Another secret test

.github/workflows/docker.yml

@@ -23,6 +23,10 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+      - name: Decrypt service-account.json
+        run: ./spec/quarantine/decrypt_secret.sh
+        env:
+          QUARANTINE_SERVICE_ACCOUNT_PASSPHRASE: ${{ secrets.QUARANTINE_SERVICE_ACCOUNT_PASSPHRASE }}
       - name: Create downloads folder
         run: |
           mkdir -p tmp/downloads
@@ -37,6 +41,9 @@ jobs:
         run: docker-compose exec -T web bundle exec rails javascript:build
       - name: Test
         run: docker-compose exec -T web bundle exec rspec spec
+        env:
+          QUARANTINE: false
+          QUARANTINE_SHEET_ID: id
 
       - name: Archive selenium screenshots
         if: ${{ failure() }}

.github/workflows/rspec.yml

@@ -38,6 +38,11 @@ jobs:
         with:
           bundler-cache: true
 
+      - name: Decrypt service-account.json
+        run: ./spec/quarantine/decrypt_secret.sh
+        env:
+          QUARANTINE_SERVICE_ACCOUNT_PASSPHRASE: ${{ secrets.QUARANTINE_SERVICE_ACCOUNT_PASSPHRASE }}
+
       - name: Install PostgreSQL client
         run: |
           sudo apt-get -yqq install libpq-dev
@@ -66,6 +71,8 @@ jobs:
           POSTGRES_HOST_AUTH_METHOD: trust
           RUN_SIMPLECOV: true
           CC_TEST_REPORTER_ID: 31464536e34ab26588cb951d0fa6b5898abdf401dbe912fd47274df298e432ac
+          QUARANTINE: false
+          QUARANTINE_SHEET_ID: id
         run: |
           curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
           chmod +x ./cc-test-reporter

.gitignore

@@ -65,3 +65,6 @@ npm-debug.log
 
 # In case we want to keep something in the compiled assets directory
 !/app/assets/builds/.keep
+
+# Quarantine service-account
+spec/quarantine/service-account.json

Gemfile

@@ -84,8 +84,11 @@ group :test do
   gem "capybara-screenshot"
   gem "database_cleaner-active_record"
   gem "email_spec"
+  gem "google_drive", "~> 3"
+  gem "quarantine"
   gem "rails-controller-testing"
   gem "rake"
+  gem "rspec-retry"
   gem "selenium-webdriver"
   gem "simplecov"
   gem "docx"

Gemfile.lock

@@ -153,6 +153,7 @@ GEM
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
     date (3.3.4)
+    declarative (0.0.20)
     delayed_job (4.1.11)
       activesupport (>= 3.0, < 8.0)
     delayed_job_active_record (4.1.8)
@@ -239,6 +240,30 @@ GEM
       activerecord (>= 4.0.0)
     globalid (1.2.1)
       activesupport (>= 6.1)
+    google-apis-core (0.11.3)
+      addressable (~> 2.5, >= 2.5.1)
+      googleauth (>= 0.16.2, < 2.a)
+      httpclient (>= 2.8.1, < 3.a)
+      mini_mime (~> 1.0)
+      representable (~> 3.0)
+      retriable (>= 2.0, < 4.a)
+      rexml
+    google-apis-drive_v3 (0.46.0)
+      google-apis-core (>= 0.11.0, < 2.a)
+    google-apis-sheets_v4 (0.26.0)
+      google-apis-core (>= 0.11.0, < 2.a)
+    google_drive (3.0.7)
+      google-apis-drive_v3 (>= 0.5.0, < 1.0.0)
+      google-apis-sheets_v4 (>= 0.4.0, < 1.0.0)
+      googleauth (>= 0.5.0, < 1.0.0)
+      nokogiri (>= 1.5.3, < 2.0.0)
+    googleauth (0.17.1)
+      faraday (>= 0.17.3, < 2.0)
+      jwt (>= 1.4, < 3.0)
+      memoist (~> 0.16)
+      multi_json (~> 1.11)
+      os (>= 0.9, < 2.0)
+      signet (~> 0.15)
     groupdate (6.4.0)
       activesupport (>= 6.1)
     hashdiff (1.0.1)
@@ -254,6 +279,7 @@ GEM
     httparty (0.21.0)
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
+    httpclient (2.8.3)
     i18n (1.14.4)
       concurrent-ruby (~> 1.0)
     image_processing (1.12.2)
@@ -296,11 +322,13 @@ GEM
       net-smtp
     marcel (1.0.4)
     matrix (0.4.2)
+    memoist (0.16.2)
     method_source (1.0.0)
     mini_magick (4.11.0)
     mini_mime (1.1.5)
     mini_portile2 (2.8.6)
     minitest (5.22.3)
+    multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.3.0)
     mutex_m (0.2.0)
@@ -331,6 +359,7 @@ GEM
     oj (3.16.3)
       bigdecimal (>= 3.0)
     orm_adapter (0.5.0)
+    os (1.1.4)
     parallel (1.23.0)
     paranoia (2.6.3)
       activerecord (>= 5.1, < 7.2)
@@ -357,6 +386,10 @@ GEM
       nio4r (~> 2.0)
     pundit (2.3.1)
       activesupport (>= 3.0.0)
+    quarantine (2.2.2)
+      rspec (~> 3.0)
+      rspec-retry (~> 0.6)
+      sorbet-runtime (= 0.5.6338)
     racc (1.7.3)
     rack (2.2.9)
     rack-attack (6.7.0)
@@ -410,12 +443,21 @@ GEM
     regexp_parser (2.8.1)
     reline (0.5.0)
       io-console (~> 0.5)
+    representable (3.2.0)
+      declarative (< 0.1.0)
+      trailblazer-option (>= 0.1.1, < 0.2.0)
+      uber (< 0.2.0)
     request_store (1.6.0)
       rack (>= 1.4)
     responders (3.1.1)
       actionpack (>= 5.2)
       railties (>= 5.2)
+    retriable (3.1.2)
     rexml (3.2.6)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
     rspec-core (3.12.2)
       rspec-support (~> 3.12.0)
     rspec-expectations (3.12.3)
@@ -432,6 +474,8 @@ GEM
       rspec-expectations (~> 3.12)
       rspec-mocks (~> 3.12)
       rspec-support (~> 3.12)
+    rspec-retry (0.6.2)
+      rspec-core (> 3.3)
     rspec-support (3.12.1)
     rswag-api (2.13.0)
       activesupport (>= 3.1, < 7.2)
@@ -478,13 +522,19 @@ GEM
       websocket (~> 1.0)
     shoulda-matchers (6.2.0)
       activesupport (>= 5.2.0)
+    signet (0.19.0)
+      addressable (~> 2.8)
+      faraday (>= 0.17.5, < 3.a)
+      jwt (>= 1.5, < 3.0)
+      multi_json (~> 1.10)
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.4)
     smart_properties (1.17.0)
+    sorbet-runtime (0.5.6338)
     spring (4.2.0)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
@@ -516,12 +566,14 @@ GEM
     timeout (0.4.1)
     traceroute (0.8.1)
       rails (>= 3.0.0)
+    trailblazer-option (0.1.2)
     twilio-ruby (6.9.1)
       faraday (>= 0.9, < 3.0)
       jwt (>= 1.5, < 3.0)
       nokogiri (>= 1.6, < 2.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
+    uber (0.1.0)
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.8.2)
@@ -594,6 +646,7 @@ DEPENDENCIES
   faker
   filterrific
   friendly_id (~> 5.5.1)
+  google_drive (~> 3)
   groupdate
   httparty
   image_processing (~> 1.12)
@@ -614,6 +667,7 @@ DEPENDENCIES
   pry-byebug
   puma (= 6.4.2)
   pundit
+  quarantine
   rack-attack
   rack-cors
   rails (= 7.1.3.2)
@@ -622,6 +676,7 @@ DEPENDENCIES
   request_store
   rexml
   rspec-rails
+  rspec-retry
   rswag-api
   rswag-specs
   rswag-ui

config/credentials/development.yml.enc

@@ -1 +1 @@
-aewvdbZoQz8v7s3UlJ/+XOIrxpj1/nP2/dA7FkLGvTgmu8lZrnyecC19sDE6bcZN4XsnIqDomjSg/CL8TefHKXOsaoNNKmW8YPVfoH8AmlqXxvJduiZNuXlOcf7SR01E7E0r1VIdRga6g9KtOHBbgtc6hQyOs/2ajSxbD3gY5IFWnWNHIqMEWMUMy/PXtSSxUr+FdNCgdod9Rx0EEiecfEz1tMBP/V69dRwSrM5yfTeogkUPpOqReFisTbn9f0yolmNhhxo7nPoPzyeEcGHl4+maS1GHa6uYQ2n2d2t34FmhcDttI+rV7ITU9LmuwVcjgCE9fPxMUZ9bX2UBUEHialBZ8S+izXyBAKGTvbQw+/Wk9KNT98Tl3Gg=--BRmMgMTOgyAZUyw4--2OyLty/a3xH0OjlI0sf9Yw==
+O3R1nh+IviQp4fbPUmYdFwMY/7uTkosAXqkPx/GFGPQddxurNkxjXAuj0gelnQrJZ+WCFLc6oaGc8MaxkM7M9F2Qrj6nRS2Y3m29vMIGX2dZJCTThLbUmlrpYV2S8oeRzu9Zpm/u2Hl9YmrZfht5d35ldG7KqY5LhPATNonBhU2xcGwqPfqA2Xs6Tp+NBBsDuRCEpIIRR/TNWg/2uPYTtM8Eir517Q1Te309PLkxgpzcWW4HP+pC/wkTmuPD0MVdC7fbw6dtzEljcAWwFmIcRGTsCw+JOaC6okV7rSCCz5+CvOZwr3HvFPyPLgKIEnJQ1o0iUKALCePFFhEfcnbIUNAzewDCKUzscWtTntXOJvycwueASY6Bz/k=--OxjVL8HizxRp/ZBC--iV74Pt+TJIxJyMPnO9dZ1w==

config/credentials/test.yml.enc

@@ -1 +1 @@
-zsvjeQzFV0vM7h3jsx7RUyA3WTQsEYWvEMreEvVbi4L0HN7sDNrP7kay2FZS5VEwrW5mJZdnu63BXa8fK/h1agvaaiOO9FhDXfyK+VT86TAfsLa1gsBK9mHjWSdXCJE9TZj9OjOtR3R/qHOI+2uPUnysh7Om4a0ckiu4Jwex3OcbgCYj2+G2JQtwHkWhlyBthGxLjuDDFfx+qxkJWkN7V9FhN0FkkPaflyj4FjR9BUf3/CB8pvHXqJ1lmxVScYsyhh50mc+CKyVptpqbLi9Jou3SiUePREX03ynV0KPR+7mT3FH9gCj4QyzzS1t3JOUfrgqeVFAzdV1TW01olinOyG2aMrZn1aA7GWfDeIr/GwnaPfUMmZNj4RQ=--KmPWCR7xHr6jUSx5--1L2S0bUzD2Bc+JFAHX7xKg==
+6iCI+ghN8ORL+FEylT1b2oDP6TpWdtpZyGZfHJMAoElu7d3TGgo9KlhQ5BqB6t56IRWk+5YV2yEJPwSB0SxdDimUuOzdFLfpNlTcBdLIe/UPSj/ywm0o8+HtwQsoGnw11Ptn9+UKnTR+cc8f/NTqa5hN13ax1e411DY/9R/ySiiXIYjSyaw3/dDBpGm/Dq9fc8eJBdPgBrSzn9G1gVsCNVz/XzCBTH7ITtf6hWJz34osiXa2+UDFwWTl8Ewp7UJpBXpTAvvDW2dBuVS0k30iorjfbjmWGnbNiqGChqLnpoSsZy5/uNAA7ZTJWuJiwF2DiSuh3GonpqJ8JdDeHM1rqZyD3F5CbDTS5bNwRKRVJ6Sj+1N4oYihHwg=--CaxfRt8/BVUD7Qkl--Lj9oKzYsUyJhBgWdl4ycJQ==

spec/quarantine/decrypt_secret.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# Decrypt the file
+mkdir $HOME/secrets
+# --batch to prevent interactive command
+# --yes to assume "yes" for questions
+gpg --quiet --batch --yes --decrypt --passphrase="$QUARANTINE_SERVICE_ACCOUNT_PASSPHRASE" \
+--output ./spec/quarantine/service-account.json ./spec/quarantine/service-account.json.gpg

spec/quarantine/quarantine_spec.rb

@@ -0,0 +1,7 @@
+require "rails_helper"
+
+RSpec.describe Quarantine do
+  it "fails on the first time" do
+    raise "error" if RSpec.current_example.attempts == 0 && ENV["CI"]
+  end
+end

spec/rails_helper.rb

@@ -8,6 +8,8 @@
 require "view_component/test_helpers"
 require "capybara/rspec"
 require "action_text/system_test_helper"
+require "quarantine"
+require "rspec/retry"
 
 # Require all support folder files
 Dir[Rails.root.join("spec", "support", "**", "*.rb")].sort.each { |f| require f }
@@ -19,6 +21,9 @@
   exit 1
 end
 
+Quarantine::RSpecAdapter.bind if ENV["CI"]
+WebMock.disable_net_connect!(allow: %w[www.googleapis.com sheets.googleapis.com])
+
 RSpec.configure do |config|
   config.include ActiveSupport::Testing::TimeHelpers
   config.include DatatableHelper, type: :datatable
@@ -76,4 +81,22 @@
   def pre_transition_aged_youth_age
     Date.current - CasaCase::TRANSITION_AGE.years
   end
+
+  if ENV["QUARANTINE"]
+    config.quarantine_record_tests = true
+    config.quarantine_release_at_consecutive_passes = 5
+
+    config.around(:each) do |example|
+      example.run_with_retry(retry: 3)
+    end
+
+    config.quarantine_database = {
+      type: :google_sheets,
+      authorization: {type: :service_account_key, file: Rails.root.join("spec", "quarantine", "service-account.json")},
+      spreadsheet: {
+        type: :by_key,
+        key: ENV["QUARANTINE_SHEET_ID"]
+      }
+    }
+  end
 end