Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uplift oc-id to use ruby 3.0.1 and rails 7.0.4 #3674

Merged
merged 27 commits into from Sep 29, 2023
Merged

Uplift oc-id to use ruby 3.0.1 and rails 7.0.4 #3674

merged 27 commits into from Sep 29, 2023

Conversation

RoyShravani
Copy link
Contributor

@RoyShravani RoyShravani commented Jun 20, 2023
edited by kalroy

Description

Currently, oc-id (Chef Identity) is running on ruby 2.7 and rails 6. This PR aims to upgrade the application to use ruby 3+ and rails 7+ for better support and maintainability.

Issues Resolved

As part of the upgrade, it was found that one of the main gem Doorkeeper has two high security vulnerability issues:

  • CVE-2018-1000211
  • CVE-2020-10187
    Consequentially, doorkeeper gem has been upgraded from version 4.3 to use 5+. As a part of the doorkeeper upgrade, there has been few updates in the authorization of applications such as Supermarket with oc-id or Chef-Identity.
    The same change that would entail this upgrade has been outlined here: Supermarket authorization with Chef Identity

Demo

  1. supermarket_integration_smoke_test.mov
  2. Cookbook_upload_download.mov

Check List

https://chefio.atlassian.net/browse/CHEF-5290

@RoyShravani RoyShravani requested review from a team as code owners June 20, 2023 05:09
@netlify
Copy link

netlify bot commented Jun 20, 2023
edited

👷 Deploy Preview for chef-server processing.

Name Link
🔨 Latest commit d7b6690
🔍 Latest deploy log https://app.netlify.com/sites/chef-server/deploys/6513c477119040000853f6cc

@RoyShravani
Copy link
Contributor Author

Adhoc build: https://buildkite.com/chef/chef-chef-server-main-omnibus-adhoc/builds/5661
verify build: https://buildkite.com/chef/chef-chef-server-main-verify/builds/9225

@RoyShravani RoyShravani mentioned this pull request Jun 23, 2023
Closed
5 tasks
@RoyShravani RoyShravani changed the title [⚠️ DO NOT MERGE :WIP] Uplift oc-id to use ruby 3.1.0 and rails 7.0.4 [⚠️ DO NOT MERGE :WIP] Uplift oc-id to use ruby 3.0.1 and rails 7.0.4 Jun 23, 2023
@RoyShravani RoyShravani force-pushed the roy/oc_id_ruby_upgrade branch 2 times, most recently from 621faf2 to 16dfed7 Compare June 26, 2023 04:07
@jashaik
Copy link
Contributor

jashaik commented Jun 26, 2023

https://buildkite.com/chef/chef-umbrella-main-chef-server/builds/2012

@jashaik
Copy link
Contributor

jashaik commented Jun 26, 2023

Adhoc build - https://buildkite.com/chef/chef-chef-server-main-omnibus-adhoc/builds/5671

@RoyShravani
Copy link
Contributor Author

Adhoc build: https://buildkite.com/chef/chef-chef-server-main-omnibus-adhoc/builds/5732

@sreepuramsudheer
Copy link
Contributor

sreepuramsudheer commented Aug 18, 2023
edited

Adhoc: https://buildkite.com/chef/chef-chef-server-main-omnibus-adhoc/builds/5741
Umbrella: https://buildkite.com/chef/chef-umbrella-main-chef-server/builds/2075

@RoyShravani
Copy link
Contributor Author

Adhoc build: https://buildkite.com/chef/chef-chef-server-main-omnibus-adhoc/builds/5758

@sreepuramsudheer
Copy link
Contributor

sreepuramsudheer commented Sep 11, 2023
edited

Adhoc build: https://buildkite.com/chef/chef-chef-server-main-omnibus-adhoc/builds/5777
Umbrella: https://buildkite.com/chef/chef-umbrella-main-chef-server/builds/2111

@RoyShravani RoyShravani changed the title [⚠️ DO NOT MERGE :WIP] Uplift oc-id to use ruby 3.0.1 and rails 7.0.4 Uplift oc-id to use ruby 3.0.1 and rails 7.0.4 Sep 20, 2023
@sreepuramsudheer
Copy link
Contributor

Adhoc: https://buildkite.com/chef/chef-chef-server-main-omnibus-adhoc/builds/5797

@RoyShravani RoyShravani self-assigned this Sep 20, 2023
@RoyShravani
changes
4af5369 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
upgrading to ruby 3.0.0
4074e2e 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
upgrading to ruby 3.0.0
d1b38e3 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
Updating Gemfile to point chef at 17.0.242
912b446 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
updating gemfile to use chef 17.10.x
ee6369f 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
Upgrading inspec-core, net-sftp, train-core
e7cbad8 
Signed-off-by: progress <shravani.roy@progress.com>
RoyShravani and others added 16 commits September 26, 2023 14:58
@RoyShravani
fixing rspec in oc-chef-pedant
19d98b4 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
removing obsolete method URI.encode
884ee61 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
nit
a830a91 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
uncommenting rubyracer
1f20d65 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
adding tzinfo-data
88d5c03 
Signed-off-by: progress <shravani.roy@progress.com>

updating brakeman-analysis

Signed-off-by: progress <shravani.roy@progress.com>

adding libv8 dependency to lock file

Signed-off-by: progress <shravani.roy@progress.com>

nit

Signed-off-by: progress <shravani.roy@progress.com>

ruby update for habitat package

Signed-off-by: progress <shravani.roy@progress.com>

core/ruby30

Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
replacing rubyracer with miniracer
3d1c6d1 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
mini_racer 0.6.2
4fa06ca 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
adding platform x86_64-linux
429537f 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
wip
87c8e0d 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
revert mini_racer commits
0b62fce 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
adding doorkeeper migration
3c3f839 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
Update Gemfile
d692190
@RoyShravani
Doorkeeper 5.0 in lockfile
c2008ee 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
adding the updated schema
b068caf 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
fixing doorkeeper locales
1b35fa8 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
fixing cve-2020-10187
70fe533 
Signed-off-by: progress <shravani.roy@progress.com>
saghoshprogress
saghoshprogress approved these changes Sep 26, 2023
View reviewed changes
Copy link

@saghoshprogress saghoshprogress left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@RoyShravani
fixing integration tests
d408d40 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
updating brakeman to ruby 3
ab474d8 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
updating sarif to use v2
e13e37d 
Signed-off-by: progress <shravani.roy@progress.com>
@RoyShravani
revert brakeman sarif upgrade
d7b6690 
Signed-off-by: progress <shravani.roy@progress.com>
@sonarcloud
Copy link

sonarcloud bot commented Sep 27, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@kalroy kalroy added the Expeditor: Bump Version Minor Used by github.minor_bump_labels to bump the Minor version number. label Sep 29, 2023
@sreepuramsudheer sreepuramsudheer merged commit 87dd8ec into main Sep 29, 2023
9 of 11 checks passed
@sreepuramsudheer sreepuramsudheer deleted the roy/oc_id_ruby_upgrade branch September 29, 2023 11:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kalroy kalroy kalroy approved these changes

@saghoshprogress saghoshprogress saghoshprogress approved these changes

@sreepuramsudheer sreepuramsudheer sreepuramsudheer approved these changes

@marcparadise marcparadise Awaiting requested review from marcparadise

@jashaik jashaik Awaiting requested review from jashaik

Assignees

@RoyShravani RoyShravani

Labels
Expeditor: Bump Version Minor Used by github.minor_bump_labels to bump the Minor version number.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@RoyShravani @jashaik @sreepuramsudheer @kalroy @saghoshprogress