Skip to content

fix(deps): Require at least nokogiri 1.16.2 to avoid CVE-2024-25062 #43

fix(deps): Require at least nokogiri 1.16.2 to avoid CVE-2024-25062

fix(deps): Require at least nokogiri 1.16.2 to avoid CVE-2024-25062 #43

Workflow file for this run

name: Dev
on:
pull_request:
types: [opened, reopened, synchronize]
permissions:
contents: read
jobs:
setup_pr:
runs-on: ubuntu-latest
permissions:
contents: read
issues: write
pull-requests: write
# Dependabot no longer have access to secrets unless we move to pull_request_target.
# Read more: https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions
if: ${{ github.actor != 'dependabot[bot]' }}
steps:
# Remove review_ready label when new commit push to PR
- name: Remove review_ready label
if: ${{ contains(github.event.pull_request.labels.*.name, 'review_ready') }}
uses: actions/github-script@v7
with:
# Fallback to github action token with limited access
# when DevOps token isn't available this happens on dependabot.
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'review_ready'
})
# Add wip label when new commit push to PR
- name: Add wip label
if: ${{ !contains(github.event.pull_request.labels.*.name, 'wip') }}
uses: actions/github-script@v7
with:
# Fallback to github action token with limited access
# when DevOps token isn't available this happens on dependabot.
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['wip']
})
rubocop:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: vendor/bundle
key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
restore-keys: |
${{ runner.os }}-gems-
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.0'
bundler-cache: false
- name: Install dependencies
run: bundle install --jobs 4 --retry 3
- name: Run RuboCop
run: bundle exec rubocop --parallel
codespell:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.8
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install codespell
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Check spelling with codespell
run: codespell --ignore-words=codespell.txt || exit 1
unit_test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
gemfile:
- rails_5.2_stable
- rails_6.0_stable
- rails_6.1_stable
- rails_7.0_stable
- rails_7.1_stable
- rails_edge
ruby: ['2.7', '3.0', '3.1', '3.2', '3.3']
exclude:
- ruby: '3.0'
gemfile: rails_5.2_stable
- ruby: '3.1'
gemfile: rails_5.2_stable
- ruby: '3.2'
gemfile: rails_5.2_stable
- ruby: '3.3'
gemfile: rails_5.2_stable
- ruby: '2.7'
gemfile: rails_edge
- ruby: '3.0'
gemfile: rails_edge
env:
BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
steps:
- uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
- name: Suppress git warnings
run: git config --global init.defaultBranch main
- name: Run RSpec
run: bundle exec rspec
- name: Coveralls Parallel
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
flag-name: unit-ruby-${{matrix.ruby }}-${{ matrix.gemfile }}
parallel: true
path-to-lcov: ./coverage/lcov/devise_auth0.lcov
finish:
needs: unit_test
runs-on: ubuntu-latest
steps:
- name: Upload coverage to Coveralls
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
parallel-finished: true
file: ./coverage/lcov/devise_auth0.lcov