bard 1.3.9 → 1.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4786eaeab7a9790f644eebe54fe86e3c03e829a9e1d2bc149e612c6b125d9687
-  data.tar.gz: ce9ba38f2f0e4e1897997d31f6f687cf2256978f928bcd3399555e1b7bdbc200
+  metadata.gz: b61ad7f978453da17070fecbb92f64e0fc3311f3c8b530d7cb89227f6a72d286
+  data.tar.gz: f0961592b8234b9c71929cfb5f34b9cc9edbf4f75485331bdf25a6a27e620e44
 SHA512:
-  metadata.gz: 54b835052687d6356ffc0f06d62413f1cbdb4f9fd606fe4047849d3556069d871e3432b5c79ff5d84bab829293fb0ad2333ef0b7671232ca8ea39d8f27d46c9e
-  data.tar.gz: cd14da902d7b39bc7dc665164a0019225ca23436122498d1dae2cd78966cece12acea9346f6345e8cf3a141a35130813c63c8af726559b25fe43bcc518589464
+  metadata.gz: bb9fa351d2b084dc624909e0691aa0ad698c182bf5d0417c3e5731f63bc9ac2aaa90b23be87ba3c894abb74a4b16baf5a638124789eb3eefd8e2087ba6b71257
+  data.tar.gz: 902e8f5be5ae6c1c47cbf34c771fe77c1e3dc298f345983732c6b7cd74eb7293c9d6c325cf2e90814532a85bbaa22b9825c416e507ee40aec88c9068e1bfd328

data/bard.gemspec

@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "thor", ">= 0.19.0"
   spec.add_dependency "rvm"
   spec.add_dependency "term-ansicolor", ">= 1.0.3"
+  spec.add_dependency "rbnacl"
 
   spec.add_development_dependency "byebug"
   spec.add_development_dependency "rspec"

data/install_files/.github/workflows/ci.yml

@@ -30,6 +30,14 @@ jobs:
         uses: ruby/setup-ruby@v1
         with:
           bundler-cache: true
+      - name: Set up apt packages
+        run: |
+          sudo rm -f /var/lib/man-db/auto-update
+          echo "APT_PACKAGES=$(paste -sd " " Aptfile)" >> $GITHUB_ENV
+      - name: Apt packages
+        uses: awalsh128/cache-apt-pkgs-action@latest
+        with:
+          packages: ${{ env.APT_PACKAGES }}
       - name: Setup
         run: bin/setup
       - name: Run tests

data/install_files/apt_dependencies.rb

@@ -3,6 +3,7 @@ module AptDependencies
 
   def self.ensure!
     return "true" if deps_to_install.none?
+    return "true" if ENV["APT_PACKAGES"] # already installed via github actions
     if sudo_password_required? && ENV["RAILS_ENV"] != "development"
       $stderr.puts "sudo requires password! cannot install #{deps_to_install.join(' ')}"
       exit 1

data/lib/bard/cli/new.rb

@@ -40,7 +40,8 @@ class Bard::CLI::New < Bard::CLI::Command
   end
 
   def push_to_github
-    Bard::Github.new(project_name).create_repo
+    api = Bard::Github.new(project_name)
+    api.create_repo
     run! <<~BASH
       cd ../#{project_name}
       git init -b master
@@ -49,6 +50,9 @@ class Bard::CLI::New < Bard::CLI::Command
       git remote add origin git@github.com:botandrosedesign/#{project_name}
       git push -u origin master
     BASH
+    api.add_master_key File.read("../#{project_name}/config/master.key")
+    api.add_master_branch_protection
+    api.patch(nil, allow_auto_merge: true)
   end
 
   def stage

data/lib/bard/cli/new_rails_template.rb

@@ -21,6 +21,9 @@ file ".gitignore", <<~GITIGNORE
   # Ignore master key for decrypting credentials and more.
   /config/master.key
 
+  # ignore coverage reports
+  /coverage
+
   # Ignore database dumps
   /db/data.*
 
@@ -39,30 +42,32 @@ file "Gemfile", <<~RUBY
 
   gem "bootsnap", require: false
   gem "rails", "~>8.0.0"
+  gem "solid_cache"
+  gem "solid_queue"
+  gem "solid_cable"
   gem "bard-rails"
   gem "sqlite3"
+  gem "image_processing"
+  gem "puma"
+  gem "exception_notification"
 
+  # css
   gem "sprockets-rails"
   gem "dartsass-sprockets"
   gem "bard-sass"
 
+  # js
   gem "importmap-rails"
   gem "turbo-rails"
   gem "stimulus-rails"
 
-  gem "solid_cache"
-  gem "solid_queue"
-  gem "solid_cable"
-
-  gem "image_processing"
-  gem "puma"
-
   group :development do
     gem "web-console"
   end
 
   group :development, :test do
     gem "debug", require: "debug/prelude"
+    gem "parallel_tests", "~>3.9.0" # 3.10 pegs CPU
     gem "brakeman", require: false
     gem "rubocop-rails-omakase", require: false
   end
@@ -83,6 +88,64 @@ file "Gemfile", <<~RUBY
   end
 RUBY
 
+file "config/initializers/exception_notification.rb", <<~RUBY
+  require "exception_notification/rails"
+
+  ExceptionNotification.configure do |config|
+    config.ignored_exceptions = []
+
+    # Adds a condition to decide when an exception must be ignored or not.
+    # The ignore_if method can be invoked multiple times to add extra conditions.
+    config.ignore_if do |exception, options|
+      not Rails.env.production?
+    end
+
+    config.ignore_if do |exception, options|
+      %w[
+        ActiveRecord::RecordNotFound
+        AbstractController::ActionNotFound
+        ActionController::RoutingError
+        ActionController::InvalidAuthenticityToken
+        ActionView::MissingTemplate
+        ActionController::BadRequest
+        ActionDispatch::Http::Parameters::ParseError
+        ActionDispatch::Http::MimeNegotiation::InvalidType
+      ].include?(exception.class.to_s)
+    end
+
+    config.add_notifier :email, {
+      email_prefix: "[\#{File.basename(Dir.pwd)}] ",
+      exception_recipients: "micah@botandrose.com",
+      smtp_settings: Rails.application.credentials.exception_notification_smtp_settings,
+    }
+  end
+
+  if defined?(Rake::Application)
+    Rake::Application.prepend Module.new {
+      def display_error_message error
+        ExceptionNotifier.notify_exception(error)
+        super
+      end
+
+      def invoke_task task_name
+        super
+      rescue RuntimeError => exception
+        if exception.message.starts_with?("Don't know how to build task")
+          ExceptionNotifier.notify_exception(exception)
+        end
+        raise exception
+      end
+    }
+  end
+
+  ActionController::Live.prepend Module.new {
+    def log_error exception
+      ExceptionNotifier.notify_exception exception, env: request.env
+      super
+    end
+  }
+RUBY
+
 file "app/assets/config/manifest.js", <<~RUBY
   //= link_tree ../images
   //= link_directory ../stylesheets .css
@@ -110,6 +173,18 @@ insert_into_file "config/database.yml", <<~YAML, after: "database: storage/test.
     database: storage/staging.sqlite3
 YAML
 
+insert_into_file "config/database.yml", <<-YAML, after: "# database: path/to/persistent/storage/production.sqlite3"
+
+  cable:
+    <<: *default
+    # database: path/to/persistent/storage/production_cable.sqlite3
+    migrations_paths: db/cable_migrate
+  queue:
+    <<: *default
+    # database: path/to/persistent/storage/production_queue.sqlite3
+    migrations_paths: db/queue_migrate
+YAML
+
 gsub_file "config/environments/production.rb", /  (config\.logger.+STDOUT.*)$/, '  # \1'
 
 after_bundle do

data/lib/bard/cli/provision.rb

@@ -23,10 +23,11 @@ class Bard::CLI::Provision < Bard::CLI::Command
   desc "provision [ssh_url] --steps=all", "takes an optional ssh url to a raw ubuntu 22.04 install, and readies it in the shape of :production"
   option :steps, type: :array, default: STEPS
   def provision ssh_url=config[:production].ssh
+    # unfreeze the string for later mutation
+    ssh_url = ssh_url.dup
     options[:steps].each do |step|
       require "bard/provision/#{step.downcase}"
-      # dup unfreezes the string for later mutation
-      Bard::Provision.const_get(step).call(config, ssh_url.dup)
+      Bard::Provision.const_get(step).call(config, ssh_url)
     end
   end
 end

data/lib/bard/git.rb

@@ -20,7 +20,9 @@ module Bard
     end
 
     def sha_of ref
-      `git rev-parse #{ref}`.chomp
+      sha = `git rev-parse #{ref} 2>/dev/null`.chomp
+      return sha if $?.success?
+      nil # Branch doesn't exist
     end
   end
 end

data/lib/bard/github.rb

@@ -1,6 +1,7 @@
 require "net/http"
 require "json"
 require "base64"
+require "rbnacl"
 
 module Bard
   class Github < Struct.new(:project_name)
@@ -19,6 +20,22 @@ module Bard
       end
     end
 
+    def put path, params={}
+      request(path) do |uri|
+        Net::HTTP::Put.new(uri).tap do |r|
+          r.body = JSON.dump(params)
+        end
+      end
+    end
+
+    def patch path, params={}
+      request(path) do |uri|
+        Net::HTTP::Patch.new(uri).tap do |r|
+          r.body = JSON.dump(params)
+        end
+      end
+    end
+
     def delete path, params={}
       request(path) do |uri|
         Net::HTTP::Delete.new(uri).tap do |r|
@@ -36,6 +53,38 @@ module Bard
       post("keys", title:, key:)
     end
 
+    def add_master_key master_key
+      response = get("actions/secrets/public-key")
+      public_key, public_key_id = response.values_at("key", "key_id")
+
+      def encrypt_secret(encoded_public_key, secret)
+        decoded_key = Base64.decode64(encoded_public_key)
+        public_key = RbNaCl::PublicKey.new(decoded_key)
+        box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
+        encrypted_secret = box.encrypt(secret)
+        Base64.strict_encode64(encrypted_secret)
+      end
+
+      encrypted_master_key = encrypt_secret(public_key, master_key)
+
+      put("actions/secrets/RAILS_MASTER_KEY", {
+        encrypted_value: encrypted_master_key,
+        key_id: public_key_id,
+      })
+    end
+
+    def add_master_branch_protection
+      put("branches/master/protection", {
+        required_status_checks: {
+          strict: false,
+          contexts: [],
+        },
+        enforce_admins: nil,
+        required_pull_request_reviews: nil,
+        restrictions: nil,
+      })
+    end
+
     def create_repo
       post("https://api.github.com/orgs/botandrosedesign/repos", {
         name: project_name,
@@ -44,7 +93,7 @@ module Bard
     end
 
     def delete_repo
-      delete("https://api.github.com/repos/botandrosedesign/#{project_name}")
+      delete(nil)
     end
 
     private
@@ -60,7 +109,12 @@ module Bard
       uri = if path =~ /^http/
         URI(path)
       else
-        URI("https://api.github.com/repos/botandrosedesign/#{project_name}/#{path}")
+        base = "https://api.github.com/repos/botandrosedesign/#{project_name}"
+        if path
+          URI.join(base, path)
+        else
+          URI(base)
+        end
       end
 
       req = nil

data/lib/bard/github_pages.rb

@@ -92,9 +92,7 @@ module Bard
     end
 
     def get_parent_commit
-      sha = Git.sha_of("#{@branch}^{commit}")
-      return sha if $?.success?
-      nil # Branch doesn't exist yet
+      Git.sha_of("#{@branch}^{commit}")
     end
 
     def commit_and_push commit_sha

data/lib/bard/provision/mysql.rb

@@ -8,6 +8,7 @@ class Bard::Provision::MySQL < Bard::Provision
       provision_server.run! [
         "sudo apt-get install -y mysql-server",
         %(sudo mysql -uroot -e "ALTER USER \\"'\\"root\\"'\\"@\\"'\\"localhost\\"'\\" IDENTIFIED WITH mysql_native_password BY \\"'\\"\\"'\\", \\"'\\"root\\"'\\"@\\"'\\"localhost\\"'\\" PASSWORD EXPIRE NEVER; FLUSH PRIVILEGES;"),
+        %(mysql -uroot -e "UPDATE mysql.user SET password_lifetime = NULL WHERE user = 'root' AND host = 'localhost';"),
       ].join("; "), home: true
     end
 

data/lib/bard/provision/user.rb

@@ -36,7 +36,7 @@ class Bard::Provision::User < Bard::Provision
   end
 
   def ssh_with_user? ssh_uri, user: ssh_uri.user
-    system "ssh -o ConnectTimeout=2 -p#{ssh_uri.port || 22} #{user}@#{ssh_uri.host} exit >/dev/null 2>&1"
+    system "ssh -o ConnectTimeout=2 -p#{ssh_uri.port || 22} #{user}@#{ssh_uri.host} : >/dev/null 2>&1"
   end
 end
 

data/lib/bard/version.rb

@@ -1,4 +1,4 @@
 module Bard
-  VERSION = "1.3.9"
+  VERSION = "1.4.1"
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bard
 version: !ruby/object:Gem::Version
-  version: 1.3.9
+  version: 1.4.1
 platform: ruby
 authors:
 - Micah Geisel
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2025-01-17 00:00:00.000000000 Z
+date: 2025-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -52,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.3
+- !ruby/object:Gem::Dependency
+  name: rbnacl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement