code_quality 0.3.0 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eace4c0b5c37da862ea1badeb54ef4f0163236d4f3b73134cbe7dfea9830de86
-  data.tar.gz: 2927bcc4f3ddff5ff6c142bfdb5835f2fafba593148c547d6e8ca6142d111df4
+  metadata.gz: 82b05acfe1e3b4d101666ee1c859db0d370be07a6c9a8e4412dd8f7217d8de79
+  data.tar.gz: 742bd0c94490f950f108a62d7c5a90a723e5f00267c67946715dbaca4d5dbbd4
 SHA512:
-  metadata.gz: ce5e2c0afa00141987f63bbfaedfbffd7595fe1b888f9dfa90816e1de0a3b8ffd83097ddec857656ce79452417174a37b06e723e0e0891f82dccc3beba52a927
-  data.tar.gz: 8d318b6278cf2111400c19c0dc296c572fe6a2a3855bc22850b40bc352d2ff060330e7b8086d1562f9122c201ca1a4057d484eaff321bee1b413100f2c19d622
+  metadata.gz: 8c7a79c758e3adfab26a81847aeb5bd0d749c03b48e45cb9e7a5429c01441af3aa1852a70903d466b18c91353c64b72eb3c7ec4bba315015cc34e0dd20296728
+  data.tar.gz: 31f70202ff9a4edd1f9240a64bfcfa1a96bb8b5515a6ed2b91b250a4a70d0444a41022ed77bf085b8dbdb99d62a0b29afaa39f4240b321345bfe7056c9f53f9f

data/.travis.yml

@@ -1,14 +1,47 @@
-sudo: false
+################
+# CI Workflow:
+# feature development, trigger by `git push`:
+#   test -> code_audit(code_security_audit and code_quality_audit)
+#
+# feature deploy, trigger by `git push --tags`
+#   test -> deploy
+#
+# Stages:
+# - test: run `rake test`
+# - code_audit: run `code_quality security_audit` and `code_quality quality_audit`
+# - deploy: auto build and upload a gem package to rubygems.org after `git push --tags`
+#
+# Principle:
+# - fail fast
+# - done is better than perfect
+################
+
+stages:
+  - test
+  - code_audit
+  - deploy
+
 language: ruby
 rvm:
-  - 2.4.3
-before_install: gem install bundler -v 1.16.0
+  - 2.5.3
+  - 2.6.0
+before_install: gem install bundler
 
 # config GitHub OAuth Token
 env:
   global:
     secure: HLfW6QDOiyxaM7wBRDzdF9ud0Ey1EVL/rdnvt8TvM7VUbtUt4wLlCbUcIIASbxrv0AV/MtpkS4n9O/WIk3rcdndoUzoPtYBNIKI9McJuunoSxzY2pwlF7scZz0aE64OJCCshCEeaNRR5p8yw7Lw4gptsdFmceIVXyPfGEG924arSwFcAhMUnWxaIBFamH9/j2KXrq0RkagX2b4+HUqH1at4cfc/otFUbvQxaGL5eaxI+ReZU3MwO3uxAvdoWoiWpAS3NDTxJKN9GMT6a67wzbxGPERj2G75sGubwVJfvRhdh+BgjAOJjgSMaUMYn2HA9phN5Mkb0z9yaZu2RuBzEscHv8Cq8pSVHb75IvjBdk2Ovsq3R25D/jFdTPnLnJxsrWYVLDDSyJvpyc1aOcws/Ry7MEX8v+Lt0gWJraleTcfn51ulZY/cWlD8utVqvTjfjGjKEZrmYXn5nu0xTJ3vYHMttqKavh6nQxcc7cDRLbVDE5GI9PUjENNP+ZxY0ldiSQiYm+S/1OuHZP9/z6DXMhIDUFZBNSIy3dkKW5bUFQNeb40mi0muS8elqoKQ/fkumU7YmKEVrdkP6wyL6LEa4HYqFAy/glktcb1r9PTSPpE/Z40rx0wemUaPSyY/2SYp1CMoSJpIHvt2IHzrlPaSuK9UTObmtH02CRqB9R8/cURU=
 
+jobs:
+  include:
+    - stage: code_audit
+      if: branch != master
+      install: gem install code_quality --no-ri --no-rdoc
+      script:
+        - bundle install # to generate Gemfile.lock
+        - code_quality security_audit
+        - code_quality quality_audit fail_fast=false generate_index=true lowest_score=90 rubocop_max_offenses=120
+
 deploy:
   # automatically release Ruby gem to RubyGems after a successful build with `git push --tags`
   - provider: rubygems
@@ -21,9 +54,9 @@ deploy:
 
   # publish generated files to GitHub pages
   - provider: script
-    skip_cleanup: true
+    # skip_cleanup: true
     script: bin/travis-update-gh-pages.sh
     on:
       branch: master
       tags: true
-    condition: $TRAVIS_PULL_REQUEST = "false"
+    # condition: $TRAVIS_PULL_REQUEST = "false"

data/README.md

@@ -3,7 +3,7 @@
 Run code quality and security audit report with one command `code_quality`.
 
 [![Gem Version](https://badge.fury.io/rb/code_quality.svg)](https://badge.fury.io/rb/code_quality)
-[![Build Status](https://travis-ci.org/rainchen/code_quality.svg)](https://travis-ci.org/rainchen/code_quality)
+[![Build Status](https://travis-ci.com/rainchen/code_quality.svg)](https://travis-ci.com/rainchen/code_quality)
 [![HitCount](http://hits.dwyl.io/rainchen/code_quality.svg)](http://hits.dwyl.io/rainchen/code_quality)
 
 ## Principle
@@ -90,6 +90,13 @@ output example:
 
 ![](doc/imgs/code_quality_security_audit_failed_example.png)
 
+#### options for security_audit:
+
+```
+# e.g.: code_quality security_audit bundler_audit_options="--ignore CVE-2015-9284"
+# options:
+#   bundler_audit_options: pass extract options, e.g.: bundler_audit_options="--ignore CVE-2015-9284 --verbose"
+```
 
 #### work with CI
 
@@ -119,11 +126,17 @@ Then Gitlab sends notification with the failure info, for example:
 ```
 # bundler audit - checks for vulnerable versions of gems in Gemfile.lock
 code_quality security_audit:bundler_audit
+
+# with bundler_audit cli options
+code_quality security_audit:bundler_audit bundler_audit_options="--ignore CVE-2020-5267 CVE-2020-10663"
 ```
 
 ```
 # brakeman audit - checks Ruby on Rails applications for security vulnerabilities
 code_quality security_audit:brakeman
+
+# with brakeman cli options
+code_quality security_audit:brakeman brakeman_options="--skip-files app/views/"
 ```
 
 ```

data/README_for_rake.md

@@ -3,7 +3,7 @@
 Run code quality and security audit report with one rake task as `rake code_quality`.
 
 [![Gem Version](https://badge.fury.io/rb/code_quality.svg)](https://badge.fury.io/rb/code_quality)
-[![Build Status](https://travis-ci.org/rainchen/code_quality.svg)](https://travis-ci.org/rainchen/code_quality)
+[![Build Status](https://travis-ci.com/rainchen/code_quality.svg)](https://travis-ci.com/rainchen/code_quality)
 [![HitCount](http://hits.dwyl.io/rainchen/code_quality.svg)](http://hits.dwyl.io/rainchen/code_quality)
 
 ## Principle

data/Rakefile

@@ -1,7 +1,8 @@
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 
-RSpec::Core::RakeTask.new(:spec)
+RSpec::Core::RakeTask.new(:spec) # introduce `rake spec` to Run RSpec code examples
 
 task :default => :spec
+task :test => :spec # alias `rake test`
 Rake::Task.send :load, 'tasks/code_quality.rake'

data/app/views/code_quality/index.html.erb

@@ -8,7 +8,7 @@
 
 <ul>
 <% @audit_tasks.each do |task_name, report| %>
-  <li>[<%= report[:failure].empty? ? "✓" : "✗" %>] <a href="<%= report[:report_path] %>"><%= task_name %></a> <%= report[:failure] %></li>
+  <li>[<%= report[:failure].empty? ? "&#x2713;" : "&#x2717;" %>] <a href="<%= report[:report_path] %>"><%= task_name %></a> <%= report[:failure] %></li>
 <% end %>
 </ul>
 

data/bin/travis-update-gh-pages.sh

@@ -18,11 +18,11 @@ if [ ${TRAVIS} = "true" ]; then
   cp -Rf $HOME/tmp/code_quality/* .
 
   #setup git user
-  git config user.email "travis@travis-ci.org"
+  git config user.email "travis@travis-ci.com"
   git config user.name "Travis CI"
 
   #add, commit and push files
-  travis_build_url="https://travis-ci.org/${TRAVIS_REPO_SLUG}/builds/${TRAVIS_BUILD_ID}"
+  travis_build_url="https://travis-ci.com/${TRAVIS_REPO_SLUG}/builds/${TRAVIS_BUILD_ID}"
   git add -f .
   git commit -m "Travis CI build $travis_build_url pushed to gh-pages"
   git push -fq origin gh-pages > /dev/null

data/code_quality.gemspec

@@ -23,12 +23,13 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "bundler-audit"
   spec.add_dependency "brakeman"
-  spec.add_dependency "rubycritic", "~> 3.3.0"
-  spec.add_dependency "rubocop", "~> 0.52.0"
-  spec.add_dependency "rubocop-github", "~> 0.8.1"
-  spec.add_dependency "code_metric_fu", "~> 4.14.4"
+  spec.add_dependency "rubycritic", "~> 4.1.0"
+  spec.add_dependency "rubocop", "~> 0.70.0"
+  spec.add_dependency "rubocop-github", "~> 0.13.0"
+  # spec.add_dependency "code_metric_fu", "~> 4.14.4"
+  spec.add_dependency "metric_fu", "~> 4.13.0"
 
-  spec.add_development_dependency "bundler", "~> 1.16"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler", ">= 2.0.2"
+  spec.add_development_dependency "rake", ">= 12.3.3"
   spec.add_development_dependency "rspec", "~> 3.0"
 end

data/config/rubocop-rails.yml

@@ -1,3 +1,3 @@
 # https://github.com/rails/rails/blob/master/.rubocop.yml
 inherit_from:
-  - https://rawgit.com/rails/rails/master/.rubocop.yml
+  - https://cdn.jsdelivr.net/gh/rails/rails/.rubocop.yml

data/lib/code_quality/cli.rb

@@ -39,14 +39,20 @@ module CodeQuality
 
         OptionParser.new do |opts|
           opts.separator "Run code_quality for a ruby/rails project, e.g.:"
-          opts.separator "    code_quality lowest_score=90 max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10"
+          opts.separator "    code_quality lowest_score=90 rubocop_max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10"
           opts.separator ""
           opts.separator "Show available tasks:"
           opts.separator "    code_quality -T"
           opts.separator ""
-          opts.separator "Invoke a audit task:"
+          opts.separator "Invoke an audit task:"
           opts.separator "    code_quality AUDIT_TASK"
           opts.separator ""
+          opts.separator "Invoke all security audit tasks:"
+          opts.separator "    code_quality security_audit"
+          opts.separator ""
+          opts.separator "Invoke all quality audit tasks:"
+          opts.separator "    code_quality quality_audit"
+          opts.separator ""
           opts.separator "Advanced options:"
 
           opts.on_tail("-h", "--help", "-H", "Display this help message.") do

data/lib/code_quality/version.rb

@@ -1,3 +1,3 @@
 module CodeQuality
-  VERSION = "0.3.0"
+  VERSION = "0.5.2"
 end

data/lib/tasks/code_quality.rake

@@ -35,10 +35,13 @@ namespace :code_quality do
     end
 
     desc "bundler audit"
+    # Update the ruby-advisory-db and check Gemfile.lock
+    # options:
+    #   bundler_audit_options: pass extract CLI options, e.g.: bundler_audit_options="--ignore CVE-2020-5267 CVE-2020-10663"
     task :bundler_audit => :prepare do |task|
+      options = options_from_env(:bundler_audit_options)
       run_audit task, "bundler audit - checks for vulnerable versions of gems in Gemfile.lock" do
-        # Update the ruby-advisory-db and check Gemfile.lock
-        report = `bundle audit check --update`
+        report = `bundle audit check --update #{options[:bundler_audit_options]}`
         @report_path = "#{report_dir}/bundler-audit-report.txt"
         File.open(@report_path, 'w') {|f| f.write report }
         puts report
@@ -47,11 +50,14 @@ namespace :code_quality do
     end
 
     desc "brakeman"
+    # options:
+    #   brakeman_options: pass extract CLI options, e.g.: brakeman_options="--skip-files lib/templates/"
     task :brakeman => :prepare do |task|
+      options = options_from_env(:brakeman_options)
       require 'json'
       run_audit task, "Brakeman audit - checks Ruby on Rails applications for security vulnerabilities" do
         @report_path = "#{report_dir}/brakeman-report.txt"
-        `brakeman -o #{@report_path} -o #{report_dir}/brakeman-report.json`
+        `brakeman -o #{@report_path} -o #{report_dir}/brakeman-report.json #{options[:brakeman_options]} .`
         puts `cat #{@report_path}`
         report = JSON.parse(File.read("#{report_dir}/brakeman-report.json"))
         audit_faild "There are #{report["errors"].size} errors, must fix them ASAP." if report["errors"].any?
@@ -84,7 +90,7 @@ namespace :code_quality do
     # default tasks
     task :default => [:run_all, :resources] do; end
 
-    desc "run all audit tasks"
+    # desc "run all audit tasks"
     task :run_all => :helpers do
       options = options_from_env(:fail_fast, :generate_index)
       fail_fast = options.fetch(:fail_fast, "false")
@@ -174,6 +180,7 @@ namespace :code_quality do
         # generate report
         report = `rubocop -c #{config_file} -S -R -P #{options[:cli_options]} --format offenses --format html -o #{report_path}`
         puts report
+        puts "Generated by RuboCop #{`rubocop --version`}"
         puts "Report generated to #{report_path}"
         show_in_browser File.realpath(report_path)
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: code_quality
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.2
 platform: ruby
 authors:
 - RainChen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-02-28 00:00:00.000000000 Z
+date: 2020-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -44,84 +44,84 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.3.0
+        version: 4.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.3.0
+        version: 4.1.0
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.52.0
+        version: 0.70.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.52.0
+        version: 0.70.0
 - !ruby/object:Gem::Dependency
   name: rubocop-github
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.1
+        version: 0.13.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.1
+        version: 0.13.0
 - !ruby/object:Gem::Dependency
-  name: code_metric_fu
+  name: metric_fu
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.14.4
+        version: 4.13.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.14.4
+        version: 4.13.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 2.0.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 2.0.2
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -187,7 +187,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: run code quality and security audit report with one command