code_quality 0.1.9 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4d634f37e3805714ba3225cbde5d3db73b7fcb469589c633e56ee11eabb0b7b5
-  data.tar.gz: 4986eb8f07b233f6bfa5b69e73218afa675c8340c4043f941d0866c7c7b877fa
+  metadata.gz: c173a4ac55a8c71df46b9adb9ba5f7e9618749fc716d66307a753eadc84e970f
+  data.tar.gz: 3da24dbd87a11a7cc44dd44d0f1290bdf54d24b1ea89630269647abe3db5b891
 SHA512:
-  metadata.gz: 2173a13b383cbf4f80b1c9dbf8f03d7ea6e13001ce9444e8a26eb6347d8d22a3ef920c3bef23f5f5929fcff03947123b5c37bb016d69bf094758f27acf16b488
-  data.tar.gz: 95733cc0481be5adec4bdb80d19b03ea3e5fda563b5272fd064c9b2d5ce9f7f7e6b01d69915c852cbee1cd45ad305ed99a5a5b6071f29f44d783719fd695bcde
+  metadata.gz: 2af8be37724eab2eb916d286d431f390e8d95a98c4d5fdd6e9da7e18424f70bba97226b5e1dccca0c75d83a6b2f2327b1c9f7f5849bef9fe8ee58e7a75fc6e08
+  data.tar.gz: 46bd00a6f06da779691f67e305c623f7fc7ff0a13fc4aeae258de03607371e7714579a5ce2664bc1ad955e0b3173c06385d3535d219002d01aa1f4042f29f178

data/README.md

@@ -1,6 +1,6 @@
 # CodeQuality
 
-Run code quality and security audit report with one rake task as `rake code_quality`.
+Run code quality and security audit report with one command `code_quality`.
 
 [![Gem Version](https://badge.fury.io/rb/code_quality.svg)](https://badge.fury.io/rb/code_quality)
 [![Build Status](https://travis-ci.org/rainchen/code_quality.svg)](https://travis-ci.org/rainchen/code_quality)
@@ -13,7 +13,11 @@ Run code quality and security audit report with one rake task as `rake code_qual
 
 ## Installation
 
-Add this line to your application's Gemfile:
+```ruby
+gem install code_quality
+```
+
+Or add this line to your application's Gemfile:
 
 ```ruby
 group :development do
@@ -30,9 +34,12 @@ And then execute:
 To generate security audit and code quality report:
 
 ```
-rake code_quality
+code_quality
 ```
 
+or run as a rake task: `rake code_quality`, [Read More](README_for_rake.md)
+
+
 will output report like:
 
 ```
@@ -56,12 +63,14 @@ There are 2 types of audit tasks: `security_audit` and `quality_audit`, each sub
 
 In summary: 
 
-- run `rake code_quality:security_audit` to get security audit report
-- run `rake code_quality:quality_audit` to get code quality report
+- run `code_quality security_audit` to get security audit report
+- run `code_quality quality_audit` to get code quality report
+
+[Tips] Run `code_quality -T` to display all tasks.
 
 ### Report result using Markdown format
 
-You can output report using `rake code_quality > code_quality_report.md` then open it with a Markdown editor.
+You can output report using `code_quality > code_quality_report.md` then open it with a Markdown editor.
 
 
 
@@ -74,7 +83,7 @@ Use [bundler-audit](https://rubygems.org/gems/bundler-audit) for patch-level ver
 
 ```
 # run security audit tasks
-rake code_quality:security_audit
+code_quality security_audit
 ```
 
 output example:
@@ -91,7 +100,8 @@ Recommend setting up this task as part of a CI pipeline. For example, adding a j
 code_security_audit:
   stage: test
   script:
-    - bundle exec rake code_quality:security_audit
+    - gem install code_quality
+    - code_quality security_audit
 ```
 Gitlab-CI pipeline example:
 
@@ -108,17 +118,17 @@ Then Gitlab sends notification with the failure info, for example:
 
 ```
 # bundler audit - checks for vulnerable versions of gems in Gemfile.lock
-rake code_quality:security_audit:bundler_audit
+code_quality security_audit:bundler_audit
 ```
 
 ```
 # brakeman audit - checks Ruby on Rails applications for security vulnerabilities
-rake code_quality:security_audit:brakeman
+code_quality security_audit:brakeman
 ```
 
 ```
 # show helpful URLs
-rake code_quality:security_audit:resources
+code_quality security_audit:resources
 ```
 
 
@@ -135,16 +145,16 @@ Base on these ruby code analysis gems, you can choose suitable ones for your pro
 
 In summary: 
 
-- run `rake code_quality:rubycritic` to get an evaluated score and code smells
-- run `rake code_quality:rubocop` to audit coding style and get refactor suggestions
-- run `rake code_quality:metric_fu` to get many kinds of code metrics, including rails best practice suggestions, recommend to use for rails project
+- run `code_quality rubycritic` to get an evaluated score and code smells
+- run `code_quality rubocop` to audit coding style and get refactor suggestions
+- run `code_quality metric_fu` to get many kinds of code metrics, including rails best practice suggestions, recommend to use for rails project
 
 
 #### usage:
 
 ```
 # run all code quality audit tasks
-rake code_quality:quality_audit
+code_quality quality_audit
 ```
 
 output example:
@@ -160,7 +170,7 @@ Audit task will return non-zero exit status and showing failure reason when pass
 
 ```
 # audit with lowest_score option
-rake code_quality:quality_audit:rubycritic lowest_score=94.5
+code_quality quality_audit:rubycritic lowest_score=94.5
 ```
 
 output example:
@@ -172,7 +182,7 @@ output example:
 ##### options for rubocop
 
 ```
-# e.g.: rake code_quality:quality_audit:rubocop max_offenses=100
+# e.g.: code_quality quality_audit:rubocop max_offenses=100
 # options:
 #   config_formula: use which formula for config, supports "github, "rails" or path_to_your_local_config.yml, default is "github"
 #   cli_options: pass extract options, e.g.: cli_options="--show-cops"
@@ -186,7 +196,7 @@ output example:
 ##### options for metric_fu
 
 ```
-# e.g.: rake code_quality:quality_audit:metric_fu metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=9 roodi_max_offenses=10
+# e.g.: code_quality quality_audit:metric_fu metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=9 roodi_max_offenses=10
 # options:
 #   metrics: default to run all metrics, can be config as: cane,churn,flay,flog,hotspots,rails_best_practices,rcov,reek,roodi,saikuro,stats
 #   flay_max_offenses: offenses number for audit
@@ -205,7 +215,7 @@ output example:
 
 ```
 # run all at once
-rake code_quality:quality_audit lowest_score=90 max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10
+code_quality quality_audit lowest_score=90 max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10
 ```
 
 #### work with CI
@@ -217,7 +227,8 @@ Configure audit value options that matching to your own ruby/rails project, for
 code_quality_audit:
   stage: test
   script:
-    - bundle exec rake code_quality:quality_audit lowest_score=93 rails_best_practices_max_offenses=10
+    - gem install code_quality
+    - code_quality quality_audit lowest_score=93 rails_best_practices_max_offenses=10
 
 ```
 

data/README_for_rake.md

@@ -0,0 +1,260 @@
+# CodeQuality
+
+Run code quality and security audit report with one rake task as `rake code_quality`.
+
+[![Gem Version](https://badge.fury.io/rb/code_quality.svg)](https://badge.fury.io/rb/code_quality)
+[![Build Status](https://travis-ci.org/rainchen/code_quality.svg)](https://travis-ci.org/rainchen/code_quality)
+[![HitCount](http://hits.dwyl.io/rainchen/code_quality.svg)](http://hits.dwyl.io/rainchen/code_quality)
+
+## Principle
+
+> If you can’t measure it, you can’t improve it.
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+group :development do
+  gem 'code_quality'
+end
+```
+
+And then execute:
+
+    $ bundle
+
+## Usage
+
+To generate security audit and code quality report:
+
+```
+rake code_quality
+```
+
+will output report like:
+
+```
+# Code Quality Report
+
+Generated by code_quality (v0.1.3) @ 2018-01-12 16:32:20 +0800
+
+## bundler audit - checks for vulnerable versions of gems in Gemfile.lock
+
+......
+
+```
+
+[Code Quality Report Example](doc/code_quality_report_example.md)
+
+[Code Quality Report Details Example](https://rainchen.github.io/code_quality/)
+
+### Two major audit tasks
+
+There are 2 types of audit tasks: `security_audit` and `quality_audit`, each sub task can be run separately.
+
+In summary: 
+
+- run `rake code_quality:security_audit` to get security audit report
+- run `rake code_quality:quality_audit` to get code quality report
+
+### Report result using Markdown format
+
+You can output report using `rake code_quality > code_quality_report.md` then open it with a Markdown editor.
+
+
+
+### Security Audit
+
+Use [bundler-audit](https://rubygems.org/gems/bundler-audit) for patch-level verification for ruby projects which using `bundler`,
+ use [brakeman](https://rubygems.org/gems/brakeman) to detect security vulnerabilities for Rails applications.
+
+#### usage:
+
+```
+# run security audit tasks
+rake code_quality:security_audit
+```
+
+output example:
+
+![](doc/imgs/code_quality_security_audit_failed_example.png)
+
+
+#### work with CI
+
+Recommend setting up this task as part of a CI pipeline. For example, adding a job to stage "test" for Gitlab-CI:
+
+```
+# .gitlab-ci.yml
+code_security_audit:
+  stage: test
+  script:
+    - bundle exec rake code_quality:security_audit
+```
+Gitlab-CI pipeline example:
+
+![](doc/imgs/code_security_audit_faild_on_ci_example.png)
+
+Then Gitlab sends notification with the failure info, for example:
+
+![](doc/imgs/code_security_audit_faild_gitlab_notification_example.png)
+
+[Tips] Code analyzers are your friends for writing secure code, since they're diligent and they don't get tired, thirsty, hungry, or bored.
+
+
+#### Each sub task can be run separately
+
+```
+# bundler audit - checks for vulnerable versions of gems in Gemfile.lock
+rake code_quality:security_audit:bundler_audit
+```
+
+```
+# brakeman audit - checks Ruby on Rails applications for security vulnerabilities
+rake code_quality:security_audit:brakeman
+```
+
+```
+# show helpful URLs
+rake code_quality:security_audit:resources
+```
+
+
+### Code Quality Audit
+
+Base on these ruby code analysis gems, you can choose suitable ones for your project:
+
+- use [rubycritic](https://github.com/whitesmith/rubycritic) static analysis gems such as Reek, Flay and Flog to provide a quality report and get an evaluated score of your Ruby code.
+
+- use [rubocop](https://github.com/bbatsov/rubocop/) to audit coding style and get refactor suggestion.
+
+- use [metric_fu](https://github.com/metricfu/metric_fu) to get many kinds of code metrics from Flog, Flay, Saikuro, Churn, Reek, Roodi, Code Statistics, and Rails Best Practices. (and optionally RCov)
+
+
+In summary: 
+
+- run `rake code_quality:rubycritic` to get an evaluated score and code smells
+- run `rake code_quality:rubocop` to audit coding style and get refactor suggestions
+- run `rake code_quality:metric_fu` to get many kinds of code metrics, including rails best practice suggestions, recommend to use for rails project
+
+
+#### usage:
+
+```
+# run all code quality audit tasks
+rake code_quality:quality_audit
+```
+
+output example:
+
+![](doc/imgs/code_quality_quality_audit_example.png)
+
+[Tips] You don't have to run all audit tasks, some code metrics are the same using by rubycritic and metric_fu. You can choose them based on your needs, the more tasks will take longer running time, unless you don't care about time-consuming problem.
+
+
+#### Run audit task with audit value option
+
+Audit task will return non-zero exit status and showing failure reason when passing an audit value option and the value is lower than the result in report, for example:
+
+```
+# audit with lowest_score option
+rake code_quality:quality_audit:rubycritic lowest_score=94.5
+```
+
+output example:
+
+![](doc/imgs/code_quality_quality_audit_failed_example.png)
+
+#### Each audit task accepts different audit value options
+
+##### options for rubocop
+
+```
+# e.g.: rake code_quality:quality_audit:rubocop max_offenses=100
+# options:
+#   config_formula: use which formula for config, supports "github, "rails" or path_to_your_local_config.yml, default is "github"
+#   cli_options: pass extract options, e.g.: cli_options="--show-cops"
+#   max_offenses: if config max_offenses then audit it with detected offenses number in report, e.g.: max_offenses=100
+```
+
+output example:
+
+![](doc/imgs/code_quality_quality_audit_rubocop_failed_example.png)
+
+##### options for metric_fu
+
+```
+# e.g.: rake code_quality:quality_audit:metric_fu metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=9 roodi_max_offenses=10
+# options:
+#   metrics: default to run all metrics, can be config as: cane,churn,flay,flog,hotspots,rails_best_practices,rcov,reek,roodi,saikuro,stats
+#   flay_max_offenses: offenses number for audit
+#   cane_max_offenses: offenses number for audit
+#   rails_best_practices_max_offenses: offenses number for audit
+#   reek_max_offenses: offenses number for audit
+#   roodi_max_offenses: offenses number for audit
+```
+
+output example:
+
+![](doc/imgs/code_quality_quality_audit_metric_fu_failed_example.png)
+
+
+##### options can be joint together
+
+```
+# run all at once
+rake code_quality:quality_audit lowest_score=90 max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10
+```
+
+#### work with CI
+
+Configure audit value options that matching to your own ruby/rails project, for example:
+
+```
+# .gitlab-ci.yml
+code_quality_audit:
+  stage: test
+  script:
+    - bundle exec rake code_quality:quality_audit lowest_score=93 rails_best_practices_max_offenses=10
+
+```
+
+[Tips] Don't rely on your diligence, just let CI doing the boring/repeating/time-consuming jobs can make you more enjoyable in programming.
+
+
+#### code quality audit task report
+
+Code quality audit task report will be saved to `tmp/code_quality/quality_audit/`, and will be auto open in web browser.
+
+rubycritic report example:
+
+![](doc/imgs/rubycritic_report_example.png)
+
+rubocop report example:
+
+![](doc/imgs/rubocop_report_example.png)
+
+metric_fu report example:
+
+![](doc/imgs/metric_fu_report_example.png)
+
+metric_fu analyzed file report example:
+
+![](doc/imgs/metric_fu_file_report_example.png)
+
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/rainchen/code_quality.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/code_quality.gemspec

@@ -9,8 +9,8 @@ Gem::Specification.new do |spec|
   spec.authors       = ["RainChen"]
   spec.email         = ["hirainchen@gmail.com"]
 
-  spec.summary       = %q{run code quality and security audit report with one rake task}
-  spec.description   = %q{run code quality and security audit report with one rake task}
+  spec.summary       = %q{run code quality and security audit report with one command}
+  spec.description   = %q{run code quality and security audit report with one command or one rake task}
   spec.homepage      = "https://github.com/rainchen/code_quality"
   spec.license       = "MIT"
 

data/exe/code_quality

@@ -0,0 +1,13 @@
+#!/usr/bin/env ruby
+
+# allow to run exe/code_quality for local development
+git_path = File.expand_path("../.git", __dir__)
+if File.exist?(git_path)
+  railties_path = File.expand_path("../lib", __dir__)
+  $:.unshift(railties_path)
+end
+
+require "code_quality"
+require "code_quality/cli"
+
+CodeQuality::CLI.start

data/lib/code_quality/cli.rb

@@ -0,0 +1,95 @@
+require "rake"
+
+module CodeQuality
+  class CLI
+    def self.start(argv = ARGV)
+      Application.new.run
+    end
+
+    # doc: http://www.rubydoc.info/gems/rake/Rake/Application
+    class Application < Rake::Application
+      def initialize
+        super
+        @name = "code_quality"
+      end
+
+      def run
+        Rake.application = self
+        @rakefiles = []
+        add_import File.join(lib_dir, "tasks", "code_quality.rake")
+        standard_exception_handling do
+          init name
+          load_rakefile
+          top_level
+        end
+      end
+
+      def in_namespace(name)
+        if name == @name # remove root namespace
+          yield
+        else
+          super
+        end
+      end
+
+      # allow option "--help"
+      def handle_options
+        options.rakelib = ["rakelib"]
+        options.trace_output = $stderr
+
+        OptionParser.new do |opts|
+          opts.separator "Run code_quality for a ruby/rails project, e.g.:"
+          opts.separator "    code_quality lowest_score=90 max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10"
+          opts.separator ""
+          opts.separator "Show available tasks:"
+          opts.separator "    code_quality -T"
+          opts.separator ""
+          opts.separator "Invoke a audit task:"
+          opts.separator "    code_quality AUDIT_TASK"
+          opts.separator ""
+          opts.separator "Advanced options:"
+
+          opts.on_tail("-h", "--help", "-H", "Display this help message.") do
+            puts opts
+            exit
+          end
+
+          standard_rake_options.each { |args| opts.on(*args) }
+          opts.environment("RAKEOPT")
+        end.parse!
+      end
+
+      # overwrite options
+      def sort_options(options)
+        super.push(__version)
+      end
+
+      # allow option "--version"
+      def __version
+        ["--version", "-V",
+         "Display the program version.",
+         lambda do |_value|
+           puts "CodeQuality #{CodeQuality::VERSION}"
+           exit
+         end]
+      end
+
+      # allows running `code_quality` without a Rakefile
+      def find_rakefile_location
+        if (location = super).nil?
+          [rakefile_path, Dir.pwd]
+        else
+          location
+        end
+      end
+
+      def lib_dir
+        File.expand_path("../../../lib", __FILE__)
+      end
+
+      def rakefile_path
+        File.join(lib_dir, "code_quality.rb")
+      end
+    end
+  end
+end

data/lib/code_quality/version.rb

@@ -1,3 +1,3 @@
 module CodeQuality
-  VERSION = "0.1.9"
+  VERSION = "0.2.0"
 end

data/lib/tasks/code_quality.rake

@@ -1,6 +1,6 @@
 desc "Generate security audit and code quality report"
 # e.g.: rake code_quality lowest_score=90 max_offenses=100 metrics=stats,rails_best_practices,roodi rails_best_practices_max_offenses=10 roodi_max_offenses=10
-task :code_quality => :"code_quality:default" do; end
+task :code_quality => :"code_quality:default" do; end if Rake.application.instance_of?(Rake::Application)
 namespace :code_quality do
   task :default => [:summary, :security_audit, :quality_audit, :generate_index] do; end
 
@@ -80,7 +80,7 @@ namespace :code_quality do
   #   fail_fast: to stop immediately if any audit task fails, by default fail_fast=false
   #   generate_index: generate a report index page to tmp/code_quality/quality_audit/index.html, by default generate_index=false
   task :quality_audit => [:"quality_audit:default"] do; end
-  namespace :quality_audit do
+  namespace :quality_audit do |ns|
     # default tasks
     task :default => [:run_all, :resources] do; end
 
@@ -92,9 +92,8 @@ namespace :code_quality do
       audit_tasks = [:rubycritic, :rubocop, :metric_fu]
       exc = nil
       audit_tasks.each do |task_name|
-        full_task_name = :"code_quality:quality_audit:#{task_name}"
         begin
-          task = Rake::Task[full_task_name]
+          task = ns[task_name]
           task.invoke
         rescue SystemExit => exc
           raise exc if fail_fast == "true"
@@ -222,7 +221,7 @@ namespace :code_quality do
           puts "for metrics: #{selected_metrics.join(",")}"
         end
         # geneate report
-        report = `bundle exec metric_fu --no-open #{metric_fu_opts}`
+        report = `metric_fu --no-open #{metric_fu_opts}`
         FileUtils.remove_dir(report_path) if Dir.exists? report_path
         FileUtils.mv("tmp/metric_fu/output", report_path, force: true)
         puts report
@@ -288,7 +287,7 @@ namespace :code_quality do
         @audit_tasks[task_name][:failure] = exc.message.gsub(/(\e\[\d+m)/, "")
       ensure
         # get @report_path set in each audit task
-        @audit_tasks[task_name][:report_path] = @report_path.sub("tmp/code_quality/", "")
+        @audit_tasks[task_name][:report_path] = @report_path&.sub("tmp/code_quality/", "")
       end
       puts "```", ""
       raise exc if exc
@@ -347,6 +346,7 @@ namespace :code_quality do
 
     def show_in_browser(dir)
       require "launchy"
+      require "uri"
       uri = URI.escape("file://#{dir}/")
       if File.directory?(dir)
         uri = URI.join(uri, "index.html")

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: code_quality
 version: !ruby/object:Gem::Version
-  version: 0.1.9
+  version: 0.2.0
 platform: ruby
 authors:
 - RainChen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-01-23 00:00:00.000000000 Z
+date: 2018-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -136,10 +136,12 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
-description: run code quality and security audit report with one rake task
+description: run code quality and security audit report with one command or one rake
+  task
 email:
 - hirainchen@gmail.com
-executables: []
+executables:
+- code_quality
 extensions: []
 extra_rdoc_files: []
 files:
@@ -149,6 +151,7 @@ files:
 - Gemfile
 - LICENSE.txt
 - README.md
+- README_for_rake.md
 - Rakefile
 - app/readme
 - app/views/code_quality/index.html.erb
@@ -158,7 +161,9 @@ files:
 - code_quality.gemspec
 - config/rubocop-github.yml
 - config/rubocop-rails.yml
+- exe/code_quality
 - lib/code_quality.rb
+- lib/code_quality/cli.rb
 - lib/code_quality/railtie.rb
 - lib/code_quality/version.rb
 - lib/tasks/code_quality.rake
@@ -185,5 +190,5 @@ rubyforge_project:
 rubygems_version: 2.7.4
 signing_key: 
 specification_version: 4
-summary: run code quality and security audit report with one rake task
+summary: run code quality and security audit report with one command
 test_files: []