add-lint-and-audits

.github/workflows/brakeman-audit.yaml

@@ -0,0 +1,18 @@
+# .github/workflows/brakeman-audit.yaml
+name: 'Brakeman Audit'
+run-name: Brakeman Audit of ${{ github.ref_name }} by @${{ github.actor }}
+on:
+  workflow_dispatch:
+    inputs:
+      debug_enabled:
+        type: boolean
+        description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
+        required: false
+        default: false
+
+jobs:
+  brakeman-audit:
+    uses: scientist-softserv/actions/.github/workflows/brakeman-audit.yaml@v0.0.14
+    with:
+      webTarget: web
+      tag: latest

.github/workflows/build-test-lint.yaml

@@ -27,10 +27,10 @@ jobs:
   #   needs: build
   #   uses: scientist-softserv/actions/.github/workflows/test.yaml@v0.0.14
   #   with:
-  #     webTarget:
+  #     webTarget: web
 
-  # lint:
-  #   needs: build
-  #   uses: scientist-softserv/actions/.github/workflows/lint.yaml@v0.0.14
-  #   with:
-  #     webTarget:
+  lint:
+    needs: build
+    uses: scientist-softserv/actions/.github/workflows/lint.yaml@v0.0.14
+    with:
+      webTarget: web

.github/workflows/bundler-audit.yaml

@@ -0,0 +1,18 @@
+# .github/workflows/bundler-audit.yaml
+name: 'Bundler Audit'
+run-name: Bundler Audit of ${{ github.ref_name }} by @${{ github.actor }}
+on:
+  workflow_dispatch:
+    inputs:
+      debug_enabled:
+        type: boolean
+        description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
+        required: false
+        default: false
+
+jobs:
+  bundler-audit:
+    uses: scientist-softserv/actions/.github/workflows/bundler-audit.yaml@v0.0.14
+    with:
+      webTarget: web
+      tag: latest

.gitignore

@@ -29,3 +29,4 @@
 # Ignore node_modules
 /node_modules
 *.~undo-tree~
+*-deploy.yaml

.rubocop.yml

@@ -0,0 +1 @@
+inherit_from: .rubocop_todo.yml

.rubocop_todo.yml

@@ -0,0 +1,59 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2023-10-24 21:54:37 UTC using RuboCop version 1.57.1.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 2
+# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
+# AllowedMethods: refine
+Metrics/BlockLength:
+  Max: 41
+
+# Offense count: 1
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+Metrics/CyclomaticComplexity:
+  Max: 9
+
+# Offense count: 4
+# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
+Metrics/MethodLength:
+  Max: 62
+
+# Offense count: 1
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+Metrics/PerceivedComplexity:
+  Max: 9
+
+# Offense count: 11
+# Configuration parameters: AllowedConstants.
+Style/Documentation:
+  Exclude:
+    - 'spec/**/*'
+    - 'test/**/*'
+    - 'app/api/api.rb'
+    - 'app/controllers/application_controller.rb'
+    - 'app/controllers/groups_controller.rb'
+    - 'app/controllers/members_controller.rb'
+    - 'app/mailers/application_mailer.rb'
+    - 'app/models/application_record.rb'
+    - 'app/models/group.rb'
+    - 'app/models/member.rb'
+    - 'config/application.rb'
+    - 'db/migrate/20230623173103_create_groups.rb'
+    - 'db/migrate/20230623180851_create_members.rb'
+
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+Style/IfUnlessModifier:
+  Exclude:
+    - 'bin/bundle'
+
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
+# URISchemes: http, https
+Layout/LineLength:
+  Max: 198

Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
@@ -6,9 +8,10 @@ ruby '3.1.3'
 # Load env variables
 gem 'dotenv-rails', '~> 2.7', require: 'dotenv/rails-now'
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 7.0.4'
+gem 'rails', '~> 7.0.7', '>= 7.0.7.1'
+
 # Use Puma as the app server
-gem 'puma', '~> 6.0.1'
+gem 'puma', '~> 6.3', '>= 6.3.1'
 # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
 # gem 'jbuilder', '~> 2.7'
 # Use Redis adapter to run Action Cable in production
@@ -26,11 +29,11 @@ gem 'activerecord', '~> 7.0.4', require: 'active_record'
 gem 'otr-activerecord'
 gem 'pg'
 
-gem 'slack-ruby-bot-server-events'
 gem 'pagy_cursor'
+gem 'slack-ruby-bot-server-events'
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
-  gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
+  gem 'byebug', platforms: %i[mri mingw x64_mingw]
 end
 
 group :development do
@@ -42,3 +45,11 @@ end
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 # gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
+
+# globalid: Upgrade Version: 1.0.1, Vulnerabilities: ReDoS based DoS vulnerability in GlobalID
+gem 'globalid', '>= 1.0.1'
+
+# nokogiri: Upgrade Version: 1.14.3, Vulnerabilities: Multiple CVEs addressed by updating packaged libxml2 to v2.10.4
+gem 'nokogiri', '>= 1.14.3'
+
+gem 'rubocop', require: false