From 5f8db67cc02250af4a8896fa47bd48731cbf5540 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Fri, 29 Mar 2024 02:34:45 +0100 Subject: [PATCH 01/22] Make Apartment compatible with Rails 7 The `database:` argument from the `connected_to` method was deprecated in Rails 6.1 [1] and removed in Rails 7.0 [2]. The ros-apartement gem has already introduced fixes for this issue [3][4], but there has been no release including these fixes. So we're applying the fix in our code. Note that, since Apartment already overwrites the `connected_to` method by creating a `connected_to_with_tenant` method, we're calling the `connected_to_without_tenant` method inside the patch, which is equivalent to ActiveRecord's original `connected_to`. [1] Pull request 37874 in https://github.com/rails/rails [2] Pull request 40530 in https://github.com/rails/rails/pull [3] Pull request 194 in https://github.com/rails-on-services/apartment [4] Pull request 243 in https://github.com/rails-on-services/apartment --- Gemfile | 2 +- config/initializers/apartment.rb | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 7514d7801..82f6831d6 100644 --- a/Gemfile +++ b/Gemfile @@ -46,7 +46,7 @@ gem "recipient_interceptor", "~> 0.3.1" gem "redcarpet", "~> 3.6.0" gem "responders", "~> 3.1.1" gem "rinku", "~> 2.0.6", require: "rails_rinku" -gem "ros-apartment", "~> 2.11.0", require: "apartment" +gem "ros-apartment", "~> 2.11.0", require: "apartment" # Remove ConnectionHandling monkey patch when upgrading gem "sassc-embedded", "~> 1.70.1" gem "sassc-rails", "~> 2.1.2" gem "savon", "~> 2.15.0" diff --git a/config/initializers/apartment.rb b/config/initializers/apartment.rb index cda7ae581..e5d0a5110 100644 --- a/config/initializers/apartment.rb +++ b/config/initializers/apartment.rb @@ -1,3 +1,20 @@ +module ActiveRecord # TODO: Remove after upgrading ros-apartment + # Code based on the current (as of March 2024) development version of the apartment gem + module ConnectionHandling + def connected_to_with_rails7_tenant(role: nil, prevent_writes: false, &blk) + current_tenant = Apartment::Tenant.current + + # The connected_to_without_tenant method is defined by Apartment + connected_to_without_tenant(role: role, prevent_writes: prevent_writes) do + Apartment::Tenant.switch!(current_tenant) + yield(blk) + end + end + + alias connected_to connected_to_with_rails7_tenant + end +end + # You can have Apartment route to the appropriate Tenant by adding some Rack middleware. # Apartment can support many different "Elevators" that can take care of this routing to your data. # Require whichever Elevator you're using below or none if you have a custom one. From 8596f1539f977a6eab863c3854f92d634f0190f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Fri, 22 Mar 2024 23:48:20 +0100 Subject: [PATCH 02/22] Upgrade to Rails 7.0 The config.file_watcher option still exists but it's no longer included in the default environtment file. Since we don't use it, we're removing it. The config.assets.assets.debug option is no longer true by default [1], so it isn't included anymore. The config.active_support.deprecation option is now omitted on production in favor of config.active_support.report_deprecations, which is false by default. I think it's OK to keep it this way, since we check deprecations in the development and test environments but never on production environments. As mentioned in the Rails upgrade guide, sprockets-rails is no longer a rails dependency and we need to explicitly include it in our Gemfile. The behavior of queries trying to find an invalid enum value has changed [2], so we're updating the tests accordingly. The `favicon_link_tag` method has removed the deprecated `shortcut` link type [3], so we're updating the tests accordingly. The method `raw_filter` in ActiveSupport callbacks has been renamed to `filter` [4], so we're updating the code accordingly. [1] https://github.com/rails/rails/commit/adec7e7ba87e3 [2] https://github.com/rails/rails/commit/b68f0954 [3] Pull request 43850 in https://github.com/rails/rails [4] Pull request 41598 in https://github.com/rails/rails --- .rubocop.yml | 3 - Gemfile | 3 +- Gemfile.lock | 127 ++-- app/models/concerns/skip_validation.rb | 4 +- config/application.rb | 1 - config/environments/development.rb | 13 +- config/environments/production.rb | 38 +- config/environments/test.rb | 7 +- .../01_filter_parameter_logging.rb | 4 +- .../initializers/content_security_policy.rb | 45 +- config/initializers/inflections.rb | 8 +- .../new_framework_defaults_7_0.rb | 143 ++++ ...e_storage_blobs_checksum.active_storage.rb | 8 + db/schema.rb | 625 +++++++++--------- spec/models/sdg/phase_spec.rb | 2 +- spec/system/site_customization/images_spec.rb | 2 +- 16 files changed, 578 insertions(+), 455 deletions(-) create mode 100644 config/initializers/new_framework_defaults_7_0.rb create mode 100644 db/migrate/20240322223950_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb diff --git a/.rubocop.yml b/.rubocop.yml index 61a117f97..9fffe97aa 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -374,9 +374,6 @@ Rails/CreateTableWithTimestamps: Rails/Date: Enabled: true -Rails/DeprecatedActiveModelErrorsMethods: # TODO: Remove after upgrading to Rails 7 - Enabled: true - Rails/DurationArithmetic: Enabled: true diff --git a/Gemfile b/Gemfile index 82f6831d6..8c90f3c4b 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source "https://rubygems.org" -gem "rails", "6.1.7.7" +gem "rails", "7.0.8.1" gem "acts-as-taggable-on", "~> 10.0.0" gem "acts_as_votable", "~> 0.14.0" @@ -53,6 +53,7 @@ gem "savon", "~> 2.15.0" gem "sitemap_generator", "~> 6.3.0" gem "social-share-button", "~> 1.2.4" gem "sprockets", "~> 4.2.1" +gem "sprockets-rails", "~> 3.4.2", require: "sprockets/railtie" gem "turbolinks", "~> 5.2.1" gem "turnout", "~> 2.5.0" gem "uglifier", "~> 4.2.0" diff --git a/Gemfile.lock b/Gemfile.lock index 538c88148..bd616810e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,65 +2,71 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (1.1.0) - actioncable (6.1.7.7) - actionpack (= 6.1.7.7) - activesupport (= 6.1.7.7) + actioncable (7.0.8.1) + actionpack (= 7.0.8.1) + activesupport (= 7.0.8.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.7) - actionpack (= 6.1.7.7) - activejob (= 6.1.7.7) - activerecord (= 6.1.7.7) - activestorage (= 6.1.7.7) - activesupport (= 6.1.7.7) + actionmailbox (7.0.8.1) + actionpack (= 7.0.8.1) + activejob (= 7.0.8.1) + activerecord (= 7.0.8.1) + activestorage (= 7.0.8.1) + activesupport (= 7.0.8.1) mail (>= 2.7.1) - actionmailer (6.1.7.7) - actionpack (= 6.1.7.7) - actionview (= 6.1.7.7) - activejob (= 6.1.7.7) - activesupport (= 6.1.7.7) + net-imap + net-pop + net-smtp + actionmailer (7.0.8.1) + actionpack (= 7.0.8.1) + actionview (= 7.0.8.1) + activejob (= 7.0.8.1) + activesupport (= 7.0.8.1) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (6.1.7.7) - actionview (= 6.1.7.7) - activesupport (= 6.1.7.7) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.8.1) + actionview (= 7.0.8.1) + activesupport (= 7.0.8.1) + rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.7) - actionpack (= 6.1.7.7) - activerecord (= 6.1.7.7) - activestorage (= 6.1.7.7) - activesupport (= 6.1.7.7) + actiontext (7.0.8.1) + actionpack (= 7.0.8.1) + activerecord (= 7.0.8.1) + activestorage (= 7.0.8.1) + activesupport (= 7.0.8.1) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7.7) - activesupport (= 6.1.7.7) + actionview (7.0.8.1) + activesupport (= 7.0.8.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.7) - activesupport (= 6.1.7.7) + activejob (7.0.8.1) + activesupport (= 7.0.8.1) globalid (>= 0.3.6) - activemodel (6.1.7.7) - activesupport (= 6.1.7.7) - activerecord (6.1.7.7) - activemodel (= 6.1.7.7) - activesupport (= 6.1.7.7) - activestorage (6.1.7.7) - actionpack (= 6.1.7.7) - activejob (= 6.1.7.7) - activerecord (= 6.1.7.7) - activesupport (= 6.1.7.7) + activemodel (7.0.8.1) + activesupport (= 7.0.8.1) + activerecord (7.0.8.1) + activemodel (= 7.0.8.1) + activesupport (= 7.0.8.1) + activestorage (7.0.8.1) + actionpack (= 7.0.8.1) + activejob (= 7.0.8.1) + activerecord (= 7.0.8.1) + activesupport (= 7.0.8.1) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.7) + activesupport (7.0.8.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) acts-as-taggable-on (10.0.0) activerecord (>= 6.1, < 7.2) acts_as_votable (0.14.0) @@ -91,7 +97,7 @@ GEM execjs (~> 2) base64 (0.1.1) bcrypt (3.1.20) - better_html (2.0.2) + better_html (2.1.1) actionview (>= 6.0) activesupport (>= 6.0) ast (~> 2.0) @@ -460,21 +466,20 @@ GEM rack rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.7) - actioncable (= 6.1.7.7) - actionmailbox (= 6.1.7.7) - actionmailer (= 6.1.7.7) - actionpack (= 6.1.7.7) - actiontext (= 6.1.7.7) - actionview (= 6.1.7.7) - activejob (= 6.1.7.7) - activemodel (= 6.1.7.7) - activerecord (= 6.1.7.7) - activestorage (= 6.1.7.7) - activesupport (= 6.1.7.7) + rails (7.0.8.1) + actioncable (= 7.0.8.1) + actionmailbox (= 7.0.8.1) + actionmailer (= 7.0.8.1) + actionpack (= 7.0.8.1) + actiontext (= 7.0.8.1) + actionview (= 7.0.8.1) + activejob (= 7.0.8.1) + activemodel (= 7.0.8.1) + activerecord (= 7.0.8.1) + activestorage (= 7.0.8.1) + activesupport (= 7.0.8.1) bundler (>= 1.15.0) - railties (= 6.1.7.7) - sprockets-rails (>= 2.0.0) + railties (= 7.0.8.1) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -482,15 +487,16 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - rails-i18n (6.0.0) + rails-i18n (7.0.9) i18n (>= 0.7, < 2) - railties (>= 6.0.0, < 7) - railties (6.1.7.7) - actionpack (= 6.1.7.7) - activesupport (= 6.1.7.7) + railties (>= 6.0.0, < 8) + railties (7.0.8.1) + actionpack (= 7.0.8.1) + activesupport (= 7.0.8.1) method_source rake (>= 12.2) thor (~> 1.0) + zeitwerk (~> 2.5) rainbow (3.1.1) rake (13.1.0) rbtree3 (0.7.1) @@ -752,7 +758,7 @@ DEPENDENCIES pronto-rubocop (~> 0.11.5) pronto-stylelint (~> 0.10.3) puma (~> 5.6.8) - rails (= 6.1.7.7) + rails (= 7.0.8.1) recipient_interceptor (~> 0.3.1) redcarpet (~> 3.6.0) responders (~> 3.1.1) @@ -776,6 +782,7 @@ DEPENDENCIES social-share-button (~> 1.2.4) spring (~> 4.1.3) sprockets (~> 4.2.1) + sprockets-rails (~> 3.4.2) turbolinks (~> 5.2.1) turnout (~> 2.5.0) uglifier (~> 4.2.0) diff --git a/app/models/concerns/skip_validation.rb b/app/models/concerns/skip_validation.rb index 7c1a3c549..214b67e21 100644 --- a/app/models/concerns/skip_validation.rb +++ b/app/models/concerns/skip_validation.rb @@ -12,8 +12,8 @@ module SkipValidation _validators[field].reject! { |existing_validator| existing_validator.is_a?(validator_class) } _validate_callbacks.each do |callback| - if callback.raw_filter.is_a?(validator_class) - callback.raw_filter.instance_variable_set(:@attributes, callback.raw_filter.attributes - [field]) + if callback.filter.is_a?(validator_class) + callback.filter.instance_variable_set(:@attributes, callback.filter.attributes - [field]) end end end diff --git a/config/application.rb b/config/application.rb index a4cc6006b..ae3ef7b8f 100644 --- a/config/application.rb +++ b/config/application.rb @@ -13,7 +13,6 @@ require "action_mailer/railtie" # require "action_text/engine" require "action_view/railtie" require "action_cable/engine" -require "sprockets/railtie" require "rails/test_unit/railtie" # Require the gems listed in Gemfile, including any gems diff --git a/config/environments/development.rb b/config/environments/development.rb index df04c5583..ab669e80b 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -15,9 +15,12 @@ Rails.application.configure do # Show full error reports. config.consider_all_requests_local = true + # Enable server timing + config.server_timing = true + # Enable/disable caching. By default caching is disabled. # Run rails dev:cache to toggle caching. - if Rails.root.join("tmp", "caching-dev.txt").exist? + if Rails.root.join("tmp/caching-dev.txt").exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true @@ -58,11 +61,6 @@ Rails.application.configure do # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true - # Debug mode disables concatenation and preprocessing of assets. - # This option may cause significant delays in view rendering with a large - # number of complex assets. - config.assets.debug = false - # Suppress logger output for asset requests. config.assets.quiet = true @@ -89,9 +87,6 @@ Rails.application.configure do Bullet.add_footer = true end end - # Use an evented file watcher to asynchronously detect changes in source code, - # routes, locales, etc. This feature depends on the listen gem. - # config.file_watcher = ActiveSupport::EventedFileUpdateChecker # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true diff --git a/config/environments/production.rb b/config/environments/production.rb index 57ba25c25..36ee4d03d 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -74,18 +74,13 @@ Rails.application.configure do config.action_mailer.smtp_settings = Rails.application.secrets.smtp_settings end - # Disable locale fallbacks for I18n - # (prevents using fallback locales set in application.rb). - # config.i18n.fallbacks = false + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to + # the I18n.default_locale when a translation cannot be found). + # (commented because it prevents using fallback locales set in application.rb). + # config.i18n.fallbacks = true - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify - - # Log disallowed deprecations. - config.active_support.disallowed_deprecation = :log - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] + # Don't log any deprecations. + config.active_support.report_deprecations = false # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new @@ -107,27 +102,6 @@ Rails.application.configure do # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false - - # Inserts middleware to perform automatic connection switching. - # The `database_selector` hash is used to pass options to the DatabaseSelector - # middleware. The `delay` is used to determine how long to wait after a write - # to send a subsequent read to the primary. - # - # The `database_resolver` class is used by the middleware to determine which - # database is appropriate to use based on the time delay. - # - # The `database_resolver_context` class is used by the middleware to set - # timestamps for the last write to the primary. The resolver uses the context - # class timestamps to determine how long to wait before reading from the - # replica. - # - # By default Rails will store a last write timestamp in the session. The - # DatabaseSelector middleware is designed as such you can define your own - # strategy for connection switching and pass that into the middleware through - # these configuration options. - # config.active_record.database_selector = { delay: 2.seconds } - # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver - # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session end require Rails.root.join("config", "environments", "custom", "production") diff --git a/config/environments/test.rb b/config/environments/test.rb index 369978ed2..5c9b0b58d 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -15,11 +15,12 @@ Rails.application.configure do config.i18n.default_locale = :en config.i18n.available_locales = %w[de en es fr nl pt-BR zh-CN] + # Turn false under Spring and add config.action_view.cache_template_loading = true. config.cache_classes = true - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. config.eager_load = ENV["CI"].present? # Configure public file server for tests with Cache-Control for performance. diff --git a/config/initializers/01_filter_parameter_logging.rb b/config/initializers/01_filter_parameter_logging.rb index 4b34a0366..adc6568ce 100644 --- a/config/initializers/01_filter_parameter_logging.rb +++ b/config/initializers/01_filter_parameter_logging.rb @@ -1,6 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. +# Configure parameters to be filtered from the log file. Use this to limit dissemination of +# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported +# notations and behaviors. Rails.application.config.filter_parameters += [ :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn ] diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 41c43016f..54f47cf15 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -1,28 +1,25 @@ # Be sure to restart your server when you modify this file. -# Define an application-wide content security policy -# For further information see the following documentation -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header -# Rails.application.config.content_security_policy do |policy| -# policy.default_src :self, :https -# policy.font_src :self, :https, :data -# policy.img_src :self, :https, :data -# policy.object_src :none -# policy.script_src :self, :https -# policy.style_src :self, :https - -# # Specify URI for violation reports -# # policy.report_uri "/csp-violation-report-endpoint" +# Rails.application.configure do +# config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end +# +# # Generate session nonces for permitted importmap and inline scripts +# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } +# config.content_security_policy_nonce_directives = %w(script-src) +# +# # Report violations without enforcing the policy. +# # config.content_security_policy_report_only = true # end - -# If you are using UJS then enable automatic nonce generation -# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } - -# Set the nonce only to specific directives -# Rails.application.config.content_security_policy_nonce_directives = %w(script-src) - -# Report CSP violations to a specified URI -# For further information see the following documentation: -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only -# Rails.application.config.content_security_policy_report_only = true diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index 17b2717d6..951175208 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -4,15 +4,15 @@ # are locale specific, and you may define rules for as many different # locales as you wish. All of these examples are active by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.plural /^(ox)$/i, '\1en' -# inflect.singular /^(ox)en/i, '\1' -# inflect.irregular 'person', 'people' +# inflect.plural /^(ox)$/i, "\\1en" +# inflect.singular /^(ox)en/i, "\\1" +# inflect.irregular "person", "people" # inflect.uncountable %w( fish sheep ) # end # These inflection rules are supported but not enabled by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.acronym 'RESTful' +# inflect.acronym "RESTful" # end ActiveSupport::Inflector.inflections(:en) do |inflect| diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb new file mode 100644 index 000000000..b13ef5ed1 --- /dev/null +++ b/config/initializers/new_framework_defaults_7_0.rb @@ -0,0 +1,143 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 7.0 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `7.0`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +# `button_to` view helper will render `