Skip to content

chore: sync files with stordco/common-config-elixir #214

chore: sync files with stordco/common-config-elixir

chore: sync files with stordco/common-config-elixir #214

Workflow file for this run

# This file is synced with stordco/common-config-elixir. Any changes will be overwritten.
name: CI
on:
merge_group:
pull_request:
types:
- opened
- reopened
- synchronize
push:
branches:
- main
- code-freeze/**
workflow_call:
secrets:
CI_SERVICE_KEY:
required: true
GH_PERSONAL_ACCESS_TOKEN:
required: true
HEX_API_KEY:
required: true
workflow_dispatch:
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
Changed:
name: Changed Files
runs-on: ubuntu-latest
outputs:
database: ${{ steps.changed.outputs.database_any_changed }}
docker: ${{ steps.changed.outputs.docker_any_changed }}
elixir: ${{ steps.changed.outputs.elixir_any_changed }}
helm: ${{ steps.changed.outputs.helm_any_changed }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 2
- id: changed
name: Get Changed Files
uses: tj-actions/changed-files@v44
with:
files_yaml: |
database:
- '.github/workflows/ci.yaml'
- 'priv/*repo/**'
docker:
- '.github/workflows/ci.yaml'
- 'Dockerfile'
documentation:
- 'docs/**'
- 'priv/documentation/**'
- '**.ex'
- '**.md'
elixir:
- '.github/workflows/ci.yaml'
- '.tool-versions'
- 'priv/**'
- '**.ex'
- '**.exs'
- '**.heex'
helm:
- '.github/workflows/ci.yaml'
- '.github/workflows/staging.yaml'
- '.github/workflows/production.yaml'
- 'helm/**'
Credo:
if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }}
needs: [Changed]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Elixir
uses: stordco/actions-elixir/setup@v1
with:
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
hex-token: ${{ secrets.HEX_API_KEY }}
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
- name: Credo
run: mix credo --strict
Dependencies:
if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }}
needs: [Changed]
runs-on: ubuntu-latest
env:
MIX_ENV: test
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Elixir
uses: stordco/actions-elixir/setup@v1
with:
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
hex-token: ${{ secrets.HEX_API_KEY }}
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
- name: Unused
run: mix deps.unlock --check-unused
Dialyzer:
if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }}
needs: [Changed]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Elixir
uses: stordco/actions-elixir/setup@v1
with:
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
hex-token: ${{ secrets.HEX_API_KEY }}
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
- name: Dialyzer
run: mix dialyzer --format github
Documentation:
if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.documentation == 'true' }}
needs: [Changed]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Elixir
uses: stordco/actions-elixir/setup@v1
with:
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
hex-token: ${{ secrets.HEX_API_KEY }}
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
- name: Docs
run: mix docs
Format:
if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }}
needs: [Changed]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Elixir
uses: stordco/actions-elixir/setup@v1
with:
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
hex-token: ${{ secrets.HEX_API_KEY }}
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
- name: Format
run: mix format --check-formatted
Test:
name: Test (Elixir ${{ matrix.versions.elixir }} OTP ${{ matrix.versions.otp }})
runs-on: ubuntu-latest
env:
MIX_ENV: test
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Elixir
uses: stordco/actions-elixir/setup@v1
with:
elixir-version: ${{ matrix.versions.elixir }}
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
hex-token: ${{ secrets.HEX_API_KEY }}
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
otp-version: ${{ matrix.versions.otp }}
- name: Compile
run: mix compile --warnings-as-errors
- name: Test
run: mix coveralls.github
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
strategy:
fail-fast: false
matrix:
versions:
- elixir: 1.13
otp: 25
- elixir: 1.14
otp: 25
- elixir: 1.15
otp: 26
Trivy_Filesystem:
if: ${{ !startsWith(github.head_ref, 'release-please--branches') }}
name: Trivy Filesystem Scan
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Elixir
uses: stordco/actions-elixir/setup@v1
with:
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
hex-token: ${{ secrets.HEX_API_KEY }}
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
- name: Trivy Scan
uses: stordco/actions-trivy@v1
with:
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
scan-type: fs
slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
slack-channel-id: ${{ secrets.SLACK_SECURITY_ALERTS }}