diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index f5b6c01..0000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Actual behavior** - -```paste below - -``` - -**Example code** - -```paste below - -``` - -**OS / Environment** - - - -**Inspec Version** - -```paste below - -``` - -**Baseline Version** - -```paste below - -``` - -**Additional context** -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 066b2d9..0000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project - ---- - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml new file mode 100644 index 0000000..aa95ac5 --- /dev/null +++ b/.github/workflows/codespell.yml @@ -0,0 +1,12 @@ +--- +name: Codespell - Spellcheck + +on: # yamllint disable-line rule:truthy + push: + branches: [master] + pull_request: + branches: [master] + +jobs: + codespell: + uses: "dev-sec/.github/.github/workflows/codespell.yml@main" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4bbf600..6a305c7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,87 +1,12 @@ +--- name: New release -on: +on: # yamllint disable-line rule:truthy + workflow_dispatch: push: branches: - master jobs: generate_changelog: - runs-on: ubuntu-latest - name: create release draft - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: 'Get Previous tag' - id: previoustag - uses: "WyriHaximus/github-action-get-previous-tag@master" - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - - - name: calculate next version - id: version - uses: patrickjahns/version-drafter-action@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Generate changelog - uses: charmixer/auto-changelog-action@8095796 - with: - token: ${{ secrets.GITHUB_TOKEN }} - future_release: ${{ steps.version.outputs.next-version }} - - - name: Generate changelog for the release - uses: charmixer/auto-changelog-action@8095796 - with: - token: ${{ secrets.GITHUB_TOKEN }} - since_tag: ${{ steps.previoustag.outputs.tag }} - future_release: ${{ steps.version.outputs.next-version }} - output: CHANGELOGRELEASE.md - - - name: update inspec.yml - uses: mikefarah/yq@3.2.1 - with: - cmd: yq w -I4 -i inspec.yml version ${{ steps.version.outputs.next-version }} && sed -i '1i---' inspec.yml - - - name: push inspec.yml and changelog - uses: github-actions-x/commit@v2.6 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - push-branch: 'master' - commit-message: 'update inspec.yml and changelog' - files: inspec.yml CHANGELOG.md - name: dev-sec CI - email: hello@dev-sec.io - rebase: 'true' - - - name: Read CHANGELOG.md - id: package - uses: juliangruber/read-file-action@v1 - with: - path: ./CHANGELOGRELEASE.md - - - uses: actions/checkout@v2 - with: - ref: master - - - name: Get current commitish - id: current_commitish - run: echo "::set-output name=sha::$(git log -1 --format="%H")" - - - name: Check it - run: echo ${{ steps.current_commitish.outputs.sha }} - - - name: Create Release draft - id: create_release - uses: actions/create-release@v1.1.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token - with: - release_name: ${{ steps.version.outputs.next-version }} - tag_name: ${{ steps.version.outputs.next-version }} - body: | - ${{ steps.package.outputs.content }} - commitish: ${{ steps.current_commitish.outputs.sha }} - draft: true + uses: dev-sec/.github/.github/workflows/baseline-release.yml@main diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 33f4a5c..e88a234 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,18 +10,4 @@ on: jobs: test: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - ruby-version: ['2.6', '2.7', '3.0'] - - steps: - - uses: actions/checkout@v2 - - name: Set up Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{ matrix.ruby-version }} - bundler-cache: true # runs 'bundle install' and caches installed gems automatically - - name: Run tests - run: bundle exec rake + uses: dev-sec/.github/.github/workflows/baseline-test.yml@main diff --git a/.rubocop.yml b/.rubocop.yml index b3c997c..5484145 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -2,31 +2,3 @@ AllCops: Exclude: - vendor/**/* -Documentation: - Enabled: false -Layout/ParameterAlignment: - Enabled: true -HashSyntax: - Enabled: true -LineLength: - Enabled: false -EmptyLinesAroundBlockBody: - Enabled: false -Style/Encoding: - Enabled: false -MethodLength: - Max: 40 -NumericLiterals: - MinDigits: 10 -Metrics/BlockLength: - Max: 35 -Metrics/CyclomaticComplexity: - Max: 10 -Metrics/PerceivedComplexity: - Max: 10 -Metrics/AbcSize: - Max: 30 -# Lint/AmbiguousBlockAssociation is incompatible with RSpec -# https://github.com/rubocop-hq/rubocop/issues/4222 -Lint/AmbiguousBlockAssociation: - Enabled: false diff --git a/CHANGELOG.md b/CHANGELOG.md index 64c7ead..a7c328f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,30 @@ # Changelog -## [1.0.4](https://github.com/dev-sec/php-baseline/tree/1.0.4) (2021-01-26) +## [1.0.5](https://github.com/dev-sec/php-baseline/tree/1.0.5) (2023-05-02) + +[Full Changelog](https://github.com/dev-sec/php-baseline/compare/1.0.4...1.0.5) + +**Implemented enhancements:** + +- use centralised issue templates and workflows [\#18](https://github.com/dev-sec/php-baseline/pull/18) ([schurzi](https://github.com/schurzi)) + +**Merged pull requests:** + +- add spellchecking with codespell [\#20](https://github.com/dev-sec/php-baseline/pull/20) ([schurzi](https://github.com/schurzi)) +- Configure Renovate [\#19](https://github.com/dev-sec/php-baseline/pull/19) ([renovate[bot]](https://github.com/apps/renovate)) +- Change linting to Cookstyle [\#17](https://github.com/dev-sec/php-baseline/pull/17) ([schurzi](https://github.com/schurzi)) + +## [1.0.4](https://github.com/dev-sec/php-baseline/tree/1.0.4) (2022-01-12) [Full Changelog](https://github.com/dev-sec/php-baseline/compare/1.0.3...1.0.4) **Merged pull requests:** +- Minimum requirements [\#16](https://github.com/dev-sec/php-baseline/pull/16) ([micheelengronne](https://github.com/micheelengronne)) +- fix rubocop error for Rakefile [\#14](https://github.com/dev-sec/php-baseline/pull/14) ([schurzi](https://github.com/schurzi)) +- add dependency to chef-config for CI [\#13](https://github.com/dev-sec/php-baseline/pull/13) ([schurzi](https://github.com/schurzi)) +- use version tag for changelog action [\#12](https://github.com/dev-sec/php-baseline/pull/12) ([schurzi](https://github.com/schurzi)) +- Fix lint [\#11](https://github.com/dev-sec/php-baseline/pull/11) ([schurzi](https://github.com/schurzi)) - GitHub action [\#10](https://github.com/dev-sec/php-baseline/pull/10) ([rndmh3ro](https://github.com/rndmh3ro)) ## [1.0.3](https://github.com/dev-sec/php-baseline/tree/1.0.3) (2020-07-23) diff --git a/Gemfile b/Gemfile index 804ca3a..3a0b06c 100644 --- a/Gemfile +++ b/Gemfile @@ -2,6 +2,7 @@ source 'https://rubygems.org' +gem 'cookstyle' gem 'highline' gem 'rack' gem 'rake' @@ -13,5 +14,6 @@ group :tools do end source 'https://packagecloud.io/cinc-project/stable' do + gem 'chef-config' gem 'cinc-auditor-bin' end diff --git a/Rakefile b/Rakefile index fe46d18..191bb2b 100755 --- a/Rakefile +++ b/Rakefile @@ -1,5 +1,6 @@ # frozen_string_literal: true +require 'cookstyle' require 'rake/testtask' require 'rubocop/rake_task' @@ -9,6 +10,10 @@ task :rubocop do RuboCop::RakeTask.new end +RuboCop::RakeTask.new(:cookstyle) do |task| + task.options << '--display-cop-names' +end + # lint the project desc 'Run robocop linter' task lint: [:rubocop] @@ -30,19 +35,18 @@ task :changelog do # Automatically generate a changelog for this project. Only loaded if # the necessary gem is installed. By default its picking up the version from # inspec.yml. You can override that behavior with `rake changelog to=1.2.0` - begin - require 'yaml' - metadata = YAML.load_file('inspec.yml') - v = ENV['to'] || metadata['version'] - puts " * Generating changelog for version #{v}" - require 'github_changelog_generator/task' - GitHubChangelogGenerator::RakeTask.new :changelog do |config| - config.future_release = v - config.user = 'dev-sec' - config.project = 'php-baseline' - end - Rake::Task[:changelog].execute - rescue LoadError - puts '>>>>> GitHub Changelog Generator not loaded, omitting tasks' + + require 'yaml' + metadata = YAML.load_file('inspec.yml') + v = ENV['to'] || metadata['version'] + puts " * Generating changelog for version #{v}" + require 'github_changelog_generator/task' + GitHubChangelogGenerator::RakeTask.new :changelog do |config| + config.future_release = v + config.user = 'dev-sec' + config.project = 'php-baseline' end + Rake::Task[:changelog].execute +rescue LoadError + puts '>>>>> GitHub Changelog Generator not loaded, omitting tasks' end diff --git a/controls/php_conf.rb b/controls/php_conf.rb index af87261..5ad36ce 100644 --- a/controls/php_conf.rb +++ b/controls/php_conf.rb @@ -1,9 +1,8 @@ -# encoding: utf-8 # frozen_string_literal: true # -# Copyright 2015, Dominik Richter -# Copyright 2016, Christoph Hartmann +# Copyright:: 2015, Dominik Richter +# Copyright:: 2016, Christoph Hartmann # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/inspec.yml b/inspec.yml index 964b4b3..de90cdd 100644 --- a/inspec.yml +++ b/inspec.yml @@ -5,7 +5,8 @@ maintainer: DevSec Hardening Framework Team copyright: DevSec Hardening Framework Team copyright_email: hello@dev-sec.io license: Apache-2.0 +inspec_version: '>= 4.6.3' summary: Test-suite for best-practice php hardening -version: 1.0.4 +version: 1.0.5 supports: - os-family: unix diff --git a/libraries/php.rb b/libraries/php.rb index 7f09972..74ecf0c 100644 --- a/libraries/php.rb +++ b/libraries/php.rb @@ -1,8 +1,7 @@ -# encoding: utf-8 # frozen_string_literal: true # -# Copyright 2016, Christoph Hartmann +# Copyright:: 2016, Christoph Hartmann # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..830b725 --- /dev/null +++ b/renovate.json @@ -0,0 +1,15 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base", + ":gitSignOff" + ], + "dependencyDashboard": true, + "dependencyDashboardAutoclose": true, + "packageRules": [ + { + "matchUpdateTypes": ["patch", "minor"], + "automerge": true + } + ] +}