Skip to content

pagopa/danger-plugin

Repository files navigation

Custom DangerJS rules plugin

npm Azure DevOps builds Azure DevOps builds npm type definitions

This module provides custom rules over Danger CI automation.

Features

  • Cross-link with Jira stories, based on PR title
  • Warn when a PR has no description
  • Update the PR title with the right changelog configuration and scope
  • Update the generated changelog, adding the link to the related Jira ticket
  • Warn if npm-related files are added (as we use yarn)

Usage

To use you must already have danger-js set up in your repo. If you haven't configured it yet:

yarn add danger --dev

Install

yarn add @pagopa/danger-plugin --dev

At a glance

Create a new file Dangerfile.ts in your root working dir. It is mandatory to define a Configuration that allows you to make a mapping between a ticket projectid or ticket tag with a scope that is mainly a string that allows you to better describe it.

// Dangerfile.ts
import customRules from "@pagopa/danger-plugin";
import { Configuration } from "@pagopa/danger-plugin/dist/types";

const configuration: Configuration = {
  projectToScope: {
    IAC: "Bonus Pagamenti Digitali",
    IOACGN: "Carta Giovani Nazionale",
    IAGP: "EU Covid Certificate",
  },
  tagToScope: {
    android: "Android",
    ios: "iOS",
    messages: "Messages",
    payments: "Payments",
    services: "Services",
  },

  // minimum length of the PR description below which a warning is generated
  minLenPrDescription: 10,

  // To add a label to the PR containing the name of the project linked to the task on Jira.
  updateLabel: true,

  // To change the title of the PR according to whether the task on Jira is a feat (Story) / fix (Bug) / chore (Sub-task) / epic.
  updateTitle: false,
};

customRules(configuration);

Look at the Dangerfile.ts file to better understand how to structure it.

Creating a GitHub bot account for Danger

In order to get the most out of Danger, we recommend giving it the ability to post comments in your Pull Requests. This is a regular GitHub account, but depending on whether you are working on a private or public project, you will want to give different levels of access to this bot.

Environment variables

A token related to github bot account is required to enable the reading of the repo and comment the PR on github to be set in the environment variable:

DANGER_GITHUB_API_TOKEN="....."

Furthermore, to access the Jira API it is necessary to create a token relating to a service account and set the following environment variables:

[email protected]
JIRA_PASSWORD=token...

DevOps pipeline

example of a pipeline stage for the code review

stages:
  - stage: Static_analysis
    dependsOn: []
    jobs:
      - job: danger
        condition: and(
          succeeded(),
          and(
          eq(variables['Build.Reason'], 'PullRequest'),
          ne(variables['DANGER_GITHUB_API_TOKEN'], 'skip')
          )
          )
        steps:
          - template: templates/node-job-setup/template.yaml@pagopaCommons
          - bash: |
              yarn danger ci
            env:
              DANGER_GITHUB_API_TOKEN: "$(DANGER_GITHUB_API_TOKEN)"
              JIRA_USERNAME: "$(JIRA_USERNAME)"
              JIRA_PASSWORD: "$(JIRA_PASSWORD)"
            displayName: "Danger CI"