RubyGems - danger-wcc - Versions diffs - 0.0.2 → 0.1.0 - Mend

danger-wcc 0.0.2 → 0.1.0

Files changed (47) hide show

checksums.yaml +4 -4
data/.circleci/config.yml +2 -2
data/.rubocop.yml +24 -17
data/README.md +2 -0
data/danger-wcc.gemspec +4 -4
data/lib/version.rb +1 -1
data/lib/wcc/commit_lint.rb +2 -1
data/lib/wcc/commit_lint/commit_check.rb +0 -1
data/lib/wcc/commit_lint/empty_line_check.rb +0 -1
data/lib/wcc/commit_lint/subject_cap_check.rb +0 -1
data/lib/wcc/commit_lint/subject_length_check.rb +0 -1
data/lib/wcc/commit_lint/subject_period_check.rb +0 -1
data/lib/wcc/commit_lint/subject_words_check.rb +0 -1
data/lib/wcc/defaults.reek +8 -8
data/lib/wcc/dependencies.rb +74 -0
data/lib/wcc/dependencies/yarn_info.rb +83 -0
data/lib/wcc/jshint.rb +2 -2
data/lib/wcc/plugin.rb +21 -11
data/lib/wcc/reek.rb +2 -2
data/lib/wcc/rubocop_exceptions.rb +13 -8
data/lib/wcc/todos.rb +5 -4
data/lib/wcc/utils.rb +17 -5
data/spec/fixtures/dependencies/package.json +112 -0
data/spec/fixtures/dependencies/package.json.diff +28 -0
data/spec/fixtures/dependencies/package.json_patch_bumps_minor.diff +13 -0
data/spec/fixtures/dependencies/package.json_patch_bumps_minor.json +112 -0
data/spec/fixtures/dependencies/yarn.lock +19609 -0
data/spec/fixtures/dependencies/yarn.lock_patch_bumps_minor.lock +19614 -0
data/spec/fixtures/dependencies/yarn_minor_version.diff +33 -0
data/spec/fixtures/dependencies/yarn_minor_version.txt +1151 -0
data/spec/fixtures/dependencies/yarn_old.txt +1152 -0
data/spec/fixtures/dependencies/yarn_patch_bumps_minor.diff +28 -0
data/spec/fixtures/exception_inline_disabled_rule.diff +12 -0
data/spec/fixtures/rubocop_exception.rb +3 -0
data/spec/fixtures_helper.rb +0 -1
data/spec/spec_helper.rb +1 -1
data/spec/wcc/commit_lint_spec.rb +6 -10
data/spec/wcc/dependencies_spec.rb +95 -0
data/spec/wcc/github_spec.rb +13 -7
data/spec/wcc/jshint_spec.rb +1 -1
data/spec/wcc/plugin_spec.rb +18 -17
data/spec/wcc/reek_spec.rb +1 -1
data/spec/wcc/rubocop_exceptions_spec.rb +34 -15
data/spec/wcc/todos_spec.rb +10 -10
data/spec/wcc/utils_spec.rb +2 -2
data/spec/wcc_spec.rb +1 -1
metadata +49 -9

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 668121398555f8e999832607cf9320125a2252d5
-  data.tar.gz: 514a28d49ea478d5491079c155eddf35ea6f7b40
+  metadata.gz: 356af9ca6ebc46af86c402709d820bb30fd94c1e
+  data.tar.gz: 6842e1bc5330f0088b2978c58e9c9e85afab2030
 SHA512:
-  metadata.gz: fb3394ddf30b674ab2652b728cbea2ae27978784f1747d380c4fa07cc75a1db60976fcfc365cc8693ebbaeffd496e64b79ed28a4290422a2fc661c192dcb3f22
-  data.tar.gz: 100ebecf8ec74cbe6d850244ef9d943c307acf26ea10e3ea5d8de57b3701660b41b7df7940f9bdb62544ce4f506fb16552f2001d3b6861ee10f87079cdf6381a
+  metadata.gz: 5c31ffdd4c4cdc7f4a7c8f1631816d6f1452ba31bc0a03d8a5e1c392265ef8b29decd9e644d2f5b437b4ec2d3a282d7973a2f2d81b8fe1c9d02c84e8c3315523
+  data.tar.gz: 9d8fecdeaab1eda89620ac77454c28b9975987fb5a875ce472bae1e8ba2fdac511b54dbfe0647c46ef6c7f3fccdfc9b501a5ca24fbc85c016328e26108445842

data/.circleci/config.yml CHANGED

@@ -9,14 +9,14 @@ jobs:
       - checkout
       # Restore bundle cache
       - restore_cache:
-          key: rails-{{ checksum "Gemfile.lock" }}
+          key: rails-{{ checksum "danger-wcc.gemspec" }}
       # Bundle install dependencies
       - run: bundle install --path /tmp/vendor/bundle
       # Store bundle cache
       - save_cache:
-          key: rails-{{ checksum "Gemfile.lock" }}
+          key: rails-{{ checksum "danger-wcc.gemspec" }}
           paths:
             - /tmp/vendor/bundle

data/.rubocop.yml CHANGED

@@ -2,6 +2,7 @@ AllCops:
   DisplayCopNames: true
   TargetRubyVersion: 2.3
   Exclude:
+    - 'spec/fixtures/**/*'
     # generated by rails/binstubs
     - 'bin/**/*'
@@ -31,7 +32,7 @@ Style/FormatStringToken:
 Metrics/BlockLength:
   Exclude:
     # config files where we expect long blocks
-    - 'danger-wm.gemspec'
+    - 'danger-wcc.gemspec'
     # spec files that might have a big describe
     - 'spec/**/*.rb'
     # dsl files https://stackoverflow.com/a/41187163
@@ -43,29 +44,39 @@ Metrics/MethodLength:
 Metrics/ModuleLength:
   Exclude:
-   - 'lib/wm/utils.rb'
+   - 'lib/wcc/utils.rb'
    - 'spec/**/*.rb'
-Performance/HashEachMethods:
-  Exclude:
-    - 'spec/**/*.rb'
-Performance/UnfreezeString:
-  Exclude:
-    - 'spec/**/*.rb'
+Naming/MethodParameterName:
+  Enabled: false
-Style/BracesAroundHashParameters:
+Naming/MemoizedInstanceVariableName:
   Enabled: false
 Lint/AssignmentInCondition:
   Enabled: false
+Lint/RaiseException:
+  Enabled: true
+Lint/StructNewOverride:
+  Enabled: true
 Style/EmptyMethod:
   EnforcedStyle: expanded
 Style/Alias:
   EnforcedStyle: prefer_alias_method
+Style/HashEachMethods:
+  Enabled: true
+Style/HashTransformKeys:
+  Enabled: true
+Style/HashTransformValues:
+  Enabled: true
 Style/NumericPredicate:
   EnforcedStyle: comparison
@@ -76,13 +87,13 @@ Style/RegexpLiteral:
 Style/SignalException:
   Enabled: false
-Layout/AlignParameters:
+Layout/ParameterAlignment:
   EnforcedStyle: with_fixed_indentation
-Layout/IndentHash:
+Layout/FirstHashElementIndentation:
   EnforcedStyle: consistent
-Layout/AlignHash:
+Layout/HashAlignment:
   # allow coder to get around alignment rules by explicitly defining the hash param
   EnforcedLastArgumentHashStyle: ignore_explicit
@@ -124,10 +135,6 @@ Layout/MultilineAssignmentLayout:
   StyleGuide: '#indent-conditional-assignment'
   Enabled: true
-Lint/UnneededDisable:
-  Exclude:
-    - 'spec/fixtures/**/*'
 Lint/MissingCopEnableDirective:
   Exclude:
     - 'spec/fixtures/**/*'

data/README.md CHANGED

@@ -1,2 +1,4 @@
+![Build Status](https://circleci.com/gh/watermarkchurch/danger-wcc.svg?&style=shield&circle-token=87f4572e4fd1982dcbefc9feca233865955eb9e7)
 Copyright (c) 2018 Watermark Community Church
 all rights reserved

data/danger-wcc.gemspec CHANGED

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'version'
@@ -20,10 +19,11 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
+  spec.add_runtime_dependency 'activesupport', '> 5'
   spec.add_runtime_dependency 'brakeman'
   spec.add_runtime_dependency 'danger-plugin-api', '~> 1.0'
   spec.add_runtime_dependency 'flay'
-  spec.add_runtime_dependency 'git_diff', '~> 0.3'
+  spec.add_runtime_dependency 'git_diff', '~> 0.4'
   spec.add_runtime_dependency 'reek'
   # General ruby development
@@ -36,7 +36,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'webmock', '~> 3.1'
   # Linting code and docs
-  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'rubocop', '~> 0.81'
   spec.add_development_dependency 'yard'
   # Makes testing easy via `bundle exec guard`

data/lib/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module DangerWCC
-  VERSION = '0.0.2'
+  VERSION = '0.1.0'
 end

data/lib/wcc/commit_lint.rb CHANGED

@@ -102,7 +102,7 @@ class Danger::DangerWCC < Danger::Plugin
       return unless c.fail?
       messaging.issue([c.message, message[:sha]].join("\n"),
-        severity: severity)
+                      severity: severity)
     end
     def checkers
@@ -141,6 +141,7 @@ class Danger::DangerWCC < Danger::Plugin
     def warning_checks
       return checks if @config[:warn] == :all
       @config[:warn] || []
     end

data/lib/wcc/commit_lint/commit_check.rb CHANGED

@@ -1,4 +1,3 @@
 # frozen_string_literal: true
 class CommitCheck

data/lib/wcc/commit_lint/empty_line_check.rb CHANGED

@@ -1,4 +1,3 @@
 # frozen_string_literal: true
 class EmptyLineCheck < CommitCheck

data/lib/wcc/commit_lint/subject_cap_check.rb CHANGED

@@ -1,4 +1,3 @@
 # frozen_string_literal: true
 class SubjectCapCheck < CommitCheck

data/lib/wcc/commit_lint/subject_length_check.rb CHANGED

@@ -1,4 +1,3 @@
 # frozen_string_literal: true
 class SubjectLengthCheck < CommitCheck

data/lib/wcc/commit_lint/subject_period_check.rb CHANGED

@@ -1,4 +1,3 @@
 # frozen_string_literal: true
 class SubjectPeriodCheck < CommitCheck

data/lib/wcc/commit_lint/subject_words_check.rb CHANGED

@@ -1,4 +1,3 @@
 # frozen_string_literal: true
 class SubjectWordsCheck < CommitCheck

data/lib/wcc/defaults.reek CHANGED

@@ -23,10 +23,10 @@ DuplicateMethodCall:
   allow_calls: []
 FeatureEnvy:
   enabled: true
-  exclude: []
+  exclude: ["Helper"]
 InstanceVariableAssumption:
   enabled: true
-  exclude: []
+  exclude: ["Controller"]
 IrresponsibleModule:
   enabled: false
   exclude: []
@@ -54,7 +54,7 @@ NestedIterators:
   ignore_iterators:
   - tap
 NilCheck:
-  enabled: true
+  enabled: false
   exclude: []
 PrimaDonnaMethod:
   enabled: true
@@ -70,15 +70,15 @@ Syntax:
   enabled: true
   exclude: []
 TooManyConstants:
-  enabled: false
+  enabled: true
   exclude: []
   max_constants: 5
 TooManyInstanceVariables:
-  enabled: false
+  enabled: true
   exclude: []
   max_instance_variables: 5
 TooManyMethods:
-  enabled: false
+  enabled: true
   exclude: []
   max_methods: 15
 TooManyStatements:
@@ -127,5 +127,5 @@ UnusedPrivateMethod:
   exclude: []
 UtilityFunction:
   enabled: true
-  exclude: []
-  public_methods_only: false
+  exclude: ["Helper", "util"]
+  public_methods_only: true

data/lib/wcc/dependencies.rb ADDED

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+require 'active_support'
+require_relative 'utils'
+class Danger::DangerWCC < Danger::Plugin
+  class Dependencies
+    include Utils
+    def yarn_info
+      @yarn_info ||= YarnInfo.new(self) if File.exist?('yarn.lock')
+    end
+    def initialize(plugin, options = {})
+      @plugin = plugin
+      @options = options
+    end
+    def perform
+      return unless File.exist?('yarn.lock')
+      find_yarn_violations
+    end
+    private
+    def issue_yarn_violation(package, versions)
+      line_index = yarn_info.find_index_in_lockfile(package, versions[1])
+      plugin.fail "Dangerous change! #{package} was updated "\
+        "from #{versions[0]} to #{versions[1]}"\
+        ' without a corresponding change to package.json!',
+                  file: 'yarn.lock', line: line_index
+    end
+    def find_yarn_violations # rubocop:disable Metrics/AbcSize
+      # if there's a corresponding change in the package.json, ignore
+      mods =
+        yarn_info.modified_yarn_dependencies
+          .except(*yarn_info.package_json_changes)
+          .select { |_, versions| dangerous_change?(versions[0], versions[1]) }
+      has_dangerous_top_level_changes = false
+      # issue warnings for top level dependencies
+      mods.slice(*yarn_info.package_json_dependencies)
+        .each do |package, versions|
+          has_dangerous_top_level_changes = true
+          issue_yarn_violation(package, versions)
+        end
+      # issue warnings if a sub-dependency changed without a dangerous change in
+      # a top level dependency
+      return if has_dangerous_top_level_changes
+      mods.except(*yarn_info.package_json_dependencies)
+        .each do |package, versions|
+          issue_yarn_violation(package, versions)
+        end
+    end
+    def dangerous_change?(old_version, new_version)
+      # the package was deleted
+      return true unless new_version
+      old_segments = old_version.segments
+      new_segments = new_version.segments
+      # the major or minor version changed.
+      new_segments[0] > old_segments[0] ||
+        new_segments[1] > old_segments[1]
+    end
+  end
+end
+require_relative 'dependencies/yarn_info'

data/lib/wcc/dependencies/yarn_info.rb ADDED

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+class Danger::DangerWCC::Dependencies
+  class YarnInfo
+    def yarn_lock
+      @yarn_lock ||= File.readlines('yarn.lock')
+    end
+    def package_json_dependencies
+      @package_json_dependencies ||=
+        JSON.parse(File.read('package.json'))['dependencies']&.keys || []
+    end
+    def package_json_changes
+      @package_json_changes ||= find_package_json_changes
+    end
+    def modified_yarn_dependencies
+      @modified_yarn_dependencies ||= find_modified_yarn_packages
+    end
+    attr_reader :plugin
+    def initialize(plugin)
+      @plugin = plugin
+    end
+    def find_index_in_lockfile(package, version)
+      return 0 unless version
+      re = Regexp.new("^#{Regexp.escape(package)}@", Regexp::IGNORECASE)
+      indexes =
+        yarn_lock.each_with_index
+          .select { |l, _i| re.match(l) }
+          .map { |pair| pair[1] }
+      idx =
+        indexes.find do |i|
+          yarn_lock[i + 1].include?("version \"#{version}\"")
+        end
+      (idx || -1) + 1
+    end
+    def parse_yarn_semver(line)
+      match = /(?<package>\S+)\@(?<version>\S+)/.match(line)
+      [match['package'], Gem::Version.new(match['version'])] if match
+    end
+    private
+    def find_package_json_changes
+      return [] unless file = plugin.find_file_in_diff('package.json')
+      adds = file.hunks.flat_map { |h| h.lines.select(&:addition?) }
+      adds.map { |l| /\"(?<package>\S+)\"\: \"\S+\"/.match(l.content) }
+        .compact
+        .map { |match| match['package'] }
+    end
+    def find_modified_yarn_packages # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+      diff = plugin.run_and_diff(
+        'NODE_ENV=production yarn list --depth 0 2>/dev/null'
+      )
+      diff = GitDiff.from_string(diff)
+      {}.tap do |modified_packages|
+        plugin.each_file_in_diff(diff) do |file, _diff|
+          file.hunks.each do |hunk|
+            deleted, added =
+              %i[deletion? addition?].map do |type|
+                Hash[hunk.lines.select { |l| l.public_send(type) }
+                  .map { |l| parse_yarn_semver(l.content) }
+                  .compact]
+              end
+            deleted.each do |(package, version)|
+              modified_packages[package] =
+                [version, added[package]]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/wcc/jshint.rb CHANGED

@@ -56,8 +56,8 @@ class Danger::DangerWCC < Danger::Plugin
       )
       plugin.warn(warning.captures[2],
-        file: warning.captures[0],
-        line: warning.captures[1].to_i)
+                  file: warning.captures[0],
+                  line: warning.captures[1].to_i)
     end
   end
 end

data/lib/wcc/plugin.rb CHANGED

@@ -7,28 +7,33 @@ require_relative 'rubocop_exceptions'
 require_relative 'commit_lint'
 require_relative 'reek'
 require_relative 'jshint'
+require_relative 'dependencies'
 class Danger::DangerWCC < Danger::Plugin
   include Utils
   include Github
-  CHECKS = %i[
-    rubocop_exceptions
-    todos
-    commit_lint
-    reek
-    flay
-    brakeman
-    jshint
-  ].freeze
+  DEFAULT_OPTIONS = {
+    rubocop_exceptions: true,
+    flay: true,
+    todos: true,
+    brakeman: true,
+    commit_lint: false,
+    reek: false,
+    jshint: false,
+    dependencies: true
+  }.freeze
   # Runs all the included checks in the plugin
   def all(options = {})
-    to_run = CHECKS.reject { |check_name| options[check_name] == false }
+    options = DEFAULT_OPTIONS.merge(options)
+    to_run = options.keys.reject { |check_name| options[check_name] == false }
     raise ArgumentError, 'No Enabled Checks' if to_run.empty?
     to_run.each do |check_name|
-      public_send(check_name, options.fetch(check_name, {}))
+      check_options = options.fetch(check_name, {})
+      public_send(check_name, check_options == true ? {} : check_options)
     end
   end
@@ -92,6 +97,11 @@ class Danger::DangerWCC < Danger::Plugin
     Jshint.new(self, options).perform
   end
+  def dependencies(options = {})
+    logger.info "dependencies: #{options}"
+    Dependencies.new(self, options).perform
+  end
   private
   def parse_flay_results