Init Danger/Endanger with Backbone/package.json versions rules

.github/workflows/danger.yml

@@ -0,0 +1,32 @@
+# Copyright 2020-2022 Signal Messenger, LLC
+# SPDX-License-Identifier: AGPL-3.0-only
+
+name: CI
+on:
+  pull_request:
+
+jobs:
+  danger:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 # fetch all history
+      - uses: actions/setup-node@v3
+        with:
+          node-version: '16.15.0'
+      - run: npm install -g yarn@1.22.10
+      - name: Cache danger node_modules
+        id: cache-desktop-modules
+        uses: actions/cache@v3
+        with:
+          path: danger/node_modules
+          key: danger-${{ runner.os }}-${{ hashFiles('danger/package.json', 'danger/yarn.lock') }}
+      - name: Install danger node_modules
+        if: steps.cache-desktop-modules.outputs.cache-hit != 'true'
+        run: cd danger && yarn install --frozen-lockfile
+      - name: Run DangerJS
+        run: yarn danger:ci
+        env:
+          DANGER_GITHUB_API_TOKEN: ${{ secrets.AUTOMATED_GITHUB_PAT }}

.gitignore

@@ -1,4 +1,5 @@
 node_modules
+node_modules_bkp
 .sass-cache
 coverage/*
 build/curve25519_compiled.js

danger/danger.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+# Copyright 2022 Signal Messenger, LLC
+# SPDX-License-Identifier: AGPL-3.0-only
+
+if [ -f ./node_modules/.bin/danger ]; then
+  echo "Running with ./node_modules/.bin/danger"
+  ./node_modules/.bin/danger $@
+elif [ -f ./danger/node_modules/.bin/danger ]; then
+  echo "Running with ./danger/node_modules/.bin/danger"
+  ./danger/node_modules/.bin/danger $@
+else
+  echo "Danger not found, did you run yarn in either the root or danger/ dir?"
+  exit 1
+fi

danger/package.json

@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "danger": "11.1.2",
+    "endanger": "7.0.4",
+    "typescript": "4.6.2"
+  }
+}

danger/rules.ts

@@ -0,0 +1,9 @@
+// Copyright 2022 Signal Messenger, LLC
+// SPDX-License-Identifier: AGPL-3.0-only
+
+import { run } from 'endanger';
+
+import migrateBackboneToRedux from './rules/migrateBackboneToRedux';
+import packageJsonVersionsShouldBePinned from './rules/packageJsonVersionsShouldBePinned';
+
+run(migrateBackboneToRedux(), packageJsonVersionsShouldBePinned());

danger/rules/migrateBackboneToRedux.ts

@@ -0,0 +1,54 @@
+// Copyright 2022 Signal Messenger, LLC
+// SPDX-License-Identifier: AGPL-3.0-only
+
+import { Line, Rule } from 'endanger';
+
+export default function migrateBackboneToRedux() {
+  return new Rule({
+    match: {
+      files: ['**/*.{js,jsx,ts,tsx}'],
+    },
+    messages: {
+      foundNewBackboneFile: `
+				**Prefer Redux**
+				Don't create new Backbone files, use Redux
+			`,
+      foundBackboneFileWithManyChanges: `
+				**Prefer Redux**
+				Migrate Backbone files to Redux when making major changes
+			`,
+    },
+    async run({ files, context }) {
+      for (let file of files.touched) {
+        let lines = await file.lines();
+        let matchedLine: Line | null = null;
+
+        for (let line of lines) {
+          // Check for the most stable part of the backbone `import`
+          if (
+            (await line.contains("from 'backbone'")) ||
+            (await line.contains('window.Backbone'))
+          ) {
+            matchedLine = line;
+            break;
+          }
+        }
+
+        if (!matchedLine) {
+          continue;
+        }
+
+        if (file.created) {
+          context.warn('foundNewBackboneFile', { file, line: matchedLine });
+        } else if (file.modifiedOnly) {
+          if (await file.diff().changedBy({ added: 0.1 })) {
+            context.warn('foundBackboneFileWithManyChanges', {
+              file,
+              line: matchedLine,
+            });
+          }
+        }
+      }
+    },
+  });
+}

danger/rules/packageJsonVersionsShouldBePinned.ts

@@ -0,0 +1,77 @@
+// Copyright 2022 Signal Messenger, LLC
+// SPDX-License-Identifier: AGPL-3.0-only
+
+import { File, Rule } from 'endanger';
+import semver from 'semver';
+
+function isPinnedVersion(version: string): boolean {
+  if (version.startsWith('https:')) {
+    return version.includes('#');
+  }
+  return semver.valid(version) !== null;
+}
+
+async function getLineContaining(file: File, text: string) {
+  let lines = await file.lines();
+  for (let line of lines) {
+    if (await line.contains(text)) {
+      return line;
+    }
+  }
+  return null;
+}
+
+let dependencyTypes = [
+  'dependencies',
+  'devDependencies',
+  'peerDependencies',
+  'optionalDependencies',
+];
+
+export default function packageJsonVersionsShouldBePinned() {
+  return new Rule({
+    match: {
+      files: ['**/package.json', '!**/node_modules/**'],
+    },
+    messages: {
+      packageJsonVersionsShouldBePinned: `
+				**Pin package.json versions**
+				All package.json versions should be pinned to a specific version.
+        See {depName}@{depVersion} in {filePath}#{dependencyType}.
+			`,
+    },
+    async run({ files, context }) {
+      for (let file of files.modifiedOrCreated) {
+        let pkg = await file.json();
+        for (let dependencyType of dependencyTypes) {
+          let deps = pkg[dependencyType];
+          if (deps == null) {
+            continue;
+          }
+          for (let depName of Object.keys(deps)) {
+            let depVersion = deps[depName];
+            if (!isPinnedVersion(depVersion)) {
+              let line = await getLineContaining(
+                file,
+                `"${depName}": "${depVersion}"`
+              );
+              context.warn(
+                'packageJsonVersionsShouldBePinned',
+                {
+                  file,
+                  line: line ?? undefined,
+                },
+                {
+                  depName,
+                  depVersion,
+                  filePath: file.path,
+                  dependencyType,
+                }
+              );
+            }
+          }
+        }
+      }
+    },
+  });
+}