Add results_controller#create

This will enable us to process a callback from GitHub Actions

app/controllers/api/results_controller.rb

@@ -0,0 +1,38 @@
+module API
+  class ResultsController < BaseController
+    before_action :authenticate_api_key!
+
+    def create
+      @rails_release = RailsRelease.find_by(version: params[:rails_version])
+      @compat = @rails_release.compats.find(params[:compat_id])
+
+      if @compat.dependencies == params.require(:dependencies).permit!.to_h
+        if @compat.process_result(params[:result])
+          head :ok
+        else
+          head :unprocessable_entity
+        end
+      else
+        head :unprocessable_entity
+      end
+    end
+
+    private
+
+    def authenticate_api_key!
+      api_key = request.headers['RAILS-BUMP-API-KEY']
+
+      return head :unauthorized if invalid_api_key?(api_key)
+
+      logger.info "API Key: #{@api_key.name}"
+    end
+
+    def invalid_api_key?(api_key)
+      return true if api_key.nil?
+
+      @api_key = APIKey.find_by(key: api_key)
+
+      return true if @api_key.nil?
+    end
+  end
+end

app/models/api_key.rb

@@ -0,0 +1,5 @@
+class APIKey < ApplicationRecord
+  validates :name, :key, presence: true, uniqueness: true
+  validates :name, length: { maximum: 50 }
+  validates :key, length: { minimum: 64, maximum: 255 }
+end

spec/controllers/api/results_controller_spec.rb

@@ -0,0 +1,73 @@
+require 'rails_helper'
+
+RSpec.describe API::ResultsController, type: :controller do
+  let(:api_key) { FactoryBot.create(:api_key) }
+  let(:rails_release) { FactoryBot.create(:rails_release) }
+  let(:compat) { FactoryBot.create(:compat, rails_release: rails_release) }
+  let(:headers) { { 'RAILS-BUMP-API-KEY' => api_key.key } }
+
+  describe "POST #create" do
+    context "with valid dependencies and result" do
+      it "creates a result and returns ok" do
+        request.headers.merge!(headers)
+
+        post :create, params: {
+          rails_version: rails_release.version,
+          compat_id: compat.id,
+          dependencies: compat.dependencies,
+          result: {
+            success: true,
+            strategy: 'some_strategy'
+          }
+        }
+
+        expect(response).to have_http_status(:ok)
+      end
+    end
+
+    context "with invalid dependencies" do
+      it "returns unprocessable entity" do
+        request.headers.merge!(headers)
+        post :create, params: {
+          rails_version: rails_release.version,
+          compat_id: compat.id,
+          dependencies: { invalid: 'dependency' },
+          result: 'some_result'
+        }
+
+        expect(response).to have_http_status(:unprocessable_entity)
+      end
+    end
+
+    context "with invalid API key" do
+      it "returns unauthorized" do
+        request.headers.merge!({ 'RAILS-BUMP-API-KEY' => '' })
+        post :create, params: {
+        rails_version: rails_release.version,
+          compat_id: compat.id,
+          dependencies: compat.dependencies,
+          result: 'some_result'
+        }
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context "if result processing fails" do
+      it "returns unprocessable entity" do
+        allow_any_instance_of(Compat).to receive(:process_result).and_return(false)
+
+        request.headers.merge!(headers)
+
+        post :create, params: {
+          rails_version: rails_release.version,
+          compat_id: compat.id,
+          dependencies: compat.dependencies,
+          result: 'some_result'
+        }
+
+        expect(response).to have_http_status(:unprocessable_entity)
+      end
+    end
+  end
+end

spec/factories/api_key_factory.rb

@@ -0,0 +1,6 @@
+FactoryBot.define do
+  factory :api_key do
+    name { "rails-bump-checker-action" }
+    key { "rails-bump-checker-action-123123123123123123123123123-123123123123123123123123123" }
+  end
+end

spec/models/api_key_spec.rb

@@ -0,0 +1,56 @@
+require 'rails_helper'
+
+RSpec.describe APIKey, type: :model do
+  describe "#valid?" do
+    let(:valid_attributes) { { name: "Valid API Key", key: "a" * 64 } }
+
+    it "is valid with valid attributes" do
+      api_key = APIKey.new(valid_attributes)
+      expect(api_key).to be_valid
+    end
+
+    it "is invalid without a name" do
+      api_key = APIKey.new(valid_attributes.except(:name))
+      expect(api_key).not_to be_valid
+      expect(api_key.errors[:name]).to include("can't be blank")
+    end
+
+    it "is invalid without a key" do
+      api_key = APIKey.new(valid_attributes.except(:key))
+      expect(api_key).not_to be_valid
+      expect(api_key.errors[:key]).to include("can't be blank")
+    end
+
+    it "is invalid with a duplicate name" do
+      APIKey.create!(valid_attributes)
+      api_key = APIKey.new(valid_attributes)
+      expect(api_key).not_to be_valid
+      expect(api_key.errors[:name]).to include("has already been taken")
+    end
+
+    it "is invalid with a duplicate key" do
+      APIKey.create!(valid_attributes)
+      api_key = APIKey.new(valid_attributes)
+      expect(api_key).not_to be_valid
+      expect(api_key.errors[:key]).to include("has already been taken")
+    end
+
+    it "is invalid with a name longer than 50 characters" do
+      api_key = APIKey.new(valid_attributes.merge(name: "a" * 51))
+      expect(api_key).not_to be_valid
+      expect(api_key.errors[:name]).to include("is too long (maximum is 50 characters)")
+    end
+
+    it "is invalid with a key shorter than 64 characters" do
+      api_key = APIKey.new(valid_attributes.merge(key: "a" * 63))
+      expect(api_key).not_to be_valid
+      expect(api_key.errors[:key]).to include("is too short (minimum is 64 characters)")
+    end
+
+    it "is invalid with a key longer than 255 characters" do
+      api_key = APIKey.new(valid_attributes.merge(key: "a" * 256))
+      expect(api_key).not_to be_valid
+      expect(api_key.errors[:key]).to include("is too long (maximum is 255 characters)")
+    end
+  end
+end