ci: add ci workflow

.github/workflows/ci.yaml

@@ -0,0 +1,103 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches: [ main ]
+
+jobs:
+  scan_ruby:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Scan for common Rails security vulnerabilities using static analysis
+        run: bundle exec brakeman --no-pager
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Lint code for consistent style
+        run: bundle exec rubocop -f github || true # 等修好再移除 || true
+
+  rspec_test:
+    runs-on: ubuntu-latest
+
+    # ref: https://docs.github.com/en/actions/use-cases-and-examples/using-containerized-services/creating-postgresql-service-containers
+    services:
+      # Label used to access the service container
+      postgres:
+        # Docker Hub image
+        image: postgres:14
+        # Provide the password for postgres
+        env:
+          POSTGRES_PASSWORD: rails_github_actions_pa55w0rd
+          POSTGRES_USER: rails_github_actions
+          POSTGRES_DB: rails_github_actions_test
+        ports:
+          - 5432:5432
+        # Set health checks to wait until postgres has started
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+      redis:
+        image: redis
+        ports:
+        - 6379:6379
+        options: --entrypoint redis-server
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get -yqq install libpq-dev
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      # ref: https://blog.niclin.tw/2019/10/31/building-a-rails-ci-piepline-and-run-rspec-on-github-actions/
+      - name: Setup test database
+        env:
+          RAILS_ENV: test
+          PG_USERNAME: rails_github_actions
+          PG_PASSWORD: rails_github_actions_pa55w0rd
+          PG_HOST: localhost
+          PG_PORT: 5432
+          PG_DATABASE: rails_github_actions_test
+        run: |
+          cp config/database.ci.yml config/database.yml
+          bundle exec rake db:create db:migrate
+
+      - name: Run rspec
+        env:
+          RAILS_ENV: test
+          PG_USERNAME: rails_github_actions
+          PG_PASSWORD: rails_github_actions_pa55w0rd
+          PG_HOST: localhost
+          PG_PORT: 5432
+          PG_DATABASE: rails_github_actions_test
+        run: bundle exec rspec

Gemfile

@@ -52,7 +52,13 @@
 
 group :development, :test do
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
-  gem 'debug', platforms: %i[mri windows]
+  gem "debug", platforms: %i[ mri windows ], require: "debug/prelude"
+
+  # Static analysis for security vulnerabilities [https://brakemanscanner.org/]
+  gem "brakeman", require: false
+
+  # Omakase Ruby styling [https://github.com/rails/rubocop-rails-omakase/]
+  gem "rubocop-rails-omakase", require: false
 end
 
 group :development do

Gemfile.lock

@@ -84,6 +84,8 @@ GEM
     bindex (0.8.1)
     bootsnap (1.18.3)
       msgpack (~> 1.2)
+    brakeman (6.2.2)
+      racc
     builder (3.3.0)
     concurrent-ruby (1.3.3)
     connection_pool (2.4.1)
@@ -262,6 +264,22 @@ GEM
       unicode-display_width (>= 2.4.0, < 3.0)
     rubocop-ast (1.31.3)
       parser (>= 3.3.1.0)
+    rubocop-minitest (0.36.0)
+      rubocop (>= 1.61, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-performance (1.22.1)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rails (2.26.2)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.52.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rails-omakase (1.0.0)
+      rubocop
+      rubocop-minitest
+      rubocop-performance
+      rubocop-rails
     ruby-progressbar (1.13.0)
     sprockets (4.2.1)
       concurrent-ruby (~> 1.0)
@@ -317,6 +335,7 @@ PLATFORMS
 DEPENDENCIES
   bcrypt (~> 3.1.7)
   bootsnap
+  brakeman
   debug
   htmlbeautifier (~> 1.4)
   importmap-rails
@@ -331,6 +350,7 @@ DEPENDENCIES
   rspec-rails (~> 6.1)
   rswag (~> 2.13)
   rubocop (~> 1.64)
+  rubocop-rails-omakase
   sprockets-rails
   stimulus-rails
   tailwindcss-rails

config/database.ci.yml

@@ -0,0 +1,10 @@
+# ref: https://blog.niclin.tw/2019/10/31/building-a-rails-ci-piepline-and-run-rspec-on-github-actions/
+test:
+  adapter: postgresql
+  encoding: unicode
+  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
+  username: <%= ENV['PG_USERNAME'] %>
+  password: <%= ENV['PG_PASSWORD'] %>
+  host: <%= ENV['PG_HOST'] %>
+  port: <%= ENV['PG_PORT'] %>
+  database: <%= ENV['PG_DATABASE'] %>