added github actions flow

.github/workflows/brakeman-scan.yml

@@ -0,0 +1,24 @@
+name: Brakeman Scan
+on:
+  pull_request:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  base:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.2.0
+          bundler-cache: true
+      - name: Install brakeman
+        run: gem install brakeman
+      - name: Static code analyses for security
+        run: brakeman

.github/workflows/bundle-audit.yml

@@ -0,0 +1,25 @@
+name: Bundle Audit
+on:
+  pull_request:
+  schedule:
+    - cron: "0 0 * * *"
+jobs:
+  base:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.2.0
+          bundler-cache: true
+      - name: Install bundler-audit
+        run: gem install bundler-audit
+      - name: Check dependencies with known vulnerabilities
+        run: bundle-audit --update
+      - name: Check javascript dependencies
+        run: yarn audit

.github/workflows/ruby.yml

@@ -0,0 +1,59 @@
+name: Github Testing
+on: [push]
+
+jobs:
+  test:
+    services:
+      postgres:
+        image: postgres:15
+        ports: ["5432:5432"]
+        env:
+          POSTGRES_PASSWORD: password
+          POSTGRES_USERNAME: postgres
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-20.04]
+        ruby: [ '3.2.0' ]
+    runs-on: ${{ matrix.os }}
+    continue-on-error: ${{ endsWith(matrix.ruby, 'head') || matrix.ruby == 'debug' }}
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - name: config bundler
+        run:  |
+          bundle config set without 'development staging production'
+          bundle config set deployment '[secure]'
+          bundle env
+          head -n1 $(which bundle)
+
+      - name: Run Tests
+        env:
+          PG_DATABASE: postgres
+          PG_HOST: localhost
+          PG_USER: postgres
+          PG_PASSWORD: password
+          PG_PORT: ${{ job.services.postgres.ports[5432] }}
+          RAILS_ENV: test
+          COVERAGE: true
+          DISABLE_SPRING: 1
+        run: |
+          cp config/application.yml.example config/application.yml
+          cp config/database_ci.yml config/database.yml
+          bundle exec rake db:create
+          bundle exec rake db:migrate
+          bundle exec rake db:schema:load
+          bundle exec rake db:seed
+          bundle exec rails assets:precompile
+          bundle exec rspec spec
+
+      - name: Dependabot
+        if: ${{ github.event.label.name == 'dependencies' }}
+        run: bundle exec rails assets:precompile

.rubocop.yml

@@ -0,0 +1,3 @@
+AllCops:
+  Exclude:
+    - 'spec/**/*'

Gemfile

@@ -20,7 +20,7 @@ gem 'omniauth-tara', github: 'internetee/omniauth-tara'
 gem 'pg', '~> 1.1'
 gem 'propshaft'
 gem 'puma', '~> 5.0'
-gem 'rails', '~> 7.0.4', '>= 7.0.4.3'
+gem 'rails', '~> 7.0.5', '>= 7.0.5.1'
 gem 'redis', '~> 4.0'
 gem 'redis-namespace'
 gem 'sidekiq', '<7'
@@ -47,6 +47,8 @@ group :development, :test do
   gem 'rspec-rails'
   gem 'vcr'
   gem 'webmock'
+  gem 'brakeman', require: false
+  gem 'bundle-audit', require: false
 end
 
 group :development do