Rails 3 to Rails 7 Upgrade Plan (Revised)

v1
Feb 22, 2026 · 2.4 KB · 2 min read · by Sarah Blake

Comparing v1 → v1

+0 additions -0 deletions
v1 → v1
# Rails 3 to Rails 7 Upgrade Plan
 
## Background
 
Client has a Rails 3.2.22 application running in production since 2013. The app serves approximately 40 users in a regional insurance office. It runs on a single Heroku dyno. Nobody has touched it since Gary left in 2017.
 
Gary did not leave documentation.
 
## Current State
 
- Ruby 1.9.3 (EOL: February 2015)
- Rails 3.2.22 (EOL: June 2016)
- 847 gems in Gemfile.lock, 211 of which no longer exist on RubyGems
- Asset pipeline uses Sprockets with CoffeeScript and Sass
- Tests: 3. One passes. One is pending. One tests a feature that was removed in 2015.
- Deployment: `git push heroku master` with no CI
- Database: PostgreSQL 9.2 (EOL: November 2017)
- The app stores passwords in MD5. Gary thought this was fine.
 
## Proposed Approach
 
### Option A: Incremental Upgrade
 
Upgrade one major version at a time: 3→4→5→6→7. Each step requires updating gems, fixing deprecations, running tests (the one that passes), and deploying.
 
**Estimated time:** 6-8 weeks
**Risk:** High. Many gems have no upgrade path. Some gem authors have moved on to goat farming.
 
### Option B: Rewrite
 
Start fresh with Rails 7. Replicate existing functionality. Migrate the database.
 
**Estimated time:** 4-6 weeks
**Risk:** Medium. We know what the app does. Mostly. The parts we don't understand are probably important.
 
### Option C: Leave It Alone
 
The app works. Nobody is complaining except the security auditors. The security auditors are always complaining.
 
**Estimated time:** 0 weeks
**Risk:** The security auditors will not stop. They will never stop.
 
## Recommendation
 
Option B (Rewrite). The codebase has too much technical debt for an incremental approach. The CoffeeScript alone would take two weeks to untangle, and nobody on the team knows CoffeeScript. We hired someone who said they knew CoffeeScript but it turned out they were thinking of TypeScript.
 
## Open Questions
 
- What does the `MysteryWorker` background job do? It runs every night at 3 AM and writes to a table called `legacy_sync`. The table has 3.2 million rows. Nobody knows what it syncs or where it syncs to.
- Is the SMTP server at 10.0.0.47 still running? The app sends emails to it. We cannot find this server. The IP doesn't respond to pings. The emails appear to be delivered anyway.
- Why does the User model have a `is_gary` boolean column?
 
See also: [gem audit](gem-audit.md) for the full dependency analysis.