version: 2 defaults: &defaults working_directory: ~/wealthsimple docker: - image: circleci/ruby:2.5.3 references: attach_code_workspace: &attach_code_workspace attach_workspace: at: ~/wealthsimple restore_bundle_dependencies: &restore_bundle_dependencies run: name: Restore bundle dependencies from workspace command: bundle --path vendor/bundle jobs: checkout_and_bundle: <<: *defaults steps: - checkout - run: bundle install --jobs=4 --retry=3 --path vendor/bundle - persist_to_workspace: root: . paths: . rspec: <<: *defaults steps: - *attach_code_workspace - *restore_bundle_dependencies - run: bundle exec rspec lint_check: <<: *defaults steps: - *attach_code_workspace - *restore_bundle_dependencies - run: bundle exec rubocop --config=default.yml - run: name: Check default.yml for warnings command: "! bundle exec rubocop --config=default.yml 2>&1 | grep 'Warning:'" vulnerability_check: <<: *defaults steps: - *attach_code_workspace - *restore_bundle_dependencies - run: bundle exec bundle-audit update && bundle exec bundle-audit check release: <<: *defaults steps: - add_ssh_keys: fingerprints: - "46:b5:cb:ee:57:dc:14:95:31:be:12:13:4f:11:94:a4" - *attach_code_workspace - *restore_bundle_dependencies - run: name: Release to rubygems.org command: | echo "github.com,192.30.253.112 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==" >> ~/.ssh/known_hosts mkdir ~/.gem echo ":rubygems_api_key: ${RUBYGEMS_API_KEY}" >> ~/.gem/credentials chmod 600 ~/.gem/credentials bundle exec rake release workflows: version: 2 build: jobs: - checkout_and_bundle: context: wealthsimple - rspec: requires: - checkout_and_bundle - lint_check: requires: - checkout_and_bundle - vulnerability_check: requires: - checkout_and_bundle - release: context: wealthsimple filters: branches: only: master requires: - rspec - lint_check - vulnerability_check security-audit: triggers: - schedule: # 11:05 am UTC: 6:05 am EST / 7:05 am EDT cron: "5 11 * * *" filters: branches: only: master jobs: - checkout_and_bundle: context: wealthsimple - vulnerability_check: requires: - checkout_and_bundle