chore: sync files with stordco/common-config-elixir #61
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file is synced with stordco/common-config-elixir. Any changes will be overwritten. | |
| name: CI | |
| on: | |
| merge_group: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| push: | |
| branches: | |
| - main | |
| - code-freeze/** | |
| workflow_call: | |
| secrets: | |
| CI_SERVICE_KEY: | |
| required: true | |
| GH_PERSONAL_ACCESS_TOKEN: | |
| required: true | |
| HEX_API_KEY: | |
| required: true | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| Changed: | |
| name: Changed Files | |
| runs-on: ubuntu-latest | |
| outputs: | |
| database: ${{ steps.changed.outputs.database }} | |
| docker: ${{ steps.changed.outputs.docker }} | |
| # Note: temporarily disabling documentation/OpenAPI validation in CI until a long term solution is found | |
| # documentation: ${{ steps.changed.outputs.documentation }} | |
| elixir: ${{ steps.changed.outputs.elixir }} | |
| helm: ${{ steps.changed.outputs.helm }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 2 | |
| - id: changed | |
| name: Get Changed Files | |
| run: | | |
| # Using fetch-depth 2 above, we should always be able to get the full list of changes files: | |
| # - In a pull-request, GHA merges the PR branch into main | |
| # - When pushed to main, we always squash merge, so there is only one new commit | |
| CHANGED_FILES=$(git diff --name-only HEAD^1 HEAD) | |
| declare -A patterns | |
| patterns["database"]=".github/workflows/ci.yaml priv/.*repo/.*" | |
| patterns["docker"]=".github/workflows/ci.yaml Dockerfile" | |
| patterns["documentation"]="docs/.* priv/documentation/.* .*.ex .*.md" | |
| patterns["elixir"]=".github/workflows/ci.yaml .tool-versions priv/.* .*.ex .*.exs .*.heex" | |
| patterns["helm"]=".github/workflows/ci.yaml .github/workflows/staging.yaml .github/workflows/production.yaml helm/.*" | |
| for filetype in ${!patterns[@]}; do | |
| found="false" | |
| echo "==> Checking: $filetype" | |
| for pattern in ${patterns[$filetype]}; do | |
| for changed_file in $CHANGED_FILES; do | |
| if [[ "$changed_file" =~ $pattern ]]; then | |
| echo "====> Found change: $changed_file" | |
| found="true" | |
| break | |
| fi | |
| done | |
| if [[ "$found" == "true" ]]; then | |
| break | |
| fi | |
| done | |
| echo "$filetype=$found" >> $GITHUB_OUTPUT | |
| done | |
| Credo: | |
| if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }} | |
| needs: [Changed] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| - name: Credo | |
| run: mix credo --strict | |
| Dependencies: | |
| if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }} | |
| needs: [Changed] | |
| runs-on: ubuntu-latest | |
| env: | |
| MIX_ENV: test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| - name: Unused | |
| run: mix deps.unlock --check-unused | |
| Dialyzer: | |
| if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }} | |
| needs: [Changed] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| - name: Dialyzer | |
| run: mix dialyzer --format github | |
| Documentation: | |
| if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.documentation == 'true' }} | |
| needs: [Changed] | |
| runs-on: ubuntu-latest | |
| env: | |
| MIX_ENV: test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| - name: Docs | |
| run: mix docs --warnings-as-errors | |
| Format: | |
| if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }} | |
| needs: [Changed] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| - name: Format | |
| run: mix format --check-formatted | |
| Test: | |
| name: Test (Elixir ${{ matrix.versions.elixir }} OTP ${{ matrix.versions.otp }}) | |
| runs-on: ubuntu-latest | |
| env: | |
| MIX_ENV: test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| elixir-version: ${{ matrix.versions.elixir }} | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| otp-version: ${{ matrix.versions.otp }} | |
| - name: Compile | |
| run: mix compile --warnings-as-errors | |
| - name: Test | |
| run: mix coveralls.github --warnings-as-errors | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| versions: | |
| - elixir: 1.13 | |
| otp: 25 | |
| - elixir: 1.14 | |
| otp: 25 | |
| - elixir: 1.15 | |
| otp: 26 | |
| Trivy_Filesystem: | |
| if: ${{ !startsWith(github.head_ref, 'release-please--branches') }} | |
| name: Trivy Filesystem Scan | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| - name: Trivy Scan | |
| uses: stordco/actions-trivy@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| scan-type: fs | |
| slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
| slack-channel-id: ${{ secrets.SLACK_SECURITY_ALERTS }} | |
| update-db: false | |