From a7b955bef1a4591a2f2b4ee4e2d56cbbac085956 Mon Sep 17 00:00:00 2001 From: Jan Ebbing Date: Wed, 2 Oct 2024 14:02:47 +0100 Subject: [PATCH] ci: Add base GitHub CI --- .github/workflows/run_ci.yml | 126 +++++++++++++++++++++++++++++++++++ .gitleaksignore | 10 +++ README.md | 4 ++ 3 files changed, 140 insertions(+) create mode 100644 .github/workflows/run_ci.yml create mode 100644 .gitleaksignore diff --git a/.github/workflows/run_ci.yml b/.github/workflows/run_ci.yml new file mode 100644 index 0000000..cfd1f4f --- /dev/null +++ b/.github/workflows/run_ci.yml @@ -0,0 +1,126 @@ +name: Ruby CI + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: '10 0 * * *' + +env: + SECRET_DETECTION_JSON_REPORT_FILE: "gitleaks.json" + +jobs: + package: + runs-on: ubuntu-latest + strategy: + matrix: + ruby_version: ['2.7', '3.2', '3.3'] + steps: + - uses: actions/checkout@v4 + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby_version }} + bundler-cache: true + - name: Build package + run: bundle exec rake build + - name: Upload Artifacts + uses: actions/upload-artifact@v4 + with: + name: pkg-${{ matrix.ruby_version }} + path: pkg/ + + rubocop: + runs-on: ubuntu-latest + strategy: + matrix: + ruby_version: ['2.7', '3.2', '3.3'] + steps: + - uses: actions/checkout@v4 + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby_version }} + bundler-cache: true + - name: Run rubocop + run: bundle exec rubocop + + secret_detection: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Install and run secret detection + run: | + wget https://github.com/gitleaks/gitleaks/releases/download/v8.19.3/gitleaks_8.19.3_linux_x64.tar.gz + tar -xzf gitleaks_8.19.3_linux_x64.tar.gz + EXITCODE=0 + ./gitleaks detect -r ${SECRET_DETECTION_JSON_REPORT_FILE} --source . --log-opts="--all --full-history" -v || EXITCODE=$? + if [[ $EXITCODE -ne 0 ]]; then + exit $EXITCODE + fi + - name: Upload secret detection artifact + uses: actions/upload-artifact@v4 + with: + name: secret-detection-results + path: gitleaks.json + + license_check: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Run license check + run: | + ./license_checker.sh '*.rb' | tee license_check_output.txt + [ ! -s license_check_output.txt ] + + +# Test and gem publishing stage are disabled/missing for now. Code needs to be tested + +####################################################### +# test: +# runs-on: ubuntu-latest +# strategy: +# matrix: +# include: +# - ruby_version: '2.7' +# use_mock_server: '' +# - ruby_version: '3.2' +# use_mock_server: '' +# - ruby_version: '3.3' +# use_mock_server: '' +# - ruby_version: '2.7' +# use_mock_server: 'use mock server' +# - ruby_version: '3.2' +# use_mock_server: 'use mock server' +# - ruby_version: '3.3' +# use_mock_server: 'use mock server' +# steps: +# - uses: actions/checkout@v4 +# - name: Set up Ruby +# uses: ruby/setup-ruby@v1 +# with: +# ruby-version: ${{ matrix.ruby_version }} +# bundler-cache: true +# - name: Configure Mock Server +# if: matrix.use_mock_server != '' +# run: | +# echo "Using mock server" +# export DEEPL_SERVER_URL=http://deepl-mock:3000 +# export DEEPL_MOCK_SERVER_PORT=3000 +# export DEEPL_PROXY_URL=http://deepl-mock:3001 +# export DEEPL_MOCK_PROXY_SERVER_PORT=3001 +# - name: Run Tests +# run: bundle exec rake test +# - name: Run RSpec Tests +# run: bundle exec rspec --format RspecJunitFormatter --out rspec.xml +# - name: Upload Test Results +# uses: actions/upload-artifact@v4 +# with: +# name: test-results +# path: rspec.xml diff --git a/.gitleaksignore b/.gitleaksignore new file mode 100644 index 0000000..e81fba6 --- /dev/null +++ b/.gitleaksignore @@ -0,0 +1,10 @@ +0d52c9d0bd4a3ba8658082dc423b75eaef19df4b:spec/api/configuration_spec.rb:generic-api-key:60 +fc068fd7b86172928f9dd9084aca4c441f996880:spec/api/configuration_spec.rb:generic-api-key:60 +af659c126c3deaa4129f3816174c69ba542e8e61:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:45 +8cc9017bcce8fd0e56638eafdc91caff8faca8fe:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:45 +fe1ca256e85c762b1a66007cd801dc92a7e2623c:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:45 +e8b2673d7c0065d4d6b2a331145f752f159d5165:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:45 +af659c126c3deaa4129f3816174c69ba542e8e61:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:52 +e8b2673d7c0065d4d6b2a331145f752f159d5165:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:52 +8cc9017bcce8fd0e56638eafdc91caff8faca8fe:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:52 +fe1ca256e85c762b1a66007cd801dc92a7e2623c:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:52 diff --git a/README.md b/README.md index e1ae8e9..f7534b0 100644 --- a/README.md +++ b/README.md @@ -411,6 +411,10 @@ To run tests (rspec and rubocop), use bundle exec rake test ``` +### Caution: Gitleaks and VCR tests + +When contributing to the library, in the CI `gitleaks` might pick up document keys (from the document translation workflow) or example API keys as leaked secrets. To fix this you can add them to the `.gitleaksignore` file, please see the [documentation](https://github.com/gitleaks/gitleaks?tab=readme-ov-file#gitleaksignore) for more details. + ### Caution: Changing VCR Tests If you need to rerecord some of the VCR tests, simply setting `record: :new_episodes` and rerunning `rspec` won't be enough in some cases, specifically around document translation (due to its statefulness) and glossaries (since a glossary ID is associated with a specific API account).