Writing a tech audit for a Rails app
As soon as I come on a new project, I like to get a picture of a few things, tech wise.
Here is a checklist of things I look at, questions I’d like to have answers about. This is my cheat sheet, I hope it can be useful for you as well. Let’s dive in!
Stack description
Here, I try to list all the different pieces of tech that make up the app. Ruby on Rails applications are generally fairly standard, but they all differ a little bit. Some might use a bit of an exotic queueing system, or have a database that’s not Postgresql (yes, it’s still very much possible 😊 ).
I also try to list the main components and their version, noting down when is the end-of-life (EOL) for each of these, to get a sense of how up to date it is.
Doing that, I found a useful website to find these EOL dates.
Example
- Ruby v2.7.5, released 2021-11-24, EOL 2022-03-31
- Rails v6.0.3, released 2020-05-06, EOL 2022-06-01
- VueJS 2.6.11, released 2019-13-12, EOL 2023-12-31
Gems
Here, I try to get a sense of which gems are used, are there some unknown (at least to me) gems that I can add to my toolbox ? I also want to know how many there are, as this is interesting in terms of maintenance, exposition to potential vulnerabilities, and complexity.
I also check out versions, to get a sense of how up-to-date those are. While I’m at it, I try to check for tools like dependabot, or bundle audit that help manage dependency updates and security in a bit more automated fashion.
I don’t have strict rules for the above questions, there isn’t a “right amount of dependencies” but it helps getting a better picture of the app, as well as discovering some features.
Example
- Uses jQuery (and jQuery related gems) in multiple places
- Uses carrierwave (not active storage)
- Uses google_distance_matrix gem: gives travel times (according to some constraints) between lists of origin and destination points.
Routes
Looking at the routes of an app is a good way to realise what the app does.
Does it have an admin interface, an API ?
Are there incoming webhooks?
How many controllers are there?
Most of these questions can be roughly answered by looking at config/routes.rb.
Example
What is the /v1 namespace, is it still in use ?
API, controllers
This is a continuation of the previous part, except you will get to look at some core functionality of the application. You’ll be able to see if the app is using form objects for example, or if it saves objects into the database directly from controllers. This is useful to know how to orient yourself when you’re going to contribute for the first time to this application.
Example
- Has a few namespaces (
/api,/v1) - Uses very few concerns
- Heavily uses
FormObjectsto persist data
Frontend
Here is where I will list (in a very basic way) what technologies are used in the frontend, as well as detailing the tooling a bit, since these days, it might vary a lot, even for a Rails application.
Example
- Relies on Tailwind for CSS
- Uses webpacker to compile all frontend assets
- VueJS is used in the front
- Uses vue-turbolinks
Data model
This could be an entire post in itself, as there are a lot of things that can be said. Sometimes, I’ll draw the main entities of a system, starting from what’s obvious. It’s usually what the app is about. Another good way to get started is to start from the user (or equivalent) model.
I am not exhausive when I do this, but I try to get the main entities that make the global picture, that will help me further understand the code.
I will also open a few model files, to get a sense of what is going on, for example, are the models very light, and business logic is handled somewhere else, or it more of a “heavy models” approach.
Good practises, DX
This is the part where I will try to gauge my overall experience during the first interactions with the project. Various things fall under this category. The onboarding speed is probably a very important criteria here, as well as the ease to release something new.
Example
- Readme is written
- App can be started without trouble
- App has seeds
- Tests are slow, advised not to run them locally
- CI is in place (Github actions)
Environments
I try to list the different environements, their names, where to access them, how the flow works, how to deploy the app to those various environments.
Example
- Staging is available at
https://staging.myapp.com - Review apps are created for every open PR, with basic seed data
Observability
In this section, I’ll list the tooling and any specificities around observability, that includes APM, exception monitoring, log collection, uptime monitoring etc.
Example
- Error tracking: Honeybadger
- APM: AppSignal
Infrastructure
Without going to much into details, I also try to get a sense of what solutions are used for the infrastructure, whether the app is hosted on a VPS, or in a PaaS for example, if there is infrastructure as code, who has SSH access…
- PostgreSQL instance (managed, 1 replica)
- Redis (separate instance)
- Runs on AWS
Check project history, contributors
- Use github
- Use a tool like
git quick-stats
That’s a wrap
And, that’s it, pretty much! I hope this gives you ideas on how to structure a Rails app audit, whether you’re consulting on a Rails application, or being onboarded into a new team, I always find it useful to have a little tour of the app and the surroundings, to know what I’ll be working with.