Update dependencies.

* Updates Ruby version to 3.3.6.
* Updates Node version to 20.18.0.
* Updates bundler, oj, rails, and rubocop in Ruby.
* Updates @stylistic/eslint-plugin-js, chai, eslint, sinon, and sinon-chai
  in JavaScript.
* Adds importmap-rails, kamal, litestream, solid_cable, solid_cache,
  solid_queue, sqlite3, stimulus-rails, tailwindcss-rails, and thruster in Ruby.
* Adds c8 in JavaScript.
* Removes cacheflow, dotenv, pg, prosopite, and strong_migrations in Ruby.
* Removes @babel/core, @babel/eslint-parser, @babel/preset-env,
  @babel/register, @hotwired/turbo-rails, @tailwindcss/forms,
  babel-plugin-dynamic-import-node, babel-plugin-istanbul, esbuild,
  esbuild-plugin-yaml, i18n-js, mocha-yaml-loader, nyc, tailwindcss, and yaml
  in JavaScript.

.dockerignore

@@ -0,0 +1,83 @@
+# See https://docs.docker.com/engine/reference/builder/#dockerignore-file for
+# more about ignoring files.
+
+# Ignore bundler configuration.
+/.bundle
+
+# Ignore Docker-related files.
+/.dockerignore
+/Dockerfile*
+
+# Ignore all environment files.
+/.env*
+
+# Ignore git directory and files.
+/.git/
+/.gitattributes
+/.gitignore
+
+# Ignore GitHub files.
+/.github
+
+# Ignore Ruby-related files.
+/.rubocop.yml
+/.ruby-lsp/
+
+# Ignore any asset builds.
+/app/assets/builds/*
+!/app/assets/builds/.keep
+
+# Ignore binary files.
+bin/brakeman
+bin/dev
+bin/mocha
+bin/rubocop
+bin/setup
+
+# Ignore all default key files.
+/config/master.key
+/config/credentials/*.key
+
+# Ignore development Rake tasks.
+lib/tasks/check.rake
+lib/tasks/css.rake
+lib/tasks/javascript.rake
+lib/tasks/ruby.rake
+
+# Ignore all logs and temporary files.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore any development and test files.
+/node_modules
+/spec
+/.yarn
+.erb-lint.yml
+.stylelintignore
+.stylelintrc.json
+.tool-versions
+.yarnrc.yml
+Procfile.dev
+README.md
+eslint.config.cjs
+package.json
+yarn.lock
+
+# Ignore any pre-compiled assets.
+/public/assets
+
+# Ignore any SQLite databases.
+/storage/*
+!/storage/.keep
+
+# Ignore PID files.
+/tmp/pids/*
+!/tmp/pids/
+!/tmp/pids/.keep
+
+# Ignore storage for uploaded files in development.
+/tmp/storage/*
+!/tmp/storage/
+!/tmp/storage/.keep

.env.example

@@ -0,0 +1,5 @@
+KAMAL_REGISTRY_PASSWORD="GITHUB_TOKEN"
+LITESTREAM_ACCESS_KEY_ID="S3_ACCESS_KEY"
+LITESTREAM_REPLICA_HOST="S3_HOSTNAME"
+LITESTREAM_SECRET_ACCESS_KEY="S3_ACCESS_KEY"
+SECRET_KEY_BASE="SECRET_KEY"

.erb_lint.yml

@@ -13,6 +13,8 @@ linters:
         - .rubocop.yml
       Layout/InitialIndentation:
         Enabled: false
+      Layout/LineLength:
+        Enabled: false
       Layout/TrailingEmptyLines:
         Enabled: false
       Style/FrozenStringLiteralComment:

.gitattributes

@@ -0,0 +1,15 @@
+# See https://git-scm.com/docs/gitattributes for more about git
+# attribute files.
+
+# Mark the Bundler lock file as having been generated.
+Gemfile.lock linguist-generated=true
+
+# Customize the difference command for the Rails credentials.
+config/credentials/*.yml.enc diff=rails_credentials
+config/credentials.yml.enc diff=rails_credentials
+
+# Mark the database schema as having been generated.
+db/*schema.rb linguist-generated
+
+# Mark any vendored files as having been vendored.
+vendor/* linguist-vendored

.github/dependabot.yml

@@ -0,0 +1,17 @@
+version: 2
+updates:
+- package-ecosystem: "bundler"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  open-pull-requests-limit: 10
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  open-pull-requests-limit: 10
+- package-ecosystem: "npm"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  open-pull-requests-limit: 10

.github/workflows/cd.yml

@@ -0,0 +1,52 @@
+name: CD
+
+on: # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - td-upgrades
+  workflow_call:
+
+jobs:
+  Build:
+    uses: ./.github/workflows/ci.yml
+
+  Deploy:
+    runs-on: ubuntu-latest
+    needs: Build
+    concurrency:
+      group: cd-production
+    env:
+      DESTINATION: production
+
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+
+      - name: Install Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+
+      - name: Start the SSH agent
+        uses: webfactory/ssh-agent@v0.9.0
+        with:
+            ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Set up Docker Buildx for cache
+        uses: docker/setup-buildx-action@v3
+
+      - name: Expose the GitHub Runtime for cache
+        uses: crazy-max/ghaction-github-runtime@v3
+
+      - name: Deploy the application
+        shell: bash
+        env:
+          ${{ insert }}: ${{ secrets }}
+          DOCKER_BUILDKIT: 1
+          KAMAL_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+        run: bin/kamal deploy --destination=$DESTINATION
+
+      - name: Release the Kamal lock, if needed
+        shell: bash
+        if: ${{ cancelled() || failure() }}
+        run: bin/kamal lock release --destination=$DESTINATION

.github/workflows/ci.yml

@@ -1,57 +1,50 @@
 name: CI
 
-on: [push, pull_request]
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    branches-ignore:
+      - td-upgrades
+  workflow_call:
 
 jobs:
   Ruby:
     runs-on: ubuntu-latest
 
-    services:
-      postgres:
-        image: postgres:16-alpine
-        ports: ["5432:5432"]
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-retries 10
-          --health-timeout 1s
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-
     steps:
       - name: Checkout the code
         uses: actions/checkout@v4
+
       - name: Install Ruby
         uses: ruby/setup-ruby@v1
         with:
           bundler-cache: true
-      - name: Install Node
-        uses: actions/setup-node@v4
-        with:
-          cache: "yarn"
-      - name: Install the Node dependencies
-        run: yarn install
+
       - name: Run the Ruby tests
         env:
           COVERAGE: true
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
           RAILS_ENV: test
-        run: bundle exec rails db:setup ruby:test
+          SE_AVOID_STATS: true
+        run: bin/rails db:setup ruby:test
 
   JavaScript:
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout the code
         uses: actions/checkout@v4
+
+      - name: Enable the Corepack tool
+        run: corepack enable
+
       - name: Install Node
         uses: actions/setup-node@v4
         with:
           cache: "yarn"
+          node-version-file: ".tool-versions"
+
       - name: Install the Node dependencies
         run: yarn install
+
       - name: Run the JavaScript tests
         run: yarn test:coverage
 
@@ -61,34 +54,67 @@ jobs:
     steps:
       - name: Checkout the code
         uses: actions/checkout@v4
+
       - name: Install Ruby
         uses: ruby/setup-ruby@v1
         with:
           bundler-cache: true
+
+      - name: Enable the Corepack tool
+        run: corepack enable
+
       - name: Install Node
         uses: actions/setup-node@v4
         with:
           cache: "yarn"
+          node-version-file: ".tool-versions"
+
       - name: Install the Node dependencies
         run: yarn install
+
       - name: Lint the ERB
         run: bundle exec erblint .
+
       - name: Lint the Ruby
-        run: bundle exec rubocop --parallel
+        run: bin/rubocop --format github --parallel
+
       - name: Lint the JavaScript
         run: yarn lint
+
       - name: Lint the CSS
         run: yarn lint:css
 
+  Docker:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build the image
+        uses: docker/build-push-action@v6
+        with:
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          push: false
+
   Vulnerabilities:
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout the code
         uses: actions/checkout@v4
+
       - name: Install Ruby
         uses: ruby/setup-ruby@v1
         with:
           bundler-cache: true
+
       - name: Scan for vulnerabilities
-        run: bundle exec brakeman --format github --no-pager
+        run: bin/brakeman --format github --no-pager
+
+      - name: Scan for vulnerabilities in JavaScript dependencies
+        run: bin/importmap audit

.gitignore

@@ -1,14 +1,39 @@
-/.yarn/*
+# Ignore all environment files.
+/.env*
+!.env.example
+
+# Ignore Yarn files.
+/.yarn
+
+# Ignore any asset builds.
 /app/assets/builds/*
+!/app/assets/builds/.keep
+
+# Ignore master key for decrypting credentials and more.
 /config/master.key
-/coverage/
-/log/
-/node_modules/
-/tmp/
 
-!/app/assets/builds/.keep
-!/.yarn/patches
-!/.yarn/plugins
-!/.yarn/releases
-!/.yarn/sdks
-!/.yarn/versions
+# Ignore all logs and temporary files.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore any development dependencies.
+/node_modules
+
+# Ignore any pre-compiled assets.
+/public/assets
+
+# Ignore any SQLite databases.
+/storage/*
+!/storage/.keep
+
+# Ignore PID files.
+/tmp/pids/*
+!/tmp/pids/
+!/tmp/pids/.keep
+
+# Ignore storage for uploaded files in development.
+/tmp/storage/*
+!/tmp/storage/
+!/tmp/storage/.keep

.kamal/hooks/docker-setup.sample

@@ -0,0 +1,13 @@
+#!/usr/bin/env ruby
+
+# A sample docker-setup hook
+#
+# Sets up a Docker network on defined hosts which can then be used by the application’s containers
+
+hosts = ENV["KAMAL_HOSTS"].split(",")
+
+hosts.each do |ip|
+  destination = "root@#{ip}"
+  puts "Creating a Docker network \"kamal\" on #{destination}"
+  `ssh #{destination} docker network create kamal`
+end