From 08c846b06163b3976637b93db6944f4c7053dd3b Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Tue, 10 Dec 2024 16:34:23 -0700 Subject: [PATCH 01/20] Upgrade to Rail 8 --- Gemfile | 4 +- Gemfile.lock | 142 +++++++++++++++++++++++++-------------------------- 2 files changed, 72 insertions(+), 74 deletions(-) diff --git a/Gemfile b/Gemfile index 18a75dd2fc0..367c3072faa 100644 --- a/Gemfile +++ b/Gemfile @@ -42,7 +42,7 @@ path 'modules' do gem 'vye' end -gem 'rails', '~> 7.2.2' +gem 'rails', '~> 8.0.0' gem 'aasm' gem 'activerecord-import' @@ -88,7 +88,7 @@ gem 'google-apis-core' gem 'google-apis-generator' gem 'googleauth' gem 'google-protobuf' # For Datadog Profiling -gem 'govdelivery-tms', git: 'https://github.com/department-of-veterans-affairs/govdelivery-tms-ruby.git', tag: 'v4.0.0', require: 'govdelivery/tms/mail/delivery_method' +gem 'govdelivery-tms', git: 'https://github.com/department-of-veterans-affairs/govdelivery-tms-ruby.git', tag: 'v4.1.0', require: 'govdelivery/tms/mail/delivery_method' gem 'gyoku' gem 'hexapdf' gem 'holidays' diff --git a/Gemfile.lock b/Gemfile.lock index 8636af18b2b..1e186b1e859 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -64,11 +64,11 @@ GIT GIT remote: https://github.com/department-of-veterans-affairs/govdelivery-tms-ruby.git - revision: d58cc59ae47e5f5f642b3603224f42f518f92f56 - tag: v4.0.0 + revision: f50c995b4a92fa8da4488ed608318eeca723b543 + tag: v4.1.0 specs: - govdelivery-tms (4.0.0) - activesupport (>= 5.2.4.3, < 8.0.0) + govdelivery-tms (4.1.0) + activesupport (>= 5.2.4.3, < 9.0.0) faraday mime-types @@ -156,71 +156,70 @@ GEM Ascii85 (1.1.0) aasm (5.5.0) concurrent-ruby (~> 1.0) - actioncable (7.2.2) - actionpack (= 7.2.2) - activesupport (= 7.2.2) + actioncable (8.0.0.1) + actionpack (= 8.0.0.1) + activesupport (= 8.0.0.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.2.2) - actionpack (= 7.2.2) - activejob (= 7.2.2) - activerecord (= 7.2.2) - activestorage (= 7.2.2) - activesupport (= 7.2.2) + actionmailbox (8.0.0.1) + actionpack (= 8.0.0.1) + activejob (= 8.0.0.1) + activerecord (= 8.0.0.1) + activestorage (= 8.0.0.1) + activesupport (= 8.0.0.1) mail (>= 2.8.0) - actionmailer (7.2.2) - actionpack (= 7.2.2) - actionview (= 7.2.2) - activejob (= 7.2.2) - activesupport (= 7.2.2) + actionmailer (8.0.0.1) + actionpack (= 8.0.0.1) + actionview (= 8.0.0.1) + activejob (= 8.0.0.1) + activesupport (= 8.0.0.1) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.2.2) - actionview (= 7.2.2) - activesupport (= 7.2.2) + actionpack (8.0.0.1) + actionview (= 8.0.0.1) + activesupport (= 8.0.0.1) nokogiri (>= 1.8.5) - racc - rack (>= 2.2.4, < 3.2) + rack (>= 2.2.4) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (7.2.2) - actionpack (= 7.2.2) - activerecord (= 7.2.2) - activestorage (= 7.2.2) - activesupport (= 7.2.2) + actiontext (8.0.0.1) + actionpack (= 8.0.0.1) + activerecord (= 8.0.0.1) + activestorage (= 8.0.0.1) + activesupport (= 8.0.0.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.2.2) - activesupport (= 7.2.2) + actionview (8.0.0.1) + activesupport (= 8.0.0.1) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.2.2) - activesupport (= 7.2.2) + activejob (8.0.0.1) + activesupport (= 8.0.0.1) globalid (>= 0.3.6) - activemodel (7.2.2) - activesupport (= 7.2.2) - activerecord (7.2.2) - activemodel (= 7.2.2) - activesupport (= 7.2.2) + activemodel (8.0.0.1) + activesupport (= 8.0.0.1) + activerecord (8.0.0.1) + activemodel (= 8.0.0.1) + activesupport (= 8.0.0.1) timeout (>= 0.4.0) activerecord-import (1.8.1) activerecord (>= 4.2) - activerecord-postgis-adapter (10.0.1) - activerecord (~> 7.2.0) - rgeo-activerecord (~> 8.0.0) - activestorage (7.2.2) - actionpack (= 7.2.2) - activejob (= 7.2.2) - activerecord (= 7.2.2) - activesupport (= 7.2.2) + activerecord-postgis-adapter (3.1.2) + activerecord (>= 4.2.0) + rgeo-activerecord (>= 4.0.4) + activestorage (8.0.0.1) + actionpack (= 8.0.0.1) + activejob (= 8.0.0.1) + activerecord (= 8.0.0.1) + activesupport (= 8.0.0.1) marcel (~> 1.0) - activesupport (7.2.2) + activesupport (8.0.0.1) base64 benchmark (>= 0.3) bigdecimal @@ -232,6 +231,7 @@ GEM minitest (>= 5.1) securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) adler32 (0.0.2) @@ -480,9 +480,9 @@ GEM flipper-active_record (1.3.2) activerecord (>= 4.2, < 9) flipper (~> 1.3.2) - flipper-active_support_cache_store (1.3.1) - activesupport (>= 4.2, < 8) - flipper (~> 1.3.1) + flipper-active_support_cache_store (1.3.2) + activesupport (>= 4.2, < 9) + flipper (~> 1.3.2) flipper-ui (1.3.1) erubi (>= 1.0.0, < 2.0.0) flipper (~> 1.3.1) @@ -598,7 +598,7 @@ GEM rdoc (>= 4.0.0) reline (>= 0.4.2) iso_country_codes (0.7.8) - jar-dependencies (0.5.0) + jar-dependencies (0.5.1) jmespath (1.6.2) jruby-openssl (0.15.1-java) json (2.9.0) @@ -643,7 +643,7 @@ GEM ffi-compiler (~> 1.0) rake (~> 13.0) lockbox (2.0.0) - logger (1.6.1) + logger (1.6.2) loofah (2.23.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) @@ -694,11 +694,9 @@ GEM nio4r (2.7.4-java) nkf (0.2.0) nkf (0.2.0-java) - nokogiri (1.16.8) + nokogiri (1.17.1) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.16.8-java) - racc (~> 1.4) nori (2.7.1) bigdecimal notiffany (0.1.3) @@ -816,20 +814,20 @@ GEM rackup (1.0.1) rack (< 3) webrick - rails (7.2.2) - actioncable (= 7.2.2) - actionmailbox (= 7.2.2) - actionmailer (= 7.2.2) - actionpack (= 7.2.2) - actiontext (= 7.2.2) - actionview (= 7.2.2) - activejob (= 7.2.2) - activemodel (= 7.2.2) - activerecord (= 7.2.2) - activestorage (= 7.2.2) - activesupport (= 7.2.2) + rails (8.0.0.1) + actioncable (= 8.0.0.1) + actionmailbox (= 8.0.0.1) + actionmailer (= 8.0.0.1) + actionpack (= 8.0.0.1) + actiontext (= 8.0.0.1) + actionview (= 8.0.0.1) + activejob (= 8.0.0.1) + activemodel (= 8.0.0.1) + activerecord (= 8.0.0.1) + activestorage (= 8.0.0.1) + activesupport (= 8.0.0.1) bundler (>= 1.15.0) - railties (= 7.2.2) + railties (= 8.0.0.1) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -843,9 +841,9 @@ GEM rack railties (>= 5.1) semantic_logger (~> 4.16) - railties (7.2.2) - actionpack (= 7.2.2) - activesupport (= 7.2.2) + railties (8.0.0.1) + actionpack (= 8.0.0.1) + activesupport (= 8.0.0.1) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -1068,7 +1066,7 @@ GEM tzinfo (>= 1.0.0) uber (0.1.0) unicode-display_width (2.6.0) - uri (0.13.1) + uri (1.0.2) useragent (0.16.11) utf8-cleaner (1.0.0) activesupport @@ -1265,7 +1263,7 @@ DEPENDENCIES rack-test (= 2.1.0) rack-timeout rack-vcr - rails (~> 7.2.2) + rails (~> 8.0.0) rails-session_cookie rails_semantic_logger rainbow From de77aecd4865c11ea9cc0d6d99913c6cc388b895 Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Tue, 10 Dec 2024 16:48:17 -0700 Subject: [PATCH 02/20] temporarily point to rails 8 branch of activerecord-postgis-adapter --- Gemfile | 2 +- Gemfile.lock | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index 367c3072faa..b94fdedce0e 100644 --- a/Gemfile +++ b/Gemfile @@ -46,7 +46,7 @@ gem 'rails', '~> 8.0.0' gem 'aasm' gem 'activerecord-import' -gem 'activerecord-postgis-adapter' +gem 'activerecord-postgis-adapter', github: 'StoneGod/activerecord-postgis-adapter', branch: 'rails-8' gem 'addressable' gem 'aws-sdk-kms' gem 'aws-sdk-s3', '~> 1' diff --git a/Gemfile.lock b/Gemfile.lock index 1e186b1e859..32fb0cddf08 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,12 @@ +GIT + remote: https://github.com/StoneGod/activerecord-postgis-adapter.git + revision: 97bf3f6fdaa06383a4b2076172366efedc2f97f2 + branch: rails-8 + specs: + activerecord-postgis-adapter (10.0.0) + activerecord (~> 8.0.0) + rgeo-activerecord (~> 8.0.0) + GIT remote: https://github.com/adhocteam/connect_vbms revision: 2284b8e9a68d2b44dda52a098ffc83f8fa283211 @@ -210,9 +219,6 @@ GEM timeout (>= 0.4.0) activerecord-import (1.8.1) activerecord (>= 4.2) - activerecord-postgis-adapter (3.1.2) - activerecord (>= 4.2.0) - rgeo-activerecord (>= 4.0.4) activestorage (8.0.0.1) actionpack (= 8.0.0.1) activejob (= 8.0.0.1) @@ -1131,7 +1137,7 @@ DEPENDENCIES aasm accredited_representative_portal! activerecord-import - activerecord-postgis-adapter + activerecord-postgis-adapter! addressable apivore! appeals_api! From 3bd1261bd22558addbb922b2e823f3f1ec364a6a Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Wed, 11 Dec 2024 21:04:32 -0700 Subject: [PATCH 03/20] fix upload_file_spec --- modules/vba_documents/spec/models/upload_file_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/vba_documents/spec/models/upload_file_spec.rb b/modules/vba_documents/spec/models/upload_file_spec.rb index 13188d77525..6b441d46231 100644 --- a/modules/vba_documents/spec/models/upload_file_spec.rb +++ b/modules/vba_documents/spec/models/upload_file_spec.rb @@ -21,6 +21,6 @@ it 'does not instantiatiate on UploadSubmission' do upload_model = VBADocuments::UploadSubmission.new upload_model.save! - expect { VBADocuments::UploadFile.find_by(guid: upload_model.guid) }.to raise_error(ActiveRecord::StatementInvalid) + expect { VBADocuments::UploadFile.find_by(guid: upload_model.guid) }.to raise_error(TypeError) end end From 0aecb2f74f107ea8866495dddff555840170b493 Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Mon, 16 Dec 2024 17:15:35 -0700 Subject: [PATCH 04/20] temporarily skip prescriptions_spec --- bin/test | 2 +- .../my_health/spec/requests/my_health/v1/prescriptions_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/test b/bin/test index 1ae6523bc39..6c978dd3b79 100755 --- a/bin/test +++ b/bin/test @@ -37,7 +37,7 @@ end def ci_test_command docker = 'docker compose run web bash -c' runtime_variables = 'CI=true RAILS_ENV=test DISABLE_BOOTSNAP=true' - spec = "bundle exec parallel_rspec spec/ modules/ -n 8 -o '--color --tty'" + spec = "bundle exec parallel_rspec spec/ modules/ -n 8 -o '--color --tty --format documentation'" "#{docker} \"#{runtime_variables} #{spec}\"" end diff --git a/modules/my_health/spec/requests/my_health/v1/prescriptions_spec.rb b/modules/my_health/spec/requests/my_health/v1/prescriptions_spec.rb index 82d33101277..f7e5d181f97 100644 --- a/modules/my_health/spec/requests/my_health/v1/prescriptions_spec.rb +++ b/modules/my_health/spec/requests/my_health/v1/prescriptions_spec.rb @@ -34,7 +34,7 @@ end %w[Premium Advanced].each do |account_level| - context "#{account_level} User" do + context "#{account_level} User", skip: 'temporarily skipped' do let(:mhv_account_type) { account_level } context 'not a va patient' do From 4b734e969f1d375bff16c9f7e950bed297ea8ae9 Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Mon, 16 Dec 2024 18:01:11 -0700 Subject: [PATCH 05/20] bump to 8.0.1 --- Gemfile.lock | 124 +++++++++++++++++++++++++-------------------------- 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index cb2d4fabb00..a0bc4dc0054 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -165,29 +165,29 @@ GEM Ascii85 (1.1.0) aasm (5.5.0) concurrent-ruby (~> 1.0) - actioncable (8.0.0.1) - actionpack (= 8.0.0.1) - activesupport (= 8.0.0.1) + actioncable (8.0.1) + actionpack (= 8.0.1) + activesupport (= 8.0.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (8.0.0.1) - actionpack (= 8.0.0.1) - activejob (= 8.0.0.1) - activerecord (= 8.0.0.1) - activestorage (= 8.0.0.1) - activesupport (= 8.0.0.1) + actionmailbox (8.0.1) + actionpack (= 8.0.1) + activejob (= 8.0.1) + activerecord (= 8.0.1) + activestorage (= 8.0.1) + activesupport (= 8.0.1) mail (>= 2.8.0) - actionmailer (8.0.0.1) - actionpack (= 8.0.0.1) - actionview (= 8.0.0.1) - activejob (= 8.0.0.1) - activesupport (= 8.0.0.1) + actionmailer (8.0.1) + actionpack (= 8.0.1) + actionview (= 8.0.1) + activejob (= 8.0.1) + activesupport (= 8.0.1) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (8.0.0.1) - actionview (= 8.0.0.1) - activesupport (= 8.0.0.1) + actionpack (8.0.1) + actionview (= 8.0.1) + activesupport (= 8.0.1) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) @@ -195,37 +195,37 @@ GEM rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (8.0.0.1) - actionpack (= 8.0.0.1) - activerecord (= 8.0.0.1) - activestorage (= 8.0.0.1) - activesupport (= 8.0.0.1) + actiontext (8.0.1) + actionpack (= 8.0.1) + activerecord (= 8.0.1) + activestorage (= 8.0.1) + activesupport (= 8.0.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (8.0.0.1) - activesupport (= 8.0.0.1) + actionview (8.0.1) + activesupport (= 8.0.1) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (8.0.0.1) - activesupport (= 8.0.0.1) + activejob (8.0.1) + activesupport (= 8.0.1) globalid (>= 0.3.6) - activemodel (8.0.0.1) - activesupport (= 8.0.0.1) - activerecord (8.0.0.1) - activemodel (= 8.0.0.1) - activesupport (= 8.0.0.1) + activemodel (8.0.1) + activesupport (= 8.0.1) + activerecord (8.0.1) + activemodel (= 8.0.1) + activesupport (= 8.0.1) timeout (>= 0.4.0) activerecord-import (1.8.1) activerecord (>= 4.2) - activestorage (8.0.0.1) - actionpack (= 8.0.0.1) - activejob (= 8.0.0.1) - activerecord (= 8.0.0.1) - activesupport (= 8.0.0.1) + activestorage (8.0.1) + actionpack (= 8.0.1) + activejob (= 8.0.1) + activerecord (= 8.0.1) + activesupport (= 8.0.1) marcel (~> 1.0) - activesupport (8.0.0.1) + activesupport (8.0.1) base64 benchmark (>= 0.3) bigdecimal @@ -600,7 +600,7 @@ GEM ruby-vips (>= 2.0.17, < 3) io-console (0.8.0) io-console (0.8.0-java) - irb (1.14.1) + irb (1.14.2) rdoc (>= 4.0.0) reline (>= 0.4.2) iso_country_codes (0.7.8) @@ -649,7 +649,7 @@ GEM ffi-compiler (~> 1.0) rake (~> 13.0) lockbox (2.0.0) - logger (1.6.2) + logger (1.6.3) loofah (2.23.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) @@ -684,7 +684,7 @@ GEM nenv (0.3.0) net-http (0.4.1) uri - net-imap (0.5.1) + net-imap (0.5.2) date net-protocol net-pop (0.1.2) @@ -700,7 +700,7 @@ GEM nio4r (2.7.4-java) nkf (0.2.0) nkf (0.2.0-java) - nokogiri (1.17.1) + nokogiri (1.17.2) mini_portile2 (~> 2.8.2) racc (~> 1.4) nori (2.7.1) @@ -820,25 +820,25 @@ GEM rackup (1.0.1) rack (< 3) webrick - rails (8.0.0.1) - actioncable (= 8.0.0.1) - actionmailbox (= 8.0.0.1) - actionmailer (= 8.0.0.1) - actionpack (= 8.0.0.1) - actiontext (= 8.0.0.1) - actionview (= 8.0.0.1) - activejob (= 8.0.0.1) - activemodel (= 8.0.0.1) - activerecord (= 8.0.0.1) - activestorage (= 8.0.0.1) - activesupport (= 8.0.0.1) + rails (8.0.1) + actioncable (= 8.0.1) + actionmailbox (= 8.0.1) + actionmailer (= 8.0.1) + actionpack (= 8.0.1) + actiontext (= 8.0.1) + actionview (= 8.0.1) + activejob (= 8.0.1) + activemodel (= 8.0.1) + activerecord (= 8.0.1) + activestorage (= 8.0.1) + activesupport (= 8.0.1) bundler (>= 1.15.0) - railties (= 8.0.0.1) + railties (= 8.0.1) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.6.1) + rails-html-sanitizer (1.6.2) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) rails-session_cookie (0.3.0) @@ -847,9 +847,9 @@ GEM rack railties (>= 5.1) semantic_logger (~> 4.16) - railties (8.0.0.1) - actionpack (= 8.0.0.1) - activesupport (= 8.0.0.1) + railties (8.0.1) + actionpack (= 8.0.1) + activesupport (= 8.0.1) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -861,7 +861,7 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) rchardet (1.8.0) - rdoc (6.8.1) + rdoc (6.9.1) psych (>= 4.0.0) redis (5.3.0) redis-client (>= 0.22.0) @@ -870,7 +870,7 @@ GEM redis-namespace (1.11.0) redis (>= 4) regexp_parser (2.9.3) - reline (0.5.12) + reline (0.6.0) io-console (~> 0.5) representable (3.2.0) declarative (< 0.1.0) @@ -999,7 +999,7 @@ GEM addressable (>= 2.3.5) faraday (>= 0.17.3, < 3) script_utils (0.0.4) - securerandom (0.4.0) + securerandom (0.4.1) seedbank (0.5.0) rake (>= 10.0) semantic_logger (4.16.0) @@ -1060,7 +1060,7 @@ GEM thread_safe (0.3.6-java) tilt (2.3.0) timecop (0.9.10) - timeout (0.4.2) + timeout (0.4.3) trailblazer-option (0.1.2) ttfunk (1.8.0) bigdecimal (~> 3.1) From 2eb95f9687e3d99d996bd3c05b3e68ecab6a13da Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Tue, 17 Dec 2024 10:29:31 -0700 Subject: [PATCH 06/20] fix 2122 spec --- modules/claims_api/spec/requests/v1/forms/2122_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/claims_api/spec/requests/v1/forms/2122_spec.rb b/modules/claims_api/spec/requests/v1/forms/2122_spec.rb index 5995df69dd6..daab808280e 100644 --- a/modules/claims_api/spec/requests/v1/forms/2122_spec.rb +++ b/modules/claims_api/spec/requests/v1/forms/2122_spec.rb @@ -4,6 +4,7 @@ require_relative '../../../rails_helper' require 'bgs_service/local_bgs' require 'bgs_service/person_web_service' +require 'bgs/power_of_attorney_verifier' RSpec.describe 'ClaimsApi::V1::Forms::2122', type: :request do let(:headers) do From 1c23ce896b8bee3550cde9c519660e1546275f88 Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Tue, 17 Dec 2024 15:42:01 -0700 Subject: [PATCH 07/20] add brakeman bin --- bin/brakeman | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100755 bin/brakeman diff --git a/bin/brakeman b/bin/brakeman new file mode 100755 index 00000000000..ae3a4484a05 --- /dev/null +++ b/bin/brakeman @@ -0,0 +1,9 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +require 'rubygems' +require 'bundler/setup' + +ARGV.unshift('--ensure-latest') + +load Gem.bin_path('brakeman', 'brakeman') From 4e29e615fbf4579be45d4287a7db6b15804c5e82 Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Tue, 17 Dec 2024 15:42:14 -0700 Subject: [PATCH 08/20] add rubocop bin --- bin/rubocop | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100755 bin/rubocop diff --git a/bin/rubocop b/bin/rubocop new file mode 100755 index 00000000000..f45b0654c92 --- /dev/null +++ b/bin/rubocop @@ -0,0 +1,10 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +require 'rubygems' +require 'bundler/setup' + +# explicit rubocop config increases performance slightly while avoiding config confusion. +ARGV.unshift('--config', File.expand_path('../.rubocop.yml', __dir__)) + +load Gem.bin_path('rubocop', 'rubocop') From 8cd70e982335a537f84f4b6d14cf83af3d6f5be7 Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Tue, 17 Dec 2024 15:42:50 -0700 Subject: [PATCH 09/20] update puma.rb per rails 8 standard --- config/puma.rb | 42 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/config/puma.rb b/config/puma.rb index 13db2f9191b..fa3c881cc90 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -1,9 +1,43 @@ # frozen_string_literal: true -workers Integer(ENV.fetch('WEB_CONCURRENCY', 0)) -threads_count_min = Integer(ENV.fetch('RAILS_MIN_THREADS', 5)) -threads_count_max = Integer(ENV.fetch('RAILS_MAX_THREADS', 5)) -threads(threads_count_min, threads_count_max) +# This configuration file will be evaluated by Puma. The top-level methods that +# are invoked here are part of Puma's configuration DSL. For more information +# about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html. +# +# Puma starts a configurable number of processes (workers) and each process +# serves each request in a thread from an internal thread pool. +# +# You can control the number of workers using ENV["WEB_CONCURRENCY"]. You +# should only set this value when you want to run 2 or more workers. The +# default is already 1. +# +# The ideal number of threads per worker depends both on how much time the +# application spends waiting for IO operations and on how much you wish to +# prioritize throughput over latency. +# +# As a rule of thumb, increasing the number of threads will increase how much +# traffic a given process can handle (throughput), but due to CRuby's +# Global VM Lock (GVL) it has diminishing returns and will degrade the +# response time (latency) of the application. +# +# The default is set to 3 threads as it's deemed a decent compromise between +# throughput and latency for the average Rails application. +# +# Any libraries that use a connection pool or another resource pool should +# be configured to provide at least as many connections as the number of +# threads. This includes Active Record's `pool` parameter in `database.yml`. +threads_count = ENV.fetch('RAILS_MAX_THREADS', 5) +threads threads_count, threads_count + +# Specifies the `port` that Puma will listen on to receive requests; default is 3000. +port ENV.fetch('PORT', 3000) + +# Allow puma to be restarted by `bin/rails restart` command. +plugin :tmp_restart + +# Specify the PID file. Defaults to tmp/pids/server.pid in development. +# In other environments, only set the PID file if requested. +pidfile ENV['PIDFILE'] if ENV['PIDFILE'] # used for a healthcheck endpoint that will not consume one of the threads activate_control_app 'tcp://0.0.0.0:9293', { no_token: true } From c43f1a603f0b6db89843f29215763b922cb43a54 Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Tue, 17 Dec 2024 15:44:04 -0700 Subject: [PATCH 10/20] update application.rb per rails 8.0 defaults and add rails 7.0,7.1,8.0 config default files --- config/application.rb | 15 +++------ .../new_framework_defaults_7_0.rb | 4 +++ .../new_framework_defaults_7_1.rb | 5 +++ .../new_framework_defaults_8_0.rb | 32 +++++++++++++++++++ 4 files changed, 46 insertions(+), 10 deletions(-) create mode 100644 config/initializers/new_framework_defaults_7_0.rb create mode 100644 config/initializers/new_framework_defaults_7_1.rb create mode 100644 config/initializers/new_framework_defaults_8_0.rb diff --git a/config/application.rb b/config/application.rb index 16af32e3bad..da2f904aaba 100644 --- a/config/application.rb +++ b/config/application.rb @@ -33,6 +33,11 @@ class Application < Rails::Application # https://guides.rubyonrails.org/configuring.html#default-values-for-target-version-7-0 config.load_defaults 7.1 + # Please, add to the `ignore` list any other `lib` subdirectories that do + # not contain `.rb` files, or that should not be reloaded or eager loaded. + # Common ones are `templates`, `generators`, or `middleware`, for example. + config.autoload_lib(ignore: %w[assets]) + # Configuration for the application, engines, and railties goes here. # # These settings can be overridden in specific environments using the files @@ -41,16 +46,6 @@ class Application < Rails::Application # config.time_zone = "Central Time (US & Canada)" # config.eager_load_paths << Rails.root.join("extras") - # RAILS 7 CONFIG START - # 7.1 - config.add_autoload_paths_to_load_path = true - config.active_record.raise_on_assign_to_attr_readonly = false - - # 7.0 - config.action_controller.raise_on_open_redirects = false - - # RAILS 7 CONFIG END - # Only loads a smaller set of middleware suitable for API only apps. # Middleware like session, flash, cookies can be added back manually. # Skip views, helpers and assets when generating a new resource. diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb new file mode 100644 index 00000000000..27f3cd5a2d5 --- /dev/null +++ b/config/initializers/new_framework_defaults_7_0.rb @@ -0,0 +1,4 @@ +# frozen_string_literal: true + +# 7.0 - WOULD BE GREAT TO REMOVE ME +config.action_controller.raise_on_open_redirects = false diff --git a/config/initializers/new_framework_defaults_7_1.rb b/config/initializers/new_framework_defaults_7_1.rb new file mode 100644 index 00000000000..4e8f74bca09 --- /dev/null +++ b/config/initializers/new_framework_defaults_7_1.rb @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +# 7.1 - WOULD BE GREAT TO REMOVE ME +config.add_autoload_paths_to_load_path = true +config.active_record.raise_on_assign_to_attr_readonly = false diff --git a/config/initializers/new_framework_defaults_8_0.rb b/config/initializers/new_framework_defaults_8_0.rb new file mode 100644 index 00000000000..2dccb0daabe --- /dev/null +++ b/config/initializers/new_framework_defaults_8_0.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 8.0 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `8.0`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +### +# Specifies whether `to_time` methods preserve the UTC offset of their receivers or preserves the timezone. +# If set to `:zone`, `to_time` methods will use the timezone of their receivers. +# If set to `:offset`, `to_time` methods will use the UTC offset. +# If `false`, `to_time` methods will convert to the local system UTC offset instead. +#++ +# Rails.application.config.active_support.to_time_preserves_timezone = :zone + +### +# When both `If-Modified-Since` and `If-None-Match` are provided by the client +# only consider `If-None-Match` as specified by RFC 7232 Section 6. +# If set to `false` both conditions need to be satisfied. +#++ +# Rails.application.config.action_dispatch.strict_freshness = true + +### +# Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks. +#++ +# Regexp.timeout = 1 From 749b3f4bf8b5920ffe66c6fc2fc5aeedbb360f77 Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Tue, 17 Dec 2024 15:44:53 -0700 Subject: [PATCH 11/20] update test.rb per rails 8 defaults --- config/environments/test.rb | 51 ++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 26 deletions(-) diff --git a/config/environments/test.rb b/config/environments/test.rb index 96d2f75db0f..5a82eb160a5 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -2,39 +2,37 @@ # The test environment is used exclusively to run your application's # test suite. You never need to work with it otherwise. Remember that -# your test database is "scratch space" for the test suite and is wiped +# your test database is 'scratch space' for the test suite and is wiped # and recreated between test runs. Don't rely on the data there! -require 'active_support/core_ext/integer/time' - Rails.application.configure do # Specify environment specific hostname and protocol + # TODO: confirm necessity, change hostname to env variable config.hostname = Settings.hostname config.protocol = 'http' routes.default_url_options = { host: config.hostname, protocol: config.protocol } + # Settings specified here will take precedence over those in config/application.rb. - config.cache_classes = false - config.action_view.cache_template_loading = true + # While tests run files are not watched, reloading is not necessary. + config.enable_reloading = true + config.action_view.cache_template_loading = true # TODO: Delete me? - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. + # Eager loading loads your entire application. When running a single test locally, + # this is usually not necessary, and can slow down your test suite. However, it's + # recommended that you enable it in continuous integration systems to ensure eager + # loading is working properly before deploying your code. config.eager_load = ENV['CI'].present? - # Configure public file server for tests with Cache-Control for performance. - config.public_file_server.enabled = true - config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{1.hour.to_i}" - } + # Configure public file server for tests with cache-control for performance. + config.public_file_server.headers = { 'cache-control' => 'public, max-age=3600' } - # Show full error reports and disable caching. - config.consider_all_requests_local = true - config.action_controller.perform_caching = false + # Show full error reports. + config.consider_all_requests_local = true config.cache_store = :null_store - # Raise exceptions instead of rendering exception templates. - config.action_dispatch.show_exceptions = :none + # Render exception templates for rescuable exceptions and raise for other exceptions. + config.action_dispatch.show_exceptions = :rescuable # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false @@ -42,25 +40,26 @@ # Store uploaded files on the local file system in a temporary directory. config.active_storage.service = :test - config.action_mailer.perform_caching = false - # Tell Action Mailer not to deliver emails to the real world. # The :test delivery method accumulates sent emails in the # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test + # Set host to be used by links generated in mailer templates. + config.action_mailer.default_url_options = { host: 'example.com' } + # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # Raise exceptions for disallowed deprecations. - config.active_support.disallowed_deprecation = :raise - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] - # Raises error for missing translations. config.i18n.raise_on_missing_translations = true + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true + + # Raise error when a before_action's only/except options reference missing actions. + config.action_controller.raise_on_missing_callback_actions = true + # Speed up specs by not writing logs during RSpec runs unless ENV.fetch('RAILS_ENABLE_TEST_LOG', false) config.logger = Logger.new(nil) From 706642cc9ae8f3a5492516db7f76cef1b13b3eed Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Tue, 17 Dec 2024 16:27:06 -0700 Subject: [PATCH 12/20] update development.rb to rails 8 defaults --- config/environments/development.rb | 66 ++++++++++++++++-------------- 1 file changed, 35 insertions(+), 31 deletions(-) diff --git a/config/environments/development.rb b/config/environments/development.rb index 1de93ff42b7..1beb56498b1 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -6,16 +6,8 @@ Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # Specify environment specific hostname and protocol - config.hostname = Settings.hostname - config.hosts = Settings.virtual_hosts - config.protocol = 'http' - routes.default_url_options = { host: config.hostname, protocol: config.protocol } - - # In the development environment your application's code is reloaded any time - # it changes. This slows down response time but is perfect for development - # since you don't have to restart the web server when you make code changes. - config.cache_classes = false + # Make code changes take effect immediately without server restart. + config.enable_reloading = true # Do not eager load code on boot. config.eager_load = false @@ -23,59 +15,71 @@ # Show full error reports. config.consider_all_requests_local = true - # Enable/disable caching. By default caching is disabled. - # Run rails dev:cache to toggle caching. - if Rails.root.join('tmp', 'caching-dev.txt').exist? + # Enable server timing. + config.server_timing = true + + # Enable/disable Action Controller caching. By default Action Controller caching is disabled. + # Run rails dev:cache to toggle Action Controller caching. + if Rails.root.join('tmp/caching-dev.txt').exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true config.cache_store = :redis_cache_store, { url: Settings.redis.rails_cache.url, expires_in: 30.minutes } - config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{2.days.to_i}" - } + config.public_file_server.headers = { 'cache-control' => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false config.cache_store = :null_store end - # Store files locally. To switch to aws locally use :amazon + # Specify environment specific hostname and protocol + config.hostname = Settings.hostname + config.hosts = Settings.virtual_hosts + config.protocol = 'http' + routes.default_url_options = { host: config.hostname, protocol: config.protocol } + + # Store uploaded files on the local file system (see config/storage.yml for options). config.active_storage.service = :local # Don't care if the mailer can't send. - # config.action_mailer.raise_delivery_errors = false + config.action_mailer.raise_delivery_errors = false + # Make template changes take effect immediately. config.action_mailer.perform_caching = false + + # Set localhost to be used by links generated in mailer templates. + config.action_mailer.default_url_options = { host: config.hostname, protocol: config.protocol } config.action_mailer.logger = Logger.new('./log/mailer.log') if File.exist?('./log/mailer.log') # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log - # Raise exceptions for disallowed deprecations. - config.active_support.disallowed_deprecation = :raise - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] - # Raise an error on page load if there are pending migrations. - # config.active_record.migration_error = :page_load + config.active_record.migration_error = :page_load # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true - # Debug mode disables concatenation and preprocessing of assets. - # This option may cause significant delays in view rendering with a large - # number of complex assets. - # config.assets.debug = true + # Append comments with runtime information tags to SQL queries in logs. + config.active_record.query_log_tags_enabled = true - # Suppress logger output for asset requests. - # config.assets.quiet = true + # Highlight code that enqueued background job in logs. + config.active_job.verbose_enqueue_logs = true # Raises error for missing translations. config.i18n.raise_on_missing_translations = true ConfigHelper.setup_action_mailer(config) + # Annotate rendered view with file names. + config.action_view.annotate_rendered_view_with_filenames = true + + # Raise error when a before_action's only/except options reference missing actions. + config.action_controller.raise_on_missing_callback_actions = true + + # Apply autocorrection by RuboCop to files generated by `bin/rails generate`. + # config.generators.apply_rubocop_autocorrect_after_generate! # TODO: Uncomment me? + config.rails_semantic_logger.semantic = false config.rails_semantic_logger.started = true config.rails_semantic_logger.processing = true From d5f0325305f1b46f78eda8a4c038f3faf684ac24 Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Tue, 17 Dec 2024 16:38:41 -0700 Subject: [PATCH 13/20] fix config defaults --- config/initializers/new_framework_defaults_7_0.rb | 2 +- config/initializers/new_framework_defaults_7_1.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb index 27f3cd5a2d5..e579f9fbdb7 100644 --- a/config/initializers/new_framework_defaults_7_0.rb +++ b/config/initializers/new_framework_defaults_7_0.rb @@ -1,4 +1,4 @@ # frozen_string_literal: true # 7.0 - WOULD BE GREAT TO REMOVE ME -config.action_controller.raise_on_open_redirects = false +Rails.application.config.action_controller.raise_on_open_redirects = false diff --git a/config/initializers/new_framework_defaults_7_1.rb b/config/initializers/new_framework_defaults_7_1.rb index 4e8f74bca09..ac8f5212292 100644 --- a/config/initializers/new_framework_defaults_7_1.rb +++ b/config/initializers/new_framework_defaults_7_1.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true # 7.1 - WOULD BE GREAT TO REMOVE ME -config.add_autoload_paths_to_load_path = true -config.active_record.raise_on_assign_to_attr_readonly = false +Rails.application.config.add_autoload_paths_to_load_path = true +Rails.application.config.active_record.raise_on_assign_to_attr_readonly = false From 05d7b0c0fde30c8a3f138863edcaf70ea20f9119 Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Thu, 19 Dec 2024 13:05:06 -0700 Subject: [PATCH 14/20] comment out autoload config changes for now --- config/application.rb | 12 +++++++++++- config/initializers/new_framework_defaults_7_0.rb | 2 +- config/initializers/new_framework_defaults_7_1.rb | 4 ++-- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/config/application.rb b/config/application.rb index da2f904aaba..0af759299f2 100644 --- a/config/application.rb +++ b/config/application.rb @@ -36,7 +36,7 @@ class Application < Rails::Application # Please, add to the `ignore` list any other `lib` subdirectories that do # not contain `.rb` files, or that should not be reloaded or eager loaded. # Common ones are `templates`, `generators`, or `middleware`, for example. - config.autoload_lib(ignore: %w[assets]) + # config.autoload_lib(ignore: %w[assets]) # Configuration for the application, engines, and railties goes here. # @@ -46,6 +46,16 @@ class Application < Rails::Application # config.time_zone = "Central Time (US & Canada)" # config.eager_load_paths << Rails.root.join("extras") + # RAILS 7 CONFIG START + # 7.1 + config.add_autoload_paths_to_load_path = true + config.active_record.raise_on_assign_to_attr_readonly = false + + # 7.0 + config.action_controller.raise_on_open_redirects = false + + # RAILS 7 CONFIG END + # Only loads a smaller set of middleware suitable for API only apps. # Middleware like session, flash, cookies can be added back manually. # Skip views, helpers and assets when generating a new resource. diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb index e579f9fbdb7..cd2bba10e7b 100644 --- a/config/initializers/new_framework_defaults_7_0.rb +++ b/config/initializers/new_framework_defaults_7_0.rb @@ -1,4 +1,4 @@ # frozen_string_literal: true # 7.0 - WOULD BE GREAT TO REMOVE ME -Rails.application.config.action_controller.raise_on_open_redirects = false +# Rails.application.config.action_controller.raise_on_open_redirects = false diff --git a/config/initializers/new_framework_defaults_7_1.rb b/config/initializers/new_framework_defaults_7_1.rb index ac8f5212292..d4cdd7c9f56 100644 --- a/config/initializers/new_framework_defaults_7_1.rb +++ b/config/initializers/new_framework_defaults_7_1.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true # 7.1 - WOULD BE GREAT TO REMOVE ME -Rails.application.config.add_autoload_paths_to_load_path = true -Rails.application.config.active_record.raise_on_assign_to_attr_readonly = false +# Rails.application.config.add_autoload_paths_to_load_path = true +# Rails.application.config.active_record.raise_on_assign_to_attr_readonly = false From f607afd8ab411395506de01f9e93f8ffd955f0f6 Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Thu, 19 Dec 2024 14:57:20 -0700 Subject: [PATCH 15/20] update production.rb per rails 8 defaults --- config/environments/production.rb | 96 ++++++++++++++++--------------- 1 file changed, 49 insertions(+), 47 deletions(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index ba8c20ce38c..ef62371a32a 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -8,48 +8,40 @@ config.hostname = Settings.hostname config.protocol = 'https' routes.default_url_options = { host: config.hostname, protocol: config.protocol } + # Settings specified here will take precedence over those in config/application.rb. # Code is not reloaded between requests. - config.cache_classes = true + config.enable_reloading = false - # Eager load code on boot. This eager loads most of Rails and - # your application in memory, allowing both threaded web servers - # and those relying on copy on write to perform better. - # Rake tasks automatically ignore this option for performance. + # Eager load code on boot for better performance and memory savings (ignored by Rake tasks). config.eager_load = true # Full error reports are disabled and caching is turned on. - config.consider_all_requests_local = false + config.consider_all_requests_local = false config.action_controller.perform_caching = true - - # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] - # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). - # config.require_master_key = true - # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? + + # Cache assets for far-future expiry since they are all digest stamped. + config.public_file_server.headers = { 'cache-control' => "public, max-age=#{1.year.to_i}" } # store files in aws config.active_storage.service = :amazon - # Compress CSS using a preprocessor. - # config.assets.css_compressor = :sass + # Enable serving of images, stylesheets, and JavaScripts from an asset server. # TODO: Delete me? + # config.asset_host = "http://assets.example.com" - # Do not fallback to assets pipeline if a precompiled asset is missed. - # config.assets.compile = false - # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache - # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + # Assume all access to the app is happening through a SSL-terminating reverse proxy. + # config.assume_ssl = true # TODO: investigate SSL stuff # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # config.force_ssl = true - # Include generic and useful information about system operation, but avoid logging too much - # information to avoid inadvertent exposure of personally identifiable information (PII). - config.log_level = :info + # Skip http-to-https redirect for the default health check endpoint. + # config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } } # Prepend all log lines with the following tags. config.log_tags = { @@ -65,7 +57,7 @@ credential_username: ->(request) { request.headers['X-Credential-Username'] }, csrf_token: ->(request) { request.headers['X-Csrf-Token'] } } - + # config.logger = ActiveSupport::TaggedLogging.logger(STDOUT) config.rails_semantic_logger.format = :json config.rails_semantic_logger.add_file_appender = false config.semantic_logger.add_appender(io: $stdout, @@ -78,6 +70,16 @@ 'vets-api-server' end + # TODO: Investigate these + # # Change to "debug" to log everything (including potentially personally-identifiable information!) + # config.log_level = ENV.fetch('RAILS_LOG_LEVEL', 'info') + + # # Prevent health checks from clogging up the logs. + # config.silence_healthcheck_path = "/up" + + # # Don't log any deprecations. + # config.active_support.report_deprecations = false + # Use a different cache store in production. config.cache_store = :redis_cache_store, { connect_timeout: 2, @@ -86,12 +88,25 @@ pool: { size: ENV.fetch('RAILS_MAX_THREADS', 5).to_i } } - config.action_mailer.perform_caching = false + # Replace the default in-process and non-durable queuing backend for Active Job. + # config.active_job.queue_adapter = :resque # Ignore bad email addresses and do not raise email delivery errors. # Set this to true and configure the email server for immediate delivery to raise delivery errors. # config.action_mailer.raise_delivery_errors = false + # Set host to be used by links generated in mailer templates. + config.action_mailer.default_url_options = { host: 'example.com' } + + # Specify outgoing SMTP server. Remember to add smtp/* credentials via rails credentials:edit. + # config.action_mailer.smtp_settings = { + # user_name: Rails.application.credentials.dig(:smtp, :user_name), + # password: Rails.application.credentials.dig(:smtp, :password), + # address: "smtp.example.com", + # port: 587, + # authentication: :plain + # } + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = [I18n.default_locale] @@ -108,10 +123,6 @@ # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new - # Use a different logger for distributed setups. - # require 'syslog/logger' - # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') - # Log to standard out, with specified formatter $stdout.sync = config.autoflush_log logger = ActiveSupport::Logger.new($stdout) @@ -119,27 +130,18 @@ config.logger = ActiveSupport::TaggedLogging.new(logger) # Do not dump schema after migrations. - # config.active_record.dump_schema_after_migration = false + # config.active_record.dump_schema_after_migration = false TODO: # Default is true, so we could remove ths or set to true? ConfigHelper.setup_action_mailer(config) - # Inserts middleware to perform automatic connection switching. - # The `database_selector` hash is used to pass options to the DatabaseSelector - # middleware. The `delay` is used to determine how long to wait after a write - # to send a subsequent read to the primary. - # - # The `database_resolver` class is used by the middleware to determine which - # database is appropriate to use based on the time delay. - # - # The `database_resolver_context` class is used by the middleware to set - # timestamps for the last write to the primary. The resolver uses the context - # class timestamps to determine how long to wait before reading from the - # replica. + # Only use :id for inspections in production. + # config.active_record.attributes_for_inspect = [ :id ] # TODO look into this + + # Enable DNS rebinding protection and other `Host` header attacks. + # config.hosts = [ + # "example.com", # Allow requests from example.com + # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` + # ] # - # By default Rails will store a last write timestamp in the session. The - # DatabaseSelector middleware is designed as such you can define your own - # strategy for connection switching and pass that into the middleware through - # these configuration options. - # config.active_record.database_selector = { delay: 2.seconds } - # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver - # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session + # Skip DNS rebinding protection for the default health check endpoint. + # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end From 1943d8415d759dee74d570b19bf79c09b501046f Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Thu, 2 Jan 2025 17:04:09 -0700 Subject: [PATCH 16/20] update dependencies --- Gemfile.lock | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 5bc35705c17..7cfedc6ad6f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -434,7 +434,7 @@ GEM dry-schema (>= 1.12, < 2) zeitwerk (~> 2.6) einhorn (1.0.0) - erubi (1.13.0) + erubi (1.13.1) et-orbi (1.2.11) tzinfo ethon (0.16.0) @@ -660,7 +660,7 @@ GEM rake (~> 13.0) lockbox (2.0.1) logger (1.6.4) - loofah (2.23.1) + loofah (2.24.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) lumberjack (1.2.10) @@ -695,7 +695,7 @@ GEM nenv (0.3.0) net-http (0.6.0) uri - net-imap (0.5.2) + net-imap (0.5.4) date net-protocol net-pop (0.1.2) @@ -711,9 +711,15 @@ GEM nio4r (2.7.4-java) nkf (0.2.0) nkf (0.2.0-java) - nokogiri (1.17.2) + nokogiri (1.18.1) mini_portile2 (~> 2.8.2) racc (~> 1.4) + nokogiri (1.18.1-aarch64-linux-gnu) + racc (~> 1.4) + nokogiri (1.18.1-java) + racc (~> 1.4) + nokogiri (1.18.1-x86_64-linux-gnu) + racc (~> 1.4) nori (2.7.1) bigdecimal notiffany (0.1.3) From c230ba36747f69378d96862bf7abc2ba676cf28b Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Thu, 2 Jan 2025 17:12:00 -0700 Subject: [PATCH 17/20] fix rubocop --- config/environments/development.rb | 2 +- config/environments/production.rb | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/environments/development.rb b/config/environments/development.rb index 1beb56498b1..74435d125d6 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -20,7 +20,7 @@ # Enable/disable Action Controller caching. By default Action Controller caching is disabled. # Run rails dev:cache to toggle Action Controller caching. - if Rails.root.join('tmp/caching-dev.txt').exist? + if Rails.root.join('tmp', 'caching-dev.txt').exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true diff --git a/config/environments/production.rb b/config/environments/production.rb index ef62371a32a..85da715a7dd 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -23,7 +23,7 @@ # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? - + # Cache assets for far-future expiry since they are all digest stamped. config.public_file_server.headers = { 'cache-control' => "public, max-age=#{1.year.to_i}" } @@ -33,7 +33,6 @@ # Enable serving of images, stylesheets, and JavaScripts from an asset server. # TODO: Delete me? # config.asset_host = "http://assets.example.com" - # Assume all access to the app is happening through a SSL-terminating reverse proxy. # config.assume_ssl = true # TODO: investigate SSL stuff @@ -130,7 +129,8 @@ config.logger = ActiveSupport::TaggedLogging.new(logger) # Do not dump schema after migrations. - # config.active_record.dump_schema_after_migration = false TODO: # Default is true, so we could remove ths or set to true? + # config.active_record.dump_schema_after_migration = false + # TODO: # Default is true, so we could remove ths or set to true? ConfigHelper.setup_action_mailer(config) # Only use :id for inspections in production. From 62982435928f1cac4699592e84e840cdf9007a3e Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Thu, 2 Jan 2025 18:23:52 -0700 Subject: [PATCH 18/20] set raise_on_missing_callback_actions back to false for now --- config/environments/test.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/environments/test.rb b/config/environments/test.rb index 5a82eb160a5..b139d3c69a3 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -58,7 +58,8 @@ # config.action_view.annotate_rendered_view_with_filenames = true # Raise error when a before_action's only/except options reference missing actions. - config.action_controller.raise_on_missing_callback_actions = true + # TODO: Set to true and fix any issues + config.action_controller.raise_on_missing_callback_actions = false # Speed up specs by not writing logs during RSpec runs unless ENV.fetch('RAILS_ENABLE_TEST_LOG', false) From 681cb113b7d5fcc231ae52a9261bbc9d8456f494 Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Mon, 6 Jan 2025 13:41:37 -0700 Subject: [PATCH 19/20] codeowners --- .github/CODEOWNERS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index cff573decb2..9256e9db52d 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -767,6 +767,9 @@ config/initializers/kms_encrypted.rb @department-of-veterans-affairs/va-api-engi config/initializers/loa.rb @department-of-veterans-affairs/octo-identity config/initializers/lockbox.rb @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group config/initializers/mime_types.rb @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group +config/initializers/new_framework_defaults_7_0.rb @department-of-veterans-affairs/backend-review-group +config/initializers/new_framework_defaults_7_1.rb @department-of-veterans-affairs/backend-review-group +config/initializers/new_framework_defaults_8_0.rb @department-of-veterans-affairs/backend-review-group config/initializers/okcomputer.rb @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group config/initializers/override_redirect_to_logging.rb @department-of-veterans-affairs/octo-identity config/initializers/rack_attack.rb @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group From 94c35afcc40c745f3042a64da862bb5943af987e Mon Sep 17 00:00:00 2001 From: Ryan McNeil Date: Mon, 6 Jan 2025 13:44:27 -0700 Subject: [PATCH 20/20] bundle update rails --- Gemfile.lock | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7aaa2786853..6f6c6d7550c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -614,7 +614,6 @@ GEM rdoc (>= 4.0.0) reline (>= 0.4.2) iso_country_codes (0.7.8) - jar-dependencies (0.5.1) jmespath (1.6.2) jruby-openssl (0.15.1-java) json (2.9.1) @@ -695,7 +694,7 @@ GEM nenv (0.3.0) net-http (0.6.0) uri - net-imap (0.5.4) + net-imap (0.5.5) date net-protocol net-pop (0.1.2) @@ -806,9 +805,6 @@ GEM psych (5.2.2) date stringio - psych (5.2.2-java) - date - jar-dependencies (>= 0.1.7) public_suffix (6.0.1) puma (6.5.0) nio4r (~> 2.0) @@ -1064,6 +1060,7 @@ GEM staccato (0.5.3) statsd-instrument (3.9.8) stringio (3.1.2) + stringio (3.1.2-java) strong_migrations (2.1.0) activerecord (>= 6.1) super_diff (0.14.0) @@ -1121,9 +1118,11 @@ GEM crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) webrick (1.9.1) - websocket-driver (0.7.6) + websocket-driver (0.7.7) + base64 websocket-extensions (>= 0.1.0) - websocket-driver (0.7.6-java) + websocket-driver (0.7.7-java) + base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) will_paginate (4.0.1)