diff --git a/Gemfile b/Gemfile index aaf4848679..8e4ac8051a 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" } ruby file: '.ruby-version' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '7.2.2' +gem 'rails', '8.0.0' # Use PostgreSQL as the database for Active Record gem 'pg' @@ -20,9 +20,6 @@ gem 'puma', '~> 6.5' # Reduces boot times through caching; required in config/boot.rb gem 'bootsnap', '>= 1.1.0', require: false -# Canonical meta tag -gem 'canonical-rails' - # Decorate logic to keep it out of the views and helper methods gem 'draper' @@ -166,7 +163,7 @@ group :development, :test do gem 'amazing_print' # Help eliminate N+1 queries - gem 'bullet' + gem 'bullet', require: false # Call 'byebug' anywhere in the code to stop execution and get a debugger console gem 'byebug', platforms: %i[mri mingw x64_mingw] diff --git a/Gemfile.lock b/Gemfile.lock index f780b6ca54..57da605701 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -54,46 +54,45 @@ GEM specs: aasm (5.5.0) concurrent-ruby (~> 1.0) - actioncable (7.2.2) - actionpack (= 7.2.2) - activesupport (= 7.2.2) + actioncable (8.0.0) + actionpack (= 8.0.0) + activesupport (= 8.0.0) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.2.2) - actionpack (= 7.2.2) - activejob (= 7.2.2) - activerecord (= 7.2.2) - activestorage (= 7.2.2) - activesupport (= 7.2.2) + actionmailbox (8.0.0) + actionpack (= 8.0.0) + activejob (= 8.0.0) + activerecord (= 8.0.0) + activestorage (= 8.0.0) + activesupport (= 8.0.0) mail (>= 2.8.0) - actionmailer (7.2.2) - actionpack (= 7.2.2) - actionview (= 7.2.2) - activejob (= 7.2.2) - activesupport (= 7.2.2) + actionmailer (8.0.0) + actionpack (= 8.0.0) + actionview (= 8.0.0) + activejob (= 8.0.0) + activesupport (= 8.0.0) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.2.2) - actionview (= 7.2.2) - activesupport (= 7.2.2) + actionpack (8.0.0) + actionview (= 8.0.0) + activesupport (= 8.0.0) nokogiri (>= 1.8.5) - racc - rack (>= 2.2.4, < 3.2) + rack (>= 2.2.4) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (7.2.2) - actionpack (= 7.2.2) - activerecord (= 7.2.2) - activestorage (= 7.2.2) - activesupport (= 7.2.2) + actiontext (8.0.0) + actionpack (= 8.0.0) + activerecord (= 8.0.0) + activestorage (= 8.0.0) + activesupport (= 8.0.0) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.2.2) - activesupport (= 7.2.2) + actionview (8.0.0) + activesupport (= 8.0.0) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) @@ -103,26 +102,26 @@ GEM activemodel (>= 4.1) case_transform (>= 0.2) jsonapi-renderer (>= 0.1.1.beta1, < 0.3) - activejob (7.2.2) - activesupport (= 7.2.2) + activejob (8.0.0) + activesupport (= 8.0.0) globalid (>= 0.3.6) - activemodel (7.2.2) - activesupport (= 7.2.2) + activemodel (8.0.0) + activesupport (= 8.0.0) activemodel-serializers-xml (1.0.2) activemodel (> 5.x) activesupport (> 5.x) builder (~> 3.1) - activerecord (7.2.2) - activemodel (= 7.2.2) - activesupport (= 7.2.2) + activerecord (8.0.0) + activemodel (= 8.0.0) + activesupport (= 8.0.0) timeout (>= 0.4.0) - activestorage (7.2.2) - actionpack (= 7.2.2) - activejob (= 7.2.2) - activerecord (= 7.2.2) - activesupport (= 7.2.2) + activestorage (8.0.0) + actionpack (= 8.0.0) + activejob (= 8.0.0) + activerecord (= 8.0.0) + activesupport (= 8.0.0) marcel (~> 1.0) - activesupport (7.2.2) + activesupport (8.0.0) base64 benchmark (>= 0.3) bigdecimal @@ -134,6 +133,7 @@ GEM minitest (>= 5.1) securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) aes_key_wrap (1.1.0) @@ -141,9 +141,9 @@ GEM ast (2.4.2) attr_extras (7.1.0) attr_required (1.0.2) - audited (5.7.0) - activerecord (>= 5.2, < 8.0) - activesupport (>= 5.2, < 8.0) + audited (5.8.0) + activerecord (>= 5.2, < 8.2) + activesupport (>= 5.2, < 8.2) awesome_print (1.9.2) base64 (0.2.0) benchmark (0.4.0) @@ -177,8 +177,6 @@ GEM activesupport (>= 3.0.0) uniform_notifier (~> 1.11) byebug (11.1.3) - canonical-rails (0.2.16) - actionview (>= 4.1, < 7.3) capybara (3.40.0) addressable matrix @@ -519,20 +517,20 @@ GEM rackup (1.0.1) rack (< 3) webrick - rails (7.2.2) - actioncable (= 7.2.2) - actionmailbox (= 7.2.2) - actionmailer (= 7.2.2) - actionpack (= 7.2.2) - actiontext (= 7.2.2) - actionview (= 7.2.2) - activejob (= 7.2.2) - activemodel (= 7.2.2) - activerecord (= 7.2.2) - activestorage (= 7.2.2) - activesupport (= 7.2.2) + rails (8.0.0) + actioncable (= 8.0.0) + actionmailbox (= 8.0.0) + actionmailer (= 8.0.0) + actionpack (= 8.0.0) + actiontext (= 8.0.0) + actionview (= 8.0.0) + activejob (= 8.0.0) + activemodel (= 8.0.0) + activerecord (= 8.0.0) + activestorage (= 8.0.0) + activesupport (= 8.0.0) bundler (>= 1.15.0) - railties (= 7.2.2) + railties (= 8.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -553,9 +551,9 @@ GEM rack railties (>= 5.1) semantic_logger (~> 4.16) - railties (7.2.2) - actionpack (= 7.2.2) - activesupport (= 7.2.2) + railties (8.0.0) + actionpack (= 8.0.0) + activesupport (= 8.0.0) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -639,8 +637,8 @@ GEM ruby2_keywords (0.0.5) rubypants (0.7.1) safely_block (0.4.1) - schema_to_scaffold (0.8.2) - activesupport (~> 7) + schema_to_scaffold (0.8.0) + activesupport (>= 3.2.1) securerandom (0.3.2) semantic_logger (4.16.0) concurrent-ruby (~> 1.0) @@ -756,7 +754,6 @@ DEPENDENCIES brakeman bullet byebug - canonical-rails capybara (>= 2.15) cloudfront-rails colorize @@ -812,7 +809,7 @@ DEPENDENCIES puma (~> 6.5) pundit rack-cors - rails (= 7.2.2) + rails (= 8.0.0) rails-controller-testing rails-erd rails_semantic_logger diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 13bd3b3eab..14becbeaec 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -4,7 +4,10 @@ <%= yield :page_title %> - Publish teacher training courses - GOV.UK <%= csrf_meta_tags %> <%= csp_meta_tag %> - <%= canonical_tag %> + + <% url = URI(request.url.split("?").first) %> + <%= tag.link(href: url.path.ends_with?("/") ? url.to_s : "#{url}/", rel: "canonical") %> + <%= tag.meta(property: "og:url", content: url.path.ends_with?("/") ? url.to_s : "#{url}/") %> <%= tag.meta(name: "viewport", content: "width=device-width, initial-scale=1") %> <%= tag.meta(property: "og:image", content: image_path("govuk-opengraph-image.png")) %> diff --git a/app/views/layouts/find_layout.html.erb b/app/views/layouts/find_layout.html.erb index cd85467ee6..21487970ca 100644 --- a/app/views/layouts/find_layout.html.erb +++ b/app/views/layouts/find_layout.html.erb @@ -4,7 +4,10 @@ <%= yield :page_title %> - <%= t("service_name.find") %> - GOV.UK <%= csrf_meta_tags %> <%= csp_meta_tag %> - <%= canonical_tag %> + + <% url = URI(request.url.split("?").first) %> + <%= tag.link(href: url.path.ends_with?("/") ? url.to_s : "#{url}/", rel: "canonical") %> + <%= tag.meta(property: "og:url", content: url.path.ends_with?("/") ? url.to_s : "#{url}/") %> <%= tag.meta(name: "viewport", content: "width=device-width, initial-scale=1") %> <%= tag.meta(property: "og:image", content: image_path("govuk-opengraph-image.png")) %> diff --git a/bin/dev b/bin/dev index a1104a50b1..5f91c20545 100755 --- a/bin/dev +++ b/bin/dev @@ -1,9 +1,2 @@ -#!/usr/bin/env bash - -if ! command -v foreman &> /dev/null -then - echo "Installing foreman..." - gem install foreman -fi - -foreman start -f Procfile.dev "$@" +#!/usr/bin/env ruby +exec "./bin/rails", "server", *ARGV diff --git a/bin/setup b/bin/setup index 508c67a1ed..be3db3c0d6 100755 --- a/bin/setup +++ b/bin/setup @@ -1,9 +1,7 @@ #!/usr/bin/env ruby require "fileutils" -# path to your application root. APP_ROOT = File.expand_path("..", __dir__) -APP_NAME = "manage-courses-backend" def system!(*args) system(*args, exception: true) @@ -15,20 +13,22 @@ FileUtils.chdir APP_ROOT do # Add necessary setup steps to this file. puts "== Installing dependencies ==" - system("yarn install") - system! "gem install bundler --conservative" system("bundle check") || system!("bundle install") + # puts "\n== Copying sample files ==" + # unless File.exist?("config/database.yml") + # FileUtils.cp "config/database.yml.sample", "config/database.yml" + # end + puts "\n== Preparing database ==" system! "bin/rails db:prepare" puts "\n== Removing old logs and tempfiles ==" system! "bin/rails log:clear tmp:clear" - puts "\n== Restarting application server ==" - system! "bin/rails restart" - - # puts "\n== Configuring puma-dev ==" - # system "ln -nfs #{APP_ROOT} ~/.puma-dev/#{APP_NAME}" - # system "curl -Is https://#{APP_NAME}.test/up | head -n 1" + unless ARGV.include?("--skip-server") + puts "\n== Starting development server ==" + STDOUT.flush # flush the output before exec(2) so that it displays + exec "bin/dev" + end end diff --git a/bin/thrust b/bin/thrust new file mode 100755 index 0000000000..36bde2d832 --- /dev/null +++ b/bin/thrust @@ -0,0 +1,5 @@ +#!/usr/bin/env ruby +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("thruster", "thrust") diff --git a/config/boot.rb b/config/boot.rb index aef6d031ee..988a5ddc46 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true - ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) require "bundler/setup" # Set up gems listed in the Gemfile. diff --git a/config/environment.rb b/config/environment.rb index 7df99e89c6..cac5315775 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,5 +1,3 @@ -# frozen_string_literal: true - # Load the Rails application. require_relative "application" diff --git a/config/initializers/canonical_rails.rb b/config/initializers/canonical_rails.rb deleted file mode 100644 index 6926dc717a..0000000000 --- a/config/initializers/canonical_rails.rb +++ /dev/null @@ -1,30 +0,0 @@ -# frozen_string_literal: true - -# Do yourself a favor and set these up right when you install the engine. - -CanonicalRails.setup do |config| - # Force the protocol. If you do not specify, the protocol will be based on the incoming request's protocol. - - config.protocol = 'https://' - - # This is the main host, not just the TLD, omit slashes and protocol. If you have more than one, pick the one you want to rank in search results. - - config.host = 'find-teacher-training-courses.service.gov.uk' - config.port # = '3000' - - # http://en.wikipedia.org/wiki/URL_normalization - # Trailing slash represents semantics of a directory, ie a collection view - implying an :index get route; - # otherwise we have to assume semantics of an instance of a resource type, a member view - implying a :show get route - # - # Acts as an allowlist for routes to have trailing slashes - - config.collection_actions # = [:index] - - # Parameter spamming can cause index dilution by creating seemingly different URLs with identical or near-identical content. - # Unless allowed, these parameters will be omitted - - config.allowed_parameters # = [] - - # Output a matching OpenGraph URL meta tag (og:url) with the canonical URL, as recommended by Facebook et al - config.opengraph_url = true -end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index adcd9bc9d9..c010b83ddd 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,10 +1,8 @@ -# frozen_string_literal: true - # Be sure to restart your server when you modify this file. # Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. # Use this to limit dissemination of sensitive information. # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. -Rails.application.config.filter_parameters += %i[ - passw email secret token _key crypt salt certificate otp ssn password email first_name last_name +Rails.application.config.filter_parameters += [ + :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn ] diff --git a/config/initializers/new_framework_defaults_8_0.rb b/config/initializers/new_framework_defaults_8_0.rb new file mode 100644 index 0000000000..92efa95152 --- /dev/null +++ b/config/initializers/new_framework_defaults_8_0.rb @@ -0,0 +1,30 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 8.0 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `8.0`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +### +# Specifies whether `to_time` methods preserve the UTC offset of their receivers or preserves the timezone. +# If set to `:zone`, `to_time` methods will use the timezone of their receivers. +# If set to `:offset`, `to_time` methods will use the UTC offset. +# If `false`, `to_time` methods will convert to the local system UTC offset instead. +#++ +# Rails.application.config.active_support.to_time_preserves_timezone = :zone + +### +# When both `If-Modified-Since` and `If-None-Match` are provided by the client +# only consider `If-None-Match` as specified by RFC 7232 Section 6. +# If set to `false` both conditions need to be satisfied. +#++ +# Rails.application.config.action_dispatch.strict_freshness = true + +### +# Set `Regexp.timeout` to `1`s by default to improve security over Regexp Denial-of-Service attacks. +#++ +# Regexp.timeout = 1