Upgrade to Rails 4.1

[shippy]

With 19 security risks according to Gemnasium, updating to the newest stable version of Rails (4.1) seems imperative. While absent in client negotiations, this should be a top priority after 3.3.0.

The good news is that by all counts, the process is not nearly as strenuous as the Rails 2 -> Rails 3 update.

Resources

• Andy Lindeman has released his Upgrading to Rails 4 book as open-source; it seems quite comprehensive and well-acclaimed.
• The official RoR guide to upgrading

Preparation

Ruby >= 1.9.3

Upgrade to Rails 4 is possible on our current Ruby version; after #535 is merged into development, we should be golden.

Testing coverage

All guides concur that testing coverage should be as complete as possible. This means that #403, #404, #416 and #577 should be prerequisites for the upgrade.

Gems

According to [http://www.ready4rails4.net/gemfile_check/new], only CanCan is definitely not ready for Rails 4 (as of 4 months ago); the status of rdoc, rubycas-client-rails, net-ldap, permanent_records, jquery_datepicker, spinjs-rails, fuubar, yajl-ruby, pry-stack_explorer, pry-remote, and letter_opener_web is unknown to the site. That said, CanCan has been continued as CanCanCan and should be backwards-compatible; also, the latest CanCan version reportedly works if StrongParameters are not used and the protected_attributes gem is installed (which is what we should do at the start, anyway).

Tools

• rails4-upgrade gem by Andy Lindeman should be helpful.

Relevant Changes / Deprecations

Relevant as in "Reservations uses some of the features that are newly deprecated".

Relevant and action required

• Models: attr_* extracted into the (protected_attributes gem)[https://github.com/rails/protected_attributes]; the suggested default now is Strong Parameters, although the two reportedly don't mix well.
• Routes: match with unspecified via: is no longer supported. We have at least four such routes.

Relevant and won't affect us

• Recommended use of PATCH instead of PUT verb
• .update_attributes -> .update
• Scopes should now take lambda/proc as second argument

Relevant for the future

• The new mechanics of .includes(:resource) will be useful to know for addressing speed concerns / N+1 queries in Speed-testing #574.
• turbolinks will probably break our JS, unless we take care to prevent it (i.e. install jquery.turbolinks?)
• :controller/(de)?activate will now be able to be refactored into a route concern

Unaddressed in this post

• Investigations of all gems
• Necessary config changes
• Deployment issues

[squidgetx]

• Upgrading all gems, including replacing cancan with cancancan and active_admin with rails_admin
• jQuery_datepicker is not ready for Rails 4. Commenting out relevant lines in views in annoucements/form and blackouts/form. Options: regular jQuery like that which is used in the cart dates. Or jquery datetimepicker which seems more up-to-date
• Setting up a test environment with spring and guard (http://girders.org/blog/2014/02/06/setup-rails-41-spring-rspec-and-guard/)
• Session store has been moved to gem
• Deactivation needs to be moved to each of its own controllers. Commenting out the route for now
• Looks like its was deprecated, adding a gem for now
• render_views isn't working in rspec 3.0.2??? Fixed by adding a line to spec_helper.rb
• LOL The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use \A and \z, or forgot to add the :multiline => true option? (ArgumentError) in models/appconfig
• WARNING: db:test:prepare is deprecated. The Rails test helper now maintains your test schema automatically, see the release notes for details.
• Scopes always require lambda as a second argument
• SPECS ACTUALLY RUN! of course a majority of them fail haha
• lambdafy all the scopes!
• expected true to respond to true? ARE YOU ACTUALLY SERIOUS
• down from ~400 failing tests to 114
• resetting test db

will update as work continues

[orenyk]

Great! Don't forget to remove Spork as well since we're switching to Spring.

[squidgetx]

• Using the master branch of rubycas client to get CAS auth workin
• Reset bootstrap to original old version, don't want to bother with that right now
• rspec again

Failure/Error: it { should render_template(:action => 'cat_pagination')}
     ArgumentError:
       Unknown key: :action. Valid keys are: :layout, :partial, :locals, :count, :file

Can't figure this one out :(

Every spec in the models/ passes, thankfully

• Upgrading to bootstrap 3, this'll take some work
• Undefined variable: "$dropdownLinkBackgroundHover".
• Gotcha: http://blog.getbootstrap.com/2013/02/07/bootstrap-2-3-released/

[squidgetx]

Okay, I got distracted by bootstrap but I decided to set it aside for another branch since it's way too big of a project to incorporate into the rails 4 PR. The site finally renders with very few display issues and there are only 86 failing tests left to look at.

more notes

• button to function has been deprecated

[orenyk]

Good call, let's try and keep our PR's as focused as possible. Given how many dependencies we might be stressing, I would recommend getting the big Rails 4 upgrade done first so that we can base all of the other work on that foundation rather than potentially uncover / create more dependency issues. Great work though!

[squidgetx]

0 failures on development locally, though some still fail on travis (grr)

[orenyk]

Amazing! Give Travis an hour or two to catch up :-P