Add Overcommit (#765)

* Add Overcommit Overcommit will run checks against any staged code and commit messages before allowing the code to be committed or pushed. This example .overcommit.yml file follows what I've tended to use on past projects. It's opt-in by running the `overcommit --install` command, and can always be disabled or overridden if needed. For an example of how it works, make one of the yaml configuration files invalid and try to commit it. * Add comments and a note to the readme * Fix a regex typo * Add bin/setup-osx script
department-of-veterans-affairs · Feb 22, 2017 · 70522e5 · 70522e5
1 parent f228385
commit 70522e5
Show file tree

Hide file tree

Showing 7 changed files with 229 additions and 99 deletions.
diff --git a/.git-hooks/pre_commit/internal_addresses.rb b/.git-hooks/pre_commit/internal_addresses.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+module Overcommit::Hook::PreCommit
+  class InternalAddresses < Base
+    def run
+      errors = []
+      unparsable = []
+
+      applicable_files.each do |file|
+        begin
+          contents = File.read(file)
+          errors << "#{file}: Includes 10.X.Y.Z address" if contents =~ /10\.\d+\.\d+\.\d+/
+          errors << "#{file}: Includes vaww address" if contents =~ /vaww\./
+        rescue
+          unparsable << "Could not match against #{file}"
+        end
+      end
+
+      return :fail, errors.join("\n") if errors.any?
+
+      :pass
+    end
+  end
+end
diff --git a/.overcommit.yml b/.overcommit.yml
@@ -0,0 +1,75 @@
+PreCommit:
+  # Check if local Gemfile.lock matches Gemfile when either changes, unless
+  # Gemfile.lock is ignored by git.
+  BundleCheck:
+    enabled: true
+
+  # Warns if any TODO or FIXMEs are added.
+  FixMe:
+    enabled: true
+
+  # Disallows commits on these branches. Always work in a branch!
+  ForbiddenBranches:
+    enabled: true
+    branch_patterns:
+      - 'master'
+      - 'production'
+      - 'release-*'
+
+  # Disallow local filesystem paths in the Gemfile
+  LocalPathsInGemfile:
+    enabled: true
+
+  # Check for internal VA addresses in new commits
+  InternalAddresses:
+    enabled: true
+
+  # Re-run rubocop before allowing a commit to cut down on 'lint fix' commits
+  RuboCop:
+    enabled: true
+    on_warn: fail # Treat all warnings as failures
+    command: ['bundle', 'exec', 'rubocop']
+    exclude:
+      - 'Gemfile'
+
+  # Warn on trailing whitespace, which Rubocop may also catch.
+  TrailingWhitespace:
+    enabled: true
+    exclude:
+      - '**/db/structure.sql' # Ignore trailing whitespace in generated files
+      - '**/*.yml'
+      - '**/*.yml.example'
+      - '**/*.md'
+
+  # Ensures YAMLs are valid
+  YamlSyntax:
+    enabled: true
+
+PrePush:
+  # Prevents destructive updates to specified branches.
+  ProtectedBranches:
+    enabled: true
+    branch_patterns:
+      - 'master'
+      - 'production'
+      - 'release-*'
+
+  # Re-run Brakeman before pushing, as it's quick.
+  Brakeman:
+    enabled: true
+    command: ['bundle', 'exec', 'brakeman']
+
+PostCheckout:
+  ALL:
+    quiet: true
+
+  # Run `bundle install` if the Gemfile or Gemfile lock change during a checkout
+  BundleInstall:
+    enabled: true
+    quiet: false
+
+PostRewrite:
+  # Run `bundle install` if the Gemfile or Gemfile lock change during a checkout
+  BundleInstall:
+    enabled: true
+    quiet: false
diff --git a/Gemfile b/Gemfile
@@ -73,7 +73,7 @@ group :development, :test do
   gem 'factory_girl_rails'
 
   gem 'foreman'
-
+  gem 'overcommit'
   # This middleware logs your HTTP requests as CURL compatible commands so you can share the calls with downstream
   # assists in debugging
   gem 'faraday_curl'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -91,6 +91,8 @@ GEM
     carrierwave-aws (1.0.2)
       aws-sdk (~> 2.0)
       carrierwave (>= 0.7, < 2.0)
+    childprocess (0.5.9)
+      ffi (~> 1.0, >= 1.0.11)
     climate_control (0.0.3)
       activesupport (>= 3.0)
     coderay (1.1.1)
@@ -171,6 +173,7 @@ GEM
     i18n (0.7.0)
     ice_nine (0.11.2)
     iconv (1.0.4)
+    iniparse (1.4.2)
     jmespath (1.3.1)
     json (1.8.3)
     json-schema (2.7.0)
@@ -208,6 +211,9 @@ GEM
     oj (2.17.4)
     olive_branch (1.1.0)
       rails (>= 4.0)
+    overcommit (0.37.0)
+      childprocess (~> 0.5.8)
+      iniparse (~> 1.4)
     ox (2.4.4)
     parser (2.3.1.2)
       ast (~> 2.2)
@@ -418,6 +424,7 @@ DEPENDENCIES
   net-sftp
   oj
   olive_branch
+  overcommit
   ox (~> 2.4)
   pdf-reader
   pg

diff --git a/README.md b/README.md
@@ -2,8 +2,6 @@
 
 This project provides common APIs for applications that live on vets.gov.
 
-
-
 ## Developer Setup
 Vets-api requires:
 - postgres
@@ -12,32 +10,50 @@ Vets-api requires:
 
 ### Base Setup
 
+To start, fetch this code: `git clone https://github.com/department-of-veterans-affairs/vets-api.git`
+
+#### Automated
+
+*From the `vets-api` directory, run `./bin/setup-osx && source ~/.bash_profile && cd .` if you're on a mac. It will ensure that you have all development dependencies setup*
+
+#### Alternative
 1. Install Ruby 2.3. (It is suggested to use a Ruby version manager such as [rbenv](https://github.com/rbenv/rbenv#installation) and then to [install Ruby 2.3](https://github.com/rbenv/rbenv#installing-ruby-versions)).
 *Note*: rbenv will also provide additional installation instructions in the console output. Make sure to follow those too.
 1. Install Bundler to manage dependencies: `gem install bundler`
 1. Install Postgres (on Mac): `brew install postgres`
-1. Get the code: `git clone https://github.com/department-of-veterans-affairs/vets-api.git; cd vets-api; git submodule init; git submodule update`
-1. Install gem dependencies: `bundle install`
+
+1. Install Redis (on Mac): `brew install redis`
+1. Install gem dependencies: `cd vets-api; bundle install`
+1. Install overcommit `overcommit --install --sign`
 1. Create a application.yml `cat ./config/application.yml.example > ./config/application.yml`
 1. Setup localhost certificates / keys
   - Create a hidden folder in home directory:  `mkdir ~/.certs`
   - Copy the [certificate](https://github.com/department-of-veterans-affairs/vets.gov-team/blob/master/Products/Identity/Identity%20Discovery%202016/certificates/vetsgov-localhost.crt) to ~/.certs
   - Copy the [key](https://github.com/department-of-veterans-affairs/vets.gov-team/blob/master/Products/Identity/Identity%20Discovery%202016/certificates/vetsgov-localhost.key) to ~/.certs
 
-### Database Setup
-1. Start Postgres: `postgres -D /usr/local/var/postgres`
+
+##### Database Setup
+1. Start Postgres: `brew services start postgres`
 1. Create dev database: `bundle exec rake db:setup`
 
-### Redis Setup
+##### Redis Setup
+You will need to specify the following environment variables in `application.yml`:
+```
+REDIS_HOST
+REDIS_PORT
+```
+
+For an example, see `application.yml.example`
 
-1. Install Redis (on mac): `brew install redis`
 1. Follow post install instructions
   - always have Redis running as service
-  - manually launch Redis `redis-server /usr/local/etc/redis.conf`
+  - manually launch Redis `brew services start redis`
+1. Set the environment variables above according to your Redis configuration
+
 
 *Note*: If you encounter `Redis::CannotConnectError: Error connecting to Redis on localhost:6379 (Errno::ECONNREFUSED)`
 this is a sign that redis is not currently running or `config/redis.yml` is not using correct host and port.
-
+Tra
 ### Optional Application Configuration
 The following features require additional configuration, click for details.
 - [Authentication with ID.me](/docs/setup/authentication_with_idme.md)
@@ -64,7 +80,7 @@ Manually run each:
 - `bundle exec rake lint` - Run the full suite of linters on the codebase.
 - `bundle exec guard` - Runs the guard test server that reruns your tests after files are saved. Useful for TDD!
 - `bundle exec rake security` - Run the suite of security scanners on the codebase.
-- `bundle exec rake ci` - Run all build steps performed in Jenkins.
+- `bundle exec rake ci` - Run all build steps performed in CI.
 
 ## Deployment Instructions
 

diff --git a/bin/setup b/bin/setup