From e068924fadb38d61d9915e33ec524332a79b94a6 Mon Sep 17 00:00:00 2001 From: Robert Clark Date: Sun, 26 Jan 2025 01:57:17 -0500 Subject: [PATCH 01/25] Upgrade from Rails 6.1 to 7.0 --- .ruby-version | 1 - .tool-versions | 3 +- Dockerfile | 4 +- Gemfile | 18 +- Gemfile.lock | 598 -- README.md | 8 +- bin/rails | 11 +- bin/rake | 9 +- bin/setup | 27 +- config/application.rb | 18 +- config/boot.rb | 6 +- config/environment.rb | 2 +- config/environments/development.rb | 28 +- config/environments/production.rb | 55 +- config/environments/test.rb | 26 +- .../initializers/content_security_policy.rb | 35 +- .../initializers/filter_parameter_logging.rb | 8 +- config/initializers/inflections.rb | 8 +- .../new_framework_defaults_7_0.rb | 143 + config/initializers/permissions_policy.rb | 12 + ..._to_active_storage_blobs.active_storage.rb | 22 + ..._storage_variant_records.active_storage.rb | 27 + ...e_storage_blobs_checksum.active_storage.rb | 8 + db/schema.rb | 87 +- docker-compose.yml | 2 +- spec/support/capybara.rb | 12 +- yarn.lock | 4955 +++++++++-------- 27 files changed, 3097 insertions(+), 3036 deletions(-) delete mode 100644 .ruby-version delete mode 100644 Gemfile.lock create mode 100644 config/initializers/new_framework_defaults_7_0.rb create mode 100644 config/initializers/permissions_policy.rb create mode 100644 db/migrate/20250126060015_add_service_name_to_active_storage_blobs.active_storage.rb create mode 100644 db/migrate/20250126060016_create_active_storage_variant_records.active_storage.rb create mode 100644 db/migrate/20250126060017_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb diff --git a/.ruby-version b/.ruby-version deleted file mode 100644 index a603bb50..00000000 --- a/.ruby-version +++ /dev/null @@ -1 +0,0 @@ -2.7.5 diff --git a/.tool-versions b/.tool-versions index a4023dc7..5db0774c 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1 +1,2 @@ -ruby 2.7.5 +ruby 3.1.6 +nodejs 16.20.2 diff --git a/Dockerfile b/Dockerfile index 1d3c2d6c..0047a6e4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.7 +FROM ruby:3.1.6 RUN curl -sS https://deb.nodesource.com/setup_16.x | bash - RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - @@ -10,7 +10,7 @@ ENV RAILS_ENV=production RUN mkdir $APP_HOME WORKDIR $APP_HOME -RUN gem install bundler:2.2.32 +RUN gem install bundler:2.3.10 ADD Gemfile* $APP_HOME/ RUN bundle install --without development test diff --git a/Gemfile b/Gemfile index 9b621d23..71f1d385 100644 --- a/Gemfile +++ b/Gemfile @@ -2,10 +2,12 @@ source 'https://rubygems.org' -ruby '~> 2.7' +ruby '~> 3.0' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 6.1.4' +gem 'rails', '~> 7.0.0' +# TODO: Remove this once upgrading to Rails 7.1, this is required for a bug specific to Rails 7.0 +gem 'concurrent-ruby', '1.3.4' # Use postgresql as the database for Active Record gem 'pg', '>= 0.18', '< 2.0' # Use Puma as the app server @@ -61,6 +63,8 @@ gem 'fast_excel' # For writing excel files gem 'ruh-roo', '~> 3.0.0', require: 'roo' +gem 'rexml' + gem 'ox' gem 'rubyzip' @@ -69,24 +73,21 @@ gem 'mitre-inspec-objects' gem 'rest-client' group :development do - gem 'listen', '~> 3.1.5' + gem 'listen' # Access an interactive console on exception pages or by calling 'console' anywhere in the code. gem 'web-console', '>= 3.3.0' # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'letter_opener' gem 'spring' - gem 'spring-watcher-listen', '~> 2.0.0' + gem 'spring-watcher-listen' # Process manager for Procfile-based applications (development only) gem 'foreman' end group :test do # Adds support for Capybara system testing and selenium driver - gem 'capybara', '>= 2.15' + gem 'capybara' gem 'selenium-webdriver' - # Easy installation and use of web drivers to run system tests with browsers - # gem 'webdrivers' - gem 'database_cleaner-active_record' gem 'rubocop', require: false gem 'rubocop-performance' @@ -97,6 +98,7 @@ end group :development, :test do gem 'brakeman' gem 'byebug' + gem 'pry' gem 'factory_bot_rails', '~> 5.2.0' gem 'rspec-mocks' gem 'rspec-rails', '~> 4.0.0' diff --git a/Gemfile.lock b/Gemfile.lock deleted file mode 100644 index 8cddb079..00000000 --- a/Gemfile.lock +++ /dev/null @@ -1,598 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - actioncable (6.1.4.6) - actionpack (= 6.1.4.6) - activesupport (= 6.1.4.6) - nio4r (~> 2.0) - websocket-driver (>= 0.6.1) - actionmailbox (6.1.4.6) - actionpack (= 6.1.4.6) - activejob (= 6.1.4.6) - activerecord (= 6.1.4.6) - activestorage (= 6.1.4.6) - activesupport (= 6.1.4.6) - mail (>= 2.7.1) - actionmailer (6.1.4.6) - actionpack (= 6.1.4.6) - actionview (= 6.1.4.6) - activejob (= 6.1.4.6) - activesupport (= 6.1.4.6) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (6.1.4.6) - actionview (= 6.1.4.6) - activesupport (= 6.1.4.6) - rack (~> 2.0, >= 2.0.9) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.4.6) - actionpack (= 6.1.4.6) - activerecord (= 6.1.4.6) - activestorage (= 6.1.4.6) - activesupport (= 6.1.4.6) - nokogiri (>= 1.8.5) - actionview (6.1.4.6) - activesupport (= 6.1.4.6) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.4.6) - activesupport (= 6.1.4.6) - globalid (>= 0.3.6) - activemodel (6.1.4.6) - activesupport (= 6.1.4.6) - activerecord (6.1.4.6) - activemodel (= 6.1.4.6) - activesupport (= 6.1.4.6) - activerecord-import (1.3.0) - activerecord (>= 4.2) - activestorage (6.1.4.6) - actionpack (= 6.1.4.6) - activejob (= 6.1.4.6) - activerecord (= 6.1.4.6) - activesupport (= 6.1.4.6) - marcel (~> 1.0.0) - mini_mime (>= 1.1.0) - activesupport (6.1.4.6) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 1.6, < 2) - minitest (>= 5.1) - tzinfo (~> 2.0) - zeitwerk (~> 2.3) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) - aes_key_wrap (1.1.0) - amoeba (3.2.0) - activerecord (>= 4.2.0) - ast (2.4.2) - attr_required (1.0.1) - audited (5.3.3) - activerecord (>= 5.0, < 7.1) - request_store (~> 1.2) - bcrypt (3.1.16) - bindata (2.4.15) - bindex (0.8.1) - bootsnap (1.10.3) - msgpack (~> 1.2) - brakeman (5.2.1) - builder (3.2.4) - byebug (11.1.3) - capybara (3.36.0) - addressable - matrix - mini_mime (>= 0.1.3) - nokogiri (~> 1.8) - rack (>= 1.6.0) - rack-test (>= 0.6.3) - regexp_parser (>= 1.5, < 3.0) - xpath (~> 3.2) - chef-config (17.9.46) - addressable - chef-utils (= 17.9.46) - fuzzyurl - mixlib-config (>= 2.2.12, < 4.0) - mixlib-shellout (>= 2.0, < 4.0) - tomlrb (~> 1.2) - chef-telemetry (1.1.1) - chef-config - concurrent-ruby (~> 1.0) - chef-utils (17.9.46) - concurrent-ruby - coderay (1.1.3) - concurrent-ruby (1.2.2) - crass (1.0.6) - database_cleaner-active_record (2.0.1) - activerecord (>= 5.a) - database_cleaner-core (~> 2.0.0) - database_cleaner-core (2.0.1) - devise (4.8.1) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - diff-lcs (1.5.0) - docile (1.4.0) - domain_name (0.5.20190701) - unf (>= 0.0.5, < 1.0.0) - dotenv (2.8.1) - dotenv-rails (2.8.1) - dotenv (= 2.8.1) - railties (>= 3.2) - erubi (1.12.0) - erubis (2.7.0) - factory_bot (5.2.0) - activesupport (>= 4.2.0) - factory_bot_rails (5.2.0) - factory_bot (~> 5.2.0) - railties (>= 4.2.0) - faraday (1.3.1) - faraday-net_http (~> 1.0) - multipart-post (>= 1.2, < 3) - ruby2_keywords (>= 0.0.4) - faraday-net_http (1.0.1) - faraday_middleware (1.2.0) - faraday (~> 1.0) - fast_excel (0.4.0) - ffi (> 1.9, < 2) - ffaker (2.20.0) - ffi (1.15.5) - foreman (0.88.1) - fuzzyurl (0.9.0) - gitlab_omniauth-ldap (2.2.0) - net-ldap (~> 0.16) - omniauth (>= 1.3, < 3) - pyu-ruby-sasl (>= 0.0.3.3, < 0.1) - rubyntlm (~> 0.5) - gli (2.21.0) - globalid (1.0.1) - activesupport (>= 5.0) - haml (5.2.2) - temple (>= 0.8.0) - tilt - haml-rails (2.0.1) - actionpack (>= 5.1) - activesupport (>= 5.1) - haml (>= 4.0.6, < 6.0) - html2haml (>= 1.0.1) - railties (>= 5.1) - hashie (4.1.0) - highline (2.0.3) - html2haml (2.2.0) - erubis (~> 2.7.0) - haml (>= 4.0, < 6) - nokogiri (>= 1.6.0) - ruby_parser (~> 3.5) - http-accept (1.7.0) - http-cookie (1.0.5) - domain_name (~> 0.5) - httpclient (2.8.3) - i18n (1.13.0) - concurrent-ruby (~> 1.0) - inspec-core (4.24.32) - addressable (~> 2.4) - chef-telemetry (~> 1.0) - faraday (>= 0.9.0, < 1.4) - hashie (>= 3.4, < 5.0) - license-acceptance (>= 0.2.13, < 3.0) - method_source (>= 0.8, < 2.0) - mixlib-log (~> 3.0) - multipart-post (~> 2.0) - parallel (~> 1.9) - parslet (>= 1.5, < 3.0) - pry (~> 0.13) - rspec (~> 3.10) - rspec-its (~> 1.2) - rubyzip (>= 1.2.2, < 3.0) - semverse (~> 3.0) - sslshake (~> 1.2) - thor (>= 0.20, < 2.0) - tomlrb (>= 1.2, < 2.1) - train-core (~> 3.0) - tty-prompt (~> 0.17) - tty-table (~> 0.10) - jbuilder (2.11.5) - actionview (>= 5.0.0) - activesupport (>= 5.0.0) - json (2.6.1) - json-jwt (1.15.3) - activesupport (>= 4.2) - aes_key_wrap - bindata - httpclient - jwt (2.3.0) - launchy (2.5.0) - addressable (~> 2.7) - letter_opener (1.7.0) - launchy (~> 2.2) - license-acceptance (2.1.13) - pastel (~> 0.7) - tomlrb (>= 1.2, < 3.0) - tty-box (~> 0.6) - tty-prompt (~> 0.20) - listen (3.1.5) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - ruby_dep (~> 1.2) - loofah (2.19.1) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - marcel (1.0.2) - matrix (0.4.2) - method_source (1.0.0) - mime-types (3.4.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2023.0218.1) - mini_mime (1.1.2) - mini_portile2 (2.8.1) - minitest (5.18.0) - mitre-inspec-objects (0.3.3) - inspec-core - mixlib-config (3.0.9) - tomlrb - mixlib-log (3.0.9) - mixlib-shellout (3.2.5) - chef-utils - msgpack (1.4.5) - multi_json (1.15.0) - multi_xml (0.6.0) - multipart-post (2.1.1) - net-ldap (0.17.1) - net-protocol (0.2.1) - timeout - net-scp (3.0.0) - net-ssh (>= 2.6.5, < 7.0.0) - net-smtp (0.3.3) - net-protocol - net-ssh (6.1.0) - netrc (0.11.0) - nio4r (2.5.9) - nokogiri (1.14.3) - mini_portile2 (~> 2.8.0) - racc (~> 1.4) - nokogiri (1.14.3-x86_64-darwin) - racc (~> 1.4) - nokogiri (1.14.3-x86_64-linux) - racc (~> 1.4) - nokogiri-happymapper (0.9.0) - nokogiri (~> 1.5) - oauth2 (1.4.7) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (2.1.1) - hashie (>= 3.4.6) - rack (>= 2.2.3) - rack-protection - omniauth-github (2.0.0) - omniauth (~> 2.0) - omniauth-oauth2 (~> 1.7.1) - omniauth-oauth2 (1.7.2) - oauth2 (~> 1.4) - omniauth (>= 1.9, < 3) - omniauth-rails_csrf_protection (1.0.1) - actionpack (>= 4.2) - omniauth (~> 2.0) - omniauth_openid_connect (0.6.1) - omniauth (>= 1.9, < 3) - openid_connect (~> 1.1) - openid_connect (1.4.2) - activemodel - attr_required (>= 1.0.0) - json-jwt (>= 1.15.0) - net-smtp - rack-oauth2 (~> 1.21) - swd (~> 1.3) - tzinfo - validate_email - validate_url - webfinger (~> 1.2) - orm_adapter (0.5.0) - ox (2.14.9) - parallel (1.21.0) - parser (3.1.0.0) - ast (~> 2.4.1) - parslet (2.0.0) - pastel (0.8.0) - tty-color (~> 0.5) - pg (1.3.2) - pry (0.14.1) - coderay (~> 1.1) - method_source (~> 1.0) - public_suffix (4.0.6) - puma (5.6.7) - nio4r (~> 2.0) - pyu-ruby-sasl (0.0.3.3) - racc (1.6.2) - rack (2.2.6.4) - rack-oauth2 (1.21.3) - activesupport - attr_required - httpclient - json-jwt (>= 1.11.0) - rack (>= 2.1.0) - rack-protection (3.0.5) - rack - rack-proxy (0.7.2) - rack - rack-test (2.0.2) - rack (>= 1.3) - rails (6.1.4.6) - actioncable (= 6.1.4.6) - actionmailbox (= 6.1.4.6) - actionmailer (= 6.1.4.6) - actionpack (= 6.1.4.6) - actiontext (= 6.1.4.6) - actionview (= 6.1.4.6) - activejob (= 6.1.4.6) - activemodel (= 6.1.4.6) - activerecord (= 6.1.4.6) - activestorage (= 6.1.4.6) - activesupport (= 6.1.4.6) - bundler (>= 1.15.0) - railties (= 6.1.4.6) - sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.5.0) - loofah (~> 2.19, >= 2.19.1) - railties (6.1.4.6) - actionpack (= 6.1.4.6) - activesupport (= 6.1.4.6) - method_source - rake (>= 0.13) - thor (~> 1.0) - rainbow (3.1.1) - rake (13.0.6) - rb-fsevent (0.11.1) - rb-inotify (0.10.1) - ffi (~> 1.0) - regexp_parser (2.2.1) - request_store (1.5.1) - rack (>= 1.4) - responders (3.0.1) - actionpack (>= 5.0) - railties (>= 5.0) - rest-client (2.1.0) - http-accept (>= 1.7.0, < 2.0) - http-cookie (>= 1.0.2, < 2.0) - mime-types (>= 1.16, < 4.0) - netrc (~> 0.8) - rexml (3.2.6) - rspec (3.11.0) - rspec-core (~> 3.11.0) - rspec-expectations (~> 3.11.0) - rspec-mocks (~> 3.11.0) - rspec-core (3.11.0) - rspec-support (~> 3.11.0) - rspec-expectations (3.11.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.11.0) - rspec-its (1.3.0) - rspec-core (>= 3.0.0) - rspec-expectations (>= 3.0.0) - rspec-mocks (3.11.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.11.0) - rspec-rails (4.0.2) - actionpack (>= 4.2) - activesupport (>= 4.2) - railties (>= 4.2) - rspec-core (~> 3.10) - rspec-expectations (~> 3.10) - rspec-mocks (~> 3.10) - rspec-support (~> 3.10) - rspec-support (3.11.0) - rubocop (1.25.1) - parallel (~> 1.10) - parser (>= 3.1.0.0) - rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) - rexml - rubocop-ast (>= 1.15.1, < 2.0) - ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.15.2) - parser (>= 3.0.1.1) - rubocop-performance (1.13.2) - rubocop (>= 1.7.0, < 2.0) - rubocop-ast (>= 0.4.0) - rubocop-rails (2.13.2) - activesupport (>= 4.2.0) - rack (>= 1.1) - rubocop (>= 1.7.0, < 2.0) - ruby-progressbar (1.11.0) - ruby2_keywords (0.0.5) - ruby_dep (1.5.0) - ruby_parser (3.18.1) - sexp_processor (~> 4.16) - rubyntlm (0.6.3) - rubyzip (2.3.2) - ruh-roo (3.0.1) - nokogiri (~> 1) - rubyzip (>= 1.3.0, < 3.0.0) - selenium-webdriver (4.9.0) - rexml (~> 3.2, >= 3.2.5) - rubyzip (>= 1.2.2, < 3.0) - websocket (~> 1.0) - semantic_range (3.0.0) - semverse (3.0.0) - settingslogic (2.0.9) - sexp_processor (4.16.0) - simplecov (0.21.2) - docile (~> 1.1) - simplecov-html (~> 0.11) - simplecov_json_formatter (~> 0.1) - simplecov-html (0.12.3) - simplecov_json_formatter (0.1.4) - slack-ruby-client (1.0.0) - faraday (>= 1.0) - faraday_middleware - gli - hashie - websocket-driver - slack_block_kit (0.3.3) - spring (2.1.1) - spring-watcher-listen (2.0.1) - listen (>= 2.7, < 4.0) - spring (>= 1.2, < 3.0) - sprockets (4.0.2) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.4.2) - actionpack (>= 5.2) - activesupport (>= 5.2) - sprockets (>= 3.0.0) - sslshake (1.3.1) - strings (0.2.1) - strings-ansi (~> 0.2) - unicode-display_width (>= 1.5, < 3.0) - unicode_utils (~> 1.4) - strings-ansi (0.2.0) - swd (1.3.0) - activesupport (>= 3) - attr_required (>= 0.0.5) - httpclient (>= 2.4) - temple (0.8.2) - thor (1.2.1) - tilt (2.0.10) - timeout (0.3.2) - tomlrb (1.3.0) - train-core (3.8.7) - addressable (~> 2.5) - ffi (!= 1.13.0) - json (>= 1.8, < 3.0) - mixlib-shellout (>= 2.0, < 4.0) - net-scp (>= 1.2, < 4.0) - net-ssh (>= 2.9, < 7.0) - tty-box (0.7.0) - pastel (~> 0.8) - strings (~> 0.2.0) - tty-cursor (~> 0.7) - tty-color (0.6.0) - tty-cursor (0.7.1) - tty-prompt (0.23.1) - pastel (~> 0.8) - tty-reader (~> 0.8) - tty-reader (0.9.0) - tty-cursor (~> 0.7) - tty-screen (~> 0.8) - wisper (~> 2.0) - tty-screen (0.8.1) - tty-table (0.12.0) - pastel (~> 0.8) - strings (~> 0.2.0) - tty-screen (~> 0.8) - turbolinks (5.2.1) - turbolinks-source (~> 5.2) - turbolinks-source (5.2.0) - tzinfo (2.0.6) - concurrent-ruby (~> 1.0) - tzinfo-data (1.2021.5) - tzinfo (>= 1.0.0) - unf (0.1.4) - unf_ext - unf_ext (0.0.8.2) - unicode-display_width (2.1.0) - unicode_utils (1.4.0) - validate_email (0.1.6) - activemodel (>= 3.0) - mail (>= 2.2.5) - validate_url (1.0.15) - activemodel (>= 3.0.0) - public_suffix - warden (1.2.9) - rack (>= 2.0.9) - web-console (4.2.0) - actionview (>= 6.0.0) - activemodel (>= 6.0.0) - bindex (>= 0.4.0) - railties (>= 6.0.0) - webfinger (1.2.0) - activesupport - httpclient (>= 2.4) - webpacker (5.4.3) - activesupport (>= 5.2) - rack-proxy (>= 0.6.1) - railties (>= 5.2) - semantic_range (>= 2.3.0) - websocket (1.2.9) - websocket-driver (0.7.5) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.5) - wisper (2.0.1) - xpath (3.2.0) - nokogiri (~> 1.8) - zeitwerk (2.6.8) - -PLATFORMS - ruby - x86_64-darwin-19 - x86_64-darwin-20 - x86_64-linux - -DEPENDENCIES - activerecord-import - amoeba - audited (~> 5.3.3) - bootsnap (>= 1.4.2) - brakeman - byebug - capybara (>= 2.15) - database_cleaner-active_record - devise - dotenv-rails - factory_bot_rails (~> 5.2.0) - fast_excel - ffaker (~> 2.10) - foreman - gitlab_omniauth-ldap (~> 2.2.0) - haml-rails (~> 2.0) - highline (~> 2.0) - jbuilder (~> 2.7) - letter_opener - listen (~> 3.1.5) - mitre-inspec-objects - nokogiri - nokogiri-happymapper - omniauth (~> 2.1) - omniauth-github - omniauth-rails_csrf_protection (~> 1.0) - omniauth_openid_connect (~> 0.6.0) - ox - pg (>= 0.18, < 2.0) - puma (~> 5.6) - rails (~> 6.1.4) - rest-client - rspec-mocks - rspec-rails (~> 4.0.0) - rubocop - rubocop-performance - rubocop-rails - rubyzip - ruh-roo (~> 3.0.0) - selenium-webdriver - settingslogic (~> 2.0.9) - simplecov - slack-ruby-client (= 1.0.0) - slack_block_kit (= 0.3.3) - spring - spring-watcher-listen (~> 2.0.0) - turbolinks (~> 5) - tzinfo-data - web-console (>= 3.3.0) - webpacker (~> 5.0) - -RUBY VERSION - ruby 2.7.5p203 - -BUNDLED WITH - 2.3.10 diff --git a/README.md b/README.md index 007c61ef..b2c565ff 100644 --- a/README.md +++ b/README.md @@ -48,12 +48,12 @@ For Ruby (on Ubuntu): #### Setup Ruby 1. Install the version of Ruby specified in `.ruby-version` -2. Install postgres and rbenv -3. Run `gem install foreman` -4. Run `rbenv install` +2. Install postgres and asdf +3. Run `asdf install` +4. Run `gem install foreman` 5. Run `bin/setup` - >> **Note**: `bin/setup` will install the JS dependencies andprepare the database. + >> **Note**: `bin/setup` will install the JS dependencies and prepare the database. 6. Run `rails db:seed` to seed the database. diff --git a/bin/rails b/bin/rails index 5badb2fd..efc03774 100755 --- a/bin/rails +++ b/bin/rails @@ -1,9 +1,4 @@ #!/usr/bin/env ruby -begin - load File.expand_path('../spring', __FILE__) -rescue LoadError => e - raise unless e.message.include?('spring') -end -APP_PATH = File.expand_path('../config/application', __dir__) -require_relative '../config/boot' -require 'rails/commands' +APP_PATH = File.expand_path("../config/application", __dir__) +require_relative "../config/boot" +require "rails/commands" diff --git a/bin/rake b/bin/rake index d87d5f57..4fbf10b9 100755 --- a/bin/rake +++ b/bin/rake @@ -1,9 +1,4 @@ #!/usr/bin/env ruby -begin - load File.expand_path('../spring', __FILE__) -rescue LoadError => e - raise unless e.message.include?('spring') -end -require_relative '../config/boot' -require 'rake' +require_relative "../config/boot" +require "rake" Rake.application.run diff --git a/bin/setup b/bin/setup index 3b392888..ec47b79b 100755 --- a/bin/setup +++ b/bin/setup @@ -1,36 +1,33 @@ #!/usr/bin/env ruby -require 'fileutils' +require "fileutils" # path to your application root. -APP_ROOT = File.expand_path('..', __dir__) +APP_ROOT = File.expand_path("..", __dir__) def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") end FileUtils.chdir APP_ROOT do - # This script is a way to setup or update your development environment automatically. - # This script is idempotent, so that you can run it at anytime and get an expectable outcome. + # This script is a way to set up or update your development environment automatically. + # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. - puts '== Installing dependencies ==' - system! 'gem install bundler --conservative' - system('bundle check') || system!('bundle install') - - # Install JavaScript dependencies - system('bin/yarn') + puts "== Installing dependencies ==" + system! "gem install bundler --conservative" + system("bundle check") || system!("bundle install") # puts "\n== Copying sample files ==" - # unless File.exist?('config/database.yml') - # FileUtils.cp 'config/database.yml.sample', 'config/database.yml' + # unless File.exist?("config/database.yml") + # FileUtils.cp "config/database.yml.sample", "config/database.yml" # end puts "\n== Preparing database ==" - system! 'bin/rails db:create db:schema:load' + system! "bin/rails db:prepare" puts "\n== Removing old logs and tempfiles ==" - system! 'bin/rails log:clear tmp:clear' + system! "bin/rails log:clear tmp:clear" puts "\n== Restarting application server ==" - system! 'bin/rails restart' + system! "bin/rails restart" end diff --git a/config/application.rb b/config/application.rb index 25835994..c194cb54 100644 --- a/config/application.rb +++ b/config/application.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -require_relative 'boot' +require_relative "boot" require 'rails' # Pick the frameworks you want: @@ -31,17 +31,17 @@ Dotenv.load('.env', ".env.#{Rails.env}", ".env.#{Rails.env}.local") if defined?(Dotenv) module VulcanVue - # This application was originally generated using Rails 6.0. Any subsequent updates - # will require testing to verify that the defaults for that new version do not break - # any functionality. class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 6.0 + config.load_defaults 7.0 config.time_zone = 'UTC' - # Settings in config/environments/* take precedence over those specified here. - # Application configuration can go into files in config/initializers - # -- all .rb files in that directory are automatically loaded after loading - # the framework and any gems in your application. + # Configuration for the application, engines, and railties goes here. + # + # These settings can be overridden in specific environments using the files + # in config/environments, which are processed later. + # + # config.time_zone = "Central Time (US & Canada)" + # config.eager_load_paths << Rails.root.join("extras") end end diff --git a/config/boot.rb b/config/boot.rb index c04863fa..aef6d031 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) -require 'bundler/setup' # Set up gems listed in the Gemfile. -require 'bootsnap/setup' # Speed up boot time by caching expensive operations. +require "bundler/setup" # Set up gems listed in the Gemfile. +require "bootsnap/setup" # Speed up boot time by caching expensive operations. diff --git a/config/environment.rb b/config/environment.rb index d5abe558..7df99e89 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # Load the Rails application. -require_relative 'application' +require_relative "application" # Initialize the Rails application. Rails.application.initialize! diff --git a/config/environments/development.rb b/config/environments/development.rb index 079778f0..fb45f495 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,10 +1,12 @@ # frozen_string_literal: true +require "active_support/core_ext/integer/time" + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # In the development environment your application's code is reloaded on - # every request. This slows down response time but is perfect for development + # In the development environment your application's code is reloaded any time + # it changes. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. config.cache_classes = false @@ -14,15 +16,18 @@ # Show full error reports. config.consider_all_requests_local = true + # Enable server timing + config.server_timing = true + # Enable/disable caching. By default caching is disabled. # Run rails dev:cache to toggle caching. - if Rails.root.join('tmp', 'caching-dev.txt').exist? + if Rails.root.join("tmp/caching-dev.txt").exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true config.cache_store = :memory_store config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{2.days.to_i}" + "Cache-Control" => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false @@ -41,14 +46,27 @@ # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true + # Raises error for missing translations. - # config.action_view.raise_on_missing_translations = true + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true + + # Uncomment if you wish to allow Action Cable access from any origin. + # config.action_cable.disable_request_forgery_protection = true # Use the letter opener gem for email delivery in development config.action_mailer.delivery_method = :letter_opener diff --git a/config/environments/production.rb b/config/environments/production.rb index aff76889..1c94a9a8 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require "active_support/core_ext/integer/time" + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -22,32 +24,32 @@ # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. - config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? + config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present? # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = 'http://assets.example.com' + # config.asset_host = "http://assets.example.com" # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache - # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache + # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX # Store uploaded files on the local file system (see config/storage.yml for options). config.active_storage.service = :local # Mount Action Cable outside main process or domain. # config.action_cable.mount_path = nil - # config.action_cable.url = 'wss://example.com/cable' - # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] + # config.action_cable.url = "wss://example.com/cable" + # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ] # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. config.force_ssl = ENV['FORCE_SSL'].is_a? String - # Use the lowest log level to ensure availability of diagnostic information - # when problems arise. - config.log_level = :debug + # Include generic and useful information about system operation, but avoid logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). + config.log_level = :info # Prepend all log lines with the following tags. - config.log_tags = [:request_id] + config.log_tags = [ :request_id ] # Use a different cache store in production. # config.cache_store = :mem_cache_store @@ -69,43 +71,22 @@ # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify + # Don't log any deprecations. + config.active_support.report_deprecations = false # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new # Use a different logger for distributed setups. - # require 'syslog/logger' - # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') + # require "syslog/logger" + # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name") - if ENV['RAILS_LOG_TO_STDOUT'].present? - logger = ActiveSupport::Logger.new($stdout) + if ENV["RAILS_LOG_TO_STDOUT"].present? + logger = ActiveSupport::Logger.new(STDOUT) logger.formatter = config.log_formatter config.logger = ActiveSupport::TaggedLogging.new(logger) end # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false - - # Inserts middleware to perform automatic connection switching. - # The `database_selector` hash is used to pass options to the DatabaseSelector - # middleware. The `delay` is used to determine how long to wait after a write - # to send a subsequent read to the primary. - # - # The `database_resolver` class is used by the middleware to determine which - # database is appropriate to use based on the time delay. - # - # The `database_resolver_context` class is used by the middleware to set - # timestamps for the last write to the primary. The resolver uses the context - # class timestamps to determine how long to wait before reading from the - # replica. - # - # By default Rails will store a last write timestamp in the session. The - # DatabaseSelector middleware is designed as such you can define your own - # strategy for connection switching and pass that into the middleware through - # these configuration options. - # config.active_record.database_selector = { delay: 2.seconds } - # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver - # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session end diff --git a/config/environments/test.rb b/config/environments/test.rb index 3b35cdef..a020e664 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require "active_support/core_ext/integer/time" + # The test environment is used exclusively to run your application's # test suite. You never need to work with it otherwise. Remember that # your test database is "scratch space" for the test suite and is wiped @@ -8,17 +10,18 @@ Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - config.cache_classes = false + # Turn false under Spring and add config.action_view.cache_template_loading = true. + config.cache_classes = true - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. + config.eager_load = ENV["CI"].present? # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{1.hour.to_i}" + "Cache-Control" => "public, max-age=#{1.hour.to_i}" } # Show full error reports and disable caching. @@ -47,6 +50,15 @@ # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raises error for missing translations. - # config.action_view.raise_on_missing_translations = true + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true end diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 598474b1..5346075a 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -2,21 +2,26 @@ # Be sure to restart your server when you modify this file. -# Define an application-wide content security policy -# For further information see the following documentation -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header -Rails.application.config.content_security_policy do |policy| - policy.script_src :self, :unsafe_eval -end - -# If you are using UJS then enable automatic nonce generation -# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } +Rails.application.configure do + config.content_security_policy do |policy| + # policy.default_src :self, :https + # policy.font_src :self, :https, :data + # policy.img_src :self, :https, :data + # policy.object_src :none + policy.script_src :self, :unsafe_eval + # policy.style_src :self, :https + # Specify URI for violation reports + # policy.report_uri "/csp-violation-report-endpoint" + end -# Set the nonce only to specific directives -# Rails.application.config.content_security_policy_nonce_directives = %w(script-src) + # Generate session nonces for permitted importmap and inline scripts + # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } + # config.content_security_policy_nonce_directives = %w(script-src) -# Report CSP violations to a specified URI -# For further information see the following documentation: -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only -# Rails.application.config.content_security_policy_report_only = true + # Report violations without enforcing the policy. + # config.content_security_policy_report_only = true +end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 7a4f47b4..ca55f952 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -2,5 +2,9 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +# Configure parameters to be filtered from the log file. Use this to limit dissemination of +# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported +# notations and behaviors. +Rails.application.config.filter_parameters += [ + :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn +] diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index aa7435fb..6c78420e 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -5,13 +5,13 @@ # are locale specific, and you may define rules for as many different # locales as you wish. All of these examples are active by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.plural /^(ox)$/i, '\1en' -# inflect.singular /^(ox)en/i, '\1' -# inflect.irregular 'person', 'people' +# inflect.plural /^(ox)$/i, "\\1en" +# inflect.singular /^(ox)en/i, "\\1" +# inflect.irregular "person", "people" # inflect.uncountable %w( fish sheep ) # end # These inflection rules are supported but not enabled by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.acronym 'RESTful' +# inflect.acronym "RESTful" # end diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb new file mode 100644 index 00000000..b13ef5ed --- /dev/null +++ b/config/initializers/new_framework_defaults_7_0.rb @@ -0,0 +1,143 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 7.0 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `7.0`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +# `button_to` view helper will render `