AO3-7231 Upgrade gems and configs to Rails 8.0.x #5515
Conversation
Looked at all uses of to_time: * used for duration (difference, so zone vs offset doesn't matter) * stored in model/DB (rails converts to UTC) * read from model and sent to akismet (rails converts to UTC) * or just forced to utc strict_freshness: I don't see any issues arising from it Regexp.timeout: in my mind, 1s should be sufficient
better safe than sorry?
There was a problem hiding this comment.
Upgrade script wanted puma.rb, but I ignored it per this comment.
It also wanted to set silence_healthcheck_path in production.rb but it doesn't look like we're using the system anyways. (Noting this just in case we want something silenced, but I doubt it.)
|
|
||
| # Library for helping run pt-online-schema-change commands: | ||
| gem "departure", "~> 6.8" | ||
| gem "departure", "~> 8.0" |
There was a problem hiding this comment.
Didn't see anything of note in the changelog. Note that 8.0.1 seems to have not been published to rubygems (if it does get published I would like to pull it in).
|
|
||
| group :test do | ||
| gem "rspec-rails", "~> 6.0" | ||
| gem "rspec-rails", "~> 8.0" |
There was a problem hiding this comment.
Rails 8.0 now saves the parent model (tag set) before the child model (owned tag set), so we can't always touch it here (after_save). In that case the child model (owned tag set) is going to be saved after anyways, so it's fine to just skip touching.
This change looks to be a side effect of rails/rails#49847, but I think this ordering makes more sense so we were probably just depending on buggy behaviour.
Example, if that explanation doesn't make sense: https://gist.github.com/marcus8448/9459bcc0536f2baf0704cbea91fc9d0b
| # Raise exceptions for disallowed deprecations. | ||
| config.active_support.disallowed_deprecation = :raise | ||
|
|
||
| # Tell Active Support which deprecation messages to disallow. | ||
| config.active_support.disallowed_deprecation_warnings = [] | ||
|
|
There was a problem hiding this comment.
Removed from example config, we're not using it anyways.
| # Enable mailer previews at http://localhost:3000/rails/mailers. | ||
| config.action_mailer.show_previews = true | ||
|
|
There was a problem hiding this comment.
| # Append comments with runtime information tags to SQL queries in logs. | ||
| config.active_record.query_log_tags_enabled = true | ||
|
|
There was a problem hiding this comment.
Example (the /**/ comment):
Tag Load (0.2ms) SELECT `tags`.* FROM `tags` WHERE `tags`.`name` = 'Uncategorized Fandoms' LIMIT 1 /*action='index',application='Otwarchive',controller='home'*/| { namespace: "ao3-v2-dev", compress: true, pool: { size: 10 } } | ||
| config.public_file_server.headers = { | ||
| "Cache-Control" => "public, max-age=#{2.days.to_i}" | ||
| "cache-control" => "public, max-age=#{2.days.to_i}" |
There was a problem hiding this comment.
Rack 3 requires all response headers to be downcased (per this Rails commit). Although we haven't updated yet, I don't see any harm from doing that now.
| :content, :passw, :terms_of_service_non_production, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn | ||
| :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc, | ||
| :content, :terms_of_service_non_production |
There was a problem hiding this comment.
I put our additions onto a new line to make it easier to differentiate from the Rails defaults.
There was a problem hiding this comment.
Not sure if this file is needed since the app should be able to respond itself.
The setting will be undeprecated and enabled by default in Rails 8.2 https://redirect.github.com/rails/rails/commit/a477a3273c3c71305cc8ae1835638dc75184ad9d
| gem "rails", "~> 7.2" | ||
| gem "rails-i18n" | ||
| gem "rails", "~> 8.0.0" | ||
| gem "rails-i18n", "~> 8.0", git: "https://github.com/svenfuchs/rails-i18n", ref: "54c1c7c2fdcc311427ec6f1dadd298a60db1ddef" |
There was a problem hiding this comment.
Crashes without an unreleased bugfix. Technically this version targets rails 8.1 though, so we might want to fork and pull in a version with just the patch?
| # always enable enqueue_after_transaction_commit | ||
| # TODO: remove for rails 8.2! https://github.com/rails/rails/commit/a477a3273c3c71305cc8ae1835638dc75184ad9d | ||
| Rails.application.config.after_initialize do | ||
| ActiveSupport.on_load(:active_job) do | ||
| ActiveJob::Base.enqueue_after_transaction_commit = true | ||
| end | ||
| end |
There was a problem hiding this comment.
This is a manual re-implementation of what the deprecated config.active_job.enqueue_after_transaction_commit = :always did.
The global option is going to be undeprecated and enabled by default in Rails 8.2, so I don't see any reason to not continue with the current behaviour.
| # in config/environments, which are processed later. | ||
|
|
||
| config.load_defaults 7.2 | ||
| config.load_defaults 8.0 |
There was a problem hiding this comment.
New framework defaults
###
# Specifies whether `to_time` methods preserve the UTC offset of their receivers or preserves the timezone.
# If set to `:zone`, `to_time` methods will use the timezone of their receivers.
# If set to `:offset`, `to_time` methods will use the UTC offset.
# If `false`, `to_time` methods will convert to the local system UTC offset instead.
#++
Rails.application.config.active_support.to_time_preserves_timezone = :zone
I looked at all the uses of to_time and nothing stood out as being timezone (vs offset) dependent. Anything coming into or out of the database is normalized to UTC anyways and duration calculations shouldn't care about the zone.
###
# When both `If-Modified-Since` and `If-None-Match` are provided by the client
# only consider `If-None-Match` as specified by RFC 7232 Section 6.
# If set to `false` both conditions need to be satisfied.
#++
Rails.application.config.action_dispatch.strict_freshness = true
I don't see anything wrong with this.
###
# Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks.
#++
Regexp.timeout = 1
I think 1s should be plenty of time. Do we have any important complex regexps?
1 participant
Issue
https://otwarchive.atlassian.net/browse/AO3-7231
Purpose
Upgrade to Rails 8.0.
The upgrade was surprisingly (suspiciously?) straightforward, considering it's a major version bump. I'll add additional notes/comments in a review.
Testing Instructions
TBD, see Jira.
Credit
marcus8448 (he/him)