danger-wcc 0.0.6 → 0.1.3

data/spec/wcc/dependencies_spec.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+require File.expand_path('../spec_helper', __dir__)
+
+module Danger
+  describe Danger::DangerWCC do
+    before do
+      @dangerfile = testing_dangerfile
+      @my_plugin = @dangerfile.wcc
+      @git = @dangerfile.git
+      @github = @dangerfile.github
+
+      allow(@github).to receive(:html_link) do |text|
+        "<a href=\"github_html_link\">#{text}</a>"
+      end
+
+      allow(File).to receive(:exist?).and_call_original
+      allow(File).to receive(:read).and_call_original
+      allow(File).to receive(:exist?).with('yarn.lock')
+        .and_return(true)
+      allow(File).to receive(:readlines).with('yarn.lock')
+        .and_return(load_fixture('dependencies/yarn.lock').split("\n"))
+      allow(File).to receive(:read).with('package.json')
+        .and_return(load_fixture('dependencies/package.json'))
+      allow(Dir).to receive(:glob).and_return([])
+    end
+
+    describe 'yarn dependencies' do
+      let(:subject) { Danger::DangerWCC::Dependencies.new(@my_plugin) }
+
+      it 'Errors when minor version changes' do
+        allow(subject).to receive(:run_and_diff)
+          .with(/yarn list/)
+          .and_return(load_fixture('dependencies/yarn_minor_version.diff'))
+        allow(@git).to receive(:diff)
+          .and_return([
+                        load_diff(
+                          'spec/fixtures/dependencies/package.json',
+                          'dependencies/package.json'
+                        )
+                      ])
+
+        # act
+        subject.perform
+
+        expect(@dangerfile.violation_report[:warnings])
+          .to eq([Violation.new(
+            'Dangerous change! react-instantsearch was updated '\
+            'from 5.3.2 to 5.7.0 without a corresponding '\
+            'change to package.json!',
+            false,
+            'yarn.lock',
+            15_613,
+            type: :error
+          )])
+      end
+
+      it 'Errors when patch bump causes minor version changes' do
+        allow(File).to receive(:readlines).with('yarn.lock')
+          .and_return(
+            load_fixture('dependencies/yarn.lock_patch_bumps_minor.lock')
+            .split("\n")
+          )
+
+        allow(subject).to receive(:run_and_diff)
+          .with(/yarn list/)
+          .and_return(load_fixture('dependencies/yarn_patch_bumps_minor.diff'))
+        allow(@git).to receive(:diff)
+          .and_return(
+            [
+              load_diff(
+                'spec/fixtures/dependencies/'\
+                  'package.json_patch_bumps_minor.json',
+                'dependencies/package.json_patch_bumps_minor'
+              )
+            ]
+          )
+
+        # act
+        subject.perform
+
+        expect(@dangerfile.violation_report[:warnings])
+          .to eq([Violation.new(
+            'Dangerous change! lodash was updated '\
+            'from 4.17.15 to 4.18.1 without a corresponding '\
+            'change to package.json!',
+            false,
+            'yarn.lock',
+            # make sure we pick out the right lodash!  There's 3 of them.
+            12_111,
+            type: :error
+          )])
+      end
+
+      it 'ignores all changes when top level major version changes' do
+        allow(File).to receive(:readlines).with('yarn.lock')
+          .and_return(
+            load_fixture('dependencies/yarn.lock_second_level_effect.lock')
+            .split("\n")
+          )
+        allow(File).to receive(:read).with('package.json')
+          .and_return(
+            load_fixture('dependencies/'\
+              'package.json_second_level_effect.json')
+          )
+
+        allow(subject).to receive(:run_and_diff)
+          .with(/yarn list/)
+          .and_return(load_fixture(
+                        'dependencies/yarn_list_second_level_effect.txt.diff'
+                      ))
+        allow(@git).to receive(:diff)
+          .and_return(
+            [
+              load_diff(
+                'package.json',
+                'dependencies/package.json_second_level_effect'
+              )
+            ]
+          )
+
+        # act
+        subject.perform
+
+        expect(@dangerfile.violation_report[:warnings].map(&:message))
+          .to eq([])
+      end
+    end
+  end
+end

data/spec/wcc/plugin_spec.rb

@@ -17,11 +17,14 @@ module Danger
 
     describe 'all' do
       it 'runs all default and passes default options' do
-        %i[rubocop_exceptions flay todos brakeman].each do |check|
+        %i[
+          rubocop_exceptions todos brakeman
+          dependencies yarn_deduplicate
+        ].each do |check|
           expect(@my_plugin).to receive(check)
             .with({})
         end
-        %i[commit_lint reek jshint].each do |check|
+        %i[commit_lint flay reek jshint].each do |check|
           expect(@my_plugin).to_not receive(check)
         end
 
@@ -47,6 +50,7 @@ module Danger
       it 'runs only enabled checks' do
         options = {
           rubocop_exceptions: false,
+          yarn_deduplicate: false,
           todos: false,
           brakeman: false,
           reek: true
@@ -54,7 +58,7 @@ module Danger
 
         # expect
         expect(@my_plugin).to receive(:reek)
-        expect(@my_plugin).to receive(:flay)
+        expect(@my_plugin).to receive(:dependencies)
         expect(@my_plugin).to_not receive(:rubocop_exceptions)
         expect(@my_plugin).to_not receive(:commit_lint)
 

data/spec/wcc/yarn_deduplicate_spec.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require File.expand_path('../spec_helper', __dir__)
+
+module Danger
+  describe Danger::DangerWCC do
+    before do
+      @dangerfile = testing_dangerfile
+      @my_plugin = @dangerfile.wcc
+      @git = @dangerfile.git
+      @github = @dangerfile.github
+
+      allow(@github).to receive(:pr_json)
+        .and_return(JSON.parse(load_fixture('github_pr.json')))
+      allow(subject).to receive(:run)
+        .with(/npm/)
+        .and_return('')
+      allow(subject).to receive(:run_and_diff)
+        .and_return(load_fixture('yarn_deduplicate/list.diff'))
+
+      allow(File).to receive(:exist?).and_call_original
+      allow(File).to receive(:read).and_call_original
+      allow(File).to receive(:exist?).with('yarn.lock')
+        .and_return(true)
+      allow(File).to receive(:readlines).with('yarn.lock')
+        .and_return(load_fixture('yarn_deduplicate/yarn.lock').split("\n"))
+    end
+
+    describe 'yarn_deduplicate' do
+      let(:subject) { Danger::DangerWCC::YarnDeduplicate.new(@my_plugin) }
+
+      it 'runs yarn-deduplicate and parses diff' do
+        # act
+        subject.perform
+
+        # assert
+        warnings = @dangerfile.violation_report[:warnings]
+        expect(warnings.length).to eq(2)
+
+        expect(warnings[0].message)
+          .to include('You have an opportunity to deduplicate "@babel/core".')
+        expect(warnings[0].message)
+          .to include('It\'s using 7.4.0 but could use the existing version '\
+            '7.12.10.')
+        expect(warnings[0].message)
+          .to include('npx yarn-deduplicate -s fewer --packages "@babel/core"')
+        expect(warnings[0].file).to eq('yarn.lock')
+        expect(warnings[0].line).to eq(24)
+
+        expect(warnings[1].message)
+          .to include('npx yarn-deduplicate -s fewer --packages "@babel/core"')
+        expect(warnings[1].file).to eq('yarn.lock')
+        expect(warnings[1].line).to eq(24)
+      end
+    end
+  end
+end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: danger-wcc
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.1.3
 platform: ruby
 authors:
 - Watermark Dev
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-10 00:00:00.000000000 Z
+date: 2021-10-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: brakeman
+  name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ">"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ">"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5'
 - !ruby/object:Gem::Dependency
   name: danger-plugin-api
   requirement: !ruby/object:Gem::Requirement
@@ -39,13 +39,27 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: flay
+  name: git_diff
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: brakeman
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -53,19 +67,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: git_diff
+  name: flay
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.4'
-  type: :runtime
+        version: '0'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: reek
   requirement: !ruby/object:Gem::Requirement
@@ -73,7 +87,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -279,17 +293,35 @@ files:
 - lib/wcc/commit_lint/subject_words_check.rb
 - lib/wcc/default.jshintrc
 - lib/wcc/defaults.reek
+- lib/wcc/dependencies.rb
 - lib/wcc/github.rb
 - lib/wcc/jshint.rb
 - lib/wcc/plugin.rb
 - lib/wcc/reek.rb
 - lib/wcc/rubocop_exceptions.rb
 - lib/wcc/todos.rb
+- lib/wcc/util/yarn_info.rb
 - lib/wcc/utils.rb
+- lib/wcc/yarn_deduplicate.rb
 - spec/fixtures/brakeman/a.tmp
 - spec/fixtures/brakeman/b.tmp
 - spec/fixtures/brakeman/brakeman.diff
 - spec/fixtures/brakeman/brakeman.out
+- spec/fixtures/dependencies/package.json
+- spec/fixtures/dependencies/package.json.diff
+- spec/fixtures/dependencies/package.json_patch_bumps_minor.diff
+- spec/fixtures/dependencies/package.json_patch_bumps_minor.json
+- spec/fixtures/dependencies/package.json_second_level_effect.diff
+- spec/fixtures/dependencies/package.json_second_level_effect.json
+- spec/fixtures/dependencies/yarn.lock
+- spec/fixtures/dependencies/yarn.lock_patch_bumps_minor.lock
+- spec/fixtures/dependencies/yarn.lock_second_level_effect.lock
+- spec/fixtures/dependencies/yarn_list_second_level_effect.txt
+- spec/fixtures/dependencies/yarn_list_second_level_effect.txt.diff
+- spec/fixtures/dependencies/yarn_minor_version.diff
+- spec/fixtures/dependencies/yarn_minor_version.txt
+- spec/fixtures/dependencies/yarn_old.txt
+- spec/fixtures/dependencies/yarn_patch_bumps_minor.diff
 - spec/fixtures/exception_context.diff
 - spec/fixtures/exception_inline_disabled_rule.diff
 - spec/fixtures/exception_insert_context.diff
@@ -316,9 +348,14 @@ files:
 - spec/fixtures/todo_link_same_line.diff
 - spec/fixtures/todo_no_link.diff
 - spec/fixtures/todo_removed.diff
+- spec/fixtures/yarn_deduplicate/list.a.txt
+- spec/fixtures/yarn_deduplicate/list.b.txt
+- spec/fixtures/yarn_deduplicate/list.diff
+- spec/fixtures/yarn_deduplicate/yarn.lock
 - spec/fixtures_helper.rb
 - spec/spec_helper.rb
 - spec/wcc/commit_lint_spec.rb
+- spec/wcc/dependencies_spec.rb
 - spec/wcc/github_spec.rb
 - spec/wcc/jshint_spec.rb
 - spec/wcc/plugin_spec.rb
@@ -326,12 +363,13 @@ files:
 - spec/wcc/rubocop_exceptions_spec.rb
 - spec/wcc/todos_spec.rb
 - spec/wcc/utils_spec.rb
+- spec/wcc/yarn_deduplicate_spec.rb
 - spec/wcc_spec.rb
 homepage: https://github.com/watermarkchurch/danger-wcc
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -346,9 +384,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
+rubyforge_project:
 rubygems_version: 2.5.2
-signing_key: 
+signing_key:
 specification_version: 4
 summary: A Danger plugin for Watermark Church custom rules.
 test_files:
@@ -356,6 +394,21 @@ test_files:
 - spec/fixtures/brakeman/b.tmp
 - spec/fixtures/brakeman/brakeman.diff
 - spec/fixtures/brakeman/brakeman.out
+- spec/fixtures/dependencies/package.json
+- spec/fixtures/dependencies/package.json.diff
+- spec/fixtures/dependencies/package.json_patch_bumps_minor.diff
+- spec/fixtures/dependencies/package.json_patch_bumps_minor.json
+- spec/fixtures/dependencies/package.json_second_level_effect.diff
+- spec/fixtures/dependencies/package.json_second_level_effect.json
+- spec/fixtures/dependencies/yarn.lock
+- spec/fixtures/dependencies/yarn.lock_patch_bumps_minor.lock
+- spec/fixtures/dependencies/yarn.lock_second_level_effect.lock
+- spec/fixtures/dependencies/yarn_list_second_level_effect.txt
+- spec/fixtures/dependencies/yarn_list_second_level_effect.txt.diff
+- spec/fixtures/dependencies/yarn_minor_version.diff
+- spec/fixtures/dependencies/yarn_minor_version.txt
+- spec/fixtures/dependencies/yarn_old.txt
+- spec/fixtures/dependencies/yarn_patch_bumps_minor.diff
 - spec/fixtures/exception_context.diff
 - spec/fixtures/exception_inline_disabled_rule.diff
 - spec/fixtures/exception_insert_context.diff
@@ -382,9 +435,14 @@ test_files:
 - spec/fixtures/todo_link_same_line.diff
 - spec/fixtures/todo_no_link.diff
 - spec/fixtures/todo_removed.diff
+- spec/fixtures/yarn_deduplicate/list.a.txt
+- spec/fixtures/yarn_deduplicate/list.b.txt
+- spec/fixtures/yarn_deduplicate/list.diff
+- spec/fixtures/yarn_deduplicate/yarn.lock
 - spec/fixtures_helper.rb
 - spec/spec_helper.rb
 - spec/wcc/commit_lint_spec.rb
+- spec/wcc/dependencies_spec.rb
 - spec/wcc/github_spec.rb
 - spec/wcc/jshint_spec.rb
 - spec/wcc/plugin_spec.rb
@@ -392,4 +450,5 @@ test_files:
 - spec/wcc/rubocop_exceptions_spec.rb
 - spec/wcc/todos_spec.rb
 - spec/wcc/utils_spec.rb
+- spec/wcc/yarn_deduplicate_spec.rb
 - spec/wcc_spec.rb