Project

danger-pr-comment

0.0
No release in over 3 years
danger-pr-commentnumbata/danger-pr-commentHomepageDocumentationSource CodeBug Tracker
Shared Dangerfile that exports a JSON report for posting Danger results as a PR comment.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
3,328
Stars
0
Forks
1
Watchers
0
 Releases
Current version
0.1.0
Total releases
1
First release
1980-01-02
Latest release
1980-01-02
 Issues
Open Issues
2
Closed Issues
0
Total Issues
2
Issue Closure Rate
0%
 Pull Requests
Open Pull Requests
1
Closed Pull Requests
1
Merged Pull Requests
4
Pull Request Acceptance Rate
66%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2025-12-27
Reverse Dependencies
0

 Dependencies

Runtime

danger
~> 9
 Project Readme

Danger PR Comment

Test

Reusable GitHub Actions workflows for running Danger and posting a PR comment from a JSON report.

Table of Contents

  • Usage
    • Prerequisites
    • Quick Install
    • Manual Setup
  • Implementation Details
    • JSON Report Output
      • Shared Dangerfile
      • Custom at_exit Hook
    • Permissions
    • Inputs
      • danger-run.yml
      • danger-comment.yml
  • License

Usage

Prerequisites

Setup Danger in your repository.

For example, the following Gemfile and Dangerfile install danger with the danger-changelog plugin.

group :development, :test do
  gem 'danger'
  gem 'danger-changelog'
  gem 'danger-pr-comment', require: false
end
# frozen_string_literal: true

danger.import_dangerfile(gem: 'danger-pr-comment')

changelog.check!

Run bundle install and bundle exec danger to make sure it works.

bundle exec danger

Could not find the type of CI for Danger to run on.

Quick Install

From your repository root:

curl -fsSL https://raw.githubusercontent.com/numbata/danger-pr-comment/main/scripts/install-workflows.sh | bash

Use --force to overwrite existing workflow files .github/workflows/danger.yml and .github/workflows/danger-comment.yml:

curl -fsSL https://raw.githubusercontent.com/numbata/danger-pr-comment/main/scripts/install-workflows.sh | bash -s -- --force

To target a specific directory:

curl -fsSL https://raw.githubusercontent.com/numbata/danger-pr-comment/main/scripts/install-workflows.sh | bash -s -- --root /path/to/repo

Manual Setup

Create .github/workflows/danger.yml in your repository:

name: Danger
on:
  pull_request:
    types: [opened, reopened, edited, synchronize]

jobs:
  danger:
    uses: numbata/danger-pr-comment/.github/workflows/danger-run.yml@v0.1.0
    secrets: inherit
    with:
      ruby-version: '3.4'
      bundler-cache: true

Create .github/workflows/danger-comment.yml in your repository:

name: Danger Comment
on:
  workflow_run:
    workflows: [Danger]
    types: [completed]

permissions:
  actions: read        # download artifacts
  issues: write        # list + create/update comments
  pull-requests: write # PR comment access

jobs:
  comment:
    uses: numbata/danger-pr-comment/.github/workflows/danger-comment.yml@v0.1.0
    secrets: inherit

Implementation Details

Using danger-pr-comment solves the problem of needing special permissions to post a PR comment from contributions from forks. This is implemented by producing a JSON report during the PR, and reading the report in a separate workflow.

JSON Report Output

Your Dangerfile must write a JSON report to ENV['DANGER_REPORT_PATH'].

Shared Dangerfile

# Import danger-pr-comment for automatic danger report export to JSON
danger.import_dangerfile(gem: 'danger-pr-comment')

See Dangerfile for implementation details.

Custom at_exit Hook

# Dangerfile
require 'json'
require 'English'

dangerfile_instance = self if defined?(Danger::Dangerfile) && is_a?(Danger::Dangerfile)
at_exit do
  next if $ERROR_INFO && !$ERROR_INFO.is_a?(SystemExit)
  next unless dangerfile_instance

  report_path = ENV.fetch('DANGER_REPORT_PATH', nil)
  event_path = ENV.fetch('GITHUB_EVENT_PATH', nil)
  next unless report_path && event_path && File.exist?(event_path)

  event = JSON.parse(File.read(event_path))
  pr_number = event.dig('pull_request', 'number')
  next unless pr_number

  to_messages = lambda do |items|
    Array(items).map { |item| item.respond_to?(:message) ? item.message : item.to_s }
  end

  report = {
    pr_number: pr_number,
    errors: to_messages.call(dangerfile_instance.status_report[:errors]),
    warnings: to_messages.call(dangerfile_instance.status_report[:warnings]),
    messages: to_messages.call(dangerfile_instance.status_report[:messages]),
    markdowns: to_messages.call(dangerfile_instance.status_report[:markdowns])
  }

  File.write(report_path, JSON.pretty_generate(report))
end

Permissions

The Danger Comment workflow requires explicit permissions. Reusable workflows cannot grant permissions to their callers. Required: actions: read (download artifacts from the Danger run), issues: write and pull-requests: write (create/update PR comments).

Inputs

danger-run.yml

  • ruby-version: Ruby version for ruby/setup-ruby. Leave empty to use .ruby-version/.tool-versions.
  • bundler-cache: Enable Bundler caching (default true).
  • danger-args: Arguments passed to bundle exec danger (default dry_run).
  • report-artifact-name: Artifact name for the report (default danger-report).
  • report-file: Report filename (default danger-report.json).

danger-comment.yml

  • report-artifact-name: Artifact name to download (default danger-report).
  • report-file: Report filename inside the artifact (default danger-report.json).
  • comment-title: Heading for the PR comment (default Danger Report).
  • comment-marker: Marker string used to update the comment (default <!-- danger-report -->).

License

MIT License. See LICENSE for details.