Merge branch 'main' of https://github.com/Shpigford/gemfile.directory

.github/workflows/ci.yml

@@ -6,6 +6,24 @@ on:
     branches: [main]
 
 jobs:
+  scan_ruby:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Scan for security vulnerabilities in Ruby Dependencies
+        run: |
+          gem install error_highlight -v 0.5.1
+          bin/brakeman
+
   lint:
     runs-on: ubuntu-latest
     steps:

Gemfile

@@ -68,6 +68,7 @@ group :development do
   gem "error_highlight", ">= 0.4.0", platforms: [ :ruby ]
 
   gem "rubocop-rails-omakase", require: false
+  gem "brakeman"
 end
 
 group :test do

Gemfile.lock

@@ -129,6 +129,8 @@ GEM
     bindex (0.8.1)
     bootsnap (1.17.0)
       msgpack (~> 1.2)
+    brakeman (6.1.1)
+      racc
     builder (3.2.4)
     capybara (3.39.2)
       addressable
@@ -371,10 +373,12 @@ GEM
 PLATFORMS
   aarch64-linux
   arm64-darwin-22
+  arm64-darwin-23
   x86_64-linux
 
 DEPENDENCIES
   bootsnap
+  brakeman
   capybara
   debug
   error_highlight (>= 0.4.0)

app/controllers/gemfiles_controller.rb

@@ -40,8 +40,6 @@ def update
     @gemfile.parse_content
 
     if @gemfile.update(gemfile_params)
-      @gemfile.save
-
       redirect_to gemfile_url(@gemfile), notice: "Gemfile was successfully updated."
     else
       render :edit, status: :unprocessable_entity

app/controllers/my/favorites_controller.rb

@@ -0,0 +1,5 @@
+class My::FavoritesController < ApplicationController
+  def index
+    @favorite_gemfiles = current_user.favorite_gemfiles
+  end
+end

app/models/user.rb

@@ -19,4 +19,8 @@ def self.from_omniauth(omniauth_params)
     user.save
     user
   end
+
+  def favorite_gemfiles
+    Gemfile.where(id: favorites.where(favoritable_type: "Gemfile").pluck(:favoritable_id)).with_favorites
+  end
 end

app/views/gemfiles/index.html.erb

@@ -13,7 +13,5 @@
 <% end %>
 
 <ul role="list" class="divide-y divide-gray-100">
-  <% @gemfiles.each do |gemfile| %>
-    <%= render "gemfile_list_item", gemfile: gemfile %>
-  <% end %>
+	<%= render partial: "gemfile_list_item", collection: @gemfiles, as: :gemfile %>
 </ul>

app/views/gemfiles/show.html.erb

@@ -17,11 +17,15 @@
             <%= content_for?(:header_title) ? (yield(:header_title)).html_safe : "Gemfile" %>
           </h1>
           <% if @gemfile.app_link.present? %>
-            <%= link_to '<i class="text-xl text-white fa-solid fa-link hover:text-amber-300"></i>'.html_safe, @gemfile.app_link %>
+            <%= link_to "#{@gemfile.app_link}" do %>
+              <i class="text-xl text-white fa-solid fa-link hover:text-amber-300"></i>
+            <% end %>
           <% end %>
 
           <% if @gemfile.github_link.present? %>
-            <%= link_to '<i class="text-xl text-white fa-brands fa-github hover:text-amber-300"></i>'.html_safe, @gemfile.github_link %>
+            <%= link_to "#{@gemfile.github_link}" do %>
+              <i class="text-xl text-white fa-brands fa-github hover:text-amber-300"></i>
+            <% end %>
           <% end %>
         </div>
         <div class="flex items-center text-sm text-white">

app/views/layouts/application.html.erb

@@ -116,9 +116,10 @@
                       </button>
                     </div>
 
-                    <div class="absolute right-0 z-10 w-48 py-1 mt-2 origin-top-right bg-white rounded-md shadow-lg ring-1 ring-black ring-opacity-5 focus:outline-none" role="menu" aria-orientation="vertical" aria-labelledby="user-menu-button" tabindex="-1" data-dropdown-target="menu">
+                    <div class="absolute right-0 z-10 w-48 py-1 mt-2 origin-top-right bg-white rounded-md divide-y shadow-lg ring-1 ring-black ring-opacity-5 focus:outline-none" role="menu" aria-orientation="vertical" aria-labelledby="user-menu-button" tabindex="-1" data-dropdown-target="menu">
                       <!-- Active: "bg-gray-100", Not Active: "" -->
-                      <%= button_to 'Sign out', sign_out_path, method: :delete, class: "block px-4 py-2 text-sm text-gray-700", data: { turbo: false } %>
+					  <%= link_to "Favorite Gemfiles", my_favorites_path, class: "block px-4 py-2 text-sm text-gray-700" %>
+                      <%= button_to 'Sign out', sign_out_path, method: :delete, class: "block bg-red-500 text-white mx-auto rounded mt-2 px-4 py-2 text-sm text-gray-700", data: { turbo: false } %>
                     </div>
                   </div>
                 </div>

app/views/my/favorites/index.html.erb

@@ -0,0 +1,9 @@
+<%
+  title "My Favorite Gemfiles"
+  header_title "My Favorite Gemfiles"
+%>
+
+<ul role="list" class="divide-y divide-gray-100">
+	<%= render partial: "gemfiles/gemfile_list_item", collection: @favorite_gemfiles, as: :gemfile %>
+	<span class="italic text-sm text-gray-500 hidden only:inline-block">You don't have any favorite gemfiles yet.</span>
+</ul>

bin/brakeman

@@ -0,0 +1,27 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'brakeman' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+bundle_binstub = File.expand_path("bundle", __dir__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("brakeman", "brakeman")

config/routes.rb

@@ -26,6 +26,10 @@
 
   get "search", to: "search#index"
 
+  namespace :my do
+    resources :favorites, only: [ :index ]
+  end
+
   # Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.
   # Can be used by load balancers and uptime monitors to verify that the app is live.
   get "up" => "rails/health#show", as: :rails_health_check