danger-dangermattic 1.2.3 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 20a5e57d91cc796def3533c72a3a674ea494356982fa78015ccc016ce19b61c9
-  data.tar.gz: 376d14c60ba7aadc6107b4a6de9a40dc968a658a0fe326aaad208866bf4583e9
+  metadata.gz: 455052da651ef9af5d20ffc6be33a06ab961393e4c0adc8d3d87e27beba62efd
+  data.tar.gz: f04b1494ea66bc1fb3677e69658c08fa40b7373f548215f424ffd6f5fd0a4148
 SHA512:
-  metadata.gz: 10ed4e5e5772cc7631470fe591c79004a5a237ddaffb6c708204d4823a204f15cc068530c5e8b05bc0f150577037f93bcb675a93ae47eb4c71a5d1b245e658fe
-  data.tar.gz: 06c85ea386f290706300db05c3a07439859bda94d025a6dd9bab9068786a2040b247c09c8d1314c31f44c09d07e5aded50434d3092c55aeca1ff9fce2aad78d2
+  metadata.gz: 58e0ffcb0c9ee7ce6f6a9080dc95e5aa8d9fe21eac85b576782625c4a528d0ebdc7069498fc6e965345f23d159eba6a186c7a9074f33ba38988e8bd3e24cc70c
+  data.tar.gz: 5401b6ce0765675148c5a6951c4f1279be562a3bc55a0e9dc824d6e0fd92a123738cdef5b8258fb734e8427939c206af845dac89d89d3192ee0f32f6ac2c0c3e

data/.buildkite/pipeline.yml

@@ -41,13 +41,13 @@ steps:
   #################
   # Danger Lint
   #################
-  - label: "☢️ Lint (Danger)"
+  - label: ":danger: Lint (Danger)"
     key: dangerlint
     command: |
       echo "--- :rubygems: Setting up Gems"
       bundle install
 
-      echo "--- ☢️ Run Danger Lint"
+      echo "--- :danger: Run Danger Lint"
       bundle exec danger plugins lint
     plugins: *common_plugins
 

data/.github/dependabot.yml

@@ -0,0 +1,23 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    open-pull-requests-limit: 10
+    groups:
+      actions-minor-patch:
+        patterns:
+          - '*'
+        update-types:
+          - minor
+          - patch
+      actions-major:
+        patterns:
+          - '*'
+        update-types:
+          - major
+    cooldown:
+      default-days: 7
+      semver-major-days: 14

data/.github/workflows/README.md

@@ -11,19 +11,34 @@ All jobs are run on `ubuntu-latest`.
 This workflow is an independent check (not using Danger) to verify if the labels on an issue match specified regex patterns.
 
 ### Inputs:
-- `label-format-list`: JSON list of regex formats expected for the labels (default: `[".*"]`)
+- `label-format-list`: JSON array of regex strings expected for the labels (default: `[".*"]`)
 - `label-error-message`: Error message when labels don't match
-- `label-success-message`: Success message when labels match
+- `label-success-message`: Deprecated and ignored. Kept only for backward compatibility with existing callers, and scheduled for removal in the next major release.
 - `cancel-running-jobs`: Cancel in-progress jobs when new ones are created (default: `true`)
 
+Example:
+
+```yaml
+with:
+  label-format-list: |
+    [
+      "^\\[.+\\]",
+      "^[[:alnum:]]"
+    ]
+```
+
+Backslashes in regex patterns must be doubled because the workflow parses the input as JSON.
+
 ### Secrets:
 - `github-token`: Required GitHub token
+  - The token must resolve through `gh api user` to the same login that appears on issue comments, because the workflow only manages comments authored by that login.
 
 ### Job: `check-issue-labels`
 - Permissions: `issues: write`
 - Main step: "🏷️ Check Issue Labels"
   - Checks if issue labels match the specified regex patterns
-  - Posts a comment on the issue with success or error message
+  - Updates a managed comment authored by the configured token when labels are missing
+  - Removes that managed comment when labels become valid
 
 ## Retry Buildkite Step on Pull Request Events
 

data/.github/workflows/reusable-check-labels-on-issues.yml

@@ -4,7 +4,7 @@ on:
   workflow_call:
     inputs:
       label-format-list:
-        description: The Regex formats expected for the labels; must be a JSON list
+        description: The regex formats expected for the labels; must be a JSON array of strings
         default: |
           [
             ".*"
@@ -17,8 +17,8 @@ on:
         type: string
         required: false
       label-success-message:
-        description: Message to be posted when the labels set fulfill the entire list of expected formats.
-        default: ✅ Yay, issue looks great!
+        description: Deprecated and ignored. Kept only for backward compatibility with existing callers, and scheduled for removal in the next major release.
+        default: ''
         type: string
         required: false
       cancel-running-jobs:
@@ -42,22 +42,103 @@ jobs:
     steps:
       - name: 🏷️ Check Issue Labels
         env:
-          GITHUB_TOKEN: ${{ secrets.github-token }}
+          GH_TOKEN: ${{ secrets.github-token }}
           GH_REPO: ${{ github.repository }}
           ISSUE_NUMBER: ${{ github.event.issue.number }}
           ISSUE_LABELS: ${{ toJSON(github.event.issue.labels.*.name) }}
           LABEL_REGEX_LIST: ${{ inputs.label-format-list }}
-          ISSUE_SUCCESS_COMMENT: >
-            ${{ inputs.label-success-message }}
-            <!-- generated_by_dangermattic -->
-          ISSUE_ERROR_COMMENT: >
-            ${{ inputs.label-error-message }}
-            <!-- generated_by_dangermattic -->
+          DEPRECATED_SUCCESS_MESSAGE: ${{ inputs.label-success-message }}
+          ISSUE_ERROR_MESSAGE: ${{ inputs.label-error-message }}
         run: |
-          #!/bin/bash
+          #!/usr/bin/env bash
+          
+          set -euo pipefail
 
-          readarray -t labels < <(echo "$ISSUE_LABELS" | jq -r '.[]')
-          readarray -t label_regex_list < <(echo "$LABEL_REGEX_LIST" | jq -r '.[]')
+          comment_marker='<!-- generated_by_dangermattic -->'
+          authenticated_login=''
+          managed_comment_id=''
+          declare -a managed_comment_ids=()
+
+          if [ -n "$DEPRECATED_SUCCESS_MESSAGE" ]; then
+            echo "⚠️ label-success-message is deprecated and ignored. Success now removes the managed workflow comment."
+          fi
+
+          build_comment_body() {
+            local message="$1"
+
+            printf '%s\n%s' "$message" "$comment_marker"
+          }
+
+          load_authenticated_login() {
+            authenticated_login="$(gh api user --jq '.login')"
+
+            if [ -z "$authenticated_login" ] || [ "$authenticated_login" = 'null' ]; then
+              echo '❌ Unable to determine the authenticated GitHub login for managed comment filtering.'
+              exit 1
+            fi
+          }
+
+          load_managed_comment_ids() {
+            readarray -t managed_comment_ids < <(
+              gh api "repos/$GH_REPO/issues/$ISSUE_NUMBER/comments" --paginate |
+                jq -r --arg author "$authenticated_login" --arg marker "$comment_marker" '.[] | select(.user.login == $author) | select((.body // "") | contains($marker)) | .id'
+            )
+
+            if [ "${#managed_comment_ids[@]}" -gt 0 ]; then
+              managed_comment_id="${managed_comment_ids[$((${#managed_comment_ids[@]} - 1))]}"
+            else
+              managed_comment_id=''
+            fi
+          }
+
+          delete_extra_managed_comments() {
+            local duplicate_count=0
+
+            duplicate_count=$((${#managed_comment_ids[@]} - 1))
+            if [ "$duplicate_count" -le 0 ]; then
+              return
+            fi
+
+            for comment_id in "${managed_comment_ids[@]:0:$duplicate_count}"; do
+              echo "🧹 Deleting duplicate managed comment $comment_id"
+              gh api --method DELETE "repos/$GH_REPO/issues/comments/$comment_id" > /dev/null
+            done
+          }
+
+          upsert_managed_comment() {
+            local comment_body="$1"
+
+            if [ -n "$managed_comment_id" ]; then
+              echo "✍️ Updating managed comment $managed_comment_id on issue $ISSUE_NUMBER"
+              gh api --method PATCH "repos/$GH_REPO/issues/comments/$managed_comment_id" --raw-field "body=$comment_body" > /dev/null
+            else
+              echo "✍️ Creating managed comment on issue $ISSUE_NUMBER"
+              gh api --method POST "repos/$GH_REPO/issues/$ISSUE_NUMBER/comments" --raw-field "body=$comment_body" > /dev/null
+            fi
+          }
+
+          delete_managed_comments() {
+            if [ "${#managed_comment_ids[@]}" -eq 0 ]; then
+              echo "🧼 No managed comment found to delete."
+              return
+            fi
+
+            for comment_id in "${managed_comment_ids[@]}"; do
+              echo "🧼 Deleting managed comment $comment_id"
+              gh api --method DELETE "repos/$GH_REPO/issues/comments/$comment_id" > /dev/null
+            done
+          }
+
+          readarray -t labels < <(printf '%s\n' "$ISSUE_LABELS" | jq -r '.[]')
+
+          if ! printf '%s\n' "$LABEL_REGEX_LIST" | jq -e 'type == "array" and all(.[]; type == "string")' > /dev/null; then
+            echo "❌ LABEL_REGEX_LIST must be a JSON array of strings."
+            echo '   Example: ["^\\[.+\\]", "^[[:alnum:]]"]'
+            echo '   Regex backslashes must be doubled because the input is parsed as JSON.'
+            exit 1
+          fi
+
+          readarray -t label_regex_list < <(printf '%s\n' "$LABEL_REGEX_LIST" | jq -r '.[]')
 
           all_patterns_matched=true
 
@@ -78,22 +159,14 @@ jobs:
             fi
           done
 
-          ISSUE_COMMENT=''
+          load_authenticated_login
+          load_managed_comment_ids
+          delete_extra_managed_comments
+
           if [ "$all_patterns_matched" = true ]; then
             echo "✅ All regex patterns have at least one match."
-            ISSUE_COMMENT="$ISSUE_SUCCESS_COMMENT"
+            delete_managed_comments
           else
             echo "❌ Not all regex patterns have at least one match."
-            ISSUE_COMMENT="$ISSUE_ERROR_COMMENT"
-          fi
-
-          set +e
-          echo "✍️ Attempting to edit existing comment on issue $ISSUE_NUMBER, if it exists:"
-          gh issue comment $ISSUE_NUMBER --body "$ISSUE_COMMENT" --edit-last
-          comment_update_status=$?
-          set -e
-
-          if [ $comment_update_status -ne 0 ]; then
-            echo "✍️ Adding new comment on issue $ISSUE_NUMBER:"
-            gh issue comment $ISSUE_NUMBER --body "$ISSUE_COMMENT"
+            upsert_managed_comment "$(build_comment_body "$ISSUE_ERROR_MESSAGE")"
           fi

data/.github/workflows/reusable-run-danger.yml

@@ -30,7 +30,7 @@ jobs:
         with:
           fetch-depth: 100
       - name: 💎 Ruby Setup
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
         with:
           bundler-cache: true
       - name: ☢️ Danger PR Check

data/AGENTS.md

@@ -0,0 +1,35 @@
+## Overview
+
+Dangermattic is a shared collection of Danger plugins used across Automattic's mobile repositories.
+It provides reusable Danger rules for PR checks, code review automation, and CI enforcement.
+
+## Bootstrap
+
+Requires Ruby at the version specified in `.ruby-version`.
+
+```bash
+bundle install
+```
+
+## Commands
+
+- `bundle exec rake` — run all checks (specs + RuboCop + Danger lint)
+- `bundle exec rspec` — run tests only
+- `bundle exec rubocop` — run linter only
+
+## Project Structure
+
+- `lib/dangermattic/plugins/` — Danger plugin implementations
+- `lib/dangermattic/plugins/common/` — shared helpers used across plugins
+- `spec/` — RSpec tests; each plugin has a matching `*_spec.rb`
+- `spec/fixtures/` — test fixtures
+
+## Conventions
+
+- Tests written with RSpec
+- CI via Buildkite, see `.buildkite`
+- Gem releases are triggered by Git tags pushed to the remote and run in CI.
+
+## Pitfalls
+
+- Together with unit tests, `bundle exec danger plugins lint` must also pass — it validates plugin metadata and code correctness.

data/CHANGELOG.md

@@ -20,6 +20,18 @@ _None_
 
 _None_
 
+## 1.3.0
+
+### New Features
+
+- Added `android_strings_checker.check_existing_strings_not_modified`, which fails when the value of an existing translatable `<string>` is changed in place (rather than added under a new key). This enforces string-key immutability, which keeps in-progress translations valid in a continuous-localization setup. [#126]
+
+## 1.2.4
+
+### Internal Changes
+
+- `pr_size_checker` and `manifest_pr_checker`: optimize performance for large PRs [#103]
+
 ## 1.2.3
 
 ### Bug Fixes

data/CLAUDE.md

@@ -0,0 +1 @@
+@AGENTS.md

data/Gemfile.lock

@@ -1,8 +1,8 @@
 PATH
   remote: .
   specs:
-    danger-dangermattic (1.2.3)
-      danger (~> 9.4)
+    danger-dangermattic (1.3.0)
+      danger (~> 9.5, >= 9.5.3)
       danger-plugin-api (~> 1.0)
       danger-rubocop (~> 0.13)
       rubocop (~> 1.63)
@@ -10,25 +10,24 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (8.0.2)
+    activesupport (8.1.3)
       base64
-      benchmark (>= 0.3)
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      json
       logger (>= 1.4.2)
       minitest (>= 5.1)
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
       uri (>= 0.13.1)
-    addressable (2.8.7)
-      public_suffix (>= 2.0.2, < 7.0)
+    addressable (2.9.0)
+      public_suffix (>= 2.0.2, < 8.0)
     ast (2.4.3)
     base64 (0.3.0)
-    benchmark (0.4.1)
-    bigdecimal (3.2.2)
+    bigdecimal (4.0.1)
     claide (1.1.0)
     claide-plugins (0.9.2)
       cork
@@ -36,8 +35,8 @@ GEM
       open4 (~> 1.3)
     coderay (1.1.3)
     colored2 (3.1.2)
-    concurrent-ruby (1.3.5)
-    connection_pool (2.5.3)
+    concurrent-ruby (1.3.6)
+    connection_pool (3.0.2)
     cork (0.3.0)
       colored2 (~> 3.1)
     danger (9.5.3)
@@ -61,14 +60,14 @@ GEM
       rubocop (~> 1.0)
     diff-lcs (1.6.2)
     drb (2.2.3)
-    faraday (2.13.4)
+    faraday (2.14.1)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
-    faraday-http-cache (2.5.1)
+    faraday-http-cache (2.6.1)
       faraday (>= 0.8)
-    faraday-net_http (3.4.1)
-      net-http (>= 0.5.0)
+    faraday-net_http (3.4.2)
+      net-http (~> 0.5)
     ffi (1.17.2)
     ffi (1.17.2-arm64-darwin)
     formatador (1.1.1)
@@ -93,11 +92,11 @@ GEM
       guard (~> 2.1)
       guard-compat (~> 1.1)
       rspec (>= 2.99.0, < 4.0)
-    i18n (1.14.7)
+    i18n (1.14.8)
       concurrent-ruby (~> 1.0)
-    json (2.13.2)
-    kramdown (2.5.1)
-      rexml (>= 3.3.9)
+    json (2.19.3)
+    kramdown (2.5.2)
+      rexml (>= 3.4.4)
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
     language_server-protocol (3.17.0.5)
@@ -108,11 +107,13 @@ GEM
     logger (1.7.0)
     lumberjack (1.4.0)
     method_source (1.1.0)
-    minitest (5.25.5)
+    minitest (6.0.2)
+      drb (~> 2.0)
+      prism (~> 1.5)
     nap (1.1.0)
     nenv (0.3.0)
-    net-http (0.6.0)
-      uri
+    net-http (0.9.1)
+      uri (>= 0.11.1)
     notiffany (0.1.3)
       nenv (~> 0.1)
       shellany (~> 0.0)
@@ -125,22 +126,22 @@ GEM
     parser (3.3.9.0)
       ast (~> 2.4.1)
       racc
-    prism (1.4.0)
+    prism (1.9.0)
     process_executer (1.3.0)
     pry (0.15.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
     pstore (0.2.0)
-    public_suffix (6.0.2)
+    public_suffix (7.0.5)
     racc (1.8.1)
     rainbow (3.1.1)
     rake (13.3.0)
     rb-fsevent (0.11.2)
     rb-inotify (0.11.1)
       ffi (~> 1.0)
-    rchardet (1.9.0)
+    rchardet (1.10.0)
     regexp_parser (2.11.0)
-    rexml (3.4.2)
+    rexml (3.4.4)
     rspec (3.13.1)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
@@ -175,7 +176,7 @@ GEM
       lint_roller (~> 1.1)
       rubocop (~> 1.72, >= 1.72.1)
     ruby-progressbar (1.13.0)
-    sawyer (0.9.2)
+    sawyer (0.9.3)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
     securerandom (0.4.1)
@@ -185,11 +186,11 @@ GEM
     thor (1.4.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (3.1.4)
-      unicode-emoji (~> 4.0, >= 4.0.4)
-    unicode-emoji (4.0.4)
-    uri (1.0.3)
-    yard (0.9.37)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.2.0)
+    uri (1.1.1)
+    yard (0.9.43)
 
 PLATFORMS
   arm64-darwin-22

data/README.md

@@ -71,6 +71,34 @@ my_new_plugin_checker.check_method(param: my_param_value)
 
 Please follow the existing naming convention for validation and check plugins: classes end with a `*Checker` suffix and the main validation methods are named with a `check_*` prefix.
 
+### How to verify a change against a real pull request
+
+Unit tests are the main development loop, but before releasing a new or changed check it's often useful to see it run end-to-end against a real pull request.
+You can do this locally with `danger pr`, which evaluates a `Dangerfile` against an existing PR's diff and prints the result to your terminal only, without posting upstream.
+
+Point a `Gemfile` at your branch and add the check you want to exercise to a `Dangerfile`:
+
+```ruby
+# Gemfile
+source 'https://rubygems.org'
+gem 'danger-dangermattic', git: 'https://github.com/Automattic/dangermattic', branch: 'my-branch'
+```
+
+```ruby
+# Dangerfile
+my_new_plugin_checker.check_method
+```
+
+After a `bundle install`, run it against a PR from inside a checkout of that PR's repository:
+
+```sh
+DANGER_GITHUB_API_TOKEN="$(gh auth token)" \
+  BUNDLE_GEMFILE=/path/to/Gemfile \
+  bundle exec danger pr https://github.com/<org>/<repo>/pull/<number> \
+  --dangerfile=/path/to/Dangerfile
+```
+
+A failure prints as an `Errors:` block. `danger pr` only fetches and creates temporary refs that it cleans up afterwards, so it won't change your current branch or working tree.
 ## Releasing a new version
 
 To create a new release of the Dangermattic gem, use the `new_release` Rake task:

data/danger-dangermattic.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '~> 3.2'
 
-  spec.add_dependency 'danger', '~> 9.4'
+  spec.add_dependency 'danger', '~> 9.5', '>= 9.5.3'
   spec.add_dependency 'danger-plugin-api', '~> 1.0'
 
   # Danger plugins

data/lib/dangermattic/gem_version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dangermattic
-  VERSION = '1.2.3'
+  VERSION = '1.3.0'
 end

data/lib/dangermattic/plugins/android_strings_checker.rb

@@ -7,6 +7,10 @@ module Danger
   #
   #          android_strings_checker.check_strings_do_not_refer_resource
   #
+  # @example Check that existing translatable strings are not modified in place
+  #
+  #          android_strings_checker.check_existing_strings_not_modified
+  #
   # @see Automattic/dangermattic
   # @tags android, localization
   #
@@ -14,6 +18,18 @@ module Danger
     MESSAGE = "This PR adds a translatable entry which references another string resource; this usually causes issues with translations.\n" \
               'Please make sure to set the `translatable="false"` attribute.'
 
+    STRING_MODIFIED_MESSAGE = 'This PR changes the value of an existing translatable string. Existing string keys must stay immutable so that ' \
+                              'in-progress and existing translations remain valid: please add a **new** string key for the new copy instead of ' \
+                              'editing the existing one (old translations stay attached to the old key).'
+
+    # Default file selector: only the app's source (English) strings, living at `…/res/values/strings.xml`.
+    # This deliberately excludes localized `values-<locale>/strings.xml` files (whose values legitimately change
+    # when translations are pulled in) and any generated/frozen copies that live outside a `res` directory.
+    DEFAULT_SOURCE_STRINGS_SELECTOR = ->(path) { path.match?(%r{(^|/)res/values/strings\.xml$}) }
+
+    # Matches a single-line `<string name="…">value</string>` entry, capturing its name and value.
+    STRING_LINE_REGEX = %r{<string\b[^>]*\sname="(?<name>[^"]+)"[^>]*>(?<value>.*)</string>}
+
     # Check if translatable strings reference another string resource in 'strings.xml' files in a pull request.
     #
     # @param report_type [Boolean] (optional) Type of report (:error, :warning, :message) whenever a line matches the criteria. Default is :warning.
@@ -27,5 +43,65 @@ module Danger
         report_type: report_type
       )
     end
+
+    # Check that the value of an existing translatable string is not modified in place.
+    #
+    # In a continuous-localization setup, source strings flow to the translation system constantly, so changing
+    # the English value of an existing key silently invalidates the translations already done for that key. The
+    # safe convention is to leave existing keys untouched and introduce a new key for any new copy. This check
+    # enforces that convention by failing when a `<string>` entry present in the base is modified (rather than
+    # added under a new key). Adding new keys, removing keys, and renaming keys are all allowed.
+    #
+    # @param report_type [Symbol] (optional) Type of report (:error, :warning, :message). Default is :error.
+    # @param file_selector [Proc] (optional) Selects which files to check. Defaults to the app's source
+    #   `…/res/values/strings.xml` files, excluding localized and generated copies.
+    #
+    # @return [void]
+    def check_existing_strings_not_modified(report_type: :error, file_selector: DEFAULT_SOURCE_STRINGS_SELECTOR)
+      files = git_utils.added_and_modified_files.select(&file_selector)
+
+      files.each do |file|
+        diff = danger.git.diff_for_file(file)
+        next if diff.nil?
+
+        removed = translatable_strings_by_name(git_utils.removed_lines(diff_patch: diff.patch))
+        added = translatable_strings_by_name(git_utils.added_lines(diff_patch: diff.patch))
+
+        modified_keys = removed.keys & added.keys
+        modified_keys.each do |name|
+          next if removed[name].value == added[name].value
+
+          final_message = <<~MESSAGE
+            #{STRING_MODIFIED_MESSAGE}
+            File `#{file}`, string `#{name}`:
+            ```diff
+            -#{removed[name].line.chomp}
+            +#{added[name].line.chomp}
+            ```
+          MESSAGE
+
+          reporter.report(message: final_message, type: report_type)
+        end
+      end
+    end
+
+    ParsedString = Struct.new(:value, :line)
+
+    private
+
+    # Parses `<string>` entries out of a set of diff content lines, keyed by their `name` attribute.
+    # `translatable="false"` entries are ignored, as they are never sent for translation.
+    #
+    # @param lines [String] Newline-separated content lines (with the diff `+`/`-` markers already stripped).
+    #
+    # @return [Hash{String => ParsedString}] A mapping of string name to its parsed value and originating line.
+    def translatable_strings_by_name(lines)
+      lines.each_line.with_object({}) do |line, result|
+        next if line.include?('translatable="false"')
+
+        match = STRING_LINE_REGEX.match(line)
+        result[match[:name]] = ParsedString.new(match[:value], line) unless match.nil?
+      end
+    end
   end
 end

data/lib/dangermattic/plugins/manifest_pr_checker.rb

@@ -115,13 +115,19 @@ module Danger
     private
 
     def check_manifest_lock_updated(file_name:, lock_file_name:, instruction:, report_type: :warning)
+      all_files = git_utils.all_changed_files
+
       # Find all the modified manifest files
-      manifest_modified_files = git_utils.all_changed_files.select { |f| File.basename(f) == file_name }
+      manifest_modified_files = all_files.select { |f| File.basename(f) == file_name }
+
+      # Build a hash mapping directory -> set of basenames for O(1) lookup
+      files_by_dir = all_files.group_by { |f| File.dirname(f) }
+                              .transform_values { |files| files.to_set { |f| File.basename(f) } }
 
       # For each manifest file, check if the corresponding lockfile (in the same dir) was also modified
       manifest_modified_files.each do |manifest_file|
-        lockfile_modified = git_utils.all_changed_files.any? { |f| File.dirname(f) == File.dirname(manifest_file) && File.basename(f) == lock_file_name }
-        next if lockfile_modified
+        manifest_dir = File.dirname(manifest_file)
+        next if files_by_dir[manifest_dir]&.include?(lock_file_name)
 
         message = format(MESSAGE, manifest_file, lock_file_name, instruction)
         reporter.report(message: message, type: report_type)
@@ -129,11 +135,10 @@ module Danger
     end
 
     def check_manifest_lock_updated_strict(manifest_path:, manifest_lock_path:, instruction:, report_type: :warning)
-      manifest_modified = git_utils.all_changed_files.include?(manifest_path)
-      return unless manifest_modified
+      all_files_set = git_utils.all_changed_files.to_set
 
-      lockfile_modified = git_utils.all_changed_files.include?(manifest_lock_path)
-      return if lockfile_modified
+      return unless all_files_set.include?(manifest_path)
+      return if all_files_set.include?(manifest_lock_path)
 
       message = format(MESSAGE, manifest_path, File.basename(manifest_lock_path), instruction)
       reporter.report(message: message, type: report_type)

data/lib/dangermattic/plugins/pr_size_checker.rb

@@ -76,13 +76,12 @@ module Danger
     def insertions_size(file_selector: nil)
       return danger.git.insertions unless file_selector
 
-      filtered_files = git_utils.all_changed_files.select(&file_selector)
+      # Only check added and modified files - deleted files have 0 insertions
+      filtered_files = git_utils.added_and_modified_files.select(&file_selector)
 
       filtered_files.sum do |file|
-        # stats for a file in the GitHub API might be nil, making `info_for_file()` crash
-        next 0 if danger.git.diff.stats[:files][file].nil?
-
-        danger.git.info_for_file(file)&.[](:insertions).to_i
+        # Use cached stats directly instead of calling info_for_file for each file
+        danger.git.diff.stats[:files][file]&.[](:insertions).to_i
       end
     end
 
@@ -97,10 +96,8 @@ module Danger
       filtered_files = git_utils.all_changed_files.select(&file_selector)
 
       filtered_files.sum do |file|
-        # stats for a file in the GitHub API might be nil, making `info_for_file()` crash
-        next 0 if danger.git.diff.stats[:files][file].nil?
-
-        danger.git.info_for_file(file)&.[](:deletions).to_i
+        # Use cached stats directly instead of calling info_for_file for each file
+        danger.git.diff.stats[:files][file]&.[](:deletions).to_i
       end
     end
 
@@ -115,10 +112,11 @@ module Danger
       filtered_files = git_utils.all_changed_files.select(&file_selector)
 
       filtered_files.sum do |file|
-        # stats for a file in the GitHub API might be nil, making `info_for_file()` crash
-        next 0 if danger.git.diff.stats[:files][file].nil?
+        # Use cached stats directly instead of calling info_for_file for each file
+        stats = danger.git.diff.stats[:files][file]
+        next 0 unless stats
 
-        danger.git.info_for_file(file)&.[](:deletions).to_i + danger.git.info_for_file(file)&.[](:insertions).to_i
+        stats[:deletions].to_i + stats[:insertions].to_i
       end
     end
   end

data/spec/android_strings_checker_spec.rb

@@ -180,6 +180,224 @@ module Danger
           expect(@dangerfile).to not_report
         end
       end
+
+      context 'when checking that existing strings are not modified' do
+        let(:source_strings_xml) { 'WordPress/src/main/res/values/strings.xml' }
+
+        def stub_diff(path, patch)
+          allow(@plugin.git).to receive(:modified_files).and_return([path])
+          diff = GitDiffStruct.new('modified', path, patch)
+          allow(@plugin.git).to receive(:diff_for_file).with(path).and_return(diff)
+        end
+
+        it 'reports an error when the value of an existing string is modified in place' do
+          stub_diff(source_strings_xml, <<~STRINGS)
+            diff --git a/#{source_strings_xml} b/#{source_strings_xml}
+            index 5794d472..772e2b99 100644
+            --- a/#{source_strings_xml}
+            +++ b/#{source_strings_xml}
+            @@ -1,3 +1,3 @@
+             <resources xmlns:tools="http://schemas.android.com/tools">
+            -  <string name="greeting">Hello</string>
+            +  <string name="greeting">Hi there</string>
+             </resources>
+          STRINGS
+
+          @plugin.check_existing_strings_not_modified
+
+          expected_error = <<~ERROR
+            #{AndroidStringsChecker::STRING_MODIFIED_MESSAGE}
+            File `#{source_strings_xml}`, string `greeting`:
+            ```diff
+            -  <string name="greeting">Hello</string>
+            +  <string name="greeting">Hi there</string>
+            ```
+          ERROR
+
+          expect(@dangerfile).to report_errors([expected_error])
+        end
+
+        it 'does nothing when a brand new string key is added' do
+          stub_diff(source_strings_xml, <<~STRINGS)
+            diff --git a/#{source_strings_xml} b/#{source_strings_xml}
+            index 5794d472..772e2b99 100644
+            --- a/#{source_strings_xml}
+            +++ b/#{source_strings_xml}
+            @@ -1,2 +1,3 @@
+             <resources xmlns:tools="http://schemas.android.com/tools">
+            +  <string name="greeting">Hello</string>
+             </resources>
+          STRINGS
+
+          @plugin.check_existing_strings_not_modified
+
+          expect(@dangerfile).to not_report
+        end
+
+        it 'does nothing when an existing string key is removed' do
+          stub_diff(source_strings_xml, <<~STRINGS)
+            diff --git a/#{source_strings_xml} b/#{source_strings_xml}
+            index 5794d472..772e2b99 100644
+            --- a/#{source_strings_xml}
+            +++ b/#{source_strings_xml}
+            @@ -1,3 +1,2 @@
+             <resources xmlns:tools="http://schemas.android.com/tools">
+            -  <string name="greeting">Hello</string>
+             </resources>
+          STRINGS
+
+          @plugin.check_existing_strings_not_modified
+
+          expect(@dangerfile).to not_report
+        end
+
+        it 'does nothing when a string is only reordered (value unchanged)' do
+          stub_diff(source_strings_xml, <<~STRINGS)
+            diff --git a/#{source_strings_xml} b/#{source_strings_xml}
+            index 5794d472..772e2b99 100644
+            --- a/#{source_strings_xml}
+            +++ b/#{source_strings_xml}
+            @@ -1,4 +1,4 @@
+             <resources xmlns:tools="http://schemas.android.com/tools">
+            -  <string name="greeting">Hello</string>
+               <string name="other">Other</string>
+            +  <string name="greeting">Hello</string>
+             </resources>
+          STRINGS
+
+          @plugin.check_existing_strings_not_modified
+
+          expect(@dangerfile).to not_report
+        end
+
+        it 'does nothing when a key is renamed (old key removed, new key added)' do
+          stub_diff(source_strings_xml, <<~STRINGS)
+            diff --git a/#{source_strings_xml} b/#{source_strings_xml}
+            index 5794d472..772e2b99 100644
+            --- a/#{source_strings_xml}
+            +++ b/#{source_strings_xml}
+            @@ -1,3 +1,3 @@
+             <resources xmlns:tools="http://schemas.android.com/tools">
+            -  <string name="greeting">Hello</string>
+            +  <string name="greeting_v2">Hello</string>
+             </resources>
+          STRINGS
+
+          @plugin.check_existing_strings_not_modified
+
+          expect(@dangerfile).to not_report
+        end
+
+        it 'ignores modifications to non-translatable strings' do
+          stub_diff(source_strings_xml, <<~STRINGS)
+            diff --git a/#{source_strings_xml} b/#{source_strings_xml}
+            index 5794d472..772e2b99 100644
+            --- a/#{source_strings_xml}
+            +++ b/#{source_strings_xml}
+            @@ -1,3 +1,3 @@
+             <resources xmlns:tools="http://schemas.android.com/tools">
+            -  <string name="app_name" translatable="false">WordPress</string>
+            +  <string name="app_name" translatable="false">WordPress.com</string>
+             </resources>
+          STRINGS
+
+          @plugin.check_existing_strings_not_modified
+
+          expect(@dangerfile).to not_report
+        end
+
+        it 'ignores localized strings.xml files by default' do
+          localized_path = 'WordPress/src/main/res/values-fr/strings.xml'
+          stub_diff(localized_path, <<~STRINGS)
+            diff --git a/#{localized_path} b/#{localized_path}
+            index 5794d472..772e2b99 100644
+            --- a/#{localized_path}
+            +++ b/#{localized_path}
+            @@ -1,3 +1,3 @@
+             <resources xmlns:tools="http://schemas.android.com/tools">
+            -  <string name="greeting">Bonjour</string>
+            +  <string name="greeting">Salut</string>
+             </resources>
+          STRINGS
+
+          @plugin.check_existing_strings_not_modified
+
+          expect(@dangerfile).to not_report
+        end
+
+        it 'reports an error for each modified string across multiple source files' do
+          wp_path = 'WordPress/src/main/res/values/strings.xml'
+          jp_path = 'WordPress/src/jetpack/res/values/strings.xml'
+          allow(@plugin.git).to receive(:modified_files).and_return([wp_path, jp_path])
+
+          wp_diff = GitDiffStruct.new('modified', wp_path, <<~STRINGS)
+            diff --git a/#{wp_path} b/#{wp_path}
+            index 5794d472..772e2b99 100644
+            --- a/#{wp_path}
+            +++ b/#{wp_path}
+            @@ -1,3 +1,3 @@
+             <resources xmlns:tools="http://schemas.android.com/tools">
+            -  <string name="greeting">Hello</string>
+            +  <string name="greeting">Hi</string>
+             </resources>
+          STRINGS
+          allow(@plugin.git).to receive(:diff_for_file).with(wp_path).and_return(wp_diff)
+
+          jp_diff = GitDiffStruct.new('modified', jp_path, <<~STRINGS)
+            diff --git a/#{jp_path} b/#{jp_path}
+            index 5794d472..772e2b99 100644
+            --- a/#{jp_path}
+            +++ b/#{jp_path}
+            @@ -1,3 +1,3 @@
+             <resources xmlns:tools="http://schemas.android.com/tools">
+            -  <string name="farewell">Bye</string>
+            +  <string name="farewell">Goodbye</string>
+             </resources>
+          STRINGS
+          allow(@plugin.git).to receive(:diff_for_file).with(jp_path).and_return(jp_diff)
+
+          @plugin.check_existing_strings_not_modified
+
+          wp_error = <<~ERROR
+            #{AndroidStringsChecker::STRING_MODIFIED_MESSAGE}
+            File `#{wp_path}`, string `greeting`:
+            ```diff
+            -  <string name="greeting">Hello</string>
+            +  <string name="greeting">Hi</string>
+            ```
+          ERROR
+
+          jp_error = <<~ERROR
+            #{AndroidStringsChecker::STRING_MODIFIED_MESSAGE}
+            File `#{jp_path}`, string `farewell`:
+            ```diff
+            -  <string name="farewell">Bye</string>
+            +  <string name="farewell">Goodbye</string>
+            ```
+          ERROR
+
+          expect(@dangerfile.status_report[:errors]).to contain_exactly(wp_error, jp_error)
+        end
+
+        it 'can be configured to report a warning instead of an error' do
+          stub_diff(source_strings_xml, <<~STRINGS)
+            diff --git a/#{source_strings_xml} b/#{source_strings_xml}
+            index 5794d472..772e2b99 100644
+            --- a/#{source_strings_xml}
+            +++ b/#{source_strings_xml}
+            @@ -1,3 +1,3 @@
+             <resources xmlns:tools="http://schemas.android.com/tools">
+            -  <string name="greeting">Hello</string>
+            +  <string name="greeting">Hi there</string>
+             </resources>
+          STRINGS
+
+          @plugin.check_existing_strings_not_modified(report_type: :warning)
+
+          expect(@dangerfile.status_report[:warnings].count).to eq(1)
+          expect(@dangerfile.status_report[:errors]).to be_empty
+        end
+      end
     end
   end
 end

data/spec/pr_size_checker_spec.rb

@@ -146,19 +146,20 @@ module Danger
             allow(@plugin.git).to receive_messages(added_files: [added_config, added_file], modified_files: [modified_file1, modified_file2, added_test_file, modified_strings], deleted_files: [deleted_file1, deleted_test_file, deleted_strings, deleted_file2])
 
             allow(@plugin.git).to receive(:diff).and_return(instance_double(Git::Diff))
-            expected_files = { added_test_file => {}, added_config => {}, added_file => {}, modified_file1 => {}, modified_file2 => {}, modified_strings => {}, deleted_file1 => {}, deleted_file2 => {}, deleted_test_file => {}, deleted_strings => {} }
+            # Populate stats hash directly with insertions/deletions data for the optimized code path
+            expected_files = {
+              added_test_file => { insertions: 201 },
+              added_config => { insertions: 311 },
+              added_file => { insertions: 13 },
+              modified_file1 => { insertions: 127, deletions: 159 },
+              modified_file2 => { insertions: 43, deletions: 37 },
+              modified_strings => { insertions: 432, deletions: 297 },
+              deleted_file1 => { deletions: 246 },
+              deleted_file2 => { deletions: 493 },
+              deleted_test_file => { deletions: 222 },
+              deleted_strings => { deletions: 593 }
+            }
             allow(@plugin.git.diff).to receive(:stats).and_return({ files: expected_files })
-
-            allow(@plugin.git).to receive(:info_for_file).with(added_test_file).and_return({ insertions: 201 })
-            allow(@plugin.git).to receive(:info_for_file).with(added_config).and_return({ insertions: 311 })
-            allow(@plugin.git).to receive(:info_for_file).with(added_file).and_return({ insertions: 13 })
-            allow(@plugin.git).to receive(:info_for_file).with(modified_file1).and_return({ insertions: 127, deletions: 159 })
-            allow(@plugin.git).to receive(:info_for_file).with(modified_file2).and_return({ insertions: 43, deletions: 37 })
-            allow(@plugin.git).to receive(:info_for_file).with(modified_strings).and_return({ insertions: 432, deletions: 297 })
-            allow(@plugin.git).to receive(:info_for_file).with(deleted_file1).and_return({ deletions: 246 })
-            allow(@plugin.git).to receive(:info_for_file).with(deleted_file2).and_return({ deletions: 493 })
-            allow(@plugin.git).to receive(:info_for_file).with(deleted_test_file).and_return({ deletions: 222 })
-            allow(@plugin.git).to receive(:info_for_file).with(deleted_strings).and_return({ deletions: 593 })
           end
         end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: danger-dangermattic
 version: !ruby/object:Gem::Version
-  version: 1.2.3
+  version: 1.3.0
 platform: ruby
 authors:
 - Automattic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-09-25 00:00:00.000000000 Z
+date: 2026-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: danger
@@ -16,14 +16,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '9.4'
+        version: '9.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 9.5.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '9.4'
+        version: '9.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 9.5.3
 - !ruby/object:Gem::Dependency
   name: danger-plugin-api
   requirement: !ruby/object:Gem::Requirement
@@ -201,6 +207,7 @@ files:
 - ".buildkite/gem-push.sh"
 - ".buildkite/pipeline.yml"
 - ".bundle/config"
+- ".github/dependabot.yml"
 - ".github/workflows/README.md"
 - ".github/workflows/reusable-check-labels-on-issues.yml"
 - ".github/workflows/reusable-retry-buildkite-step-on-events.yml"
@@ -209,7 +216,9 @@ files:
 - ".rubocop.yml"
 - ".ruby-version"
 - ".yardopts"
+- AGENTS.md
 - CHANGELOG.md
+- CLAUDE.md
 - Gemfile
 - Gemfile.lock
 - Guardfile