danger 8.4.3 → 8.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bcdadafd7f8d81e366907b31b4c0530258864a6f18aa22e801d4467bc1ab35b0
-  data.tar.gz: 1b4e340420a10006b36a55bdbc30570f664c6c88fc2b8ad253f299e1aae30bd5
+  metadata.gz: c8d6272f0ed9095d67e585d262669d8d11705a8a5cce460c02122a9b826d5cd7
+  data.tar.gz: 42699026115d900c5e32f057e206697472be7ba80d6d1686e7eb07d5262100c6
 SHA512:
-  metadata.gz: 8e5f2b3a004f5f205a672ddcef8bc6fc565e3b8d2ef20a14d4f3b9aca06a8d9f069e16e1369a63b14ad226c9f8f1b89b46fe7aa43b02be34d7da574245c7db55
-  data.tar.gz: 2e5d5bdf35c5425e2c4012002f191df212d2cbc00a73e63eaa5012ab32340a60b3b39df7c9b1527ef70641c739232a4620545e9c478548f6a628ad993366aebd
+  metadata.gz: 3981a24f19fb7b63737b80435d8d2685fa187630aeb82edb28042c8d0db74f23412e588daf16732f045563cc52f9d85432682c76fe1913c4cde57d671b99cb8b
+  data.tar.gz: 4b7f3f4fb90975da2faa9cbdff6e5cb95e27ea06447fa95a749df6df77bec14de7c47c6e52fc2d98949e160cb4dd12a96d9babefec2798be8cdcd1cde77f0ebd

data/lib/danger/ci_source/codefresh.rb

@@ -31,23 +31,17 @@ module Danger
       @supported_request_sources ||= [Danger::RequestSources::GitHub]
     end
 
-    def repo_slug
-      return "" if @env["CF_REPO_OWNER"].to_s.empty?
-      return "" if @env["CF_REPO_NAME"].to_s.empty?
-      "#{@env['CF_REPO_OWNER']}/#{@env['CF_REPO_NAME']}".downcase!
-    end
-
-    def repo_url
-      return "" if @env["CF_COMMIT_URL"].to_s.empty?
-      @env["CF_COMMIT_URL"].gsub(/\/commit.+$/, "")
-    end
+    def self.slug_from(env)
+      return "" if env["CF_REPO_OWNER"].to_s.empty?
+      return "" if env["CF_REPO_NAME"].to_s.empty?
 
-    def pull_request_id
-      @env["CF_PULL_REQUEST_NUMBER"]
+      "#{env['CF_REPO_OWNER']}/#{env['CF_REPO_NAME']}".downcase!
     end
 
     def initialize(env)
-      @env = env
+      self.repo_url = env["CF_COMMIT_URL"].to_s.gsub(/\/commit.+$/, "")
+      self.repo_slug = self.class.slug_from(env)
+      self.pull_request_id = env["CF_PULL_REQUEST_NUMBER"]
     end
   end
 end

data/lib/danger/ci_source/local_git_repo.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # For more info see: https://github.com/schacon/ruby-git
 
 require "git"
@@ -37,8 +38,8 @@ module Danger
     end
 
     def initialize(env = {})
-      @env = env
-
+      @remote_info = find_remote_info(env)
+      @found_pull_request = find_pull_request(env)
       self.repo_slug = remote_info.slug
       raise_error_for_missing_remote if remote_info.kind_of?(NoRepoInfo)
 
@@ -55,7 +56,7 @@ module Danger
 
     private
 
-    attr_reader :env
+    attr_reader :remote_info, :found_pull_request
 
     def raise_error_for_missing_remote
       raise missing_remote_error_message
@@ -66,45 +67,36 @@ module Danger
       "And the repository must host on GitHub.com or GitHub Enterprise."
     end
 
-    def remote_info
-      @_remote_info ||= begin
-        remote_info = begin
-          if given_pull_request_url?
-            FindRepoInfoFromURL.new(env["LOCAL_GIT_PR_URL"]).call
-          else
-            FindRepoInfoFromLogs.new(
-              env["DANGER_GITHUB_HOST"] || "github.com".freeze,
-              run_git("remote show origin -n".freeze)
-            ).call
-          end
-        end
-
-        remote_info || NoRepoInfo.new
-      end
+    def find_remote_info(env)
+      if given_pull_request_url?(env)
+        FindRepoInfoFromURL.new(env["LOCAL_GIT_PR_URL"]).call
+      else
+        FindRepoInfoFromLogs.new(
+          env["DANGER_GITHUB_HOST"] || "github.com",
+          run_git("remote show origin -n")
+        ).call
+      end || NoRepoInfo.new
     end
 
-    def found_pull_request
-      @_found_pull_request ||= begin
-        if given_pull_request_url?
-          PullRequestFinder.new(
-            remote_info.id,
-            remote_info.slug,
-            remote: true,
-            remote_url: env["LOCAL_GIT_PR_URL"],
-            env: env
-          ).call
-        else
-          PullRequestFinder.new(
-            env.fetch("LOCAL_GIT_PR_ID") { "".freeze },
-            remote_info.slug,
-            remote: false,
-            git_logs: run_git("log --oneline -1000000".freeze)
-          ).call
-        end
+    def find_pull_request(env)
+      if given_pull_request_url?(env)
+        PullRequestFinder.new(
+          remote_info.id,
+          remote_info.slug,
+          remote: true,
+          remote_url: env["LOCAL_GIT_PR_URL"]
+        ).call(env: env)
+      else
+        PullRequestFinder.new(
+          env.fetch("LOCAL_GIT_PR_ID") { "" },
+          remote_info.slug,
+          remote: false,
+          git_logs: run_git("log --oneline -1000000")
+        ).call(env: env)
       end
     end
 
-    def given_pull_request_url?
+    def given_pull_request_url?(env)
       env["LOCAL_GIT_PR_URL"] && !env["LOCAL_GIT_PR_URL"].empty?
     end
 

data/lib/danger/ci_source/local_only_git_repo.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "git"
 require "danger/request_sources/local_only"
 
@@ -9,8 +11,8 @@ module Danger
   #
   class LocalOnlyGitRepo < CI
     attr_accessor :base_commit, :head_commit
-    HEAD_VAR = "DANGER_LOCAL_HEAD".freeze
-    BASE_VAR = "DANGER_LOCAL_BASE".freeze
+    HEAD_VAR = "DANGER_LOCAL_HEAD"
+    BASE_VAR = "DANGER_LOCAL_BASE"
 
     def self.validates_as_ci?(env)
       env.key? "DANGER_USE_LOCAL_ONLY_GIT"
@@ -33,15 +35,9 @@ module Danger
     end
 
     def initialize(env = {})
-      @env = env
-
       # expects --base/--head specified OR origin/master to be base and HEAD head
       self.base_commit = env[BASE_VAR] || run_git("rev-parse --abbrev-ref origin/master")
       self.head_commit = env[HEAD_VAR] || run_git("rev-parse --abbrev-ref HEAD")
     end
-
-    private
-
-    attr_reader :env
   end
 end

data/lib/danger/ci_source/support/pull_request_finder.rb

@@ -1,67 +1,65 @@
+# frozen_string_literal: true
+
 require "danger/ci_source/support/local_pull_request"
 require "danger/ci_source/support/remote_pull_request"
 require "danger/ci_source/support/no_pull_request"
 
 module Danger
   class PullRequestFinder
-    def initialize(specific_pull_request_id, repo_slug = nil, remote: false, git_logs: "", remote_url: "", env: nil)
+    def initialize(specific_pull_request_id, repo_slug = nil, remote: false, git_logs: "", remote_url: "")
       @specific_pull_request_id = specific_pull_request_id
       @git_logs = git_logs
       @repo_slug = repo_slug
       @remote = to_boolean(remote)
       @remote_url = remote_url
-      @env = env
     end
 
-    def call
-      check_if_any_pull_request!
-
-      pull_request
+    def call(env: nil)
+      find_pull_request(env).tap do |pull_request|
+        raise_pull_request_not_found!(pull_request) unless pull_request.valid?
+      end
     end
 
     private
 
-    attr_reader :specific_pull_request_id, :git_logs, :repo_slug, :remote, :remote_url, :env
+    attr_reader :specific_pull_request_id, :git_logs, :repo_slug, :remote, :remote_url
 
     def to_boolean(maybe_string)
       ["true", "1", "yes", "y", true].include?(maybe_string)
     end
 
-    def check_if_any_pull_request!
-      unless pull_request.valid?
-        if !specific_pull_request_id.empty?
-          raise "Could not find the Pull Request (#{specific_pull_request_id}) inside the git history for this repo."
-        else
-          raise "No recent Pull Requests found for this repo, danger requires at least one Pull Request for the local mode.".freeze
-        end
+    def raise_pull_request_not_found!(pull_request)
+      if specific_pull_request_id.empty?
+        raise "No recent Pull Requests found for this repo, danger requires at least one Pull Request for the local mode."
+      else
+        raise "Could not find the Pull Request (#{specific_pull_request_id}) inside the git history for this repo."
       end
     end
 
     # @return [String] Log line of most recent merged Pull Request
-    def pull_request
-      @pull_request ||= begin
-        return if pull_request_ref.empty?
-
-        if both_present?
-          LocalPullRequest.new(pick_the_most_recent_one_from_two_matches)
-        elsif only_merged_pull_request_present?
-          LocalPullRequest.new(most_recent_merged_pull_request)
-        elsif only_squash_and_merged_pull_request_present?
-          LocalPullRequest.new(most_recent_squash_and_merged_pull_request)
-        elsif remote && remote_pull_request
-          generate_remote_pull_request
-        else
-          NoPullRequest.new
-        end
+    def find_pull_request(env)
+      return if pull_request_ref.empty?
+
+      if both_present?
+        LocalPullRequest.new(pick_the_most_recent_one_from_two_matches)
+      elsif only_merged_pull_request_present?
+        LocalPullRequest.new(most_recent_merged_pull_request)
+      elsif only_squash_and_merged_pull_request_present?
+        LocalPullRequest.new(most_recent_squash_and_merged_pull_request)
+      elsif remote
+        remote_pull_request = find_remote_pull_request(env)
+        remote_pull_request ? generate_remote_pull_request(remote_pull_request) : NoPullRequest.new
+      else
+        NoPullRequest.new
       end
     end
 
     # @return [String] "#42"
     def pull_request_ref
-      !specific_pull_request_id.empty? ? "##{specific_pull_request_id}" : "#\\d+".freeze
+      !specific_pull_request_id.empty? ? "##{specific_pull_request_id}" : "#\\d+"
     end
 
-    def generate_remote_pull_request
+    def generate_remote_pull_request(remote_pull_request)
       scm_provider = find_scm_provider(remote_url)
 
       case scm_provider
@@ -88,10 +86,8 @@ module Danger
       end
     end
 
-    def remote_pull_request
-      @_remote_pull_request ||= begin
-        client.pull_request(repo_slug, specific_pull_request_id)
-      end
+    def find_remote_pull_request(env)
+      client(env).pull_request(repo_slug, specific_pull_request_id)
     end
 
     def both_present?
@@ -135,7 +131,7 @@ module Danger
       !most_recent_squash_and_merged_pull_request.nil? && !most_recent_squash_and_merged_pull_request.empty?
     end
 
-    def client
+    def client(env)
       scm_provider = find_scm_provider(remote_url)
 
       case scm_provider
@@ -168,7 +164,7 @@ module Danger
     def api_url
       ENV.fetch("DANGER_GITHUB_API_HOST") do
         ENV.fetch("DANGER_GITHUB_API_BASE_URL") do
-          "https://api.github.com/".freeze
+          "https://api.github.com/"
         end
       end
     end

data/lib/danger/comment_generators/vsts_inline.md.erb

@@ -0,0 +1,17 @@
+<%- @tables.each do |table| -%>
+  <%- if table[:content].any? || table[:resolved].any? -%>
+| | |
+|---|---|
+    <%- table[:content].each do |violation| -%>
+| <%= @emoji_mapper.map(table[:emoji]) %> | <%= "~~" if table[:resolved] %><%= violation.message %><%= "~~" if table[:resolved] %> |
+    <%- end -%>
+
+  <%- end -%>
+<%- end -%>
+
+<%- @markdowns.each do |current| -%>
+<%= current %>
+<%# the previous line has to be aligned far to the left, otherwise markdown can break easily %>
+<%- end -%>
+
+Generated by :no_entry_sign: [Danger](https://danger.systems/ "generated_by_<%= @danger_id %>")

data/lib/danger/danger_core/dangerfile.rb

@@ -289,7 +289,7 @@ module Danger
         # Push results to the API
         # Pass along the details of the run to the request source
         # to send back to the code review site.
-        post_results(danger_id, new_comment, remove_previous_comments) unless danger_id.nil?
+        post_results(danger_id, new_comment, remove_previous_comments)
 
         # Print results in the terminal
         print_results
@@ -335,6 +335,9 @@ module Danger
     end
 
     def post_exception(ex, danger_id, new_comment)
+      return if ENV["DANGER_DO_NOT_POST_INVALID_DANGERFILE_ERROR"]
+      return if danger_id.nil?
+
       env.request_source.update_pull_request!(
         danger_id: danger_id,
         new_comment: new_comment,

data/lib/danger/helpers/comments_helper.rb

@@ -24,7 +24,8 @@ module Danger
       # @param [Bool] Should hide any generated link created
       #
       # @return [String] The Markdown compatible link
-      def markdown_link_to_message(message, _)
+      def markdown_link_to_message(message, hide_link)
+        return "" if hide_link
         "#{message.file}#L#{message.line}"
       end
 
@@ -147,7 +148,7 @@ module Danger
 
       def generate_description(warnings: nil, errors: nil, template: "github")
         emoji_mapper = EmojiMapper.new(template)
-        if errors.empty? && warnings.empty?
+        if (errors.nil? || errors.empty?) && (warnings.nil? || warnings.empty?)
           return ENV['DANGER_SUCCESS_MESSAGE'] || "All green. #{random_compliment}"
         else
           message = "#{emoji_mapper.map('warning')} "

data/lib/danger/request_sources/bitbucket_cloud.rb

@@ -24,7 +24,6 @@ module Danger
 
       def initialize(ci_source, environment)
         self.ci_source = ci_source
-        self.environment = environment
 
         @api = BitbucketCloudAPI.new(ci_source.repo_slug, ci_source.pull_request_id, nil, environment)
       end

data/lib/danger/request_sources/bitbucket_cloud_api.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # coding: utf-8
 
 require "danger/helpers/comments_helper"
@@ -32,9 +33,8 @@ module Danger
       def inspect
         inspected = super
 
-        if @password
-          inspected = inspected.sub! @password, "********".freeze
-        end
+        inspected.gsub!(@password, "********") if @password
+        inspected.gsub!(@access_token, "********") if @access_token
 
         inspected
       end

data/lib/danger/request_sources/bitbucket_server.rb

@@ -31,7 +31,6 @@ module Danger
 
       def initialize(ci_source, environment)
         self.ci_source = ci_source
-        self.environment = environment
 
         project, slug = ci_source.repo_slug.split("/")
         @api = BitbucketServerAPI.new(project, slug, ci_source.pull_request_id, environment)

data/lib/danger/request_sources/bitbucket_server_api.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # coding: utf-8
 
 require "openssl"
@@ -12,7 +13,7 @@ module Danger
         @username = environment["DANGER_BITBUCKETSERVER_USERNAME"]
         @password = environment["DANGER_BITBUCKETSERVER_PASSWORD"]
         self.host = environment["DANGER_BITBUCKETSERVER_HOST"]
-        self.verify_ssl = environment["DANGER_BITBUCKETSERVER_VERIFY_SSL"] == "false" ? false : true
+        self.verify_ssl = environment["DANGER_BITBUCKETSERVER_VERIFY_SSL"] != "false"
         if self.host && !(self.host.include? "http://") && !(self.host.include? "https://")
           self.host = "https://" + self.host
         end
@@ -24,9 +25,7 @@ module Danger
       def inspect
         inspected = super
 
-        if @password
-          inspected = inspected.sub! @password, "********".freeze
-        end
+        inspected.gsub!(@password, "********") if @password
 
         inspected
       end

data/lib/danger/request_sources/code_insights_api.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # coding: utf-8
 
 module Danger
@@ -26,9 +27,7 @@ module Danger
       def inspect
         inspected = super
 
-        if @password
-          inspected = inspected.sub! @password, "********".freeze
-        end
+        inspected.gsub!(@password, "********") if @password
 
         inspected
       end

data/lib/danger/request_sources/github/github.rb

@@ -14,7 +14,7 @@ module Danger
     class GitHub < RequestSource
       include Danger::Helpers::CommentsHelper
 
-      attr_accessor :pr_json, :issue_json, :support_tokenless_auth, :dismiss_out_of_range_messages
+      attr_accessor :pr_json, :issue_json, :use_local_git, :support_tokenless_auth, :dismiss_out_of_range_messages, :host, :api_url, :verify_ssl
 
       def self.env_vars
         ["DANGER_GITHUB_API_TOKEN", "DANGER_GITHUB_BEARER_TOKEN"]
@@ -26,12 +26,22 @@ module Danger
 
       def initialize(ci_source, environment)
         self.ci_source = ci_source
-        self.environment = environment
+        self.use_local_git = environment["DANGER_USE_LOCAL_GIT"]
         self.support_tokenless_auth = false
         self.dismiss_out_of_range_messages = false
+        self.host = environment.fetch("DANGER_GITHUB_HOST", "github.com")
+        # `DANGER_GITHUB_API_HOST` is the old name kept for legacy reasons and
+        # backwards compatibility. `DANGER_GITHUB_API_BASE_URL` is the new
+        # correctly named variable.
+        self.api_url = environment.fetch("DANGER_GITHUB_API_HOST") do
+          environment.fetch("DANGER_GITHUB_API_BASE_URL") do
+            "https://api.github.com/".freeze
+          end
+        end
+        self.verify_ssl = environment["DANGER_OCTOKIT_VERIFY_SSL"] != "false"
 
-        @access_token = @environment["DANGER_GITHUB_API_TOKEN"]
-        @bearer_token = @environment["DANGER_GITHUB_BEARER_TOKEN"]
+        @access_token = environment["DANGER_GITHUB_API_TOKEN"]
+        @bearer_token = environment["DANGER_GITHUB_BEARER_TOKEN"]
       end
 
       def get_pr_from_branch(repo_name, branch_name, owner)
@@ -46,32 +56,13 @@ module Danger
       end
 
       def validates_as_api_source?
-        valid_bearer_token? || valid_access_token? || self.environment["DANGER_USE_LOCAL_GIT"]
+        valid_bearer_token? || valid_access_token? || use_local_git
       end
 
       def scm
         @scm ||= GitRepo.new
       end
 
-      def host
-        @host = @environment["DANGER_GITHUB_HOST"] || "github.com"
-      end
-
-      def verify_ssl
-        @environment["DANGER_OCTOKIT_VERIFY_SSL"] == "false" ? false : true
-      end
-
-      # `DANGER_GITHUB_API_HOST` is the old name kept for legacy reasons and
-      # backwards compatibility. `DANGER_GITHUB_API_BASE_URL` is the new
-      # correctly named variable.
-      def api_url
-        @environment.fetch("DANGER_GITHUB_API_HOST") do
-          @environment.fetch("DANGER_GITHUB_API_BASE_URL") do
-            "https://api.github.com/".freeze
-          end
-        end
-      end
-
       def client
         raise "No API token given, please provide one using `DANGER_GITHUB_API_TOKEN` or `DANGER_GITHUB_BEARER_TOKEN`" if !valid_access_token? && !valid_bearer_token? && !support_tokenless_auth
         @client ||= begin

data/lib/danger/request_sources/gitlab.rb

@@ -8,7 +8,7 @@ module Danger
   module RequestSources
     class GitLab < RequestSource
       include Danger::Helpers::CommentsHelper
-      attr_accessor :mr_json, :commits_json, :dismiss_out_of_range_messages
+      attr_accessor :mr_json, :commits_json, :dismiss_out_of_range_messages, :endpoint, :host
 
       FIRST_GITLAB_GEM_WITH_VERSION_CHECK = Gem::Version.new("4.6.0")
       FIRST_VERSION_WITH_INLINE_COMMENTS = Gem::Version.new("10.8.0")
@@ -23,20 +23,19 @@ module Danger
 
       def initialize(ci_source, environment)
         self.ci_source = ci_source
-        self.environment = environment
         self.dismiss_out_of_range_messages = false
-
-        @token = @environment["DANGER_GITLAB_API_TOKEN"]
+        @endpoint = environment["DANGER_GITLAB_API_BASE_URL"] || environment.fetch("CI_API_V4_URL", "https://gitlab.com/api/v4")
+        @host = environment.fetch("DANGER_GITLAB_HOST", URI.parse(endpoint).host) || "gitlab.com"
+        @token = environment["DANGER_GITLAB_API_TOKEN"]
       end
 
       def client
-        token = @environment["DANGER_GITLAB_API_TOKEN"]
-        raise "No API token given, please provide one using `DANGER_GITLAB_API_TOKEN`" unless token
+        raise "No API token given, please provide one using `DANGER_GITLAB_API_TOKEN`" unless @token
 
         # The require happens inline so that it won't cause exceptions when just using the `danger` gem.
         require "gitlab"
 
-        @client ||= Gitlab.client(endpoint: endpoint, private_token: token)
+        @client ||= Gitlab.client(endpoint: endpoint, private_token: @token)
       rescue LoadError => e
         if e.path == "gitlab"
           puts "The GitLab gem was not installed, you will need to change your Gem from `danger` to `danger-gitlab`.".red
@@ -48,7 +47,7 @@ module Danger
       end
 
       def validates_as_ci?
-        includes_port = self.host.include? ":"
+        includes_port = host.include? ":"
         raise "Port number included in `DANGER_GITLAB_HOST`, this will fail with GitLab CI Runners" if includes_port
 
         # We don't call super because in some cases the Git remote doesn't match the GitLab instance host.
@@ -66,14 +65,6 @@ module Danger
         @scm ||= GitRepo.new
       end
 
-      def endpoint
-        @endpoint ||= @environment["DANGER_GITLAB_API_BASE_URL"] || @environment["CI_API_V4_URL"] || "https://gitlab.com/api/v4"
-      end
-
-      def host
-        @host ||= @environment["DANGER_GITLAB_HOST"] || URI.parse(endpoint).host || "gitlab.com"
-      end
-
       def base_commit
         @base_commit ||= self.mr_json.diff_refs.base_sha
       end
@@ -326,11 +317,10 @@ module Danger
       # @return [String] A URL to the specific file, ready to be downloaded
       def file_url(organisation: nil, repository: nil, branch: nil, path: nil)
         branch ||= 'master'
-        token = @environment["DANGER_GITLAB_API_TOKEN"]
         # According to GitLab Repositories API docs path and id(slug) should be encoded.
         path = URI.encode_www_form_component(path)
         repository = URI.encode_www_form_component(repository)
-        "#{endpoint}/projects/#{repository}/repository/files/#{path}/raw?ref=#{branch}&private_token=#{token}"
+        "#{endpoint}/projects/#{repository}/repository/files/#{path}/raw?ref=#{branch}&private_token=#{@token}"
       end
 
       def regular_violations_group(warnings: [], errors: [], messages: [], markdowns: [])

data/lib/danger/request_sources/local_only.rb

@@ -13,9 +13,8 @@ module Danger
         ["DANGER_LOCAL_ONLY"]
       end
 
-      def initialize(ci_source, environment)
+      def initialize(ci_source, _environment)
         self.ci_source = ci_source
-        self.environment = environment
       end
 
       def validates_as_ci?

data/lib/danger/request_sources/request_source.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 module Danger
   module RequestSources
     class RequestSource
-      DANGER_REPO_NAME = "danger".freeze
+      DANGER_REPO_NAME = "danger"
 
-      attr_accessor :ci_source, :environment, :scm, :host, :ignored_violations
+      attr_accessor :ci_source, :scm, :host, :ignored_violations
 
       def self.env_vars
         raise "Subclass and overwrite self.env_vars"
@@ -23,12 +25,12 @@ module Danger
       end
 
       def self.source_name
-        to_s.sub("Danger::RequestSources::".freeze, "".freeze)
+        to_s.sub("Danger::RequestSources::", "")
       end
 
       def self.available_source_names_and_envs
         available_request_sources.map do |klass|
-          " - #{klass.source_name}: #{klass.env_vars.join(', '.freeze).yellow}"
+          " - #{klass.source_name}: #{klass.env_vars.join(', ').yellow}"
         end
       end
 
@@ -36,6 +38,16 @@ module Danger
         raise "Subclass and overwrite initialize"
       end
 
+      def inspect
+        inspected = super
+
+        inspected.gsub!(@token, "********") if @token
+        inspected.gsub!(@access_token, "********") if @access_token
+        inspected.gsub!(@bearer_token, "********") if @bearer_token
+
+        inspected
+      end
+
       # @return [Boolean] whether scm.origins is a valid git repository or not
       def validates_as_ci?
         !!self.scm.origins.match(%r{#{Regexp.escape self.host}(:|/)(.+/.+?)(?:\.git)?$})

data/lib/danger/request_sources/vsts.rb

@@ -24,7 +24,6 @@ module Danger
 
       def initialize(ci_source, environment)
         self.ci_source = ci_source
-        self.environment = environment
 
         @is_vsts_git = environment["BUILD_REPOSITORY_PROVIDER"] == "TfsGit"
 
@@ -44,6 +43,10 @@ module Danger
         @scm ||= GitRepo.new
       end
 
+      def client
+        @api
+      end
+
       def host
         @host ||= @api.host
       end
@@ -77,15 +80,36 @@ module Danger
           return
         end
 
-        comment = generate_description(warnings: warnings, errors: errors)
+        regular_violations = regular_violations_group(
+          warnings: warnings,
+          errors: errors,
+          messages: messages,
+          markdowns: markdowns
+        )
+
+        inline_violations = inline_violations_group(
+          warnings: warnings,
+          errors: errors,
+          messages: messages,
+          markdowns: markdowns
+        )
+
+        rest_inline_violations = submit_inline_comments!(**{
+          danger_id: danger_id,
+          previous_violations: {}
+        }.merge(inline_violations))
+
+        main_violations = merge_violations(
+          regular_violations, rest_inline_violations
+        )
+
+        comment = generate_description(warnings: main_violations[:warnings], errors: main_violations[:errors])
         comment += "\n\n"
-        comment += generate_comment(warnings: warnings,
-                                     errors: errors,
-                                   messages: messages,
-                                  markdowns: markdowns,
-                        previous_violations: {},
-                                  danger_id: danger_id,
-                                   template: "vsts")
+        comment += generate_comment(**{
+          previous_violations: {},
+          danger_id: danger_id,
+          template: "vsts"
+        }.merge(main_violations))
         if new_comment || remove_previous_comments
           post_new_comment(comment)
         else
@@ -106,6 +130,8 @@ module Danger
           comment_content = comment[:content].nil? ? "" : comment[:content]
           # Skip the comment if it wasn't posted by danger
           next unless comment_content.include?("generated_by_#{danger_id}")
+          # Skip the comment if it's an inline comment
+          next unless c[:threadContext].nil?
           # Updated the danger posted comment
           @api.update_comment(thread_id, comment_id, new_comment)
           comment_updated = true
@@ -113,6 +139,142 @@ module Danger
         # If no comment was updated, post a new one
         post_new_comment(new_comment) unless comment_updated
       end
+
+      def submit_inline_comments!(warnings: [], errors: [], messages: [], markdowns: [], previous_violations: [], danger_id: "danger")
+        # Avoid doing any fetchs if there's no inline comments
+        return {} if (warnings + errors + messages + markdowns).select(&:inline?).empty?
+
+        pr_threads = @api.fetch_last_comments
+        danger_threads = pr_threads.select do |thread|
+          comment = thread[:comments].first
+          comment_content = comment[:content].nil? ? "" : comment[:content]
+
+          next comment_content.include?("generated_by_#{danger_id}")
+        end
+        non_danger_threads = pr_threads - danger_threads
+
+        warnings = submit_inline_comments_for_kind!(:warning, warnings, danger_threads, previous_violations["warning"], danger_id: danger_id)
+        errors = submit_inline_comments_for_kind!(:error, errors, danger_threads, previous_violations["error"], danger_id: danger_id)
+        messages = submit_inline_comments_for_kind!(:message, messages, danger_threads, previous_violations["message"], danger_id: danger_id)
+        markdowns = submit_inline_comments_for_kind!(:markdown, markdowns, danger_threads, [], danger_id: danger_id)
+
+        # submit removes from the array all comments that are still in force
+        # so we strike out all remaining ones
+        danger_threads.each do |thread|
+          violation = violations_from_table(thread[:comments].first[:content]).first
+          if !violation.nil? && violation.sticky
+            body = generate_inline_comment_body("white_check_mark", violation, danger_id: danger_id, resolved: true, template: "github")
+            @api.update_comment(thread[:id], thread[:comments].first[:id], body)
+          end
+        end
+
+        {
+          warnings: warnings,
+          errors: errors,
+          messages: messages,
+          markdowns: markdowns
+        }
+      end
+
+      def messages_are_equivalent(m1, m2)
+        blob_regexp = %r{blob/[0-9a-z]+/}
+        m1.file == m2.file && m1.line == m2.line &&
+          m1.message.sub(blob_regexp, "") == m2.message.sub(blob_regexp, "")
+      end
+
+      def submit_inline_comments_for_kind!(kind, messages, danger_threads, previous_violations, danger_id: "danger")
+        previous_violations ||= []
+        is_markdown_content = kind == :markdown
+        emoji = { warning: "warning", error: "no_entry_sign", message: "book" }[kind]
+
+        messages.reject do |m|
+          next false unless m.file && m.line
+
+          # Once we know we're gonna submit it, we format it
+          if is_markdown_content
+            body = generate_inline_markdown_body(m, danger_id: danger_id, template: "vsts")
+          else
+            # Hide the inline link behind a span
+            m.message.gsub!("\n", "<br />")
+            m = process_markdown(m, true)
+            body = generate_inline_comment_body(emoji, m, danger_id: danger_id, template: "vsts")
+            # A comment might be in previous_violations because only now it's part of the unified diff
+            # We remove from the array since it won't have a place in the table anymore
+            previous_violations.reject! { |v| messages_are_equivalent(v, m) }
+          end
+
+          matching_threads = danger_threads.select do |comment_data|
+            if comment_data.key?(:threadContext) && !comment_data[:threadContext].nil? &&
+              comment_data[:threadContext][:filePath] == m.file &&
+              comment_data[:threadContext].key?(:rightFileStart) &&
+              comment_data[:threadContext][:rightFileStart][:line] == m.line
+              # Parse it to avoid problems with strikethrough
+              violation = violations_from_table(comment_data[:comments].first[:content]).first
+              if violation
+                messages_are_equivalent(violation, m)
+              else
+                blob_regexp = %r{blob/[0-9a-z]+/}
+                comment_data[:comments].first[:content].sub(blob_regexp, "") == body.sub(blob_regexp, "")
+              end
+            else
+              false
+            end
+          end
+
+          if matching_threads.empty?
+            @api.post_inline_comment(body, m.file, m.line)
+
+            # Not reject because this comment has not completed
+            next false
+          else
+            # Remove the surviving comment so we don't strike it out
+            danger_threads.reject! { |c| matching_threads.include? c }
+
+            # Update the comment to remove the strikethrough if present
+            thread = matching_threads.first
+            @api.update_comment(thread[:id], thread[:comments].first[:id], body)
+          end
+
+          # Remove this element from the array
+          next true
+        end
+      end
+
+      private
+
+      def regular_violations_group(warnings: [], errors: [], messages: [], markdowns: [])
+        {
+          warnings: warnings.reject(&:inline?),
+          errors: errors.reject(&:inline?),
+          messages: messages.reject(&:inline?),
+          markdowns: markdowns.reject(&:inline?)
+        }
+      end
+
+      def inline_violations_group(warnings: [], errors: [], messages: [], markdowns: [])
+        cmp = proc do |a, b|
+          next -1 unless a.file && a.line
+          next 1 unless b.file && b.line
+
+          next a.line <=> b.line if a.file == b.file
+          next a.file <=> b.file
+        end
+
+        # Sort to group inline comments by file
+        {
+          warnings: warnings.select(&:inline?).sort(&cmp),
+          errors: errors.select(&:inline?).sort(&cmp),
+          messages: messages.select(&:inline?).sort(&cmp),
+          markdowns: markdowns.select(&:inline?).sort(&cmp)
+        }
+      end
+
+      def merge_violations(*violation_groups)
+        violation_groups.inject({}) do |accumulator, group|
+          accumulator.merge(group) { |_, old, fresh| old + fresh }
+        end
+      end
+
     end
   end
 end

data/lib/danger/request_sources/vsts_api.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # coding: utf-8
 
 require "base64"
@@ -35,9 +36,7 @@ module Danger
       def inspect
         inspected = super
 
-        if @token
-          inspected = inspected.sub! @token, "********".freeze
-        end
+        inspected.gsub!(@token, "********") if @token
 
         inspected
       end
@@ -77,6 +76,38 @@ module Danger
         post(uri, body)
       end
 
+      def post_inline_comment(text, file, line)
+        uri = URI("#{pr_api_endpoint}/threads?api-version=#{@api_version}")
+        body = {
+          "comments" => [
+            {
+              "parentCommentId" => 0,
+              "content" => text,
+              "commentType" => 1
+            }
+          ],
+          "properties" => {
+            "Microsoft.TeamFoundation.Discussion.SupportsMarkdown" => {
+              "type" => "System.Int32",
+              "value" => 1
+            }
+          },
+          "status" => 1,
+          "threadContext" => {
+            "filePath" => file,
+            "rightFileEnd" => {
+              "line" => line + 1,
+              "offset" => 1
+            },
+            "rightFileStart" => {
+              "line" => line,
+              "offset" => 1
+            }
+          }
+        }.to_json
+        post(uri, body)
+      end
+
       def update_comment(thread, id, new_comment)
         uri = URI("#{pr_api_endpoint}/threads/#{thread}/comments/#{id}?api-version=#{@api_version}")
         body = {

data/lib/danger/version.rb

@@ -1,4 +1,4 @@
 module Danger
-  VERSION = "8.4.3".freeze
+  VERSION = "8.5.0".freeze
   DESCRIPTION = "Like Unit Tests, but for your Team Culture.".freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: danger
 version: !ruby/object:Gem::Version
-  version: 8.4.3
+  version: 8.5.0
 platform: ruby
 authors:
 - Orta Therox
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-25 00:00:00.000000000 Z
+date: 2022-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: claide
@@ -271,6 +271,7 @@ files:
 - lib/danger/comment_generators/gitlab.md.erb
 - lib/danger/comment_generators/gitlab_inline.md.erb
 - lib/danger/comment_generators/vsts.md.erb
+- lib/danger/comment_generators/vsts_inline.md.erb
 - lib/danger/core_ext/file_list.rb
 - lib/danger/core_ext/string.rb
 - lib/danger/danger_core/dangerfile.rb