rails-creds 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bc2e9f9bab0600a6bd80cb4de294fed74e0350dec39a44ece69e2f2f9cf33bb1
-  data.tar.gz: 122898482b87c4963fe814f87b5121454528ad19f2f1b0fec5add0fac7dba33b
+  metadata.gz: cbc1c067d2f4b0a326231eb8c98d1ad5a79f308cc6ef82c2bc9ba2409dd6656d
+  data.tar.gz: 35af2f8b5ba9d9488a466dd64f04da29a78065eb94678e774a8e810b669cbccb
 SHA512:
-  metadata.gz: 1cdb35a94bbef472049ea5aa9ea6c13d41478187e34360e22d8f15435f8d8cc342616d11861ccac3c1a9ef637ef767cee142b06344449274e680fcdbb8dc39b5
-  data.tar.gz: 8aaf493870469ed8f6578fa480def8d800214ed8740c6eac06cf6f8d2d9c53e22db161ba4643ccaa55c973607f04fcb29fd182c7cff1c659b136222352e73e04
+  metadata.gz: 8b8e7609ef17e6ea9a5b96ba66ccdd3ff2cd21d916ca30f2df1d52a9c1ef318c6f5e81bdbe417faf5fd26fd15a28e22db9753adf17689205bfa010ff4231a97f
+  data.tar.gz: 19d31443777ff80b7f4dbea23dd7ccd2e2c888136797377274b3fdd606fe812be96454cedfa35d0fe27296666616ef05d85a4a076a614d82dbf17d4365281146

data/.github/workflows/ci.yml

@@ -0,0 +1,46 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - "3.0"
+          - "3.1"
+          - "3.2"
+          - "3.3"
+          - "3.4"
+
+    steps:
+      - name: Install packages
+        run: sudo apt-get update && sudo apt-get install --no-install-recommends -y build-essential git pkg-config google-chrome-stable
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ruby-3.4.1
+          bundler-cache: true
+
+      - name: Run tests
+        env:
+          RAILS_ENV: test
+        run: bin/rails test
+
+      - name: Keep screenshots from failed system tests
+        uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: screenshots
+          path: ${{ github.workspace }}/tmp/screenshots
+          if-no-files-found: ignore

data/.rspec

@@ -1,3 +1,2 @@
---format documentation
 --color
 --require spec_helper

data/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## 0.5.0
+
+**NB:** Probably breaking change.
+
+We now rely on YAML for merging credentials. See `bin/rails creds:example` for an example configuration.
+
+- New: Missing keys always raise.
+- Added example task.
+
 ## 0.4.0 (2023-07-08)
 
 ### Added

data/Rakefile

@@ -3,4 +3,4 @@ require "rspec/core/rake_task"
 
 RSpec::Core::RakeTask.new(:spec)
 
-task default: :spec
+task(default: :spec)

data/creds.gemspec

@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
   spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency("rails", "> 5.2")
+  spec.add_dependency("rails", ">= 5.2")
 
   spec.add_development_dependency("bundler", "~> 2.0")
   spec.add_development_dependency("rake", "~> 12.3")

data/lib/creds/railtie.rb

@@ -0,0 +1,7 @@
+module Creds
+  class Railtie < ::Rails::Railtie
+    rake_tasks do
+      Dir[File.join(__dir__, "../tasks/**/*.rake")].each { |f| load f }
+    end
+  end
+end

data/lib/creds/version.rb

@@ -1,3 +1,3 @@
-class Creds
-  VERSION = "0.4.0".freeze
+module Creds
+  VERSION = "0.5.0".freeze
 end

data/lib/creds.rb

@@ -1,84 +1,63 @@
 require "rails"
+require "active_support/core_ext/string/strip"
 
 require "creds/version"
-require "creds/errors"
+require "creds/railtie"
 
 # The main module of rails-creds
-class Creds
-  include Singleton
+module Creds
+  EXAMPLE_CONFIG = <<-YAML
+  ---
+  secret_key_base: "abc123"
 
-  # Credentials that are always nil
-  class NullCredentials
-    def respond_to_missing?(_name)
-      true
-    end
-
-    def method_missing(*_args)
-      nil
-    end
+  shared: &shared
+    secret: 123
 
-    def nil?
-      true
-    end
-  end
-
-  def self.respond_to_missing?(_name)
-    true
-  end
-
-  def self.method_missing(name, *_args)
-    instance.credentials.fetch(name)
-  rescue KeyError
-    raise MissingKeyError.new(name, Rails.env)
-  end
+  test:
+    <<: *shared
 
-  def self.to_h
-    instance.credentials
-  end
+  development:
+    <<: *shared
 
-  def credentials
-    return @credentials if @credentials
+  production:
+    <<: *shared
+    secret: 456
+  YAML
+    .strip_heredoc
+    .freeze
 
-    if dummy?
-      @credentials = NullCredentials.new
-      return @credentials
-    end
+  class MissingKeyError < StandardError
+    MESSAGE = "Key :%<key>s missing from credentials in \"%<env>s\" env".freeze
 
-    unless encrypted_credentials_exist?
-      Rails.logger.warn(MissingCredentialsWarning)
-      @credentials = NullCredentials.new
-      return @credentials
+    def initialize(key, env)
+      super(format(MESSAGE, key: key, env: env))
     end
-
-    raise MissingMasterKeyError unless master_key_present?
-
-    @credentials = fetch_credentials_for_current_env
   end
 
-  private
+  class MissingEnvError < StandardError
+    MESSAGE = <<-MSG
+      It seems you are missing a scope for the environment "%<env>s".
 
-  def fetch_credentials_for_current_env
-    base = Rails.application.credentials.config
-    scoped = base.fetch(Rails.env.to_sym)
-    base.delete(Rails.env.to_sym)
-    base.merge(scoped)
-  rescue KeyError
-    raise MissingEnvError, Rails.env
-  end
+      Here's an example of how your credentials could look:
 
-  def encrypted_credentials_exist?
-    File.exist?(Rails.root.join("config", "credentials.yml.enc"))
+#{Creds::EXAMPLE_CONFIG.gsub(/^([^\n]+)$/m, "        \\1")}
+    MSG
+      .strip_heredoc
+      .freeze
+
+    def initialize(env)
+      super(format(MESSAGE, env: env))
+    end
   end
 
-  def master_key_present?
-    return true unless Rails.application.config.require_master_key
-    return true if ENV["RAILS_MASTER_KEY"]
-    return true if File.exist?(Rails.root.join("config", "master.key"))
+  def self.method_missing(mth, *args, &block)
+    @cache ||= Rails.application.credentials[Rails.env].tap do |scoped|
+      raise MissingEnvError.new(Rails.env) unless scoped.is_a?(Hash)
+      raise MissingKeyError.new(mth, Rails.env) unless scoped.key?(mth.to_sym)
 
-    false
-  end
+      scoped
+    end
 
-  def dummy?
-    ENV.fetch("SECRET_KEY_BASE_DUMMY", nil) == "1"
+    @cache.fetch(mth.to_sym)
   end
 end

data/lib/tasks/creds.rake

@@ -0,0 +1,6 @@
+namespace(:creds) do
+  desc("Print an example credentials file")
+  task(:example => :environment) do
+    puts(Creds::EXAMPLE_CONFIG)
+  end
+end

metadata

@@ -1,27 +1,26 @@
 --- !ruby/object:Gem::Specification
 name: rails-creds
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Mikkel Malmberg
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-07-08 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '5.2'
 - !ruby/object:Gem::Dependency
@@ -73,11 +72,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/workflows/test.yml"
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
-- CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -85,16 +83,16 @@ files:
 - config/master.key
 - creds.gemspec
 - lib/creds.rb
-- lib/creds/errors.rb
+- lib/creds/railtie.rb
 - lib/creds/version.rb
 - lib/rails-creds.rb
+- lib/tasks/creds.rake
 - log/test.log
 homepage: https://github.com/mikker/rails-creds
 licenses:
 - MIT
 metadata:
   source_code_uri: https://github.com/mikker/rails-creds
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -109,8 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.15
-signing_key:
+rubygems_version: 3.6.8
 specification_version: 4
 summary: Shorter, env-scoped version of Rails' credentials
 test_files: []

data/.github/workflows/test.yml

@@ -1,17 +0,0 @@
-name: Tests
-on: [push]
-jobs:
-  test:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest]
-        ruby: ["3.0", "3.1", "3.2"]
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: ${{ matrix.ruby }}
-          bundler-cache: true
-      - run: bundle exec rake

data/CODE_OF_CONDUCT.md

@@ -1,74 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, gender identity and expression, level of experience,
-nationality, personal appearance, race, religion, or sexual identity and
-orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or
-advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at mikkel@brnbw.com. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at [http://contributor-covenant.org/version/1/4][version]
-
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/

data/lib/creds/errors.rb

@@ -1,58 +0,0 @@
-require "active_support/core_ext/string/strip"
-
-class Creds
-  class MissingCredentialsWarning
-    MESSAGE = <<-MSG.strip_heredoc.freeze
-      You have no encrypted credentials at config/credentials.yml.enc.
-      Creds will return nil for any key.
-      Run this to generate your credentials file:
-        $ bin/rails credentials:edit
-    MSG
-  end
-
-  # @api private
-  class MissingKeyError < StandardError
-    MESSAGE = "Key :%<key>s missing from credentials in \"%<env>s\" env".freeze
-
-    def initialize(key, env)
-      super(format(MESSAGE, key: key, env: env))
-    end
-  end
-
-  # @api private
-  class MissingEnvError < StandardError
-    # rubocop:disable Layout/TrailingWhitespace
-    MESSAGE = <<-MSG.strip_heredoc.freeze
-  Creds scopes credentials to the current Rails environment.
-  It seems you are missing a scope for the environment "%<env>s".
-
-  Here's an example of how your credentials could look:
-
-  ---
-  aws_key: 'shared between environments'
-
-  production:
-    <<: *default
-    aws_key: 'you can override defaults for individual environments'
-    MSG
-    # rubocop:enable Layout/TrailingWhitespace
-
-    def initialize(env)
-      super(format(MESSAGE, env: env))
-    end
-  end
-
-  # @api private
-  class MissingMasterKeyError < StandardError
-    MESSAGE = <<-MSG.strip_heredoc.freeze
-        You have encrypted credentials but no master key.
-
-        Either get or recover the file config/master.key
-        or set the environment variable RAILS_MASTER_KEY
-    MSG
-
-    def initalize
-      super(MESSAGE)
-    end
-  end
-end