Refactoring

.github/changelog_config.json

@@ -0,0 +1,47 @@
+{
+  "categories": [
+    {
+      "title": "## 🚀 Features",
+      "labels": ["feature", "enhancement"]
+    },
+    {
+      "title": "## 🐛 Bug Fixes",
+      "labels": ["bug", "fix"]
+    },
+    {
+      "title": "## 🧹 Maintenance",
+      "labels": ["maintenance", "chore", "dependencies"]
+    },
+    {
+      "title": "## 📖 Documentation",
+      "labels": ["documentation", "docs"]
+    },
+    {
+      "title": "## ⚡ Performance",
+      "labels": ["performance"]
+    },
+    {
+      "title": "## 🔒 Security",
+      "labels": ["security"]
+    }
+  ],
+  "ignore_labels": [
+    "ignore",
+    "wontfix",
+    "invalid",
+    "duplicate"
+  ],
+  "sort": "ASC",
+  "template": "${{CHANGELOG}}",
+  "pr_template": "- ${{TITLE}} by @${{AUTHOR}} in #${{NUMBER}}",
+  "empty_template": "- No changes",
+  "label_extractor": [
+    {
+      "pattern": "\\[(.+)\\]",
+      "target": "$1"
+    }
+  ],
+  "max_tags_to_fetch": 200,
+  "max_pull_requests": 200,
+  "max_back_track_time_days": 90
+}

.github/markdown-link-check.json

@@ -0,0 +1,38 @@
+{
+  "ignorePatterns": [
+    {
+      "pattern": "^http://localhost"
+    },
+    {
+      "pattern": "^https://localhost"
+    }
+  ],
+  "replacementPatterns": [
+    {
+      "pattern": "^/",
+      "replacement": "https://github.com/ruby-api-client/yandex360/blob/main/"
+    }
+  ],
+  "httpHeaders": [
+    {
+      "urls": ["https://github.com/", "https://api.github.com/"],
+      "headers": {
+        "Accept-Encoding": "zstd, br, gzip, deflate"
+      }
+    }
+  ],
+  "timeout": "10s",
+  "retryOn429": true,
+  "retryCount": 3,
+  "fallbackHttpStatus": [
+    400,
+    401,
+    403,
+    404,
+    405,
+    500,
+    502,
+    503,
+    504
+  ]
+}

.github/workflows/ci.yml

@@ -1,51 +1,158 @@
-name: Ruby specs
-on: [push, pull_request]
+name: CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main]
+
+env:
+  COVERAGE: true
+
 jobs:
+  lint:
+    name: Lint & Security
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: "3.1"
+          bundler-cache: true
+
+      - name: Run RuboCop
+        run: bundle exec rubocop --format github
+
+      - name: Run security audit
+        run: |
+          gem install bundler-audit
+          bundle audit --update
+
   test:
-    name: tests
+    name: Test (Ruby ${{ matrix.ruby }} on ${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, macos-latest]
-        ruby: ['3.0', '3.1', head, truffleruby, truffleruby-head]
-    runs-on: ${{ matrix.os }}
-    continue-on-error: true
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        ruby: ["3.1", "3.2", "3.3"]
+        exclude:
+          # Windows has issues with older Ruby versions
+          - os: windows-latest
+            ruby: "2.6"
+          # macOS ARM64 runners have limited Ruby version support
+          - os: macos-latest
+            ruby: "2.6"
+
     steps:
-    - uses: actions/checkout@v5
-    - uses: ruby/setup-ruby@v1.257.0
-      with:
-        ruby-version: ${{ matrix.ruby }}
-        # bundler-cache: true
-
-    - name: Get the newest rubygems version to rid ourselves of warnings
-      run: gem update --system --no-document
-
-    - name: Install bundler
-      run: gem i bundler --no-document
-
-    - name: Install dependencies
-      run: |
-        bundle config set --local without benchmark
-        bundle install --jobs=3
-    - name: RSpec testing
-      run: |
-        JRUBY_OPTS="--dev --debug" bundle exec rspec --color --format documentation
-    - name: Coveralls Parallel
-      uses: coverallsapp/github-action@v2.3.6
-      with:
-        github-token: ${{ secrets.github_token }}
-        flag-name: run-${{ matrix.ruby-version }}
-        path-to-lcov: ./coverage/lcov/yandex360.lcov
-        parallel: true
-
-  coverage:
-    name: Coverage
-    needs: test
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Run tests
+        run: bundle exec rspec --format progress
+
+      - name: Upload coverage (Ubuntu Ruby 3.1 only)
+        if: matrix.os == 'ubuntu-latest' && matrix.ruby == '3.1'
+        uses: coverallsapp/github-action@v2.3.6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          path-to-lcov: ./coverage/lcov/yandex360.lcov
+
+  integration:
+    name: Integration Tests
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: "3.1"
+          bundler-cache: true
+
+      - name: Test gem installation
+        run: |
+          gem build yandex360.gemspec
+          gem install yandex360-*.gem
+
+      - name: Test require
+        run: ruby -e "require 'yandex360'; puts 'Gem loads successfully'"
+
+  dependency-check:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: moderate
+
+  performance:
+    name: Performance Benchmark
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: "3.1"
+          bundler-cache: true
+
+      - name: Run benchmark
+        run: |
+          echo "Running basic performance check..."
+          time bundle exec ruby -e "
+            require 'yandex360'
+            start = Time.now
+            1000.times { Yandex360::Client.new(token: 'test') }
+            puts \"Client creation time: #{Time.now - start}s\"
+          "
+
+  release-dry-run:
+    name: Release Dry Run
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1.257.0
+        with:
+          ruby-version: "3.1"
+          bundler-cache: true
+
+      - name: Build gem
+        run: gem build yandex360.gemspec
+
+      - name: Check gem contents
+        run: |
+          gem spec yandex360-*.gem
+          tar -tf yandex360-*.gem | head -20
+
+  notify:
+    name: Notify Success
     runs-on: ubuntu-latest
+    needs: [lint, test, integration]
+    if: always() && (needs.lint.result == 'success' && needs.test.result == 'success' && needs.integration.result == 'success')
     steps:
-    - name: Coveralls Finished
-      uses: coverallsapp/github-action@v2.3.6
-      with:
-        github-token: ${{ secrets.github_token }}
-        path-to-lcov: ${{ github.workspace }}/coverage/lcov.info
-        parallel-finished: true
+      - name: Success notification
+        run: echo "✅ All CI checks passed successfully!"

.github/workflows/codeql.yml

@@ -9,36 +9,27 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: "CodeQL"
+name: "Security Analysis"
 
 on:
   push:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
   schedule:
-    - cron: '29 11 * * 0'
+    - cron: '0 6 * * 1' # Weekly on Monday at 6 AM UTC
 
-jobs:
-  analyze:
-    name: Analyze (${{ matrix.language }})
-    # Runner size impacts CodeQL analysis time. To learn more, please see:
-    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
-    #   - https://gh.io/supported-runners-and-hardware-resources
-    #   - https://gh.io/using-larger-runners (GitHub.com only)
-    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
-    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
-    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
-    permissions:
-      # required for all workflows
-      security-events: write
-
-      # required to fetch internal or private CodeQL packs
-      packages: read
+permissions:
+  security-events: write
+  actions: read
+  contents: read
+  packages: read
 
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
+jobs:
+  codeql:
+    name: CodeQL Analysis
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
 
     strategy:
       fail-fast: false
@@ -58,35 +49,36 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v5
 
-    # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-
-        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
-    # If the analyze step fails for one of the languages you are analyzing with
-    # "We were unable to automatically build your code", modify the matrix above
-    # to set the build mode to "manual" for that language. Then modify this step
-    # to build your code.
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-    - if: matrix.build-mode == 'manual'
-      run: |
-        echo 'If you are using a "manual" build mode for one or more of the' \
-          'languages you are analyzing, replace this with the commands to build' \
-          'your code, for example:'
-        echo '  make bootstrap'
-        echo '  make release'
-        exit 1
+        queries: security-extended,security-and-quality
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"
+
+  dependency-scanning:
+    name: Dependency Scanning
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v5
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        scan-type: 'fs'
+        scan-ref: '.'
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+
+    - name: Upload Trivy scan results
+      uses: github/codeql-action/upload-sarif@v3
+      if: always()
+      with:
+        sarif_file: 'trivy-results.sarif'