cirro-ruby-client 1.6.1 → 1.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e6890f4b343eb4c3efc64fe9f75c644c7d706e9c19bae033d367e4aa0fd99987
-  data.tar.gz: a84440266927041fc001db93c57c44bcf65ef0a2d16b87b2ccc443e1af041564
+  metadata.gz: f0d061a9b240178ba1982a8afab295b214d060ab159fbdcedca4029a1a0b702a
+  data.tar.gz: 8a97b77f43397c611c186394a2882592fff533579507a3a80d6c21277585b59d
 SHA512:
-  metadata.gz: 6ed00bfa6f1d74f95338c6537b8da72754c6c48ecf8d93078891120f8f7be94fba74b0f929646594da35d79583aea4ff6f15ff31ac096dee6663037ebd953640
-  data.tar.gz: 1348492e075def7497a2734e170a3f8453fd1ef150b5473dc515e6dbcc0ede4c4612e0cf58edce08cdc65e293f31f7bf4f5e1a46f65155285a9f8514f77c0339
+  metadata.gz: 2ff6817b1b04bcd964c1b442d883d0f7d6d602f811c949303b7c9dd5a01ca894ea754daf6fbc4d2a2942255f1b9ef7879eebf10261221dbde4e59087f235b2eb
+  data.tar.gz: c568caf210771fb06aca9ae1e67c883dfb9cfb35549104a3bb942c15e9105b5435e74a2976578a19cdbb3f587fd32aea5569ef6840127b181754573de1941a6c

data/.circleci/config.yml

@@ -1,9 +1,18 @@
 version: 2.1
+infra_container: &infra_container
+  eu.gcr.io/cirro-io/swissknife@sha256:1dceb221bfc058c4ba22fe4dcbf4f30dfdc10951bc2293d5c53aebc4f87037f3
+
+# Configure authentication in private registry
+infra_container_registry_auth:
+  &infra_container_registry_auth
+    auth:
+      username: _json_key # default username when using a JSON key file to authenticate
+      password: $GOOGLE_JSON_KEY
 
 jobs:
-  build:
+  test:
     docker:
-      - image: circleci/ruby:2.7.1-node
+      - image: cimg/ruby:2.7.1-node
         environment:
           - RAILS_ENV=test
           - RACK_ENV=test
@@ -25,9 +34,10 @@ jobs:
       - run:
           name: Check code style
           command: bundle exec rubocop
+
   deploy:
     docker:
-      - image: circleci/ruby:2.7.1-node
+      - image: cimg/ruby:2.7.1-node
     steps:
       - checkout
       - run:
@@ -56,14 +66,76 @@ jobs:
             gem push cirro-ruby-client-$version.gem
             shred -u ~/.gem/credentials
 
+  defectdojo:
+    docker:
+      - image: *infra_container
+        <<: *infra_container_registry_auth
+    environment:
+      - DEFECTDOJO_URL: defectdojo.testcloud.io
+      - DEFECTDOJO_PRODUCT: Cirro Ruby Client
+      - DEFECTDOJO_ENG_NAME: CircleCI Scan
+    steps:
+      - checkout
+      - run: 
+          name: Setup access to GCP
+          command: |
+            echo $GOOGLE_JSON_KEY > ${HOME}/gcloud-service-key.json && \
+            gcloud auth activate-service-account --key-file=${HOME}/gcloud-service-key.json
+            gcloud auth configure-docker
+      - run:
+          name: Scans
+          command: |
+            unset GITHUB_TOKEN && trivy fs --exit-code 0 --no-progress --ignorefile .trivyignore-fake --format json --output filesystem-scan.json .
+            gitleaks detect --no-git --exit-code 0 --report-format json --report-path gitleaks.json
+      - run:
+          name: Send data to DefectDojo
+          command: |
+            export DEFECTDOJO_TOKEN=$(gcloud secrets versions access latest \
+            --secret="defectdojo_token" \
+            --project=cirro-io \
+            --quiet)
+
+            # Send Trivy filesystem scan
+            curl --fail --request POST https://$DEFECTDOJO_URL/api/v2/reimport-scan/ \
+            --header "Authorization: Token $DEFECTDOJO_TOKEN" \
+            --form "active=true" \
+            --form "auto_create_context=true" \
+            --form "branch_tag=${CIRCLE_BRANCH}" \
+            --form "commit_hash=${CIRCLE_SHA1}" \
+            --form "close_old_findings=true" \
+            --form "scan_type=Trivy Scan" \
+            --form "test_title=Trivy application scan" \
+            --form "engagement_name=${DEFECTDOJO_ENG_NAME}" \
+            --form "product_name=${DEFECTDOJO_PRODUCT}" \
+            --form "file=@filesystem-scan.json"
+
+            # Send Gitleaks scan
+            curl --fail --request POST https://$DEFECTDOJO_URL/api/v2/reimport-scan/ \
+            --header "Authorization: Token $DEFECTDOJO_TOKEN" \
+            --form "active=true" \
+            --form "auto_create_context=true" \
+            --form "branch_tag=${CIRCLE_BRANCH}" \
+            --form "commit_hash=${CIRCLE_SHA1}" \
+            --form "close_old_findings=true" \
+            --form "scan_type=Gitleaks Scan" \
+            --form "test_title=Gitleaks Scan" \
+            --form "engagement_name=${DEFECTDOJO_ENG_NAME}" \
+            --form "product_name=${DEFECTDOJO_PRODUCT}" \
+            --form "file=@gitleaks.json"
+
 workflows:
   version: 2
   deploy_the_gem:
     jobs:
-      - build
+      - test
       - deploy:
           requires:
-            - build
+            - test
+          filters:
+            branches:
+              only:
+                - master
+      - defectdojo:
           filters:
             branches:
               only:

data/CODE_OF_CONDUCT.md

@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
 ## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at singhinther@gmail.com. All
+reported by contacting the project team at devs@test.io. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    cirro-ruby-client (1.6.1)
+    cirro-ruby-client (1.6.2)
       faraday (< 1.2.0)
       faraday_middleware
       json_api_client (>= 1.10.0)
@@ -10,19 +10,18 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (6.1.3.2)
-      activesupport (= 6.1.3.2)
-    activesupport (6.1.3.2)
+    activemodel (7.0.2.3)
+      activesupport (= 7.0.2.3)
+    activesupport (7.0.2.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
-    addressable (2.7.0)
+    addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
     ast (2.4.1)
     coderay (1.1.3)
-    concurrent-ruby (1.1.7)
+    concurrent-ruby (1.1.10)
     crack (0.4.4)
     diff-lcs (1.4.4)
     faker (2.14.0)
@@ -30,21 +29,21 @@ GEM
     faraday (1.1.0)
       multipart-post (>= 1.2, < 3)
       ruby2_keywords
-    faraday_middleware (1.0.0)
+    faraday_middleware (1.2.0)
       faraday (~> 1.0)
     hashdiff (1.0.1)
-    i18n (1.8.5)
+    i18n (1.10.0)
       concurrent-ruby (~> 1.0)
-    json_api_client (1.18.0)
+    json_api_client (1.21.0)
       activemodel (>= 3.2.0)
       activesupport (>= 3.2.0)
       addressable (~> 2.2)
-      faraday (>= 0.15.2, < 1.2.0)
-      faraday_middleware (>= 0.9.0, < 1.2.0)
+      faraday (>= 0.15.2, < 2.0)
+      faraday_middleware (>= 0.9.0, < 2.0)
       rack (>= 0.2)
-    jwt (2.2.3)
+    jwt (2.3.0)
     method_source (1.0.0)
-    minitest (5.14.4)
+    minitest (5.15.0)
     multipart-post (2.1.1)
     parallel (1.19.2)
     parser (2.7.2.0)
@@ -85,7 +84,7 @@ GEM
     rubocop-rspec (1.43.2)
       rubocop (~> 0.87)
     ruby-progressbar (1.10.1)
-    ruby2_keywords (0.0.4)
+    ruby2_keywords (0.0.5)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
     unicode-display_width (1.7.0)
@@ -93,7 +92,6 @@ GEM
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    zeitwerk (2.4.2)
 
 PLATFORMS
   ruby

data/README.md

@@ -55,3 +55,18 @@ invitation = CirroIO::Client::GigInvitation.new(gig: gig)
 
 invitation.bulk_create_with(filter, auto_accept: true) # by default auto_accept is false
 ```
+
+#### Creating Payouts for workers
+
+```ruby
+app_worker = CirroIO::Client::AppWorker.load(id: 1234)
+
+CirroIO::Client::Payout.create(
+  app_worker: app_worker,
+  amount: 100, # € 1.00
+  title: "Bonus for something",
+  description: "Description of the bonus.",
+  cost_center_key: "PROJECT-CODE",
+  billing_date: DateTime.now
+)
+```

data/lib/cirro_io/client/base.rb

@@ -28,6 +28,26 @@ module CirroIO
           conn.use JsonApiClient::Middleware::Status, {}
         end
       end
+
+      # HACK: https://github.com/JsonApiClient/json_api_client/issues/390
+      # waiting for json_api_client to release a new version with the fix
+      # https://github.com/JsonApiClient/json_api_client/pull/398
+      # rubocop:disable all
+      def initialize(params = {})
+        params = params.with_indifferent_access
+        @persisted = nil
+        @destroyed = nil
+        self.links = self.class.linker.new(params.delete(:links) || {})
+        self.relationships = self.class.relationship_linker.new(self.class, params.delete(:relationships) || {})
+        self.attributes = self.class.default_attributes.merge params.except(*self.class.prefix_params)
+        self.forget_change!(:type)
+        self.__belongs_to_params = params.slice(*self.class.prefix_params)
+
+        setup_default_properties
+
+        self.request_params = self.class.request_params_class.new(self.class)
+      end
+      # rubocop:enable all
     end
   end
 end

data/lib/cirro_io/client/version.rb

@@ -1,7 +1,7 @@
 # rubocop:disable Style/MutableConstant
 module CirroIO
   module Client
-    VERSION = '1.6.1'
+    VERSION = '1.6.2'
   end
 end
 # rubocop:enable Style/MutableConstant

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cirro-ruby-client
 version: !ruby/object:Gem::Version
-  version: 1.6.1
+  version: 1.6.2
 platform: ruby
 authors:
 - Cirro Dev Team
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-06-28 00:00:00.000000000 Z
+date: 2022-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -129,7 +129,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.3
 signing_key: 
 specification_version: 4
 summary: Ruby client library for Cirro API