Skip to content

Audit and fix gitlab-rails dependencies for Ruby 3.1/3.2 compat

We audited Audit and fix gitlab-rails dependencies for Rub... (&8845 - closed) gems for Ruby 3.0 support and require a similar audit process for Ruby 3.1 and 3.2

Our current tentative timeline targets are:

  • Initial audit complete by 2023-09-01
  • Any follow up actions for 3.1 completed by 2023-10-01

What to do

EMs I would appreciate you help in finding Engineers who can help identify and audit Gems related to your teams for Ruby 3.1/3.2 compatibility. Thank you!

Instructions

Some guidelines for how to use the gem audit sheet below.

Note that the sheet uses color formatting to easily spot problems. Some columns require you to put in Y or N for this to work.

Process

  • Focus on gems first that you have expertise in. If your group owns the area in which this gem is used, fill in Category/owner and any other blank rows (version used, use case, etc).
  • Assign yourself to any gem you're looking at using the last column. You can @-autocomplete your GApps user.
  • Link the gem name in the 1st column to the code or project repository for easy reference.
  • When your review is complete, mark the Review complete column with Y so it turns from red to green. Done here means you are done performing the review; it does not mean the issues you may have found are fixed.
  • If you found problems, set the Action required column to Y if you think we must act on these issues, or N otherwise. You can also set it to ? to indicate you are unsure about it. Use the Comments/actions column to suggest follow-ups. Prefer to link to GitLab issues here instead of writing walls of text. Use your best judgment to suggest solutions, keeping in mind that this is all done on a best-effort basis. We should focus on high-severity problems. It could be OK to just document edge-case issues for now.
  • You can use ruby-audit to help pull the correct gem source code for your testing. Also consider contributing to the project to further automate ruby audits.
  • For the EMs, please check the box next to your name in the Manager sign off section once your team has done 1) auditing the gems your team owns and 2) creating follow-up issues when seeing Ruby 3.1/3.2 compatibility issue with those gems.
  • IMPORTANT: Should you resolve any issues you found, e.g. by updating a gem to a newer version or submitting code fixes, please update the entire row to reflect the new state and toggle Action required to N since otherwise it is unclear whether follow-up work is complete or ongoing.

Considerations

  • We will roll out 3.1 first, but are looking to document both 3.1 and 3.2 issues
  • Think about use cases that may not be well-covered with automated tests we already run. An example could be edge cases that only trigger with specific data being used.
  • Pay special attention to gems that use C-extensions. These talk to internal MRI APIs that may change across major Ruby releases.
  • Browse the gem's issue tracker for any signs of Ruby 3 incompatibilities.
  • Check whether the gem is running CI builds against Ruby 3.1/3.2 already.

Teams

  1. Pipeline Execution: @carolinesimpson
  2. Pipeline Authoring: @marknuzzo
  3. Pipeline Security: @shampton / @morefice
  4. Verify Runner: @nicolewilliams
  5. Monitor Observability: @nicholasklick
  6. Monitor Respond: @francoisrose
  7. Container Registry: @crystalpoole
  8. Package Registry: @crystalpoole
  9. Deploy: Environments: @nmezzopera
  10. Authentication & Authorization: @adil.farrukh
  11. Manage Foundation: @samdbeckham
  12. Import and Integrate: @wortschi
  13. Govern Compliance: @nrosandich
  14. Plan Project Management: @donaldcook
  15. Plan Optimize: @blabuschagne
  16. Plan Product Planning: @kushalpandya
  17. Analyze Product Analytics: @dennis
  18. Govern Threat Insights: @nmccorrison
  19. Growth Acquisition and Activation: @kniechajewicz
  20. Data Science Anti-Abuse: @jayswain
  21. Govern Security Policies: @alan
  22. Secure Dynamic Analysis: @twoodham
  23. Secure Static Analysis: @amarpatel
  24. Secure Composition Analysis: @gonzoyumo
  25. Applied Machine Learning: @mray2020
  26. Application Performance: @pjphillips
  27. Global Search: @changzhengliu
  28. Distribution: @twk3
  29. Geo: @juan-silva
  30. Database: @alexives
  31. Tenant Scale: @arturoherrero
  32. Gitaly: @andrashorvath
  33. Create ide: @oregand
  34. Create Source Code: @sean_carroll
  35. Code Review: @mnohr
  36. Fulfillment Utilization: @csouthard
  37. Fulfillment Platform: @jameslopez
  38. Fulfillment Purchase: @shreyasagarwal
  39. Fulfillment Provision: @isandin
  40. Secure Automation: @agroleau
Edited by Jay