Github Actions to get Rails code reviewed reasonably automatically
Introduction
In GitHub Actions, various actions are published in Marget Place. Just install it and you're ready to use it in your Rails project. But ... if you leave it as it is, you will use many virtual machines, so you will consume credits in a private repository in a blink of an eye ... So we decided to make it for our project.
It would be nice if I could analyze the entire target project and keep it clean at all times, but I couldn't do it because I put it in the middle. Therefore, it is a policy to at least clean up the pull requests issued by each.
The code when I tried it is here. https://github.com/ken1flan/test_with_reviewdog
The tool I'm using this time (Thank you!)
- reviewdog -It extracts only the pull request from the output of each static analysis tool in ↓ and reports it.
- rubocop ――It will check if you follow the Ruby writing style that is considered good in the community.
- reek --The code written in Ruby will be checked for readability / maintainability / extensibility.
- brakeman --A security scanner for Rails applications.
- haml-lint ――It will check if HAML is easy to maintain.
- eslint ――It will check if Javascript is easy to maintain.
- stylelint ――It will check if CSS and SCSS are easy to maintain.
code
Roughly speaking, what you are doing is like this.
The static analysis tool that reviewdog runs internally is described in .reviewdog.yml.
- Installation of Ruby and Node.js required to run static analysis tools
- Install the libraries required by the project
- Install reviewdog
- Run reviewdog
yml:.github/workflows/code_analysis.yml
name: code_analysis
on: [pull_request]
jobs:
code_analysis:
name: runner
runs-on: ubuntu-latest
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v2
- uses: ruby/setup-ruby@v1
with:
ruby-version: 2.7.1
- uses: actions/setup-node@v1
with:
node-version: 12.x
- name: cache vendor/bundle
uses: actions/cache@v1
with:
path: vendor/bundle
key: bundle-${{ hashFiles('**/Gemfile.lock') }}
- name: cache node_modules
uses: actions/cache@v1
with:
path: node_modules
key: yarn-${{ hashFiles('**/yarn.lock') }}
- name: bundle install
run: bundle check || bundle install --jobs=4 --retry=3 --path vendor/bundle
- name: yarn install
run: yarn install
- name: install reviewdog
uses: reviewdog/action-setup@v1
- name: reviewdog
run: reviewdog -reporter=github-pr-check
yml:.reviewdog.yml
runner:
rubocop:
cmd: bundle exec rubocop
brakeman:
cmd: bundle exec brakeman --quiet --format tabs
reek:
cmd: bundle exec reek --single-line
haml-lint:
cmd: bundle exec haml-lint
eslint:
cmd: yarn run eslint app/**/*.js
stylelint:
cmd: yarn run stylelint app/**/*.{css,scss}
output
Like this Is output.
What is found in the pull request is displayed for easy viewing.
Since Filtered Findings contains everything found in the project ... you can also see how many issues you have, so you may want to worry about it.
Where I was addicted
For Ruby setup, use ruby / setup-ruby!
Actions / ruby made by GitHub cannot specify the patch version, and the latest version is used with a slight delay. I think that I specify the version of Ruby in the Gemfile, but it is not compatible with this, the version often shifts, and bundle install fails.
Ruby / setup-ruby maintained by the Ruby community can also specify the patch version, so I decided to use this.
I'm embarrassed, so I want to fix it before submitting a pull request!
You can check in advance by installing reviewdog on your PC and doing the following.
$ reviewdog --diff='git diff main'
Finally
If you ask a human to do this, you and the reviewer will both be happy, so it's best to ask a machine. When it is pointed out, it is true that there are many cases, so it is helpful to learn a good writing style that I can not pick up by myself.
Recommended Posts