Danger

Danger is a tool that runs as part of your continuous integration process. Using a domain-specific language, it lets you define any arbitrary set of rules that suit your team’s pull request code review practices. For example: checking that the pull request might have modified some sensitive files and that the whole pull request needs to be carefully reviewed.

Note

There are two versions of Danger, one implemented in Ruby and the other in JavaScript. This section only covers the Ruby implementation.

This section contains several sub-sections:

Install

Installing Danger is easy. You can use the Danger documentation, but the few commands required are:

gem install bundler
bundle init
echo "gem 'danger', '~> 5.5', '>= 5.5.3'" >> Gemfile
bundle install
bundle exec danger --version # "5.5.3"

These commands ensure that Bundler, the Ruby dependency manager, is installed and configured, that Danger is added as a dependency to your Gemfile, and that Danger is installed. Finally, Danger is executed to demonstrate that is has been installed successfully.

Configure

Danger has a built-in configuration process, but there is also some configuration required in the buddybuild dashboard:

  1. (Optional) Create a branch for including Danger in your project.

    git checkout -b setup-danger
  2. Create the initial Danger configuration.

    danger init

    This process is interactive, and includes:

    • Creation of the Danger configuration file Dangerfile

    • Asking you to setup a Danger-specific GitHub account

    • Asking you to create a personal access token

    • Asking you to add Danger to your CI system.

    • Asking you to expose the personal access token via environment variables.

  3. Add the Danger access token as an environment variable.

    1. Log in to the buddybuild dashboard

    2. In the top navigation bar, select the app that should include Danger.

    3. In the top navigation bar, click App Settings. The screen is displayed:

      The Build settings screen

    4. The Environment tab Click the Environment tab. The Environment settings are displayed:

      The Default build configuration screen, with the Environment tab selected

    5. The Configure button In the Environment variables row, click the Configure button. The Environment variables screen is displayed:

      The Environment variables screen

    6. In the Create a new environment variable area:

      1. In the Name field, enter: DANGER_GITHUB_API_TOKEN.

      2. In the Value field, enter the access token that you created when you executed danger init.

      3. The Create button Click the Create button.

  4. Create a buddybuild_postbuild.sh script at the root of your repository with the following content:

    #!/bin/bash
    chruby 2.3.1
    bundle install
    bundle exec danger --fail-on-errors=true
  5. Commit the Dangerfile.

    git add Dangerfile
    git commit -m "Setup Danger with basic rules"
    git push -u origin setup-danger
  6. Open your repository on GitHub and open a pull request with the setup-danger branch, using [WIP] in the pull request’s title; this identifies the pull request as a work in progress. You should now see the result of Danger’s processing as a comment to the pull request:

    Danger reporting a pull request as a work in progress

Now that Danger is configured, you can adjust the logic in the Dangerfile to automate the CI steps that you require. See the following examples for inspiration.

Examples

Use Danger to ensure that coding style is respected

Swiftlint is a tool that uses Clang and SourceKit to parse your source files and check them against a set of rules that you can fully customize.

This example demonstrates how to add Swiftlint to Danger:

  1. Edit your Gemfile so that it includes the following line:

    gem 'danger-swiftlint', '~> 0.5.1'
  2. Run bundle install to install the new dependency.

  3. Edit your Dangerfile to include the following line:

    swiftlint.lint_files
  4. Commit the configuration changes to your repository:

    git add Gemfile Dangerfile
    git commit -m 'Add Swiftlint to Danger.'

Now, whenever you create a pull request, Danger checks all of the modified and added files in the pull request, and lists all of the Swiftlint violations in a comment:

Danger reporting coding style violations from Swiftlint

Use Danger to maintain code coverage level

xcov is a visualizer for Xcode code coverage files.

This example demonstrates how to add xcov to Danger:

  1. Edit your Gemfile so that it includes the following line:

    gem 'danger-xcov', '~> 0.3.3'
  2. Run bundle install to install the new dependency.

  3. Edit your Dangerfile to include the following lines:

    xcov.report(
       scheme: ENV['BUDDYBUILD_SCHEME'],
       project: "#{ENV['BUDDYBUILD_WORKSPACE']}/Project.xcodeproj",
       minimum_coverage_percentage: 30,
       derived_data_path: ENV['BUDDYBUILD_TEST_DIR'],
    )
  4. Commit the configuration changes to your repository:

    git add Gemfile Dangerfile
    git commit -m 'Add xcov to Danger.'

Now, whenever you create a pull request, Danger checks the level of code coverage in your projects and fails the build if the percentage falls below the value for minimum_coverage_percentage (30% in this case):

Danger reporting the code coverage percentage from xcov

Add release notes using Danger

Your app’s users are often interested in what’s new or changed in each release of your app. You can provide a list of the changes in the file buddybuild_release_notes.txt. When this file exists at the root of your repository, its content is displayed as the release notes to your users.

Developers often forget to update release notes, and reviewers often forget to the that the release notes have been updated. Danger can perform the release note checks for you.

The following example checks to see if Swift code can been modified, and if so, whether the buddybuild_release_notes.txt file has also been modified. If not, a warning is displayed.

modified_code = git.modified_files.include? "2048/*.swift"
updated_release_notes = git.modified_files.include? \
    "buddybuild_release_notes.txt"

fail "You forgot to update the release_notes_file\
    ([docs](http://docs.buddybuild.com/docs/focus-message))"\
    if modified_code && !updated_release_notes

Danger reporting that the release notes have not been updated

results matching ""

    No results matching ""