I want to keep an eye on best practices when it comes to writing my Ruby. This includes style, security, performance and readability/maintainability. There are a number of tools to assist with this.

Rubocop

The standard style guide for Ruby has been the Ruby Style Guide. The default tool for enforcing these style preferences has been Rubocop. I'll add this to the development and test environments. In addition there are some extensions for finding potential performance problems and for highlighting Rails specific issues.

group :development, :test do
  # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
  gem 'debug', platforms: %i[mri mingw x64_mingw]
  gem 'rubocop', require: false
  gem 'rubocop-performance', require: false
  gem 'rubocop-rails', require: false
end

After that there is some configuration that can be done. These are entirely up to your own preferences. The following files represent that initial settings I am using. They are based on an article by Prabin Poudel.

.rubocop.yml (Gist)

.rubocop-rails.yml (Gist)

The initial Rails application will report it has problems, primarily the use of double quotes instead of single quotes, and also the lack of the frozen_string_literal pragma. We can fix those automatically using the -A flag on rubocop.

% rubocop -A

SimpleCov

This is a test coverage reporting tool. I'll be using it to make sure that the code being covered by testing is at least 90%.

group :test do
  # Use system testing [https://guides.rubyonrails.org/testing.html#system-testing]
  gem 'capybara'
  gem 'selenium-webdriver'
  gem 'simplecov', require: false
  gem 'webdrivers'
end

I cannot check this just yet as there are no databases set up, so we'll come back to this later when setting up testing.

CodeClimate

Code Climate is another tool that can be used to highlight problematic code. It is free for open source projects. Simply login in to CodeClimate using your GitHub account and add the repository to be analysed.

In order to have CodeClimate analyze pull requests follow the instructions CodeClimate provides for adding the app to GitHub. See here.

Snyk

Snyk is what I'll be using to find any vulnerabilities in third party libraries that are being used. It is free for open source projects. Simply login on to Snyk using your GitHub account and add the repository to be analysed.

Communicating my code quality

A simple way to view all of the code quality information we are tracking is to add badges to the README.md in our repository.

The markup looks like this:

[![Maintainability](https://api.codeclimate.com/v1/badges/ab8fde07ac74a69788ef/maintainability)](https://codeclimate.com/github/andrewfoster73/catalogue_cleanser/maintainability)
[![Test Coverage](https://api.codeclimate.com/v1/badges/ab8fde07ac74a69788ef/test_coverage)](https://codeclimate.com/github/andrewfoster73/catalogue_cleanser/test_coverage)
[![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop/rubocop)
[![Ruby Style Guide](https://img.shields.io/badge/code_style-community-brightgreen.svg)](https://rubystyle.guide)
[![Known Vulnerabilities](https://snyk.io/test/github/andrewfoster73/catalogue_cleanser/badge.svg)](https://snyk.io/test/github/andrewfoster73/catalogue_cleanser)

Which will be displayed like this when viewing the repository at GitHub

Type Checking with Ruby using Sorbet

I'm going to experiment with ruby type checking on this project using Sorbet as the tool.

To use the command line tools add the following to the Gemfile.

group :development do
  # Type checking for Ruby
  gem 'sorbet'

  ...
end

For the runtime checking add the following to the Gemfile.

# Runtime type checking for Ruby
gem 'sorbet-runtime'

I'll come back to this later when I have some code to use it with.

Alternatives

Use StandardRB rather than plain Rubocop. StandardRB

Useful links:

github.com/rubocop/rubocop

prabinpoudel.com.np/articles/rubocop-config..

codeclimate.com

snyk.io

sorbet.org