Thuy's Blog

A quick visual guide to set up Danger JS with Bitrise and GitHub

June 27, 2019

danger logo hero 2x ce56217b

Generating a new personal access token

Visit Then click Generate new token. The New personal access token page will show up. In the Select scopes section, tick repo and write:discussion. Those scopes are for Danger JS to be able to post comments to pull requests.

select scopes

After generating the token, do remember to copy the token to somewhere safe before moving on to the next step.

Select scopes

Setting it up on Bitrise


Go to the Workflow Editor. Then select the Secrets tab. In the Secret Environment Variables section, click Add new.

secret env vars

Use DANGER_GITHUB_API_TOKEN for the Key while the Value is the access token we generated earlier. Also make sure that we tick the Expose for Pull Requests? box.

secret env vars key value

Then click Save.

Installing Danger using yarn

In the Steps list, click the + button where we think we should start installing Danger. For example, in my case, I want to run Danger after I run all tests. So I will add a new step of installing Danger after the Clean build step.

bitrise new step

A new Search steps slider will show. Then search for the Run yarn command step. Click that step to add it into the workflow.

search for yarn

In the newly added step, make sure we fill add for the yarn command and danger --dev for the arguments.

add danger step

Running Danger

In order for the Workflow to run Danger, create a new yarn step like earlier. In the Input variables section, choose danger for the yarn command and ci for the arguments.

run danger

Creating dangerfile.js

So, CI is already ready to execute Danger. Next step is to instruct Danger to do whatever we like. Since we are using Danger JS, the dangerfile will be in JavaScript (or TypeScript). We can do that by creating a new dangerfile.js file in the root directory of the project. During CI builds, Danger will automatically recognize this file and execute it accordingly.

Just for demo purpose, the following script will check whether a pull request has a description or not:

const { danger, warn } = require("danger")

// No pull request is too small to include a description of why you made a change.
if ( < 10) {
  warn("Please include a description of your PR changes.")

If our setup is successful, this is an example of how Danger will do its jobs.

danger comment

Because I was using my personal access token for Danger, so the author of the comment will be me. In your case, you may prefer to use an access token from your GitHub bot account.

Thuy Trinh

Written by Thuy Trinh who lives and works in Frankfurt, Germany building robust Android apps. You should follow him on Twitter