diff --git a/.github/workflows/_update_terraform.yml b/.github/workflows/_update_terraform.yml index 5a3d6d1..1d4eade 100644 --- a/.github/workflows/_update_terraform.yml +++ b/.github/workflows/_update_terraform.yml @@ -22,7 +22,7 @@ jobs: GIT_TAG: ${{ inputs.image_tag }} steps: - name: Checkout terraform config repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: # public repo with terraform configuration repository: 'datacite/mastino' @@ -51,7 +51,7 @@ jobs: git add test/services/mds/_poodle.auto.tfvars git commit -m "Adding poodle git variables for tag ${{ steps.extract_variables.outputs.GIT_TAG }}" - name: Push changes - uses: ad-m/github-push-action@v0.8.0 + uses: ad-m/github-push-action@v1 with: github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} repository: 'datacite/mastino' diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9c8fe08..f2461d8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,29 +20,29 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Cache Docker layers - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-buildx- - name: Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and Push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: . file: ./Dockerfile @@ -50,6 +50,8 @@ jobs: tags: | ${{ inputs.image_name }}:${{ inputs.image_tag }} ghcr.io/${{ inputs.image_name }}:${{ inputs.image_tag }} + build-args: | + GIT_TAG=${{ inputs.image_tag }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache # no-cache: true diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1e30694..0f99678 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,12 +19,12 @@ jobs: MDS_USERNAME: ${{ secrets.MDS_USERNAME }} MDS_PASSWORD: ${{ secrets.MDS_PASSWORD }} steps: - - uses: actions/checkout@v4 - - name: Set up Ruby 3.2.10 + - uses: actions/checkout@v6 + - name: Set up Ruby 4.0.1 uses: ruby/setup-ruby@v1 with: - ruby-version: '3.2.10' - - uses: actions/cache@v4 + ruby-version: '4.0.1' + - uses: actions/cache@v5 with: path: vendor/bundle key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} @@ -34,7 +34,7 @@ jobs: env: MYSQL_PORT: ${{ job.services.mysql.ports[3306] }} run: | - gem install bundler:2.5.6 + gem install bundler:2.5.23 bundle config path vendor/bundle bundle install --jobs 4 --retry 3 - name: (Lint and) Test diff --git a/.ruby-version b/.ruby-version index f15386a..6eb7609 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.2.10 +ruby-4.0.1 \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 198fae1..c4ee78a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ -FROM phusion/passenger-full:3.1.6 +FROM phusion/passenger-ruby40:3.1.6 LABEL maintainer="support@datacite.org" # Set correct environment variables. -ENV HOME /home/app -ENV DOCKERIZE_VERSION v0.6.0 +ENV HOME=/home/app +ENV DOCKERIZE_VERSION=v0.6.0 # Allow app user to read /etc/container_environment RUN usermod -a -G docker_env app @@ -11,9 +11,9 @@ RUN usermod -a -G docker_env app # Use baseimage-docker's init process. CMD ["/sbin/my_init"] -# Use Ruby 3.1.4 -RUN bash -lc 'rvm install ruby-3.2.10' && \ - bash -lc 'rvm --default use ruby-3.2.10' +# Use Ruby 4.0.1 +RUN bash -lc 'rvm install ruby-4.0.1' && \ + bash -lc 'rvm --default use ruby-4.0.1' # Update installed APT packages RUN apt-get update && apt-get upgrade -y -o Dpkg::Options::="--force-confold" && \ @@ -46,7 +46,7 @@ RUN mkdir -p /home/app/webapp/vendor/bundle && \ # Install Ruby gems WORKDIR /home/app/webapp RUN gem install rubygems-update -v 3.5.6 && \ - gem install bundler:2.5.6 && \ + gem install bundler:2.5.23 && \ su - app -c "bundle config set path 'vendor/bundle'" && \ su - app -c 'cd /home/app/webapp && bundle install' diff --git a/Gemfile b/Gemfile index 1406146..8cdfecb 100644 --- a/Gemfile +++ b/Gemfile @@ -2,54 +2,43 @@ source "https://rubygems.org" -gem "rails", "~> 7.1", ">= 7.1.3" -gem "dotenv" -gem "oj", ">= 2.8.3" -gem "oj_mimic_json", "~> 1.0", ">= 1.0.1" -gem "equivalent-xml", "~> 0.6.0" -gem "nokogiri", ">= 1.10.4" -gem "iso8601", "~> 0.9.0" -gem "bolognese", "~> 2.5.1" -gem "maremma", ">= 4.9.8" -gem "faraday", ">= 2.0", "< 3.0.0" -gem "base32-url", "~> 0.5" -gem "dalli", "~> 3.2", ">= 3.2.8" -gem "lograge", "~> 0.11.2" -gem "logstash-event", "~> 1.2", ">= 1.2.02" -gem "logstash-logger", "~> 0.26.1" -gem "sentry-raven", "~> 3.1", ">= 3.1.2" -gem "jwt", "~> 1.5", ">= 1.5.4" -gem "cancancan", "~> 2.0" -gem "tzinfo-data", "~> 1.2017", ">= 1.2017.3" -gem "bootsnap", ">= 1.1.0", require: false -gem "rack-cors", "~> 1.0", require: "rack/cors" -gem "rack-utf8_sanitizer", "~> 1.6" -gem "git", "~> 1.5" -gem "sprockets", "~> 3.7", ">= 3.7.2" -gem 'next_rails' -gem 'base64', '~> 0.2.0' +gem "rails", "~> 8.1", ">= 8.1.2.1" +gem "dotenv", "~> 3.2" +gem "oj", "~> 3.17" +gem "nokogiri", "~> 1.19", ">= 1.19.3" +gem "bolognese", "~> 2.7" +gem "maremma", ">= 5.0.0" +gem "base32-url", "~> 0.7.0" # TODO: remove soon, it is only used in one place +gem "dalli", "~> 5.0", ">= 5.0.2" +gem "lograge", "~> 0.14.0" +gem "logstash-logger", "~> 1.0" +gem "sentry-ruby", "~> 6.5" +gem "sentry-rails", "~> 6.5" +gem "jwt", "~> 3.2" +gem "cancancan", "~> 3.6", ">= 3.6.1" +gem "rack-cors", "~> 3.0" +gem "rack-utf8_sanitizer", "~> 1.11", ">= 1.11.1" +gem "next_rails", "~> 1.6" +gem 'base64', '~> 0.3.0' group :development, :test do - gem "better_errors" - gem "binding_of_caller" - gem "byebug", platform: :mri - gem "rubocop", "~> 0.77.0" - gem "rubocop-performance", "~> 1.5", ">= 1.5.1" - gem "rubocop-rails", "~> 2.4" + gem "binding_of_caller", "~> 2.0" + gem "byebug", "~> 13.0", platforms: [:mri, :windows] + gem "rubocop", "~> 1.86", ">= 1.86.2" + gem "rubocop-performance", "~> 1.26", ">= 1.26.1" + gem "rubocop-rails", "~> 2.35", ">= 2.35.1" end group :development do - gem "listen", "~> 3.7.1" - gem "spring" - gem "spring-watcher-listen", "~> 2.0.0" - # gem "httplog", "~> 1.0" + gem "listen", "~> 3.10" + gem "spring", "~> 4.5" + gem "spring-watcher-listen", "~> 2.1" end group :test do - gem "rspec-rails", "~> 3.5", ">= 3.5.2" - gem "capybara" - gem "webmock", "~> 1.20.0" - gem "vcr", "~> 3.0.3" - gem "codeclimate-test-reporter", "~> 1.0.0" - gem "simplecov" + gem "rspec-rails", "~> 8.0", ">= 8.0.4" + gem "capybara", "~> 3.40" + gem "webmock", "~> 3.26", ">= 3.26.2" + gem "vcr", "~> 6.4" + gem "simplecov", "~> 0.22.0" end diff --git a/Gemfile.lock b/Gemfile.lock index 481894c..8d3133c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,136 +1,128 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.2.3) - actionpack (= 7.2.3) - activesupport (= 7.2.3) + action_text-trix (2.1.19) + railties + actioncable (8.1.3) + actionpack (= 8.1.3) + activesupport (= 8.1.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.2.3) - actionpack (= 7.2.3) - activejob (= 7.2.3) - activerecord (= 7.2.3) - activestorage (= 7.2.3) - activesupport (= 7.2.3) + actionmailbox (8.1.3) + actionpack (= 8.1.3) + activejob (= 8.1.3) + activerecord (= 8.1.3) + activestorage (= 8.1.3) + activesupport (= 8.1.3) mail (>= 2.8.0) - actionmailer (7.2.3) - actionpack (= 7.2.3) - actionview (= 7.2.3) - activejob (= 7.2.3) - activesupport (= 7.2.3) + actionmailer (8.1.3) + actionpack (= 8.1.3) + actionview (= 8.1.3) + activejob (= 8.1.3) + activesupport (= 8.1.3) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.2.3) - actionview (= 7.2.3) - activesupport (= 7.2.3) - cgi + actionpack (8.1.3) + actionview (= 8.1.3) + activesupport (= 8.1.3) nokogiri (>= 1.8.5) - racc - rack (>= 2.2.4, < 3.3) + rack (>= 2.2.4) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (7.2.3) - actionpack (= 7.2.3) - activerecord (= 7.2.3) - activestorage (= 7.2.3) - activesupport (= 7.2.3) + actiontext (8.1.3) + action_text-trix (~> 2.1.15) + actionpack (= 8.1.3) + activerecord (= 8.1.3) + activestorage (= 8.1.3) + activesupport (= 8.1.3) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.2.3) - activesupport (= 7.2.3) + actionview (8.1.3) + activesupport (= 8.1.3) builder (~> 3.1) - cgi erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.2.3) - activesupport (= 7.2.3) + activejob (8.1.3) + activesupport (= 8.1.3) globalid (>= 0.3.6) - activemodel (7.2.3) - activesupport (= 7.2.3) - activerecord (7.2.3) - activemodel (= 7.2.3) - activesupport (= 7.2.3) + activemodel (8.1.3) + activesupport (= 8.1.3) + activerecord (8.1.3) + activemodel (= 8.1.3) + activesupport (= 8.1.3) timeout (>= 0.4.0) - activestorage (7.2.3) - actionpack (= 7.2.3) - activejob (= 7.2.3) - activerecord (= 7.2.3) - activesupport (= 7.2.3) + activestorage (8.1.3) + actionpack (= 8.1.3) + activejob (= 8.1.3) + activerecord (= 8.1.3) + activesupport (= 8.1.3) marcel (~> 1.0) - activesupport (7.2.3) + activesupport (8.1.3) base64 - benchmark (>= 0.3) bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) + json logger (>= 1.4.2) minitest (>= 5.1) securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) - addressable (2.7.0) - public_suffix (>= 2.0.2, < 5.0) - ast (2.4.2) + uri (>= 0.13.1) + addressable (2.9.0) + public_suffix (>= 2.0.2, < 8.0) + ast (2.4.3) base32-url (0.7.0) uuidtools (~> 2.1, >= 2.1.5) - base64 (0.2.0) + base64 (0.3.0) bcp47_spec (0.2.1) - benchmark (0.5.0) - benchmark_methods (0.7) - better_errors (2.9.1) - coderay (>= 1.0.0) - erubi (>= 1.0.0) - rack (>= 0.9.0) - bibtex-ruby (6.1.0) + bibtex-ruby (6.2.0) latex-decode (~> 0.0) + logger (~> 1.7) racc (~> 1.7) - bigdecimal (3.1.8) - binding_of_caller (1.0.0) - debug_inspector (>= 0.0.1) - bolognese (2.5.1) - activesupport (= 7.2.3) - benchmark_methods (~> 0.7) - bibtex-ruby (>= 5.1.0) - builder (~> 3.2, >= 3.2.2) - citeproc-ruby (~> 1.1, >= 1.1.12) - colorize (~> 0.8.1) - concurrent-ruby (~> 1.1, >= 1.1.5) - csl-styles (~> 1.0, >= 1.0.1.10) - edtf (~> 3.0, >= 3.0.4) - gender_detector (~> 0.1.2) - iso8601 (~> 0.9.1) - json-ld-preloaded (~> 3.1, >= 3.1.3) - jsonlint (~> 0.3.0) - loofah (~> 2.0, >= 2.0.3) - maremma (~> 5.0) - namae (~> 1.0) - nokogiri (~> 1.16, >= 1.16.2) - oj (~> 3.10) - oj_mimic_json (~> 1.0, >= 1.0.1) - postrank-uri (~> 1.0, >= 1.0.18) - rdf-rdfxml (~> 3.1) - rdf-turtle (~> 3.1) - thor (>= 0.19) - bootsnap (1.7.7) - msgpack (~> 1.0) - builder (3.2.4) - byebug (11.1.3) - cancancan (2.3.0) - capybara (3.35.3) + bigdecimal (3.3.1) + binding_of_caller (2.0.0) + debug_inspector (>= 1.2.0) + bolognese (2.7.0) + activesupport (~> 8.1, >= 8.1.2) + bibtex-ruby (~> 6.2) + builder (~> 3.3) + citeproc-ruby (~> 2.1, >= 2.1.8) + concurrent-ruby (~> 1.3, >= 1.3.6) + csl-styles (~> 2.0, >= 2.0.2) + csv (~> 3.3, >= 3.3.5) + edtf (~> 3.2) + gender_detector (~> 2.1) + iso8601 (~> 0.13.0) + json-ld-preloaded (~> 3.3, >= 3.3.2) + jsonlint (~> 0.4.0) + loofah (~> 2.25) + maremma (~> 6.0) + namae (~> 1.2) + nokogiri (~> 1.19, >= 1.19.1) + oj (~> 3.16, >= 3.16.15) + rdf-rdfxml (~> 3.3) + rdf-turtle (~> 3.3, >= 3.3.1) + thor (~> 1.5) + builder (3.3.0) + byebug (13.0.0) + reline (>= 0.6.0) + cancancan (3.6.1) + capybara (3.40.0) addressable + matrix mini_mime (>= 0.1.3) - nokogiri (~> 1.8) + nokogiri (~> 1.11) rack (>= 1.6.0) rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - cgi (0.5.1) citeproc (1.1.0) date forwardable @@ -138,30 +130,35 @@ GEM namae (~> 1.0) observer (< 1.0) open-uri (< 1.0) - citeproc-ruby (1.1.14) + citeproc-ruby (2.1.8) citeproc (~> 1.0, >= 1.0.9) - csl (~> 1.6) - codeclimate-test-reporter (1.0.9) - simplecov (<= 0.13) - coderay (1.1.3) - colorize (0.8.1) - concurrent-ruby (1.3.4) - connection_pool (2.4.1) - crack (0.4.5) + csl (~> 2.0) + observer (< 1.0) + concurrent-ruby (1.3.6) + connection_pool (3.0.2) + crack (1.0.1) + bigdecimal rexml crass (1.0.6) - csl (1.6.0) - namae (~> 1.0) - rexml - csl-styles (1.0.1.11) - csl (~> 1.0) - dalli (3.2.8) - date (3.3.4) - debug_inspector (1.1.0) - diff-lcs (1.4.4) - docile (1.1.5) - dotenv (2.7.6) - drb (2.2.1) + csl (2.2.1) + forwardable (~> 1.3) + namae (~> 1.2) + open-uri (< 1.0) + rexml (~> 3.0) + set (~> 1.1) + singleton (< 1.0) + time (< 1.0) + csl-styles (2.0.2) + csl (~> 2.0) + csv (3.3.5) + dalli (5.0.4) + logger + date (3.5.1) + debug_inspector (1.2.0) + diff-lcs (1.6.2) + docile (1.4.1) + dotenv (3.2.0) + drb (2.2.3) ebnf (2.6.0) base64 (~> 0.2) htmlentities (~> 4.3) @@ -171,46 +168,45 @@ GEM unicode-types (~> 1.8) edtf (3.2.0) activesupport (>= 3.0, < 9.0) - equivalent-xml (0.6.0) - nokogiri (>= 1.4.3) - erubi (1.13.0) - excon (0.71.1) + erb (6.0.4) + erubi (1.13.1) + excon (1.4.2) + logger faraday (2.12.0) faraday-net_http (>= 2.0, < 3.4) json logger - faraday-encoding (0.0.5) + faraday-encoding (0.0.6) faraday - faraday-excon (2.1.0) - excon (>= 0.27.4) - faraday (~> 2.0) - faraday-follow_redirects (0.3.0) + faraday-excon (2.4.0) + excon (>= 1.0.0) + faraday (>= 2.11.0, < 3) + faraday-follow_redirects (0.5.0) faraday (>= 1, < 3) - faraday-gzip (0.1.0) - faraday (>= 1.0) - zlib (~> 2.1) - faraday-multipart (1.0.4) - multipart-post (~> 2) + faraday-gzip (3.1.0) + faraday (>= 2.0, < 3) + zlib (~> 3.0) + faraday-multipart (1.2.0) + multipart-post (~> 2.0) faraday-net_http (3.3.0) net-http - ffi (1.17.0-arm64-darwin) - ffi (1.17.0-x86_64-linux-gnu) + ffi (1.17.4-arm64-darwin) + ffi (1.17.4-x86_64-linux-gnu) forwardable (1.4.0) - gender_detector (0.1.2) - unicode_utils (>= 1.3.0) - git (1.8.1) - rchardet (~> 1.8) - globalid (1.2.1) + gender_detector (2.1.0) + globalid (1.3.0) activesupport (>= 6.1) + hashdiff (1.2.1) htmlentities (4.4.2) - i18n (1.8.11) + i18n (1.14.8) concurrent-ruby (~> 1.0) - io-console (0.7.2) - irb (1.14.1) + io-console (0.8.2) + irb (1.18.0) + pp (>= 0.6.0) + prism (>= 1.3.0) rdoc (>= 4.0.0) reline (>= 0.4.2) - iso8601 (0.9.1) - jaro_winkler (1.5.6) + iso8601 (0.13.0) json (2.5.1) json-canonicalization (1.0.0) json-ld (3.3.2) @@ -224,75 +220,82 @@ GEM json-ld-preloaded (3.3.2) json-ld (~> 3.3) rdf (~> 3.3) - jsonlint (0.3.0) + jsonlint (0.4.0) oj (~> 3) optimist (~> 3) - jwt (1.5.6) + jwt (3.2.0) + base64 + language_server-protocol (3.17.0.5) latex-decode (0.4.2) link_header (0.0.8) - listen (3.7.1) + lint_roller (1.1.0) + listen (3.10.0) + logger rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - logger (1.6.1) - lograge (0.11.2) + logger (1.7.0) + lograge (0.14.0) actionpack (>= 4) activesupport (>= 4) railties (>= 4) request_store (~> 1.0) logstash-event (1.2.02) - logstash-logger (0.26.1) + logstash-logger (1.0.0) logstash-event (~> 1.2) - loofah (2.22.0) + loofah (2.25.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) - mail (2.8.1) + mail (2.9.0) + logger mini_mime (>= 0.1.1) net-imap net-pop net-smtp - marcel (1.0.4) - maremma (5.0.0) - activesupport (>= 4.2.5) - addressable (>= 2.3.6) + marcel (1.2.1) + maremma (6.0.0) + activesupport (~> 8.1, >= 8.1.2) + addressable (~> 2.8, >= 2.8.9) builder (~> 3.2, >= 3.2.2) - excon (~> 0.71.0) + excon (~> 1.3, >= 1.3.2) faraday (>= 2.0) - faraday-encoding (~> 0.0.5) - faraday-excon (~> 2.1.0) - faraday-follow_redirects (~> 0.3.0) - faraday-gzip (~> 0.1.0) - faraday-multipart (~> 1.0.4) - nokogiri (~> 1.16, >= 1.16.2) - oj (>= 2.8.3) + faraday-encoding (~> 0.0.6) + faraday-excon (~> 2.4.0) + faraday-follow_redirects (~> 0.5.0) + faraday-gzip (~> 3.1.0) + faraday-multipart (~> 1.2.0) + nokogiri (~> 1.19, >= 1.19.1) + oj (~> 3.16, >= 3.16.15) oj_mimic_json (~> 1.0, >= 1.0.1) matrix (0.4.3) - mini_mime (1.0.3) - minitest (5.14.4) - msgpack (1.4.5) - multi_json (1.19.1) + mini_mime (1.1.5) + minitest (6.0.6) + drb (~> 2.0) + prism (~> 1.5) + multi_json (1.21.1) multipart-post (2.4.1) namae (1.2.0) racc (~> 1.7) net-http (0.4.1) uri - net-imap (0.5.0) + net-imap (0.6.4) date net-protocol net-pop (0.1.2) net-protocol net-protocol (0.2.2) timeout - net-smtp (0.5.0) + net-smtp (0.5.1) net-protocol - next_rails (1.4.0) - rainbow (>= 3) - nio4r (2.7.3) - nokogiri (1.16.7-arm64-darwin) + next_rails (1.6.0) + nio4r (2.7.5) + nokogiri (1.19.3-arm64-darwin) racc (~> 1.4) - nokogiri (1.16.7-x86_64-linux) + nokogiri (1.19.3-x86_64-linux-gnu) racc (~> 1.4) observer (0.1.2) - oj (3.11.8) + oj (3.17.1) + bigdecimal (>= 3.0) + ostruct (>= 0.2) oj_mimic_json (1.0.1) open-uri (0.5.0) stringio @@ -300,66 +303,67 @@ GEM uri optimist (3.2.1) ostruct (0.6.3) - parallel (1.20.1) - parser (3.0.3.2) + parallel (2.1.0) + parser (3.3.11.1) ast (~> 2.4.1) - postrank-uri (1.0.24) - addressable (>= 2.4.0) - nokogiri (>= 1.8.0) - public_suffix (>= 2.0.0, < 2.1) - psych (5.1.2) + racc + pp (0.6.3) + prettyprint + prettyprint (0.2.0) + prism (1.9.0) + psych (5.3.1) + date stringio public_suffix (2.0.5) - racc (1.7.3) - rack (2.2.8) - rack-cors (1.1.1) - rack (>= 2.0.0) - rack-session (1.0.2) - rack (< 3) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rack-utf8_sanitizer (1.7.0) - rack (>= 1.0, < 3.0) - rackup (1.0.0) - rack (< 3) - webrick - rails (7.2.3) - actioncable (= 7.2.3) - actionmailbox (= 7.2.3) - actionmailer (= 7.2.3) - actionpack (= 7.2.3) - actiontext (= 7.2.3) - actionview (= 7.2.3) - activejob (= 7.2.3) - activemodel (= 7.2.3) - activerecord (= 7.2.3) - activestorage (= 7.2.3) - activesupport (= 7.2.3) + racc (1.8.1) + rack (3.2.6) + rack-cors (3.0.0) + logger + rack (>= 3.0.14) + rack-session (2.1.2) + base64 (>= 0.1.0) + rack (>= 3.0.0) + rack-test (2.2.0) + rack (>= 1.3) + rack-utf8_sanitizer (1.11.1) + rack (>= 1.0, < 4.0) + rackup (2.3.1) + rack (>= 3) + rails (8.1.3) + actioncable (= 8.1.3) + actionmailbox (= 8.1.3) + actionmailer (= 8.1.3) + actionpack (= 8.1.3) + actiontext (= 8.1.3) + actionview (= 8.1.3) + activejob (= 8.1.3) + activemodel (= 8.1.3) + activerecord (= 8.1.3) + activestorage (= 8.1.3) + activesupport (= 8.1.3) bundler (>= 1.15.0) - railties (= 7.2.3) - rails-dom-testing (2.2.0) + railties (= 8.1.3) + rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.6.0) - loofah (~> 2.21) - nokogiri (~> 1.14) - railties (7.2.3) - actionpack (= 7.2.3) - activesupport (= 7.2.3) - cgi + rails-html-sanitizer (1.7.0) + loofah (~> 2.25) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) + railties (8.1.3) + actionpack (= 8.1.3) + activesupport (= 8.1.3) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) tsort (>= 0.2) zeitwerk (~> 2.6) - rainbow (3.0.0) - rake (13.0.6) + rainbow (3.1.1) + rake (13.4.2) rb-fsevent (0.11.2) rb-inotify (0.11.1) ffi (~> 1.0) - rchardet (1.8.0) rdf (3.3.4) bcp47_spec (~> 0.2) bigdecimal (~> 3.1, >= 3.1.5) @@ -380,141 +384,149 @@ GEM rdf-xsd (3.3.0) rdf (~> 3.3) rexml (~> 3.2) - rdoc (6.7.0) + rdoc (7.2.0) + erb psych (>= 4.0.0) + tsort readline (0.0.4) reline - regexp_parser (2.1.1) - reline (0.5.10) + regexp_parser (2.12.0) + reline (0.6.3) io-console (~> 0.5) - request_store (1.5.1) + request_store (1.7.0) rack (>= 1.4) rexml (3.2.6) - rspec-core (3.9.3) - rspec-support (~> 3.9.3) - rspec-expectations (3.9.4) + rspec-core (3.13.6) + rspec-support (~> 3.13.0) + rspec-expectations (3.13.5) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-mocks (3.9.1) + rspec-support (~> 3.13.0) + rspec-mocks (3.13.8) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-rails (3.9.1) - actionpack (>= 3.0) - activesupport (>= 3.0) - railties (>= 3.0) - rspec-core (~> 3.9.0) - rspec-expectations (~> 3.9.0) - rspec-mocks (~> 3.9.0) - rspec-support (~> 3.9.0) - rspec-support (3.9.4) - rubocop (0.77.0) - jaro_winkler (~> 1.5.1) - parallel (~> 1.10) - parser (>= 2.6) + rspec-support (~> 3.13.0) + rspec-rails (8.0.4) + actionpack (>= 7.2) + activesupport (>= 7.2) + railties (>= 7.2) + rspec-core (>= 3.13.0, < 5.0.0) + rspec-expectations (>= 3.13.0, < 5.0.0) + rspec-mocks (>= 3.13.0, < 5.0.0) + rspec-support (>= 3.13.0, < 5.0.0) + rspec-support (3.13.7) + rubocop (1.86.2) + json (~> 2.3) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.1.0) + parallel (>= 1.10) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 2.9.3, < 3.0) + rubocop-ast (>= 1.49.0, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 1.7) - rubocop-performance (1.6.1) - rubocop (>= 0.71.0) - rubocop-rails (2.5.2) - activesupport + unicode-display_width (>= 2.4.0, < 4.0) + rubocop-ast (1.49.1) + parser (>= 3.3.7.2) + prism (~> 1.7) + rubocop-performance (1.26.1) + lint_roller (~> 1.1) + rubocop (>= 1.75.0, < 2.0) + rubocop-ast (>= 1.47.1, < 2.0) + rubocop-rails (2.35.2) + activesupport (>= 4.2.0) + lint_roller (~> 1.1) rack (>= 1.1) - rubocop (>= 0.72.0) - ruby-progressbar (1.11.0) + rubocop (>= 1.75.0, < 2.0) + rubocop-ast (>= 1.44.0, < 2.0) + ruby-progressbar (1.13.0) scanf (1.0.0) - securerandom (0.3.1) - sentry-raven (3.1.2) - faraday (>= 1.0) - simplecov (0.13.0) - docile (~> 1.1.0) - json (>= 1.8, < 3) - simplecov-html (~> 0.10.0) - simplecov-html (0.10.2) - spring (2.1.1) - spring-watcher-listen (2.0.1) + securerandom (0.4.1) + sentry-rails (6.5.0) + railties (>= 5.2.0) + sentry-ruby (~> 6.5.0) + sentry-ruby (6.5.0) + bigdecimal + concurrent-ruby (~> 1.0, >= 1.0.2) + logger + set (1.1.3) + simplecov (0.22.0) + docile (~> 1.1) + simplecov-html (~> 0.11) + simplecov_json_formatter (~> 0.1) + simplecov-html (0.13.2) + simplecov_json_formatter (0.1.4) + singleton (0.3.0) + spring (4.5.0) + spring-watcher-listen (2.1.0) listen (>= 2.7, < 4.0) - spring (>= 1.2, < 3.0) - sprockets (3.7.2) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - stringio (3.1.1) + spring (>= 4) + stringio (3.2.0) sxp (2.0.0) matrix (~> 0.4) rdf (~> 3.3) - thor (1.3.2) + thor (1.5.0) time (0.4.2) date - timeout (0.4.1) + timeout (0.6.1) tsort (0.2.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - tzinfo-data (1.2021.5) - tzinfo (>= 1.0.0) - unicode-display_width (1.6.1) + unicode-display_width (3.2.0) + unicode-emoji (~> 4.1) + unicode-emoji (4.2.0) unicode-types (1.11.0) - unicode_utils (1.4.0) uri (0.13.1) - useragent (0.16.10) + useragent (0.16.11) uuidtools (2.2.0) - vcr (3.0.3) - webmock (1.20.4) - addressable (>= 2.3.6) + vcr (6.4.0) + webmock (3.26.2) + addressable (>= 2.8.0) crack (>= 0.3.2) - webrick (1.8.2) - websocket-driver (0.7.6) + hashdiff (>= 0.4.0, < 2.0.0) + websocket-driver (0.8.0) + base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.18) - zlib (2.1.1) + zeitwerk (2.8.1) + zlib (3.2.3) PLATFORMS arm64-darwin-23 x86_64-linux DEPENDENCIES - base32-url (~> 0.5) - base64 (~> 0.2.0) - better_errors - binding_of_caller - bolognese (~> 2.5.1) - bootsnap (>= 1.1.0) - byebug - cancancan (~> 2.0) - capybara - codeclimate-test-reporter (~> 1.0.0) - dalli (~> 3.2, >= 3.2.8) - dotenv - equivalent-xml (~> 0.6.0) - faraday (>= 2.0, < 3.0.0) - git (~> 1.5) - iso8601 (~> 0.9.0) - jwt (~> 1.5, >= 1.5.4) - listen (~> 3.7.1) - lograge (~> 0.11.2) - logstash-event (~> 1.2, >= 1.2.02) - logstash-logger (~> 0.26.1) - maremma (>= 4.9.8) - next_rails - nokogiri (>= 1.10.4) - oj (>= 2.8.3) - oj_mimic_json (~> 1.0, >= 1.0.1) - rack-cors (~> 1.0) - rack-utf8_sanitizer (~> 1.6) - rails (~> 7.1, >= 7.1.3) - rspec-rails (~> 3.5, >= 3.5.2) - rubocop (~> 0.77.0) - rubocop-performance (~> 1.5, >= 1.5.1) - rubocop-rails (~> 2.4) - sentry-raven (~> 3.1, >= 3.1.2) - simplecov - spring - spring-watcher-listen (~> 2.0.0) - sprockets (~> 3.7, >= 3.7.2) - tzinfo-data (~> 1.2017, >= 1.2017.3) - vcr (~> 3.0.3) - webmock (~> 1.20.0) + base32-url (~> 0.7.0) + base64 (~> 0.3.0) + binding_of_caller (~> 2.0) + bolognese (~> 2.7) + byebug (~> 13.0) + cancancan (~> 3.6, >= 3.6.1) + capybara (~> 3.40) + dalli (~> 5.0, >= 5.0.2) + dotenv (~> 3.2) + jwt (~> 3.2) + listen (~> 3.10) + lograge (~> 0.14.0) + logstash-logger (~> 1.0) + maremma (>= 5.0.0) + next_rails (~> 1.6) + nokogiri (~> 1.19, >= 1.19.3) + oj (~> 3.17) + rack-cors (~> 3.0) + rack-utf8_sanitizer (~> 1.11, >= 1.11.1) + rails (~> 8.1, >= 8.1.2.1) + rspec-rails (~> 8.0, >= 8.0.4) + rubocop (~> 1.86, >= 1.86.2) + rubocop-performance (~> 1.26, >= 1.26.1) + rubocop-rails (~> 2.35, >= 2.35.1) + sentry-rails (~> 6.5) + sentry-ruby (~> 6.5) + simplecov (~> 0.22.0) + spring (~> 4.5) + spring-watcher-listen (~> 2.1) + vcr (~> 6.4) + webmock (~> 3.26, >= 3.26.2) BUNDLED WITH - 2.5.23 \ No newline at end of file + 2.5.23 diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 66e9403..d1c8cc4 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -6,7 +6,7 @@ class ApplicationController < ActionController::API attr_accessor :username, :password - before_action :set_raven_context + before_action :set_sentry_context after_action :set_consumer_header # check that username and password exist @@ -53,7 +53,7 @@ def route_not_found message = "Not Implemented" else # send error to sentry unless it is an identifier error - Raven.capture_exception(exception) unless exception.class.to_s == "IdentifierError" + Sentry.capture_exception(exception) unless exception.class.to_s == "IdentifierError" message = exception.message end @@ -70,14 +70,14 @@ def append_info_to_payload(payload) payload[:data] = Base64.strict_encode64(request.raw_post) if request.raw_post.present? end - def set_raven_context + def set_sentry_context if username.present? - Raven.user_context( + Sentry.set_user( id: username.downcase, ip_address: request.ip, ) else - Raven.user_context( + Sentry.set_user( ip_address: request.ip, ) end diff --git a/app/controllers/dois_controller.rb b/app/controllers/dois_controller.rb index 5365433..7bc5b6b 100644 --- a/app/controllers/dois_controller.rb +++ b/app/controllers/dois_controller.rb @@ -3,7 +3,7 @@ class DoisController < ApplicationController prepend_before_action :authenticate_user_with_basic_auth! before_action :set_doi, only: %i(show destroy) - before_action :set_raven_context, only: %i(update) + before_action :set_sentry_context, only: %i(update) def index response = DoisController.get_dois(username: username, password: password) @@ -104,9 +104,11 @@ def safe_params params.permit(:id, :doi, :url, "testMode").merge(data: request.raw_post) end - def set_raven_context + def set_sentry_context return nil if params.fetch(:data, nil).blank? - Raven.extra_context metadata: Base64.decode64(params.fetch(:data)) + Sentry.with_scope do |scope| + scope.set_extras(metadata: Base64.decode64(params.fetch(:data))) + end end end diff --git a/app/controllers/metadata_controller.rb b/app/controllers/metadata_controller.rb index d254d35..487b2d9 100644 --- a/app/controllers/metadata_controller.rb +++ b/app/controllers/metadata_controller.rb @@ -3,7 +3,7 @@ class MetadataController < ApplicationController prepend_before_action :authenticate_user_with_basic_auth! before_action :set_doi, only: [:destroy] - before_action :set_raven_context, only: [:create_metadata] + before_action :set_sentry_context, only: [:create] def index @doi = validate_doi(params[:doi_id]) @@ -93,9 +93,11 @@ def safe_params params.permit(:id, :doi_id, :number, "testMode").merge(data: request.raw_post) end - def set_raven_context + def set_sentry_context return nil if params.fetch(:data, nil).blank? - Raven.extra_context metadata: Base64.decode64(params.fetch(:data)) + Sentry.with_scope do |scope| + scope.set_extras(metadata: Base64.decode64(params.fetch(:data))) + end end end diff --git a/bin/rails b/bin/rails index 5badb2f..efc0377 100755 --- a/bin/rails +++ b/bin/rails @@ -1,9 +1,4 @@ #!/usr/bin/env ruby -begin - load File.expand_path('../spring', __FILE__) -rescue LoadError => e - raise unless e.message.include?('spring') -end -APP_PATH = File.expand_path('../config/application', __dir__) -require_relative '../config/boot' -require 'rails/commands' +APP_PATH = File.expand_path("../config/application", __dir__) +require_relative "../config/boot" +require "rails/commands" diff --git a/bin/rake b/bin/rake index d87d5f5..4fbf10b 100755 --- a/bin/rake +++ b/bin/rake @@ -1,9 +1,4 @@ #!/usr/bin/env ruby -begin - load File.expand_path('../spring', __FILE__) -rescue LoadError => e - raise unless e.message.include?('spring') -end -require_relative '../config/boot' -require 'rake' +require_relative "../config/boot" +require "rake" Rake.application.run diff --git a/bin/setup b/bin/setup index a334d86..2285724 100755 --- a/bin/setup +++ b/bin/setup @@ -1,33 +1,26 @@ #!/usr/bin/env ruby -require 'fileutils' -include FileUtils +require "fileutils" -# path to your application root. -APP_ROOT = File.expand_path('..', __dir__) +APP_ROOT = File.expand_path("..", __dir__) def system!(*args) - system(*args) || abort("\n== Command #{args} failed ==") + system(*args, exception: true) end -chdir APP_ROOT do - # This script is a starting point to setup your application. +FileUtils.chdir APP_ROOT do + # This script is a way to set up or update your development environment automatically. + # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. - puts '== Installing dependencies ==' - system! 'gem install bundler --conservative' - system('bundle check') || system!('bundle install') - - # puts "\n== Copying sample files ==" - # unless File.exist?('config/database.yml') - # cp 'config/database.yml.sample', 'config/database.yml' - # end - - puts "\n== Preparing database ==" - system! 'bin/rails db:setup' + puts "== Installing dependencies ==" + system("bundle check") || system!("bundle install") puts "\n== Removing old logs and tempfiles ==" - system! 'bin/rails log:clear tmp:clear' + system! "bin/rails log:clear tmp:clear" - puts "\n== Restarting application server ==" - system! 'bin/rails restart' + unless ARGV.include?("--skip-server") + puts "\n== Starting development server ==" + STDOUT.flush # flush the output before exec(2) so that it displays + exec "bin/dev" + end end diff --git a/config/application.rb b/config/application.rb index d9bbf6f..a9128dc 100644 --- a/config/application.rb +++ b/config/application.rb @@ -40,7 +40,7 @@ module Poodle class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 5.2 + config.load_defaults 8.1 # Settings in config/environments/* take precedence over those specified here. # Application configuration can go into files in config/initializers @@ -53,7 +53,7 @@ class Application < Rails::Application config.api_only = true # secret_key_base is not used by Rails API, as there are no sessions - config.secret_key_base = 'blipblapblup' + # config.secret_key_base = 'blipblapblup' # configure caching config.cache_store = :mem_cache_store, ENV["MEMCACHE_SERVERS"], { namespace: ENV["APPLICATION"] } diff --git a/config/boot.rb b/config/boot.rb index 4423c97..2820116 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,4 +1,3 @@ -ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) -require 'bundler/setup' # Set up gems listed in the Gemfile. -# require 'bootsnap/setup' # Speed up boot time by caching expensive operations. +require "bundler/setup" # Set up gems listed in the Gemfile. diff --git a/config/environment.rb b/config/environment.rb index 426333b..cac5315 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,5 +1,5 @@ # Load the Rails application. -require_relative 'application' +require_relative "application" # Initialize the Rails application. Rails.application.initialize! diff --git a/config/environments/development.rb b/config/environments/development.rb index 9645c0c..245d7da 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,10 +1,10 @@ +require "active_support/core_ext/integer/time" + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # In the development environment your application's code is reloaded on - # every request. This slows down response time but is perfect for development - # since you don't have to restart the web server when you make code changes. - config.cache_classes = false + # Make code changes take effect immediately without server restart. + config.enable_reloading = true # Do not eager load code on boot. config.eager_load = false @@ -12,28 +12,35 @@ # Show full error reports. config.consider_all_requests_local = true - # Enable/disable caching. By default caching is disabled. - # Run rails dev:cache to toggle caching. - if Rails.root.join('tmp', 'caching-dev.txt').exist? - config.action_controller.perform_caching = true + # Enable server timing. + config.server_timing = true - config.cache_store = :memory_store - config.public_file_server.headers = { - "Cache-Control" => "public, max-age=#{2.days.to_i}", - } + # Enable/disable Action Controller caching. By default Action Controller caching is disabled. + # Run rails dev:cache to toggle Action Controller caching. + if Rails.root.join("tmp/caching-dev.txt").exist? + config.public_file_server.headers = { "cache-control" => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false - - config.cache_store = :null_store end + # Change to :null_store to avoid any caching. + config.cache_store = :memory_store + # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log - # Raises error for missing translations - # config.action_view.raise_on_missing_translations = true + # Highlight code that triggered redirect in logs. + config.action_dispatch.verbose_redirect_logs = true + + # Raises error for missing translations. + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + config.action_view.annotate_rendered_view_with_filenames = true + + # Raise error when a before_action's only/except options reference missing actions. + config.action_controller.raise_on_missing_callback_actions = true - # Use an evented file watcher to asynchronously detect changes in source code, - # routes, locales, etc. This feature depends on the listen gem. - config.file_watcher = ActiveSupport::EventedFileUpdateChecker + # Apply autocorrection by RuboCop to files generated by `bin/rails generate`. + # config.generators.apply_rubocop_autocorrect_after_generate! end diff --git a/config/environments/production.rb b/config/environments/production.rb index 01d09b2..4300ec9 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,57 +1,58 @@ +require "active_support/core_ext/integer/time" + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. # Code is not reloaded between requests. - config.cache_classes = true + config.enable_reloading = false - # Eager load code on boot. This eager loads most of Rails and - # your application in memory, allowing both threaded web servers - # and those relying on copy on write to perform better. - # Rake tasks automatically ignore this option for performance. + # Eager load code on boot for better performance and memory savings (ignored by Rake tasks). config.eager_load = true - # Full error reports are disabled and caching is turned on. - config.consider_all_requests_local = false - config.action_controller.perform_caching = true - - # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] - # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). - # config.require_master_key = true + # Full error reports are disabled. + config.consider_all_requests_local = false - # Disable serving static files from the `/public` folder by default since - # Apache or NGINX already handles this. - config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? + # Cache assets for far-future expiry since they are all digest stamped. + config.public_file_server.headers = { "cache-control" => "public, max-age=#{1.year.to_i}" } # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = 'http://assets.example.com' + # config.asset_host = "http://assets.example.com" - # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache - # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX - - # Mount Action Cable outside main process or domain - # config.action_cable.mount_path = nil - # config.action_cable.url = 'wss://example.com/cable' - # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] + # Assume all access to the app is happening through a SSL-terminating reverse proxy. + # config.assume_ssl = true # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # config.force_ssl = true - # Use a different cache store in production. - # config.cache_store = :mem_cache_store + # Skip http-to-https redirect for the default health check endpoint. + # config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } } - # Use a real queuing backend for Active Job (and separate queues per environment) - # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "poodle2_#{Rails.env}" + # Log to STDOUT with the current request id as a default log tag. + config.log_tags = [ :request_id ] + config.logger = ActiveSupport::TaggedLogging.logger(STDOUT) - # Ignore bad email addresses and do not raise email delivery errors. - # Set this to true and configure the email server for immediate delivery to raise delivery errors. - # config.action_mailer.raise_delivery_errors = false + # Change to "debug" to log everything (including potentially personally-identifiable information!). + config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info") + + # Prevent health checks from clogging up the logs. + config.silence_healthcheck_path = "/up" + + # Don't log any deprecations. + config.active_support.report_deprecations = false + + # Replace the default in-process memory cache store with a durable alternative. + # config.cache_store = :mem_cache_store # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify + # Enable DNS rebinding protection and other `Host` header attacks. + # config.hosts = [ + # "example.com", # Allow requests from example.com + # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` + # ] + # + # Skip DNS rebinding protection for the default health check endpoint. + # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end diff --git a/config/environments/test.rb b/config/environments/test.rb index 14f8931..14bc29e 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,32 +1,29 @@ +# The test environment is used exclusively to run your application's +# test suite. You never need to work with it otherwise. Remember that +# your test database is "scratch space" for the test suite and is wiped +# and recreated between test runs. Don't rely on the data there! + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # The test environment is used exclusively to run your application's - # test suite. You never need to work with it otherwise. Remember that - # your test database is "scratch space" for the test suite and is wiped - # and recreated between test runs. Don't rely on the data there! - config.cache_classes = true - - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # While tests run files are not watched, reloading is not necessary. + config.enable_reloading = false - # don't use debug level - config.log_level = :error + # Eager loading loads your entire application. When running a single test locally, + # this is usually not necessary, and can slow down your test suite. However, it's + # recommended that you enable it in continuous integration systems to ensure eager + # loading is working properly before deploying your code. + config.eager_load = ENV["CI"].present? - # Configure public file server for tests with Cache-Control for performance. - config.public_file_server.enabled = true - config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{1.hour.to_i}" - } + # Configure public file server for tests with cache-control for performance. + config.public_file_server.headers = { "cache-control" => "public, max-age=3600" } - # Show full error reports and disable caching. - config.consider_all_requests_local = true - config.action_controller.perform_caching = false + # Show full error reports. + config.consider_all_requests_local = true + config.cache_store = :null_store - # Raise exceptions instead of rendering exception templates. - config.action_dispatch.show_exceptions = false + # Render exception templates for rescuable exceptions and raise for other exceptions. + config.action_dispatch.show_exceptions = :rescuable # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false @@ -34,6 +31,12 @@ # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # Raises error for missing translations - # config.action_view.raise_on_missing_translations = true + # Raises error for missing translations. + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true + + # Raise error when a before_action's only/except options reference missing actions. + config.action_controller.raise_on_missing_callback_actions = true end diff --git a/config/initializers/_version.rb b/config/initializers/_version.rb index e886a06..abce179 100644 --- a/config/initializers/_version.rb +++ b/config/initializers/_version.rb @@ -1,11 +1,5 @@ module Poodle class Application - g = Git.open(Rails.root) - begin - VERSION = g.tags.map { |t| Gem::Version.new(t.name) }.sort.last.to_s - rescue ArgumentError - VERSION = "1.0" - end - REVISION = g.object('HEAD').sha + VERSION = ENV.fetch("GIT_TAG", "0.1.0") end -end \ No newline at end of file +end diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb index df75996..9fbee22 100644 --- a/config/initializers/cors.rb +++ b/config/initializers/cors.rb @@ -1,7 +1,7 @@ # Be sure to restart your server when you modify this file. # Avoid CORS issues when API is called from the frontend app. -# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests. +# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin Ajax requests. # Read more: https://github.com/cyu/rack-cors @@ -9,6 +9,8 @@ allow do origins "*" - resource "*", headers: :any, methods: %i(get post put patch delete options head) + resource "*", + headers: :any, + methods: [:get, :post, :put, :patch, :delete, :options, :head] end end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4a994e1..c0b717f 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,4 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. +# Use this to limit dissemination of sensitive information. +# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. +Rails.application.config.filter_parameters += [ + :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc +] diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index ee1729d..eaa2004 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -4,12 +4,13 @@ # are locale specific, and you may define rules for as many different # locales as you wish. All of these examples are active by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.plural /^(ox)$/i, '\1en' -# inflect.singular /^(ox)en/i, '\1' -# inflect.irregular 'person', 'people' +# inflect.plural /^(ox)$/i, "\\1en" +# inflect.singular /^(ox)en/i, "\\1" +# inflect.irregular "person", "people" # inflect.uncountable %w( fish sheep ) # end +# These inflection rules are supported but not enabled by default: ActiveSupport::Inflector.inflections(:en) do |inflect| inflect.uncountable %w( status heartbeat metadata media random ) end diff --git a/config/initializers/new_framework_defaults_8_1.rb b/config/initializers/new_framework_defaults_8_1.rb new file mode 100644 index 0000000..8569b5b --- /dev/null +++ b/config/initializers/new_framework_defaults_8_1.rb @@ -0,0 +1,74 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 8.1 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `8.1`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +### +# Skips escaping HTML entities and line separators. When set to `false`, the +# JSON renderer no longer escapes these to improve performance. +# +# Example: +# class PostsController < ApplicationController +# def index +# render json: { key: "\u2028\u2029<>&" } +# end +# end +# +# Renders `{"key":"\u2028\u2029\u003c\u003e\u0026"}` with the previous default, but `{"key":"

<>&"}` with the config +# set to `false`. +# +# Applications that want to keep the escaping behavior can set the config to `true`. +#++ +# Rails.configuration.action_controller.escape_json_responses = false + +### +# Skips escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON. +# +# Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019. +# As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset. +#++ +# Rails.configuration.active_support.escape_js_separators_in_json = false + +### +# Raises an error when order dependent finder methods (e.g. `#first`, `#second`) are called without `order` values +# on the relation, and the model does not have any order columns (`implicit_order_column`, `query_constraints`, or +# `primary_key`) to fall back on. +# +# The current behavior of not raising an error has been deprecated, and this configuration option will be removed in +# Rails 8.2. +#++ +# Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true + +### +# Controls how Rails handles path relative URL redirects. +# When set to `:raise`, Rails will raise an `ActionController::Redirecting::UnsafeRedirectError` +# for relative URLs without a leading slash, which can help prevent open redirect vulnerabilities. +# +# Example: +# redirect_to "example.com" # Raises UnsafeRedirectError +# redirect_to "@attacker.com" # Raises UnsafeRedirectError +# redirect_to "/safe/path" # Works correctly +# +# Applications that want to allow these redirects can set the config to `:log` (previous default) +# to only log warnings, or `:notify` to send ActiveSupport notifications. +#++ +# Rails.configuration.action_controller.action_on_path_relative_redirect = :raise + +### +# Use a Ruby parser to track dependencies between Action View templates +#++ +# Rails.configuration.action_view.render_tracker = :ruby + +### +# When enabled, hidden inputs generated by `form_tag`, `token_tag`, `method_tag`, and the hidden parameter fields +# included in `button_to` forms will omit the `autocomplete="off"` attribute. +# +# Applications that want to keep generating the `autocomplete` attribute for those tags can set it to `false`. +#++ +# Rails.configuration.action_view.remove_hidden_field_autocomplete = true diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb index 0cf708e..5e05537 100644 --- a/config/initializers/sentry.rb +++ b/config/initializers/sentry.rb @@ -1,5 +1,6 @@ -Raven.configure do |config| +Sentry.init do |config| config.dsn = ENV["SENTRY_DSN"] config.release = "poodle:" + Poodle::Application::VERSION - config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s) + config.environment = Rails.env + config.send_default_pii = true end \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 1995c3d..3f6a73c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3' - services: web: env_file: .env diff --git a/spec/requests/metadata_spec.rb b/spec/requests/metadata_spec.rb index 23f4a9b..b061192 100644 --- a/spec/requests/metadata_spec.rb +++ b/spec/requests/metadata_spec.rb @@ -41,7 +41,7 @@ put "/metadata/#{doi_id}", data, headers expect(last_response.status).to eq(201) - expect(last_response.header["Location"]).to eq(ENV["MDS_URL"] + "/metadata/10.5072/ey2x-5w17") + expect(last_response.headers["location"]).to eq(ENV["MDS_URL"] + "/metadata/10.5072/ey2x-5w17") expect(last_response.body).to eq("OK (#{doi_id.upcase})") end @@ -94,9 +94,8 @@ it "put metadata for doi" do put "/metadata/#{doi_id}", data, headers - expect(last_response.status).to eq(201) - expect(last_response.header["Location"]).to eq(ENV["MDS_URL"] + "/metadata/10.5072/ab3v-t139") + expect(last_response.headers["location"]).to eq(ENV["MDS_URL"] + "/metadata/10.5072/ab3v-t139") expect(last_response.body).to eq("OK (#{doi_id.upcase})") end