Upgrade application to Rails 6.0 #1676
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pixeltrix
force-pushed
the
upgrade-to-rails-6
branch
from
c18975a to
802f064
Compare
pixeltrix
force-pushed
the
upgrade-to-rails-6
branch
2 times, most recently
from
6671909 to
b16ee81
Compare
cdccollins
approved these changes
Aug 11, 2020
cdccollins
approved these changes
Aug 17, 2020
Use the Gemfile.lock to manage the versions instead which should make it easier to upgrade as it allows bundler a wider set of versions to resolve the dependencies.
Run the rake app:update command to update all the config files.
In Rails 4.0 the lib directory was remove from the auto/eager load paths because it resulted in a lot of junk being eager loaded in production without the developer often being aware of this. The recommend pattern now is to add an app/lib directory for non-specific application code. The services.rb file is left in place because this is explicitly required from the Sidekiq workers and the republish.rake file and so doesn't need to be auto/eager loaded like the other files.
The notify delivery method is only set in production where the key is also set so there's no need for this after_initialize block.
The Rails secrets feature has been deprecated and will be removed in an upcoming release. Rails 6.0 will generate a secret_key_base file in the tmp directory in development and test environments and use the SECRET_KEY_BASE environment variable in production.
Setting a message expectation for the log output checks that the exception has been rescued, a message gets logged and reduces test output noise.
The spring gem isn't loaded in the Gemfile so this config isn't used.
The Rails config option allows setting of attributes directly so there's no need for a custom accessor in application.rb which makes upgrading config files more difficult due to changes. https://guides.rubyonrails.org/configuring.html#custom-configuration
Rails 6.0 adds a host authentication middleware that limits access by default to 0.0.0.0/0, ::/0 and localhost. This commit adds the dev.gov.uk hosts for the application to that list. There's no need to add the hosts in production since the middleware is primarily to prevent DNS rebinding attacks against a Rails application running locally.
Once the app is configured to load the latest defaults there is no need for the new defaults initializer as it only serves as a guide whilst upgrading the application.
The require paths for the v2 api have now been removed.
Using a sass css compressor causes a scss file to be processed twice (once to build, once to compress) which breaks the usage of "unquote" to use CSS that has same function names as SCSS such as max.
Inline with the suggestion in alphagov/govuk-rfcs#126 update the remaining minor dependencies when doing a framework upgrade.
Since rake tasks and when running the application locally doesn't eager load the source code there was a chance of hitting a missing constant error depending on what url or task was chosen. Fix this by requiring the services.rb file in all the places that it is used and removing some unnecessary requires that services.rb loads anyway.
* Replace use of puts with Rails.logger.debug * Use index_with in preference to each_with_object
Part of the build process is to compile the assets which runs with RAILS_ENV=production and if the environment variable isn't set then it will raise a KeyError due to the ENV.fetch in production.rb.
Version 4.0 and later change the generated HTML in such a way that it breaks the e2e test 'Unpublishing a DFID research output'. This test will need to changed so that it's not dependent on the generated select2 element's id value before the gem can be upgraded again.
pixeltrix
force-pushed
the
upgrade-to-rails-6
branch
from
b16ee81 to
7ae94a1
Compare
kevindew
added a commit
that referenced
this pull request
Jan 24, 2023
GOV.UK hadn't intended for this app to have the GOV.UK Content Security Policy yet, with us first planning to roll out this to frontend app. It looks like this was added as part of an outsourced Rails update [1], where the dev couldn't have known about our nuanced context. As this is an app that doesn't receive a lot of developer attention I'm disabling this as I don't want breaking changes to the CSP [2] to end up in this app. [1]: #1676 [2]: alphagov/govuk_app_config#279
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.