From 8503eb52d922e4c15743dc76716f777cf449a220 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 20 Oct 2024 05:23:42 +0000 Subject: [PATCH 01/14] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONMAILER-8220269 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-8220162 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-8220268 - https://snyk.io/vuln/SNYK-RUBY-ACTIONTEXT-8220270 --- Gemfile | 2 +- Gemfile.lock | 223 ++++++++++++++++++++++++++++++--------------------- 2 files changed, 131 insertions(+), 94 deletions(-) diff --git a/Gemfile b/Gemfile index 6990a635..27fc72c4 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" } ruby '>= 3.0.0' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 6.1', '>= 6.1.7.8' +gem 'rails', '~> 7.0', '>= 7.0.0' # Use Puma as the app server gem 'puma', '~> 6.4' diff --git a/Gemfile.lock b/Gemfile.lock index ba800168..f42656b0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,73 +1,90 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.8) - actionpack (= 6.1.7.8) - activesupport (= 6.1.7.8) + actioncable (7.1.4.1) + actionpack (= 7.1.4.1) + activesupport (= 7.1.4.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.8) - actionpack (= 6.1.7.8) - activejob (= 6.1.7.8) - activerecord (= 6.1.7.8) - activestorage (= 6.1.7.8) - activesupport (= 6.1.7.8) + zeitwerk (~> 2.6) + actionmailbox (7.1.4.1) + actionpack (= 7.1.4.1) + activejob (= 7.1.4.1) + activerecord (= 7.1.4.1) + activestorage (= 7.1.4.1) + activesupport (= 7.1.4.1) mail (>= 2.7.1) - actionmailer (6.1.7.8) - actionpack (= 6.1.7.8) - actionview (= 6.1.7.8) - activejob (= 6.1.7.8) - activesupport (= 6.1.7.8) + net-imap + net-pop + net-smtp + actionmailer (7.1.4.1) + actionpack (= 7.1.4.1) + actionview (= 7.1.4.1) + activejob (= 7.1.4.1) + activesupport (= 7.1.4.1) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (6.1.7.8) - actionview (= 6.1.7.8) - activesupport (= 6.1.7.8) - rack (~> 2.0, >= 2.0.9) + net-imap + net-pop + net-smtp + rails-dom-testing (~> 2.2) + actionpack (7.1.4.1) + actionview (= 7.1.4.1) + activesupport (= 7.1.4.1) + nokogiri (>= 1.8.5) + racc + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.8) - actionpack (= 6.1.7.8) - activerecord (= 6.1.7.8) - activestorage (= 6.1.7.8) - activesupport (= 6.1.7.8) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actiontext (7.1.4.1) + actionpack (= 7.1.4.1) + activerecord (= 7.1.4.1) + activestorage (= 7.1.4.1) + activesupport (= 7.1.4.1) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7.8) - activesupport (= 6.1.7.8) + actionview (7.1.4.1) + activesupport (= 7.1.4.1) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.8) - activesupport (= 6.1.7.8) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (7.1.4.1) + activesupport (= 7.1.4.1) globalid (>= 0.3.6) - activemodel (6.1.7.8) - activesupport (= 6.1.7.8) - activerecord (6.1.7.8) - activemodel (= 6.1.7.8) - activesupport (= 6.1.7.8) - activestorage (6.1.7.8) - actionpack (= 6.1.7.8) - activejob (= 6.1.7.8) - activerecord (= 6.1.7.8) - activesupport (= 6.1.7.8) + activemodel (7.1.4.1) + activesupport (= 7.1.4.1) + activerecord (7.1.4.1) + activemodel (= 7.1.4.1) + activesupport (= 7.1.4.1) + timeout (>= 0.4.0) + activestorage (7.1.4.1) + actionpack (= 7.1.4.1) + activejob (= 7.1.4.1) + activerecord (= 7.1.4.1) + activesupport (= 7.1.4.1) marcel (~> 1.0) - mini_mime (>= 1.1.0) - activesupport (6.1.7.8) + activesupport (7.1.4.1) + base64 + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) minitest (>= 5.1) + mutex_m tzinfo (~> 2.0) - zeitwerk (~> 2.3) addressable (2.8.4) public_suffix (>= 2.0.2, < 6.0) ast (2.4.2) + base64 (0.2.0) + bigdecimal (3.1.8) bootsnap (1.16.0) msgpack (~> 1.2) - builder (3.2.4) + builder (3.3.0) byebug (11.1.3) - concurrent-ruby (1.2.2) + concurrent-ruby (1.3.4) connection_pool (2.4.0) crack (0.4.5) rexml @@ -78,7 +95,8 @@ GEM dotenv-rails (2.8.1) dotenv (= 2.8.1) railties (>= 3.2) - erubi (1.12.0) + drb (2.2.1) + erubi (1.13.0) factory_bot (6.2.1) activesupport (>= 5.0.0) factory_bot_rails (6.2.0) @@ -92,29 +110,33 @@ GEM globalid (1.2.1) activesupport (>= 6.1) hashdiff (1.0.1) - i18n (1.12.0) + i18n (1.14.6) concurrent-ruby (~> 1.0) + io-console (0.7.2) + irb (1.14.1) + rdoc (>= 4.0.0) + reline (>= 0.4.2) json (2.6.3) jwt (2.7.0) listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.20.0) + loofah (2.22.0) crass (~> 1.0.2) - nokogiri (>= 1.5.9) + nokogiri (>= 1.12.0) mail (2.8.1) mini_mime (>= 0.1.1) net-imap net-pop net-smtp marcel (1.0.4) - method_source (1.0.0) mini_mime (1.1.5) mini_portile2 (2.8.7) - minitest (5.18.0) + minitest (5.25.1) minitest-stub_any_instance (1.0.3) msgpack (1.7.0) - net-imap (0.4.14) + mutex_m (0.2.0) + net-imap (0.4.17) date net-protocol net-pop (0.1.2) @@ -123,60 +145,74 @@ GEM timeout net-smtp (0.5.0) net-protocol - nio4r (2.7.1) - nokogiri (1.16.5) + nio4r (2.7.3) + nokogiri (1.16.7) mini_portile2 (~> 2.8.2) racc (~> 1.4) parallel (1.22.1) parser (3.2.2.0) ast (~> 2.4.1) pg (1.4.6) + psych (5.1.2) + stringio public_suffix (5.0.1) puma (6.4.2) nio4r (~> 2.0) - racc (1.7.3) - rack (2.2.9) + racc (1.8.1) + rack (3.1.8) + rack-session (2.0.0) + rack (>= 3.0.0) rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.8) - actioncable (= 6.1.7.8) - actionmailbox (= 6.1.7.8) - actionmailer (= 6.1.7.8) - actionpack (= 6.1.7.8) - actiontext (= 6.1.7.8) - actionview (= 6.1.7.8) - activejob (= 6.1.7.8) - activemodel (= 6.1.7.8) - activerecord (= 6.1.7.8) - activestorage (= 6.1.7.8) - activesupport (= 6.1.7.8) + rackup (2.1.0) + rack (>= 3) + webrick (~> 1.8) + rails (7.1.4.1) + actioncable (= 7.1.4.1) + actionmailbox (= 7.1.4.1) + actionmailer (= 7.1.4.1) + actionpack (= 7.1.4.1) + actiontext (= 7.1.4.1) + actionview (= 7.1.4.1) + activejob (= 7.1.4.1) + activemodel (= 7.1.4.1) + activerecord (= 7.1.4.1) + activestorage (= 7.1.4.1) + activesupport (= 7.1.4.1) bundler (>= 1.15.0) - railties (= 6.1.7.8) - sprockets-rails (>= 2.0.0) + railties (= 7.1.4.1) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.5.0) - loofah (~> 2.19, >= 2.19.1) - railties (6.1.7.8) - actionpack (= 6.1.7.8) - activesupport (= 6.1.7.8) - method_source + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) + railties (7.1.4.1) + actionpack (= 7.1.4.1) + activesupport (= 7.1.4.1) + irb + rackup (>= 1.0.0) rake (>= 12.2) - thor (~> 1.0) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) rainbow (3.1.1) - rake (13.0.6) + rake (13.2.1) rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) + rdoc (6.7.0) + psych (>= 4.0.0) redis (4.8.1) redis-namespace (1.11.0) redis (>= 4) regexp_parser (2.7.0) + reline (0.5.10) + io-console (~> 0.5) rexml (3.2.8) strscan (>= 3.0.9) rspec-core (3.12.1) @@ -225,20 +261,14 @@ GEM spring-watcher-listen (2.0.1) listen (>= 2.7, < 4.0) spring (>= 1.2, < 3.0) - sprockets (4.2.1) - concurrent-ruby (~> 1.0) - rack (>= 2.2.4, < 4) - sprockets-rails (3.5.1) - actionpack (>= 6.1) - activesupport (>= 6.1) - sprockets (>= 3.0.0) sqlite3 (1.6.2) mini_portile2 (~> 2.8.0) + stringio (3.1.1) strscan (3.1.0) tabulo (2.8.2) tty-screen (= 0.8.1) unicode-display_width (~> 2.2) - thor (1.2.1) + thor (1.3.2) timeout (0.4.1) tty-screen (0.8.1) tzinfo (2.0.6) @@ -248,10 +278,11 @@ GEM addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) + webrick (1.8.2) websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.6.7) + zeitwerk (2.6.18) PLATFORMS ruby @@ -268,7 +299,7 @@ DEPENDENCIES minitest-stub_any_instance pg (~> 1.4.4) puma (~> 6.4) - rails (~> 6.1, >= 6.1.7.8) + rails (~> 7.0, >= 7.0.0) rails-controller-testing redis (~> 4.8.0) redis-namespace (~> 1.11.0) @@ -283,3 +314,9 @@ DEPENDENCIES tabulo (~> 2.8.1) tzinfo-data webmock + +RUBY VERSION + ruby 3.0.0p0 + +BUNDLED WITH + 2.2.3 From c7c6250b2bfaed0fc75bec1cdb0b77fb0eb4fbf6 Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Tue, 12 Nov 2024 08:57:50 +0100 Subject: [PATCH 02/14] load rails 7.0 defaults (note https://guides.rubyonrails.org/upgrading_ruby_on_rails.html#new-activesupport-cache-serialization-format) --- config/application.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/application.rb b/config/application.rb index a1e4c426..5047590a 100644 --- a/config/application.rb +++ b/config/application.rb @@ -24,8 +24,8 @@ module Scalelite class Application < Rails::Application - # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 6.0 + # Initialize configuration defaults + config.load_defaults 7.0 config.eager_load_paths << Rails.root.join('lib') From eb35411450e157bdf7650fbe9a1c74d92d4e949c Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Tue, 12 Nov 2024 09:04:42 +0100 Subject: [PATCH 03/14] fix/tweak Gemfiles --- Gemfile | 2 +- Gemfile.lock | 10 +--------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/Gemfile b/Gemfile index 27fc72c4..d214d759 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" } ruby '>= 3.0.0' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 7.0', '>= 7.0.0' +gem 'rails', '~> 7.1', '>= 7.1.4.1' # Use Puma as the app server gem 'puma', '~> 6.4' diff --git a/Gemfile.lock b/Gemfile.lock index f42656b0..d5b5c768 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -135,7 +135,6 @@ GEM minitest (5.25.1) minitest-stub_any_instance (1.0.3) msgpack (1.7.0) - mutex_m (0.2.0) net-imap (0.4.17) date net-protocol @@ -263,7 +262,6 @@ GEM spring (>= 1.2, < 3.0) sqlite3 (1.6.2) mini_portile2 (~> 2.8.0) - stringio (3.1.1) strscan (3.1.0) tabulo (2.8.2) tty-screen (= 0.8.1) @@ -299,7 +297,7 @@ DEPENDENCIES minitest-stub_any_instance pg (~> 1.4.4) puma (~> 6.4) - rails (~> 7.0, >= 7.0.0) + rails (~> 7.1, >= 7.1.4.1) rails-controller-testing redis (~> 4.8.0) redis-namespace (~> 1.11.0) @@ -314,9 +312,3 @@ DEPENDENCIES tabulo (~> 2.8.1) tzinfo-data webmock - -RUBY VERSION - ruby 3.0.0p0 - -BUNDLED WITH - 2.2.3 From d7b5dd8b111e67c6f09fe2ea4b1073082553fe8b Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Tue, 12 Nov 2024 09:36:27 +0100 Subject: [PATCH 04/14] bump ruby to 3.3.4/3.3.6 --- .github/workflows/ci.yml | 6 +++--- Dockerfile | 8 ++++---- dockerfiles/v1/focal260-alpine | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c63fb1a5..b0c9f95c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,5 @@ env: - RUBY_VERSION: 3.1.0 + RUBY_VERSION: 3.3.4 DATABASE_URL: postgres://postgres:postgres@localhost:5432/postgres name: CI @@ -15,7 +15,7 @@ on: jobs: test: name: Rubocop + Rails Test - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.10 services: postgres: @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@v3 - name: Install Ruby ${{ env.RUBY_VERSION }} - uses: ruby/setup-ruby@v1.126.0 + uses: ruby/setup-ruby@v1 with: ruby-version: ${{ env.RUBY_VERSION }} diff --git a/Dockerfile b/Dockerfile index d1222cde..13edd982 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.17 AS alpine +FROM alpine:3.20 AS alpine FROM ubuntu:20.04 AS bbb-playback ENV DEBIAN_FRONTEND=noninteractive @@ -44,9 +44,9 @@ RUN apk add --no-cache \ tzdata \ shared-mime-info # ruby-start. -# Install Ruby from sources since Scalelite does not use the version shipped with Apline. -ARG RUBY_RELEASE="https://cache.ruby-lang.org/pub/ruby/3.1/ruby-3.1.6.tar.gz" -ARG RUBY="ruby-3.1.6" +# Install Ruby from sources since Scalelite does not necessarily use the version shipped with Apline. +ARG RUBY_RELEASE="https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.6.tar.gz" +ARG RUBY="ruby-3.3.6" RUN apk add --no-cache git make gcc g++ libc-dev pkgconfig \ libxml2-dev libxslt-dev postgresql-dev coreutils curl wget bash \ gnupg tar linux-headers bison readline-dev readline zlib-dev \ diff --git a/dockerfiles/v1/focal260-alpine b/dockerfiles/v1/focal260-alpine index d1222cde..13edd982 100644 --- a/dockerfiles/v1/focal260-alpine +++ b/dockerfiles/v1/focal260-alpine @@ -1,4 +1,4 @@ -FROM alpine:3.17 AS alpine +FROM alpine:3.20 AS alpine FROM ubuntu:20.04 AS bbb-playback ENV DEBIAN_FRONTEND=noninteractive @@ -44,9 +44,9 @@ RUN apk add --no-cache \ tzdata \ shared-mime-info # ruby-start. -# Install Ruby from sources since Scalelite does not use the version shipped with Apline. -ARG RUBY_RELEASE="https://cache.ruby-lang.org/pub/ruby/3.1/ruby-3.1.6.tar.gz" -ARG RUBY="ruby-3.1.6" +# Install Ruby from sources since Scalelite does not necessarily use the version shipped with Apline. +ARG RUBY_RELEASE="https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.6.tar.gz" +ARG RUBY="ruby-3.3.6" RUN apk add --no-cache git make gcc g++ libc-dev pkgconfig \ libxml2-dev libxslt-dev postgresql-dev coreutils curl wget bash \ gnupg tar linux-headers bison readline-dev readline zlib-dev \ From f397578fc9a72216659edf4ad8c3eaf332c67982 Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Tue, 12 Nov 2024 10:31:32 +0100 Subject: [PATCH 05/14] specify just rails 7.1 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index d214d759..f340a215 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" } ruby '>= 3.0.0' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 7.1', '>= 7.1.4.1' +gem 'rails', '~> 7.1' # Use Puma as the app server gem 'puma', '~> 6.4' From 827d1a12a9d4f9cc0572a05275312f24d0ffe39c Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Tue, 12 Nov 2024 10:57:03 +0100 Subject: [PATCH 06/14] update Gemfile.lock --- Gemfile.lock | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index d5b5c768..6fabe53c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -135,6 +135,7 @@ GEM minitest (5.25.1) minitest-stub_any_instance (1.0.3) msgpack (1.7.0) + mutex_m (0.2.0) net-imap (0.4.17) date net-protocol @@ -152,7 +153,7 @@ GEM parser (3.2.2.0) ast (~> 2.4.1) pg (1.4.6) - psych (5.1.2) + psych (5.2.0) stringio public_suffix (5.0.1) puma (6.4.2) @@ -262,6 +263,7 @@ GEM spring (>= 1.2, < 3.0) sqlite3 (1.6.2) mini_portile2 (~> 2.8.0) + stringio (3.1.1) strscan (3.1.0) tabulo (2.8.2) tty-screen (= 0.8.1) @@ -297,7 +299,7 @@ DEPENDENCIES minitest-stub_any_instance pg (~> 1.4.4) puma (~> 6.4) - rails (~> 7.1, >= 7.1.4.1) + rails (~> 7.1) rails-controller-testing redis (~> 4.8.0) redis-namespace (~> 1.11.0) From a3c88eb8c958bac39c2ea9f19c14ddd16ad08818 Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Tue, 12 Nov 2024 13:43:31 +0100 Subject: [PATCH 07/14] update spring for compat with rails 7 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index f340a215..c89ba45f 100644 --- a/Gemfile +++ b/Gemfile @@ -54,7 +54,7 @@ end group :development do # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring' - gem 'spring-watcher-listen', '~> 2.0.1' + gem 'spring-watcher-listen', '~> 2.1.0' end group :test do From 44218c17b983ee0065cc81040fbbbb7f1a9fb7e5 Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Tue, 12 Nov 2024 14:49:27 +0100 Subject: [PATCH 08/14] enable allow_other_host for redirect on join to prevent raise in rails 7.0 --- app/controllers/bigbluebutton_api_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/bigbluebutton_api_controller.rb b/app/controllers/bigbluebutton_api_controller.rb index 56f68654..4e6914c2 100644 --- a/app/controllers/bigbluebutton_api_controller.rb +++ b/app/controllers/bigbluebutton_api_controller.rb @@ -320,7 +320,7 @@ def join # Redirect the user to the join url logger.debug("Redirecting user to join url: #{uri}") - redirect_to(uri.to_s) + redirect_to(uri.to_s, allow_other_host: true) end def insert_document From aadf010256567def878ab5d93e5d52472e20a11c Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Tue, 12 Nov 2024 15:22:46 +0100 Subject: [PATCH 09/14] fix MiniTest (renamed MiniTest -> Minitest) and update Gemfile.lock --- Gemfile | 1 + Gemfile.lock | 15 ++++++++------- .../bigbluebutton_api_controller_test.rb | 4 ++-- test/test_helper.rb | 2 +- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/Gemfile b/Gemfile index c89ba45f..2c5bb14b 100644 --- a/Gemfile +++ b/Gemfile @@ -60,6 +60,7 @@ end group :test do gem 'faker' gem 'fakeredis', '~> 0.8' + gem 'minitest' gem 'minitest-stub_any_instance' gem 'rails-controller-testing' gem 'webmock' diff --git a/Gemfile.lock b/Gemfile.lock index 6fabe53c..3bb2f225 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -106,7 +106,7 @@ GEM i18n (>= 1.8.11, < 2) fakeredis (0.8.0) redis (~> 4.1) - ffi (1.15.5) + ffi (1.17.0) globalid (1.2.1) activesupport (>= 6.1) hashdiff (1.0.1) @@ -118,7 +118,7 @@ GEM reline (>= 0.4.2) json (2.6.3) jwt (2.7.0) - listen (3.8.0) + listen (3.9.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) loofah (2.22.0) @@ -203,7 +203,7 @@ GEM rainbow (3.1.1) rake (13.2.1) rb-fsevent (0.11.2) - rb-inotify (0.10.1) + rb-inotify (0.11.1) ffi (~> 1.0) rdoc (6.7.0) psych (>= 4.0.0) @@ -257,10 +257,10 @@ GEM rubocop (~> 1.33) rubocop-capybara (~> 2.17) ruby-progressbar (1.13.0) - spring (2.1.1) - spring-watcher-listen (2.0.1) + spring (4.2.1) + spring-watcher-listen (2.1.0) listen (>= 2.7, < 4.0) - spring (>= 1.2, < 3.0) + spring (>= 4) sqlite3 (1.6.2) mini_portile2 (~> 2.8.0) stringio (3.1.1) @@ -296,6 +296,7 @@ DEPENDENCIES faker fakeredis (~> 0.8) jwt (~> 2.7.0) + minitest minitest-stub_any_instance pg (~> 1.4.4) puma (~> 6.4) @@ -309,7 +310,7 @@ DEPENDENCIES rubocop-rails (~> 2.19.0) rubocop-rspec (~> 2.20) spring - spring-watcher-listen (~> 2.0.1) + spring-watcher-listen (~> 2.1.0) sqlite3 tabulo (~> 2.8.1) tzinfo-data diff --git a/test/controllers/bigbluebutton_api_controller_test.rb b/test/controllers/bigbluebutton_api_controller_test.rb index 445f6bf1..67683795 100644 --- a/test/controllers/bigbluebutton_api_controller_test.rb +++ b/test/controllers/bigbluebutton_api_controller_test.rb @@ -785,7 +785,7 @@ class BigBlueButtonApiControllerTest < ActionDispatch::IntegrationTest { body: meeting_create_response(params[:meetingID], params[:moderatorPW]) } end - mocked_method = MiniTest::Mock.new + mocked_method = Minitest::Mock.new return_value = { 'meetingID' => 'test-meeting-1' } Rails.configuration.x.stub(:create_exclude_params, %w[test4 test2]) do @@ -823,7 +823,7 @@ class BigBlueButtonApiControllerTest < ActionDispatch::IntegrationTest .with(query: hash_including(params)) .to_return(body: meeting_create_response(params[:meetingID], params[:moderatorPW])) - mocked_method = MiniTest::Mock.new + mocked_method = Minitest::Mock.new return_value = { meetingID: 'test-meeting-1', test4: '', test2: '' } Rails.configuration.x.stub(:create_exclude_params, []) do diff --git a/test/test_helper.rb b/test/test_helper.rb index df9b2122..4673f354 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -5,8 +5,8 @@ require 'rails/test_help' require 'fakeredis/minitest' require 'webmock/minitest' +require 'minitest/autorun' require 'minitest/stub_any_instance' -require 'minitest/mock' module ActiveSupport class TestCase From d5d825feceffe0af59b7e32909b78c731bc1eafc Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Tue, 12 Nov 2024 16:19:12 +0100 Subject: [PATCH 10/14] now load 7.1 config defaults (up from 7.0) --- config/application.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config/application.rb b/config/application.rb index 5047590a..1e39ba0d 100644 --- a/config/application.rb +++ b/config/application.rb @@ -25,7 +25,7 @@ module Scalelite class Application < Rails::Application # Initialize configuration defaults - config.load_defaults 7.0 + config.load_defaults 7.1 config.eager_load_paths << Rails.root.join('lib') @@ -162,5 +162,8 @@ class Application < Rails::Application # Maximum amount of time to allow bridged calls to stay connected for. Defaults to same as max meeting duration. config.x.fsapi_max_duration = ENV.fetch('FSAPI_MAX_DURATION', config.x.max_meeting_duration).to_i + + # Restore default serializer from Rails defaults < 7.1 + config.active_record.default_column_serializer = YAML end end From 3adef7823b9c3c39ba8a30662503fc3ad1845e31 Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Wed, 13 Nov 2024 16:09:19 +0100 Subject: [PATCH 11/14] merge in changes in default files created by rails app:update --- bin/setup | 6 +- config/application.rb | 16 ++-- config/environments/development.rb | 8 +- config/environments/production.rb | 95 +++++++------------ config/environments/test.rb | 22 +++-- .../initializers/content_security_policy.rb | 46 +++++---- config/initializers/cors.rb | 7 +- .../initializers/filter_parameter_logging.rb | 4 +- config/initializers/inflections.rb | 6 +- .../new_framework_defaults_6_1.rb | 68 ------------- config/initializers/permissions_policy.rb | 21 ++-- 11 files changed, 114 insertions(+), 185 deletions(-) delete mode 100644 config/initializers/new_framework_defaults_6_1.rb diff --git a/bin/setup b/bin/setup index 0e39e8cb..b9941564 100755 --- a/bin/setup +++ b/bin/setup @@ -5,12 +5,12 @@ require 'fileutils' APP_ROOT = File.expand_path('..', __dir__) def system!(*args) - system(*args) || abort("\n== Command #{args} failed ==") + system(*args, exception: true) end FileUtils.chdir APP_ROOT do - # This script is a way to setup or update your development environment automatically. - # This script is idempotent, so that you can run it at anytime and get an expectable outcome. + # This script is a way to set up or update your development environment automatically. + # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. puts '== Installing dependencies ==' diff --git a/config/application.rb b/config/application.rb index 1e39ba0d..3bae5cd6 100644 --- a/config/application.rb +++ b/config/application.rb @@ -14,7 +14,6 @@ # require 'action_text/engine' require 'action_view/railtie' # require 'action_cable/engine' -# require 'sprockets/railtie' require 'rails/test_unit/railtie' require 'active_support/time' @@ -27,12 +26,17 @@ class Application < Rails::Application # Initialize configuration defaults config.load_defaults 7.1 - config.eager_load_paths << Rails.root.join('lib') + # Please, add to the `ignore` list any other `lib` subdirectories that do + # not contain `.rb` files, or that should not be reloaded or eager loaded. + # Common ones are `templates`, `generators`, or `middleware`, for example. + config.autoload_lib(ignore: %w(bin docs dockerfiles images log nginx public systemd tmp vendor)) - # Settings in config/environments/* take precedence over those specified here. - # Application configuration can go into files in config/initializers - # -- all .rb files in that directory are automatically loaded after loading - # the framework and any gems in your application. + # Configuration for the application, engines, and railties goes here. + # + # These settings can be overridden in specific environments using the files + # in config/environments, which are processed later. + # + config.eager_load_paths << Rails.root.join('lib') # Read the file config/redis_store.yml as per-environment configuration with erb config.x.redis_store = config_for(:redis_store) diff --git a/config/environments/development.rb b/config/environments/development.rb index 5609fa72..e508b03d 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -8,7 +8,7 @@ # In the development environment your application's code is reloaded any time # it changes. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. - config.cache_classes = false + config.enable_reloading = true # Do not eager load code on boot. config.eager_load = false @@ -16,6 +16,9 @@ # Show full error reports. config.consider_all_requests_local = true + # Enable server timing + config.server_timing = true + # Enable/disable caching. By default caching is disabled. # Run rails dev:cache to toggle caching. if Rails.root.join('tmp/caching-dev.txt').exist? @@ -57,6 +60,9 @@ # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true + # Raise error when a before_action's only/except options reference missing actions + config.action_controller.raise_on_missing_callback_actions = true + # Use an evented file watcher to asynchronously detect changes in source code, # routes, locales, etc. This feature depends on the listen gem. config.file_watcher = ActiveSupport::EventedFileUpdateChecker diff --git a/config/environments/production.rb b/config/environments/production.rb index 21afbf6d..589e75d0 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -6,7 +6,7 @@ # Settings specified here will take precedence over those in config/application.rb. # Code is not reloaded between requests. - config.cache_classes = true + config.enable_reloading = false # Eager load code on boot. This eager loads most of Rails and # your application in memory, allowing both threaded web servers @@ -18,12 +18,11 @@ config.consider_all_requests_local = false # config.action_controller.perform_caching = true - # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] - # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). + # Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment + # key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files). # config.require_master_key = true - # Disable serving static files from the `/public` folder by default since - # Apache or NGINX already handles this. + # Disable serving static files from `public/`, relying on NGINX/Apache to do so instead. config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? # Enable serving of images, stylesheets, and JavaScripts from an asset server. @@ -33,40 +32,13 @@ # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + # Assume all access to the app is happening through a SSL-terminating reverse proxy. + # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies. + # config.assume_ssl = true + # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # config.force_ssl = true - # Use the lowest log level to ensure availability of diagnostic information - # when problems arise. - config.log_level = if ENV['RAILS_LOG_LEVEL'].present? - ENV['RAILS_LOG_LEVEL'].to_sym - else - :debug - end - - # Prepend all log lines with the following tags. - config.log_tags = [:request_id] - - # Use a different cache store in production. - # config.cache_store = :mem_cache_store - - # Use a real queuing backend for Active Job (and separate queues per environment). - # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "scalelite_production" - - # Enable locale fallbacks for I18n (makes lookups for any locale fall back to - # the I18n.default_locale when a translation cannot be found). - config.i18n.fallbacks = true - - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify - - # Log disallowed deprecations. - # config.active_support.disallowed_deprecation = :log - - # Tell Active Support which deprecation messages to disallow. - # config.active_support.disallowed_deprecation_warnings = [] - # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = Logger::Formatter.new @@ -77,34 +49,39 @@ if 'true'.casecmp?(ENV['RAILS_LOG_TO_STDOUT']) # Disable output buffering when STDOUT isn't a tty (e.g. Docker images, systemd services) $stdout.sync = true - logger = ActiveSupport::Logger.new($stdout) - logger.formatter = config.log_formatter - config.logger = ActiveSupport::TaggedLogging.new(logger) + config.logger = ActiveSupport::Logger.new($stdout) + .tap { |logger| logger.formatter = Logger::Formatter.new } + .then { |logger| ActiveSupport::TaggedLogging.new(logger) } end + # Prepend all log lines with the following tags. + config.log_tags = [:request_id] + + # "info" includes generic and useful information about system operation, but avoids logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). If you + # want to log everything, set the level to "debug". + config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "debug") + + # Use a different cache store in production. + # config.cache_store = :mem_cache_store + + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to + # the I18n.default_locale when a translation cannot be found). + config.i18n.fallbacks = true + + # Don't log any deprecations. + config.active_support.report_deprecations = false + # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false unless 'true'.casecmp?(ENV['DB_DISABLED']) - # Inserts middleware to perform automatic connection switching. - # The `database_selector` hash is used to pass options to the DatabaseSelector - # middleware. The `delay` is used to determine how long to wait after a write - # to send a subsequent read to the primary. - # - # The `database_resolver` class is used by the middleware to determine which - # database is appropriate to use based on the time delay. - # - # The `database_resolver_context` class is used by the middleware to set - # timestamps for the last write to the primary. The resolver uses the context - # class timestamps to determine how long to wait before reading from the - # replica. - # - # By default Rails will store a last write timestamp in the session. The - # DatabaseSelector middleware is designed as such you can define your own - # strategy for connection switching and pass that into the middleware through - # these configuration options. - # config.active_record.database_selector = { delay: 2.seconds } - # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver - # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session + # Enable DNS rebinding protection and other `Host` header attacks. + # config.hosts = [ + # "example.com", # Allow requests from example.com + # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` + # ] + # Skip DNS rebinding protection for the default health check endpoint. + # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } url_host = ENV.fetch('URL_HOST', nil) diff --git a/config/environments/test.rb b/config/environments/test.rb index 2d262493..13ba1a12 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -10,12 +10,15 @@ Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - config.cache_classes = false + # While tests run files are not watched, reloading is not necessary. + # Note: But Spring requires reloading! + config.enable_reloading = true - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Eager loading loads your entire application. When running a single test locally, + # this is usually not necessary, and can slow down your test suite. However, it's + # recommended that you enable it in continuous integration systems to ensure eager + # loading is working properly before deploying your code. + config.eager_load = ENV["CI"].present? # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true @@ -24,12 +27,12 @@ } # Show full error reports and disable caching. - config.consider_all_requests_local = true + config.consider_all_requests_local = true config.action_controller.perform_caching = false config.cache_store = :null_store - # Raise exceptions instead of rendering exception templates. - config.action_dispatch.show_exceptions = false + # Render exception templates for rescuable exceptions and raise for other exceptions. + config.action_dispatch.show_exceptions = :rescuable # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false @@ -49,6 +52,9 @@ # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true + # Raise error when a before_action's only/except options reference missing actions + config.action_controller.raise_on_missing_callback_actions = true + # Ensure some dummy configuration is set for testing config.x.url_host = 'scalelite.example.com' config.x.loadbalancer_secrets = [ENV.fetch('LOADBALANCER_SECRET', 'f830c18ee29c8531e0115c3da85db89b')] diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 98230c98..35ab3fd6 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -1,29 +1,27 @@ # frozen_string_literal: true -# Be sure to restart your server when you modify this file. -# Define an application-wide content security policy -# For further information see the following documentation -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +# Be sure to restart your server when you modify this file. -# Rails.application.config.content_security_policy do |policy| -# policy.default_src :self, :https -# policy.font_src :self, :https, :data -# policy.img_src :self, :https, :data -# policy.object_src :none -# policy.script_src :self, :https -# policy.style_src :self, :https +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header -# # Specify URI for violation reports -# # policy.report_uri "/csp-violation-report-endpoint" +# Rails.application.configure do +# config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end +# +# # Generate session nonces for permitted importmap, inline scripts, and inline styles. +# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } +# config.content_security_policy_nonce_directives = %w(script-src style-src) +# +# # Report violations without enforcing the policy. +# # config.content_security_policy_report_only = true # end - -# If you are using UJS then enable automatic nonce generation -# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } - -# Set the nonce only to specific directives -# Rails.application.config.content_security_policy_nonce_directives = %w(script-src) - -# Report CSP violations to a specified URI -# For further information see the following documentation: -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only -# Rails.application.config.content_security_policy_report_only = true diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb index 5f68d44d..7af62e59 100644 --- a/config/initializers/cors.rb +++ b/config/initializers/cors.rb @@ -1,16 +1,17 @@ # frozen_string_literal: true + # Be sure to restart your server when you modify this file. # Avoid CORS issues when API is called from the frontend app. -# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests. +# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin Ajax requests. # Read more: https://github.com/cyu/rack-cors # Rails.application.config.middleware.insert_before 0, Rack::Cors do # allow do -# origins 'example.com' +# origins "example.com" # -# resource '*', +# resource "*", # headers: :any, # methods: [:get, :post, :put, :patch, :delete, :options, :head] # end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index f80d9a6d..39126c5a 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -2,5 +2,7 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. +# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. +# Use this to limit dissemination of sensitive information. +# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. Rails.application.config.filter_parameters += [:password, :moderatorPW, :attendeePW] diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index 80029a5f..38c3a0ab 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -6,9 +6,9 @@ # are locale specific, and you may define rules for as many different # locales as you wish. All of these examples are active by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.plural /^(ox)$/i, '\1en' -# inflect.singular /^(ox)en/i, '\1' -# inflect.irregular 'person', 'people' +# inflect.plural /^(ox)$/i, "\\1en" +# inflect.singular /^(ox)en/i, "\\1" +# inflect.irregular "person", "people" # inflect.uncountable %w( fish sheep ) # end diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb deleted file mode 100644 index 0b4ce023..00000000 --- a/config/initializers/new_framework_defaults_6_1.rb +++ /dev/null @@ -1,68 +0,0 @@ -# frozen_string_literal: true -# Be sure to restart your server when you modify this file. -# -# This file contains migration options to ease your Rails 6.1 upgrade. -# -# Once upgraded flip defaults one by one to migrate to the new default. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. - -# Support for inversing belongs_to -> has_many Active Record associations. -# Rails.application.config.active_record.has_many_inversing = true - -# Track Active Storage variants in the database. -# Rails.application.config.active_storage.track_variants = true - -# Apply random variation to the delay when retrying failed jobs. -# Rails.application.config.active_job.retry_jitter = 0.15 - -# Stop executing `after_enqueue`/`after_perform` callbacks if -# `before_enqueue`/`before_perform` respectively halts with `throw :abort`. -# Rails.application.config.active_job.skip_after_callbacks_if_terminated = true - -# Specify cookies SameSite protection level: either :none, :lax, or :strict. -# -# This change is not backwards compatible with earlier Rails versions. -# It's best enabled when your entire app is migrated and stable on 6.1. -# Rails.application.config.action_dispatch.cookies_same_site_protection = :lax - -# Generate CSRF tokens that are encoded in URL-safe Base64. -# -# This change is not backwards compatible with earlier Rails versions. -# It's best enabled when your entire app is migrated and stable on 6.1. -# Rails.application.config.action_controller.urlsafe_csrf_tokens = true - -# Specify whether `ActiveSupport::TimeZone.utc_to_local` returns a time with an -# UTC offset or a UTC time. -# ActiveSupport.utc_to_local_returns_utc_offset_times = true - -# Change the default HTTP status code to `308` when redirecting non-GET/HEAD -# requests to HTTPS in `ActionDispatch::SSL` middleware. -# Rails.application.config.action_dispatch.ssl_default_redirect_status = 308 - -# Use new connection handling API. For most applications this won't have any -# effect. For applications using multiple databases, this new API provides -# support for granular connection swapping. -# Rails.application.config.active_record.legacy_connection_handling = false - -# Make `form_with` generate non-remote forms by default. -# Rails.application.config.action_view.form_with_generates_remote_forms = false - -# Set the default queue name for the analysis job to the queue adapter default. -# Rails.application.config.active_storage.queues.analysis = nil - -# Set the default queue name for the purge job to the queue adapter default. -# Rails.application.config.active_storage.queues.purge = nil - -# Set the default queue name for the incineration job to the queue adapter default. -# Rails.application.config.action_mailbox.queues.incineration = nil - -# Set the default queue name for the routing job to the queue adapter default. -# Rails.application.config.action_mailbox.queues.routing = nil - -# Set the default queue name for the mail deliver job to the queue adapter default. -# Rails.application.config.action_mailer.deliver_later_queue_name = nil - -# Generate a `Link` header that gives a hint to modern browsers about -# preloading assets when using `javascript_include_tag` and `stylesheet_link_tag`. -# Rails.application.config.action_view.preload_links_header = true diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb index 50bcf4ea..e8d0b2ae 100644 --- a/config/initializers/permissions_policy.rb +++ b/config/initializers/permissions_policy.rb @@ -1,12 +1,15 @@ # frozen_string_literal: true + +# Be sure to restart your server when you modify this file. + # Define an application-wide HTTP permissions policy. For further -# information see https://developers.google.com/web/updates/2018/06/feature-policy -# -# Rails.application.config.permissions_policy do |f| -# f.camera :none -# f.gyroscope :none -# f.microphone :none -# f.usb :none -# f.fullscreen :self -# f.payment :self, "https://secure.example.com" +# information see: https://developers.google.com/web/updates/2018/06/feature-policy + +# Rails.application.config.permissions_policy do |policy| +# policy.camera :none +# policy.gyroscope :none +# policy.microphone :none +# policy.usb :none +# policy.fullscreen :self +# policy.payment :self, "https://secure.example.com" # end From 268b6305985be854748d7f66fff055b9eb0108e7 Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Thu, 14 Nov 2024 08:01:23 +0100 Subject: [PATCH 12/14] update schema.rb from dump (precision changes have no effect, see https://github.com/rails/rails/issues/44571#issuecomment-1056131789) --- db/schema.rb | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/db/schema.rb b/db/schema.rb index ad545100..8747e577 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,8 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2023_06_27_141045) do - +ActiveRecord::Schema[7.1].define(version: 2023_06_27_141045) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -19,8 +18,8 @@ t.string "meeting_id" t.integer "recording_id" t.text "callback_attributes" - t.datetime "created_at", precision: 6, null: false - t.datetime "updated_at", precision: 6, null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false end create_table "metadata", force: :cascade do |t| @@ -46,9 +45,9 @@ t.boolean "published", default: false, null: false t.integer "participants" t.string "state" - t.datetime "starttime" - t.datetime "endtime" - t.datetime "deleted_at" + t.datetime "starttime", precision: nil + t.datetime "endtime", precision: nil + t.datetime "deleted_at", precision: nil t.boolean "protected", default: false, null: false t.boolean "publish_updated", default: false, null: false t.index ["meeting_id"], name: "index_recordings_on_meeting_id" From d11a2f14c0afa6c9f42e90f32b28bf3bfa660893 Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Thu, 14 Nov 2024 10:33:27 +0100 Subject: [PATCH 13/14] fix Github CI --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b0c9f95c..442839d9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,5 @@ env: - RUBY_VERSION: 3.3.4 + RUBY_VERSION: 3.3.6 DATABASE_URL: postgres://postgres:postgres@localhost:5432/postgres name: CI @@ -15,7 +15,7 @@ on: jobs: test: name: Rubocop + Rails Test - runs-on: ubuntu-24.10 + runs-on: ubuntu-24.04 services: postgres: From a9baeeec01453f1cca00964a8100b06f4fef3992 Mon Sep 17 00:00:00 2001 From: Jan Kessler Date: Thu, 14 Nov 2024 14:48:51 +0100 Subject: [PATCH 14/14] properly configure autoload_lib (https://guides.rubyonrails.org/upgrading_ruby_on_rails.html#config-autoload-lib-and-config-autoload-lib-once) --- config/application.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/config/application.rb b/config/application.rb index 3bae5cd6..c7efe2bc 100644 --- a/config/application.rb +++ b/config/application.rb @@ -29,14 +29,13 @@ class Application < Rails::Application # Please, add to the `ignore` list any other `lib` subdirectories that do # not contain `.rb` files, or that should not be reloaded or eager loaded. # Common ones are `templates`, `generators`, or `middleware`, for example. - config.autoload_lib(ignore: %w(bin docs dockerfiles images log nginx public systemd tmp vendor)) + config.autoload_lib(ignore: %w(tasks)) # Configuration for the application, engines, and railties goes here. # # These settings can be overridden in specific environments using the files # in config/environments, which are processed later. # - config.eager_load_paths << Rails.root.join('lib') # Read the file config/redis_store.yml as per-environment configuration with erb config.x.redis_store = config_for(:redis_store)