ndr_dev_support 7.3.5 → 7.3.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a9657d61fe9727e7023491944d7005896e9c4a41b47c5a79a017b6989a125a8
-  data.tar.gz: 8175fd01914592c8ea9dfdb364a02de49622ca56a7fe85626f07318f5cf7377f
+  metadata.gz: 8fd8bba1f3c88cc84df99dd1fe9b1f3a8877d49ede2736d4a1b8b362c6217663
+  data.tar.gz: b0476e365b2ed4cda0d6cace8107c9a569e91af2b67b6bace8284bc3393e320f
 SHA512:
-  metadata.gz: 44f9c9ba5543eee3b9b506026eacdaf5f3a9a6513dde51629e457e9de489cb87bad909661891bd0eeb179e4e95fbc6b88c222661fc9c4ecd2c9a278493b486b3
-  data.tar.gz: 274c6fe966a87ea07060aea1fef879b6c98d6644dfb7a740dfcdee417354379d77a31af5acfdfb0caff4b20ba144be13047126e80f04f7ca83b92ff1d417ab83
+  metadata.gz: 5a6457d87e9cc922d07c94944b88c5a032cdd9401d2de59960fa8611f6736d1f86fc4943fd707b38de01a6c1a9e4ae6d4692b4e01ebf918b72bf26bdbe30d1ea
+  data.tar.gz: 0d47c0e6fa632d39610dbd3acde0f6b71b617e2a436439d28d40d8d95bfaa6ab344fd254d5fb40ae0c227b9c4fa1cccd4d6c8c34e201bc1741b1139c0714b34f

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 ## [Unreleased]
 *no unreleased changes*
 
+## 7.3.7 / 2026-06-29
+### Fixed
+* Drop support for Ruby 3.1 and 3.2, Rails 7.0
+* Capistrano: deployment should continue even if cleanup cannot delete files
+
+## 7.3.6 / 2026-01-13
+### Added
+* Support Rails 8.1, Ruby 4.0
+* capistrano: Support bundler 4 with capistrano 2
+
 ## 7.3.5 / 2025-10-16
 ### Fixed
 * Capistrano: Do not include macOS extended attributes in tar files

data/SECURITY.md

@@ -0,0 +1,35 @@
+# Security
+
+NHS England takes security and the protection of private data extremely seriously. If you believe you have found a vulnerability or other issue which has compromised or could compromise the security of any of our systems and/or private data managed by our systems, please do not hesitate to contact us using the methods outlined below.
+
+## Table of Contents
+
+- [Security](#security)
+  - [Table of Contents](#table-of-contents)
+  - [Reporting a vulnerability](#reporting-a-vulnerability)
+    - [Email](#email)
+    - [NCSC](#ncsc)
+  - [General Security Enquiries](#general-security-enquiries)
+
+## Reporting a vulnerability
+
+Please note, email is our preferred method of receiving reports.
+
+### Email
+
+If you wish to notify us of a vulnerability via email, please include detailed information on the nature of the vulnerability and any steps required to reproduce it.
+
+You can reach us at:
+
+- [Brian.Shand@nhs.net](mailto:Brian.Shand@nhs.net)
+- [cybersecurity@nhs.net](mailto:cybersecurity@nhs.net)
+
+### NCSC
+
+You can send your report to the National Cyber Security Centre, who will assess your report and pass it on to NHS England if necessary.
+
+You can report vulnerabilities here: [https://www.ncsc.gov.uk/information/vulnerability-reporting](https://www.ncsc.gov.uk/information/vulnerability-reporting)
+
+## General Security Enquiries
+
+If you have general enquiries regarding our cybersecurity, please reach out to us at [cybersecurity@nhs.net](mailto:cybersecurity@nhs.net)

data/lib/ndr_dev_support/capistrano/bundler_deployment.rb

@@ -0,0 +1,100 @@
+# Support capistrano 2 with old (< 4) and new (>= 4) bundler versions
+#
+# Add "require 'ndr_dev_support/capistrano/ndr_model'" in your Capistrano deploy.rb,
+# but remove calls to "require 'bundler/capistrano'", and
+# Bundler will be activated after each new deployment.
+
+unless defined?(Bundler::Deployment)
+  # Redefine deployment helpers for Capistrano 2, previously defined in bundler < 4
+  # cf. https://blog.rubygems.org/2025/12/03/upgrade-to-rubygems-bundler-4.html
+  # Code copied from bundler 2 source files bundler/deployment.rb and bundler/capistrano.rb
+  # then modified to support bundler >= 2
+  # rubocop:disable Style/Documentation, Metrics/AbcSize, Metrics/MethodLength, Style/StringLiterals, Style/SymbolArray, Style/RaiseArgs, Layout/EmptyLineAfterGuardClause, Style/StringLiteralsInInterpolation, Style/Lambda
+  module Bundler
+    class Deployment
+      def self.define_task(context, task_method = :task, opts = {}) # rubocop:disable Metrics/CyclomaticComplexity
+        if defined?(Capistrano) && context.is_a?(Capistrano::Configuration)
+          context_name = "capistrano"
+          role_default = "{:except => {:no_release => true}}"
+          error_type = ::Capistrano::CommandError
+        else
+          context_name = "vlad"
+          role_default = "[:app]"
+          error_type = ::Rake::CommandFailedError
+        end
+
+        roles = context.fetch(:bundle_roles, false)
+        opts[:roles] = roles if roles
+
+        context.send :namespace, :bundle do
+          send :desc, <<-DESC
+            Install the current Bundler environment. By default, gems will be \
+            installed to the shared/bundle path. Gems in the development and \
+            test group will not be installed. The install command is executed \
+            with the --deployment and --quiet flags. If the bundle cmd cannot \
+            be found then you can override the bundle_cmd variable to specify \
+            which one it should use. The base path to the app is fetched from \
+            the :latest_release variable. Set it for custom deploy layouts.
+
+            You can override any of these defaults by setting the variables shown below.
+
+            N.B. bundle_roles must be defined before you require 'bundler/#{context_name}' \
+            in your deploy.rb file.
+
+              set :bundle_gemfile,  "Gemfile"
+              set :bundle_dir,      File.join(fetch(:shared_path), 'bundle')
+              set :bundle_flags,    "--deployment --quiet"
+              set :bundle_without,  [:development, :test]
+              set :bundle_with,     [:mysql]
+              set :bundle_cmd,      "bundle" # e.g. "/opt/ruby/bin/bundle"
+              set :bundle_roles,    #{role_default} # e.g. [:app, :batch]
+          DESC
+          send task_method, :install, opts do
+            bundle_cmd     = context.fetch(:bundle_cmd, "bundle")
+            bundle_flags   = context.fetch(:bundle_flags, "--deployment --quiet")
+            bundle_dir     = context.fetch(:bundle_dir, File.join(context.fetch(:shared_path), "bundle"))
+            bundle_gemfile = context.fetch(:bundle_gemfile, "Gemfile")
+            bundle_without = [*context.fetch(:bundle_without, [:development, :test])].compact
+            bundle_with    = [*context.fetch(:bundle_with, [])].compact
+            app_path = context.fetch(:latest_release)
+            if app_path.to_s.empty?
+              raise error_type.new("Cannot detect current release path - make sure you have deployed at least once.")
+            end
+            # Separate out flags that need to be sent to `bundle config` with Bundler 4
+            if bundle_flags.include?('--deployment')
+              bundle_flags = bundle_flags.split(/ /).grep_v('--deployment').join(' ')
+              config_settings = ['deployment true']
+            else
+              config_settings = []
+            end
+
+            args = ["--gemfile #{File.join(app_path, bundle_gemfile)}"]
+            config_settings << "path #{bundle_dir}" unless bundle_dir.to_s.empty?
+            args << bundle_flags.to_s
+            config_settings << "without #{bundle_without.join(" ")}" unless bundle_without.empty?
+            config_settings << "with #{bundle_with.join(" ")}" unless bundle_with.empty?
+
+            bundle_cmds = config_settings.collect do |settings|
+              "#{bundle_cmd} config set --local #{settings}"
+            end + ["#{bundle_cmd} install #{args.join(" ")}"]
+            run "cd #{app_path} && #{bundle_cmds.join(' && ')}"
+          end
+        end
+      end
+    end
+  end
+
+  # Capistrano task for Bundler.
+  require "capistrano/version"
+
+  if defined?(Capistrano::Version) && Gem::Version.new(Capistrano::Version).release >= Gem::Version.new("3.0")
+    raise "For Capistrano 3.x integration, please use https://github.com/capistrano/bundler"
+  end
+
+  Capistrano::Configuration.instance(:must_exist).load do
+    before "deploy:finalize_update", "bundle:install"
+    Bundler::Deployment.define_task(self, :task, except: { no_release: true })
+    set :rake, lambda { "#{fetch(:bundle_cmd, "bundle")} exec rake" }
+  end
+  # rubocop:enable Style/Documentation, Metrics/AbcSize, Metrics/MethodLength, Style/StringLiterals, Style/SymbolArray, Style/RaiseArgs, Layout/EmptyLineAfterGuardClause, Style/StringLiteralsInInterpolation, Style/Lambda
+end

data/lib/ndr_dev_support/capistrano/ndr_model.rb

@@ -2,6 +2,7 @@ require 'rainbow'
 
 # Discrete bits of functionality we use automatically:
 require_relative 'assets'
+require_relative 'bundler_deployment'
 require_relative 'deploy_secrets'
 require_relative 'install_ruby'
 require_relative 'macos_bsdtar'

data/lib/ndr_dev_support/capistrano/restart.rb

@@ -5,5 +5,15 @@ Capistrano::Configuration.instance(:must_exist).load do
       # The tmp/ directory should be shared, so this affects all prior deployments
       run "touch #{shared_path}/tmp/restart.txt"
     end
+
+    desc <<~DESC
+      Clean up old releases. Overrides the default deploy:cleanup but without blocking \
+      subsequent tasks if cleanup fails (e.g. because of locked files or permissions issues).
+    DESC
+    task :cleanup, except: { no_release: true } do
+      count = fetch(:keep_releases, 5).to_i
+      try_sudo "ls -1dt #{releases_path}/* | tail -n +#{count + 1} | #{try_sudo} xargs -r rm -rf " \
+               "|| echo 'cap deploy:cleanup failed - continuing, but check permissions.' >&2"
+    end
   end
 end

data/lib/ndr_dev_support/version.rb

@@ -2,5 +2,5 @@
 # This defines the NdrDevSupport version. If you change it, rebuild and commit the gem.
 # Use "rake build" to build the gem, see rake -T for all bundler rake tasks (and our own).
 module NdrDevSupport
-  VERSION = '7.3.5'
+  VERSION = '7.3.7'
 end

data/ndr_dev_support.gemspec

@@ -13,14 +13,14 @@ Gem::Specification.new do |spec|
   spec.license       = 'MIT'
 
   gem_files          = %w[CHANGELOG.md CODE_OF_CONDUCT.md LICENSE.txt README.md
-                          config lib ndr_dev_support.gemspec]
+                          SECURITY.md config lib ndr_dev_support.gemspec]
   spec.files         = `git ls-files -z`.split("\x0").
                        select { |f| gem_files.include?(f.split('/')[0]) }
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.required_ruby_version = '>= 3.1'
+  spec.required_ruby_version = '>= 3.2'
 
   spec.add_dependency 'pry'
 
@@ -39,12 +39,12 @@ Gem::Specification.new do |spec|
   # Integration test dependencies:
   spec.add_dependency 'capybara', '>= 3.34'
   spec.add_dependency 'capybara-screenshot'
-  spec.add_dependency 'minitest', '~> 5.11'
+  spec.add_dependency 'minitest', '>= 5.11', '< 7.0'
   spec.add_dependency 'selenium-webdriver', '~> 4.8'
   spec.add_dependency 'show_me_the_cookies'
 
   # CI server dependencies:
-  spec.add_dependency 'activesupport', '>= 6.1', '< 8.1'
+  spec.add_dependency 'activesupport', '>= 7.0', '< 8.2'
   spec.add_dependency 'brakeman', '>= 4.7.1'
   spec.add_dependency 'bundler-audit'
   spec.add_dependency 'github-linguist'

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: ndr_dev_support
 version: !ruby/object:Gem::Version
-  version: 7.3.5
+  version: 7.3.7
 platform: ruby
 authors:
 - NCRS Development Team
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-10-16 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pry
@@ -168,16 +167,22 @@ dependencies:
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '5.11'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '7.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '5.11'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: selenium-webdriver
   requirement: !ruby/object:Gem::Requirement
@@ -212,20 +217,20 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '8.1'
+        version: '8.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '8.1'
+        version: '8.2'
 - !ruby/object:Gem::Dependency
   name: brakeman
   requirement: !ruby/object:Gem::Requirement
@@ -404,11 +409,13 @@ files:
 - CODE_OF_CONDUCT.md
 - LICENSE.txt
 - README.md
+- SECURITY.md
 - config/rubocop/ndr.yml
 - lib/minitest/rake_ci.rb
 - lib/minitest/rake_ci_plugin.rb
 - lib/ndr_dev_support.rb
 - lib/ndr_dev_support/capistrano/assets.rb
+- lib/ndr_dev_support/capistrano/bundler_deployment.rb
 - lib/ndr_dev_support/capistrano/deploy_secrets.rb
 - lib/ndr_dev_support/capistrano/install_ruby.rb
 - lib/ndr_dev_support/capistrano/macos_bsdtar.rb
@@ -473,7 +480,6 @@ homepage: https://github.com/NHSDigital/ndr_dev_support
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -481,15 +487,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '3.1'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.22
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: NDR Developer Support library
 test_files: []