.dockerignore

@@ -0,0 +1,4 @@
+/log/*
+/pkg/*
+/tmp/*
+/node_modules/*

.env

@@ -1,9 +1,13 @@
-# This file contains only items shared by all environments. You should probably
-# place options in .env.development or .env.test or similar instead of here
-
 PETITION_DURATION=6
 MINIMUM_NUMBER_OF_SPONSORS=5
 MAXIMUM_NUMBER_OF_SPONSORS=20
 THRESHOLD_FOR_MODERATION=5
 THRESHOLD_FOR_RESPONSE=10000
 THRESHOLD_FOR_DEBATE=100000
+EPETITIONS_HOST=petitions.localhost
+EPETITIONS_PORT=3000
+EPETITIONS_PROTOCOL=http
+MODERATE_HOST=moderate.petitions.localhost
+GEOIP_DB_PATH=/path/to/GeoLite2-Country.mmdb
+SMTP_HOST=mailcatcher.localhost
+SMTP_PORT=1025

.env.development

@@ -1,8 +1,2 @@
-DATABASE_URL=postgres://postgres@localhost/epets_development
-SECRET_KEY_BASE=FA11FA11FA11FA11FA11
-EPETITIONS_HOST=localhost
-EPETITIONS_PORT=3000
-EPETITIONS_PROTOCOL=http
-MODERATE_HOST=localhost
 SITE_TITLE="Petition parliament (Development)"
-MEMCACHE_SERVERS=localhost:11211
+GEOIP_DB_PATH=/app/tmp/GeoIP/GeoLite2-Country.mmdb

.env.test

@@ -1,8 +1,6 @@
-DATABASE_URL=postgres://postgres@localhost/epets_test
-SECRET_KEY_BASE=FA11FA11FA11FA11FA11
 EPETITIONS_HOST=petition.parliament.uk
 EPETITIONS_PORT=443
 EPETITIONS_PROTOCOL=https
 MODERATE_HOST=moderate.petition.parliament.uk
 SITE_TITLE="Petition parliament (Test)"
-MEMCACHE_SERVERS=localhost:11211
+INLINE_UPDATES=true

.gitattributes

@@ -0,0 +1,3 @@
+* text=auto
+*.sh text eol=lf
+bin/* text eol=lf

.github/dependabot.yml

@@ -0,0 +1,55 @@
+version: 2
+updates:
+  - package-ecosystem: bundler
+    ignore:
+      - dependency-name: "rails"
+        update-types: ["version-update:semver-minor"]
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+    directory: /
+    schedule:
+      interval: daily
+    versioning-strategy: increase-if-necessary
+    open-pull-requests-limit: 10
+    groups:
+      aws:
+        applies-to: version-updates
+        patterns:
+          - "aws-*"
+        update-types:
+          - "minor"
+          - "patch"
+      rails:
+        applies-to: version-updates
+        patterns:
+          - "action*"
+          - "active*"
+          - "rails"
+          - "railties"
+        update-types:
+          - "patch"
+
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
+    versioning-strategy: increase-if-necessary
+
+  # Ruby needs to be upgraded manually in multiple places, so cannot be upgraded by Dependabot.
+  - package-ecosystem: docker
+    ignore:
+      - dependency-name: ruby
+    directory: /docker/mailcatcher
+    schedule:
+      interval: weekly
+  - package-ecosystem: docker
+    ignore:
+      - dependency-name: ruby
+    directory: /docker/ruby
+    schedule:
+      interval: weekly
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: daily

.github/workflows/build.yml

@@ -0,0 +1,107 @@
+name: Build
+
+on:
+  workflow_call:
+    inputs:
+      description:
+        type: string
+        required: true
+      command:
+        type: string
+        required: true
+      spec_opts:
+        type: string
+        required: false
+        default: ""
+      cucumber_format:
+        type: string
+        required: false
+        default: ""
+      cucumber_opts:
+        type: string
+        required: false
+        default: ""
+      save_screenshots:
+        type: boolean
+        required: false
+        default: false
+      save_logs:
+        type: boolean
+        required: false
+        default: false
+
+jobs:
+  build:
+    runs-on: ubuntu-24.04
+
+    services:
+      postgres:
+        image: postgres:16
+        ports: ["5432:5432"]
+        env:
+          POSTGRES_PASSWORD: postgres
+          PGUSER: postgres
+          PGPASSWORD: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Update repository lists
+        shell: bash
+        run: |
+          sudo apt-get update
+
+      - name: Install packages
+        shell: bash
+        run: |
+          sudo apt-get -yqq install libpq-dev imagemagick libvips
+
+      - name: Setup ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.2"
+          bundler-cache: true
+          cache-version: 1
+
+      - name: Setup database
+        shell: bash
+        env:
+          DATABASE_URL: postgres://postgres:postgres@localhost:5432/epets_test
+          RAILS_ENV: test
+        run: |
+          bundle exec rake db:setup
+
+      - name: Save screenshots
+        if: ${{ inputs.save_screenshots && failure() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: selenium-screenshots-public
+          path: ${{ github.workspace }}/tmp/capybara/*.png
+          retention-days: 7
+          if-no-files-found: ignore
+
+      - name: Save rails logs
+        if: ${{ inputs.save_logs && failure() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: rails-logs-public
+          path: ${{ github.workspace }}/log/test.log
+          retention-days: 7
+          if-no-files-found: ignore
+
+      - name: ${{ inputs.description }}
+        shell: bash
+        env:
+          CUCUMBER_FORMAT: "${{ inputs.cucumber_format }}"
+          CUCUMBER_OPTS: "${{ inputs.cucumber_opts }}"
+          DATABASE_URL: postgres://postgres:postgres@localhost:5432/epets_test
+          RAILS_ENV: test
+          SPEC_OPTS: "${{ inputs.spec_opts }}"
+        run: |
+          bundle exec ${{ inputs.command }}

.github/workflows/ci.yml

@@ -0,0 +1,103 @@
+name: CI
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  bundle-audit:
+    uses: ./.github/workflows/build.yml
+    with:
+      description: "Check bundle for known CVEs"
+      command: "rake bundle:audit"
+
+  brakeman:
+    uses: ./.github/workflows/build.yml
+    with:
+      description: "Analyse code for vulnerabilities"
+      command: "rake brakeman:check"
+
+  spec-admin-controllers:
+    uses: ./.github/workflows/build.yml
+    with:
+      description: "Run specs"
+      command: "rake spec:controllers"
+      spec_opts: "-f doc --force-color -P spec/controllers/admin/*_spec.rb"
+
+  spec-public-controllers:
+    uses: ./.github/workflows/build.yml
+    with:
+      description: "Run specs"
+      command: "rake spec:controllers"
+      spec_opts: "-f doc --force-color -P spec/controllers/*_spec.rb"
+
+  spec-jobs:
+    uses: ./.github/workflows/build.yml
+    with:
+      description: "Run specs"
+      command: "rake spec:jobs"
+      spec_opts: "-f doc --force-color -P spec/jobs/**/*_spec.rb"
+
+  spec-mailers:
+    uses: ./.github/workflows/build.yml
+    with:
+      description: "Run specs"
+      command: "rake spec"
+      spec_opts: "-f doc --force-color -P spec/mailers/**/*_spec.rb"
+
+  spec-models:
+    uses: ./.github/workflows/build.yml
+    with:
+      description: "Run specs"
+      command: "rake spec"
+      spec_opts: "-f doc --force-color -P spec/models/**/*_spec.rb"
+
+  spec-requests:
+    uses: ./.github/workflows/build.yml
+    with:
+      description: "Run specs"
+      command: "rake spec"
+      spec_opts: "-f doc --force-color -P spec/{requests,routing}/**/*_spec.rb"
+
+  spec-other:
+    uses: ./.github/workflows/build.yml
+    with:
+      description: "Run specs"
+      command: "rake spec"
+      spec_opts: "-f doc --force-color -P spec/{helpers,lib,presenters,tasks,validators,views}/**/*_spec.rb"
+
+  javascript:
+    uses: ./.github/workflows/build.yml
+    with:
+      description: "Run javascript specs"
+      command: "rake jasmine:ci"
+
+  cucumber-admin:
+    uses: ./.github/workflows/build.yml
+    with:
+      description: "Run cucumber specs"
+      command: "rake cucumber"
+      cucumber_format: "pretty"
+      cucumber_opts: "--tags @admin --profile default"
+      save_screenshots: true
+      save_logs: true
+
+  cucumber-public:
+    uses: ./.github/workflows/build.yml
+    with:
+      description: "Run cucumber specs"
+      command: "rake cucumber"
+      cucumber_format: "pretty"
+      cucumber_opts: "--tags 'not @admin' --profile default"
+      save_screenshots: true
+      save_logs: true
+
+  lighthouse:
+    uses: ./.github/workflows/e2e.yml
+    with:
+      description: "Run lighthouse specs"
+      command: "rake lighthouse:ci"
+      save_reports: true
+      save_logs: true