chore: sync files with stordco/common-config-elixir

Author: github-actions[bot]

.credo.exs

@@ -23,7 +23,7 @@
         # You can give explicit globs or simply directories.
         # In the latter case `**/*.{ex,exs}` will be used.
         #
-        included: ["lib/", "priv/", "test/"],
+        included: ["config/", "lib/", "priv/", "test/"],
         excluded: [~r"/_build/", ~r"/deps/", ~r"/node_modules/"]
       },
       #
@@ -81,7 +81,7 @@
         # You can customize the priority of any check
         # Priority values are: `low, normal, high, higher`
         #
-        {Credo.Check.Design.AliasUsage, [priority: :low, if_nested_deeper_than: 2, if_called_more_often_than: 2]},
+        {Credo.Check.Design.AliasUsage, [priority: :low, if_nested_deeper_than: 4, if_called_more_often_than: 2]},
         {Credo.Check.Design.DuplicatedCode, false},
         # You can also customize the exit_status of each check.
         # If you don't want TODO comments to cause `mix credo` to fail, just
@@ -119,7 +119,8 @@
          [
            order:
              ~w(moduledoc behaviour use import require alias module_attribute defstruct callback macrocallback optional_callback)a,
-           ignore: [:type]
+           ignore: [:type],
+           ignore_module_attributes: [:contract, :decorate, :operation, :trace]
          ]},
         {Credo.Check.Readability.StringSigils, []},
         {Credo.Check.Readability.TrailingBlankLine, []},
@@ -177,7 +178,17 @@
         {Credo.Check.Warning.UnusedPathOperation, []},
         {Credo.Check.Warning.UnusedRegexOperation, []},
         {Credo.Check.Warning.UnusedStringOperation, []},
-        {Credo.Check.Warning.UnusedTupleOperation, []}
+        {Credo.Check.Warning.UnusedTupleOperation, []},
+
+        #
+        ## Custom
+        #
+        {Credo.Check.Warning.ForbiddenModule,
+         [
+           modules: [
+             {Oban.Worker, "use Oban.Pro.Worker instead"}
+           ]
+         ]}
       ]
     }
   ]

.github/pull_request_template.md

@@ -0,0 +1,25 @@
+## Related Ticket(s)
+
+<!--
+Enter the Jira issue below in the following format: PROJECT-##
+-->
+
+## Checklist
+
+<!--
+For each bullet, ensure your pr meets the criteria and write a note explaining how this PR relates. Mark them as complete as they are done. All top-level checkboxes should be checked regardless of their relevance to the pr with a note explaining whether they are relevant or not.
+-->
+
+- [ ] Code conforms to the [Elixir Styleguide](https://github.com/christopheradams/elixir_style_guide)
+
+## Problem
+
+<!--
+What is the problem you're solving or feature you're implementing? Link to any Jira tickets or previous discussions of the issue.
+-->
+
+## Details
+
+<!--
+Include a brief overview of the technical process you took (or are going to take!) to get from the problem to the solution.
+-->

.release-please-config.json renamed to .github/release-please-config-stable.json

@@ -7,6 +7,11 @@
       "section": "Features",
       "hidden": false
     },
+    {
+      "type": "hotfix",
+      "section": "Hotfixes",
+      "hidden": true
+    },
     {
       "type": "fix",
       "section": "Bug Fixes",
@@ -22,9 +27,7 @@
   "draft-pull-request": false,
   "packages": {
     ".": {
-      "extra-files": [
-        "README.md"
-      ],
+      "extra-files": ["README.md"],
       "release-type": "elixir"
     }
   },

.release-please-manifest.json renamed to .github/release-please-manifest.json

@@ -1,120 +1,251 @@
+# This file is synced with stordco/common-config-elixir. Any changes will be overwritten.
+
 name: CI
 
 on:
+  merge_group:
   pull_request:
     types:
       - opened
       - reopened
       - synchronize
-  merge_group:
+  push:
+    branches:
+      - main
+      - code-freeze/**
   workflow_call:
     secrets:
+      CI_SERVICE_KEY:
+        required: true
       GH_PERSONAL_ACCESS_TOKEN:
         required: true
       HEX_API_KEY:
         required: true
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
+  Changed:
+    name: Changed Files
+    runs-on: ubuntu-latest
+
+    outputs:
+      database: ${{ steps.changed.outputs.database_any_changed }}
+      docker: ${{ steps.changed.outputs.docker_any_changed }}
+      elixir: ${{ steps.changed.outputs.elixir_any_changed }}
+      helm: ${{ steps.changed.outputs.helm_any_changed }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 2
+
+      - id: changed
+        name: Get Changed Files
+        uses: tj-actions/changed-files@v44
+        with:
+          files_yaml: |
+            database:
+              - '.github/workflows/ci.yaml'
+              - 'priv/*repo/**'
+            docker:
+              - '.github/workflows/ci.yaml'
+              - 'Dockerfile'
+            documentation:
+              - 'docs/**'
+              - 'priv/documentation/**'
+              - '**.ex'
+              - '**.md'
+            elixir:
+              - '.github/workflows/ci.yaml'
+              - '.tool-versions'
+              - 'priv/**'
+              - '**.ex'
+              - '**.exs'
+              - '**.heex'
+            helm:
+              - '.github/workflows/ci.yaml'
+              - '.github/workflows/staging.yaml'
+              - '.github/workflows/production.yaml'
+              - 'helm/**'
+
   Credo:
+    if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }}
+    needs: [Changed]
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Elixir
         uses: stordco/actions-elixir/setup@v1
         with:
           github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
           hex-token: ${{ secrets.HEX_API_KEY }}
+          oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
+          oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
 
       - name: Credo
-        run: mix credo
+        run: mix credo --strict
 
-  Deps:
+  Dependencies:
+    if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }}
+    needs: [Changed]
     runs-on: ubuntu-latest
 
+    env:
+      MIX_ENV: test
+
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Elixir
         uses: stordco/actions-elixir/setup@v1
         with:
           github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
           hex-token: ${{ secrets.HEX_API_KEY }}
+          oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
+          oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
 
       - name: Unused
         run: mix deps.unlock --check-unused
 
   Dialyzer:
+    if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }}
+    needs: [Changed]
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Elixir
         uses: stordco/actions-elixir/setup@v1
         with:
           github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
           hex-token: ${{ secrets.HEX_API_KEY }}
+          oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
+          oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
 
       - name: Dialyzer
         run: mix dialyzer --format github
 
-  Docs:
+  Documentation:
+    if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.documentation == 'true' }}
+    needs: [Changed]
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Elixir
         uses: stordco/actions-elixir/setup@v1
         with:
           github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
           hex-token: ${{ secrets.HEX_API_KEY }}
+          oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
+          oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
 
       - name: Docs
         run: mix docs
 
   Format:
+    if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }}
+    needs: [Changed]
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Elixir
         uses: stordco/actions-elixir/setup@v1
         with:
           github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
           hex-token: ${{ secrets.HEX_API_KEY }}
+          oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
+          oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
 
       - name: Format
         run: mix format --check-formatted
 
   Test:
+    name: Test (Elixir ${{ matrix.versions.elixir }} OTP ${{ matrix.versions.otp }})
+
     runs-on: ubuntu-latest
 
     env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       MIX_ENV: test
 
+
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Elixir
         uses: stordco/actions-elixir/setup@v1
         with:
+          elixir-version: ${{ matrix.versions.elixir }}
           github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
           hex-token: ${{ secrets.HEX_API_KEY }}
+          oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
+          oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
+          otp-version: ${{ matrix.versions.otp }}
 
       - name: Compile
         run: mix compile --warnings-as-errors
 
       - name: Test
-        run: mix test
+        run: mix coveralls.github
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        versions:
+          - elixir: 1.13
+            otp: 25
+          - elixir: 1.14
+            otp: 25
+          - elixir: 1.15
+            otp: 26
+
+  Trivy_Filesystem:
+    if: ${{ !startsWith(github.head_ref, 'release-please--branches') }}
+    name: Trivy Filesystem Scan
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Elixir
+        uses: stordco/actions-elixir/setup@v1
+        with:
+          github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+          hex-token: ${{ secrets.HEX_API_KEY }}
+          oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
+          oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
+
+      - name: Trivy Scan
+        uses: stordco/actions-trivy@v1
+        with:
+          github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+          scan-type: fs
+          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          slack-channel-id: ${{ secrets.SLACK_SECURITY_ALERTS }}
+          update-db: false
+

.github/workflows/ci.yaml

@@ -21,22 +21,24 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
           persist-credentials: true
 
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: 16
+          node-version: 18
 
       - name: Setup Elixir
         uses: stordco/actions-elixir/setup@v1
         with:
+          elixir-version: "1.15"
           github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
           hex-token: ${{ secrets.HEX_API_KEY }}
-          elixir-version: "1.15"
+          oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }}
+          oban-token: ${{ secrets.OBAN_LICENSE_KEY }}
           otp-version: "26.0"
 
       - name: Sync