Lint action

.fasterer.yml

@@ -0,0 +1,22 @@
+speedups:
+  rescue_vs_respond_to: true
+  module_eval: true
+  shuffle_first_vs_sample: true
+  for_loop_vs_each: true
+  each_with_index_vs_while: true
+  map_flatten_vs_flat_map: true
+  reverse_each_vs_reverse_each: true
+  select_first_vs_detect: true
+  sort_vs_sort_by: true
+  fetch_with_argument_vs_block: true
+  keys_each_vs_each_key: true
+  hash_merge_bang_vs_hash_brackets: true
+  block_vs_symbol_to_proc: true
+  proc_call_vs_yield: true
+  gsub_vs_tr: true
+  select_last_vs_reverse_detect: true
+  getter_vs_attr_reader: true
+  setter_vs_attr_writer: true
+
+exclude_paths:
+  - 'config/**/*.rb'

.github/workflows/lint.yml

@@ -0,0 +1,39 @@
+name: Lint
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  overcommit:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Install Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0.3 # Not needed with a .ruby-version file
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - name: Install Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16.x
+
+      - name: Install Yarn
+        run: |
+          npm install yarn
+          yarn --version
+          yarn install
+
+      - name: Prepare environment
+        run: |
+          bundle exec overcommit --sign
+          bundle exec overcommit --sign pre-commit
+
+      - name: Run all checks
+        run: SKIP=AuthorName,AuthorEmail bundle exec overcommit --run

.overcommit.yml

@@ -0,0 +1,54 @@
+# Use this file to configure the Overcommit hooks you wish to use. This will
+# extend the default configuration defined in:
+# https://github.com/sds/overcommit/blob/master/config/default.yml
+
+PreCommit:
+  ALL:
+    on_warn: fail
+
+  # Not required because it's not needed/sensible in a CI context.
+  AuthorEmail:
+    enabled: true
+    required: false
+
+  # Not required because it's not needed/sensible in a CI context.
+  AuthorName:
+    enabled: true
+    required: false
+
+  BundleCheck:
+    description: 'Check if local Gemfile.lock matches Gemfile when either changes.'
+    enabled: true
+
+  BundleAudit:
+    description: 'Checks for vulnerable versions of gems in Gemfile.lock.'
+    enabled: true
+    command: ['bundle', 'exec', 'bundle-audit']
+    flags: ['--update']
+
+  LicenseFinder:
+    enabled: true
+    command: ['bundle', 'exec', 'license_finder']
+
+  RuboCop:
+    enabled: true
+    command: ['bundle', 'exec', 'rubocop']
+
+  Fasterer:
+    enabled: true
+    command: ['bundle', 'exec', 'fasterer']
+
+  Brakeman:
+    enabled: true
+    command: ['brakeman']
+    flags: ['-A']
+
+  YarnAudit:
+    description: 'Checks for vulnerable versions of packages in yarn.lock.'
+    enabled: true
+    command: ['yarn', 'audit']
+
+  EsLint:
+    enabled: true
+    required_executable: './node_modules/.bin/eslint'
+    command: ['yarn', 'lint']

Gemfile

@@ -54,6 +54,13 @@ gem 'jsonapi-serializer'
 # Simple, efficient background processing for Ruby
 gem 'sidekiq'
 
+# Linting
+gem 'brakeman'
+gem 'bundler-audit'
+gem 'fasterer'
+gem 'license_finder', require: false
+gem 'overcommit'
+
 group :development, :test do
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
   gem 'debug', platforms: %i( mri mingw x64_mingw )

Gemfile.lock

@@ -75,7 +75,11 @@ GEM
     bindex (0.8.1)
     bootsnap (1.11.1)
       msgpack (~> 1.2)
+    brakeman (5.2.2)
     builder (3.2.4)
+    bundler-audit (0.9.0.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
     capybara (3.36.0)
       addressable
       matrix
@@ -87,6 +91,7 @@ GEM
       xpath (~> 3.2)
     childprocess (4.1.0)
     coderay (1.1.3)
+    colorize (0.8.1)
     concurrent-ruby (1.1.10)
     connection_pool (2.2.5)
     crass (1.0.6)
@@ -113,13 +118,17 @@ GEM
       railties (>= 5.0.0)
     faker (2.20.0)
       i18n (>= 1.8.11, < 2)
+    fasterer (0.9.0)
+      colorize (~> 0.7)
+      ruby_parser (>= 3.14.1)
     globalid (1.0.0)
       activesupport (>= 5.0)
     has_scope (0.8.0)
       actionpack (>= 5.2)
       activesupport (>= 5.2)
     i18n (1.10.0)
       concurrent-ruby (~> 1.0)
+    iniparse (1.5.0)
     io-console (0.5.11)
     irb (1.4.1)
       reline (>= 0.3.0)
@@ -128,6 +137,13 @@ GEM
       activesupport (>= 5.0.0)
     jsonapi-serializer (2.2.0)
       activesupport (>= 4.2)
+    license_finder (7.0.1)
+      bundler
+      rubyzip (>= 1, < 3)
+      thor (~> 1.2)
+      tomlrb (>= 1.3, < 2.1)
+      with_env (= 1.1.0)
+      xml-simple (~> 1.1.9)
     loofah (2.16.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
@@ -154,20 +170,24 @@ GEM
       net-protocol
       timeout
     nio4r (2.5.8)
-    nokogiri (1.13.3-arm64-darwin)
+    nokogiri (1.13.4-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.13.3-x86_64-linux)
+    nokogiri (1.13.4-x86_64-linux)
       racc (~> 1.4)
+    overcommit (0.58.0)
+      childprocess (>= 0.6.3, < 5)
+      iniparse (~> 1.4)
+      rexml (~> 3.2)
     pagy (5.10.1)
       activesupport
     parallel (1.22.1)
-    parser (3.1.1.0)
+    parser (3.1.2.0)
       ast (~> 2.4.1)
     pg (1.3.5)
     pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (4.0.6)
+    public_suffix (4.0.7)
     puma (5.6.4)
       nio4r (~> 2.0)
     racc (1.6.0)
@@ -257,11 +277,14 @@ GEM
       rubocop-performance (~> 1.11)
       rubocop-rails (~> 2.0)
     ruby-progressbar (1.11.0)
+    ruby_parser (3.19.1)
+      sexp_processor (~> 4.16)
     rubyzip (2.3.2)
     selenium-webdriver (4.1.0)
       childprocess (>= 0.5, < 5.0)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2)
+    sexp_processor (4.16.1)
     sidekiq (6.4.1)
       connection_pool (>= 2.2.2)
       rack (~> 2.0)
@@ -282,6 +305,7 @@ GEM
     strscan (3.0.1)
     thor (1.2.1)
     timeout (0.2.0)
+    tomlrb (2.0.1)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.1.0)
@@ -304,6 +328,9 @@ GEM
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
+    with_env (1.1.0)
+    xml-simple (1.1.9)
+      rexml
     xpath (3.2.0)
       nokogiri (~> 1.8)
     zeitwerk (2.5.4)
@@ -315,15 +342,20 @@ PLATFORMS
 DEPENDENCIES
   annotate
   bootsnap
+  brakeman
+  bundler-audit
   capybara
   database_cleaner-active_record
   debug
   dotenv-rails
   factory_bot_rails
   faker
+  fasterer
   has_scope
   jbuilder
   jsonapi-serializer
+  license_finder
+  overcommit
   pagy
   pg (~> 1.1)
   pry

bin/bundle

@@ -8,7 +8,7 @@
 # this file is here to facilitate running it.
 #
 
-require "rubygems"
+require 'rubygems'
 
 m = Module.new do
   module_function
@@ -18,12 +18,12 @@ m = Module.new do
   end
 
   def env_var_version
-    ENV["BUNDLER_VERSION"]
+    ENV['BUNDLER_VERSION']
   end
 
   def cli_arg_version
     return unless invoked_as_script? # don't want to hijack other binstubs
-    return unless "update".start_with?(ARGV.first || " ") # must be running `bundle update`
+    return unless 'update'.start_with?(ARGV.first || ' ') # must be running `bundle update`
     bundler_version = nil
     update_index = nil
     ARGV.each_with_index do |a, i|
@@ -38,16 +38,16 @@ m = Module.new do
   end
 
   def gemfile
-    gemfile = ENV["BUNDLE_GEMFILE"]
+    gemfile = ENV['BUNDLE_GEMFILE']
     return gemfile if gemfile && !gemfile.empty?
 
-    File.expand_path("../../Gemfile", __FILE__)
+    File.expand_path('../../Gemfile', __FILE__)
   end
 
   def lockfile
     lockfile =
       case File.basename(gemfile)
-      when "gems.rb" then gemfile.sub(/\.rb$/, gemfile)
+      when 'gems.rb' then gemfile.sub(/\.rb$/, gemfile)
       else "#{gemfile}.lock"
       end
     File.expand_path(lockfile)
@@ -73,26 +73,26 @@ m = Module.new do
 
     requirement = bundler_gem_version.approximate_recommendation
 
-    return requirement unless Gem::Version.new(Gem::VERSION) < Gem::Version.new("2.7.0")
+    return requirement unless Gem::Version.new(Gem::VERSION) < Gem::Version.new('2.7.0')
 
-    requirement += ".a" if bundler_gem_version.prerelease?
+    requirement += '.a' if bundler_gem_version.prerelease?
 
     requirement
   end
 
   def load_bundler!
-    ENV["BUNDLE_GEMFILE"] ||= gemfile
+    ENV['BUNDLE_GEMFILE'] ||= gemfile
 
     activate_bundler
   end
 
   def activate_bundler
     gem_error = activation_error_handling do
-      gem "bundler", bundler_requirement
+      gem 'bundler', bundler_requirement
     end
     return if gem_error.nil?
     require_error = activation_error_handling do
-      require "bundler/version"
+      require 'bundler/version'
     end
     return if require_error.nil? && Gem::Requirement.new(bundler_requirement).satisfied_by?(Gem::Version.new(Bundler::VERSION))
     warn "Activating bundler (#{bundler_requirement}) failed:\n#{gem_error.message}\n\nTo install the version of bundler this project requires, run `gem install bundler -v '#{bundler_requirement}'`"
@@ -110,5 +110,5 @@ end
 m.load_bundler!
 
 if m.invoked_as_script?
-  load Gem.bin_path("bundler", "bundle")
+  load Gem.bin_path('bundler', 'bundle')
 end

bin/rails

@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
-APP_PATH = File.expand_path("../config/application", __dir__)
-require_relative "../config/boot"
-require "rails/commands"
+# frozen_string_literal: true
+
+APP_PATH = File.expand_path('../config/application', __dir__)
+require_relative '../config/boot'
+require 'rails/commands'

bin/rake

@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
-require_relative "../config/boot"
-require "rake"
+# frozen_string_literal: true
+
+require_relative '../config/boot'
+require 'rake'
 Rake.application.run