From c814232bf0bfc3e5d23316a3b9779adb66fbeea8 Mon Sep 17 00:00:00 2001
From: Joao P Dubas <joao.dubas@gmail.com>
Date: Tue, 1 Aug 2023 10:10:36 +0000
Subject: [PATCH] feat(ci): additional code/deps/security checks

* check for compile warnings
* check deprecated deps
* check insecure deps
* check unused deps
* check code vunerabilities
---
 .drone.yml | 8 ++++++--
 mix.exs    | 2 ++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 8d95fd4..2e2666b 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -52,10 +52,14 @@ steps:
     image: 'elixir:1.15.4-slim'
     commands:
       - mix do local.rebar --force, local.hex --force, deps.get, deps.compile
-      - mix compile
-      - mix format --check-formatted
+      - mix compile --all-warnings --warnings-as-errors
+      - mix hex.audit
+      - mix deps.audit
+      - mix deps.unlock --check-unused
+      - mix format --dry-run --check-formatted
       - mix credo suggest --strict --format=flycheck
       - mix dialyzer --no-check --quiet --ignore-exit-status --format short
+      - mix sobelow
 
   - name: rebuild cache
     image: 'meltwater/drone-cache:v1.4.0'
diff --git a/mix.exs b/mix.exs
index 1219872..8097047 100644
--- a/mix.exs
+++ b/mix.exs
@@ -39,6 +39,7 @@ defmodule Wabanex.MixProject do
       {:jason, "~> 1.4.0"},
       {:junit_formatter, "~> 3.3.0", only: [:test]},
       {:lcov_ex, "~> 0.3.0", only: [:dev, :test], runtime: false},
+      {:mix_audit, "~> 2.1.0", only: [:dev, :test], runtime: false},
       {:pg_ranges, "~> 1.1.0"},
       {:phoenix, "~> 1.7.0"},
       {:phoenix_ecto, "~> 4.4.0"},
@@ -47,6 +48,7 @@ defmodule Wabanex.MixProject do
       {:plug_cowboy, "~> 2.6.0"},
       {:postgrex, "~> 0.17.0"},
       {:prom_ex, "~> 1.8.0"},
+      {:sobelow, "~> 0.12", only: [:dev, :test], runtime: false},
       {:telemetry_metrics, "~> 0.6.0"},
       {:telemetry_poller, "~> 1.0.0"}
     ]