Merge branch 'main' into enhancement/message-notifications

Author: rsmithlal

.github/workflows/brakeman.yml

@@ -1,18 +1,9 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-# This workflow integrates Brakeman with GitHub's Code Scanning feature
-# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
-
 name: Brakeman Scan
 
 on:
   push:
     branches: [ "main" ]
   pull_request:
-    # The branches below must be a subset of the branches above
     branches: [ "main" ]
   schedule:
     - cron: '26 3 * * 0'
@@ -22,37 +13,38 @@ permissions:
 
 jobs:
   brakeman-scan:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     name: Brakeman Scan
+    # Option A: stay on latest (24.04) – requires up-to-date setup-ruby
     runs-on: ubuntu-latest
+    # Option B (fallback): force older image if you prefer
+    # runs-on: ubuntu-22.04
+
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+
     steps:
-    # Checkout the repository to the GitHub Actions runner
-    - name: Checkout
-      uses: actions/checkout@v3
-
-    # Customize the ruby version depending on your needs
-    - name: Setup Ruby
-      uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
-      with:
-        ruby-version: '3.2'
-
-    - name: Setup Brakeman
-      env:
-        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
-      run: |
-        gem install brakeman --version $BRAKEMAN_VERSION
-
-    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
-    - name: Scan
-      continue-on-error: true
-      run: |
-        brakeman -f sarif -o output.sarif.json .
-
-    # Upload the SARIF file generated in the previous step
-    - name: Upload SARIF
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        sarif_file: output.sarif.json
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        # Use the rolling v1 tag so you get fixes for new runner images
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.2'   # or your exact patch, e.g. '3.2.2'
+          # bundler-cache not needed since we install brakeman directly
+
+      - name: Setup Brakeman
+        run: |
+          gem install brakeman
+
+      - name: Scan (SARIF)
+        continue-on-error: true
+        run: |
+          brakeman -f sarif -o output.sarif.json .
+
+      - name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: output.sarif.json

.github/workflows/codeql.yml

@@ -50,7 +50,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -64,7 +64,7 @@ jobs:
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -77,6 +77,6 @@ jobs:
     #     ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/rubyonrails.yml

@@ -13,9 +13,9 @@ jobs:
           - ruby: '3.4.4'
             rails: '7.1.5.1'
             allowed_failure: false   # ✅ required
-          - ruby: '3.4.4'
-            rails: '7.2'
-            allowed_failure: true    # ⚠️ allowed to fail
+          # - ruby: '3.4.4'
+          #   rails: '7.2'
+          #   allowed_failure: true    # ⚠️ allowed to fail
           - ruby: '3.4.4'
             rails: '8.0'
             allowed_failure: true    # ⚠️ allowed to fail

AGENTS.md

@@ -1,5 +1,7 @@
 # AGENTS.md
 
+Instructions for GitHub Copilot and other automated contributors working in this repository.
+
 ## Project
 - Ruby: 3.4.4 (installed via rbenv in setup)
 - Rails: 7.1
@@ -13,18 +15,17 @@
 - Databases:
   - development: `community_engine_development`
   - test: `community_engine_test`
-- Use `DATABASE_URL` to connect (overrides fallback host in database.yml).
+- Use `DATABASE_URL` to connect (overrides fallback host in `config/database.yml`).
 
 ## Commands
-- Run tests: `bin/ci`  
+- **Tests:** `bin/ci`
   (Equivalent: `cd spec/dummy && bundle exec rspec`)
-- Lint: `bundle exec rubocop`
-- Security: `bundle exec brakeman -q -w2` and `bundle exec bundler-audit --update`
+- **Lint:** `bundle exec rubocop`
+- **Security:** `bundle exec brakeman -q -w2` and `bundle exec bundler-audit --update`
+- **Style:** `bin/codex_style_guard`
 
 ## Conventions
 - Make incremental changes with passing tests.
 - Avoid introducing new external services in tests; stub where possible.
-
-## Code Style
-- Always run `bin/codex_style_guard` before proposing a patch.
-- If RuboCop reports offenses after autocorrect, update the changes until it passes.
+- If RuboCop reports offenses after autocorrect, update and rerun until clean.
+- Keep commit messages and PR descriptions concise and informative.

Gemfile.lock

@@ -167,19 +167,19 @@ GEM
       unf
     ast (2.4.3)
     aws-eventstream (1.4.0)
-    aws-partitions (1.1139.0)
-    aws-sdk-core (3.228.0)
+    aws-partitions (1.1142.0)
+    aws-sdk-core (3.229.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
       base64
       bigdecimal
       jmespath (~> 1, >= 1.6.1)
       logger
-    aws-sdk-kms (1.109.0)
+    aws-sdk-kms (1.110.0)
       aws-sdk-core (~> 3, >= 3.228.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.195.0)
+    aws-sdk-s3 (1.196.1)
       aws-sdk-core (~> 3, >= 3.228.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -407,7 +407,7 @@ GEM
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
     jmespath (1.6.2)
-    json (2.13.0)
+    json (2.13.2)
     json-schema (5.1.1)
       addressable (~> 2.8)
       bigdecimal (~> 3.1)
@@ -493,7 +493,7 @@ GEM
     optimist (3.2.1)
     orm_adapter (0.5.0)
     parallel (1.27.0)
-    parser (3.3.8.0)
+    parser (3.3.9.0)
       ast (~> 2.4.1)
       racc
     pg (1.6.1-aarch64-linux)
@@ -604,7 +604,7 @@ GEM
     reform-rails (0.2.6)
       activemodel (>= 5.0)
       reform (>= 2.3.1, < 3.0.0)
-    regexp_parser (2.10.0)
+    regexp_parser (2.11.0)
     reline (0.6.2)
       io-console (~> 0.5)
     representable (3.2.0)
@@ -658,18 +658,18 @@ GEM
     rswag-ui (2.16.0)
       actionpack (>= 5.2, < 8.1)
       railties (>= 5.2, < 8.1)
-    rubocop (1.78.0)
+    rubocop (1.79.2)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.45.1, < 2.0)
+      rubocop-ast (>= 1.46.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.45.1)
+    rubocop-ast (1.46.0)
       parser (>= 3.3.7.2)
       prism (~> 1.4)
     rubocop-capybara (2.22.1)
@@ -741,7 +741,7 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
-    spring (4.3.0)
+    spring (4.4.0)
     spring-watcher-listen (2.1.0)
       listen (>= 2.7, < 4.0)
       spring (>= 4)

app/controllers/better_together/metrics/search_queries_controller.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module BetterTogether
+  module Metrics
+    class SearchQueriesController < ApplicationController # rubocop:todo Style/Documentation
+      def create
+        query = params[:query]
+        results_count = params[:results_count]
+        locale = I18n.locale.to_s
+
+        if query.blank? || results_count.blank?
+          render json: { error: I18n.t('metrics.search_queries.invalid_parameters') },
+                 status: :unprocessable_entity and return
+        end
+
+        BetterTogether::Metrics::TrackSearchQueryJob.perform_later(query, results_count.to_i, locale)
+
+        render json: { success: true }, status: :ok
+      end
+    end
+  end
+end

app/controllers/better_together/person_blocks_controller.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module BetterTogether
+  class PersonBlocksController < ApplicationController # rubocop:todo Style/Documentation
+    before_action :set_person_block, only: :destroy
+    after_action :verify_authorized
+
+    def index
+      authorize PersonBlock
+      @blocked_people = current_person.blocked_people
+    end
+
+    def create
+      @person_block = current_person.person_blocks.new(person_block_params)
+      authorize @person_block
+
+      if @person_block.save
+        redirect_to blocks_path, notice: 'Person was successfully blocked.'
+      else
+        redirect_to blocks_path, alert: @person_block.errors.full_messages.to_sentence
+      end
+    end
+
+    def destroy
+      authorize @person_block
+      @person_block.destroy
+      redirect_to blocks_path, notice: 'Person was successfully unblocked.'
+    end
+
+    private
+
+    def current_person
+      current_user.person
+    end
+
+    def set_person_block
+      @person_block = current_person.person_blocks.find(params[:id])
+    end
+
+    def person_block_params
+      params.require(:person_block).permit(:blocked_id)
+    end
+  end
+end

app/controllers/better_together/posts_controller.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module BetterTogether
+  # CRUD for BetterTogether::Post
+  class PostsController < FriendlyResourceController
+    protected
+
+    def resource_class
+      ::BetterTogether::Post
+    end
+
+    def resource_params
+      super.tap do |attrs|
+        attrs[:creator_id] = helpers.current_person&.id if action_name == 'create'
+      end
+    end
+  end
+end

app/controllers/better_together/reports_controller.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module BetterTogether
+  class ReportsController < ApplicationController # rubocop:todo Style/Documentation
+    after_action :verify_authorized
+
+    def create
+      @report = current_person.reports_made.new(report_params)
+      authorize @report
+
+      if @report.save
+        redirect_back fallback_location: root_path, notice: 'Report was successfully submitted.'
+      else
+        redirect_back fallback_location: root_path, alert: @report.errors.full_messages.to_sentence
+      end
+    end
+
+    private
+
+    def current_person
+      current_user.person
+    end
+
+    def report_params
+      params.require(:report).permit(:reportable_id, :reportable_type, :reason)
+    end
+  end
+end

app/controllers/better_together/search_controller.rb

@@ -18,6 +18,12 @@ def search # rubocop:todo Metrics/AbcSize, Metrics/MethodLength
             o['text']
           end
         end.flatten
+
+        BetterTogether::Metrics::TrackSearchQueryJob.perform_later(
+          @query,
+          search_results.length,
+          I18n.locale.to_s
+        )
       end
 
       # Use Kaminari for pagination