ci: Add base GitHub CI

Author: JanEbbing

.github/workflows/run_ci.yml

@@ -0,0 +1,126 @@
+name: Ruby CI
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '10 0 * * *'
+
+env:
+  SECRET_DETECTION_JSON_REPORT_FILE: "gitleaks.json"
+
+jobs:
+  package:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby_version: ['2.7', '3.2', '3.3']
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby_version }}
+          bundler-cache: true
+      - name: Build package
+        run: bundle exec rake build
+      - name: Upload Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: pkg-${{ matrix.ruby_version }}
+          path: pkg/
+
+  rubocop:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby_version: ['2.7', '3.2', '3.3']
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby_version }}
+          bundler-cache: true
+      - name: Run rubocop
+        run: bundle exec rubocop
+
+  secret_detection:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install and run secret detection
+        run: |
+          wget https://github.com/gitleaks/gitleaks/releases/download/v8.19.3/gitleaks_8.19.3_linux_x64.tar.gz
+          tar -xzf gitleaks_8.19.3_linux_x64.tar.gz
+          EXITCODE=0
+          ./gitleaks detect -r ${SECRET_DETECTION_JSON_REPORT_FILE} --source . --log-opts="--all --full-history" || EXITCODE=$?
+          if [[ $EXITCODE -ne 0 ]]; then
+            exit $EXITCODE
+          fi
+      - name: Upload secret detection artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: secret-detection-results
+          path: gitleaks.json
+
+  license_check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Run license check
+        run: |
+          ./license_checker.sh '*.rb' | tee license_check_output.txt
+          [ ! -s license_check_output.txt ]
+
+
+# Test and gem publishing stage are disabled/missing for now. Code needs to be tested
+
+#######################################################
+# test:
+#     runs-on: ubuntu-latest
+#     strategy:
+#       matrix:
+#         include:
+#           - ruby_version: '2.7'
+#             use_mock_server: ''
+#           - ruby_version: '3.2'
+#             use_mock_server: ''
+#           - ruby_version: '3.3'
+#             use_mock_server: ''
+#           - ruby_version: '2.7'
+#             use_mock_server: 'use mock server'
+#           - ruby_version: '3.2'
+#             use_mock_server: 'use mock server'
+#           - ruby_version: '3.3'
+#             use_mock_server: 'use mock server'
+#     steps:
+#       - uses: actions/checkout@v4
+#       - name: Set up Ruby
+#         uses: ruby/setup-ruby@v1
+#         with:
+#           ruby-version: ${{ matrix.ruby_version }}
+#           bundler-cache: true
+#       - name: Configure Mock Server
+#         if: matrix.use_mock_server != ''
+#         run: |
+#           echo "Using mock server"
+#           export DEEPL_SERVER_URL=http://deepl-mock:3000
+#           export DEEPL_MOCK_SERVER_PORT=3000
+#           export DEEPL_PROXY_URL=http://deepl-mock:3001
+#           export DEEPL_MOCK_PROXY_SERVER_PORT=3001
+#       - name: Run Tests
+#         run: bundle exec rake test
+#       - name: Run RSpec Tests
+#         run: bundle exec rspec --format RspecJunitFormatter --out rspec.xml
+#       - name: Upload Test Results
+#         uses: actions/upload-artifact@v4
+#         with:
+#           name: test-results
+#           path: rspec.xml

.gitleaksignore

@@ -0,0 +1,13 @@
+0d52c9d0bd4a3ba8658082dc423b75eaef19df4b:spec/api/configuration_spec.rb:generic-api-key:60
+fc068fd7b86172928f9dd9084aca4c441f996880:spec/api/configuration_spec.rb:generic-api-key:60
+f71cdb11f9fe277fcfe90e8e694a52a27e2a5274:spec/api/configuration_spec.rb:generic-api-key:60
+af659c126c3deaa4129f3816174c69ba542e8e61:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:45
+8cc9017bcce8fd0e56638eafdc91caff8faca8fe:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:45
+fe1ca256e85c762b1a66007cd801dc92a7e2623c:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:45
+e8b2673d7c0065d4d6b2a331145f752f159d5165:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:45
+52c689005c97eb908cfdac19a181e01289bfae7e:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:45
+af659c126c3deaa4129f3816174c69ba542e8e61:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:52
+e8b2673d7c0065d4d6b2a331145f752f159d5165:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:52
+8cc9017bcce8fd0e56638eafdc91caff8faca8fe:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:52
+fe1ca256e85c762b1a66007cd801dc92a7e2623c:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:52
+52c689005c97eb908cfdac19a181e01289bfae7e:spec/fixtures/vcr_cassettes/deepl_document.yml:generic-api-key:52

README.md

@@ -411,6 +411,10 @@ To run tests (rspec and rubocop), use
 bundle exec rake test
 ```
 
+### Caution: Gitleaks and VCR tests
+
+When contributing to the library, in the CI `gitleaks` might pick up document keys (from the document translation workflow) or example API keys as leaked secrets. To fix this you can add them to the `.gitleaksignore` file, please see the [documentation](https://github.com/gitleaks/gitleaks?tab=readme-ov-file#gitleaksignore) for more details.
+
 ### Caution: Changing VCR Tests
 
 If you need to rerecord some of the VCR tests, simply setting `record: :new_episodes` and rerunning `rspec` won't be enough in some cases, specifically around document translation (due to its statefulness) and glossaries (since a glossary ID is associated with a specific API account).