-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 9fa7a2a
Showing
94 changed files
with
2,152 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# See https://docs.docker.com/engine/reference/builder/#dockerignore-file for more about ignoring files. | ||
|
||
# Ignore git directory. | ||
/.git/ | ||
/.gitignore | ||
|
||
# Ignore bundler config. | ||
/.bundle | ||
|
||
# Ignore all environment files (except templates). | ||
/.env* | ||
!/.env*.erb | ||
|
||
# Ignore all default key files. | ||
/config/master.key | ||
/config/credentials/*.key | ||
|
||
# Ignore all logfiles and tempfiles. | ||
/log/* | ||
/tmp/* | ||
!/log/.keep | ||
!/tmp/.keep | ||
|
||
# Ignore pidfiles, but keep the directory. | ||
/tmp/pids/* | ||
!/tmp/pids/.keep | ||
|
||
# Ignore storage (uploaded files in development and any SQLite databases). | ||
/storage/* | ||
!/storage/.keep | ||
/tmp/storage/* | ||
!/tmp/storage/.keep | ||
|
||
# Ignore assets. | ||
/node_modules/ | ||
/app/assets/builds/* | ||
!/app/assets/builds/.keep | ||
/public/assets | ||
|
||
# Ignore CI service files. | ||
/.github | ||
|
||
# Ignore development files | ||
/.devcontainer | ||
|
||
# Ignore Docker-related files | ||
/.dockerignore | ||
/Dockerfile* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# See https://git-scm.com/docs/gitattributes for more about git attribute files. | ||
|
||
# Mark the database schema as having been generated. | ||
db/schema.rb linguist-generated | ||
|
||
# Mark any vendored files as having been vendored. | ||
vendor/* linguist-vendored | ||
config/credentials/*.yml.enc diff=rails_credentials | ||
config/credentials.yml.enc diff=rails_credentials |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
version: 2 | ||
updates: | ||
- package-ecosystem: bundler | ||
directory: "/" | ||
schedule: | ||
interval: daily | ||
open-pull-requests-limit: 10 | ||
- package-ecosystem: github-actions | ||
directory: "/" | ||
schedule: | ||
interval: daily | ||
open-pull-requests-limit: 10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
name: CI | ||
|
||
on: | ||
pull_request: | ||
push: | ||
branches: [ main ] | ||
|
||
jobs: | ||
scan_ruby: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up Ruby | ||
uses: ruby/setup-ruby@v1 | ||
with: | ||
ruby-version: .ruby-version | ||
bundler-cache: true | ||
|
||
- name: Scan for common Rails security vulnerabilities using static analysis | ||
run: bin/brakeman --no-pager | ||
|
||
scan_js: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up Ruby | ||
uses: ruby/setup-ruby@v1 | ||
with: | ||
ruby-version: .ruby-version | ||
bundler-cache: true | ||
|
||
- name: Scan for security vulnerabilities in JavaScript dependencies | ||
run: bin/importmap audit | ||
|
||
lint: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up Ruby | ||
uses: ruby/setup-ruby@v1 | ||
with: | ||
ruby-version: .ruby-version | ||
bundler-cache: true | ||
|
||
- name: Lint code for consistent style | ||
run: bin/rubocop -f github | ||
|
||
test: | ||
runs-on: ubuntu-latest | ||
|
||
# services: | ||
# redis: | ||
# image: redis | ||
# ports: | ||
# - 6379:6379 | ||
# options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5 | ||
steps: | ||
- name: Install packages | ||
run: sudo apt-get update && sudo apt-get install --no-install-recommends -y google-chrome-stable curl libjemalloc2 libvips sqlite3 | ||
|
||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up Ruby | ||
uses: ruby/setup-ruby@v1 | ||
with: | ||
ruby-version: .ruby-version | ||
bundler-cache: true | ||
|
||
- name: Run tests | ||
env: | ||
RAILS_ENV: test | ||
# REDIS_URL: redis://localhost:6379/0 | ||
run: bin/rails db:test:prepare test test:system | ||
|
||
- name: Keep screenshots from failed system tests | ||
uses: actions/upload-artifact@v4 | ||
if: failure() | ||
with: | ||
name: screenshots | ||
path: ${{ github.workspace }}/tmp/screenshots | ||
if-no-files-found: ignore |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# See https://help.github.com/articles/ignoring-files for more about ignoring files. | ||
# | ||
# Temporary files generated by your text editor or operating system | ||
# belong in git's global ignore instead: | ||
# `$XDG_CONFIG_HOME/git/ignore` or `~/.config/git/ignore` | ||
|
||
# Ignore bundler config. | ||
/.bundle | ||
|
||
# Ignore all environment files (except templates). | ||
/.env* | ||
!/.env*.erb | ||
|
||
# Ignore all logfiles and tempfiles. | ||
/log/* | ||
/tmp/* | ||
!/log/.keep | ||
!/tmp/.keep | ||
|
||
# Ignore pidfiles, but keep the directory. | ||
/tmp/pids/* | ||
!/tmp/pids/ | ||
!/tmp/pids/.keep | ||
|
||
# Ignore storage (uploaded files in development and any SQLite databases). | ||
/storage/* | ||
!/storage/.keep | ||
/tmp/storage/* | ||
!/tmp/storage/ | ||
!/tmp/storage/.keep | ||
|
||
/public/assets | ||
|
||
# Ignore master key for decrypting credentials and more. | ||
/config/master.key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# Omakase Ruby styling for Rails | ||
inherit_gem: { rubocop-rails-omakase: rubocop.yml } | ||
|
||
# Overwrite or add rules to create your own house style | ||
# | ||
# # Use `[a, [b, c]]` not `[ a, [ b, c ] ]` | ||
# Layout/SpaceInsideArrayLiteralBrackets: | ||
# Enabled: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
3.3.3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
# syntax = docker/dockerfile:1 | ||
|
||
# This Dockerfile is designed for production, not development. Use with Kamal or build'n'run by hand: | ||
# docker build -t my-app . | ||
# docker run -d -p 80:80 -p 443:443 --name my-app -e RAILS_MASTER_KEY=<value from config/master.key> my-app | ||
|
||
# Make sure RUBY_VERSION matches the Ruby version in .ruby-version | ||
ARG RUBY_VERSION=3.3.3 | ||
FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base | ||
|
||
# Rails app lives here | ||
WORKDIR /rails | ||
|
||
# Install base packages | ||
RUN apt-get update -qq && \ | ||
apt-get install --no-install-recommends -y curl libjemalloc2 libvips sqlite3 && \ | ||
rm -rf /var/lib/apt/lists /var/cache/apt/archives | ||
|
||
# Set production environment | ||
ENV RAILS_ENV="production" \ | ||
BUNDLE_DEPLOYMENT="1" \ | ||
BUNDLE_PATH="/usr/local/bundle" \ | ||
BUNDLE_WITHOUT="development" | ||
|
||
# Throw-away build stage to reduce size of final image | ||
FROM base AS build | ||
|
||
# Install packages needed to build gems | ||
RUN apt-get update -qq && \ | ||
apt-get install --no-install-recommends -y build-essential git pkg-config && \ | ||
rm -rf /var/lib/apt/lists /var/cache/apt/archives | ||
|
||
# Install application gems | ||
COPY Gemfile Gemfile.lock ./ | ||
RUN bundle install && \ | ||
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \ | ||
bundle exec bootsnap precompile --gemfile | ||
|
||
# Copy application code | ||
COPY . . | ||
|
||
# Precompile bootsnap code for faster boot times | ||
RUN bundle exec bootsnap precompile app/ lib/ | ||
|
||
# Precompiling assets for production without requiring secret RAILS_MASTER_KEY | ||
RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile | ||
|
||
|
||
|
||
|
||
# Final stage for app image | ||
FROM base | ||
|
||
# Copy built artifacts: gems, application | ||
COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}" | ||
COPY --from=build /rails /rails | ||
|
||
# Run and own only the runtime files as a non-root user for security | ||
RUN groupadd --system --gid 1000 rails && \ | ||
useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \ | ||
chown -R rails:rails db log storage tmp | ||
USER 1000:1000 | ||
|
||
# Entrypoint prepares the database. | ||
ENTRYPOINT ["/rails/bin/docker-entrypoint"] | ||
|
||
# Start the server by default, this can be overwritten at runtime | ||
EXPOSE 3000 | ||
CMD ["./bin/rails", "server"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
source "https://rubygems.org" | ||
|
||
# Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main" | ||
gem "rails", "~> 7.2.1" | ||
# The original asset pipeline for Rails [https://github.com/rails/sprockets-rails] | ||
gem "sprockets-rails" | ||
# Use sqlite3 as the database for Active Record | ||
gem "sqlite3", ">= 1.4" | ||
# Use the Puma web server [https://github.com/puma/puma] | ||
gem "puma", ">= 5.0" | ||
# Use JavaScript with ESM import maps [https://github.com/rails/importmap-rails] | ||
gem "importmap-rails" | ||
# Hotwire's SPA-like page accelerator [https://turbo.hotwired.dev] | ||
gem "turbo-rails" | ||
# Hotwire's modest JavaScript framework [https://stimulus.hotwired.dev] | ||
gem "stimulus-rails" | ||
# Build JSON APIs with ease [https://github.com/rails/jbuilder] | ||
gem "jbuilder" | ||
|
||
|
||
gem "workos" | ||
gem "net-pop", github: "ruby/net-pop" | ||
gem "jwt" | ||
|
||
gem "avo", ">= 3.2" | ||
gem "money-rails", "~> 1.12" | ||
gem "avo-money_field" | ||
|
||
# Use Redis adapter to run Action Cable in production | ||
# gem "redis", ">= 4.0.1" | ||
|
||
# Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis] | ||
# gem "kredis" | ||
|
||
# Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword] | ||
# gem "bcrypt", "~> 3.1.7" | ||
|
||
# Windows does not include zoneinfo files, so bundle the tzinfo-data gem | ||
gem "tzinfo-data", platforms: %i[ windows jruby ] | ||
|
||
# Reduces boot times through caching; required in config/boot.rb | ||
gem "bootsnap", require: false | ||
|
||
# Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images] | ||
# gem "image_processing", "~> 1.2" | ||
|
||
group :development, :test do | ||
# See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem | ||
gem "debug", platforms: %i[ mri windows ], require: "debug/prelude" | ||
|
||
# Static analysis for security vulnerabilities [https://brakemanscanner.org/] | ||
gem "brakeman", require: false | ||
|
||
# Omakase Ruby styling [https://github.com/rails/rubocop-rails-omakase/] | ||
gem "rubocop-rails-omakase", require: false | ||
end | ||
|
||
group :development do | ||
# Use console on exceptions pages [https://github.com/rails/web-console] | ||
gem "web-console" | ||
end | ||
|
||
group :test do | ||
# Use system testing [https://guides.rubyonrails.org/testing.html#system-testing] | ||
gem "capybara" | ||
gem "selenium-webdriver" | ||
end |
Oops, something went wrong.