Merge branch 'main' into chore/refactor-sep10

.github/dependabot.yml

@@ -3,53 +3,25 @@
 version: 2
 updates:
 - package-ecosystem: "github-actions"
+  # Check for updates to GitHub Actions every week
   directory: "/"
   schedule:
-    interval: "daily"
+    interval: "weekly"
   commit-message:
-    prefix: "ci"
-    include: "scope"
+    prefix: "chore(ci)"
 - package-ecosystem: "bundler"
+  # Check for for ruby deps update daily
   directory: "/"
   schedule:
     interval: "daily"
   versioning-strategy: "increase-if-necessary"
-  commit-message:
-    prefix: "chore"
-    include: "scope"
-- package-ecosystem: "bundler"
-  directory: "/base"
-  schedule:
-    interval: "daily"
-  commit-message:
-    prefix: "chore"
-    include: "scope"
   allow:
-  - dependency-type: "direct"
-  labels:
-  - "dependencies"
-  - "stellar-base"
-- package-ecosystem: "bundler"
-  directory: "/horizon"
-  schedule:
-    interval: "daily"
+    - dependency-type: "direct"
   commit-message:
-    prefix: "chore"
-    include: "scope"
-  allow:
-  - dependency-type: "direct"
-  labels:
-  - "dependencies"
-  - "stellar-horizon"
-- package-ecosystem: "bundler"
-  directory: "/sdk"
-  schedule:
-    interval: "daily"
-  commit-message:
-    prefix: "chore"
-    include: "scope"
-  allow:
-  - dependency-type: "direct"
-  labels:
-  - "dependencies"
-  - "stellar-sdk"
+    prefix: "chore(deps)"
+    prefix-development: "core(dev-deps)"
+  groups:
+    deps:
+      dependency-type: "production"
+    dev-deps:
+      dependency-type: "development"

.github/workflows/ci.yml

@@ -2,23 +2,20 @@ name: CI
 
 on:
   pull_request:
-    branches: [ main ]
     paths-ignore: [ '**/README.md', '**/CHANGELOG.md' ]
   push:
-    branches: [ main ]
     paths-ignore: [ '**/README.md', '**/CHANGELOG.md' ]
 
 jobs:
   test:
-    if: "contains(github.event.commits[0].message, '[ci skip]') == false"
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         ruby: ['3.2', '3.1', '3.0', '2.7', jruby, truffleruby, debug]
-    runs-on: ubuntu-latest
     continue-on-error: ${{ endsWith(matrix.ruby, 'head') || matrix.ruby == 'debug' }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - run: rm Gemfile.lock
     - name: Setup Ruby ${{ matrix.ruby }}
       uses: ruby/setup-ruby@v1
@@ -30,12 +27,11 @@ jobs:
       run: bin/rake test
 
   coverage:
-    if: "contains(github.event.commits[0].message, '[ci skip]') == false"
     runs-on: ubuntu-latest
     env:
       CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@v1
       with:
         bundler-cache: true
@@ -45,20 +41,36 @@ jobs:
       uses: coverallsapp/github-action@v2
       with:
         file: coverage/lcov.info
+        debug: true
+      if: success()
+      continue-on-error: true
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v3
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }}
+        verbose: true
+      if: success()
+      continue-on-error: true
     - name: Upload code coverage data to CodeClimate
-      uses: paambaati/codeclimate-action@v3.2.0
+      uses: paambaati/codeclimate-action@v5
       with:
         coverageLocations: |
           base/coverage/coverage.json:simplecov
           sdk/coverage/coverage.json:simplecov
         debug: true
       if: success()
       continue-on-error: true
-
+    - name: Upload code coverage data to Codacy
+      uses: codacy/codacy-coverage-reporter-action@v1
+      with:
+        project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+        coverage-reports: coverage/lcov.info
+      if: success()
+      continue-on-error: true
   lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - uses: ruby/setup-ruby@v1
       with:
         bundler-cache: true
@@ -71,10 +83,11 @@ jobs:
 
   docs:
     runs-on: ubuntu-latest
+    continue-on-error: true
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Check markdown files for broken links
-      uses: justinbeckwith/linkinator-action@v1.10
+      uses: justinbeckwith/linkinator-action@v1
       with:
         paths: '*.md, base/**/*.md, sdk/**/*.md'
         verbosity: 'INFO'

.github/workflows/security.yml

@@ -22,7 +22,7 @@ jobs:
         language: [ 'ruby' ]
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v2
       with:
@@ -35,6 +35,38 @@ jobs:
       with:
         category: "/language:${{matrix.language}}"
 
+  codacy-security-scan:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Codacy Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
+      - name: Run Codacy Analysis CLI
+        uses: codacy/codacy-analysis-cli-action@5cc54a75f9ad88159bb54046196d920e40e367a5
+        with:
+          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          verbose: true
+          output: results.sarif
+          format: sarif
+          # Adjust severity of non-security issues
+          gh-code-scanning-compat: true
+          # Force 0 exit code to allow SARIF file generation
+          # This will handover control about PR rejection to the GitHub side
+          max-allowed-issues: 2147483647
+
+      # Upload the SARIF file generated in the previous step
+      - name: Upload SARIF results file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: results.sarif
+
   semgrep:
     name: Scan with Semgrep
     # Skip any PR created by dependabot to avoid permission issues
@@ -44,7 +76,7 @@ jobs:
       image: returntocorp/semgrep
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Semgrep Scan
       run: semgrep scan --config=auto --sarif --output=semgrep.sarif
       env:
@@ -62,7 +94,7 @@ jobs:
     if: (github.actor != 'dependabot[bot]')
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Run Snyk to check for vulnerabilities
       uses: snyk/actions/ruby@master
       continue-on-error: true
@@ -81,7 +113,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Analyze the licences with Fossa
       uses: fossas/fossa-action@main
       with:

.simplecov

@@ -1,23 +1,20 @@
 require "simplecov-lcov"
+require "simplecov-tailwindcss"
 
 SimpleCov::Formatter::LcovFormatter.config do |c|
   c.report_with_single_file = true
   c.single_report_path = "coverage/lcov.info"
 end
 
 def start_simplecov
-  formatters = SimpleCov.formatters
-
-  if ENV.key?("CI")
-    require "codecov"
-
-    formatters << SimpleCov::Formatter::LcovFormatter
-    formatters << SimpleCov::Formatter::Codecov
+  SimpleCov.formatter = if ENV.key?("CI")
+    SimpleCov::Formatter::LcovFormatter
+  else
+    SimpleCov::Formatter::TailwindFormatter
   end
 
-  SimpleCov.formatters = formatters
-
   SimpleCov.start do
+    enable_coverage_for_eval if coverage_for_eval_supported?
     enable_coverage(:branch)
   end
 end

Gemfile

@@ -7,12 +7,12 @@ gem "stellar-horizon", path: "./horizon"
 # gem "xdrgen" # , path: "../xdrgen"
 
 group :test do
-  gem "codecov"
   gem "rake"
   gem "rspec"
   gem "rspec-its"
-  gem "simplecov"
-  gem "simplecov-lcov"
+  gem "simplecov", require: false
+  gem "simplecov-lcov", require: false
+  gem "simplecov-tailwindcss", require: false
   gem "vcr"
   gem "yard"
   gem "webmock"