From 807943da256ad5f6201740f26e948667b53146b9 Mon Sep 17 00:00:00 2001 From: Brenda Wallace Date: Sat, 1 Aug 2020 20:16:33 +1200 Subject: [PATCH 1/4] Remove figaro gem and use rails-dotenv --- Gemfile | 3 +- Gemfile.lock | 8 +-- config/application.yml.example => env-example | 54 +++++++------------ 3 files changed, 25 insertions(+), 40 deletions(-) rename config/application.yml.example => env-example (58%) diff --git a/Gemfile b/Gemfile index ea30dda3f..325a228f5 100644 --- a/Gemfile +++ b/Gemfile @@ -48,7 +48,6 @@ gem 'js-routes' # provides access to Rails routes in Javascript gem 'cancancan' # for checking member privileges gem 'csv_shaper' # CSV export -gem 'figaro' # for handling config via ENV variables gem 'gibbon', '~>1.2.0' # for Mailchimp newsletter subscriptions # Maps @@ -163,6 +162,8 @@ group :development, :test do gem 'rubocop-rspec' gem 'webrat' # provides HTML matchers for view tests + gem 'dotenv-rails' + # cli utils gem 'coveralls', require: false # coverage analysis gem 'haml-i18n-extractor', require: false diff --git a/Gemfile.lock b/Gemfile.lock index b7f896cb1..5998f06f9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -163,6 +163,10 @@ GEM discard (1.2.0) activerecord (>= 4.2, < 7) docile (1.1.5) + dotenv (2.7.6) + dotenv-rails (2.7.6) + dotenv (= 2.7.6) + railties (>= 3.2) elasticsearch (6.8.2) elasticsearch-api (= 6.8.2) elasticsearch-transport (= 6.8.2) @@ -193,8 +197,6 @@ GEM faraday_middleware (1.0.0) faraday (~> 1.0) ffi (1.13.0) - figaro (1.2.0) - thor (>= 0.14.0, < 2) flickraw (0.9.10) font-awesome-sass (5.13.0) sassc (>= 1.11) @@ -613,12 +615,12 @@ DEPENDENCIES database_cleaner devise discard (~> 1.0) + dotenv-rails elasticsearch (< 7.0.0) factory_bot_rails faker faraday faraday_middleware - figaro flickraw font-awesome-sass friendly_id diff --git a/config/application.yml.example b/env-example similarity index 58% rename from config/application.yml.example rename to env-example index fdd60d407..1a046716c 100644 --- a/config/application.yml.example +++ b/env-example @@ -15,7 +15,7 @@ # Settings in this file will be available to you as ENV['WHATEVER'] -# NOTE: please prefix all environment variables with GROWSTUFF_ to make +# NOTE=please prefix all environment variables with GROWSTUFF_ to make # it easy to identify which were set by us vs. the system or anyone else ############################################################################## @@ -26,10 +26,10 @@ # It's the only one without "GROWSTUFF_" prefix. # To generate a real one, use 'rake secret' (you don't need to for # dev, though.) -RAILS_SECRET_TOKEN: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +RAILS_SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # name that appears on the site, eg. in page titles -GROWSTUFF_SITE_NAME: Growstuff (dev) +GROWSTUFF_SITE_NAME="Growstuff (dev)" # Mailchimp is used for subscribing/unsubscribing people from the newsletter # To fetch list IDs using Gibbon (and thus find the ID of your newsletter): @@ -37,45 +37,27 @@ GROWSTUFF_SITE_NAME: Growstuff (dev) # Gibbon::API.api_key = '...' # gb = Gibbon::API.new # puts gb.lists.list.to_yaml -GROWSTUFF_MAILCHIMP_APIKEY: "" -GROWSTUFF_MAILCHIMP_NEWSLETTER_ID: "" +GROWSTUFF_MAILCHIMP_APIKEY="" +GROWSTUFF_MAILCHIMP_NEWSLETTER_ID="" # Used for connecting member accounts to Twitter # Get Twitter key from https://dev.twitter.com/apps -GROWSTUFF_TWITTER_KEY: "" -GROWSTUFF_TWITTER_SECRET: "" +GROWSTUFF_TWITTER_KEY="" +GROWSTUFF_TWITTER_SECRET="" # Used for connecting member accounts to Flickr # Get Flickr key from http://www.flickr.com/services/apps/create/apply/ -GROWSTUFF_FLICKR_KEY: "" -GROWSTUFF_FLICKR_SECRET: "" +GROWSTUFF_FLICKR_KEY="" +GROWSTUFF_FLICKR_SECRET="" # https://developers.facebook.com/ -GROWSTUFF_FACEBOOK_KEY: "" -GROWSTUFF_FACEBOOK_SECRET: "" +GROWSTUFF_FACEBOOK_KEY="" +GROWSTUFF_FACEBOOK_SECRET="" -GROWSTUFF_MAPBOX_MAP_ID: "" -GROWSTUFF_MAPBOX_ACCESS_TOKEN: "" - -############################################################################## -# Other environments -# You can override the above for staging, production, etc. -# To push these settings to Heroku, use "rake figaro:heroku --app=whatever". -# To see current settings on Heroku, use "heroku config --app=whatever". -############################################################################## - -### EMAil addres for notifier and mailers to use as from -GROWSTUFF_EMAIL: 'noreply@dev.growstuff.org' - -test: - GROWSTUFF_SITE_NAME: Growstuff (test) - -# Note: there is no good way to deploy settings from Figaro to -# Travis-CI. If you need env vars set there in order for tests to pass, -# set them in .travis.yml - -staging: - GROWSTUFF_SITE_NAME: Growstuff (staging) - -production: - GROWSTUFF_SITE_NAME: Growstuff +# Elasticsearch is used for flexible search and it requires another component +# to be installed. To make it easy for people who don't need to test this feature +# it's been turned off for test and development environment as a default. +# If you want to test this functionality, install elasticsearch and +# set this flag to "true". +GROWSTUFF_ELASTICSEARCH="true" +GROWSTUFF_EMAIL='noreply@dev.growstuff.org' From 15be089b8302f2c356a15506b637f50eb00a7eab Mon Sep 17 00:00:00 2001 From: Brenda Wallace Date: Sun, 2 Aug 2020 08:20:52 +1200 Subject: [PATCH 2/4] Ignore the .env file --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 96147c719..46fc54a4c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ .byebug_history .bundle +.env # Folders to ignore /log From a79efbc0dda4e4af48ced3a791cee852383528a9 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Fri, 7 Aug 2020 22:33:54 +0000 Subject: [PATCH 3/4] [Security] Bump kramdown from 2.2.1 to 2.3.0 Bumps [kramdown](https://github.com/gettalong/kramdown) from 2.2.1 to 2.3.0. **This update includes a security fix.** - [Release notes](https://github.com/gettalong/kramdown/releases) - [Changelog](https://github.com/gettalong/kramdown/blob/master/doc/news.page) - [Commits](https://github.com/gettalong/kramdown/commits) Signed-off-by: dependabot-preview[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 5998f06f9..d4b18f717 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -281,7 +281,7 @@ GEM jsonapi-swagger (0.8.0) jwt (2.2.1) kgio (2.11.3) - kramdown (2.2.1) + kramdown (2.3.0) rexml launchy (2.5.0) addressable (~> 2.7) From 87a271cf696fceb4a6e185b2ddbb1ecc3d22a282 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Sat, 8 Aug 2020 12:31:47 +0000 Subject: [PATCH 4/4] Bump chartkick from 3.3.2 to 3.4.0 Bumps [chartkick](https://github.com/ankane/chartkick) from 3.3.2 to 3.4.0. - [Release notes](https://github.com/ankane/chartkick/releases) - [Changelog](https://github.com/ankane/chartkick/blob/master/CHANGELOG.md) - [Commits](https://github.com/ankane/chartkick/compare/v3.3.2...v3.4.0) Signed-off-by: dependabot-preview[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index d4b18f717..ed60a1dd6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -112,7 +112,7 @@ GEM image_processing (~> 1.1) mimemagic (>= 0.3.0) mini_mime (>= 0.1.3) - chartkick (3.3.2) + chartkick (3.4.0) childprocess (3.0.0) codeclimate-test-reporter (1.0.9) simplecov (<= 0.13)