update our pronto-ruby to the latest (based on Renato's work)

.github/dependabot.yml

@@ -4,4 +4,16 @@ updates:
   directory: "/"
   schedule:
     interval: monthly
-  open-pull-requests-limit: 10
+  open-pull-requests-limit: 10
+  ignore:
+    - dependency-name: pry
+      versions:
+        - ">= 0.13.a"
+        - "< 0.14"
+  groups:
+    rubocop-dependencies:
+      patterns:
+        - "rubocop*"
+    pronto-dependencies:
+      patterns:
+        - "pronto*"

.github/workflows/build-and-publish-docker-image.yaml

@@ -0,0 +1,60 @@
+name: Build and publish docker image
+on:
+  workflow_dispatch:  
+  push:
+    branches:
+     - main
+     - use_head_commit
+    tags:
+      # any tag names starting with 'v'
+      - 'v*'
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      # Gives the action the ability to mint the OIDC token necessary to request a Sigstore signing certificate
+      id-token: write
+      # Permission necessary to persist the attestation
+      attestations: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Set-up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64
+      - name: Log in to the Github Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true

.github/workflows/hadolint.yml

@@ -0,0 +1,15 @@
+name: Hadolint - Dockerfile linting
+on:
+  workflow_dispatch:  
+  pull_request:
+    types: [opened, synchronize]
+    paths:
+      - "Dockerfile"
+jobs:
+  hadolint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: hadolint/hadolint-action@v3.1.0
+        with:
+          verbose: true

.github/workflows/run-specs.yml

@@ -0,0 +1,23 @@
+name: Specs
+
+on:
+  push:
+
+jobs:
+  spec:
+
+    runs-on: ubuntu-latest
+    steps:
+    - name: Install packages
+      run: sudo apt-get update && sudo apt-get install --no-install-recommends -y libjemalloc2
+    - uses: actions/checkout@v6
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1
+      with:
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: Unpack test repo
+      run: cd spec/fixtures && tar -zxf test.git.tar.gz
+    - name: Run tests
+      run: bundle exec rspec

.github/workflows/self.yml

@@ -5,14 +5,18 @@ on:
 
 jobs:
   run:
+    permissions:
+      checks: write
+      contents: read
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v4
+    - run: git fetch origin main
     - name: Pronto Run
       uses: ./
       with:
         target: origin/main
         runners: >-
-          rubocop bundler_audit brakeman yamllint
+          rubocop brakeman
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -49,3 +49,9 @@ build-iPhoneSimulator/
 
 # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
 .rvmrc
+
+## Specific to RubyMine
+.idea
+
+## Specific to asdf
+.tool-versions

.hadolint.yaml

@@ -0,0 +1,14 @@
+ # list of rules: https://github.com/hadolint/hadolint/wiki
+ignored:
+  - DL3008 # Pin versions in apt-get install - https://github.com/hadolint/hadolint/wiki/DL3008
+  # - DL3018 # Pin versions in apk add - https://github.com/hadolint/hadolint/wiki/DL3018
+  # - DL3028 # Pin version in gem install - https://github.com/hadolint/hadolint/wiki/DL3028
+
+trustedRegistries:
+  - docker.io
+  - "*.gcr.io"
+  - "*.ecr.eu-west-1.amazonaws.com"
+
+override:
+  warning:
+    - DL3028 # Pin version in gem install - https://github.com/hadolint/hadolint/wiki/DL3028

.rubocop.yml

@@ -0,0 +1,61 @@
+plugins:
+  - rubocop-capybara
+  - rubocop-factory_bot
+  - rubocop-minitest
+  - rubocop-performance
+  - rubocop-rake
+  - rubocop-sequel
+  - rubocop-yard
+
+AllCops:
+  NewCops: enable
+  DisplayStyleGuide: true
+
+Metrics:
+  Enabled: false
+
+Layout/LineLength:
+  Enabled: false
+
+# Align `end` with the matching keyword or starting expression except for
+# assignments, where it should be aligned with the LHS.
+Layout/EndAlignment:
+  EnforcedStyleAlignWith: variable
+
+# Method definitions after `private` or `protected` isolated calls need one
+# extra level of indentation.
+Layout/IndentationConsistency:
+  EnforcedStyle: indented_internal_methods
+
+Style/FrozenStringLiteralComment:
+  EnforcedStyle: always
+
+# Use `foo { bar }` not `foo {bar}`.
+Layout/SpaceInsideBlockBraces:
+  EnforcedStyleForEmptyBraces: space
+
+# Check quotes usage according to lint rule below.
+Style/StringLiterals:
+  EnforcedStyle: double_quotes
+
+Style/RedundantReturn:
+  AllowMultipleReturnValues: true
+
+Style/Semicolon:
+  AllowAsExpressionSeparator: true
+
+Style/StringLiteralsInInterpolation:
+  EnforcedStyle: double_quotes
+
+Style/RescueStandardError:
+  EnforcedStyle: implicit
+
+Style/SymbolArray:
+  MinSize: 1
+
+Style/DocumentationMethod:
+  Enabled: true
+  RequireForNonPublicMethods: true
+
+YARD/MismatchName:
+  EnforcedStylePrototypeName: before

.ruby-version

@@ -1 +1 @@
-3.3.7
+3.4.8

CHANGELOG.md

@@ -1,3 +1,83 @@
+4.6-r | 2025-11-28
+---
+Changes
+* Upgrade ruby to 3.3.x by @renatolond in https://github.com/renatolond/pronto-ruby/pull/70
+* Upgrade ruby to 3.4.7 by @renatolond in https://github.com/renatolond/pronto-ruby/pull/71
+
+4.5-r | 2025-11-28
+---
+Changes
+* Bump rubocop-rails from 2.32.0 to 2.33.0 in the rubocop-dependencies group by @dependabot[bot] in https://github.com/renatolond/pronto-ruby/pull/57
+* Bump rubocop-rails from 2.33.0 to 2.33.3 in the rubocop-dependencies group by @dependabot[bot] in https://github.com/renatolond/pronto-ruby/pull/58
+* Bump the rubocop-dependencies group with 2 updates by @dependabot[bot] in https://github.com/renatolond/pronto-ruby/pull/59
+* Bump rubocop-performance from 1.25.0 to 1.26.0 in the rubocop-dependencies group by @dependabot[bot] in https://github.com/renatolond/pronto-ruby/pull/60
+* Bump rubocop-rails from 2.33.3 to 2.33.4 in the rubocop-dependencies group by @dependabot[bot] in https://github.com/renatolond/pronto-ruby/pull/61
+* Bump rubocop-performance from 1.26.0 to 1.26.1 in the rubocop-dependencies group by @dependabot[bot] in https://github.com/renatolond/pronto-ruby/pull/62
+* Bump rspec from 3.13.1 to 3.13.2 by @dependabot[bot] in https://github.com/renatolond/pronto-ruby/pull/63
+* Bump webmock from 3.25.1 to 3.26.0 by @dependabot[bot] in https://github.com/renatolond/pronto-ruby/pull/64
+* Bump webmock from 3.26.0 to 3.26.1 by @dependabot[bot] in https://github.com/renatolond/pronto-ruby/pull/65
+* Bump the rubocop-dependencies group with 2 updates by @dependabot[bot] in https://github.com/renatolond/pronto-ruby/pull/66
+* Bump rubocop-rails from 2.33.4 to 2.34.0 in the rubocop-dependencies group by @dependabot[bot] in https://github.com/renatolond/pronto-ruby/pull/67
+* Bump rubocop-rails from 2.34.0 to 2.34.1 in the rubocop-dependencies group by @dependabot[bot] in https://github.com/renatolond/pronto-ruby/pull/68
+
+4.4-r | 2025-06-30
+---
+Changes
+* Bump rubocop-rspec from 3.5.0 to 3.6.0 in the rubocop-dependencies group by @dependabot in https://github.com/renatolond/pronto-ruby/pull/49
+* Bump the pronto-dependencies group across 1 directory with 2 updates by @dependabot in https://github.com/renatolond/pronto-ruby/pull/51
+* Bump rubocop-rails from 2.31.0 to 2.32.0 in the rubocop-dependencies group by @dependabot in https://github.com/renatolond/pronto-ruby/pull/52
+* Bump rspec from 3.13.0 to 3.13.1 by @dependabot in https://github.com/renatolond/pronto-ruby/pull/53
+* Bump rubocop-minitest from 0.38.0 to 0.38.1 in the rubocop-dependencies group by @dependabot in https://github.com/renatolond/pronto-ruby/pull/54
+* Bump rubocop-thread_safety from 0.7.2 to 0.7.3 in the rubocop-dependencies group by @dependabot in https://github.com/renatolond/pronto-ruby/pull/55
+* Bump rubocop-yard from 0.10.0 to 1.0.0 in the rubocop-dependencies group by @dependabot in https://github.com/renatolond/pronto-ruby/pull/56
+
+4.3-r | 2025-04-01
+---
+Changes
+* Bump rubocop-rails from 2.28.0 to 2.29.0 in the rubocop-dependencies group by @dependabot in https://github.com/renatolond/pronto-ruby/pull/33
+* Bump pronto-stylelint from 0.10.3 to 0.11.0 in the pronto-dependencies group by @dependabot in https://github.com/renatolond/pronto-ruby/pull/34
+* Bump the rubocop-dependencies group with 2 updates by @dependabot in https://github.com/renatolond/pronto-ruby/pull/35
+* Update checkout version in workflow by @renatolond in https://github.com/renatolond/pronto-ruby/pull/36
+* Bump rubocop-rails from 2.29.0 to 2.29.1 in the rubocop-dependencies group by @dependabot in https://github.com/renatolond/pronto-ruby/pull/37
+* Bump webmock from 3.24.0 to 3.25.0 by @dependabot in https://github.com/renatolond/pronto-ruby/pull/38
+* Bump the rubocop-dependencies group with 5 updates by @dependabot in https://github.com/renatolond/pronto-ruby/pull/39
+* Bump the rubocop-dependencies group across 1 directory with 6 updates by @dependabot in https://github.com/renatolond/pronto-ruby/pull/45
+* Bump webmock from 3.25.0 to 3.25.1 by @dependabot in https://github.com/renatolond/pronto-ruby/pull/44
+* Bump the rubocop-dependencies group with 7 updates by @dependabot in https://github.com/renatolond/pronto-ruby/pull/46
+* Bump ruby to 3.2.8 by @renatolond in https://github.com/renatolond/pronto-ruby/pull/48
+
+4.2-r | 2025-01-13
+---
+Changes:
+* Bump the pronto-dependencies group with 4 updates by @dependabot in https://github.com/renatolond/pronto-ruby/pull/30
+* Bump the rubocop-dependencies group across 1 directory with 5 updates by @dependabot in https://github.com/renatolond/pronto-ruby/pull/29
+* Add rubocop-capybara gem by @renatolond in https://github.com/renatolond/pronto-ruby/pull/31
+* Bump ruby to 3.2.6 by @renatolond in https://github.com/renatolond/pronto-ruby/pull/32
+
+4.1-r | 2024-11-13
+---
+Changes:
+* Bump the rubocop-dependencies group with 2 updates by @dependabot in #16
+* Bump rspec from 3.11.0 to 3.13.0 by @dependabot in #13
+* Bump webmock from 3.23.1 to 3.24.0 by @dependabot in #18
+* Bump the rubocop-dependencies group across 1 directory with 4 updates by @dependabot in #23
+
+4.0-r | 2024-09-18
+---
+**BREAKING CHANGES:**
+
+ * Unlike the original action, this fork is focused on Ruby-only. This means any node-related runners are removed.
+
+ * Pronto is upgraded, the following runners are not yet compatible and therefore removed:
+   - pronto-bundler_audit
+   - pronto-yamllint
+
+Changes:
+ * Upgrades ruby to 3.2.2
+ * Upgrades Bundler to 2.4.3
+ * Bump rubocop to 1.66.1
+ * Upgrades all runners and dependencies
+
 4.0 | 2022-03-17
 ---
 

Dockerfile

@@ -1,30 +1,47 @@
-FROM ruby:3.3
+ARG RUBY_VERSION=3.4
+FROM ruby:${RUBY_VERSION}
 
-LABEL maintainer="QAWAII <info@apptweak.com>"
-LABEL org.opencontainers.image.source https://github.com/apptweak/pronto-ruby
-
-ARG BUNDLER_VERSION="2.6.3"
+ARG BUNDLER_VERSION="2.6.7"
 ARG NODE_VERSION=14
+ARG BUILD_DATE=
+ARG CVS_REF=
+
+LABEL maintainer="DevEx Team <squad_devex@apptweak.com>"
+LABEL org.opencontainers.image.source https://github.com/apptweak/pronto-ruby
+LABEL org.opencontainers.image.title="AppTweak Pronto Ruby Runner"
+LABEL org.opencontainers.image.description="GitHub Action for running Pronto code review automation for Ruby projects"
+LABEL org.opencontainers.image.source="https://github.com/apptweak/pronto-ruby"
+LABEL org.opencontainers.image.url="https://github.com/apptweak/pronto-ruby"
+LABEL org.opencontainers.image.vendor="AppTweak"
+LABEL org.opencontainers.image.version=${CVS_REF}
+LABEL org.opencontainers.image.created=${BUILD_DATE}
 
 RUN apt-get update && \
-  apt-get install -y --no-install-recommends \
+  apt-get install --no-install-recommends -y \
   build-essential \
-  cmake \
   curl \
+  cmake \
   git \
   pkg-config \
   openssl \
+  libssl-dev \
+  libzstd-dev \
+  libz-dev \
   && rm -rf /var/lib/apt/lists/*
 
+# Make sure to use bash with pipefail in case something
+# fails while being piped to another command in the docker-build
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
 RUN gem install bundler --version "${BUNDLER_VERSION}"
 
 WORKDIR /runner
 
-COPY Gemfile* ./
+COPY Gemfile* .bundle ./
 
-RUN bundle --retry 4
+RUN bundle install --retry 4
 
-ENV BUNDLE_GEMFILE /runner/Gemfile
+ENV BUNDLE_GEMFILE=/runner/Gemfile
 
 COPY . ./