danger-wcc 0.0.3 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 822cbea6b3d318ccd075ef94c306dff86f5b698f
-  data.tar.gz: ba50fe979f5d6cfd95cc7b5d55c4599cb7485e45
+  metadata.gz: c6061afcb81994d044747055b405da083c2a8f68
+  data.tar.gz: 9113729ee91c5f20f20bcbdc7dc193c8767a4118
 SHA512:
-  metadata.gz: 4e4d2b1be606ce15f16feb52cfda344c032da630940fd57028c13e641e2f39902064c01f49404c10280e1e201a1894ca42514c295189da55bfcf37ac6303404e
-  data.tar.gz: ba579966648a14056ea708c522235058cda132b556de9fa3c04d8277b0be08f57ad37d7c2c5688c5cb4740d66bd20d1c4eac82d66d8510a1b22256bc2d09e5df
+  metadata.gz: 1912d4617cea797c14e831c2fe0ba7669b85153944169f1345611eca4e4c4b6de6c3963f3735d6b1e1e51a76c29d2756534b59edbef3f15f0c56e2c78288ba3b
+  data.tar.gz: cabc48b95b641fdc38a403e6587788d5268a2c6325ab9542252e203c7fbb4968961e1d2bce2e3210804c5b343732b6575eee311f53194187234aeae88caaaa49

data/.rubocop.yml

@@ -2,6 +2,7 @@ AllCops:
   DisplayCopNames: true
   TargetRubyVersion: 2.3
   Exclude:
+    - 'spec/fixtures/**/*'
     # generated by rails/binstubs
     - 'bin/**/*'
 
@@ -46,26 +47,36 @@ Metrics/ModuleLength:
    - 'lib/wcc/utils.rb'
    - 'spec/**/*.rb'
 
-Performance/HashEachMethods:
-  Exclude:
-    - 'spec/**/*.rb'
-
-Performance/UnfreezeString:
-  Exclude:
-    - 'spec/**/*.rb'
+Naming/MethodParameterName:
+  Enabled: false
 
-Style/BracesAroundHashParameters:
+Naming/MemoizedInstanceVariableName:
   Enabled: false
 
 Lint/AssignmentInCondition:
   Enabled: false
 
+Lint/RaiseException:
+  Enabled: true
+
+Lint/StructNewOverride:
+  Enabled: true
+
 Style/EmptyMethod:
   EnforcedStyle: expanded
 
 Style/Alias:
   EnforcedStyle: prefer_alias_method
 
+Style/HashEachMethods:
+  Enabled: true
+
+Style/HashTransformKeys:
+  Enabled: true
+
+Style/HashTransformValues:
+  Enabled: true
+
 Style/NumericPredicate:
   EnforcedStyle: comparison
 
@@ -76,13 +87,13 @@ Style/RegexpLiteral:
 Style/SignalException:
   Enabled: false
 
-Layout/AlignParameters:
+Layout/ParameterAlignment:
   EnforcedStyle: with_fixed_indentation
 
-Layout/IndentHash:
+Layout/FirstHashElementIndentation:
   EnforcedStyle: consistent
 
-Layout/AlignHash:
+Layout/HashAlignment:
   # allow coder to get around alignment rules by explicitly defining the hash param
   EnforcedLastArgumentHashStyle: ignore_explicit
 
@@ -124,10 +135,6 @@ Layout/MultilineAssignmentLayout:
   StyleGuide: '#indent-conditional-assignment'
   Enabled: true
 
-Lint/UnneededDisable:
-  Exclude:
-    - 'spec/fixtures/**/*'
-
 Lint/MissingCopEnableDirective:
   Exclude:
     - 'spec/fixtures/**/*'

data/danger-wcc.gemspec

@@ -1,7 +1,6 @@
-
 # frozen_string_literal: true
 
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'version'
 
@@ -20,6 +19,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
+  spec.add_runtime_dependency 'activesupport', '> 5'
   spec.add_runtime_dependency 'brakeman'
   spec.add_runtime_dependency 'danger-plugin-api', '~> 1.0'
   spec.add_runtime_dependency 'flay'
@@ -36,7 +36,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'webmock', '~> 3.1'
 
   # Linting code and docs
-  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'rubocop', '~> 0.81'
   spec.add_development_dependency 'yard'
 
   # Makes testing easy via `bundle exec guard`

data/lib/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module DangerWCC
-  VERSION = '0.0.3'
+  VERSION = '0.1.1'
 end

data/lib/wcc/commit_lint.rb

@@ -102,7 +102,7 @@ class Danger::DangerWCC < Danger::Plugin
       return unless c.fail?
 
       messaging.issue([c.message, message[:sha]].join("\n"),
-        severity: severity)
+                      severity: severity)
     end
 
     def checkers
@@ -141,6 +141,7 @@ class Danger::DangerWCC < Danger::Plugin
 
     def warning_checks
       return checks if @config[:warn] == :all
+
       @config[:warn] || []
     end
 

data/lib/wcc/commit_lint/commit_check.rb

@@ -1,4 +1,3 @@
-
 # frozen_string_literal: true
 
 class CommitCheck

data/lib/wcc/commit_lint/empty_line_check.rb

@@ -1,4 +1,3 @@
-
 # frozen_string_literal: true
 
 class EmptyLineCheck < CommitCheck

data/lib/wcc/commit_lint/subject_cap_check.rb

@@ -1,4 +1,3 @@
-
 # frozen_string_literal: true
 
 class SubjectCapCheck < CommitCheck

data/lib/wcc/commit_lint/subject_length_check.rb

@@ -1,4 +1,3 @@
-
 # frozen_string_literal: true
 
 class SubjectLengthCheck < CommitCheck

data/lib/wcc/commit_lint/subject_period_check.rb

@@ -1,4 +1,3 @@
-
 # frozen_string_literal: true
 
 class SubjectPeriodCheck < CommitCheck

data/lib/wcc/commit_lint/subject_words_check.rb

@@ -1,4 +1,3 @@
-
 # frozen_string_literal: true
 
 class SubjectWordsCheck < CommitCheck

data/lib/wcc/defaults.reek

@@ -23,10 +23,10 @@ DuplicateMethodCall:
   allow_calls: []
 FeatureEnvy:
   enabled: true
-  exclude: []
+  exclude: ["Helper"]
 InstanceVariableAssumption:
   enabled: true
-  exclude: []
+  exclude: ["Controller"]
 IrresponsibleModule:
   enabled: false
   exclude: []
@@ -54,7 +54,7 @@ NestedIterators:
   ignore_iterators:
   - tap
 NilCheck:
-  enabled: true
+  enabled: false
   exclude: []
 PrimaDonnaMethod:
   enabled: true
@@ -70,15 +70,15 @@ Syntax:
   enabled: true
   exclude: []
 TooManyConstants:
-  enabled: false
+  enabled: true
   exclude: []
   max_constants: 5
 TooManyInstanceVariables:
-  enabled: false
+  enabled: true
   exclude: []
   max_instance_variables: 5
 TooManyMethods:
-  enabled: false
+  enabled: true
   exclude: []
   max_methods: 15
 TooManyStatements:
@@ -127,5 +127,5 @@ UnusedPrivateMethod:
   exclude: []
 UtilityFunction:
   enabled: true
-  exclude: []
-  public_methods_only: false
+  exclude: ["Helper", "util"]
+  public_methods_only: true

data/lib/wcc/dependencies.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+require 'active_support'
+require_relative 'utils'
+
+class Danger::DangerWCC < Danger::Plugin
+  class Dependencies
+    include Utils
+
+    DEFAULT_OPTIONS = {
+      lockfile: 'yarn.lock',
+      severity: :warn
+    }.freeze
+
+    def yarn_info
+      @yarn_info ||=
+        Danger::DangerWCC::Util::YarnInfo.new(self, @options)
+    end
+
+    def initialize(plugin, options = {})
+      @plugin = plugin
+      @options = DEFAULT_OPTIONS.merge(options)
+    end
+
+    def perform
+      return unless File.exist?(@options[:lockfile])
+
+      find_yarn_violations
+    end
+
+    private
+
+    def issue_yarn_violation(package, versions)
+      line_index = yarn_info.find_index_in_lockfile(package, versions[1])
+
+      msg = "Dangerous change! #{package} was updated "\
+      "from #{versions[0]} to #{versions[1]}"\
+      ' without a corresponding change to package.json!'
+      plugin.public_send(
+        @options[:severity],
+        msg,
+        file: @options[:lockfile],
+        line: line_index
+      )
+    end
+
+    def find_yarn_violations # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+      # if there are any explicit major version changes in top level deps,
+      # say nothing about anything b/c it'll likely be noisy
+      has_explicit_mods =
+        yarn_info.modified_yarn_dependencies
+          .slice(*yarn_info.package_json_changes)
+          .any? { |_, v| major_version_change?(v[0], v[1]) }
+      return if has_explicit_mods
+
+      # Do say something if top level minor version change induces dangerous
+      # changes in other deps
+
+      mods =
+        yarn_info.modified_yarn_dependencies
+          .select { |_, versions| dangerous_change?(versions[0], versions[1]) }
+
+      has_dangerous_top_level_changes = false
+      mods.slice(*yarn_info.package_json_dependencies)
+        .each do |package, versions|
+          has_dangerous_top_level_changes = true
+          issue_yarn_violation(package, versions)
+        end
+
+      # issue warnings if a sub-dependency changed without a dangerous change in
+      # a top level dependency
+      return if has_dangerous_top_level_changes
+
+      mods.except(*yarn_info.package_json_dependencies)
+        .each do |package, versions|
+          issue_yarn_violation(package, versions)
+        end
+    end
+
+    def major_version_change?(old_version, new_version)
+      return false unless new_version
+
+      new_version.segments[0] > old_version.segments[0]
+    end
+
+    def dangerous_change?(old_version, new_version)
+      # the package was deleted
+      return true unless new_version
+
+      old_segments = old_version.segments
+      new_segments = new_version.segments
+
+      # the major or minor version changed.
+      new_segments[0] > old_segments[0] ||
+        new_segments[1] > old_segments[1]
+    end
+  end
+end
+
+require_relative './util/yarn_info'

data/lib/wcc/jshint.rb

@@ -56,8 +56,8 @@ class Danger::DangerWCC < Danger::Plugin
       )
 
       plugin.warn(warning.captures[2],
-        file: warning.captures[0],
-        line: warning.captures[1].to_i)
+                  file: warning.captures[0],
+                  line: warning.captures[1].to_i)
     end
   end
 end

data/lib/wcc/plugin.rb

@@ -7,28 +7,36 @@ require_relative 'rubocop_exceptions'
 require_relative 'commit_lint'
 require_relative 'reek'
 require_relative 'jshint'
+require_relative 'dependencies'
+require_relative 'yarn_deduplicate'
 
-class Danger::DangerWCC < Danger::Plugin
+class Danger::DangerWCC < Danger::Plugin # rubocop:disable Metrics/ClassLength
   include Utils
   include Github
 
-  CHECKS = %i[
-    rubocop_exceptions
-    todos
-    commit_lint
-    reek
-    flay
-    brakeman
-    jshint
-  ].freeze
+  DEFAULT_OPTIONS = {
+    rubocop_exceptions: true,
+    todos: true,
+    brakeman: true,
+    dependencies: true,
+    yarn_deduplicate: true,
+
+    commit_lint: false,
+    reek: false,
+    jshint: false,
+    flay: false
+  }.freeze
 
   # Runs all the included checks in the plugin
   def all(options = {})
-    to_run = CHECKS.reject { |check_name| options[check_name] == false }
+    options = DEFAULT_OPTIONS.merge(options)
+
+    to_run = options.keys.reject { |check_name| options[check_name] == false }
     raise ArgumentError, 'No Enabled Checks' if to_run.empty?
 
     to_run.each do |check_name|
-      public_send(check_name, options.fetch(check_name, {}))
+      check_options = options.fetch(check_name, {})
+      public_send(check_name, check_options == true ? {} : check_options)
     end
   end
 
@@ -92,6 +100,16 @@ class Danger::DangerWCC < Danger::Plugin
     Jshint.new(self, options).perform
   end
 
+  def dependencies(options = {})
+    logger.info "dependencies: #{options}"
+    Dependencies.new(self, options).perform
+  end
+
+  def yarn_deduplicate(options = {})
+    logger.info "yarn_deduplicate: #{options}"
+    YarnDeduplicate.new(self, options).perform
+  end
+
   private
 
   def parse_flay_results

data/lib/wcc/reek.rb

@@ -49,8 +49,8 @@ class Danger::DangerWCC < Danger::Plugin
 
       line_info = with_line_number.match(/^\s*([^\:]+)\:(\d+)\:/i)
       plugin.warn(format_links_as_markdown(warning.captures[0]),
-        file: line_info.captures[0],
-        line: line_info.captures[1].to_i)
+                  file: line_info.captures[0],
+                  line: line_info.captures[1].to_i)
     end
   end
 end

data/lib/wcc/rubocop_exceptions.rb

@@ -6,9 +6,9 @@ class Danger::DangerWCC < Danger::Plugin
   class RubocopExceptions
     include Utils
 
-    DISABLE_REGEX = /^(?:\+\s)?.*\#\s*rubocop\:disable\s+(\S+)/i
-    ENABLE_REGEX = /^(?:\+\s)?\s*\#\s*rubocop\:enable\s+(\S+)/i
-    COMMENT_LINE_REGEX = /^(?:\+\s)?\s*\#\s*(.+)$/i
+    DISABLE_REGEX = /^(?:\+\s)?.*\#\s*rubocop\:disable\s+(\S+)/i.freeze
+    ENABLE_REGEX = /^(?:\+\s)?\s*\#\s*rubocop\:enable\s+(\S+)/i.freeze
+    COMMENT_LINE_REGEX = /^(?:\+\s)?\s*\#\s*(.+)$/i.freeze
 
     def initialize(plugin, options = {})
       @plugin = plugin
@@ -20,7 +20,7 @@ class Danger::DangerWCC < Danger::Plugin
         message = build_message(e)
         severity = message_severity(e)
         issue(message,
-          severity: severity, file: e[:file], line: e[:disabled_at])
+              severity: severity, file: e[:file], line: e[:disabled_at])
       end
     end
 
@@ -35,7 +35,7 @@ class Danger::DangerWCC < Danger::Plugin
         else
           "  \nPlease provide an explanation why this rule was disabled."
         end
-      unless e[:reenabled]
+      unless e[:inline] || e[:reenabled]
         message += "\n\nThe rule was not reenabled!\n"\
           'Please add a `rubocop:enable` comment so the rule is disabled '\
           'for the minimal scope.'
@@ -44,7 +44,7 @@ class Danger::DangerWCC < Danger::Plugin
     end
 
     def message_severity(e)
-      if !e[:reenabled]
+      if !e[:inline] && !e[:reenabled]
         'fail'
       elsif e[:context_lines].empty?
         'warn'
@@ -60,18 +60,23 @@ class Danger::DangerWCC < Danger::Plugin
       end
     end
 
+    # rubocop:disable Metrics/AbcSize
     def make_violation(file_contents, hunk, line, rule)
+      is_inline_comment = !/^\s*\+?\s*\#/.match(line.content)
+
       reenable_line_offset = find_reenable(file_contents,
-        line.line_number.right,
-        rule)
+                                           line.line_number.right,
+                                           rule)
 
       {
         rule: rule,
         disabled_at: line.line_number.right,
+        inline: is_inline_comment,
         reenabled: !reenable_line_offset.nil?,
         context_lines: find_context(hunk.lines.drop(hunk.lines.index(line)))
       }
     end
+    # rubocop:enable Metrics/AbcSize
 
     def find_context(diff_lines)
       # search for all non-`rubocop:` comment lines immediately