Testing improvements

[Oaphi]

followup for #1509

Also introduces several GitHub actions that should take us off CircleCI:

• Rubocop (see rubocop.yml);
• Rails tests (see test.yml);
• CodeCov coverage uploads as part of Rails tests;
• screenshot upload as part of Rails system tests;
• dev server deployment on success;

And fixes a vulnerability related to search:

• categories with trust level higher than the requesting user no longer show up in search;

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 73.37%. Comparing base (cc149a5) to head (527c09b).
Report is 90 commits behind head on develop.

Additional details and impacted files

Components	Coverage Δ
controllers	68.61% <100.00%> (-0.09%)	⬇️
helpers	78.33% <100.00%> (+2.36%)	⬆️
jobs	48.57% <ø> (ø)
models	85.96% <100.00%> (+0.07%)	⬆️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Oaphi]

Had to restore the trust_level method on user to avoid having to explicitly check that the community user exists

[Oaphi]

Just added a status badge to display in the README, no meaningful changes

[cellio]

LGTM. I'm not qualified to evaluate the workflow part but I did read through all the tests.

[cellio]

Non-blocking: I assume qa_only is what we're using now. I don't know if that plays well with new post types that can be defined through the UI. Later we should come back and review that function and where it's used and make sure it still makes sense.

[cellio]

This refactoring is so much easier to read! (And presumably maintain.) Thank you.

[Oaphi]

LGTM. I'm not qualified to evaluate the workflow part but I did read through all the tests.

If you have time to spare, please do check whether everything works as expected in regards to the vulnerability fix (see the PR's description for details), that's the most important part (provided you haven't already, of course)

[cellio]

If you have time to spare, please do check whether everything works as expected in regards to the vulnerability fix (see the PR's description for details), that's the most important part (provided you haven't already, of course)

Now that you mention it...

First, I confirmed that neither anonymous users nor insufficiently-trusted users get posts from a restricted category in their search results. That's good.

But then I noticed that users who ought to be able to see the category see neither the category nor posts from it in search results. I made a category moderator-only and tested with a mod; I then made it "veteran users" and again tested with a mod and a curator. I don't know if this is because I edited a previously-open category; I'll try making a new one to see if that's different.

Update: same behavior with a brand new category with access set to "moderator only".

[Oaphi]

But then I noticed that users who ought to be able to see the category see neither the category nor posts from it in search results. I made a category moderator-only and tested with a mod; I then made it "veteran users" and again tested with a mod and a curator. I don't know if this is because I edited a previously-open category; I'll try making a new one to see if that's different.

Hm, that's odd, working fine for me:

[cellio]

This turned out to be a data error (discussed in chat). It's now working for me and my moderator user gets posts from a mod-restricted category in search results, but normal users do not.