diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 59ead51..fe925b9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,15 +7,39 @@ on: pull_request: jobs: - rspec: + tests: + name: "RSpec @ Ruby ${{ matrix.ruby }}, Rails ${{ matrix.rails }}" runs-on: ubuntu-latest + continue-on-error: true + env: + BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.rails }}.gemfile strategy: matrix: ruby: - - "3.0.7" - - "3.1.5" + - "3.1" + - "3.2" + - "3.3" + - "3.4" + - "head" + rails: + - "6.1" + - "7.2" + - "8.0" + exclude: + - ruby: "3.2" + rails: "6.1" + - ruby: "3.3" + rails: "6.1" + - ruby: "3.4" + rails: "6.1" + - ruby: "head" + rails: "6.1" + - ruby: "3.1" + rails: "7.2" + - ruby: "3.1" + rails: "8.0" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up Ruby uses: ruby/setup-ruby@v1 with: @@ -24,15 +48,20 @@ jobs: - name: Run rspec run: bundle exec rake test - rubocop: + linters: + name: "Rubocop @ Ruby ${{ matrix.ruby }}, Rails ${{ matrix.rails }}" runs-on: ubuntu-latest + continue-on-error: true + env: + BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.rails }}.gemfile strategy: matrix: ruby: - - "3.0.7" - - "3.1.5" + - "3.4" + rails: + - "7.2" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up Ruby uses: ruby/setup-ruby@v1 with: diff --git a/.gitignore b/.gitignore index 82d8097..01e4723 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ /tmp/ Gemfile.lock *.gem +.ruby-version +gemfiles/*.lock diff --git a/.rubocop.yml b/.rubocop.yml index 1956e70..4e700c1 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,6 +1,6 @@ AllCops: NewCops: enable - TargetRubyVersion: 2.6 + TargetRubyVersion: 3.0 Style/ClassAndModuleChildren: Exclude: @@ -23,10 +23,6 @@ Style/TrailingCommaInHashLiteral: EnforcedStyleForMultiline: consistent_comma Style/AccessorGrouping: EnforcedStyle: separated -Style/OpenStructUse: - Exclude: - - test/*_test.rb - - test/**/*_test.rb Layout/LineLength: Exclude: diff --git a/Appraisals b/Appraisals new file mode 100644 index 0000000..a2d0db4 --- /dev/null +++ b/Appraisals @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +SUPPORTED_RAILS_VERSIONS = %w[ + 6.1 + 7.1 + 7.2 + 8.0 +].freeze + +SUPPORTED_RAILS_VERSIONS.each do |version| + appraise "rails-#{version}" do + gem 'rails', "~> #{version}" + end +end diff --git a/Gemfile b/Gemfile index 5f853a1..66f47c5 100644 --- a/Gemfile +++ b/Gemfile @@ -5,9 +5,8 @@ source 'https://rubygems.org' # Specify your gem's dependencies in diffcrypt.gemspec gemspec +gem 'appraisal' gem 'minitest', '~> 5.0' gem 'minitest-reporters', '~> 1.6.0' gem 'rake', '~> 13.2' gem 'rubocop', '~> 1.25.1' -gem 'simplecov', '~> 0.22.0', require: false # CodeClimate not compatible with 0.18+ yet - https://github.com/codeclimate/test-reporter/issues/413 -gem 'simplecov-lcov', '< 0.9' diff --git a/Rakefile b/Rakefile index df48b05..a47194d 100644 --- a/Rakefile +++ b/Rakefile @@ -11,4 +11,4 @@ end task default: :test path = File.expand_path(__dir__) -Dir.glob("#{path}/lib/diffcrypt/tasks/**/*.rake").sort.each { |f| load f } +Dir.glob("#{path}/lib/diffcrypt/tasks/**/*.rake").each { load(_1) } diff --git a/diffcrypt.gemspec b/diffcrypt.gemspec index 3ae32cd..d46580f 100644 --- a/diffcrypt.gemspec +++ b/diffcrypt.gemspec @@ -12,7 +12,7 @@ Gem::Specification.new do |spec| spec.description = 'Diffable encrypted configuration files that can be safely committed into a git repository' spec.homepage = 'https://github.com/diffcrypt/diffcrypt-ruby' spec.license = 'MIT' - spec.required_ruby_version = Gem::Requirement.new('>= 2.6.0') + spec.required_ruby_version = Gem::Requirement.new('>= 3.0.0') # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'" @@ -29,7 +29,7 @@ Gem::Specification.new do |spec| spec.executables = %w[diffcrypt] spec.require_paths = ['lib'] - spec.add_runtime_dependency 'activesupport', '>= 6.0', '< 7.2' + spec.add_runtime_dependency 'activesupport', '>= 6.0', '< 9.0' spec.add_runtime_dependency 'thor', '>= 0.20', '< 2' spec.metadata['rubygems_mfa_required'] = 'true' end diff --git a/gemfiles/rails_6.1.gemfile b/gemfiles/rails_6.1.gemfile new file mode 100644 index 0000000..465664d --- /dev/null +++ b/gemfiles/rails_6.1.gemfile @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +# This file was generated by Appraisal + +source 'https://rubygems.org' + +gem 'appraisal' +gem 'concurrent-ruby', '1.3.4' # 1.3.5. breaks with Rails < 7, see https://github.com/ruby-concurrency/concurrent-ruby/commit/d7ce956dacd0b772273d39b8ed31a30cff7ecf38 +gem 'minitest', '~> 5.0' +gem 'minitest-reporters', '~> 1.6.0' +gem 'rails', '~> 6.1' +gem 'rake', '~> 13.2' +gem 'rubocop', '~> 1.25.1' + +gemspec path: '../' diff --git a/gemfiles/rails_7.2.gemfile b/gemfiles/rails_7.2.gemfile new file mode 100644 index 0000000..fb5e6e8 --- /dev/null +++ b/gemfiles/rails_7.2.gemfile @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +# This file was generated by Appraisal + +source 'https://rubygems.org' + +gem 'appraisal' +gem 'minitest', '~> 5.0' +gem 'minitest-reporters', '~> 1.6.0' +gem 'rails', '~> 7.2' +gem 'rake', '~> 13.2' +gem 'rubocop', '~> 1.25.1' + +gemspec path: '../' diff --git a/gemfiles/rails_8.0.gemfile b/gemfiles/rails_8.0.gemfile new file mode 100644 index 0000000..bb05c52 --- /dev/null +++ b/gemfiles/rails_8.0.gemfile @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +# This file was generated by Appraisal + +source 'https://rubygems.org' + +gem 'appraisal' +gem 'minitest', '~> 5.0' +gem 'minitest-reporters', '~> 1.6.0' +gem 'rails', '~> 8.0' +gem 'rake', '~> 13.2' +gem 'rubocop', '~> 1.25.1' + +gemspec path: '../' diff --git a/lib/diffcrypt/encryptor.rb b/lib/diffcrypt/encryptor.rb index eefc4d1..68bc388 100644 --- a/lib/diffcrypt/encryptor.rb +++ b/lib/diffcrypt/encryptor.rb @@ -34,16 +34,21 @@ def decrypt(contents) # @param [Hash] data # @return [Hash] + # rubocop:disable Metrics/MethodLength def decrypt_hash(data) data.each do |key, value| - data[key] = if value.is_a?(Hash) || value.is_a?(Array) + data[key] = case value + when Hash decrypt_hash(value) + when Array + value.map { |v| decrypt_hash(v) } else decrypt_string value end end data end + # rubocop:enable Metrics/MethodLength # @param [String] contents The raw YAML string to be encrypted # @param [String, nil] original_encrypted_contents The original (encrypted) content to determine which keys have changed @@ -73,14 +78,18 @@ def encrypt_string(value) end # TODO: Fix the complexity of this method - # rubocop:disable Metrics/PerceivedComplexity, Metrics/MethodLength, Metrics/CyclomaticComplexity + # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize # @param [Hash] keys # @return [Hash] def encrypt_values(data, original_data = nil) data.each do |key, value| - original_encrypted_value = original_data ? original_data[key] : nil - data[key] = if value.is_a?(Hash) || value.is_a?(Array) + original_encrypted_value = original_data&.dig(key) + + data[key] = case value + when Hash encrypt_values(value, original_encrypted_value) + when Array + value.map.with_index { |v, i| encrypt_values(v, original_encrypted_value&.dig(i)) } else original_decrypted_value = original_encrypted_value ? decrypt_string(original_encrypted_value) : nil key_changed = original_decrypted_value.nil? || original_decrypted_value != value @@ -89,7 +98,7 @@ def encrypt_values(data, original_data = nil) end data.sort.to_h end - # rubocop:enable Metrics/PerceivedComplexity, Metrics/MethodLength, Metrics/CyclomaticComplexity + # rubocop:enable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize # @param [String] value The encrypted value that needs decrypting # @return [String] diff --git a/test/diffcrypt/encryptor_test.rb b/test/diffcrypt/encryptor_test.rb index 675a06d..0b8aaa8 100644 --- a/test/diffcrypt/encryptor_test.rb +++ b/test/diffcrypt/encryptor_test.rb @@ -46,12 +46,21 @@ def test_it_encrypts_root_values def test_it_decrypts_nested_structures encrypted_content = <<~CONTENT data: + array: + - item1: 7HJjrwQ6KqH+jvu1pOZGqQ==--E2ipnCNCszD6oixM--QZapG/8wrPtwbUVDe9evsw== + subitem: oNNLBGwL45VvOv7elkRTHZTcNQ==--iFBc53R3F26zsvTK--6iEtqH7TR7TSS6fJOHwfPg== + - item2: IvwdxcAV+38MvNsKYdNCEg==--6y7Aj4nmFLOTGrx3--rRH8ni3yks2eid91jde2hg== secret_key_base: 88Ry6HESUoXBr6QUFXmni9zzfCIYt9qGNFvIWFcN--4xoecI5mqbNRBibI--62qPJbkzzh5h8lhFEFOSaQ== aws: access_key_id: Ot/uCTEL+8kp61EPctnxNlg=--Be6sg7OdvjZlfxgR--7qRbbf0lA4VgjnUGUrrFwg== + CONTENT expected = <<~CONTENT --- + array: + - item1: value1 + subitem: value sub + - item2: value2 secret_key_base: secret_key_base_test aws: access_key_id: AKIAXXX @@ -66,8 +75,12 @@ def test_it_encrypts_nested_structures secret_key_base: secret_key_base_test aws: access_key_id: AKIAXXX + array: + - item1: value1 + subitem: value sub + - item2: value2 CONTENT - expected_pattern = /---\naws:\n access_key_id: #{ENCRYPTED_VALUE_PATTERN}\nsecret_key_base: #{ENCRYPTED_VALUE_PATTERN}\n/ + expected_pattern = /---\narray:\n- item1: #{ENCRYPTED_VALUE_PATTERN}\n subitem: #{ENCRYPTED_VALUE_PATTERN}\n- item2: #{ENCRYPTED_VALUE_PATTERN}\naws:\n access_key_id: #{ENCRYPTED_VALUE_PATTERN}\nsecret_key_base: #{ENCRYPTED_VALUE_PATTERN}/ assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(content).to_yaml end @@ -82,6 +95,14 @@ def test_it_only_updates_changed_values assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(updated_content, original_encrypted_content).to_yaml end + def test_it_only_updates_changed_values_for_arrays + original_encrypted_content = "---\ndata:\n array:\n - item1: 7HJjrwQ6KqH+jvu1pOZGqQ==--E2ipnCNCszD6oixM--QZapG/8wrPtwbUVDe9evsw==\n - item2: IvwdxcAV+38MvNsKYdNCEg==--6y7Aj4nmFLOTGrx3--rRH8ni3yks2eid91jde2hg==\n" + updated_content = "---\narray:\n - item1: value1\n - item2: value2" + expected_pattern = %r{---\narray:\n- item1: 7HJjrwQ6KqH\+jvu1pOZGqQ==--E2ipnCNCszD6oixM--QZapG/8wrPtwbUVDe9evsw==\n- item2: IvwdxcAV\+38MvNsKYdNCEg==--6y7Aj4nmFLOTGrx3--rRH8ni3yks2eid91jde2hg==\n} + + assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(updated_content, original_encrypted_content).to_yaml + end + def test_it_assumes_changed_when_no_original_value original_encrypted_content = "---\ndata:\n secret_key_base_1: 88Ry6HESUoXBr6QUFXmni9zzfCIYt9qGNFvIWFcN--4xoecI5mqbNRBibI--62qPJbkzzh5h8lhFEFOSaQ==\n" updated_content = "---\nsecret_key_base_1: secret_key_base_test\naws:\n access_key_id: new_value\n" diff --git a/test/diffcrypt/rails/application_helper_test.rb b/test/diffcrypt/rails/application_helper_test.rb index 5fb8930..f07ad05 100644 --- a/test/diffcrypt/rails/application_helper_test.rb +++ b/test/diffcrypt/rails/application_helper_test.rb @@ -7,10 +7,10 @@ class MockApplication include Diffcrypt::Rails::ApplicationHelper + Config = Struct.new(:require_master_key) + def config - OpenStruct.new( - require_master_key: true, - ) + Config.new(true) end end diff --git a/test/rails_test.rb b/test/rails_test.rb deleted file mode 100644 index 360da83..0000000 --- a/test/rails_test.rb +++ /dev/null @@ -1,68 +0,0 @@ -# frozen_string_literal: true - -require 'test_helper' -require 'bundler' - -require 'open3' - -RAILS_VERSIONS = %w[ - 6.1.7.7 - 7.0.8.3 - 7.1.3.3 -].freeze - -RAILS_FLAGS = %w[ - --api - --skip-action-cable - --skip-active-storage - --skip-bundle - --skip-git - --skip-javascript - --skip-keeps - --skip-system-test - --skip-test -].freeze - -TMP_RAILS_ROOT = File.join(__dir__, '../tmp/test') - -# Helper to ensure we raise if command is not successful -def run_command(*command) - stdout, stderr, status = Open3.capture3(*command) - if status.success? == false - errors = [ - " Command Failed: #{command.join(' ')}", - stdout.split("\n").map { |line| " #{line}" }.join("\n"), - stderr.split("\n").map { |line| " #{line}" }.join("\n"), - ] - raise errors.join("\n") - end - - [stdout, stderr, status] -end - -class RailsTest < Minitest::Test - def setup - FileUtils.mkdir_p(TMP_RAILS_ROOT) unless Dir.exist?(TMP_RAILS_ROOT) - end - - RAILS_VERSIONS.each do |rails_version| - define_method "test_that_rails_#{rails_version.gsub('.', '_')}_works" do - Bundler.with_unbundled_env do - Dir.chdir(TMP_RAILS_ROOT) do - tmp_version_root = "rails_#{rails_version.gsub('.', '_')}" - FileUtils.remove_dir(tmp_version_root) if Dir.exist?(tmp_version_root) - run_command('gem', 'install', 'rails', '--version', rails_version, '--force') - run_command('rails', "_#{rails_version}_", 'new', *RAILS_FLAGS, tmp_version_root) - raise "Rails #{rails_version} app creation failed" unless Dir.exist?(tmp_version_root) - - Dir.chdir(tmp_version_root) do - File.write('Gemfile', "gem 'diffcrypt', path: '../../..'", mode: 'a') - run_command('bundle', 'install') - stdout, _stderr, _status = run_command('bundle', 'exec', 'rails', 'r', 'puts Rails.version') - assert_equal rails_version, stdout.strip - end - end - end - end - end -end diff --git a/test/test_helper.rb b/test/test_helper.rb index 5831f3f..d851776 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -1,19 +1,5 @@ # frozen_string_literal: true -require 'simplecov' -require 'simplecov-lcov' -SimpleCov::Formatter::LcovFormatter.config.report_with_single_file = true -SimpleCov::Formatter::LcovFormatter.config do |c| - c.single_report_path = 'coverage/lcov.info' -end -SimpleCov.formatters = SimpleCov::Formatter::MultiFormatter.new( - [ - SimpleCov::Formatter::HTMLFormatter, - SimpleCov::Formatter::LcovFormatter, - ], -) -SimpleCov.start - $LOAD_PATH.unshift File.expand_path('../lib', __dir__) require 'diffcrypt'