Sha256: 7219c11a626c63bb0ad29d72b733271c33cc582b502b1f5af5e06d7c2affc12b
Contents?: true
Size: 1.62 KB
Versions: 4
Compression:
Stored size: 1.62 KB
Contents
namespace :deploy do task :ensure_tag do tagname = `git describe --exact-match HEAD`.chomp if $? == 0 puts "Code is tagged as `#{tagname}`, proceeding with deployment" else abort "You need to tag the source before you can deploy production" end end task :create_tag do now = Time.now tagname = "#{fetch(:stage)}-#{now.strftime('%Y-%m-%d-%H%M')}" me = `whoami`.chomp %x(git tag -a #{tagname} -m "Automated deploy tag by #{me}" && git push origin #{tagname}) end task :backup_database do if fetch(:skip_deploy_backups) puts "Skipping database backup because :skip_deploy_backups is set" else invoke "db:backup" end end task :scan_gems do require 'bundler/audit/scanner' require 'bundler/audit/database' Bundler::Audit::Database.update! scanner = Bundler::Audit::Scanner.new vulnerable = false ignore = fetch(:bundler_audit_ignore, []) scanner.scan(ignore: ignore) do |result| vulnerable = true case result when Bundler::Audit::Scanner::InsecureSource puts "Insecure Source URI found: #{result.source}" when Bundler::Audit::Scanner::UnpatchedGem puts "#{result.gem} is not secure!" end end if vulnerable && ENV["I_KNOW_GEMS_ARE_INSECURE"] == nil abort """ Your Gemfile.lock contains unpatched gems -- refusing to deploy Run `bundle-audit check --update` for full information You can set 'I_KNOW_GEMS_ARE_INSECURE' if you really want to do this anyway """ end end end before 'deploy:migrate', 'deploy:backup_database' before 'deploy', 'deploy:scan_gems'
Version data entries
4 entries across 4 versions & 1 rubygems