From 0decf6b8a88c26131e90198c42d9461488442365 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Wed, 18 Feb 2026 22:39:58 -0600 Subject: [PATCH] Update Framework to Rails 7.2 * `Rails.application.secrets` is removed; the `secret_key_base` accessor in `Rails.application` has been present since 6.x, so just use that. * Minor configuration updates for 7.2 defaults. * Add `mutex_m` to avoid deprecation warnings for Ruby 3.4. Ref: AP-270 --- .github/workflows/build.yml | 1 + .idea/altmedia.iml | 39 ++++----- Gemfile | 3 +- Gemfile.lock | 130 ++++++++++++++--------------- app/models/efees_invoice.rb | 2 +- bin/brakeman | 26 +----- bin/rubocop | 27 +----- config/application.rb | 7 +- config/boot.rb | 1 - config/environments/development.rb | 7 +- config/environments/production.rb | 7 +- config/environments/test.rb | 6 +- config/puma.rb | 53 ++++++------ docker-compose.ci.yml | 6 ++ public/robots.txt | 2 +- 15 files changed, 141 insertions(+), 176 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ef16fc47..dd11098d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -130,6 +130,7 @@ jobs: - name: Setup the stack run: | + docker run --rm "${DOCKER_APP_IMAGE}" rails secret > /tmp/secret_key_base docker compose build --quiet docker compose pull --quiet docker compose up --wait diff --git a/.idea/altmedia.iml b/.idea/altmedia.iml index d53b377f..088d39d6 100644 --- a/.idea/altmedia.iml +++ b/.idea/altmedia.iml @@ -31,17 +31,17 @@ - - - - - - - - - - - + + + + + + + + + + + @@ -91,7 +91,7 @@ - + @@ -159,10 +159,10 @@ - + - + @@ -216,6 +216,7 @@ + @@ -391,20 +392,11 @@ - - - - - - - - - @@ -687,7 +679,6 @@ - diff --git a/Gemfile b/Gemfile index dfd5981b..f112668a 100644 --- a/Gemfile +++ b/Gemfile @@ -21,6 +21,7 @@ gem 'jquery-rails' gem 'jquery-ui-rails' gem 'jwt', '~> 1.5', '>= 1.5.4' gem 'lograge', '>=0.11.2' +gem 'mutex_m' # Deprecation warning. gem 'netaddr', '~> 1.5', '>= 1.5.1' gem 'net-ssh' gem 'okcomputer', '~> 1.19' @@ -30,7 +31,7 @@ gem 'omniauth-rails_csrf_protection', '~> 1.0' gem 'pg', '~> 1.2' gem 'prawn', '~> 2.4' gem 'puma', '~> 4.3', '>= 4.3.12' -gem 'rails', '~> 7.1.6' +gem 'rails', '~> 7.2.3' gem 'recaptcha', '~> 4.13' gem 'sprockets', '~> 4.0' gem 'tzinfo-data', platforms: %i[windows jruby] diff --git a/Gemfile.lock b/Gemfile.lock index 926fca71..7d215caa 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,85 +1,79 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.1.6) - actionpack (= 7.1.6) - activesupport (= 7.1.6) + actioncable (7.2.3) + actionpack (= 7.2.3) + activesupport (= 7.2.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.1.6) - actionpack (= 7.1.6) - activejob (= 7.1.6) - activerecord (= 7.1.6) - activestorage (= 7.1.6) - activesupport (= 7.1.6) - mail (>= 2.7.1) - net-imap - net-pop - net-smtp - actionmailer (7.1.6) - actionpack (= 7.1.6) - actionview (= 7.1.6) - activejob (= 7.1.6) - activesupport (= 7.1.6) - mail (~> 2.5, >= 2.5.4) - net-imap - net-pop - net-smtp + actionmailbox (7.2.3) + actionpack (= 7.2.3) + activejob (= 7.2.3) + activerecord (= 7.2.3) + activestorage (= 7.2.3) + activesupport (= 7.2.3) + mail (>= 2.8.0) + actionmailer (7.2.3) + actionpack (= 7.2.3) + actionview (= 7.2.3) + activejob (= 7.2.3) + activesupport (= 7.2.3) + mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.1.6) - actionview (= 7.1.6) - activesupport (= 7.1.6) + actionpack (7.2.3) + actionview (= 7.2.3) + activesupport (= 7.2.3) cgi nokogiri (>= 1.8.5) racc - rack (>= 2.2.4) + rack (>= 2.2.4, < 3.3) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - actiontext (7.1.6) - actionpack (= 7.1.6) - activerecord (= 7.1.6) - activestorage (= 7.1.6) - activesupport (= 7.1.6) + useragent (~> 0.16) + actiontext (7.2.3) + actionpack (= 7.2.3) + activerecord (= 7.2.3) + activestorage (= 7.2.3) + activesupport (= 7.2.3) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.1.6) - activesupport (= 7.1.6) + actionview (7.2.3) + activesupport (= 7.2.3) builder (~> 3.1) cgi erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.1.6) - activesupport (= 7.1.6) + activejob (7.2.3) + activesupport (= 7.2.3) globalid (>= 0.3.6) - activemodel (7.1.6) - activesupport (= 7.1.6) - activerecord (7.1.6) - activemodel (= 7.1.6) - activesupport (= 7.1.6) + activemodel (7.2.3) + activesupport (= 7.2.3) + activerecord (7.2.3) + activemodel (= 7.2.3) + activesupport (= 7.2.3) timeout (>= 0.4.0) - activestorage (7.1.6) - actionpack (= 7.1.6) - activejob (= 7.1.6) - activerecord (= 7.1.6) - activesupport (= 7.1.6) + activestorage (7.2.3) + actionpack (= 7.2.3) + activejob (= 7.2.3) + activerecord (= 7.2.3) + activesupport (= 7.2.3) marcel (~> 1.0) - activesupport (7.1.6) + activesupport (7.2.3) base64 benchmark (>= 0.3) bigdecimal - concurrent-ruby (~> 1.0, >= 1.0.2) + concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) logger (>= 1.4.2) minitest (>= 5.1) - mutex_m securerandom (>= 0.3) - tzinfo (~> 2.0) + tzinfo (~> 2.0, >= 2.0.5) addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) amazing_print (1.8.1) @@ -325,20 +319,20 @@ GEM rackup (1.0.1) rack (< 3) webrick - rails (7.1.6) - actioncable (= 7.1.6) - actionmailbox (= 7.1.6) - actionmailer (= 7.1.6) - actionpack (= 7.1.6) - actiontext (= 7.1.6) - actionview (= 7.1.6) - activejob (= 7.1.6) - activemodel (= 7.1.6) - activerecord (= 7.1.6) - activestorage (= 7.1.6) - activesupport (= 7.1.6) + rails (7.2.3) + actioncable (= 7.2.3) + actionmailbox (= 7.2.3) + actionmailer (= 7.2.3) + actionpack (= 7.2.3) + actiontext (= 7.2.3) + actionview (= 7.2.3) + activejob (= 7.2.3) + activemodel (= 7.2.3) + activerecord (= 7.2.3) + activestorage (= 7.2.3) + activesupport (= 7.2.3) bundler (>= 1.15.0) - railties (= 7.1.6) + railties (= 7.2.3) rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest @@ -346,11 +340,11 @@ GEM rails-html-sanitizer (1.6.2) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (7.1.6) - actionpack (= 7.1.6) - activesupport (= 7.1.6) + railties (7.2.3) + actionpack (= 7.2.3) + activesupport (= 7.2.3) cgi - irb + irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) @@ -488,6 +482,7 @@ GEM unicode-display_width (3.1.4) unicode-emoji (~> 4.0, >= 4.0.4) unicode-emoji (4.0.4) + useragent (0.16.11) web-console (4.2.0) actionview (>= 6.0.0) activemodel (>= 6.0.0) @@ -538,6 +533,7 @@ DEPENDENCIES jwt (~> 1.5, >= 1.5.4) listen (~> 3.2) lograge (>= 0.11.2) + mutex_m net-ssh netaddr (~> 1.5, >= 1.5.1) okcomputer (~> 1.19) @@ -547,7 +543,7 @@ DEPENDENCIES pg (~> 1.2) prawn (~> 2.4) puma (~> 4.3, >= 4.3.12) - rails (~> 7.1.6) + rails (~> 7.2.3) recaptcha (~> 4.13) roo (~> 2.8) rspec (~> 3.13) diff --git a/app/models/efees_invoice.rb b/app/models/efees_invoice.rb index e5f9e10d..b1e84239 100644 --- a/app/models/efees_invoice.rb +++ b/app/models/efees_invoice.rb @@ -21,7 +21,7 @@ def decode(token) end def secret - Rails.application.secrets.secret_key_base + Rails.application.secret_key_base end end diff --git a/bin/brakeman b/bin/brakeman index 4b790031..ace1c9ba 100755 --- a/bin/brakeman +++ b/bin/brakeman @@ -1,29 +1,7 @@ #!/usr/bin/env ruby -# frozen_string_literal: true - -# -# This file was generated by Bundler. -# -# The application 'brakeman' is installed as part of a gem, and -# this file is here to facilitate running it. -# - -require "pathname" -ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", - Pathname.new(__FILE__).realpath) - -bundle_binstub = File.expand_path("../bundle", __FILE__) - -if File.file?(bundle_binstub) - if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ - load(bundle_binstub) - else - abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. -Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") - end -end - require "rubygems" require "bundler/setup" +ARGV.unshift("--ensure-latest") + load Gem.bin_path("brakeman", "brakeman") diff --git a/bin/rubocop b/bin/rubocop index d0c48829..40330c0f 100755 --- a/bin/rubocop +++ b/bin/rubocop @@ -1,29 +1,8 @@ #!/usr/bin/env ruby -# frozen_string_literal: true - -# -# This file was generated by Bundler. -# -# The application 'rubocop' is installed as part of a gem, and -# this file is here to facilitate running it. -# - -require "pathname" -ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", - Pathname.new(__FILE__).realpath) - -bundle_binstub = File.expand_path("../bundle", __FILE__) - -if File.file?(bundle_binstub) - if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ - load(bundle_binstub) - else - abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. -Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") - end -end - require "rubygems" require "bundler/setup" +# explicit rubocop config increases performance slightly while avoiding config confusion. +ARGV.unshift("--config", File.expand_path("../.rubocop.yml", __dir__)) + load Gem.bin_path("rubocop", "rubocop") diff --git a/config/application.rb b/config/application.rb index 13d2b032..f8fe966a 100644 --- a/config/application.rb +++ b/config/application.rb @@ -51,7 +51,12 @@ def log_active_storage_root!(active_storage_root) end - config.load_defaults 7.1 + config.load_defaults 7.2 + + # Please, add to the `ignore` list any other `lib` subdirectories that do + # not contain `.rb` files, or that should not be reloaded or eager loaded. + # Common ones are `templates`, `generators`, or `middleware`, for example. + config.autoload_lib(ignore: %w[tasks]) # Load our custom config. This is implicitly consumed in a few remaining # places (e.g. RequestMailer). A good development improvement would be to diff --git a/config/boot.rb b/config/boot.rb index 8546952f..30f5120d 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,4 +1,3 @@ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) require 'bundler/setup' # Set up gems listed in the Gemfile. -require 'logger' # Fix concurrent-ruby removing logger dependency which Rails itself does not have diff --git a/config/environments/development.rb b/config/environments/development.rb index 06befb7d..f8fcc64c 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -21,7 +21,7 @@ # Enabling Lograge config.lograge.enabled = true - # Enable server timing + # Enable server timing. config.server_timing = true # Enable/disable caching. By default caching is disabled. @@ -45,6 +45,9 @@ # Fake sending of emails config.action_mailer.delivery_method = :test + + # Disable caching for Action Mailer templates even if Action Controller + # caching is enabled. config.action_mailer.perform_caching = false # Print deprecation notices to the Rails logger. @@ -82,7 +85,7 @@ # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true - # Raise error when a before_action's only/except options reference missing actions + # Raise error when a before_action's only/except options reference missing actions. config.action_controller.raise_on_missing_callback_actions = true # Configure the default host - this is used by Stack Pass's mailer, to create a link diff --git a/config/environments/production.rb b/config/environments/production.rb index 295073b2..f6a86f54 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -50,7 +50,7 @@ # config.assume_ssl = true # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - # config.force_ssl = true + config.force_ssl = true # Prepend all log lines with the following tags. config.log_tags = [:request_id] @@ -67,6 +67,8 @@ # config.active_job.queue_adapter = :resque # config.active_job.queue_name_prefix = "framework_production" + # Disable caching for Action Mailer templates even if Action Controller + # caching is enabled. config.action_mailer.perform_caching = false # Ignore bad email addresses and do not raise email delivery errors. @@ -83,6 +85,9 @@ # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false + # Only use :id for inspections in production. + config.active_record.attributes_for_inspect = [:id] + # Enable DNS rebinding protection and other `Host` header attacks. # config.hosts = [ # "example.com", # Allow requests from example.com diff --git a/config/environments/test.rb b/config/environments/test.rb index 018bcda4..0af46bc6 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -37,6 +37,8 @@ # Store uploaded files on the local file system in a temporary directory. config.active_storage.service = :test + # Disable caching for Action Mailer templates even if Action Controller + # caching is enabled. config.action_mailer.perform_caching = false # Tell Action Mailer not to deliver emails to the real world. @@ -49,7 +51,7 @@ config.active_job.queue_adapter = :test # Print deprecation notices to the stderr. - # config.active_support.deprecation = :stderr + config.active_support.deprecation = :stderr # Raise exceptions for disallowed deprecations. config.active_support.disallowed_deprecation = :raise @@ -63,7 +65,7 @@ # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true - # Raise error when a before_action's only/except options reference missing actions + # Raise error when a before_action's only/except options reference missing actions. config.action_controller.raise_on_missing_callback_actions = true # Test mode short-circuits the entire auth flow diff --git a/config/puma.rb b/config/puma.rb index 7707dd9b..b1b37118 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -1,34 +1,33 @@ -# Puma can serve each request in a thread from an internal thread pool. -# The `threads` method setting takes two numbers: a minimum and maximum. -# Any libraries that use thread pools should be configured to match -# the maximum value specified for Puma. Default is set to 5 threads for minimum -# and maximum; this matches the default thread size of Active Record. -# -threads_count = ENV.fetch('RAILS_MAX_THREADS', 5) -threads threads_count, threads_count +# This configuration file will be evaluated by Puma. The top-level methods that +# are invoked here are part of Puma's configuration DSL. For more information +# about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html. -# Specifies the `port` that Puma will listen on to receive requests; default is 3000. +# Puma starts a configurable number of processes (workers) and each process +# serves each request in a thread from an internal thread pool. # -port ENV.fetch('PORT', 3000) - -# Specifies the `environment` that Puma will run in. +# The ideal number of threads per worker depends both on how much time the +# application spends waiting for IO operations and on how much you wish to +# prioritize throughput over latency. # -environment ENV.fetch('RAILS_ENV') { 'development' } - -# Specifies the number of `workers` to boot in clustered mode. -# Workers are forked webserver processes. If using threads and workers together -# the concurrency of the application would be max `threads` * `workers`. -# Workers do not work on JRuby or Windows (both of which do not support -# processes). +# As a rule of thumb, increasing the number of threads will increase how much +# traffic a given process can handle (throughput), but due to CRuby's +# Global VM Lock (GVL) it has diminishing returns and will degrade the +# response time (latency) of the application. # -# workers ENV.fetch("WEB_CONCURRENCY") { 2 } - -# Use the `preload_app!` method when specifying a `workers` number. -# This directive tells Puma to first boot the application and load code -# before forking the application. This takes advantage of Copy On Write -# process behavior so workers use less memory. +# The default is set to 5 threads per past Framework defaults. # -# preload_app! +# Any libraries that use a connection pool or another resource pool should +# be configured to provide at least as many connections as the number of +# threads. This includes Active Record's `pool` parameter in `database.yml`. +threads_count = ENV.fetch('RAILS_MAX_THREADS', 5) +threads threads_count, threads_count -# Allow puma to be restarted by `rails restart` command. +# Specifies the `port` that Puma will listen on to receive requests; default is 3000. +port ENV.fetch('PORT', 3000) + +# Allow puma to be restarted by `bin/rails restart` command. plugin :tmp_restart + +# Specify the PID file. Defaults to tmp/pids/server.pid in development. +# In other environments, only set the PID file if requested. +pidfile ENV['PIDFILE'] if ENV['PIDFILE'] diff --git a/docker-compose.ci.yml b/docker-compose.ci.yml index 99311c3e..a58e9e6a 100644 --- a/docker-compose.ci.yml +++ b/docker-compose.ci.yml @@ -11,6 +11,8 @@ services: - selenium volumes: !override - artifacts:/opt/app/artifacts + secrets: + - SECRET_KEY_BASE ports: !reset worker: @@ -24,5 +26,9 @@ services: dbeaver: !reset +secrets: + SECRET_KEY_BASE: + file: /tmp/secret_key_base + volumes: artifacts: diff --git a/public/robots.txt b/public/robots.txt index 37b576a4..c19f78ab 100644 --- a/public/robots.txt +++ b/public/robots.txt @@ -1 +1 @@ -# See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file +# See https://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file