Danger Integration Guide

Pre - Requisites

Install Bundler

• Install Bundler - A dependency manager for Ruby

Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed.

sudo gem install bundler

# Fetching bundler-2.1.4.gem
# Successfully installed bundler-2.1.4
# Parsing documentation for bundler-2.1.4
# Installing ri documentation for bundler-2.1.4
# Done installing documentation for bundler after 2 seconds
# 1 gem installed

Initialize a gem file in Root folder of the project

bundler init

# Writing new Gemfile to /Users/karthickchinnathambi/WORKSAPCE/thinknlearn/android-best-practices/Gemfile

Add Danger Ruby gem as dependency in Gemfile

source "https://rubygems.org"

gem 'danger'

Install Danger + All the dependencies

bundle install

#Installing public_suffix 4.0.6
#Fetching addressable 2.7.0
#Installing addressable 2.7.0
#Using bundler 2.1.4
#Fetching unicode-display_width 1.7.0
#Installing unicode-display_width 1.7.0
#Fetching terminal-table 1.8.0
#Installing terminal-table 1.8.0
#Fetching danger 8.2.1
#Installing danger 8.2.1
#Bundle complete! 1 Gemfile dependency, 24 gems now installed.
#Use `bundle info [gemname]` to see where a bundled gem is installed.

Initialize / Setup Danger

Initialization

karthickchinnathambi@Karthicks-MacBook-Pro android-best-practices % bundle exec danger init

# OK, thanks karthickchinnathambi, have a seat and we'll get you started.
# 
# We need to do the following:
#  - [ ] Create a Dangerfile and add a few simple rules.
#  - [ ] Create a GitHub account for Danger to use, for messaging.
#  - [ ] Set up an access token for Danger.
#  - [ ] Set up Danger to run on your CI.
# 
# Step 1: Creating a starter Dangerfile
# 
# I've set up an example Dangerfile for you in this folder.
# cat /Users/karthickchinnathambi/WORKSAPCE/thinknlearn/android-best-practices/Dangerfile
# 
#   # Sometimes it's a README fix, or something like that - which isn't relevant for
#   # including in a project's CHANGELOG for example
#   declared_trivial = github.pr_title.include? "#trivial"
# 
#   # Make it more obvious that a PR is a work in progress and shouldn't be merged yet
#   warn("PR is classed as Work in Progress") if github.pr_title.include? "[WIP]"
# 
#   # Warn when there is a big PR
#   warn("Big PR") if git.lines_of_code > 500
# 
#   # Don't let testing shortcuts get into master by accident
#   fail("fdescribe left in tests") if `grep -r fdescribe specs/ `.length > 1
#   fail("fit left in tests") if `grep -r fit specs/ `.length > 1
# 
# There's a collection of small, simple ideas in here, but Danger is about being able to easily
# iterate. The power comes from you having the ability to codify fixes for some of the problems
# that come up in day to day programming. It can be difficult to try and see those from day 1.
# 
# If you'd like to investigate the file, and make some changes - I'll wait here,
# press return when you're ready to move on...

Seting Up a Github Account for Danger to Post Comments

This is optional. Pragmatically, you want to do this though.

# Step 2: Creating a GitHub account
# 
# In order to get the most out of Danger, I'd recommend giving her the ability to post in
# the code-review comment section.
# 
# IMO, it's best to do this by using the private mode of your browser. Create an account like
# Android-best-practicesBot, and don't forget a cool robot avatar.
# 
# Here are great resources for creative commons images of robots:
#  -> https://www.flickr.com/search/?text=robot&license=2%2C3%2C4%2C5%2C6%2C9
#  -> https://www.google.com/search?q=robot&tbs=sur:fmc&tbm=isch&tbo=u&source=univ&sa=X&ved=0ahUKEwjgy8-f95jLAhWI7hoKHV_UD00QsAQIMQ&biw=1265&bih=1359
# Android-best-practicesBot will need access to your repo. Simply because the code is not available for the public
# to read and comment on.
# 
# Note: Holding cmd ( ⌘ ) and double clicking a link will open it in your browser.
# 
# Cool, please press return when you have your account ready (and you've verified the email...)

Setting up an "Access Token"

# Step 3: Configuring a GitHub Personal Access Token
# 
# Here's the link, you should open this in the private session where you just created the new GitHub account
# -> https://github.com/settings/tokens/new
# 
# For token access rights, I need to know if this is for an Open Source or Closed Source project
# ? [ Open / Closed ]
# > Closed
# For Closed Source projects, I'd recommend giving the token access to the whole repo scope.
# This means only providing access to repo, and its children in the token.
# 
# It's worth noting that you should not re-use this token for OSS repos.
# Make a new one for those repos with just public_repo.
# Additionally, don't forget to add your new GitHub account as a collaborator to your Closed Source project.
# 
# 👍, please press return when you have your token set up...

Configuring with Github Actions

Update DANGER_GITHUB_API_TOKEN

• Goto Workspace -> Settings -> Secrets -> New Repository Secret
• Add DANGER_GITHUB_API_TOKEN as YOUR_SECRET_NAME and add the Access Token just created using the above step as value.

Update Github Actions Workflow like below

name: Android CI

on:
  push:
    branches: [ master ]
  pull_request:
    branches:
      # Pull Request events on branches matching refs/heads/feature/*
      - 'feature/*'
      # Push events to branches matching refs/heads/hotfix/*
      - 'hotfix/*'
      # Push events to branches matching refs/heads/release/*
      - 'release/*'
env:
  SAMPLE_PATH: ./

jobs:
  build:

    runs-on: ubuntu-latest
    timeout-minutes: 30

    steps:
    - name: Checkout
      uses: actions/checkout@v2

    - name: Set up Ruby 2.6 (so that `bundle install` is possible )
      uses: actions/setup-ruby@v1
      with:
        ruby-version: '2.6'

    - name: Set up JDK 1.8
      uses: actions/setup-java@v1
      with:
        java-version: 1.8

    - name: Generate cache key
      run: ./scripts/checksum.sh $SAMPLE_PATH checksum.txt

    - name: Gradle Cache
      uses: actions/cache@v2
      with:
        path: |
          ~/.gradle/caches/modules-*
          ~/.gradle/caches/jars-*
          ~/.gradle/caches/build-cache-*
        key: gradle-${{ hashFiles('checksum.txt') }}

    - name: NDK Cache
      id: ndk-cache
      uses: actions/cache@v2
      with:
        path: ${ANDROID_HOME}/ndk/
        key: ndk-cache-21.3.6528147-v2

    # https://github.com/actions/virtual-environments/issues/643
    # NOTE : `NDK Cache - Key` has to be changed while changing the ndk version
    - name: Install NDK
      if: steps.ndk-cache.outputs.cache-hit != 'true'
      run: echo "y" | sudo ${ANDROID_HOME}/tools/bin/sdkmanager --install "ndk;21.3.6528147"

    # - name: Install Gradle Wrapper
    #   run: gradle wrapper

    - name: Build with Gradle
      run: ./gradlew build
    - name: Upload APK
      uses: actions/upload-artifact@v2
      with:
        name: artifacts
        path: app/build/outputs/apk/ByJus/debug/app-ByJus-debug.apk
        retention-days: 30
    - name: Run Spotless Check
      run: ./gradlew spotlessCheck

    - name: Run Detekt
      run: ./gradlew detekt

    - name: Run Lint
      run: ./gradlew lintDebug         

    - name: Install Gems -  (Will install Danger)
      run: |
        gem install bundler
        bundle install

    - name: Run Danger
      env:
        DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}
      run: bundle exec danger

---

References

• How to Automate Android Code Review - We Are MobileFirst
• Danger - Getting Setup
• Danger - Reference
• Running Danger on Github Actions
• Danger - APK Analyzer
• Github Actions - Upload Artifact
• Github Actions - Download Artifact
• Github Actions - How to Cache NDK
• Bash CheatSheet