pii_safe_schema 1.3.3 → 1.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/default.yml +66 -0
- data/.github/workflows/licenses.yml +46 -0
- data/.github/workflows/security-check.yml +30 -0
- data/CHANGELOG.md +4 -0
- data/README.md +3 -2
- data/lib/pii_safe_schema/migration_generator.rb +2 -2
- data/lib/pii_safe_schema/version.rb +1 -1
- data/lib/pii_safe_schema.rb +1 -1
- data/pii_safe_schema.gemspec +0 -1
- metadata +5 -17
- data/.circleci/config.yml +0 -122
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7e1a5ae623714b4211bac604819cf2c5f04c3a7b2354678414b12432c216fcec
|
|
4
|
+
data.tar.gz: 751ad4aa17a3137e05c604edd3b0db961aadbb12f3d6e3d0d58141ab4e899246
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 03e97b60df41a59c8ef8e90575c2d9d68c67b400e7c0eaec7aca093943d68493bfa465fe20666ec926ad830884070b7417027da5cfb886072d506649be616741
|
|
7
|
+
data.tar.gz: bbcb8be4a11c7f2ae750cc3d967d2cc67ec968bf3dbc1058a487624d733cd7fe0a9ede3f153aeaf296d87d55d55ef8fbad8fe7195de0ff6062ea95b3b94f8d20
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
name: Default
|
|
2
|
+
|
|
3
|
+
# This workflow runs on all pushes to the repo so we can test changes and provide
|
|
4
|
+
# fast feedback. It also gets run when a pull request is created so that we can
|
|
5
|
+
# run the Sonarqube quality gate (which needs information from the PR). Subsequent
|
|
6
|
+
# pushes to the branch will provide PR information of any open PRs.
|
|
7
|
+
on:
|
|
8
|
+
push:
|
|
9
|
+
pull_request:
|
|
10
|
+
types: [opened, reopened]
|
|
11
|
+
|
|
12
|
+
concurrency:
|
|
13
|
+
group: default-${{ github.ref }}
|
|
14
|
+
cancel-in-progress: true
|
|
15
|
+
|
|
16
|
+
jobs:
|
|
17
|
+
preflight_check:
|
|
18
|
+
name: Preflight Check
|
|
19
|
+
runs-on: ubuntu-latest
|
|
20
|
+
steps:
|
|
21
|
+
# Need to fetch all refs, so we can check if the version has been bumped
|
|
22
|
+
- uses: actions/checkout@v2
|
|
23
|
+
with:
|
|
24
|
+
fetch-depth: 0
|
|
25
|
+
|
|
26
|
+
- uses: ruby/setup-ruby@v1
|
|
27
|
+
with:
|
|
28
|
+
bundler-cache: true
|
|
29
|
+
|
|
30
|
+
- name: Lint
|
|
31
|
+
uses: wealthsimple/toolbox-script@v1
|
|
32
|
+
with:
|
|
33
|
+
script: toolbox.ruby.lint.run();
|
|
34
|
+
|
|
35
|
+
- name: Test
|
|
36
|
+
uses: wealthsimple/toolbox-script@v1
|
|
37
|
+
with:
|
|
38
|
+
script: toolbox.ruby.test.run();
|
|
39
|
+
|
|
40
|
+
publish:
|
|
41
|
+
name: Publish package
|
|
42
|
+
runs-on: ubuntu-latest
|
|
43
|
+
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
|
|
44
|
+
needs:
|
|
45
|
+
- preflight_check
|
|
46
|
+
steps:
|
|
47
|
+
- uses: actions/checkout@v2
|
|
48
|
+
|
|
49
|
+
- uses: ruby/setup-ruby@v1
|
|
50
|
+
with:
|
|
51
|
+
bundler-cache: true
|
|
52
|
+
|
|
53
|
+
- name: Release the gem
|
|
54
|
+
run: |
|
|
55
|
+
mkdir -p ~/.gem
|
|
56
|
+
cat << EOF > ~/.gem/credentials
|
|
57
|
+
---
|
|
58
|
+
:github: Bearer ${GITHUB_TOKEN}
|
|
59
|
+
:rubygems_api_key: ${RUBYGEMS_API_KEY}
|
|
60
|
+
EOF
|
|
61
|
+
chmod 0600 ~/.gem/credentials
|
|
62
|
+
git config user.email "noreply@wealthsimple.com"
|
|
63
|
+
git config user.name "Wolfbot"
|
|
64
|
+
bundle exec rake release
|
|
65
|
+
env:
|
|
66
|
+
RUBYGEMS_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }}
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
name: Save licenses report
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches:
|
|
6
|
+
- main
|
|
7
|
+
- master
|
|
8
|
+
workflow_dispatch:
|
|
9
|
+
|
|
10
|
+
concurrency:
|
|
11
|
+
group: licenses-${{ github.ref }}
|
|
12
|
+
cancel-in-progress: true
|
|
13
|
+
|
|
14
|
+
jobs:
|
|
15
|
+
license_report:
|
|
16
|
+
name: Push license report to S3
|
|
17
|
+
runs-on: ubuntu-latest
|
|
18
|
+
steps:
|
|
19
|
+
- uses: actions/checkout@v2
|
|
20
|
+
|
|
21
|
+
- name: Configure AWS Credentials
|
|
22
|
+
uses: aws-actions/configure-aws-credentials@v1
|
|
23
|
+
with:
|
|
24
|
+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
25
|
+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
26
|
+
aws-region: us-east-1
|
|
27
|
+
role-to-assume: ${{ secrets.ACTIONS_GITHUB_INTSVC_ROLE_TO_ASSUME }}
|
|
28
|
+
role-skip-session-tagging: true
|
|
29
|
+
role-duration-seconds: 900
|
|
30
|
+
|
|
31
|
+
- uses: ruby/setup-ruby@v1
|
|
32
|
+
with:
|
|
33
|
+
bundler-cache: true
|
|
34
|
+
env:
|
|
35
|
+
BUNDLE_GEMS__CONTRIBSYS__COM:
|
|
36
|
+
${{ secrets.BUNDLE_GEMS__CONTRIBSYS__COM }}
|
|
37
|
+
BUNDLE_NEXUS__IAD__W10EXTERNAL__COM:
|
|
38
|
+
${{ secrets.BUNDLE_NEXUS__IAD__W10EXTERNAL__COM }}
|
|
39
|
+
BUNDLE_GITHUB__COM:
|
|
40
|
+
${{ secrets.WOLFBOT_GITHUB_ACTIONS_TOKEN }}:x-oauth-basic
|
|
41
|
+
|
|
42
|
+
- name: Build and Push Report
|
|
43
|
+
uses: wealthsimple/toolbox-script@v1
|
|
44
|
+
with:
|
|
45
|
+
script: toolbox.licensed.run()
|
|
46
|
+
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
name: Security Check
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
schedule:
|
|
5
|
+
- cron: '15 11 * * *' # 11:15 am UTC: 6:15 am EST / 7:15 am EDT
|
|
6
|
+
|
|
7
|
+
concurrency:
|
|
8
|
+
group: security-${{ github.ref }}
|
|
9
|
+
cancel-in-progress: true
|
|
10
|
+
|
|
11
|
+
jobs:
|
|
12
|
+
security_check:
|
|
13
|
+
name: Security Check
|
|
14
|
+
runs-on: ubuntu-latest
|
|
15
|
+
steps:
|
|
16
|
+
- uses: actions/checkout@v2
|
|
17
|
+
- uses: ruby/setup-ruby@v1
|
|
18
|
+
with:
|
|
19
|
+
bundler-cache: true
|
|
20
|
+
env:
|
|
21
|
+
BUNDLE_GEMS__CONTRIBSYS__COM:
|
|
22
|
+
${{ secrets.BUNDLE_GEMS__CONTRIBSYS__COM }}
|
|
23
|
+
BUNDLE_NEXUS__IAD__W10EXTERNAL__COM:
|
|
24
|
+
${{ secrets.BUNDLE_NEXUS__IAD__W10EXTERNAL__COM }}
|
|
25
|
+
BUNDLE_GITHUB__COM:
|
|
26
|
+
${{ secrets.WOLFBOT_GITHUB_ACTIONS_TOKEN }}:x-oauth-basic
|
|
27
|
+
- name: Security Check
|
|
28
|
+
uses: wealthsimple/toolbox-script@v1
|
|
29
|
+
with:
|
|
30
|
+
script: toolbox.ruby.security.run();
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
+
## 1.3.4 - 2021-10-21
|
|
8
|
+
### Changed
|
|
9
|
+
- Switched to Github Actions
|
|
10
|
+
|
|
7
11
|
## 1.3.3 - 2021-03-15
|
|
8
12
|
### Changed
|
|
9
13
|
- Pull CI images from ECR repository
|
data/README.md
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
# PII Safe Schema
|
|
1
|
+
# PII Safe Schema
|
|
2
|
+
|
|
2
3
|
|
|
3
4
|
Schema migration tool for checking and adding comments on *Personally Identifiable Information* (PII) columns in Rails.
|
|
4
5
|
|
|
@@ -96,4 +97,4 @@ git clone https://github.com/wealthsimple/pii_safe_schema.git
|
|
|
96
97
|
cd pii_safe_schema
|
|
97
98
|
bundle install
|
|
98
99
|
bundle exec rspec
|
|
99
|
-
```
|
|
100
|
+
```
|
|
@@ -31,8 +31,8 @@ module PiiSafeSchema
|
|
|
31
31
|
def generate_migration_lines(table, columns)
|
|
32
32
|
migration_lines = columns.map do |c|
|
|
33
33
|
"#{' ' * (safety_assured? ? 6 : 4)}"\
|
|
34
|
-
|
|
35
|
-
|
|
34
|
+
"change_column :#{table}, :#{c.column.name}, :#{c.column.type}, "\
|
|
35
|
+
"comment: \'#{c.suggestion.to_json}\'"\
|
|
36
36
|
end
|
|
37
37
|
wrap_in_safety_assured(migration_lines)
|
|
38
38
|
end
|
data/lib/pii_safe_schema.rb
CHANGED
|
@@ -55,7 +55,7 @@ module PiiSafeSchema
|
|
|
55
55
|
end
|
|
56
56
|
end
|
|
57
57
|
|
|
58
|
-
def self.print_help!(do_exit: true)
|
|
58
|
+
def self.print_help!(do_exit: true)
|
|
59
59
|
puts <<~HELPMSG # rubocop:disable Rails/Output
|
|
60
60
|
Usage:
|
|
61
61
|
rake pii_safe_schema:generate_migrations [table:column:annotation_type] ...
|
data/pii_safe_schema.gemspec
CHANGED
|
@@ -27,7 +27,6 @@ Gem::Specification.new do |s|
|
|
|
27
27
|
|
|
28
28
|
s.add_development_dependency 'bundler', '>= 1.16'
|
|
29
29
|
s.add_development_dependency 'bundler-audit'
|
|
30
|
-
s.add_development_dependency 'coveralls'
|
|
31
30
|
s.add_development_dependency 'dogstatsd-ruby'
|
|
32
31
|
s.add_development_dependency 'git'
|
|
33
32
|
s.add_development_dependency 'guard-rspec'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pii_safe_schema
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexi Garrow
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-12-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -92,20 +92,6 @@ dependencies:
|
|
|
92
92
|
- - ">="
|
|
93
93
|
- !ruby/object:Gem::Version
|
|
94
94
|
version: '0'
|
|
95
|
-
- !ruby/object:Gem::Dependency
|
|
96
|
-
name: coveralls
|
|
97
|
-
requirement: !ruby/object:Gem::Requirement
|
|
98
|
-
requirements:
|
|
99
|
-
- - ">="
|
|
100
|
-
- !ruby/object:Gem::Version
|
|
101
|
-
version: '0'
|
|
102
|
-
type: :development
|
|
103
|
-
prerelease: false
|
|
104
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
105
|
-
requirements:
|
|
106
|
-
- - ">="
|
|
107
|
-
- !ruby/object:Gem::Version
|
|
108
|
-
version: '0'
|
|
109
95
|
- !ruby/object:Gem::Dependency
|
|
110
96
|
name: dogstatsd-ruby
|
|
111
97
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -335,9 +321,11 @@ executables: []
|
|
|
335
321
|
extensions: []
|
|
336
322
|
extra_rdoc_files: []
|
|
337
323
|
files:
|
|
338
|
-
- ".circleci/config.yml"
|
|
339
324
|
- ".github/CODEOWNERS"
|
|
340
325
|
- ".github/PULL_REQUEST_TEMPLATE.md"
|
|
326
|
+
- ".github/workflows/default.yml"
|
|
327
|
+
- ".github/workflows/licenses.yml"
|
|
328
|
+
- ".github/workflows/security-check.yml"
|
|
341
329
|
- ".gitignore"
|
|
342
330
|
- ".rspec"
|
|
343
331
|
- ".rubocop.yml"
|
data/.circleci/config.yml
DELETED
|
@@ -1,122 +0,0 @@
|
|
|
1
|
-
version: 2
|
|
2
|
-
|
|
3
|
-
defaults: &defaults
|
|
4
|
-
working_directory: /home/circleci/wealthsimple
|
|
5
|
-
docker:
|
|
6
|
-
- image: circleci/ruby:2.7.2
|
|
7
|
-
- image: circleci/postgres:9.5.9-alpine
|
|
8
|
-
environment:
|
|
9
|
-
POSTGRES_USER: circleci
|
|
10
|
-
POSTGRES_DB: pii_safe_schema_test
|
|
11
|
-
|
|
12
|
-
# These are common snippets that are referenced in multiple workflows.
|
|
13
|
-
references:
|
|
14
|
-
attach_code_workspace: &attach_code_workspace
|
|
15
|
-
attach_workspace:
|
|
16
|
-
at: /home/circleci/wealthsimple
|
|
17
|
-
|
|
18
|
-
restore_bundle_dependencies: &restore_bundle_dependencies
|
|
19
|
-
run:
|
|
20
|
-
name: Restore bundle dependencies from workspace
|
|
21
|
-
command: bundle --path vendor/bundle
|
|
22
|
-
|
|
23
|
-
jobs:
|
|
24
|
-
checkout_and_bundle:
|
|
25
|
-
<<: *defaults
|
|
26
|
-
steps:
|
|
27
|
-
- checkout
|
|
28
|
-
- run:
|
|
29
|
-
command: bundle install --jobs=4 --retry=3 --path vendor/bundle
|
|
30
|
-
- persist_to_workspace:
|
|
31
|
-
root: .
|
|
32
|
-
paths: .
|
|
33
|
-
|
|
34
|
-
rspec:
|
|
35
|
-
<<: *defaults
|
|
36
|
-
steps:
|
|
37
|
-
- *attach_code_workspace
|
|
38
|
-
- *restore_bundle_dependencies
|
|
39
|
-
- run:
|
|
40
|
-
command: sudo apt install -y postgresql-client || true
|
|
41
|
-
- run:
|
|
42
|
-
command: bundle exec bundle-audit update && bundle exec bundle-audit check
|
|
43
|
-
- run:
|
|
44
|
-
command: bundle exec rspec
|
|
45
|
-
|
|
46
|
-
lint_check:
|
|
47
|
-
<<: *defaults
|
|
48
|
-
steps:
|
|
49
|
-
- *attach_code_workspace
|
|
50
|
-
- *restore_bundle_dependencies
|
|
51
|
-
- run:
|
|
52
|
-
command: bundle exec rubocop
|
|
53
|
-
|
|
54
|
-
vulnerability_check:
|
|
55
|
-
<<: *defaults
|
|
56
|
-
steps:
|
|
57
|
-
- *attach_code_workspace
|
|
58
|
-
- *restore_bundle_dependencies
|
|
59
|
-
- run:
|
|
60
|
-
command: bundle exec bundle-audit update && bundle exec bundle-audit check
|
|
61
|
-
|
|
62
|
-
release:
|
|
63
|
-
<<: *defaults
|
|
64
|
-
steps:
|
|
65
|
-
- add_ssh_keys:
|
|
66
|
-
fingerprints:
|
|
67
|
-
- "46:b5:cb:ee:57:dc:14:95:31:be:12:13:4f:11:94:a4"
|
|
68
|
-
- *attach_code_workspace
|
|
69
|
-
- *restore_bundle_dependencies
|
|
70
|
-
- run:
|
|
71
|
-
name: Release to rubygems.org
|
|
72
|
-
command: |
|
|
73
|
-
mkdir ~/.gem
|
|
74
|
-
echo ":rubygems_api_key: ${RUBYGEMS_API_KEY}" >> ~/.gem/credentials
|
|
75
|
-
chmod 600 ~/.gem/credentials
|
|
76
|
-
mkdir -p ~/.ssh
|
|
77
|
-
echo "github.com,192.30.253.112 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==" >> ~/.ssh/known_hosts
|
|
78
|
-
bundle exec rake release
|
|
79
|
-
|
|
80
|
-
workflows:
|
|
81
|
-
version: 2
|
|
82
|
-
build_and_test:
|
|
83
|
-
jobs:
|
|
84
|
-
- checkout_and_bundle:
|
|
85
|
-
context: wealthsimple
|
|
86
|
-
- rspec:
|
|
87
|
-
context: wealthsimple
|
|
88
|
-
requires:
|
|
89
|
-
- checkout_and_bundle
|
|
90
|
-
- lint_check:
|
|
91
|
-
context: wealthsimple
|
|
92
|
-
requires:
|
|
93
|
-
- checkout_and_bundle
|
|
94
|
-
- vulnerability_check:
|
|
95
|
-
context: wealthsimple
|
|
96
|
-
requires:
|
|
97
|
-
- checkout_and_bundle
|
|
98
|
-
- release:
|
|
99
|
-
context: wealthsimple
|
|
100
|
-
filters:
|
|
101
|
-
branches:
|
|
102
|
-
only: master
|
|
103
|
-
requires:
|
|
104
|
-
- rspec
|
|
105
|
-
- lint_check
|
|
106
|
-
- vulnerability_check
|
|
107
|
-
|
|
108
|
-
security-audit:
|
|
109
|
-
triggers:
|
|
110
|
-
- schedule:
|
|
111
|
-
# 11:45 am UTC: 6:45 am EST / 7:45 am EDT
|
|
112
|
-
cron: "45 11 * * *"
|
|
113
|
-
filters:
|
|
114
|
-
branches:
|
|
115
|
-
only: master
|
|
116
|
-
jobs:
|
|
117
|
-
- checkout_and_bundle:
|
|
118
|
-
context: wealthsimple
|
|
119
|
-
- vulnerability_check:
|
|
120
|
-
context: wealthsimple
|
|
121
|
-
requires:
|
|
122
|
-
- checkout_and_bundle
|