From 5aa35d2e1cc59f4f9562bcf6b23727140bc769db Mon Sep 17 00:00:00 2001 From: Leandro Segovia Date: Tue, 23 May 2023 11:19:12 -0400 Subject: [PATCH] feat(): run brakeman with reviewdog on CI --- CHANGELOG.md | 1 + lib/potassium/assets/.circleci/config.yml.erb | 12 ++++++++++++ spec/features/ci_spec.rb | 2 +- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 424cd961..87a0728a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## Unreleased Features - Add environment variables module recipe [#435](https://github.com/platanus/potassium/pull/435) + - Run [Brakeman](https://brakemanscanner.org/) with reviewdog on CI [#440](https://github.com/platanus/potassium/pull/440) Fixes - Fix CircleCI config [#434](https://github.com/platanus/potassium/pull/434) diff --git a/lib/potassium/assets/.circleci/config.yml.erb b/lib/potassium/assets/.circleci/config.yml.erb index 0f1f85f1..819e3b5d 100644 --- a/lib/potassium/assets/.circleci/config.yml.erb +++ b/lib/potassium/assets/.circleci/config.yml.erb @@ -150,6 +150,18 @@ jobs: steps: - setup + - run: + name: Install brakeman + command: | + gem install brakeman + + - run: + name: Run Brakeman + shell: /bin/bash + command: | + bundle exec brakeman --quiet --format tabs --no-exit-on-warn --no-exit-on-error --output "tmp/brakeman_report"; \ + ./bin/reviewdog < "tmp/brakeman_report" -reporter=github-pr-review -f=brakeman -name="Brakeman" + - run: name: Get files to lint command: git diff origin/master --name-only --diff-filter=d > tmp/files_to_lint diff --git a/spec/features/ci_spec.rb b/spec/features/ci_spec.rb index e7dcfbdf..906a0cfd 100644 --- a/spec/features/ci_spec.rb +++ b/spec/features/ci_spec.rb @@ -14,7 +14,7 @@ end it "correctly bundles the config file" do - expect(ci_config).to include('cimg/ruby', 'cache', 'rspec', 'reviewdog') + expect(ci_config).to include('cimg/ruby', 'cache', 'rspec', 'reviewdog', 'brakeman') end it "uses dasherized app name for repo analyzer" do