jaspermayone.com
My opinionated ruby on rails template
1# frozen_string_literal: true
2
3say 'Setting up GitHub workflows...', :green
4
5empty_directory '.github/workflows'
6
7say ' Adding migration index checker...', :cyan
8file '.github/workflows/check-indexes.yml', <<~YAML
9 name: Check Indexes
10 on:
11 pull_request:
12 paths:
13 - 'db/migrate/**.rb'
14
15 jobs:
16 check-indexes:
17 runs-on: ubuntu-latest
18 steps:
19 - uses: actions/checkout@v4
20 with:
21 fetch-depth: 0
22
23 - name: Check Migration Indexes
24 uses: speedshop/ids_must_be_indexed@v1.2.1
25YAML
26
27say ' Adding security scanning...', :cyan
28file '.github/workflows/security.yml', <<~YAML
29 name: Security
30
31 on:
32 push:
33 branches: [main]
34 pull_request:
35 branches: [main]
36 schedule:
37 - cron: '0 6 * * 1' # Weekly on Monday at 6am
38
39 jobs:
40 bundler-audit:
41 name: Bundler Audit
42 runs-on: ubuntu-latest
43 steps:
44 - uses: actions/checkout@v4
45
46 - name: Set up Ruby
47 uses: ruby/setup-ruby@v1
48 with:
49 bundler-cache: true
50
51 - name: Run bundler-audit
52 run: |
53 gem install bundler-audit
54 bundle audit check --update
55
56 brakeman:
57 name: Brakeman
58 runs-on: ubuntu-latest
59 steps:
60 - uses: actions/checkout@v4
61
62 - name: Set up Ruby
63 uses: ruby/setup-ruby@v1
64 with:
65 bundler-cache: true
66
67 - name: Run Brakeman
68 run: |
69 gem install brakeman
70 brakeman -q --no-pager
71YAML
72
73say 'GitHub workflows configured!', :green