/ruby-tools

Slides & companion material to the session “Tools, tools everywhere“

MIT LicenseMIT

“Tools, tools everywhere”

Hi, I'm the living repository provided as companion material to the talk “Tools, tools everywhere”, so far delivered at:

Talk description

“There are a myriad of open-source tools which can help us in our day-a-day coding activities. Most of them, however, are unknown or rarely used by most developers.

During this session we walk through some (Ruby) tools, covering interesting configuration options and discussing ideas on how to incorporate them into our development workflow.”

Resources

Books

Others

Notes

RuboCop

“A Ruby static code analyzer, based on the community Ruby style guide.”

To check out:

  • Common (team/company wide) master configuration file.
    • Tweaks proposed with pull requests.
  • Automatically fixing offenses: --auto-correct.
    • Warning! ;)
  • Integrating in legacy codebases: --auto-gen-config.
  • Selectively running cops: --only, --only-guide-cops.
  • Excluding concrete cops: per line / per file.
  • Rails-specific support.
  • Integrable with development workflows (local, CI...).

To learn more:

Ruby & Rails style guides:

Related with metrics after using --auto-gen-config:

Flog

“Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.”

To check out:

  • --group: “group and sort by class.”
  • --all: “display all flog results, not top 60%.”
  • --extended: “put file:line on a separate line (for rubymine & friends).”

To learn more:

Reek

“Code smell detector for Ruby”

To check out:

  • --sort-by smelliness: “sort by smelliness (number of detected code smells), listing the ‘smelliest’ files first.”
  • --todo: “generate a todo list.”
  • --single-line: “show IDE-compatible single-line-per-warning.”
  • Rails-specific configuration: https://github.com/troessner/reek#working-with-rails

To learn more:

Brakeman

“A static analysis security vulnerability scanner for Ruby on Rails applications”.

To check out:

  • --checks: “list all available vulnerability checks.”
  • --run-all-checks: “run all default and optional checks.”
  • --ignore-config IGNOREFILE: “use configuration to ignore warnings.”
  • --interactive-ignore: “interactively ignore warnings.”
  • --rails3, --rails4, --rails5: “force Rails X mode.”

To learn more:

To “have fun injecting SQL into a Ruby on Rails application” (also from @presidentbeef):

Bundler-audit

“Patch-level verification for Bundler. Looks for security vulnerabilities in dependencies.”.

To check out:

  • bundler-audit update: “updates the ruby-advisory-db.”

To learn more:

Flay

“Flay analyzes code for structural similarities. Differences in literal values, variable, class, method names, whitespace, programming style, braces vs do/end, etc are all ignored. Making this totally rad.”

To check out:

  • --summary: “summarize. Show flay score per file only.”
  • Code Climate's duplication engine wraps flay, and supports JavaScript as well.

To learn more:

About Code Climate's duplication engine & concept:

SandiMeter

“Static analysis tool for checking Ruby code for Sandi Metz' rules.”

To check out:

  • --rules: “show rules.”
  • --graph: “HTML mode. Create folder, log data and output stats to HTML file.”
  • --thresholds: “thresholds for each rule (default: 90,90,90,90) or in config.yml.”

To learn more:

Travis

To learn more:

Code Climate

To learn more:

Danger

To learn more: