個人でRailsでサービスを作っていますが、code reviewをしてみようと思います。
Code Climateを使おうと思いましたが、いろいろな事情で、無料で使えないので、Code Climate CLIを、local環境で動かしてみました。
環境
Mac Book Air
OS:10.10.5
準備
Code Climate CLIの記載の手順に従います。
- Docker Machineを使って、Mac場にdocker環境構築
- docker pull実行
$ docker pull codeclimate/codeclimate
- Mac上にbrewでコマンドinstall
$ brew tap codeclimate/formulae
$ brew install codeclimate
- 設定fileを作成
$ codeclimate init
Generating .codeclimate.yml...
Config file .codeclimate.yml successfully generated.
Edit and then try running 'validate-config' to check configuration.
Generating default configuration for engines...
Config file .csslintrc successfully generated.
Config file coffeelint.json successfully generated.
Config file .eslintrc successfully generated.
Config file .eslintignore successfully generated.
Config file .rubocop.yml successfully generated.
- 設定fileを編集
実行したら下記エラーがでたので、とりあえずduplicationは無効しました。
error: (CC::Analyzer::Engine::EngineTimeout) engine duplication ran for 900000 seconds and was killed
また、環境に依存して自動生成されるものがあったので、exclude_paths:にチェック対象外として設定しました。
---
engines:
brakeman:
enabled: true
bundler-audit:
enabled: true
csslint:
enabled: true
coffeelint:
enabled: true
duplication:
enabled: false
config:
languages:
- ruby
- javascript
- python
- php
eslint:
enabled: true
fixme:
enabled: true
rubocop:
enabled: true
ratings:
paths:
- Gemfile.lock
- "**.erb"
- "**.haml"
- "**.rb"
- "**.rhtml"
- "**.slim"
- "**.css"
- "**.coffee"
- "**.inc"
- "**.js"
- "**.jsx"
- "**.module"
- "**.php"
- "**.py"
exclude_paths:
- config/
- db/
- spec/
- vendor/
- bower_components/
- public/assets/application*
- 設定fileを事前チェク
$ codeclimate validate-config
No errors or warnings found in .codeclimate.yml file.
実行結果
$ codeclimate analyze
Starting analysis
Running brakeman: Done!
Running bundler-audit: Done!
Running csslint: Done!
Running coffeelint: Done!
Running eslint: Done!
Running fixme: Done!
Running rubocop: Done!
== .gitignore (1 issue) ==
20: TODO found [fixme]
== .gitignore~ (2 issues) ==
20: TODO found [fixme]
20: TODO found [fixme]
== Gemfile.lock (5 issues) ==
2: Insecure Source URI found: git://github.com/kirs/will_paginate.git [bundler-audit]
6: will_paginate Gem for Ruby Generated Pagination Link Unspecified XSS [bundler-audit]
9: Insecure Source URI found: git://github.com/rails/rails.git [bundler-audit]
69: Insecure Source URI found: git://github.com/twalpole/devise.git [bundler-audit]
73: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie [bundler-audit]
== Guardfile (1 issue) ==
36: Unused block argument - `m`. You can omit the argument if you don't care about it. [rubocop]
== app/assets/javascripts/cable.coffee (3 issues) ==
1: Line ends with trailing whitespace [coffeelint]
2: Line exceeds maximum allowed length [coffeelint]
4: Line exceeds maximum allowed length [coffeelint]
== app/assets/javascripts/channels/room.coffee (3 issues) ==
3: Line contains inconsistent indentation [coffeelint]
13: Line exceeds maximum allowed length [coffeelint]
16: Line exceeds maximum allowed length [coffeelint]
== app/controllers/comments_controller.rb (1 issue) ==
6-32: Cyclomatic complexity for create is too high. [8/6] [rubocop]
== app/controllers/scores_controller.rb (2 issues) ==
53-107: Cyclomatic complexity for update is too high. [16/6] [rubocop]
53-107: Method has too many lines. [40/30] [rubocop]
== app/models/user.rb (2 issues) ==
30: Unused method argument - `signed_in_resource`. If it's necessary, use `_` or `_signed_in_resource` as an argument name to indicate that it won't be used. [rubocop]
43: Unused method argument - `signed_in_resource`. If it's necessary, use `_` or `_signed_in_resource` as an argument name to indicate that it won't be used. [rubocop]
== app/views/scores/index.html.erb (1 issue) ==
6-: Render path contains parameter value [brakeman]
== app/views/scores/show.html.erb (1 issue) ==
38-: Render path contains parameter value [brakeman]
Analysis complete! Found 22 issues.
参考
ちなみに、使えるengineは下記のようです。
$ codeclimate engines:list
Available engines:
- brakeman: Static analysis tool which checks Ruby on Rails applications for security vulnerabilities.
- bundler-audit: Patch-level verification for Bundler.
- coffeelint: A style checker for CoffeeScript.
- csslint: Automated linting of Cascading Stylesheets.
- duplication: Structural duplication detection for Ruby, Python, JavaScript, and PHP.
- eslint: A JavaScript/JSX linting utility.
- fixme: Finds FIXME, TODO, HACK, etc. comments.
- foodcritic: Lint tool for Chef cookbooks.
- gofmt: Checks the formatting of Go programs.
- golint: A linter for Go.
- govet: Reports suspicious constructs in Go programs.
- hlint: Linter for Haskell programs.
- kibit: Static code analyzer for Clojure, ClojureScript, cljx and other Clojure variants.
- nodesecurity: Security tool for Node.js dependencies.
- pep8: Static analysis tool to check Python code against the style conventions outlined in PEP-8.
- phpcodesniffer: Detects violations of a defined set of coding standards in PHP.
- phpmd: A PHP static analysis tool.
- radon: Python tool used to compute Cyclomatic Complexity.
- requiresafe: Security tool for Node.js dependencies.
- rubocop: A Ruby static code analyzer, based on the community Ruby style guide.
- rubocop-v35: A Ruby static code analyzer, based on the community Ruby style guide. Version 0.35.1 of RuboCop.
- rubymotion: Rubymotion-specific rubocop checks.
- scss-lint: Configurable tool for writing clean and consistent SCSS.
- vint: Fast and Highly Extensible Vim script Language Lint implemented by Python.
- watson: A young Ember Doctor to help you fix your code.
まとめ
- とりあえず、code reviewができる状態になりました。
- しかし、Code Climateの方がグラフィカルに表示してくれるので、みやすくていいなぁと思ってます。github public repositoryとして公開できるようにした方が、今後も、何かと外部の無料サービスと連携しやすくていいかも。と感じてます。