gitlab-dangerfiles 1.1.1 → 2.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f5e1069be5416d6980879af3330451834b57881c46101119bfc5917e2057edd7
-  data.tar.gz: e911c514f8d32d65e4aecef6ad111c80c808dd273b12775d57438532ba8a05b3
+  metadata.gz: d49d453f0fec847768490aa8c5f7d5790620f588f2c1afb7c2d9d707ae2155b9
+  data.tar.gz: 4af3ce84ee6a755477b0f9dc2f97ba43349f3fcbbdf6494a754ccb940345b6e7
 SHA512:
-  metadata.gz: b3814724620240a6485ffce4191fb8a2461c267dda5dad2466b6dc5173fbe848b66cae92aaea69ef82a49dd4726db3a7e77c106fdbd73ea58738eaf4613c4cba
-  data.tar.gz: 0fcabbe03f856d29951ae2f35e9f6f9784fa22af8d8d6bfa13a41452b4a1c35a454135751443882e6a2762325ef05dd6b8bd1b3dde58c5c7661db65ffef4c5d7
+  metadata.gz: e1b2d019c5d1f83c1f01f1dfb4001c02fe8634feade3016cd7b7b479abb27aa4d5c409b45b37928fd379822d9a138c9efb3504fe0c8f3c5e23f2f211771d82c3
+  data.tar.gz: acd1dcd443b2ee129f0db7a13b4946bb373e164ef1e52c06b1b1a91e9256124304375d09c4dcaa26f51b667886c1345e3c55f36653f4a5be146dc7d2c900e448

data/.gitignore

@@ -9,6 +9,7 @@
 /pkg/
 /spec/reports/
 /tmp/
+/doc/
 
 # rspec failure tracking
 .rspec_status

data/.gitlab-ci.yml

@@ -11,7 +11,7 @@ workflow:
     # For tags, create a pipeline.
     - if: '$CI_COMMIT_TAG'
 
-default:
+.default:
   image: ruby:2.7
   tags:
     - gitlab-org
@@ -29,15 +29,50 @@ default:
     policy: pull
 
 test:rspec:
+  extends: .default
   stage: test
   script:
     - bundle exec rspec
 
 test:rufo:
+  extends: .default
   stage: test
   script:
     - bundle exec rufo --check .
 
 include:
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/License-Scanning.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
   - project: 'gitlab-org/quality/pipeline-common'
     file: '/ci/gem-release.yml'
+
+# run security jobs on MRs
+# see: https://gitlab.com/gitlab-org/gitlab/-/issues/218444#note_478761991
+
+brakeman-sast:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+
+gemnasium-dependency_scanning:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+
+bundler-audit-dependency_scanning:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+
+license_scanning:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+
+secret_detection:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+

data/.yardopts

@@ -0,0 +1,5 @@
+--protected
+--no-private
+-
+CODE_OF_CONDUCT.md
+LICENSE.txt

data/Gemfile

@@ -5,3 +5,4 @@ gemspec
 
 gem "rake", "~> 12.0"
 gem "guard-rspec"
+gem "yard"

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2020 Rémy Coutable
+Copyright (c) 2020-2021 GitLab
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -1,8 +1,6 @@
 # Gitlab::Dangerfiles
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/gitlab/dangerfiles`. To experiment with that code, run `bin/console` for an interactive prompt.
-
-TODO: Delete this and the text above, and describe your gem
+The goal of this gem is to centralize Danger plugins and rules that to be used by multiple GitLab projects.
 
 ## Installation
 
@@ -14,15 +12,68 @@ gem 'gitlab-dangerfiles'
 
 And then execute:
 
-    $ bundle install
+```sh
+$ bundle install
+```
 
 Or install it yourself as:
 
-    $ gem install gitlab-dangerfiles
+```sh
+$ gem install gitlab-dangerfiles
+```
 
 ## Usage
 
-TODO: Write usage instructions here
+### Importing plugins and rules
+
+In your project's `Dangerfile`, add the following two line to import the plugins and rules from this gem:
+
+```ruby
+# Get an instance of Gitlab::Dangerfiles
+gitlab_dangerfiles = Gitlab::Dangerfiles::Engine.new(self)
+
+# Import all plugins from the gem
+gitlab_dangerfiles.import_plugins
+
+# Import all rules from the gem
+gitlab_dangerfiles.import_dangerfiles
+
+# Or import a subset of rules from the gem
+gitlab_dangerfiles.import_dangerfiles(rules: [:changes_size])
+```
+
+### Plugins
+
+Danger plugins are located under `lib/danger/plugins`.
+
+- `Danger::Helper` available in `Dangerfile`s as `helper`
+- `Danger::Roulette` available in `Dangerfile`s as `roulette`
+
+For the full documentation about the plugins, please see https://www.rubydoc.info/gems/gitlab-dangerfiles.
+
+### Rules
+
+
+Danger rules are located under `lib/danger/rules`.
+
+#### `changes_size`
+
+##### Available configurations
+
+- `code_size_thresholds`: A hash of the form `{ high: 42, medium: 12 }` where
+  `:high` is the lines changed threshold which triggers an error, and
+  `:medium` is the lines changed threshold which triggers a warning.
+
+#### `commit_messages`
+
+##### Available configurations
+
+- `max_commits_count`: The maximum number of allowed non-squashed/non-fixup commits for a given MR.
+   A warning is triggered if the MR has more commits.
+
+## Documentation
+
+Latest documentation can be found at <https://www.rubydoc.info/gems/gitlab-dangerfiles>.
 
 ## Development
 

data/gitlab-dangerfiles.gemspec

@@ -3,8 +3,8 @@ require_relative "lib/gitlab/dangerfiles/version"
 Gem::Specification.new do |spec|
   spec.name = "gitlab-dangerfiles"
   spec.version = Gitlab::Dangerfiles::VERSION
-  spec.authors = ["Rémy Coutable"]
-  spec.email = ["remy@rymai.me"]
+  spec.authors = ["GitLab"]
+  spec.email = ["gitlab_rubygems@gitlab.com"]
 
   spec.summary = %q{This gem provides common Dangerfile and plugins for GitLab projects.}
   spec.description = %q{This gem provides common Dangerfile and plugins for GitLab projects.}
@@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
 
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = "https://gitlab.com/gitlab-org/gitlab-dangerfiles"
-  spec.metadata["changelog_uri"] = "https://gitlab.com/gitlab-org/gitlab-dangerfiles"
+  spec.metadata["changelog_uri"] = "https://gitlab.com/gitlab-org/gitlab-dangerfiles/-/releases"
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.

data/lib/danger/plugins/helper.rb

@@ -4,6 +4,7 @@ require "net/http"
 require "json"
 
 require_relative "../../gitlab/dangerfiles/changes"
+require_relative "../../gitlab/dangerfiles/config"
 require_relative "../../gitlab/dangerfiles/teammate"
 require_relative "../../gitlab/dangerfiles/title_linting"
 
@@ -11,7 +12,6 @@ module Danger
   # Common helper functions for our danger scripts.
   class Helper < Danger::Plugin
     RELEASE_TOOLS_BOT = "gitlab-release-tools-bot"
-    DRAFT_REGEX = /\A*#{Regexp.union(/(?i)(\[WIP\]\s*|WIP:\s*|WIP$)/, /(?i)(\[draft\]|\(draft\)|draft:|draft\s\-\s|draft$)/)}+\s*/i.freeze
     CATEGORY_LABELS = {
       docs: "~documentation", # Docs are reviewed along DevOps stages, so don't need roulette for now.
       none: "",
@@ -22,36 +22,47 @@ module Danger
       product_intelligence: '~"product intelligence"',
     }.freeze
 
-    HTTPError = Class.new(StandardError)
-
-    def gitlab_helper
-      # Unfortunately the following does not work:
-      # - respond_to?(:gitlab)
-      # - respond_to?(:gitlab, true)
-      gitlab
-    rescue NoMethodError
-      nil
+    # Allows to set specific rule's configuration by passing a block.
+    #
+    # @yield [c] Yield a Gitlab::Dangerfiles::Config object
+    #
+    # @yieldparam [Gitlab::Dangerfiles::Config] The Gitlab::Dangerfiles::Config object
+    # @yieldreturn [Gitlab::Dangerfiles::Config] The Gitlab::Dangerfiles::Config object
+    #
+    # @example
+    #   helper.config do |config|
+    #     config.code_size_thresholds = { high: 42, medium: 12 }
+    #   end
+    #
+    # @return [Gitlab::Dangerfiles::Config]
+    def config
+      (@config ||= Gitlab::Dangerfiles::Config.new).tap do |c|
+        yield c if block_given?
+      end
     end
 
-    def html_link(str)
-      ci? ? gitlab_helper.html_link(str) : str
+    # @example
+    #   <a href='https://gitlab.com/artsy/eigen/blob/561827e46167077b5e53515b4b7349b8ae04610b/file.txt'>file.txt</a>
+    #
+    # @param [String,  Array<String>] paths
+    #        A list of strings to convert to gitlab anchors
+    # @param [Boolean] full_path
+    #        Shows the full path as the link's text, defaults to +true+.
+    #
+    # @see https://danger.systems/reference.html Danger reference where #html_link is described
+    # @see https://github.com/danger/danger/blob/eca19719d3e585fe1cc46bc5377f9aa955ebf609/lib/danger/danger_core/plugins/dangerfile_gitlab_plugin.rb#L216 Danger reference where #html_link is implemented
+    #
+    # @return [String] a list of HTML anchors for a file, or multiple files
+    def html_link(paths, full_path: true)
+      ci? ? gitlab_helper.html_link(paths, full_path: full_path) : paths
     end
 
+    # @return [Boolean] whether we're in the CI context or not.
     def ci?
       !gitlab_helper.nil?
     end
 
-    # @param [String] url
-    def http_get_json(url)
-      rsp = Net::HTTP.get_response(URI.parse(url))
-
-      unless rsp.is_a?(Net::HTTPOK)
-        raise HTTPError, "Failed to read #{url}: #{rsp.code} #{rsp.message}"
-      end
-
-      JSON.parse(rsp.body)
-    end
-
+    # @return [Array<String>] a list of filenames added in this MR.
     def added_files
       @added_files ||= if changes_from_api
           changes_from_api.select { |file| file["new_file"] }.map { |file| file["new_path"] }
@@ -60,6 +71,7 @@ module Danger
         end
     end
 
+    # @return [Array<String>] a list of filenames modifier in this MR.
     def modified_files
       @modified_files ||= if changes_from_api
           changes_from_api.select { |file| !file["new_file"] && !file["deleted_file"] && !file["renamed_file"] }.map { |file| file["new_path"] }
@@ -68,6 +80,7 @@ module Danger
         end
     end
 
+    # @return [Array<String>] a list of filenames renamed in this MR.
     def renamed_files
       @renamed_files ||= if changes_from_api
           changes_from_api.select { |file| file["renamed_file"] }.each_with_object([]) do |file, memo|
@@ -78,6 +91,7 @@ module Danger
         end
     end
 
+    # @return [Array<String>] a list of filenames deleted in this MR.
     def deleted_files
       @deleted_files ||= if changes_from_api
           changes_from_api.select { |file| file["deleted_file"] }.map { |file| file["new_path"] }
@@ -86,43 +100,20 @@ module Danger
         end
     end
 
-    def diff_for_file(filename)
-      if changes_from_api
-        changes_hash = changes_from_api.find { |file| file["new_path"] == filename }
-        changes_hash["diff"] if changes_hash
-      else
-        git.diff_for_file(filename)&.patch
-      end
-    end
-
-    def changes_from_api
-      return nil unless ci?
-      return nil if defined?(@force_changes_from_git)
-
-      @changes_from_api ||= gitlab_helper.mr_changes.to_h["changes"]
-    rescue
-      # Fallback to the Git strategy in any case
-      @force_changes_from_git = true
-      nil
-    end
-
-    # Returns a list of all files that have been added, modified or renamed.
-    # `modified_files` might contain paths that already have been renamed,
-    # so we need to remove them from the list.
-    #
-    # Considering these changes:
+    # @example
+    #   # Considering these changes:
+    #   # - A new_file.rb
+    #   # - D deleted_file.rb
+    #   # - M modified_file.rb
+    #   # - R renamed_file_before.rb -> renamed_file_after.rb
+    #   # it will return:
     #
-    # - A new_file.rb
-    # - D deleted_file.rb
-    # - M modified_file.rb
-    # - R renamed_file_before.rb -> renamed_file_after.rb
+    #   #=> ['new_file.rb', 'modified_file.rb', 'renamed_file_after.rb']
     #
-    # it will return
-    # ```
-    # [ 'new_file.rb', 'modified_file.rb', 'renamed_file_after.rb' ]
-    # ```
     #
-    # @return [Array<String>]
+    # @return [Array<String>] a list of all files that have been added, modified or renamed.
+    #   +modified_files+ might contain paths that already have been renamed,
+    #   so we need to remove them from the list.
     def all_changed_files
       Set.new
         .merge(added_files)
@@ -133,16 +124,19 @@ module Danger
         .sort
     end
 
-    # Returns a string containing changed lines as git diff
+    # @param filename [String] A file name for which we want the diff.
+    #
+    # @example
+    #   # Considering changing a line in lib/gitlab/usage_data.rb, it will return:
     #
-    # Considering changing a line in lib/gitlab/usage_data.rb it will return:
+    #   ["--- a/lib/gitlab/usage_data.rb",
+    #    "+++ b/lib/gitlab/usage_data.rb",
+    #    "+      # Test change",
+    #    "-      # Old change"]
     #
-    # [ "--- a/lib/gitlab/usage_data.rb",
-    #   "+++ b/lib/gitlab/usage_data.rb",
-    #   "+      # Test change",
-    #   "-      # Old change" ]
-    def changed_lines(changed_file)
-      diff = diff_for_file(changed_file)
+    # @return [Array<String>] an array of changed lines in Git diff format.
+    def changed_lines(filename)
+      diff = diff_for_file(filename)
       return [] unless diff
 
       diff.split("\n").select { |line| %r{^[+-]}.match?(line) }
@@ -152,6 +146,14 @@ module Danger
       gitlab_helper&.mr_author == RELEASE_TOOLS_BOT
     end
 
+    # @param items [Array<String>] An array of items to transform into a bullet list.
+    #
+    # @example
+    #   markdown_list(%w[foo bar])
+    #   # => * foo
+    #        * bar
+    #
+    # @return [String] a bullet list for the given +items+. If there are more than 10 items, wrap the list in a +<details></details>+ block.
     def markdown_list(items)
       list = items.map { |item| "* `#{item}`" }.join("\n")
 
@@ -162,14 +164,24 @@ module Danger
       end
     end
 
-    # @return [Hash<Symbol,Array<String>>]
+    # @param categories [{Regexp => Array<Symbol>}, {Array<Regexp> => Array<Symbol>}] A hash of the form +{ filename_regex => categories, [filename_regex, changes_regex] => categories }+.
+    #                   +filename_regex+ is the regex pattern to match file names. +changes_regex+ is the regex pattern to
+    #                   match changed lines in files that match +filename_regex+
+    #
+    # @return [{Symbol => Array<String>}] a hash of the type +{ category1: ["file1", "file2"], category2: ["file3", "file4"] }+
+    #   using filename regex (+filename_regex+) and specific change regex (+changes_regex+) from the given +categories+ hash.
     def changes_by_category(categories)
       all_changed_files.each_with_object(Hash.new { |h, k| h[k] = [] }) do |file, hash|
         categories_for_file(file, categories).each { |category| hash[category] << file }
       end
     end
 
-    # @return [Gitlab::Dangerfiles::Changes]
+    # @param categories [{Regexp => Array<Symbol>}, {Array<Regexp> => Array<Symbol>}] A hash of the form +{ filename_regex => categories, [filename_regex, changes_regex] => categories }+.
+    #                   +filename_regex+ is the regex pattern to match file names. +changes_regex+ is the regex pattern to
+    #                   match changed lines in files that match +filename_regex+
+    #
+    # @return [Gitlab::Dangerfiles::Changes] a +Gitlab::Dangerfiles::Changes+ object that represents the changes of an MR
+    #   using filename regex (+filename_regex+) and specific change regex (+changes_regex+) from the given +categories+ hash.
     def changes(categories)
       Gitlab::Dangerfiles::Changes.new([]).tap do |changes|
         added_files.each do |file|
@@ -194,16 +206,19 @@ module Danger
       end
     end
 
-    # Determines the categories a file is in, e.g., `[:frontend]`, `[:backend]`, or  `%i[frontend engineering_productivity]`
-    # using filename regex and specific change regex if given.
+    # @param filename [String] A file name.
+    # @param categories [{Regexp => Array<Symbol>}, {Array<Regexp> => Array<Symbol>}] A hash of the form +{ filename_regex => categories, [filename_regex, changes_regex] => categories }+.
+    #                   +filename_regex+ is the regex pattern to match file names. +changes_regex+ is the regex pattern to
+    #                   match changed lines in files that match +filename_regex+
     #
-    # @return Array<Symbol>
-    def categories_for_file(file, categories)
+    # @return [Array<Symbol>] the categories a file is in, e.g., +[:frontend]+, +[:backend]+, or +%i[frontend engineering_productivity]+
+    #   using filename regex (+filename_regex+) and specific change regex (+changes_regex+) from the given +categories+ hash.
+    def categories_for_file(filename, categories)
       _, categories = categories.find do |key, _|
         filename_regex, changes_regex = Array(key)
 
-        found = filename_regex.match?(file)
-        found &&= changed_lines(file).any? { |changed_line| changes_regex.match?(changed_line) } if changes_regex
+        found = filename_regex.match?(filename)
+        found &&= changed_lines(filename).any? { |changed_line| changes_regex.match?(changed_line) } if changes_regex
 
         found
       end
@@ -211,114 +226,201 @@ module Danger
       Array(categories || :unknown)
     end
 
-    # Returns the GFM for a category label, making its best guess if it's not
-    # a category we know about.
+    # @param category [Symbol] A category.
     #
-    # @return[String]
+    # @return [String] the GFM for a category label, making its best guess if it's not
+    #   a category we know about.
     def label_for_category(category)
       CATEGORY_LABELS.fetch(category, "~#{category}")
     end
 
-    def new_teammates(usernames)
-      usernames.map { |u| Gitlab::Dangerfiles::Teammate.new("username" => u) }
-    end
-
+    # @return [String] +""+ when not in the CI context, and the MR IID as a string otherwise.
     def mr_iid
       return "" unless ci?
 
-      gitlab_helper.mr_json["iid"]
+      gitlab_helper.mr_json["iid"].to_s
     end
 
+    # @return [String] +`whoami`+ when not in the CI context, and the MR author username otherwise.
     def mr_author
       return `whoami`.strip unless ci?
 
       gitlab_helper.mr_author
     end
 
+    # @return [String] +""+ when not in the CI context, and the MR title otherwise.
     def mr_title
       return "" unless ci?
 
       gitlab_helper.mr_json["title"]
     end
 
+    # @return [String] +""+ when not in the CI context, and the MR URL otherwise.
     def mr_web_url
       return "" unless ci?
 
       gitlab_helper.mr_json["web_url"]
     end
 
+    # @return [Array<String>] +[]+ when not in the CI context, and the MR labels otherwise.
     def mr_labels
       return [] unless ci?
 
       gitlab_helper.mr_labels
     end
 
+    # @return [String] +`git rev-parse --abbrev-ref HEAD`+ when not in the CI context, and the MR source branch otherwise.
     def mr_source_branch
       return `git rev-parse --abbrev-ref HEAD`.strip unless ci?
 
       gitlab_helper.mr_json["source_branch"]
     end
 
+    # @return [String] +""+ when not in the CI context, and the MR target branch otherwise.
     def mr_target_branch
       return "" unless ci?
 
       gitlab_helper.mr_json["target_branch"]
     end
 
+    # @return [Boolean] +true+ when not in the CI context, and whether the MR is set to be squashed otherwise.
+    def squash_mr?
+      return true unless ci?
+
+      gitlab.mr_json["squash"]
+    end
+
+    # @return [Boolean] whether a MR is a Draft or not.
     def draft_mr?
-      Gitlab::Dangerfiles::TitleLinting.has_draft_flag?(mr_title)
+      return false unless ci?
+
+      gitlab.mr_json["work_in_progress"]
     end
 
+    # @return [Boolean] whether a MR is opened in the security mirror or not.
     def security_mr?
       mr_web_url.include?("/gitlab-org/security/")
     end
 
+    # @return [Boolean] whether a MR title includes "cherry-pick" or not.
     def cherry_pick_mr?
       Gitlab::Dangerfiles::TitleLinting.has_cherry_pick_flag?(mr_title)
     end
 
+    # @return [Boolean] whether a MR title includes "RUN ALL RSPEC" or not.
     def run_all_rspec_mr?
       Gitlab::Dangerfiles::TitleLinting.has_run_all_rspec_flag?(mr_title)
     end
 
+    # @return [Boolean] whether a MR title includes "RUN AS-IF-FOSS" or not.
     def run_as_if_foss_mr?
       Gitlab::Dangerfiles::TitleLinting.has_run_as_if_foss_flag?(mr_title)
     end
 
+    # @return [Boolean] whether a MR targets a stable branch or not.
     def stable_branch?
       /\A\d+-\d+-stable-ee/i.match?(mr_target_branch)
     end
 
+    # Whether a MR has any database-scoped labels (i.e. +"database::*"+) set or not.
+    #
+    # @return [Boolean]
+    def has_database_scoped_labels?
+      mr_labels.any? { |label| label.start_with?("database::") }
+    end
+
+    # @return [Boolean] whether a MR has any CI-related changes (i.e. +".gitlab-ci.yml"+ or +".gitlab/ci/*"+) or not.
+    def has_ci_changes?
+      changed_files(%r{\A(\.gitlab-ci\.yml|\.gitlab/ci/)}).any?
+    end
+
+    # @param labels [Array<String>] An array of labels.
+    #
+    # @return [Boolean] whether a MR has the given +labels+ set or not.
     def mr_has_labels?(*labels)
       labels = labels.flatten.uniq
 
       (labels & mr_labels) == labels
     end
 
+    # @param labels [Array<String>] An array of labels.
+    # @param sep [String] A separator.
+    #
+    # @example
+    #   labels_list(["foo", "bar baz"], sep: "; ")
+    #    # => '~"foo"; ~"bar baz"'
+    #
+    # @return [String] the list of +labels+ ready for being used in a Markdown comment, separated by +sep+.
     def labels_list(labels, sep: ", ")
       labels.map { |label| %Q{~"#{label}"} }.join(sep)
     end
 
+    # @deprecated Use {#quick_action_label} instead.
     def prepare_labels_for_mr(labels)
+      quick_action_label(labels)
+    end
+
+    # @param labels [Array<String>] An array of labels.
+    #
+    # @example
+    #   quick_action_label(["foo", "bar baz"])
+    #    # => '/label ~"foo" ~"bar baz"'
+    #
+    # @return [String] a quick action to set the +given+ labels. Returns +""+ if +labels+ is empty.
+    def quick_action_label(labels)
       return "" unless labels.any?
 
       "/label #{labels_list(labels, sep: " ")}"
     end
 
+    # @param regex [Regexp] A Regexp to match against.
+    #
+    # @return [Array<String>] changed files matching the given +regex+.
     def changed_files(regex)
       all_changed_files.grep(regex)
     end
 
-    def has_database_scoped_labels?(current_mr_labels)
-      current_mr_labels.any? { |label| label.start_with?("database::") }
+    # @return [Array<String>] the group labels (i.e. +"group::*"+) set on the MR.
+    def group_label
+      mr_labels.find { |label| label.start_with?("group::") }
     end
 
-    def has_ci_changes?
-      changed_files(%r{\A(\.gitlab-ci\.yml|\.gitlab/ci/)}).any?
+    private
+
+    # @return [Danger::RequestSources::GitLab, nil] the +gitlab+ helper, or +nil+ when it's not available.
+    def gitlab_helper
+      # Unfortunately the following does not work:
+      # - respond_to?(:gitlab)
+      # - respond_to?(:gitlab, true)
+      gitlab
+    rescue NoMethodError
+      nil
+    end
+
+    # @param filename [String] A filename for which we want the diff.
+    #
+    # @return [String] the raw diff as a string for the given +filename+.
+    def diff_for_file(filename)
+      if changes_from_api
+        changes_hash = changes_from_api.find { |file| file["new_path"] == filename }
+        changes_hash["diff"] if changes_hash
+      else
+        git.diff_for_file(filename)&.patch
+      end
     end
 
-    def group_label(labels)
-      labels.find { |label| label.start_with?("group::") }
+    # Fetches MR changes from the API instead of Git (default).
+    #
+    # @return [Array<Hash>, nil]
+    def changes_from_api
+      return nil unless ci?
+      return nil if defined?(@force_changes_from_git)
+
+      @changes_from_api ||= gitlab_helper.mr_changes.to_h["changes"]
+    rescue
+      # Fallback to the Git strategy in any case
+      @force_changes_from_git = true
+      nil
     end
   end
 end