Update CI, Add Ruby 3.x (#21)

## Changes
* Update CircleCI pipeline to use matrix job
* Add Ruby 3.x to tested versions
* Add Depfu configuration
* Add Sonarcloud configuration
* Update dependencies to resolve [vulnerability
alerts](https://github.com/remove-bg/ruby/security/dependabot)

## Deprecations
* Ruby 2.5 and 2.6, which are EOL since 2021 and 2022, respectively
* Faraday 0.15, which does not work with Ruby 3.x

.circleci/config.yml

@@ -1,72 +1,198 @@
 ---
-version: 2
 
-base_job: &base_job
-  steps:
-    - checkout
+version: 2.1
 
-    - restore_cache:
-        keys:
-          - v1-dependencies-{{ checksum "Gemfile.lock" }}
+# Used Orbs (https://circleci.com/docs/2.0/using-orbs/)
+orbs:
+  ruby: circleci/[email protected]
+  sonarcloud: sonarsource/[email protected]
+  asdf: rynkowsg/[email protected]
+  codecov: codecov/[email protected]
 
-    - run:
-        name: install dependencies
-        command: |
-          gem install bundler --version '~> 2.0'
-          bundle config set path vendor/bundle
-          bundle install --jobs=4 --retry=3
+# Pipeline parameters
+parameters:
+  # The main branch of the repository (e.g. main)
+  main-branch:
+    type: string
+    default: main
+  default-ruby:
+    type: string
+    default: "3.3.0"
 
-    - run:
-        name: install image processsing dependencies
-        command: |
-          sudo apt-get update
-          sudo apt install imagemagick libvips
+# Define common YAML anchors
+x-common-auth: &common-auth
+  auth:
+    username: ${DOCKERHUB_USER}
+    password: ${DOCKERHUB_PASSWORD}
 
-    - save_cache:
-        paths:
-          - ./vendor/bundle
-        key: v1-dependencies-{{ checksum "Gemfile.lock" }}
-
-    - run:
-        name: run tests
-        command: |
-          bundle exec rspec --format progress \
-                            --format RspecJunitFormatter \
-                            --out test-results/rspec.xml
-
-    - run:
-        name: run appraisals
-        command: |
-          bundle exec appraisal install --jobs 4 --retry 3
-          bundle exec appraisal rspec
-
-    - store_test_results:
-        path: test-results
-
-################################################################################
+# Define executors
+executors:
+  docker: # Docker using the Base Convenience Image
+    docker:
+      - image: cimg/base:stable
+        <<: *common-auth
+  macos: # macOS executor running Xcode
+    macos:
+      xcode: 15.3.0 # Xcode 15.3 (15E204a), macOS Sonoma14.3.1
 
 jobs:
-  ruby-2.5:
-    <<: *base_job
-    docker:
-      - image: circleci/ruby:2.5
-  ruby-2.6:
-    <<: *base_job
+
+  # Lint Job
+  lint:
     docker:
-      - image: circleci/ruby:2.6
-  ruby-2.7:
-    <<: *base_job
+      - image: cimg/base:stable
+        <<: *common-auth
+    resource_class: small
+    steps:
+      # Check out code
+      - checkout
+      # Install requested Ruby version
+      - ruby/install:
+          version: "<< pipeline.parameters.default-ruby >>"
+      # Install dependencies using bundler
+      - ruby/install-deps:
+          pre-install-steps:
+            - run: bundle config set jobs $(nproc)
+          key: gems-v{{ .Environment.CACHE_VERSION }}
+      # Run Rubocop
+      - run:
+          name: Run Rubocop
+          command: |
+            bash -c "bundle exec rubocop --format=json --out=rubocop-result.json; [[ \$? -ne 2 ]]"
+      - store_artifacts:
+          path: rubocop-result.json
+          destination: rubocop-result.json
+      - persist_to_workspace:
+          root: .
+          paths:
+            - rubocop-result.json
+
+  # Test Job
+  test:
+    parameters:
+      # The OS to run the jobs on
+      os:
+        type: string
+        default: docker
+      # The OS to run the jobs on
+      ruby-version:
+        type: string
+        default: "3.3.0"
+    executor: << parameters.os >>
     environment:
-      UPLOAD_COVERAGE: 1
+      RUBY_VERSION: << parameters.ruby-version >>
+    steps:
+      # Install dependencies based on the OS
+      - when:
+          condition:
+            equal: [ "docker", "<< parameters.os >>" ]
+          steps:
+            - run:
+                name: Install ImageMagick, libvips and libffi
+                command: |
+                  sudo apt-get update
+                  sudo apt-get -y --no-install-recommends install openssl imagemagick libvips42 libffi-dev libreadline-dev libtool libyaml-dev
+            - asdf/install
+      - when:
+          condition:
+            equal: [ "macos", "<< parameters.os >>" ]
+          steps:
+            - run:
+                name: Install ImageMagick, libvips and libffi
+                command: |
+                  brew install openssl@3 imagemagick vips asdf libffi
+      # Install requested Ruby version
+      - run:
+          name: Install Ruby << parameters.ruby-version >>
+          command: |
+            asdf plugin-add ruby
+            asdf install ruby << parameters.ruby-version >>
+            asdf global ruby << parameters.ruby-version >>
+            gem install --user-install executable-hooks
+      # Check out code
+      - checkout
+      # Install dependencies using bundler
+      - ruby/install-deps:
+          pre-install-steps:
+            - run: bundle config set jobs $(nproc)
+          key: gems-v{{ .Environment.CACHE_VERSION }}
+      # Run RSpec tests
+      - run:
+          name: Run tests
+          command: |
+            bundle exec rspec spec
+      # Run appraisals
+      - run:
+          name: Run appraisals
+          command: |
+            bundle exec appraisal install --jobs=$(nproc) --retry 3
+            bundle exec appraisal rspec
+      # Store test results
+      - store_test_results:
+          path: rspec/rspec.xml
+      # Persist test results to workspace and upload to CodeCov for default Ruby
+      - when:
+          condition:
+            and:
+              - equal: [ "docker", "<< parameters.os >>" ]
+              - equal: [ "<< pipeline.parameters.default-ruby >>", "<< parameters.ruby-version >>" ]
+          steps:
+            - persist_to_workspace:
+                root: .
+                paths:
+                  - rspec
+                  - coverage
+            - codecov/upload
+
+  # Sonarcloud Job
+  sonarcloud:
     docker:
-      - image: circleci/ruby:2.7
+      - image: cimg/openjdk:21.0-node
+        <<: *common-auth
+    resource_class: small
+    steps:
+      - checkout
+      - attach_workspace:
+          at: .
+      - run:
+          name: Replace Version
+          command: |
+            if [ -n "${CIRCLE_TAG}" ] && [ ! -z "${CIRCLE_TAG}" ] ; then
+              export APP_VERSION="${CIRCLE_TAG}"
+            elif [ -n "${CIRCLE_BRANCH}" ] && [ ! -z "${CIRCLE_BRANCH}" ] ; then
+              export APP_VERSION="${CIRCLE_BRANCH}"
+            else
+              export APP_VERSION="${CIRCLE_SHA1:0:7}"
+            fi
+            echo "Setting version to ${APP_VERSION}"
+            sed -i -e "s\\sonar.projectVersion=.*$\\sonar.projectVersion=${APP_VERSION}\\g" sonar-project.properties
+      - sonarcloud/scan
+
 
 ################################################################################
 
 workflows:
-  version: 2
   multiple-rubies:
     jobs:
-      - ruby-2.5
-      - ruby-2.6
-      - ruby-2.7
+      # Test Job
+      - test:
+          context:
+            - DockerHub
+          matrix:
+            parameters:
+              os: ["docker", "macos"]
+              ruby-version: ["2.7.8", "3.0.6", "3.1.4", "3.2.3", "3.3.0"]
+      # Lint Job
+      - lint:
+          context:
+            - DockerHub
+          requires:
+            - test
+      # Sonarcloud Job
+      - sonarcloud:
+          context:
+            - DockerHub
+            - SonarCloud
+          requires:
+            - lint
+            - test

.depfu.yml

@@ -0,0 +1,21 @@
+---
+update_strategy: security
+
+bundler:
+  update_strategy: grouped
+  update_out_of_spec: false
+  reasonably_up_to_date: true
+  automerge_method: squash
+  engine_update_strategy: minor
+  commit_message: ⬆️ Update {{dependency}} to version {{version}}
+  commit_message_grouped: ⬆️ Update {{update_type}} {{project_type}} dependencies ({{date}})
+  labels:
+    - dependencies
+    - depfu
+  security_labels:
+    - 🚨 security
+  auto_assign: otherguy
+  auto_review_team_assign: platform
+  grouped_update_schedule: biweekly
+  grouped_update_start_date: '2022-01-05' # First wednesday of the year
+  grouped_update_time: '6:00'

.gitignore

@@ -9,17 +9,14 @@
 
 # Rubocop
 .rubocop-*
+rubocop-result.json
 
-# rspec failure tracking
+# RSpec
+rspec/
 spec/examples.txt
 
-.env.*.local
-
-# CircleCI / RSpec JUnit formatter
-test-results
-
+# Appraisals
 gemfiles/*.gemfile.lock
 
+# Examples
 examples/output
-
-.ruby-version

.rspec

@@ -1,2 +1,7 @@
 --require spec_helper
 --color
+--format documentation
+--format RspecJunitFormatter
+--out rspec/rspec.xml
+--format RspecSonarqubeFormatter
+--out rspec/test-report.xml

.rubocop.yml

@@ -1,9 +1,21 @@
 ---
 inherit_from: https://raw.githubusercontent.com/remove-bg/code-style/main/ruby/.rubocop.yml
 
+require:
+  - rubocop-performance
+  - rubocop-rspec
+  - rubocop-rake
+
+inherit_mode:
+  merge:
+    - Exclude
+
 AllCops:
   NewCops: enable
-  TargetRubyVersion: 2.5
+  TargetRubyVersion: 2.7
+  Exclude:
+    - gemfiles/**/*
+    - vendor/bundle/**/*
 
 Layout/LineLength:
   Max: 180

Appraisals

@@ -1,19 +1,16 @@
 # frozen_string_literal: true
 
 # Oldest supported Faraday version
-appraise "faraday-0-15" do
-  gem "faraday", "~> 0.15.0"
-end
 
 appraise "faraday-0-16" do
-  gem "faraday", "~> 0.16.0"
+  gem "faraday", "~> 0.16"
 end
 
 appraise "faraday-0-17" do
-  gem "faraday", "~> 0.17.0"
+  gem "faraday", "~> 0.17"
 end
 
 # Latest in Faraday 1.x series
 appraise "faraday-1-x" do
-  gem "faraday", "~> 1.0"
+  gem "faraday", "~> 1"
 end

Gemfile

@@ -2,7 +2,3 @@
 
 source "https://rubygems.org"
 gemspec
-
-group :development do
-  gem "appraisal", git: "https://github.com/thoughtbot/appraisal.git", ref: "5868643"
-end