Create SECURITY.md #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: elmah.io Create Deployment Action | ||
| # You may pin to the exact commit or the version. | ||
| # uses: elmahio/github-create-deployment-action@132611db9161ecebb1b07db6510d4ea5e0d2d415 | ||
| uses: elmahio/github-create-deployment-action@v1 | ||
| with: | ||
| # An API key with permission to create deployments. | ||
| apiKey: | ||
| # The version number of this deployment. The value of version can be a SemVer compliant string or any other syntax that you are using as your version numbering scheme. | ||
| version: | ||
| # Optional description of this deployment. Can be markdown or clear text. | ||
| description: # optional | ||
| # The name of the person responsible for creating this deployment. This can be the name taken from your deployment server. | ||
| userName: # optional | ||
| # The email of the person responsible for creating this deployment. This can be the email taken from your deployment server. | ||
| userEmail: # optional | ||
| # As default, deployments are attached all logs of the organization. If you want a deployment to attach to a single log only, set this to the ID of that log. | ||
| logId: # optional | ||
| # This workflow uses actions that are not certified by GitHub. They are | ||
| # provided by a third-party and are governed by separate terms of service, | ||
| # privacy policy, and support documentation. | ||
| # | ||
| # This workflow will install a prebuilt Ruby version, install dependencies, and | ||
| # run tests and linters. | ||
| name: "Ruby on Rails CI" | ||
| on: | ||
| push: | ||
| branches: [ "main" ] | ||
| pull_request: | ||
| branches: [ "main" ] | ||
| jobs: | ||
| test: | ||
| runs-on: ubuntu-latest | ||
| services: | ||
| postgres: | ||
| image: postgres:11-alpine | ||
| ports: | ||
| - "5432:5432" | ||
| env: | ||
| POSTGRES_DB: rails_test | ||
| POSTGRES_USER: rails | ||
| POSTGRES_PASSWORD: password | ||
| env: | ||
| RAILS_ENV: test | ||
| DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test" | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| # Add or replace dependency steps here | ||
| - name: Install Ruby and gems | ||
| uses: ruby/setup-ruby@78c01b705fd9d5ad960d432d3a0cfa341d50e410 # v1.179.1 | ||
| with: | ||
| bundler-cache: true | ||
| # Add or replace database setup steps here | ||
| - name: Set up database schema | ||
| run: bin/rails db:schema:load | ||
| # Add or replace test runners here | ||
| - name: Run tests | ||
| run: bin/rake | ||
| lint: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Install Ruby and gems | ||
| uses: ruby/setup-ruby@78c01b705fd9d5ad960d432d3a0cfa341d50e410 # v1.179.1 | ||
| with: | ||
| bundler-cache: true | ||
| - name: Generate binstubs | ||
| run: bundle binstubs bundler-audit brakeman rubocop | ||
| # Add or replace any other lints here | ||
| - name: Security audit dependencies | ||
| run: bin/bundler-audit --update | ||
| - name: Security audit application code | ||
| run: bin/brakeman -q -w2 | ||
| - name: Lint Ruby files | ||
| run: bin/rubocop --parallel | ||
