Merge pull request #98 from ruby-no-kai/2025/maintenance

Maintenance for 2025

Author: sorah

.dockerignore

@@ -2,5 +2,6 @@
 /log/
 /tmp/
 /public/packs
+/public/vite*
 vendor/
 .terraform/

.github/workflows/_test.yml

@@ -0,0 +1,20 @@
+name: Test
+
+on:
+  workflow_call:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - run: docker compose up -d --wait db
+      - uses: ruby/setup-ruby@d5126b9b3579e429dd52e51e68624dda2e05be25 # v1.267.0
+        with:
+          bundler-cache: true
+      - run: bundle exec rails db:create db:migrate RAILS_ENV=test
+      - run: bundle exec rspec -f j -o tmp/rspec_results.json -f d spec
+      - uses: SonicGarden/rspec-report-action@59517533fc21753efb185011e1811e94dc89e02b # v6.0.0
+        if: always()
+        with:
+          json-path: tmp/rspec_results.json

.github/workflows/ci.yml

@@ -3,9 +3,12 @@ on:
   push:
     branches:
       - master
+      - main
       - test
 
 jobs:
+  test:
+    uses: ./.github/workflows/_test.yml
   build:
     name: build
     permissions:
@@ -15,38 +18,38 @@ jobs:
     outputs:
       image-tag: "${{ steps.login-ecr.outputs.registry }}/sponsor-app:${{ github.sha }}"
     steps:
-      - uses: docker/setup-buildx-action@v2
-      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       #- uses: ruby/setup-ruby@v1
       #  with:
       #    ruby-version: '3.1'
       #    bundler-cache: true
-      - uses: aws-actions/configure-aws-credentials@v4
+      - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
         with:
           aws-region: "us-west-2"
           role-skip-session-tagging: true
           role-to-assume: "arn:aws:iam::005216166247:role/GhaDockerPush"
           mask-aws-account-id: false
       - id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
+        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
       - run: "echo '${{ github.sha }}' > REVISION"
       - name: 'Build Docker image'
-        uses: 'docker/build-push-action@v3'
+        uses: 'docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6' # v3.3.1
         with:
           context: '.'
           load: true
           tags: "sponsor-app-test:latest,${{ steps.login-ecr.outputs.registry }}/sponsor-app:${{ github.sha }},${{ steps.login-ecr.outputs.registry }}/sponsor-app:latest"
           cache-from: type=gha
           cache-to: type=gha,mode=max
       - name: 'Push Docker image'
-        uses: 'docker/build-push-action@v3'
+        uses: 'docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6' # v3.3.1
         with:
           context: '.'
           push: true
           tags: "${{ steps.login-ecr.outputs.registry }}/sponsor-app:${{ github.sha }},${{ steps.login-ecr.outputs.registry }}/sponsor-app:latest"
 
   deploy-prod:
-    if: "${{ success() && github.event_name == 'push' }}"
+    if: "${{ success() && github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main') }}"
     name: deploy-prod
     needs: ["build"]
     permissions:
@@ -62,13 +65,13 @@ jobs:
     env:
       BUNDLE_GEMFILE: "${{ github.workspace }}/deploy/Gemfile"
     steps:
-      - uses: actions/checkout@v4
-      - uses: ruby/setup-ruby@v1
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: ruby/setup-ruby@d5126b9b3579e429dd52e51e68624dda2e05be25 # v1.267.0
         with:
           ruby-version: '3.2'
           bundler-cache: true
-      - uses: hashicorp/setup-terraform@v3
-      - uses: aws-actions/configure-aws-credentials@v4
+      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
+      - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
         with:
           aws-region: "us-west-2"
           role-skip-session-tagging: true

.github/workflows/pr.yml

@@ -0,0 +1,8 @@
+name: pr
+
+on:
+  pull_request:
+
+jobs:
+  test:
+    uses: ./.github/workflows/_test.yml

.gitignore

@@ -30,6 +30,15 @@
 /node_modules
 yarn-debug.log*
 .yarn-integrity
+pnpm-debug.log*
 vendor
 
 .terraform/
+
+# Vite Ruby
+/public/vite*
+node_modules
+# Vite uses dotenv and suggests to ignore local-only env files. See
+# https://vitejs.dev/guide/env-and-mode.html#env-files
+*.local
+

.overmind.env

@@ -0,0 +1,2 @@
+OVERMIND_PORT=3000
+OVERMIND_PORT_STEP=10

.pinact.yaml

@@ -0,0 +1,14 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/suzuki-shunsuke/pinact/refs/heads/main/json-schema/pinact.json
+# pinact - https://github.com/suzuki-shunsuke/pinact
+version: 3
+# files:
+#   - pattern: action.yaml
+#   - pattern: */action.yaml
+
+ignore_actions:
+# - name: slsa-framework/slsa-github-generator/\.github/workflows/generator_generic_slsa3\.yml
+#   ref: v\d+\.\d+\.\d+
+# - name: actions/.*
+#   ref: main
+# - name: suzuki-shunsuke/.*
+#   ref: release-.*

.postcssrc.yml

@@ -0,0 +1 @@
+3.4