Merge branch 'main' into dependabot/bundler/rexml-3.2.8

Author: rogerluan

.github/workflows/kotlin-tests.yml

@@ -1,5 +1,9 @@
 name: Kotlin Tests
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
 jobs:
   test:
     runs-on: ubuntu-latest # Assuming Kotlin projects can be built on Linux
@@ -21,7 +25,6 @@ jobs:
           ${{ runner.os }}-gradle-
     - uses: ruby/setup-ruby@v1
       with:
-        ruby-version: '3.2'
         bundler-cache: true # Runs 'bundle install' and caches installed gems automatically
     - name: Generate Kotlin Code & Run Tests
       run: bundle exec rake test_kotlin

.github/workflows/pull-request.yml

@@ -3,10 +3,9 @@ on:
   push:
     branches:
       - main
+  pull_request:
 jobs:
   test:
-    env:
-      CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
     strategy:
       fail-fast: false
       matrix:
@@ -20,5 +19,5 @@ jobs:
       with:
         ruby-version: ${{ matrix.ruby }}
         bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-    - name: Run tests
+    - name: Run tests and linter
       run: bundle exec rake

.github/workflows/push.yml .github/workflows/run-tests.yml

@@ -1,5 +1,9 @@
 name: Swift Tests
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
 jobs:
   test:
     runs-on: macos-latest
@@ -8,7 +12,6 @@ jobs:
     - uses: actions/checkout@v2
     - uses: ruby/setup-ruby@v1
       with:
-        ruby-version: '3.1'
         bundler-cache: true # Runs 'bundle install' and caches installed gems automatically
     - name: Generate Swift Code & Run Tests
       run: bundle exec rake test_swift

.github/workflows/swift-tests.yml

@@ -1 +1 @@
-3.2.2
+3.3.3

.ruby-version

@@ -5,6 +5,7 @@ source "https://rubygems.org"
 # Specify your gem's dependencies in arkana.gemspec
 gemspec
 
+gem "bundler", "< 2.5" # 2.4.x is the latest that supports Ruby 2.7, which is the minimum required by Arkana
 gem "rake"
 gem "rspec"
 gem "rubocop"

Gemfile

@@ -10,61 +10,53 @@ GEM
   remote: https://rubygems.org/
   specs:
     ast (2.4.2)
-    base64 (0.1.1)
-    diff-lcs (1.5.0)
+    diff-lcs (1.5.1)
     docile (1.4.0)
     dotenv (2.8.1)
-    json (2.6.3)
+    json (2.7.2)
     language_server-protocol (3.17.0.3)
-    parallel (1.23.0)
-    parser (3.2.2.3)
+    parallel (1.25.1)
+    parser (3.3.3.0)
       ast (~> 2.4.1)
       racc
     pastel (0.8.0)
       tty-color (~> 0.5)
-    racc (1.7.1)
+    racc (1.8.0)
     rainbow (3.1.1)
-    rake (13.0.6)
-    regexp_parser (2.8.1)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
-    rspec (3.12.0)
-      rspec-core (~> 3.12.0)
-      rspec-expectations (~> 3.12.0)
-      rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.2)
-      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.3)
+    rake (13.2.1)
+    regexp_parser (2.9.2)
+    rexml (3.3.0)
+      strscan
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.6)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-support (3.12.1)
-    rubocop (1.56.3)
-      base64 (~> 0.1.1)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.1)
+    rubocop (1.64.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.2.3)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.28.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.29.0)
-      parser (>= 3.2.1.0)
-    rubocop-capybara (2.18.0)
-      rubocop (~> 1.41)
-    rubocop-factory_bot (2.23.1)
-      rubocop (~> 1.33)
+    rubocop-ast (1.31.3)
+      parser (>= 3.3.1.0)
     rubocop-rake (0.6.0)
       rubocop (~> 1.0)
-    rubocop-rspec (2.24.0)
-      rubocop (~> 1.33)
-      rubocop-capybara (~> 2.17)
-      rubocop-factory_bot (~> 2.22)
+    rubocop-rspec (3.0.1)
+      rubocop (~> 1.61)
     ruby-progressbar (1.13.0)
     simplecov (0.22.0)
       docile (~> 1.1)
@@ -82,19 +74,20 @@ GEM
       tty-cursor (~> 0.7)
       tty-screen (~> 0.8)
       wisper (~> 2.0)
-    tty-screen (0.8.1)
-    unicode-display_width (2.4.2)
+    tty-screen (0.8.2)
+    unicode-display_width (2.5.0)
     wisper (2.0.1)
     yaml (0.3.0)
 
 PLATFORMS
-  arm64-darwin-21
+  arm64-darwin-23
   ruby
   x86_64-darwin-19
   x86_64-linux
 
 DEPENDENCIES
   arkana!
+  bundler (< 2.5)
   rake
   rspec
   rubocop
@@ -104,4 +97,4 @@ DEPENDENCIES
   tty-prompt
 
 BUNDLED WITH
-   2.2.32
+   2.3.27

Gemfile.lock

@@ -139,21 +139,21 @@ Usage: arkana [options]
 > [!NOTE]
 > For the complete set of args, look at the [options](#options) section.
 
-### Config File
+## Config File
 
 The `arkana.yml` would typically contain 3 important sections:
 
 - **Environments**: This is typically where you specify `debug`, `release` or other environments which you wish to create.
 - **Environment Secrets**: This is where you declare the keys which will be ultimately exposed to your app, like `apiKey`.
 - **Global Secrets**: Here you'd declare keys which are the same across all environments.
 
-### Environment File
+## Environment File
 
 The environment (`.env`) file contains the actual secrets for each environment. While config file declares the keys, they are assigned encrypted values from this file.
 
 This file is optional, but quite handy in local development. `.env` files shouldn't be committed as they contain your secrets. Instead, they should be stored in a secure location, like your CI/CD server as environment variables (all CI/CD servers have a way to store secrets securely). See [Continuous Integration](#continuous-integration) for more information.
 
-#### Sample
+### Sample
 
 A config file as shown below:
 
@@ -420,9 +420,9 @@ This encoding mechanism makes it difficult for attackers to simply just read you
 Key security is difficult. Right now even the biggest apps get their keys [leaked](https://threatpost.com/twitter-oauth-api-keys-leaked-030713/77597). This is neatly summed up by John Adams of the Twitter Security Team on [Quora](http://www.quora.com/Twitter-1/How-were-the-Twitter-iPhone-and-Android-OAuth-keys-leaked).
 
 > Putting this in the context of, "should you be storing keys in software", is more appropriate. Many companies do this. It's never a good idea.
-
+>
 > When developers do that, other developers can use debuggers and string searching commands to extract those keys from the running application. There are numerous talks on how to do that, but leave that as an exercise to the reader to find those talks.
-
+>
 > Many people believe that obfuscating these keys in code will help. It usually won't because you can just run a debugger and find the fully functional keys.
 
 So in summary, the ideal way to store keys is to not store keys. In reality though most Apps embed keys, and this does that and adds some rudimentary obfuscation to the keys. A well motivated app cracker could probably extract this within a few minutes however.

README.md

@@ -3,6 +3,7 @@
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 require "tty-prompt"
+require "tmpdir"
 
 RSpec::Core::RakeTask.new(:spec)
 
@@ -14,21 +15,28 @@ task default: %i[spec rubocop]
 
 desc "Generates Swift source code and run its unit tests."
 task :test_swift do
-  sh("ARKANA_RUNNING_CI_INTEGRATION_TESTS=true bin/arkana --config-filepath spec/fixtures/swift-tests.yml --dotenv-filepath spec/fixtures/.env.fruitloops --include-environments dev,staging")
-  Dir.chdir("tests/MySecrets") do
+  config_file = File.absolute_path("spec/fixtures/swift-tests.yml")
+  dotenv_file = File.absolute_path("spec/fixtures/.env.fruitloops")
+  with_temp_dir do |temp_dir|
+    puts "Current working directory: #{temp_dir}"
+    sh("ARKANA_RUNNING_CI_INTEGRATION_TESTS=true arkana --config-filepath #{config_file} --dotenv-filepath #{dotenv_file} --include-environments dev,staging")
+    Dir.chdir("tests/MySecrets")
     sh("swift test")
   end
-  FileUtils.rm_rf("tests")
 end
 
 desc "Generates Kotlin source code and run its unit tests."
 task :test_kotlin do
-  FileUtils.copy_entry("spec/fixtures/kotlin", "tests")
-  sh("ARKANA_RUNNING_CI_INTEGRATION_TESTS=true bin/arkana --lang kotlin --config-filepath spec/fixtures/kotlin-tests.yml --dotenv-filepath spec/fixtures/.env.fruitloops --include-environments dev,staging")
-  Dir.chdir("tests") do
+  config_file = File.absolute_path("spec/fixtures/kotlin-tests.yml")
+  dotenv_file = File.absolute_path("spec/fixtures/.env.fruitloops")
+  directory_to_copy = File.absolute_path("spec/fixtures/kotlin")
+  with_temp_dir do |temp_dir|
+    puts "Current working directory: #{temp_dir}"
+    FileUtils.copy_entry(directory_to_copy, "tests")
+    sh("ARKANA_RUNNING_CI_INTEGRATION_TESTS=true arkana --lang kotlin --config-filepath #{config_file} --dotenv-filepath #{dotenv_file} --include-environments dev,staging")
+    Dir.chdir("tests")
     sh("./gradlew test")
   end
-  FileUtils.rm_rf("tests")
 end
 
 desc "Sets lib version to the semantic version given, and push it to remote."
@@ -45,3 +53,15 @@ task :bump, [:v] do |_t, args|
   sh("git commit -m 'Bump app version to v#{version}.'")
   sh("git push origin")
 end
+
+# Utilities
+
+# Run tests in a different folder because when running in the same root folder as the gem,
+# there can be "relative_require" that happen to work in the test but wouldn't work when installing the gem in a different project.
+def with_temp_dir
+  Dir.mktmpdir do |temp_dir|
+    Dir.chdir(temp_dir) do
+      yield temp_dir
+    end
+  end
+end

Rakefile

@@ -26,10 +26,9 @@ def self.encode(string, cipher)
       result << (byte ^ cipher[index % cipher.length]) # XOR operation with a value of the cipher array.
     end
 
-    encoded_key = []
-    result.each do |element|
+    encoded_key = result.map do |element|
       # Warning: this might be specific to Swift implementation. When generating code for other languages, beware.
-      encoded_key << format("%#x", element) # Format the binary number to "0xAB" format.
+      format("%#x", element) # Format the binary number to "0xAB" format.
     end
 
     encoded_key.join(", ")

lib/arkana/encoder.rb

@@ -10,10 +10,9 @@ class Salt
 
   def initialize(raw:)
     @raw = raw
-    formatted_salt = []
-    raw.each do |element|
+    formatted_salt = raw.map do |element|
       # Warning: this might be specific to Swift implementation. When generating code for other languages, beware.
-      formatted_salt << format("%#x", element)
+      format("%#x", element)
     end
     @formatted = formatted_salt.join(", ")
   end

lib/arkana/models/salt.rb

@@ -1,5 +1,5 @@
-<% require_relative "lib/arkana/helpers/string" %>
-<% require_relative "lib/arkana/helpers/kotlin_template_helper" %>
+<% require "arkana/helpers/string" %>
+<% require "arkana/helpers/kotlin_template_helper" %>
 <% # TODO: Sort these import statements alphabetically %>
 // DO NOT MODIFY
 // Automatically generated by Arkana (https://github.com/rogerluan/arkana)

lib/arkana/templates/kotlin/arkana.kt.erb

@@ -1,5 +1,5 @@
-<% require_relative "lib/arkana/helpers/string" %>
-<% require_relative "lib/arkana/helpers/kotlin_template_helper" %>
+<% require "arkana/helpers/string" %>
+<% require "arkana/helpers/kotlin_template_helper" %>
 // DO NOT MODIFY
 // Automatically generated by Arkana (https://github.com/rogerluan/arkana)
 package <%= @kotlin_package_name %>

lib/arkana/templates/kotlin/arkana_protocol.kt.erb

@@ -1,5 +1,5 @@
-<% require_relative "lib/arkana/helpers/string" %>
-<% require_relative "lib/arkana/helpers/kotlin_template_helper" %>
+<% require "arkana/helpers/string" %>
+<% require "arkana/helpers/kotlin_template_helper" %>
 // DO NOT MODIFY
 // Automatically generated by Arkana (https://github.com/rogerluan/arkana)
 package <%= @kotlin_package_name %>

lib/arkana/templates/kotlin/arkana_tests.kt.erb

@@ -1,5 +1,5 @@
-<% require_relative "lib/arkana/helpers/string" %>
-<% require_relative "lib/arkana/helpers/swift_template_helper" %>
+<% require "arkana/helpers/string" %>
+<% require "arkana/helpers/swift_template_helper" %>
 <% # TODO: Sort these import statements alphabetically %>
 // DO NOT MODIFY
 // Automatically generated by Arkana (https://github.com/rogerluan/arkana)

lib/arkana/templates/swift/arkana.swift.erb

@@ -1,5 +1,5 @@
-<% require_relative "lib/arkana/helpers/string" %>
-<% require_relative "lib/arkana/helpers/swift_template_helper" %>
+<% require "arkana/helpers/string" %>
+<% require "arkana/helpers/swift_template_helper" %>
 // DO NOT MODIFY
 // Automatically generated by Arkana (https://github.com/rogerluan/arkana)
 

lib/arkana/templates/swift/arkana_protocol.swift.erb

@@ -55,7 +55,7 @@
     end
   end
 
-  describe `#environment_keys` do
+  describe "#environment_keys" do
     context "when there are no environments" do
       subject { super().environment_keys }
 
@@ -130,7 +130,7 @@
     end
   end
 
-  describe `#all_keys` do
+  describe "#all_keys" do
     it "is not empty" do
       expect(subject.all_keys).not_to be_empty
     end

spec/models/config_spec.rb

@@ -18,7 +18,7 @@
     end
   end
 
-  describe `#environment` do
+  describe "#environment" do
     subject { super().environment }
 
     context "when key is equal to protocol_key" do