Merge branch 'main' into enhancement/platform-setup-wizard

Author: rsmithlal

.github/workflows/brakeman.yml

@@ -1,18 +1,9 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-# This workflow integrates Brakeman with GitHub's Code Scanning feature
-# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
-
 name: Brakeman Scan
 
 on:
   push:
     branches: [ "main" ]
   pull_request:
-    # The branches below must be a subset of the branches above
     branches: [ "main" ]
   schedule:
     - cron: '26 3 * * 0'
@@ -22,37 +13,38 @@ permissions:
 
 jobs:
   brakeman-scan:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     name: Brakeman Scan
+    # Option A: stay on latest (24.04) – requires up-to-date setup-ruby
     runs-on: ubuntu-latest
+    # Option B (fallback): force older image if you prefer
+    # runs-on: ubuntu-22.04
+
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+
     steps:
-    # Checkout the repository to the GitHub Actions runner
-    - name: Checkout
-      uses: actions/checkout@v3
-
-    # Customize the ruby version depending on your needs
-    - name: Setup Ruby
-      uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
-      with:
-        ruby-version: '3.2'
-
-    - name: Setup Brakeman
-      env:
-        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
-      run: |
-        gem install brakeman --version $BRAKEMAN_VERSION
-
-    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
-    - name: Scan
-      continue-on-error: true
-      run: |
-        brakeman -f sarif -o output.sarif.json .
-
-    # Upload the SARIF file generated in the previous step
-    - name: Upload SARIF
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        sarif_file: output.sarif.json
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        # Use the rolling v1 tag so you get fixes for new runner images
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.2'   # or your exact patch, e.g. '3.2.2'
+          # bundler-cache not needed since we install brakeman directly
+
+      - name: Setup Brakeman
+        run: |
+          gem install brakeman
+
+      - name: Scan (SARIF)
+        continue-on-error: true
+        run: |
+          brakeman -f sarif -o output.sarif.json .
+
+      - name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: output.sarif.json

.github/workflows/codeql.yml

@@ -50,7 +50,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -64,7 +64,7 @@ jobs:
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -77,6 +77,6 @@ jobs:
     #     ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

Gemfile

@@ -35,7 +35,7 @@ gem 'redis', '~> 5.4'
 gem 'rswag'
 
 # Sidekiq for background processing
-gem 'sidekiq', '~> 8.0.6'
+gem 'sidekiq', '~> 8.0.7'
 
 # Error and performance monitoring with Sentry
 gem 'sentry-rails'

Gemfile.lock

@@ -189,7 +189,7 @@ GEM
       descendants_tracker (~> 0.0.4)
       ice_nine (~> 0.11.0)
       thread_safe (~> 0.3, >= 0.3.1)
-    base64 (0.2.0)
+    base64 (0.3.0)
     bcrypt (3.1.20)
     benchmark (0.4.1)
     better_errors (2.10.1)
@@ -304,7 +304,7 @@ GEM
     erb (5.0.2)
     erubi (1.13.1)
     event_stream_parser (1.0.0)
-    excon (1.2.7)
+    excon (1.2.8)
       logger
     execjs (2.10.0)
     factory_bot (6.5.4)
@@ -314,19 +314,19 @@ GEM
       railties (>= 6.1.0)
     faker (3.5.2)
       i18n (>= 1.8.11, < 2)
-    faraday (2.13.0)
+    faraday (2.13.4)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
-    faraday-multipart (1.1.0)
+    faraday-multipart (1.1.1)
       multipart-post (~> 2.0)
-    faraday-net_http (3.4.0)
+    faraday-net_http (3.4.1)
       net-http (>= 0.5.0)
     ffi (1.17.2-aarch64-linux-gnu)
     ffi (1.17.2-arm64-darwin)
     ffi (1.17.2-x86_64-linux-gnu)
-    fog-aws (3.32.0)
-      base64 (~> 0.2.0)
+    fog-aws (3.33.0)
+      base64 (>= 0.2, < 0.4)
       fog-core (~> 2.6)
       fog-json (~> 1.1)
       fog-xml (~> 0.1)
@@ -343,7 +343,7 @@ GEM
       nokogiri (>= 1.5.11, < 2.0.0)
     font-awesome-sass (6.7.2)
       sassc (~> 2.0)
-    formatador (1.1.0)
+    formatador (1.1.1)
     friendly_id (5.4.2)
       activerecord (>= 4.0.0)
     friendly_id-mobility (1.0.4)
@@ -454,7 +454,7 @@ GEM
     mime-types (3.7.0)
       logger
       mime-types-data (~> 3.2025, >= 3.2025.0507)
-    mime-types-data (3.2025.0527)
+    mime-types-data (3.2025.0805)
     mini_magick (5.2.0)
       benchmark
       logger
@@ -467,7 +467,7 @@ GEM
       actiontext (>= 6.0)
       mobility (~> 1.2)
     msgpack (1.8.0)
-    multi_json (1.15.0)
+    multi_json (1.17.0)
     multipart-post (2.4.1)
     mutex_m (0.3.0)
     net-http (0.6.0)
@@ -595,7 +595,7 @@ GEM
       psych (>= 4.0.0)
     redis (5.4.1)
       redis-client (>= 0.22.0)
-    redis-client (0.25.1)
+    redis-client (0.25.2)
       connection_pool
     reform (2.6.2)
       disposable (>= 0.5.0, < 1.0.0)
@@ -604,7 +604,7 @@ GEM
     reform-rails (0.2.6)
       activemodel (>= 5.0)
       reform (>= 2.3.1, < 3.0.0)
-    regexp_parser (2.11.0)
+    regexp_parser (2.11.1)
     reline (0.6.2)
       io-console (~> 0.5)
     representable (3.2.0)
@@ -678,7 +678,7 @@ GEM
     rubocop-factory_bot (2.27.1)
       lint_roller (~> 1.1)
       rubocop (~> 1.72, >= 1.72.1)
-    rubocop-rails (2.32.0)
+    rubocop-rails (2.33.0)
       activesupport (>= 4.2.0)
       lint_roller (~> 1.1)
       rack (>= 1.1)
@@ -691,7 +691,7 @@ GEM
       lint_roller (~> 1.1)
       rubocop (~> 1.72, >= 1.72.1)
       rubocop-rspec (~> 3.5)
-    ruby-openai (8.1.0)
+    ruby-openai (8.2.0)
       event_stream_parser (>= 0.3.0, < 2.0.0)
       faraday (>= 1)
       faraday-multipart (>= 1)
@@ -727,7 +727,7 @@ GEM
       activesupport (>= 3)
     shoulda-matchers (6.5.0)
       activesupport (>= 5.2.0)
-    sidekiq (8.0.6)
+    sidekiq (8.0.7)
       connection_pool (>= 2.5.0)
       json (>= 2.9.0)
       logger (>= 1.6.2)
@@ -741,7 +741,7 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
-    spring (4.3.0)
+    spring (4.4.0)
     spring-watcher-listen (2.1.0)
       listen (>= 2.7, < 4.0)
       spring (>= 4)
@@ -863,7 +863,7 @@ DEPENDENCIES
   sentry-ruby
   shoulda-callback-matchers
   shoulda-matchers
-  sidekiq (~> 8.0.6)
+  sidekiq (~> 8.0.7)
   simplecov
   spring
   spring-watcher-listen (~> 2.1.0)

app/controllers/better_together/conversations_controller.rb

@@ -47,7 +47,7 @@ def show # rubocop:todo Metrics/MethodLength, Metrics/AbcSize
         # Move this to separate action/bg process only activated when the messages are actually read.
         events = BetterTogether::NewMessageNotifier.where(record_id: @messages.pluck(:id)).select(:id)
 
-        notifications = helpers.current_person.notifications.where(event_id: events.pluck(:id))
+        notifications = helpers.current_person.notifications.unread.where(event_id: events.pluck(:id))
         notifications.update_all(read_at: Time.current)
       end
 

app/controllers/better_together/notifications_controller.rb

@@ -11,11 +11,11 @@ def index
     end
 
     # TODO: Make a Stimulus controller to dispatch this action async when messages are viewed
-    # rubocop:todo Metrics/MethodLength
     def mark_as_read # rubocop:todo Metrics/AbcSize, Metrics/MethodLength
       if params[:id]
-        @notification = helpers.current_person.notifications.find(params[:id])
-        @notification.update(read_at: Time.current)
+        mark_notification_as_read(params[:id])
+      elsif params[:record_id]
+        mark_record_notification_as_read(params[:record_id])
       else
         helpers.current_person.notifications.unread.update_all(read_at: Time.current)
       end
@@ -35,6 +35,17 @@ def mark_as_read # rubocop:todo Metrics/AbcSize, Metrics/MethodLength
         end
       end
     end
-    # rubocop:enable Metrics/MethodLength
+
+    def mark_notification_as_read(id)
+      @notification = helpers.current_person.notifications.find(id)
+      @notification.update(read_at: Time.current)
+    end
+
+    def mark_record_notification_as_read(id)
+      @notifications = helpers.current_person.notifications.unread.includes(
+        :event
+      ).references(:event).where(event: { record_id: id })
+      @notifications.update_all(read_at: Time.current)
+    end
   end
 end

app/javascript/controllers/better_together/message_visibility_controller.js

@@ -0,0 +1,62 @@
+import { Controller } from "@hotwired/stimulus"
+
+// Connects to data-controller="message-visibility"
+export default class extends Controller {
+	connect() {
+		console.log('message visibility controller connected')
+		const rootElement = document.getElementById('conversation-messages');
+
+		const observer = new IntersectionObserver(this.onIntersect, {
+			root: rootElement,
+			rootMargin: '0px',
+			threshold: 1.0
+		});
+
+		observer.observe(this.element);
+		this.observer = observer;
+	}
+
+	onIntersect = (entries, observer) => {
+		entries.forEach(entry => {
+			if (entry.isIntersecting) {
+				const messageId = this.element.dataset.messageId;
+				console.log(`Message ${messageId} is on screen.`);
+
+				if (this.element.dataset.readStatus === 'unread') { this.markAsRead(messageId); }
+
+				observer.unobserve(this.element);
+			}
+		});
+	}
+
+	markAsRead(messageId) {
+		fetch(`/en/notifications/mark_record_as_read`, {
+			method: 'POST',
+			headers: {
+				'Content-Type': 'application/json',
+				'X-CSRF-Token': this.getCSRFToken()
+			},
+			body: JSON.stringify({
+				record_id: messageId
+			})
+		})
+			.then(response => {
+				if (response.ok) {
+					console.log(`Notification for message ${messageId} marked as read.`)
+				} else {
+					console.error(`Failed to mark notification for message ${messageId} as read.`)
+				}
+			})
+	}
+
+	getCSRFToken() {
+		const tokenElement = document.querySelector("meta[name='csrf-token']")
+		return tokenElement ? tokenElement.getAttribute("content") : ""
+	}
+
+	disconnect() {
+		if (this.observer) {
+			this.observer.disconnect()
+		}
+	}
+}

app/views/better_together/conversations/_conversation_content.html.erb

@@ -17,7 +17,7 @@
   <%= turbo_stream_from conversation %>
 
   <div id="conversation_messages" class="card-body p-4" data-controller="better_together--conversation-messages" data-better_together--conversation-messages-current-person-id-value="<%= current_person.id %>">
-    <%= render(partial: 'better_together/messages/message', collection: messages, as: :message) || render(partial: 'better_together/conversations/empty', locals: { conversation: }) %>
+    <%= render(partial: 'better_together/messages/message', collection: messages, as: :message, locals: {read_status: 'read'}) || render(partial: 'better_together/conversations/empty', locals: { conversation: }) %>
   </div>
 
   <div class="card-footer">