Merge pull request #2 from rahearn/first-feature

First feature

.github/actions/run-server/action.yml

@@ -11,6 +11,14 @@ inputs:
 runs:
   using: "composite"
   steps:
+    - name: Seed data
+      shell: bash
+      env:
+        RAILS_ENV: ${{ inputs.rails_env }}
+        DATABASE_URL: ${{ inputs.database_url }}
+        SECRET_KEY_BASE: not-actually-secret
+      run: bundle exec rails db:seed
+
     - name: "Start server in background"
       shell: bash
       env:

Gemfile

@@ -70,4 +70,5 @@ gem "sidekiq", "~> 7.2"
 
 group :test do
   gem "climate_control", "~> 1.0"
+  gem "shoulda-matchers", "~> 6.2"
 end

Gemfile.lock

@@ -281,6 +281,8 @@ GEM
       rexml
     ruby-progressbar (1.13.0)
     secure_headers (6.5.0)
+    shoulda-matchers (6.2.0)
+      activesupport (>= 5.2.0)
     sidekiq (7.2.4)
       concurrent-ruby (< 2)
       connection_pool (>= 2.3.0)
@@ -351,6 +353,7 @@ DEPENDENCIES
   rails_template_18f!
   rspec-rails (~> 6.1)
   secure_headers (~> 6.3)
+  shoulda-matchers (~> 6.2)
   sidekiq (~> 7.2)
   sprockets-rails
   standard (~> 1.36)

app/assets/stylesheets/uswds-components.scss

@@ -7,6 +7,7 @@
 @forward "usa-section";
 @forward "usa-language-selector";
 // add additional packages here as you use them
+@forward "usa-table";
 
 // or replace these all with
 // @forward "uswds";

app/controllers/pages_controller.rb

@@ -1,4 +1,5 @@
 class PagesController < ApplicationController
   def home
+    @documents = Document.all
   end
 end

app/models/document.rb

@@ -0,0 +1,14 @@
+class Document < ApplicationRecord
+  validates_presence_of :title, :url
+
+  validate :url_is_https
+
+  private
+
+  def url_is_https
+    parsed = URI(url)
+    errors.add(:url, "must begin with https") unless parsed.scheme == "https"
+  rescue ArgumentError
+    errors.add(:url, "must begin with https")
+  end
+end

app/views/pages/home.html.erb

@@ -1,2 +1,20 @@
-<h1>Pages#home</h1>
-<p>Find me in app/views/pages/home.html.erb</p>
+<h1>Published Compliance Documents</h1>
+<table class="usa-table">
+  <caption>
+    Component Definitions
+  </caption>
+  <thead>
+    <tr>
+      <th scope="col">Document title</th>
+      <th scope="col">Description</th>
+    </tr>
+  </thead>
+  <tbody>
+    <% @documents.each do |d| %>
+        <tr>
+            <th scope="row"><%= link_to d.title, d.url, class: "usa-link usa-link--external", rel: "noreferrer", target: "_blank" %></th>
+            <td><%= d.description %></td>
+        </tr>
+    <% end %>
+  </tbody>
+</table>

config/brakeman.ignore

@@ -0,0 +1,40 @@
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "Cross-Site Scripting",
+      "warning_code": 4,
+      "fingerprint": "d0e9d6fdde0767b697aa5a6acefada357aadb15e48d55ce07a17ed87db41e8a6",
+      "check_name": "LinkToHref",
+      "message": "Potentially unsafe model attribute in `link_to` href",
+      "file": "app/views/pages/home.html.erb",
+      "line": 15,
+      "link": "https://brakemanscanner.org/docs/warning_types/link_to_href",
+      "code": "link_to(Document.new.title, Document.new.url, :class => \"usa-link usa-link--external\", :rel => \"noreferrer\", :target => \"_blank\")",
+      "render_path": [
+        {
+          "type": "controller",
+          "class": "PagesController",
+          "method": "home",
+          "line": 4,
+          "file": "app/controllers/pages_controller.rb",
+          "rendered": {
+            "name": "pages/home",
+            "file": "app/views/pages/home.html.erb"
+          }
+        }
+      ],
+      "location": {
+        "type": "template",
+        "template": "pages/home"
+      },
+      "user_input": "Document.new.url",
+      "confidence": "Weak",
+      "cwe_id": [
+        79
+      ],
+      "note": "Document#url is validated to only begin with https"
+    }
+  ],
+  "updated": "2024-06-25 17:59:19 -0400",
+  "brakeman_version": "6.1.2"
+}

db/migrate/20240625213001_create_documents.rb

@@ -0,0 +1,11 @@
+class CreateDocuments < ActiveRecord::Migration[7.1]
+  def change
+    create_table :documents do |t|
+      t.string :title, null: false
+      t.text :description, null: false, default: ""
+      t.string :url, null: false
+
+      t.timestamps
+    end
+  end
+end

db/seeds.rb

@@ -7,3 +7,5 @@
 #   ["Action", "Comedy", "Drama", "Horror"].each do |genre_name|
 #     MovieGenre.find_or_create_by!(name: genre_name)
 #   end
+
+Document.find_or_create_by(title: "Cloud.gov LATO CRM", description: "OSCAL 1.1.2 Component Definition defining the CRM for a cloud.gov-hosted system persuing a GSA LATO", url: "https://raw.githubusercontent.com/GSA-TTS/docker-trestle/main/templates/component-definitions/cloud_gov/component-definition.json")

spec/models/document_spec.rb

@@ -0,0 +1,10 @@
+require "rails_helper"
+
+RSpec.describe Document, type: :model do
+  describe "validations" do
+    it { should validate_presence_of :title }
+    it { should validate_presence_of :url }
+    it { should allow_value("https://raw.githubusercontent.com/GSA-TTS/docker-trestle/main/templates/component-definitions/cloud_gov/component-definition.json").for :url }
+    it { should_not allow_value("javascript:alert('oops')").for :url }
+  end
+end

spec/rails_helper.rb

@@ -20,7 +20,7 @@
 # directory. Alternatively, in the individual `*_spec.rb` files, manually
 # require only the support files necessary.
 #
-# Rails.root.glob('spec/support/**/*.rb').sort.each { |f| require f }
+Rails.root.glob("spec/support/**/*.rb").sort.each { |f| require f }
 
 # Checks for pending migrations and applies them before tests are run.
 # If you are not using ActiveRecord, you can remove these lines.

spec/support/shoulda.rb

@@ -0,0 +1,6 @@
+Shoulda::Matchers.configure do |config|
+  config.integrate do |with|
+    with.test_framework :rspec
+    with.library :rails
+  end
+end

spec/views/pages/home.html.erb_spec.rb

@@ -1,6 +1,8 @@
 require "rails_helper"
 
 RSpec.describe "pages/home.html.erb", type: :view do
+  before { assign(:documents, Document.all) }
+
   it "displays the gov banner" do
     render template: "pages/home", layout: "layouts/application"
     expect(rendered).to match "An official website of the United States government"