This Week in Rails: 5.1.0.rc1, GSoC and more!

Hello everyone! This is Roque bringing the latest from the last two weeks.

The last couple of weeks have been very busy with the releasing of Rails 5.1.0.rc1 and the starting of Rails 5.2 🎉

Congratulations to all involved!!

Rails 5.1.0.rc1 has been released!

Please check it out and help the community by reporting issues before 5.1 is released.

If you are already using encrypted secrets, make sure to run this script to upgrade your app.

Google Summer of Code 2017

Are you a student, or know someone who would love to contribute to Rails? Our GSoC students application is now open! Check out our ideas page and join us on the mailing list for discussion.

The RailsConf 2017 schedule is live!

Have you also been waiting for this? No more. The schedule is live and looks awesome!

New

Add default option to belongs_to

The :default option adds a before_validation callback that initializes the association with the given lambda’s return value:
belongs_to :person, default: -> {​ Current.person }​

Add support to duplicable Rational and Complex

This is a work ahead of the upcoming Ruby changes.

Fixed

Allow Time#to_time on frozen objects

This fixes an issue with frozen that has been around since Rails 4.

Allow order to be given expressions as hash keys

The Active Record order method is no longer restricted to attribute names. It now accepts expressions like:
Post.order(“LENGTH(title)” => :asc).last

There were many other great pull requests this week from 45 contributors, including 8 first-timers. Thank you all!

Until next week!

Google Summer of Code 2017 Application Period

Want to participate in this year’s Google Summer of Code? Great! The student application period is now open. Be swift, though, as it ends on the 3rd of April.

If you are interested, you can check out the Google Summer of Code FAQ or hit us up on the mailing list if you have any questions.

To apply, head on to the Google Summer of Code website and write us a proposal. You can check out our existing list of ideas, but feel free to pitch one of your own as well. What is a good proposal you may ask? You can see a bunch of accepted proposals on our Google Summer of Code wiki.

Good luck! ✌️

Rails 5.1.0.rc1: Loving JavaScript, System Tests, Encrypted Secrets, and more

We’re happy to announce Rails 5.1.0.rc1 has been released. With the help of the community we polished the Rails 5.1 release with more than 380 commits.

Notably, Stephen Touset helped us up the encryption used for encrypted secrets, so you’ll want to run this script to upgrade your app if you’re already dabbling with the feature. Thanks Stephen!

While we are working to close the last issues, you can check the Rails 5.1 releases notes, or the awesome summary of new features present in the 5.1.0.beta1 blog post.

To view the changes for each gem, please read the changelogs on GitHub:

Basecamp 3 is already running this release candidate in production. Our friends at Heroku prepared the platform that is now fully compatible with all those shiny new features.

As per our maintenance policy, the release of Rails 5.1 will mean that bug fixes will only apply to 5.1.x, regular security issues to 5.1.x and 5.0.x, and severe security issues to 5.1.x, 5.0.x, and 4.2.x. This means 4.x and below will essentially be unsupported!

To try out this new release:

gem install rails -v 5.1.0.rc1

Make sure you are using RubyGems 2.6.11 or later before trying to install a pre release, with:

gem update --system 2.6.11

Thank you to Samuel Giddins for releasing this new version of RubyGems just in time for our release.

Please help us test this release candidate version of Rails. It’s always frustrating when we put a lot of work into a new release, betas, release candidates, and then get people report all sorts of issues on week one of the final release. This is an incremental upgrade to Rails 5.0. Please do your community duty and help us land a solid 5.1 without needing an immediate 5.1.1.

Thank you!

This Week in Rails: looots of fixes after the release and more.

Hello!

This is Vipul reporting from Delhi today, on this colourful Holi weekend 💥
 
Lets take a look at what’s the latest news from the world of Ruby on Rails !
So many fixes and much more.

Google Summer of Code 2017

We’re very happy to announce that Ruby on Rails has been accepted as an organization for the Google Summer of Code (GSoC) 2017 edition!

Fixed

Make sure local cache is cleared even if it’s throwing error

When an error was thrown from the middleware chain, it was sometimes not getting caught by LocalCache::Middleware.

This change, makes sure that we safely catch the errors and local cache is successfully cleared.

Fix rake db:schema:load with subdirectories

Previously db:schema:load didn’t work with migrations based out of subdirectories.

This change starts using Migrator.migration_files in assume_migrated_upto_version to fix the issue.

Fix malformed asset_url in ActionController::Renderer

This change fixes an issue with malformed asset_url when rendering a template with ActionController::Renderer.

Fix select with block doesn’t return newly built records in has_many association

The select method in QueryMethods is also an enumerable method. Ideally, enumerable methods with block should delegate to records on CollectionProxy and not the scope.

This change fixes this behaviour that select with block doesn’t return newly built records in has_many association.

Update titlelize regex to allow apostrophes

In a previous fix the regex in titlelize was updated to not match apostrophes to better reflect the nature of the transformation.

Unfortunately this had the side effect of breaking capitalization on the first word of a sub-string, eg:

>> "This was 'fake news'".titleize
=> "This Was 'fake News'"

This change fixes this behaviour by extending the look-behind to check for word character apart from an apostrophe.

Fix deserialize with JSON array

JSON array data was being returned in a stringified form, due to broken deserialization.

This change fixes deserialization behaviour.

Deprecated

Deprecate Migrator.schema_migrations_table_name

SchemaMigration model was extracted and SchemaMigration.table_name was being used instead in places where Migrator.schema_migrations_table_name was being used previously.

Migrator.schema_migrations_table_name is now deprecated in favour of SchemaMigration.table_name.

Improved

Added reverse_merge/reverse_merge! to AC::Parameters

This change adds the reverse_merge and reverse_merge! methods to ActionController::Parameters, similar to their corresponding Hash methods.

Do not take screenshot if driver does not support screenshot

Capybara::RackTest::Driver does not support taking screenshots. If we call #save_screenshot on Capybara::RackTest::Driver , it will raise an error.

To prevent errors, if a driver in Systems test does not support screenshot, we do not call it after this change.

There were many other great pull requests this week from 20 contributors, including 4 first-timers. Thank you all!

Outside of code changes, we had many more good news this and the previous week.

Until next week!

This Week in Rails: 5.0.2 released, stronger Encrypted Secrets and more

Hello!

It’s Claudio from sunny Los Angeles bringing you the latest news from the world of Ruby on Rails. So many improvements this week so… let’s get to it!

Rails 5.0.2 has been released!

Go on and update your Rails 5 app to the latest release!
v5.0.2 is fully backward-compatible with v5.0.1 and v5.0.0.

Google Summer of Code 2017

We’re very happy to announce that Ruby on Rails has been accepted as an organization for the Google Summer of Code (GSoC) 2017 edition!

Improved

Update secrets to use modern crypto

As announced last week, Rails 5.1 will include encrypted secrets. Thanks to this PR, the secrets will use a stronger cryptographic algorithm for enhanced security.

New

Add iso8601 and rfc3339 parsing to timezones

ActiveSupport::TimeZone now has a new rfc3339 method to get an RFC 3339 timestamp in a specific time zone.

Use webpacker 1.0 in new applications

In case you missed it, rails/webpacker is out of beta development and has recently released v1.0.

Fixed

Only load SystemTestCase if Puma is defined

System test cases (Capybara) are one of the new features in Rails 5.1. Since they only support Puma, they are skipped if Puma is not present.

Do not evaluate :if arguments when :on is not satisfied for transaction callbacks

Understanding when callbacks are run can be tricky. This PR smartly avoids running them as soon as one of the preconditions is not met.

Update DateTime#change to support usec and nsec

If you need to change a timestamp by a matter of microseconds and nanoseconds, now you can do it!

Deprecated

Soft-deprecate the HashWithIndifferentAccess constant

If you use HashWithIndifferentAccess in your code, you might want to look at using ActiveSupport::HashWithIndifferentAccess  instead.

Deprecate implicit coercion of ActiveSupport::Duration

A snippet of code like 2 * 1.day will display a warning, inviting you not to coerce a Duration into a Numeric since it can be confusing, because adding/subtracting a value from a date treats integers as a day and not a second.

There were many other great pull requests this week from 35 contributors, including 12 first-timers. Thank you all!

Outside of code changes, we had many more good news this week.

Until next week!

Google Summer of Code 2017

We’re very happy to announce that Ruby on Rails has been accepted as an organization for the Google Summer of Code (GSoC) 2017 edition!

The GSoC is a program proposed by Google that allows college students (who are at least 18 years old) to contribute to open source projects during the summer (from May 30 to August 21) and get paid for that!

Rails has already participated in the past and many different projects have been achieved through this program and are now invaluable in the framework’s ecosystem like the web console, the RubyBench site or the rails-ujs project.

Students need to propose an idea that will improve the project they are willing to work on and eventually the different steps that will be tackled to achieve it. Throughout the process, students are guided by one or several mentors. Mentors are here to make sure that students go in the right direction and help them if they stumble against problems.

This can be a very interesting and rewarding experience for students as they can learn a lot from more experienced developers and it’s an easy way to get involved in the open source world.

A list of possible ideas is already available if you want to work on Ruby on Rails this summer but feel free to propose your own if you want to work on something different and you still think it can be valuable for the project.

If you are interested in getting involved, please join the mailing list and let us know what you would like to work on. Thus, you can get early feedback and avoid going in the wrong direction or putting too much effort in a project that may not be accepted.

Student applications will be open on March 20 and will end on April 3. Make sure to keep an eye on the timeline if you are willing to participate to this program. You can find the application template on our wiki.

If you are not a student, you can still get involved by participating on the mailing list or by applying as a mentor!

As a side note, a similar project is available and is aiming at getting more women involved in the open source world: Rails Girls Summer of Code. Unlike GSoC, this project is exclusively about Ruby on Rails, it’s not restricted to students and there are no age limitations. Applications are open and will close very soon though, on March 8.

Useful resources:

[ANN] Rails 5.0.2 has been released!

Hi everyone,

I am happy to announce that Rails 5.0.2 has been released.

CHANGES since 5.0.1

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-256

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-256 hashes.

Here are the checksums for 5.0.2:

$ shasum -a 256 *-5.0.2.gem
bec943d44cc3c91b1be7ed9dd0a750e89668035089905f8b357eafb7019402e0  actioncable-5.0.2.gem
4b1d4e08d911a410c6ef0314ca897a1e73abb8757707cc9f0766edc6a4c47e92  actionmailer-5.0.2.gem
9761c35da0cd2c2057fab74c2b4f27a748deb8e848c8db1eed0a078c43a31bce  actionpack-5.0.2.gem
002b3c3b858b0748a73ebcb6f8fcdec24b5ccda948646261530ff028ded43365  actionview-5.0.2.gem
6da5f44958fc83f8c10dfa03d22b067ffc3b1032e3a881a282d786396ded00bc  activejob-5.0.2.gem
9c927aa343b7e32ea87a8d7cf9acde0291de219af86d7ed38ae4733d8a19c06c  activemodel-5.0.2.gem
6070757a7816b6676568a7d6c6e160ae8cd9a1b93f45fe3ce03d21f35c3accc7  activerecord-5.0.2.gem
e02921c1a516af2f6ab492af483e0c6aab113b9535a3fd86e901efaa843b72b5  activesupport-5.0.2.gem
49c6c350286e2f177df5c2214f9668f0866d87411ab5a63e051e25eb64453f70  rails-5.0.2.gem
45f7a574e8f1c6dcc6c91ed6c6f42894b3d8abc132f4a5cff0148e6a18fa8d5a  railties-5.0.2.gem

As always, huge thanks to the many contributors who helped with this release.

[ANN] Rails 5.0.2.rc1 has been released!

Hi everyone,

I am happy to announce that Rails 5.0.2.rc1 has been released.

If no regressions are found, expect the final release on Wednesday, March 1, 2017. If you find one, please open an issue on GitHub and mention me (@rafaelfranca) on it, so that we can fix it before the final release.

CHANGES since 5.0.1

To view the changes for each gem, please read the changelogs on GitHub:

Full listing

To see the full list of changes, check out all the commits on GitHub.

SHA-256

If you’d like to verify that your gem is the same as the one I’ve uploaded, please use these SHA-256 hashes.

Here are the checksums for 5.0.2.rc1:

$ shasum -a 256 *-5.0.2.rc1.gem
89e447f43e924c465d4bc19efe333e67966daddb3d163cf6cf9b324578628811  actioncable-5.0.2.rc1.gem
56621e6cea32533f15ae0abab1c3a385c4f0b92f3eab2f3e6e6a292f41a3d8f4  actionmailer-5.0.2.rc1.gem
deacc6b0c965d73adf2259fca2d2e81dd27ed81402e742fd6b70210b6970dd0c  actionpack-5.0.2.rc1.gem
f0e55b9cc876f55dd4d1585a65db8f4b15b3e90ad4e65cc1f3e2dfe893da4460  actionview-5.0.2.rc1.gem
23ffc888458274eb251b181d9a8457f8aea2ee1307815809c5fa087f016cc2ea  activejob-5.0.2.rc1.gem
b56723d63d8cb5bea72318162a97c6b9062ced57f784252434a562b964eebeb5  activemodel-5.0.2.rc1.gem
e5821ea73f6ad65c5f26c236fec5bd443f962b8f6caa22b277fc2654c0cbf137  activerecord-5.0.2.rc1.gem
e35c127ae13bb87f10ef2e39661586103619e963b9135f66bfa076a9378fa222  activesupport-5.0.2.rc1.gem
a7e221850b4ba50150d814c12750b559b2bf20c164cad3f647e8c7b41da267ed  rails-5.0.2.rc1.gem
e14777d86c544f7c368f02b8e6d805cdc3bd62c40245ddb4c0f438220437e73a  railties-5.0.2.rc1.gem

As always, huge thanks to the many contributors who helped with this release.

This Week in Rails: 5.1.0.beta1 release, Encrypted Secrets, System Tests and more!

Hi everyone,

Greg here with the latest from the world of Rails. It was a busy week with new releases and many improvements!

New Rails releases

The first beta release for 5.1.0 is out with some love towards JavaScript, System Tests, Encrypted Secrets and more!
There is also a new stable release for 4.2.8 and a release candidate for 5.0.2

Eileen joins Rails core

We’re proud to welcome Eileen M. Uchitelle to Rails core!

This week’s Rails Contributors

33 developers contributed to Rails this week. If you want to be part of this team, look at the issues list and make a contribution!

New

Custom url helpers and polymorphic mapping

This pull request introduces support for custom url helpers and defining custom polymorphic mappings in routes.rb

Capybara Integration with Rails (AKA System Tests)

Rails has a built in integration with Capybara now which makes writing system tests easier, since all the setup is handled by Rails. For more details read the write-up on the pull request.

Encrypted secrets support

Rails introduces secrets encryption which is inspired by the Sekrets gem.
It worth noting here that, some improvements to the crypto is on the way too.

Improved

Include JobID in all Active Job info logs

Earlier the JobID wasn’t logged when a job started or ended performing, but that’s not the case anymore, making debugging of job related issues easier.

From now on ActiveSupport::Gzip.decompress checks the CRC in the gzip footer.

Allow 3-level configs to group database connections by environment

If you have multiple database connection per environment, you can group your config by the environment. Check this comment for an example.

Delegate to scope rather than merge! for collection proxy

A performance improvement by not using merge! when it is not necessary.

Fixed

Preload to_datetime before freezing a TimeWithZone instance

After freezing an ActiveSupport::TimeWithZone instance, it is not possible to call to_datetime because the value is cached in an instance variable. To avoid this issue, the instance variable is preloaded before the freeze occurs.

HashWithIndifferentAccess#compat nil issue fix

HashWithIndifferentAccess#compact returned nil earlier when the hash didn’t contain nil values in it. This PR fixed the problem.

Deprecated

Deprecate using quoted_id in quoting / type casting

Originally quoted_id was used in legacy quoting mechanism. Now we use type casting mechanism for that hence quoted_id is deprecated.

That’s it from This Week in Rails. There were many other great contributions, too numerous to list here, but feel free to check them out

Until next week 👣

Rails 5.1.0.beta1: Loving JavaScript, System Tests, Encrypted Secrets, and more

Rails 5.0 was released just some eight months ago, and now, some 3500 commits later, we’re already close to the next big release. And what release this version 5.1 is lining up to be! We’ve made great strides on long-term promises and key ergonomics while also spring cleaning a bunch of deprecated code.

Let me walk you through the highlight reel:

Loving JavaScript

We’ve had a stormy, perhaps even contentious, relationship with JavaScript over the years. But that time is past. JavaScript has improved immensely over the past few years, particularly with the advent of ES6, and with package and compilation tools like Yarn and Webpack. Rails is embracing both of these solutions with open arms and letting whatever past water flow under the bridge.

JavaScript and Ruby share a deep philosophical bond over language design, if not ecosystem management. Let’s focus on the aspects we have in common and help Rails programmers extract the best from JavaScript with the help of some key guiding conventions.

The improvements in Rails 5.1 focus on three major parts:

  1. Manage JavaScript dependencies from NPM via Yarn. Think of Yarn like Bundler for JavaScript (it even has Yehuda Katz involved!). This makes it easy to depend on libraries like React or anything else from NPM. Everything you depend on via Yarn is then made available to be required in the asset pipeline, just like vendored dependencies would have been. Just use the binstub bin/yarn to add dependencies.

  2. Optionally compile JavaScript with Webpack. While there are a million different module bundlers/compilers for JavaScript, Webpack is quickly emerging as the preeminent choice. We’ve made it easy to use Webpack with Rails through the new Webpacker gem that you can configure automatically on new projects with --webpack. This is fully compatible with the asset pipeline, which you can continue to use for images, fonts, sounds, whatever. You can even have some JavaScript on the asset pipeline and some done via Webpack. It’s all managed via Yarn that’s on by default.

  3. Drop jQuery as a default dependency. We used to require jQuery in order to provide features like data-remote, data-confirm, and the other parts of Rails UJS. This dependency is no longer necessary as we’ve rewritten rails-ujs to use vanilla JavaScript. You’re of course still free to use jQuery, but you no longer have to.

Thanks to Liceth Ovalles for her work on Yarn integration, Dangyi Liu for his work on rails-ujs, and Guillermo Iguaran for chaperoning the whole thing!

System tests

In my 2014 keynote at RailsConf, I spoke at length about how an over focus on unit tests (and TDD) has lead us astray. While unit tests are part of a complete testing solution, they’re not the most important one. Integration tests that verify behavior all the way from controllers through models and views should play a much bigger part. Rails already has a great answer for these baked in.

But integration tests do not help you test the entire system, if that system relies on JavaScript. And most major web systems today rely at least to some extent on JavaScript. That’s where system tests driven by a real browser come in.

There’s long been an answer for system tests like this in Ruby called Capybara. It’s just been kind of a journey to configure properly for Rails. So now we’ve baked them straight into the framework! You get a lovely wrapping of Capybara that’s preconfigured for Chrome and enhanced to provide failure screenshots as part of Action Dispatch. You also don’t have to worry about extra database cleanup strategies anymore because the baked in transactional tests now rollback system test changes.

These tests are not without trade-offs. It’s of course still slower to run through a whole browser setup than just test a model with a stubbed out database. But it also tests so much more. You’d do well to familiarize yourself with system tests and have them as part of your testing answer.

Thanks to Eileen M. Uchitelle for her work extracting this from Basecamp!

Encrypted secrets

If you’re checking production passwords, API keys, and other secrets undisguised into your revision control system, you’re doing it wrong. That’s not safe and you should stop it! Now that’s an easy prescription, but without a coherent answer to what you should do instead, it’s also not that helpful.

People have long been loading up the ENV to store these secrets or used a variety of other solutions. There are all sorts of trade-offs and drawbacks to the ENV-model, not least of which that you still need to store those secrets for real somewhere else.

Inspired by Ara T. Howard’s sekrets gem, we’ve built encrypted secrets management into Rails 5.1. You can setup a new encrypted secrets file with bin/rails secrets:setup. That’ll generate a master key you’ll store outside of the repository, but allow you to commit the actual production secrets to your revision control. They’re then decrypted in production either through an injected key file or through RAILS_MASTER_KEY in the ENV.

Thank you to Kasper Timm Hansen for the work on this and Ara for the inspiration!

Parameterized mailers

Action Mailer is modeled on Action Controller. It shares underpinnings through Abstract Controller, but it’s long been disadvantaged from its controller cousin in the way it can share logic between actions.

In Action Controller, it’s common to use before_action and similar callbacks to extract logic that applies to multiple actions. This is doable because the params hash is available before the action is invoked. But in Action Mailer, we’ve been using regular method signatures with explicit arguments, so those arguments haven’t been available to filters that run before the actions.

With Parameterized Mailers, we now give you the option of calling mailers with parameters that, like in controllers, are available before the action is invoked. This combines with the default to/from/reply_to headers to dramatically DRY-up some mailer actions.

It’s completely backwards compatible and you can convert just the mailers that stand to gain the most from extraction first.

Direct & resolved routes

We have a lovely, simple API for declaring new resource routes. But if you’d like to add new programmatic routes that has logic determining the final destination based on the parameters, well, you’d have to row your own boat with helpers and other messy approaches.

With directed routes, you can now declare programmatic routes that have the full power of Ruby to do different things depending on the parameters passed.

With resolved routes, you can reprogram the polymorphic look-up for models based straight to compatible methods. So this allow you to turn link_to @comment into a final route like message_path(@comment.parent, anchor: "comment_#{@comment.id}").

Thank you to Andrew White for making all this work!

Unify form_tag/form_for with form_with

We’ve long had two parallel structures for creating forms. Those that were based off records through form_for, where we used convention over configuration to extract the details, and manually configured ones using form_tag. Now we’ve unified these two hierarchies with form_with. A single root tree that you can configure through an inferred record or manually. It’s much nicer and simpler.

Thanks to Kasper Timm Hansen for this one too!

Everything else

In addition to the highlight reel, we have hundreds of other fixes and improvements across all the frameworks. Please peruse the CHANGELOGs to acquaint yourself with all the goodies:

Your release manager for Rails 5.1 is Rafael França. He’ll be chaperoning us through the betas, release candidates, and onto the final release in advance of RailsConf 2017.

As per our maintenance policy, the release of Rails 5.1 will mean that bug fixes will only apply to 5.1.x, regular security issues to 5.1.x and 5.0.x, and severe security issues to 5.1.x, 5.0.x, and 4.2.x. This means 4.x and below will essentially be unsupported!

Please help us test this beta version of Rails. It’s always frustrating when we put a lot of work into a new release, betas, release candidates, and then get people report all sorts of issues on week one of the final release. Basecamp 3 is already running this beta in production. This is an incremental upgrade to Rails 5.0. Please do your community duty and help us land a solid 5.1 without needing an immediate 5.1.1. Thank you! Gracias! Merci! TAK!