code_quality 0.1.3 → 0.1.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a916f4bb0abada23ac50bc7f78503d1231e1ff16
4
- data.tar.gz: 95c0516415e45d0333ff74a1bd33da22081f66ef
3
+ metadata.gz: 1e3a844a3e643f804b7d26ebdade9a3996b9c69d
4
+ data.tar.gz: c8f60d29dffa58dccf7e27881e5520dd58b06abf
5
5
  SHA512:
6
- metadata.gz: 70744748adc7192561d92fd62f97e6d376ef50ccc90d69690ef2c91bcfc5e21a5465dfcf9ce30161c511177ac2facdafa74e6a16b59917a07e3c0044d80c08e1
7
- data.tar.gz: cf39d87aa7210edfb5ca1e8a60eb8975f50fda21c9b14deaa9c57ebaa9d20cfb8ae9b94bd2556f26dff9983b134d9bc650d335e545b3751c0c40e484e1490377
6
+ metadata.gz: 7323fd69af310eb30abfedc3f939cc8f28abf40dae23d876c4f371b6476598db5e2357e5b7323f6944928b56ccf874e48a5c98c645f90e1f861070234b1d59e8
7
+ data.tar.gz: aa3d23b5d413330119b9501e3f86fa25b4c00a930e45fe06b98a1bacca945587ed74032cf677ebfe0191c288db8e17cb105b60afa96140c7df4acde5ac5269bf
data/.gitignore CHANGED
@@ -2,7 +2,7 @@
2
2
  /.yardoc
3
3
  /_yardoc/
4
4
  /coverage/
5
- /doc/
5
+ !/doc/
6
6
  /pkg/
7
7
  /spec/reports/
8
8
  /tmp/
data/README.md CHANGED
@@ -1,28 +1,237 @@
1
1
  # CodeQuality
2
2
 
3
- Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/code_quality`. To experiment with that code, run `bin/console` for an interactive prompt.
3
+ Run code quality and security audit report with one rake task as `rake code_quality`.
4
+
5
+ ## Principle
6
+
7
+ > If you can’t measure it, you can’t improve it.
4
8
 
5
- TODO: Delete this and the text above, and describe your gem
6
9
 
7
10
  ## Installation
8
11
 
9
12
  Add this line to your application's Gemfile:
10
13
 
11
14
  ```ruby
12
- gem 'code_quality'
15
+ group :development do
16
+ gem 'code_quality'
17
+ end
13
18
  ```
14
19
 
15
20
  And then execute:
16
21
 
17
22
  $ bundle
18
23
 
19
- Or install it yourself as:
24
+ ## Usage
20
25
 
21
- $ gem install code_quality
26
+ To generate security audit and code quality report:
22
27
 
23
- ## Usage
28
+ ```
29
+ rake code_quality
30
+ ```
31
+
32
+ will output report like:
33
+
34
+ ```
35
+ # Code Quality Report
36
+
37
+ Generated by code_quality (v0.1.3) @ 2018-01-12 16:32:20 +0800
38
+
39
+ ## bundler audit - checks for vulnerable versions of gems in Gemfile.lock
40
+
41
+ ......
42
+
43
+ ```
44
+
45
+ [Code Quality Report Example](doc/code_quality_report_example.md)
46
+
47
+ ### Two major audit tasks
48
+
49
+ There are 2 types of audit tasks: `security_audit` and `quality_audit`, each sub task can be run separately.
50
+
51
+ In summary:
52
+
53
+ - run `rake code_quality:security_audit` to get security audit report
54
+ - run `rake code_quality:quality_audit` to get code quality report
55
+
56
+ ### Report result using Markdown format
57
+
58
+ You can output report using `rake code_quality > code_quality_report.md` then open it with a Markdown editor.
59
+
60
+
61
+
62
+ ### Security Audit
63
+
64
+ Use [bundler-audit](https://rubygems.org/gems/bundler-audit) for patch-level verification for ruby projects which using `bundler`,
65
+ use [brakeman](https://rubygems.org/gems/brakeman) to detect security vulnerabilities for Rails applications.
66
+
67
+ #### usage:
68
+
69
+ ```
70
+ # run security audit tasks
71
+ rake code_quality:security_audit
72
+ ```
73
+
74
+ output example:
75
+
76
+ ![](doc/imgs/code_quality_security_audit_failed_example.png)
77
+
78
+
79
+ #### work with CI
80
+
81
+ Recommend setting up this task as part of a CI pipeline. For example, adding a job to stage "test" for Gitlab-CI:
82
+
83
+ ```
84
+ # .gitlab-ci.yml
85
+ code_security_audit:
86
+ stage: test
87
+ script:
88
+ - bundle exec rake code_quality:security_audit
89
+ ```
90
+ Gitlab-CI pipeline example:
91
+
92
+ ![](doc/imgs/code_security_audit_faild_on_ci_example.png)
93
+
94
+
95
+ #### Each sub task can be run separately
96
+
97
+ ```
98
+ # bundler audit - checks for vulnerable versions of gems in Gemfile.lock
99
+ rake code_quality:security_audit:bundler_audit
100
+ ```
101
+
102
+ ```
103
+ # brakeman audit - checks Ruby on Rails applications for security vulnerabilities
104
+ rake code_quality:security_audit:brakeman
105
+ ```
106
+
107
+ ```
108
+ # show helpful URLs
109
+ rake code_quality:security_audit:resources
110
+ ```
111
+
112
+
113
+ ### Code Quality Audit
114
+
115
+ Base on these ruby code analysis gems, you can choose suitable ones for your project:
116
+
117
+ - use [rubycritic](https://github.com/whitesmith/rubycritic) static analysis gems such as Reek, Flay and Flog to provide a quality report and get an evaluated score of your Ruby code.
118
+
119
+ - use [rubocop](https://github.com/bbatsov/rubocop/) to audit coding style and get refactor suggestion.
120
+
121
+ - use [metric_fu](https://github.com/metricfu/metric_fu) to get many kinds of code metrics from Flog, Flay, Saikuro, Churn, Reek, Roodi, Code Statistics, and Rails Best Practices. (and optionally RCov)
122
+
123
+
124
+ In summary:
125
+
126
+ - run `rake code_quality:rubycritic` to get an evaluated score and code smells
127
+ - run `rake code_quality:rubocop` to audit coding style and get refactor suggestions
128
+ - run `rake code_quality:metric_fu` to get many kinds of code metrics, including rails best practice suggestions, recommend to use for rails project
129
+
130
+
131
+ #### usage:
132
+
133
+ ```
134
+ # run all code quality audit tasks
135
+ rake code_quality:quality_audit
136
+ ```
137
+
138
+ output example:
139
+
140
+ ![](doc/imgs/code_quality_quality_audit_example.png)
141
+
142
+ [Tips] You don't have to run all audit tasks, some code metrics are the same using by rubycritic and metric_fu. You can choose them based on your needs, the more tasks will take longer running time, unless you don't care about time-consuming problem.
143
+
144
+
145
+ #### Run audit task with audit value option
146
+
147
+ Audit task will return non-zero exit status and showing failure reason when passing an audit value option and the value is lower than the result in report, for example:
148
+
149
+ ```
150
+ # audit with lowest_score option
151
+ rake code_quality:quality_audit:rubycritic lowest_score=94.5
152
+ ```
153
+
154
+ output example:
155
+
156
+ ![](doc/imgs/code_quality_quality_audit_failed_example.png)
157
+
158
+ #### Each audit task accepts different audit value options
159
+
160
+ ##### options for rubocop
161
+
162
+ ```
163
+ # e.g.: rake code_quality:quality_audit:rubocop max_offenses=100
164
+ # options:
165
+ # config_formula: use which formula for config, supports "github, "rails" or path_to_your_local_config.yml, default is "github"
166
+ # cli_options: pass extract options, e.g.: cli_options="--show-cops"
167
+ # max_offenses: if config max_offenses then audit it with detected offenses number in report, e.g.: max_offenses=100
168
+ ```
169
+
170
+ output example:
171
+
172
+ ![](doc/imgs/code_quality_quality_audit_rubocop_failed_example.png)
173
+
174
+ ##### options for metric_fu
175
+
176
+ ```
177
+ # e.g.: rake code_quality:quality_audit:metric_fu metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=9 roodi_max_offenses=10
178
+ # options:
179
+ # metrics: default to run all metrics, can be config as: cane,churn,flay,flog,hotspots,rails_best_practices,rcov,reek,roodi,saikuro,stats
180
+ # flay_max_offenses: offenses number for audit
181
+ # cane_max_offenses: offenses number for audit
182
+ # rails_best_practices_max_offenses: offenses number for audit
183
+ # reek_max_offenses: offenses number for audit
184
+ # roodi_max_offenses: offenses number for audit
185
+ ```
186
+
187
+ output example:
188
+
189
+ ![](doc/imgs/code_quality_quality_audit_metric_fu_failed_example.png)
190
+
191
+
192
+ ##### options can be joint together
193
+
194
+ ```
195
+ # run all at once
196
+ rake code_quality:quality_audit lowest_score=90 max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10
197
+ ```
198
+
199
+ #### work with CI
200
+
201
+ Configure audit value options that matching to your own ruby/rails project, for example:
202
+
203
+ ```
204
+ # .gitlab-ci.yml
205
+ code_quality_audit:
206
+ stage: test
207
+ script:
208
+ - bundle exec rake code_quality:quality_audit lowest_score=93 rails_best_practices_max_offenses=10
209
+
210
+ ```
211
+
212
+ [Tips] Don't rely on your diligence, just let CI doing the boring/repeating/time-consuming jobs can make you more enjoyable in programming.
213
+
214
+
215
+ #### code quality audit task report
216
+
217
+ Code quality audit task report will be saved to `tmp/code_quality/quality_audit/`, and will be auto open in web browser.
218
+
219
+ rubycritic report example:
220
+
221
+ ![](doc/imgs/rubycritic_report_example.png)
222
+
223
+ rubocop report example:
224
+
225
+ ![](doc/imgs/rubocop_report_example.png)
226
+
227
+ metric_fu report example:
228
+
229
+ ![](doc/imgs/metric_fu_report_example.png)
230
+
231
+ metric_fu analyzed file report example:
232
+
233
+ ![](doc/imgs/metric_fu_file_report_example.png)
24
234
 
25
- TODO: Write usage instructions here
26
235
 
27
236
  ## Development
28
237
 
@@ -32,7 +241,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
32
241
 
33
242
  ## Contributing
34
243
 
35
- Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/code_quality.
244
+ Bug reports and pull requests are welcome on GitHub at https://github.com/rainchen/code_quality.
36
245
 
37
246
  ## License
38
247
 
@@ -15,7 +15,7 @@ Gem::Specification.new do |spec|
15
15
  spec.license = "MIT"
16
16
 
17
17
  spec.files = `git ls-files -z`.split("\x0").reject do |f|
18
- f.match(%r{^(test|spec|features)/})
18
+ f.match(%r{^(test|spec|features|doc)/})
19
19
  end
20
20
  spec.bindir = "exe"
21
21
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
@@ -1,3 +1,3 @@
1
1
  module CodeQuality
2
- VERSION = "0.1.3"
2
+ VERSION = "0.1.4"
3
3
  end
@@ -1,4 +1,13 @@
1
+ desc "Generate security audit and code quality report"
2
+ task :code_quality => :"code_quality:default" do; end
1
3
  namespace :code_quality do
4
+ task :default => [:summary, :security_audit, :quality_audit] do; end
5
+
6
+ # desc "show summary"
7
+ task :summary do
8
+ puts "# Code Quality Report", "\n"
9
+ puts "Generated by code_quality (v#{CodeQuality::VERSION}) @ #{Time.now}", "\n"
10
+ end
2
11
 
3
12
  desc "security audit using bundler-audit, brakeman"
4
13
  task :security_audit => [:"security_audit:default"] do; end
@@ -49,16 +58,15 @@ namespace :code_quality do
49
58
  https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet
50
59
  }
51
60
  puts "## Security Resources"
52
- puts refs.map { |url| " - #{url}" }
61
+ puts refs.map { |url| " - #{url}" }, "\n"
53
62
  end
54
63
  end
55
64
 
56
- # TODO: code quality audit
57
65
  desc "code quality audit"
58
66
  task :quality_audit => [:"quality_audit:default"] do; end
59
67
  namespace :quality_audit do
60
68
  # default tasks
61
- task :default => [:rubycritic, :rubocop, :metric_fu] do; end
69
+ task :default => [:rubycritic, :rubocop, :metric_fu, :resources] do; end
62
70
 
63
71
  # desc "prepare dir"
64
72
  task :prepare => :helpers do
@@ -194,6 +202,21 @@ namespace :code_quality do
194
202
  end
195
203
  end
196
204
  end
205
+
206
+ # desc "resources url"
207
+ task :resources do
208
+ refs = %w{
209
+ http://awesome-ruby.com/#-code-analysis-and-metrics
210
+ https://github.com/whitesmith/rubycritic
211
+ https://github.com/bbatsov/rubocop
212
+ https://github.com/bbatsov/ruby-style-guide
213
+ https://github.com/github/rubocop-github
214
+ https://github.com/metricfu/metric_fu
215
+ https://rails-bestpractices.com
216
+ }
217
+ puts "## Code Quality Resources"
218
+ puts refs.map { |url| " - #{url}" }
219
+ end
197
220
  end
198
221
 
199
222
  # desc "helper methods"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: code_quality
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - RainChen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-12-28 00:00:00.000000000 Z
11
+ date: 2018-01-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler-audit
@@ -184,4 +184,3 @@ signing_key:
184
184
  specification_version: 4
185
185
  summary: run code quality and security audit report with one rake task
186
186
  test_files: []
187
- has_rdoc: