From 190eb672eb98e4fa966c1e731ad89fda9071f857 Mon Sep 17 00:00:00 2001 From: Ryan Williams Date: Thu, 30 May 2024 20:33:19 -0700 Subject: [PATCH] Upgrade to Rails 7.2 (#465) * Update to Rails 7.2 * run app:update * restore * update defaults * beta * beta * app:update * app:update * enable defaults * reconcile * reconcile * update puma --- Dockerfile | 63 ++++---- Gemfile | 20 +-- Gemfile.lock | 136 +++++++++--------- README.md | 2 +- bin/brakeman | 24 +--- bin/rubocop | 25 +--- bin/setup | 6 +- config/application.rb | 2 - config/boot.rb | 2 - config/database.yml | 11 +- config/environment.rb | 2 - config/environments/development.rb | 17 +-- config/environments/production.rb | 18 +-- config/environments/test.rb | 17 ++- config/initializers/assets.rb | 2 - .../initializers/content_security_policy.rb | 2 - .../initializers/filter_parameter_logging.rb | 4 +- config/initializers/inflections.rb | 2 - .../new_framework_defaults_7_2.rb | 70 +++++++++ config/initializers/permissions_policy.rb | 2 - config/puma.rb | 71 +++++---- development.Dockerfile | 10 +- 22 files changed, 264 insertions(+), 244 deletions(-) create mode 100644 config/initializers/new_framework_defaults_7_2.rb diff --git a/Dockerfile b/Dockerfile index 0bcb3c9..56507f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,39 +1,34 @@ -# syntax=docker/dockerfile:1 +# syntax = docker/dockerfile:1 + +# This Dockerfile is designed for production, not development. Use with Kamal or build'n'run by hand: +# docker build -t my-app . +# docker run -d -p 80:80 -p 443:443 --name my-app -e RAILS_MASTER_KEY= my-app # Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile ARG RUBY_VERSION=3.3.1 -FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim as base +FROM docker.io/library/ruby:$RUBY_VERSION-slim as base +# Rails app lives here WORKDIR /rails +# Install base packages +RUN apt-get update -qq && \ + apt-get install --no-install-recommends -y curl libjemalloc2 libvips postgresql-client && \ + rm -rf /var/lib/apt/lists /var/cache/apt/archives + # Set production environment ENV RAILS_ENV="production" \ BUNDLE_DEPLOYMENT="1" \ - BUNDLE_JOBS="4" \ - BUNDLE_WITHOUT="development:test" \ - BUNDLE_PATH="/usr/local/bundle" - + BUNDLE_PATH="/usr/local/bundle" \ + BUNDLE_WITHOUT="development" # Throw-away build stage to reduce size of final image FROM base as build # Install packages needed to build gems -# NOTE: This example project intentionally does not require or install node.js - -RUN --mount=type=cache,target=/var/cache/apt \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - --mount=type=tmpfs,target=/var/log \ - rm -f /etc/apt/apt.conf.d/docker-clean; \ - echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache; \ - apt-get update -qq \ - && apt-get install -yq --no-install-recommends \ - build-essential \ - gnupg2 \ - less \ - git \ - libpq-dev \ - libvips \ - pkg-config +RUN apt-get update -qq && \ + apt-get install --no-install-recommends -y build-essential git libpq-dev pkg-config && \ + rm -rf /var/lib/apt/lists /var/cache/apt/archives # Install application gems COPY Gemfile Gemfile.lock ./ @@ -51,36 +46,26 @@ RUN bundle exec bootsnap precompile app/ lib/ RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile + + # Final stage for app image FROM base -# Install packages needed for deployment -RUN --mount=type=cache,target=/var/cache/apt \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - --mount=type=tmpfs,target=/var/log \ - rm -f /etc/apt/apt.conf.d/docker-clean; \ - echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache; \ - apt-get update -qq \ - && apt-get install -yq --no-install-recommends \ - curl \ - postgresql-client \ - libvips - # Copy built artifacts: gems, application -COPY --from=build /usr/local/bundle /usr/local/bundle +COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}" COPY --from=build /rails /rails # Run and own only the runtime files as a non-root user for security -RUN useradd rails --create-home --shell /bin/bash && \ +RUN groupadd --system --gid 1000 rails && \ + useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \ chown -R rails:rails db log storage tmp -USER rails:rails +USER 1000:1000 # Entrypoint prepares the database. ENTRYPOINT ["/rails/bin/docker-entrypoint"] HEALTHCHECK --interval=15s --timeout=3s --start-period=0s --start-interval=5s --retries=3 \ CMD curl -f http://localhost:3000/up || exit 1 - # Start the server by default, this can be overwritten at runtime EXPOSE 3000 -CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"] +CMD ["./bin/rails", "server"] diff --git a/Gemfile b/Gemfile index 7559ff0..1fe72c8 100644 --- a/Gemfile +++ b/Gemfile @@ -6,8 +6,8 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" } ruby "3.3.1" # Bundle edge Rails instead: -# gem "rails", github: "rails/rails", branch: "main" -gem "rails", "7.1.3.3" +# gem "rails", github: "rails/rails", branch: "7-2-stable" +gem "rails", "~> 7.2.0.beta1" # The original asset pipeline for Rails [https://github.com/rails/sprockets-rails] gem "sprockets-rails" @@ -49,13 +49,18 @@ gem "bootsnap", require: false gem "image_processing", "~> 1.2" group :development, :test do - gem "brakeman" - gem "bundler-audit" # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem - gem "debug", platforms: %i[ mri windows ] + gem "debug", platforms: %i[ mri windows ], require: "debug/prelude" + + # Static analysis for security vulnerabilities [https://brakemanscanner.org/] + gem "brakeman", require: false + + # Omakase Ruby styling [https://github.com/rails/rubocop-rails-omakase/] + gem "rubocop-rails-omakase", require: false + + gem "bundler-audit" gem "rspec-rails" gem "rubocop-rails" - gem "rubocop-rails-omakase", require: false gem "rubocop-rspec" end @@ -65,9 +70,6 @@ group :development do # Add speed badges [https://github.com/MiniProfiler/rack-mini-profiler] gem "rack-mini-profiler" - - # Speed up commands on slow machines / big apps [https://github.com/rails/spring] - # gem "spring" end group :test do diff --git a/Gemfile.lock b/Gemfile.lock index 43e5e03..4d39125 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,35 +1,29 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.1.3.3) - actionpack (= 7.1.3.3) - activesupport (= 7.1.3.3) + actioncable (7.2.0.beta1) + actionpack (= 7.2.0.beta1) + activesupport (= 7.2.0.beta1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.1.3.3) - actionpack (= 7.1.3.3) - activejob (= 7.1.3.3) - activerecord (= 7.1.3.3) - activestorage (= 7.1.3.3) - activesupport (= 7.1.3.3) - mail (>= 2.7.1) - net-imap - net-pop - net-smtp - actionmailer (7.1.3.3) - actionpack (= 7.1.3.3) - actionview (= 7.1.3.3) - activejob (= 7.1.3.3) - activesupport (= 7.1.3.3) - mail (~> 2.5, >= 2.5.4) - net-imap - net-pop - net-smtp + actionmailbox (7.2.0.beta1) + actionpack (= 7.2.0.beta1) + activejob (= 7.2.0.beta1) + activerecord (= 7.2.0.beta1) + activestorage (= 7.2.0.beta1) + activesupport (= 7.2.0.beta1) + mail (>= 2.8.0) + actionmailer (7.2.0.beta1) + actionpack (= 7.2.0.beta1) + actionview (= 7.2.0.beta1) + activejob (= 7.2.0.beta1) + activesupport (= 7.2.0.beta1) + mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.1.3.3) - actionview (= 7.1.3.3) - activesupport (= 7.1.3.3) + actionpack (7.2.0.beta1) + actionview (= 7.2.0.beta1) + activesupport (= 7.2.0.beta1) nokogiri (>= 1.8.5) racc rack (>= 2.2.4) @@ -37,44 +31,44 @@ GEM rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - actiontext (7.1.3.3) - actionpack (= 7.1.3.3) - activerecord (= 7.1.3.3) - activestorage (= 7.1.3.3) - activesupport (= 7.1.3.3) + useragent (~> 0.16) + actiontext (7.2.0.beta1) + actionpack (= 7.2.0.beta1) + activerecord (= 7.2.0.beta1) + activestorage (= 7.2.0.beta1) + activesupport (= 7.2.0.beta1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.1.3.3) - activesupport (= 7.1.3.3) + actionview (7.2.0.beta1) + activesupport (= 7.2.0.beta1) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.1.3.3) - activesupport (= 7.1.3.3) + activejob (7.2.0.beta1) + activesupport (= 7.2.0.beta1) globalid (>= 0.3.6) - activemodel (7.1.3.3) - activesupport (= 7.1.3.3) - activerecord (7.1.3.3) - activemodel (= 7.1.3.3) - activesupport (= 7.1.3.3) + activemodel (7.2.0.beta1) + activesupport (= 7.2.0.beta1) + activerecord (7.2.0.beta1) + activemodel (= 7.2.0.beta1) + activesupport (= 7.2.0.beta1) timeout (>= 0.4.0) - activestorage (7.1.3.3) - actionpack (= 7.1.3.3) - activejob (= 7.1.3.3) - activerecord (= 7.1.3.3) - activesupport (= 7.1.3.3) + activestorage (7.2.0.beta1) + actionpack (= 7.2.0.beta1) + activejob (= 7.2.0.beta1) + activerecord (= 7.2.0.beta1) + activesupport (= 7.2.0.beta1) marcel (~> 1.0) - activesupport (7.1.3.3) + activesupport (7.2.0.beta1) base64 bigdecimal - concurrent-ruby (~> 1.0, >= 1.0.2) + concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) minitest (>= 5.1) - mutex_m - tzinfo (~> 2.0) + tzinfo (~> 2.0, >= 2.0.5) addressable (2.8.6) public_suffix (>= 2.0.2, < 6.0) ast (2.4.2) @@ -98,7 +92,7 @@ GEM rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - concurrent-ruby (1.2.3) + concurrent-ruby (1.3.1) connection_pool (2.4.1) crass (1.0.6) date (3.3.4) @@ -143,7 +137,6 @@ GEM mini_mime (1.1.5) minitest (5.23.1) msgpack (1.7.2) - mutex_m (0.2.0) net-imap (0.4.11) date net-protocol @@ -161,7 +154,7 @@ GEM nokogiri (1.16.5-x86_64-linux) racc (~> 1.4) parallel (1.24.0) - parser (3.3.1.0) + parser (3.3.2.0) ast (~> 2.4.1) racc pg (1.5.6) @@ -181,20 +174,20 @@ GEM rackup (2.1.0) rack (>= 3) webrick (~> 1.8) - rails (7.1.3.3) - actioncable (= 7.1.3.3) - actionmailbox (= 7.1.3.3) - actionmailer (= 7.1.3.3) - actionpack (= 7.1.3.3) - actiontext (= 7.1.3.3) - actionview (= 7.1.3.3) - activejob (= 7.1.3.3) - activemodel (= 7.1.3.3) - activerecord (= 7.1.3.3) - activestorage (= 7.1.3.3) - activesupport (= 7.1.3.3) + rails (7.2.0.beta1) + actioncable (= 7.2.0.beta1) + actionmailbox (= 7.2.0.beta1) + actionmailer (= 7.2.0.beta1) + actionpack (= 7.2.0.beta1) + actiontext (= 7.2.0.beta1) + actionview (= 7.2.0.beta1) + activejob (= 7.2.0.beta1) + activemodel (= 7.2.0.beta1) + activerecord (= 7.2.0.beta1) + activestorage (= 7.2.0.beta1) + activesupport (= 7.2.0.beta1) bundler (>= 1.15.0) - railties (= 7.1.3.3) + railties (= 7.2.0.beta1) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -202,10 +195,10 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (7.1.3.3) - actionpack (= 7.1.3.3) - activesupport (= 7.1.3.3) - irb + railties (7.2.0.beta1) + actionpack (= 7.2.0.beta1) + activesupport (= 7.2.0.beta1) + irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) @@ -219,7 +212,7 @@ GEM redis-client (0.22.2) connection_pool regexp_parser (2.9.2) - reline (0.5.7) + reline (0.5.8) io-console (~> 0.5) rexml (3.2.8) strscan (>= 3.0.9) @@ -309,6 +302,7 @@ GEM tzinfo (2.0.6) concurrent-ruby (~> 1.0) unicode-display_width (2.5.0) + useragent (0.16.10) web-console (4.2.1) actionview (>= 6.0.0) activemodel (>= 6.0.0) @@ -321,7 +315,7 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.14) + zeitwerk (2.6.15) PLATFORMS aarch64-linux @@ -341,7 +335,7 @@ DEPENDENCIES pg (~> 1.5) puma (~> 6.4) rack-mini-profiler - rails (= 7.1.3.3) + rails (~> 7.2.0.beta1) redis (~> 5.2) rspec-rails rubocop-rails diff --git a/README.md b/README.md index 480e13f..f9aff13 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,7 @@ docker run --rm --env SECRET_KEY_BASE=dummy rails-on-docker ### With legacy builder (no BuildKit) ``` -docker build --tag rails-on-docker --file production.Dockerfile . +docker build --tag rails-on-docker . ``` Test the image can be used and Rails starts up, use a fake key for testing purposes only: diff --git a/bin/brakeman b/bin/brakeman index b4fe8de..ace1c9b 100755 --- a/bin/brakeman +++ b/bin/brakeman @@ -1,27 +1,7 @@ #!/usr/bin/env ruby -# frozen_string_literal: true - -# -# This file was generated by Bundler. -# -# The application 'brakeman' is installed as part of a gem, and -# this file is here to facilitate running it. -# - -ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) - -bundle_binstub = File.expand_path("bundle", __dir__) - -if File.file?(bundle_binstub) - if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") - load(bundle_binstub) - else - abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. -Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") - end -end - require "rubygems" require "bundler/setup" +ARGV.unshift("--ensure-latest") + load Gem.bin_path("brakeman", "brakeman") diff --git a/bin/rubocop b/bin/rubocop index 369a05b..40330c0 100755 --- a/bin/rubocop +++ b/bin/rubocop @@ -1,27 +1,8 @@ #!/usr/bin/env ruby -# frozen_string_literal: true - -# -# This file was generated by Bundler. -# -# The application 'rubocop' is installed as part of a gem, and -# this file is here to facilitate running it. -# - -ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) - -bundle_binstub = File.expand_path("bundle", __dir__) - -if File.file?(bundle_binstub) - if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") - load(bundle_binstub) - else - abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. -Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") - end -end - require "rubygems" require "bundler/setup" +# explicit rubocop config increases performance slightly while avoiding config confusion. +ARGV.unshift("--config", File.expand_path("../.rubocop.yml", __dir__)) + load Gem.bin_path("rubocop", "rubocop") diff --git a/bin/setup b/bin/setup index 3cd5a9d..2bc13eb 100755 --- a/bin/setup +++ b/bin/setup @@ -1,8 +1,8 @@ #!/usr/bin/env ruby require "fileutils" -# path to your application root. APP_ROOT = File.expand_path("..", __dir__) +APP_NAME = "railsondocker" def system!(*args) system(*args, exception: true) @@ -30,4 +30,8 @@ FileUtils.chdir APP_ROOT do puts "\n== Restarting application server ==" system! "bin/rails restart" + + # puts "\n== Configuring puma-dev ==" + # system "ln -nfs #{APP_ROOT} ~/.puma-dev/#{APP_NAME}" + # system "curl -Is https://#{APP_NAME}.test/up | head -n 1" end diff --git a/config/application.rb b/config/application.rb index ef2edd9..3a9a2bf 100644 --- a/config/application.rb +++ b/config/application.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true - require_relative "boot" require "rails" diff --git a/config/boot.rb b/config/boot.rb index aef6d03..988a5dd 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true - ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) require "bundler/setup" # Set up gems listed in the Gemfile. diff --git a/config/database.yml b/config/database.yml index 33a842c..dab5735 100644 --- a/config/database.yml +++ b/config/database.yml @@ -19,17 +19,18 @@ default: &default # https://guides.rubyonrails.org/configuring.html#database-pooling pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %> + development: <<: *default database: railsondocker_development - # The specified database role being used to connect to postgres. - # To create additional roles in postgres see `$ createuser --help`. - # When left blank, postgres will use the default role. This is + # The specified database role being used to connect to PostgreSQL. + # To create additional roles in PostgreSQL see `$ createuser --help`. + # When left blank, PostgreSQL will use the default role. This is # the same name as the operating system user running Rails. - #username: railsondocker + #username: railsondocker72pg - # The password associated with the postgres role (username). + # The password associated with the PostgreSQL role (username). #password: # Connect on a TCP socket. Omitted by default since the client uses a diff --git a/config/environment.rb b/config/environment.rb index 7df99e8..cac5315 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true - # Load the Rails application. require_relative "application" diff --git a/config/environments/development.rb b/config/environments/development.rb index 8bb6bd5..7801b42 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true - require "active_support/core_ext/integer/time" Rails.application.configure do @@ -19,7 +17,7 @@ Rails.application.configure do # Allow access when running in docker config.web_console.allowed_ips = [ "172.16.0.0/12", "192.168.0.0/16" ] - # Enable server timing + # Enable server timing. config.server_timing = true # Enable/disable caching. By default caching is disabled. @@ -29,9 +27,7 @@ Rails.application.configure do config.action_controller.enable_fragment_cache_logging = true config.cache_store = :memory_store - config.public_file_server.headers = { - "Cache-Control" => "public, max-age=#{2.days.to_i}" - } + config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false @@ -46,6 +42,8 @@ Rails.application.configure do config.action_mailer.perform_caching = false + config.action_mailer.default_url_options = { host: "localhost", port: 3000 } + # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log @@ -71,11 +69,14 @@ Rails.application.configure do # config.i18n.raise_on_missing_translations = true # Annotate rendered view with file names. - # config.action_view.annotate_rendered_view_with_filenames = true + config.action_view.annotate_rendered_view_with_filenames = true # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true - # Raise error when a before_action's only/except options reference missing actions + # Raise error when a before_action's only/except options reference missing actions. config.action_controller.raise_on_missing_callback_actions = true + + # Apply autocorrection by RuboCop to files generated by `bin/rails generate`. + # config.generators.apply_rubocop_autocorrect_after_generate! end diff --git a/config/environments/production.rb b/config/environments/production.rb index 305ca52..a02c8a7 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true - require "active_support/core_ext/integer/time" Rails.application.configure do @@ -15,20 +13,20 @@ Rails.application.configure do config.eager_load = true # Full error reports are disabled and caching is turned on. - config.consider_all_requests_local = false + config.consider_all_requests_local = false config.action_controller.perform_caching = true # Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment # key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files). # config.require_master_key = true - # Enable static file serving from the `/public` folder (turn off if using NGINX/Apache for it). - config.public_file_server.enabled = true + # Disable serving static files from `public/`, relying on NGINX/Apache to do so instead. + # config.public_file_server.enabled = false # Compress CSS using a preprocessor. # config.assets.css_compressor = :sass - # Do not fallback to assets pipeline if a precompiled asset is missed. + # Do not fall back to assets pipeline if a precompiled asset is missed. config.assets.compile = false # Enable serving of images, stylesheets, and JavaScripts from an asset server. @@ -51,7 +49,9 @@ Rails.application.configure do # config.assume_ssl = true # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = false + config.force_ssl = true + # Skip http-to-https redirect for the default health check endpoint. + # config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } } # Log to STDOUT by default config.logger = ActiveSupport::Logger.new(STDOUT) @@ -61,7 +61,7 @@ Rails.application.configure do # Prepend all log lines with the following tags. config.log_tags = [ :request_id ] - # Info include generic and useful information about system operation, but avoids logging too much + # "info" includes generic and useful information about system operation, but avoids logging too much # information to avoid inadvertent exposure of personally identifiable information (PII). If you # want to log everything, set the level to "debug". config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info") @@ -70,7 +70,7 @@ Rails.application.configure do # config.cache_store = :mem_cache_store # Use a real queuing backend for Active Job (and separate queues per environment). - # config.active_job.queue_adapter = :resque + # config.active_job.queue_adapter = :resque # config.active_job.queue_name_prefix = "railsondocker_production" config.action_mailer.perform_caching = false diff --git a/config/environments/test.rb b/config/environments/test.rb index e102d8a..8781777 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true - require "active_support/core_ext/integer/time" # The test environment is used exclusively to run your application's @@ -20,17 +18,14 @@ Rails.application.configure do config.eager_load = ENV["CI"].present? # Configure public file server for tests with Cache-Control for performance. - config.public_file_server.enabled = true - config.public_file_server.headers = { - "Cache-Control" => "public, max-age=#{1.hour.to_i}" - } + config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{1.hour.to_i}" } # Show full error reports and disable caching. - config.consider_all_requests_local = true + config.consider_all_requests_local = true config.action_controller.perform_caching = false config.cache_store = :null_store - # Raise exceptions instead of rendering exception templates. + # Render exception templates for rescuable exceptions and raise for other exceptions. config.action_dispatch.show_exceptions = :rescuable # Disable request forgery protection in test environment. @@ -46,6 +41,10 @@ Rails.application.configure do # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test + # Unlike controllers, the mailer instance doesn't have any context about the + # incoming request so you'll need to provide the :host parameter yourself. + config.action_mailer.default_url_options = { host: "www.example.com" } + # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr @@ -61,6 +60,6 @@ Rails.application.configure do # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true - # Raise error when a before_action's only/except options reference missing actions + # Raise error when a before_action's only/except options reference missing actions. config.action_controller.raise_on_missing_callback_actions = true end diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb index 101a290..2eeef96 100644 --- a/config/initializers/assets.rb +++ b/config/initializers/assets.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true - # Be sure to restart your server when you modify this file. # Version of your assets, change this if you want to expire all your assets. diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 35ab3fd..b3076b3 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true - # Be sure to restart your server when you modify this file. # Define an application-wide content security policy. diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index a119afa..c010b83 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,10 +1,8 @@ -# frozen_string_literal: true - # Be sure to restart your server when you modify this file. # Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. # Use this to limit dissemination of sensitive information. # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. Rails.application.config.filter_parameters += [ - :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn + :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn ] diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index 9e049dc..3860f65 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true - # Be sure to restart your server when you modify this file. # Add new inflection rules using the following format. Inflections diff --git a/config/initializers/new_framework_defaults_7_2.rb b/config/initializers/new_framework_defaults_7_2.rb new file mode 100644 index 0000000..683cc7b --- /dev/null +++ b/config/initializers/new_framework_defaults_7_2.rb @@ -0,0 +1,70 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 7.2 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `7.2`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +### +# Controls whether Active Job's `#perform_later` and similar methods automatically defer +# the job queuing to after the current Active Record transaction is committed. +# +# Example: +# Topic.transaction do +# topic = Topic.create(...) +# NewTopicNotificationJob.perform_later(topic) +# end +# +# In this example, if the configuration is set to `:never`, the job will +# be enqueued immediately, even though the `Topic` hasn't been committed yet. +# Because of this, if the job is picked up almost immediately, or if the +# transaction doesn't succeed for some reason, the job will fail to find this +# topic in the database. +# +# If `enqueue_after_transaction_commit` is set to `:default`, the queue adapter +# will define the behaviour. +# +# Note: Active Job backends can disable this feature. This is generally done by +# backends that use the same database as Active Record as a queue, hence they +# don't need this feature. +#++ +Rails.application.config.active_job.enqueue_after_transaction_commit = :default + +### +# Adds image/webp to the list of content types Active Storage considers as an image +# Prevents automatic conversion to a fallback PNG, and assumes clients support WebP, as they support gif, jpeg, and png. +# This is possible due to broad browser support for WebP, but older browsers and email clients may still not support +# WebP. Requires imagemagick/libvips built with WebP support. +#++ +Rails.application.config.active_storage.web_image_content_types = %w[image/png image/jpeg image/gif image/webp] + +### +# Enable validation of migration timestamps. When set, an ActiveRecord::InvalidMigrationTimestampError +# will be raised if the timestamp prefix for a migration is more than a day ahead of the timestamp +# associated with the current time. This is done to prevent forward-dating of migration files, which can +# impact migration generation and other migration commands. +# +# Applications with existing timestamped migrations that do not adhere to the +# expected format can disable validation by setting this config to `false`. +#++ +Rails.application.config.active_record.validate_migration_timestamps = true + +### +# Controls whether the PostgresqlAdapter should decode dates automatically with manual queries. +# +# Example: +# ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.select_value("select '2024-01-01'::date") #=> Date +# +# This query used to return a `String`. +#++ +Rails.application.config.active_record.postgresql_adapter_decode_dates = true + +### +# Enables YJIT as of Ruby 3.3, to bring sizeable performance improvements. If you are +# deploying to a memory constrained environment you may want to set this to `false`. +#++ +Rails.application.config.yjit = true diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb index e8d0b2a..7db3b95 100644 --- a/config/initializers/permissions_policy.rb +++ b/config/initializers/permissions_policy.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true - # Be sure to restart your server when you modify this file. # Define an application-wide HTTP permissions policy. For further diff --git a/config/puma.rb b/config/puma.rb index 40efb18..6392929 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -1,37 +1,54 @@ -# frozen_string_literal: true - # This configuration file will be evaluated by Puma. The top-level methods that # are invoked here are part of Puma's configuration DSL. For more information # about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html. -# Puma can serve each request in a thread from an internal thread pool. -# The `threads` method setting takes two numbers: a minimum and maximum. -# Any libraries that use thread pools should be configured to match -# the maximum value specified for Puma. Default is set to 5 threads for minimum -# and maximum; this matches the default thread size of Active Record. -max_threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 } -min_threads_count = ENV.fetch("RAILS_MIN_THREADS") { max_threads_count } -threads min_threads_count, max_threads_count - -# Specifies that the worker count should equal the number of processors in production. -if ENV["RAILS_ENV"] == "production" - require "concurrent-ruby" - worker_count = Integer(ENV.fetch("WEB_CONCURRENCY") { Concurrent.physical_processor_count }) - workers worker_count if worker_count > 1 -end - -# Specifies the `worker_timeout` threshold that Puma will use to wait before -# terminating a worker in development environments. -worker_timeout 3600 if ENV.fetch("RAILS_ENV", "development") == "development" - -# Specifies the `port` that Puma will listen on to receive requests; default is 3000. -port ENV.fetch("PORT") { 3000 } +# Puma starts a configurable number of processes (workers) and each process +# serves each request in a thread from an internal thread pool. +# +# The ideal number of threads per worker depends both on how much time the +# application spends waiting for IO operations and on how much you wish to +# to prioritize throughput over latency. +# +# As a rule of thumb, increasing the number of threads will increase how much +# traffic a given process can handle (throughput), but due to CRuby's +# Global VM Lock (GVL) it has diminishing returns and will degrade the +# response time (latency) of the application. +# +# The default is set to 3 threads as it's deemed a decent compromise between +# throughput and latency for the average Rails application. +# +# Any libraries that use a connection pool or another resource pool should +# be configured to provide at least as many connections as the number of +# threads. This includes Active Record's `pool` parameter in `database.yml`. +threads_count = ENV.fetch("RAILS_MAX_THREADS", 3) +threads threads_count, threads_count # Specifies the `environment` that Puma will run in. -environment ENV.fetch("RAILS_ENV") { "development" } +rails_env = ENV.fetch("RAILS_ENV", "development") +environment rails_env -# Specifies the `pidfile` that Puma will use. -pidfile ENV.fetch("PIDFILE") { "tmp/pids/server.pid" } +case rails_env +when "production" + # If you are running more than 1 thread per process, the workers count + # should be equal to the number of processors (CPU cores) in production. + # + # Automatically detect the number of available processors in production. + require "concurrent-ruby" + workers_count = Integer(ENV.fetch("WEB_CONCURRENCY") { Concurrent.available_processor_count }) + workers workers_count if workers_count > 1 + + preload_app! +when "development" + # Specifies a very generous `worker_timeout` so that the worker + # isn't killed by Puma when suspended by a debugger. + worker_timeout 3600 +end + +# Specifies the `port` that Puma will listen on to receive requests; default is 3000. +port ENV.fetch("PORT", 3000) # Allow puma to be restarted by `bin/rails restart` command. plugin :tmp_restart + +# Only use a pidfile when requested +pidfile ENV["PIDFILE"] if ENV["PIDFILE"] diff --git a/development.Dockerfile b/development.Dockerfile index 4595d62..022f402 100644 --- a/development.Dockerfile +++ b/development.Dockerfile @@ -1,8 +1,8 @@ -# syntax=docker/dockerfile:1 +# syntax = docker/dockerfile:1 # Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile ARG RUBY_VERSION=3.3.1 -FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim as base +FROM docker.io/library/ruby:$RUBY_VERSION-slim as base # OS Level Dependencies RUN --mount=type=cache,target=/var/cache/apt \ @@ -19,7 +19,9 @@ RUN --mount=type=cache,target=/var/cache/apt \ libpq-dev \ postgresql-client \ libvips \ - curl + curl \ + libjemalloc2 \ + pkg-config ENV LANG=C.UTF-8 \ BUNDLE_JOBS=4 \ @@ -33,4 +35,4 @@ ENTRYPOINT ["./bin/docker-entrypoint-development"] EXPOSE 3000 -CMD ["bundle", "exec", "rails", "s", "-b", "0.0.0.0"] +CMD ["./bin/rails", "server"]