First bit of moving to Rails 8.0.x

Gemfile

@@ -1,25 +1,12 @@
 source "https://rubygems.org"
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
-gem 'devise'
-gem 'cancancan'
-
-ruby "3.3.5"
-
-gem 'fiddle'
-gem 'ostruct'
-gem 'logger'
-
-gem "nokogiri", force_ruby_platform: true
-
 # Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
-gem "rails", "~> 7.1.4"
+gem "rails", "~> 8.0.2"
+ruby "3.4.4"
 
-# The original asset pipeline for Rails [https://github.com/rails/sprockets-rails]
+# The modern asset pipeline for Rails [https://github.com/rails/propshaft]
-gem "sprockets-rails"
+gem "propshaft"
-
-# Use mysql as the database for Active Record
-gem "mysql2", "~> 0.5"
 
 # Use the Puma web server [https://github.com/puma/puma]
 gem "puma", ">= 5.0"
@@ -36,41 +23,60 @@ gem "stimulus-rails"
 # Build JSON APIs with ease [https://github.com/rails/jbuilder]
 gem "jbuilder"
 
-# Use Redis adapter to run Action Cable in production
-# gem "redis", "~> 4.0"
-
-# Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]
-# gem "kredis"
-
 # Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]
 # gem "bcrypt", "~> 3.1.7"
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
-gem "tzinfo-data", platforms: %i[ mingw mswin x64_mingw jruby ]
+gem "tzinfo-data", platforms: %i[ windows jruby ]
+
+# Use the database-backed adapters for Rails.cache, Active Job, and Action Cable
+gem "solid_cache"
+gem "solid_queue"
+gem "solid_cable"
 
 # Reduces boot times through caching; required in config/boot.rb
 gem "bootsnap", require: false
 
-# Use Sass to process CSS
+
-# gem "sassc-rails"
+gem 'devise'
+gem 'cancancan'
+
+# Reduces boot times through caching; required in config/boot.rb
+gem "bootsnap", require: false
+
+# Deploy this application anywhere as a Docker container [https://kamal-deploy.org]
+gem "kamal", require: false
+
+# Add HTTP asset caching/compression and X-Sendfile acceleration to Puma [https://github.com/basecamp/thruster/]
+gem "thruster", require: false
+
+gem 'fiddle'
+gem 'ostruct'
+gem 'logger'
+
+#gem "nokogiri", force_ruby_platform: true
+
+# Use mysql as the database for Active Record
+gem "mysql2", "~> 0.5"
+
 
 # Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
 gem "image_processing", "~> 1.2"
 
 group :development, :test do
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
-  gem "debug", platforms: %i[ mri mingw x64_mingw ]
+  gem "debug", platforms: %i[ mri windows ], require: "debug/prelude"
+
+  # Static analysis for security vulnerabilities [https://brakemanscanner.org/]
+  gem "brakeman", require: false
+
+  # Omakase Ruby styling [https://github.com/rails/rubocop-rails-omakase/]
+  gem "rubocop-rails-omakase", require: false
 end
 
 group :development do
   # Use console on exceptions pages [https://github.com/rails/web-console]
   gem "web-console"
-
-  # Add speed badges [https://github.com/MiniProfiler/rack-mini-profiler]
-  # gem "rack-mini-profiler"
-
-  # Speed up commands on slow machines / big apps [https://github.com/rails/spring]
-  gem "spring"
 end
 
 group :test do

Gemfile.lock

@@ -1,88 +1,90 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.1.4)
+    actioncable (8.0.2)
-      actionpack (= 7.1.4)
+      actionpack (= 8.0.2)
-      activesupport (= 7.1.4)
+      activesupport (= 8.0.2)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
       zeitwerk (~> 2.6)
-    actionmailbox (7.1.4)
+    actionmailbox (8.0.2)
-      actionpack (= 7.1.4)
+      actionpack (= 8.0.2)
-      activejob (= 7.1.4)
+      activejob (= 8.0.2)
-      activerecord (= 7.1.4)
+      activerecord (= 8.0.2)
-      activestorage (= 7.1.4)
+      activestorage (= 8.0.2)
-      activesupport (= 7.1.4)
+      activesupport (= 8.0.2)
-      mail (>= 2.7.1)
+      mail (>= 2.8.0)
-      net-imap
+    actionmailer (8.0.2)
-      net-pop
+      actionpack (= 8.0.2)
-      net-smtp
+      actionview (= 8.0.2)
-    actionmailer (7.1.4)
+      activejob (= 8.0.2)
-      actionpack (= 7.1.4)
+      activesupport (= 8.0.2)
-      actionview (= 7.1.4)
+      mail (>= 2.8.0)
-      activejob (= 7.1.4)
-      activesupport (= 7.1.4)
-      mail (~> 2.5, >= 2.5.4)
-      net-imap
-      net-pop
-      net-smtp
       rails-dom-testing (~> 2.2)
-    actionpack (7.1.4)
+    actionpack (8.0.2)
-      actionview (= 7.1.4)
+      actionview (= 8.0.2)
-      activesupport (= 7.1.4)
+      activesupport (= 8.0.2)
       nokogiri (>= 1.8.5)
-      racc
       rack (>= 2.2.4)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    actiontext (7.1.4)
+      useragent (~> 0.16)
-      actionpack (= 7.1.4)
+    actiontext (8.0.2)
-      activerecord (= 7.1.4)
+      actionpack (= 8.0.2)
-      activestorage (= 7.1.4)
+      activerecord (= 8.0.2)
-      activesupport (= 7.1.4)
+      activestorage (= 8.0.2)
+      activesupport (= 8.0.2)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.1.4)
+    actionview (8.0.2)
-      activesupport (= 7.1.4)
+      activesupport (= 8.0.2)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activejob (7.1.4)
+    activejob (8.0.2)
-      activesupport (= 7.1.4)
+      activesupport (= 8.0.2)
       globalid (>= 0.3.6)
-    activemodel (7.1.4)
+    activemodel (8.0.2)
-      activesupport (= 7.1.4)
+      activesupport (= 8.0.2)
-    activerecord (7.1.4)
+    activerecord (8.0.2)
-      activemodel (= 7.1.4)
+      activemodel (= 8.0.2)
-      activesupport (= 7.1.4)
+      activesupport (= 8.0.2)
       timeout (>= 0.4.0)
-    activestorage (7.1.4)
+    activestorage (8.0.2)
-      actionpack (= 7.1.4)
+      actionpack (= 8.0.2)
-      activejob (= 7.1.4)
+      activejob (= 8.0.2)
-      activerecord (= 7.1.4)
+      activerecord (= 8.0.2)
-      activesupport (= 7.1.4)
+      activesupport (= 8.0.2)
       marcel (~> 1.0)
-    activesupport (7.1.4)
+    activesupport (8.0.2)
       base64
+      benchmark (>= 0.3)
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
+      securerandom (>= 0.3)
-      tzinfo (~> 2.0)
+      tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
     addressable (2.8.6)
       public_suffix (>= 2.0.2, < 6.0)
+    ast (2.4.3)
     base64 (0.2.0)
     bcrypt (3.1.20)
+    bcrypt_pbkdf (1.1.1)
+    benchmark (0.4.1)
     bigdecimal (3.1.7)
     bindex (0.8.1)
     bootsnap (1.18.3)
       msgpack (~> 1.2)
+    brakeman (7.0.2)
+      racc
     builder (3.2.4)
     cancancan (3.5.0)
     capybara (3.40.0)
@@ -94,10 +96,10 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
-    concurrent-ruby (1.2.3)
+    concurrent-ruby (1.3.5)
     connection_pool (2.4.1)
     crass (1.0.6)
-    date (3.3.4)
+    date (3.4.1)
     debug (1.9.2)
       irb (~> 1.10)
       reline (>= 0.3.8)
@@ -107,10 +109,17 @@ GEM
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
+    dotenv (3.1.8)
     drb (2.2.1)
+    ed25519 (1.4.0)
     erubi (1.12.0)
+    et-orbi (1.2.11)
+      tzinfo
     ffi (1.16.3)
     fiddle (1.1.2)
+    fugit (1.11.1)
+      et-orbi (~> 1, >= 1.2.11)
+      raabro (~> 1.4)
     globalid (1.2.1)
       activesupport (>= 6.1)
     i18n (1.14.4)
@@ -123,12 +132,27 @@ GEM
       activesupport (>= 6.0.0)
       railties (>= 6.0.0)
     io-console (0.7.2)
-    irb (1.12.0)
+    irb (1.15.2)
-      rdoc
+      pp (>= 0.6.0)
+      rdoc (>= 4.0.0)
       reline (>= 0.4.2)
     jbuilder (2.11.5)
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
+    json (2.12.2)
+    kamal (2.2.2)
+      activesupport (>= 7.0)
+      base64 (~> 0.2)
+      bcrypt_pbkdf (~> 1.0)
+      concurrent-ruby (~> 1.2)
+      dotenv (~> 3.1)
+      ed25519 (~> 1.2)
+      net-ssh (~> 7.0)
+      sshkit (>= 1.23.0, < 2.0)
+      thor (~> 1.3)
+      zeitwerk (~> 2.5)
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
     logger (1.6.1)
     loofah (2.22.0)
       crass (~> 1.0.2)
@@ -145,28 +169,46 @@ GEM
     mini_portile2 (2.8.6)
     minitest (5.22.3)
     msgpack (1.7.2)
-    mutex_m (0.2.0)
     mysql2 (0.5.6)
-    net-imap (0.4.16)
+    net-imap (0.5.8)
       date
       net-protocol
     net-pop (0.1.2)
       net-protocol
     net-protocol (0.2.2)
       timeout
-    net-smtp (0.5.0)
+    net-scp (4.1.0)
+      net-ssh (>= 2.6.5, < 8.0.0)
+    net-sftp (4.0.0)
+      net-ssh (>= 5.0.0, < 8.0.0)
+    net-smtp (0.5.1)
       net-protocol
+    net-ssh (7.3.0)
     nio4r (2.7.1)
     nokogiri (1.16.4)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     orm_adapter (0.5.0)
     ostruct (0.6.0)
+    parallel (1.27.0)
+    parser (3.3.8.0)
+      ast (~> 2.4.1)
+      racc
+    pp (0.6.2)
+      prettyprint
+    prettyprint (0.2.0)
+    prism (1.4.0)
+    propshaft (1.1.0)
+      actionpack (>= 7.0.0)
+      activesupport (>= 7.0.0)
+      rack
+      railties (>= 7.0.0)
     psych (5.1.2)
       stringio
     public_suffix (5.0.5)
     puma (6.4.2)
       nio4r (~> 2.0)
+    raabro (1.4.0)
     racc (1.7.3)
     rack (2.2.9)
     rack-session (1.0.2)
@@ -176,20 +218,20 @@ GEM
     rackup (1.0.0)
       rack (< 3)
       webrick
-    rails (7.1.4)
+    rails (8.0.2)
-      actioncable (= 7.1.4)
+      actioncable (= 8.0.2)
-      actionmailbox (= 7.1.4)
+      actionmailbox (= 8.0.2)
-      actionmailer (= 7.1.4)
+      actionmailer (= 8.0.2)
-      actionpack (= 7.1.4)
+      actionpack (= 8.0.2)
-      actiontext (= 7.1.4)
+      actiontext (= 8.0.2)
-      actionview (= 7.1.4)
+      actionview (= 8.0.2)
-      activejob (= 7.1.4)
+      activejob (= 8.0.2)
-      activemodel (= 7.1.4)
+      activemodel (= 8.0.2)
-      activerecord (= 7.1.4)
+      activerecord (= 8.0.2)
-      activestorage (= 7.1.4)
+      activestorage (= 8.0.2)
-      activesupport (= 7.1.4)
+      activesupport (= 8.0.2)
       bundler (>= 1.15.0)
-      railties (= 7.1.4)
+      railties (= 8.0.2)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
@@ -197,14 +239,15 @@ GEM
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (7.1.4)
+    railties (8.0.2)
-      actionpack (= 7.1.4)
+      actionpack (= 8.0.2)
-      activesupport (= 7.1.4)
+      activesupport (= 8.0.2)
-      irb
+      irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
       thor (~> 1.0, >= 1.2.2)
       zeitwerk (~> 2.6)
+    rainbow (3.1.1)
     rake (13.2.1)
     rdoc (6.6.3.1)
       psych (>= 4.0.0)
@@ -215,32 +258,89 @@ GEM
       actionpack (>= 5.2)
       railties (>= 5.2)
     rexml (3.2.6)
+    rubocop (1.69.0)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
+      parallel (~> 1.10)
+      parser (>= 3.3.0.2)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 2.4, < 3.0)
+      rubocop-ast (>= 1.36.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.45.1)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
+    rubocop-minitest (0.37.0)
+      lint_roller (~> 1.1)
+      rubocop (>= 1.61, < 2.0)
+      rubocop-ast (>= 1.38.0, < 2.0)
+    rubocop-performance (1.23.1)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rails (2.29.1)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.52.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rails-omakase (1.0.0)
+      rubocop
+      rubocop-minitest
+      rubocop-performance
+      rubocop-rails
+    ruby-progressbar (1.13.0)
     ruby-vips (2.2.1)
       ffi (~> 1.12)
     rubyzip (2.3.2)
+    securerandom (0.4.1)
     selenium-webdriver (4.10.0)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
       websocket (~> 1.0)
-    spring (4.2.1)
+    solid_cable (3.0.8)
-    sprockets (4.2.1)
+      actioncable (>= 7.2)
-      concurrent-ruby (~> 1.0)
+      activejob (>= 7.2)
-      rack (>= 2.2.4, < 4)
+      activerecord (>= 7.2)
-    sprockets-rails (3.4.2)
+      railties (>= 7.2)
-      actionpack (>= 5.2)
+    solid_cache (1.0.7)
-      activesupport (>= 5.2)
+      activejob (>= 7.2)
-      sprockets (>= 3.0.0)
+      activerecord (>= 7.2)
+      railties (>= 7.2)
+    solid_queue (1.1.5)
+      activejob (>= 7.1)
+      activerecord (>= 7.1)
+      concurrent-ruby (>= 1.3.1)
+      fugit (~> 1.11.0)
+      railties (>= 7.1)
+      thor (~> 1.3.1)
+    sshkit (1.24.0)
+      base64
+      logger
+      net-scp (>= 1.1.2)
+      net-sftp (>= 2.1.2)
+      net-ssh (>= 2.8.0)
+      ostruct
     stimulus-rails (1.3.3)
       railties (>= 6.0.0)
     stringio (3.1.0)
     thor (1.3.1)
-    timeout (0.4.1)
+    thruster (0.1.14)
+    thruster (0.1.14-aarch64-linux)
+    thruster (0.1.14-arm64-darwin)
+    thruster (0.1.14-x86_64-darwin)
+    thruster (0.1.14-x86_64-linux)
+    timeout (0.4.3)
     turbo-rails (2.0.5)
       actionpack (>= 6.0.0)
       activejob (>= 6.0.0)
       railties (>= 6.0.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
+    unicode-display_width (3.1.4)
+      unicode-emoji (~> 4.0, >= 4.0.4)
+    unicode-emoji (4.0.4)
+    uri (1.0.3)
+    useragent (0.16.11)
     warden (1.2.9)
       rack (>= 2.0.9)
     web-console (4.2.1)
@@ -250,7 +350,8 @@ GEM
       railties (>= 6.0.0)
     webrick (1.8.1)
     websocket (1.2.10)
-    websocket-driver (0.7.6)
+    websocket-driver (0.8.0)
+      base64
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     xpath (3.2.0)
@@ -269,6 +370,7 @@ PLATFORMS
 
 DEPENDENCIES
   bootsnap
+  brakeman
   cancancan
   capybara
   debug
@@ -277,22 +379,26 @@ DEPENDENCIES
   image_processing (~> 1.2)
   importmap-rails
   jbuilder
+  kamal
   logger
   mysql2 (~> 0.5)
-  nokogiri
   ostruct
+  propshaft
   puma (>= 5.0)
-  rails (~> 7.1.4)
+  rails (~> 8.0.2)
+  rubocop-rails-omakase
   selenium-webdriver
-  spring
+  solid_cable
-  sprockets-rails
+  solid_cache
+  solid_queue
   stimulus-rails
+  thruster
   turbo-rails
   tzinfo-data
   web-console
 
 RUBY VERSION
-   ruby 3.3.5p100
+   ruby 3.4.4p34
 
 BUNDLED WITH
    2.5.3

README.md

@@ -2,6 +2,30 @@
 
 # NOT FINISHED and tests still failing.
 
+# Installation
+```
+pkg_add ruby #choose 3.4.4
+
+ln -sf /usr/local/bin/ruby34 /usr/local/bin/ruby
+ln -sf /usr/local/bin/bundle34 /usr/local/bin/bundle
+ln -sf /usr/local/bin/bundler34 /usr/local/bin/bundler
+ln -sf /usr/local/bin/erb34 /usr/local/bin/erb
+ln -sf /usr/local/bin/gem34 /usr/local/bin/gem
+ln -sf /usr/local/bin/irb34 /usr/local/bin/irb
+ln -sf /usr/local/bin/racc34 /usr/local/bin/racc
+ln -sf /usr/local/bin/rake34 /usr/local/bin/rake
+ln -sf /usr/local/bin/rbs34 /usr/local/bin/rbs
+ln -sf /usr/local/bin/rdbg34 /usr/local/bin/rdbg
+ln -sf /usr/local/bin/rdoc34 /usr/local/bin/rdoc
+ln -sf /usr/local/bin/ri34 /usr/local/bin/ri
+ln -sf /usr/local/bin/syntax_suggest34 /usr/local/bin/syntax_suggest
+ln -sf /usr/local/bin/typeprof34 /usr/local/bin/typeprof
+
+pkg_add mariadb-server
+/usr/local/bin/mariadb-install-db
+rcctl start mysqld
+mariadb-secure-installation
+```
 Welcome to the Hidden Agenda Ltd CAF tool to help you get organised to become National Cyber Security Centre "Cyber Assessment Framework" (CAF) compliant.
 
 This is a Ruby On Rails app and released under a MIT License.

config/application.rb

@@ -9,7 +9,12 @@ Bundler.require(*Rails.groups)
 module CafHiddenagendaLtdUk
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.
-    config.load_defaults 7.1
+    config.load_defaults 8.0
+
+    # Please, add to the `ignore` list any other `lib` subdirectories that do
+    # not contain `.rb` files, or that should not be reloaded or eager loaded.
+    # Common ones are `templates`, `generators`, or `middleware`, for example.
+    config.autoload_lib(ignore: %w[assets tasks])
 
     # Configuration for the application, engines, and railties goes here.
     #

config/environments/development.rb

@@ -3,9 +3,7 @@ require "active_support/core_ext/integer/time"
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
-  # In the development environment your application's code is reloaded any time
+  # Make code changes take effect immediately without server restart.
-  # it changes. This slows down response time but is perfect for development
-  # since you don't have to restart the web server when you make code changes.
   config.enable_reloading = true
 
   # Do not eager load code on boot.
@@ -14,60 +12,59 @@ Rails.application.configure do
   # Show full error reports.
   config.consider_all_requests_local = true
 
-  # Enable server timing
+  # Enable server timing.
   config.server_timing = true
 
-  # Enable/disable caching. By default caching is disabled.
+  # Enable/disable Action Controller caching. By default Action Controller caching is disabled.
-  # Run rails dev:cache to toggle caching.
+  # Run rails dev:cache to toggle Action Controller caching.
   if Rails.root.join("tmp/caching-dev.txt").exist?
     config.action_controller.perform_caching = true
     config.action_controller.enable_fragment_cache_logging = true
-
+    config.public_file_server.headers = { "cache-control" => "public, max-age=#{2.days.to_i}" }
-    config.cache_store = :memory_store
-    config.public_file_server.headers = {
-      "Cache-Control" => "public, max-age=#{2.days.to_i}"
-    }
   else
     config.action_controller.perform_caching = false
-
-    config.cache_store = :null_store
   end
 
+  # Change to :null_store to avoid any caching.
+  config.cache_store = :memory_store
+
   # Store uploaded files on the local file system (see config/storage.yml for options).
   config.active_storage.service = :local
 
   # Don't care if the mailer can't send.
   config.action_mailer.raise_delivery_errors = false
 
+  # Make template changes take effect immediately.
   config.action_mailer.perform_caching = false
 
+  # Set localhost to be used by links generated in mailer templates.
+  config.action_mailer.default_url_options = { host: "localhost", port: 3000 }
+
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
 
-  # Raise exceptions for disallowed deprecations.
-  config.active_support.disallowed_deprecation = :raise
-
-  # Tell Active Support which deprecation messages to disallow.
-  config.active_support.disallowed_deprecation_warnings = []
-
   # Raise an error on page load if there are pending migrations.
   config.active_record.migration_error = :page_load
 
   # Highlight code that triggered database queries in logs.
   config.active_record.verbose_query_logs = true
 
-  # Suppress logger output for asset requests.
+  # Append comments with runtime information tags to SQL queries in logs.
-  config.assets.quiet = true
+  config.active_record.query_log_tags_enabled = true
+
+  # Highlight code that enqueued background job in logs.
+  config.active_job.verbose_enqueue_logs = true
 
   # Raises error for missing translations.
   # config.i18n.raise_on_missing_translations = true
 
   # Annotate rendered view with file names.
-  # config.action_view.annotate_rendered_view_with_filenames = true
+  config.action_view.annotate_rendered_view_with_filenames = true
 
   # Uncomment if you wish to allow Action Cable access from any origin.
   # config.action_cable.disable_request_forgery_protection = true
 
+  # Raise error when a before_action's only/except options reference missing actions.
   config.action_controller.raise_on_missing_callback_actions = true
 
   config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }

config/initializers/assets.rb

@@ -5,8 +5,3 @@ Rails.application.config.assets.version = "1.0"
 
 # Add additional assets to the asset load path.
 # Rails.application.config.assets.paths << Emoji.images_path
-
-# Precompile additional assets.
-# application.js, application.css, and all non-JS/CSS in the app/assets
-# folder are already added.
-# Rails.application.config.assets.precompile += %w( admin.js admin.css )

config/initializers/content_security_policy.rb

@@ -1,8 +1,8 @@
 # Be sure to restart your server when you modify this file.
 
-# Define an application-wide content security policy
+# Define an application-wide content security policy.
-# For further information see the following documentation
+# See the Securing Rails Applications Guide for more information:
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+# https://guides.rubyonrails.org/security.html#content-security-policy-header
 
 # Rails.application.configure do
 #   config.content_security_policy do |policy|
@@ -16,11 +16,10 @@
 #     # policy.report_uri "/csp-violation-report-endpoint"
 #   end
 #
-#   # Generate session nonces for permitted importmap and inline scripts
+#   # Generate session nonces for permitted importmap, inline scripts, and inline styles.
 #   config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
-#   config.content_security_policy_nonce_directives = %w(script-src)
+#   config.content_security_policy_nonce_directives = %w(script-src style-src)
 #
-#   # Report CSP violations to a specified URI. See:
+#   # Report violations without enforcing the policy.
-#   # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
 #   # config.content_security_policy_report_only = true
 # end

config/initializers/filter_parameter_logging.rb

@@ -1,6 +1,8 @@
 # Be sure to restart your server when you modify this file.
 
-# Configure sensitive parameters which will be filtered from the log file.
+# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file.
+# Use this to limit dissemination of sensitive information.
+# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
 Rails.application.config.filter_parameters += [
-  :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
+  :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc
 ]

config/initializers/permissions_policy.rb

@@ -1,11 +0,0 @@
-# Define an application-wide HTTP permissions policy. For further
-# information see https://developers.google.com/web/updates/2018/06/feature-policy
-#
-# Rails.application.config.permissions_policy do |f|
-#   f.camera      :none
-#   f.gyroscope   :none
-#   f.microphone  :none
-#   f.usb         :none
-#   f.fullscreen  :self
-#   f.payment     :self, "https://secure.example.com"
-# end

config/puma.rb

@@ -1,44 +1,43 @@
-# Puma can serve each request in a thread from an internal thread pool.
+# This configuration file will be evaluated by Puma. The top-level methods that
-# The `threads` method setting takes two numbers: a minimum and maximum.
+# are invoked here are part of Puma's configuration DSL. For more information
-# Any libraries that use thread pools should be configured to match
+# about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html.
-# the maximum value specified for Puma. Default is set to 5 threads for minimum
-# and maximum; this matches the default thread size of Active Record.
 #
-max_threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }
+# Puma starts a configurable number of processes (workers) and each process
-min_threads_count = ENV.fetch("RAILS_MIN_THREADS") { max_threads_count }
+# serves each request in a thread from an internal thread pool.
-threads min_threads_count, max_threads_count
-
-# Specifies the `worker_timeout` threshold that Puma will use to wait before
-# terminating a worker in development environments.
 #
-worker_timeout 3600 if ENV.fetch("RAILS_ENV", "development") == "development"
+# You can control the number of workers using ENV["WEB_CONCURRENCY"]. You
+# should only set this value when you want to run 2 or more workers. The
+# default is already 1.
+#
+# The ideal number of threads per worker depends both on how much time the
+# application spends waiting for IO operations and on how much you wish to
+# prioritize throughput over latency.
+#
+# As a rule of thumb, increasing the number of threads will increase how much
+# traffic a given process can handle (throughput), but due to CRuby's
+# Global VM Lock (GVL) it has diminishing returns and will degrade the
+# response time (latency) of the application.
+#
+# The default is set to 3 threads as it's deemed a decent compromise between
+# throughput and latency for the average Rails application.
+#
+# Any libraries that use a connection pool or another resource pool should
+# be configured to provide at least as many connections as the number of
+# threads. This includes Active Record's `pool` parameter in `database.yml`.
+threads_count = ENV.fetch("RAILS_MAX_THREADS", 3)
+threads threads_count, threads_count
 
 # Specifies the `port` that Puma will listen on to receive requests; default is 3000.
-#
+port ENV.fetch("PORT", 3000)
-port ENV.fetch("PORT") { 3000 }
-
-# Specifies the `environment` that Puma will run in.
-#
-environment ENV.fetch("RAILS_ENV") { "development" }
-
-# Specifies the `pidfile` that Puma will use.
-pidfile ENV.fetch("PIDFILE") { "tmp/pids/server.pid" }
-
-# Specifies the number of `workers` to boot in clustered mode.
-# Workers are forked web server processes. If using threads and workers together
-# the concurrency of the application would be max `threads` * `workers`.
-# Workers do not work on JRuby or Windows (both of which do not support
-# processes).
-#
-# workers ENV.fetch("WEB_CONCURRENCY") { 2 }
-
-# Use the `preload_app!` method when specifying a `workers` number.
-# This directive tells Puma to first boot the application and load code
-# before forking the application. This takes advantage of Copy On Write
-# process behavior so workers use less memory.
-#
-# preload_app!
 
 # Allow puma to be restarted by `bin/rails restart` command.
 plugin :tmp_restart
+
+# Run the Solid Queue supervisor inside of Puma for single-server deployments
+plugin :solid_queue if ENV["SOLID_QUEUE_IN_PUMA"]
+
+# Specify the PID file. Defaults to tmp/pids/server.pid in development.
+# In other environments, only set the PID file if requested.
+pidfile ENV["PIDFILE"] if ENV["PIDFILE"]
+
 bind 'tcp://0.0.0.0:3000'