Feature/int 5630 integrate sast and lint checks

.github/actions/linter_ruby.yml

@@ -0,0 +1,26 @@
+on:
+  workflow_call:
+    secrets:
+      token:
+        required: true
+
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby versions
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: false
+
+      - name: Install Rubocop
+        run: |
+          gem install rubocop-rails-omakase  -N
+          gem install rubocop-rspec  -N
+
+      - name: Run Rubocop
+        run: rubocop --lint

.github/actions/sast_ruby.yml

@@ -0,0 +1,41 @@
+name: SAST
+
+on:
+  workflow_call:
+    secrets:
+      token:
+        required: true
+
+permissions:
+  contents: read
+
+jobs:
+  brakeman:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: false
+
+      - name: Install Brakeman
+        run: gem install brakeman -N
+
+      - name: Run brakeman
+        run: brakeman --force
+
+  bearer:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Ruby versions
+        uses: ruby/setup-ruby@v1
+
+      - name: Bearer
+        uses: bearer/bearer-action@v2

.github/workflows/linter_ruby.yml

@@ -6,11 +6,11 @@ on:
 
 jobs:
   lint:
-    uses: anynines/int-gitops/.github/workflows/linter_ruby.yml@master
+    uses: ./.github/actions/linter_ruby.yml
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
 
   sast:
-    uses: anynines/int-gitops/.github/workflows/sast_ruby.yml@master
+    uses: ./.github/actions/sast_ruby.yml
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}

.rubocop.yml

@@ -0,0 +1,44 @@
+plugins:
+  - rubocop-performance
+  - rubocop-rails
+  - rubocop-rspec
+
+AllCops:
+  # Insert your target ruby version
+  TargetRubyVersion: 3.1.x
+  NewCops: enable
+
+# Overwrite or add rules to create your own house style
+#
+# # Use `[a, [b, c]]` not `[ a, [ b, c ] ]`
+# Layout/SpaceInsideArrayLiteralBrackets:
+#   Enabled: false
+
+Layout/IndentationConsistency:
+  Enabled: true
+
+Layout/IndentationWidth:
+  Enabled: true
+
+Bundler:
+  Enabled: true
+Gemspec:
+  Enabled: true
+Layout:
+  Enabled: true
+Lint:
+  Enabled: true
+Metrics:
+  Enabled: true
+Naming:
+  Enabled: true
+Performance:
+  Enabled: true
+  Exclude:
+    - "spec/**/*"
+Rails:
+  Enabled: true
+Security:
+  Enabled: true
+Style:
+  Enabled: true

Gemfile

@@ -4,27 +4,29 @@ ruby '3.1.3'
 
 gem 'rails', '~> 7.2.0'
 
-gem 'eventmachine'
 gem 'amqp'
-gem 'honeybadger'
 gem 'erubis'
+gem 'eventmachine'
+gem 'honeybadger'
 gem 'listen'
 
 gem 'net-smtp'
-gem 'webrick', '~> 1.7'
 gem 'psych', '< 4'
+gem 'webrick', '~> 1.7'
 
 gem 'hashie'
 
 gem 'pg'
 
 gem 'nokogiri', '~> 1.18.4'
-gem "rack", "~> 2.2.13"
+gem 'rack', '~> 2.2.13'
 
 group :test do
   gem 'byebug'
-  gem 'rspec-rails'
-  gem "factory_bot_rails", "~> 4.0"
-  gem 'mocha', :require => false
   gem 'database_cleaner'
+  gem 'factory_bot_rails', '~> 4.0'
+  gem 'mocha', require: false
+  gem 'rspec-rails'
+  gem 'rubocop-rails-omakase', require: false
+  gem 'rubocop-rspec'
 end

Gemfile.lock

@@ -260,6 +260,8 @@ DEPENDENCIES
   rack (~> 2.2.13)
   rails (~> 7.2.0)
   rspec-rails
+  rubocop-rails-omakase
+  rubocop-rspec
   webrick (~> 1.7)
 
 RUBY VERSION

Rakefile

@@ -2,6 +2,6 @@
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require File.expand_path('../config/application', __FILE__)
+require File.expand_path('config/application', __dir__)
 
 VirtualHostService::Application.load_tasks

app/controllers/application_controller.rb

@@ -1,15 +1,14 @@
 class ApplicationController < ActionController::API
-
   before_action :authorize!
-  
+
   protected
-  
+
   ##
   # Every Request needs an access token wich authorizes to use the api.
   # No action will be performed if no access token is specified in the request params.
   def authorize!
     api_key = ApiKey.find_by_access_token(params[:access_token])
     head :unauthorized unless api_key
-    return false
+    false
   end
-end
+end

app/controllers/v_hosts_controller.rb

@@ -1,39 +1,37 @@
 class VHostsController < ApplicationController
-
   def create
     vhost = VHost.new(vhost_params)
     if vhost.save
-      render :json => vhost
+      render json: vhost
     else
-      render :json => {:errors => vhost.errors.full_messages}, :status => 422
+      render json: { errors: vhost.errors.full_messages }, status: :unprocessable_entity
     end
-
-  rescue AMQP::TCPConnectionFailed => ex
-    render :json => {:errors => ['Could not establish TCP connection to the amqp broker']}, :status => 500
+  rescue AMQP::TCPConnectionFailed => e
+    Rails.logger.error(e)
+    render json: { errors: ['Could not establish TCP connection to the amqp broker'] }, status: :internal_server_error
   end
 
   def destroy_by_server_name
-
-    vhost = VHost.where(:server_name => params['server_name']).first
+    vhost = VHost.where(server_name: params['server_name']).first
 
     if vhost.destroy
-      render :json => 'ok'
+      render json: 'ok'
     else
-      render :json => {:errors => 'error on deleting vhost'}, :status => 422
+      render json: { errors: 'error on deleting vhost' }, status: :unprocessable_entity
     end
-
-  rescue AMQP::TCPConnectionFailed => ex
-    render :json => {:errors => ['Could not establish TCP connection to the amqp broker']}, :status => 500
+  rescue AMQP::TCPConnectionFailed => e
+    Rails.logger.error(e)
+    render json: { errors: ['Could not establish TCP connection to the amqp broker'] }, status: :internal_server_error
   end
 
   def by_organization
-    render :json => VHost.where(:organization_guid => params['guid'])
+    render json: VHost.where(organization_guid: params['guid'])
   end
 
   private
 
   def vhost_params
-    params.require(:v_host).permit(:organization_guid, :server_name, :ssl_ca_certificate, :ssl_certificate, :ssl_key, :server_aliases)
+    params.require(:v_host).permit(:organization_guid, :server_name, :ssl_ca_certificate, :ssl_certificate, :ssl_key,
+                                   :server_aliases)
   end
-
 end

app/models/api_key.rb

@@ -1,21 +1,18 @@
-## 
+##
 # Every client which wants to perform actions through this api needs a API key
 # otherwise every request will rejektet with a 401 status. API keys can be added
 # in the application.yml.
 class ApiKey
-
   def initialize(name, access_token)
     @name = name
     @access_token = access_token
   end
-  
+
   def self.find_by_access_token(access_token)
-
-    APP_CONFIG['api_keys'].each do |k,v|
+    APP_CONFIG['api_keys'].each do |k, v|
       return ApiKey.new(k, v) if access_token == v
     end
-
-    return nil
-
+
+    nil
   end
 end