diff --git a/.env.mysql2 b/.env.mysql2 new file mode 100644 index 0000000000..78e7d04490 --- /dev/null +++ b/.env.mysql2 @@ -0,0 +1,48 @@ +# DMPRoadmap dotenv file + +# Rails log level +RAILS_LOG_LEVEL=debug +# Whether or not Rails should log to STDOUT. If false it will log to `./logs/[env].log` +RAILS_LOG_TO_STDOUT=true +# Whether or not Rails will be serving your static assets +RAILS_SERVE_STATIC_FILES=false +# Maximum number of Puma threads +RAILS_MAX_THREADS=5 +# Maximum number of Puma workers +WEB_CONCURRENCY=2 +# The port puma will use to host the Rails app +PORT=3000 + +# Rails 6.1+ has a white-list of valid domains. You must set this for your production env! +DMPROADMAP_HOST=localhost + +# The location of the wkhtmltopdf app. Once bundler has installed it, you can find it with +# `which wkhtmltopdf` on linux/osx systems. +WICKED_PDF_PATH=/usr/local/bin/wkhtmltopdf + +# Database settings. +DB_ADAPTER=mysql2 +DB_HOST=localhost +DB_PORT=3306 +DB_POOL_SIZE=16 +DB_NAME=roadmap + +# Whether or not the Dragonfly gem should use AWS S3 to store logos. If 'false' the logos will +# be stored on the local disk. If true, you must provide the `AWS_` prefixed values. +DRAGONFLY_AWS=false +AWS_REGION= +AWS_BUCKET_NAME= + +# If you have a Rollbar account and want to redcord errors there, add your token here +ROLLBAR_ACCESS_TOKEN= +ROLLBAR_ENV= + +# Translation IO variables. The Domain can be either `app` or `client` and is typically defined +# when running `bin/rails translations:sync DOMAIN=app`. `client` will use any of your +# customized content in ./app/views/branded and `app` is for the core roadmap translations. +# Include your Translation.io API key for the appropriate domains: +# app => TRANSLATION_API_ROADMAP +# client => TRANSLATION_API_CLIENT +# DOMAIN=app +# TRANSLATION_API_ROADMAP= +# TRANSLATION_API_CLIENT= diff --git a/.env.postgresql b/.env.postgresql new file mode 100644 index 0000000000..d6570a81ce --- /dev/null +++ b/.env.postgresql @@ -0,0 +1,48 @@ +# DMPRoadmap dotenv file + +# Rails log level +RAILS_LOG_LEVEL=debug +# Whether or not Rails should log to STDOUT. If false it will log to `./logs/[env].log` +RAILS_LOG_TO_STDOUT=true +# Whether or not Rails will be serving your static assets +RAILS_SERVE_STATIC_FILES=false +# Maximum number of Puma threads +RAILS_MAX_THREADS=5 +# Maximum number of Puma workers +WEB_CONCURRENCY=2 +# The port puma will use to host the Rails app +PORT=3000 + +# Rails 6.1+ has a white-list of valid domains. You must set this for your production env! +DMPROADMAP_HOST=localhost + +# The location of the wkhtmltopdf app. Once bundler has installed it, you can find it with +# `which wkhtmltopdf` on linux/osx systems. +WICKED_PDF_PATH=/usr/local/bin/wkhtmltopdf + +# Database settings. +DB_ADAPTER=postgresql +DB_HOST=localhost +DB_PORT=5432 +DB_POOL_SIZE=16 +DB_NAME=roadmap + +# Whether or not the Dragonfly gem should use AWS S3 to store logos. If 'false' the logos will +# be stored on the local disk. If true, you must provide the `AWS_` prefixed values. +DRAGONFLY_AWS=false +AWS_REGION= +AWS_BUCKET_NAME= + +# If you have a Rollbar account and want to redcord errors there, add your token here +ROLLBAR_ACCESS_TOKEN= +ROLLBAR_ENV= + +# Translation IO variables. The Domain can be either `app` or `client` and is typically defined +# when running `bin/rails translations:sync DOMAIN=app`. `client` will use any of your +# customized content in ./app/views/branded and `app` is for the core roadmap translations. +# Include your Translation.io API key for the appropriate domains: +# app => TRANSLATION_API_ROADMAP +# client => TRANSLATION_API_CLIENT +DOMAIN=app +TRANSLATION_API_ROADMAP= +TRANSLATION_API_CLIENT= diff --git a/.github/workflows/mysql.yml b/.github/workflows/mysql.yml index d5ca9de887..722690cc6c 100644 --- a/.github/workflows/mysql.yml +++ b/.github/workflows/mysql.yml @@ -28,15 +28,16 @@ jobs: cache: 'yarn' # Copy all of the example configs over - - name: 'Setup Default Configuration' + - name: 'Setup the application' run: | cp config/database.yml.sample config/database.yml cp config/initializers/contact_us.rb.example config/initializers/contact_us.rb cp config/initializers/wicked_pdf.rb.example config/initializers/wicked_pdf.rb + cp .env.mysql2 .env # Stub out the Rails credentials file so that we can start the Rails app - name: 'Setup Credentials' - run: EDITOR='echo "$(cat config/credentials.yml.example)" >' bundle exec rails credentials:edit + run: EDITOR='echo "$(cat config/credentials.yml.mysql2)" >' bundle exec rails credentials:edit # Set the path to the wkhtmltopdf executable - name: 'Determine wkhtmltopdf location' diff --git a/.github/workflows/postgres.yml b/.github/workflows/postgres.yml index f873581d3a..1a866315b3 100644 --- a/.github/workflows/postgres.yml +++ b/.github/workflows/postgres.yml @@ -55,12 +55,13 @@ jobs: cp config/database.yml.sample config/database.yml cp config/initializers/contact_us.rb.example config/initializers/contact_us.rb cp config/initializers/wicked_pdf.rb.example config/initializers/wicked_pdf.rb + cp .env.postgresql .env # Stub out the Rails credentials file so that we can start the Rails app - name: 'Setup Credentials' run: | # generate a default credential file and key - EDITOR='echo "$(cat config/credentials.yml.example)" >' bundle exec rails credentials:edit + EDITOR='echo "$(cat config/credentials.yml.postgresql)" >' bundle exec rails credentials:edit # Set the path to the wkhtmltopdf executable - name: 'Determine wkhtmltopdf location' diff --git a/Gemfile.lock b/Gemfile.lock index 575e507936..670aa8b1d7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -268,6 +268,8 @@ GEM mysql2 (0.5.4) nenv (0.3.0) nio4r (2.5.8) + nokogiri (1.13.9-arm64-darwin) + racc (~> 1.4) nokogiri (1.13.9-x86_64-linux) racc (~> 1.4) notiffany (0.1.3) @@ -498,6 +500,7 @@ GEM zeitwerk (2.6.1) PLATFORMS + arm64-darwin-21 x86_64-linux DEPENDENCIES @@ -580,4 +583,4 @@ RUBY VERSION ruby 2.7.6p219 BUNDLED WITH - 2.3.15 + 2.3.24 diff --git a/bin/setup b/bin/setup index d49acbfd70..54cd0c40a1 100755 --- a/bin/setup +++ b/bin/setup @@ -9,32 +9,65 @@ def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") end -chdir APP_ROOT do - # This script is a starting point to setup your application. - # Add necessary setup steps to this file. - - puts '== Installing dependencies ==' - system! 'gem install bundler --conservative' - system('bundle check') || system!('bundle install') - - puts "\n== Copying sample files ==" - %w[ - config/database.yml.sample - config/initializers/wicked_pdf.rb.example - ].each do |file| - new_file = file.gsub('.sample', '').gsub('.example', '') - cp file, new_file unless File.exist?(new_file) - end +valid_db = ARGV.length > 0 && %w[mysql postgres].include?(ARGV[0].to_s.downcase.strip) - puts "\n== Preparing database ==" - system! 'bin/rails db:prepare' +if valid_db + db_adapter = ARGV[0].to_s.downcase.strip == 'mysql' ? 'mysql2' : 'postgresql' - puts "\n== Fetching mime types and adding to database ==" - system! 'bin/rails mime_types:load' + chdir APP_ROOT do + # This script is a starting point to setup your application. + # Add necessary setup steps to this file. - puts "\n== Removing old logs and tempfiles ==" - system! 'bin/rails log:clear tmp:clear' + puts '== Installing dependencies ==' + system! 'gem install bundler --conservative' + system('bundle check') || system!('bundle install') + system! 'yarn install' - puts "\n== Restarting application server ==" - system! 'bin/rails restart' -end + puts "\n== Copying sample files ==" + cp 'config/database.yml.sample', 'config/database.yml' + cp 'config/initializers/contact_us.rb.example', 'config/initializers/contact_us.rb' + cp 'config/initializers/wicked_pdf.rb.example', 'config/initializers/wicked_pdf.rb' + cp ".env.#{db_adapter}", '.env' + + puts "\n== Preparing credentials file ==" + system! "EDITOR='echo \"$(cat config/credentials.yml.#{db_adapter})\" >' bin/rails credentials:edit" + + # Set the editor based on the platform + ENV['EDITOR'] = Gem.win_platform? ? 'code --wait' : 'vim' + + puts "\n== Opening .env in editor ... please update as needed ==" + puts " In particular make sure your DB settings are correct." + sleep(3) + system! '$EDITOR .env' + + puts "\n== Opening credentials editor ... please update as needed ==" + puts " In particular make sure your DB settings are correct." + sleep(3) + system! 'bin/rails credentials:edit' + + puts "\n== Preparing database ==" + system! 'bin/rails db:setup' + + puts "\n== Populating License table ==" + system! 'bin/rails external_api:load_spdx_licenses' + + puts "\n== Populating Metadata Standards table ==" + system! 'bin/rails external_api:load_rdamsc_standards' + + puts "\n== Populating Research Domains table ==" + system! 'bin/rails external_api:add_field_of_science_to_research_domains' + + puts "\n== Removing old logs and tempfiles ==" + system! 'bin/rails log:clear tmp:clear' + + puts "\n== Restarting application server ==" + system! 'bin/rails restart' + + puts "\n== !!We highly recommend that you populate the Repositories table, but this can take" + puts "in excess of 10 minutes so we do not run it as part of this setup!!" + puts " To run it on your own: `bin/rails external_api:load_re3data_repos`" + end +else + puts "\n== You MUST specify the type of DB you would like to use. Either mysql or postgres ==" + puts "== For example: `ruby bin/setup postgres` ==" +end \ No newline at end of file diff --git a/config/brakeman.ignore b/config/brakeman.ignore index e052e80999..a42dcc794a 100644 --- a/config/brakeman.ignore +++ b/config/brakeman.ignore @@ -23,25 +23,6 @@ ], "note": "" }, - { - "warning_type": "Unmaintained Dependency", - "warning_code": 121, - "fingerprint": "9a3951031616a07c8e02c86652f537e92c08685da97f5ec2b12d5d3602b55bb8", - "check_name": "EOLRuby", - "message": "Support for Ruby 2.6.3 ended on 2022-03-31", - "file": "Gemfile.lock", - "line": 325, - "link": "https://brakemanscanner.org/docs/warning_types/unmaintained_dependency/", - "code": null, - "render_path": null, - "location": null, - "user_input": null, - "confidence": "High", - "cwe_id": [ - 1104 - ], - "note": "" - }, { "warning_type": "Redirect", "warning_code": 18, @@ -49,7 +30,7 @@ "check_name": "Redirect", "message": "Possible unprotected redirect", "file": "app/controllers/plans_controller.rb", - "line": 393, + "line": 392, "link": "https://brakemanscanner.org/docs/warning_types/redirect/", "code": "redirect_to(Plan.deep_copy(Plan.find(params[:id])), :notice => success_message(Plan.deep_copy(Plan.find(params[:id])), _(\"copied\")))", "render_path": null, @@ -65,25 +46,6 @@ ], "note": "" }, - { - "warning_type": "Unmaintained Dependency", - "warning_code": 120, - "fingerprint": "d84924377155b41e094acae7404ec2e521629d86f97b0ff628e3d1b263f8101c", - "check_name": "EOLRails", - "message": "Support for Rails 5.2.8.1 ended on 2022-06-01", - "file": "Gemfile.lock", - "line": 325, - "link": "https://brakemanscanner.org/docs/warning_types/unmaintained_dependency/", - "code": null, - "render_path": null, - "location": null, - "user_input": null, - "confidence": "High", - "cwe_id": [ - 1104 - ], - "note": "" - }, { "warning_type": "Redirect", "warning_code": 18, @@ -108,6 +70,6 @@ "note": "" } ], - "updated": "2022-08-10 07:47:14 -0700", + "updated": "2022-10-28 11:43:26 -0700", "brakeman_version": "5.3.1" } diff --git a/config/credentials.yml.example b/config/credentials.yml.example deleted file mode 100644 index 4b1ab3068a..0000000000 --- a/config/credentials.yml.example +++ /dev/null @@ -1,23 +0,0 @@ -# This is an example credentials file. -# To real credentials file is encrypted. -# To create it run -# EDITOR=my_ave_editor rails credentials:edit -# and paste the rest of this file in, filling in the correct values -# -# If you need to generate a new secret you can run the `rails secret` utility - -database: - host: "my_host_name" - username: "my_db_user" - password: "my_db_password" - -devise_pepper: "my_pepper" - -dragonfly_secret: "my_secret" - -recaptcha: - site_key: "mykey" - secret_key: "my_secret" - -# Used as the base secret for all MessageVerifiers in Rails, including the one protecting cookies. -secret_key_base: "my_secret" diff --git a/config/credentials.yml.mysql2 b/config/credentials.yml.mysql2 new file mode 100644 index 0000000000..60593b82d2 --- /dev/null +++ b/config/credentials.yml.mysql2 @@ -0,0 +1,26 @@ +# DMPRoadmap Rails credentials file +# To generate secrets and peppers, run the following in another tab/window `bin/rails secret` + +# Used as the base secret for all MessageVerifiers in Rails, including the one protecting cookies. +secret_key_base: my_secret_key + +# Database credentials +db_username: root +db_password: + +# Devise credentials (used for user password encryption) +secret_key: my_secret_key +devise_pepper: my_pepper + +# Used by the Dragonfly gem for creating random hashes for org logos +dragonfly_secret: my_secret_key + +# AWS credentials used by the config/initializers/dragonfly.rb to access your S3 bucket (if applicable) +# aws: +# access_key_id: 12345 +# secret_access_key: 34567 + +# Recaptcha credentials +recaptcha: + site_key: 11111 + secret_key: 22222 \ No newline at end of file diff --git a/config/credentials.yml.postgresql b/config/credentials.yml.postgresql new file mode 100644 index 0000000000..4625ba451f --- /dev/null +++ b/config/credentials.yml.postgresql @@ -0,0 +1,26 @@ +# DMPRoadmap Rails credentials file +# To generate secrets and peppers, run the following in another tab/window `bin/rails secret` + +# Used as the base secret for all MessageVerifiers in Rails, including the one protecting cookies. +secret_key_base: my_secret_key + +# Database credentials +db_username: postgres +db_password: + +# Devise credentials (used for user password encryption) +secret_key: my_secret_key +devise_pepper: my_pepper + +# Used by the Dragonfly gem for creating random hashes for org logos +dragonfly_secret: my_secret_key + +# AWS credentials used by the config/initializers/dragonfly.rb to access your S3 bucket (if applicable) +# aws: +# access_key_id: 12345 +# secret_access_key: 34567 + +# Recaptcha credentials +recaptcha: + site_key: 11111 + secret_key: 22222 \ No newline at end of file diff --git a/config/database.yml.sample b/config/database.yml.sample index 8f0ba4b01f..ea0354e1d4 100644 --- a/config/database.yml.sample +++ b/config/database.yml.sample @@ -1,9 +1,12 @@ defaults: &defaults - adapter: <%= ENV['DB_ADAPTER'] || 'postgresql' %> - encoding: <%= ENV['DB_ADAPTER'] == "mysql2" ? "utf8mb4" : "" %> - username: <%= ENV["DB_ADAPTER"] == "postgresql" ? 'postgres' : 'root' %> - database: roadmap_<%= ENV['RAILS_ENV'] %> - pool: 16 + adapter: <%= ENV.fetch('DB_ADAPTER', 'postgresql') %> + encoding: <%= ENV.fetch('DB_ADAPTER', 'postgresql') == 'mysql2' ? 'utf8mb4' : '' %> + pool: <%= ENV.fetch('DB_POOL_SIZE', 16) %> + host: <%= ENV.fetch('DB_HOST', 'localhost') %> + port: <%= ENV.fetch('DB_PORT', '5432') %> + database: <%= ENV.fetch('DB_NAME', 'roadmap') %> + username: <%= ENV.fetch('DB_USERNAME', Rails.application.credentials.db_username) %> + password: <%= ENV.fetch('DB_PASSWORD', Rails.application.credentials.db_password) %> development: <<: *defaults diff --git a/config/initializers/dragonfly.rb b/config/initializers/dragonfly.rb index 98eef0ba86..17f04ffff0 100644 --- a/config/initializers/dragonfly.rb +++ b/config/initializers/dragonfly.rb @@ -17,8 +17,10 @@ require 'dragonfly/s3_data_store' datastore(:s3, { bucket_name: ENV.fetch('AWS_BUCKET_NAME', nil), - access_key_id: ENV.fetch('AWS_ACCESS_KEY_ID', nil), - secret_access_key: ENV.fetch('AWS_SECRET_ACCESS_KEY', nil), + access_key_id: ENV.fetch('AWS_ACCESS_KEY_ID', + Rails.application.credentials.aws.access_key_id), + secret_access_key: ENV.fetch('AWS_SECRET_ACCESS_KEY', + Rails.application.credentials.aws.secret_access_key), region: ENV.fetch('AWS_REGION', nil), root_path: Rails.env, url_scheme: 'https'