From 390f5a185f7c267055bce7b46176d5ef770a3f52 Mon Sep 17 00:00:00 2001
From: a9s-internal <internal-services@anynines.com>
Date: Mon, 3 Nov 2025 08:48:51 +0100
Subject: [PATCH 1/2] Update automerge dependabot workflows

---
 .github/dependabot.yml                        | 41 +++++++++++++++++++
 .../workflows/dependabot-pr-auto-merge.yml    | 30 ++++++++++++++
 .github/workflows/linter_ruby.yml             | 16 ++++++++
 3 files changed, 87 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/dependabot-pr-auto-merge.yml
 create mode 100644 .github/workflows/linter_ruby.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..7c249b6
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,41 @@
+# version: 2
+
+# registries:
+#   github:
+#     type: git
+#     url: https://github.com
+#     username: x-access-token
+#     password: "${{ secrets.GIT_TOKEN }}"
+
+# updates:
+#   - package-ecosystem: "bundler"
+#     directory: '/'
+#     registries: "*"
+#     insecure-external-code-execution: allow
+#     schedule:
+#       interval: "daily"
+#       time: "09:00"
+#       timezone: "Europe/Berlin"
+#     target-branch: "develop"
+#     labels:
+#       - "Ruby dependencies"
+
+version: 2
+
+registries:
+  github:
+    type: git
+    url: https://github.com
+    username: x-access-token
+    password: "${{ secrets.GIT_TOKEN }}" # saved as a dependabot secret
+updates:
+  - package-ecosystem: "bundler"
+    directory: "/"
+    registries: "*"
+    insecure-external-code-execution: allow
+    schedule:
+      interval: "daily"
+    target-branch: "develop"
+    labels:
+      - "Ruby dependencies"
+    
\ No newline at end of file
diff --git a/.github/workflows/dependabot-pr-auto-merge.yml b/.github/workflows/dependabot-pr-auto-merge.yml
new file mode 100644
index 0000000..c9ed65e
--- /dev/null
+++ b/.github/workflows/dependabot-pr-auto-merge.yml
@@ -0,0 +1,30 @@
+name: Dependabot auto-merge
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+  checks: read
+
+jobs:
+  dependabot-pr-auto-merge:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+
+    steps:
+      - name: Suite Status Checks
+        id: suite-checks
+        uses: poseidon/wait-for-status-checks@v0.6.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          ignore: dependabot-email-notification
+
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2
+
+      - name: Auto-merge Dependabot PR
+        run: |
+          gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}"
+        env:
+          GH_TOKEN: ${{ secrets.GIT_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/linter_ruby.yml b/.github/workflows/linter_ruby.yml
new file mode 100644
index 0000000..9a40306
--- /dev/null
+++ b/.github/workflows/linter_ruby.yml
@@ -0,0 +1,16 @@
+name: Lint and SAST
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  lint:
+    uses: anynines/int-gitops/.github/workflows/linter_ruby.yml@master
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
+
+  sast:
+    uses: anynines/int-gitops/.github/workflows/sast_ruby.yml@master
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}

From 2941f35ceaaa1fe308a51fb96cf7225fde62a251 Mon Sep 17 00:00:00 2001
From: Jan-Robin Aumann <jaumann@anynines.com>
Date: Mon, 3 Nov 2025 09:16:25 +0100
Subject: [PATCH 2/2] add rubocop

---
 .rubocop.yml | 45 +++++++++++++++++++++++++++++++++++++++++++++
 Gemfile      |  3 +++
 Gemfile.lock | 45 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 93 insertions(+)
 create mode 100644 .rubocop.yml

diff --git a/.rubocop.yml b/.rubocop.yml
new file mode 100644
index 0000000..fb535ff
--- /dev/null
+++ b/.rubocop.yml
@@ -0,0 +1,45 @@
+plugins:
+  - rubocop-performance
+  - rubocop-rails
+  - rubocop-rspec
+
+AllCops:
+  # Insert your target ruby version
+  TargetRubyVersion: 3.2.x 
+  NewCops: enable
+
+
+# Overwrite or add rules to create your own house style
+#
+# # Use `[a, [b, c]]` not `[ a, [ b, c ] ]`
+# Layout/SpaceInsideArrayLiteralBrackets:
+#   Enabled: false
+
+Layout/IndentationConsistency:
+  Enabled: true
+
+Layout/IndentationWidth:
+  Enabled: true
+
+Bundler:
+  Enabled: true
+Gemspec:
+  Enabled: true
+Layout:
+  Enabled: true
+Lint:
+  Enabled: true
+Metrics:
+  Enabled: true
+Naming:
+  Enabled: true
+Performance:
+  Enabled: true
+  Exclude:
+    - "spec/**/*"
+Rails:
+  Enabled: true
+Security:
+  Enabled: true
+Style:
+  Enabled: true
diff --git a/Gemfile b/Gemfile
index 42867ef..7c00ab9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -21,6 +21,9 @@ gem 'pg'
 gem 'nokogiri', '~> 1.18.4'
 gem "rack", "~> 2.2.13"
 
+gem "rubocop"
+gem "rubocop-rails-omakase", require: false
+
 group :test do
   gem 'byebug'
   gem 'rspec-rails'
diff --git a/Gemfile.lock b/Gemfile.lock
index 2339468..7f656de 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -70,6 +70,7 @@ GEM
     amqp (1.8.0)
       amq-protocol (>= 2.2.0)
       eventmachine
+    ast (2.4.3)
     base64 (0.2.0)
     builder (3.3.0)
     byebug (11.1.3)
@@ -98,6 +99,9 @@ GEM
     honeybadger (5.0.2)
     i18n (1.14.7)
       concurrent-ruby (~> 1.0)
+    json (2.15.2)
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
     listen (3.7.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
@@ -129,7 +133,12 @@ GEM
       racc (~> 1.4)
     nokogiri (1.18.7-x86_64-darwin)
       racc (~> 1.4)
+    parallel (1.27.0)
+    parser (3.3.10.0)
+      ast (~> 2.4.1)
+      racc
     pg (1.4.4)
+    prism (1.6.0)
     psych (3.3.4)
     racc (1.8.1)
     rack (2.2.13)
@@ -163,10 +172,12 @@ GEM
       rake (>= 12.2)
       thor (~> 1.0)
       zeitwerk (~> 2.5)
+    rainbow (3.1.1)
     rake (13.2.1)
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
+    regexp_parser (2.11.3)
     rspec-core (3.12.0)
       rspec-support (~> 3.12.0)
     rspec-expectations (3.12.0)
@@ -184,11 +195,43 @@ GEM
       rspec-mocks (~> 3.11)
       rspec-support (~> 3.11)
     rspec-support (3.12.0)
+    rubocop (1.81.7)
+      json (~> 2.3)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
+      parallel (~> 1.10)
+      parser (>= 3.3.0.2)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.47.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.47.1)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
+    rubocop-performance (1.26.1)
+      lint_roller (~> 1.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.47.1, < 2.0)
+    rubocop-rails (2.33.4)
+      activesupport (>= 4.2.0)
+      lint_roller (~> 1.1)
+      rack (>= 1.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
+    rubocop-rails-omakase (1.1.0)
+      rubocop (>= 1.72)
+      rubocop-performance (>= 1.24)
+      rubocop-rails (>= 2.30)
+    ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     thor (1.3.2)
     timeout (0.4.3)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.1.0)
     webrick (1.9.1)
     websocket-driver (0.7.7)
       base64
@@ -219,6 +262,8 @@ DEPENDENCIES
   rack (~> 2.2.13)
   rails (~> 7.0.0)
   rspec-rails
+  rubocop
+  rubocop-rails-omakase
   webrick (~> 1.7)
 
 RUBY VERSION