Merge pull request #122 from unboxed/update-github-action

Update GitHub action

.github/workflows/build.yml

@@ -9,146 +9,42 @@ on:
     branches:
       - main
 
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   bundle-audit:
-    runs-on: ubuntu-20.04
-
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_PASSWORD: postgres
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Set up Ruby and install gems
-        uses: ruby/setup-ruby@v1
-        with:
-          bundler-cache: true
-
-      - name: Setup
-        uses: ./.github/actions/setup
-
-      - name: Check bundle for known CVEs
-        run: |
-          bundle exec bundle-audit
+    uses: ./.github/workflows/linters.yml
+    with:
+      bundler-audit: true
 
   brakeman:
-    runs-on: ubuntu-20.04
-
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_PASSWORD: postgres
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Setup Ruby 3.2.2
-        uses: ruby/setup-ruby@v1
-        with:
-          bundler-cache: true
-
-      - name: Setup
-        uses: ./.github/actions/setup
-
-      - name: Analyse code for vulnerabilities
-        run: bundle exec brakeman
+    uses: ./.github/workflows/linters.yml
+    with:
+      brakeman: true
 
   rubocop:
-    runs-on: ubuntu-20.04
-
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_PASSWORD: postgres
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Setup Ruby 3.2.2
-        uses: ruby/setup-ruby@v1
-        with:
-          bundler-cache: true
-
-      - name: Setup Node
-        uses: actions/setup-node@v3
-        if: hashFiles('yarn.lock') != ''
-        with:
-          node-version-file: .node-version
-          cache: "yarn"
-
-      - name: Install packages
-        run: |
-          yarn install --frozen-lockfile
-
-      - name: Setup
-        uses: ./.github/actions/setup
-
-      - name: Analyse code for formatting
-        run: bundle exec rubocop
-
-  spec:
-    runs-on: ubuntu-20.04
-
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_PASSWORD: postgres
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Setup Ruby 3.2.2
-        uses: ruby/setup-ruby@v1
-        with:
-          bundler-cache: true
-
-      - name: Setup
-        uses: ./.github/actions/setup
-
-      - name: Build assets
-        run: bundle exec rails assets:precompile
-
-      - name: Run specs
-        env:
-          DATABASE_URL: postgres://postgres:postgres@localhost:5432/test
-          RAILS_ENV: test
-        run: |
-          bundle exec rake spec
+    uses: ./.github/workflows/linters.yml
+    with:
+      rubocop: true
+
+  language-versions:
+    uses: ./.github/workflows/linters.yml
+    with:
+      language-versions: true
+
+  specs:
+    uses: ./.github/workflows/testing.yml
+    strategy:
+      matrix:
+        specs:
+          - { group: "jobs", pattern: "*_spec.rb"}
+          - { group: "models", pattern: "*_spec.rb"}
+          - { group: "requests", pattern: "*_spec.rb"}
+          - { group: "services", pattern: "*_spec.rb"}
+          - { group: "system", pattern: "*_spec.rb"}
+      fail-fast: false
+    with:
+      name: "${{matrix.specs.group}}: ${{matrix.specs.pattern }}"
+      include: "spec/${{matrix.specs.group}}/**/${{matrix.specs.pattern}}"

.github/workflows/deploy-environment.yml

@@ -27,7 +27,7 @@ jobs:
           echo "sha=$(echo ${GITHUB_SHA} | cut -c1-7)" >>$GITHUB_OUTPUT
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1-node16
+        uses: aws-actions/configure-aws-credentials@v2
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.github/workflows/linters.yml

@@ -0,0 +1,73 @@
+---
+name: Verify
+
+on:
+  workflow_call:
+    inputs:
+      bundler-audit:
+        type: boolean
+        default: false
+      brakeman:
+        type: boolean
+        default: false
+      rubocop:
+        type: boolean
+        default: false
+      language-versions:
+        type: boolean
+        default: false
+
+jobs:
+  linters:
+    name: Linters
+    runs-on: ubuntu-latest
+    env:
+      BUNDLE_WITHOUT: development
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Set up Ruby and install gems
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+
+      - name: Check bundle for known CVEs
+        if: ${{ inputs.bundler-audit == true }}
+        run: |
+          bundle exec bundler-audit
+
+      - name: Analyse code for vulnerabilities
+        if: ${{ inputs.brakeman == true }}
+        run: |
+          bundle exec brakeman
+
+      - name: Analyse code for formatting
+        if: ${{ inputs.rubocop == true }}
+        run: |
+          ${{ inputs.run-before-linters }}
+          bundle exec rubocop
+
+      - name: Ensure language versions match
+        if: ${{ inputs.language-versions == true }}
+        run: |
+          NODE_VERSION=$(cat .node-version)
+          if ! grep -q "^ARG NODE_VERSION=$NODE_VERSION" Dockerfile; then
+            echo "Dockerfile has wrong node: $(grep '^ARG NODE_VERSION' Dockerfile)" >&2
+            exit 1
+          fi
+          if ! grep -q "^ARG NODE_VERSION=$NODE_VERSION" Dockerfile.production; then
+            echo "Dockerfile.production has wrong node: $(grep '^ARG NODE_VERSION' Dockerfile.production)" >&2
+            exit 1
+          fi
+
+          RUBY_VERSION=$(cat .ruby-version)
+          if ! grep -q "^ARG RUBY_VERSION=$RUBY_VERSION" Dockerfile; then
+            echo "Dockerfile has wrong ruby: $(grep '^ARG RUBY_VERSION' Dockerfile)" >&2
+            exit 1
+          fi
+          if ! grep -q "^ARG RUBY_VERSION=$RUBY_VERSION" Dockerfile.production; then
+            echo "Dockerfile.production has wrong ruby: $(grep '^ARG RUBY_VERSION' Dockerfile.production)" >&2
+            exit 1
+          fi

.github/workflows/testing.yml

@@ -0,0 +1,81 @@
+---
+name: Testing
+
+on:
+  workflow_call:
+    inputs:
+      exclude:
+        type: string
+        required: false
+        default: ""
+      include:
+        type: string
+        required: false
+        default: "spec/**/*_spec.rb"
+      name:
+        type: string
+        required: true
+      ruby-version:
+        type: string
+        default: "3.2.2"
+
+jobs:
+  tests:
+    name: ${{ inputs.name }}
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres
+        ports: ["5432:5432"]
+        env:
+          POSTGRES_PASSWORD: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Setup Ruby ${{ inputs.ruby-version }} and install gems
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ inputs.ruby-version }}
+          bundler-cache: true
+
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        if: hashFiles('yarn.lock') != ''
+        with:
+          node-version-file: .node-version
+          cache: "yarn"
+
+      - name: Install packages
+        run: |
+          yarn install --frozen-lockfile
+
+      - name: Install postgres client
+        shell: bash
+        run: |
+          sudo apt-get -yqq install libpq-dev
+
+      - name: Setup test database
+        env:
+          DATABASE_URL: postgres://postgres:postgres@localhost:5432/test
+          RAILS_ENV: test
+        run: |
+          bundle exec rails db:create db:schema:load
+
+      - name: Assets precompile
+        run: bundle exec rake assets:precompile --trace
+
+      - name: Run specs
+        env:
+          DATABASE_URL: postgres://postgres:postgres@localhost:5432/test
+          RAILS_ENV: test
+          SPEC_OPTS: '-f doc --exclude "${{ inputs.exclude }}" --pattern "${{ inputs.include }}"'
+        run: |
+          bundle exec rake spec

Dockerfile

@@ -1,5 +1,5 @@
 # Base image
-ARG RUBY_VERSION
+ARG RUBY_VERSION=3.2.2
 FROM ruby:$RUBY_VERSION
 
 # Sets an environment variable with the bundle directory
@@ -27,7 +27,7 @@ RUN apt-get clean autoclean && \
     /var/lib/log
 
 # Install Bundler
-ARG BUNDLER_VERSION
+ARG BUNDLER_VERSION=2.4.17
 RUN gem install bundler -v $BUNDLER_VERSION --no-doc
 
 # Update the system
@@ -42,8 +42,8 @@ COPY Gemfile Gemfile.lock ./
 RUN bundle
 
 ## Node
-ARG NODE_MAJOR
-RUN curl -fsSL https://deb.nodesource.com/setup_$NODE_MAJOR.x | bash -
+ARG NODE_VERSION=18
+RUN curl -fsSL https://deb.nodesource.com/setup_$NODE_VERSION.x | bash -
 RUN apt-get install -y nodejs
 
 ## Yarn