Blog

Keeping Your Ruby On Rails Applications Healthy

Madhuri Shrestha
December 12, 2022

Imagine your Ruby On Rails application as a home. A home you have built with a vision and passion. And a home is a home only when it is lived in, loved and maintained.

Let’s Start with the WHY

If your application is a home then, your team is the one living in the home. For a home to function without chaos, it requires certain boundaries and guidelines in place. This brings uniformity and allows the team to work in sync. Likewise, for the home to be stable and a safe space, it needs to be maintained. We require the capability to identify the leaks, breaks and damages to the house in order to be able to repair and keep it robust.

How? You May Ask

There are some gems that help us in ensuring our home stays a home and not just a building without any character. Let us go through some of them.

Rubocop

Rubocop is a tool that acts as a linter and formatter which is shaped by the community driven Ruby Style Guide. When run, it points out the concerns in your codebase which it calls offense and all the offenses are categorized under different cops.

Since every home is different, it can be configured as per one’s preferences using various configuration options. By default, all the cops are enabled.

Rubocop enables the team to code and add/remove to the application following the same guidelines building readability of the codebase aiding in efficient PR reviews and easy onboarding of new members.

To install:

sh
$ gem install rubocop

Or add it to your Gemfile and then bundle install:

sh
gem 'rubocop', require: false

To run:

sh
$ rubocop

Run for a specific file:

sh
$ rubocop app/services/some_file.rb

Below is a sample rubocop.yml where we can tailor Rubocop as per our needs:

sh
AllCops:
  Exclude:
    - 'bin/*'
    - 'db/**/*'
    - 'public/**/*'
  DisplayCopNames: true

Lint/MissingSuper:
 Enabled: false

Metrics/BlockLength:
 Enabled: false

RubyCritic

RubyCritic is similar to Rubocop. It is a gem that wraps around static analysis gems such as Reek, Flay and Flog. It provides a detailed quality report of your Ruby code. The report contains an overview of the application, the code smells per file and an index of the code smells in the overall application.

To install:

sh
$ gem install rubycritic

Or add it to your Gemfile and then bundle install:

sh
gem 'rubycritic', require: false

To run:

sh
$ rubycritic

Run for a specific file:

sh
$ rubycritic app/services/some_file.rb

Simplecov

As we discussed before, it is necessary to maintain the application to keep it robust. And test coverage is a crucial way to do exactly that. But we also need to know where we stand on that front and what areas of the codebase require more test coverage.

Simplecov is simply a code coverage analysis tool for Ruby. Once we have the gem installed in our application, every time we run our test suite, it generates a test coverage report. This coverage results report is fully browsable locally with sorting and contains a detailed description of the coverage percentage of each directory of the application with breakdown to files under them and also highlights the lines of the code that are covered and missed by the test suite in the application.

To install, add it to your Gemfile and then bundle install:

sh
gem 'simplecov', require: false, group: :test

Load and launch SimpleCov at the very top of your test/test_helper.rb (or spec_helper.rb, rails_helper, cucumber env.rb, or whatever your preferred test framework uses):

sh
require 'simplecov'
SimpleCov.start

Previous content of test helper now starts here

Now, run the full test suite of your application and on completion, Simplecov will generate a coverage/index.html file with all the code coverage details.

Brakeman

Brakeman is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities. In this age of technology, we would want to keep our application away from any intrusions. For this, we need to be aware of the areas of vulnerability of our application to ensure that we can work to keep the privacy of our application and users.

Brakeman generates a report with the overview of all the vulnerabilities it detects and lists the warnings in the order of severity from High, Medium and Low respectively.

To install:

sh
$ gem install brakeman

Or add it to your Gemfile and then bundle install:

sh
gem 'brakeman', require: false, group: :development

To run:

sh
$ brakeman

Bundler-audit

We are talking about leveraging gems to keep our application healthy but don’t we also need to ensure that these gems and all the other gems we use are secure and safe? Cue the bundler-audit.

bundler-audit is patch-level verification for bundler which looks for vulnerable versions of gems in Gemfile.lock and insecure gem sources (http:// and git://). It generates a report of all the vulnerable gems and their versions being used in the application along with its criticality and solution to address it.

To install:

sh
$ gem install bundler-audit

To run:

sh
$ bundle-audit

A home becomes derelict with no care and maintenance. With the help of these tools, we can avoid that and work towards building a robust and healthy application that keeps the team working efficiently and aids in realising our vision.