Added Bundler audit

yatish27 · Apr 19, 2024 · 05bdd26 · 05bdd26
1 parent 57bf6fa
commit 05bdd26
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 5 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -27,11 +27,9 @@ jobs:
       - uses: ruby/setup-ruby@v1
         with:
           bundler-cache: true
-      - uses: actions/setup-node@v4
+      - uses: oven-sh/setup-bun@v1
         with:
-          node-version-file: ".node-version"
-          cache: yarn
-      - run: npx --yes ci
+          bun-version: latest
       - run: bundle exec rake db:prepare
       - run: bundle exec rake test:all
   rubocop:
@@ -52,3 +50,12 @@ jobs:
         with:
           bundler-cache: true
       - run: bundle exec brakeman --exit-on-warn --no-progress --color --output /dev/stdout
+  bundle-audit:
+    name: "Security / bundle-audit"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+      - run: bundle exec bundle-audit check --update -v
diff --git a/Gemfile b/Gemfile
@@ -28,4 +28,6 @@ group :development do
   gem "rubocop-rails", ">= 2.22.0", require: false
   gem "web-console"
   gem "foreman", "~> 0.88.1"
+  gem "erb_lint", "~> 0.5", require: false
+  gem "bundler-audit", require: false
 end
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -79,13 +79,23 @@ GEM
       public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
     base64 (0.2.0)
+    better_html (2.1.1)
+      actionview (>= 6.0)
+      activesupport (>= 6.0)
+      ast (~> 2.0)
+      erubi (~> 1.4)
+      parser (>= 2.4)
+      smart_properties
     bigdecimal (3.1.7)
     bindex (0.8.1)
     bootsnap (1.18.3)
       msgpack (~> 1.2)
     brakeman (6.1.2)
       racc
     builder (3.2.4)
+    bundler-audit (0.9.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
     childprocess (5.0.0)
     concurrent-ruby (1.2.3)
     connection_pool (2.4.1)
@@ -97,6 +107,13 @@ GEM
     dotenv (3.1.0)
     drb (2.2.1)
     dry-cli (1.0.0)
+    erb_lint (0.5.0)
+      activesupport
+      better_html (>= 2.0.1)
+      parser (>= 2.7.1.4)
+      rainbow
+      rubocop
+      smart_properties
     erubi (1.12.0)
     factory_bot (6.4.6)
       activesupport (>= 5.0.0)
@@ -242,6 +259,7 @@ GEM
       rubocop (>= 1.33.0, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
     ruby-progressbar (1.13.0)
+    smart_properties (1.17.0)
     stimulus-rails (1.3.3)
       railties (>= 6.0.0)
     stringio (3.1.0)
@@ -283,8 +301,10 @@ PLATFORMS
 DEPENDENCIES
   bootsnap
   brakeman
+  bundler-audit
   debug
   dotenv (>= 3.0)
+  erb_lint (~> 0.5)
   factory_bot_rails
   foreman (~> 0.88.1)
   jbuilder

diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# shore
+# Shore
 
 This is a Rails 7.1 app.
 

diff --git a/bin/erblint b/bin/erblint
@@ -0,0 +1,27 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'erblint' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+bundle_binstub = File.expand_path("bundle", __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("erb_lint", "erblint")