Merge pull request #3028 from tulibraries/qa

Week of 09-22-2023

.circleci/config.yml

@@ -34,7 +34,7 @@ workflows:
 jobs:
   run_tests:
     docker:
-      - image: cimg/ruby:3.1.3-node
+      - image: cimg/ruby:3.1.4-node
         auth:
           username: $DOCKERHUB_USER
           password: $DOCKERHUB_PASSWORD

.docker/app/Dockerfile

@@ -6,30 +6,23 @@ COPY . .
 
 USER root
 
-ARG GOOGLE_OAUTH_CLIENT_ID
-ARG GOOGLE_OAUTH_SECRET
-ARG S3_ACCESS_KEY
-ARG S3_BUCKET
-ARG S3_REGION
-ARG S3_SECRET_ACCESS_KEY
-ARG RAILS_MASTER_KEY
+ARG RAILS_MASTER_KEY \
+  RAILS_ENV=production
 
 RUN apk add -U --no-cache \
       bash=5.2.15-r5 \
-      busybox=1.36.1-r0 \
-      imagemagick=7.1.1.10-r0 \
-      libc6-compat=1.2.4-r0 \
+      imagemagick=7.1.1.13-r0 \
+      libc6-compat=1.2.4-r1 \
       libxslt=1.1.38-r0 \
-      postgresql14-client=14.8-r0 \
+      postgresql14-client=14.9-r0 \
       shared-mime-info=2.2-r5 \
-      ssl_client=1.36.1-r0 \
       tzdata=2023c-r1 && \
     apk add -U --no-cache --virtual build-dependencies \
       git=2.40.1-r0 \
       build-base=0.5-r3 \
       libxslt-dev=1.1.38-r0 \
-      postgresql14-dev=14.8-r0 \
-      nodejs=18.16.0-r1 \
+      postgresql14-dev=14.9-r0 \
+      nodejs=18.17.1-r0 \
       yarn=1.22.19-r0 && \
     if [ "${RAILS_ENV}" = "production" ]; then bundle config set --local without "development test"; fi && \
     bundle install --jobs=8 && \
@@ -40,6 +33,7 @@ RUN apk add -U --no-cache \
     if [ "${RAILS_ENV}" = "production" ]; then rm -rf tmp/*; fi && \
     if [ "${RAILS_ENV}" = "production" ]; then apk del build-dependencies; fi && \
     rm -rf /var/cache/apk/ && \
+    rm -rf /usr/local/share/.cache/yarn && \
     chown nobody -R /app/tmp && \
     chown nobody -R /app/log
 

.dockerignore

@@ -1,2 +1,61 @@
-tmp/db
-*.sw[p-z]
+*/tmp*
+tags
+
+node_modules
+!/log/.keep
+!/tmp/.keep
+
+
+.git
+.gitignore
+.DS_Store
+README.md
+/Dockerfile
+/log
+
+/solr
+/sample_data
+/rspec
+/env.*
+
+## Copied from .gitignore
+# See https://help.github.com/articles/ignoring-files for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile '~/.gitignore_global'
+
+# Ignore bundler config.
+/.bundle
+
+# Ignore the default SQLite database.
+/db/*.sqlite3
+/db/*.sqlite3-journal
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore Byebug command history file.
+.byebug_history
+
+# Ignore vim swap files
+.*.sw*
+
+Vagrantfile
+ansible
+config/secrets.yml
+vendor/bundle/
+coverage
+
+config/master.key
+
+spec/examples.txt
+/public/packs-test
+/node_modules
+yarn-debug.log*
+.yarn-integrity
+yarn-error.log
+vdebug_log

.env

@@ -1,2 +1,2 @@
-DOCKER_IMAGE_VERSION=0.2.38
-BASE_IMAGE=ruby:3.1-alpine
+DOCKER_IMAGE_VERSION=0.3.1
+BASE_IMAGE=ruby:3.1-alpine

.gitlab-ci.yml

@@ -5,9 +5,13 @@ include:
       - "build_docker.yaml"
       - "security_scan.yaml"
       - "kubectl_commands.yaml"
+      - "sast_scanning.yaml"
 
 variables:
   IMAGE: "tulibraries/manifold"
+  HARBOR: "harbor.k8s.temple.edu"
+  HELM_EXPERIMENTAL_OCI: "1"
+  SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
 
 .export_variables: &export_variables
   - source .env
@@ -27,25 +31,20 @@ lint:
   extends: .lint_docker
   variables:
     DF: ".docker/app/Dockerfile"
+  except:
+    - tags
 
 build:
   stage: build
   extends: .build_image
-  image: harbor.k8s.temple.edu/gitlab-ci/docker:20-dind
   variables:
     DF: ".docker/app/Dockerfile --build-arg RAILS_MASTER_KEY=$RAILS_MASTER_KEY --no-cache"
-  services:
-    - name: harbor.k8s.temple.edu/gitlab-ci/docker:20-dind
-      command: ["--tls=false"]
   except:
     - tags
 
 scan:
   stage: scan
-  extends: .scanimage_high
-  allow_failure: false
-  variables:
-    THRESHOLD: 10
+  extends: .scanimage_extended
   except:
     - tags
 
@@ -56,16 +55,15 @@ tag:
     - tags
 
 qa_deploy:
-  variables: 
-    IMAGE: harbor.k8s.temple.edu/tulibraries/manifold
+  variables:
+    IMAGE: $HARBOR/$IMAGE
     RANCHER: rancher-np
-    CLUSTER: dev-library
+    CLUSTER: dev-library1
   stage: deploy
   extends: .helm_setup
   only:
-    - main
+    - qa #Change this once we remove the qa branch
   script:
     - *export_variables
-    - helm repo add tulibraries https://$HARBOR/chartrepo/tulibraries
-    - helm pull tulibraries/manifold --untar
-    - helm upgrade manifold ./manifold --history-max=5 --namespace=manifold-qa --set image.repository=$IMAGE:$VERSION
+    - helm pull oci://$HARBOR/tulibraries/manifold-charts/manifold --version "0.1.*" --untar
+    - helm upgrade manifold oci://$HARBOR/tulibraries/manifold-charts/manifold --version "0.1.*" --history-max=5 --namespace=manifold-qa --values manifold/values.yaml --set image.repository=$IMAGE:$VERSION

.rubocop.yml

@@ -133,6 +133,9 @@ Lint/RequireParentheses:
 Rails:
   Enabled: true
 
+Rails/FindEach:
+  Enabled: false
+
 Rails/OutputSafety:
   Enabled: false
 

Gemfile

@@ -2,9 +2,9 @@
 
 source "https://rubygems.org"
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
-ruby "3.1.3"
+ruby "3.1.4" unless ENV["K8"] == "yes"
 
-gem "rails", "~> 7.0.6"
+gem "rails", "~> 7.0.8"
 gem "action-draft"
 gem "active_storage_validations"
 gem "activestorage-validator"
@@ -53,7 +53,7 @@ gem "orderly"
 gem "paper_trail", git: "https://github.com/paper-trail-gem/paper_trail"
 gem "pg"
 gem "pg_search"
-gem "puma", "~> 6.3.1"
+gem "puma", "~> 6.4.0"
 gem "rswag-api"
 gem "rswag-ui"
 gem "simple_form"