yandex360 1.1.3 → 1.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f2aacdc5310f7918df7e062cd206ab71b9b6bd0d30655281f5fe639730df916a
-  data.tar.gz: b1956706273b75e2c27859d537a7a9f5fd5eed03412b84d0e97cd18dfa138223
+  metadata.gz: 3d27dba00d6e5bb3236607537f8e71dc1740d8160985a874186df77b95693edb
+  data.tar.gz: b84556494a51270fdeb7826dadc836cef03760583eeda056f2d5000e78cd49f5
 SHA512:
-  metadata.gz: 9a4fb928cf9e70b66e164aee9c1fe314819525df96b4f7f17baf8ffd0fc044175637a6559ba1aa57b534855a650c9c3a64784584174e166e228252f655e92c0f
-  data.tar.gz: f2e05bdd453cf8011df8fca8b59a8fb5fb763c24607747efbb223584cc74b858f78ae4b1ec0713dd9fcd082fadbc83bf01e379623d2743501f0d34d6e01a18b3
+  metadata.gz: 5868aadd613d71da0f068995f6e5572f68113146e4027014e01cc0ee6bf02ef8e2974811ec6886096c40b997f66c1cbe32ed0ceb8957f7b5693ce89a8edf4664
+  data.tar.gz: 9994de3e41c20765005b6693ef1e9fcc4c8e4539bcf4b18b4af19216d5850d15c4fee25fbc621b032744b2bd3a57852ac8b843c4df493ffe527b5d0c4b2142a3

data/.github/changelog_config.json

@@ -0,0 +1,47 @@
+{
+  "categories": [
+    {
+      "title": "## 🚀 Features",
+      "labels": ["feature", "enhancement"]
+    },
+    {
+      "title": "## 🐛 Bug Fixes",
+      "labels": ["bug", "fix"]
+    },
+    {
+      "title": "## 🧹 Maintenance",
+      "labels": ["maintenance", "chore", "dependencies"]
+    },
+    {
+      "title": "## 📖 Documentation",
+      "labels": ["documentation", "docs"]
+    },
+    {
+      "title": "## ⚡ Performance",
+      "labels": ["performance"]
+    },
+    {
+      "title": "## 🔒 Security",
+      "labels": ["security"]
+    }
+  ],
+  "ignore_labels": [
+    "ignore",
+    "wontfix",
+    "invalid",
+    "duplicate"
+  ],
+  "sort": "ASC",
+  "template": "${{CHANGELOG}}",
+  "pr_template": "- ${{TITLE}} by @${{AUTHOR}} in #${{NUMBER}}",
+  "empty_template": "- No changes",
+  "label_extractor": [
+    {
+      "pattern": "\\[(.+)\\]",
+      "target": "$1"
+    }
+  ],
+  "max_tags_to_fetch": 200,
+  "max_pull_requests": 200,
+  "max_back_track_time_days": 90
+}

data/.github/markdown-link-check.json

@@ -0,0 +1,38 @@
+{
+  "ignorePatterns": [
+    {
+      "pattern": "^http://localhost"
+    },
+    {
+      "pattern": "^https://localhost"
+    }
+  ],
+  "replacementPatterns": [
+    {
+      "pattern": "^/",
+      "replacement": "https://github.com/ruby-api-client/yandex360/blob/main/"
+    }
+  ],
+  "httpHeaders": [
+    {
+      "urls": ["https://github.com/", "https://api.github.com/"],
+      "headers": {
+        "Accept-Encoding": "zstd, br, gzip, deflate"
+      }
+    }
+  ],
+  "timeout": "10s",
+  "retryOn429": true,
+  "retryCount": 3,
+  "fallbackHttpStatus": [
+    400,
+    401,
+    403,
+    404,
+    405,
+    500,
+    502,
+    503,
+    504
+  ]
+}

data/.github/workflows/ci.yml

@@ -1,51 +1,158 @@
-name: Ruby specs
-on: [push, pull_request]
+name: CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main]
+
+env:
+  COVERAGE: true
+
 jobs:
+  lint:
+    name: Lint & Security
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: "3.1"
+          bundler-cache: true
+
+      - name: Run RuboCop
+        run: bundle exec rubocop --format github
+
+      - name: Run security audit
+        run: |
+          gem install bundler-audit
+          bundle audit --update
+
   test:
-    name: tests
+    name: Test (Ruby ${{ matrix.ruby }} on ${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, macos-latest]
-        ruby: ['2.6', '2.7', '3.0', '3.1', head, truffleruby, truffleruby-head]
-    runs-on: ${{ matrix.os }}
-    continue-on-error: true
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        ruby: ["3.1", "3.2", "3.3"]
+        exclude:
+          # Windows has issues with older Ruby versions
+          - os: windows-latest
+            ruby: "2.6"
+          # macOS ARM64 runners have limited Ruby version support
+          - os: macos-latest
+            ruby: "2.6"
+
     steps:
-    - uses: actions/checkout@v3
-    - uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby }}
-        # bundler-cache: true
-
-    - name: Get the newest rubygems version to rid ourselves of warnings
-      run: gem update --system --no-document
-
-    - name: Install bundler
-      run: gem i bundler --no-document
-
-    - name: Install dependencies
-      run: |
-        bundle config set --local without benchmark
-        bundle install --jobs=3
-    - name: RSpec testing
-      run: |
-        JRUBY_OPTS="--dev --debug" bundle exec rspec --color --format documentation
-    - name: Coveralls Parallel
-      uses: coverallsapp/github-action@1.1.3
-      with:
-        github-token: ${{ secrets.github_token }}
-        flag-name: run-${{ matrix.ruby-version }}
-        path-to-lcov: ./coverage/lcov/yandex360.lcov
-        parallel: true
-
-  coverage:
-    name: Coverage
-    needs: test
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Run tests
+        run: bundle exec rspec --format progress
+
+      - name: Upload coverage (Ubuntu Ruby 3.1 only)
+        if: matrix.os == 'ubuntu-latest' && matrix.ruby == '3.1'
+        uses: coverallsapp/github-action@v2.3.6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          path-to-lcov: ./coverage/lcov/yandex360.lcov
+
+  integration:
+    name: Integration Tests
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: "3.1"
+          bundler-cache: true
+
+      - name: Test gem installation
+        run: |
+          gem build yandex360.gemspec
+          gem install yandex360-*.gem
+
+      - name: Test require
+        run: ruby -e "require 'yandex360'; puts 'Gem loads successfully'"
+
+  dependency-check:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: moderate
+
+  performance:
+    name: Performance Benchmark
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: "3.1"
+          bundler-cache: true
+
+      - name: Run benchmark
+        run: |
+          echo "Running basic performance check..."
+          time bundle exec ruby -e "
+            require 'yandex360'
+            start = Time.now
+            1000.times { Yandex360::Client.new(token: 'test') }
+            puts \"Client creation time: #{Time.now - start}s\"
+          "
+
+  release-dry-run:
+    name: Release Dry Run
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: "3.1"
+          bundler-cache: true
+
+      - name: Build gem
+        run: gem build yandex360.gemspec
+
+      - name: Check gem contents
+        run: |
+          gem spec yandex360-*.gem
+          tar -tf yandex360-*.gem | head -20
+
+  notify:
+    name: Notify Success
     runs-on: ubuntu-latest
+    needs: [lint, test, integration]
+    if: always() && (needs.lint.result == 'success' && needs.test.result == 'success' && needs.integration.result == 'success')
     steps:
-    - name: Coveralls Finished
-      uses: coverallsapp/github-action@1.1.3
-      with:
-        github-token: ${{ secrets.github_token }}
-        path-to-lcov: ${{ github.workspace }}/coverage/lcov.info
-        parallel-finished: true
+      - name: Success notification
+        run: echo "✅ All CI checks passed successfully!"

data/.github/workflows/codeql.yml

@@ -0,0 +1,84 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "Security Analysis"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '0 6 * * 1' # Weekly on Monday at 6 AM UTC
+
+permissions:
+  security-events: write
+  actions: read
+  contents: read
+  packages: read
+
+jobs:
+  codeql:
+    name: CodeQL Analysis
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: ruby
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v5
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        queries: security-extended,security-and-quality
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
+
+  dependency-scanning:
+    name: Dependency Scanning
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v5
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        scan-type: 'fs'
+        scan-ref: '.'
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+
+    - name: Upload Trivy scan results
+      uses: github/codeql-action/upload-sarif@v3
+      if: always()
+      with:
+        sarif_file: 'trivy-results.sarif'

data/.github/workflows/dependency-updates.yml

@@ -0,0 +1,72 @@
+name: Dependency Updates
+
+on:
+  schedule:
+    # Run weekly on Mondays at 9 AM UTC
+    - cron: '0 9 * * 1'
+  workflow_dispatch: # Allow manual trigger
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-dependencies:
+    name: Update Dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: '3.1'
+
+      - name: Update Bundler
+        run: gem update bundler
+
+      - name: Update dependencies
+        run: |
+          bundle update --conservative
+          bundle clean
+
+      - name: Run tests
+        run: |
+          bundle install
+          bundle exec rspec
+
+      - name: Run security audit
+        run: |
+          gem install bundler-audit
+          bundle audit --update
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: "chore: update dependencies"
+          title: "🔄 Weekly dependency updates"
+          body: |
+            ## Dependency Updates
+
+            This PR updates project dependencies to their latest compatible versions.
+
+            ### Changes
+            - Updated gems in Gemfile.lock
+            - Ran security audit
+            - All tests passing ✅
+
+            ### Verification
+            - [x] Tests pass
+            - [x] Security audit clean
+            - [x] No breaking changes detected
+
+            Auto-generated by dependency update workflow.
+          branch: dependency-updates
+          delete-branch: true
+          labels: |
+            dependencies
+            automated

data/.github/workflows/docs.yml

@@ -0,0 +1,73 @@
+name: Documentation
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "lib/**"
+      - "README.md"
+      - ".github/workflows/docs.yml"
+  pull_request:
+    paths:
+      - "lib/**"
+      - "README.md"
+
+jobs:
+  validate-docs:
+    name: Validate Documentation
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: "3.1"
+          bundler-cache: true
+
+      - name: Install YARD for documentation
+        run: gem install yard
+
+      - name: Generate API documentation
+        run: yard doc --no-output --fail-on-warning
+
+      - name: Check README links
+        uses: tcort/github-action-markdown-link-check@v1
+        with:
+          use-quiet-mode: "yes"
+          use-verbose-mode: "yes"
+          config-file: ".github/markdown-link-check.json"
+
+      - name: Validate code examples in README
+        run: |
+          echo "Extracting and testing Ruby code examples from README..."
+          # Extract Ruby code blocks and test basic syntax
+          grep -A 20 '```ruby' README.md | grep -v '```' | ruby -c
+
+  update-changelog:
+    name: Update Changelog
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          fetch-depth: 0
+
+      - name: Generate changelog
+        uses: mikepenz/release-changelog-builder-action@v4
+        with:
+          configuration: ".github/changelog_config.json"
+          outputFile: "CHANGELOG.md"
+          fromTag: ""
+          toTag: "HEAD"
+
+      - name: Commit changelog
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+          git add CHANGELOG.md
+          git diff --staged --quiet || git commit -m "docs: update changelog"
+          git push

data/.github/workflows/health-check.yml

@@ -0,0 +1,80 @@
+name: Repository Health Check
+
+on:
+  schedule:
+    # Run daily at 2 AM UTC
+    - cron: '0 2 * * *'
+  workflow_dispatch:
+
+jobs:
+  health-check:
+    name: Repository Health
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Check for outdated actions
+        run: |
+          echo "Checking for outdated GitHub Actions..."
+          find .github/workflows -name "*.yml" -exec grep -l "uses:" {} \; | \
+          xargs grep "uses:" | \
+          sed 's/.*uses: //' | \
+          sort | uniq | \
+          while read action; do
+            echo "Action: $action"
+          done
+
+      - name: Check repository size
+        run: |
+          echo "Repository size check..."
+          du -sh .
+          echo "Large files (>1MB):"
+          find . -type f -size +1M -not -path "./.git/*" | head -10
+
+      - name: Check for security issues
+        run: |
+          echo "Security check..."
+          # Check for potential secret patterns
+          if grep -r "password\|secret\|key\|token" --include="*.rb" --include="*.yml" . | grep -v "spec\|test\|example"; then
+            echo "⚠️ Potential secrets found in code"
+          else
+            echo "✅ No obvious secrets in code"
+          fi
+
+      - name: Performance metrics
+        run: |
+          echo "Performance metrics..."
+          echo "Number of Ruby files: $(find . -name "*.rb" | wc -l)"
+          echo "Lines of code: $(find . -name "*.rb" -exec wc -l {} \; | awk '{sum+=$1} END {print sum}')"
+          echo "Test coverage: Check CI results"
+
+      - name: Dependencies health
+        run: |
+          echo "Dependencies health check..."
+          if [ -f "Gemfile.lock" ]; then
+            echo "Gemfile.lock exists ✅"
+            echo "Number of dependencies: $(grep -c "^ " Gemfile.lock)"
+          fi
+
+      - name: Create health report
+        run: |
+          cat > health-report.md << 'EOF'
+          # Repository Health Report
+
+          Generated on: $(date)
+
+          ## Metrics
+          - Repository size: $(du -sh . | cut -f1)
+          - Ruby files: $(find . -name "*.rb" | wc -l)
+          - Total LOC: $(find . -name "*.rb" -exec wc -l {} \; | awk '{sum+=$1} END {print sum}')
+          - Dependencies: $(grep -c "^ " Gemfile.lock 2>/dev/null || echo "N/A")
+
+          ## Status
+          - Security: ✅ No obvious issues
+          - Performance: ✅ Within normal ranges
+          - Dependencies: ✅ Managed with Bundler
+
+          EOF
+
+          echo "Health report generated"

data/.github/workflows/release.yml

@@ -0,0 +1,52 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  release:
+    name: Release Gem
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: "3.1"
+          bundler-cache: true
+
+      - name: Configure gem credentials
+        run: |
+          mkdir -p ~/.gem
+          cat > ~/.gem/credentials << EOF
+          ---
+          :rubygems_api_key: ${{ secrets.RUBYGEMS_API_KEY }}
+          EOF
+          chmod 600 ~/.gem/credentials
+
+      - name: Build gem
+        run: gem build yandex360.gemspec
+
+      - name: Publish to RubyGems
+        run: gem push yandex360-*.gem
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: yandex360-*.gem
+          generate_release_notes: true
+          draft: false
+          prerelease: ${{ contains(github.ref, 'alpha') || contains(github.ref, 'beta') || contains(github.ref, 'rc') }}
+
+      - name: Update release notes
+        run: |
+          echo "✅ Gem version $(ruby -e "require './lib/yandex360/version'; puts Yandex360::VERSION") published successfully!"
+          echo "📦 Available at: https://rubygems.org/gems/yandex360"

data/.gitignore

@@ -11,6 +11,7 @@
 
 ## Specific to RubyMotion:
 .dat*
+.c**
 .repl_history
 build/
 
@@ -37,4 +38,5 @@ build/
 .DS_Store
 dev
 
-.rspec_status
+.rspec_status
+TODO