chore: Metadata and governance updates

halostatue · Feb 2, 2025 · 4d41c0b · 4d41c0b
1 parent bc14f1d
commit 4d41c0b
Show file tree

Hide file tree

Showing 25 changed files with 898 additions and 701 deletions.
diff --git a/.autotest b/.autotest
diff --git a/.gemtest b/.gemtest
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -1,5 +1,3 @@
-# These are supported funding model platforms
-
 github: halostatue
 buy_me_a_coffee: halostatue
 ko_fi: halostatue

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -11,10 +11,15 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
 
-      - uses: ruby/setup-ruby@v1
+      - uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0
         with:
           ruby-version: '3.3'
           rubygems: latest
@@ -26,6 +31,9 @@ jobs:
   required-ubuntu:
     name: Ruby ${{ matrix.ruby }} - ${{ matrix.os }}
 
+    permissions:
+      contents: read
+
     strategy:
       fail-fast: false
       matrix:
@@ -39,22 +47,16 @@ jobs:
           - '3.1'
           - '3.2'
           - '3.3'
-          - jruby
           - truffleruby
-        include:
-          - ruby: jruby
-            os: ubuntu-22.04
-            continue-on-error: true
-          - ruby: truffleruby
-            os: ubuntu-22.04
-            continue-on-error: true
 
     runs-on: ${{ matrix.os }}
-    continue-on-error: ${{ matrix.continue-on-error || false }}
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-      - uses: ruby/setup-ruby@v1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0
         with:
           ruby-version: ${{ matrix.ruby }}
           rubygems: latest
@@ -66,25 +68,32 @@ jobs:
   required-macos:
     name: Ruby ${{ matrix.ruby }} - ${{ matrix.os }}
 
+    permissions:
+      contents: read
+
     strategy:
       fail-fast: false
       matrix:
         os:
-          - macos-12
           - macos-13
           - macos-14
+          - macos-15
         ruby:
           - '2.6'
           - '2.7'
           - '3.1'
           - '3.2'
           - '3.3'
+          - '3.4'
 
     runs-on: ${{ matrix.os }}
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-      - uses: ruby/setup-ruby@v1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0
         with:
           ruby-version: ${{ matrix.ruby }}
           rubygems: latest
@@ -98,6 +107,10 @@ jobs:
   # 2022. https://github.com/ruby/setup-ruby/issues/641
   required-windows:
     name: Ruby ${{ matrix.ruby }} - ${{ matrix.os }}
+
+    permissions:
+      contents: read
+
     strategy:
       fail-fast: false
       matrix:
@@ -121,8 +134,11 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-      - uses: ruby/setup-ruby@v1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0
         with:
           ruby-version: ${{ matrix.ruby }}
           rubygems: latest
@@ -134,6 +150,9 @@ jobs:
   ruby-head-optional:
     name: Ruby ${{ matrix.ruby }} - ${{ matrix.os }} (optional)
 
+    permissions:
+      contents: read
+
     strategy:
       fail-fast: false
 
@@ -149,8 +168,11 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-      - uses: ruby/setup-ruby@v1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0
         with:
           ruby-version: ${{ matrix.ruby }}
           rubygems: latest

diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml
@@ -0,0 +1,61 @@
+name: Reviewdog
+
+on:
+  pull_request:
+
+jobs:
+  typos:
+    if: ${{ github.event.action != 'closed' }}
+    name: Typos
+    runs-on: ubuntu-22.04
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        with:
+          persist-credentials: false
+
+      - uses: reviewdog/action-typos@2e6b919585397817d4fc55f0ee1dc771530b1089 #v1.13.0
+
+  actionlint:
+    if: ${{ github.event.action != 'closed' }}
+    name: Actionlint
+    runs-on: ubuntu-22.04
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        with:
+          persist-credentials: false
+
+      - uses: reviewdog/action-actionlint@f3dcc52bc6039e5d736486952379dce3e869e8a2 #v1.63.0
+
+  standardrb:
+    if: ${{ github.event.action != 'closed' }}
+    name: 'Ruby: Standard'
+    runs-on: ubuntu-22.04
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
+        with:
+          persist-credentials: false
+
+      - uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 #v1.207.0
+        with:
+          ruby-version: '3.3'
+          bundler-cache: true
+
+      - uses: kirillplatonov/action-standard@ce7fc0be158421b01e5d9dc20eef1dcabcf18e4b #v1.0.1
+        with:
+          skip_install: true
+          use_bundler: true
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
@@ -0,0 +1,31 @@
+name: GitHub Actions Security Analysis with zizmor
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+
+jobs:
+  zizmor:
+    name: zizmor latest via Cargo
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      # required for workflows in private repositories
+      contents: read
+      actions: read
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - uses: actions-rust-lang/setup-rust-toolchain@11df97af8e8102fd60b60a77dfbf58d40cd843b8 # v1.10.1
+
+      - run: cargo install --locked zizmor
+      - run: zizmor --persona pedantic --format sarif . > results.sarif
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        with:
+          sarif_file: results.sarif
+          category: zizmor
diff --git a/.gitignore b/.gitignore
@@ -1,20 +1,14 @@
-*.pyc
-*.rbc
-*.swp
-*~
-.DS_Store
+*.gem
+.bundle/
+.byebug_history
 .rake_tasks~
-.rvmrc
 .source_index
 Gemfile.lock
-coverage.info
-coverage.vim
 coverage/
 doc/
 html/
 pkg/
 publish/
 research/
-spec/ldap.yml
 website/index.html
-.byebug_history
+vendor/
diff --git a/.hoerc b/.hoerc
@@ -1,50 +1,49 @@
 ---
 exclude: !ruby/regexp '/
-  \.(?:
-    tmp |
-    swp
-  )$
-  |
-  \.(?:
-    bundle |
-    git |
-    github |
-    hg |
-    idea |
-    svn |
-    vagrant
+  \.gemspec$
+  | \.tmp$
+  | \.swp$
+  | ^\.(?:
+      DS_Store
+    | autotest
+    | byebug_history
+    | gemtest
+    | gitattributes
+    | gitignore
+    | hoerc
+    | minitest\.rb
+    | simplecov-prelude\.rb
+    | workenv
+    | (?:
+        appveyor
+      | coveralls
+      | fasterer
+      | pullreview
+      | rubocop.*
+      | standard.*
+      | travis
+      | unused
+      )\.yml
+    | (?:
+        typos
+      )\.toml
+    )$
+  | ^\.(?:
+      bundle
+    | github
+    | git
+    | hg
+    | idea
+    | svn
+    | vagrant
   )\/
-  |
-  [gG]emfile(?:\.lock)?
-  |
-  (?:
-    support |
-    research
+  | [gG]emfile(?:\.lock)?$
+  | [Aa]ppraisals$
+  | (?i:TAGS)$
+  | Vagrantfile$
+  | ^(?:
+        support
+      | types
+      | vendor
   )\/
-  |
-  \b(?i:TAGS)$
-  |
-  \.(?:
-    appveyor |
-    coveralls |
-    fasterer |
-    pullreview |
-    rubocop* |
-    travis |
-    unused
-  )\.yml$
-  |
-  \.(?:
-    DS_Store |
-    autotest |
-    byebug_history |
-    gemtest |
-    gitattributes |
-    gitignore |
-    hoerc |
-    minitest.rb |
-    simplecov-prelude.rb
-  )$
-  |
-  \.gemspec$
   /x'
diff --git a/.standard.yml b/.standard.yml
@@ -1,6 +1,13 @@
+---
 parallel: true
 ruby_version: 2.0
+
 ignore:
-  - 'diff-lcs.gemspec'
-  - 'research/**/*'
-  - 'pkg/**/*'
+  - '*.gemspec'
+  - research/**/*
+  - pkg/**/*
+  - Rakefile:
+      - Layout/HeredocIndentation
+
+plugins:
+  - standard-thread_safety