chore: sync files with stordco/common-config-elixir #55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file is synced with stordco/common-config-elixir. Any changes will be overwritten. | |
| name: CI | |
| on: | |
| merge_group: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| push: | |
| branches: | |
| - main | |
| - code-freeze/** | |
| workflow_call: | |
| secrets: | |
| CI_SERVICE_KEY: | |
| required: true | |
| GH_PERSONAL_ACCESS_TOKEN: | |
| required: true | |
| HEX_API_KEY: | |
| required: true | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| Changed: | |
| name: Changed Files | |
| runs-on: ubuntu-latest | |
| outputs: | |
| database: ${{ steps.changed.outputs.database_any_changed }} | |
| docker: ${{ steps.changed.outputs.docker_any_changed }} | |
| elixir: ${{ steps.changed.outputs.elixir_any_changed }} | |
| helm: ${{ steps.changed.outputs.helm_any_changed }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 2 | |
| - id: changed | |
| name: Get Changed Files | |
| uses: tj-actions/changed-files@v44 | |
| with: | |
| files_yaml: | | |
| database: | |
| - '.github/workflows/ci.yaml' | |
| - 'priv/*repo/**' | |
| docker: | |
| - '.github/workflows/ci.yaml' | |
| - 'Dockerfile' | |
| documentation: | |
| - 'docs/**' | |
| - 'priv/documentation/**' | |
| - '**.ex' | |
| - '**.md' | |
| elixir: | |
| - '.github/workflows/ci.yaml' | |
| - '.tool-versions' | |
| - 'priv/**' | |
| - '**.ex' | |
| - '**.exs' | |
| - '**.heex' | |
| helm: | |
| - '.github/workflows/ci.yaml' | |
| - '.github/workflows/staging.yaml' | |
| - '.github/workflows/production.yaml' | |
| - 'helm/**' | |
| Credo: | |
| if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }} | |
| needs: [Changed] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| - name: Credo | |
| run: mix credo --strict | |
| Dependencies: | |
| if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }} | |
| needs: [Changed] | |
| runs-on: ubuntu-latest | |
| env: | |
| MIX_ENV: test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| - name: Unused | |
| run: mix deps.unlock --check-unused | |
| Dialyzer: | |
| if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }} | |
| needs: [Changed] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| - name: Dialyzer | |
| run: mix dialyzer --format github | |
| Documentation: | |
| if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.documentation == 'true' }} | |
| needs: [Changed] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| - name: Docs | |
| run: mix docs | |
| Format: | |
| if: ${{ !startsWith(github.head_ref, 'release-please--branches') && needs.Changed.outputs.elixir == 'true' }} | |
| needs: [Changed] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| - name: Format | |
| run: mix format --check-formatted | |
| Test: | |
| name: Test (Elixir ${{ matrix.versions.elixir }} OTP ${{ matrix.versions.otp }}) | |
| runs-on: ubuntu-latest | |
| env: | |
| MIX_ENV: test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| elixir-version: ${{ matrix.versions.elixir }} | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| otp-version: ${{ matrix.versions.otp }} | |
| - name: Compile | |
| run: mix compile --warnings-as-errors | |
| - name: Test | |
| run: mix coveralls.github | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| versions: | |
| - elixir: 1.13 | |
| otp: 25 | |
| - elixir: 1.14 | |
| otp: 25 | |
| - elixir: 1.15 | |
| otp: 26 | |
| Trivy_Filesystem: | |
| if: ${{ !startsWith(github.head_ref, 'release-please--branches') }} | |
| name: Trivy Filesystem Scan | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Elixir | |
| uses: stordco/actions-elixir/setup@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| hex-token: ${{ secrets.HEX_API_KEY }} | |
| oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} | |
| oban-token: ${{ secrets.OBAN_LICENSE_KEY }} | |
| - name: Trivy Scan | |
| uses: stordco/actions-trivy@v1 | |
| with: | |
| github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} | |
| scan-type: fs | |
| slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
| slack-channel-id: ${{ secrets.SLACK_SECURITY_ALERTS }} | |
| update-db: false | |