code_quality 0.1.3 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a916f4bb0abada23ac50bc7f78503d1231e1ff16
-  data.tar.gz: 95c0516415e45d0333ff74a1bd33da22081f66ef
+  metadata.gz: 1e3a844a3e643f804b7d26ebdade9a3996b9c69d
+  data.tar.gz: c8f60d29dffa58dccf7e27881e5520dd58b06abf
 SHA512:
-  metadata.gz: 70744748adc7192561d92fd62f97e6d376ef50ccc90d69690ef2c91bcfc5e21a5465dfcf9ce30161c511177ac2facdafa74e6a16b59917a07e3c0044d80c08e1
-  data.tar.gz: cf39d87aa7210edfb5ca1e8a60eb8975f50fda21c9b14deaa9c57ebaa9d20cfb8ae9b94bd2556f26dff9983b134d9bc650d335e545b3751c0c40e484e1490377
+  metadata.gz: 7323fd69af310eb30abfedc3f939cc8f28abf40dae23d876c4f371b6476598db5e2357e5b7323f6944928b56ccf874e48a5c98c645f90e1f861070234b1d59e8
+  data.tar.gz: aa3d23b5d413330119b9501e3f86fa25b4c00a930e45fe06b98a1bacca945587ed74032cf677ebfe0191c288db8e17cb105b60afa96140c7df4acde5ac5269bf

data/.gitignore

@@ -2,7 +2,7 @@
 /.yardoc
 /_yardoc/
 /coverage/
-/doc/
+!/doc/
 /pkg/
 /spec/reports/
 /tmp/

data/README.md

@@ -1,28 +1,237 @@
 # CodeQuality
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/code_quality`. To experiment with that code, run `bin/console` for an interactive prompt.
+Run code quality and security audit report with one rake task as `rake code_quality`.
+
+## Principle
+
+> If you can’t measure it, you can’t improve it.
 
-TODO: Delete this and the text above, and describe your gem
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'code_quality'
+group :development do
+  gem 'code_quality'
+end
 ```
 
 And then execute:
 
     $ bundle
 
-Or install it yourself as:
+## Usage
 
-    $ gem install code_quality
+To generate security audit and code quality report:
 
-## Usage
+```
+rake code_quality
+```
+
+will output report like:
+
+```
+# Code Quality Report
+
+Generated by code_quality (v0.1.3) @ 2018-01-12 16:32:20 +0800
+
+## bundler audit - checks for vulnerable versions of gems in Gemfile.lock
+
+......
+
+```
+
+[Code Quality Report Example](doc/code_quality_report_example.md)
+
+### Two major audit tasks
+
+There are 2 types of audit tasks: `security_audit` and `quality_audit`, each sub task can be run separately.
+
+In summary: 
+
+- run `rake code_quality:security_audit` to get security audit report
+- run `rake code_quality:quality_audit` to get code quality report
+
+### Report result using Markdown format
+
+You can output report using `rake code_quality > code_quality_report.md` then open it with a Markdown editor.
+
+
+
+### Security Audit
+
+Use [bundler-audit](https://rubygems.org/gems/bundler-audit) for patch-level verification for ruby projects which using `bundler`,
+ use [brakeman](https://rubygems.org/gems/brakeman) to detect security vulnerabilities for Rails applications.
+
+#### usage:
+
+```
+# run security audit tasks
+rake code_quality:security_audit
+```
+
+output example:
+
+![](doc/imgs/code_quality_security_audit_failed_example.png)
+
+
+#### work with CI
+
+Recommend setting up this task as part of a CI pipeline. For example, adding a job to stage "test" for Gitlab-CI:
+
+```
+# .gitlab-ci.yml
+code_security_audit:
+  stage: test
+  script:
+    - bundle exec rake code_quality:security_audit
+```
+Gitlab-CI pipeline example:
+
+![](doc/imgs/code_security_audit_faild_on_ci_example.png)
+
+
+#### Each sub task can be run separately
+
+```
+# bundler audit - checks for vulnerable versions of gems in Gemfile.lock
+rake code_quality:security_audit:bundler_audit
+```
+
+```
+# brakeman audit - checks Ruby on Rails applications for security vulnerabilities
+rake code_quality:security_audit:brakeman
+```
+
+```
+# show helpful URLs
+rake code_quality:security_audit:resources
+```
+
+
+### Code Quality Audit
+
+Base on these ruby code analysis gems, you can choose suitable ones for your project:
+
+- use [rubycritic](https://github.com/whitesmith/rubycritic) static analysis gems such as Reek, Flay and Flog to provide a quality report and get an evaluated score of your Ruby code.
+
+- use [rubocop](https://github.com/bbatsov/rubocop/) to audit coding style and get refactor suggestion.
+
+- use [metric_fu](https://github.com/metricfu/metric_fu) to get many kinds of code metrics from Flog, Flay, Saikuro, Churn, Reek, Roodi, Code Statistics, and Rails Best Practices. (and optionally RCov)
+
+
+In summary: 
+
+- run `rake code_quality:rubycritic` to get an evaluated score and code smells
+- run `rake code_quality:rubocop` to audit coding style and get refactor suggestions
+- run `rake code_quality:metric_fu` to get many kinds of code metrics, including rails best practice suggestions, recommend to use for rails project
+
+
+#### usage:
+
+```
+# run all code quality audit tasks
+rake code_quality:quality_audit
+```
+
+output example:
+
+![](doc/imgs/code_quality_quality_audit_example.png)
+
+[Tips] You don't have to run all audit tasks, some code metrics are the same using by rubycritic and metric_fu. You can choose them based on your needs, the more tasks will take longer running time, unless you don't care about time-consuming problem.
+
+
+#### Run audit task with audit value option
+
+Audit task will return non-zero exit status and showing failure reason when passing an audit value option and the value is lower than the result in report, for example:
+
+```
+# audit with lowest_score option
+rake code_quality:quality_audit:rubycritic lowest_score=94.5
+```
+
+output example:
+
+![](doc/imgs/code_quality_quality_audit_failed_example.png)
+
+#### Each audit task accepts different audit value options
+
+##### options for rubocop
+
+```
+# e.g.: rake code_quality:quality_audit:rubocop max_offenses=100
+# options:
+#   config_formula: use which formula for config, supports "github, "rails" or path_to_your_local_config.yml, default is "github"
+#   cli_options: pass extract options, e.g.: cli_options="--show-cops"
+#   max_offenses: if config max_offenses then audit it with detected offenses number in report, e.g.: max_offenses=100
+```
+
+output example:
+
+![](doc/imgs/code_quality_quality_audit_rubocop_failed_example.png)
+
+##### options for metric_fu
+
+```
+# e.g.: rake code_quality:quality_audit:metric_fu metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=9 roodi_max_offenses=10
+# options:
+#   metrics: default to run all metrics, can be config as: cane,churn,flay,flog,hotspots,rails_best_practices,rcov,reek,roodi,saikuro,stats
+#   flay_max_offenses: offenses number for audit
+#   cane_max_offenses: offenses number for audit
+#   rails_best_practices_max_offenses: offenses number for audit
+#   reek_max_offenses: offenses number for audit
+#   roodi_max_offenses: offenses number for audit
+```
+
+output example:
+
+![](doc/imgs/code_quality_quality_audit_metric_fu_failed_example.png)
+
+
+##### options can be joint together
+
+```
+# run all at once
+rake code_quality:quality_audit lowest_score=90 max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10
+```
+
+#### work with CI
+
+Configure audit value options that matching to your own ruby/rails project, for example:
+
+```
+# .gitlab-ci.yml
+code_quality_audit:
+  stage: test
+  script:
+    - bundle exec rake code_quality:quality_audit lowest_score=93 rails_best_practices_max_offenses=10
+
+```
+
+[Tips] Don't rely on your diligence, just let CI doing the boring/repeating/time-consuming jobs can make you more enjoyable in programming.
+
+
+#### code quality audit task report
+
+Code quality audit task report will be saved to `tmp/code_quality/quality_audit/`, and will be auto open in web browser.
+
+rubycritic report example:
+
+![](doc/imgs/rubycritic_report_example.png)
+
+rubocop report example:
+
+![](doc/imgs/rubocop_report_example.png)
+
+metric_fu report example:
+
+![](doc/imgs/metric_fu_report_example.png)
+
+metric_fu analyzed file report example:
+
+![](doc/imgs/metric_fu_file_report_example.png)
 
-TODO: Write usage instructions here
 
 ## Development
 
@@ -32,7 +241,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/code_quality.
+Bug reports and pull requests are welcome on GitHub at https://github.com/rainchen/code_quality.
 
 ## License
 

data/code_quality.gemspec

@@ -15,7 +15,7 @@ Gem::Specification.new do |spec|
   spec.license       = "MIT"
 
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
-    f.match(%r{^(test|spec|features)/})
+    f.match(%r{^(test|spec|features|doc)/})
   end
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }

data/lib/code_quality/version.rb

@@ -1,3 +1,3 @@
 module CodeQuality
-  VERSION = "0.1.3"
+  VERSION = "0.1.4"
 end

data/lib/tasks/code_quality.rake

@@ -1,4 +1,13 @@
+desc "Generate security audit and code quality report"
+task :code_quality => :"code_quality:default" do; end
 namespace :code_quality do
+  task :default => [:summary, :security_audit, :quality_audit] do; end
+
+  # desc "show summary"
+  task :summary do
+    puts "# Code Quality Report", "\n"
+    puts "Generated by code_quality (v#{CodeQuality::VERSION}) @ #{Time.now}", "\n"
+  end
 
   desc "security audit using bundler-audit, brakeman"
   task :security_audit => [:"security_audit:default"] do; end
@@ -49,16 +58,15 @@ namespace :code_quality do
         https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet
       }
       puts "## Security Resources"
-      puts refs.map { |url| "  - #{url}" }
+      puts refs.map { |url| "  - #{url}" }, "\n"
     end
   end
 
-  # TODO: code quality audit
   desc "code quality audit"
   task :quality_audit => [:"quality_audit:default"] do; end
   namespace :quality_audit do
     # default tasks
-    task :default => [:rubycritic, :rubocop, :metric_fu] do; end
+    task :default => [:rubycritic, :rubocop, :metric_fu, :resources] do; end
 
     # desc "prepare dir"
     task :prepare => :helpers do
@@ -194,6 +202,21 @@ namespace :code_quality do
         end
       end
     end
+
+    # desc "resources url"
+    task :resources do
+      refs = %w{
+        http://awesome-ruby.com/#-code-analysis-and-metrics
+        https://github.com/whitesmith/rubycritic
+        https://github.com/bbatsov/rubocop
+        https://github.com/bbatsov/ruby-style-guide
+        https://github.com/github/rubocop-github
+        https://github.com/metricfu/metric_fu
+        https://rails-bestpractices.com
+      }
+      puts "## Code Quality Resources"
+      puts refs.map { |url| "  - #{url}" }
+    end
   end
 
   # desc "helper methods"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: code_quality
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.4
 platform: ruby
 authors:
 - RainChen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-12-28 00:00:00.000000000 Z
+date: 2018-01-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -184,4 +184,3 @@ signing_key:
 specification_version: 4
 summary: run code quality and security audit report with one rake task
 test_files: []
-has_rdoc: