Upgrade to Pro — share decks privately, control downloads, hide ads and more …

RuboCop for Code Review

pocke
January 19, 2018

RuboCop for Code Review

pocke

January 19, 2018
Tweet

More Decks by pocke

Other Decks in Programming

Transcript

  1. User.find(name: "pocke").inspect • Masataka Kuwabara • Engineer at Actcat, Inc.

    / SideCI ◦ Rubyist, Gopher and Vimmer. • RuboCop's core developer. ◦ Today, I'll talk about RuboCop.
  2. Goal • Improve code review with RuboCop. • RuboCop is

    not a “Silver Bullet”. ◦ When RuboCop reviews your code, you should review RuboCop's warnings.
  3. Note • I’ll talk about Ruby today, but we can

    apply the practices to projects that is written in other languages.
  4. What's RuboCop? • A static analyzer for Ruby. • It

    has 3 type checks. ◦ Style ◦ Lint ◦ Metrics
  5. Style: check coding style • White spaces ◦ Indentation width

    ◦ White spaces around brackets • Syntax vs Method call ◦ alias vs alias_method ◦ for vs each
  6. Style checks based on one of the style guides. •

    https://github.com/bbatsov/ruby- style-gudie ◦ If your coding style has differences, you can configure RuboCop.
  7. Style: example # Use `def foo(arr)` def foo arr for

    x in arr # Use each bar # Bad indentation end end
  8. Lint: example def foo binding.irb # debug code return true

    # It’s never executed. puts 'hi' end
  9. How does RuboCop check code? • RuboCop analyzes each file

    individually. • RuboCop does not execute code. See “Writing Lint for Ruby” in RubyKaigi 2017.
  10. Analyzing each file individually • RuboCop does not check relations

    between files. ◦ e.g. db/schema.rb and models. • For simplicity and performance. ◦ RuboCop can analyze parallelly.
  11. Do not execute code • RuboCop doesn’t execute your code.

    ◦ Pros: If your code has system('rm -rf /'), it does not remove. ◦ Cons: RuboCop cannot understand application completely. ▪ e.g. eval, method call
  12. RuboCop for Code Review • What does “RuboCop for Code

    Review” mean? • Advantage of RuboCop in Code Review. • Action for RuboCop Review
  13. What does “RuboCop for Code Review” mean? • RuboCop also

    reviews your code. ◦ Human Review + RuboCop Review
  14. How does RuboCop review • rubocop $(git diff --name-only) before

    human review. • I recommend using CI to run RuboCop. ◦ e.g. SideCI, CodeClimate and Reviewdog.
  15. Reduce human reviews • Layout and style reviews by human

    are no longer necessary. ◦ e.g. “Remove the spaces”, “Use each method instead of for”. ◦ It’s a RuboCop job, not a human job.
  16. Enhancement reviews • RuboCop can find bugs that human will

    overlook. ◦ Duplicate method definitions. ◦ binding.irb(debug code)
  17. Action for Style Review • Check your coding style. ◦

    If the review does not match with your coding style, you should configure or ignore the review. ◦ http://rubocop.readthedocs.io/en/stabl e/
  18. Action for Lint Review • Lint reviews has false positives.

    ◦ In other words, Lint review has a mistake sometimes. ◦ Because RuboCop does not know your application completely. ▪ See the slides above. • It is not a bug, it is a restriction.
  19. Start and/or continue to use RuboCop • You can get

    knowledges from WEB+DB PRESS vol.102. ◦ “RuboCopできれいで安全なコード” written by me. ◦ http://amzn.asia/fZ9cgZO
  20. Conclusion • RuboCop is not a “Silver Bullet”. ◦ In

    many cases, the default coding style doesn't match your coding style. ◦ RuboCop has false positives. ◦ So when RuboCop reviews your code, you should review RuboCop Review.