add sast & lint check workflows

Author: mafolz

.github/actions/linter_ruby.yml

@@ -0,0 +1,26 @@
+on:
+  workflow_call:
+    secrets:
+      token:
+        required: true
+
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby versions
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: false
+
+      - name: Install Rubocop
+        run: |
+          gem install rubocop-rails-omakase  -N
+          gem install rubocop-rspec  -N
+
+      - name: Run Rubocop
+        run: rubocop --lint

.github/actions/sast_ruby.yml

@@ -0,0 +1,41 @@
+name: SAST
+
+on:
+  workflow_call:
+    secrets:
+      token:
+        required: true
+
+permissions:
+  contents: read
+
+jobs:
+  brakeman:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: false
+
+      - name: Install Brakeman
+        run: gem install brakeman -N
+
+      - name: Run brakeman
+        run: brakeman --force
+
+  bearer:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Ruby versions
+        uses: ruby/setup-ruby@v1
+
+      - name: Bearer
+        uses: bearer/bearer-action@v2

.github/workflows/linter_ruby.yml

@@ -6,11 +6,11 @@ on:
 
 jobs:
   lint:
-    uses: anynines/int-gitops/.github/workflows/linter_ruby.yml@master
+    uses: ./.github/actions/linter_ruby.yml
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
 
   sast:
-    uses: anynines/int-gitops/.github/workflows/sast_ruby.yml@master
+    uses: ./.github/actions/sast_ruby.yml
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}

.rubocop.yml

@@ -0,0 +1,44 @@
+plugins:
+  - rubocop-performance
+  - rubocop-rails
+  - rubocop-rspec
+
+AllCops:
+  # Insert your target ruby version
+  TargetRubyVersion: 3.1.x
+  NewCops: enable
+
+# Overwrite or add rules to create your own house style
+#
+# # Use `[a, [b, c]]` not `[ a, [ b, c ] ]`
+# Layout/SpaceInsideArrayLiteralBrackets:
+#   Enabled: false
+
+Layout/IndentationConsistency:
+  Enabled: true
+
+Layout/IndentationWidth:
+  Enabled: true
+
+Bundler:
+  Enabled: true
+Gemspec:
+  Enabled: true
+Layout:
+  Enabled: true
+Lint:
+  Enabled: true
+Metrics:
+  Enabled: true
+Naming:
+  Enabled: true
+Performance:
+  Enabled: true
+  Exclude:
+    - "spec/**/*"
+Rails:
+  Enabled: true
+Security:
+  Enabled: true
+Style:
+  Enabled: true

Gemfile

@@ -4,27 +4,29 @@ ruby '3.1.3'
 
 gem 'rails', '~> 7.0.0'
 
-gem 'eventmachine'
 gem 'amqp'
-gem 'honeybadger'
 gem 'erubis'
+gem 'eventmachine'
+gem 'honeybadger'
 gem 'listen'
 
 gem 'net-smtp'
-gem 'webrick', '~> 1.7'
 gem 'psych', '< 4'
+gem 'webrick', '~> 1.7'
 
 gem 'hashie'
 
 gem 'pg'
 
 gem 'nokogiri', '~> 1.18.4'
-gem "rack", "~> 2.2.13"
+gem 'rack', '~> 2.2.13'
 
 group :test do
   gem 'byebug'
-  gem 'rspec-rails'
-  gem "factory_bot_rails", "~> 4.0"
-  gem 'mocha', :require => false
   gem 'database_cleaner'
+  gem 'factory_bot_rails', '~> 4.0'
+  gem 'mocha', require: false
+  gem 'rspec-rails'
+  gem 'rubocop-rails-omakase', require: false
+  gem 'rubocop-rspec'
 end

Gemfile.lock

@@ -70,6 +70,7 @@ GEM
     amqp (1.8.0)
       amq-protocol (>= 2.2.0)
       eventmachine
+    ast (2.4.3)
     base64 (0.2.0)
     builder (3.3.0)
     byebug (11.1.3)
@@ -98,6 +99,9 @@ GEM
     honeybadger (5.0.2)
     i18n (1.14.7)
       concurrent-ruby (~> 1.0)
+    json (2.17.1)
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
     listen (3.7.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
@@ -129,7 +133,12 @@ GEM
       racc (~> 1.4)
     nokogiri (1.18.7-x86_64-darwin)
       racc (~> 1.4)
+    parallel (1.27.0)
+    parser (3.3.10.0)
+      ast (~> 2.4.1)
+      racc
     pg (1.4.4)
+    prism (1.6.0)
     psych (3.3.4)
     racc (1.8.1)
     rack (2.2.13)
@@ -163,10 +172,12 @@ GEM
       rake (>= 12.2)
       thor (~> 1.0)
       zeitwerk (~> 2.5)
+    rainbow (3.1.1)
     rake (13.2.1)
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
+    regexp_parser (2.11.3)
     rspec-core (3.12.0)
       rspec-support (~> 3.12.0)
     rspec-expectations (3.12.0)
@@ -184,11 +195,46 @@ GEM
       rspec-mocks (~> 3.11)
       rspec-support (~> 3.11)
     rspec-support (3.12.0)
+    rubocop (1.81.7)
+      json (~> 2.3)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
+      parallel (~> 1.10)
+      parser (>= 3.3.0.2)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.47.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.48.0)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
+    rubocop-performance (1.26.1)
+      lint_roller (~> 1.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.47.1, < 2.0)
+    rubocop-rails (2.34.2)
+      activesupport (>= 4.2.0)
+      lint_roller (~> 1.1)
+      rack (>= 1.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
+    rubocop-rails-omakase (1.1.0)
+      rubocop (>= 1.72)
+      rubocop-performance (>= 1.24)
+      rubocop-rails (>= 2.30)
+    rubocop-rspec (3.8.0)
+      lint_roller (~> 1.1)
+      rubocop (~> 1.81)
+    ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     thor (1.3.2)
     timeout (0.4.3)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.1.0)
     webrick (1.9.1)
     websocket-driver (0.7.7)
       base64
@@ -219,6 +265,8 @@ DEPENDENCIES
   rack (~> 2.2.13)
   rails (~> 7.0.0)
   rspec-rails
+  rubocop-rails-omakase
+  rubocop-rspec
   webrick (~> 1.7)
 
 RUBY VERSION

Rakefile

@@ -2,6 +2,6 @@
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require File.expand_path('../config/application', __FILE__)
+require File.expand_path('config/application', __dir__)
 
 VirtualHostService::Application.load_tasks

app/controllers/application_controller.rb

@@ -1,15 +1,14 @@
 class ApplicationController < ActionController::API
-  
   before_action :authorize!
-  
+
   protected
-  
+
   ##
   # Every Request needs an access token wich authorizes to use the api.
   # No action will be performed if no access token is specified in the request params.
   def authorize!
     api_key = ApiKey.find_by_access_token(params[:access_token])
     head :unauthorized unless api_key
-    return false
+    false
   end
-end
+end

app/controllers/v_hosts_controller.rb

@@ -1,39 +1,37 @@
 class VHostsController < ApplicationController
-
   def create
     vhost = VHost.new(vhost_params)
     if vhost.save
-      render :json => vhost
+      render json: vhost
     else
-      render :json => {:errors => vhost.errors.full_messages}, :status => 422
+      render json: { errors: vhost.errors.full_messages }, status: :unprocessable_entity
     end
-
-  rescue AMQP::TCPConnectionFailed => ex
-    render :json => {:errors => ['Could not establish TCP connection to the amqp broker']}, :status => 500
+  rescue AMQP::TCPConnectionFailed => e
+    Rails.logger.error(e)
+    render json: { errors: ['Could not establish TCP connection to the amqp broker'] }, status: :internal_server_error
   end
 
   def destroy_by_server_name
-
-    vhost = VHost.where(:server_name => params['server_name']).first
+    vhost = VHost.where(server_name: params['server_name']).first
 
     if vhost.destroy
-      render :json => 'ok'
+      render json: 'ok'
     else
-      render :json => {:errors => 'error on deleting vhost'}, :status => 422
+      render json: { errors: 'error on deleting vhost' }, status: :unprocessable_entity
     end
-
-  rescue AMQP::TCPConnectionFailed => ex
-    render :json => {:errors => ['Could not establish TCP connection to the amqp broker']}, :status => 500
+  rescue AMQP::TCPConnectionFailed => e
+    Rails.logger.error(e)
+    render json: { errors: ['Could not establish TCP connection to the amqp broker'] }, status: :internal_server_error
   end
 
   def by_organization
-    render :json => VHost.where(:organization_guid => params['guid'])
+    render json: VHost.where(organization_guid: params['guid'])
   end
 
   private
 
   def vhost_params
-    params.require(:v_host).permit(:organization_guid, :server_name, :ssl_ca_certificate, :ssl_certificate, :ssl_key, :server_aliases)
+    params.require(:v_host).permit(:organization_guid, :server_name, :ssl_ca_certificate, :ssl_certificate, :ssl_key,
+                                   :server_aliases)
   end
-  
 end

app/models/api_key.rb

@@ -1,21 +1,18 @@
-## 
+##
 # Every client which wants to perform actions through this api needs a API key
 # otherwise every request will rejektet with a 401 status. API keys can be added
 # in the application.yml.
 class ApiKey
-
   def initialize(name, access_token)
     @name = name
     @access_token = access_token
   end
-  
+
   def self.find_by_access_token(access_token)
-    
-    APP_CONFIG['api_keys'].each do |k,v|
+    APP_CONFIG['api_keys'].each do |k, v|
       return ApiKey.new(k, v) if access_token == v
     end
-    
-    return nil
-    
+
+    nil
   end
 end