From a267a0816803b7623282cce3d7dba32e7c8e25ea Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 09:14:52 +1100 Subject: [PATCH 01/15] Bump Node.js from 18.19.1 to 18.20.5 --- .node-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.node-version b/.node-version index 3c5535cf6..1117d417c 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -18.19.1 +18.20.5 From d5070c5a32cd62379c35cec63e1a04946379e770 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 09:15:52 +1100 Subject: [PATCH 02/15] Bump Ruby from 3.2.5 to 3.3.6 --- .ruby-version | 2 +- Dockerfile | 2 +- Gemfile.lock | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.ruby-version b/.ruby-version index 5ae69bd5f..9c25013db 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.2.5 +3.3.6 diff --git a/Dockerfile b/Dockerfile index a6639c280..8abbc0f0a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:3.2.5-slim +FROM ruby:3.3.6-slim # Install dependencies RUN \ diff --git a/Gemfile.lock b/Gemfile.lock index 00fd45fbe..2b1fd7281 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -794,7 +794,7 @@ DEPENDENCIES webmock RUBY VERSION - ruby 3.2.5p208 + ruby 3.3.6p108 BUNDLED WITH 2.5.17 From 72d719df09a37c8c5742729bb12a7ff6766e0447 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 09:16:17 +1100 Subject: [PATCH 03/15] Bump Bundler from 2.5.17 to 2.6.2 --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2b1fd7281..a27cd7839 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -797,4 +797,4 @@ RUBY VERSION ruby 3.3.6p108 BUNDLED WITH - 2.5.17 + 2.6.2 From 19cb907ba248cf86f2f701d41e8979d2abb55ac8 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 09:29:29 +1100 Subject: [PATCH 04/15] Bump Rubocop from 1.42.0 to 1.70.0 --- Gemfile.lock | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a27cd7839..572bb1479 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -395,7 +395,7 @@ GEM terminal-table (>= 1.4.0) thor (>= 0.16.0) jmespath (1.6.2) - json (2.7.1) + json (2.9.1) jsonpath (1.1.5) multi_json jwt (2.7.1) @@ -404,6 +404,7 @@ GEM jsonpath (~> 1.0) recursive-open-struct (~> 1.1, >= 1.1.1) rest-client (~> 2.0) + language_server-protocol (3.17.0.3) large_object_store (1.7.0) zstd-ruby (~> 1.5.5) llhttp-ffi (0.5.0) @@ -499,10 +500,10 @@ GEM actionpack (>= 4.2) omniauth (~> 2.0) pagy (4.11.0) - parallel (1.24.0) + parallel (1.26.3) parallel_tests (2.32.0) parallel - parser (3.3.0.5) + parser (3.3.6.0) ast (~> 2.4.1) racc path_expander (1.1.1) @@ -555,7 +556,7 @@ GEM rake (13.2.1) rbtree3 (0.7.1) recursive-open-struct (1.1.3) - regexp_parser (2.9.0) + regexp_parser (2.10.0) request_store (1.5.1) rack (>= 1.4) rest-client (2.1.0) @@ -567,23 +568,23 @@ GEM rollbar (2.27.1) rollbar-user_informer (0.1.0) rollbar (~> 2.15) - rubocop (1.42.0) + rubocop (1.70.0) json (~> 2.3) + language_server-protocol (>= 3.17.0) parallel (~> 1.10) - parser (>= 3.1.2.1) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) - rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.24.1, < 2.0) + regexp_parser (>= 2.9.3, < 3.0) + rubocop-ast (>= 1.36.2, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.30.0) - parser (>= 3.2.1.0) - rubocop-rails (2.23.1) + unicode-display_width (>= 2.4.0, < 4.0) + rubocop-ast (1.37.0) + parser (>= 3.3.1.0) + rubocop-rails (2.28.0) activesupport (>= 4.2.0) rack (>= 1.1) - rubocop (>= 1.33.0, < 2.0) - rubocop-ast (>= 1.30.0, < 2.0) + rubocop (>= 1.52.0, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) ruby_parser (3.21.0) @@ -634,8 +635,8 @@ GEM sqlite3 (1.6.9-x86_64-darwin) sqlite3 (1.6.9-x86_64-linux) stackprof (0.2.12) - terminal-table (1.8.0) - unicode-display_width (~> 1.1, >= 1.1.1) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) thor (1.3.1) tilt (2.3.0) timeout (0.4.1) @@ -643,7 +644,7 @@ GEM concurrent-ruby (~> 1.0) uglifier (3.2.0) execjs (>= 0.3.0, < 3) - unicode-display_width (1.8.0) + unicode-display_width (2.6.0) validates_lengths_from_database (0.8.0) activerecord (>= 4) version_gem (1.1.3) From 07bd17b5631e57d28e62206fec9ab800d4177871 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 09:30:32 +1100 Subject: [PATCH 05/15] Rubocop: resolve Rails/HttpStatus --- .../test/controllers/kubernetes/stages_controller_test.rb | 6 +++--- test/controllers/builds_controller_test.rb | 2 +- test/controllers/csv_exports_controller_test.rb | 4 ++-- test/controllers/deploys_controller_test.rb | 8 ++++---- test/controllers/outbound_webhooks_controller_test.rb | 2 +- test/controllers/webhooks_controller_test.rb | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/plugins/kubernetes/test/controllers/kubernetes/stages_controller_test.rb b/plugins/kubernetes/test/controllers/kubernetes/stages_controller_test.rb index fa5d1d03c..cf8cdc6aa 100644 --- a/plugins/kubernetes/test/controllers/kubernetes/stages_controller_test.rb +++ b/plugins/kubernetes/test/controllers/kubernetes/stages_controller_test.rb @@ -32,20 +32,20 @@ it 'fails if reference invalid' do GitRepository.any_instance.expects(:commit_from_ref) get :manifest_preview, params: {project_id: project.id, id: stage.id} - assert_response 400, '# Git reference not found' + assert_response :bad_request, '# Git reference not found' end it 'captures template validation errors' do Kubernetes::DeployExecutor.any_instance.stubs(:preview_release_docs).raises(Samson::Hooks::UserError, "foobar") get :manifest_preview, params: {project_id: project.id, id: stage.id} - assert_response 400, '# foobar' + assert_response :bad_request, '# foobar' end it 'builds kubernetes manifest' do GitRepository.any_instance.expects(:commit_from_ref).returns(git_sha) get :manifest_preview, params: {project_id: project.id, id: stage.id} - assert_response 200 + assert_response :ok yaml = YAML.load_stream(response.body) yaml.dig(0, "metadata", "name").must_equal "test-app-server" yaml.dig(0, "metadata", "namespace").must_equal "pod1" diff --git a/test/controllers/builds_controller_test.rb b/test/controllers/builds_controller_test.rb index 2da7059eb..263bac55c 100644 --- a/test/controllers/builds_controller_test.rb +++ b/test/controllers/builds_controller_test.rb @@ -231,7 +231,7 @@ def create(attributes = {}) build.update_columns docker_repo_digest: digest, external_status: 'succeeded' create create_args.merge(docker_repo_digest: digest.reverse) - assert_response 422 + assert_response :unprocessable_entity build.reload build.external_status.must_equal 'succeeded' diff --git a/test/controllers/csv_exports_controller_test.rb b/test/controllers/csv_exports_controller_test.rb index 9e79ee7f6..a560b38c2 100644 --- a/test/controllers/csv_exports_controller_test.rb +++ b/test/controllers/csv_exports_controller_test.rb @@ -262,7 +262,7 @@ def self.show_test(state) get :show, params: {id: -9999, format: :json} @response.media_type.must_equal "application/json" @response.body.must_include "not found" - assert_response 404 + assert_response :not_found end end @@ -271,7 +271,7 @@ def self.show_test(state) get :show, params: {id: -9999, format: :csv} @response.media_type.must_equal "text/csv" @response.body.must_include "not found" - assert_response 404 + assert_response :not_found end end end diff --git a/test/controllers/deploys_controller_test.rb b/test/controllers/deploys_controller_test.rb index 2117cda21..a3117e8b3 100644 --- a/test/controllers/deploys_controller_test.rb +++ b/test/controllers/deploys_controller_test.rb @@ -288,12 +288,12 @@ def changeset(overrides = {}) it "ignores empty status" do get :index, params: {search: {status: ' '}}, format: "json" - assert_response 200 + assert_response :ok end it "fails with invalid status" do get :index, params: {search: {status: 'bogus_status'}}, format: "json" - assert_response 400 + assert_response :bad_request end it "filters by project" do @@ -427,13 +427,13 @@ def changeset(overrides = {}) it "refuses to search all stages by permalink since that is most likely not what the user wanted" do params.delete(:project_id) get :index, params: params, format: "json" - assert_response 400 + assert_response :bad_request end it "refuses to search stage by permalink + other conditions since that makes little sense" do params[:search][:production] = true get :index, params: params, format: "json" - assert_response 400 + assert_response :bad_request end end end diff --git a/test/controllers/outbound_webhooks_controller_test.rb b/test/controllers/outbound_webhooks_controller_test.rb index c4f210f51..fa6f06fe1 100644 --- a/test/controllers/outbound_webhooks_controller_test.rb +++ b/test/controllers/outbound_webhooks_controller_test.rb @@ -150,7 +150,7 @@ it "fails to update via json" do params[:url] = "" patch :update, params: {id: webhook.id, outbound_webhook: params}, format: :json - assert_response 422 + assert_response :unprocessable_entity end end diff --git a/test/controllers/webhooks_controller_test.rb b/test/controllers/webhooks_controller_test.rb index 04e6b9db5..506f31be9 100644 --- a/test/controllers/webhooks_controller_test.rb +++ b/test/controllers/webhooks_controller_test.rb @@ -82,7 +82,7 @@ it "shows validation errors" do put :update, params: {project_id: project.to_param, id: webhook.id, webhook: {stage_id: nil}}, format: :json - assert_response 422 + assert_response :unprocessable_entity end end From 27ce389c7cb27b19259c8fca62f4b9c6a4113de3 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 09:32:19 +1100 Subject: [PATCH 06/15] Rubocop: resolve Style/RedundantParentheses --- app/controllers/builds_controller.rb | 5 ++--- app/controllers/projects_controller.rb | 2 +- app/helpers/user_project_roles_helper.rb | 2 +- app/models/concerns/attr_encrypted_support.rb | 2 +- app/models/job_execution.rb | 4 ++-- lib/samson/boot_check.rb | 4 ++-- lib/samson/build_finder.rb | 2 +- lib/samson/repo_provider_status.rb | 4 +--- plugins/datadog/app/models/datadog_monitor_query.rb | 2 +- plugins/kubernetes/app/models/kubernetes/role_validator.rb | 2 +- test/test_helper.rb | 2 +- 11 files changed, 14 insertions(+), 17 deletions(-) diff --git a/app/controllers/builds_controller.rb b/app/controllers/builds_controller.rb index 2e4c87441..355d123ab 100644 --- a/app/controllers/builds_controller.rb +++ b/app/controllers/builds_controller.rb @@ -168,10 +168,9 @@ def enforce_disabled_docker_builds def registering_external_build? return @registering_external_build if defined?(@registering_external_build) - @registering_external_build = ( + @registering_external_build = action_name == "create" && - EXTERNAL_BUILD_ATTRIBUTES.any? { |e| params.dig(:build, e).present? } - ) + EXTERNAL_BUILD_ATTRIBUTES.any? { |e| params.dig(:build, e).present? } end def scope diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 9ef0203b2..d7ba5b0ca 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -80,7 +80,7 @@ def create_callback end def destroy_callback - if to = (ENV["PROJECT_DELETED_NOTIFY_ADDRESS"] || created_email) + if to = ENV["PROJECT_DELETED_NOTIFY_ADDRESS"] || created_email ProjectMailer.deleted_email(to, current_user, @project).deliver_now end end diff --git a/app/helpers/user_project_roles_helper.rb b/app/helpers/user_project_roles_helper.rb index 0ff469801..d0112af03 100644 --- a/app/helpers/user_project_roles_helper.rb +++ b/app/helpers/user_project_roles_helper.rb @@ -5,7 +5,7 @@ def user_project_role_radio(user, role_name, role_id, user_project_role_id) global_access = (user.role_id >= role_id.to_i) disabled = (user.role_id > role_id.to_i) project_access = (user_project_role_id.to_i >= role_id.to_i) - checked = (global_access || project_access) + checked = global_access || project_access title = "User is a global #{user.role.name.capitalize}" if global_access label_tag nil, class: ('disabled' if disabled), title: title do diff --git a/app/models/concerns/attr_encrypted_support.rb b/app/models/concerns/attr_encrypted_support.rb index 0a158b491..b25c7786a 100644 --- a/app/models/concerns/attr_encrypted_support.rb +++ b/app/models/concerns/attr_encrypted_support.rb @@ -2,7 +2,7 @@ require 'attr_encrypted' module AttrEncryptedSupport - encryption_key_raw = (ENV['ATTR_ENCRYPTED_KEY'] || Rails.application.secrets.secret_key_base) + encryption_key_raw = ENV['ATTR_ENCRYPTED_KEY'] || Rails.application.secrets.secret_key_base ENCRYPTION_KEY = encryption_key_raw[0...32] ENCRYPTION_KEY_SHA = Digest::SHA2.hexdigest(encryption_key_raw) diff --git a/app/models/job_execution.rb b/app/models/job_execution.rb index 455d5c9c2..688ab6861 100644 --- a/app/models/job_execution.rb +++ b/app/models/job_execution.rb @@ -140,7 +140,7 @@ def execute(dir) cmds = commands(dir) payload = { - stage: (@stage&.name || "none"), + stage: @stage&.name || "none", project: @job.project.name, kubernetes: kubernetes?, production: @stage&.production? @@ -201,7 +201,7 @@ def commands(dir) DEPLOYER_NAME: @job.user.name, REFERENCE: @reference, REVISION: @job.commit, - TAG: (@job.tag || @job.commit), + TAG: @job.tag || @job.commit, # for shared notification scripts PROJECT_NAME: @job.project.name, diff --git a/lib/samson/boot_check.rb b/lib/samson/boot_check.rb index 47da151e2..10764a541 100644 --- a/lib/samson/boot_check.rb +++ b/lib/samson/boot_check.rb @@ -18,8 +18,8 @@ def check bad = [ ActiveRecord::Base.descendants.map(&:name) - ["Audited::Audit"], ActionController::Base.descendants.map(&:name) - ["RollbarTestController"], - (const_defined?(:Mocha) && "mocha"), - (extra_threads.any? && "Extra threads: #{extra_threads}") + const_defined?(:Mocha) && "mocha", + extra_threads.any? && "Extra threads: #{extra_threads}" ].flatten.select { |x| x } raise "#{bad.join(", ")} should not be loaded" if bad.any? end diff --git a/lib/samson/build_finder.rb b/lib/samson/build_finder.rb index 57a048412..40e916674 100644 --- a/lib/samson/build_finder.rb +++ b/lib/samson/build_finder.rb @@ -44,7 +44,7 @@ def find_or_create_builds possible = possible_builds needed.delete_if do |dockerfile, image| found = self.class.detect_build_by_selector!( - possible, dockerfile, image, fail: (last_try && build_disabled), project: @job.project + possible, dockerfile, image, fail: last_try && build_disabled, project: @job.project ) if found all << found diff --git a/lib/samson/repo_provider_status.rb b/lib/samson/repo_provider_status.rb index cc547122e..f59ed1ba7 100644 --- a/lib/samson/repo_provider_status.rb +++ b/lib/samson/repo_provider_status.rb @@ -5,10 +5,8 @@ class RepoProviderStatus class << self def errors - ( - Rails.cache.read(CACHE_KEY) || + Rails.cache.read(CACHE_KEY) || ["To see repo provider status information, add repo_provider_status:60 to PERIODICAL environment variable."] - ) end def refresh diff --git a/plugins/datadog/app/models/datadog_monitor_query.rb b/plugins/datadog/app/models/datadog_monitor_query.rb index bb4db65a2..6ff0f37a8 100644 --- a/plugins/datadog/app/models/datadog_monitor_query.rb +++ b/plugins/datadog/app/models/datadog_monitor_query.rb @@ -71,7 +71,7 @@ def validate_query_works # match_tag is not in monitors grouping so it will never alert if match_target? monitors.each do |m| - groups = (m.response[:query][/\.by\(([^)]*)\)/, 1] || m.response[:query][/ by {([^}]*)}/, 1]) + groups = m.response[:query][/\.by\(([^)]*)\)/, 1] || m.response[:query][/ by {([^}]*)}/, 1] next if groups.to_s.tr('"\'', '').split(",").include?(match_target) errors.add( diff --git a/plugins/kubernetes/app/models/kubernetes/role_validator.rb b/plugins/kubernetes/app/models/kubernetes/role_validator.rb index 3d39b17b5..b227ac816 100644 --- a/plugins/kubernetes/app/models/kubernetes/role_validator.rb +++ b/plugins/kubernetes/app/models/kubernetes/role_validator.rb @@ -130,7 +130,7 @@ def validate_name_kinds_are_unique # group by kind+name and to sure we have no duplicates groups = elements.group_by do |e| - user_supplied = (ALLOWED_DUPLICATE_KINDS.include?(e.fetch(:kind)) || self.class.keep_name?(e)) + user_supplied = ALLOWED_DUPLICATE_KINDS.include?(e.fetch(:kind)) || self.class.keep_name?(e) [e.fetch(:kind), e.dig(:metadata, :namespace), user_supplied ? e.dig(:metadata, :name) : "hardcoded"] end.values bad = groups.select { |group| group.size > 1 } diff --git a/test/test_helper.rb b/test/test_helper.rb index 2f75efadd..f3fd96a19 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -254,7 +254,7 @@ def with_caching class << self def unauthorized(method, action, params = {}) it "is unauthorized when doing a #{method} to #{action} with #{params}" do - public_send method, action, params: params, format: (@request_format || :html) + public_send method, action, params: params, format: @request_format || :html assert_response :unauthorized end end From 7ea76322392493c4b5778d04524a035a3189630e Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 09:36:57 +1100 Subject: [PATCH 07/15] Rubocop: resolve Lint/SelfAssignment --- db/migrate/20191105170029_make_outbound_webhooks_global.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/migrate/20191105170029_make_outbound_webhooks_global.rb b/db/migrate/20191105170029_make_outbound_webhooks_global.rb index 7894647b1..ee70a4cf9 100644 --- a/db/migrate/20191105170029_make_outbound_webhooks_global.rb +++ b/db/migrate/20191105170029_make_outbound_webhooks_global.rb @@ -20,7 +20,7 @@ def change OutboundWebhook.find_each do |wh| OutboundWebhookStage.create!(stage_id: wh.stage_id, outbound_webhook_id: wh.id) do |o| o.created_at = wh.created_at - o.updated_at = o.updated_at + o.updated_at = wh.updated_at end end From b4909a5d4b7ad3d96212173f4d73af443cb13e6f Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 09:38:22 +1100 Subject: [PATCH 08/15] Rubocop: resolve Style/HashEachMethods --- lib/samson/hooks.rb | 2 +- lib/tasks/maintenance.rake | 2 +- plugins/kubernetes/app/models/kubernetes/deploy_executor.rb | 2 +- test/models/output_buffer_test.rb | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/samson/hooks.rb b/lib/samson/hooks.rb index 101be02ce..570ef7b84 100644 --- a/lib/samson/hooks.rb +++ b/lib/samson/hooks.rb @@ -213,7 +213,7 @@ def symlink_plugin_fixtures # rails test does not trigger after_run and rake does not work with at_exit # https://github.com/rails/rails/pull/26515 callback = -> do - links.each { |_, to| File.delete(to) rescue false } # rubocop:disable Style/RescueModifier + links.each { |(_, to)| File.delete(to) rescue false } # rubocop:disable Style/RescueModifier end if Minitest.respond_to?(:run_with_rails_extension) && Minitest.run_with_rails_extension at_exit(&callback) diff --git a/lib/tasks/maintenance.rake b/lib/tasks/maintenance.rake index 1894cfd99..46748f19d 100644 --- a/lib/tasks/maintenance.rake +++ b/lib/tasks/maintenance.rake @@ -73,7 +73,7 @@ namespace :maintenance do puts "Confirm? y/n" abort unless $stdin.gets.strip == "y" - actions.each do |_, from_stage| + actions.each do |(_, from_stage)| from_stage.deploy_groups -= [delete_group] from_stage.destroy! if delete_empty && from_stage.deploy_groups.empty? end diff --git a/plugins/kubernetes/app/models/kubernetes/deploy_executor.rb b/plugins/kubernetes/app/models/kubernetes/deploy_executor.rb index 5c273cba5..828eb4e74 100644 --- a/plugins/kubernetes/app/models/kubernetes/deploy_executor.rb +++ b/plugins/kubernetes/app/models/kubernetes/deploy_executor.rb @@ -264,7 +264,7 @@ def print_events(status) @output.puts "\n#{resource_identifier(status)} events:" groups = events.group_by { |e| [e[:type], e[:reason], (e[:message] || "").split("\n").sort] } - groups.each do |_, event_group| + groups.each_value do |event_group| count = sum_event_group(event_group) counter = " x#{count}" if count != 1 e = event_group.first diff --git a/test/models/output_buffer_test.rb b/test/models/output_buffer_test.rb index cfa8bdd79..336cc2720 100644 --- a/test/models/output_buffer_test.rb +++ b/test/models/output_buffer_test.rb @@ -140,7 +140,7 @@ def build_listener Thread.new do content = [] - buffer.each { |_, chunk| content << chunk } + buffer.each { |(_, chunk)| content << chunk } content end end From 614fc6083b35e77583e3699faa35e0733523b468 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 09:41:37 +1100 Subject: [PATCH 09/15] Rubocop: resolve Style/MultipleComparison --- app/models/webhook.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/webhook.rb b/app/models/webhook.rb index a3bc2cbde..6c3c01846 100644 --- a/app/models/webhook.rb +++ b/app/models/webhook.rb @@ -25,7 +25,7 @@ def self.for_source(service_type, service_name) end def self.source_matches?(release_source, service_type, service_name) - release_source == 'any' || release_source == "any_#{service_type}" || release_source == service_name + ['any', "any_#{service_type}", service_name].include?(release_source) end private From 3862af3ecf2bb8696e5dc3388c4f2408bf30445e Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 09:42:12 +1100 Subject: [PATCH 10/15] Rubocop: resolve Style/RedundantRegexpEscape --- app/models/changeset/pull_request.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/changeset/pull_request.rb b/app/models/changeset/pull_request.rb index d4d7a7151..f0972c0ef 100644 --- a/app/models/changeset/pull_request.rb +++ b/app/models/changeset/pull_request.rb @@ -7,7 +7,7 @@ class Changeset::PullRequest WEBHOOK_FILTER = /(^|\s)\[samson review\]($|\s)/i # Matches URLs to JIRA issues. - JIRA_ISSUE_URL = %r[https?://[\da-z.\-]+\.[a-z.]{2,6}/browse/#{CODE_ONLY}(?=#{PUNCT}|$)] + JIRA_ISSUE_URL = %r[https?://[\da-z.-]+\.[a-z.]{2,6}/browse/#{CODE_ONLY}(?=#{PUNCT}|$)] # Matches "VOICE-1234" or "[VOICE-1234]" JIRA_CODE_TITLE = /(\[)*(#{CODE_ONLY})(\])*/ From 82387d445c9030291fbacd4cd02172d26553da41 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 09:42:42 +1100 Subject: [PATCH 11/15] Rubocop: resolve Style/RedundantReturn --- plugins/kubernetes/app/models/kubernetes/namespace.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/kubernetes/app/models/kubernetes/namespace.rb b/plugins/kubernetes/app/models/kubernetes/namespace.rb index a734cf03d..f29556c72 100644 --- a/plugins/kubernetes/app/models/kubernetes/namespace.rb +++ b/plugins/kubernetes/app/models/kubernetes/namespace.rb @@ -55,7 +55,7 @@ def parsed_template def validate_template return errors.add :template, "needs to be set" if template.blank? return errors.add :template, "needs to be a Hash" unless parsed_template.is_a?(Hash) - return errors.add :template, "needs metadata.labels.team" unless parsed_template.dig("metadata", "labels", "team") + errors.add :template, "needs metadata.labels.team" unless parsed_template.dig("metadata", "labels", "team") rescue Psych::Exception errors.add :template, "needs to be valid yaml" end From ae4824a4f69e4ad4324ec33a991ea006e99135f6 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 09:51:58 +1100 Subject: [PATCH 12/15] Bump sqlite3 from 1.6.9 to 1.7.3 --- Gemfile.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 572bb1479..e553a1698 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -430,7 +430,7 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2024.0206) mini_mime (1.1.5) - mini_portile2 (2.8.7) + mini_portile2 (2.8.8) minitest (5.14.4) mixlib-shellout (3.2.7) chef-utils @@ -628,12 +628,12 @@ GEM actionpack (>= 5.2) activesupport (>= 5.2) sprockets (>= 3.0.0) - sqlite3 (1.6.9) + sqlite3 (1.7.3) mini_portile2 (~> 2.8.0) - sqlite3 (1.6.9-aarch64-linux) - sqlite3 (1.6.9-arm64-darwin) - sqlite3 (1.6.9-x86_64-darwin) - sqlite3 (1.6.9-x86_64-linux) + sqlite3 (1.7.3-aarch64-linux) + sqlite3 (1.7.3-arm64-darwin) + sqlite3 (1.7.3-x86_64-darwin) + sqlite3 (1.7.3-x86_64-linux) stackprof (0.2.12) terminal-table (3.0.2) unicode-display_width (>= 1.1.1, < 3) From 62a2ceebf75856b0698078743c10e9226ba96cc3 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 10:10:53 +1100 Subject: [PATCH 13/15] Bump rails-html-sanitizer from 1.6.0 to 1.6.2 --- Gemfile.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e553a1698..ed2eb9232 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -416,7 +416,7 @@ GEM railties (>= 4) request_store (~> 1.0) logstash-event (1.2.02) - loofah (2.22.0) + loofah (2.24.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.7.1) @@ -458,16 +458,16 @@ GEM netrc (0.11.0) newrelic_rpm (9.7.1) nio4r (2.7.3) - nokogiri (1.16.5) + nokogiri (1.18.1) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.16.5-aarch64-linux) + nokogiri (1.18.1-aarch64-linux-gnu) racc (~> 1.4) - nokogiri (1.16.5-arm64-darwin) + nokogiri (1.18.1-arm64-darwin) racc (~> 1.4) - nokogiri (1.16.5-x86_64-darwin) + nokogiri (1.18.1-x86_64-darwin) racc (~> 1.4) - nokogiri (1.16.5-x86_64-linux) + nokogiri (1.18.1-x86_64-linux-gnu) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -526,7 +526,7 @@ GEM puma (5.6.9) nio4r (~> 2.0) pyu-ruby-sasl (0.0.3.3) - racc (1.8.0) + racc (1.8.1) rack (2.2.9) rack-mini-profiler (3.3.0) rack (>= 1.2.0) @@ -543,9 +543,9 @@ GEM activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.6.0) + rails-html-sanitizer (1.6.2) loofah (~> 2.21) - nokogiri (~> 1.14) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) railties (6.1.7.10) actionpack (= 6.1.7.10) activesupport (= 6.1.7.10) From 0ce373ee9c34cb3f20d9484febfb6249e6517abd Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 10:31:14 +1100 Subject: [PATCH 14/15] Ignore Rails 6.1 security issue --- .bundler-audit.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.bundler-audit.yml b/.bundler-audit.yml index 9da7ebe94..e9bf6cce6 100644 --- a/.bundler-audit.yml +++ b/.bundler-audit.yml @@ -4,3 +4,4 @@ # - leave file with `ignore: []` if ignore list is empty ignore: - CVE-2024-6484 # ignore until a patch is available https://github.com/advisories/GHSA-9mvj-f7w8-pvh2 + - CVE-2024-54133 # ignore until Rails is upgraded to >= 7.0 From 9558992f9a23b6664216467f7a9e1d301e8494c2 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sat, 11 Jan 2025 10:32:09 +1100 Subject: [PATCH 15/15] Resolve test failures and warnings --- .../test/models/kubernetes/release_doc_test.rb | 4 ++-- .../kubernetes/test/models/kubernetes/resource_test.rb | 4 ++-- .../rollbar/test/samson_rollbar/samson_plugin_test.rb | 4 ++-- test/channels/deploy_notifications_channel_test.rb | 2 +- test/lib/samson/hooks_test.rb | 2 +- test/lib/samson/secrets/vault_server_test.rb | 10 ++++++---- test/models/job_queue_test.rb | 2 +- 7 files changed, 15 insertions(+), 13 deletions(-) diff --git a/plugins/kubernetes/test/models/kubernetes/release_doc_test.rb b/plugins/kubernetes/test/models/kubernetes/release_doc_test.rb index 5118d9f7e..3cf1c8ad5 100644 --- a/plugins/kubernetes/test/models/kubernetes/release_doc_test.rb +++ b/plugins/kubernetes/test/models/kubernetes/release_doc_test.rb @@ -314,9 +314,9 @@ def create! doc.instance_variable_set(:@previous_resources, [{SER: "VICE"}, {DE: "PLOY"}]) resources = doc.send(:resources) resources.detect { |r| r.kind == "Deployment" }. - expects(:revert).with(DE: "PLOY") + expects(:revert).with({DE: "PLOY"}) resources.detect { |r| r.kind == "Service" }. - expects(:revert).with(SER: "VICE") + expects(:revert).with({SER: "VICE"}) doc.revert end diff --git a/plugins/kubernetes/test/models/kubernetes/resource_test.rb b/plugins/kubernetes/test/models/kubernetes/resource_test.rb index 19413633c..bfb0740d2 100644 --- a/plugins/kubernetes/test/models/kubernetes/resource_test.rb +++ b/plugins/kubernetes/test/models/kubernetes/resource_test.rb @@ -390,12 +390,12 @@ def assert_create_and_delete_requests(**args, &block) it "retries on conflict with updated version" do resource.send(:client).expects(:update_config_map). - with(metadata: {resourceVersion: "old"}). + with({metadata: {resourceVersion: "old"}}). raises(Kubeclient::HttpError.new(409, 'Conflict', {})) resource.send(:client).expects(:get_config_map). returns(metadata: {resourceVersion: "new"}) resource.send(:client).expects(:update_config_map). - with(metadata: {resourceVersion: "new"}). + with({metadata: {resourceVersion: "new"}}). returns({}) resource.send(:request, :update, metadata: {resourceVersion: "old"}) diff --git a/plugins/rollbar/test/samson_rollbar/samson_plugin_test.rb b/plugins/rollbar/test/samson_rollbar/samson_plugin_test.rb index a3be4e853..2e8a384ca 100644 --- a/plugins/rollbar/test/samson_rollbar/samson_plugin_test.rb +++ b/plugins/rollbar/test/samson_rollbar/samson_plugin_test.rb @@ -11,13 +11,13 @@ only_callbacks_for_plugin :error it 'reports error' do - Rollbar.expects(:warn).with(exception, foo: 'bar').returns(123) + Rollbar.expects(:warn).with(exception, {foo: 'bar'}).returns(123) Samson::Hooks.fire(:error, exception, foo: 'bar').must_equal [123] end describe "with sync" do it 'returns url' do - Rollbar.expects(:warn).with(exception, foo: 'bar').returns(uuid: '123') + Rollbar.expects(:warn).with(exception, {foo: 'bar'}).returns(uuid: '123') Samson::Hooks.fire(:error, exception, foo: 'bar', sync: true).must_equal( ["https://rollbar.com/instance/uuid?uuid=123"] ) diff --git a/test/channels/deploy_notifications_channel_test.rb b/test/channels/deploy_notifications_channel_test.rb index 122d49b8e..f620ff8e0 100644 --- a/test/channels/deploy_notifications_channel_test.rb +++ b/test/channels/deploy_notifications_channel_test.rb @@ -8,7 +8,7 @@ describe '.broadcast' do it "sends to self" do - ActionCable.server.expects(:broadcast).with("deploy_notifications", count: 5) + ActionCable.server.expects(:broadcast).with("deploy_notifications", {count: 5}) DeployNotificationsChannel.broadcast 5 end end diff --git a/test/lib/samson/hooks_test.rb b/test/lib/samson/hooks_test.rb index 3f6ca1944..f45c59b26 100644 --- a/test/lib/samson/hooks_test.rb +++ b/test/lib/samson/hooks_test.rb @@ -90,7 +90,7 @@ def hooks it 'removes all callbacks for hook except for the one for the specified plugin' do mock_exception = mock - Airbrake.expects(:notify).with(mock_exception, foo: 'bar').once + Airbrake.expects(:notify).with(mock_exception, {foo: 'bar'}).once Rollbar.expects(:error).never Sentry.expects(:error).never diff --git a/test/lib/samson/secrets/vault_server_test.rb b/test/lib/samson/secrets/vault_server_test.rb index e24616a61..e1d031ec0 100644 --- a/test/lib/samson/secrets/vault_server_test.rb +++ b/test/lib/samson/secrets/vault_server_test.rb @@ -29,7 +29,9 @@ it "is invalid with an invalid cert" do server.ca_cert = "nope" refute_valid server - server.errors.full_messages.must_equal ["Ca cert is invalid: PEM_read_bio_X509: no start line"] + server.errors.full_messages.must_equal( + ["Ca cert is invalid: PEM_read_bio_X509: no start line (Expecting: CERTIFICATE)"] + ) end it "is invalid with duplicate name" do @@ -78,7 +80,7 @@ key = "global/global/global/a" from.client.kv.expects(:list_recursive).returns([key]) from.client.kv.expects(:read).with(key).returns(stub(data: {foo: :bar})) - to.client.kv.expects(:write).with(key, foo: :bar) + to.client.kv.expects(:write).with(key, {foo: :bar}) to.sync!(from) end @@ -88,7 +90,7 @@ from.client.kv.expects(:list_recursive).returns([key]) from.client.kv.expects(:read).with(key).returns(stub(data: {foo: :bar})) - to.client.kv.expects(:write).with(key, foo: :bar) + to.client.kv.expects(:write).with(key, {foo: :bar}) to.sync!(from) end @@ -96,7 +98,7 @@ key = scoped_key from.client.kv.expects(:list_recursive).returns([key]) from.client.kv.expects(:read).with(key).returns(stub(data: {foo: :bar})) - to.client.kv.expects(:write).with(key, foo: :bar) + to.client.kv.expects(:write).with(key, {foo: :bar}) to.sync!(from) end diff --git a/test/models/job_queue_test.rb b/test/models/job_queue_test.rb index b512983ad..9ba820158 100644 --- a/test/models/job_queue_test.rb +++ b/test/models/job_queue_test.rb @@ -335,7 +335,7 @@ def with_staggering_enabled(stagger_interval: 1.second, &block) mock_timer_task = mock(execute: true) expected_task_params = {now: true, timeout_interval: 10, execution_interval: 1.second} instance.expects(:dequeue_staggered_job) - Concurrent::TimerTask.expects(:new).with(expected_task_params).yields.returns(mock_timer_task) + Concurrent::TimerTask.expects(:new).with(**expected_task_params).yields.returns(mock_timer_task) with_staggering_enabled do instance.send(:start_staggered_job_dequeuer)