Merge branch 'main' into martagrrez/makefile

.github/dependabot.yml

@@ -0,0 +1,31 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  # Maintain dependencies for yarn
+  - package-ecosystem: "npm" # works for yarn
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+      time: "09:00"
+      timezone: "Europe/London"
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    # Workflow files stored in the default location of `.github/workflows`. (You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.)
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      time: "09:00"
+      timezone: "Europe/London"
+
+  # Maintain dependencies for bundler
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      time: "09:00"
+      timezone: "Europe/London"

.github/workflows/community-first-pr-comment.yml

@@ -0,0 +1,16 @@
+# This workflow comments on PRs opened by first time contributors.
+# Reminds first timer contributors to associate their PR with an issue and follow the guidelines.
+# See for more info: https://github.com/actions/first-interaction
+
+name: First Interaction PR Comment
+
+on: [pull_request]
+
+jobs:
+  greeting:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/first-interaction@v1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          pr-message: "First time contributors to Chayn: Please make sure that this PR is linked to an issue you are assigned! We will not merge contributor PRs without a linked assigned issue. Please ask to be assigned an existing issue or create your own before opening a PR. Read our Contributing Guidelines in the CONTRIBUTING.md file for more details. Thank you for your contribution!"

.github/workflows/community-issue-comment.yml

@@ -0,0 +1,56 @@
+# This workflow handles issue comments.
+# See for more info: https://github.com/actions/github-script
+
+name: Issue Comments
+
+on:
+  issues:
+    types:
+      - assigned
+      - labeled
+
+jobs:
+  # When issues are assigned, a comment is posted
+  # Tags the assignee with links to helpful resources
+  assigned-comment:
+    if: github.event.action == 'assigned'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Post assignee issue comment
+        id: assigned-comment
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.payload.issue.number,
+              body: `Thank you @${context.payload.issue.assignee.login} you have been assigned this issue!
+              **Please follow the directions in our [Contributing Guide](https://github.com/chaynHQ/.github/blob/main/docs/CONTRIBUTING.md). We look forward to reviewing your pull request shortly ✨**
+              
+              ---
+              
+              Support Chayn's mission? ⭐ Please star this repo to help us find more contributors like you!
+              Learn more about Chayn [here](https://linktr.ee/chayn) and [explore our projects](https://org.chayn.co/projects). 🌸`
+              })
+
+  # When issues are labeled as stale, a comment is posted.
+  # Tags the assignee with warning.
+  # Enables manual issue management in addition to community-stale-management.yml
+  stale-label-comment:
+    if: github.event.action == 'labeled' && github.event.label.name == 'stale'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Post stale issue comment
+        id: stale-label-comment
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.payload.issue.number,
+              body: `@${context.payload.issue.assignee.login} As per Chayn policy, after 30 days of inactivity, we will be unassigning this issue. Please comment to stay assigned.`
+            })

.github/workflows/community-stale-management.yml

@@ -0,0 +1,43 @@
+# This workflow labels stale issues and PRs after 30 days of inactivity.
+# Stale PRs are closed after 1 week of inactivity after labeled stale.
+# See for more info: https://github.com/actions/stale
+
+name: Mark Stale Contributions
+
+on:
+  # Enable manual run from the Actions tab so workflow can be run at any time
+  workflow_dispatch:
+  # Scheduled to run at 12:00 on every Monday
+  schedule:
+    - cron: "0 0 * * MON"
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+      - uses: actions/stale@v9
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-issue-label: "stale"
+          stale-pr-label: "stale"
+          days-before-stale: 30
+          # disables closing issues
+          days-before-issue-close: -1
+          # close pr after 1 week no updates after stale warning
+          days-before-pr-close: 7
+          # only scan assigned issues
+          include-only-assigned: true
+          # ignore issues assigned to staff and bots
+          exempt-assignees: "kyleecodes, swetha-charles, eleanorreem, annarhughes, tarebyte, dependabot[bot], dependabot, github-actions[bot], github-actions"
+          # disable removing stale label due to irrelevant activity (like branch updates)
+          remove-stale-when-updated: false
+          # exempt dependabot prs from going stale
+          exempt-pr-labels: dependencies
+          # disable counting irrelevant activity (branch updates) towards day counter on prs.
+          ignore-pr-updates: true
+          stale-pr-message: "As per Chayn policy, after 30 days of inactivity, we will close this PR."
+          close-pr-message: "This PR has been closed due to inactivity."

.github/workflows/dependabot-open-issues.yml

@@ -0,0 +1,28 @@
+# This workflow opens issues for pull requests opened by dependabot.
+# See for more info: https://github.com/actions-cool/issues-helper
+
+name: Open Dependabot Issues # from pull requests
+
+on:
+  pull_request:
+    types: [opened]
+    branches: [main]
+
+jobs:
+  create-issue:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    steps:
+      - name: Create issue
+        uses: actions-cool/issues-helper@v3
+        with:
+          actions: "create-issue"
+          token: ${{ secrets.GITHUB_TOKEN }}
+          title: ${{ github.event.pull_request.title }}
+          body: |
+            ### Dependabot opened a pull request to update a dependency. Please review it: ${{ github.event.pull_request.html_url }} 
+            - [ ] Comment on this issue tagging Chayn staff (@kyleecodes) to be assigned this issue.
+            - [ ] Follow directions in the Chayn Dependency Upgrade Guide here: https://chayn.notion.site/Chayn-Tech-Contributor-Wiki-5356c7118c134863a2e092e9df6cbc34?pvs=4
+          labels: "dependencies"

.github/workflows/dependabot-pr-review.yml

@@ -0,0 +1,22 @@
+# This workflow enables dependency scans on pull requests.
+# When changes in dependencies are detected, it will raise an error
+# if any vulnerabilities or invalid licenses are introduced.
+# See for more info: https://github.com/actions/dependency-review-action
+
+name: "Dependency Review"
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v4
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@v4
+        with:
+          # fails when moderate vulnerabilities are deteched
+          fail-on-severity: moderate

.ruby-version

@@ -1 +1 @@
-3.1.4
+3.1.6

Gemfile

@@ -3,7 +3,7 @@
 source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
-ruby '3.1.4'
+ruby '3.1.6'
 
 gem 'rails', '~> 7.0', '>= 7.0.8'
 gem 'pg', '~> 1.5', '>= 1.5.3'