# frozen_string_literal: true

require_relative 'config/application'

Rails.application.load_tasks

desc 'Run all checks'
task all: %i[default extra]

desc 'Run common checks (test, lint...)'
task default: :lint

desc 'Run linting tools (RuboCop)'
task lint: :rubocop

desc 'Run additional checks'
task extra: %i[bundler:audit brakeman]

desc 'Fix code style (rubocop --auto-correct)'
task fix: 'rubocop:auto_correct'

begin
  require 'coveralls/rake/task'
  Coveralls::RakeTask.new
rescue LoadError
  nil
end

begin
  require 'rubocop/rake_task'
  RuboCop::RakeTask.new
rescue LoadError
  nil
end

begin
  require 'yard'
  YARD::Rake::YardocTask.new
rescue LoadError
  nil
end

namespace :bundler do
  require 'bundler/audit/cli'

  desc 'Updates the ruby-advisory-db and ' \
       'checks the Gemfile.lock for insecure dependencies'
  task audit: %i[audit:update audit:check]

  namespace :audit do
    desc 'Updates the ruby-advisory-db'
    task :update do
      Bundler::Audit::CLI.start ['update']
    end

    desc 'Checks the Gemfile.lock for insecure dependencies'
    task :check do
      # Ignore CVE-2015-9284 because it is already solved
      # by using gem `omniauth-rails_csrf_protection`
      Bundler::Audit::CLI.start ['check', '--ignore', 'CVE-2015-9284']
    end
  end
rescue LoadError
  nil
end

desc 'Detects security vulnerabilities via static analysis'
task :brakeman do
  sh(
    'bundle',
    'exec',
    'brakeman',
    Rails.root.to_s,
    '--confidence-level',
    '1',
    '--run-all-checks',
    # Ignore UnscopedFind because we use Pundit
    '--except',
    'UnscopedFind',
  )
end