pii_safe_schema 1.3.0 → 1.3.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a3fe6f6dc02bc520f523874f6111cb00dc9201687f0b7f668dc39e587080bda
-  data.tar.gz: c2f2bf99f36d65c806e9b74af88ab55a8c77291e5bd61883a36bd2b2bf2d6b1b
+  metadata.gz: 7e1a5ae623714b4211bac604819cf2c5f04c3a7b2354678414b12432c216fcec
+  data.tar.gz: 751ad4aa17a3137e05c604edd3b0db961aadbb12f3d6e3d0d58141ab4e899246
 SHA512:
-  metadata.gz: 539795ee77529477a46a52df234f0474f5d774f2ded25537520f20d023af8539c5643f3c859e3df56e3181591cea9b854b23030be1d5f4c9344dec6b3b7d7f29
-  data.tar.gz: 8ed9a5f69eeeca205128085268198732888632563922be5402129779074f314df3bf18ad54b17a859372fb90c2689a2b140352bd02f9fa9275950b75667deb67
+  metadata.gz: 03e97b60df41a59c8ef8e90575c2d9d68c67b400e7c0eaec7aca093943d68493bfa465fe20666ec926ad830884070b7417027da5cfb886072d506649be616741
+  data.tar.gz: bbcb8be4a11c7f2ae750cc3d967d2cc67ec968bf3dbc1058a487624d733cd7fe0a9ede3f153aeaf296d87d55d55ef8fbad8fe7195de0ff6062ea95b3b94f8d20

data/.github/workflows/default.yml

@@ -0,0 +1,66 @@
+name: Default
+
+# This workflow runs on all pushes to the repo so we can test changes and provide
+# fast feedback. It also gets run when a pull request is created so that we can
+# run the Sonarqube quality gate (which needs information from the PR). Subsequent
+# pushes to the branch will provide PR information of any open PRs.
+on:
+  push:
+  pull_request:
+    types: [opened, reopened]
+
+concurrency:
+  group: default-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  preflight_check:
+    name: Preflight Check
+    runs-on: ubuntu-latest
+    steps:
+      # Need to fetch all refs, so we can check if the version has been bumped
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+
+      - name: Lint
+        uses: wealthsimple/toolbox-script@v1
+        with:
+          script: toolbox.ruby.lint.run();
+
+      - name: Test
+        uses: wealthsimple/toolbox-script@v1
+        with:
+          script: toolbox.ruby.test.run();
+
+  publish:
+    name: Publish package
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
+    needs:
+      - preflight_check
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+
+      - name: Release the gem
+        run: |
+          mkdir -p ~/.gem
+          cat << EOF > ~/.gem/credentials
+          ---
+          :github: Bearer ${GITHUB_TOKEN}
+          :rubygems_api_key: ${RUBYGEMS_API_KEY}
+          EOF
+          chmod 0600 ~/.gem/credentials
+          git config user.email "noreply@wealthsimple.com"
+          git config user.name "Wolfbot"
+          bundle exec rake release
+        env:
+          RUBYGEMS_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }}

data/.github/workflows/licenses.yml

@@ -0,0 +1,46 @@
+name: Save licenses report
+
+on:
+  push:
+    branches:
+      - main
+      - master
+  workflow_dispatch:
+
+concurrency:
+  group: licenses-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  license_report:
+    name: Push license report to S3
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+          role-to-assume: ${{ secrets.ACTIONS_GITHUB_INTSVC_ROLE_TO_ASSUME }}
+          role-skip-session-tagging: true
+          role-duration-seconds: 900
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+        env:
+          BUNDLE_GEMS__CONTRIBSYS__COM:
+            ${{ secrets.BUNDLE_GEMS__CONTRIBSYS__COM }}
+          BUNDLE_NEXUS__IAD__W10EXTERNAL__COM:
+            ${{ secrets.BUNDLE_NEXUS__IAD__W10EXTERNAL__COM }}
+          BUNDLE_GITHUB__COM:
+            ${{ secrets.WOLFBOT_GITHUB_ACTIONS_TOKEN }}:x-oauth-basic
+
+      - name: Build and Push Report
+        uses: wealthsimple/toolbox-script@v1
+        with:
+          script: toolbox.licensed.run()
+

data/.github/workflows/security-check.yml

@@ -0,0 +1,30 @@
+name: Security Check
+
+on:
+  schedule:
+    - cron: '15 11 * * *' # 11:15 am UTC: 6:15 am EST / 7:15 am EDT
+
+concurrency:
+  group: security-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  security_check:
+    name: Security Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+        env:
+          BUNDLE_GEMS__CONTRIBSYS__COM:
+            ${{ secrets.BUNDLE_GEMS__CONTRIBSYS__COM }}
+          BUNDLE_NEXUS__IAD__W10EXTERNAL__COM:
+            ${{ secrets.BUNDLE_NEXUS__IAD__W10EXTERNAL__COM }}
+          BUNDLE_GITHUB__COM:
+            ${{ secrets.WOLFBOT_GITHUB_ACTIONS_TOKEN }}:x-oauth-basic
+      - name: Security Check
+        uses: wealthsimple/toolbox-script@v1
+        with:
+          script: toolbox.ruby.security.run();

data/.rubocop.yml

@@ -1,3 +1,7 @@
+---
 inherit_gem:
   ws-style:
     - default.yml
+
+AllCops:
+  TargetRubyVersion: 2.6

data/.ruby-version

@@ -1 +1 @@
-2.6.5
+2.7.2

data/CHANGELOG.md

@@ -4,6 +4,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 1.3.4 - 2021-10-21
+### Changed
+- Switched to Github Actions
+
+## 1.3.3 - 2021-03-15
+### Changed
+- Pull CI images from ECR repository
+
+## 1.3.2 - 2021-03-15
+### Changed
+- Update development to Ruby 2.7.2
+
+## 1.3.1 - 2019-11-06
+### Fixed
+- Passing arguments to `rake pii_safe_schema:generate_migrations` actually works
+
 ## 1.3.0 - 2019-11-04
 ### Added
 - Can pass explicitly annotate PII columns from the command line as arguments when using `rake pii_safe_schema:generate_migrations`.

data/README.md

@@ -1,4 +1,5 @@
-# PII Safe Schema [![CircleCI](https://circleci.com/gh/wealthsimple/pii_safe_schema.svg?style=svg)](https://circleci.com/gh/wealthsimple/pii_safe_schema) [![Coverage Status](https://coveralls.io/repos/github/wealthsimple/pii_safe_schema/badge.svg?branch=master)](https://coveralls.io/github/wealthsimple/pii_safe_schema?branch=master)
+# PII Safe Schema
+![CI](https://github.com/wealthsimple/pii_safe_schema/actions/workflows/default.yml/badge.svg)
 
 Schema migration tool for checking and adding comments on *Personally Identifiable Information* (PII) columns in Rails.
 
@@ -96,4 +97,4 @@ git clone https://github.com/wealthsimple/pii_safe_schema.git
 cd pii_safe_schema
 bundle install
 bundle exec rspec
-```
+```

data/lib/pii_safe_schema/configuration.rb

@@ -27,11 +27,10 @@ module PiiSafeSchema
     end
 
     def datadog_client
-      @datadog_client ||= begin
-        KNOWN_DD_CLIENTS.each do |client|
-          return client.safe_constantize if defined?(client)
+      @datadog_client ||=
+        KNOWN_DD_CLIENTS.find do |client|
+          client.safe_constantize if defined?(client)
         end
-      end
     end
 
     def ignore_tables
@@ -47,7 +46,7 @@ module PiiSafeSchema
     def validate_ignore(ignore_params)
       raise_config_error(:ignore) unless ignore_params.is_a?(Hash)
 
-      ignore_params.values.each do |ip|
+      ignore_params.each_value do |ip|
         raise_config_error(:ignore) unless valid_column_list?(ip) || ip == :*
       end
       true

data/lib/pii_safe_schema/migration_generator.rb

@@ -18,9 +18,7 @@ module PiiSafeSchema
         migration_file = generator.create_migration_file
         file_lines = File.open(migration_file, 'r').read.split("\n")
         change_line = file_lines.find_index { |i| /def change/.match(i) }
-        new_contents = file_lines[0..change_line] +
-                       generated_lines +
-                       file_lines[change_line + 1..-1]
+        new_contents = file_lines[0..change_line] + generated_lines + file_lines[change_line + 1..]
 
         File.open(migration_file, 'w') do |f|
           f.write(new_contents.join("\n"))
@@ -33,8 +31,8 @@ module PiiSafeSchema
       def generate_migration_lines(table, columns)
         migration_lines = columns.map do |c|
           "#{' ' * (safety_assured? ? 6 : 4)}"\
-          "change_column :#{table}, :#{c.column.name}, :#{c.column.type}, "\
-          "comment: \'#{c.suggestion.to_json}\'"\
+            "change_column :#{table}, :#{c.column.name}, :#{c.column.type}, "\
+            "comment: \'#{c.suggestion.to_json}\'"\
         end
         wrap_in_safety_assured(migration_lines)
       end

data/lib/pii_safe_schema/pii_column.rb

@@ -15,11 +15,13 @@ module PiiSafeSchema
       end
 
       def from_column_name(table:, column:, suggestion:)
-        unless connection.columns(table.to_s).find { |c| c.name == column.to_s }
+        activerecord_column = connection.columns(table.to_s).find { |c| c.name == column.to_s }
+
+        unless activerecord_column
           raise InvalidColumnError, "column \"#{column}\" does not exist for table \"#{table}\""
         end
 
-        new(table: table, column: column, suggestion: suggestion)
+        new(table: table, column: activerecord_column, suggestion: suggestion)
       end
 
       private

data/lib/pii_safe_schema/version.rb

@@ -1,3 +1,3 @@
 module PiiSafeSchema
-  VERSION = '1.3.0'.freeze
+  VERSION = '1.3.4'.freeze
 end

data/lib/pii_safe_schema.rb

@@ -55,7 +55,7 @@ module PiiSafeSchema
     end
   end
 
-  def self.print_help!(do_exit: true) # rubocop:disable Metrics/MethodLength
+  def self.print_help!(do_exit: true)
     puts <<~HELPMSG # rubocop:disable Rails/Output
       Usage:
         rake pii_safe_schema:generate_migrations [table:column:annotation_type] ...

data/lib/tasks/pii_safe_schema.rake

@@ -9,8 +9,9 @@ namespace :pii_safe_schema do
       PiiSafeSchema.generate_migrations(additional_columns)
     end
 
+    exit(0) # forces rake to stop after this and not assume args are tasks
   rescue ActiveRecord::StatementInvalid, PiiSafeSchema::InvalidColumnError => e
-    raise e if e.class == ActiveRecord::StatementInvalid && e.cause.class != PG::UndefinedTable
+    raise e if e.instance_of?(ActiveRecord::StatementInvalid) && e.cause.class != PG::UndefinedTable
 
     puts <<~HEREDOC
       Unable to generate PII annotation migration. Either the underlying table or column does not exist:
@@ -19,7 +20,7 @@ namespace :pii_safe_schema do
 
       Please create the table & columns first, running their migrations, before attempting to use the pii_safe_schema generator.
     HEREDOC
-  ensure
-    exit(0) # forces rake to stop after this and not assume args are tasks
+
+    exit(1) # forces rake to stop after this and not assume args are tasks
   end
 end

data/pii_safe_schema.gemspec

@@ -10,6 +10,8 @@ Gem::Specification.new do |s|
 
   s.summary       = 'Schema migration tool for checking and adding comments on PII columns.'
   s.homepage      = 'https://github.com/wealthsimple/pii_safe_schema'
+  s.license       = "MIT"
+  s.required_ruby_version = Gem::Requirement.new(">= 2.6")
 
   s.files = `git ls-files -z`.split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
@@ -25,7 +27,6 @@ Gem::Specification.new do |s|
 
   s.add_development_dependency 'bundler', '>= 1.16'
   s.add_development_dependency 'bundler-audit'
-  s.add_development_dependency 'coveralls'
   s.add_development_dependency 'dogstatsd-ruby'
   s.add_development_dependency 'git'
   s.add_development_dependency 'guard-rspec'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pii_safe_schema
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.3.4
 platform: ruby
 authors:
 - Alexi Garrow
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-11-06 00:00:00.000000000 Z
+date: 2021-12-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -92,20 +92,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: coveralls
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: dogstatsd-ruby
   requirement: !ruby/object:Gem::Requirement
@@ -200,22 +186,22 @@ dependencies:
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '3.0'
     - - "<"
       - !ruby/object:Gem::Version
         version: '4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '3.0'
     - - "<"
       - !ruby/object:Gem::Version
         version: '4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rspec-collection_matchers
   requirement: !ruby/object:Gem::Requirement
@@ -335,9 +321,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".circleci/config.yml"
 - ".github/CODEOWNERS"
 - ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/workflows/default.yml"
+- ".github/workflows/licenses.yml"
+- ".github/workflows/security-check.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -363,7 +351,8 @@ files:
 - lib/tasks/pii_safe_schema.rake
 - pii_safe_schema.gemspec
 homepage: https://github.com/wealthsimple/pii_safe_schema
-licenses: []
+licenses:
+- MIT
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -373,14 +362,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Schema migration tool for checking and adding comments on PII columns.

data/.circleci/config.yml

@@ -1,118 +0,0 @@
-version: 2
-
-defaults: &defaults
-  working_directory: /home/circleci/wealthsimple
-  docker:
-    - image: circleci/ruby:2.6.5
-    - image: circleci/postgres:9.5.9-alpine
-      environment:
-        POSTGRES_USER: circleci
-        POSTGRES_DB: pii_safe_schema_test
-
-# These are common snippets that are referenced in multiple workflows.
-references:
-  attach_code_workspace: &attach_code_workspace
-    attach_workspace:
-      at: /home/circleci/wealthsimple
-
-  restore_bundle_dependencies: &restore_bundle_dependencies
-    run:
-      name: Restore bundle dependencies from workspace
-      command: bundle --path vendor/bundle
-
-jobs:
-  checkout_and_bundle:
-    <<: *defaults
-    steps:
-      - checkout
-      - run:
-          command: bundle install --jobs=4 --retry=3 --path vendor/bundle
-      - persist_to_workspace:
-          root: .
-          paths: .
-
-  rspec:
-    <<: *defaults
-    steps:
-      - *attach_code_workspace
-      - *restore_bundle_dependencies
-      - run:
-          command: sudo apt install -y postgresql-client || true
-      - run:
-          command: bundle exec bundle-audit update && bundle exec bundle-audit check
-      - run:
-          command: bundle exec rspec
-
-  lint_check:
-    <<: *defaults
-    steps:
-      - *attach_code_workspace
-      - *restore_bundle_dependencies
-      - run:
-          command: bundle exec rubocop
-
-  vulnerability_check:
-    <<: *defaults
-    steps:
-      - *attach_code_workspace
-      - *restore_bundle_dependencies
-      - run:
-          command: bundle exec bundle-audit update && bundle exec bundle-audit check
-
-  release:
-    <<: *defaults
-    steps:
-      - add_ssh_keys:
-          fingerprints:
-            - "46:b5:cb:ee:57:dc:14:95:31:be:12:13:4f:11:94:a4"
-      - *attach_code_workspace
-      - *restore_bundle_dependencies
-      - run:
-          name: Release to rubygems.org
-          command: |
-            mkdir ~/.gem
-            echo ":rubygems_api_key: ${RUBYGEMS_API_KEY}" >> ~/.gem/credentials
-            chmod 600 ~/.gem/credentials
-            mkdir -p ~/.ssh
-            echo "github.com,192.30.253.112 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==" >> ~/.ssh/known_hosts
-            bundle exec rake release
-
-workflows:
-  version: 2
-  build_and_test:
-    jobs:
-      - checkout_and_bundle:
-          context: wealthsimple
-      - rspec:
-          requires:
-            - checkout_and_bundle
-      - lint_check:
-          requires:
-            - checkout_and_bundle
-      - vulnerability_check:
-          requires:
-            - checkout_and_bundle
-      - release:
-          context: wealthsimple
-          filters:
-            branches:
-              only: master
-          requires:
-          - rspec
-          - lint_check
-          - vulnerability_check
-
-  security-audit:
-    triggers:
-      - schedule:
-          # 11:45 am UTC: 6:45 am EST / 7:45 am EDT
-          cron: "45 11 * * *"
-          filters:
-            branches:
-              only: master
-    jobs:
-      - checkout_and_bundle:
-          context: wealthsimple
-      - vulnerability_check:
-          requires:
-            - checkout_and_bundle