Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

pronto

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

pronto

  • 0.11.2
  • Rubygems
  • Socket score

Version published
Maintainers
1
Created
Source

Pronto

Build Status Coverage Status Code Climate Gem Version Inline docs

Pronto runs analysis quickly by checking only the relevant changes. Created to be used on GitHub pull requests, but also works locally and integrates with GitLab and Bitbucket. Perfect if you want to find out quickly if a branch introduces changes that conform to your styleguide, are DRY, don't introduce security holes and more.

Pronto demo

This README might be ahead of the latest release. Find the README for v0.9.2 here.

Installation

Pronto's installation is standard for a Ruby gem:

$ gem install pronto

You'll also want to install some runners to go along with the main gem:

$ gem install pronto-rubocop
$ gem install pronto-flay

If you'd rather install Pronto using bundler, you don't need to require it, unless you're gonna run it from Ruby (via Rake task, for example):

gem 'pronto'
gem 'pronto-rubocop', require: false
gem 'pronto-flay', require: false

Usage

Pronto runs the checks on a diff between the current HEAD and the provided commit-ish (default is master).

Local Changes

Navigate to the repository you want to run Pronto on, and:

git checkout feature/branch

# Analyze diff of committed changes on current branch and master:
pronto run

# Analyze changes in git staging area
pronto run --staged

# Analyze diff of uncommitted changes and master:
pronto run --unstaged

# Analyze *all* changes since the *initial* commit (may take some time):
pronto run --commit=$(git log --pretty=format:%H | tail -1)

Just run pronto without any arguments to see what Pronto is capable of.

Available Options

Command flagDescription
--exit-codeExits with non-zero code if there were any warnings/errors.
-c/--commitCommit for the diff.
--stagedAnalyze changes in git staging area
--unstagedAnalyze changes made, but not in git staging area
-r/--runnerRun only the passed runners.
-f/--formattersPick output formatters.

GitHub Integration

You can run Pronto as a step of your CI builds and get the results as comments on GitHub commits using GithubFormatter or GithubPullRequestFormatter.

Add Pronto runners you want to use to your Gemfile:

Set the PRONTO_GITHUB_ACCESS_TOKEN environment variable or value in .pronto.yml to OAuth token that has access to the repository.

Then just run it:

$ PRONTO_GITHUB_ACCESS_TOKEN=token pronto run -f github -c origin/master

If you want comments to appear on pull request diff, instead of commit:

$ PRONTO_GITHUB_ACCESS_TOKEN=token pronto run -f github_pr -c origin/master

If you want review to appear on pull request diff, instead of separate comments:

$ PRONTO_GITHUB_ACCESS_TOKEN=token pronto run -f github_pr_review -c origin/master

All the N pending comments will be now separated into X number of PR reviews. The number of the PR reviews will be controlled by an additional environment variable or with the help of a config setting. This way, by a single pronto run, all the comments will be published to the PR, but divided into small reviews in order to avoid the rate limit of the providers.

X = N / {PRONTO_WARNINGS_PER_REVIEW || warnings_per_review || 30})

Note: In case no environment variable or config setting is specified in .pronto.yml, a default value of 30 will be used.

$ PRONTO_WARNINGS_PER_REVIEW=30 PRONTO_GITHUB_ACCESS_TOKEN=token pronto run -f github_pr_review -c origin/master

Use GithubStatusFormatter to submit commit status:

$ PRONTO_GITHUB_ACCESS_TOKEN=token pronto run -f github_status -c origin/master

If you want to show a one single status for all runners, instead of status per runner:

$ PRONTO_GITHUB_ACCESS_TOKEN=token pronto run -f github_combined_status -c origin/master

It's possible to combine multiple formatters. To get both pull request comments and commit status summary use:

$ PRONTO_GITHUB_ACCESS_TOKEN=token PRONTO_PULL_REQUEST_ID=id pronto run -f github_status github_pr -c origin/master

As an alternative, you can also set up a rake task:

Pronto::GemNames.new.to_a.each { |gem_name| require "pronto/#{gem_name}" }

formatter = Pronto::Formatter::GithubFormatter.new # also possible: GithubPullRequestFormatter, GithubPullRequestReviewFormatter
status_formatter = Pronto::Formatter::GithubStatusFormatter.new
formatters = [formatter, status_formatter]
Pronto.run('origin/master', '.', formatters)
GitHub Actions Integration

You can also run Pronto as a GitHub action.

Here's an example .github/workflows/pronto.yml workflow file using the github_status and github_pr formatters and running on each GitHub PR, with pronto-rubocop as the runner:

name: Pronto
on: [pull_request]

jobs:
  pronto:

    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - run: |
          git fetch --no-tags --prune --depth=10 origin +refs/heads/*:refs/remotes/origin/*
      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
      - name: Setup pronto
        run: gem install pronto pronto-rubocop
      - name: Run Pronto
        run: pronto run -f github_status github_pr -c origin/${{ github.base_ref }}
        env:
          PRONTO_PULL_REQUEST_ID: ${{ github.event.pull_request.number }}
          PRONTO_GITHUB_ACCESS_TOKEN: "${{ github.token }}"

check Wiki on GitHub Actions Integration for more info.

GitLab Integration

You can run Pronto as a step of your CI builds and get the results as comments on GitLab commits using GitlabFormatter.

note: this requires at least GitLab v7.5.0

Set the PRONTO_GITLAB_API_ENDPOINT environment variable or value in .pronto.yml to your API endpoint URL. If you are using Gitlab.com's hosted service your endpoint will be set by default. Set the PRONTO_GITLAB_API_PRIVATE_TOKEN environment variable or value in .pronto.yml to your Gitlab private token which you can find in your account settings.

Then just run it:

$ PRONTO_GITLAB_API_PRIVATE_TOKEN=token pronto run -f gitlab -c origin/master

note: this requires at least Gitlab 11.6+

Merge request integration:

$ PRONTO_GITLAB_API_PRIVATE_TOKEN=token PRONTO_PULL_REQUEST_ID=id pronto run -f gitlab_mr -c origin/master

On GitLabCI, make sure to run Pronto in a merge request pipeline:

lint:
  image: ruby
  variables:
    PRONTO_GITLAB_API_ENDPOINT: "https://gitlab.com/api/v4"
    PRONTO_GITLAB_API_PRIVATE_TOKEN: token
  only:
    - merge_requests
  script:
    - bundle install
    - bundle exec pronto run -f gitlab_mr -c origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME

Bitbucket Integration

You can run Pronto as a step of your CI builds and get the results as comments on Bitbucket commits using BitbucketFormatter or BitbucketPullRequestFormatter.

Add Pronto runners you want to use to your Gemfile:

Set the PRONTO_BITBUCKET_USERNAME and PRONTO_BITBUCKET_PASSWORD environment variables or values in .pronto.yml.

Then just run it:

$ PRONTO_BITBUCKET_USERNAME=user PRONTO_BITBUCKET_PASSWORD=pass pronto run -f bitbucket -c origin/master

or, if you want comments to appear on pull request diff, instead of commit:

$ PRONTO_BITBUCKET_USERNAME=user PRONTO_BITBUCKET_PASSWORD=pass pronto run -f bitbucket_pr -c origin/master

Configuration

The behavior of Pronto can be controlled via the .pronto.yml configuration file. It can either be placed in the working directory (*) or specified using the environment variable PRONTO_CONFIG_FILE.

(*) The working directory is where you run the command from, which is typically your project directory.

If this file cannot be found, then the default configuration in Pronto::ConfigFile::EMPTY applies.

The file has the following format:

all:
  exclude:
    - 'spec/**/*'
# exclude files for single runner
eslint:
  exclude:
    - 'app/assets/**/*'
github:
  slug: prontolabs/pronto
  access_token: B26354
  api_endpoint: https://api.github.com/
  web_endpoint: https://github.com/
gitlab:
  slug: 1234567 # gitlab's project ID
  api_private_token: 46751
  api_endpoint: https://api.vinted.com/gitlab
bitbucket:
  slug: prontolabs/pronto
  username: user
  password: pass
  web_endpoint: https://bitbucket.org/
max_warnings: 150
warnings_per_review: 30
verbose: false
runners: [rubocop, eslint] # only listed runners will be executed
skip_runners: [reek] # all, except listed runners will be executed

All properties that can be specified via .pronto.yml, can also be specified via environment variables. Their names will be the upcased path to the property. For example: PRONTO_GITHUB_SLUG or PRONTO_GITLAB_API_PRIVATE_TOKEN. Environment variables will always take precedence over values in configuration file.

PropertyDescription
max_warningsLimits the amount of warnings. Returns all warnings if option is skipped.
runnersRuns only listed runners. Runs everything if option is skipped.
skip_runnersAll, except listed runners will be executed. Runs everything if option is skipped.
verboseOutputs more information when set to true.
warnings_per_reviewLimits the amount of warnings per review. Returns all warnings if option is skipped.

Message format

Pronto allows you to configure the format of the messages that are produced. You can set a default format that will be used by all formatters, or you can configure a separate format per formatter, if you are using several.

To change the default format:

format: "%{runner} %{level} %{msg}"

To add the title of the Runner to the GitHub Pull Request formatter only:

github_pr:
  format: "%{runner} - %{msg}"

The available values to be interpolated into the message are:

KeyDescription
pathFile path.
lineLine number.
levelMessage level.
msgMessage.
commit_shaSHA.
runnerRunner name.

The following values are available only to the text formatter:

KeyDescription
color_levelColorized message level.
color_locationColorized location.

Runners

Pronto can run various tools and libraries, as long as there's a runner for it. Currently available:

Articles

Articles to help you to get started:

Make a Pull Request to add something you wrote or found useful.

Changelog

Pronto's changelog is available here.

Copyright (c) 2013-2018 Mindaugas Mozūras. See LICENSE for further details.

FAQs

Package last updated on 30 Oct 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc