{"id":21835766,"url":"https://github.com/vtex/danger","last_synced_at":"2025-04-14T09:15:26.087Z","repository":{"id":40742770,"uuid":"196454187","full_name":"vtex/danger","owner":"vtex","description":"A opinionated danger.js configurable rule set and a companion github action","archived":false,"fork":false,"pushed_at":"2024-09-12T05:34:56.000Z","size":451,"stargazers_count":6,"open_issues_count":5,"forks_count":1,"subscribers_count":120,"default_branch":"master","last_synced_at":"2025-04-14T09:15:12.542Z","etag":null,"topics":["srv-engineering","xp-engineering"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vtex.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-07-11T19:32:21.000Z","updated_at":"2024-08-15T14:29:44.000Z","dependencies_parsed_at":"2024-08-14T16:57:11.067Z","dependency_job_id":"1756d38f-3e3f-444b-b125-87cb73306ea5","html_url":"https://github.com/vtex/danger","commit_stats":null,"previous_names":[],"tags_count":38,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vtex%2Fdanger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vtex%2Fdanger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vtex%2Fdanger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vtex%2Fdanger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vtex","download_url":"https://codeload.github.com/vtex/danger/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248852184,"owners_count":21171842,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["srv-engineering","xp-engineering"],"created_at":"2024-11-27T20:24:29.928Z","updated_at":"2025-04-14T09:15:26.057Z","avatar_url":"https://github.com/vtex.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# `@vtex/danger`\n\nThis repo exposes two projects:\n\n- `@vtex/danger`, a package with an opinionated and configurable danger ruleset;\n- `vtex/danger`, a Github Action that automatically runs the default configuration of `@vtex/danger` in a given repository.\n\n\u003c!-- @import \"[TOC]\" {cmd=\"toc\" depthFrom=2 depthTo=4 orderedList=false} --\u003e\n\n\u003c!-- code_chunk_output --\u003e\n\n- [Usage as an action](#usage-as-an-action)\n- [Usage as a package](#usage-as-a-package)\n  - [Rules](#rules)\n    - [`description`](#description)\n    - [`assignee`](#assignee)\n    - [`reviewers`](#reviewers)\n    - [`pr_size`](#pr_size)\n    - [`lock_file`](#lock_file)\n    - [`no_ignored_test`](#no_ignored_test)\n    - [`no_debugger`](#no_debugger)\n    - [`enforce_graphql_provider`](#enforce_graphql_provider)\n\n\u003c!-- /code_chunk_output --\u003e\n\n## Usage as an action\n\n`vtex/danger` automatically installs your dependencies and run `danger` for you. Your project doesn't even have to have a `dangerfile.js`!\n\nTo use it, it's as simple as adding it to one of your project workflows:\n\n```yml\nname: Some github action\n\non:\n  pull_request:\n    branches:\n      - master\n\njobs:\n  danger-ci:\n    name: Danger CI\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@master\n      - uses: actions/setup-node@master\n        with:\n          node-version: 12.x\n      - name: Danger CI\n        uses: vtex/danger@master\n        env:\n          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'\n          REQUIRE_CHANGELOG_VERSION: true\n```\n\nThe `vtex/danger` action accepts the below options:\n\n- `GITHUB_TOKEN` _(required)_ - A Github token for danger to use. You can you the `secrets.GITHUB_TOKEN` secret.\n- `REQUIRE_CHANGELOG_VERSION` _(default: `false`)_ - Define if the changelog rule should look for a new release version entry in the updated changelog.\n\n## Usage as a package\n\n\u003e Even when using as package, it still needs the configuration mentioned at [Usage as an action](#usage-as-an-action). \u003cbr\u003e It's important to mention that it's necessary to add the command `yarn install` before the `vtex/danger@master` on `danger-ci` job in your .yml file\n```diff\n       ...\n+     - name: yarn install\n+       run: yarn install\n      - name: Danger CI\n        uses: vtex/danger@master\n        env:\n          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'\n          REQUIRE_CHANGELOG_VERSION: false\n```\n\n### Configuring package\nIf you want to use the `@vtex/danger` ruleset separatedly from its action, you can install the package and call it in your `dangerfile.js`.\n\n```shell\n$ yarn add -D @vtex/danger\n# or\n$ npm i -D @vtex/danger\n```\n\nThe next step is to create a `dangerfile.js` file. It's where `danger` expects your pull request checks to be.\n\nInstead of having to write all kinds of checks over and over again, `@vtex/danger` exports a `verify` method which executes all of its checks:\n\n```js\n// dangerfile.js\nconst { verify } = require('@vtex/danger')\n\nverify()\n```\n\nIt also accepts a configuration object:\n\n```js\n// dangerfile.js\nconst { verify } = require('@vtex/danger')\n\nconst config = {\n  // Set to true to enforce keepachangelog rules.\n  keepachangelog: {\n    changeVersion: false,\n  },\n  rules: {\n    description: ['fail', { minLength: 20 }],\n    assignee: 'off',\n    reviewers: 'off',\n    pr_size: ['warn', { additionLimit: 800, deletionLimit: -1 }],\n    lock_file: 'warn',\n    no_ignored_test: ['fail', { pattern: /test|spec/i }],\n    no_debugger: ['fail', { pattern: /\\.[tj]sx?$/i }],\n    enforce_graphql_provider: 'fail',\n  },\n}\n\nverify(config)\n```\n\n### Changelog\n\n`@vtex/danger` uses the [danger-plugin-keepachangelog](https://github.com/vtex/danger-plugin-keepachangelog/) to check for the validity of a pull request's changelog entry. Please refer to the plugin documentation for further explanations and options.\n`The plugin can be configured by passing a`keepachangelog` property to the config object:\n\n```js\n{\n  keepachangelog: {\n    ...pluginOptions\n  },\n  ...\n}\n```\n\n### Rules\n\nRules are configured in a similar manner to `eslint` rules:\n\n```js\n{\n  rules:  {\n    example_rule: 'warn',\n    other_rule: ['fail', { path: 'foo' }].\n    some_rule: 'off',\n    not_the_same_rule: 'message'\n  }\n}\n```\n\n**Log levels**\n\n- `off` - disable the rule;\n- `info` - rule result is a informational log;\n- `warn` - rule result should be an alert;\n- `fail` - rule result will block the pull request;\n\n---\n\n#### `description`\n\nEnforce a minimum description length.\n\n**Options:**\n\n```js\n{\n  // Minimum description length\n  minLength: 20,\n},\n```\n\n**Example:**\n\n\u003e 📝 Please add a changelog entry for your changes.\n\n---\n\n#### `assignee`\n\nEnforce having an assigned user to merge the pull request.\n\n**Example:**\n\n\u003e 👤 Please assign someone to merge this PR, and optionally include people who should review.\n\n---\n\n#### `reviewers`\n\nEnforce having at least one person to review the pull request.\n\n**Example:**\n\n\u003e 👥 There are no reviewers assigned to this pull request!\n\n---\n\n#### `pr_size`\n\nEnforce smaller pull requests by alerting if its size is relatively big. This rule considers `additions + deletions`.\n\n**Options:**\n\n```js\n{\n  // addition number limit\n  additionLimit: 800,\n  // deletion number limit. `-1` for no limit\n  deletionLimit: -1,\n},\n```\n\n**Example:**\n\n\u003e 👀 Pull Request size seems relatively large (\u003e800 modifications). If Pull Request contains multiple changes, split each into separate PR will helps faster, easier review.\n\n---\n\n#### `lock_file`\n\nEnforce lock files are updated together with the `package.json` file.\n\n**Example:**\n\n\u003e Changes were made to package.json, but not to yarn.lock - Perhaps you need to run yarn install?\n\n---\n\n#### `no_ignored_test`\n\nEnforce no `it.only`, `describe.only`, `fdescribe`, `fit(`, `xit(`, `it.skip`, `describe.skip` inside files which respect the specified filename pattern.\n\n**Options:**\n\n```js\n{\n  // files to search pattern\n  pattern: /test|spec/i,\n}\n```\n\n**Example:**\n\n\u003e 🚫 An `it.only` was left in this file `react/tests/utils.test.tsx#L18`\n\n---\n\n#### `no_debugger`\n\nEnforce no `debugger` inside files which respect the specified filename pattern.\n\n**Options:**\n\n```js\n{\n  // files to search pattern\n  pattern: /\\.[tj]sx?$/i,\n}\n```\n\n**Example:**\n\n\u003e ⚠️ Is this a `debugger` that I see on [withQuery.tsx#L52](https://github.com/owner/repo/blob/src/withQuery.tsx#L52)?\n\n#### `enforce_graphql_provider`\n\nEnforce `.gql` and `.graphql` files to explicitly declare the `@context(provider: \"...\")` for graphql queries.\n\n**Example:**\n\n\u003e ⚠️ No `@context(provider: \"...\")` found on [updateName.gql](https://github.com/owner/repo/updateName.gql). Please explicitly declare the query provider.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvtex%2Fdanger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvtex%2Fdanger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvtex%2Fdanger/lists"}