Merge pull request #440 from platanus/brakeman

Brakeman

CHANGELOG.md

@@ -3,6 +3,7 @@
 ## Unreleased
 Features
   - Add environment variables module recipe [#435](https://github.com/platanus/potassium/pull/435)
+  - Run [Brakeman](https://brakemanscanner.org/) with reviewdog on CI [#440](https://github.com/platanus/potassium/pull/440)
 
 Fixes
   - Fix CircleCI config [#434](https://github.com/platanus/potassium/pull/434)

lib/potassium/assets/.circleci/config.yml.erb

@@ -150,6 +150,13 @@ jobs:
     steps:
       - setup
 
+      - run:
+          name: Run brakeman
+          shell: /bin/bash
+          command: |
+            bundle exec brakeman --quiet --format tabs --no-exit-on-warn --no-exit-on-error --output "tmp/brakeman_report"; \
+            ./bin/reviewdog < "tmp/brakeman_report" -reporter=github-pr-review -f=brakeman -name="Brakeman"
+
       - run:
           name: Get files to lint
           command: git diff origin/master --name-only --diff-filter=d > tmp/files_to_lint

lib/potassium/recipes/ci.rb

@@ -7,6 +7,10 @@ def create
       gather_gem 'rspec_junit_formatter', '~> 0.4'
     end
 
+    gather_gems(:development, :test) do
+      gather_gem('brakeman')
+    end
+
     add_readme_header :ci
     application 'config.assets.js_compressor = :uglifier', env: 'test'
   end

spec/features/ci_spec.rb

@@ -13,8 +13,13 @@
     create_dummy_project
   end
 
+  it "adds brakeman to Gemfile" do
+    content = IO.read("#{project_path}/Gemfile")
+    expect(content).to include("brakeman")
+  end
+
   it "correctly bundles the config file" do
-    expect(ci_config).to include('cimg/ruby', 'cache', 'rspec', 'reviewdog')
+    expect(ci_config).to include('cimg/ruby', 'cache', 'rspec', 'reviewdog', 'brakeman')
   end
 
   it "uses dasherized app name for repo analyzer" do