Danger - Stop Saying "You Forgot To…" in Code Review

What is Danger?

Danger runs during your CI process, and gives teams the chance to automate common code review chores.

This provides another logical step in your build, through this Danger can help lint your rote tasks in daily code review.

You can use Danger to codify your teams norms. Leaving humans to think about harder problems.

She does this by leaving messages inside your PRs based on rules that you create with the Ruby scripting language.

Over time, as rules are adhered to, the message is amended to reflect the current state of the code review.

For Example

Enforce Changelogs
Improve your prose
Ensure no Merge commits
Dont Focus Tests
Highlight build artifacts
Special case special files

# Add a CHANGELOG entry for app changes
if !git.modified_files.include?("CHANGELOG.md") && has_app_changes
  fail("Please include a CHANGELOG entry. \nYou can find it at [CHANGELOG.md](https://github.com/realm/jazzy/blob/master/CHANGELOG.md).")
  message "Note, we hard-wrap at 80 chars and use 2 spaces after the last line."
end

# Look for prose issues
prose.lint_files markdown_files

# Look for spelling issues
prose.ignored_words = ["orta", "artsy", "cocoapods"]
prose.check_spelling markdown_files

# Ensure a clean commits history
if git.commits.any? { |c| c.message =~ /^Merge branch/ }
  fail('Please rebase to get rid of the merge commits in this PR')
end

# Don't let testing shortcuts get into master by accident
fail("fit left in tests") if `grep -r "fit" Demo/Tests/`.length > 1

username = ENV['CIRCLE_PROJECT_USERNAME']
project_name = ENV['CIRCLE_PROJECT_REPONAME']
build_number = ENV['CIRCLE_BUILD_NUM']
if username && project_name && build_number
  # submit message giving the coverage report that was generated by coverage.py
  message('[html coverage report](https://circleci.com/api/v1/project/'+username+'/'+project_name+'/'+build_number+'/artifacts/0/$CIRCLE_ARTIFACTS/htmlcov/index.html)')
end

# Did you make analytics changes? Well you should also include a change to our analytics spec
made_analytics_changes = modified_files.include?("/Artsy/App/ARAppDelegate+Analytics.m")
made_analytics_specs_changes = modified_files.include?("/Artsy_Tests/Analytics_Tests/ARAppAnalyticsSpec.m")
if made_analytics_changes
    fail("Analytics changes should have reflected specs changes") if !made_analytics_specs_changes

    # And pay extra attention anyway
    message('Analytics dict changed, double check for ?: `@""` on new entries')
    message('Also, double check the [Analytics Eigen schema](https://docs.google.com/spreadsheets/u/1/d/1bLbeOgVFaWzLSjxLOBDNOKs757-zBGoLSM1lIz3OPiI/edit#gid=497747862) if the changes are non-trivial.')
end

What magic is this?

How

Danger is ruby gem that runs a Dangerfile. You set up a Dangerfile per-project. The Dangerfile contains a collection of home-grown rules specific to your project.

Danger should be installed via a Gemfile. Add gem "danger" to your Gemfile, then run bundle.

You can integrate Danger into your own project on any available CI service. She will run through the process with you if you run danger init after installation.

Messaging Options

Comment a message to the table:
message("You have added 3 more gems to the app.")

Declares a CI warning:
warn("You have not included a CHANGELOG entry.")

Declares a CI blocking error:
fail("Our linter has failed.")

Outputs markdown under the table:
markdown("## ")

Outputs markdown at a line in the diff:
warn("Please add your name", file: "CHANGELOG.md", line: 4)

Supports

Can run on: Circle, Travis, Jenkins, Buildkite, BuddyBuild, Semaphore, TeamCity, Xcode Bots, Drone, Surf and Bitrise.

Can chat back on: GitHub, GitLab and Bitbucket.

Can handle diffs from: Git.

Features

SCM	Feedback	Inline Comments	API Access
GitHub	✅	✅	✅
GitHub Enterprise	✅	✅	✅
GitLab.com	✅	🚫	✅
GitLab CE	✅	🚫	✅
GitLab EE	✅	🚫	✅
Bitbucket.org	🚫	🚫	🚫
Bitbucket Server	✅	🚫	🚫

Plugins

Danger was built to be a small core, which allows others to extend her DSL via gems as plugins. You can create a new one with danger plugins create.

prose
android_lint
changelog
clorox
commit_lint
duplicate_localizable_strings
findbugs
jazzy
jenkins
junit
lgtm
mention
missed_localizable_strings
pep8
pronto
rubocop
shellcheck
simplecov
slack
slather
tailor
the_coding_love
todoist
transifex
xcode_summary
xcodebuild
xcov

prose

Lint markdown files inside your projects. This is done using the proselint python egg. Results are passed out as a table in markdown.

Created by David Grandinetti, Orta Therox.

Reference

Attributes

Allows you to disable a collection of linters from running. Doesn't work yet. You can get a list of them here defaults to ["misc.scare_quotes", "typography.symbols"] when it's nil.

disable_lintersArray

Allows you to add a collection of words to skip in spellchecking. defaults to [""] when it's nil.

ignored_wordsArray

Methods

Lints the globbed markdown files. Will fail if proselint cannot be installed correctly. Generates a markdown list of warnings for the prose in a corpus of .markdown and .md files.

lint_files (files=nil: String)

Determine if proselint is currently installed in the system paths.

proselint_installed? Bool

Determine if mdspell is currently installed in the system paths.

mdspell_installed? Bool

Runs a markdown-specific spell checker, against a corpus of .markdown and .md files.

check_spelling (files=nil: String)

Examples

Running linter with custom disabled linters

# Runs a linter with comma style and tense present disabled
prose.disable_linters = ["misc.scare_quotes", "misc.tense_present"]
prose.lint_files "_posts/*.md"

Running linter with default linters

# Runs a linter with all styles, on modified and added markdown files in this PR
prose.lint_files

Running the spell checker

# Runs a spell checker on all files in `_post`
prose.check_spelling "_posts/*.md"

Running the spell checker, with some words whitelisted

prose.ignored_words = ["orta", "artsy"]
prose.check_spelling

How to Install

Include gem "danger-prose" in your project’s Gemfile. Then run bundle install.

Then inside your Dangerfile, you can access the plugin via prose.

Repository

https://github.com/dbgrandi/danger-prose

See in Action

artsy/artsy.github.io

Show me some Dangerfiles

Danger is used in all sorts of projects: ruby gems, python apps, xcode projects, blogs, npm websites and modules. You can check out some Dangerfiles from the Open Source community here.