feat(ci): additional code/deps/security checks #37
103
.drone.yml
103
.drone.yml
@ -48,19 +48,6 @@ steps:
|
||||
- mix compile
|
||||
- mix test --cover --trace --slowest 10
|
||||
|
||||
- name: lint
|
||||
image: 'elixir:1.15.7-slim'
|
||||
commands:
|
||||
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
||||
- mix compile --all-warnings --warnings-as-errors
|
||||
- mix hex.audit
|
||||
- mix deps.audit
|
||||
- mix deps.unlock --check-unused
|
||||
- mix format --dry-run --check-formatted
|
||||
- mix credo suggest --strict --format=flycheck
|
||||
- mix dialyzer --no-check --quiet --ignore-exit-status --format short
|
||||
- mix sobelow
|
||||
|
||||
- name: rebuild cache
|
||||
image: 'meltwater/drone-cache:v1.4.0'
|
||||
environment:
|
||||
@ -87,3 +74,93 @@ services:
|
||||
environment:
|
||||
POSTGRES_USER: postgres
|
||||
POSTGRES_PASSWORD: postgres
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: lint
|
||||
|
||||
trigger:
|
||||
event:
|
||||
- pull_request
|
||||
|
||||
steps:
|
||||
- name: restore cache
|
||||
image: 'meltwater/drone-cache:v1.4.0'
|
||||
environment:
|
||||
AWS_ACCESS_KEY_ID:
|
||||
from_secret: minio_user
|
||||
AWS_SECRET_ACCESS_KEY:
|
||||
from_secret: minio_password
|
||||
settings:
|
||||
archive_format: gzip
|
||||
bucket: trainlog-cache
|
||||
cache_key: '{{ .Repo.Name }}-{{ checksum ".tool-versions" }}-{{ checksum "mix.lock" }}'
|
||||
endpoint: minio:9000
|
||||
mount:
|
||||
- _build
|
||||
- deps
|
||||
path_style: true
|
||||
region: us-east-1
|
||||
restore: true
|
||||
|
||||
- name: compile app
|
||||
image: 'elixir:1.15.7-slim'
|
||||
commands:
|
||||
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
||||
- mix compile --all-warnings --warnings-as-errors
|
||||
|
||||
- name: audit deps
|
||||
image: 'elixir:1.15.7-slim'
|
||||
commands:
|
||||
- apt-get update
|
||||
- apt-get install -y git
|
||||
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
||||
- mix hex.audit
|
||||
- mix deps.audit
|
||||
- mix deps.unlock --check-unused
|
||||
- mix hex.outdated
|
||||
|
||||
- name: format check
|
||||
image: 'elixir:1.15.7-slim'
|
||||
commands:
|
||||
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
||||
- mix format --dry-run --check-formatted
|
||||
|
||||
- name: credo check
|
||||
image: 'elixir:1.15.7-slim'
|
||||
commands:
|
||||
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
||||
- mix credo suggest --strict --format=flycheck
|
||||
|
||||
- name: dialyzer check
|
||||
image: 'elixir:1.15.7-slim'
|
||||
commands:
|
||||
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
||||
- mix dialyzer --no-check --quiet --ignore-exit-status --format short
|
||||
|
||||
- name: sobelow check
|
||||
image: 'elixir:1.15.7-slim'
|
||||
commands:
|
||||
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
||||
- mix sobelow
|
||||
|
||||
- name: rebuild cache
|
||||
image: 'meltwater/drone-cache:v1.4.0'
|
||||
environment:
|
||||
AWS_ACCESS_KEY_ID:
|
||||
from_secret: minio_user
|
||||
AWS_SECRET_ACCESS_KEY:
|
||||
from_secret: minio_password
|
||||
settings:
|
||||
archive_format: gzip
|
||||
bucket: trainlog-cache
|
||||
cache_key: '{{ .Repo.Name }}-{{ checksum ".tool-versions" }}-{{ checksum "mix.lock" }}'
|
||||
endpoint: minio:9000
|
||||
exit_code: true
|
||||
mount:
|
||||
- _build
|
||||
- deps
|
||||
path_style: true
|
||||
rebuild: true
|
||||
region: us-east-1
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user