This chapter introduces some used tools in Rails.
HTML, CSS, JAVASCRIPT
No special mention in this book.
It is desirable to be able to write somewhat without Googling. The frontend in Rails is explained in later chapters.
Development Environment
Docker
Recently, docker is becoming the standard for Rails development.
If you have a docker execution environment, you can build an environment with a single command. Also, since members use the same OS, it is much easier to avoid environment-dependent errors such as bundle install
errors only on certain devices or environments.
I didn't understand the advantages of docker at first, but I came to understand them after joining to some projects. If there are people who feel that "docker is full of errors" or "docker takes a long time to start up and has a little advantages", it is most likely not because of docker itself, but because the docker configuration or usage in the project is not suitable.
docker-compose
Manages multiple docker containers. The basic containers in Rails are the following.
- Rails: Application
- MySQL: RDB
- Redis: For session management
The following containers are likely to be added depending on the feature.
- Selenium: For system specs
- Sidekiq: For background jobs
- MinIO: For Amazon S3 file uploading
- Swagger: For APIs management
Mac / Windows
Mac is the mainstream, in line with the server is linux.
However, with the tools availability such as Docker and WLS2 (and the increase in average PC specs) for windows, it is now possible to create a Linux virtual environment and develop easily.
Personally, I recommend developing on a Mac, because there seems to be more information on Rails for Mac than for Windows but Windows is not a bad choice for your budget.
M1 Mac, M2 Mac
M1 Mac uses a different CPU from Intel and is not good with docker in the following.
- Cannot use chrome's docker image, so difficult to build system spec
yarn install
is slow.
It is not impossible to use it if use FireFox for system spec and yarn install
wont be executed every time.
There is not much information about M2 Mac yet, but note that it may also be incompatible with Docker.
Refactoring
What is refactoring?
Refactoring is that change the code to better without changing its behavior. It may include the table structure changes, and If it is large scale, it should be called replacement.
As a restate, this is my article on basic refactoring.
dev.to - Refactoring Guide for Rails Beginners
DRY / Abstraction
DRY is an abbreviation for "Don't repeat yourself". It's not a problem if you think of them as "refactoring into a small class/method". You don't have to think about something literally difficult like "replace with an abstract entity".
Debugging
rails console
I think Ease of debugging == Executable immediately with rails console
. By using rails console on development, it will be able to easily debug code and get into the habit of creating compact methods.
byebug
The gem byebug
by default will be able to use breakpoints.
A quite good tool for code reading and RSpec debugging. Almost required on Rails development. While it is convenient, the code tends to be larger and more cluttered than using rails console.
web-console
The gem web-console
by default.
If there is a runtime error in the browser, rails console
will be automatically launched at the error code. Almost required.
bullet
The gem bullet
detects N+1.
Since it is difficult to detect N+1 perfectly by oneself, this is highly recommended. Almost required.
scaffold
/ rails generator
File generation commands that reduce copy and paste and enable speedy development.
It is even better if you can use options and customize. When use a frontend framework, it should be customized to generate suitable files if possible.
Some useful git/github commands and usage
It will be assumed that you know basic git commands.
git add --all
as soon as it works
Make it staged
status. This is recommended to reduce the cases like "it worked before, but it doesn't work again".
git add -p
/ git checkout -p
Only selected parts can be add
or checkout
.
git cherry-pick
can pick up commits from other branches to the current to create a clean PR.
git stash
commands.
git stash save --include-untracked
Temporarily saves modifications with comment.git stash show -p -1
Show the latest stashed changes.git stash list
List stashes.git stash apply
Revert latest stashed changes; stash will not be deleted.git stash pop
Revert latest stashed changes; stash will be deleted.
Huge files
Use Git LFS.
There don't seem to be any strict rules, but it is better to use it for files larger than about 10MB.
Secure files
Do not manage with git, but use other way.
hub
commands
Pull Requests can be created with ASSIGNEES, REVIEWERS, and LABELS from the command line, which is faster than creating them on the screen.
Slack / Discord
Slack is recommended if you want to receive github notifications. Since Discord currently does not have keyword notifications, notification customizing is a little difficult.
CI
Github Actions / Circle CI / Jenkins, etc.
If your project is using Github, Github Actions is probably the good choice unless you have any reason. There are a few free slots available and some information is already available (although it is a relatively new service).
Rubocop
The gem rubocop
is a static code analyzer and formatter. This is almost standard in Rails. In addition, rubocop-rspec
can be added rules related RSpec.
It is not necessary to be too strict, but it can be a good opportunity to think of better code by a little strict check. It would be a good idea to start out by making the following rules a little strict, and then loosen them when you feel they are too strict.
- MethodLength
- LineLength
- AbcSize
- CyclomaticComplexity
As an example, I was on a project with a MethodLength
of 5 (i.e., only 5 lines of writing per method). Even then, I obviously thought that 5 was too few, but through that experience I learned how to suitable divide methods.
It is difficult to notice own code improvements without such external pointers. Even if there was a reviewer or mentor, it is difficult to see and point out all, and if rubocop does not point it out, it may end up as no problem.
Automatic fix
rubocop -a
or rubocop -A
will automatically modify the better code. I recommend to use this with RSpec.
Dependabot
It is a Github feature that automatically notifies the gem updates and even creates a PR for your repository will be able to avoid using old version.
Github Blog - Keep all your packages up to date with Dependabot
For minor updates, once you have confirmed that the CI has passed, you can merge it in. It is not guaranteed to work, so you need to check manually to some extent for major updates.
Can use for npm
as well as gem
.
command
@dependabot rebase
or @dependabot recreate
on PR comment.
Redis
It is a KVS (Key-Value Store), which can be thought of as "a tool that is good at storing large data in key/value like json".
It has a variety of uses, but the most common use in Rails is as a session store. It is also used for functions that need to manage large key-value data and for queue management for background jobs.
Deploy
The gem capistrano
is major.
Since There is a lot of information on capistrano, I will not explain it in this book. It is relatively easy to build if you don't try anything difficult.
If you have never done the whole process from rails new
to deployment, you might want to give it a try. You can learn about production environment behavior (such as credentials, building the frontend, caching, and so on). In that case, you might be able to use AWS with a free slot.
Selection criteria for gems and tools
The following criteria would be used to determine.
- Has a lot of recent information on the Web.
- If there is a github, one that has a lot of Watch and Star counts.
- Beware of gems that have not been updated for more than a year, even if famous gems.
- For development gems, it can be relatively loose, but the larger impact range, the more you need to ask the team to make a decision.
Security things to keep in mind
- If the implementation is as Rails expected, it can handle many vulnerabilities in web applications. Therefore, be sure to check for security errors and warnings, and don't ignore them.
- Vulnerabilities can be handled by updating the gem. Update gems regularly by Dependabot.
bundler-audit
andbrakeman
are highly recommended to to detect vulnerabilities.- For more secure, use an external vulnerability diagnosis services.
- Use
filter_parameters
to prevent sensitive information from outputting into the logs. - Development URLs (such as
/sidekiq
,/letter_opener
) are not made public. - Use a allowlist(whitelist) for input parameters (e.g.,
params.permit
) - Use a allowlist(whitelist) for output items (Do not implement an automatic increase in output items when table columns are added ).
Major security gems
brakeman
Static vulnerabilities analysis of Rails codebundler-audit
Vulnerability check of the gems inGemfile.lock
.
Note that even if your code or gems are caught by these checks, it does not unusable immediately. If it does not lead to vulnerabilities, there may be no problem using it (For example, if only one certain method is vulnerable and not used it).
If you are caught by the check, please check the message. Also, the latest version gem may have already addressed the vulnerability.
Other Rails features
Caching
It is not necessary to know all the caches, so it is good to understand that they exist somehow, and keep in mind that if a problem occurs, you should suspect the cache as one of the causes.
Introduce one of the most familiar.
SQL Cache (Query Cache)
Rails Guides - Caching#sql-caching
If the same query is called multiple times within one request, the second query is not executed, and the development.log
outputs CACHE (0.0ms)
. However, even when this can be used, it is often explicitly cached using a variable.
Autoload
It seems that Autoload is used in various places in Rails. It can be able to load a class just by placing ( e.g. just place a Model in app/models
can be use it immediately).
The gem zeitwerk
is used by default, but you will not need to know it in detail unless you want to do something special. The following is what you should remember.
- Appropriate Class name must be given according to its file name and directory.
- Files under
app
directory are automatically loaded even if added a new directory. - Files not under
app
directory are not loaded such aslib
directory, The files are needed to load withrequire
or add theautoload_paths
.
Putting together places to require
Have you ever seen require 'csv'
written in various places? By putting require
in one place such as config/application.rb
, you don't have to worry about whether it is required or not.
Environment variables (env)
The gem dotenv
is a major to manage env easier.
Using ENV['{feature name}']
is recommended instead of Rails.env.{environment name}?
to control behavior on each environment. There are two main advantages.
- No more code like
if !Rails.env.development? && !Rails.env.test?
- Minimize changes for testing
For example, if you use Rails.env.staging?
or Rails.env.production?
, you need to rewrite it to Rails.env.development?
for testing. If it is used in some places, it may be troublesome to rewrite them, or there is a omission possibility. For the problem, ENV
is used to control the behavior with minimal changes.
Note that this does not mean that you must not use Rails.env.{env name}?
absolutely. In case that ENV
is enough, it can also be used.
If use docker-compose
, env can be written in docker-compose.yml
, so put code that wont be changed frequently there and seperate from ENV to better overviewing.
Credentials
Since ENV
can't hide secure constants (e.g. id/pass), use credentials to manage them. What you need to know is the following about credentials.
- A key ( like
config/master.key
) will be needed to refer to or edit. - The key is created only at the first time of credentials creation and is managed in a different way from git.
- To refer to or edit Credentials,
- you need to get the key from the system administrator and place it in the same directory as credentials.
- use a command such as
EDITOR="vi" bin/rails credentials:edit
. The command will automatically encrypt and decrypt the credentials file.
Note that the secrets
is the old version way, so new project should use credentials instead of it.
Features included in Rails but not often used
These are included by default and can be removed if not used. They can also be optionally disabled during rails new
.
Rails Guides - The Rails Command Line#rails-new
Turbolinks
Provides features to speed up screen transitions with Javacript. Since it is a little difficult to use and has little advantage, it is safe to remove it.
I have not investigated the direct relationship, but similar gem turbo-rails
is installed by default instead in Rails7.
Action Mailbox
Provides features to handle incoming mail. (Not Action Mailer.)
Action Text
Provides features to use rich text.
Action Cable
Provides features for WebSocket. app/channels
directory is created by this. You can delete it if not need.