Merge pull request #107 from mlibrary/2024-02-05-updates

February 2024 dependency updates.

.github/PULL_REQUEST_TEMPLATE/dependency_updates_template.md

@@ -8,6 +8,16 @@ These dependencies have been updated to their latest versions:
 - `postcss-cli`
 - `postcss-import`
 
+## Workflows
+These actions have been updated to their latest versions:
+- `actions/checkout`
+- `aquasecurity/trivy-action`
+- `mlibrary/deploy-to-kubernetes`
+- `mlibrary/platform-engineering-workflows/.github/workflows/build-production.yml`
+- `mlibrary/platform-engineering-workflows/.github/workflows/build-unstable.yml`
+- `ruby/setup-ruby`
+- `xom9ikk/dotenv`
+
 ## Testing
 - Install the updated packages (`docker-compose run --rm web npm install`).
 - Make a CSS change, and build the styles (`docker-compose run --rm web npm run build`).

.github/workflows/build-deploy-release.yaml

@@ -17,31 +17,28 @@ jobs:
       dockerfile: Dockerfile
     secrets: inherit
 
-  scan-image:
-    needs: build-production
-    runs-on: ubuntu-latest
-    steps:
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ghcr.io/mlibrary/${{ vars.IMAGE_NAME }}:${{ github.event.release.tag_name }}
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+  #scan-image:
+    #needs: build-production
+    #runs-on: ubuntu-latest
+    #steps:
+      #- name: Run Trivy vulnerability scanner
+        #uses: aquasecurity/trivy-action@master
+        #with:
+          #image-ref: ghcr.io/mlibrary/${{ vars.IMAGE_NAME }}:${{ github.event.release.tag_name }}
+          #format: 'table'
+          #exit-code: '1'
+          #ignore-unfixed: true
+          #vuln-type: 'os,library'
+          #severity: 'CRITICAL,HIGH'
 
+
   deploy-production:
     needs: build-production
-    runs-on: ubuntu-latest
-    environment: production
-    steps:
-    - name: Deploy to Production
-      uses: mlibrary/deploy-to-kubernetes@v3
-      with:
-        registry_token: ${{ secrets.GITHUB_TOKEN }}
-        image: ghcr.io/mlibrary/${{ vars.IMAGE_NAME }}:${{ github.event.release.tag_name }}
-        cluster_ca: ${{ secrets.HATCHER_CLUSTER_CA }}
-        cluster_server: https://hatcher.kubernetes.lib.umich.edu
-        namespace_token: ${{ secrets.HATCHER_TOKEN }}
-        namespace: ${{ secrets.NAMESPACE }}
+    name: Deploy to production
+    uses: mlibrary/platform-engineering-workflows/.github/workflows/deploy.yml@v1
+    with:
+      image: ghcr.io/mlibrary/${{ vars.IMAGE_NAME }}:${{ github.event.release.tag_name }}
+      file: environments/browse/production/web-image.txt
+      CONFIG_REPO_RW_APP_ID: ${{ vars.CONFIG_REPO_RW_APP_ID }}
+      CONFIG_REPO_FULL_NAME: ${{ vars.CONFIG_REPO_FULL_NAME }}
+    secrets: inherit

.github/workflows/build-main.yml

@@ -16,31 +16,27 @@ jobs:
       dockerfile: Dockerfile
     secrets: inherit
 
-  scan-image:
-    needs: build-unstable
-    runs-on: ubuntu-latest
-    steps:
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ needs.build-unstable.outputs.image }}
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+  #scan-image:
+    #needs: build-unstable
+    #runs-on: ubuntu-latest
+    #steps:
+      #- name: Run Trivy vulnerability scanner
+        #uses: aquasecurity/trivy-action@master
+        #with:
+          #image-ref: ${{ needs.build-unstable.outputs.image }}
+          #format: 'table'
+          #exit-code: '1'
+          #ignore-unfixed: true
+          #vuln-type: 'os,library'
+          #severity: 'CRITICAL,HIGH'
 
-  deploy-testing:
+  deploy-unstable:
     needs: build-unstable
-    runs-on: ubuntu-latest
-    environment: testing
-    steps:
-    - name: Deploy to Testing
-      uses: mlibrary/deploy-to-kubernetes@v3
-      with:
-        registry_token: ${{ secrets.GITHUB_TOKEN }}
-        image: ${{ needs.build-unstable.outputs.image }}
-        cluster_ca: ${{ secrets.HATCHER_CLUSTER_CA }}
-        cluster_server: https://hatcher.kubernetes.lib.umich.edu
-        namespace_token: ${{ secrets.HATCHER_TOKEN }}
-        namespace: ${{ secrets.NAMESPACE }}
+    name: Deploy to workshop
+    uses: mlibrary/platform-engineering-workflows/.github/workflows/deploy.yml@v1
+    with:
+      image: ${{ needs.build-unstable.outputs.image }}
+      file: environments/browse/workshop/web-image.txt
+      CONFIG_REPO_RW_APP_ID: ${{ vars.CONFIG_REPO_RW_APP_ID }}
+      CONFIG_REPO_FULL_NAME: ${{ vars.CONFIG_REPO_FULL_NAME }}
+    secrets: inherit

.github/workflows/deploy-production.yaml

@@ -19,15 +19,11 @@ jobs:
 
   deploy-production:
     needs: build-production
-    runs-on: ubuntu-latest
-    environment: production
-    steps:
-    - name: Deploy to Production
-      uses: mlibrary/deploy-to-kubernetes@v3
-      with:
-        registry_token: ${{ secrets.GITHUB_TOKEN }}
-        image: ghcr.io/mlibrary/${{ vars.IMAGE_NAME }}:${{ github.event.inputs.tag }}
-        cluster_ca: ${{ secrets.HATCHER_CLUSTER_CA }}
-        cluster_server: https://hatcher.kubernetes.lib.umich.edu
-        namespace_token: ${{ secrets.HATCHER_TOKEN }}
-        namespace: ${{ secrets.NAMESPACE }}
+    name: Deploy to production
+    uses: mlibrary/platform-engineering-workflows/.github/workflows/deploy.yml@v1
+    with:
+      image: ghcr.io/mlibrary/${{ vars.IMAGE_NAME }}:${{ github.event.inputs.tag }}
+      file: environments/browse/production/web-image.txt
+      CONFIG_REPO_RW_APP_ID: ${{ vars.CONFIG_REPO_RW_APP_ID }}
+      CONFIG_REPO_FULL_NAME: ${{ vars.CONFIG_REPO_FULL_NAME }}
+    secrets: inherit

.github/workflows/manual-deploy-unstable.yaml

@@ -3,14 +3,6 @@ name: Manual Deploy Unstable
 on:
   workflow_dispatch:
     inputs:
-      deploy_environment:
-        description: 'namespace to deploy to'
-        required: true
-        type: choice
-        default: "testing"
-        options:
-          - "testing"
-          - "staging"
       tag:
         description: tag
         required: true
@@ -26,31 +18,13 @@ jobs:
       dockerfile: Dockerfile
     secrets: inherit
 
-  scan-image:
-    needs: build-unstable
-    runs-on: ubuntu-latest
-    steps:
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ needs.build-unstable.outputs.image }}
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
-
-  deploy:
+  deploy-unstable:
     needs: build-unstable
-    runs-on: ubuntu-latest
-    environment: ${{ github.event.inputs.deploy_environment }}
-    steps:
-    - name: Deploy to ${{ github.event.inputs.deploy_environment }}
-      uses: mlibrary/deploy-to-kubernetes@v3
-      with:
-        registry_token: ${{ secrets.GITHUB_TOKEN }}
-        image: ${{ needs.build-unstable.outputs.image }}
-        cluster_ca: ${{ secrets.HATCHER_CLUSTER_CA }}
-        cluster_server: https://hatcher.kubernetes.lib.umich.edu
-        namespace_token: ${{ secrets.HATCHER_TOKEN }}
-        namespace: ${{ secrets.NAMESPACE }}
+    name: Deploy to workshop
+    uses: mlibrary/platform-engineering-workflows/.github/workflows/deploy.yml@v1
+    with:
+      image: ${{ needs.build-unstable.outputs.image }}
+      file: environments/browse/workshop/web-image.txt
+      CONFIG_REPO_RW_APP_ID: ${{ vars.CONFIG_REPO_RW_APP_ID }}
+      CONFIG_REPO_FULL_NAME: ${{ vars.CONFIG_REPO_FULL_NAME }}
+    secrets: inherit

.github/workflows/tests.yml

@@ -7,7 +7,7 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Create .env file
         run: cat env.* > .env
       - name: Load .env file

Gemfile.lock

@@ -3,18 +3,20 @@ GEM
   specs:
     addressable (2.8.6)
       public_suffix (>= 2.0.2, < 6.0)
-    anyway_config (2.6.2)
+    anyway_config (2.6.3)
       ruby-next-core (~> 1.0)
     ast (2.4.2)
     base64 (0.2.0)
+    bigdecimal (3.1.6)
     byebug (11.1.3)
     canister (0.9.2)
     climate_control (1.2.0)
     coderay (1.1.3)
     concurrent-ruby (1.2.3)
-    crack (0.4.5)
+    crack (1.0.0)
+      bigdecimal
       rexml
-    diff-lcs (1.5.0)
+    diff-lcs (1.5.1)
     docile (1.4.0)
     dry-initializer (3.1.1)
     faraday (2.9.0)
@@ -51,7 +53,7 @@ GEM
     puma (6.4.2)
       nio4r (~> 2.0)
     racc (1.7.3)
-    rack (3.0.8)
+    rack (3.0.9)
     rack-protection (4.0.0)
       base64 (>= 0.1.0)
       rack (>= 3.0.0, < 4)
@@ -68,24 +70,24 @@ GEM
       ffi (~> 1.0)
     regexp_parser (2.9.0)
     rexml (3.2.6)
-    rspec (3.12.0)
-      rspec-core (~> 3.12.0)
-      rspec-expectations (~> 3.12.0)
-      rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.2)
-      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.3)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.6)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-support (3.12.1)
-    rubocop (1.59.0)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.0)
+    rubocop (1.60.2)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.2.4)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
@@ -97,7 +99,7 @@ GEM
     rubocop-performance (1.20.2)
       rubocop (>= 1.48.1, < 2.0)
       rubocop-ast (>= 1.30.0, < 2.0)
-    ruby-next-core (1.0.0)
+    ruby-next-core (1.0.1)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     simplecov (0.22.0)
@@ -118,10 +120,10 @@ GEM
       rack-protection (= 4.0.0)
       sinatra (= 4.0.0)
       tilt (~> 2.0)
-    standard (1.33.0)
+    standard (1.34.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.59.0)
+      rubocop (~> 1.60)
       standard-custom (~> 1.0.0)
       standard-performance (~> 1.3)
     standard-custom (1.0.2)
@@ -133,7 +135,7 @@ GEM
     tilt (2.3.0)
     unicode-display_width (2.5.0)
     uri (0.13.0)
-    webmock (3.19.1)
+    webmock (3.20.0)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -174,4 +176,4 @@ DEPENDENCIES
   yabeda-puma-plugin
 
 BUNDLED WITH
-   2.5.5
+   2.5.6