ejson-rails 0.2.2 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d6d62b4bf362a99bed1a71b0a16cc83bd610157b8e3a06d8998a8c4d1a9479f9
-  data.tar.gz: b74ef1b02227276aed05fc815d876218046bdef4533013d4ca61c0287a79e22a
+  metadata.gz: 3bede97f3d90eb8a1088a761e2bab8c883f07c9262f408a3dbb0578c783b34c0
+  data.tar.gz: 95521f7ebf60e54fb51876f4bedbbf343bac5a9bad08fcb89e3a3c5daac587a7
 SHA512:
-  metadata.gz: d8d136c6ef01aaf7011c0f8edb1f301654e813de2de0cff764422dabb929cea9b8df2e73eea3cb5f5a991a67166004f6bd62f0c0419984071fa8bc8b3009d549
-  data.tar.gz: 325e1a3e46fb0abfdd33b85002359768318dfac8fa6682cc9c09a17130604aa445aa98efcce57156a94cf9abda1d5bbec1315b4178b8830fe1e5e1d0f596f98a
+  metadata.gz: 4c402407b30ac8948a9cb8a6e3f36addaebf123e3a06672d8731cebee91a6e412524a51a5028059de56628fc46425b48548b48aab31a2cf5b81228b843bf93a9
+  data.tar.gz: 92f0fe6b5cc46616f83d4952e39c92fb008b707042e4e11c9f8f25418bf373f1c7345454cebe08a27aa6b4645f2acd3af67976472c84796dcaffc35146f688a5

data/.github/dependabot.yml

@@ -0,0 +1,7 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: /
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 100

data/Gemfile.lock

@@ -1,75 +1,77 @@
 PATH
   remote: .
   specs:
-    ejson-rails (0.2.2)
+    ejson-rails (1.0.0)
       ejson
       railties (>= 6.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (7.1.3.2)
-      actionview (= 7.1.3.2)
-      activesupport (= 7.1.3.2)
+    actionpack (7.2.0)
+      actionview (= 7.2.0)
+      activesupport (= 7.2.0)
       nokogiri (>= 1.8.5)
       racc
-      rack (>= 2.2.4)
+      rack (>= 2.2.4, < 3.2)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    actionview (7.1.3.2)
-      activesupport (= 7.1.3.2)
+      useragent (~> 0.16)
+    actionview (7.2.0)
+      activesupport (= 7.2.0)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activesupport (7.1.3.2)
+    activesupport (7.2.0)
       base64
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
-      tzinfo (~> 2.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
     ast (2.4.2)
     base64 (0.2.0)
-    bigdecimal (3.1.6)
-    builder (3.2.4)
-    concurrent-ruby (1.2.3)
+    bigdecimal (3.1.8)
+    builder (3.3.0)
+    concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
     crass (1.0.6)
     diff-lcs (1.5.1)
     drb (2.2.1)
     ejson (1.4.1)
-    erubi (1.12.0)
-    i18n (1.14.1)
+    erubi (1.13.0)
+    i18n (1.14.5)
       concurrent-ruby (~> 1.0)
-    io-console (0.6.0)
-    irb (1.10.0)
-      rdoc
-      reline (>= 0.3.8)
-    json (2.7.1)
+    io-console (0.7.2)
+    irb (1.14.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
+    json (2.7.2)
     language_server-protocol (3.17.0.3)
+    logger (1.6.0)
     loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
-    mini_portile2 (2.8.5)
-    minitest (5.22.2)
-    mutex_m (0.2.0)
-    nokogiri (1.15.6)
+    mini_portile2 (2.8.7)
+    minitest (5.25.0)
+    nokogiri (1.16.7)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    parallel (1.24.0)
-    parser (3.3.0.5)
+    parallel (1.25.1)
+    parser (3.3.4.0)
       ast (~> 2.4.1)
       racc
     psych (5.1.2)
       stringio
-    racc (1.7.3)
-    rack (3.0.9.1)
+    racc (1.8.1)
+    rack (3.1.7)
     rack-session (2.0.0)
       rack (>= 3.0.0)
     rack-test (2.1.0)
@@ -84,58 +86,62 @@ GEM
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (7.1.3.2)
-      actionpack (= 7.1.3.2)
-      activesupport (= 7.1.3.2)
-      irb
+    railties (7.2.0)
+      actionpack (= 7.2.0)
+      activesupport (= 7.2.0)
+      irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
       thor (~> 1.0, >= 1.2.2)
       zeitwerk (~> 2.6)
     rainbow (3.1.1)
-    rake (13.0.6)
-    rdoc (6.6.3.1)
+    rake (13.2.1)
+    rdoc (6.7.0)
       psych (>= 4.0.0)
-    regexp_parser (2.9.0)
-    reline (0.4.1)
+    regexp_parser (2.9.2)
+    reline (0.5.9)
       io-console (~> 0.5)
-    rexml (3.2.6)
-    rspec (3.12.0)
-      rspec-core (~> 3.12.0)
-      rspec-expectations (~> 3.12.0)
-      rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.2)
-      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.3)
+    rexml (3.3.4)
+      strscan
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.6)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-support (3.12.1)
-    rubocop (1.62.1)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.1)
+    rubocop (1.65.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
+      regexp_parser (>= 2.4, < 3.0)
       rexml (>= 3.2.5, < 4.0)
       rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.31.2)
-      parser (>= 3.3.0.4)
-    rubocop-shopify (2.11.1)
-      rubocop (~> 1.42)
+    rubocop-ast (1.31.3)
+      parser (>= 3.3.1.0)
+    rubocop-shopify (2.15.1)
+      rubocop (~> 1.51)
     ruby-progressbar (1.13.0)
-    stringio (3.1.0)
-    thor (1.3.0)
+    securerandom (0.3.1)
+    stringio (3.1.1)
+    strscan (3.1.0)
+    thor (1.3.1)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.5.0)
+    useragent (0.16.10)
     webrick (1.8.1)
-    zeitwerk (2.6.12)
+    zeitwerk (2.6.17)
 
 PLATFORMS
   ruby
@@ -148,4 +154,4 @@ DEPENDENCIES
   rubocop-shopify
 
 BUNDLED WITH
-   2.5.7
+   2.5.10

data/README.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://github.com/Shopify/ejson-rails/workflows/CI/badge.svg?branch=main)](https://github.com/Shopify/ejson-rails/actions?query=branch%3Amain)
 
-Automatically injects [`ejson`](https://github.com/Shopify/ejson) decrypted secrets into your `Rails.application.secrets`.
+Automatically injects [`ejson`](https://github.com/Shopify/ejson) decrypted secrets into your `Rails.application.credentials`.
 
 ## Installation
 
@@ -52,7 +52,7 @@ EJSON::Rails::Railtie.ejson_secret_source = proc { '{"secret": "secret_from_ejso
 
 ## Usage
 
-Decrypted secrets and credentials will be accessible via `Rails.application.secrets`. For example:
+Decrypted secrets will be accessible via `Rails.application.credentials`. For example:
 
 `# project/config/secrets.json`
 
@@ -60,9 +60,9 @@ Decrypted secrets and credentials will be accessible via `Rails.application.secr
 { "some_secret": "key" }
 ```
 
-will be accessible via `Rails.application.secrets.some_secret` or `Rails.application.secrets[:some_secret]` upon booting. JSON files are loaded once and contents are `deep_merge`'d into your app's existing rails secrets.
+will be accessible via `Rails.application.credentials.some_secret` or `Rails.application.credentials[:some_secret]` upon booting. JSON files are loaded once and contents are `deep_merge`'d into your app's existing Rails credentials.
 
-Secrets will also be accessible via `Rails.application.credentials`, e.g. `Rails.application.credentials.some_secret` or `Rails.application.credentials[:some_secret]`. To avoid subtle compatibility issues, if a credential already exists, an error will occur.
+To avoid subtle compatibility issues, if a credential already exists, an error will occur.
 
 If you set the `EJSON_RAILS_DELETE_SECRETS` environment variable to `true` the gem will automatically delete the secrets from the filesystem after loading them into Rails. It will delete both paths (`project/config/secrets.json` and `project/config/secrets.{current_rails_environment}.json`) if the files exist and are writable.
 
@@ -70,110 +70,7 @@ NOTE: This gem does not decrypt ejson for you. You will need to configure this a
 
 ## Migrating to credentials
 
-Rails 7.1 has deprecated application secrets in favor of credentials. ejson-rails can migrate secrets to application credentials.
-
-Even before running Rails 7.1, you can migrate your secrets in several steps:
-
-1. Convert secrets from YAML to JSON
-2. Move any ERB embedded within the YAML to the corresponding environment file
-3. Use `Rails.application.credentials` in place of Rails secrets
-
-### 1. Convert secrets from config/secrets.yml to config/secrets.json
-
-Typically, secrets share the same structure across different environments. While test secrets are often placeholders, development secrets may sometimes use environment variables to communicate with external services.
-In that case, the easiest way to migrate is to use the test secrets in all local environments, and override for development as needed:
-
-```sh-session
-# Recommended
-bin/rails runner -e test 'Rails.root.join("config/secrets.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
-```
-
-> [!NOTE]
-> Alternatively, if its necessary to configure distinct values between the development/test environment, you can use separate JSON files for the development/test environments:
->
-> ```sh-session
-> bin/rails runner 'Rails.root.join("config/secrets.#{Rails.env}.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
-> bin/rails runner -e test 'Rails.root.join("config/secrets.#{Rails.env}.json").write(JSON.pretty_generate(Rails.application.secrets.to_h.without(:secret_key_base)))'
-> ```
-
-### 2. Move any ERB into the corresponding environment files
-
-YAML supports ERB while JSON secrets do not. If your secrets contain ERB, you will need to move that logic to the corresponding environment file:
-
-**Before**:
-
-`config/secrets.yml`
-
-```yaml
-development:
-  some_external_service:
-    api_token: <%= ENV.fetch(SOME_EXTERNAL_SERVICE_API_TOKEN, "12345") %>
-```
-
-**After**:
-
-`config/secrets.json` as generated by the _recommended_ command above.
-
-```json
-{
-  "some_external_service": {
-    "api_token": "12345"
-  },
-  "something_else_entirely": "abc"
-}
-```
-
-`config/environments/development.rb`
-
-```ruby
-Rails.application.configure do
-  # elided
-
-  credentials.some_external_service.api_token = ENV.fetch("SOME_EXTERNAL_SERVICE_API_TOKEN", "12345")
-  credentials.something_else_entirely = ENV.fetch("SOMETHING_ELSE_ENTIRELY", "abc")
-end
-```
-
-#### Rails 7.0 Note
-
-> [!NOTE]
-> In Rails 7.0, credentials are accessed as a Hash with [] and []=.. This is important because the dynamic accessor methods will set values in a different object, and credentials will behave inconsistently after that:
-
-```ruby
-Rails.application.credentials.some_external_service.api_token = "foo"
-Rails.application.credentials[:some_external_service][:api_token] # => "12345"
-```
-
-Also note the code sets top-level values through `credentials.config`, because `credentials#[]=(key, value)` sets values in a different object.
-
-```ruby
-Rails.application.credentials[:something_else_entirely] = "foo"
-Rails.application.credentials[:something_else_entirely] # => "abc"
-```
-
-Make sure there's no code using the dynamic accessors before setting the configuration in the Hash, or the values won't be accessible from the dynamic accessor:
-
-```ruby
-Rails.application.credentials.something_else_entirely # just accessing is enough to cause the issue
-Rails.application.credentials[:some_external_service][:api_token] = "foo"
-Rails.application.credentials.some_external_service.api_token # => "12345"
-```
-
-### 3. Use `Rails.application.credentials`
-
-You are now ready to replace Rails secrets with Rails credentials:
-
-```sh-session
-git ls-files | xargs ruby -pi -e 'gsub("Rails.application.secrets", "Rails.application.credentials")' --
-```
-
-To avoid the deprecation warning from the use of secrets in `ejson-rails` once you're running Rails 7.1, require another file from your Gemfile:
-
-```ruby
-gem 'ejson-rails', require: 'ejson/rails/skip_secrets'
-```
-
-With this require, ejson-rails will no longer merge secrets from JSON into `Rails.application.secrets`. This will be the default in the next major version.
+Rails 7.1 has deprecated application secrets in favor of credentials. `ejson-rails` no longer writes to Rails secrets to avoid crashing given Rails 7.2 removal of the feature. See the README for the last version that supports secrets to read more about migrating: [`ejson-rails` v0.2.2 – Migrating to credentials](https://github.com/Shopify/ejson-rails/tree/v0.2.2#migrating-to-credentials).
 
 ## Development
 

data/lib/ejson/rails/railtie.rb

@@ -6,8 +6,7 @@ module EJSON
     private_constant :Rails
 
     class Railtie < Rails::Railtie
-      singleton_class.attr_accessor(:ejson_secret_source, :set_secrets)
-      @set_secrets = true
+      singleton_class.attr_accessor(:ejson_secret_source)
 
       config.before_configuration do
         secrets = load_secrets_from_config || load_secrets_from_disk
@@ -15,7 +14,6 @@ module EJSON
 
         secrets = JSON.parse(secrets, symbolize_names: true)
 
-        Rails.application.secrets.deep_merge!(secrets) if set_secrets
         # Merging into `credentials.config` because in Rails 7.0, reading a credential with
         # Rails.application.credentials[:some_credential] won't work otherwise.
         Rails.application.credentials.config.deep_merge!(secrets) do |key|

data/lib/ejson/rails/skip_secrets.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
+warn 'Requiring "ejson/rails/skip_secrets" is deprecated. ' \
+  'Use `require "ejson/rails" or remove the `:require` option from your Gemfile.'
 require "ejson/rails"
-
-EJSON::Rails::Railtie.set_secrets = false

data/lib/ejson/rails/version.rb

@@ -2,6 +2,6 @@
 
 module EJSON
   module Rails
-    VERSION = "0.2.2"
+    VERSION = "1.0.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ejson-rails
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 1.0.0
 platform: ruby
 authors:
 - Gannon McGibbon
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-05-09 00:00:00.000000000 Z
+date: 2024-08-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ejson
@@ -74,6 +74,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/dependabot.yml"
 - ".github/workflows/ci.yml"
 - ".github/workflows/cla.yml"
 - ".gitignore"
@@ -101,7 +102,7 @@ licenses:
 - MIT
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -116,8 +117,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.10
-signing_key: 
+rubygems_version: 3.5.17
+signing_key:
 specification_version: 4
 summary: Asymmetric keywise encryption for JSON on Rails
 test_files: []