saberespoder / sep-danger Goto Github PK

View Code? Open in Web Editor NEW

0.0 10.0 2.0 55 KB

Automated code review for SEP projects based on Rails

Home Page: http://saberespoder.com

License: MIT License

Ruby 100.00%

danger ruby code-review

sep-danger's Introduction

Sep::Danger

This is based on Danger and helps us automate our code-reviews. Everything is very opionated and aimed only for Rails.

Installation

Add this line to your application's Gemfile:

gem 'sep-danger'

And then execute:

$ bundle

Or install it yourself as:

$ gem install sep-danger

Usage

After you've added gem to Gemfile, just add Dangerfile to root of your project with contents:

danger.import_dangerfile(gem: 'sep-danger')

Features

Run linters on the code diff using pronto. By default the following linters are included:
- pronto-haml
- pronto-rails_best_practices
- pronto-rubocop
- pronto-stylelint with the standard stylelint config
- pronto-eslint_npm with typescript parser and the AirBnB styleguide
Any other pronto linters you have installed will also be ran
Ask for review using slack webhook (use the SLACK_REVIEW_WEBHOOK env var) unless the PR is a WIP or tests failed
Link to issue in the pull request if the branch starts with an issue number (If you keep all issues in one repository, use the DANGER_ISSUES_REPO env variable)

Releasing new version

be sure to be in master branch
Change version in version file
run rake master_release

Yes, it so simple!

Development

Automate code review process to maximize time on what matters.

Ideas for this, could be found in:

Potential security checks -> https://github.com/brunofacca/zen-rails-security-checklist
Improving our transition to more Functionality Style coding - improve checks for immutable object and/or data.
Using ruby and rails best practices

Lead maintainer for this project is @dvdbng

License

The gem is available as open source under the terms of the MIT License.

sep-danger's People

Contributors

Watchers

Forkers

fanahova dvdbng

sep-danger's Issues

From non-release to master check isn't working

Make sure nobody will user rescue => Exception

https://github.com/franzejr/best-ruby/blob/master/best_practices/using_exception_e.md

Fail if default_scope will be added

having default_scope is a common anti-pattern
i already had a lot of hours of horrible debugging due to this too

Check for possible injection attacks in app/models/ folder

Write a check that verifies inerpolation is used in where statements in code of app/models/ folder.

Don’t use standard Ruby interpolation (#{foo}) to insert user inputted strings into ActiveRecord or raw SQL queries. Use the ? character, named bind variables or the ActiveRecord::Sanitization methods to sanitize user input used in DB queries. Mitigates SQL injection attacks.
(c) https://github.com/brunofacca/zen-rails-security-checklist

"code coverage data not found" error appears in inboundsms project

I see this error popping in inboundsms, but not in survey admin project. Would be great to fix it.

Check that select { }.first is not used

https://github.com/JuanitoFatas/fast-ruby/blob/master/code/enumerable/select-first-vs-detect.rb

Integrate Fasterer into automated checks

https://github.com/DamirSvrtan/fasterer

Detect usage of Rails.env outside of application.rb and config/initializers

Check that HTTParty gem will not be used in a code

People tend to use a lot of HTTP wrapper libraries (Faraday, Mechanize, HTTParty and etc) - usually everyone has their own preferences, so codebase is polluted with different types.

I'm highly against HTTParty for now - using Net::HTTP is prefered.

Avoid using #shuffle in code

Array#shuffle.first vs Array#sample code
Array#shuffle allocates an extra array.
Array#sample indexes into the array without allocating an extra array.
This is the reason why Array#sample exists.
—— @sferik rails/rails#17245
$ ruby -v code/array/shuffle-first-vs-sample.rb
ruby 2.2.0p0 (2014-12-25 revision 49005) [x86_64-darwin14]

Calculating -------------------------------------
Array#shuffle.first 25.406k i/100ms
Array#sample 125.101k i/100ms

Array#shuffle.first 304.341k (± 4.3%) i/s - 1.524M
Array#sample 5.727M (± 8.6%) i/s - 28.523M

Comparison:
Array#sample: 5727032.0 i/s
Array#shuffle.first: 304341.1 i/s - 18.82x slower

https://github.com/JuanitoFatas/fast-ruby

Fix "debugging code found" issue

Right now Danger throws a "Debugging code found - puts" in every check; let's limit the scan to files changed in this PR, not the whole project.

If render will encourage an error that block after && will not be executed and you will not leave this method as expected.

My general advice would be to never use render :something && return and instead replace it with return render :something. Then you can avoid unexpected behavior

I think we can look for '&& return' in diff to avoid such mistakes.

Check that #delete and #destroy code is not used

We have a don't delete data policy and we're trying to use immutable data to help us achieve better concurrency. Both of these cases could be covered by checking if someone uses @delete or #destroy in their code.