Updated to Rails 8.1
This commit is contained in:
@@ -0,0 +1,19 @@
|
||||
# Run using bin/ci
|
||||
|
||||
CI.run do
|
||||
step "Setup", "bin/setup --skip-server"
|
||||
|
||||
step "Style: Ruby", "bin/rubocop"
|
||||
|
||||
step "Security: Importmap vulnerability audit", "bin/importmap audit"
|
||||
step "Security: Brakeman code analysis", "bin/brakeman --quiet --no-pager --exit-on-warn --exit-on-error"
|
||||
|
||||
|
||||
# Optional: set a green GitHub commit status to unblock PR merge.
|
||||
# Requires the `gh` CLI and `gh extension install basecamp/gh-signoff`.
|
||||
# if success?
|
||||
# step "Signoff: All systems go. Ready for merge and deploy.", "gh signoff"
|
||||
# else
|
||||
# failure "Signoff: CI failed. Do not merge or deploy.", "Fix the issues and try again."
|
||||
# end
|
||||
end
|
||||
@@ -55,6 +55,12 @@ Rails.application.configure do
|
||||
# Highlight code that enqueued background job in logs.
|
||||
config.active_job.verbose_enqueue_logs = true
|
||||
|
||||
# Highlight code that triggered redirect in logs.
|
||||
config.action_dispatch.verbose_redirect_logs = true
|
||||
|
||||
# Suppress logger output for asset requests.
|
||||
config.assets.quiet = true
|
||||
|
||||
# Replace the default in-process and non-durable queuing backend for Active Job.
|
||||
config.active_job.queue_adapter = :solid_queue
|
||||
config.solid_queue.connects_to = { database: { writing: :queue } }
|
||||
@@ -71,4 +77,7 @@ Rails.application.configure do
|
||||
|
||||
# Raise error when a before_action's only/except options reference missing actions.
|
||||
config.action_controller.raise_on_missing_callback_actions = true
|
||||
|
||||
# Apply autocorrection by RuboCop to files generated by `bin/rails generate`.
|
||||
# config.generators.apply_rubocop_autocorrect_after_generate!
|
||||
end
|
||||
|
||||
@@ -25,10 +25,10 @@ Rails.application.configure do
|
||||
config.active_storage.service = :local
|
||||
|
||||
# Assume all access to the app is happening through a SSL-terminating reverse proxy.
|
||||
config.assume_ssl = true
|
||||
# config.assume_ssl = true
|
||||
|
||||
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
|
||||
config.force_ssl = true
|
||||
# config.force_ssl = true
|
||||
|
||||
# Skip http-to-https redirect for the default health check endpoint.
|
||||
# config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } }
|
||||
@@ -37,7 +37,7 @@ Rails.application.configure do
|
||||
config.log_tags = [ :request_id ]
|
||||
config.logger = ActiveSupport::TaggedLogging.logger(STDOUT)
|
||||
|
||||
# Change to "debug" to log everything (including potentially personally-identifiable information!)
|
||||
# Change to "debug" to log everything (including potentially personally-identifiable information!).
|
||||
config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info")
|
||||
|
||||
# Prevent health checks from clogging up the logs.
|
||||
@@ -60,7 +60,12 @@ Rails.application.configure do
|
||||
# Set host to be used by links generated in mailer templates.
|
||||
config.action_mailer.default_url_options = { host: "example.com" }
|
||||
|
||||
# Specify outgoing SMTP server. Remember to add smtp/* credentials via rails credentials:edit.
|
||||
# Specify outgoing SMTP server. Remember to add smtp/* credentials via bin/rails credentials:edit.
|
||||
# Highlight code that triggered redirect in logs.
|
||||
config.action_dispatch.verbose_redirect_logs = true
|
||||
|
||||
# Suppress logger output for asset requests.
|
||||
config.assets.quiet = true
|
||||
# config.action_mailer.smtp_settings = {
|
||||
# user_name: Rails.application.credentials.dig(:smtp, :user_name),
|
||||
# password: Rails.application.credentials.dig(:smtp, :password),
|
||||
|
||||
@@ -20,6 +20,10 @@
|
||||
# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
|
||||
# config.content_security_policy_nonce_directives = %w(script-src style-src)
|
||||
#
|
||||
# # Automatically add `nonce` to `javascript_tag`, `javascript_include_tag`, and `stylesheet_link_tag`
|
||||
# # if the corresponding directives are specified in `content_security_policy_nonce_directives`.
|
||||
# # config.content_security_policy_nonce_auto = true
|
||||
#
|
||||
# # Report violations without enforcing the policy.
|
||||
# # config.content_security_policy_report_only = true
|
||||
# end
|
||||
|
||||
@@ -0,0 +1,74 @@
|
||||
# Be sure to restart your server when you modify this file.
|
||||
#
|
||||
# This file eases your Rails 8.1 framework defaults upgrade.
|
||||
#
|
||||
# Uncomment each configuration one by one to switch to the new default.
|
||||
# Once your application is ready to run with all new defaults, you can remove
|
||||
# this file and set the `config.load_defaults` to `8.1`.
|
||||
#
|
||||
# Read the Guide for Upgrading Ruby on Rails for more info on each option.
|
||||
# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html
|
||||
|
||||
###
|
||||
# Skips escaping HTML entities and line separators. When set to `false`, the
|
||||
# JSON renderer no longer escapes these to improve performance.
|
||||
#
|
||||
# Example:
|
||||
# class PostsController < ApplicationController
|
||||
# def index
|
||||
# render json: { key: "\u2028\u2029<>&" }
|
||||
# end
|
||||
# end
|
||||
#
|
||||
# Renders `{"key":"\u2028\u2029\u003c\u003e\u0026"}` with the previous default, but `{"key":"
<>&"}` with the config
|
||||
# set to `false`.
|
||||
#
|
||||
# Applications that want to keep the escaping behavior can set the config to `true`.
|
||||
#++
|
||||
# Rails.configuration.action_controller.escape_json_responses = false
|
||||
|
||||
###
|
||||
# Skips escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON.
|
||||
#
|
||||
# Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019.
|
||||
# As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset.
|
||||
#++
|
||||
# Rails.configuration.active_support.escape_js_separators_in_json = false
|
||||
|
||||
###
|
||||
# Raises an error when order dependent finder methods (e.g. `#first`, `#second`) are called without `order` values
|
||||
# on the relation, and the model does not have any order columns (`implicit_order_column`, `query_constraints`, or
|
||||
# `primary_key`) to fall back on.
|
||||
#
|
||||
# The current behavior of not raising an error has been deprecated, and this configuration option will be removed in
|
||||
# Rails 8.2.
|
||||
#++
|
||||
# Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true
|
||||
|
||||
###
|
||||
# Controls how Rails handles path relative URL redirects.
|
||||
# When set to `:raise`, Rails will raise an `ActionController::Redirecting::UnsafeRedirectError`
|
||||
# for relative URLs without a leading slash, which can help prevent open redirect vulnerabilities.
|
||||
#
|
||||
# Example:
|
||||
# redirect_to "example.com" # Raises UnsafeRedirectError
|
||||
# redirect_to "@attacker.com" # Raises UnsafeRedirectError
|
||||
# redirect_to "/safe/path" # Works correctly
|
||||
#
|
||||
# Applications that want to allow these redirects can set the config to `:log` (previous default)
|
||||
# to only log warnings, or `:notify` to send ActiveSupport notifications.
|
||||
#++
|
||||
# Rails.configuration.action_controller.action_on_path_relative_redirect = :raise
|
||||
|
||||
###
|
||||
# Use a Ruby parser to track dependencies between Action View templates
|
||||
#++
|
||||
# Rails.configuration.action_view.render_tracker = :ruby
|
||||
|
||||
###
|
||||
# When enabled, hidden inputs generated by `form_tag`, `token_tag`, `method_tag`, and the hidden parameter fields
|
||||
# included in `button_to` forms will omit the `autocomplete="off"` attribute.
|
||||
#
|
||||
# Applications that want to keep generating the `autocomplete` attribute for those tags can set it to `false`.
|
||||
#++
|
||||
# Rails.configuration.action_view.remove_hidden_field_autocomplete = true
|
||||
+3
-2
@@ -7,7 +7,8 @@
|
||||
#
|
||||
# You can control the number of workers using ENV["WEB_CONCURRENCY"]. You
|
||||
# should only set this value when you want to run 2 or more workers. The
|
||||
# default is already 1.
|
||||
# default is already 1. You can set it to `auto` to automatically start a worker
|
||||
# for each available processor.
|
||||
#
|
||||
# The ideal number of threads per worker depends both on how much time the
|
||||
# application spends waiting for IO operations and on how much you wish to
|
||||
@@ -33,7 +34,7 @@ port ENV.fetch("PORT", 3000)
|
||||
# Allow puma to be restarted by `bin/rails restart` command.
|
||||
plugin :tmp_restart
|
||||
|
||||
# Run the Solid Queue supervisor inside of Puma for single-server deployments
|
||||
# Run the Solid Queue supervisor inside of Puma for single-server deployments.
|
||||
plugin :solid_queue if ENV["SOLID_QUEUE_IN_PUMA"]
|
||||
|
||||
# Specify the PID file. Defaults to tmp/pids/server.pid in development.
|
||||
|
||||
Reference in New Issue
Block a user