Via #52 (comment), it would be nice to log network requests/responses and other important information in a --debug or --verbose mode. When a bug report is submitted, having this information would be helpful in debugging via GitHub issues.

Version 18.0.2 of ts-jest just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As ts-jest is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Every Github PR has an issue behind it, and the issues contains the reference to the labels. This is useful to enforce a label being used on each PR.

Github Issues Docs
Current Github DSL

Proposal: Add danger.github.issue that contains a reference to the issue behind this PR.

Version 19.0.1 of jest just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As jest is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

@cpojer @nsfmc and I had a chat in reactiflux jest about how Jest handles both process separation and babel transformations. The work is done inside jest-runtime which should do basically every thing we'd need to handle both process separations and babel transformation of source.

nsfmc - Today at 4:01 PM
it basically should behave like the way jest does in that when danger ingests a dangerfile.js, it can do things like import {bar} from './foo'

cpojer - Today at 4:01 PM
lol

nsfmc - Today at 4:01 PM
so right now, just naively setting up that vm context with the NODE_PATH of the project, i can import stuff from node_modules which is NotBad™, but i figured i would examine how jest Made It Look So Easy

cpojer - Today at 4:02 PM
haha
so you are trying to sandbox stuff in a vm, is that it?

nsfmc - Today at 4:02 PM
i won't speak for @orta but i don't know that sandboxing for sake of security is strictly necessary

cpojer - Today at 4:03 PM
well, it's not really secure, you can almost always break out of it

nsfmc - Today at 4:03 PM
like, my impression is just that you want to run the script as if it were running from node
but you want to inject the context with danger-specific things

orta - Today at 4:03 PM
Yeah, I was planning on adding a true process separation for Danger + DangerRunner for security later down the line

nsfmc - Today at 4:04 PM
i started poking at the problem a little over a week ago and then life caught up with me

cpojer - Today at 4:05 PM
so the way you can do it, use jest-runtime + fork a process
with jest-runtime you get a custom require implementation as well, so it'll work really well and you don't have to worry about it

nsfmc - Today at 4:05 PM
oooooh

orta - Today at 4:06 PM
yeah, that is basically what we want I think

cpojer - Today at 4:06 PM
and it will work as long as Jest works

orta - Today at 4:06 PM
hah, and could be less deps for anyone using jest for their projects too

cpojer - Today at 4:07 PM
yea, it doesn't increase deps then :smiley:

nsfmc - Today at 4:08 PM
cool, that's neat, i am not married to working on that, but i may hit it up if i have some free time @orta

orta - Today at 4:09 PM
yeah, that's legit - I have no expectations

nsfmc - Today at 4:09 PM
rockin

orta - Today at 4:09 PM
my xmas plan was to build hosted danger, wherein this is a blocker on that

cpojer - Today at 4:09 PM
you may not even need jest-runtime, you can just run in a separate process in node
but if you need transforms, jest-runtime might work well

orta - Today at 4:09 PM
so I will have to do it by EOY sort of thing
yeah, I think transforms are important
and I'll definitely need to control what you can import

nsfmc - Today at 4:10 PM
does/will hosted-danger have the capacity to install arbitrary modules?  kinda curious about how that would work

orta - Today at 4:10 PM
it will have to IMO, standard library isn't enough
hah, we can take over for a sec :stuck_out_tongue:
I was debating whitelisting "safe" modules

nsfmc - Today at 4:11 PM
yeah, i mean, i can mostly see the runkit approach (no clue what they do) or something where you upload modules of your own along with a dangerfile

cpojer - Today at 4:11 PM
feel free to send PRs to jest-runtime to add certain options too
blacklisting modules should be easy
but as soon as you have access to fs and eval…

orta - Today at 4:12 PM
exactly, all over then :smiley:

Version 6.22.0 of babel-preset-es2015 just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As babel-preset-es2015 is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Trying to add to artsy/elderfield#42

> [email protected] danger /home/travis/build/artsy/elderfield
> danger
module.js:327
    throw err;
    ^
Error: Cannot find module 'jest-environment-node'
    at Function.Module._resolveFilename (module.js:325:15)
    at Function.Module._load (module.js:276:25)
    at Module.require (module.js:353:17)
    at require (internal/module.js:12:17)
    at Object.<anonymous> (/home/travis/build/artsy/elderfield/node_modules/danger/distribution/runner/DangerfileRunner.js:131:28)
    at Module._compile (module.js:409:26)
    at Object.Module._extensions..js (module.js:416:10)
    at Module.load (module.js:343:32)
    at Function.Module._load (module.js:300:12)
    at Module.require (module.js:353:17)
    at require (internal/module.js:12:17)

The relevant code in dangerfile:

// Ensure the use of 'use strict'; on all files
const noStrictFiles = newJsFiles.filter(filepath => {
  const content = fs.readFileSync(filepath).toString();
  return !includes(content, 'use strict');
});

Basically ES modules are strict mode by default, so the check should look for use of "import"/"export" to determine if flagging is required.

Take the existing Travis.js, duplicate it ( and it's tests ) then take the concepts from here and port this over

/cc @kanaabe

(This is not meant as some kind of advertisement, just an idea)

Should greenkeeper (https://greenkeeper.io) help to keep the dependencies up-to-date? Right now, there aren't a lot of normal npm- dependencies, but it could help to keep them somehow on the latest version.

The bot sends a PR if there's a new version of a dependency and increments the version.

They're on a separate API call curl https://api.github.com/repos/artsy/emission/pulls/327/commits (see this branch )

I think we should just expose the full data like we do for github.pr - as this is github specific ( it's an API call, and would be different between github/gitlab ) then I think it probably needs to go on github so maybe github.commits seems fine?

I'd also be interested in discussion about having two versions: git.commits and github.commits the git version could just have the raw cross-API data ( message, parent tree, committer, author ) whereas the github version can contain the full metadata (comments etc)

This means you can write a rule like

const mergeCommits = danger.github.commits.select(commit => commit.commit.message.includes("merge")
if (mergeCommits.length > 0){ fail("I said no merges! sigh")

For issues like #83 it would be good to have a test repo that maybe makes a version update on a trigger for every new danger.js release.

Version 4.4.2 of tslint just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As tslint is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Version 3.2.7 of lint-staged just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As lint-staged is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Version 16.0.5 of @types/jest just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As @types/jest is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Hello there, in Peril I started adding an underscore before the name of a test file so that it shows lower in the file browser when doing an open quickly

Was thinking of making this change in Danger (and making a rule in the Dangerfile), anyone got opinions on better ideas or think as-is is 👍 ?

danger pr https://github.com/github/fetch/pull/413 should run the local Dangerfile.js against that PR. There is an implementation of this in Danger-rb.

I tried playing around with Danger, but I immediately hit a wall when trying to run it. Running on Windows, but I'm not sure if that has anything to do with it.

From my package.json:

  "scripts": {
    "danger": "danger"
  },
  "devDependencies": {
    "danger": "^0.7.0"
  }

> npm run danger

> [email protected] danger C:\foo
> danger

module.js:472
    throw err;
    ^

Error: Cannot find module 'jest-runtime'
    at Function.Module._resolveFilename (module.js:470:15)
    at Function.Module._load (module.js:418:25)
    at Module.require (module.js:498:17)
    at require (internal/module.js:20:19)
    at Object.<anonymous> (C:\foo\node_modules\danger\distribution\runner\DangerfileRunner.js:80:20)
    at Module._compile (module.js:571:32)
    at Object.Module._extensions..js (module.js:580:10)
    at Module.load (module.js:488:32)
    at tryModuleLoad (module.js:447:12)
    at Function.Module._load (module.js:439:3)

Currently for every fail there will be a new comment. We should edit an existing message, so that you don't get a lot of emails.

How does async code works in dangerfile? I gave quick try like

const fs = require("fs");
const os = require("os");
const summary = require("lcov-summary");

const file = fs.readFileSync("./coverage/lcov.info", "utf-8");

summary(file, (err, results) => {
  console.log('here');
  if (err) {
    warn("cannot retrieve code coverage");
  } else {
    console.log('there');
    const total = results
      .split(os.EOL)
      .filter((result) => result.match(/Total Coverage/))[0];
    message(total);
    warn(total);
    fail('fail');
  }
});

to write down simple message inside of callback. Callback's executed, but none of danger messages are written down. is this expected?

From jestjs/jest#2508

danger.github.linkFiles ->

// Takes a list of file paths, and converts it into clickable links
const linkableFiles = (paths: Array<string>): string => {
  const repoURL = danger.github.pr.head.repo.html_url;
  const ref = danger.github.pr.head.ref;
  const links = paths.map(path => {
    return createLink(`${repoURL}/blob/${ref}/${path}`, path);
  });
  return toSentence(links);
};

I think we probably also need util functions that are specific to universal Danger use-cases, mainly as the JS core lib is relatively weak:

danger.utils.sentence:

// ["1", "2", "3"] to "1, 2 and 3"
const toSentence = (array: Array<string>) : string => {
  if (array.length === 1) { return array[0]; }
  return array.slice(0, array.length - 1).join(', ') + ' and ' + array.pop();
};

danger.utils.href:

// ("/href/thing", "name") to "<a href="/href/thing">name</a>"
const createLink = (href: string, text: string): string => 
  `<a href='${href}'>${text}</a>`;

When running danger pr <PR_URL> often locally for testing, caching the JSON response from the GitHub API / making a conditional request will help prevent exceeding the rate limit.

See danger/danger#198 and danger/danger@b0b18a0 for the corresponding Danger-rb discussion/implementation. We will want to add a --clear-http-cache flag for parity with Danger-rb.

If this applies to more than just danger pr, please chime in!

Hi there,

This seems like a great project !

My use-case is to update failed PRs with a comment containing the text from the failed travis test that was run. This is so that I can automate asking users to take a look at the errors. And also one does not have to manually click the travis link to look what the error was.

How can I write a Dangerfile to achieve this ?

Danger 0.8.0. What am I missing?

https://travis-ci.org/matt-kruse/alexa-app-server/builds/190989229

This provides an easy way to understand what's going on

Right now when writing dangerfiles, I reference the TypeScript interfaces within the codebase. It would be helpful to bring the public API out into the open somehow.

The reason I bring this up is because I'm introducing Danger-js into some codebases at work and want people to get involved, but it becomes a bit more challenging when the API documentation is within the codebase and spans multiple files.

Would it make sense to maintain an index.d.ts file like Redux does that could also be used to generate a simple API documentation website or something like that?

I wanted to get a conversation started on this to see what some plans are down the line and what I can help with in the near future. 👍

Sidenote: how will danger-js be integrated into the Danger website reference when it hits 1.0? Is there a way we can consider documenting this codebase's API in a way that would more easily integrate into the official website down the road?

Use case: often times, a PR is opened with lint errors or danger failures, and those errors are quickly fixed and pushed up to GitHub. I would like to run danger pr against a specific commit in a PR that has danger errors instead of the latest commit, which is fixed.

Running a command like:

danger pr https://github.com/danger/danger-js/pull/99/commits/7fe319d55ce4195ab9c8d439414028b134a63eca

could test my dangerfile.js changes against 7fe319d (assuming there were some danger failures in those code changes).

This would be an alternative to running:

export DANGER_FAKE_CI="YEP"
export DANGER_GITHUB_API_TOKEN='xxxxxxxxxx'  # a github api token
export DANGER_TEST_REPO='danger/danger-js'
git checkout branch-for-pr-99
DANGER_TEST_PR='99' npm run danger

which would leave a comment on the PR in GitHub.

Thoughts?

Currently dangerfile support markdown via markdown() explicitly, while any other messages are using HTML template tables.

Case of HTML templates, notifications other than github page sometimes does not able to display full contents, by HTML tags takes most of texts and actual contents are being trimmed. For example, below is our current slack github hook notification -

can't see actual messages and have to open github page.

What about github template renders all contents via markdown by default, then introduce some configuration to select HTML based templates instead? In those cases, danger messages will behave

1. if template's markdown
   message() === markdown(), all other messages will be rendered to markdown as well

2. if template's html
   message() !== markdown(), user selectively choose between message & markdown to render contents. All other messages will be rendered into HTML table.

https://travis-ci.org/matt-kruse/alexa-app/builds/185211730

> [email protected] danger /home/travis/build/matt-kruse/alexa-app
> danger
OK, looks good Travis CI on GitHub
Failed

https://github.com/matt-kruse/alexa-app/pull/91

I'll want something that takes flow & ESLint's JSON output and allows us to show errors for that. In ruby this is as simple as

`echo "OK"`

I don't know what that should look like in JS, perhaps we'll need something like?

danger.run("flow check --json", output: "json", (result: any) => {
  if (!result.passed) {
    fail("Boo! Better fix them types")
  }
})

Given the prevalence of JSON output, we can optionally handle the transition from text for users too

We want to be able to do fail warn and message and markdown on a PR comment

The current ERB template for GitHub is https://github.com/danger/danger/blob/master/lib/danger/comment_generators/github.md.erb

So we can do:

@orta thanks for giving me NPM publish access (#116 (comment)). I wanted to open an issue to add documentation to the README about publishing this package.

My assumptions on how this would go:

• Bump the version number. In the case of #116, I would run npm version patch to create an 0.10.1 bugfix version (which would also create a git tag). We could coordinate on minor and especially major version releases, but I would feel comfortable shipping 0.10.1 as a bugfix release.
• Push that commit to GitHub
• Run npm publish, which would build and publish danger to NPM

Could you please clarify? I'll turn this issue into a PR with documentation. Thanks! 😄 🚢

EDIT: should have checked before opening the issue, but 0.10.1 was shipped in 8775f48, which looks like we just:

• Bump the version number manually
• Modify the changelog to include the new version number
• Commit that and push to GitHub
• Run npm publish?

I really like the style of the eslint bot, which responds like this:

I've noticed that with the "tabular" robotic style people sometimes ignore the bot. Making it respond in natural language would help with that, as we could make it seem like a normal user on the first glance.

Not sure what the API for this would look like, thought I'd kick off a discussion!

The Jenkins CI source in Danger.rb, for reference

Version 6.22.0 of babel-plugin-transform-regenerator just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As babel-plugin-transform-regenerator is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Via #71 (comment)

Is this something we'd like to move forward with? I personally enjoy writing TS. Haven't converted Flow to TS before, so I'm not sure if it's something we could do incrementally or maybe doing it all in one shot isn't a difficult task.

Any thoughts? /cc @orta @kwonoj

Version 4.4.0 of tslint just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As tslint is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Version 2.2.1 of typescript just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As typescript is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

distribution/danger.js will need to include all of the exported functions / vars - so that the import statement autocompletes. These can just be empty functions.

Mostly leaving this here as a reminder for me to fix it when I get home:

yarn danger v0.20.3
$ danger 
OK, looks good Codeship on GitHub
Error:  TypeError: Cannot convert  or null to object
at Function.from (native)
at _toConsumableArray (dangerfile.js:1:303)
at Object.<anonymous> (dangerfile.js:10:101)
at Runtime._execModule (~/node_modules/jest-runtime/build/index.js:442:13)
at Runtime.requireModule (~/node_modules/jest-runtime/build/index.js:296:14)
at ~/node_modules/danger/distribution/runner/DangerfileRunner.js:110:25
at ensureCleanDangerfile (~/node_modules/danger/distribution/runner/DangerfileRunner.js:131:5)
at Object.<anonymous> (~/node_modules/danger/distribution/runner/DangerfileRunner.js:109:13)
at step (~/node_modules/danger/distribution/runner/DangerfileRunner.js:32:23)
at Object.next (~/node_modules/danger/distribution/runner/DangerfileRunner.js:13:53)
error Command failed with exit code 1.
not running danger

You'll need to download all the comments on a PR, look for which ones are owned by Danger and remove them.

allow overriding api.github.com with DANGER_GITHUB_API_HOST so you can run danger-js against github enterprise

https://github.com/danger/danger-js/blob/master/source/platforms/github/GitHubAPI.ts#L133

Version 4.5.0 of tslint just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As tslint is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

We've been noticing a lot of queued Appveyor builds that won't build when PRs are opened. All of the failing builds in the screenshot are due to Appveyor builds being cancelled when PRs are merged.

Is this an issue with our Appveyor config, or is this something we need to communicate to Appveyor? Either way, here's an issue for checking it out.

I vote this was not "All Good."

Probably needs changes in the npmignore

Version 2.6.2 of debug just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As debug is a direct dependency of this project this is very likely breaking your project right now. If other packages depend on you it’s very likely also breaking them.
I recommend you give this issue a very high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Danger-rb's methods support the following parameters:

warn (message: String, sticky=false: Boolean, file=nil: String, line=nil: String)

These methods allow for adding a warning/error/messages inline on a specific file. What would be involved in porting that functionality to Danger-js?

The current type definition of warn in Danger-js is:

warn(message: MarkdownString): void

Could we just add more parameters? Would we accept an options object as a second parameter?

// perhaps this
warn(message: MarkdownString, file=undefined: String, line=undefined: String)

// or
warn(message: MarkdownString, options: { file: String, line: String })

Also, where would sticky: Boolean come into play - would that be a part of this work, or should that be a part of a separate issue?

Version 6.22.2 of babel-cli just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As babel-cli is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴