Rails 3 to Rails 7 Upgrade Plan (Revised)

v1
Feb 22, 2026 · 2.4 KB · 2 min read · by Sarah Blake

You are viewing version 1. The latest version is 2. View latest

Rails 3 to Rails 7 Upgrade Plan (Revised) v1

Rails 3 to Rails 7 Upgrade Plan

Background

Client has a Rails 3.2.22 application running in production since 2013. The app serves approximately 40 users in a regional insurance office. It runs on a single Heroku dyno. Nobody has touched it since Gary left in 2017.

Gary did not leave documentation.

Current State

  • Ruby 1.9.3 (EOL: February 2015)
  • Rails 3.2.22 (EOL: June 2016)
  • 847 gems in Gemfile.lock, 211 of which no longer exist on RubyGems
  • Asset pipeline uses Sprockets with CoffeeScript and Sass
  • Tests: 3. One passes. One is pending. One tests a feature that was removed in 2015.
  • Deployment: git push heroku master with no CI
  • Database: PostgreSQL 9.2 (EOL: November 2017)
  • The app stores passwords in MD5. Gary thought this was fine.

Proposed Approach

Option A: Incremental Upgrade

Upgrade one major version at a time: 3→4→5→6→7. Each step requires updating gems, fixing deprecations, running tests (the one that passes), and deploying.

Estimated time: 6-8 weeks Risk: High. Many gems have no upgrade path. Some gem authors have moved on to goat farming.

Option B: Rewrite

Start fresh with Rails 7. Replicate existing functionality. Migrate the database.

Estimated time: 4-6 weeks Risk: Medium. We know what the app does. Mostly. The parts we don't understand are probably important.

Option C: Leave It Alone

The app works. Nobody is complaining except the security auditors. The security auditors are always complaining.

Estimated time: 0 weeks Risk: The security auditors will not stop. They will never stop.

Recommendation

Option B (Rewrite). The codebase has too much technical debt for an incremental approach. The CoffeeScript alone would take two weeks to untangle, and nobody on the team knows CoffeeScript. We hired someone who said they knew CoffeeScript but it turned out they were thinking of TypeScript.

Open Questions

  • What does the MysteryWorker background job do? It runs every night at 3 AM and writes to a table called legacy_sync. The table has 3.2 million rows. Nobody knows what it syncs or where it syncs to.
  • Is the SMTP server at 10.0.0.47 still running? The app sends emails to it. We cannot find this server. The IP doesn't respond to pings. The emails appear to be delivered anyway.
  • Why does the User model have a is_gary boolean column?

See also: gem audit for the full dependency analysis.