gitlab-dangerfiles 3.13.0 → 4.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fae45cdf2a0c840f86b2d1864e521587210e4f365d2d03727be0d73866e4379c
-  data.tar.gz: a8380520fe8d4d12be578493244570265023db9f850ff374cd879591fb533b02
+  metadata.gz: dc6047699d31bc320127f651d567ddf984b6189eeeb7646eb4f0d46b4185e9fd
+  data.tar.gz: 655da17704203a02f6f138b8493bb8cf2002c2121d1015a63da0677ebf23b48d
 SHA512:
-  metadata.gz: 178104293164685aa9b265505785872372ad621b92b15fca37a590be070e7abbfd4090c339f3869c1c9e4da56281800b479c96c6992fb141e358320944e508ab
-  data.tar.gz: bb6f9c2b409a904517d7f8e91918ddc7df959de37b41a25cd898398749d227e5b40755669a406e3bd8063df255f8639d5fccdef37c2cd150cad31e6c3d036f11
+  metadata.gz: 02613c71246a09f46d15e0117e3f304ae626618c5736ff9b02f5e15bfbeccaa4921cefa694c97548dc5af2f4611866b58eb29f9eb5e0305d7412461097980a2c
+  data.tar.gz: 6703f6fe3502ad2336c33a4296a67d3e7d77d0dd9e46db97f510f0bd4c17a729f1bb20afcbb4ab6a0d5b24da477e4e50378e76cb943b9fc474fbed29320e619b

data/.gitignore

@@ -3,7 +3,6 @@
 /.rspec
 /.bundle/
 /.yardoc
-/Gemfile.lock
 /_yardoc/
 /coverage/
 /pkg/

data/.gitlab/CODEOWNERS

@@ -1 +1 @@
-* @gl-quality/eng-prod
+* @gl-dx/eng-prod

data/.gitlab/merge_request_templates/Release.md

@@ -2,7 +2,7 @@
 commit from this merge request, and `<NEW_VERSION>` with the upcoming version number. -->
 ## Diff
 
-https://gitlab.com/gitlab-org/ruby/gems/gitlab-dangerfiles/-/compare/v<PREVIOUS_VERSION>...<COMMIT_UPDATING_VERSION>
+https://gitlab.com/gitlab-org/ruby/gems/gitlab-dangerfiles/-/compare/<PREVIOUS_VERSION>...<COMMIT_UPDATING_VERSION>
 
 ## Checklist
 

data/.gitlab-ci.yml

@@ -11,13 +11,9 @@ workflow:
     # For tags, create a pipeline.
     - if: '$CI_COMMIT_TAG'
 
-.default:
-  image: "ruby:${RUBY_VERSION}"
+default:
   tags:
     - gitlab-org
-  before_script:
-    - gem install bundler
-    - bundle install -j $(nproc) --path vendor
   cache:
     key:
       files:
@@ -25,64 +21,47 @@ workflow:
         - gitlab-dangerfiles.gemspec
     paths:
       - vendor/ruby
-      - Gemfile.lock
-    policy: pull
 
-test:rspec:
-  extends: .default
+.default-test-job:
+  image: "${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}"
   stage: test
-  script:
-    - bundle exec rspec
+  needs: []
+  before_script:
+    - gem install bundler
+    - bundle install -j $(nproc) --path vendor
   parallel:
     matrix:
       - RUBY_VERSION: ['3.0', '3.1', '3.2']
 
-test:rubocop:
-  extends: .default
-  stage: test
+test:rspec:
+  extends: .default-test-job
   script:
-    - bundle exec rubocop -P -E .
-  parallel:
-    matrix:
-      - RUBY_VERSION: ['3.0', '3.1', '3.2']
+    - bundle exec rspec
 
-test:rufo:
-  extends: .default
-  stage: test
+test:rubocop:
+  extends: .default-test-job
   script:
-    - bundle exec rufo --check .
-  parallel:
-    matrix:
-      - RUBY_VERSION: ['3.0', '3.1', '3.2']
+    - bundle exec rubocop -P -E .
 
 include:
+  - component: gitlab.com/components/sast/sast@~latest
+  - component: gitlab.com/components/secret-detection/secret-detection@~latest
+  - component: gitlab.com/gitlab-org/components/gem-release/gem-release@~latest
+    inputs:
+      smoke_test_script: "ruby -r 'gitlab-dangerfiles' -e \"puts Gitlab::Dangerfiles::VERSION\""
+  - component: gitlab.com/gitlab-org/components/danger-review/danger-review@~latest
+    inputs:
+      dry_run: true
   - template: Security/Dependency-Scanning.gitlab-ci.yml
-  - template: Security/License-Scanning.gitlab-ci.yml
-  - template: Security/SAST.gitlab-ci.yml
-  - template: Security/Secret-Detection.gitlab-ci.yml
-  - project: 'gitlab-org/quality/pipeline-common'
-    file:
-      - '/ci/danger-review.yml'
-      - '/ci/gem-release.yml'
 
 # run security jobs on MRs
 # see: https://gitlab.com/gitlab-org/gitlab/-/issues/218444#note_478761991
 
-brakeman-sast:
-  rules:
-    - if: '$CI_MERGE_REQUEST_IID'
-    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
-
 gemnasium-dependency_scanning:
   rules:
     - if: '$CI_MERGE_REQUEST_IID'
     - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
 
-license_scanning:
-  rules:
-    - if: '$CI_MERGE_REQUEST_IID'
-    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
-
 secret_detection:
   rules:
     - if: '$CI_MERGE_REQUEST_IID'

data/.rubocop.yml

@@ -25,27 +25,17 @@ RSpec/MultipleMemoizedHelpers:
 RSpec/FilePath:
   Enabled: false
 
+RSpec/SpecFilePathFormat:
+  Enabled: false
+
+Style/ArrayIntersect:
+  Enabled: false # We're still supporting Ruby 3.1 and below
+
 Style/HashSyntax:
   EnforcedStyle: ruby19_no_mixed_keys
   # Introduced in Ruby 3.1. Disable for now.
   EnforcedShorthandSyntax: never
 
-# To respect rufo formatting
-Style/StringLiterals:
-  EnforcedStyle: double_quotes
-
-# To respect rufo formatting
-Style/TrailingCommaInHashLiteral:
-  EnforcedStyleForMultiline: consistent_comma
-
-# To respect rufo formatting
-Style/TrailingCommaInArguments:
-  Enabled: false
-
-# To respect rufo formatting
-Layout/MultilineOperationIndentation:
-  Enabled: false
-
 # Was problematic, and not included in the .rubocop_todo.yml
 GitlabSecurity/PublicSend:
   Enabled: false

data/.rubocop_todo.yml

@@ -126,11 +126,6 @@ Lint/IdentityComparison:
     - 'spec/gitlab/dangerfiles/weightage/maintainers_spec.rb'
     - 'spec/gitlab/dangerfiles/weightage/reviewers_spec.rb'
 
-# Offense count: 1
-Lint/NonLocalExitFromIterator:
-  Exclude:
-    - 'lib/danger/rules/subtype_label/Dangerfile'
-
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
 Lint/RedundantCopDisableDirective:
@@ -310,7 +305,6 @@ Style/FrozenStringLiteralComment:
 # Configuration parameters: MinBodyLength, AllowConsecutiveConditionals.
 Style/GuardClause:
   Exclude:
-    - 'lib/danger/rules/subtype_label/Dangerfile'
     - 'lib/danger/rules/type_label/Dangerfile'
 
 # Offense count: 2
@@ -384,7 +378,6 @@ Style/PercentLiteralDelimiters:
     - 'Guardfile'
     - 'gitlab-dangerfiles.gemspec'
     - 'lib/danger/plugins/internal/helper.rb'
-    - 'lib/danger/rules/subtype_label/Dangerfile'
     - 'lib/gitlab/dangerfiles/tasks/main.rake'
     - 'spec/danger/plugins/internal/helper_spec.rb'
 
@@ -471,7 +464,6 @@ Style/SelectByRegexp:
 # SupportedStyles: only_raise, only_fail, semantic
 Style/SignalException:
   Exclude:
-    - 'lib/danger/rules/subtype_label/Dangerfile'
     - 'lib/danger/rules/type_label/Dangerfile'
 
 # Offense count: 7
@@ -527,3 +519,8 @@ Style/TrailingCommaInArrayLiteral:
     - 'spec/gitlab/dangerfiles/title_linting_spec.rb'
     - 'spec/gitlab/dangerfiles/weightage/maintainers_spec.rb'
     - 'spec/gitlab/dangerfiles/weightage/reviewers_spec.rb'
+
+Style/ArrayIntersect:
+  Exclude:
+    - 'lib/gitlab/dangerfiles/category.rb'
+    - 'lib/danger/plugins/changelog.rb'

data/Gemfile

@@ -2,19 +2,3 @@ source "https://rubygems.org"
 
 # Specify your gem's dependencies in gitlab-dangerfiles.gemspec
 gemspec
-
-gem "rake", "~> 12.0"
-gem "guard-rspec"
-gem "yard"
-
-group :development do
-  gem "lefthook", require: false
-end
-
-group :development, :test do
-  gem "gitlab-styles", "~> 9.0.0", require: false
-end
-
-group :test do
-  gem "pry-byebug", "~> 3.8", require: false
-end

data/Gemfile.lock

@@ -0,0 +1,234 @@
+PATH
+  remote: .
+  specs:
+    gitlab-dangerfiles (4.10.0)
+      danger (>= 9.3.0)
+      danger-gitlab (>= 8.0.0)
+      rake (~> 13.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (7.0.4.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
+    ast (2.4.2)
+    binding_of_caller (1.0.0)
+      debug_inspector (>= 0.0.1)
+    claide (1.1.0)
+    claide-plugins (0.9.2)
+      cork
+      nap
+      open4 (~> 1.3)
+    climate_control (1.2.0)
+    coderay (1.1.3)
+    colored2 (3.1.2)
+    concurrent-ruby (1.2.0)
+    cork (0.3.0)
+      colored2 (~> 3.1)
+    crack (0.4.5)
+      rexml
+    danger (9.3.0)
+      claide (~> 1.0)
+      claide-plugins (>= 0.9.2)
+      colored2 (~> 3.1)
+      cork (~> 0.1)
+      faraday (>= 0.9.0, < 3.0)
+      faraday-http-cache (~> 2.0)
+      git (~> 1.13.0)
+      kramdown (~> 2.3)
+      kramdown-parser-gfm (~> 1.0)
+      no_proxy_fix
+      octokit (~> 5.0)
+      terminal-table (>= 1, < 4)
+    danger-gitlab (8.0.0)
+      danger
+      gitlab (~> 4.2, >= 4.2.0)
+    debug_inspector (1.1.0)
+    diff-lcs (1.5.0)
+    faraday (2.7.10)
+      faraday-net_http (>= 2.0, < 3.1)
+      ruby2_keywords (>= 0.0.4)
+    faraday-http-cache (2.5.0)
+      faraday (>= 0.8)
+    faraday-net_http (3.0.2)
+    ffi (1.15.5)
+    formatador (1.1.0)
+    git (1.13.2)
+      addressable (~> 2.8)
+      rchardet (~> 1.8)
+    gitlab (4.19.0)
+      httparty (~> 0.20)
+      terminal-table (>= 1.5.1)
+    gitlab-styles (10.0.0)
+      rubocop (~> 1.43.0)
+      rubocop-graphql (~> 0.18)
+      rubocop-performance (~> 1.15)
+      rubocop-rails (~> 2.17)
+      rubocop-rspec (~> 2.18)
+    guard (2.18.0)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.13.0)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    hashdiff (1.0.1)
+    httparty (0.21.0)
+      mini_mime (>= 1.0.0)
+      multi_xml (>= 0.5.2)
+    i18n (1.12.0)
+      concurrent-ruby (~> 1.0)
+    json (2.6.3)
+    kramdown (2.4.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    lefthook (1.5.2)
+    listen (3.8.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    lumberjack (1.2.8)
+    method_source (1.0.0)
+    mini_mime (1.1.2)
+    minitest (5.17.0)
+    multi_xml (0.6.0)
+    nap (1.1.0)
+    nenv (0.3.0)
+    no_proxy_fix (0.1.2)
+    notiffany (0.1.3)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    octokit (5.6.1)
+      faraday (>= 1, < 3)
+      sawyer (~> 0.9)
+    open4 (1.3.4)
+    parallel (1.22.1)
+    parser (3.2.1.0)
+      ast (~> 2.4.1)
+      racc
+    proc_to_ast (0.1.0)
+      coderay
+      parser
+      unparser
+    pry (0.14.2)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    public_suffix (5.0.1)
+    racc (1.8.1)
+    rack (3.0.4.1)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    rchardet (1.8.0)
+    regexp_parser (2.7.0)
+    rexml (3.2.5)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.1)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.3)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-parameterized (1.0.0)
+      rspec-parameterized-core (< 2)
+      rspec-parameterized-table_syntax (< 2)
+    rspec-parameterized-core (1.0.0)
+      parser
+      proc_to_ast
+      rspec (>= 2.13, < 4)
+      unparser
+    rspec-parameterized-table_syntax (1.0.0)
+      binding_of_caller
+      rspec-parameterized-core (< 2)
+    rspec-support (3.12.0)
+    rubocop (1.43.0)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.2.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.24.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.26.0)
+      parser (>= 3.2.1.0)
+    rubocop-capybara (2.19.0)
+      rubocop (~> 1.41)
+    rubocop-factory_bot (2.24.0)
+      rubocop (~> 1.33)
+    rubocop-graphql (0.19.0)
+      rubocop (>= 0.87, < 2)
+    rubocop-performance (1.19.1)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    rubocop-rails (2.17.4)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.33.0, < 2.0)
+    rubocop-rspec (2.24.1)
+      rubocop (~> 1.33)
+      rubocop-capybara (~> 2.17)
+      rubocop-factory_bot (~> 2.22)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.5)
+    sawyer (0.9.2)
+      addressable (>= 2.3.5)
+      faraday (>= 0.17.3, < 3)
+    shellany (0.0.1)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
+    thor (1.2.1)
+    timecop (0.9.6)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.4.2)
+    unparser (0.6.7)
+      diff-lcs (~> 1.3)
+      parser (>= 3.2.0)
+    webmock (3.18.1)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+    webrick (1.7.0)
+    yard (0.9.28)
+      webrick (~> 1.7.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  climate_control
+  gitlab-dangerfiles!
+  gitlab-styles (~> 10.0)
+  guard-rspec (~> 4.7.3)
+  lefthook (~> 1.3)
+  racc (~> 1.8)
+  rspec (~> 3.8)
+  rspec-parameterized
+  rubocop-rails (< 2.21.2)
+  timecop
+  webmock
+  yard
+
+BUNDLED WITH
+   2.5.4

data/README.md

@@ -69,6 +69,52 @@ end
 
 Note that your custom plugins and rules (unless you exclude them with `except`) are automatically imported by the gem.
 
+### Import and load order
+
+Plugins are imported in alphabetical order. Gem plugins are loaded before
+project-local plugins.
+
+Gem and project-local rules are combined, filtered, and loaded in alphabetical order.
+
+Because all rules are executed as soon as they are imported, you should move all
+logic from your root `Dangerfile` to project-local rules in
+`danger/*/Dangerfile`.
+
+For example:
+
+**Bad**
+
+`Dangerfile`:
+
+```ruby
+Gitlab::Dangerfiles.for_project(self) do |dangerfiles|
+  dangerfiles.import_dangerfiles(only: %w[z_add_labels])
+end
+
+# Bad, because gem rule `z_add_labels` has already been executed with empty labels list.
+helper.labels_to_add << 'important'
+```
+
+**Good**
+
+`Dangerfile`:
+
+```ruby
+Gitlab::Dangerfiles.for_project(self) do |dangerfiles|
+  dangerfiles.import_dangerfiles(only: %w[z_add_labels])
+end
+```
+
+`danger/labels/Dangerfile`:
+
+```ruby
+# Good. Execution order:
+# * root `Dangerfile`
+# * project-local `danger/my_labels/Dangerfile`
+# * gem rule `danger/z_add_labels/Dangerfile`
+helper.labels_to_add << 'important'
+```
+
 ### Plugins
 
 Danger plugins are located under `lib/danger/plugins`.
@@ -125,6 +171,15 @@ This rule ensures the merge request isn't too big to be reviewed, otherwise it s
 
 This rule posts a failure if the merge request has more than 20 commits.
 
+#### `danger_code_review`
+
+This rule posts a warning/failure when `@GitLabDuo` isn't assigned as a reviewer.
+
+##### Available configurations
+
+- `duo_code_review`: Whether a review from GitLab Duo Code is `:mandatory` or `:optional`.
+  Default to `:optional`.
+
 #### `metadata`
 
 This rule ensures basic metadata such as assignee, milestone and description are set on the merge request.
@@ -147,20 +202,42 @@ project. To use it in your project, perform the following steps:
      dangerfiles.import_dangerfiles(only: %w[simple_roulette])
    end
    ```
+   
+##### Auto-assignment
 
-#### `subtype_label`
+By default, the simple roulette only suggests reviewers in a comment. You can, optionally, configure it to automatically assign reviewers from the roulette to your merge requests.
 
-This rule warns when the merge request is missing a [subtype label](https://about.gitlab.com/handbook/engineering/metrics/#work-type-classification).
+Configure `auto_assign_for_roulette_roles` to specify which roles to assign (`:reviewer`, `:maintainer`, or both). If empty (default), no auto-assignment occurs.
 
-If the `DANGER_ERROR_WHEN_SUBTYPE_LABEL_IS_MISSING` environment variable evaluates to `true`, Danger will error instead of warning when a subtype label is missing.
+Optionally, configure `auto_assign_for_roulette_labels` to only auto-assign for Merge Requests with specific labels. If empty (default), auto-assignment applies to all MRs.
 
-#### `type_label`
+###### Examples
 
-This rule warns when the merge request is missing a [type label](https://about.gitlab.com/handbook/engineering/metrics/#work-type-classification).
+``` ruby
+# Auto-assign reviewers for all MRs
+helper.config.auto_assign_for_roulette_roles = [:reviewer]
 
-If the `DANGER_ERROR_WHEN_TYPE_LABEL_IS_MISSING` environment variable evaluates to `true`, Danger will error instead of warning when a type label is missing.
+# Auto-assign both reviewer and maintainer for all MRs
+helper.config.auto_assign_for_roulette_roles = [:reviewer, :maintainer]
 
-If the `changelog` plugin is available, it also tries to infer a type label from the `Changelog` trailer of the MR.
+# Auto-assign reviewers only for a specific MR label
+helper.config.auto_assign_for_roulette_roles = [:reviewer]
+helper.config.auto_assign_for_roulette_labels = ["maintenance::dependency"]
+```
+
+##### Available configurations
+
+Note: These options aren't actually used in the `simple_roulette` rule, but can be used in your own
+implementation of the roulette if you use `roulette.required_approvals`/`roulette.codeowners_approvals`.
+
+- `included_optional_codeowners_sections_for_roulette`: Indicates which optional codeowners sections
+  should be included in roulette. Default to `[]`.
+- `excluded_required_codeowners_sections_for_roulette`: Indicates which required codeowners sections
+  should be excluded from roulette. Default to `[]`.
+
+#### `type_label`
+
+If the `changelog` plugin is available, it tries to infer a type label from the `Changelog` trailer of the MR.
 
 #### `z_add_labels`
 
@@ -245,6 +322,16 @@ To run the Danger Rake task in a project that doesn't have `master` as the defau
 DANGER_LOCAL_BASE="origin/main" bundle exec rake danger_local
 ```
 
+## Warnings vs Errors
+
+The following lint violations generate warnings:
+
+1. The commit subject is too short ([code](https://gitlab.com/gitlab-org/ruby/gems/gitlab-dangerfiles/blob/bccb167/lib/gitlab/dangerfiles/base_linter.rb#L74-76)).
+1. The commit changes too many lines across too many files without describing the changes in the commit body ([code](https://gitlab.com/gitlab-org/ruby/gems/gitlab-dangerfiles/blob/bccb167/lib/gitlab/dangerfiles/commit_linter.rb#L83-85)).
+1. The commit body contains too many characters per line ([code](https://gitlab.com/gitlab-org/ruby/gems/gitlab-dangerfiles/blob/bccb167/lib/gitlab/dangerfiles/commit_linter.rb#L87-96)).
+
+All other lint violations generate errors, except when the MR has [Squash commits when merge request is accepted](https://docs.gitlab.com/ee/user/project/merge_requests/squash_and_merge.html#squash-commits-in-a-merge-request) enabled, which downgrades lint violations to warnings.
+
 ## Documentation
 
 Latest documentation can be found at <https://www.rubydoc.info/gems/gitlab-dangerfiles>.
@@ -271,8 +358,8 @@ For example, to test `gitlab-dangerfiles` changes from the `your-branch-name` br
 
 ```ruby
 group :development, :test, :danger do
-  gem 'gitlab-dangerfiles', '~> 3.4.3', require: false,
-  git: 'https://gitlab.com/gitlab-org/ruby/gems/gitlab-dangerfiles.git',
+  gem 'gitlab-dangerfiles', require: false, feature_category: :tooling,
+  git: 'https://gitlab.com/gitlab-org/ruby/gems/gitlab-dangerfiles.git', # rubocop:disable Cop/GemFetcher -- Testing unreleased changes
   ref: 'your-branch-name'
 end
 ```

data/gitlab-dangerfiles.gemspec

@@ -27,14 +27,22 @@ Gem::Specification.new do |spec|
   spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "rake", ">= 0"
+  spec.add_dependency "rake", "~> 13.0"
   spec.add_dependency "danger-gitlab", ">= 8.0.0"
-  spec.add_dependency "danger", ">= 8.4.5"
+  spec.add_dependency "danger", ">= 9.3.0"
 
-  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "climate_control"
+  spec.add_development_dependency "gitlab-styles", "~> 10.0"
+  spec.add_development_dependency "guard-rspec", "~> 4.7.3"
+  spec.add_development_dependency "lefthook", "~> 1.3"
   spec.add_development_dependency "rspec-parameterized"
+  spec.add_development_dependency "rspec", "~> 3.8"
+  spec.add_development_dependency "racc", "~> 1.8"
+  # we do not commit the bundle lockfile, so this temporary workaround needs to be
+  # present until 2.21.3 or 2.22.x is released
+  # See https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles/-/issues/63
+  spec.add_development_dependency "rubocop-rails", "< 2.21.2"
   spec.add_development_dependency "timecop"
   spec.add_development_dependency "webmock"
-  spec.add_development_dependency "climate_control"
-  spec.add_development_dependency "rufo"
+  spec.add_development_dependency "yard"
 end

data/lefthook.yml

@@ -12,8 +12,3 @@ pre-push:
     rubocop:
       run: bundle exec rubocop
       glob: '*.rb'
-
-    # Ruby formatting checks
-    rufo:
-      run: bundle exec rufo --check .
-      glob: '*.rb'