From c9721e3cd84a00262472d96028004d9688eb48c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 03:54:55 +0000 Subject: [PATCH 1/5] Bump nokogiri from 1.16.0 to 1.16.2 Bumps [nokogiri](/~https://github.com/sparklemotion/nokogiri) from 1.16.0 to 1.16.2. - [Release notes](/~https://github.com/sparklemotion/nokogiri/releases) - [Changelog](/~https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](/~https://github.com/sparklemotion/nokogiri/compare/v1.16.0...v1.16.2) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 703cb141..fa88dd63 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -253,14 +253,14 @@ GEM net-smtp (0.4.0.1) net-protocol nio4r (2.7.0) - nokogiri (1.16.0) + nokogiri (1.16.2) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.16.0-arm64-darwin) + nokogiri (1.16.2-arm64-darwin) racc (~> 1.4) - nokogiri (1.16.0-x86_64-darwin) + nokogiri (1.16.2-x86_64-darwin) racc (~> 1.4) - nokogiri (1.16.0-x86_64-linux) + nokogiri (1.16.2-x86_64-linux) racc (~> 1.4) octokit (4.25.1) faraday (>= 1, < 3) From eab48fb26008fc8fcdefb07456c5612e3545f297 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 6 Feb 2024 10:46:35 +0100 Subject: [PATCH 2/5] move trivy to own pipeline - it has to run on main, otherwise it wont work correctly - instead run ci.yaml on each push, i move trivy to own pipline - other option wpuld be to run ci.yml on main --- .github/workflows/ci.yaml | 12 -------- .github/workflows/trivy-analysis.yml | 43 ++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/trivy-analysis.yml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 06e0bb95..b2c5ddbb 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -64,18 +64,6 @@ jobs: tags: 'ci/hdm:${{ github.sha }}' push: false - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: 'ci/hdm:${{ github.sha }}' - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: 'trivy-results.sarif' - tests: needs: - shellcheck diff --git a/.github/workflows/trivy-analysis.yml b/.github/workflows/trivy-analysis.yml new file mode 100644 index 00000000..68abba33 --- /dev/null +++ b/.github/workflows/trivy-analysis.yml @@ -0,0 +1,43 @@ +--- +name: Trivy + +on: + push: + branches: + - main + pull_request: + # The branches below must be a subset of the branches above + branches: + - main + + +jobs: + analyze: + name: 'Analyze' + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: . + tags: 'ci/hdm:${{ github.sha }}' + push: false + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'ci/hdm:${{ github.sha }}' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' From 6aa54baaeba165b6ae9d711845452a337e617a9b Mon Sep 17 00:00:00 2001 From: David Roetzel Date: Thu, 15 Feb 2024 11:53:18 +0100 Subject: [PATCH 3/5] Remove unused dependency. --- Gemfile | 2 -- Gemfile.lock | 5 ----- 2 files changed, 7 deletions(-) diff --git a/Gemfile b/Gemfile index 4a909ddf..fca180b9 100644 --- a/Gemfile +++ b/Gemfile @@ -20,8 +20,6 @@ gem 'stimulus-rails' gem 'bootstrap', '~> 5.3.0' gem 'bootstrap-icons-helper' -# Use Redis adapter to run Action Cable in production -gem 'redis', '~> 5.0' # Use Active Model has_secure_password gem 'bcrypt', '~> 3.1.20' diff --git a/Gemfile.lock b/Gemfile.lock index fa88dd63..0d2fe6ad 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -354,10 +354,6 @@ GEM rchardet (1.8.0) rdoc (6.6.2) psych (>= 4.0.0) - redis (5.0.8) - redis-client (>= 0.17.0) - redis-client (0.18.0) - connection_pool regexp_parser (2.9.0) reline (0.4.2) io-console (~> 0.5) @@ -500,7 +496,6 @@ DEPENDENCIES puppet puppetdb-ruby rails (~> 7.1.3) - redis (~> 5.0) rspec-openapi rubocop (~> 1.60.2) rubocop-capybara (~> 2.20.0) From 6c4007cbc2ed21ef98ea62991186cd391865dde1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 13:59:56 +0000 Subject: [PATCH 4/5] Bump rspec-openapi from 0.11.0 to 0.12.0 Bumps [rspec-openapi](/~https://github.com/exoego/rspec-openapi) from 0.11.0 to 0.12.0. - [Release notes](/~https://github.com/exoego/rspec-openapi/releases) - [Changelog](/~https://github.com/exoego/rspec-openapi/blob/master/CHANGELOG.md) - [Commits](/~https://github.com/exoego/rspec-openapi/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: rspec-openapi dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 0d2fe6ad..457480e7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -238,7 +238,7 @@ GEM mini_portile2 (2.8.5) mini_racer (0.8.0) libv8-node (~> 18.16.0.0) - minitest (5.21.2) + minitest (5.22.2) multi_json (1.15.0) multi_xml (0.6.0) mutex_m (0.2.0) @@ -309,7 +309,7 @@ GEM puppetdb-ruby (1.2.0) httparty racc (1.7.3) - rack (3.0.8) + rack (3.0.9) rack-session (2.0.0) rack (>= 3.0.0) rack-test (2.1.0) @@ -358,12 +358,12 @@ GEM reline (0.4.2) io-console (~> 0.5) rexml (3.2.6) - rspec-core (3.12.2) - rspec-support (~> 3.12.0) - rspec-openapi (0.11.0) + rspec-core (3.13.0) + rspec-support (~> 3.13.0) + rspec-openapi (0.12.0) actionpack (>= 5.2.0) rspec-core - rspec-support (3.12.1) + rspec-support (3.13.0) rubocop (1.60.2) json (~> 2.3) language_server-protocol (>= 3.17.0) From c968bc66275f93a08e0c1640c424d55c7b5d51ef Mon Sep 17 00:00:00 2001 From: David Roetzel Date: Tue, 20 Feb 2024 09:10:05 +0100 Subject: [PATCH 5/5] Convert hash keys to strings #293 (#302) * Convert hash keys to strings #293 Rails automatically converts keys to symbols, but this is not standard behavior of the YAML parser, so we had a mismatch here. * Fix mixup #293 I wanted to revert my temporary changes to test data and accidentally reverted the adjusted test for the previous commit. This commit resolves that mixup. --------- Co-authored-by: Martin Alfke --- app/models/hiera_data/hierarchy.rb | 2 +- test/models/hiera_data/hierarchy_test.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/models/hiera_data/hierarchy.rb b/app/models/hiera_data/hierarchy.rb index d532dc20..f67d3c48 100644 --- a/app/models/hiera_data/hierarchy.rb +++ b/app/models/hiera_data/hierarchy.rb @@ -99,7 +99,7 @@ def determine_backend value = raw_hash[lookup_function] backends = BACKENDS custom_mappings = Rails.configuration.hdm[:custom_lookup_function_mapping] - backends = backends.deep_merge({ "lookup_key" => custom_mappings }) if custom_mappings.present? + backends = backends.deep_merge({ "lookup_key" => custom_mappings.stringify_keys }) if custom_mappings.present? backends.fetch(key).fetch(value).to_sym rescue KeyError raise Hdm::Error, "unknown backend #{value}" diff --git a/test/models/hiera_data/hierarchy_test.rb b/test/models/hiera_data/hierarchy_test.rb index 84ce0cd6..253c063f 100644 --- a/test/models/hiera_data/hierarchy_test.rb +++ b/test/models/hiera_data/hierarchy_test.rb @@ -234,7 +234,7 @@ class HierarchyForCustomBackend < ActiveSupport::TestCase test "custom lookup function mapped to eyaml" do Rails.configuration.hdm[:custom_lookup_function_mapping] = { - "custom_eyaml_function" => "eyaml" + custom_eyaml_function: "eyaml" } hierarchy = HieraData::Hierarchy.new(raw_hash:, base_path: ".") assert_equal :eyaml, hierarchy.backend