govuk_app_config 4.4.1 → 4.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +56 -0
- data/.ruby-version +1 -1
- data/CHANGELOG.md +18 -0
- data/README.md +10 -0
- data/Rakefile +1 -1
- data/govuk_app_config.gemspec +10 -10
- data/lib/govuk_app_config/govuk_content_security_policy.rb +7 -4
- data/lib/govuk_app_config/govuk_error.rb +3 -3
- data/lib/govuk_app_config/govuk_prometheus_exporter.rb +2 -2
- data/lib/govuk_app_config/version.rb +1 -1
- metadata +29 -41
- data/Jenkinsfile +0 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9adf3a7bee21ade140141a007885695bba39c0f968216960f0b7736cdc995ab4
|
4
|
+
data.tar.gz: 9d32f18cdd2517bd50456b2d5824ecfb01f1ba5de9752c5d7b43f42b3341f2df
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8a4d51406523a7c93a59c49cf6ebb65af9e1659c3188ac2772f8a664a332be9c5608af669a48b23fb33d5e780d4a548a8e5b75fd3b82a8a79ff69661c76f485e
|
7
|
+
data.tar.gz: 1e70b03b2026eba3e77ea20d570edbc9728140d88b6e0448f9290c762c2cb8fbf7b28bbcc1efce39e168244ac6e703aed843652aa4ca47acb85265205b09a785
|
@@ -0,0 +1,56 @@
|
|
1
|
+
on: [push, pull_request]
|
2
|
+
jobs:
|
3
|
+
# Run the test suite against multiple Ruby and Rails versions
|
4
|
+
test_matrix:
|
5
|
+
strategy:
|
6
|
+
fail-fast: false
|
7
|
+
matrix:
|
8
|
+
# Due to https://github.com/actions/runner/issues/849, we have to use quotes for '3.0'
|
9
|
+
ruby: [2.7, '3.0', 3.1]
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
steps:
|
12
|
+
- uses: actions/checkout@v3
|
13
|
+
- uses: ruby/setup-ruby@v1
|
14
|
+
with:
|
15
|
+
ruby-version: ${{ matrix.ruby }}
|
16
|
+
bundler-cache: true
|
17
|
+
- run: bundle exec rake
|
18
|
+
|
19
|
+
# Branch protection rules cannot directly depend on status checks from matrix jobs.
|
20
|
+
# So instead we define `test` as a dummy job which only runs after the preceding `test_matrix` checks have passed.
|
21
|
+
# Solution inspired by: https://github.community/t/status-check-for-a-matrix-jobs/127354/3
|
22
|
+
test:
|
23
|
+
needs: test_matrix
|
24
|
+
runs-on: ubuntu-latest
|
25
|
+
steps:
|
26
|
+
- run: echo "All matrix tests have passed 🚀"
|
27
|
+
|
28
|
+
release:
|
29
|
+
needs: test
|
30
|
+
runs-on: ubuntu-latest
|
31
|
+
if: ${{ github.ref == 'refs/heads/main' }}
|
32
|
+
permissions:
|
33
|
+
contents: write
|
34
|
+
steps:
|
35
|
+
- uses: actions/checkout@v3
|
36
|
+
- uses: ruby/setup-ruby@v1
|
37
|
+
with:
|
38
|
+
rubygems: latest
|
39
|
+
- env:
|
40
|
+
GEM_HOST_API_KEY: ${{ secrets.ALPHAGOV_RUBYGEMS_API_KEY }}
|
41
|
+
GEM_NAME: govuk_app_config
|
42
|
+
run: |
|
43
|
+
VERSION=$(ruby -e "puts eval(File.read('$GEM_NAME.gemspec')).version")
|
44
|
+
GEM_VERSION=$(gem list --exact --remote $GEM_NAME)
|
45
|
+
|
46
|
+
# Publish to RubyGems.org
|
47
|
+
if [ "${GEM_VERSION}" != "$GEM_NAME (${VERSION})" ]; then
|
48
|
+
gem build $GEM_NAME.gemspec
|
49
|
+
gem push "$GEM_NAME-${VERSION}.gem"
|
50
|
+
fi
|
51
|
+
|
52
|
+
# Create a release tag
|
53
|
+
if ! git ls-remote --tags --exit-code origin v${VERSION}; then
|
54
|
+
git tag v${VERSION}
|
55
|
+
git push --tags
|
56
|
+
fi
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.7.5
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,21 @@
|
|
1
|
+
# 4.5.0
|
2
|
+
|
3
|
+
- Add lux.speedcurve.com to connect_src for GOV.UK Content Security Policy ([#232](https://github.com/alphagov/govuk_app_config/pull/232))
|
4
|
+
- Fix prometheus_exporter to only be enabled when the GOVUK_PROMETHEUS_EXPORTER env var is set to "true" ([#231](https://github.com/alphagov/govuk_app_config/pull/231)).
|
5
|
+
- Add Prometheus monitoring for EKS section to README.md ([#231](https://github.com/alphagov/govuk_app_config/pull/231)).
|
6
|
+
- Fix govuk_error being incompatible with Ruby >= 3 ([#233](https://github.com/alphagov/govuk_app_config/pull/233))
|
7
|
+
- Require Ruby 2.7 as the minimum supported Ruby version ([#233](https://github.com/alphagov/govuk_app_config/pull/233))
|
8
|
+
- Require Sentry 5 and Unicorn 6 major versions ([#237](https://github.com/alphagov/govuk_app_config/pull/237))
|
9
|
+
- Prevent sentry-rails logger warnings when govuk_error is used with non-Rails apps ([#234](https://github.com/alphagov/govuk_app_config/pull/234))
|
10
|
+
|
11
|
+
# 4.4.3
|
12
|
+
|
13
|
+
- Update prometheus exporter server to 0.0.0.0 from localhost ([#227](https://github.com/alphagov/govuk_app_config/pull/227)).
|
14
|
+
|
15
|
+
# 4.4.2
|
16
|
+
|
17
|
+
- Update HMPO webchat address in security policy ([#225](https://github.com/alphagov/govuk_app_config/pull/225)).
|
18
|
+
|
1
19
|
# 4.4.1
|
2
20
|
|
3
21
|
- Fix issue where GovukPrometheusExporter module prevented the gem to load due to missing constant "PrometheusExporter" ([#224](https://github.com/alphagov/govuk_app_config/pull/224)).
|
data/README.md
CHANGED
@@ -7,6 +7,7 @@ Adds the basics of a GOV.UK application:
|
|
7
7
|
- Statsd client for reporting stats
|
8
8
|
- Rails logging
|
9
9
|
- Content Security Policy generation for frontend apps
|
10
|
+
- Prometheus monitoring for EKS
|
10
11
|
|
11
12
|
## Installation
|
12
13
|
|
@@ -166,6 +167,15 @@ GovukContentSecurityPolicy.configure
|
|
166
167
|
|
167
168
|
Some frontend apps support languages that are not defined in the i18n gem. This provides them with our own custom rules for these languages.
|
168
169
|
|
170
|
+
## Prometheus monitoring for EKS
|
171
|
+
|
172
|
+
Create a `/config/initializers/prometheus.rb` file in the app and add the following
|
173
|
+
|
174
|
+
```ruby
|
175
|
+
require "govuk_app_config/govuk_prometheus_exporter"
|
176
|
+
GovukPrometheusExporter.configure
|
177
|
+
```
|
178
|
+
|
169
179
|
## License
|
170
180
|
|
171
181
|
[MIT License](LICENSE.md)
|
data/Rakefile
CHANGED
data/govuk_app_config.gemspec
CHANGED
@@ -13,28 +13,28 @@ Gem::Specification.new do |spec|
|
|
13
13
|
spec.homepage = "https://github.com/alphagov/govuk_app_config"
|
14
14
|
spec.license = "MIT"
|
15
15
|
|
16
|
-
spec.required_ruby_version = ">= 2.
|
16
|
+
spec.required_ruby_version = ">= 2.7"
|
17
17
|
|
18
18
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
19
19
|
spec.bindir = "exe"
|
20
20
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
21
21
|
spec.require_paths = %w[lib]
|
22
22
|
|
23
|
-
spec.add_dependency "logstasher", "
|
24
|
-
spec.add_dependency "prometheus_exporter", "~> 2.0
|
25
|
-
spec.add_dependency "puma", "~> 5.
|
26
|
-
spec.add_dependency "sentry-rails", "~>
|
27
|
-
spec.add_dependency "sentry-ruby", "~>
|
28
|
-
spec.add_dependency "statsd-ruby", "~> 1.5
|
29
|
-
spec.add_dependency "unicorn", "
|
23
|
+
spec.add_dependency "logstasher", "~> 2.1"
|
24
|
+
spec.add_dependency "prometheus_exporter", "~> 2.0"
|
25
|
+
spec.add_dependency "puma", "~> 5.6"
|
26
|
+
spec.add_dependency "sentry-rails", "~> 5.2"
|
27
|
+
spec.add_dependency "sentry-ruby", "~> 5.2"
|
28
|
+
spec.add_dependency "statsd-ruby", "~> 1.5"
|
29
|
+
spec.add_dependency "unicorn", "~> 6.1"
|
30
30
|
|
31
31
|
spec.add_development_dependency "byebug"
|
32
32
|
spec.add_development_dependency "climate_control"
|
33
33
|
spec.add_development_dependency "rack-test", "~> 1.1"
|
34
|
-
spec.add_development_dependency "rails", "~>
|
34
|
+
spec.add_development_dependency "rails", "~> 7"
|
35
35
|
spec.add_development_dependency "rake", "~> 13.0"
|
36
36
|
spec.add_development_dependency "rspec", "~> 3.10"
|
37
37
|
spec.add_development_dependency "rspec-its", "~> 1.3"
|
38
|
-
spec.add_development_dependency "rubocop-govuk"
|
38
|
+
spec.add_development_dependency "rubocop-govuk", "4.3.0"
|
39
39
|
spec.add_development_dependency "webmock"
|
40
40
|
end
|
@@ -31,11 +31,10 @@ module GovukContentSecurityPolicy
|
|
31
31
|
:data, # Base64 encoded images
|
32
32
|
*GOVUK_DOMAINS,
|
33
33
|
*GOOGLE_ANALYTICS_DOMAINS, # Tracking pixels
|
34
|
+
# Speedcurve real user monitoring (RUM) - as per: https://support.speedcurve.com/docs/add-rum-to-your-csp
|
35
|
+
"lux.speedcurve.com",
|
34
36
|
# Some content still links to an old domain we used to use
|
35
|
-
"assets.digital.cabinet-office.gov.uk"
|
36
|
-
# Allow images to be loaded for Speedcurve's LUX - used for
|
37
|
-
# getting real user metrics on GOV.UK
|
38
|
-
"lux.speedcurve.com"
|
37
|
+
"assets.digital.cabinet-office.gov.uk"
|
39
38
|
|
40
39
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
|
41
40
|
policy.script_src :self,
|
@@ -71,12 +70,16 @@ module GovukContentSecurityPolicy
|
|
71
70
|
policy.connect_src :self,
|
72
71
|
*GOVUK_DOMAINS,
|
73
72
|
*GOOGLE_ANALYTICS_DOMAINS,
|
73
|
+
# Speedcurve real user monitoring (RUM) - as per: https://support.speedcurve.com/docs/add-rum-to-your-csp
|
74
|
+
"lux.speedcurve.com",
|
74
75
|
# Allow connecting to web chat from HMRC contact pages
|
75
76
|
"www.tax.service.gov.uk",
|
76
77
|
# Allow JSON call to Nuance - HMRC web chat provider
|
77
78
|
"hmrc-uk.digital.nuance.com",
|
78
79
|
# Allow JSON call to klick2contact - HMPO web chat provider
|
79
80
|
"hmpowebchat.klick2contact.com",
|
81
|
+
# Allow JSON call to Eckoh - HMPO web chat provider
|
82
|
+
"omni.eckoh.uk",
|
80
83
|
# Allow connecting to Verify to check whether the user is logged in
|
81
84
|
"www.signin.service.gov.uk"
|
82
85
|
|
@@ -1,5 +1,5 @@
|
|
1
1
|
require "sentry-ruby"
|
2
|
-
require "sentry-rails"
|
2
|
+
require "sentry-rails" if defined?(Rails)
|
3
3
|
require "govuk_app_config/govuk_statsd"
|
4
4
|
require "govuk_app_config/govuk_error/configuration"
|
5
5
|
require "govuk_app_config/version"
|
@@ -21,9 +21,9 @@ module GovukError
|
|
21
21
|
args[:tags][:govuk_app_config_version] = GovukAppConfig::VERSION
|
22
22
|
|
23
23
|
if exception_or_message.is_a?(String)
|
24
|
-
Sentry.capture_message(exception_or_message, args)
|
24
|
+
Sentry.capture_message(exception_or_message, **args)
|
25
25
|
else
|
26
|
-
Sentry.capture_exception(exception_or_message, args)
|
26
|
+
Sentry.capture_exception(exception_or_message, **args)
|
27
27
|
end
|
28
28
|
end
|
29
29
|
|
@@ -1,11 +1,11 @@
|
|
1
1
|
module GovukPrometheusExporter
|
2
2
|
def self.configure
|
3
|
-
unless Rails.env == "test"
|
3
|
+
unless Rails.env == "test" || (ENV["GOVUK_PROMETHEUS_EXPORTER"]) != "true"
|
4
4
|
require "prometheus_exporter"
|
5
5
|
require "prometheus_exporter/server"
|
6
6
|
require "prometheus_exporter/middleware"
|
7
7
|
|
8
|
-
server = PrometheusExporter::Server::WebServer.new bind: "
|
8
|
+
server = PrometheusExporter::Server::WebServer.new bind: "0.0.0.0", port: 9394
|
9
9
|
server.start
|
10
10
|
|
11
11
|
Rails.application.middleware.unshift PrometheusExporter::Middleware
|
metadata
CHANGED
@@ -1,125 +1,113 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: govuk_app_config
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- GOV.UK Dev
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-04-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: logstasher
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: 1.2.2
|
20
|
-
- - "<"
|
17
|
+
- - "~>"
|
21
18
|
- !ruby/object:Gem::Version
|
22
|
-
version: 2.
|
19
|
+
version: '2.1'
|
23
20
|
type: :runtime
|
24
21
|
prerelease: false
|
25
22
|
version_requirements: !ruby/object:Gem::Requirement
|
26
23
|
requirements:
|
27
|
-
- - "
|
28
|
-
- !ruby/object:Gem::Version
|
29
|
-
version: 1.2.2
|
30
|
-
- - "<"
|
24
|
+
- - "~>"
|
31
25
|
- !ruby/object:Gem::Version
|
32
|
-
version: 2.
|
26
|
+
version: '2.1'
|
33
27
|
- !ruby/object:Gem::Dependency
|
34
28
|
name: prometheus_exporter
|
35
29
|
requirement: !ruby/object:Gem::Requirement
|
36
30
|
requirements:
|
37
31
|
- - "~>"
|
38
32
|
- !ruby/object:Gem::Version
|
39
|
-
version: 2.0
|
33
|
+
version: '2.0'
|
40
34
|
type: :runtime
|
41
35
|
prerelease: false
|
42
36
|
version_requirements: !ruby/object:Gem::Requirement
|
43
37
|
requirements:
|
44
38
|
- - "~>"
|
45
39
|
- !ruby/object:Gem::Version
|
46
|
-
version: 2.0
|
40
|
+
version: '2.0'
|
47
41
|
- !ruby/object:Gem::Dependency
|
48
42
|
name: puma
|
49
43
|
requirement: !ruby/object:Gem::Requirement
|
50
44
|
requirements:
|
51
45
|
- - "~>"
|
52
46
|
- !ruby/object:Gem::Version
|
53
|
-
version: '5.
|
47
|
+
version: '5.6'
|
54
48
|
type: :runtime
|
55
49
|
prerelease: false
|
56
50
|
version_requirements: !ruby/object:Gem::Requirement
|
57
51
|
requirements:
|
58
52
|
- - "~>"
|
59
53
|
- !ruby/object:Gem::Version
|
60
|
-
version: '5.
|
54
|
+
version: '5.6'
|
61
55
|
- !ruby/object:Gem::Dependency
|
62
56
|
name: sentry-rails
|
63
57
|
requirement: !ruby/object:Gem::Requirement
|
64
58
|
requirements:
|
65
59
|
- - "~>"
|
66
60
|
- !ruby/object:Gem::Version
|
67
|
-
version:
|
61
|
+
version: '5.2'
|
68
62
|
type: :runtime
|
69
63
|
prerelease: false
|
70
64
|
version_requirements: !ruby/object:Gem::Requirement
|
71
65
|
requirements:
|
72
66
|
- - "~>"
|
73
67
|
- !ruby/object:Gem::Version
|
74
|
-
version:
|
68
|
+
version: '5.2'
|
75
69
|
- !ruby/object:Gem::Dependency
|
76
70
|
name: sentry-ruby
|
77
71
|
requirement: !ruby/object:Gem::Requirement
|
78
72
|
requirements:
|
79
73
|
- - "~>"
|
80
74
|
- !ruby/object:Gem::Version
|
81
|
-
version:
|
75
|
+
version: '5.2'
|
82
76
|
type: :runtime
|
83
77
|
prerelease: false
|
84
78
|
version_requirements: !ruby/object:Gem::Requirement
|
85
79
|
requirements:
|
86
80
|
- - "~>"
|
87
81
|
- !ruby/object:Gem::Version
|
88
|
-
version:
|
82
|
+
version: '5.2'
|
89
83
|
- !ruby/object:Gem::Dependency
|
90
84
|
name: statsd-ruby
|
91
85
|
requirement: !ruby/object:Gem::Requirement
|
92
86
|
requirements:
|
93
87
|
- - "~>"
|
94
88
|
- !ruby/object:Gem::Version
|
95
|
-
version: 1.5
|
89
|
+
version: '1.5'
|
96
90
|
type: :runtime
|
97
91
|
prerelease: false
|
98
92
|
version_requirements: !ruby/object:Gem::Requirement
|
99
93
|
requirements:
|
100
94
|
- - "~>"
|
101
95
|
- !ruby/object:Gem::Version
|
102
|
-
version: 1.5
|
96
|
+
version: '1.5'
|
103
97
|
- !ruby/object:Gem::Dependency
|
104
98
|
name: unicorn
|
105
99
|
requirement: !ruby/object:Gem::Requirement
|
106
100
|
requirements:
|
107
|
-
- - "
|
108
|
-
- !ruby/object:Gem::Version
|
109
|
-
version: '5.4'
|
110
|
-
- - "<"
|
101
|
+
- - "~>"
|
111
102
|
- !ruby/object:Gem::Version
|
112
|
-
version: '
|
103
|
+
version: '6.1'
|
113
104
|
type: :runtime
|
114
105
|
prerelease: false
|
115
106
|
version_requirements: !ruby/object:Gem::Requirement
|
116
107
|
requirements:
|
117
|
-
- - "
|
118
|
-
- !ruby/object:Gem::Version
|
119
|
-
version: '5.4'
|
120
|
-
- - "<"
|
108
|
+
- - "~>"
|
121
109
|
- !ruby/object:Gem::Version
|
122
|
-
version: '
|
110
|
+
version: '6.1'
|
123
111
|
- !ruby/object:Gem::Dependency
|
124
112
|
name: byebug
|
125
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -168,14 +156,14 @@ dependencies:
|
|
168
156
|
requirements:
|
169
157
|
- - "~>"
|
170
158
|
- !ruby/object:Gem::Version
|
171
|
-
version: '
|
159
|
+
version: '7'
|
172
160
|
type: :development
|
173
161
|
prerelease: false
|
174
162
|
version_requirements: !ruby/object:Gem::Requirement
|
175
163
|
requirements:
|
176
164
|
- - "~>"
|
177
165
|
- !ruby/object:Gem::Version
|
178
|
-
version: '
|
166
|
+
version: '7'
|
179
167
|
- !ruby/object:Gem::Dependency
|
180
168
|
name: rake
|
181
169
|
requirement: !ruby/object:Gem::Requirement
|
@@ -222,16 +210,16 @@ dependencies:
|
|
222
210
|
name: rubocop-govuk
|
223
211
|
requirement: !ruby/object:Gem::Requirement
|
224
212
|
requirements:
|
225
|
-
- -
|
213
|
+
- - '='
|
226
214
|
- !ruby/object:Gem::Version
|
227
|
-
version:
|
215
|
+
version: 4.3.0
|
228
216
|
type: :development
|
229
217
|
prerelease: false
|
230
218
|
version_requirements: !ruby/object:Gem::Requirement
|
231
219
|
requirements:
|
232
|
-
- -
|
220
|
+
- - '='
|
233
221
|
- !ruby/object:Gem::Version
|
234
|
-
version:
|
222
|
+
version: 4.3.0
|
235
223
|
- !ruby/object:Gem::Dependency
|
236
224
|
name: webmock
|
237
225
|
requirement: !ruby/object:Gem::Requirement
|
@@ -254,13 +242,13 @@ extensions: []
|
|
254
242
|
extra_rdoc_files: []
|
255
243
|
files:
|
256
244
|
- ".github/dependabot.yml"
|
245
|
+
- ".github/workflows/ci.yml"
|
257
246
|
- ".gitignore"
|
258
247
|
- ".rspec"
|
259
248
|
- ".rubocop.yml"
|
260
249
|
- ".ruby-version"
|
261
250
|
- CHANGELOG.md
|
262
251
|
- Gemfile
|
263
|
-
- Jenkinsfile
|
264
252
|
- LICENSE.md
|
265
253
|
- README.md
|
266
254
|
- Rakefile
|
@@ -301,14 +289,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
301
289
|
requirements:
|
302
290
|
- - ">="
|
303
291
|
- !ruby/object:Gem::Version
|
304
|
-
version: '2.
|
292
|
+
version: '2.7'
|
305
293
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
306
294
|
requirements:
|
307
295
|
- - ">="
|
308
296
|
- !ruby/object:Gem::Version
|
309
297
|
version: '0'
|
310
298
|
requirements: []
|
311
|
-
rubygems_version: 3.
|
299
|
+
rubygems_version: 3.3.11
|
312
300
|
signing_key:
|
313
301
|
specification_version: 4
|
314
302
|
summary: Base configuration for GOV.UK applications
|