Conversation
awilfox
requested review from
anarchivist,
danschmidt5189,
davezuckerman,
jason-raitz and
yzhoubk
danschmidt5189
approved these changes
Feb 21, 2026
Member
danschmidt5189
left a comment
danschmidt5189
left a comment
There was a problem hiding this comment.
A few minor questions but definitely not blockers.
|
|
||
| # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. | ||
| # config.force_ssl = true | ||
| config.force_ssl = true |
Member
There was a problem hiding this comment.
Do you know how this behaves behind a proxy that terminates SSL? X-Forwarded-Proto would be https, but the actual connection to the proxy is http.
Member
Author
There was a problem hiding this comment.
AVPlayer and Lost-and-Found both have config.force_ssl enabled, so it should be fine here AFAIK.
danschmidt5189
requested review from
Copilot
and removed request for
anarchivist,
davezuckerman,
jason-raitz and
yzhoubk
There was a problem hiding this comment.
Pull request overview
Updates the application to Rails 7.2, aligning configuration defaults and dependency versions while addressing deprecations (notably Rails.application.secrets removal and Ruby 3.4 warnings).
Changes:
- Upgrade Rails from 7.1 to 7.2 (and update Gemfile/Gemfile.lock accordingly, including adding
mutex_m). - Update environment and framework configuration defaults (e.g.,
load_defaults 7.2, SSL enforcement in production, test/development config tweaks). - Adjust CI and tooling scripts (GitHub Actions build workflow, docker-compose CI overrides, simplified binstubs).
Reviewed changes
Copilot reviewed 11 out of 15 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| public/robots.txt | Updates documentation URL to HTTPS. |
| docker-compose.ci.yml | Adds a CI mount intended to provide SECRET_KEY_BASE. |
| config/puma.rb | Replaces Puma config comments and adds pidfile support. |
| config/environments/test.rb | Enables deprecation logging to stderr; comment updates. |
| config/environments/production.rb | Enables force_ssl and adds Rails 7.2 production defaults. |
| config/environments/development.rb | Comment/style tweaks; adds Action Mailer template caching setting. |
| config/boot.rb | Removes explicit require 'logger'. |
| config/application.rb | Switches load_defaults to 7.2 and adds autoload_lib ignore list. |
| bin/rubocop | Replaces Bundler-generated binstub with a simplified wrapper and forces explicit config path. |
| bin/brakeman | Replaces Bundler-generated binstub with a simplified wrapper and adds --ensure-latest. |
| app/models/efees_invoice.rb | Migrates from Rails.application.secrets to Rails.application.secret_key_base. |
| Gemfile.lock | Locks Rails 7.2.3 and related dependency updates (including mutex_m). |
| Gemfile | Bumps Rails requirement to 7.2.3 and adds mutex_m. |
| .idea/altmedia.iml | Updates IDE module metadata for new gem versions. |
| .github/workflows/build.yml | Generates a secret key base file during CI stack setup. |
Files not reviewed (1)
- .idea/altmedia.iml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
awilfox
force-pushed
the
awilfox/AP-270-rails-7-2
branch
from
e66223e to
0decf6b
Compare
Member
Author
|
v2: Addressed feedback. |
awilfox
requested review from
anarchivist,
davezuckerman,
jason-raitz and
yzhoubk
* `Rails.application.secrets` is removed; the `secret_key_base` accessor in `Rails.application` has been present since 6.x, so just use that. * Minor configuration updates for 7.2 defaults. * Add `mutex_m` to avoid deprecation warnings for Ruby 3.4. Ref: AP-270
awilfox
force-pushed
the
awilfox/AP-270-rails-7-2
branch
from
0decf6b to
6cf7556
Compare
Member
Author
|
v3: Rebased against current main. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rails.application.secretsis removed; thesecret_key_baseaccessor inRails.applicationhas been present since 6.x, so just use that.Minor configuration updates for 7.2 defaults.
Add
mutex_mto avoid deprecation warnings for Ruby 3.4.Ref: AP-270
This includes the
SECRET_KEY_BASEsetting inbuild.ymlthat @danschmidt5189 suggested in Slack, so cc'ing him.Only other thing of note is that Rails 7.2 enforces HTTPS (HSTS / redirects) in prod, but this shouldn't be an issue since AFAIK all Library endpoints are HTTPS anyway.