Merge pull request #37 from GSA/7/add-brakeman-and-code-climate

[7] Add Brakeman and Code Climate
GSA · Jul 22, 2024 · 454d18c · 454d18c
2 parents 60cf793 + ed31e19
commit 454d18c
Show file tree

Hide file tree

Showing 25 changed files with 585 additions and 28 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -6,35 +6,168 @@ orbs:
 
 executors:
   test_executor:
+    parameters:
+      ruby_version:
+        type: string
+      postgres_version:
+        type: string
+
     working_directory: ~/Challenge_platform
+
     docker:
-      - image: cimg/ruby:3.2.2
+      - image: cimg/ruby:<< parameters.ruby_version >>
         environment:
           RAILS_ENV: test
+      - image: cimg/postgres:<< parameters.postgres_version >>
+        environment:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: challenge_gov_test
+
+commands:
+  prepare_database:
+    description: 'Prepare the test database'
+    steps:
+      - run: bundle exec rake db:setup
 
 jobs:
-  rspec:
-    executor:
+  checkout_code:
+    parameters:
+      ruby_version:
+        type: string
+      postgres_version:
+        type: string
+
+    executor: 
       name: test_executor
+      ruby_version: << parameters.ruby_version >>
+      postgres_version: << parameters.postgres_version >>
+
     steps:
       - checkout
-      - run: gem install bundler --version 2.4.13
-      - restore_cache:
-          keys:
-            - bundle-cache-v1-{{ checksum "Gemfile.lock" }}
-            - bundle-cache-v1-
+
       - run:
-          name: Install dependencies
-          command: bundle install --path vendor/bundle
+          name: Install Code Climate Test Reporter
+          command: |
+            curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
+            chmod +x ./cc-test-reporter
+
       - save_cache:
-          key: bundle-cache-v1-{{ checksum "Gemfile.lock" }}
+          key: repo-{{ .Environment.CIRCLE_SHA1 }}
           paths:
-            - vendor/bundle
+            - ~/Challenge_platform
+
+  rspec:
+    parameters:
+      ruby_version:
+        type: string
+      postgres_version:
+        type: string
+
+    executor: 
+      name: test_executor
+      ruby_version: << parameters.ruby_version >>
+      postgres_version: << parameters.postgres_version >>
+
+    parallelism: 1
+
+    steps:
+      - restore_cache:
+          key: repo-{{ .Environment.CIRCLE_SHA1 }}
+
+      - ruby/install-deps:
+          key: gems-ruby-<< parameters.ruby_version >>-v{{ .Environment.CACHE_VERSION }}
+
+      - prepare_database
+
       - run:
           name: Run Tests
-          command: bundle exec rspec
+          command: |
+            mkdir /tmp/test-results
+            ./cc-test-reporter before-build
+
+            # Run Rspec tests
+            bundle exec rspec --format progress \
+                              --format RspecJunitFormatter \
+                              --out /tmp/test-results/rspec.xml \
+                              --format progress \
+                              $(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)
+
+            ./cc-test-reporter format-coverage \
+              --output coverage/codeclimate.rspec.$CIRCLE_NODE_INDEX.<< parameters.ruby_version >>.json
+
+      - persist_to_workspace:
+          root: ~/Challenge_platform/coverage
+          paths:
+          - codeclimate.rspec.*.json
+
+      # collect reports
+      - store_test_results:
+          path: /tmp/test-results
+
+      - store_artifacts:
+          path: /tmp/test-results
+          destination: test-results
+
+  report_coverage:
+    parameters:
+      ruby_version:
+        type: string
+      postgres_version:
+        type: string
+
+    executor: 
+      name: test_executor
+      ruby_version: << parameters.ruby_version >>
+      postgres_version: << parameters.postgres_version >>
+
+    steps:
+      - restore_cache:
+          key: repo-{{ .Environment.CIRCLE_SHA1 }}
+
+      - attach_workspace:
+          at: ~/Challenge_platform/coverage
+
+      - run:
+          name: Report coverage to Code Climate
+          command: |
+            ./cc-test-reporter sum-coverage \
+              coverage/codeclimate.*.json \
+              --output coverage/codeclimate_full_report.json
+
+            ./cc-test-reporter upload-coverage --input coverage/codeclimate_full_report.json
 
 workflows:
+  version: 2
   build_and_test:
     jobs:
-      - rspec
+      - checkout_code:
+          name: "checkout code: Ruby << matrix.ruby_version >>"
+          matrix:
+            parameters:
+              ruby_version:
+                - 3.2.2
+              postgres_version:
+                - "16.3"
+
+      - rspec:
+          requires:
+            - checkout_code
+          name: "rspec: Ruby << matrix.ruby_version >>"
+          matrix:
+            parameters:
+              ruby_version:
+                - 3.2.2
+              postgres_version:
+                - "16.3"
+
+      - report_coverage:
+          requires:
+            - "rspec: Ruby << matrix.ruby_version >>"
+          name: "report coverage: Ruby << matrix.ruby_version >>"
+          matrix:
+            parameters:
+              ruby_version:
+                - 3.2.2
+              postgres_version:
+                - "16.3"
diff --git a/.codeclimate.yml b/.codeclimate.yml
@@ -0,0 +1,16 @@
+version: '2'
+plugins:
+  brakeman:
+    enabled: true
+  rubocop:
+    enabled: true
+    channel: rubocop-1-48-1
+exclude_patterns:
+- .nix-bundler
+- config/
+- db/
+- vendor/
+-  "**/vendor/**/*"
+- app/assets/images/
+- app/assets/stylesheets/uswds.css
+- app/assets/stylesheets/uswds_override.css
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: bundler
+    directory: "/"
+    target-branch: "production"
+    schedule:
+      interval: weekly
+    ignore:
+      - dependency-name: "rails"
+        versions: ["~> 6.0.0"]
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -0,0 +1,35 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - dev
+      - staging
+      - production
+  pull_request:
+    branches:
+      - dev
+      - staging
+      - production
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Set up Node.js
+      uses: actions/setup-node@v2
+      with:
+        node-version: '20.14.0'
+
+    - name: Install Snyk
+      run: npm install -g snyk
+
+    - name: Authenticate Snyk
+      run: snyk auth ${{ secrets.SNYK_TOKEN }}
+
+    - name: Run Snyk to check for vulnerabilities
+      run: snyk test
diff --git a/.gitignore b/.gitignore
@@ -34,3 +34,5 @@
 
 # Ignore master key for decrypting credentials and more.
 /config/master.key
+
+/coverage/
diff --git a/.rspec b/.rspec
@@ -0,0 +1 @@
+--require spec_helper
Original file line number	Diff line number	Diff line change
Expand Up		@@ -34,3 +34,5 @@

		# Ignore master key for decrypting credentials and more.
		/config/master.key

		/coverage/