automate-code-review

• Story

added danger for checking commits compliance

Danger is an extensible automated checker for merge requests. The rules are defined locally by code: it can inspect the current MR changes and perform any action based on whatever criteria you define. Start using Danger here to automatically apply labels based on the files which have been changed.

• Confluence Guidance
• 10% project
• jira PAAS-1508
• Versioning

The intention of this project is to provide an automated way to rewier MRs

Here is a (non-exhaustive) list of the kinds of things Danger has been used for at GitLab so far:

• Coding style
• Database review
• Documentation review
• Merge request metrics
• Reviewer roulette
• Single codebase effort

docker pull registry.gitlab.com/hnbi/platform-as-a-service/test-projects/automate-code-review

---

Contents

• Getting started
• Commands
  • Run Danger file
  • Docs
  • Shared pipelines
• SEcrets
• Examples
  • How To
  • Plugins
  • Example MRs to Cover
• TODO && Supported Features

---

Getting started

Commands

npm install
mk local

Plugins

• Plugins: official docs
• Danger Plugin Toolbox
• Danger Plugin Jest
• Danger Plugin TsLint
• Danger Plugin noTestsShortcuts
• Danger Plugin: PR Higene
• Danger Plugin: pull request
• Danger: extensions
• Danger: toolbox
• Danger Plugin: kirinus

Testing

• Jest: testing with typescript
• Jest: docs expect
• Jest: how to use jest
• Jest: partial match

Docs & Blogs

• Emoji
• Gitlab How to
• Danger Local
• Danger 5 minutes
• Gitlab source
• 4/10: Gitalb Danger bot
• 4/10: Example Gitlab
• 5/10: blog
• 6/10: blog
• 2/10: setup
• 6/10: hints
• 5/10: hints in ru
• 6/10: Block code that is used in Demo
• 8/10: Speed up jobs

Issues

• Danger ts
• Danger ts. How to
• Danger jest

Secrets

• Project Access Scope

Examples

• https://github.com/artsy/artsy.github.io/blob/main/Dangerfile
• https://github.com/artsy/eigen/blob/main/dangerRules/useWebPs.tests.ts
• https://github.com/artsy/eigen/blob/main/dangerfile.ts
• https://github.com/realm/jazzy/blob/master/Dangerfile
• https://github.com/samdmarshall/danger/blob/master/Dangerfile
• https://github.com/artsy/emission/blob/master/dangerfile.ts
• https://github.com/danger/danger-js/blob/main/dangerfile.ts
• Docker image
• Docker images. Build Images
• Examples
• Official Gitlab Setup 3/10

Example MRs to Cover

• DynamoDB case

TODO && Supported Features

• Integrations
  • Integrate with notify to review an MR bot
• Recurring job
  • Iterate over every repository and review the MRs
• Use TypeScript instead of plain JS
• Unit tests with fixtures. Example
  • TS lint
• Docker tag.
• Message 'apply after merge'
  • With author name
• Ensure files has new line
• Dynamodb
  • Multiple GCI
    • Hey, unfortunately only one GSI can be operated on at a time, otherwise AWS will complain.
    • Cannot update GSI's properties other than Provisioned Throughput and Contributor Insights Specification
    • Do not process DynamoDB logic when there is no change
    • Billing mode suggestion.
    • Investigate. Throwing an error
  • non_key_attributes modification
• Please use the appropriate MR template, and populate with details and a jira ticket
• Changelog is missing
• Jira link is missing
• Skip
  • Do not run when [skip ci].
  • Skip MRs with label renovate-bot.
  • Du not run when MR is closed.
  • On MR description update.
• ElastiCache
  • Validate node type exist with the link to https://instances.vantage.sh/
  • Validate specific values changed
• RDS
  • RDS engine version validation
    • postgres version validation.
    • mysql version validation.
    • rds validate "valid_upgrade_targets" message
    • Validate RDS instance class exist with the link to https://instances.vantage.sh/
    • gp2 to gp3 migration proposal
    • Instance class validation in prod.
    • Instance class modified.
    • Reminder to fix deleted resources.
  • Backup retention │ Error: creating RDS DB Instance (restore to point-in-time) (search-category-api-v2): InvalidParameterValue: The specified instance cannot be restored to a time earlier than 2022-10-20T12:59:32Z because its backup retention period is set to 1 days.
  • RDS outputs engine_info.valid_upgrade_targets have a look where there are available upgrade options
  • RDS/Dynamo DB deleted files -> ask PAAS to remove database
  • RDS message Worth copying the config from another prod instance so that you get the correct settings for backups, multi-az and network connectivity and validate Things like multi_az: false, backup_retention_period: 1 and allowed_cidrs set to dev
• RDS Aurora
  • aurora initial validation
  • aurora version validation
  • aurora desired version validation
  • aurora and instance_type validation
• Flag on MR size
  • Number of files > 10, should split MR probably.
  • MR exceeded treshold.
• Sandbox
  • on deletion du not remove example. Consider to comment CI logic only. Make sure to remove resources.
• MSK/Kafka
  • partial fix
  • compare prefixes, e.g. where its new prefix of already exist
  • enforce single format e.g. - or _
    • (message) You also seem to be using a different format to the existing supply chain (ie. supply-chain- prefix, and hyphens), has your team chosen to change the format going forward?`
    • (message) First time team created a topic
  • Added message for topic name consistency
  • Kafka MR templates
  • MSK MR diff instead of simple update
  • Message Please can you update the topic details section, and also put the topics in alphabetical order. You also seem to be using a different format to the existing supply chain (ie. supply-chain- prefix, and hyphens), has your team chosen to change the format going forward?
• Labels
  • Added label danger-bot on code review
• Messages
  • message('Make sure to test your changes before moving your ticket to Code review.')
  • Pull Request size seems relatively large when danger.gitlab.mr.changes_count: 100
  • warn("MR is classed as Work in Progress") if gitlab.mr_title.include? "Draft:"
  • `PaaS need to merge and apply changes.
  • Message -> On release, make sure versionis updated inChart.yaml file.
• Slack
  • Request review in paas-forum or send and automated request to slack
  • Post message in slack channel with reviewer name
• Aurora
  • Supported engine versions example
• SSO
  • link to confluence
  • S3 buckets, link to explicit how to request
  • Admin or Full access is granted, flag it
• S3
  • Validate tags
  • Support MR templates for s3
  • Bucket deleted PR example
• Sanity check and apply this repo https://hollandandbarrett.slack.com/archives/GKM7H90TH/p1666013132693499
• Web Hooks
  • Automate/Simplify creation of webhooks
    • docs
  • Trigger a webhook programmatically for testing
• CHANGELOGs
  • Changelog doesn't need to go via MR; just commit, tag and push mr
  • This PR modifies multiple files but does not have the CHANGELOG updated.
  • There should be no version until it is released, that is what the [Unreleased] section is for
  • Could you add an entry to the "Unreleased" section of the changelog e.g. -Added|Changed-.
• Provide CI_JOB_URL in MR message
• Dependency update with Renovate
• k8s-deploy specific review
  • Test in test folder present.
  • Message with explanation what is required to test changes.