Deep Ruby on Rails expertise
Azati has extensive experience developing and maintaining Ruby on Rails applications, including complex multi-version upgrade paths and legacy codebase modernization without rewrites.
All technologies used
Ruby on Rails
Ruby
JavaScript
PostgreSQL
Elasticsearch
Docker
Redis
About the client
The client is a DevOps managed services provider running 24/7 server infrastructure support for external clients. To manage their operations internally, they built a heavily customized Redmine platform, spanning task management, time tracking, SLA reporting, and billing, that over time became too complex and business-critical to maintain without dedicated Ruby on Rails expertise.
Business challenge
Challenge 01
Outdated, high-risk stack
The platform ran on legacy versions of Ruby, Rails, Redmine, Sidekiq, and Redis, with known security vulnerabilities and growing incompatibility risks across the whole ecosystem.
#1
Challenge 02
Near-zero test coverage
The codebase had almost no automated tests and sparse documentation for custom business logic, making a safe major upgrade appear nearly impossible without breaking things.
#2
Challenge 03
Complex plugin ecosystem at risk
30+ custom and commercial plugins needed to keep working post-migration, each with unique integrations, interdependencies, and zero safety net from tests.
#3
The client's requirements
The company needed a seasoned Ruby on Rails partner able to step in, learn the system quickly, and take full ownership of its development and stability. Specifically:
- Develop new Redmine plugins and extend existing ones to support evolving internal workflows
- Maintain and bugfix the existing plugin ecosystem without disrupting live operations
- Upgrade Redmine and all underlying dependencies to current, supported versions
- Migrate the entire system to new server infrastructure without service interruption
- Close known security vulnerabilities introduced by outdated library versions
- Partially document business logic to make future changes safer and faster
Why Azati?
Redmine plugin development track record
The team had prior hands-on experience building and adapting Redmine plugins, understanding the framework's extension points, hook system, and engine-level constraints across versions.
Proven approach to low-coverage codebases
Azati has a structured methodology for navigating upgrades with minimal or absent test coverage, audit-first, incremental change, manual verification tracking, which was directly applicable here.
Running a customized Redmine that's falling behind?
Worried about upgrading without breaking business-critical workflows?
Let's plan your Rails migrationSolution
Rather than proposing a rewrite, risky given the absence of tests and the deeply embedded business logic, Azati chose an audit-first, incremental approach: understand the system fully before touching it, then upgrade and adapt component by component.
01
System audit and plugin inventory
Azati started by mapping the full plugin ecosystem, all 30+ plugins, their dependencies, compatibility status, and business logic. Since automated tests were nearly absent, the team built a manual verification tracking process to safely account for each component during migration.
Key capabilities:
- Custom, open-source, and RedmineUP plugins catalogued
- Plugin dependencies and interdependencies documented
- Deprecated logic and incompatible gems identified upfront
02
Full-stack migration to new infrastructure
All system components were migrated to new AlmaLinux 9 servers. Production and staging databases were separated onto dedicated servers for the first time, improving isolation and making future deployments safer.
Key capabilities:
- PostgreSQL 14, prod/stage databases separated
- Redis upgraded from 5.0.7 to 8.4.0
- sidekiq-rate-limiter replaced with sidekiq-throttled + live UI
- Cron configs cleaned up and restructured
03
Ruby, Rails, and Redmine upgrade
The core application stack was upgraded across all major versions, Ruby 2.7 to 3.3.10, Rails 6.1 to 7.2.3, Redmine to 6.1.1, and Sidekiq from 5.2.9 to 7.3.9. Deprecated logic was identified and fixed throughout, and CI pipelines for the redmine_centosadmin plugins were repaired.
Key capabilities:
- Deprecated API calls resolved for Ruby 3 and Rails 7
- Broken CI pipelines for in-house plugins repaired
- All four RedmineUP commercial plugins updated
04
Plugin adaptation and ecosystem stabilization
Every custom and third-party plugin was verified, adapted, and tested against the new environment. Integrations including Telegram (via TDLib), Jira, GitLab, Mattermost, Prometheus, Elasticsearch, and the client's own CRM were validated end-to-end.
Key capabilities:
- Telegram notifications, 2FA, and TDLib bot adapted
- Elasticsearch and Sidekiq job configs updated
- CRM sync, encrypted storage, and role-based wiki access confirmed
05
Ongoing feature development and maintenance
Beyond the migration, Azati continued developing new plugins and extending existing ones, automation features, SLA reporting, and team efficiency tracking.
Key capabilities:
- New automation features: task scheduling, checklists, SLA reports
- Targeted test coverage added on Azati's initiative
- Ongoing support and bugfix cycle continues
Major achievements
| Metric | Before | After |
|---|---|---|
| Redmine | Legacy | 6.1.1 |
| Ruby | 2.7 | 3.3.10 |
| Rails | 6.1 | 7.2.3 |
| Sidekiq | 5.2.9 | 7.3.9 |
| Redis | 5.0.7 | 8.4.0 |
| PostgreSQL | Legacy | 14 (prod/stage separated) |
| OS / servers | Legacy | AlmaLinux 9 |
Security
The platform is secured with SSL/TLS encryption, SSH access controls, and OAuth 2.0 authentication, with role-based access enforced across all sensitive data, including encrypted credential storage and protected wiki documentation. Upgrading to fully supported versions of Ruby, Rails, and Redmine closed a backlog of known CVEs that had accumulated on the legacy stack.
Engagement & delivery
Time & Materials engagement
The T&M model was the natural fit for this project, the scope of plugin maintenance, upgrades, and new feature development evolved continuously as the client's internal workflows grew. This allowed Azati to respond to shifting priorities without renegotiating contracts, keeping delivery predictable while staying flexible.
Continuous delivery
The nature of the engagement required an ongoing, flow-based approach rather than fixed sprints:
- Parallel workstreams: active feature development alongside migration and bugfixes
- Incremental plugin verification and adaptation without blocking live operations
- Rapid response to production issues on a business-critical platform
- Transparent task tracking directly within the client's own Redmine instance
Results & business impact
Full-stack upgrade, zero disruption: All major components, Ruby, Rails, Redmine, Sidekiq, Redis, PostgreSQL, upgraded without interrupting client workflows, SLA delivery, or internal operations.
Security vulnerabilities closed: Migration to actively maintained releases of Ruby, Rails, and Redmine eliminated a backlog of known CVEs inherited from the legacy stack.
30+ plugins preserved: Every custom, open-source, and commercial plugin was verified, adapted, and confirmed functional in the new environment.
Modernized infrastructure: Full migration to AlmaLinux 9 servers with separated prod/staging databases, improving deployment safety and environment isolation.
Operational visibility gained: Sidekiq queue monitoring replaced with sidekiq-throttled, providing a live dashboard and eliminating a long-standing blind spot in job processing.
Automation extended: New and updated plugins cover task scheduling, checklists, SLA report generation, and CRM sync, directly supporting the client's DevOps workflows.
Foundation for safer changes: Targeted test coverage introduced on critical paths on Azati's initiative, reducing regression risk for future development.
Strategic wins
The choice of incremental upgrade over a full rewrite ensured:
Security posture restored
Upgrading to fully supported versions of Ruby, Rails, and Redmine closed a backlog of known CVEs. The platform is no longer running on components that receive no security patches, a meaningful risk reduction for a system handling sensitive infrastructure access and client data.
Extended platform lifetime
The incremental upgrade strategy preserved years of embedded business logic, SLA rules, billing automation, and CRM integrations, while bringing the platform fully up to date. The system can now evolve safely for years to come without a costly rewrite.
Stable, scalable infrastructure
Separating production and staging databases, migrating to modern AlmaLinux 9 servers, and eliminating unsupported dependencies gives the team a well-isolated foundation, reducing the risk of environment-level incidents as the client's customer base grows.
Specialized talent on demand
The client gained long-term access to Redmine plugin expertise, Telegram API and TDLib integration skills, and a proven Rails upgrade methodology, capabilities that are rare to find and difficult to build in-house for a team focused entirely on infrastructure services.
