Upgrade gems to Rails 6

There are also minor changes to keep the Rails generated files
similar to when generating a new Rails 6 application

grape_logging was upgraded to fix deprecation messages related to
ActionDispatch::Http::ParameterFilter

Rails 6 now adds the nonce to style-src by default. We disable
this because we still have a lot of code that set inline styles
and we need 'unsafe-inline'

Gemfile

 source 'https://rubygems.org'
 
-gem 'rails', '5.2.3'
+gem 'rails', '6.0.2'
 
 gem 'bootsnap', '~> 1.4'
 
@@ -305,7 +305,7 @@ gem 'gitlab-labkit', '0.9.1'
 
 # I18n
 gem 'ruby_parser', '~> 3.8', require: false
-gem 'rails-i18n', '~> 5.1'
+gem 'rails-i18n', '~> 6.0'
 gem 'gettext_i18n_rails', '~> 1.8.0'
 gem 'gettext_i18n_rails_js', '~> 1.3'
 gem 'gettext', '~> 3.2.2', require: false, group: :development
@@ -332,6 +332,7 @@ group :metrics do
 end
 
 group :development do
+  gem 'listen', '~> 3.0'
   gem 'brakeman', '~> 4.2', require: false
   gem 'danger', '~> 6.0', require: false
 

Gemfile.lock

@@ -6,50 +6,64 @@ GEM
     ace-rails-ap (4.1.2)
     acme-client (2.0.5)
       faraday (~> 0.9, >= 0.9.1)
-    actioncable (5.2.3)
-      actionpack (= 5.2.3)
+    actioncable (6.0.2)
+      actionpack (= 6.0.2)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
+    actionmailbox (6.0.2)
+      actionpack (= 6.0.2)
+      activejob (= 6.0.2)
+      activerecord (= 6.0.2)
+      activestorage (= 6.0.2)
+      activesupport (= 6.0.2)
+      mail (>= 2.7.1)
+    actionmailer (6.0.2)
+      actionpack (= 6.0.2)
+      actionview (= 6.0.2)
+      activejob (= 6.0.2)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.3)
-      actionview (= 5.2.3)
-      activesupport (= 5.2.3)
+    actionpack (6.0.2)
+      actionview (= 6.0.2)
+      activesupport (= 6.0.2)
       rack (~> 2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.3)
-      activesupport (= 5.2.3)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (6.0.2)
+      actionpack (= 6.0.2)
+      activerecord (= 6.0.2)
+      activestorage (= 6.0.2)
+      activesupport (= 6.0.2)
+      nokogiri (>= 1.8.5)
+    actionview (6.0.2)
+      activesupport (= 6.0.2)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.3)
-      activesupport (= 5.2.3)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.0.2)
+      activesupport (= 6.0.2)
       globalid (>= 0.3.6)
-    activemodel (5.2.3)
-      activesupport (= 5.2.3)
-    activerecord (5.2.3)
-      activemodel (= 5.2.3)
-      activesupport (= 5.2.3)
-      arel (>= 9.0)
+    activemodel (6.0.2)
+      activesupport (= 6.0.2)
+    activerecord (6.0.2)
+      activemodel (= 6.0.2)
+      activesupport (= 6.0.2)
     activerecord-explain-analyze (0.1.0)
       activerecord (>= 4)
       pg
-    activestorage (5.2.3)
-      actionpack (= 5.2.3)
-      activerecord (= 5.2.3)
+    activestorage (6.0.2)
+      actionpack (= 6.0.2)
+      activejob (= 6.0.2)
+      activerecord (= 6.0.2)
       marcel (~> 0.3.1)
-    activesupport (5.2.3)
+    activesupport (6.0.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
+      zeitwerk (~> 2.2)
     acts-as-taggable-on (6.5.0)
       activerecord (>= 5.0, < 6.1)
     adamantium (0.2.0)
@@ -62,7 +76,6 @@ GEM
     apollo_upload_server (2.0.0.beta.3)
       graphql (>= 1.8)
       rails (>= 4.2)
-    arel (9.0.0)
     asana (0.9.3)
       faraday (~> 0.9)
       faraday_middleware (~> 0.9)
@@ -198,13 +211,14 @@ GEM
     declarative-option (0.1.0)
     default_value_for (3.3.0)
       activerecord (>= 3.2.0, < 6.1)
-    derailed_benchmarks (1.3.5)
+    derailed_benchmarks (1.4.2)
       benchmark-ips (~> 2)
       get_process_mem (~> 0)
       heapy (~> 0)
       memory_profiler (~> 0)
       rack (>= 1)
-      rake (> 10, < 13)
+      rake (> 10, < 14)
+      ruby-statistics (>= 2.1)
       thor (~> 0.19)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
@@ -348,7 +362,8 @@ GEM
     gemoji (3.0.1)
     gemojione (3.3.0)
       json
-    get_process_mem (0.2.3)
+    get_process_mem (0.2.5)
+      ffi (~> 1.0)
     gettext (3.2.9)
       locale (>= 2.0.5)
       text (>= 1.3.0)
@@ -434,8 +449,9 @@ GEM
       activesupport
       grape (~> 1.0)
       rake (~> 12)
-    grape_logging (1.7.0)
+    grape_logging (1.8.3)
       grape
+      rack
     graphiql-rails (1.4.10)
       railties
       sprockets-rails
@@ -510,7 +526,7 @@ GEM
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
     httpclient (2.8.3)
-    i18n (1.7.1)
+    i18n (1.7.0)
       concurrent-ruby (~> 1.0)
     i18n_data (0.8.0)
     icalendar (2.4.1)
@@ -609,12 +625,12 @@ GEM
     memoist (0.16.0)
     memoizable (0.4.2)
       thread_safe (~> 0.3, >= 0.3.1)
-    memory_profiler (0.9.13)
+    memory_profiler (0.9.14)
     method_source (0.9.2)
     mime-types (3.2.2)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2019.0331)
-    mimemagic (0.3.2)
+    mimemagic (0.3.3)
     mini_magick (4.9.5)
     mini_mime (1.0.2)
     mini_portile2 (2.4.0)
@@ -787,18 +803,20 @@ GEM
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rack-timeout (0.5.1)
-    rails (5.2.3)
-      actioncable (= 5.2.3)
-      actionmailer (= 5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
-      activemodel (= 5.2.3)
-      activerecord (= 5.2.3)
-      activestorage (= 5.2.3)
-      activesupport (= 5.2.3)
+    rails (6.0.2)
+      actioncable (= 6.0.2)
+      actionmailbox (= 6.0.2)
+      actionmailer (= 6.0.2)
+      actionpack (= 6.0.2)
+      actiontext (= 6.0.2)
+      actionview (= 6.0.2)
+      activejob (= 6.0.2)
+      activemodel (= 6.0.2)
+      activerecord (= 6.0.2)
+      activestorage (= 6.0.2)
+      activesupport (= 6.0.2)
       bundler (>= 1.3.0)
-      railties (= 5.2.3)
+      railties (= 6.0.2)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.4)
       actionpack (>= 5.0.1.x)
@@ -809,15 +827,15 @@ GEM
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    rails-i18n (5.1.1)
+    rails-i18n (6.0.0)
       i18n (>= 0.7, < 2)
-      railties (>= 5.0, < 6)
-    railties (5.2.3)
-      actionpack (= 5.2.3)
-      activesupport (= 5.2.3)
+      railties (>= 6.0.0, < 7)
+    railties (6.0.2)
+      actionpack (= 6.0.2)
+      activesupport (= 6.0.2)
       method_source
       rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
+      thor (>= 0.20.3, < 2.0)
     rainbow (3.0.0)
     raindrops (0.19.0)
     rake (12.3.3)
@@ -937,6 +955,7 @@ GEM
     ruby-progressbar (1.10.1)
     ruby-saml (1.7.2)
       nokogiri (>= 1.5.10)
+    ruby-statistics (2.1.1)
     ruby_dep (1.5.0)
     ruby_parser (3.13.1)
       sexp_processor (~> 4.9)
@@ -1111,9 +1130,9 @@ GEM
       hashdiff
     webpack-rails (0.9.11)
       railties (>= 3.2.0)
-    websocket-driver (0.7.0)
+    websocket-driver (0.7.1)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
+    websocket-extensions (0.1.4)
     wikicloth (0.8.1)
       builder
       expression_parser
@@ -1122,6 +1141,7 @@ GEM
     xml-simple (1.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
+    zeitwerk (2.2.2)
 
 PLATFORMS
   ruby
@@ -1259,6 +1279,7 @@ DEPENDENCIES
   license_finder (~> 5.4)
   licensee (~> 8.9)
   liquid (~> 4.0)
+  listen (~> 3.0)
   lograge (~> 0.5)
   loofah (~> 2.2)
   lru_redux
@@ -1309,9 +1330,9 @@ DEPENDENCIES
   rack-oauth2 (~> 1.9.3)
   rack-proxy (~> 0.6.0)
   rack-timeout
-  rails (= 5.2.3)
+  rails (= 6.0.2)
   rails-controller-testing
-  rails-i18n (~> 5.1)
+  rails-i18n (~> 6.0)
   rainbow (~> 3.0)
   raindrops (~> 0.18)
   rblineprof (~> 0.3.6)

bin/setup

 #!/usr/bin/env ruby
 require 'fileutils'
-include FileUtils
 
 # path to your application root.
 APP_ROOT = File.expand_path('..', __dir__)
@@ -9,24 +8,25 @@ def system!(*args)
   system(*args) || abort("\n== Command #{args} failed ==")
 end
 
-chdir APP_ROOT do
-  # This script is a starting point to setup your application.
+FileUtils.chdir APP_ROOT do
+  # This script is a way to setup or update your development environment automatically.
+  # This script is idempotent, so that you can run it at anytime and get an expectable outcome.
   # Add necessary setup steps to this file.
 
   puts '== Installing dependencies =='
   system! 'gem install bundler --conservative'
   system('bundle check') || system!('bundle install')
 
-  # Install JavaScript dependencies if using Yarn
+  # Install JavaScript dependencies
   # system('bin/yarn')
 
   # puts "\n== Copying sample files =="
   # unless File.exist?('config/database.yml')
-  #   cp 'config/database.yml.sample', 'config/database.yml'
+  #   FileUtils.cp 'config/database.yml.sample', 'config/database.yml'
   # end
 
   puts "\n== Preparing database =="
-  system! 'bin/rails db:setup'
+  system! 'bin/rails db:prepare'
 
   puts "\n== Removing old logs and tempfiles =="
   system! 'bin/rails log:clear tmp:clear'

changelogs/unreleased/31034-upgrade-to-rails-6.yml

+---
+title: Upgrade to Rails 6
+merge_request: 19891
+author:
+type: other

config/application.rb

 require_relative 'boot'
 
-# Based on https://github.com/rails/rails/blob/v5.2.3/railties/lib/rails/all.rb
+# Based on https://github.com/rails/rails/blob/v6.0.1/railties/lib/rails/all.rb
 # Only load the railties we need instead of loading everything
+require 'rails'
+
 require 'active_record/railtie'
 require 'action_controller/railtie'
 require 'action_view/railtie'

config/environment.rb

-# Load the rails application
-
+# Load the Rails application.
 require_relative 'application'
 
-# Initialize the rails application
+# Initialize the Rails application.
 Rails.application.initialize!

config/environments/development.rb

@@ -50,4 +50,8 @@ Rails.application.configure do
 
   # BetterErrors live shell (REPL) on every stack frame
   BetterErrors::Middleware.allow_ip!("127.0.0.1/0")
+
+  # Use an evented file watcher to asynchronously detect changes in source code,
+  # routes, locales, etc. This feature depends on the listen gem.
+  config.file_watcher = ActiveSupport::EventedFileUpdateChecker
 end

config/initializers/content_security_policy.rb

@@ -12,4 +12,5 @@ if csp_settings['enabled']
 
   Rails.application.config.content_security_policy_report_only = csp_settings['report_only']
   Rails.application.config.content_security_policy_nonce_generator = ->(request) { SecureRandom.base64(16) }
+  Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
 end

config/initializers/cookies_serializer.rb

 # Be sure to restart your server when you modify this file.
 
+Rails.application.config.action_dispatch.use_cookies_with_metadata = false
 Rails.application.config.action_dispatch.cookies_serializer = :hybrid

db/schema.rb

@@ -2,11 +2,11 @@
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
-# Note that this schema.rb definition is the authoritative source for your
-# database schema. If you need to create the application database on another
-# system, you should be using db:schema:load, not running all the migrations
-# from scratch. The latter is a flawed and unsustainable approach (the more migrations
-# you'll amass, the slower it'll run and the greater likelihood for issues).
+# This file is the source Rails uses to define your schema when running `rails
+# db:schema:load`. When creating a new database, `rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
 #
 # It's strongly recommended that you check this file into your version control system.