Back in March, we made our editorial Slackbot open source. We mostly did this out of the goodness of our hearts, and because of a sincere desire to give back to the open-source community. But there was a slightly more selfish reason: open-source repositories on Github get free access to a lot of goodies, and I wanted to test them out.
GitHub has well over 100 available integrations in its directory alone, and there are many more tools which can connect to your GitHub account and interact with your commits, pull requests (PRs) and other processes.
Many of these are free to use for public repositories. Some are free for private ones as well – but usually you're more likely to pay some sort of subscription. So it's worth testing them out on something open-source first.
Hakiri is a tool which checks your Ruby applications for security vulnerabilities.
I set up Hakiri to scan my code every time I created a pull request and notify me of the result through GitHub. You can also set up notifications over email or Slack.
Setting up integration through Hakiri's website was a breeze. It immediately gave me a helpful nudge to update some older gems. It also provided some very thorough information about what the security risks were and how to fix them.
I found Hakiri enormously useful and will definitely use it more in the future.
Hound checks and enforces your code style every time you create a new PR.
It runs its checks based on your Rubocop config and makes line-by-line comments on your PR for individual issues. If your code has a lot of issues, this could potentially generate a lot of comments, but that alone could potentially discourage style violations.
If everything's fine, Hound will let you know that the code meets your standards with a friendly "Woof!"
We usually use linters with our code editors to automatically flag style violations as we work, so Hound didn't flag very many style violations. But it's still a useful tool and could catch issues in code before a reviewer gets to them, which could save everyone time.
I configured Travis CI to run the build every time I pushed a commit. Travis CI then reports back through the PR and its own web interface to let us know if the build ran successfully and if all the tests passed. This means really quick, automated feedback on whether the latest version of your code actually works.
Bamboo unfortunately doesn't offer this level of GitHub integration. Atlassian, if you're listening... might be time for a feature update?
Code Climate provides an automated code review for your PRs.
It checks for issues like style violations, duplicated code and other examples of bad practice. Then it provides you with a GPA (like 3.6) and a file-by-file breakdown of all the problems it found.
It can also provide an estimate of what percentage of your code is covered by your tests – a useful way to find out if there are any gaps you should fill in.
Overall, it's a nice extra check to spot problems in your code and improve its overall quality.
None of these tools can totally replace an actual code review from another developer. However, they can definitely enhance the review and save you and your reviewer from a lot of monotonous tasks, like running the test suite yourself or checking individual gems for security vulnerabilities.
And if you can catch these problems before your code reaches another person, then you can fix them too, making for a much faster and smoother review – sounds good, right?
We use GitHub Enterprise for most of our repositories, which unfortunately does limit some of the integrations we can use. But if you use GitHub, you should definitely look into using some of these tools – I know we will.