Merge branch 'main' into robaiken/enable-RSpec-NameSubject

dependabot · May 23, 2024 · 36c8055 · 36c8055
2 parents 85d5e61 + 098e683
commit 36c8055
Show file tree

Hide file tree

Showing 95 changed files with 5,186 additions and 3,660 deletions.
diff --git a/.github/workflows/add-to-core-project.yml b/.github/workflows/add-to-core-project.yml
@@ -10,7 +10,7 @@ jobs:
     name: Add issue to project
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/add-to-project@v1.0.1
+      - uses: actions/add-to-project@9bfe908f2eaa7ba10340b31e314148fcfe6a2458 # v1.0.1
         with:
           project-url: https://github.com/orgs/dependabot/projects/5
           github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -47,13 +47,13 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           submodules: recursive
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL (ruby)
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@a12c274149a487a5539a726cb05bc6d1b7e0b5f2 # v3.24.11
         with:
           languages: ${{ matrix.language }}
           config: |
@@ -63,15 +63,15 @@ jobs:
         if: matrix.language == 'ruby'
 
       - name: Initialize CodeQL (others)
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@a12c274149a487a5539a726cb05bc6d1b7e0b5f2 # v3.24.11
         with:
           languages: ${{ matrix.language }}
         if: matrix.language != 'ruby'
 
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@a12c274149a487a5539a726cb05bc6d1b7e0b5f2 # v3.24.11
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -85,4 +85,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@a12c274149a487a5539a726cb05bc6d1b7e0b5f2 # v3.24.11
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
@@ -17,6 +17,6 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Codespell
-        uses: codespell-project/actions-codespell@v2
+        uses: codespell-project/actions-codespell@94259cd8be02ad2903ba34a22d9c13de21a74461 # v2.0
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -20,6 +20,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Perform Dependency Review
-        uses: actions/dependency-review-action@v4
+        uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2
diff --git a/.github/workflows/gems-bump-version.yml b/.github/workflows/gems-bump-version.yml
@@ -1,5 +1,5 @@
 name: Gems - Bump Version
-on:  # yamllint disable-line rule:truthy
+on: # yamllint disable-line rule:truthy
   schedule:
     - cron: '25 1 * * THU'
   workflow_dispatch:
@@ -24,13 +24,14 @@ jobs:
           app-id: ${{ secrets.DEPENDABOT_CORE_ACTION_AUTOMATION_APP_ID }}
           private-key: ${{ secrets.DEPENDABOT_CORE_ACTION_AUTOMATION_PRIVATE_KEY }}
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           token: ${{ steps.generate_token.outputs.token }}
           # Ensure we start from main in case the workflow is run from a branch
           ref: "main"
 
-      - uses: ruby/setup-ruby@v1 # bump-version.rb needs bundler
+        # bump-version.rb needs bundler
+      - uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0
         with:
           # Use the version of bundler specified in `updater/Gemfile.lock`.
           # Otherwise the generated PR will change `BUNDLED WITH` in

diff --git a/.github/workflows/gems-release-to-rubygems.yml b/.github/workflows/gems-release-to-rubygems.yml
@@ -1,5 +1,5 @@
 name: Gems - Release to RubyGems
-on:  # yamllint disable-line rule:truthy
+on: # yamllint disable-line rule:truthy
   release:
     # It's fine to trigger on every release because if we tag a release w/o
     # bumping the Gem version, RubyGems will reject it with an error that the
@@ -15,8 +15,8 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@v4
-      - uses: ruby/setup-ruby@v1
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0
       - run: |
           [ -d ~/.gem ] || mkdir ~/.gem
           echo "---" > ~/.gem/credentials

diff --git a/.github/workflows/images-branch.yml b/.github/workflows/images-branch.yml
@@ -24,7 +24,7 @@ jobs:
       decision: ${{ steps.decision.outputs.decision }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           submodules: recursive
 
@@ -77,7 +77,7 @@ jobs:
       DEPENDABOT_UPDATER_VERSION: ${{ github.sha }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           submodules: recursive
 

diff --git a/.github/workflows/images-latest.yml b/.github/workflows/images-latest.yml
@@ -57,7 +57,7 @@ jobs:
       ECOSYSTEM: ${{ matrix.suite.ecosystem }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           submodules: recursive
 

diff --git a/.github/workflows/images-updater-core.yml b/.github/workflows/images-updater-core.yml
@@ -18,7 +18,7 @@ jobs:
       packages: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           submodules: recursive
 

diff --git a/.github/workflows/issue-labeler.yml b/.github/workflows/issue-labeler.yml
@@ -11,7 +11,7 @@ jobs:
   triage:
     runs-on: ubuntu-latest
     steps:
-    - uses: github/issue-labeler@v3.4
+    - uses: github/issue-labeler@c1b0f9f52a63158c4adc09425e858e87b32e9685 # v3.4
       with:
         configuration-path: .github/issue-labeler.yml
         enable-versioned-regex: 0

diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
@@ -12,4 +12,4 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/labeler@v5
+      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml
@@ -22,11 +22,11 @@ jobs:
     outputs:
       suites: ${{ steps.suites.outputs.suites }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           submodules: recursive
 
-      - uses: dorny/paths-filter@v3
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
         if: github.event_name != 'workflow_dispatch'
         id: changes
         with:
@@ -64,7 +64,7 @@ jobs:
       matrix:
         suite: ${{ fromJSON(needs.discover.outputs.suites) }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           submodules: recursive
 
@@ -76,7 +76,7 @@ jobs:
 
       - name: Restore Smoke Test
         id: cache-smoke-test
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
           path: smoke.yaml
           key: ${{ matrix.suite.sha }}-${{ matrix.suite.name }}
@@ -89,7 +89,7 @@ jobs:
 
       - name: Cache Smoke Test
         if: steps.cache-smoke-test.outputs.cache-hit != 'true'
-        uses: actions/cache/save@v4
+        uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
           path: smoke.yaml
           key: ${{ steps.cache-smoke-test.outputs.cache-primary-key }}

diff --git a/.github/workflows/sorbet.yml b/.github/workflows/sorbet.yml
@@ -14,9 +14,9 @@ jobs:
     name: Sorbet
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
-      - uses: ruby/setup-ruby@v1
+      - uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0
         with:
           bundler-cache: true
 
@@ -34,7 +34,7 @@ jobs:
       - run: bundle exec spoom coverage timeline --save
 
       - if: github.ref == 'refs/heads/main' && github.event_name == 'push'
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: spoom_data
           path: ./spoom_data/
@@ -45,7 +45,7 @@ jobs:
           GH_TOKEN: ${{ github.token }}
 
       - if: github.ref == 'refs/heads/main' && github.event_name == 'push'
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: spoom_report
           path: ./spoom_report.html
diff --git a/.github/workflows/stalebot.yml b/.github/workflows/stalebot.yml
@@ -12,7 +12,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/stale@v9.0.0
+    - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
       name: Clean up stale PRs and Issues
       with:
         stale-pr-message: "👋 This pull request has been marked as stale because it has been open for 2 years with no activity. You can comment on the PR to hold stalebot off for a while, or do nothing. If you do nothing, this pull request will be closed eventually by the stalebot. Please see CONTRIBUTING.md for more policy details."

diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
@@ -50,7 +50,25 @@ RSpec/BeforeAfterAll:
 # Configuration parameters: Prefixes, AllowedPatterns.
 # Prefixes: when, with, without
 RSpec/ContextWording:
-  Enabled: false
+  Exclude:
+    - 'common/**/*'
+    - 'composer/**/*'
+    - 'devcontainers/**/*'
+    - 'docker/**/*'
+    - 'elm/**/*'
+    - 'git_submodules/**/*'
+    - 'github_actions/**/*'
+    - 'go_modules/**/*'
+    - 'gradle/**/*'
+    - 'hex/**/*'
+    - 'maven/**/*'
+    - 'npm_and_yarn/**/*'
+    - 'nuget/**/*'
+    - 'pub/**/*'
+    - 'python/**/*'
+    - 'sorbet/**/*'
+    - 'terraform/**/*'
+    - 'updater/**/*'
 
 # Offense count: 31
 # This cop supports unsafe autocorrection (--autocorrect-all).

diff --git a/bundler/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb b/bundler/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb
@@ -5,7 +5,7 @@
 require "shared_contexts"
 
 RSpec.describe Functions::ConflictingDependencyResolver do
-  include_context "in a temporary bundler directory"
+  include_context "when in a temporary bundler directory"
 
   let(:conflicting_dependency_resolver) do
     described_class.new(
@@ -36,7 +36,7 @@
       )
     end
 
-    context "for nested transitive dependencies" do
+    context "when dealing with nested transitive dependencies" do
       let(:project_name) { "transitive_blocking" }
       let(:dependency_name) { "activesupport" }
       let(:target_version) { "6.0.0" }

diff --git a/bundler/helpers/v1/spec/functions/dependency_source_spec.rb b/bundler/helpers/v1/spec/functions/dependency_source_spec.rb
@@ -5,7 +5,7 @@
 require "shared_contexts"
 
 RSpec.describe Functions::DependencySource do
-  include_context "in a temporary bundler directory"
+  include_context "when in a temporary bundler directory"
 
   let(:dependency_source) do
     described_class.new(
@@ -47,7 +47,7 @@
       ])
     end
 
-    context "specified as the default source" do
+    context "when specified as the default source" do
       let(:project_name) { "specified_default_source_no_lockfile" }
 
       it "returns all versions from the private source" do
@@ -59,7 +59,7 @@
       end
     end
 
-    context "that we don't have authentication details for" do
+    context "when we don't have authentication details for" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -83,7 +83,7 @@
       end
     end
 
-    context "that we have bad authentication details for" do
+    context "when we have bad authentication details" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -107,7 +107,7 @@
       end
     end
 
-    context "that bad-requested, but was a private repo" do
+    context "when bad-requested, but is a private repo" do
       before do
         stub_request(:get, registry_url + "versions")
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -130,7 +130,7 @@
       end
     end
 
-    context "that doesn't have details of the gem" do
+    context "when it doesn't have details of the gem" do
       before do
         stub_request(:get, gemfury_business_url)
           .with(basic_auth: ["SECRET_CODES", ""])
@@ -152,7 +152,7 @@
       it { is_expected.to be_empty }
     end
 
-    context "that only implements the old Bundler index format..." do
+    context "when it only implements the old Bundler index format" do
       let(:project_name) { "sidekiq_pro" }
       let(:dependency_name) { "sidekiq-pro" }
       let(:registry_url) { "https://gems.contribsys.com/" }

diff --git a/bundler/helpers/v1/spec/functions/file_parser_spec.rb b/bundler/helpers/v1/spec/functions/file_parser_spec.rb
@@ -5,7 +5,7 @@
 require "shared_contexts"
 
 RSpec.describe Functions::FileParser do
-  include_context "in a temporary bundler directory"
+  include_context "when in a temporary bundler directory"
 
   let(:dependency_source) do
     described_class.new(

diff --git a/bundler/helpers/v1/spec/functions/force_updater_spec.rb b/bundler/helpers/v1/spec/functions/force_updater_spec.rb
@@ -5,8 +5,8 @@
 require "shared_contexts"
 
 RSpec.describe Functions::ForceUpdater do
-  include_context "in a temporary bundler directory"
-  include_context "stub rubygems compact index"
+  include_context "when in a temporary bundler directory"
+  include_context "when stubbing rubygems compact index"
 
   let(:force_updater) do
     described_class.new(

diff --git a/bundler/helpers/v1/spec/functions/version_resolver_spec.rb b/bundler/helpers/v1/spec/functions/version_resolver_spec.rb
@@ -5,8 +5,8 @@
 require "shared_contexts"
 
 RSpec.describe Functions::VersionResolver do
-  include_context "in a temporary bundler directory"
-  include_context "stub rubygems compact index"
+  include_context "when in a temporary bundler directory"
+  include_context "when stubbing rubygems compact index"
 
   let(:version_resolver) do
     described_class.new(
@@ -43,7 +43,7 @@
     its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::CompactIndex") }
 
     context "with a private gemserver source" do
-      include_context "stub rubygems compact index"
+      include_context "when stubbing rubygems compact index"
 
       let(:project_name) { "specified_source" }
       let(:requirement_string) { ">= 0" }