Fix connection pool for Redis cache store

[lodewiges]

Hotfix for staging because publish image job is failing

Summary by CodeRabbit

Release Notes

• Chores

  • Updated OmniAuth CSRF protection configuration for request validation.
  • Removed an unused OmniAuth-related authentication dependency.
  • Optimized Redis cache pool configuration to use a consolidated pool setting.

• Style

  • Minor code formatting cleanup for consistency.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

Removed the omniauth-rails_csrf_protection gem, added built-in OmniAuth CSRF protection in an initializer, and changed Redis cache pool syntax to a consolidated pool: { size:, timeout: } format. No other behavioral changes.

Changes

Cohort / File(s)	Summary
Dependency removal Gemfile	Removed omniauth-rails_csrf_protection gem declaration.
OmniAuth CSRF configuration config/initializers/devise.rb	Added OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection.new(key: :_csrf_token) after requiring the omniauth strategy.
Redis cache config config/application.rb	Replaced separate pool_size/pool_timeout options with pool: { size: ..., timeout: 5 } for Redis cache store.
Sidekiq formatting config/initializers/sidekiq.rb	Minor whitespace change in config.redis = { literal; no behavior change.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Hotfix redis cache #1134 — Adds/adjusts Redis dependency configuration related to Redis-backed caching and may interact with the Redis cache configuration change in this PR.

Poem

🐇 I nudged a gem from the stack, soft and light,
OmniAuth now guards with its own bright sprite,
Redis pools tucked in a tidy new row,
Sidekiq whispers cleaner code as it goes,
Hoppity, hop — the app feels just right! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is incomplete and lacks required sections from the template. It is missing the checklist items, detailed summary of changes, related issues, and other important information required by the repository template.	Add the required sections: complete the checklist for database migrations, provide a detailed summary of all changes (OmniAuth CSRF protection, Redis pool config, gem removal, formatting), mention related issues using 'fixes #xyz' format, and add relevant technical context.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change in the PR: converting Redis cache pool configuration from separate options to a single pool hash, which is the primary modification in config/application.rb.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch hotfix/connectionpool-ci-bug

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 36bcce0 and 5983726.

📒 Files selected for processing (1)

• config/initializers/sidekiq.rb

✅ Files skipped from review due to trivial changes (1)

• config/initializers/sidekiq.rb

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR addresses a Redis cache store configuration issue for Rails 7.2, but also includes unrelated OmniAuth CSRF protection changes that should be in a separate PR.

• Corrects Redis cache store connection pool configuration syntax for Rails 7.2 compatibility
• Adds OmniAuth CSRF protection using built-in AuthenticityTokenProtection (unrelated to Redis fix)
• Removes omniauth-rails_csrf_protection gem dependency (unrelated to Redis fix)

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
config/application.rb	Updates Redis cache store pool configuration to use nested hash structure (pool: { size:, timeout: }) instead of flat structure
config/initializers/devise.rb	Adds OmniAuth CSRF protection configuration (unrelated to Redis pool fix)
Gemfile	Removes omniauth-rails_csrf_protection gem (unrelated to Redis pool fix)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This OmniAuth CSRF protection change is unrelated to the PR's stated purpose of fixing the Redis connection pool. These changes should be in a separate pull request focused on addressing CVE-2015-9284. Mixing unrelated changes makes it harder to review, test, and potentially revert changes if needed.

[Copilot]

The key parameter should likely be 'authenticity_token' (Rails' default CSRF token parameter name) instead of '_csrf_token'. Using a non-standard key may cause CSRF validation to fail because the OmniAuth middleware will look for a different parameter than what Rails provides. Verify that your views are generating a matching '_csrf_token' field, or update this to use the standard 'authenticity_token'.

Suggested change

	OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection.new(key: :_csrf_token)
	OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection.new(key: :authenticity_token)

[Copilot]

This Gemfile change (removing the omniauth-rails_csrf_protection gem) is unrelated to the PR's stated purpose of fixing the Redis connection pool. This should be in a separate pull request along with the related OmniAuth CSRF protection configuration changes in config/initializers/devise.rb.

Suggested change

	gem 'omniauth', '~> 2.1.4'
	gem 'omniauth', '~> 2.1.4'
	gem 'omniauth-rails_csrf_protection'

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

config/application.rb (1)

31-34: Use Float for timeout in Redis pool configuration.

The nested hash syntax is correct for Rails 7.2.3. However, timeout should be a Float (seconds), not an Integer. Change timeout: 5 to timeout: 5.0.

For improved configurability, consider using an environment variable for the timeout:

     config.cache_store = :redis_cache_store, {
       url: Rails.application.config_for(:cable)['url'],
-      pool: { size: ENV.fetch('RAILS_MAX_THREADS', 5).to_i, timeout: 5 }
+      pool: { size: ENV.fetch('RAILS_MAX_THREADS', 5).to_i, timeout: ENV.fetch('REDIS_POOL_TIMEOUT', 5.0).to_f }
     }

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a302c11 and 36bcce0.

📒 Files selected for processing (3)

• Gemfile
• config/application.rb
• config/initializers/devise.rb

💤 Files with no reviewable changes (1)

• Gemfile

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Agent
• GitHub Check: Build

🔇 Additional comments (1)

config/initializers/devise.rb (1)

15-17: OmniAuth CSRF protection configuration is correctly implemented.

The configuration using OmniAuth::AuthenticityTokenProtection.new(key: :_csrf_token) is the recommended approach for OmniAuth 2.1.4. All authentication requests include the CSRF token: the button_to link in _login_prompt.html.erb automatically includes it via Rails, and the fetch calls in login.html.erb explicitly pass the token in the X-CSRF-Token header from the meta tag. The key :_csrf_token aligns with Rails' CSRF protection pattern. No changes needed.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.62%. Comparing base (a302c11) to head (5983726).
⚠️ Report is 1 commits behind head on staging.

Additional details and impacted files

@@           Coverage Diff            @@
##           staging    #1187   +/-   ##
========================================
  Coverage    77.62%   77.62%           
========================================
  Files           54       54           
  Lines         1341     1341           
========================================
  Hits          1041     1041           
  Misses         300      300           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.