gitlab-org--gitlab-foss/doc/development/ruby_upgrade.md

275 lines
18 KiB
Markdown

---
stage: none
group: unassigned
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# Ruby upgrade guidelines
We strive to run GitLab using the latest Ruby MRI releases to benefit from performance and
security updates and new Ruby APIs. When upgrading Ruby across GitLab, we should do
so in a way that:
- Is least disruptive to contributors.
- Optimizes for GitLab SaaS availability.
- Maintains Ruby version parity across all parts of GitLab.
Before making changes to Ruby versions, read through this document carefully and entirely to get a high-level
understanding of what changes may be necessary. It is likely that every Ruby upgrade is a little
different than the one before it, so assess the order and necessity of the documented
steps.
## Scope of a Ruby upgrade
The first thing to consider when upgrading Ruby is scope. In general, we consider
the following areas in which Ruby updates may have to occur:
- The main GitLab Rails repository.
- Any ancillary Ruby system repositories.
- Any third-party libraries used by systems in these repositories.
- Any GitLab libraries used by systems in these repositories.
We may not always have to touch all of these. For instance, a patch-level Ruby update is
unlikely to require updates in third-party gems.
### Patch, minor, and major upgrades
When assessing scope, the Ruby version level matters. For instance, it is harder and riskier
to upgrade GitLab from Ruby 2.x to 3.x than it is to upgrade from Ruby 2.7.2 to 2.7.4, as
patch releases are typically restricted to security or bug fixes.
Be aware of this when preparing an upgrade and plan accordingly.
To help you estimate the scope of future upgrades, see the efforts required for the following upgrades:
- [Patch upgrade 2.7.2 -> 2.7.4](https://gitlab.com/gitlab-org/gitlab/-/issues/335890)
- [Minor upgrade 2.6.x -> 2.7.x](https://gitlab.com/groups/gitlab-org/-/epics/2380)
- [Major upgrade 2.x.x -> 3.x.x](https://gitlab.com/groups/gitlab-org/-/epics/5149)
## Affected audiences and targets
Before any upgrade, consider all audiences and targets, ordered by how immediately they are affected by Ruby upgrades:
1. **Developers.** We have many contributors to GitLab and related projects both inside and outside the company. Changing files such as `.ruby-version` affects everyone using tooling that interprets these files.
The developers are affected as soon as they pull from the repository containing the merged changes.
1. **GitLab CI/CD.** We heavily lean on CI/CD for code integration and testing. CI/CD jobs do not interpret files such as `.ruby-version`.
Instead, they use the Ruby installed in the Docker container they execute in, which is defined in `.gitlab-ci.yml`.
The container images used in these jobs are maintained in the [`gitlab-build-images`](https://gitlab.com/gitlab-org/gitlab-build-images) repository.
When we merge an update to an image, CI/CD jobs are affected as soon as the [image is built](https://gitlab.com/gitlab-org/gitlab-build-images/#pushing-a-rebuild-image).
1. **GitLab SaaS**. GitLab.com is deployed from customized Helm charts that use Docker images from [Cloud Native GitLab (CNG)](https://gitlab.com/gitlab-org/build/CNG).
Just like CI/CD, `.ruby-version` is meaningless in this environment. Instead, those Docker images must be patched to upgrade Ruby.
GitLab SaaS is affected with the next deployment.
1. **Self-managed GitLab.** Customers installing GitLab via [Omnibus](https://gitlab.com/gitlab-org/omnibus-gitlab) use none of the above.
Instead, their Ruby version is defined by the [Ruby software bundle](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/config/software/ruby.rb) in Omnibus.
Self-managed customers are affected as soon as they upgrade to the release containing this change.
## Ruby upgrade approach
Timing all steps in a Ruby upgrade correctly is critical. As a general guideline, consider the following:
- For smaller upgrades where production behavior is unlikely to change, aim to keep the version gap between
repositories and production minimal. Coordinate with stakeholders to merge all changes closely together
(within a day or two) to avoid drift. In this scenario the likely order is to upgrade developer tooling and
environments first, production second.
- For larger changes, the risk of going to production with a new Ruby is significant. In this case, try to get into a
position where all known incompatibilities with the new Ruby version are already fixed, then work
with production engineers to deploy the new Ruby to a subset of the GitLab production fleet. In this scenario
the likely order is to update production first, developer tooling and environments second. This makes rollbacks
easier in case of critical regressions in production.
Either way, we found that from past experience the following approach works well, with some steps likely only
necessary for minor and major upgrades. Note that some of these steps can happen in parallel or may have their
order reversed as described above.
### Create an epic
Tracking this work in an epic is useful to get a sense of progress. For larger upgrades, include a
timeline in the epic description so stakeholders know when the final switch is expected to go live.
Break changes to individual repositories into separate issues under this epic.
### Communicate the intent to upgrade
Especially for upgrades that introduce or deprecate features,
communicate early that an upgrade is due, ideally with an associated timeline. Provide links to important or
noteworthy changes, so developers can start to familiarize themselves with
changes ahead of time.
GitLab team members should announce the intent in relevant Slack channels (`#backend` and `#development` at minimum)
and Engineering Week In Review (EWIR). Include a link to the upgrade epic in your
[communication](https://about.gitlab.com/handbook/engineering/#communication).
### Add new Ruby to CI/CD and development environments
To build and run Ruby gems and the GitLab Rails application with a new Ruby, you must first prepare CI/CD
and developer environments to include the new Ruby version.
At this stage, you *must not make it the default Ruby yet*, but make it optional instead. This allows
for a smoother transition by supporting both old and new Ruby versions for a period of time.
There are two places that require changes:
1. **[GitLab Build Images](https://gitlab.com/gitlab-org/gitlab-build-images).** These are Docker images
we use for runners and other Docker-based pre-production environments. The kind of change necessary
depends on the scope.
- For [patch level updates](https://gitlab.com/gitlab-org/gitlab-build-images/-/merge_requests/418), it should suffice to increment the patch level of `RUBY_VERSION`.
All projects building against the same minor release automatically download the new patch release.
- For [major and minor updates](https://gitlab.com/gitlab-org/gitlab-build-images/-/merge_requests/320), create a new set of Docker images that can be used side-by-side with existing images during the upgrade process. **Important:** Make sure to copy over all Ruby patch files
in the `/patches` directory to a new folder matching the Ruby version you upgrade to, or they aren't applied.
1. **[GitLab Development Kit (GDK)](https://gitlab.com/gitlab-org/gitlab-development-kit).**
Update GDK to add the new Ruby as an additional option for
developers to choose from. This typically only requires it to be appended to `.tool-versions` so `asdf`
users will benefit from this. Other users will have to install it manually
([example](https://gitlab.com/gitlab-org/gitlab-development-kit/-/merge_requests/2136).)
For larger version upgrades, consider working with [Quality Engineering](https://about.gitlab.com/handbook/engineering/quality/)
to identify and set up a test plan.
### Update third-party gems
For patch releases this is unlikely to be necessary, but
for minor and major releases, there could be breaking changes or Bundler dependency issues when gems
pin Ruby to a particular version. A good way to find out is to create a merge request in `gitlab-org/gitlab`
and see what breaks.
### Update GitLab gems and related systems
This is typically necessary, since gems or Ruby applications that we maintain ourselves contain the build setup such as
`.ruby-version`, `.tool-versions`, or `.gitlab-ci.yml` files. While there isn't always a technical necessity to
update these repositories for the GitLab Rails application to work with a new Ruby,
it is good practice to keep Ruby versions in lock-step across all our repositories. For minor and major
upgrades, add new CI/CD jobs to these repositories using the new Ruby.
A [build matrix definition](../ci/yaml/index.md#parallelmatrix) can do this efficiently.
#### Decide which repositories to update
When upgrading Ruby, consider updating the following repositories:
- [Gitaly](https://gitlab.com/gitlab-org/gitaly) ([example](https://gitlab.com/gitlab-org/gitaly/-/merge_requests/3771))
- [GitLab Labkit](https://gitlab.com/gitlab-org/labkit-ruby) ([example](https://gitlab.com/gitlab-org/labkit-ruby/-/merge_requests/79))
- [GitLab Exporter](https://gitlab.com/gitlab-org/gitlab-exporter) ([example](https://gitlab.com/gitlab-org/gitlab-exporter/-/merge_requests/150))
- [GitLab Experiment](https://gitlab.com/gitlab-org/ruby/gems/gitlab-experiment) ([example](https://gitlab.com/gitlab-org/ruby/gems/gitlab-experiment/-/merge_requests/128))
- [Gollum Lib](https://gitlab.com/gitlab-org/gollum-lib) ([example](https://gitlab.com/gitlab-org/gollum-lib/-/merge_requests/21))
- [GitLab Helm Chart](https://gitlab.com/gitlab-org/charts/gitlab) ([example](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2162))
- [GitLab Sidekiq fetcher](https://gitlab.com/gitlab-org/sidekiq-reliable-fetch) ([example](https://gitlab.com/gitlab-org/sidekiq-reliable-fetch/-/merge_requests/33))
- [Prometheus Ruby Mmap Client](https://gitlab.com/gitlab-org/prometheus-client-mmap) ([example](https://gitlab.com/gitlab-org/prometheus-client-mmap/-/merge_requests/59))
- [GitLab-mail_room](https://gitlab.com/gitlab-org/gitlab-mail_room) ([example](https://gitlab.com/gitlab-org/gitlab-mail_room/-/merge_requests/16))
To assess which of these repositories are critical to be updated alongside the main GitLab application consider:
- The Ruby version scope.
- The role that the service or library plays in the overall functioning of GitLab.
Refer to the [list of GitLab projects](https://about.gitlab.com/handbook/engineering/projects/) for a complete
account of which repositories could be affected.
For smaller version upgrades, it can be acceptable to delay updating libraries that are non-essential or where
we are certain that the main application test suite would catch regressions under a new Ruby version.
NOTE:
Consult with the respective code owners whether it is acceptable to merge these changes ahead
of updating the GitLab application. It might be best to get the necessary approvals
but wait to merge the change until everything is ready.
### Prepare the GitLab application MR
With the dependencies updated and the new gem versions released, you can update the main Rails
application with any necessary changes, similar to the gems and related systems.
On top of that, update the documentation to reflect the version change in the installation
and update instructions ([example](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68363)).
NOTE:
Be especially careful with timing this merge request, since as soon as it is merged, all GitLab contributors
will be affected by it and the changes will be deployed. You must ensure that this MR remains
open until everything else is ready, but it can be useful to get approval early to reduce lead time.
### Give developers time to upgrade (grace period)
With the new Ruby made available as an option, and all merge requests either ready or merged,
there should be a grace period (1 week at minimum) during which developers can
install the new Ruby on their machines. For GDK and `asdf` users this should happen automatically
via `gdk update`.
This pause is a good time to assess the risk of this upgrade for GitLab SaaS.
For Ruby upgrades that are high risk, such as major version upgrades, it is recommended to
coordinate the changes with the infrastructure team through a [change management request](https://about.gitlab.com/handbook/engineering/infrastructure/change-management/).
Create this issue early to give everyone enough time to schedule and prepare changes.
### Make it the default Ruby
If there are no known version compatibility issues left, and the grace
period has passed, all affected repositories and developer tools should be updated to make the new Ruby
default.
At this point, update the [GitLab Compose Kit (GCK)](https://gitlab.com/gitlab-org/gitlab-compose-kit).
This is an alternative development environment for users that prefer to run GitLab in `docker-compose`.
This project relies on the same Docker images as our runners, so it should maintain parity with changes
in that repository. This change is only necessary when the minor or major version changes
([example](https://gitlab.com/gitlab-org/gitlab-compose-kit/-/merge_requests/176).)
As mentioned above, if the impact of the Ruby upgrade on SaaS availability is uncertain, it is
prudent to skip this step until you have verified that it runs smoothly in production via a staged
rollout. In this case, go to the next step first, and then, after the verification period has passed, promote
the new Ruby to be the new default.
### Update CNG and Omnibus, merge the GitLab MR
The last step is to use the new Ruby in production. This
requires updating Omnibus and production Docker images to use the new version.
Helm charts may also have to be updated if there were changes to related systems that maintain
their own charts (such as `gitlab-exporter`.)
To use the new Ruby in production, update the following projects:
- [Cloud-native GitLab Docker Images (CNG)](https://gitlab.com/gitlab-org/build/CNG) ([example](https://gitlab.com/gitlab-org/build/CNG/-/merge_requests/739))
- [Omnibus GitLab](https://gitlab.com/gitlab-org/omnibus-gitlab) ([example](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/5545))
If you submit a change management request, coordinate the rollout with infrastructure
engineers. When dealing with larger upgrades, involve [Release Managers](https://about.gitlab.com/community/release-managers/)
in the rollout plan.
### Create patch releases and backports for security patches
If the upgrade was a patch release and contains important security fixes, it should be released as a
GitLab patch release to self-managed customers. Consult our [release managers](https://about.gitlab.com/community/release-managers/)
for how to proceed.
## Ruby upgrade tooling
There are several tools that ease the upgrade process.
### Deprecation Toolkit
A common problem with Ruby upgrades is that deprecation warnings turn into errors. This means that every single
deprecation warning must be resolved before making the switch. To avoid new warnings from making it into the
main application branch, we use [`DeprecationToolkitEnv`](https://gitlab.com/gitlab-org/gitlab/blob/master/spec/deprecation_toolkit_env.rb).
This module observes deprecation warnings emitted from spec runs and turns them into test failures. This prevents
developers from checking in new code that would fail under a new Ruby.
Sometimes it cannot be avoided to introduce new warnings, for example when a Ruby gem we use emits these warnings
and we have no control over it. In these cases, add silences, like [this merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68865) did.
### Deprecation Logger
We also log Ruby and Rails deprecation warnings to a dedicated log file, `log/deprecation_json.log`
(see [GitLab Developers Guide to Logging](logging.md) for where to find GitLab log files),
which can provide clues when there is code that is not adequately covered by tests and hence would slip past `DeprecationToolkitEnv`.
For GitLab SaaS, GitLab team members can inspect these log events in Kibana
(`https://log.gprd.gitlab.net/goto/f7cebf1ff05038d901ba2c45925c7e01`).
## Recommendations
During the upgrade process, consider the following recommendations:
- **Front-load as many changes as possible.** Especially for minor and major releases, it is likely that application
code will break or change. Any changes that are backward compatible should be merged into the main branch and
released independently ahead of the Ruby version upgrade. This ensures that we move in small increments and
get feedback from production environments early.
- **Create an experimental branch for larger updates.** We generally try to avoid long-running topic branches,
but for purposes of feedback and experimentation, it can be useful to have such a branch to get regular
feedback from CI/CD when running a newer Ruby. This can be helpful when first assessing what problems
we might run into, as [this MR](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50640) demonstrates.
These experimental branches are not intended to be merged; they can be closed once all required changes have been broken out
and merged back independently.
- **Give yourself enough time to fix problems ahead of a milestone release.** GitLab moves fast.
As a Ruby upgrade requires many MRs to be sent and reviewed, make sure all changes are merged at least a week
before the 22nd. This gives us extra time to act if something breaks. If in doubt, it is better to
postpone the upgrade to the following month, as we [prioritize availability over velocity](https://about.gitlab.com/handbook/engineering/#prioritizing-technical-decisions).