Initial commit

Author: carlastabile

.github/workflows/sca_scan.yml

@@ -0,0 +1,12 @@
+name: SCA
+
+on:
+  push:
+    branches: ["master", "main"]
+
+jobs:
+  snyk-cli:
+    uses: auth0/devsecops-tooling/.github/workflows/sca-scan.yml@main
+    with:
+      additional-arguments: "--exclude=README.md,.jfrog"
+    secrets: inherit

.gitignore

@@ -0,0 +1,141 @@
+# See https://help.github.com/articles/ignoring-files for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile '~/.gitignore_global'
+
+# Ignore bundler config.
+/.bundle
+
+# Ignore all environment files (except templates).
+/.env*
+!/.env*.erb
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore pidfiles, but keep the directory.
+/tmp/pids/*
+!/tmp/pids/
+!/tmp/pids/.keep
+
+# Ignore storage (uploaded files in development and any SQLite databases).
+/storage/*
+!/storage/.keep
+/tmp/storage/*
+!/tmp/storage/
+!/tmp/storage/.keep
+
+# Ignore master key for decrypting credentials and more.
+/config/master.key
+
+# Ignore application configuration
+/config/application.yml
+
+# Ignore database configuration (if using figaro or similar)
+/config/database.yml
+
+# Ruby
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# RDoc documentation
+/doc/
+/rdoc/
+
+# Yard documentation
+/.yardoc/
+/_yardoc/
+
+# Bundler
+vendor/bundle/
+.bundle/
+Gemfile.lock
+
+# Rails
+*.log
+tmp/
+log/
+public/system/
+public/assets/
+.sass-cache/
+
+# Database
+*.sqlite3
+*.sqlite3-journal
+*.sqlite3-*
+/.env
+
+# IDE and editor files
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.project
+.secret
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Node.js (if using Webpacker or similar)
+node_modules/
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Ignore Spring files
+/spring/*.pid
+
+# Ignore bootsnap cache
+/tmp/cache/bootsnap-compile-cache*
+/tmp/cache/bootsnap-load-path-cache*
+
+# Ignore local secrets
+/tmp/local_secret.txt
+
+# Ignore pgvector dumps
+*.sql
+
+# Ignore backup files
+*.backup
+*.bak
+
+# Ignore documentation builds
+/public/doc/
+
+# Ignore coverage reports
+/coverage/
+
+# Ignore compiled assets in development
+/public/assets/
+
+# Ignore application credentials (they're encrypted anyway, but good practice)
+/config/credentials.yml.enc.backup
+
+# Ignore local environment configuration
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# Ignore yarn integrity file
+.yarn-integrity

Dockerfile

@@ -0,0 +1,59 @@
+# syntax = docker/dockerfile:1
+
+# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
+ARG RUBY_VERSION=4.0.1
+FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim as base
+
+# Rails app lives here
+WORKDIR /rails
+
+# Set production environment
+ENV RAILS_ENV="production" \
+    BUNDLE_DEPLOYMENT="1" \
+    BUNDLE_PATH="/usr/local/bundle" \
+    BUNDLE_WITHOUT="development"
+
+
+# Throw-away build stage to reduce size of final image
+FROM base as build
+
+# Install packages needed to build gems
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y build-essential git libpq-dev libvips pkg-config
+
+# Install application gems
+COPY Gemfile Gemfile.lock ./
+RUN bundle install && \
+    rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
+    bundle exec bootsnap precompile --gemfile
+
+# Copy application code
+COPY . .
+
+# Precompile bootsnap code for faster boot times
+RUN bundle exec bootsnap precompile app/ lib/
+
+
+# Final stage for app image
+FROM base
+
+# Install packages needed for deployment
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y curl libvips postgresql-client && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+# Copy built artifacts: gems, application
+COPY --from=build /usr/local/bundle /usr/local/bundle
+COPY --from=build /rails /rails
+
+# Run and own only the runtime files as a non-root user for security
+RUN useradd rails --create-home --shell /bin/bash && \
+    chown -R rails:rails db log storage tmp
+USER rails:rails
+
+# Entrypoint prepares the database.
+ENTRYPOINT ["/rails/bin/docker-entrypoint"]
+
+# Start the server by default, this can be overwritten at runtime
+EXPOSE 3000
+CMD ["./bin/rails", "server"]

Gemfile

@@ -0,0 +1,55 @@
+source "https://rubygems.org"
+
+ruby "4.0.1"
+
+# Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
+gem "rails", "~> 8.1.2.1"
+
+# Use postgresql as the database for Active Record
+gem "pg", "~> 1.1"
+
+# Use the Puma web server [https://github.com/puma/puma]
+gem "puma", ">= 5.0"
+
+# Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]
+gem "bcrypt", "~> 3.1.22"
+
+# RAG Application Dependencies
+gem "neighbor"                 # pgvector wrapper for vector similarity search
+gem "ruby-openai"              # OpenAI API integration for embeddings and LLM
+
+# HTTP clients
+gem "faraday"                  # HTTP client for API integrations
+
+# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
+gem "tzinfo-data", platforms: [:windows, :jruby]
+
+# Reduces boot times through caching; required in config/boot.rb
+gem "bootsnap", require: false
+
+# Environment variable management
+gem "dotenv-rails"
+
+# Auth0 Authentication
+gem "omniauth-auth0", "~> 3.1"
+gem "omniauth-rails_csrf_protection", "~> 2.0.0"
+gem "repost"
+
+# OpenFGA - Fine-Grained Authorization
+gem "openfga", "~> 0.1.5"
+
+# Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
+# gem "image_processing", "~> 1.2"
+
+# Use Rack CORS for handling Cross-Origin Resource Sharing (CORS), making cross-origin Ajax possible
+# gem "rack-cors"
+
+group :development, :test do
+  # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
+  gem "debug", platforms: [:windows]
+end
+
+group :development do
+  gem "pry"
+end
+