Merge pull request #3309 from DMPRoadmap/development

v4.1.0 - release candidate

.github/workflows/eslint.yml

@@ -15,6 +15,7 @@ jobs:
     - uses: actions/setup-node@v2
       with:
         cache: 'yarn'
+        node-version: 16
 
     # Run yarn install for JS dependencies
     - name: 'Yarn Install'

.github/workflows/mysql.yml

@@ -19,14 +19,15 @@ jobs:
     # Install Ruby and run bundler
     - uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.7.6
+        ruby-version: '3.0'
         bundler-cache: true
-
+    
     # Install Node
     - uses: actions/setup-node@v3
       with:
         node-version: '16.6.0'
         cache: 'yarn'
+        node-version: 16
 
     # Copy all of the example configs over
     - name: 'Setup the application'

.github/workflows/postgres.yml

@@ -35,14 +35,18 @@ jobs:
     # Install Ruby and run bundler
     - uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.7.6
+        ruby-version: '3.0'
         bundler-cache: true
-
+
+    ## - run: echo 'NODE_OPTIONS="--openssl-legacy-provider"' >> $GITHUB_ENV 
+    ## /home/runner/runners/2.301.1/externals/node12/bin/node: --openssl-legacy-provider is not allowed in NODE_OPTIONS
+
     # Install Node
     - uses: actions/setup-node@v3
       with:
         node-version: '16.6.0'
         cache: 'yarn'
+        node-version: 16
 
     # Install the Postgres developer packages
     - name: 'Install Postgresql Packages'

.github/workflows/rubocop.yml

@@ -13,7 +13,7 @@ jobs:
     # Install Ruby and run bundler
     - uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.7.6
+        ruby-version: '3.0'
         bundler-cache: true
 
     # Run the Rubocop linter checks

.gitignore

@@ -112,6 +112,8 @@ yarn-debug.log*
 /yarn-error.log
 yarn-debug.log*
 .yarn-integrity
+/app/assets/builds/*
+!/app/assets/builds/.keep
 
 # Ignore briley AWS cloud9 script to start the application
-cloud9-start.sh
+cloud9-start.sh

.rubocop.yml

@@ -23,6 +23,11 @@
 #
 # Try to place any new Cops under their relevant section and in alphabetical order
 
+require:
+#   - rubocop-rails
+#   - rubocop-rspec
+  - rubocop-performance
+
 AllCops:
   # Show the name of the cops being voilated in the feedback
   DisplayCopNames: true
@@ -104,6 +109,12 @@ Lint/UnexpectedBlockArity: # new in 1.5
   Enabled: true
 Lint/UnmodifiedReduceAccumulator: # new in 1.1
   Enabled: true
+Lint/Debugger: # new in 1.45.0
+  Description: 'Check for debugger calls.'
+  Enabled: true
+  Exclude:
+    - 'lib/tasks/**/*'
+
 
 # -----------
 # - METRICS -

CHANGELOG.md

@@ -1,13 +1,95 @@
 # Changelog
 
-### Added
+## v4.1.0
+
+**Note this upgrade is a migration from Ruby v2.7.6 to v3.0.5.** Note that this could have an impact on any customizations you may have made to your fork of this project. Please see https://www.fastruby.io/blog/ruby/upgrades/upgrade-ruby-from-2.7-to-3.0.html for further information on what to check. In particular, please note the changes to the way [Ruby 3 handles keyword arguments](https://www.ruby-lang.org/en/news/2019/12/12/separation-of-positional-and-keyword-arguments-in-ruby-3-0/)
+
+**Note that the Webpacker gem has been removed in favor of jsbundling-rails.** This was done in preparation for the future migration to Rails 7. See [issue #3185](https://github.com/DMPRoadmap/roadmap/issues/3185) for more details on this change. If, after migrating to this version, you see 'Sprockets' related errors in your application you will need to rebuild you asset library. To do this run `bin/rails assets:clobber && bin/rails assets:precompile` from the project directory.
+
+All gem and JS dependencies were also updated via `bundle update && yarn upgrade`
+
+### Upgrade to Ruby 3
+
+- Upgrade to Ruby version 3.0.5 [#3225](https://github.com/DMPRoadmap/roadmap/issues/3225)
+- Bumped all Github actions to use ruby 3.0
+- Removed `.freeze` from Regex and Range constants since those types are already immutable
+- Fixed Rubocop complaint about redundancy of `r.nil? ? nil : r.user`, so changed it to `r&.user` in `app/models/plan.rb`
+- Fixed Rubocop complaint about redundant `::` in config.log_formatter = `::Logger::Formatter.new` in `config/environments/production.rb`
+- Froze `lib/deprecators/*.rb` constants that were Strings
+- Updated places that were incorrectly using keyword args. See [this article](https://makandracards.com/makandra/496481-changes-to-positional-and-keyword-args-in-ruby-3-0) for an overview
+
+#### Upgraded TinyMCE to v6
+
+- Upgraded TinyMCE to v6 (v5 EOL is April 20 2023)
+- Adjusted JS code to conform to new TinyMCE version
+- Adjusted views to work with the new version
+- Updated variables.scss file to fix issue with button text/background color contrast
+- Updated blocks/_tables.scss to fix issue with dropdown menu overlap against table
+- updated config/initializers/assets.rb to copy over the tinymce skins and bootstrap glyphicons to the public directory so that they are accessible by TinyMCE and Bootstrap code
+
+#### Removed webpacker gem
+
+As Webpacker is no longer maintained by the Rails community, we have replaced it by `jsbundling-rails` and `cssbundling-rails` for the Javascript & CSS compilation.
+
+- Removed `webpacker` gem
+- Added `jsbundling-rails`
+- Updated webpack and its configuration to V5
+- Moved `app/javascript/packs/application.js` to `app/javascript/application.js`
+- Removed `ruby-sass` gem
+- Added `cssbundling-rails` gem and DartSass JS library
+- Updated SASS stylesheets following the migration to the latest version of the `sass` package (See below).
+- Removed `font-awesome-sass` gem and used `@fortawesome/fontawesome-free` npm package
+- Issue with `@import 'font-awesome-sprockets';` line in `app/assets/stylesheets/application.scss`. Removed that line after referring to the latest font-awesome install/setup guide which no longer includes it.
+
+With the removal of Webpacker, the Javascript/SASS code is no longer automaticaly compiled when using the `rails server` command. It has been replaced by the `bin/dev` command that launch the rails server and the processes that watch for changes in the SASS and Javascript code.
+
+#### SASS update : removal of the `@import` keyword
 
+With the removal of the webpacker gem, the DartSass package has been installed to ensure the compilation of the Sass stylesheet and with it, an update to the Sass version used by the code :
+- `@import` keyword for custom stylesheets has been removed (although we can still import stylesheets from externals packages) and has been replaced by `@use` and `@forward`
+- An `_index.scss` file have to be created in folders containing multiple sass files. Each file have to be included in the index with the `@use` or `@forward` keyword.
+- In most cases `@import` can be replaced by `@use` when importing a file.
+- `@forward` makes mixins, functions and variables available when a stylesheet is loaded.
+- When imported, Sass variables are now namespaced with the file name in which they are declared (ex : `color: colors.$red`). A namespace can be renamed (ex : `@use "colours" as c;`) or removed when included (ex : `@use "colours" as *;`)
+- Sass variables are no longer declared globally and have to be included in files where they are used.
+For more detailed explanation, please refer to this video : https://www.youtube.com/watch?v=CR-a8upNjJ0
+
+### Introduction of RackAttack
+[Rack Attack](https://github.com/rack/rack-attack) is middleware that can be used to help protect the application from malicious activity. You can establish white/black lists for specific IP addresses and also define rate limits.
+
+- Using Rack-attack address vulnerabilities pointed out in password reset and login: there was no request rate limit.[#3214](https://github.com/DMPRoadmap/roadmap/issues/3214)
+
+### Cleanup of Capybara configuration
+- Cleaned up Gemfile by:
+  - removing gems that were already commented out
+  - removed selenium-webdriver and capybara-webmock
+  - removing version restrictions on: danger, font-awesome-sass, webdrivers
+- Cleaned up `spec/rails_helper.rb` and `spec/spec_helper.rb`
+- Simplified the `spec/support/capybara.rb` helper to work with the latest version of Capybara and use its built in headless Chrome driver
+
+### Rubocop updates
+- Installed rubocop-performance gem and made suggested changes
+- Added lib tasks as exclusive from debugger rubocop check after rubocop upgrading to >= v1.45 [#3291](https://github.com/DMPRoadmap/roadmap/issues/3291)
+
+### GitHub actions updates
+- Added node version specification (v16) to eslint, PostgreSQL and MySQL github action to eliminate `digital routine enveloped` error [#319](https://github.com/portagenetwork/roadmap/issues/319)
+
+### Enhancements
+- Added enum to the funding status attribute of plan model to make the dropdown of 'funding status' being translatable
+- Allow users to download both single phase and  in PDF, TEXT and DOCX format. CSV file can only download single phase instead of all phases.
+
+### Bug Fixes
+
+## v4.0.2
+
+### Added
 - Added CHANGELOG.md and Danger Github Action [#3257](https://github.com/DMPRoadmap/roadmap/issues/3257)
 - Added validation with custom error message in research_output.rb to ensure a user does not enter a very large value as 'Anticipated file size'. [#3161](https://github.com/DMPRoadmap/roadmap/issues/3161)
 - Added popover for org profile page and added explanation for public plan
 
-### Fixed
+ - Added rack-attack version 6.6.1 gem. https://rubygems.org/gems/rack-attack/versions/6.6.1
 
+### Fixed
 - Fixed an issue that was preventing uses from leaving the research output byte_size field blank
 - Patched issue that was causing template visibility to default to organizationally visible after saving
 - Froze mail gem version [#3254](https://github.com/DMPRoadmap/roadmap/issues/3254)

Gemfile

@@ -2,7 +2,7 @@
 
 source 'https://rubygems.org'
 
-ruby '>= 2.7'
+ruby '>= 3.0'
 
 # ===========#
 # CORE RAILS #
@@ -17,19 +17,16 @@ gem 'rails', '~> 6.1'
 #       Analysis of the issue: https://www.theregister.com/2021/03/25/ruby_rails_code/
 gem 'mimemagic'
 
-# Use sqlite3 as the database for Active Record
-# gem 'sqlite3', '~> 1.4'
-
 # Use Puma as the app server
 gem 'puma', group: :puma, require: false
 
-# Use SCSS for stylesheets
-# TODO : might need to move to cssbundling-rails
-# SEE: https://dev.to/kolide/how-to-migrate-a-rails-6-app-from-sass-rails-to-cssbundling-rails-4l41
-gem 'sass-rails'
+# Use esbuild, rollup.js, or Webpack to bundle your JavaScript, then deliver it via the asset pipeline in Rails
+# Read more: https://github.com/rails/jsbundling-rails
+gem 'jsbundling-rails'
 
-# Transpile app-like JavaScript. Read more: https://github.com/rails/webpacker
-gem 'webpacker'
+# Use Tailwind CSS, Bootstrap, Bulma, PostCSS, or Dart Sass to bundle and process your CSS
+# Read more: https://github.com/rails/cssbundling-rails
+gem 'cssbundling-rails'
 
 # Turbo gives you the speed of a single-page web application without having to write any JavaScript..
 # Read more: https://github.com/hotwired/turbo-rails
@@ -50,14 +47,6 @@ gem 'jbuilder'
 # Reduces boot times through caching; required in config/boot.rb
 gem 'bootsnap', require: false
 
-# GEMS ADDED TO HELP HANDLE RAILS MIGRATION FROM 3.x to 4.2
-# THESE GEMS HELP SUPPORT DEPRACATED FUNCTIONALITY AND WILL LOSE SUPPORT IN
-# FUTURE VERSIONS WE SHOULD CONSIDER BRINGING THE CODE UP TO DATE INSTEAD
-
-# A set of Rails responders to dry up your application
-# (http://github.com/plataformatec/responders)
-# gem "responders"
-
 # ============== #
 # ERROR HANDLING #
 # ============== #
@@ -119,6 +108,9 @@ gem 'jwt'
 # OO authorization for Rails (https://github.com/elabs/pundit)
 gem 'pundit'
 
+# Gem for throttling malicious attacks
+gem 'rack-attack', '~> 6.6', '>= 6.6.1'
+
 # ========== #
 # UI / VIEWS #
 # ========== #
@@ -161,23 +153,10 @@ gem 'api-pagination'
 # STYLESHEETS #
 # =========== #
 
-# Integrate SassC-Ruby into Rails. (https://github.com/sass/sassc-rails)
-gem 'sassc-rails'
-
-# Font-Awesome SASS (https://github.com/FortAwesome/font-awesome-sass)
-gem 'font-awesome-sass', '~> 5'
-
-# Use webpack to manage app-like JavaScript modules in Rails
-# (https://github.com/rails/webpacker)
-# gem "webpacker"
-
 # Parse CSS and add vendor prefixes to CSS rules using values from the Can
 # I Use website. (https://github.com/ai/autoprefixer-rails)
 gem 'autoprefixer-rails'
 
-# Minimal embedded v8 for Ruby (https://github.com/discourse/mini_racer)
-# gem "mini_racer"
-
 # ========= #
 # EXPORTING #
 # ========= #
@@ -250,18 +229,10 @@ group :test do
   # Guard keeps an eye on your file modifications (https://github.com/guard/guard)
   gem 'guard'
 
-  # Guard gem for RSpec (https://github.com/guard/guard-rspec)
-  # gem 'guard-rspec'
-
   # Library for stubbing HTTP requests in Ruby.
   # (http://github.com/bblimke/webmock)
   gem 'webmock'
 
-  # Code coverage for Ruby 1.9+ with a powerful configuration library and
-  # automatic merging of coverage across test suites
-  # (http://github.com/colszowka/simplecov)
-  # gem 'simplecov', require: false
-
   # Strategies for cleaning databases.  Can be used to ensure a clean state
   # for testing. (http://github.com/DatabaseCleaner/database_cleaner)
   gem 'database_cleaner', require: false
@@ -275,17 +246,9 @@ group :test do
 
   # Adds support for Capybara system testing and selenium driver
   gem 'capybara'
-  gem 'selenium-webdriver'
-  # Easy installation and use of web drivers to run system tests with browsers
-  gem 'webdrivers', '~> 5.2'
 
-  # Automatically create snapshots when Cucumber steps fail with Capybara
-  # and Rails (http://github.com/mattheworiordan/capybara-screenshot)
-  # gem 'capybara-screenshot'
-
-  # Browser integration tests are expensive. We can mock external requests
-  # in our tests, but once a browser is involved, we lose control.
-  gem 'capybara-webmock'
+  # Easy installation and use of web drivers to run system tests with browsers
+  gem 'webdrivers'
 
   # RSpec::CollectionMatchers lets you express expected outcomes on
   # collections of an object in an example.
@@ -299,7 +262,7 @@ group :test do
   gem 'rails-controller-testing'
 
   # automating code review
-  gem 'danger', '~> 9.0', require: false
+  gem 'danger'
 end
 
 group :ci, :development do
@@ -319,23 +282,8 @@ group :ci, :development do
   # (gettext and rails-i18n)
   gem 'rubocop-i18n'
 
-  # A collection of RuboCop cops to check for performance optimizations in Ruby code.
-  # gem 'rubocop-performance'
-
-  # Automatic Rails code style checking tool. A RuboCop extension focused on enforcing
-  # Rails best practices and coding conventions.
-  # gem 'rubocop-rails'
-
-  # A RuboCop plugin for Rake tasks
-  # gem 'rubocop-rake'
-
-  # Code style checking for RSpec files. A plugin for the RuboCop code style enforcing
-  # & linting tool.
-  # gem 'rubocop-rspec'
-
-  # Thread-safety checks via static analysis. A plugin for the RuboCop code style
-  # enforcing & linting tool.
-  # gem 'rubocop-thread_safety'
+  # Performance checks by Rubocop
+  gem 'rubocop-performance', require: false
 end
 
 group :development do