[#493] Integrate Danger to the generated project

[thawzintoe-ptut]

#493

What happened 👀

CI/CD pipeline specifically for reviewing pull requests within our Android project template. A total of 76 additions have been made to the .github/workflows/repiew_pull_request.yml file, enhancing its capabilities and adding new steps for better code quality checks and environment management.

Insight 📝

• Detekt and Android Lint: Ensure code quality and styling compliance.
• Kover for Unit Tests: Enforce test coverage metrics.
• Danger: Manage PR annotations for common issues like big PRs or missing descriptions.

Proof Of Work 📹

Summary by CodeRabbit

• New Features

  • Added a pull-request review workflow and Danger-based PR checks (linting, quality, coverage).

• Enhancements

  • Consolidated Ruby setup and enabled bundler caching for faster CI runs.
  • Danger now warns on WIP titles, large PRs, missing descriptions/labels, and enforces coverage thresholds.

• Bug Fixes

  • Commit linting now reports warnings instead of failing builds.

• Chores

  • Removed explicit bundle install and separate gem-cache steps to streamline workflows.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions]

	8 Warnings
⚠️	Uh oh! Your project is under 80% coverage!
⚠️	template-compose/gradle/libs.versions.toml#L10 - A newer version of androidx.compose:compose-bom than 2023.09.02 is available: 2024.12.01
⚠️	template-compose/gradle/libs.versions.toml#L11 - A newer version of androidx.navigation:navigation-compose than 2.5.3 is available: 2.8.5
⚠️	template-compose/gradle/libs.versions.toml#L12 - A newer version of androidx.core:core-ktx than 1.10.1 is available: 1.15.0
⚠️	template-compose/gradle/libs.versions.toml#L13 - A newer version of androidx.datastore:datastore-preferences than 1.0.0 is available: 1.1.1
⚠️	template-compose/gradle/libs.versions.toml#L17 - A newer version of androidx.hilt:hilt-navigation-compose than 1.0.0 is available: 1.2.0
⚠️	template-compose/gradle/libs.versions.toml#L24 - A newer version of androidx.lifecycle:lifecycle-runtime-compose than 2.6.1 is available: 2.8.7
⚠️	template-compose/gradle/libs.versions.toml#L24 - A newer version of androidx.lifecycle:lifecycle-runtime-ktx than 2.6.1 is available: 2.8.7

Kover report for template-compose:

🧛 Template - Compose Unit Tests Code Coverage: 61.54%

Coverage of Modified Files:

File	Coverage

Modified Files Not Found In Coverage Report:

Dangerfile
Gemfile
Gemfile
Gemfile.lock
review_pull_request.yml
template_review_pull_request.yml

Codebase cunningly covered by count Shroud 🧛

Generated by 🚫 Danger

[Copilot]

Pull Request Overview

Integrates Danger into the Android template project to automate pull request quality checks via GitHub Actions.

• Adds Gemfiles to manage Danger and related plugins
• Introduces a Dangerfile with rules for PR size, description, labels, linting, and test coverage
• Updates GitHub workflows to set up Ruby, cache dependencies, and run Danger

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
template-compose/Gemfile	New Gemfile listing Danger plugins
template-compose/Dangerfile	Danger rules for lint, commit checks, and coverage
template-compose/.github/workflows/template_review_pull_request.yml	Workflow to install Ruby and run Danger
Gemfile	Root Gemfile updated for CI gems
.github/workflows/review_pull_request.yml	Streamlined Ruby setup with bundler-cache for Danger

Comments suppressed due to low confidence (1)

template-compose/Dangerfile:37

• The placeholder $project may not interpolate in Danger; use Ruby string interpolation (e.g., "## Kover report for #{project_name}:") or replace with a concrete value.

markdown "## Kover report for $project:"

[Copilot]

Typo in user-visible warning: replace 'classed' with 'classified' to correct the message.

Suggested change

	warn("PR is classed as Work in Progress") if github.pr_title.include? "WIP"
	warn("PR is classified as Work in Progress") if github.pr_title.include? "WIP"

[hoangnguyen92dn]

On newer version, we need to clarify the param name, for your reference: https://github.com/Jollibee-Foods-Corporation/jfc-global-templates-android/pull/1326#discussion_r2348637787

[hoangnguyen92dn]

We should take this chance to update ruby-version to the latest version. I think 3.3.0 could work as we already verified on our current projects

[hoangnguyen92dn]

Shouldn't this be review_pull_request? 🤔

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (3)

template-compose/.github/workflows/template_review_pull_request.yml (1)

16-16: Verify environment configuration consistency.

The workflow uses environment: staging, which may differ from the main workflow's environment configuration. Ensure this aligns with your repository's environment setup for proper secrets access.

Run the following script to check environment references across workflows:

#!/bin/bash
# Check environment configurations across all workflows
rg -n "environment:\s*\w+" .github/ template-compose/.github/ .cicdtemplate/.github/

template-compose/Dangerfile (2)

2-2: Fix typo in warning message.

The word "classed" should be "classified" for correct grammar in the user-facing warning message.

Apply this diff:

-warn("PR is classed as Work in Progress") if github.pr_title.include? "WIP"
+warn("PR is classified as Work in Progress") if github.pr_title.include? "WIP"

---

36-38: Fix undefined variable and verify parameter names.

The $project variable is undefined, which will result in incorrect report titles. Additionally, the shroud.reportKover method signature may require explicit parameter names in newer versions.

Apply this diff:

 kover_file_template = "app/build/reports/kover/report.xml"
-markdown "## Kover report for $project:"
-shroud.reportKover "$project: Unit Tests", kover_file_template, 80, 95, false
+markdown "## Kover report for template-compose:"
+shroud.reportKover(
+  report_title: "template-compose: Unit Tests",
+  report_file_path: kover_file_template,
+  minimum_project_coverage_percentage: 80,
+  minimum_updated_file_coverage_percentage: 95,
+  fail_if_under: false
+)

Based on learnings, newer versions of danger-shroud require explicit parameter names.

🧹 Nitpick comments (2)

template-compose/.github/workflows/template_review_pull_request.yml (1)

24-25: Update actions/cache to latest version.

The workflow uses actions/cache@v2, while .cicdtemplate/.github/workflows/review_pull_request.yml uses actions/cache@v4. Using the latest version ensures access to performance improvements and bug fixes.

Apply this diff:

       - name: Cache Gradle
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:

.cicdtemplate/Gemfile (1)

7-16: Pin gem versions for reproducible CI/CD builds.

The Gemfile currently declares all Danger gems without version constraints, which can lead to non-reproducible builds and potential breaking changes when new versions are released. This is especially important for CI/CD tooling.

Consider pinning versions for better stability:

 # Core Danger functionality
-gem 'danger'
+gem 'danger', '~> 9.5'
 
 # Code quality plugins
-gem 'danger-android_lint'      # Android Lint integration
-gem 'danger-commit_lint'       # Commit message validation
-gem 'danger-kotlin_detekt'     # Detekt static analysis integration
+gem 'danger-android_lint', '~> 0.0'      # Android Lint integration
+gem 'danger-commit_lint', '~> 0.0'       # Commit message validation
+gem 'danger-kotlin_detekt', '~> 0.0'     # Detekt static analysis integration
 
 # Test coverage plugin
-gem 'danger-shroud'            # Kover test coverage reporting
+gem 'danger-shroud', '~> 2.0'            # Kover test coverage reporting

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b6a4d6b and 32fc356.

⛔ Files ignored due to path filters (1)

• template-compose/Gemfile.lock is excluded by !**/*.lock

📒 Files selected for processing (8)

• .cicdtemplate/.github/workflows/review_pull_request.yml (1 hunks)
• .cicdtemplate/Dangerfile (1 hunks)
• .cicdtemplate/Gemfile (1 hunks)
• .github/workflows/review_pull_request.yml (2 hunks)
• Gemfile (0 hunks)
• template-compose/.github/workflows/template_review_pull_request.yml (1 hunks)
• template-compose/Dangerfile (1 hunks)
• template-compose/Gemfile (1 hunks)

💤 Files with no reviewable changes (1)

• Gemfile

🚧 Files skipped from review as they are similar to previous changes (2)

• template-compose/Gemfile
• .github/workflows/review_pull_request.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Review pull request
• GitHub Check: Verify newproject script
• GitHub Check: Run Detekt and unit tests

🔇 Additional comments (2)

.cicdtemplate/.github/workflows/review_pull_request.yml (1)

46-50: LGTM! Good modernization of Ruby setup.

The upgrade to Ruby 3.4 with bundler-cache: true simplifies the workflow by automating gem caching and installation, removing the need for manual cache and bundle install steps.

.cicdtemplate/Dangerfile (1)

24-65: Excellent implementation with defensive checks.

The Dangerfile demonstrates good practices:

• Section headers improve readability
• Checks for report existence before processing
• Provides helpful guidance messages when reports are missing
• Uses explicit parameter names for shroud.reportKover, which is compatible with newer versions of the plugin

This is a more robust implementation compared to the template-compose version.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix typo in warning message.

The word "classed" should be "classified" for correct grammar in the user-facing warning message.

Apply this diff:

-warn("PR is classed as Work in Progress") if github.pr_title.include? "WIP"
+warn("PR is classified as Work in Progress") if github.pr_title.include? "WIP"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	warn("PR is classed as Work in Progress") if github.pr_title.include? "WIP"
	warn("PR is classified as Work in Progress") if github.pr_title.include? "WIP"

🤖 Prompt for AI Agents

In .cicdtemplate/Dangerfile around line 2, the user-facing warning message
contains a typo: change the string "PR is classed as Work in Progress" to "PR is
classified as Work in Progress" and keep the rest of the line unchanged so the
condition (if github.pr_title.include? "WIP") still triggers the warning.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Align Ruby version with other workflows.

This workflow uses Ruby 2.7, while .cicdtemplate/.github/workflows/review_pull_request.yml was updated to Ruby 3.4. This inconsistency could lead to different behavior across templates.

Apply this diff to align with the updated Ruby version:

       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: '2.7'
+          ruby-version: '3.4'
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Set up Ruby
	uses: ruby/setup-ruby@v1
	with:
	ruby-version: '2.7'
	bundler-cache: true # runs 'bundle install' and caches installed gems automatically
	- name: Set up Ruby
	uses: ruby/setup-ruby@v1
	with:
	ruby-version: '3.4'
	bundler-cache: true # runs 'bundle install' and caches installed gems automatically

🤖 Prompt for AI Agents

In template-compose/.github/workflows/template_review_pull_request.yml around
lines 41 to 45, the workflow pins ruby-version to '2.7' which is inconsistent
with the updated template that uses Ruby 3.4; update the ruby-version value to
'3.4' so this workflow aligns with
.cicdtemplate/.github/workflows/review_pull_request.yml, leaving the
bundler-cache setting unchanged.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

.cicdtemplate/Dangerfile (1)

2-2: Fix typo in warning message (duplicate of previous review).

As noted in a previous review, "classed" should be "classified" for correct grammar.

Apply this diff:

-warn("PR is classed as Work in Progress") if github.pr_title.include? "WIP"
+warn("PR is classified as Work in Progress") if github.pr_title.include? "WIP"

🧹 Nitpick comments (1)

.cicdtemplate/Dangerfile (1)

41-52: LGTM! Consistent defensive pattern for Lint checks.

The Android Lint section follows the same excellent defensive pattern as Detekt, ensuring reports exist before processing and providing actionable warnings.

Optional: The glob pattern "**/**/build/reports/lint/lint-result.xml" has redundant wildcards. Consider simplifying to "**/build/reports/lint/lint-result.xml" for consistency with the Detekt pattern.

-lint_dir = "**/**/build/reports/lint/lint-result.xml"
+lint_dir = "**/build/reports/lint/lint-result.xml"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 32fc356 and 115e30e.

📒 Files selected for processing (2)

• .cicdtemplate/Dangerfile (1 hunks)
• Dangerfile (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Review pull request
• GitHub Check: Verify newproject script
• GitHub Check: Run Detekt and unit tests

🔇 Additional comments (4)

Dangerfile (1)

37-42: LGTM! Clear refactor to keyword arguments.

The refactor from positional to keyword arguments improves code clarity and makes the intent of each parameter explicit. The functionality remains unchanged.

.cicdtemplate/Dangerfile (3)

13-18: LGTM! Commit quality checks configured appropriately.

The commit lint configuration with warn: :all provides helpful feedback without blocking PRs, and disabling subject_length is a reasonable choice for flexibility.

---

24-35: LGTM! Excellent defensive coding pattern.

The pattern of checking for report existence before processing and providing a helpful warning if missing is a significant improvement over unconditionally iterating. This provides better developer experience.

---

54-70: LGTM! Well-structured Kover coverage checks.

The Kover section follows the same defensive pattern with file existence checks and helpful warnings. The use of keyword arguments for shroud.reportKover improves clarity, and the threshold configuration is well-documented.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

.cicdtemplate/.github/actions/setup-ruby/action.yml (1)

1-26:
This action is identical to the one in template-compose/.github/actions/setup-ruby/action.yml. See the review comment on that file regarding the triplication of this action across the codebase.

.github/actions/setup-ruby/action.yml (1)

1-26:
This is the third identical copy of the Ruby setup action. See the review comment on template-compose/.github/actions/setup-ruby/action.yml regarding the recommendation to consolidate these three copies into a single shared action.

🧹 Nitpick comments (2)

template-compose/.github/actions/setup-ruby/action.yml (1)

1-26: Action is well-designed but duplicated across three directories.

The composite action is properly structured with clear inputs and documentation. However, this action is defined identically in three locations: template-compose/.github/actions/setup-ruby/action.yml, .cicdtemplate/.github/actions/setup-ruby/action.yml, and .github/actions/setup-ruby/action.yml.

Consider whether all three copies are necessary (e.g., due to template generation requirements) or if a single shared action could be referenced instead to reduce maintenance burden.

template-compose/.github/workflows/template_review_pull_request.yml (1)

24-25: Upgrade cache action to v4 for consistency.

Line 25 uses actions/cache@v2, but .cicdtemplate/.github/workflows/review_pull_request.yml uses v4. For consistency and to benefit from improvements in the newer version, upgrade to @v4.

       - name: Cache Gradle
-        uses: actions/cache@v2
+        uses: actions/cache@v4

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 115e30e and 3b79a38.

📒 Files selected for processing (6)

• .cicdtemplate/.github/actions/setup-ruby/action.yml (1 hunks)
• .cicdtemplate/.github/workflows/review_pull_request.yml (1 hunks)
• .github/actions/setup-ruby/action.yml (1 hunks)
• .github/workflows/review_pull_request.yml (2 hunks)
• template-compose/.github/actions/setup-ruby/action.yml (1 hunks)
• template-compose/.github/workflows/template_review_pull_request.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/review_pull_request.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Verify newproject script
• GitHub Check: Review pull request
• GitHub Check: Run Detekt and unit tests

🔇 Additional comments (3)

.cicdtemplate/.github/workflows/review_pull_request.yml (1)

46-49: Good consolidation of Ruby setup and bundler caching.

Moving to a local composite action reduces duplication and simplifies the workflow. The setup correctly enables bundler-cache within the local action.

template-compose/.github/workflows/template_review_pull_request.yml (2)

11-22: Verify environment configuration for secrets access.

Line 16 specifies environment: staging, but based on past review feedback, this may not align with the intended GitHub environment for PR validation. If this workflow requires access to GITHUB_TOKEN or other secrets, verify that the staging environment is properly configured with those secrets.

Consider whether this should be environment: template-compose to match the authorization scope intended for this template's PR reviews.

---

41-50: Ruby setup and Danger integration look correct.

The workflow properly uses the local composite action and specifies Ruby 3.3, aligning with the .cicdtemplate template. Danger configuration with GITHUB_TOKEN is appropriate for PR annotations.