iOS: Danger-Swift + Gitlab + Bitrise

Saad El Oulladi
5 min readJan 16, 2020

There is no doubt about the importance of code review for software quality. Having one or more developers to approve the new code is an efficient way to ensure meeting code quality standards and team conventions.

However, humans can always forget to notice some mistakes.
Lucky there is a way to automate code review. perhaps not all of it. but at least the cosmetic part. which will allow reviewers to focus on the code logic instead of making comments on indentation for instance.

Danger is a tool that allows to automate code review. It adds comments to your pull request like a regular git user would do, based on rules you define in a file called Dangerfile.

Danger implementation might differ depending on the technical environment. Hence in this article, i will try to share with you the implementation process we did using A local Gitlab and Bitrise.

How it works

  • Once you create or update a merge request in Gitlab. a merge request build is triggered in your CI.
  • At the end of your build, Betrise CI installs and run Danger. which calls back Gitlab via it’s Rest API to make comments on your merge request.

Run locally

The first step is to setup and run danger on your swift project locally. this is an important to test and validate your configuration before implementing it in your environment.

Install danger swift in your local machine using Homebrew with the following command. By the way, this will also install Danger-JS which is used behind the sceen.

brew install danger/tap/danger-swift

Then in order to set up danger in your project run “danger-swift edit”, this will create a DangerFile and open an XCode project where you can edit it.

danger-swift edit

Replace you Dangerfile Content with the following :

import Danger 
let danger = Danger()
danger.message(“Hello from Danger”)

Hit enter in your terminal to save and close the XCode project.

Then use “danger-swift local” to run Danger in your machine, and make sure your setup is OK.

danger-swift local

You should see “Hello from Danger” message.

Setup Gitlab

On gitlab side, we need first to create a user for Danger, make sure he has read permission on the concerned project. Once your user created, you will have an access token for it. we will need it later on.

Make sure also that Gitlab webhooks are configured to trigger build for merge requests. this is the only way for Danger to recognize the concerned merge request.

Setup Betrise

First in your betrise.yml add a script step as the folowing :

- script:
- content: |
set -ex
brew install danger/tap/danger-swift
danger-swift ci

Then we need to set DANGER_GITHUB_HOST and DANGER_GITHUB_API_BASE_URL host, and git as environment variables in Bitrise :

And your danger user token as a secret environment variable with the following key DANGER_GITLAB_API_TOKEN.
Make sure not to add the api token as a normal environment variable, due to security concerns, it should absolutely be kept secret.

Make sure that “Expose fir pullRequests” is enabled to that this variable can be used.

let’s have a test

Now if you create a merge request, you should see a that a build including danger step has started in Betrise.

Once done you should see a comment in your merge request that looks like this :

ERROR 404 : ‘Project Not Found’

During our implementation of danger, we came across a danger error that says the gitlab project was not found. we spent some time to figure out what was the issue.

It turns out that this is related to the Apache configuration where our Gitlab is hosted.

Mainly this is due a configuration not allowing encoded slashes. here is more details about the issue.

Here you have two ways of fixing this issue :

1 - You can ask kindly to the infra team managing your gitlab hosting to set AllowEncodedSlashes to on in your apache server.

2 - Or you can point on my fork of danger-swift and danger-js where i use the project id instead of project name, this is how to do :

Add a new environment variable with your gitlab project ID called DANGER_GITLAB_PROJECT_ID

And in your betrise.yml replace the default danger install with my fork :

brew install farabi/tap/danger-swift


Here you go, you should be fine from here. once you see your danger comment on your merge request, you can start add your custom rules, or add danger plugins to extend its features. like with danger-swiftlint to show Swiftlint warning as a merge request comments.

However, it might not be a good idea to add a lot of danger rules all at once. this could spam your merge requests with lot of comments. it’s better instead to add rules gradually, to make sure they are all useful.