code_quality 0.2.0 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c173a4ac55a8c71df46b9adb9ba5f7e9618749fc716d66307a753eadc84e970f
-  data.tar.gz: 3da24dbd87a11a7cc44dd44d0f1290bdf54d24b1ea89630269647abe3db5b891
+  metadata.gz: 264055dd1b5ce26c7b1528294560c7a6043fdcaf029b26fca0c9bae4826b7a39
+  data.tar.gz: 286004c2c8b3bdb5f871a61713bcfe01e61ed15552ad4a2689fcfbde7031b44e
 SHA512:
-  metadata.gz: 2af8be37724eab2eb916d286d431f390e8d95a98c4d5fdd6e9da7e18424f70bba97226b5e1dccca0c75d83a6b2f2327b1c9f7f5849bef9fe8ee58e7a75fc6e08
-  data.tar.gz: 46bd00a6f06da779691f67e305c623f7fc7ff0a13fc4aeae258de03607371e7714579a5ce2664bc1ad955e0b3173c06385d3535d219002d01aa1f4042f29f178
+  metadata.gz: cfba6ed867800cc23f84ab44bff70b8405bce22bdee46c3fcbd409b680f534fae665879d1fc089dc82f48f6289d134404ba94c35c59019c99be825c1e0d0b7f8
+  data.tar.gz: 23a15669c7d41c80afd1d511686d80da0f66e3a44e1946a083f37fca691434160986eed782a7b7ece4c74dba8205f7ab0d935569ccc89faa41ca8ec7a97022bd

data/.travis.yml

@@ -1,14 +1,47 @@
-sudo: false
+################
+# CI Workflow:
+# feature development, trigger by `git push`:
+#   test -> code_audit(code_security_audit and code_quality_audit)
+#
+# feature deploy, trigger by `git push --tags`
+#   test -> deploy
+#
+# Stages:
+# - test: run `rake test`
+# - code_audit: run `code_quality security_audit` and `code_quality quality_audit`
+# - deploy: auto build and upload a gem package to rubygems.org after `git push --tags`
+#
+# Principle:
+# - fail fast
+# - done is better than perfect
+################
+
+stages:
+  - test
+  - code_audit
+  - deploy
+
 language: ruby
 rvm:
-  - 2.4.3
-before_install: gem install bundler -v 1.16.0
+  - 2.5.3
+  - 2.6.0
+before_install: gem install bundler
 
 # config GitHub OAuth Token
 env:
   global:
     secure: HLfW6QDOiyxaM7wBRDzdF9ud0Ey1EVL/rdnvt8TvM7VUbtUt4wLlCbUcIIASbxrv0AV/MtpkS4n9O/WIk3rcdndoUzoPtYBNIKI9McJuunoSxzY2pwlF7scZz0aE64OJCCshCEeaNRR5p8yw7Lw4gptsdFmceIVXyPfGEG924arSwFcAhMUnWxaIBFamH9/j2KXrq0RkagX2b4+HUqH1at4cfc/otFUbvQxaGL5eaxI+ReZU3MwO3uxAvdoWoiWpAS3NDTxJKN9GMT6a67wzbxGPERj2G75sGubwVJfvRhdh+BgjAOJjgSMaUMYn2HA9phN5Mkb0z9yaZu2RuBzEscHv8Cq8pSVHb75IvjBdk2Ovsq3R25D/jFdTPnLnJxsrWYVLDDSyJvpyc1aOcws/Ry7MEX8v+Lt0gWJraleTcfn51ulZY/cWlD8utVqvTjfjGjKEZrmYXn5nu0xTJ3vYHMttqKavh6nQxcc7cDRLbVDE5GI9PUjENNP+ZxY0ldiSQiYm+S/1OuHZP9/z6DXMhIDUFZBNSIy3dkKW5bUFQNeb40mi0muS8elqoKQ/fkumU7YmKEVrdkP6wyL6LEa4HYqFAy/glktcb1r9PTSPpE/Z40rx0wemUaPSyY/2SYp1CMoSJpIHvt2IHzrlPaSuK9UTObmtH02CRqB9R8/cURU=
 
+jobs:
+  include:
+    - stage: code_audit
+      if: branch != master
+      install: gem install code_quality --no-ri --no-rdoc
+      script:
+        - bundle install # to generate Gemfile.lock
+        - code_quality security_audit
+        - code_quality quality_audit fail_fast=false generate_index=true lowest_score=90 rubocop_max_offenses=120
+
 deploy:
   # automatically release Ruby gem to RubyGems after a successful build with `git push --tags`
   - provider: rubygems
@@ -21,9 +54,9 @@ deploy:
 
   # publish generated files to GitHub pages
   - provider: script
-    skip_cleanup: true
+    # skip_cleanup: true
     script: bin/travis-update-gh-pages.sh
     on:
       branch: master
       tags: true
-    condition: $TRAVIS_PULL_REQUEST = "false"
+    # condition: $TRAVIS_PULL_REQUEST = "false"

data/README.md

@@ -3,7 +3,7 @@
 Run code quality and security audit report with one command `code_quality`.
 
 [![Gem Version](https://badge.fury.io/rb/code_quality.svg)](https://badge.fury.io/rb/code_quality)
-[![Build Status](https://travis-ci.org/rainchen/code_quality.svg)](https://travis-ci.org/rainchen/code_quality)
+[![Build Status](https://travis-ci.com/rainchen/code_quality.svg)](https://travis-ci.com/rainchen/code_quality)
 [![HitCount](http://hits.dwyl.io/rainchen/code_quality.svg)](http://hits.dwyl.io/rainchen/code_quality)
 
 ## Principle
@@ -90,6 +90,13 @@ output example:
 
 ![](doc/imgs/code_quality_security_audit_failed_example.png)
 
+#### options for security_audit:
+
+```
+# e.g.: code_quality security_audit bundler_audit_options="--ignore CVE-2015-9284"
+# options:
+#   bundler_audit_options: pass extract options, e.g.: bundler_audit_options="--ignore CVE-2015-9284 --verbose"
+```
 
 #### work with CI
 
@@ -119,11 +126,17 @@ Then Gitlab sends notification with the failure info, for example:
 ```
 # bundler audit - checks for vulnerable versions of gems in Gemfile.lock
 code_quality security_audit:bundler_audit
+
+# with bundler_audit cli options
+code_quality security_audit:bundler_audit bundler_audit_options="--ignore CVE-2020-5267 CVE-2020-10663"
 ```
 
 ```
 # brakeman audit - checks Ruby on Rails applications for security vulnerabilities
 code_quality security_audit:brakeman
+
+# with brakeman cli options
+code_quality security_audit:brakeman brakeman_options="--skip-files app/views/"
 ```
 
 ```
@@ -182,11 +195,11 @@ output example:
 ##### options for rubocop
 
 ```
-# e.g.: code_quality quality_audit:rubocop max_offenses=100
+# e.g.: code_quality quality_audit:rubocop rubocop_max_offenses=100
 # options:
 #   config_formula: use which formula for config, supports "github, "rails" or path_to_your_local_config.yml, default is "github"
 #   cli_options: pass extract options, e.g.: cli_options="--show-cops"
-#   max_offenses: if config max_offenses then audit it with detected offenses number in report, e.g.: max_offenses=100
+#   rubocop_max_offenses: if config rubocop_max_offenses then audit it with detected offenses number in report, e.g.: rubocop_max_offenses=100
 ```
 
 output example:
@@ -215,7 +228,7 @@ output example:
 
 ```
 # run all at once
-code_quality quality_audit lowest_score=90 max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10
+code_quality quality_audit lowest_score=90 rubocop_max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10
 ```
 
 #### work with CI

data/README_for_rake.md

@@ -3,7 +3,7 @@
 Run code quality and security audit report with one rake task as `rake code_quality`.
 
 [![Gem Version](https://badge.fury.io/rb/code_quality.svg)](https://badge.fury.io/rb/code_quality)
-[![Build Status](https://travis-ci.org/rainchen/code_quality.svg)](https://travis-ci.org/rainchen/code_quality)
+[![Build Status](https://travis-ci.com/rainchen/code_quality.svg)](https://travis-ci.com/rainchen/code_quality)
 [![HitCount](http://hits.dwyl.io/rainchen/code_quality.svg)](http://hits.dwyl.io/rainchen/code_quality)
 
 ## Principle
@@ -172,11 +172,11 @@ output example:
 ##### options for rubocop
 
 ```
-# e.g.: rake code_quality:quality_audit:rubocop max_offenses=100
+# e.g.: rake code_quality:quality_audit:rubocop rubocop_max_offenses=100
 # options:
 #   config_formula: use which formula for config, supports "github, "rails" or path_to_your_local_config.yml, default is "github"
 #   cli_options: pass extract options, e.g.: cli_options="--show-cops"
-#   max_offenses: if config max_offenses then audit it with detected offenses number in report, e.g.: max_offenses=100
+#   rubocop_max_offenses: if config rubocop_max_offenses then audit it with detected offenses number in report, e.g.: rubocop_max_offenses=100
 ```
 
 output example:
@@ -205,7 +205,7 @@ output example:
 
 ```
 # run all at once
-rake code_quality:quality_audit lowest_score=90 max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10
+rake code_quality:quality_audit lowest_score=90 rubocop_max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10
 ```
 
 #### work with CI

data/Rakefile

@@ -1,7 +1,8 @@
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 
-RSpec::Core::RakeTask.new(:spec)
+RSpec::Core::RakeTask.new(:spec) # introduce `rake spec` to Run RSpec code examples
 
 task :default => :spec
+task :test => :spec # alias `rake test`
 Rake::Task.send :load, 'tasks/code_quality.rake'

data/bin/travis-update-gh-pages.sh

@@ -18,11 +18,11 @@ if [ ${TRAVIS} = "true" ]; then
   cp -Rf $HOME/tmp/code_quality/* .
 
   #setup git user
-  git config user.email "travis@travis-ci.org"
+  git config user.email "travis@travis-ci.com"
   git config user.name "Travis CI"
 
   #add, commit and push files
-  travis_build_url="https://travis-ci.org/${TRAVIS_REPO_SLUG}/builds/${TRAVIS_BUILD_ID}"
+  travis_build_url="https://travis-ci.com/${TRAVIS_REPO_SLUG}/builds/${TRAVIS_BUILD_ID}"
   git add -f .
   git commit -m "Travis CI build $travis_build_url pushed to gh-pages"
   git push -fq origin gh-pages > /dev/null

data/code_quality.gemspec

@@ -23,12 +23,13 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "bundler-audit"
   spec.add_dependency "brakeman"
-  spec.add_dependency "rubycritic", "~> 3.3.0"
-  spec.add_dependency "rubocop", "~> 0.52.0"
-  spec.add_dependency "rubocop-github", "~> 0.8.1"
-  spec.add_dependency "code_metric_fu", "~> 4.14.4"
+  spec.add_dependency "rubycritic", "~> 4.1.0"
+  spec.add_dependency "rubocop", "~> 0.70.0"
+  spec.add_dependency "rubocop-github", "~> 0.13.0"
+  # spec.add_dependency "code_metric_fu", "~> 4.14.4"
+  spec.add_dependency "metric_fu", "~> 4.13.0"
 
-  spec.add_development_dependency "bundler", "~> 1.16"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler", ">= 2.0.2"
+  spec.add_development_dependency "rake", ">= 12.3.3"
   spec.add_development_dependency "rspec", "~> 3.0"
 end

data/config/rubocop-rails.yml

@@ -1,3 +1,3 @@
 # https://github.com/rails/rails/blob/master/.rubocop.yml
 inherit_from:
-  - https://rawgit.com/rails/rails/master/.rubocop.yml
+  - https://cdn.jsdelivr.net/gh/rails/rails/.rubocop.yml

data/lib/code_quality/cli.rb

@@ -39,14 +39,20 @@ module CodeQuality
 
         OptionParser.new do |opts|
           opts.separator "Run code_quality for a ruby/rails project, e.g.:"
-          opts.separator "    code_quality lowest_score=90 max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10"
+          opts.separator "    code_quality lowest_score=90 rubocop_max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10"
           opts.separator ""
           opts.separator "Show available tasks:"
           opts.separator "    code_quality -T"
           opts.separator ""
-          opts.separator "Invoke a audit task:"
+          opts.separator "Invoke an audit task:"
           opts.separator "    code_quality AUDIT_TASK"
           opts.separator ""
+          opts.separator "Invoke all security audit tasks:"
+          opts.separator "    code_quality security_audit"
+          opts.separator ""
+          opts.separator "Invoke all quality audit tasks:"
+          opts.separator "    code_quality quality_audit"
+          opts.separator ""
           opts.separator "Advanced options:"
 
           opts.on_tail("-h", "--help", "-H", "Display this help message.") do

data/lib/code_quality/version.rb

@@ -1,3 +1,3 @@
 module CodeQuality
-  VERSION = "0.2.0"
+  VERSION = "0.5.1"
 end

data/lib/tasks/code_quality.rake

@@ -35,10 +35,13 @@ namespace :code_quality do
     end
 
     desc "bundler audit"
+    # Update the ruby-advisory-db and check Gemfile.lock
+    # options:
+    #   bundler_audit_options: pass extract CLI options, e.g.: bundler_audit_options="--ignore CVE-2020-5267 CVE-2020-10663"
     task :bundler_audit => :prepare do |task|
+      options = options_from_env(:bundler_audit_options)
       run_audit task, "bundler audit - checks for vulnerable versions of gems in Gemfile.lock" do
-        # Update the ruby-advisory-db and check Gemfile.lock
-        report = `bundle audit check --update`
+        report = `bundle audit check --update #{options[:bundler_audit_options]}`
         @report_path = "#{report_dir}/bundler-audit-report.txt"
         File.open(@report_path, 'w') {|f| f.write report }
         puts report
@@ -47,11 +50,14 @@ namespace :code_quality do
     end
 
     desc "brakeman"
+    # options:
+    #   brakeman_options: pass extract CLI options, e.g.: brakeman_options="--skip-files lib/templates/"
     task :brakeman => :prepare do |task|
+      options = options_from_env(:brakeman_options)
       require 'json'
       run_audit task, "Brakeman audit - checks Ruby on Rails applications for security vulnerabilities" do
         @report_path = "#{report_dir}/brakeman-report.txt"
-        `brakeman -o #{@report_path} -o #{report_dir}/brakeman-report.json`
+        `brakeman -o #{@report_path} -o #{report_dir}/brakeman-report.json #{options[:brakeman_options]} .`
         puts `cat #{@report_path}`
         report = JSON.parse(File.read("#{report_dir}/brakeman-report.json"))
         audit_faild "There are #{report["errors"].size} errors, must fix them ASAP." if report["errors"].any?
@@ -84,7 +90,7 @@ namespace :code_quality do
     # default tasks
     task :default => [:run_all, :resources] do; end
 
-    desc "run all audit tasks"
+    # desc "run all audit tasks"
     task :run_all => :helpers do
       options = options_from_env(:fail_fast, :generate_index)
       fail_fast = options.fetch(:fail_fast, "false")
@@ -145,14 +151,14 @@ namespace :code_quality do
     end
 
     desc "rubocop - audit coding style"
-    # e.g.: rake code_quality:quality_audit:rubocop max_offenses=100
+    # e.g.: rake code_quality:quality_audit:rubocop rubocop_max_offenses=100
     # options:
     #   config_formula: use which formula for config, supports "github, "rails" or path_to_your_local_config.yml, default is "github"
     #   cli_options: pass extract options, e.g.: cli_options="--show-cops"
-    #   max_offenses: if config max_offenses then audit it with detected offenses number in report, e.g.: max_offenses=100
+    #   rubocop_max_offenses: if config rubocop_max_offenses then audit it with detected offenses number in report, e.g.: rubocop_max_offenses=100
     task :rubocop => :prepare do |task|
       run_audit task, "rubocop - RuboCop is a Ruby static code analyzer. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide." do
-        options = options_from_env(:config_formula, :cli_options, :max_offenses)
+        options = options_from_env(:config_formula, :cli_options, :rubocop_max_offenses)
 
         config_formulas = {
           'github' => 'https://github.com/github/rubocop-github',
@@ -174,15 +180,16 @@ namespace :code_quality do
         # generate report
         report = `rubocop -c #{config_file} -S -R -P #{options[:cli_options]} --format offenses --format html -o #{report_path}`
         puts report
+        puts "Generated by RuboCop #{`rubocop --version`}"
         puts "Report generated to #{report_path}"
         show_in_browser File.realpath(report_path)
 
-        # if config max_offenses then audit it with detected offenses number in report
-        if options[:max_offenses]
+        # if config rubocop_max_offenses then audit it with detected offenses number in report
+        if options[:rubocop_max_offenses]
           if report[-20..-1] =~ /(\d+) *Total/
             detected_offenses = $1.to_i
-            max_offenses = options[:max_offenses].to_i
-            audit_faild "Detected offenses #{colorize(detected_offenses, :yellow)} is more then #{colorize(max_offenses, :yellow)}, must improve your code quality or set a lower #{colorize("max_offenses", :black, :white)}" if detected_offenses > max_offenses
+            max_offenses = options[:rubocop_max_offenses].to_i
+            audit_faild "Detected offenses #{colorize(detected_offenses, :yellow)} is more then #{colorize(max_offenses, :yellow)}, must improve your code quality or set a lower #{colorize("rubocop_max_offenses", :black, :white)}" if detected_offenses > max_offenses
           end
         end
       end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: code_quality
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.5.1
 platform: ruby
 authors:
 - RainChen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-02-01 00:00:00.000000000 Z
+date: 2020-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -44,84 +44,84 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.3.0
+        version: 4.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.3.0
+        version: 4.1.0
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.52.0
+        version: 0.70.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.52.0
+        version: 0.70.0
 - !ruby/object:Gem::Dependency
   name: rubocop-github
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.1
+        version: 0.13.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.1
+        version: 0.13.0
 - !ruby/object:Gem::Dependency
-  name: code_metric_fu
+  name: metric_fu
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.14.4
+        version: 4.13.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.14.4
+        version: 4.13.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 2.0.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 2.0.2
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -187,7 +187,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.4
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: run code quality and security audit report with one command