Skip to content

Bump lockbox from 2.0.0 to 2.0.1 #79368

Bump lockbox from 2.0.0 to 2.0.1

Bump lockbox from 2.0.0 to 2.0.1 #79368

Workflow file for this run

name: Code Checks
on:
push:
branches: [master]
pull_request:
types: [opened, reopened, synchronize]
permissions:
contents: read
checks: write
jobs:
compare_sha:
runs-on: ubuntu-latest
name: Compare sha
steps:
- name: Compare commit ids
run: |
echo "github.sha: ${{ github.sha }}"
echo "github.event.push.head_commit.id: ${{ github.event.push.head_commit.id }}"
echo "github.event.pull_request.merge_commit_sha: ${{ github.event.pull_request.merge_commit_sha }}"
echo "github.event.head_commit.id: ${{ github.event.head_commit.id }}"
linting_and_security:
name: Linting and Security
env:
BUNDLE_ENTERPRISE__CONTRIBSYS__COM: ${{ secrets.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
permissions: write-all
runs-on: ubuntu-32-cores-latest
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- name: Run bundle-audit (checks gems for CVE issues)
run: bundle exec bundle-audit check --update --ignore CVE-2024-27456
- name: Run Rubocop
run: bundle exec rubocop --parallel --format github
- name: Run Brakeman
run: bundle exec brakeman --ensure-latest --confidence-level=2 --format github
- name: Add Lint Failure label
if: failure() && github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'lint-failure')
uses: actions-ecosystem/action-add-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: lint-failure
- name: Remove Lint Failure label
if: success() && github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'lint-failure')
uses: actions-ecosystem/action-remove-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: lint-failure
tests:
name: Test
env:
BUNDLE_ENTERPRISE__CONTRIBSYS__COM: ${{ secrets.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
CI: true
RAILS_ENV: test
TERM: xterm-256color
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
permissions: write-all
runs-on: ubuntu-32-cores-latest
outputs:
status: ${{ steps.test-status.outputs.status }}
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Configure AWS credentials
uses: aws-actions/[email protected]
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
- name: Login to Amazon ECR
id: ecr-login
uses: aws-actions/[email protected]
with:
mask-password: true
- name: Setup Environment
run: |
echo "VETS_API_USER_ID=$(id -u)" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker Image
uses: docker/build-push-action@v6
env:
DOCKER_BUILD_SUMMARY: false
with:
build-args: |
BUNDLE_ENTERPRISE__CONTRIBSYS__COM=${{ env.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
USER_ID=${{ env.VETS_API_USER_ID }}
context: .
push: false
load: true
tags: vets-api
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Setup Database
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
timeout_minutes: 10
retry_wait_seconds: 3 # Seconds
max_attempts: 3
command: |
docker compose -f docker-compose.test.yml run web bash \
-c "CI=true RAILS_ENV=test DISABLE_BOOTSNAP=true bundle exec parallel_test -n 24 -e 'bin/rails db:reset'"
- name: Run Specs
timeout-minutes: 15
run: |
docker compose -f docker-compose.test.yml run web bash \
-c "CI=true DISABLE_BOOTSNAP=true bundle exec parallel_rspec spec/ modules/ -n 24 -o '--color --tty'"
- name: Set Test Status
id: test-status
if: always()
run: |
if [ "${{ job.status }}" = "success" ]; then
echo "status=success" >> $GITHUB_OUTPUT
else
echo "status=failure" >> $GITHUB_OUTPUT
fi
- name: Upload Coverage Report
uses: actions/upload-artifact@v4
if: always()
with:
name: Coverage Report
path: coverage
include-hidden-files: true
- name: Upload Test Results
uses: actions/upload-artifact@v4
if: always()
with:
name: Test Results
path: log/*.xml
if-no-files-found: ignore
update_labels:
name: Update Test Status Labels
needs: tests
if: always() && github.event_name == 'pull_request'
runs-on: ubuntu-latest
permissions: write-all
steps:
- name: Remove Test Failure label
if: needs.tests.outputs.status == 'success' && contains(github.event.pull_request.labels.*.name, 'test-failure')
uses: actions-ecosystem/action-remove-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: test-failure
- name: Add Test Failure label
if: needs.tests.outputs.status == 'failure'
uses: actions-ecosystem/action-add-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: test-failure
- name: Remove Test Passing label
if: needs.tests.outputs.status == 'failure' && contains(github.event.pull_request.labels.*.name, 'test-passing')
uses: actions-ecosystem/action-remove-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: test-passing
- name: Add Test Passing label
if: needs.tests.outputs.status == 'success'
uses: actions-ecosystem/action-add-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: test-passing
publish_results:
name: Publish Test Results and Coverage
if: always()
needs: tests
permissions: write-all
runs-on: ubuntu-16-cores-latest
steps:
- uses: actions/download-artifact@v4
- name: Publish Test Results to GitHub
uses: EnricoMi/publish-unit-test-result-action@v2
if: always()
with:
check_name: Test Results
comment_mode: off
files: Test Results/*.xml
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Fix up coverage report to work with coverage-check-action
run: sed -i 's/"line"/"covered_percent"/g' 'Coverage Report/.last_run.json'
- name: Publish Coverage Report
uses: devmasx/[email protected]
if: hashFiles('Coverage Report/.last_run.json') != ''
with:
type: simplecov
result_path: Coverage Report/.last_run.json
min_coverage: 90
token: ${{ secrets.GITHUB_TOKEN }}