Upgrade to Pro — share decks privately, control downloads, hide ads and more …

RuboCop for Code Review

Avatar for pocke pocke
January 19, 2018

RuboCop for Code Review

Avatar for pocke

pocke

January 19, 2018
Tweet

More Decks by pocke

Other Decks in Programming

Transcript

  1. User.find(name: "pocke").inspect • Masataka Kuwabara • Engineer at Actcat, Inc.

    / SideCI ◦ Rubyist, Gopher and Vimmer. • RuboCop's core developer. ◦ Today, I'll talk about RuboCop.
  2. Goal • Improve code review with RuboCop. • RuboCop is

    not a “Silver Bullet”. ◦ When RuboCop reviews your code, you should review RuboCop's warnings.
  3. Note • I’ll talk about Ruby today, but we can

    apply the practices to projects that is written in other languages.
  4. What's RuboCop? • A static analyzer for Ruby. • It

    has 3 type checks. ◦ Style ◦ Lint ◦ Metrics
  5. Style: check coding style • White spaces ◦ Indentation width

    ◦ White spaces around brackets • Syntax vs Method call ◦ alias vs alias_method ◦ for vs each
  6. Style checks based on one of the style guides. •

    https://github.com/bbatsov/ruby- style-gudie ◦ If your coding style has differences, you can configure RuboCop.
  7. Style: example # Use `def foo(arr)` def foo arr for

    x in arr # Use each bar # Bad indentation end end
  8. Lint: example def foo binding.irb # debug code return true

    # It’s never executed. puts 'hi' end
  9. How does RuboCop check code? • RuboCop analyzes each file

    individually. • RuboCop does not execute code. See “Writing Lint for Ruby” in RubyKaigi 2017.
  10. Analyzing each file individually • RuboCop does not check relations

    between files. ◦ e.g. db/schema.rb and models. • For simplicity and performance. ◦ RuboCop can analyze parallelly.
  11. Do not execute code • RuboCop doesn’t execute your code.

    ◦ Pros: If your code has system('rm -rf /'), it does not remove. ◦ Cons: RuboCop cannot understand application completely. ▪ e.g. eval, method call
  12. RuboCop for Code Review • What does “RuboCop for Code

    Review” mean? • Advantage of RuboCop in Code Review. • Action for RuboCop Review
  13. What does “RuboCop for Code Review” mean? • RuboCop also

    reviews your code. ◦ Human Review + RuboCop Review
  14. How does RuboCop review • rubocop $(git diff --name-only) before

    human review. • I recommend using CI to run RuboCop. ◦ e.g. SideCI, CodeClimate and Reviewdog.
  15. Reduce human reviews • Layout and style reviews by human

    are no longer necessary. ◦ e.g. “Remove the spaces”, “Use each method instead of for”. ◦ It’s a RuboCop job, not a human job.
  16. Enhancement reviews • RuboCop can find bugs that human will

    overlook. ◦ Duplicate method definitions. ◦ binding.irb(debug code)
  17. Action for Style Review • Check your coding style. ◦

    If the review does not match with your coding style, you should configure or ignore the review. ◦ http://rubocop.readthedocs.io/en/stabl e/
  18. Action for Lint Review • Lint reviews has false positives.

    ◦ In other words, Lint review has a mistake sometimes. ◦ Because RuboCop does not know your application completely. ▪ See the slides above. • It is not a bug, it is a restriction.
  19. Start and/or continue to use RuboCop • You can get

    knowledges from WEB+DB PRESS vol.102. ◦ “RuboCopできれいで安全なコード” written by me. ◦ http://amzn.asia/fZ9cgZO
  20. Conclusion • RuboCop is not a “Silver Bullet”. ◦ In

    many cases, the default coding style doesn't match your coding style. ◦ RuboCop has false positives. ◦ So when RuboCop reviews your code, you should review RuboCop Review.