ndr_support 3.3.0 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 025cbd4a4eaecbac1621d47a68a361d675144a28
-  data.tar.gz: 48b75b3967ac4fd37736eac5ba4c80423639d029
+  metadata.gz: d551092d3ebfd8087efcbfa8321e1a7ead1837e3
+  data.tar.gz: 9b6649a2ddae13a5f9f0dacb73cdad200a62c51f
 SHA512:
-  metadata.gz: 11b95616713df1d841418503dbbd500308bedc6a792944939539c1891783aa9412cf86ace32aa5a1c792e300143db7fdaa4af9cf86131f6e5ce0b1e54ca21b49
-  data.tar.gz: 92ab5caca57899c42f2053dfdf06bac3ad55a6da6088641a1e160acb6f4b8e49885b65258aea73ffe202346b1221baec49a89da28cf88f4c5c0ece9491b01b0c
+  metadata.gz: 18b986bdcb86d9457514752dd6cbb7a4db9b52daa3814eebd312ef99078d3d2a649e9690f77055189ba89097bc6422c571bfdec94f3872d24c1a4876c1f6a49c
+  data.tar.gz: 8acdf5704f9e9b0cdc47fb1b0d31c2051d8eb3ed6a59e23c82ad9975c6d2305b8948443145df8c12e3045885dfcc0dc5e7cee2f3777e57b68a7e3c80046cacbd

data/Guardfile

@@ -1,16 +1,24 @@
 # A sample Guardfile
 # More info at https://github.com/guard/guard#readme
 
-# directories %(app lib config test spec feature)
-guard :rubocop, :all_on_start => false, :keep_failed => false do
-  watch(/.+\.(gemspec|rake|rb)$/)
-  watch(%r{(?:.+/)?\.rubocop\.yml$}) { |m| File.dirname(m[0]) }
-end
+# This group allows to skip running rubocop when tests fail.
+group :red_green_refactor, halt_on_fail: true do
+  guard :minitest do
+    watch(%r{^test/.+_test\.rb$})
+    watch('test/test_helper.rb')  { 'test' }
 
-guard :minitest do
-  watch(%r{^test/.+_test\.rb$})
-  watch('test/test_helper.rb')  { 'test' }
+    # Non-rails
+    watch(%r{^lib/ndr_support/(.+)\.rb$}) { |m| "test/#{m[1]}_test.rb" }
+  end
 
-  # Non-rails
-  watch(%r{^lib/ndr_support/(.+)\.rb$}) { |m| "test/#{m[1]}_test.rb" }
+  # automatically check Ruby code style with Rubocop when files are modified
+  guard :shell do
+    watch(/.+\.(rb|rake)$/) do |m|
+      unless system("bundle exec rake rubocop:diff #{m[0]}")
+        Notifier.notify "#{File.basename(m[0])} inspected, offenses detected",
+                        title: 'RuboCop results (partial)', image: :failed
+      end
+      nil
+    end
+  end
 end

data/README.md

@@ -3,8 +3,7 @@
 This is the Public Health England (PHE) National Disease Registers (NDR) Support ruby gem, providing:
 
 1. core ruby class extensions;
-2. additional time, regular expression, file security and encoding classes; and
-3. rake tasks to manage code auditing of ruby based projects.
+2. additional time, regular expression, file security and encoding classes.
 
 ## Installation
 
@@ -54,26 +53,6 @@ To enable this add the following line to your code:
 include NdrSupport::YAML::SerializationMigration
 ```
 
-### Code Auditing Rake Tasks
-
-ndr_support also provides a mechanism to manage the state of routine code quality and security peer reviews. It should be used as part of wider quality and security policies.
-
-It provides rake tasks to help manage the process of persisting the state of security reviews.
-
-Once files have been reviewed as secure, the revision number for that file is stored in code_safety.yml. If used within a Rails app, this file is stored in the config/ folder, otherwise it is kept in the project's root folder.
-
-Note: This feature works with svn and git repositories and svn, git-svn and git working copies.
-
-To add code auditing to your project add this line to your application's Rakefile:
-
-```ruby
-require 'ndr_support/tasks'
-```
-
-For more details of the tasks available, execute:
-
-    $ rake -T audit
-
 ## Contributing
 
 1. Fork it ( https://github.com/PublicHealthEngland/ndr_support/fork )

data/Rakefile

@@ -1,6 +1,6 @@
 require 'bundler/gem_tasks'
 require 'rake/testtask'
-require 'ndr_support/tasks'
+require 'ndr_dev_support/tasks'
 
 Rake::TestTask.new do |t|
   t.libs << 'test'

data/code_safety.yml

@@ -27,19 +27,19 @@ file safety:
   Guardfile:
     comments: 
     reviewed_by: timgentry
-    safe_revision: 506a317e59d0ccb5b32d813b74d822f35a55cea9
+    safe_revision: e33e9dae7f38bc449ce9276515a539836dbbbd53
   LICENSE.txt:
     comments: 
     reviewed_by: timgentry
     safe_revision: 90328cca8494539257e192a63b240a91c89f0616
   README.md:
     comments: 
-    reviewed_by: brian.shand
-    safe_revision: 63cff701a1740a3bfa04330c21f1262dd49a7c31
+    reviewed_by: timgentry
+    safe_revision: e33e9dae7f38bc449ce9276515a539836dbbbd53
   Rakefile:
     comments: 
     reviewed_by: timgentry
-    safe_revision: 2a5d30674dc9dde336e1dbbbf3c8a98905647432
+    safe_revision: e33e9dae7f38bc449ce9276515a539836dbbbd53
   gemfiles/Gemfile.rails32:
     comments: 
     reviewed_by: pauleves
@@ -159,19 +159,15 @@ file safety:
   lib/ndr_support/version.rb:
     comments: 
     reviewed_by: timgentry
-    safe_revision: f625404bd69bb1b233f7a7b1a043d52e916da743
+    safe_revision: 04c7617a6cc63d614e53cd6bc053dec46cc15786
   lib/ndr_support/yaml/serialization_migration.rb:
     comments: 
     reviewed_by: timgentry
     safe_revision: 29595e6431587ff9b7db6e3ad3abbb3577bff99c
-  lib/tasks/audit_code.rake:
-    comments: 
-    reviewed_by: josh.pencheon
-    safe_revision: 20cde082ee86a547de7b21a97a695bb307ac9f64
   ndr_support.gemspec:
     comments: 
     reviewed_by: timgentry
-    safe_revision: 41cea330c8de42e4080c40143eaa15a225be7c5a
+    safe_revision: e33e9dae7f38bc449ce9276515a539836dbbbd53
   test/array_test.rb:
     comments: 
     reviewed_by: timgentry

data/lib/ndr_support/version.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 # This defines the NdrSupport version. If you change it, rebuild and commit the gem.
-# Use "rake build" to build the gem, see rake -T for all bundler rake tasks (and our own).
+# Use "rake build" to build the gem, see rake -T for all bundler rake tasks.
 module NdrSupport
-  VERSION = '3.3.0'
+  VERSION = '4.0.0'
 end

data/ndr_support.gemspec

@@ -31,8 +31,10 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'minitest', '>= 5.0.0'
   spec.add_development_dependency 'mocha', '~> 1.1'
 
+  spec.add_development_dependency 'ndr_dev_support', '~> 1.1', '>= 1.1.1'
   spec.add_development_dependency 'guard'
   spec.add_development_dependency 'guard-rubocop'
+  spec.add_development_dependency 'guard-shell'
   spec.add_development_dependency 'guard-minitest'
   spec.add_development_dependency 'terminal-notifier-guard' if RUBY_PLATFORM =~ /darwin/
   spec.add_development_dependency 'simplecov'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ndr_support
 version: !ruby/object:Gem::Version
-  version: 3.3.0
+  version: 4.0.0
 platform: ruby
 authors:
 - NCRS Development Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-29 00:00:00.000000000 Z
+date: 2016-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -106,6 +106,26 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: ndr_dev_support
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.1.1
 - !ruby/object:Gem::Dependency
   name: guard
   requirement: !ruby/object:Gem::Requirement
@@ -134,6 +154,20 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-shell
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: guard-minitest
   requirement: !ruby/object:Gem::Requirement
@@ -224,7 +258,6 @@ files:
 - lib/ndr_support/utf8_encoding/object_support.rb
 - lib/ndr_support/version.rb
 - lib/ndr_support/yaml/serialization_migration.rb
-- lib/tasks/audit_code.rake
 - ndr_support.gemspec
 - test/array_test.rb
 - test/concerns/working_days_test.rb

data/lib/tasks/audit_code.rake

@@ -1,475 +0,0 @@
-SAFETY_FILE =
-  if File.exist?('code_safety.yml')
-    'code_safety.yml'
-  elsif defined?(Rails)
-    Rails.root.join('config', 'code_safety.yml')
-  else
-    'code_safety.yml'
-  end
-
-# Temporary overrides to only audit external access files
-SAFETY_REPOS = [['/svn/era', '/svn/extra/era/external-access']]
-
-require 'yaml'
-
-# Parameter max_print is number of entries to print before truncating output
-# (negative value => print all)
-def audit_code_safety(max_print = 20, ignore_new = false, show_diffs = false, show_in_priority = false, user_name = 'usr')
-  puts 'Running source code safety audit script.'
-  puts
-
-  max_print = 1_000_000 if max_print < 0
-  safety_cfg = File.exist?(SAFETY_FILE) ? YAML.load_file(SAFETY_FILE) : {}
-  file_safety = safety_cfg['file safety']
-  if file_safety.nil?
-    puts "Creating new 'file safety' block in #{SAFETY_FILE}"
-    safety_cfg['file safety'] = file_safety = {}
-  end
-  file_safety.each do |_k, v|
-    rev = v['safe_revision']
-    v['safe_revision'] = rev.to_s if rev.is_a?(Integer)
-  end
-  orig_count = file_safety.size
-
-  safety_repo = trunk_repo = get_trunk_repo
-
-  # TODO: below is broken for git-svn
-  # Is it needed?
-
-  SAFETY_REPOS.each do |suffix, alt|
-    # Temporarily override to only audit a different file list
-    if safety_repo.end_with?(suffix)
-      safety_repo = safety_repo[0...-suffix.length] + alt
-      break
-    end
-  end
-
-  if ignore_new
-    puts "Not checking for new files in #{safety_repo}"
-  else
-    puts "Checking for new files in #{safety_repo}"
-    new_files = get_new_files(safety_repo)
-    # Ignore subdirectories, and exclude code_safety.yml by default.
-    new_files.delete_if { |f| f =~ /[\/\\]$/ || f == SAFETY_FILE }
-    new_files.each do |f|
-      next if file_safety.key?(f)
-      file_safety[f] = {
-        'comments' => nil,
-        'reviewed_by' => nil,
-        'safe_revision' => nil }
-    end
-    File.open(SAFETY_FILE, 'w') do |file|
-      # Consistent file diffs, as ruby preserves Hash insertion order since v1.9
-      safety_cfg['file safety'] = Hash[file_safety.sort]
-      YAML.dump(safety_cfg, file) # Save changes before checking latest revisions
-    end
-  end
-  puts "Updating latest revisions for #{file_safety.size} files"
-  set_last_changed_revision(trunk_repo, file_safety, file_safety.keys)
-  puts "\nSummary:"
-  puts "Number of files originally in #{SAFETY_FILE}: #{orig_count}"
-  puts "Number of new files added: #{file_safety.size - orig_count}"
-
-  # Now generate statistics:
-  unknown = file_safety.values.select { |x| x['safe_revision'].nil? }
-  unsafe = file_safety.values.select do |x|
-    !x['safe_revision'].nil? && x['safe_revision'] != -1 &&
-    x['last_changed_rev'] != x['safe_revision'] &&
-    !(x['last_changed_rev'] =~ /^[0-9]+$/ && x['safe_revision'] =~ /^[0-9]+$/ &&
-      x['last_changed_rev'].to_i < x['safe_revision'].to_i)
-  end
-  puts "Number of files with no safe version: #{unknown.size}"
-  puts "Number of files which are no longer safe: #{unsafe.size}"
-  puts
-  printed = []
-  # We also print a third category: ones which are no longer in the repository
-  file_list =
-    if show_in_priority
-      file_safety.sort_by { |_k, v| v.nil? ? -100 : v['last_changed_rev'].to_i }.map(&:first)
-    else
-      file_safety.keys.sort
-    end
-
-  file_list.each do |f|
-    if print_file_safety(file_safety, trunk_repo, f, false, printed.size >= max_print)
-      printed << f
-    end
-  end
-  puts "... and #{printed.size - max_print} others" if printed.size > max_print
-  if show_diffs
-    puts
-    printed.each do |f|
-      print_file_diffs(file_safety, trunk_repo, f, user_name)
-    end
-  end
-
-  # Returns `true` unless there are pending reviews:
-  unsafe.length.zero? && unknown.length.zero?
-end
-
-# Print summary details of a file's known safety
-# If not verbose, only prints details for unsafe files
-# Returns true if anything printed (or would have been printed if silent),
-# or false otherwise.
-def print_file_safety(file_safety, repo, fname, verbose = false, silent = false)
-  msg = "#{fname}\n  "
-  entry = file_safety[fname]
-  msg += 'File not in audit list' if entry.nil?
-
-  if entry['safe_revision'].nil?
-    msg += 'No safe revision known'
-    msg += ", last changed #{entry['last_changed_rev']}" unless entry['last_changed_rev'].nil?
-  else
-    repolatest = entry['last_changed_rev'] # May have been prepopulated en mass
-    msg += 'Not in repository: ' if entry['last_changed_rev'] == -1
-    if (repolatest != entry['safe_revision']) &&
-       !(repolatest =~ /^[0-9]+$/ && entry['safe_revision'] =~ /^[0-9]+$/ &&
-         repolatest.to_i < entry['safe_revision'].to_i)
-      # (Allow later revisions to be treated as safe for svn)
-      msg += "No longer safe since revision #{repolatest}: "
-    else
-      return false unless verbose
-      msg += 'Safe: '
-    end
-    msg += "revision #{entry['safe_revision']} reviewed by #{entry['reviewed_by']}"
-  end
-  msg += "\n  Comments: #{entry['comments']}" if entry['comments']
-  puts msg unless silent
-  true
-end
-
-def flag_file_as_safe(release, reviewed_by, comments, f)
-  safety_cfg = YAML.load_file(SAFETY_FILE)
-  file_safety = safety_cfg['file safety']
-
-  unless File.exist?(f)
-    abort("Error: Unable to flag non-existent file as safe: #{f}")
-  end
-  unless file_safety.key?(f)
-    file_safety[f] = {
-      'comments' => nil,
-      'reviewed_by' => :dummy, # dummy value, will be overwritten
-      'safe_revision' => nil }
-  end
-  entry = file_safety[f]
-  entry_orig = entry.dup
-  if comments.to_s.length > 0 && entry['comments'] != comments
-    entry['comments'] = if entry['comments'].to_s.empty?
-                          comments
-                        else
-                          "#{entry['comments']}#{'.' unless entry['comments'].end_with?('.')} Revision #{release}: #{comments}"
-                        end
-  end
-  if entry['safe_revision']
-    unless release
-      abort("Error: File already has safe revision #{entry['safe_revision']}: #{f}")
-    end
-    if release.is_a?(Integer) && release < entry['safe_revision']
-      puts("Warning: Rolling back safe revision from #{entry['safe_revision']} to #{release} for #{f}")
-    end
-  end
-  entry['safe_revision'] = release
-  entry['reviewed_by'] = reviewed_by
-  if entry == entry_orig
-    puts "No changes when updating safe_revision to #{release || '[none]'} for #{f}"
-  else
-    File.open(SAFETY_FILE, 'w') do |file|
-      # Consistent file diffs, as ruby preserves Hash insertion order since v1.9
-      safety_cfg['file safety'] = Hash[file_safety.sort]
-      YAML.dump(safety_cfg, file) # Save changes before checking latest revisions
-    end
-    puts "Updated safe_revision to #{release || '[none]'} for #{f}"
-  end
-end
-
-# Determine the type of repository
-def repository_type
-  @repository_type ||= if Dir.exist?('.svn') || system("svn info . > /dev/null 2>&1")
-                         'svn'
-                       elsif Dir.exist?('.git') && open('.git/config').grep(/svn/).any?
-                         'git-svn' 
-                       elsif Dir.exist?('.git') && open('.git/config').grep(/git/).any?
-                         'git'
-                       else
-                         'not known'
-                       end
-end
-
-def get_trunk_repo
-  case repository_type
-  when 'svn'
-    repo_info = %x[svn info]
-    puts 'svn case'
-    return repo_info.split("\n").select { |x| x =~ /^URL: / }.collect { |x| x[5..-1] }.first
-  when 'git-svn'
-    puts 'git-svn case'
-    repo_info = %x[git svn info]
-    return repo_info.split("\n").select { |x| x =~ /^URL: / }.collect { |x| x[5..-1] }.first
-  when 'git'
-    puts 'git case'
-    repo_info = %x[git remote -v]
-    return repo_info.split("\n").first[7..-9]
-  else
-    return 'Information not available. Unknown repository type'
-  end
-end
-
-def get_new_files(safety_repo)
-  case repository_type
-  when 'svn', 'git-svn'
-    %x[svn ls -R "#{safety_repo}"].split("\n")
-  when 'git'
-    #%x[git ls-files --modified].split("\n")
-    %x[git ls-files].split("\n")
-
-    # TODO: Below is for remote repository - for testing use local files
-    #new_files = %x[git ls-files --modified #{safety_repo}].split("\n")
-    # TODO: Do we need the --modified option?
-    #new_files = %x[git ls-files --modified].split("\n")
-  else
-    []
-  end
-end
-
-# Fill in the latest changed revisions in a file safety map.
-# (Don't write this data to the YAML file, as it is intrinsic to the SVN
-# repository.)
-def set_last_changed_revision(repo, file_safety, fnames)
-  dot_freq = (file_safety.size / 40.0).ceil # Print up to 40 progress dots
-  case repository_type
-  when 'git'
-    fnames = file_safety.keys if fnames.nil?
-
-    fnames.each_with_index do |f, i|
-      info = %x[git log -n 1 #{f}].split("\n").first[7..-1]
-      if info.nil? || info.empty?
-        file_safety[f]['last_changed_rev'] = -1
-      else
-        file_safety[f]['last_changed_rev'] = info
-      end
-      # Show progress
-      print '.' if (i % dot_freq) == 0
-    end
-    puts
-  when 'git-svn', 'svn'
-    fnames = file_safety.keys if fnames.nil?
-
-    fnames.each_with_index do |f, i|
-      last_revision = get_last_changed_revision(repo, f)
-      if last_revision.nil? || last_revision.empty?
-        file_safety[f]['last_changed_rev'] = -1
-      else
-        file_safety[f]['last_changed_rev'] = last_revision
-      end
-      # Show progress
-      print '.' if (i % dot_freq) == 0
-    end
-    puts
-    # NOTE: Do we need the following for retries?
-#     if retries && result.size != fnames.size && fnames.size > 1
-#        # At least one invalid (deleted file --> subsequent arguments ignored)
-#        # Try each file individually
-#        # (It would probably be safe to continue from the extra_info.size argument)
-#        puts "Retrying (got #{result.size}, expected #{fnames.size})" if debug >= 2
-#        result = []
-#        fnames.each{ |f|
-#           result += svn_info_entries([f], repo, false, debug)
-#        }
-#      end
-  end
-end
-
-# Return the last changed revision
-def get_last_changed_revision(repo, fname)
-  case repository_type
-  when 'git'
-    %x[git log -n 1 "#{fname}"].split("\n").first[7..-1]
-  when 'git-svn', 'svn'
-    begin
-      svn_info = %x[svn info -r head "#{repo}/#{fname}"]
-    rescue
-      puts 'we have an error in the svn info line'
-    end
-    begin
-      svn_info.match('Last Changed Rev: ([0-9]*)').to_a[1]
-    rescue
-      puts 'We have an error in getting the revision'
-    end
-  end
-end
-
-# Get mime type. Note that Git does not have this information
-def get_mime_type(repo, fname)
-  case repository_type
-  when 'git'
-    'Git does not provide mime types'
-  when 'git-svn', 'svn'
-    %x[svn propget svn:mime-type "#{repo}/#{fname}"].chomp
-  end
-end
-
-# # Print file diffs, for code review
-def print_file_diffs(file_safety, repo, fname, user_name)
-  entry = file_safety[fname]
-  repolatest = entry['last_changed_rev']
-  safe_revision = entry['safe_revision']
-
-  if safe_revision.nil?
-    first_revision = set_safe_revision
-    print_repo_file_diffs(repolatest, repo, fname, user_name, first_revision)
-  else
-
-    rev = get_last_changed_revision(repo, fname)
-    if rev
-      mime = get_mime_type(repo, fname)
-    end
-
-    print_repo_file_diffs(repolatest, repo, fname, user_name, safe_revision) if repolatest != safe_revision
-  end
-end
-
-# Returns first commit for git and 0 for svn in order to be used to display
-# new files. Called from print_file_diffs
-def set_safe_revision
-  case repository_type
-  when 'git'
-    %x[git rev-list --max-parents=0 HEAD].chomp
-  when 'git-svn', 'svn'
-    0
-  end
-end
-
-def print_repo_file_diffs(repolatest, repo, fname, user_name, safe_revision)
-  require 'open3'
-  cmd = nil
-  case repository_type
-  when 'git'
-    cmd = ['git', '--no-pager', 'diff', '-b', "#{safe_revision}..#{repolatest}", fname]
-  when 'git-svn', 'svn'
-    cmd = ['svn', 'diff', '-r', "#{safe_revision.to_i}:#{repolatest.to_i}", '-x', '-b', "#{repo}/#{fname}"]
-  end
-  if cmd
-    puts(cmd.join(' '))
-    stdout_and_err_str, status = Open3.capture2e(*cmd)
-    puts(stdout_and_err_str)
-  else
-    puts 'Unknown repo'
-  end
-
-  puts %(To flag the changes to this file as safe, run:)
-  puts %(  rake audit:safe release=#{repolatest} file=#{fname} reviewed_by=#{user_name} comments="")
-  puts
-end
-
-def release_valid?(release)
-  case repository_type
-  when 'svn', 'git-svn'
-    release =~ /\A[0-9][0-9]*\Z/
-  when 'git'
-    release =~ /\A[0-9a-f]{40}\Z/
-  else
-    false
-  end
-end
-
-def get_release
-  release = ENV['release']
-  release = nil if release == '0'
-  case repository_type
-  when 'svn', 'git-svn'
-    release.to_i
-  when 'git'
-    release
-  else
-    ''
-  end
-  release
-end
-
-def clean_working_copy?
- case repository_type
- when 'svn'
-   system('svn status | grep -q [^AMCDG]')
- when 'git', 'git-svn'
-   system('git diff --quiet HEAD')
- end
-end
-
-namespace :audit do
-  desc "Audit safety of source code.
-Usage: audit:code [max_print=n] [ignore_new=false|true] [show_diffs=false|true] [reviewed_by=usr]
-
-File #{SAFETY_FILE} lists the safety and revision information
-of the era source code. This task updates the list, and [TODO] warns about
-files which have changed since they were last verified as safe."
-  task(:code) do
-    puts 'Usage: audit:code [max_print=n] [ignore_new=false|true] [show_diffs=false|true] [show_in_priority=false|true] [reviewed_by=usr]'
-    puts "This is a #{repository_type} repository"
-
-    ignore_new = (ENV['ignore_new'].to_s =~ /\Atrue\Z/i)
-    show_diffs = (ENV['show_diffs'].to_s =~ /\Atrue\Z/i)
-    show_in_priority = (ENV['show_in_priority'].to_s =~ /\Atrue\Z/i)
-    max_print = ENV['max_print'] =~ /\A-?[0-9][0-9]*\Z/ ? ENV['max_print'].to_i : 20
-    reviewer  = ENV['reviewed_by']
-
-    all_safe = audit_code_safety(max_print, ignore_new, show_diffs, show_in_priority, reviewer)
-
-    unless show_diffs
-      puts 'To show file diffs, run:  rake audit:code max_print=-1 show_diffs=true'
-    end
-
-    exit(1) unless all_safe
-  end
-
-  desc "Flag a source file as safe.
-
-Usage:
-  Flag as safe:   rake audit:safe release=revision reviewed_by=usr [comments=...] file=f
-  Needs review:   rake audit:safe release=0 [comments=...] file=f"
-  task(:safe) do
-    release = get_release
-
-    required_fields = %w(release file)
-    required_fields << 'reviewed_by' if release # 'Needs review' doesn't need a reviewer
-    missing = required_fields.collect { |f| (f if ENV[f].to_s.empty? || (f == 'reviewed_by' && ENV[f] == 'usr')) }.compact # Avoid accidental missing username
-    unless missing.empty?
-      puts 'Usage: rake audit:safe release=revision reviewed_by=usr [comments=...] file=f'
-      puts 'or, to flag a file for review: rake audit:safe release=0 [comments=...] file=f'
-      abort("Error: Missing required argument(s): #{missing.join(', ')}")
-    end
-
-    unless release.nil? || release_valid?(release)
-      puts 'Usage: rake audit:safe release=revision reviewed_by=usr [comments=...] file=f'
-      puts 'or, to flag a file for review: rake audit:safe release=0 [comments=...] file=f'
-      abort("Error: Invalid release: #{ENV['release']}")
-    end
-
-    flag_file_as_safe(release, ENV['reviewed_by'], ENV['comments'], ENV['file'])
-  end
-
-  desc 'Wraps audit:code, and stops if any review is pending/stale.'
-  task(:ensure_safe) do
-    abort('You have local changes, cannot verify code safety!') unless clean_working_copy?
-
-    puts 'Checking code safety...'
-
-    begin
-      begin
-        $stdout = $stderr = StringIO.new
-        Rake::Task['audit:code'].invoke
-      ensure
-        $stdout, $stderr = STDOUT, STDERR
-      end
-    rescue SystemExit => ex
-      puts '=============================================================='
-      puts 'Code safety review of some files are not up-to-date; aborting!'
-      puts '  - to review the files in question, run:  rake audit:code'
-      puts '=============================================================='
-
-      raise ex
-    end
-  end
-end
-
-# Prevent building of un-reviewed gems:
-task build: :'audit:ensure_safe'