ndr_dev_support 2.1.2 → 3.0.0

data/lib/ndr_dev_support/integration_testing.rb

@@ -1,3 +1,25 @@
-require 'ndr_dev_support/integration_testing/capybara'
-require 'ndr_dev_support/integration_testing/poltergeist'
-require 'ndr_dev_support/integration_testing/screenshot'
+# Set up basic capybara:
+require 'capybara/rails'
+ActionDispatch::IntegrationTest.include(Capybara::DSL)
+
+# Set up basic screenshotting capability:
+require 'capybara-screenshot'
+if defined?(MiniTest)
+  require 'capybara-screenshot/minitest'
+  ActionDispatch::IntegrationTest.include(Capybara::Screenshot::MiniTestPlugin)
+else
+  require 'capybara-screenshot/testunit'
+end
+
+# Include our custom DSL extensions, that also cover screenshotting:
+require 'ndr_dev_support/integration_testing/dsl'
+
+# These are all the drivers we have capybara / screenshot support for:
+require 'ndr_dev_support/integration_testing/drivers/chrome'
+require 'ndr_dev_support/integration_testing/drivers/chrome_headless'
+require 'ndr_dev_support/integration_testing/drivers/firefox'
+require 'ndr_dev_support/integration_testing/drivers/poltergeist'
+require 'ndr_dev_support/integration_testing/drivers/switchable'
+
+Capybara.default_driver    = :switchable
+Capybara.javascript_driver = :switchable

data/lib/ndr_dev_support/integration_testing/drivers/chrome.rb

@@ -0,0 +1,9 @@
+require 'selenium-webdriver'
+
+Capybara.register_driver(:chrome) do |app|
+  Capybara::Selenium::Driver.new app, browser: :chrome
+end
+
+Capybara::Screenshot.register_driver(:chrome) do |driver, path|
+  driver.browser.save_screenshot(path)
+end

data/lib/ndr_dev_support/integration_testing/drivers/chrome_headless.rb

@@ -0,0 +1,17 @@
+require 'selenium-webdriver'
+
+Capybara.register_driver(:chrome_headless) do |app|
+  capabilities = Selenium::WebDriver::Remote::Capabilities.chrome(
+    'chromeOptions' => { args: %w[headless disable-gpu] }
+  )
+
+  Capybara::Selenium::Driver.new(
+    app,
+    browser: :chrome,
+    desired_capabilities: capabilities
+  )
+end
+
+Capybara::Screenshot.register_driver(:chrome_headless) do |driver, path|
+  driver.browser.save_screenshot(path)
+end

data/lib/ndr_dev_support/integration_testing/drivers/firefox.rb

@@ -0,0 +1,9 @@
+require 'selenium-webdriver'
+
+Capybara.register_driver(:firefox) do |app|
+  Capybara::Selenium::Driver.new app, browser: :firefox
+end
+
+Capybara::Screenshot.register_driver(:firefox) do |driver, path|
+  driver.browser.save_screenshot(path)
+end

data/lib/ndr_dev_support/integration_testing/drivers/poltergeist.rb

@@ -0,0 +1,15 @@
+# The driver for PhantomJS is poltergeist:
+require 'capybara/poltergeist'
+
+Capybara.register_driver(:poltergeist) do |app|
+  options = { phantomjs_options: ['--proxy-type=none'], timeout: 60 }
+
+  options.merge!(debug: true, inspector: true) if ENV['DEBUG_PHANTOM_JS']
+
+  Capybara::Poltergeist::Driver.new(app, options)
+end
+
+Capybara::Screenshot.register_driver(:poltergeist) do |driver, path|
+  # Take full-height screenshots, rather than just capturing the viewport:
+  driver.render(path, full: true)
+end

data/lib/ndr_dev_support/integration_testing/drivers/switchable.rb

@@ -0,0 +1,21 @@
+# A meta-driver that allows the driver to be set using the `INTEGRATION_DRIVER`
+# environment variable (e.g. for a CI matrix), assuming that driver has been pre-registered
+# with Capybara.
+
+# Although the aim is to move to Chrome headless, we keep poltergeist as the default
+# driver for now. For motivation behind not changing immediately, see the "Differences
+# between Poltergeist and Selenium" section of:
+#
+#   https://about.gitlab.com/2017/12/19/moving-to-headless-chrome/
+#
+Capybara.register_driver(:switchable) do |app|
+  choice = ENV.fetch('INTEGRATION_DRIVER', 'poltergeist').to_sym
+
+  Capybara.drivers.fetch(choice).call(app)
+end
+
+Capybara::Screenshot.register_driver(:switchable) do |driver, path|
+  choice = ENV.fetch('INTEGRATION_DRIVER', 'poltergeist').to_sym
+
+  Capybara::Screenshot.registered_drivers.fetch(choice).call(driver, path)
+end

data/lib/ndr_dev_support/integration_testing/dsl.rb

@@ -0,0 +1,62 @@
+require 'capybara/rails'
+
+module NdrDevSupport
+  module IntegrationTesting
+    # Additional integration testing DSL:
+    module DSL
+      # Instruct the headless browser to clear its session:
+      def clear_headless_session!
+        page.driver.reset!
+      end
+
+      # Get the headless browser to delete all of the cookies
+      # for the current page without resetting:
+      def delete_all_cookies!
+        page.driver.cookies.each_key do |name|
+          page.driver.remove_cookie(name)
+        end
+      end
+
+      # Wrap up interacting with modals. The assumption is that the modal
+      # should be gone one the interaction is complete (as this is a good
+      # proxy for a triggered AJAX request to have completed, and therefore
+      # a signal for capybara to wait for); if this is not the case, pass
+      # `remain: true` to signal that the modal should remain active.
+      def within_modal(selector: '#modal', remain: false)
+        within(selector) { yield }
+
+        message = "modal was #{'not ' unless remain} expected to remain visible!"
+        assert(remain ? has_selector?(selector) : has_no_selector?(selector), message)
+      end
+
+      # Adds variant of Capybara's #within_window method, that doesn't return
+      # to the preview window on an exception. This allows us to screenshot
+      # a popup automatically if a test errors/fails whilst it has focus.
+      module SessionExtensions
+        def within_screenshot_compatible_window(window_or_proc)
+          original = current_window
+
+          case window_or_proc
+          when Capybara::Window
+            switch_to_window(window_or_proc) unless original == window_or_proc
+          when Proc
+            switch_to_window { window_or_proc.call }
+          else
+            raise ArgumentError, 'Unsupported window type!'
+          end
+
+          scopes << nil
+          yield
+          @scopes.pop
+          switch_to_window(original)
+        end
+      end
+
+      Capybara::Session.include(SessionExtensions)
+
+      delegate :within_screenshot_compatible_window, to: :page
+    end
+  end
+end
+
+ActionDispatch::IntegrationTest.include(NdrDevSupport::IntegrationTesting::DSL)

data/lib/ndr_dev_support/rake_ci/brakeman_helper.rb

@@ -0,0 +1,48 @@
+module NdrDevSupport
+  module RakeCI
+    # Brakeman helper
+    class BrakemanHelper
+      require 'set'
+      require 'brakeman'
+      require_relative 'concerns/commit_metadata_persistable'
+
+      include CommitMetadataPersistable
+
+      attr_reader :new_fingerprints, :old_fingerprints
+
+      def run
+        @tracker = ::Brakeman.run(app_path: '.')
+
+        last_commit_fingerprints = load_last_commit_data
+        if last_commit_fingerprints
+          @new_fingerprints = current_fingerprints - last_commit_fingerprints
+          @old_fingerprints = last_commit_fingerprints - current_fingerprints
+        else
+          @new_fingerprints = @old_fingerprints = Set.new
+        end
+      end
+
+      def warnings
+        @tracker.warnings
+      end
+
+      def warning_counts_by_confidence
+        return @warning_counts_by_confidence if @warning_counts_by_confidence
+
+        @warning_counts_by_confidence = {}
+        warnings.group_by(&:confidence).each do |confidence, grouped_warnings|
+          @warning_counts_by_confidence[confidence] = grouped_warnings.count
+        end
+        @warning_counts_by_confidence
+      end
+
+      def current_fingerprints
+        @current_fingerprints ||= warnings.map(&:fingerprint).to_set
+      end
+
+      def save_current_fingerprints
+        save_current_commit_data(current_fingerprints)
+      end
+    end
+  end
+end

data/lib/ndr_dev_support/rake_ci/concerns/commit_metadata_persistable.rb

@@ -0,0 +1,49 @@
+require 'active_support/concern'
+require 'active_support/inflector'
+require 'yaml'
+
+# Provides methods relating to persisting commit metadata
+module CommitMetadataPersistable
+  extend ActiveSupport::Concern
+
+  included do
+    attr_accessor :commit
+  end
+
+  private
+
+  def load_last_commit_data
+    hash = YAML.load_file(filename)
+
+    if commit.parents.map(&:oid).include?(hash[:commit])
+      # payload from parent commit
+      hash[:payload]
+    end
+  rescue Errno::ENOENT
+    nil
+  end
+
+  def load_current_commit_data
+    hash = YAML.load_file(filename)
+
+    if commit.oid == hash[:commit]
+      # payload from parent commit
+      hash[:payload]
+    end
+  rescue Errno::ENOENT
+    nil
+  end
+
+  def save_current_commit_data(data)
+    hash = { commit: commit.oid, payload: data }
+    File.write(filename, YAML.dump(hash))
+  end
+
+  def filename
+    "rake_ci.#{name}.yml"
+  end
+
+  def name
+    self.class.name.demodulize.underscore.sub(/_helper\z/, '')
+  end
+end

data/lib/ndr_dev_support/rake_ci/simple_cov_helper.rb

@@ -0,0 +1,26 @@
+module NdrDevSupport
+  module RakeCI
+    # This helper persists the SimpleCov::Result
+    class SimpleCovHelper
+      require 'simplecov'
+      require_relative 'concerns/commit_metadata_persistable'
+
+      include CommitMetadataPersistable
+
+      def commit
+        return @commit if @commit
+
+        repo = Rugged::Repository.new('.')
+        @commit = repo.lookup(repo.head.target_id)
+      end
+
+      def load_current_result
+        load_current_commit_data
+      end
+
+      def save_current_result(result)
+        save_current_commit_data(result)
+      end
+    end
+  end
+end

data/lib/ndr_dev_support/slack_message_publisher.rb

@@ -0,0 +1,48 @@
+module NdrDevSupport
+  # This Class publishes messages to Slack
+  class SlackMessagePublisher
+    def initialize(url, default_options = {})
+      @url = url
+      @default_options = default_options
+    end
+
+    def post(options = {})
+      request = json_request
+      request.body = message(options)
+
+      use_ssl = request.uri.scheme == 'https'
+      http =
+        if proxy
+          proxy.start(request.uri.host, use_ssl: use_ssl)
+        else
+          Net::HTTP.start(request.uri.host, request.uri.port, use_ssl: use_ssl)
+        end
+
+      http.request(request)
+    end
+
+    private
+
+    def json_request
+      uri = URI.parse(@url)
+      request = Net::HTTP::Post.new(uri)
+      # request.basic_auth(*@auth.split(':')) if @auth
+      request['Content-Type'] = 'application/json'
+      request
+    end
+
+    def message(options)
+      @default_options.merge(options).to_json
+    end
+
+    def proxy
+      return @proxy if @proxy
+
+      return if ENV['https_proxy'].nil?
+      host_and_port = ENV['https_proxy'].match(%r{\A(?:https?://)?([^:]+):(\d+)})[1, 2]
+
+      return if host_and_port.nil?
+      @proxy = Net::HTTP.Proxy(*host_and_port)
+    end
+  end
+end

data/lib/ndr_dev_support/tasks.rb

@@ -1,2 +1,14 @@
 load 'tasks/audit_code.rake'
+load 'tasks/ci/brakeman.rake'
+load 'tasks/ci/bundle_audit.rake'
+load 'tasks/ci/bundle_install.rake'
+load 'tasks/ci/housekeep.rake'
+load 'tasks/ci/linguist.rake'
+load 'tasks/ci/notes.rake'
+load 'tasks/ci/prometheus.rake'
+load 'tasks/ci/rugged.rake'
+load 'tasks/ci/server.rake'
+load 'tasks/ci/simplecov.rake'
+load 'tasks/ci/slack.rake'
+load 'tasks/ci/stats.rake'
 load 'tasks/rubocop.rake'

data/lib/ndr_dev_support/version.rb

@@ -2,5 +2,5 @@
 # This defines the NdrDevSupport version. If you change it, rebuild and commit the gem.
 # Use "rake build" to build the gem, see rake -T for all bundler rake tasks (and our own).
 module NdrDevSupport
-  VERSION = '2.1.2'.freeze
+  VERSION = '3.0.0'.freeze
 end

data/lib/tasks/audit_code.rake

@@ -18,20 +18,44 @@ def rake_cmd
   ENV['BUNDLE_BIN_PATH'] ? 'bundle exec rake' : 'rake'
 end
 
-# Parameter max_print is number of entries to print before truncating output
-# (negative value => print all)
-def audit_code_safety(max_print = 20, ignore_new = false, show_diffs = false, show_in_priority = false, user_name = 'usr')
-  puts 'Running source code safety audit script.'
-  puts
-
-  max_print = 1_000_000 if max_print < 0
+def load_file_safety
   safety_cfg = File.exist?(SAFETY_FILE) ? YAML.load_file(SAFETY_FILE) : {}
   file_safety = safety_cfg['file safety']
   if file_safety.nil?
     puts "Creating new 'file safety' block in #{SAFETY_FILE}"
-    safety_cfg['file safety'] = file_safety = {}
+    file_safety = {}
   end
-  file_safety.each do |_k, v|
+  file_safety
+end
+
+def update_safety_file(file_safety)
+  File.open(SAFETY_FILE, 'w') do |file|
+    # Consistent file diffs, as ruby preserves Hash insertion order since v1.9
+    list = {}
+    list['file safety'] = Hash[file_safety.sort]
+    YAML.dump(list, file) # Save changes before checking latest revisions
+  end
+end
+
+def add_new_file_to_file_safety(file_safety, f)
+  return if file_safety.key?(f)
+  file_safety[f] = {
+    'comments' => nil,
+    'reviewed_by' => nil,
+    'safe_revision' => nil
+  }
+end
+
+# Parameter max_print is number of entries to print before truncating output
+# (negative value => print all)
+def audit_code_safety(max_print = 20, ignore_new = false, show_diffs = false, show_in_priority = false, usr = 'usr', interactive = false)
+  puts 'Running source code safety audit script.'
+  puts
+
+  max_print = 1_000_000 if max_print.negative?
+  show_diffs = true if interactive
+  file_safety = load_file_safety
+  file_safety.each_value do |v|
     rev = v['safe_revision']
     v['safe_revision'] = rev.to_s if rev.is_a?(Integer)
   end
@@ -57,19 +81,8 @@ def audit_code_safety(max_print = 20, ignore_new = false, show_diffs = false, sh
     new_files = get_new_files(safety_repo)
     # Ignore subdirectories, and exclude code_safety.yml by default.
     new_files.delete_if { |f| f =~ /[\/\\]$/ || Pathname.new(f).expand_path == SAFETY_FILE }
-    new_files.each do |f|
-      next if file_safety.key?(f)
-      file_safety[f] = {
-        'comments' => nil,
-        'reviewed_by' => nil,
-        'safe_revision' => nil
-      }
-    end
-    File.open(SAFETY_FILE, 'w') do |file|
-      # Consistent file diffs, as ruby preserves Hash insertion order since v1.9
-      safety_cfg['file safety'] = Hash[file_safety.sort]
-      YAML.dump(safety_cfg, file) # Save changes before checking latest revisions
-    end
+    new_files.each { |f| add_new_file_to_file_safety(file_safety, f) }
+    update_safety_file(file_safety) # Save changes before checking latest revisions
   end
   puts "Updating latest revisions for #{file_safety.size} files"
   set_last_changed_revision(trunk_repo, file_safety, file_safety.keys)
@@ -79,7 +92,7 @@ def audit_code_safety(max_print = 20, ignore_new = false, show_diffs = false, sh
 
   missing_files = file_safety.keys.reject { |path| File.file?(path) }
 
-  if missing_files.length > 0
+  unless missing_files.empty?
     puts "Number of files no longer in repository but in code_safety.yml: #{missing_files.length}"
     puts "  Please run #{rake_cmd} audit:tidy_code_safety_file to remove redundant files"
     missing_files.each { |path| puts '  ' + path }
@@ -106,15 +119,13 @@ def audit_code_safety(max_print = 20, ignore_new = false, show_diffs = false, sh
     end
 
   file_list.each do |f|
-    if print_file_safety(file_safety, trunk_repo, f, false, printed.size >= max_print)
-      printed << f
-    end
+    printed << f if print_file_safety(file_safety, f, false, printed.size >= max_print)
   end
   puts "... and #{printed.size - max_print} others" if printed.size > max_print
   if show_diffs
     puts
     printed.each do |f|
-      print_file_diffs(file_safety, trunk_repo, f, user_name)
+      print_file_diffs(file_safety, trunk_repo, f, usr, interactive)
     end
   end
 
@@ -126,7 +137,7 @@ end
 # If not verbose, only prints details for unsafe files
 # Returns true if anything printed (or would have been printed if silent),
 # or false otherwise.
-def print_file_safety(file_safety, repo, fname, verbose = false, silent = false)
+def print_file_safety(file_safety, fname, verbose = false, silent = false)
   msg = "#{fname}\n  "
   entry = file_safety[fname]
   msg += 'File not in audit list' if entry.nil?
@@ -154,21 +165,12 @@ def print_file_safety(file_safety, repo, fname, verbose = false, silent = false)
 end
 
 def flag_file_as_safe(release, reviewed_by, comments, f)
-  safety_cfg = YAML.load_file(SAFETY_FILE)
-  file_safety = safety_cfg['file safety']
-
-  unless File.exist?(f)
-    abort("Error: Unable to flag non-existent file as safe: #{f}")
-  end
-  unless file_safety.key?(f)
-    file_safety[f] = {
-      'comments' => nil,
-      'reviewed_by' => :dummy, # dummy value, will be overwritten
-      'safe_revision' => nil }
-  end
+  abort("Error: Unable to flag non-existent file as safe: #{f}") unless File.exist?(f)
+  file_safety = load_file_safety
+  add_new_file_to_file_safety(file_safety, f)
   entry = file_safety[f]
   entry_orig = entry.dup
-  if comments.to_s.length > 0 && entry['comments'] != comments
+  if !comments.to_s.empty? && entry['comments'] != comments
     entry['comments'] = if entry['comments'].to_s.empty?
                           comments
                         else
@@ -176,9 +178,7 @@ def flag_file_as_safe(release, reviewed_by, comments, f)
                         end
   end
   if entry['safe_revision']
-    unless release
-      abort("Error: File already has safe revision #{entry['safe_revision']}: #{f}")
-    end
+    abort("Error: File already has safe revision #{entry['safe_revision']}: #{f}") unless release
     if release.is_a?(Integer) && release < entry['safe_revision']
       puts("Warning: Rolling back safe revision from #{entry['safe_revision']} to #{release} for #{f}")
     end
@@ -188,11 +188,7 @@ def flag_file_as_safe(release, reviewed_by, comments, f)
   if entry == entry_orig
     puts "No changes when updating safe_revision to #{release || '[none]'} for #{f}"
   else
-    File.open(SAFETY_FILE, 'w') do |file|
-      # Consistent file diffs, as ruby preserves Hash insertion order since v1.9
-      safety_cfg['file safety'] = Hash[file_safety.sort]
-      YAML.dump(safety_cfg, file) # Save changes before checking latest revisions
-    end
+    update_safety_file(file_safety)
     puts "Updated safe_revision to #{release || '[none]'} for #{f}"
   end
 end
@@ -313,49 +309,38 @@ def get_last_changed_revision(repo, fname)
   end
 end
 
-# Get mime type. Note that Git does not have this information
-def get_mime_type(repo, fname)
-  case repository_type
-  when 'git'
-    'Git does not provide mime types'
-  when 'git-svn', 'svn'
-    %x[svn propget svn:mime-type "#{repo}/#{fname}"].chomp
-  end
-end
-
 # # Print file diffs, for code review
-def print_file_diffs(file_safety, repo, fname, user_name)
+def print_file_diffs(file_safety, repo, fname, usr, interactive)
   entry = file_safety[fname]
   repolatest = entry['last_changed_rev']
   safe_revision = entry['safe_revision']
 
-  if safe_revision.nil?
-    first_revision = set_safe_revision
-    print_repo_file_diffs(repolatest, repo, fname, user_name, first_revision)
-  else
-
-    rev = get_last_changed_revision(repo, fname)
-    if rev
-      mime = get_mime_type(repo, fname)
-    end
-
-    print_repo_file_diffs(repolatest, repo, fname, user_name, safe_revision) if repolatest != safe_revision
-  end
+  return unless safe_revision.nil? || repolatest != safe_revision
+  safe_revision ||= root_revision
+  print_repo_file_diffs(repolatest, repo, fname, usr, safe_revision, interactive)
 end
 
 # Returns first commit for git and 0 for svn in order to be used to display
 # new files. Called from print_file_diffs
-def set_safe_revision
+def root_revision
   case repository_type
   when 'git'
-    %x[git rev-list --max-parents=0 HEAD].chomp
+    `git rev-list --max-parents=0 HEAD`.chomp
   when 'git-svn', 'svn'
     0
   end
 end
 
-def print_repo_file_diffs(repolatest, repo, fname, user_name, safe_revision)
+def print_repo_file_diffs(repolatest, repo, fname, usr, safe_revision, interactive)
   require 'open3'
+  require 'highline/import'
+
+  if interactive
+    ask("\n<%= color('Press Enter to continue ...', :yellow) %>")
+    system('clear')
+    system("printf '\033[3J'") # clear the scrollback
+  end
+
   cmd = nil
   case repository_type
   when 'git'
@@ -366,15 +351,36 @@ def print_repo_file_diffs(repolatest, repo, fname, user_name, safe_revision)
   if cmd
     puts(cmd.join(' '))
     stdout_and_err_str, _status = Open3.capture2e(*cmd)
-    puts 'Invalid commit ID in code_safety.yml ' + safe_revision  if stdout_and_err_str.start_with?('fatal: Invalid revision range ')
+    puts 'Invalid commit ID in code_safety.yml ' + safe_revision if stdout_and_err_str.start_with?('fatal: Invalid revision range ')
     puts(stdout_and_err_str)
   else
     puts 'Unknown repo'
   end
 
-  puts %(To flag the changes to this file as safe, run:)
-  puts "  #{rake_cmd} audit:safe release=#{repolatest} file=#{fname} reviewed_by=#{user_name}" \
-       ' comments=""'
+  if interactive
+    response = ask("Flag #{fname} changes safe? [Yes|No|Abort]: ") { |q| q.case = :down }
+    if %w[yes y].include?(response)
+      puts 'Flagging as safe...'
+      release = get_release(repolatest)
+      if usr.to_s.strip.empty?
+        usr = ask('File reviewed by:') do |q|
+          q.whitespace = :strip_and_collapse
+          q.validate = /\A[\w \-]+\Z/
+        end
+      end
+      comment = ask('Please write your comments (optional):')
+      # use to_s to convert response from !ruby/string:HighLine::String to String
+      flag_file_as_safe(release, usr.to_s, comment.to_s, fname)
+    elsif %w[abort a].include?(response)
+      abort('Rake abort: user interrupt detected')
+    else
+      say("\n<%= color('Safey review for #{fname} skipped by user.', :magenta) %>")
+    end
+  else
+    puts 'To flag the changes to this file as safe, run:'
+    puts "  #{rake_cmd} audit:safe release=#{repolatest} file=#{fname} reviewed_by=#{usr}" \
+         ' comments=""'
+  end
   puts
 end
 
@@ -389,8 +395,8 @@ def release_valid?(release)
   end
 end
 
-def get_release
-  release = ENV['release']
+def get_release(release = nil)
+  release ||= ENV['release']
   release = nil if release == '0'
   case repository_type
   when 'svn', 'git-svn'
@@ -413,29 +419,24 @@ def clean_working_copy?
 end
 
 def remove_non_existent_files_from_code_safety
-  safety_cfg = YAML.load_file(SAFETY_FILE)
-  file_safety = safety_cfg['file safety']
+  file_safety = load_file_safety
   files_no_longer_in_repo = file_safety.keys.reject { |ff| File.file?(ff) }
   files_no_longer_in_repo.each do |f|
     puts 'No longer in repository ' + f
     file_safety.delete f
   end
-  File.open(SAFETY_FILE, 'w') do |file|
-    # Consistent file diffs, as ruby preserves Hash insertion order since v1.9
-    safety_cfg['file safety'] = Hash[file_safety.sort]
-    YAML.dump(safety_cfg, file) # Save changes before checking latest revisions
-  end
+  update_safety_file(file_safety)
 end
 
 namespace :audit do
   desc "Audit safety of source code.
-Usage: audit:code [max_print=n] [ignore_new=false|true] [show_diffs=false|true] [reviewed_by=usr]
+Usage: audit:code [max_print=n] [ignore_new=false|true] [show_diffs=false|true] [reviewed_by=usr] [interactive=false|true]
 
 File #{SAFETY_FILE} lists the safety and revision information
 of the era source code. This task updates the list, and [TODO] warns about
 files which have changed since they were last verified as safe."
   task(:code) do
-    puts 'Usage: audit:code [max_print=n] [ignore_new=false|true] [show_diffs=false|true] [show_in_priority=false|true] [reviewed_by=usr]'
+    puts 'Usage: audit:code [max_print=n] [ignore_new=false|true] [show_diffs=false|true] [show_in_priority=false|true] [reviewed_by=usr] [interactive=false|true]'
     puts "This is a #{repository_type} repository"
 
     ignore_new = (ENV['ignore_new'].to_s =~ /\Atrue\Z/i)
@@ -443,10 +444,11 @@ files which have changed since they were last verified as safe."
     show_in_priority = (ENV['show_in_priority'].to_s =~ /\Atrue\Z/i)
     max_print = ENV['max_print'] =~ /\A-?[0-9][0-9]*\Z/ ? ENV['max_print'].to_i : 20
     reviewer  = ENV['reviewed_by']
+    interactive = (ENV['interactive'].to_s =~ /\Atrue\Z/i)
 
-    all_safe = audit_code_safety(max_print, ignore_new, show_diffs, show_in_priority, reviewer)
+    all_safe = audit_code_safety(max_print, ignore_new, show_diffs, show_in_priority, reviewer, interactive)
 
-    unless show_diffs
+    unless show_diffs || interactive
       puts "To show file diffs, run:  #{rake_cmd} audit:code max_print=-1 show_diffs=true"
     end