ruby-grape-danger 0.2.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5491fc72b3c5201c2384eb81ce351544900fbf2ce07c06eab8cd8ef95bed582a
-  data.tar.gz: 7e4b79524283635bbea95c00d1d6c5c44b248512f145aefe4d418abb18fd0fba
+  metadata.gz: 8c6c28f7fdcf4b05bc9d622b75dbe57759a55837143715966441364b7c358044
+  data.tar.gz: d963a4a1cc4a97a4043c6a4075fa5b10379a6046f7b08217f2e3da332ce9a155
 SHA512:
-  metadata.gz: fbfe985c96d9cfcac285c88317dde56b9e368dad086469019f5a04cf1947817f8142601a7d9b5a4502fa7dca9ddf391b0fda191a0133094d45d8261cd23d797c
-  data.tar.gz: 57c430ad6ba3ca1ccb91b1bb24ca5eac4870f93d484e9d40cc152a54c972ac510e79da814f050be1c40e8caf11b4ce3eca6b74fb6a3f8c821226e6dc4ebdf14e
+  metadata.gz: b89b6e6d26fe1c53c8c7e14d0e4890bf1daecc43c5fd145245918425ccbaab1a5ece76163e907266cf0d187ef08cc854040e3389d074e0ef510172e15534d6fe
+  data.tar.gz: 15661c28f789783af97729bd5b00a72f2e95493e0481f1debe819b6ec1e6a51e37b5704b1e5855a090392613f0171fb6db90e3626b7254d21b49f10fa17ce3fc

data/.github/workflows/danger-comment.yml

@@ -0,0 +1,122 @@
+name: Danger Comment
+on:
+  workflow_run:
+    workflows: [Danger]
+    types: [completed]
+  workflow_call:
+
+permissions:
+  actions: read
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  comment:
+    runs-on: ubuntu-latest
+    if: |
+      (github.event_name == 'workflow_run' && github.event.workflow_run.event == 'pull_request')
+      || github.event_name == 'workflow_call'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - name: Download Danger Report (workflow_run)
+        if: github.event_name == 'workflow_run'
+        uses: actions/download-artifact@v4
+        continue-on-error: true
+        with:
+          name: danger-report
+          run-id: ${{ github.event.workflow_run.id }}
+          repository: ${{ github.event.workflow_run.repository.full_name }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Download Danger Report (reusable call)
+        if: github.event_name == 'workflow_call'
+        uses: actions/download-artifact@v4
+        continue-on-error: true
+        with:
+          name: danger-report
+      - name: Post or Update PR Comment
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+
+            const hasItems = (arr) => Array.isArray(arr) && arr.length > 0;
+
+            let report;
+            try {
+              report = JSON.parse(fs.readFileSync('danger_report.json', 'utf8'));
+            } catch (e) {
+              console.log('No danger report found, skipping comment');
+              return;
+            }
+
+            if (!report.pr_number) {
+              console.log('No PR number found in report, skipping comment');
+              return;
+            }
+
+            let body = '## Danger Report\n\n';
+
+            if (hasItems(report.errors)) {
+              body += '### ❌ Errors\n';
+              report.errors.forEach(e => body += `- ${e}\n`);
+              body += '\n';
+            }
+
+            if (hasItems(report.warnings)) {
+              body += '### ⚠️ Warnings\n';
+              report.warnings.forEach(w => body += `- ${w}\n`);
+              body += '\n';
+            }
+
+            if (hasItems(report.messages)) {
+              body += '### ℹ️ Messages\n';
+              report.messages.forEach(m => body += `- ${m}\n`);
+              body += '\n';
+            }
+
+            if (hasItems(report.markdowns)) {
+              report.markdowns.forEach(md => body += `${md}\n\n`);
+            }
+
+            if (!hasItems(report.errors) &&
+                !hasItems(report.warnings) &&
+                !hasItems(report.messages) &&
+                !hasItems(report.markdowns)) {
+              body += '✅ All checks passed!';
+            }
+
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: report.pr_number
+            });
+
+            const botComment = comments.find(c =>
+              c.user.login === 'github-actions[bot]' &&
+              c.body.includes('## Danger Report')
+            );
+
+            if (botComment) {
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: botComment.id,
+                body: body
+              });
+            } else {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: report.pr_number,
+                body: body
+              });
+            }
+
+            // Fail if there are errors
+            if (hasItems(report.errors)) {
+              core.setFailed('Danger found errors');
+            }

data/.github/workflows/danger-run.yml

@@ -0,0 +1,33 @@
+name: Danger
+on:
+  pull_request:
+    types: [ opened, reopened, edited, synchronize ]
+  workflow_call:
+jobs:
+  danger:
+    name: Danger
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.7
+          bundler-cache: true
+      - name: Run Danger
+        # Note: We use 'dry_run' mode intentionally as part of a two-workflow pattern.
+        # The actual commenting on GitHub is handled by the danger-comment.yml workflow.
+        run: bundle exec danger dry_run --verbose
+        env:
+          DANGER_REPORT_PATH: danger_report.json
+      - name: Upload Danger Report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: danger-report
+          path: danger_report.json
+          retention-days: 1
+          if-no-files-found: ignore

data/.gitignore

@@ -2,3 +2,4 @@ Gemfile.lock
 .bundle
 pkg
 .idea/
+/.ruby-version

data/CHANGELOG.md

@@ -1,12 +1,13 @@
 ### Changelog
 
-### 0.2.2 (Next)
+### 0.3.0 (2025/12/18)
 
-* Your contribution here.
+* [#16](https://github.com/ruby-grape/danger/pull/16): Report workflow postreview fixes - [@numbata](https://github.com/numbata).
+* [#15](https://github.com/ruby-grape/danger/pull/15): Extract danger reporting infrastructure into reusable workflows and gem - [@numbata](https://github.com/numbata).
 
-### 0.2.1 (2024/01/02)
+### 0.2.1 (2024/02/01)
 
-* [#11](https://github.com/ruby-grape/danger/pull/11): Upgraded Danger to 9.x, danger-changelog 0.7.x & switched from Travis to GHA.
+* [#11](https://github.com/ruby-grape/danger/pull/11): Upgraded Danger to 9.x, danger-changelog 0.7.x & switched from Travis to GHA - [@mscrivo](https://github.com/mscrivo).
 
 ### 0.2.0 (2020/05/09)
 

data/Dangerfile

@@ -1,5 +1,26 @@
 # frozen_string_literal: true
 
+require 'ruby-grape-danger'
+require 'English'
+
+# This Dangerfile provides automatic danger report export and standard checks for Grape projects.
+# Other projects can import this via: danger.import_dangerfile(gem: 'ruby-grape-danger')
+# to get automatic reporting with their own custom checks.
+
+# Register at_exit hook to export report when Dangerfile finishes
+dangerfile_instance = self if defined?(Danger::Dangerfile) && is_a?(Danger::Dangerfile)
+at_exit do
+  # Only skip if there's an actual exception (not SystemExit from danger calling exit)
+  next if $ERROR_INFO && !$ERROR_INFO.is_a?(SystemExit)
+  next unless dangerfile_instance
+
+  reporter = RubyGrapeDanger::Reporter.new(dangerfile_instance.status_report)
+  reporter.export_json(
+    ENV.fetch('DANGER_REPORT_PATH', nil),
+    ENV.fetch('GITHUB_EVENT_PATH', nil)
+  )
+end
+
 # --------------------------------------------------------------------------------------------------------------------
 # Has any changes happened inside the actual library code?
 # --------------------------------------------------------------------------------------------------------------------

data/README.md

@@ -4,14 +4,17 @@
 
 [![Build Status](https://travis-ci.org/ruby-grape/danger.svg?branch=master)](https://travis-ci.org/ruby-grape/danger)
 
-## Table of Contents
+# Table of Contents
 
 - [Setup](#setup)
-  - [Set DANGER_GITHUB_API_TOKEN in Travis-CI](#set-danger_github_api_token-in-travis-ci)
   - [Add Danger](#add-danger)
   - [Add Dangerfile](#add-dangerfile)
-  - [Add Danger to Travis-CI](#add-danger-to-travis-ci)
+  - [Add GitHub Actions Workflows](#add-github-actions-workflows)
   - [Commit via a Pull Request](#commit-via-a-pull-request)
+- [Reusable Workflows](#reusable-workflows)
+  - [Architecture](#architecture)
+  - [How It Works](#how-it-works)
+  - [Examples](#examples)
 - [License](#license)
 
 ## Setup
@@ -28,16 +31,99 @@ gem 'ruby-grape-danger', require: false
 
 ### Add Dangerfile
 
-Commit a `Dangerfile`, eg. [Grape's Dangerfile](https://github.com/ruby-grape/grape/blob/master/Dangerfile).
+Create a `Dangerfile` in your project's root that imports `ruby-grape-danger` and adds your project-specific checks:
 
 ```ruby
 danger.import_dangerfile(gem: 'ruby-grape-danger')
+
+# Your project-specific danger checks
+changelog.check!
+toc.check!
+```
+
+The `ruby-grape-danger` Dangerfile automatically handles:
+- Setting up the reporting infrastructure
+- Exporting the danger report via `at_exit` hook when the Dangerfile finishes
+- Consistent output format for the workflow
+
+### Add GitHub Actions Workflows
+
+Create `.github/workflows/danger.yml`:
+
+```yaml
+name: Danger
+on:
+  pull_request:
+    types: [ opened, reopened, edited, synchronize ]
+  workflow_call:
+
+jobs:
+  danger:
+    uses: ruby-grape/danger/.github/workflows/danger-run.yml@main
+```
+
+Create `.github/workflows/danger-comment.yml`:
+
+```yaml
+name: Danger Comment
+on:
+  workflow_run:
+    workflows: [Danger]
+    types: [completed]
+  workflow_call:
+
+jobs:
+  comment:
+    uses: ruby-grape/danger/.github/workflows/danger-comment.yml@main
 ```
 
 ### Commit via a Pull Request
 
 To test things out, make a dummy entry in `CHANGELOG.md` that doesn't match the standard format and make a pull request. Iterate until green.
 
+## Reusable Workflows
+
+This gem provides **reusable GitHub Actions workflows** that can be referenced by any Grape project to implement standardized Danger checks with consistent reporting.
+
+### Architecture
+
+The workflows are separated into two stages:
+
+1. **danger-run.yml**: Executes Danger checks and generates a report
+   - Runs `bundle exec danger dry_run` with your project's Dangerfile
+   - Generates a JSON report of check results
+   - Uploads the report as an artifact
+
+2. **danger-comment.yml**: Posts/updates PR comments with results
+   - Downloads the Danger report artifact
+   - Formats and posts results as a PR comment
+   - Updates existing comment on subsequent runs
+
+### How It Works
+
+When you reference the reusable workflows:
+
+```yaml
+uses: ruby-grape/danger/.github/workflows/danger-run.yml@main
+```
+
+GitHub Actions:
+1. Checks out **your project's repository** (not ruby-grape-danger)
+2. Installs dependencies from **your Gemfile**
+3. Runs danger using **your Dangerfile**
+   - Your Dangerfile imports `ruby-grape-danger`'s Dangerfile via `danger.import_dangerfile(gem: 'ruby-grape-danger')`
+   - The imported Dangerfile registers an `at_exit` hook for automatic reporting
+   - Runs your project-specific checks (added after the import)
+   - When Dangerfile finishes, the `at_exit` hook automatically exports the report
+4. The report is uploaded as an artifact for the commenting workflow
+
+Each project maintains its own Dangerfile with project-specific checks, while the `ruby-grape-danger` gem provides shared infrastructure for consistent reporting and workflow execution.
+
+### Examples
+
+- [danger-changelog](https://github.com/ruby-grape/danger-changelog) - Validates CHANGELOG format
+- [grape](https://github.com/ruby-grape/grape) - Multi-check danger implementation
+
 ## License
 
 MIT License. See [LICENSE](LICENSE) for details.

data/lib/ruby-grape-danger/reporter.rb

@@ -0,0 +1,38 @@
+require 'json'
+
+module RubyGrapeDanger
+  class Reporter
+    def initialize(status_report)
+      @status_report = status_report
+    end
+
+    def export_json(report_path, event_path)
+      return unless report_path && event_path && File.exist?(event_path)
+
+      event = JSON.parse(File.read(event_path))
+      pr_number = event.dig('pull_request', 'number')
+      return unless pr_number
+
+      report = build_report(pr_number)
+      File.write(report_path, JSON.pretty_generate(report))
+    end
+
+    private
+
+    def build_report(pr_number)
+      {
+        pr_number: pr_number,
+        errors: to_messages(@status_report[:errors]),
+        warnings: to_messages(@status_report[:warnings]),
+        messages: to_messages(@status_report[:messages]),
+        markdowns: to_messages(@status_report[:markdowns])
+      }
+    end
+
+    def to_messages(items)
+      Array(items).map do |item|
+        item.respond_to?(:message) ? item.message : item.to_s
+      end
+    end
+  end
+end

data/lib/ruby-grape-danger/version.rb

@@ -1,3 +1,3 @@
 module RubyGrapeDanger
-  VERSION = '0.2.1'.freeze
+  VERSION = '0.3.0'.freeze
 end

data/lib/ruby-grape-danger.rb

@@ -0,0 +1,5 @@
+require 'ruby-grape-danger/version'
+require 'ruby-grape-danger/reporter'
+
+module RubyGrapeDanger
+end

data/ruby-grape-danger.gemspec

@@ -18,6 +18,6 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec'
   s.add_runtime_dependency 'danger', '~> 9'
-  s.add_runtime_dependency 'danger-changelog', '~> 0.7'
+  s.add_runtime_dependency 'danger-changelog', '~> 0.8'
   s.add_runtime_dependency 'danger-toc', '~> 0.2'
 end

data/spec/ruby-grape-danger/reporter_spec.rb

@@ -0,0 +1,217 @@
+require 'spec_helper'
+require 'json'
+require 'tempfile'
+
+RSpec.describe RubyGrapeDanger::Reporter do
+  let(:status_report) do
+    {
+      errors: ['Error 1', 'Error 2'],
+      warnings: ['Warning 1'],
+      messages: ['Message 1', 'Message 2'],
+      markdowns: ['## Markdown 1']
+    }
+  end
+
+  let(:event_json) do
+    {
+      'pull_request' => {
+        'number' => 42
+      }
+    }
+  end
+
+  let(:reporter) { RubyGrapeDanger::Reporter.new(status_report) }
+
+  describe '#initialize' do
+    it 'stores the status_report' do
+      expect(reporter.instance_variable_get(:@status_report)).to eq(status_report)
+    end
+  end
+
+  describe '#export_json' do
+    let(:report_file) { Tempfile.new('danger_report.json') }
+    let(:event_file) { Tempfile.new('event.json') }
+
+    before do
+      event_file.write(JSON.generate(event_json))
+      event_file.close
+    end
+
+    after do
+      report_file.unlink
+      event_file.unlink
+    end
+
+    it 'creates a JSON report with all fields' do
+      reporter.export_json(report_file.path, event_file.path)
+
+      report = JSON.parse(File.read(report_file.path))
+      expect(report['pr_number']).to eq(42)
+      expect(report['errors']).to eq(['Error 1', 'Error 2'])
+      expect(report['warnings']).to eq(['Warning 1'])
+      expect(report['messages']).to eq(['Message 1', 'Message 2'])
+      expect(report['markdowns']).to eq(['## Markdown 1'])
+    end
+
+    it 'formats the JSON nicely (pretty printed)' do
+      reporter.export_json(report_file.path, event_file.path)
+
+      content = File.read(report_file.path)
+      expect(content).to include("\n")
+      expect(content).to include("  ")
+    end
+
+    context 'with message objects (not strings)' do
+      let(:status_report) do
+        error_obj = double('error', message: 'Object error')
+        warning_obj = double('warning', message: 'Object warning')
+
+        {
+          errors: [error_obj],
+          warnings: [warning_obj],
+          messages: [],
+          markdowns: []
+        }
+      end
+
+      it 'converts objects with message method to strings' do
+        reporter.export_json(report_file.path, event_file.path)
+
+        report = JSON.parse(File.read(report_file.path))
+        expect(report['errors']).to eq(['Object error'])
+        expect(report['warnings']).to eq(['Object warning'])
+      end
+    end
+
+    context 'with mixed message types' do
+      let(:status_report) do
+        obj = double('mixed', message: 'Object message')
+
+        {
+          errors: ['String error', obj],
+          warnings: [],
+          messages: [],
+          markdowns: []
+        }
+      end
+
+      it 'handles both strings and objects' do
+        reporter.export_json(report_file.path, event_file.path)
+
+        report = JSON.parse(File.read(report_file.path))
+        expect(report['errors']).to eq(['String error', 'Object message'])
+      end
+    end
+
+    context 'with empty arrays' do
+      let(:status_report) do
+        {
+          errors: [],
+          warnings: [],
+          messages: [],
+          markdowns: []
+        }
+      end
+
+      it 'creates report with empty arrays' do
+        reporter.export_json(report_file.path, event_file.path)
+
+        report = JSON.parse(File.read(report_file.path))
+        expect(report['errors']).to eq([])
+        expect(report['warnings']).to eq([])
+        expect(report['messages']).to eq([])
+        expect(report['markdowns']).to eq([])
+      end
+    end
+
+    context 'with nil values' do
+      let(:status_report) do
+        {
+          errors: nil,
+          warnings: nil,
+          messages: nil,
+          markdowns: nil
+        }
+      end
+
+      it 'converts nil to empty array' do
+        reporter.export_json(report_file.path, event_file.path)
+
+        report = JSON.parse(File.read(report_file.path))
+        expect(report['errors']).to eq([])
+        expect(report['warnings']).to eq([])
+        expect(report['messages']).to eq([])
+        expect(report['markdowns']).to eq([])
+      end
+    end
+
+    context 'when report_path is nil' do
+      it 'does not create a file' do
+        reporter.export_json(nil, event_file.path)
+
+        # If file was created, we would have a different path
+        expect(File.exist?(report_file.path)).to be true
+      end
+    end
+
+    context 'when event_path is nil' do
+      it 'does not create a file' do
+        reporter.export_json(report_file.path, nil)
+
+        expect(File.size(report_file.path)).to eq(0)
+      end
+    end
+
+    context 'when event file does not exist' do
+      it 'does not create a report file' do
+        reporter.export_json(report_file.path, '/nonexistent/path/event.json')
+
+        expect(File.size(report_file.path)).to eq(0)
+      end
+    end
+
+    context 'when event has no pull_request.number' do
+      let(:event_json) do
+        {
+          'pull_request' => {}
+        }
+      end
+
+      it 'does not create a report file' do
+        reporter.export_json(report_file.path, event_file.path)
+
+        expect(File.size(report_file.path)).to eq(0)
+      end
+    end
+
+    context 'when event has no pull_request key' do
+      let(:event_json) do
+        {}
+      end
+
+      it 'does not create a report file' do
+        reporter.export_json(report_file.path, event_file.path)
+
+        expect(File.size(report_file.path)).to eq(0)
+      end
+    end
+
+    context 'with multiline markdown' do
+      let(:status_report) do
+        {
+          errors: [],
+          warnings: [],
+          messages: [],
+          markdowns: ["## Details\n\nSome content"]
+        }
+      end
+
+      it 'preserves multiline markdown' do
+        reporter.export_json(report_file.path, event_file.path)
+
+        report = JSON.parse(File.read(report_file.path))
+        expect(report['markdowns']).to eq(["## Details\n\nSome content"])
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-grape-danger
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - dblock
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-02 00:00:00.000000000 Z
+date: 2025-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: danger-toc
   requirement: !ruby/object:Gem::Requirement
@@ -88,7 +88,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/workflows/danger.yml"
+- ".github/workflows/danger-comment.yml"
+- ".github/workflows/danger-run.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -101,8 +102,11 @@ files:
 - README.md
 - RELEASING.md
 - Rakefile
+- lib/ruby-grape-danger.rb
+- lib/ruby-grape-danger/reporter.rb
 - lib/ruby-grape-danger/version.rb
 - ruby-grape-danger.gemspec
+- spec/ruby-grape-danger/reporter_spec.rb
 - spec/ruby-grape-danger/version_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/ruby-grape/danger
@@ -123,10 +127,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.3
+rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
 summary: Danger.systems conventions for ruby-grape projects.
 test_files:
+- spec/ruby-grape-danger/reporter_spec.rb
 - spec/ruby-grape-danger/version_spec.rb
 - spec/spec_helper.rb

data/.github/workflows/danger.yml

@@ -1,21 +0,0 @@
-name: danger
-on: pull_request
-
-jobs:
-  danger:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 100
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: 3.2
-          bundler-cache: true
-          rubygems: latest
-      - name: Run Danger
-        run: |
-          # the token is public, has public_repo scope and belongs to the grape-bot user owned by @dblock, this is ok
-          TOKEN=$(echo -n Z2hwX2lYb0dPNXNyejYzOFJyaTV3QUxUdkNiS1dtblFwZTFuRXpmMwo= | base64 --decode)
-          DANGER_GITHUB_API_TOKEN=$TOKEN bundle exec danger --verbose