chore: sync files with stordco/common-config-elixir (#128) #298
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file is synced with stordco/common-config-elixir. Any changes will be overwritten. | |
name: CI | |
on: | |
merge_group: | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- synchronize | |
push: | |
branches: | |
- main | |
- code-freeze/** | |
workflow_call: | |
secrets: | |
CI_SERVICE_KEY: | |
required: true | |
GH_PERSONAL_ACCESS_TOKEN: | |
required: true | |
HEX_API_KEY: | |
required: true | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
Changed: | |
name: Changed Files | |
runs-on: ubuntu-latest | |
outputs: | |
database: ${{ steps.changed.outputs.database_any_changed }} | |
docker: ${{ steps.changed.outputs.docker_any_changed }} | |
elixir: ${{ steps.changed.outputs.elixir_any_changed }} | |
helm: ${{ steps.changed.outputs.helm_any_changed }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
- id: changed | |
name: Get Changed Files | |
uses: tj-actions/changed-files@v44 | |
with: | |
files_yaml: | | |
database: | |
- '.github/workflows/ci.yaml' | |
- 'priv/*repo/**' | |
docker: | |
- '.github/workflows/ci.yaml' | |
- 'Dockerfile' | |
documentation: | |
- 'docs/**' | |
- 'priv/documentation/**' | |
- '**.ex' | |
- '**.md' | |
elixir: | |
- '.github/workflows/ci.yaml' | |
- '.tool-versions' | |
- 'priv/**' | |
- '**.ex' | |
- '**.exs' | |
- '**.heex' | |
helm: | |
- '.github/workflows/ci.yaml' | |
- '.github/workflows/staging.yaml' | |
- '.github/workflows/production.yaml' | |
- 'helm/**' | |
Credo: | |
if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }} | |
needs: [Changed] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Elixir | |
uses: stordco/actions-elixir/setup@v1 | |
with: | |
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
hex-token: ${{ secrets.HEX_API_KEY }} | |
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
- name: Credo | |
run: mix credo --strict | |
Dependencies: | |
if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }} | |
needs: [Changed] | |
runs-on: ubuntu-latest | |
env: | |
MIX_ENV: test | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Elixir | |
uses: stordco/actions-elixir/setup@v1 | |
with: | |
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
hex-token: ${{ secrets.HEX_API_KEY }} | |
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
- name: Unused | |
run: mix deps.unlock --check-unused | |
Dialyzer: | |
if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }} | |
needs: [Changed] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Elixir | |
uses: stordco/actions-elixir/setup@v1 | |
with: | |
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
hex-token: ${{ secrets.HEX_API_KEY }} | |
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
- name: Dialyzer | |
run: mix dialyzer --format github | |
Documentation: | |
if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.documentation == 'true' }} | |
needs: [Changed] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Elixir | |
uses: stordco/actions-elixir/setup@v1 | |
with: | |
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
hex-token: ${{ secrets.HEX_API_KEY }} | |
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
- name: Docs | |
run: mix docs | |
Format: | |
if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }} | |
needs: [Changed] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Elixir | |
uses: stordco/actions-elixir/setup@v1 | |
with: | |
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
hex-token: ${{ secrets.HEX_API_KEY }} | |
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
- name: Format | |
run: mix format --check-formatted | |
Test: | |
name: Test (Elixir ${{ matrix.versions.elixir }} OTP ${{ matrix.versions.otp }}) | |
runs-on: ubuntu-latest | |
env: | |
MIX_ENV: test | |
services: | |
kafka: | |
image: bitnami/kafka:latest | |
ports: | |
- 9092:9092 | |
- 9093:9093 | |
env: | |
KAFKA_CFG_ADVERTISED_LISTENERS: "PLAINTEXT://127.0.0.1:9092" | |
KAFKA_CFG_BROKER_ID: "0" | |
KAFKA_CFG_CONTROLLER_LISTENER_NAMES: "CONTROLLER" | |
KAFKA_CFG_CONTROLLER_QUORUM_VOTERS: "0@kafka:9093" | |
KAFKA_CFG_DEFAULT_REPLICATION_FACTOR: "1" | |
KAFKA_CFG_DELETE_TOPIC_ENABLE: "true" | |
KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP: "CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT" | |
KAFKA_CFG_LISTENERS: "PLAINTEXT://:9092,CONTROLLER://:9093" | |
KAFKA_CFG_NODE_ID: "0" | |
KAFKA_CFG_PROCESS_ROLES: "controller,broker" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Elixir | |
uses: stordco/actions-elixir/setup@v1 | |
with: | |
elixir-version: ${{ matrix.versions.elixir }} | |
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
hex-token: ${{ secrets.HEX_API_KEY }} | |
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
otp-version: ${{ matrix.versions.otp }} | |
- name: Compile | |
run: mix compile --warnings-as-errors | |
- name: Test | |
run: mix coveralls.github | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
strategy: | |
fail-fast: false | |
matrix: | |
versions: | |
- elixir: 1.13 | |
otp: 25 | |
- elixir: 1.14 | |
otp: 25 | |
- elixir: 1.15 | |
otp: 26 | |
Trivy_Filesystem: | |
if: ${{ !startsWith(github.head_ref, 'release-please--branches') }} | |
name: Trivy Filesystem Scan | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
id-token: write | |
pull-requests: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Elixir | |
uses: stordco/actions-elixir/setup@v1 | |
with: | |
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
hex-token: ${{ secrets.HEX_API_KEY }} | |
oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
- name: Trivy Scan | |
uses: stordco/actions-trivy@v1 | |
with: | |
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
scan-type: fs | |
slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
slack-channel-id: ${{ secrets.SLACK_SECURITY_ALERTS }} | |
update-db: false | |