bullion 0.1.3 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 593707ee0875636704bc97eb1a384705165b91df8df9603f579f3ec0520604a4
-  data.tar.gz: f4605392c33a44eb1a39e06ec1a1bfb72b1746a8120eadfd9064cdf1dfb554a4
+  metadata.gz: f1897a626efbdecba9680874c7c3266b74bcfdbbe75e6b9646876cdac0951166
+  data.tar.gz: 9615ce0ee849c308eb6c0e19ca265e08f2794decb0b204fe1d3b4ed0896e7705
 SHA512:
-  metadata.gz: 77a51b885d00586cf3550aad568687652b84c8072904144ccf2fe185ed0c04126036337c06f5f8a6719e19a6a62159ea496133af4c9894fe0327ab4cbcb2eb04
-  data.tar.gz: 9d393200ce899d507489b76c0a0093b9547230958ea3a0bebf7be33e88ada915f9a76a5f232416095fc1acae77cd45bb6863248a523942d49f9c380f539002ac
+  metadata.gz: f78395c368c1b52af2cf043615c89925697f48faf40d7fa5623198b44b14eece6085d7a49d00bbaff53c7e4d24dafe2fb8fb65fc7f788a872de98c3a75e6aa2a
+  data.tar.gz: d89899a9513543bbba121496a4c214f96ee327e98d7993c5806b436a32e2c16256dc9296f82fa74ab3a558ddaba8755dd895c8534a07e77580f5b964efbad118

data/.roxanne.yml

@@ -0,0 +1,14 @@
+version: 1.0
+stages:
+  build:
+    image: docker:latest
+    scripts:
+    - ./scripts/build.sh
+  test:
+    image: ruby:3.1
+    scripts:
+    - ./scripts/test.sh
+  release:
+    image: ruby:3.1
+    only:
+    - main

data/.rspec

@@ -1,3 +1,2 @@
 --format documentation
 --color
---require spec_helper

data/.rubocop.yml

@@ -3,18 +3,18 @@ Layout/LineLength:
 
 AllCops:
   Exclude:
-    - 'spec/**/*_spec.rb'
-    - 'db/schema.rb'
-    - 'vendor/**/*'
-  TargetRubyVersion: 2.6
+  - 'db/schema.rb'
+  - 'vendor/**/*'
+  TargetRubyVersion: 3.1
   NewCops: enable
 
 Metrics/AbcSize:
   Max: 21
 
 Metrics/BlockLength:
-  Max: 30
+  Max: 35
   Exclude:
+  - 'spec/**/*_spec.rb'
   - 'Rakefile'
   - '*.gemspec'
 
@@ -22,10 +22,29 @@ Metrics/MethodLength:
   Max: 20
 
 Metrics/ModuleLength:
-  Max: 150
+  Max: 160
+  Exclude:
+  - 'spec/**/*_spec.rb'
 
 Metrics/ClassLength:
   Max: 300
+  Exclude:
+  - 'spec/**/*_spec.rb'
+
+Gemspec/RequireMFA:
+  Enabled: false
+
+Style/MixinUsage:
+  Exclude:
+  - "bin/console"
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  Enabled: true
+  EnforcedStyle: double_quotes
 
 Style/StringConcatenation:
   Exclude:

data/.ruby-version

@@ -0,0 +1 @@
+3.1.2

data/Dockerfile

@@ -1,34 +1,25 @@
-FROM ruby:2.6-alpine AS build
+FROM ruby:3.1 AS build
 
 ENV RACK_ENV=development
 
 COPY . /build
 
-RUN apk --no-cache upgrade \
-    && apk --no-cache add git mariadb-client mariadb-connector-c \
-       runit sqlite-dev \
-    && apk --no-cache add --virtual build-dependencies \
-       build-base mariadb-dev
+RUN apt-get update && apt-get upgrade -y && apt-get install -y libsqlite3-dev sqlite3 curl libsodium-dev
 
-RUN apk add build-base \
-    && cd /build \
+RUN cd /build \
     && gem build bullion.gemspec \
     && mv bullion*.gem /bullion.gem
 
 WORKDIR /build
 
-FROM ruby:2.6-alpine
+FROM ruby:3.1
 LABEL maintainer="Jonathan Gnagy <jonathan.gnagy@gmail.com>"
 
 ENV BULLION_PORT=9292
 ENV BULLION_ENVIRONMENT=development
 ENV DATABASE_URL=sqlite3:///tmp/bullion.db
 
-RUN apk --no-cache upgrade \
-    && apk --no-cache add git mariadb-client mariadb-connector-c \
-       runit sqlite-dev \
-    && apk --no-cache add --virtual build-dependencies \
-       build-base mariadb-dev
+RUN apt-get update && apt-get upgrade -y && apt-get -y install libsqlite3-dev sqlite3 curl libsodium-dev
 
 RUN mkdir /app
 
@@ -47,8 +38,7 @@ RUN chmod +x /entrypoint.sh \
 
 WORKDIR /app
 
-RUN gem install bullion.gem \
-    && apk del build-dependencies
+RUN gem install bullion.gem
 
 USER nobody
 

data/Gemfile

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 

data/Gemfile.lock

@@ -1,132 +1,140 @@
 PATH
   remote: .
   specs:
-    bullion (0.1.3)
+    bullion (0.3.1)
       httparty (~> 0.18)
-      json (~> 2.5)
-      jwt (~> 1.5)
+      json (~> 2.6)
+      jwt (~> 2.4)
       mysql2 (~> 0.5)
-      openssl (~> 2.2)
-      prometheus-client (~> 2.1)
-      puma (~> 3.12)
-      sinatra (~> 2.1)
+      openssl (~> 3.0)
+      prometheus-client (~> 4.0)
+      puma (~> 5.6)
+      sinatra (~> 2.2)
       sinatra-activerecord (~> 2.0)
-      sinatra-contrib (~> 2.1)
+      sinatra-contrib (~> 2.2)
       sqlite3 (~> 1.4)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    acme-client (2.0.7)
-      faraday (>= 0.17, < 2.0.0)
-    activemodel (6.1.1)
-      activesupport (= 6.1.1)
-    activerecord (6.1.1)
-      activemodel (= 6.1.1)
-      activesupport (= 6.1.1)
-    activesupport (6.1.1)
+    acme-client (2.0.11)
+      faraday (>= 1.0, < 3.0.0)
+      faraday-retry (~> 1.0)
+    activemodel (7.0.3.1)
+      activesupport (= 7.0.3.1)
+    activerecord (7.0.3.1)
+      activemodel (= 7.0.3.1)
+      activesupport (= 7.0.3.1)
+    activesupport (7.0.3.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
-    ast (2.4.1)
-    byebug (9.1.0)
-    concurrent-ruby (1.1.7)
-    diff-lcs (1.4.4)
-    docile (1.3.5)
-    faraday (1.3.0)
-      faraday-net_http (~> 1.0)
-      multipart-post (>= 1.2, < 3)
-      ruby2_keywords
-    faraday-net_http (1.0.1)
-    httparty (0.18.1)
+    ast (2.4.2)
+    byebug (11.1.3)
+    concurrent-ruby (1.1.10)
+    diff-lcs (1.5.0)
+    docile (1.4.0)
+    faraday (2.3.0)
+      faraday-net_http (~> 2.0)
+      ruby2_keywords (>= 0.0.4)
+    faraday-net_http (2.0.3)
+    faraday-retry (1.0.3)
+    httparty (0.20.0)
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
-    i18n (1.8.7)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
-    json (2.5.1)
-    jwt (1.5.6)
-    mime-types (3.3.1)
+    json (2.6.2)
+    jwt (2.4.1)
+    mime-types (3.4.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2020.1104)
-    minitest (5.14.3)
+    mime-types-data (3.2022.0105)
+    minitest (5.16.2)
     multi_json (1.15.0)
     multi_xml (0.6.0)
-    multipart-post (2.1.1)
-    mustermann (1.1.1)
+    mustermann (1.1.2)
       ruby2_keywords (~> 0.0.1)
-    mysql2 (0.5.3)
-    openssl (2.2.0)
-    parallel (1.20.1)
-    parser (3.0.0.0)
+    mysql2 (0.5.4)
+    nio4r (2.5.8)
+    openssl (3.0.0)
+    parallel (1.22.1)
+    parser (3.1.2.0)
       ast (~> 2.4.1)
-    prometheus-client (2.1.0)
-    puma (3.12.6)
-    rack (2.2.3)
-    rack-protection (2.1.0)
+    prometheus-client (4.0.0)
+    puma (5.6.4)
+      nio4r (~> 2.0)
+    rack (2.2.4)
+    rack-protection (2.2.1)
       rack
-    rack-test (0.8.3)
-      rack (>= 1.0, < 3)
-    rainbow (3.0.0)
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rainbow (3.1.1)
     rake (12.3.3)
-    regexp_parser (2.0.3)
-    rexml (3.2.4)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    regexp_parser (2.5.0)
+    rexml (3.2.5)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.1)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.1)
-    rubocop (0.93.1)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    rubocop (1.31.2)
+      json (~> 2.3)
       parallel (~> 1.10)
-      parser (>= 2.7.1.5)
+      parser (>= 3.1.0.0)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8)
-      rexml
-      rubocop-ast (>= 0.6.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.18.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (1.4.0)
-      parser (>= 2.7.1.5)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.19.1)
+      parser (>= 3.1.1.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    rubocop-rspec (2.11.1)
+      rubocop (~> 1.19)
     ruby-progressbar (1.11.0)
-    ruby2_keywords (0.0.2)
+    ruby2_keywords (0.0.5)
     simplecov (0.21.2)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
-    simplecov-cobertura (1.4.2)
-      simplecov (~> 0.8)
+    simplecov-cobertura (2.1.0)
+      rexml
+      simplecov (~> 0.19)
     simplecov-html (0.12.3)
-    simplecov_json_formatter (0.1.2)
-    sinatra (2.1.0)
+    simplecov_json_formatter (0.1.4)
+    sinatra (2.2.1)
       mustermann (~> 1.0)
       rack (~> 2.2)
-      rack-protection (= 2.1.0)
+      rack-protection (= 2.2.1)
       tilt (~> 2.0)
-    sinatra-activerecord (2.0.21)
+    sinatra-activerecord (2.0.25)
       activerecord (>= 4.1)
       sinatra (>= 1.0)
-    sinatra-contrib (2.1.0)
+    sinatra-contrib (2.2.1)
       multi_json
       mustermann (~> 1.0)
-      rack-protection (= 2.1.0)
-      sinatra (= 2.1.0)
+      rack-protection (= 2.2.1)
+      sinatra (= 2.2.1)
       tilt (~> 2.0)
-    sqlite3 (1.4.2)
+    sqlite3 (1.4.4)
     tilt (2.0.10)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (1.7.0)
-    yard (0.9.26)
-    zeitwerk (2.4.2)
+    unicode-display_width (2.2.0)
+    webrick (1.7.0)
+    yard (0.9.28)
+      webrick (~> 1.7.0)
 
 PLATFORMS
   ruby
@@ -134,15 +142,17 @@ PLATFORMS
 DEPENDENCIES
   acme-client (~> 2.0)
   bullion!
-  bundler (~> 2.0)
-  byebug (~> 9)
-  rack-test (~> 0.8)
+  bundler (~> 2.3)
+  byebug (~> 11)
+  rack-test (~> 2.0)
   rake (~> 12.3)
   rspec (~> 3.10)
-  rubocop (~> 0.93)
-  simplecov (~> 0.20)
-  simplecov-cobertura (~> 1.4)
+  rubocop (~> 1.31)
+  rubocop-rake (~> 0.6)
+  rubocop-rspec (~> 2.11)
+  simplecov (~> 0.21)
+  simplecov-cobertura (~> 2.1)
   yard (~> 0.9)
 
 BUNDLED WITH
-   2.1.4
+   2.3.10

data/README.md

@@ -36,8 +36,8 @@ Whether run locally or via Docker, the following environment variables configure
 | `CA_CERT_PATH` | `$CA_DIR/tls.crt` | Public cert for Bullion. If Bullion is an intermediate CA, you'll want to include the root CA's public cert in this file as well the signed cert for Bullion. |
 | `CA_DOMAINS` | `example.com` | A comma-delimited list of domains for which Bullion will sign certificate requests. Subdomains are automatically allowed. Certificates containing other domains will be rejected. |
 | `CERT_VALIDITY_DURATION` | `7776000` | How long should issued certs be valid (in seconds)? Default is 90 days. |
-| `DATABASE_URL` | _None_ | A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either being with `sqlite3:` or [`mysql2://`](https://github.com/brianmario/mysql2#using-active-records-database_url). |
-| `DNS01_NAMESERVERS` | `8.8.8.8` | A comma-delimited list of nameservers to use for resolving [DNS-01](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) challenges. Usually you'll want this to be set to your _internal_ nameservers so internal names resolve correctly. |
+| `DATABASE_URL` | _None_ | **(Required)** A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either begin with `sqlite3:` or [`mysql2://`](https://github.com/brianmario/mysql2#using-active-records-database_url). |
+| `DNS01_NAMESERVERS` | _None_ | A comma-delimited list of nameservers to use for resolving [DNS-01](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) challenges. Usually you'll want this to be set to your _internal_ nameservers so internal names resolve correctly. When not set, it'll use the host's DNS. |
 | `LOG_LEVEL` | `warn` | Log level for Bullion. Supported levels (starting with the noisiest) are debug, info, warn, error, and fatal. |
 | `BULLION_PORT` | `9292` | TCP port Bullion will listen on. |
 | `MIN_THREADS` | `2` | Minimum number of [Puma](https://puma.io/) threads for processing requests. |

data/Rakefile

@@ -1,91 +1,109 @@
 # frozen_string_literal: true
 
-if %w[development test].include? ENV['RACK_ENV']
-  ENV['DATABASE_URL'] = "sqlite3:#{File.expand_path('.')}/tmp/db/#{ENV['RACK_ENV']}.sqlite3"
+ENV["RACK_ENV"] ||= "development"
+
+if %w[development test].include? ENV["RACK_ENV"]
+  ENV["DATABASE_URL"] = "sqlite3:#{File.expand_path(".")}/tmp/db/#{ENV["RACK_ENV"]}.sqlite3"
 end
 
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
-require 'rubocop/rake_task'
-require 'yard'
-require 'openssl'
-require 'sqlite3'
-require 'sinatra/activerecord/rake'
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+require "rubocop/rake_task"
+require "yard"
+require "openssl"
+require "sqlite3"
+require "sinatra/activerecord/rake"
 
 namespace :db do
   task :load_config do
-    ActiveRecord::Base.establish_connection(ENV['DATABASE_URL'])
+    ActiveRecord::Base.establish_connection(url: ENV.fetch("DATABASE_URL", nil))
   end
 end
 
-RSpec::Core::RakeTask.new(:spec)
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.exclude_pattern = "spec/integration/**{,/*/**}/*_spec.rb"
+  t.rspec_opts = "--require spec_helper"
+end
+RSpec::Core::RakeTask.new(:integration_testing) do |t|
+  t.pattern = "spec/integration/**{,/*/**}/*_spec.rb"
+  t.rspec_opts = "--require integration_helper"
+end
 RuboCop::RakeTask.new(:rubocop)
 YARD::Rake::YardocTask.new
 
 task :prep do
-  FileUtils.mkdir_p(File.join(File.expand_path('.'), 'tmp'))
-  ENV['CA_DIR'] = File.join(File.expand_path('.'), 'tmp').to_s
-  ENV['CA_SECRET'] = 'SomeS3cret'
-  ENV['CA_DOMAINS'] = 'test.domain'
+  FileUtils.mkdir_p(File.join(File.expand_path("."), "tmp"))
+  ENV["CA_DIR"] = File.join(File.expand_path("."), "tmp").to_s
+  ENV["CA_SECRET"] = "SomeS3cret"
+  ENV["CA_DOMAINS"] = "test.domain"
 
   key = OpenSSL::PKey::RSA.new(4096)
-  File.open(File.join(File.expand_path('.'), 'tmp', 'tls.key'), 'w') do |f|
-    f.write key.to_pem(OpenSSL::Cipher.new('aes-128-cbc'), ENV['CA_SECRET'])
-  end
+  File.write(File.join(File.expand_path("."), "tmp", "tls.key"),
+             key.to_pem(OpenSSL::Cipher.new("aes-128-cbc"), ENV.fetch("CA_SECRET", nil)))
 
   root_ca = OpenSSL::X509::Certificate.new
   root_ca.version = 2
   root_ca.serial = (2**rand(10..20)) - 1
   root_ca.subject = OpenSSL::X509::Name.parse(
-    %w[test domain].reverse.map { |piece| "DC=#{piece}" }.join('/') + '/CN=bullion'
+    %w[test domain].reverse.map { |piece| "DC=#{piece}" }.join("/") + "/CN=bullion"
   )
   root_ca.issuer = root_ca.subject # root CA's are "self-signed"
   root_ca.public_key = key.public_key
   root_ca.not_before = Time.now
-  root_ca.not_after = root_ca.not_before + 5 * 365 * 24 * 60 * 60 # 5 years validity
+  root_ca.not_after = root_ca.not_before + (5 * 365 * 24 * 60 * 60) # 5 years validity
   ef = OpenSSL::X509::ExtensionFactory.new
   ef.subject_certificate = root_ca
   ef.issuer_certificate = root_ca
   root_ca.add_extension(
-    ef.create_extension('basicConstraints', 'CA:TRUE', true)
+    ef.create_extension("basicConstraints", "CA:TRUE", true)
   )
   root_ca.add_extension(
-    ef.create_extension('keyUsage', 'keyCertSign, cRLSign', true)
+    ef.create_extension("keyUsage", "keyCertSign, cRLSign", true)
   )
   root_ca.add_extension(
-    ef.create_extension('subjectKeyIdentifier', 'hash', false)
+    ef.create_extension("subjectKeyIdentifier", "hash", false)
   )
   root_ca.add_extension(
-    ef.create_extension('authorityKeyIdentifier', 'keyid:always', false)
+    ef.create_extension("authorityKeyIdentifier", "keyid:always", false)
   )
-  root_ca.sign(key, OpenSSL::Digest.new('SHA256'))
-  File.open(File.join(File.expand_path('.'), 'tmp', 'tls.crt'), 'w') do |f|
-    f.write root_ca.to_pem
-  end
+  root_ca.sign(key, OpenSSL::Digest.new("SHA256"))
+  File.write(File.join(File.expand_path("."), "tmp", "tls.crt"), root_ca.to_pem)
 end
 
 task :demo do
-  system("rackup -D -P #{File.expand_path('.')}/tmp/daemon.pid")
+  rack_env = "test"
+  database_url = "sqlite3:#{File.expand_path(".")}/tmp/db/#{rack_env}.sqlite3"
+  system("RACK_ENV=\"#{rack_env}\" DATABASE_URL=\"#{database_url}\" bundle exec rake db:migrate")
+  system(
+    "RACK_ENV=\"#{rack_env}\" DATABASE_URL=\"#{database_url}\" " \
+    "LOG_LEVEL='#{ENV.fetch("LOG_LEVEL", "info")}' " \
+    "rackup -D -P #{File.expand_path(".")}/tmp/daemon.pid"
+  )
 end
 
 task :foreground_demo do
-  system("rackup -P #{File.expand_path('.')}/tmp/daemon.pid")
+  system("rackup -P #{File.expand_path(".")}/tmp/daemon.pid")
 end
 
 task :cleanup do
   at_exit do
-    system("kill $(cat #{File.expand_path('.')}/tmp/daemon.pid)")
-    FileUtils.rm_f(File.join(File.expand_path('.'), 'tmp', 'tls.crt'))
-    FileUtils.rm_f(File.join(File.expand_path('.'), 'tmp', 'tls.key'))
-    FileUtils.rm_rf(File.join(File.expand_path('.'), 'tmp', 'db'))
-    ENV['CA_DIR'] = nil
-    ENV['CA_SECRET'] = nil
-    ENV['CA_DOMAINS'] = nil
+    if File.exist?("#{File.expand_path(".")}/tmp/daemon.pid")
+      system("kill $(cat #{File.expand_path(".")}/tmp/daemon.pid)")
+    end
+    FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.crt"))
+    FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.key"))
+    FileUtils.rm_rf(File.join(File.expand_path("."), "tmp", "db"))
+    ENV["CA_DIR"] = nil
+    ENV["CA_SECRET"] = nil
+    ENV["CA_DOMAINS"] = nil
   end
 end
 
-Rake::Task['spec'].enhance(['cleanup'])
+Rake::Task["integration_testing"].enhance(["cleanup"])
+
+task test: %i[prep db:migrate spec demo integration_testing]
+task unit: %i[prep db:migrate spec]
 
-task default: %i[prep db:migrate demo spec rubocop]
+task default: %i[test rubocop yard]
 
 task local_demo: %i[prep db:migrate foreground_demo]

data/bin/console

@@ -1,8 +1,8 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require 'bundler/setup'
-require 'bullion'
+require "bundler/setup"
+require "bullion"
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
@@ -11,5 +11,5 @@ require 'bullion'
 # require "pry"
 # Pry.start
 
-require 'irb'
+require "irb"
 IRB.start(__FILE__)