mirror of
https://github.com/we-promise/sure.git
synced 2026-07-12 04:45:19 +00:00
* chore(deps): upgrade Rails 7.2 → 8.1 Rails 7.2 reaches end of life on 2026-08-09. Bump the framework to the current 8.1.x line. - Gemfile: rails "~> 8.0" (resolves 8.1.3); bundle update rails pulls the Rails 8 framework gems plus the bumps it requires — ViewComponent 3.23 → 4.x (Rails 8 support), rails-i18n 7 → 8, rswag, and transitive deps. - app/models/transfer.rb: make Transfer#date nil-safe (inflow_transaction&.entry&.date). Rails 8's date_field evaluates the field default on a new/unpersisted Transfer (the new-transfer form), where the association is nil; without this, TransfersController#new raises "undefined method 'entry' for nil". Matches the &. pattern already used in Transfer#sync_account_later. Framework behavioral defaults are unchanged (config.load_defaults stays as-is). Validated on Rails 8.1.3: zeitwerk:check passes, full suite green (4904 runs, 0 failures, 0 errors), rubocop and brakeman clean. * fix(rails8): style textarea + deterministic property edit system test The Rails 8 gem bump kept config.load_defaults at 7.2, but Rails 8 renamed two ActionView::Helpers::FormBuilder field helpers regardless of defaults: :text_area → :textarea and :check_box → :checkbox. StyledFormBuilder builds its styled helpers from `field_helpers`, so `form.text_area` (e.g. the account "Notes" field) silently fell through to the unstyled base helper and rendered without a label — failing 8 system tests with `Unable to find field "Notes"`. - app/helpers/styled_form_builder.rb: exclude both spellings of the non-text helpers (:check_box and :checkbox) and alias the legacy `text_area` to the Rails 8 `textarea` so existing call sites stay styled. Harmless on Rails 7.2 (old names present instead). - test/system/property_test.rb: open the property edit dialog via the account menu with a retry. The account page issues a Turbo morph refresh shortly after load (turbo_refreshes_with :morph + a family-stream broadcast); opening the modal while that refresh is in flight let the morph re-render the page and wipe the just-loaded #modal turbo-frame. Rails 8 timing made the race deterministic. Retrying once the refresh has settled makes the test stable (confirmed via Turbo frame-load vs full-page morph event traces; 3x green in isolation). - config/brakeman.ignore: the added comment block shifted the pre-existing (already-ignored, Weak) class_eval Dangerous Eval warning from line 5 -> 10, changing its fingerprint. Re-point the existing suppression to the new fingerprint/line so scan_ruby stays green. Validated on Rails 8.1.3: full system suite green (92 runs, 355 assertions, 0 failures, 0 errors), rubocop clean, brakeman 0 warnings, CodeRabbit no findings. * chore(deps): pin rails to the 8.1 minor line (~> 8.1.0) Tighten the constraint from `~> 8.0` to `~> 8.1.0` (>= 8.1.0, < 8.2) so a future `bundle update rails` tracks the 8.1.x line rather than silently jumping to 8.2 when it ships. Matches the upgrade plan's stated intent (target 8.1.x for the EOL runway) and a review note on #2301. No resolved-version changes: bundle install keeps rails at 8.1.3 and every other locked gem unchanged — only the Gemfile.lock DEPENDENCIES constraint line moves. zeitwerk:check still passes; the already-green unit/system suites ran on this exact resolved tree. * chore(rails8): adopt Rails 8.1 framework defaults (config.load_defaults 8.1) The gem bump above kept config.load_defaults at 7.2 so the change set could be reasoned about in stages; this finalizes the upgrade by adopting the modern framework defaults now that the suite is green on Rails 8.1. Rails 8.0 added no new framework defaults (there is no new_framework_defaults_8_0 template), so 7.2 -> 8.1 is the single meaningful step. No incremental new_framework_defaults_8_1.rb opt-in file is needed: the full suites pass with all 8.1 defaults enabled at once. The 8.1 defaults this turns on include action_on_path_relative_redirect=:raise (open-redirect hardening), raise_on_missing_required_finder_order_columns, escape_json_responses=false / escape_js_separators_in_json=false (JSON perf), and Ruby-parser template-dependency tracking. Validated with no application code changes: bin/rails test 4904/0/0, bin/rails test:system 92/0/0, rubocop + brakeman clean. * chore(ci): restore brakeman CheckEOLRails now that the app is on Rails 8.1 config/brakeman.yml existed only to skip brakeman's CheckEOLRails. That check fires on the calendar (it warns 60 days before a framework's EOL and escalates as the date nears), so Rails 7.2's 2026-08-09 EOL turned `bin/brakeman` red (exit 3) on every branch and on main regardless of the diff. The skip carried a TODO to remove it once Sure upgraded off 7.2. This PR puts the app on Rails 8.1 (EOL well in the future), so the skip is obsolete; remove the file (its sole content was the skip) in the same change that makes it unnecessary -- no stale-config window. brakeman auto-loads the file when present and falls back to defaults when absent, and nothing references it explicitly. CheckEOLRuby was already enabled and is unchanged; config/brakeman.ignore is untouched. Validated on Rails 8.1: bin/brakeman runs EOLRails + EOLRuby, 0 warnings, 0 errors, exit 0.
67 lines
2.8 KiB
Ruby
67 lines
2.8 KiB
Ruby
require_relative "boot"
|
|
|
|
require "rails/all"
|
|
|
|
# Require the gems listed in Gemfile, including any gems
|
|
# you've limited to :test, :development, or :production.
|
|
Bundler.require(*Rails.groups)
|
|
|
|
module Sure
|
|
class Application < Rails::Application
|
|
# Initialize configuration defaults for originally generated Rails version.
|
|
config.load_defaults 8.1
|
|
|
|
# Please, add to the `ignore` list any other `lib` subdirectories that do
|
|
# not contain `.rb` files, or that should not be reloaded or eager loaded.
|
|
# Common ones are `templates`, `generators`, or `middleware`, for example.
|
|
config.autoload_lib(ignore: %w[assets tasks generators])
|
|
|
|
# Configuration for the application, engines, and railties goes here.
|
|
#
|
|
# These settings can be overridden in specific environments using the files
|
|
# in config/environments, which are processed later.
|
|
#
|
|
# config.time_zone = "Central Time (US & Canada)"
|
|
# config.eager_load_paths << Rails.root.join("extras")
|
|
|
|
# TODO: This is here for incremental adoption of localization. This can be removed when all translations are implemented.
|
|
config.i18n.fallbacks = true
|
|
|
|
config.app_mode = (ENV["SELF_HOSTED"] == "true" || ENV["SELF_HOSTING_ENABLED"] == "true" ? "self_hosted" : "managed").inquiry
|
|
|
|
# Self hosters can optionally set their own encryption keys if they want to use ActiveRecord encryption.
|
|
if Rails.application.credentials.active_record_encryption.present?
|
|
config.active_record.encryption = Rails.application.credentials.active_record_encryption
|
|
end
|
|
|
|
config.view_component.preview_controller = "LookbooksController"
|
|
config.lookbook.preview_display_options = {
|
|
theme: [ "light", "dark" ] # available in view as params[:theme]
|
|
}
|
|
|
|
# Enable Skylight instrumentation for ActiveJob (background workers)
|
|
# Developers can opt-in to Skylight locally by setting SKYLIGHT_ENABLED=true
|
|
if defined?(Skylight) && config.respond_to?(:skylight)
|
|
config.skylight.probes << "active_job"
|
|
if ENV["SKYLIGHT_ENABLED"] == "true"
|
|
config.skylight.environments += [ "development" ]
|
|
end
|
|
end
|
|
|
|
# Enable Rack::Attack middleware for API rate limiting
|
|
config.middleware.use Rack::Attack
|
|
|
|
config.x.ui = ActiveSupport::OrderedOptions.new
|
|
default_layout = ENV.fetch("DEFAULT_UI_LAYOUT", "dashboard")
|
|
config.x.ui.default_layout = default_layout.in?(%w[dashboard intro]) ? default_layout : "dashboard"
|
|
|
|
config.x.debug_log = ActiveSupport::OrderedOptions.new
|
|
retention_days = ENV.fetch("DEBUG_LOG_RETENTION_DAYS", "90").to_i
|
|
config.x.debug_log.retention_days = retention_days.positive? ? retention_days : 90
|
|
|
|
# Handle OmniAuth/OIDC errors gracefully (must be before OmniAuth middleware)
|
|
require_relative "../app/middleware/omniauth_error_handler"
|
|
config.middleware.use OmniauthErrorHandler
|
|
end
|
|
end
|