gitlab-dangerfiles 2.0.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d3407bad03ff3220a55329e625c1fd5a962b4ffe29b4ab1da68a7e998761024
-  data.tar.gz: a9f31b18452500fa6e437a847b1d726cbbe2c47a1912c5e40fd18196ca3716fa
+  metadata.gz: 30a4d627f19b9baece5e677425892f5ede2b883db11c57ae4178956975dcdb69
+  data.tar.gz: dfb9f139593171a0ddf7b075993ebe9419c0b32a33a391c5b7dfa4814871f553
 SHA512:
-  metadata.gz: 3390ab204b7572654e748198fb1d03b70056ab26b32a8ea29cc2c624e307e59c5cfab5306afb8900c71df62671b984ccdbb21e7c1e9adb16b2ab43a9299774c0
-  data.tar.gz: '06879db4e54bff63e540793f8c94f3c9412d6481641144bfa80934bb36a82872c76e9693c86aa9b381d78528da06a27795f620ff9127829e4904938807958ede'
+  metadata.gz: 504abc1a266560c6277dd9cb329b35894e2cdc958703403bdd88e3b2a7ad883860ed56be1bb14bf48529d0207b61f69a896260e4ab87cd0e251b373bcb902b18
+  data.tar.gz: ba5ff6ef20d7571c70a6bc4b130b5b54a89881c3757bf2b4c6949be6e7c441ba9deca33b13753be8428f0877663d24410a05a9aa3e45bac8fc2f5ff9e5a6aeae

data/.gitignore

@@ -9,6 +9,7 @@
 /pkg/
 /spec/reports/
 /tmp/
+/doc/
 
 # rspec failure tracking
 .rspec_status

data/.gitlab-ci.yml

@@ -11,7 +11,7 @@ workflow:
     # For tags, create a pipeline.
     - if: '$CI_COMMIT_TAG'
 
-default:
+.default:
   image: ruby:2.7
   tags:
     - gitlab-org
@@ -29,15 +29,50 @@ default:
     policy: pull
 
 test:rspec:
+  extends: .default
   stage: test
   script:
     - bundle exec rspec
 
 test:rufo:
+  extends: .default
   stage: test
   script:
     - bundle exec rufo --check .
 
 include:
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/License-Scanning.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
   - project: 'gitlab-org/quality/pipeline-common'
     file: '/ci/gem-release.yml'
+
+# run security jobs on MRs
+# see: https://gitlab.com/gitlab-org/gitlab/-/issues/218444#note_478761991
+
+brakeman-sast:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+
+gemnasium-dependency_scanning:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+
+bundler-audit-dependency_scanning:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+
+license_scanning:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+
+secret_detection:
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+

data/README.md

@@ -64,6 +64,17 @@ Danger rules are located under `lib/danger/rules`.
   `:high` is the lines changed threshold which triggers an error, and
   `:medium` is the lines changed threshold which triggers a warning.
 
+#### `commit_messages`
+
+##### Available configurations
+
+- `max_commits_count`: The maximum number of allowed non-squashed/non-fixup commits for a given MR.
+   A warning is triggered if the MR has more commits.
+
+## Documentation
+
+Latest documentation can be found at <https://www.rubydoc.info/gems/gitlab-dangerfiles>.
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/lib/danger/plugins/helper.rb

@@ -283,9 +283,18 @@ module Danger
       gitlab_helper.mr_json["target_branch"]
     end
 
+    # @return [Boolean] +true+ when not in the CI context, and whether the MR is set to be squashed otherwise.
+    def squash_mr?
+      return true unless ci?
+
+      gitlab.mr_json["squash"]
+    end
+
     # @return [Boolean] whether a MR is a Draft or not.
     def draft_mr?
-      Gitlab::Dangerfiles::TitleLinting.has_draft_flag?(mr_title)
+      return false unless ci?
+
+      gitlab.mr_json["work_in_progress"]
     end
 
     # @return [Boolean] whether a MR is opened in the security mirror or not.

data/lib/danger/rules/commit_messages/Dangerfile

@@ -0,0 +1,139 @@
+# frozen_string_literal: true
+
+require_relative "../../../gitlab/dangerfiles/commit_linter"
+require_relative "../../../gitlab/dangerfiles/merge_request_linter"
+
+COMMIT_MESSAGE_GUIDELINES = "https://docs.gitlab.com/ee/development/contributing/merge_request_workflow.html#commit-messages-guidelines"
+MORE_INFO = "For more information, take a look at our [Commit message guidelines](#{COMMIT_MESSAGE_GUIDELINES})."
+THE_DANGER_JOB_TEXT = "the `%<job_name>` job"
+MAX_COMMITS_COUNT_EXCEEDED_MESSAGE = <<~MSG
+This merge request includes more than %<max_commits_count>d commits. Each commit should meet the following criteria:
+
+1. Have a well-written commit message.
+1. Has all tests passing when used on its own (e.g. when using git checkout SHA).
+1. Can be reverted on its own without also requiring the revert of commit that came before it.
+1. Is small enough that it can be reviewed in isolation in under 30 minutes or so.
+
+If this merge request contains commits that do not meet this criteria and/or contains intermediate work, please rebase these commits into a smaller number of commits or split this merge request into multiple smaller merge requests.
+MSG
+
+max_commits_count = helper.config.max_commits_count
+
+def fail_commit(commit, message, more_info: true)
+  self.fail(build_message(commit, message, more_info: more_info))
+end
+
+def warn_commit(commit, message, more_info: true)
+  self.warn(build_message(commit, message, more_info: more_info))
+end
+
+def build_message(commit, message, more_info: true)
+  [message].tap do |full_message|
+    full_message << ". #{MORE_INFO}" if more_info
+    full_message.unshift("#{commit.sha}: ") if commit.sha
+  end.join
+end
+
+def danger_job_link
+  helper.ci? ? "[#{format(THE_DANGER_JOB_TEXT, job_name: ENV["CI_JOB_NAME"])}](#{ENV['CI_JOB_URL']})" : THE_DANGER_JOB_TEXT
+end
+
+# Perform various checks against commits. We're not using
+# https://github.com/jonallured/danger-commit_lint because its output is not
+# very helpful, and it doesn't offer the means of ignoring merge commits.
+def lint_commit(commit)
+  linter = Gitlab::Dangerfiles::CommitLinter.new(commit)
+
+  # For now we'll ignore merge commits, as getting rid of those is a problem
+  # separate from enforcing good commit messages.
+  return linter if linter.merge?
+
+  # We ignore revert commits as they are well structured by Git already
+  return linter if linter.revert?
+
+  # If MR is set to squash, we ignore fixup commits
+  return linter if linter.fixup? && helper.squash_mr?
+
+  if linter.fixup?
+    msg = "Squash or fixup commits must be squashed before merge, or enable squash merge option and re-run #{danger_job_link}."
+    if helper.draft_mr? || helper.squash_mr?
+      warn_commit(commit, msg, more_info: false)
+    else
+      fail_commit(commit, msg, more_info: false)
+    end
+
+    # Makes no sense to process other rules for fixup commits, they trigger just more noise
+    return linter
+  end
+
+  # Fail if a suggestion commit is used and squash is not enabled
+  if linter.suggestion?
+    unless helper.squash_mr?
+      fail_commit(commit, "If you are applying suggestions, enable squash in the merge request and re-run #{danger_job_link}.", more_info: false)
+    end
+
+    return linter
+  end
+
+  linter.lint
+end
+
+def lint_mr_title(mr_title)
+  commit = Struct.new(:message, :sha).new(mr_title)
+
+  Gitlab::Dangerfiles::MergeRequestLinter.new(commit).lint
+end
+
+def count_non_fixup_commits(commit_linters)
+  commit_linters.count { |commit_linter| !commit_linter.fixup? }
+end
+
+def lint_commits(commits)
+  commit_linters = commits.map { |commit| lint_commit(commit) }
+
+  if helper.squash_mr?
+    multi_line_commit_linter = commit_linters.detect { |commit_linter| !commit_linter.merge? && commit_linter.multi_line? }
+
+    if multi_line_commit_linter && multi_line_commit_linter.failed?
+      warn_or_fail_commits(multi_line_commit_linter)
+      commit_linters.delete(multi_line_commit_linter) # Don't show an error (here) and a warning (below)
+    elsif helper.ci? # We don't have access to the MR title locally
+      title_linter = lint_mr_title(gitlab.mr_json['title'])
+      if title_linter.failed?
+        warn_or_fail_commits(title_linter)
+      end
+    end
+  else
+    if count_non_fixup_commits(commit_linters) > max_commits_count
+      self.warn(format(MAX_COMMITS_COUNT_EXCEEDED_MESSAGE, max_commits_count: max_commits_count))
+    end
+  end
+
+  failed_commit_linters = commit_linters.select { |commit_linter| commit_linter.failed? }
+  warn_or_fail_commits(failed_commit_linters, default_to_fail: !helper.squash_mr?)
+end
+
+def warn_or_fail_commits(failed_linters, default_to_fail: true)
+  level = default_to_fail ? :fail : :warn
+
+  Array(failed_linters).each do |linter|
+    linter.problems.each do |problem_key, problem_desc|
+      case problem_key
+      when :subject_too_short, :subject_above_warning, :details_too_many_changes, :details_line_too_long
+        warn_commit(linter.commit, problem_desc)
+      else
+        self.__send__("#{level}_commit", linter.commit, problem_desc) # rubocop:disable GitlabSecurity/PublicSend
+      end
+    end
+  end
+end
+
+# As part of https://gitlab.com/groups/gitlab-org/-/epics/4826 we are
+# vendoring workhorse commits from the stand-alone gitlab-workhorse
+# repo. There is no point in linting commits that we want to vendor as
+# is.
+def workhorse_changes?
+  git.diff.any? { |file| file.path.start_with?('workhorse/') }
+end
+
+lint_commits(git.commits) unless workhorse_changes?

data/lib/gitlab/dangerfiles/commit_linter.rb

@@ -8,7 +8,10 @@ module Gitlab
     class CommitLinter < BaseLinter
       MAX_CHANGED_FILES_IN_COMMIT = 3
       MAX_CHANGED_LINES_IN_COMMIT = 30
-      SHORT_REFERENCE_REGEX = %r{([\w\-\/]+)?(?<!`)(#|!|&|%)\d+(?<!`)}.freeze
+      # Issue, MR, Epic
+      SHORT_REFERENCE_REGEX = %r{([\w\-\/]+)?(?<!`)(#|!|&)\d+(?<!`)}.freeze
+      # Milestone
+      MS_SHORT_REFERENCE_REGEX = %r{([\w\-\/]+)?(?<!`)%"?\d{1,3}\.\d{1,3}"?(?<!`)}.freeze
 
       def self.problems_mapping
         super.merge(
@@ -139,7 +142,8 @@ module Gitlab
       end
 
       def message_contains_short_reference?
-        commit.message.match?(SHORT_REFERENCE_REGEX)
+        commit.message.match?(SHORT_REFERENCE_REGEX) ||
+          commit.message.match?(MS_SHORT_REFERENCE_REGEX)
       end
 
       def emoji_checker

data/lib/gitlab/dangerfiles/config.rb

@@ -7,10 +7,16 @@ module Gitlab
       #   @return [{ high: Integer, medium: Integer }] a hash of the form +{ high: 42, medium: 12 }+ where +:high+ is the lines changed threshold which triggers an error, and +:medium+ is the lines changed threshold which triggers a warning. Also, see +DEFAULT_CHANGES_SIZE_THRESHOLDS+ for the format of the hash.
       attr_accessor :code_size_thresholds
 
+      # @!attribute max_commits_count
+      #   @return [Integer] the maximum number of allowed non-squashed/non-fixup commits for a given MR. A warning is triggered if the MR has more commits.
+      attr_accessor :max_commits_count
+
       DEFAULT_CHANGES_SIZE_THRESHOLDS = { high: 2_000, medium: 500 }.freeze
+      DEFAULT_COMMIT_MESSAGES_MAX_COMMITS_COUNT = 10
 
       def initialize
         @code_size_thresholds = DEFAULT_CHANGES_SIZE_THRESHOLDS
+        @max_commits_count = DEFAULT_COMMIT_MESSAGES_MAX_COMMITS_COUNT
       end
     end
   end

data/lib/gitlab/dangerfiles/title_linting.rb

@@ -19,6 +19,8 @@ module Gitlab
       end
 
       def has_draft_flag?(title)
+        puts "This method is deprecated in favor of `helper.draft_mr?`."
+
         DRAFT_REGEX.match?(title)
       end
 

data/lib/gitlab/dangerfiles/version.rb

@@ -1,5 +1,5 @@
 module Gitlab
   module Dangerfiles
-    VERSION = "2.0.0"
+    VERSION = "2.1.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-dangerfiles
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - GitLab
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-04-27 00:00:00.000000000 Z
+date: 2021-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: danger-gitlab
@@ -134,6 +134,7 @@ files:
 - lib/danger/plugins/helper.rb
 - lib/danger/plugins/roulette.rb
 - lib/danger/rules/changes_size/Dangerfile
+- lib/danger/rules/commit_messages/Dangerfile
 - lib/gitlab-dangerfiles.rb
 - lib/gitlab/Dangerfile
 - lib/gitlab/dangerfiles.rb