diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ef16fc47..dd11098d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -130,6 +130,7 @@ jobs:
- name: Setup the stack
run: |
+ docker run --rm "${DOCKER_APP_IMAGE}" rails secret > /tmp/secret_key_base
docker compose build --quiet
docker compose pull --quiet
docker compose up --wait
diff --git a/.idea/altmedia.iml b/.idea/altmedia.iml
index d53b377f..088d39d6 100644
--- a/.idea/altmedia.iml
+++ b/.idea/altmedia.iml
@@ -31,17 +31,17 @@
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
@@ -91,7 +91,7 @@
-
+
@@ -159,10 +159,10 @@
-
+
-
+
@@ -216,6 +216,7 @@
+
@@ -391,20 +392,11 @@
-
-
-
-
-
-
-
-
-
@@ -687,7 +679,6 @@
-
diff --git a/Gemfile b/Gemfile
index dfd5981b..f112668a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -21,6 +21,7 @@ gem 'jquery-rails'
gem 'jquery-ui-rails'
gem 'jwt', '~> 1.5', '>= 1.5.4'
gem 'lograge', '>=0.11.2'
+gem 'mutex_m' # Deprecation warning.
gem 'netaddr', '~> 1.5', '>= 1.5.1'
gem 'net-ssh'
gem 'okcomputer', '~> 1.19'
@@ -30,7 +31,7 @@ gem 'omniauth-rails_csrf_protection', '~> 1.0'
gem 'pg', '~> 1.2'
gem 'prawn', '~> 2.4'
gem 'puma', '~> 4.3', '>= 4.3.12'
-gem 'rails', '~> 7.1.6'
+gem 'rails', '~> 7.2.3'
gem 'recaptcha', '~> 4.13'
gem 'sprockets', '~> 4.0'
gem 'tzinfo-data', platforms: %i[windows jruby]
diff --git a/Gemfile.lock b/Gemfile.lock
index 926fca71..7d215caa 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,85 +1,79 @@
GEM
remote: https://rubygems.org/
specs:
- actioncable (7.1.6)
- actionpack (= 7.1.6)
- activesupport (= 7.1.6)
+ actioncable (7.2.3)
+ actionpack (= 7.2.3)
+ activesupport (= 7.2.3)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
zeitwerk (~> 2.6)
- actionmailbox (7.1.6)
- actionpack (= 7.1.6)
- activejob (= 7.1.6)
- activerecord (= 7.1.6)
- activestorage (= 7.1.6)
- activesupport (= 7.1.6)
- mail (>= 2.7.1)
- net-imap
- net-pop
- net-smtp
- actionmailer (7.1.6)
- actionpack (= 7.1.6)
- actionview (= 7.1.6)
- activejob (= 7.1.6)
- activesupport (= 7.1.6)
- mail (~> 2.5, >= 2.5.4)
- net-imap
- net-pop
- net-smtp
+ actionmailbox (7.2.3)
+ actionpack (= 7.2.3)
+ activejob (= 7.2.3)
+ activerecord (= 7.2.3)
+ activestorage (= 7.2.3)
+ activesupport (= 7.2.3)
+ mail (>= 2.8.0)
+ actionmailer (7.2.3)
+ actionpack (= 7.2.3)
+ actionview (= 7.2.3)
+ activejob (= 7.2.3)
+ activesupport (= 7.2.3)
+ mail (>= 2.8.0)
rails-dom-testing (~> 2.2)
- actionpack (7.1.6)
- actionview (= 7.1.6)
- activesupport (= 7.1.6)
+ actionpack (7.2.3)
+ actionview (= 7.2.3)
+ activesupport (= 7.2.3)
cgi
nokogiri (>= 1.8.5)
racc
- rack (>= 2.2.4)
+ rack (>= 2.2.4, < 3.3)
rack-session (>= 1.0.1)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6)
- actiontext (7.1.6)
- actionpack (= 7.1.6)
- activerecord (= 7.1.6)
- activestorage (= 7.1.6)
- activesupport (= 7.1.6)
+ useragent (~> 0.16)
+ actiontext (7.2.3)
+ actionpack (= 7.2.3)
+ activerecord (= 7.2.3)
+ activestorage (= 7.2.3)
+ activesupport (= 7.2.3)
globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
- actionview (7.1.6)
- activesupport (= 7.1.6)
+ actionview (7.2.3)
+ activesupport (= 7.2.3)
builder (~> 3.1)
cgi
erubi (~> 1.11)
rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6)
- activejob (7.1.6)
- activesupport (= 7.1.6)
+ activejob (7.2.3)
+ activesupport (= 7.2.3)
globalid (>= 0.3.6)
- activemodel (7.1.6)
- activesupport (= 7.1.6)
- activerecord (7.1.6)
- activemodel (= 7.1.6)
- activesupport (= 7.1.6)
+ activemodel (7.2.3)
+ activesupport (= 7.2.3)
+ activerecord (7.2.3)
+ activemodel (= 7.2.3)
+ activesupport (= 7.2.3)
timeout (>= 0.4.0)
- activestorage (7.1.6)
- actionpack (= 7.1.6)
- activejob (= 7.1.6)
- activerecord (= 7.1.6)
- activesupport (= 7.1.6)
+ activestorage (7.2.3)
+ actionpack (= 7.2.3)
+ activejob (= 7.2.3)
+ activerecord (= 7.2.3)
+ activesupport (= 7.2.3)
marcel (~> 1.0)
- activesupport (7.1.6)
+ activesupport (7.2.3)
base64
benchmark (>= 0.3)
bigdecimal
- concurrent-ruby (~> 1.0, >= 1.0.2)
+ concurrent-ruby (~> 1.0, >= 1.3.1)
connection_pool (>= 2.2.5)
drb
i18n (>= 1.6, < 2)
logger (>= 1.4.2)
minitest (>= 5.1)
- mutex_m
securerandom (>= 0.3)
- tzinfo (~> 2.0)
+ tzinfo (~> 2.0, >= 2.0.5)
addressable (2.8.1)
public_suffix (>= 2.0.2, < 6.0)
amazing_print (1.8.1)
@@ -325,20 +319,20 @@ GEM
rackup (1.0.1)
rack (< 3)
webrick
- rails (7.1.6)
- actioncable (= 7.1.6)
- actionmailbox (= 7.1.6)
- actionmailer (= 7.1.6)
- actionpack (= 7.1.6)
- actiontext (= 7.1.6)
- actionview (= 7.1.6)
- activejob (= 7.1.6)
- activemodel (= 7.1.6)
- activerecord (= 7.1.6)
- activestorage (= 7.1.6)
- activesupport (= 7.1.6)
+ rails (7.2.3)
+ actioncable (= 7.2.3)
+ actionmailbox (= 7.2.3)
+ actionmailer (= 7.2.3)
+ actionpack (= 7.2.3)
+ actiontext (= 7.2.3)
+ actionview (= 7.2.3)
+ activejob (= 7.2.3)
+ activemodel (= 7.2.3)
+ activerecord (= 7.2.3)
+ activestorage (= 7.2.3)
+ activesupport (= 7.2.3)
bundler (>= 1.15.0)
- railties (= 7.1.6)
+ railties (= 7.2.3)
rails-dom-testing (2.3.0)
activesupport (>= 5.0.0)
minitest
@@ -346,11 +340,11 @@ GEM
rails-html-sanitizer (1.6.2)
loofah (~> 2.21)
nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
- railties (7.1.6)
- actionpack (= 7.1.6)
- activesupport (= 7.1.6)
+ railties (7.2.3)
+ actionpack (= 7.2.3)
+ activesupport (= 7.2.3)
cgi
- irb
+ irb (~> 1.13)
rackup (>= 1.0.0)
rake (>= 12.2)
thor (~> 1.0, >= 1.2.2)
@@ -488,6 +482,7 @@ GEM
unicode-display_width (3.1.4)
unicode-emoji (~> 4.0, >= 4.0.4)
unicode-emoji (4.0.4)
+ useragent (0.16.11)
web-console (4.2.0)
actionview (>= 6.0.0)
activemodel (>= 6.0.0)
@@ -538,6 +533,7 @@ DEPENDENCIES
jwt (~> 1.5, >= 1.5.4)
listen (~> 3.2)
lograge (>= 0.11.2)
+ mutex_m
net-ssh
netaddr (~> 1.5, >= 1.5.1)
okcomputer (~> 1.19)
@@ -547,7 +543,7 @@ DEPENDENCIES
pg (~> 1.2)
prawn (~> 2.4)
puma (~> 4.3, >= 4.3.12)
- rails (~> 7.1.6)
+ rails (~> 7.2.3)
recaptcha (~> 4.13)
roo (~> 2.8)
rspec (~> 3.13)
diff --git a/app/models/efees_invoice.rb b/app/models/efees_invoice.rb
index e5f9e10d..b1e84239 100644
--- a/app/models/efees_invoice.rb
+++ b/app/models/efees_invoice.rb
@@ -21,7 +21,7 @@ def decode(token)
end
def secret
- Rails.application.secrets.secret_key_base
+ Rails.application.secret_key_base
end
end
diff --git a/bin/brakeman b/bin/brakeman
index 4b790031..ace1c9ba 100755
--- a/bin/brakeman
+++ b/bin/brakeman
@@ -1,29 +1,7 @@
#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-#
-# This file was generated by Bundler.
-#
-# The application 'brakeman' is installed as part of a gem, and
-# this file is here to facilitate running it.
-#
-
-require "pathname"
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
- Pathname.new(__FILE__).realpath)
-
-bundle_binstub = File.expand_path("../bundle", __FILE__)
-
-if File.file?(bundle_binstub)
- if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
- load(bundle_binstub)
- else
- abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
-Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
- end
-end
-
require "rubygems"
require "bundler/setup"
+ARGV.unshift("--ensure-latest")
+
load Gem.bin_path("brakeman", "brakeman")
diff --git a/bin/rubocop b/bin/rubocop
index d0c48829..40330c0f 100755
--- a/bin/rubocop
+++ b/bin/rubocop
@@ -1,29 +1,8 @@
#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-#
-# This file was generated by Bundler.
-#
-# The application 'rubocop' is installed as part of a gem, and
-# this file is here to facilitate running it.
-#
-
-require "pathname"
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
- Pathname.new(__FILE__).realpath)
-
-bundle_binstub = File.expand_path("../bundle", __FILE__)
-
-if File.file?(bundle_binstub)
- if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
- load(bundle_binstub)
- else
- abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
-Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
- end
-end
-
require "rubygems"
require "bundler/setup"
+# explicit rubocop config increases performance slightly while avoiding config confusion.
+ARGV.unshift("--config", File.expand_path("../.rubocop.yml", __dir__))
+
load Gem.bin_path("rubocop", "rubocop")
diff --git a/config/application.rb b/config/application.rb
index 13d2b032..f8fe966a 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -51,7 +51,12 @@ def log_active_storage_root!(active_storage_root)
end
- config.load_defaults 7.1
+ config.load_defaults 7.2
+
+ # Please, add to the `ignore` list any other `lib` subdirectories that do
+ # not contain `.rb` files, or that should not be reloaded or eager loaded.
+ # Common ones are `templates`, `generators`, or `middleware`, for example.
+ config.autoload_lib(ignore: %w[tasks])
# Load our custom config. This is implicitly consumed in a few remaining
# places (e.g. RequestMailer). A good development improvement would be to
diff --git a/config/boot.rb b/config/boot.rb
index 8546952f..30f5120d 100644
--- a/config/boot.rb
+++ b/config/boot.rb
@@ -1,4 +1,3 @@
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
require 'bundler/setup' # Set up gems listed in the Gemfile.
-require 'logger' # Fix concurrent-ruby removing logger dependency which Rails itself does not have
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 06befb7d..f8fcc64c 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -21,7 +21,7 @@
# Enabling Lograge
config.lograge.enabled = true
- # Enable server timing
+ # Enable server timing.
config.server_timing = true
# Enable/disable caching. By default caching is disabled.
@@ -45,6 +45,9 @@
# Fake sending of emails
config.action_mailer.delivery_method = :test
+
+ # Disable caching for Action Mailer templates even if Action Controller
+ # caching is enabled.
config.action_mailer.perform_caching = false
# Print deprecation notices to the Rails logger.
@@ -82,7 +85,7 @@
# Uncomment if you wish to allow Action Cable access from any origin.
# config.action_cable.disable_request_forgery_protection = true
- # Raise error when a before_action's only/except options reference missing actions
+ # Raise error when a before_action's only/except options reference missing actions.
config.action_controller.raise_on_missing_callback_actions = true
# Configure the default host - this is used by Stack Pass's mailer, to create a link
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 295073b2..f6a86f54 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -50,7 +50,7 @@
# config.assume_ssl = true
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
- # config.force_ssl = true
+ config.force_ssl = true
# Prepend all log lines with the following tags.
config.log_tags = [:request_id]
@@ -67,6 +67,8 @@
# config.active_job.queue_adapter = :resque
# config.active_job.queue_name_prefix = "framework_production"
+ # Disable caching for Action Mailer templates even if Action Controller
+ # caching is enabled.
config.action_mailer.perform_caching = false
# Ignore bad email addresses and do not raise email delivery errors.
@@ -83,6 +85,9 @@
# Do not dump schema after migrations.
config.active_record.dump_schema_after_migration = false
+ # Only use :id for inspections in production.
+ config.active_record.attributes_for_inspect = [:id]
+
# Enable DNS rebinding protection and other `Host` header attacks.
# config.hosts = [
# "example.com", # Allow requests from example.com
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 018bcda4..0af46bc6 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -37,6 +37,8 @@
# Store uploaded files on the local file system in a temporary directory.
config.active_storage.service = :test
+ # Disable caching for Action Mailer templates even if Action Controller
+ # caching is enabled.
config.action_mailer.perform_caching = false
# Tell Action Mailer not to deliver emails to the real world.
@@ -49,7 +51,7 @@
config.active_job.queue_adapter = :test
# Print deprecation notices to the stderr.
- # config.active_support.deprecation = :stderr
+ config.active_support.deprecation = :stderr
# Raise exceptions for disallowed deprecations.
config.active_support.disallowed_deprecation = :raise
@@ -63,7 +65,7 @@
# Annotate rendered view with file names.
# config.action_view.annotate_rendered_view_with_filenames = true
- # Raise error when a before_action's only/except options reference missing actions
+ # Raise error when a before_action's only/except options reference missing actions.
config.action_controller.raise_on_missing_callback_actions = true
# Test mode short-circuits the entire auth flow
diff --git a/config/puma.rb b/config/puma.rb
index 7707dd9b..b1b37118 100644
--- a/config/puma.rb
+++ b/config/puma.rb
@@ -1,34 +1,33 @@
-# Puma can serve each request in a thread from an internal thread pool.
-# The `threads` method setting takes two numbers: a minimum and maximum.
-# Any libraries that use thread pools should be configured to match
-# the maximum value specified for Puma. Default is set to 5 threads for minimum
-# and maximum; this matches the default thread size of Active Record.
-#
-threads_count = ENV.fetch('RAILS_MAX_THREADS', 5)
-threads threads_count, threads_count
+# This configuration file will be evaluated by Puma. The top-level methods that
+# are invoked here are part of Puma's configuration DSL. For more information
+# about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html.
-# Specifies the `port` that Puma will listen on to receive requests; default is 3000.
+# Puma starts a configurable number of processes (workers) and each process
+# serves each request in a thread from an internal thread pool.
#
-port ENV.fetch('PORT', 3000)
-
-# Specifies the `environment` that Puma will run in.
+# The ideal number of threads per worker depends both on how much time the
+# application spends waiting for IO operations and on how much you wish to
+# prioritize throughput over latency.
#
-environment ENV.fetch('RAILS_ENV') { 'development' }
-
-# Specifies the number of `workers` to boot in clustered mode.
-# Workers are forked webserver processes. If using threads and workers together
-# the concurrency of the application would be max `threads` * `workers`.
-# Workers do not work on JRuby or Windows (both of which do not support
-# processes).
+# As a rule of thumb, increasing the number of threads will increase how much
+# traffic a given process can handle (throughput), but due to CRuby's
+# Global VM Lock (GVL) it has diminishing returns and will degrade the
+# response time (latency) of the application.
#
-# workers ENV.fetch("WEB_CONCURRENCY") { 2 }
-
-# Use the `preload_app!` method when specifying a `workers` number.
-# This directive tells Puma to first boot the application and load code
-# before forking the application. This takes advantage of Copy On Write
-# process behavior so workers use less memory.
+# The default is set to 5 threads per past Framework defaults.
#
-# preload_app!
+# Any libraries that use a connection pool or another resource pool should
+# be configured to provide at least as many connections as the number of
+# threads. This includes Active Record's `pool` parameter in `database.yml`.
+threads_count = ENV.fetch('RAILS_MAX_THREADS', 5)
+threads threads_count, threads_count
-# Allow puma to be restarted by `rails restart` command.
+# Specifies the `port` that Puma will listen on to receive requests; default is 3000.
+port ENV.fetch('PORT', 3000)
+
+# Allow puma to be restarted by `bin/rails restart` command.
plugin :tmp_restart
+
+# Specify the PID file. Defaults to tmp/pids/server.pid in development.
+# In other environments, only set the PID file if requested.
+pidfile ENV['PIDFILE'] if ENV['PIDFILE']
diff --git a/docker-compose.ci.yml b/docker-compose.ci.yml
index 99311c3e..a58e9e6a 100644
--- a/docker-compose.ci.yml
+++ b/docker-compose.ci.yml
@@ -11,6 +11,8 @@ services:
- selenium
volumes: !override
- artifacts:/opt/app/artifacts
+ secrets:
+ - SECRET_KEY_BASE
ports: !reset
worker:
@@ -24,5 +26,9 @@ services:
dbeaver: !reset
+secrets:
+ SECRET_KEY_BASE:
+ file: /tmp/secret_key_base
+
volumes:
artifacts:
diff --git a/public/robots.txt b/public/robots.txt
index 37b576a4..c19f78ab 100644
--- a/public/robots.txt
+++ b/public/robots.txt
@@ -1 +1 @@
-# See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file
+# See https://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file