govuk_app_config 4.4.1 → 4.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eb506313e290785cf67cdecc360b8c6ba266094d05b1c2f9dcf855d57f5cb91f
-  data.tar.gz: a35c48a545dcb92963700ef26d2bad0452f9d7aec9f431788d7552a5c26984ac
+  metadata.gz: 9adf3a7bee21ade140141a007885695bba39c0f968216960f0b7736cdc995ab4
+  data.tar.gz: 9d32f18cdd2517bd50456b2d5824ecfb01f1ba5de9752c5d7b43f42b3341f2df
 SHA512:
-  metadata.gz: 8cfebe4bfa7484068b432ee2629e65950f22ddba009e004dac325aa453301f40506f5f8194deb9de61a6b610b5d2ceb1945d875ac16230691737f3d6fbb7f2f3
-  data.tar.gz: eac23452670a9b4cee3c613b9e7f9914dd3a4fa5887875add19f92c78676d3edac499e3c31f6f4eeed4d6b18e9f0ce514d1ff4acc8184f52b2c9480b452e311f
+  metadata.gz: 8a4d51406523a7c93a59c49cf6ebb65af9e1659c3188ac2772f8a664a332be9c5608af669a48b23fb33d5e780d4a548a8e5b75fd3b82a8a79ff69661c76f485e
+  data.tar.gz: 1e70b03b2026eba3e77ea20d570edbc9728140d88b6e0448f9290c762c2cb8fbf7b28bbcc1efce39e168244ac6e703aed843652aa4ca47acb85265205b09a785

data/.github/workflows/ci.yml

@@ -0,0 +1,56 @@
+on: [push, pull_request]
+jobs:
+  # Run the test suite against multiple Ruby and Rails versions
+  test_matrix:
+    strategy:
+      fail-fast: false
+      matrix:
+        # Due to https://github.com/actions/runner/issues/849, we have to use quotes for '3.0'
+        ruby: [2.7, '3.0', 3.1]
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - run: bundle exec rake
+
+  # Branch protection rules cannot directly depend on status checks from matrix jobs.
+  # So instead we define `test` as a dummy job which only runs after the preceding `test_matrix` checks have passed.
+  # Solution inspired by: https://github.community/t/status-check-for-a-matrix-jobs/127354/3
+  test:
+    needs: test_matrix
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "All matrix tests have passed 🚀"
+
+  release:
+    needs: test
+    runs-on: ubuntu-latest
+    if: ${{ github.ref == 'refs/heads/main' }}
+    permissions:
+      contents: write
+    steps:
+    - uses: actions/checkout@v3
+    - uses: ruby/setup-ruby@v1
+      with:
+        rubygems: latest
+    - env:
+        GEM_HOST_API_KEY: ${{ secrets.ALPHAGOV_RUBYGEMS_API_KEY }}
+        GEM_NAME: govuk_app_config
+      run: |
+        VERSION=$(ruby -e "puts eval(File.read('$GEM_NAME.gemspec')).version")
+        GEM_VERSION=$(gem list --exact --remote $GEM_NAME)
+
+        # Publish to RubyGems.org
+        if [ "${GEM_VERSION}" != "$GEM_NAME (${VERSION})" ]; then
+          gem build $GEM_NAME.gemspec
+          gem push "$GEM_NAME-${VERSION}.gem"
+        fi
+
+        # Create a release tag
+        if ! git ls-remote --tags --exit-code origin v${VERSION}; then
+          git tag v${VERSION}
+          git push --tags
+        fi

data/.ruby-version

@@ -1 +1 @@
-2.6.5
+2.7.5

data/CHANGELOG.md

@@ -1,3 +1,21 @@
+# 4.5.0
+
+- Add lux.speedcurve.com to connect_src for GOV.UK Content Security Policy ([#232](https://github.com/alphagov/govuk_app_config/pull/232))
+- Fix prometheus_exporter to only be enabled when the GOVUK_PROMETHEUS_EXPORTER env var is set to "true" ([#231](https://github.com/alphagov/govuk_app_config/pull/231)).
+- Add Prometheus monitoring for EKS section to README.md ([#231](https://github.com/alphagov/govuk_app_config/pull/231)).
+- Fix govuk_error being incompatible with Ruby >= 3 ([#233](https://github.com/alphagov/govuk_app_config/pull/233))
+- Require Ruby 2.7 as the minimum supported Ruby version ([#233](https://github.com/alphagov/govuk_app_config/pull/233))
+- Require Sentry 5 and Unicorn 6 major versions ([#237](https://github.com/alphagov/govuk_app_config/pull/237))
+- Prevent sentry-rails logger warnings when govuk_error is used with non-Rails apps ([#234](https://github.com/alphagov/govuk_app_config/pull/234))
+
+# 4.4.3
+
+- Update prometheus exporter server to 0.0.0.0 from localhost  ([#227](https://github.com/alphagov/govuk_app_config/pull/227)).
+
+# 4.4.2
+
+- Update HMPO webchat address in security policy ([#225](https://github.com/alphagov/govuk_app_config/pull/225)).
+
 # 4.4.1
 
 - Fix issue where GovukPrometheusExporter module prevented the gem to load due to missing constant "PrometheusExporter" ([#224](https://github.com/alphagov/govuk_app_config/pull/224)).

data/README.md

@@ -7,6 +7,7 @@ Adds the basics of a GOV.UK application:
 - Statsd client for reporting stats
 - Rails logging
 - Content Security Policy generation for frontend apps
+- Prometheus monitoring for EKS
 
 ## Installation
 
@@ -166,6 +167,15 @@ GovukContentSecurityPolicy.configure
 
 Some frontend apps support languages that are not defined in the i18n gem. This provides them with our own custom rules for these languages.
 
+## Prometheus monitoring for EKS
+
+Create a `/config/initializers/prometheus.rb` file in the app and add the following
+
+```ruby
+require "govuk_app_config/govuk_prometheus_exporter"	
+GovukPrometheusExporter.configure	
+```
+
 ## License
 
 [MIT License](LICENSE.md)

data/Rakefile

@@ -5,7 +5,7 @@ RSpec::Core::RakeTask.new(:spec)
 
 desc "Lint Ruby"
 task :lint do
-  sh "bundle exec rubocop --format clang"
+  sh "bundle exec rubocop"
 end
 
 task default: %i[spec lint]

data/govuk_app_config.gemspec

@@ -13,28 +13,28 @@ Gem::Specification.new do |spec|
   spec.homepage      = "https://github.com/alphagov/govuk_app_config"
   spec.license       = "MIT"
 
-  spec.required_ruby_version = ">= 2.6"
+  spec.required_ruby_version = ">= 2.7"
 
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = %w[lib]
 
-  spec.add_dependency "logstasher", ">= 1.2.2", "< 2.2.0"
-  spec.add_dependency "prometheus_exporter", "~> 2.0.2"
-  spec.add_dependency "puma", "~> 5.0"
-  spec.add_dependency "sentry-rails", "~> 4.5.0"
-  spec.add_dependency "sentry-ruby", "~> 4.5.0"
-  spec.add_dependency "statsd-ruby", "~> 1.5.0"
-  spec.add_dependency "unicorn", ">= 5.4", "< 5.9"
+  spec.add_dependency "logstasher", "~> 2.1"
+  spec.add_dependency "prometheus_exporter", "~> 2.0"
+  spec.add_dependency "puma", "~> 5.6"
+  spec.add_dependency "sentry-rails", "~> 5.2"
+  spec.add_dependency "sentry-ruby", "~> 5.2"
+  spec.add_dependency "statsd-ruby", "~> 1.5"
+  spec.add_dependency "unicorn", "~> 6.1"
 
   spec.add_development_dependency "byebug"
   spec.add_development_dependency "climate_control"
   spec.add_development_dependency "rack-test", "~> 1.1"
-  spec.add_development_dependency "rails", "~> 6"
+  spec.add_development_dependency "rails", "~> 7"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.10"
   spec.add_development_dependency "rspec-its", "~> 1.3"
-  spec.add_development_dependency "rubocop-govuk"
+  spec.add_development_dependency "rubocop-govuk", "4.3.0"
   spec.add_development_dependency "webmock"
 end

data/lib/govuk_app_config/govuk_content_security_policy.rb

@@ -31,11 +31,10 @@ module GovukContentSecurityPolicy
                    :data, # Base64 encoded images
                    *GOVUK_DOMAINS,
                    *GOOGLE_ANALYTICS_DOMAINS, # Tracking pixels
+                   # Speedcurve real user monitoring (RUM) - as per: https://support.speedcurve.com/docs/add-rum-to-your-csp
+                   "lux.speedcurve.com",
                    # Some content still links to an old domain we used to use
-                   "assets.digital.cabinet-office.gov.uk",
-                   # Allow images to be loaded for Speedcurve's LUX - used for
-                   # getting real user metrics on GOV.UK
-                   "lux.speedcurve.com"
+                   "assets.digital.cabinet-office.gov.uk"
 
     # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
     policy.script_src :self,
@@ -71,12 +70,16 @@ module GovukContentSecurityPolicy
     policy.connect_src :self,
                        *GOVUK_DOMAINS,
                        *GOOGLE_ANALYTICS_DOMAINS,
+                       # Speedcurve real user monitoring (RUM) - as per: https://support.speedcurve.com/docs/add-rum-to-your-csp
+                       "lux.speedcurve.com",
                        # Allow connecting to web chat from HMRC contact pages
                        "www.tax.service.gov.uk",
                        # Allow JSON call to Nuance - HMRC web chat provider
                        "hmrc-uk.digital.nuance.com",
                        # Allow JSON call to klick2contact - HMPO web chat provider
                        "hmpowebchat.klick2contact.com",
+                       # Allow JSON call to Eckoh - HMPO web chat provider
+                       "omni.eckoh.uk",
                        # Allow connecting to Verify to check whether the user is logged in
                        "www.signin.service.gov.uk"
 

data/lib/govuk_app_config/govuk_error.rb

@@ -1,5 +1,5 @@
 require "sentry-ruby"
-require "sentry-rails"
+require "sentry-rails" if defined?(Rails)
 require "govuk_app_config/govuk_statsd"
 require "govuk_app_config/govuk_error/configuration"
 require "govuk_app_config/version"
@@ -21,9 +21,9 @@ module GovukError
     args[:tags][:govuk_app_config_version] = GovukAppConfig::VERSION
 
     if exception_or_message.is_a?(String)
-      Sentry.capture_message(exception_or_message, args)
+      Sentry.capture_message(exception_or_message, **args)
     else
-      Sentry.capture_exception(exception_or_message, args)
+      Sentry.capture_exception(exception_or_message, **args)
     end
   end
 

data/lib/govuk_app_config/govuk_prometheus_exporter.rb

@@ -1,11 +1,11 @@
 module GovukPrometheusExporter
   def self.configure
-    unless Rails.env == "test"
+    unless Rails.env == "test" || (ENV["GOVUK_PROMETHEUS_EXPORTER"]) != "true"
       require "prometheus_exporter"
       require "prometheus_exporter/server"
       require "prometheus_exporter/middleware"
 
-      server = PrometheusExporter::Server::WebServer.new bind: "localhost", port: 9394
+      server = PrometheusExporter::Server::WebServer.new bind: "0.0.0.0", port: 9394
       server.start
 
       Rails.application.middleware.unshift PrometheusExporter::Middleware

data/lib/govuk_app_config/version.rb

@@ -1,3 +1,3 @@
 module GovukAppConfig
-  VERSION = "4.4.1".freeze
+  VERSION = "4.5.0".freeze
 end

metadata

@@ -1,125 +1,113 @@
 --- !ruby/object:Gem::Specification
 name: govuk_app_config
 version: !ruby/object:Gem::Version
-  version: 4.4.1
+  version: 4.5.0
 platform: ruby
 authors:
 - GOV.UK Dev
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-04 00:00:00.000000000 Z
+date: 2022-04-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: logstasher
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.2.2
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.2.0
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.2.2
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.2.0
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: prometheus_exporter
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.2
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.2
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: puma
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.6'
 - !ruby/object:Gem::Dependency
   name: sentry-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.5.0
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.5.0
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: sentry-ruby
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.5.0
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.5.0
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: statsd-ruby
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: '1.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: unicorn
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5.4'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.9'
+        version: '6.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5.4'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.9'
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -168,14 +156,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '7'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -222,16 +210,16 @@ dependencies:
   name: rubocop-govuk
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 4.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 4.3.0
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -254,13 +242,13 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/dependabot.yml"
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - ".ruby-version"
 - CHANGELOG.md
 - Gemfile
-- Jenkinsfile
 - LICENSE.md
 - README.md
 - Rakefile
@@ -301,14 +289,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.6'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.3.11
 signing_key: 
 specification_version: 4
 summary: Base configuration for GOV.UK applications

data/Jenkinsfile

@@ -1,7 +0,0 @@
-#!/usr/bin/env groovy
-
-library("govuk")
-
-node {
-  govuk.buildProject()
-}