Merge branch 'staging' into renovate/major-ruby-on-rails-packages

csvalpha · Feb 14, 2025 · 4211fef · 4211fef
2 parents e829eb6 + bfcc364
commit 4211fef
Show file tree

Hide file tree

Showing 46 changed files with 351 additions and 196 deletions.
diff --git a/.env.example b/.env.example
@@ -11,3 +11,8 @@ POSTGRES_PASSWORD=<password>
 HOST=csvalpha.nl
 
 NGROK_HOST=<subdomain>.ngrok.io
+
+NOREPLY_EMAIL=[email protected]
+ICT_EMAIL=[email protected]
+PRIVACY_EMAIL=[email protected]
+MAILADMIN_EMAIL=[email protected]
diff --git a/.github/workflows/continuous-delivery.yml b/.github/workflows/continuous-delivery.yml
@@ -165,7 +165,7 @@ jobs:
             docker-compose up -d
 
       - name: Finalize Sentry release
-        uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0
+        uses: getsentry/action-release@ffb64465339ef6fb868e2fc261318d78ae0ed8d9 # v1.10.5
         env:
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_ORG: ${{ vars.SENTRY_ORG_NAME }}
@@ -190,6 +190,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: [branch_check, metadata, merge, continuous_integration, publish_image, deploy]
     if: (github.ref_name == 'staging' || github.ref_name == 'master') && always()
+    permissions:
+      checks: write
     steps:
       - name: Get conclusion
         id: get_conclusion
@@ -205,11 +207,10 @@ jobs:
           done
 
       - name: Update Continuous Delivery check run
-        uses: guidojw/actions/update-check-run@ec8c080252c6b8903a4431211b78c543609f5f89 # v1.4.6
+        uses: LouisBrunner/checks-action@6b626ffbad7cc56fd58627f774b9067e6118af23 # v2.0.0
         with:
-          app_id: ${{ vars.GH_APP_ID }}
-          private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
           sha: ${{ needs.merge.outputs.sha }}
+          token: ${{ github.token }}
           name: Continuous Delivery
           conclusion: ${{ steps.get_conclusion.outputs.conclusion }}
           details_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
@@ -31,7 +31,7 @@ jobs:
           ref: ${{ inputs.sha }}
 
       - name: Build test image
-        uses: guidojw/actions/build-docker-image@ec8c080252c6b8903a4431211b78c543609f5f89 # v1.4.6
+        uses: guidojw/actions/build-docker-image@3ad963828827110a6b716a011f242bf01fdf1db4 # v1.4.7
         with:
           file: Dockerfile
           build-args: |
@@ -68,10 +68,10 @@ jobs:
 
       - name: Download actionlint
         run: |
-          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.6.26
+          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.7
 
       - name: Load test image
-        uses: guidojw/actions/load-docker-image@ec8c080252c6b8903a4431211b78c543609f5f89 # v1.4.6
+        uses: guidojw/actions/load-docker-image@3ad963828827110a6b716a011f242bf01fdf1db4 # v1.4.7
         with:
           name: app
 
@@ -80,8 +80,8 @@ jobs:
           RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
         run: |
           EXIT_STATUS=0
-          ./actionlint -ignore 'property "gh_app_private_key" is not defined' -ignore 'SC2153:' \
-            -ignore 'property "sha" is not defined in object type {}' || EXIT_STATUS=$?
+          ./actionlint -ignore 'SC2153:'  -ignore 'property "sha" is not defined in object type {}' || \
+          EXIT_STATUS=$?
           docker run -e POSTGRES_USER=postgres -e POSTGRES_PASSWORD=postgres -e POSTGRES_HOST=localhost -e \
             RAILS_MASTER_KEY --network=host app bin/ci.sh lint || EXIT_STATUS=$?
           exit $EXIT_STATUS
@@ -114,7 +114,7 @@ jobs:
           echo '::add-matcher::.github/problem-matchers/rspec.json'
 
       - name: Load test image
-        uses: guidojw/actions/load-docker-image@ec8c080252c6b8903a4431211b78c543609f5f89 # v1.4.6
+        uses: guidojw/actions/load-docker-image@3ad963828827110a6b716a011f242bf01fdf1db4 # v1.4.7
         with:
           name: app
 
@@ -128,14 +128,14 @@ jobs:
 
       - name: Upload coverage report to Codecov
         if: ${{ !cancelled() }}
-        uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7
+        uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1
         with:
           fail_ci_if_error: true
           token: ${{ secrets.CODECOV_TOKEN }}
 
       - name: Upload coverage report artifact
         if: ${{ !cancelled() }}
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: coverage
           path: coverage/

diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml
@@ -54,7 +54,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+        uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
@@ -64,7 +64,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push image
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
         with:
           push: true
           context: .
@@ -77,7 +77,7 @@ jobs:
 
       - name: Create Sentry release
         if: ${{ !(github.event_name == 'workflow_dispatch' && github.workflow == 'Publish Image') }}
-        uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0
+        uses: getsentry/action-release@ffb64465339ef6fb868e2fc261318d78ae0ed8d9 # v1.10.5
         env:
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_ORG: ${{ vars.SENTRY_ORG_NAME }}
@@ -91,6 +91,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: [metadata, publish]
     if: github.event_name == 'workflow_dispatch' && github.workflow == 'Publish Image' && always()
+    permissions:
+      checks: write
     steps:
       - name: Get conclusion
         id: get_conclusion
@@ -106,10 +108,9 @@ jobs:
           done
 
       - name: Update Publish Image check run
-        uses: guidojw/actions/update-check-run@ec8c080252c6b8903a4431211b78c543609f5f89 # v1.4.6
+        uses: LouisBrunner/checks-action@6b626ffbad7cc56fd58627f774b9067e6118af23 # v2.0.0
         with:
-          app_id: ${{ vars.GH_APP_ID }}
-          private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          token: ${{ github.token }}
           name: Publish Image
           conclusion: ${{ steps.get_conclusion.outputs.conclusion }}
           details_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -4,7 +4,8 @@ require:
   - rubocop-rails
 
 AllCops:
-  TargetRailsVersion: 5.1
+  TargetRailsVersion: 7.0
+  TargetRubyVersion: 3.1
   Exclude:
     - 'db/schema.rb'
     - 'config/initializers/secret_token.rb'
@@ -124,9 +125,11 @@ Style/HashTransformValues:
 Lint/RaiseException:
   Enabled: true
 
-
 Lint/StructNewOverride:
   Enabled: true
 
 Naming/InclusiveLanguage:
   Enabled: false
+
+Rails/BulkChangeTable:
+  Enabled: false
diff --git a/Gemfile b/Gemfile
@@ -1,17 +1,18 @@
 source 'https://rubygems.org'
 
-gem 'active_model_otp', git: 'https://github.com/heapsource/active_model_otp.git', ref: '6ed9927'
 gem 'dav4rack', git: 'https://github.com/csvalpha/dav4rack.git', ref: '8541e53'
 
+gem 'active_model_otp', '~> 2.3'
 gem 'bcrypt', '~> 3.1', '>= 3.1.20'
 gem 'bootsnap', '~> 1.18', '>= 1.18.4'
-gem 'carrierwave', '~> 2.1'
+gem 'carrierwave', '~> 3.1', '>= 3.1.1'
 gem 'carrierwave-base64', '~> 2.11'
 gem 'carrierwave-bombshelter', '~> 0.2', '>= 0.2.2'
 gem 'case_transform', '~> 0.2'
+gem 'concurrent-ruby', '1.3.4' # can be removed when we upgrade to rails 7.1 https://www.devgem.io/posts/resolving-the-loggerthreadsafelevel-error-in-rails-after-bundle-update
 gem 'counter_culture', '~> 3.8', '>= 3.8.2'
 gem 'dav4rack_ext', '~> 1.0'
-gem 'doorkeeper', '~> 5.2'
+gem 'doorkeeper', '~> 5.8', '>= 5.8.1'
 gem 'doorkeeper-i18n', '~> 5.2', '>= 5.2.7'
 gem 'exifr', '~> 1.4'
 gem 'friendly_id', '~> 5.5', '>= 5.5.1'
@@ -23,24 +24,24 @@ gem 'isbn_validation', '~> 1.2', '>= 1.2.2'
 gem 'jsonapi-authorization', '~> 3.0', '>= 3.0.2'
 gem 'jsonapi-resources', '~> 0.9.1'
 gem 'message_bus', '~> 4.3', '>= 4.3.8'
-gem 'mini_magick', '~> 4.13', '>= 4.13.2'
-gem 'paper_trail', '~> 14.0'
+gem 'mini_magick', '~> 5.1'
+gem 'paper_trail', '~> 16.0'
 gem 'paranoia', '~> 3.0'
 gem 'pg', '~> 1.5', '>= 1.5.9'
 gem 'phonelib'
-gem 'puma', '~> 6.0'
+gem 'puma', '~> 6.5'
 gem 'pundit', '~> 2.4'
 gem 'rack-attack', '~> 6.7'
 gem 'rack-cors', '~> 2.0', '>= 2.0.2', require: 'rack/cors'
 gem 'rails', '~> 8.0', '>= 8.0.1'
 gem 'rails-i18n', '~> 8.0', '>= 8.0.0'
-gem 'redis', '~> 4.8', '>= 4.8.1'
+gem 'redis', '~> 5.3'
 gem 'roo', '~> 2.10', '>= 2.10.1'
 gem 'ruby-filemagic', '~> 0.7', '>= 0.7.3'
 gem 'rubyzip', '~> 2.3', '>= 2.3.2'
 gem 'sentry-raven', '~> 3.1', '>= 3.1.2'
 gem 'sepa_king', '~> 0.14'
-gem 'sidekiq', '~> 6.5', '>= 6.5.12'
+gem 'sidekiq', '~> 7.3', '>= 7.3.7'
 gem 'sidekiq-scheduler', '~> 5.0', '>= 5.0.6'
 gem 'slack-notifier', '~> 2.4'
 gem 'validates_timeliness', '~> 8.0.0'