moose-inventory 1.0.9 → 2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bba43a0d585b334c19629209ae0f323d88ac1c618de4a926769765a5146933b7
-  data.tar.gz: 701d64c584a0e0d10266466a94350aa69731a15f623ca37f9edac917c5dd2a38
+  metadata.gz: 439e23e1ec3d1ed0e83f686ddd062c07215f8575febd515dc65657f3bdc70c45
+  data.tar.gz: d07bd1e237be3056bf54f338eccc240b74790378d94d1c40d6bc86f2b3b226f9
 SHA512:
-  metadata.gz: ef297abb3d7836f1c7f1a20d46a1f79eee14957a74651628fa2fa523ffd5ed26de9f374e551ae861cd8b68d6cc1a646fba52a85209929b2259a078b2409b1a9f
-  data.tar.gz: d9cfa2e8a85065415858a47aa4e2e1878483e8e982bda25a9d37f05f61c0373e7b7b6bd4ec0f1ba9f0ac3dcf9f796b458c96f794f29466e91aed179a0b6293af
+  metadata.gz: 72d9b7d85c843ad90d5b9d41aea47390c5ec6ea9bca1844bf2e7912e9bdeca39214718652e8f3ef44bda1deb83ff54ab0667e5652b81e516f332263ccf5fd83d
+  data.tar.gz: ddad54b04a60635044cf8d312283bd59fd6c42d8862c5759166ee219a275d2b38469fd358ca839ef1c519903736f932e315fa9f1ad6a8b31e8bfa4e0575f75f6

data/.github/workflows/ci.yml

@@ -1,6 +1,7 @@
 name: CI
 
 on:
+  workflow_dispatch:
   push:
     branches: [master]
   pull_request:
@@ -9,6 +10,7 @@ on:
 permissions:
   contents: read
 
+
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -18,7 +20,7 @@ jobs:
         ruby-version: ['3.2', '3.3', '3.4']
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
@@ -26,10 +28,22 @@ jobs:
           ruby-version: ${{ matrix.ruby-version }}
           bundler-cache: true
 
+      - name: Set up Go for security tools
+        uses: actions/setup-go@v6
+        with:
+          go-version: '1.25.x'
+          cache: false
+
       - name: Install native build dependencies
+        timeout-minutes: 5
         run: |
           sudo apt-get update
           sudo apt-get install -y build-essential default-libmysqlclient-dev libpq-dev libsqlite3-dev
 
+      - name: Install security audit tools
+        run: ./scripts/ci/install_security_tools.sh
+
       - name: Run local check gate
+        env:
+          MOOSE_INVENTORY_REQUIRE_SECURITY_TOOLS: '1'
         run: ./scripts/check.sh

data/.github/workflows/release.yml

@@ -0,0 +1,60 @@
+name: Release gem
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+    environment: release
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.4'
+          bundler-cache: true
+
+      - name: Set up Go for security tools
+        uses: actions/setup-go@v6
+        with:
+          go-version: '1.25.x'
+          cache: false
+
+      - name: Install native build dependencies
+        timeout-minutes: 5
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y build-essential default-libmysqlclient-dev libpq-dev libsqlite3-dev
+
+      - name: Install security audit tools
+        run: ./scripts/ci/install_security_tools.sh
+
+      - name: Verify tag matches gem version
+        run: |
+          version="$(ruby -e "require './lib/moose_inventory/version'; puts Moose::Inventory::VERSION")"
+          tag="${GITHUB_REF_NAME#v}"
+          if [ "$tag" != "$version" ]; then
+            echo "Tag v$tag does not match gem version $version" >&2
+            exit 1
+          fi
+
+      - name: Run local check gate
+        env:
+          MOOSE_INVENTORY_REQUIRE_SECURITY_TOOLS: '1'
+        run: ./scripts/check.sh
+
+      - name: Publish gem to RubyGems
+        uses: rubygems/release-gem@v1
+        with:
+          await-release: false

data/.gitignore

@@ -13,8 +13,9 @@
 mkmf.log
 .buildpath
 .project
-/coverage/
 *.gem
+*.py[cod]
+__pycache__/
 /gems/
 moose-inventory.spec
 /.openclaw-security-audit/

data/.gitleaks.toml

@@ -0,0 +1,9 @@
+title = "moose-inventory gitleaks config"
+
+[allowlist]
+description = "Ignore generated/local audit artifacts that are not part of the packaged source surface."
+paths = [
+  '''^\.openclaw-security-audit/''',
+  '''^spec/reports/''',
+  '''^tmp/''',
+]

data/.rubocop.yml

@@ -0,0 +1,49 @@
+AllCops:
+  NewCops: enable
+  SuggestExtensions: false
+  TargetRubyVersion: 3.2
+
+Metrics/AbcSize:
+  Max: 32
+
+Metrics/MethodLength:
+  Max: 25
+
+Metrics/ModuleLength:
+  Exclude:
+    - lib/moose_inventory/config/config.rb
+    - lib/moose_inventory/db/db.rb
+
+Metrics/CyclomaticComplexity:
+  Max: 7
+
+Metrics/PerceivedComplexity:
+  Max: 8
+
+Metrics/BlockLength:
+  Exclude:
+    - spec/lib/moose_inventory/cli/formatter_spec.rb
+    - spec/lib/moose_inventory/cli/host_rm_spec.rb
+    - spec/lib/moose_inventory/config/config_spec.rb
+    - spec/lib/moose_inventory/db/db_spec.rb
+    - spec/lib/moose_inventory/operations/add_hosts_spec.rb
+    - spec/lib/moose_inventory/operations/add_groups_spec.rb
+    - spec/lib/moose_inventory/operations/add_associations_spec.rb
+    - spec/lib/moose_inventory/operations/remove_associations_spec.rb
+    - spec/lib/moose_inventory/operations/group_child_relations_spec.rb
+    - spec/lib/moose_inventory/operations/remove_groups_spec.rb
+    - spec/lib/moose_inventory/operations/add_variables_spec.rb
+    - spec/lib/moose_inventory/operations/remove_hosts_spec.rb
+    - spec/lib/moose_inventory/operations/remove_variables_spec.rb
+    - spec/lib/moose_inventory/operations/query_inventory_spec.rb
+
+Style/Documentation:
+  Enabled: false
+
+Style/FormatStringToken:
+  Exclude:
+    - lib/moose_inventory/config/config.rb
+
+Lint/RescueException:
+  Exclude:
+    - lib/moose_inventory/db/db.rb