Open in app

Sign in

Write

Sign in

Mastodon

A Bot to Help Code Review

Rahmad Hidayat
Qasir
Published in
4 min readJun 20, 2022

Code Review is an essential activity in software development. Many aspects must be taken care of when we review a code, mainly when we review code from people who have just joined the team. Even though there is already a code convention, sometimes we forget some basic things. Likewise, code reviewers sometimes skip things they should comment on when reviewing code. Maybe they're busy or just too tired.

In this article, I will share the stack I use to build a simple bot to help the code review process in the mobile team.

Danger

danger system website

Danger is a tool to help automate common code review chores. Danger is available in Ruby, JS, and Swift. There are also Kotlin and Python versions that are still under development.

Not only code review, with so many plugins available, we can also automate a lot of things like analyzing the APK, checking the permissions, and many more.

plugins available

I'm using the Ruby version on my project. To install Danger, the documentation itself is pretty straightforward. After that, you will have two files on your repo.

Gemfile

source "https://rubygems.org"

gem 'danger'
gem 'danger-gitlab'

This file is where we put the dependencies or plugins we need.

Dangerfile

# ENSURE THAT ALL MRS HAVE AN ASSIGNEE.
warn "This MR does not have any assignees yet." unless gitlab.mr_json["assignee"]

# ENSURE THERE IS A SUMMARY FOR A MR.
failure "Please provide a summary in the Merge Request description" if gitlab.mr_body.length < 5

WARN WHEN AN MR IS CLASSED AS WORK IN PROGRESS.
warn "MR is classed as Work in Progress" if gitlab.mr_title.include? "[WIP]"

This file is where we configure the dependency settings or set any bot rules.

Later, we will add some things needed to connect Detekt with Danger.

Detekt

detekt website

Detekt is a static code analyzer for Kotlin. We use this to review the standard coding best practice and set any custom rules we need to match our code convention.

There are several ways to install Detekt. However, I prefer the CLI version because I only run Detekt in CI.

To connect Detekt with Danger, I'm using a plugin called danger-checkstyle_format. There is also a Detekt plugin for Danger, but when I tried, the inline comment was not working.

To use danger-checkstyle_format, add the plugin to the Gemfile.

gem 'danger-checkstyle_format'

And add the configuration in the Dangerfile.

# Detekt CLI
 report_dir = "build/reports/detekt/detekt.xml"
 checkstyle_format.base_path = Dir.pwd
 checkstyle_format.report report_dir

As you can see, we pass the Detekt report location file to the Checkstyle format configuration, so the Danger can read the report and publish it on the Gitlab MR page.

Gitlab CI

We use Gitlab for our CI/CD, the service where we run the Bot to review our code.

If you read the Danger installation doc, we need one Gitlab account with an access token and at least have Gitlab "reporter" permission level.

And the important thing is the variable DANGER_GITLAB_API_TOKEN should be available in the CI.

If all setup is complete, the last step is adding the Danger and Detekt command to the CI. Here's for example:

bundle installdetekt-cli -c config/detekt/detekt.yml -ex '**/.gradle/**' --report xml:build/reports/detekt/detekt.xmlbundle exec danger

But there is a problem, Detekt scanning all classes in the repo, which ends up spamming too many reports on MR. To solve this issue, I use git-diff to scan the changed classes only. Here's the sample script in case you are facing the same problem and curious about how to solve it:

mkdir $CI_BUILDS_DIR/git-diffgit diff --diff-filter=d --name-only $CI_MERGE_REQUEST_DIFF_BASE_SHA HEAD | xargs -I % sh -c 'cp -v --parents "%" $CI_BUILDS_DIR/git-diff/'bundle installdetekt-cli -i $CI_BUILDS_DIR/git-diff -c config/detekt/detekt.yml -ex '**/.gradle/**' --report xml:build/reports/detekt/detekt.xmlbundle exec danger

Result

bot comment on MR

This Bot is very helpful in maintaining coding best practice standards and internal code conventions. So the code reviewers can focus on things that still need humans to understand the purpose of the code being written and makes the MR process faster than before.

I hope these topics can give you an idea to build something on your projects. See ya!

Android
Code Review
Danger
Gitlab
Tech

--

--

Rahmad Hidayat
Qasir

Written by Rahmad Hidayat

48 Followers
Writer for

I talk about software engineering especially mobile apps and my whole experience during my career. Currently my role is Sr Principal Engineer at SaaS Company.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams