backend.md

Back-end

1. Technologies
   • Development OS
   • IDE
   • HTTP Server
   • Database Server
   • Cloud Hosting Platform
2. Preferred Gems
3. Coding Conventions
4. Test-Driven Development
5. .gitignore
6. Best Practices
   • Databases
   • Security
   • Code Analysis And Metrics
7. Load Balancing
8. Load Testing
9. Useful Links
10. Recommended Books

Technologies

• Ruby 2.6.x (latest stable)
• Ruby on Rails 5.x (latest stable)
• Ruby environment management: rvm

Development OS

We don’t use Windows as OS for development machines. We use latest macOS or Ubuntu/Debian (long-term support releases are preferred).

IDE

• RubyMine (not required)

HTTP Server

• Use latest stable nginx

Database Server

• Prefer latest stable PostgreSQL

Cloud Hosting Platform

• Prefer Amazon Web Services

Preferred Gems

• Puma as a Ruby web server
• Capistrano for deployment
• Kaminari for pagination
• Draper - Decorators/View-Models for Rails Applications
• pundit - minimal authorization through OO design and pure Ruby classes
• dotenv for setting shell environment variables
• exception_notification for error/exception notifications from server
• AppSignal - better errors notification server with full debug information about each error
• swagger-blocks for generating API documentation in Swagger format
• rack-timeout - add timeouts to rack applications.
• rack-cors for configuring CORS headers.
• lograge for production logs squshing.
• sidekiq for background processing.

Useful Gems

• database_cleaner
• database_rewinder
• factory_bot_rails
• squasher
• rpush
• health_check

Coding Conventions

• Ruby Style Guide
• Rails Style Guide
• RSpec Best Practices
• The Ultimate Guide to Ruby Timeouts

Test-Driven Development

• Use latest versions of rspec and rspec_rails
• shoulda-matchers
• shoulda-callback-matchers
• rspec-its
• rspec-activemodel-mocks
• rails-controller-testing
• simplecov

.gitignore

Add the following lines to default Rails-generated .gitignore file:

.DS_Store
database.yml
secrets.yml
.idea
coverage/

Best practices

Databases

• Use ActiveRecord ORM (scopes, enums, where with conditions, order etc) instead of raw SQL queries
• Design the database schema with Vertabelo
• Keep your schema up-to-date with Rails ERD

Security

• Avoid common security problems following Ruby on Rails Security Guide
• Never store production data (logins, passwords etc) in source code repository
• Keep config/database.yml and config/secrets.yml outside of the source code repository. Use shell environment variables instead. More info here

Code Analysis And Metrics

Here is a list of must-have gems:

• Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
• bundler-audit - Checks for vulnerable versions of gems in Gemfile.lock.
• SimpleCov - Code Coverage tool for Ruby
• RuboCop - A static code analyzer, based on the community Ruby style guide
• rails_best_practices - Code metric tool for Rails projects
• RailsRoady - UML diagram generation on models and controllers
• lol_dba - small package of rake tasks that scan your application models and displays a list of columns that probably should be indexed
• bullet - help to kill N+1 queries and unused eager loading

These tools are to be run at the end of each development cycle (Iteration, Sprint, Milestone, Release)

Load Testing

• We use Apache JMeter in strong collaboration with our QA Department.

Load Balancing

• Use AWS Elastic Load Balancing

Useful Links

• Ruby Weekly - subscribe to it!
• Green Ruby News
• This week in Rails
• Awesome Rails
• Awesome Ruby
• Ruby Toolbox
• The 12-factor app - a methodology for building SaaS apps

Recommended Books

• Practical Object-Oriented Design in Ruby (by Sandi Metz)
• Eloquent Ruby (by Russ Olsen)