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.4.tgz", + "integrity": "sha512-8aAvwVUSHpfEqTQ4w/KMlf3HcRdt50E5ODIQJBw1fQ5RL34xabzxtUlzTXVqc4rkZsPbvrXKWnABCD7kWSmocA==", "dev": true, "engines": { "node": ">= 14"