To improve `CI` quality the following checks were added: * compile warnings * deprecated dependencies * insecure dependencies * unused dependencies * code vulnerabilities Also, to improve `CI` execution time, dependencies checks and lining were separated from the test pipeline. Last, but not least, to make local development easier a `Dockerfile` was created to contain any system dependencies, and targets to handle database creation and migration were added. Reviewed-on: #37
167 lines
4.1 KiB
YAML
167 lines
4.1 KiB
YAML
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: test
|
|
|
|
trigger:
|
|
event:
|
|
- pull_request
|
|
|
|
steps:
|
|
- name: database healthcheck
|
|
image: &postgres 'postgres:16.0-alpine'
|
|
environment:
|
|
PGUSER: postgres
|
|
PGPASSWORD: postgres
|
|
PGHOST: db
|
|
commands:
|
|
- while ! pg_isready; do sleep 1; done
|
|
|
|
- name: restore cache
|
|
image: &drone_cache 'meltwater/drone-cache:v1.4.0'
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: minio_user
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: minio_password
|
|
settings:
|
|
archive_format: gzip
|
|
bucket: trainlog-cache
|
|
cache_key: '{{ .Repo.Name }}-{{ checksum ".tool-versions" }}-{{ checksum "mix.lock" }}'
|
|
endpoint: minio:9000
|
|
mount:
|
|
- _build
|
|
- deps
|
|
path_style: true
|
|
region: us-east-1
|
|
restore: true
|
|
|
|
- name: test
|
|
image: &elixir 'elixir:1.15.7-slim'
|
|
environment:
|
|
MIX_ENV: test
|
|
POSTGRES_HOST: db
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASS: postgres
|
|
commands:
|
|
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
|
- mix compile
|
|
- mix test --cover --trace --slowest 10
|
|
|
|
- name: rebuild cache
|
|
image: *drone_cache
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: minio_user
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: minio_password
|
|
settings:
|
|
archive_format: gzip
|
|
bucket: trainlog-cache
|
|
cache_key: '{{ .Repo.Name }}-{{ checksum ".tool-versions" }}-{{ checksum "mix.lock" }}'
|
|
endpoint: minio:9000
|
|
exit_code: true
|
|
mount:
|
|
- _build
|
|
- deps
|
|
path_style: true
|
|
rebuild: true
|
|
region: us-east-1
|
|
|
|
services:
|
|
- name: db
|
|
image: *postgres
|
|
environment:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: lint
|
|
|
|
trigger:
|
|
event:
|
|
- pull_request
|
|
|
|
steps:
|
|
- name: restore cache
|
|
image: &drone_cache 'meltwater/drone-cache:v1.4.0'
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: minio_user
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: minio_password
|
|
settings:
|
|
archive_format: gzip
|
|
bucket: trainlog-cache
|
|
cache_key: '{{ .Repo.Name }}-{{ checksum ".tool-versions" }}-{{ checksum "mix.lock" }}'
|
|
endpoint: minio:9000
|
|
mount:
|
|
- _build
|
|
- deps
|
|
path_style: true
|
|
region: us-east-1
|
|
restore: true
|
|
|
|
- name: compile app
|
|
image: &elixir 'elixir:1.15.7-slim'
|
|
commands:
|
|
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
|
- mix compile --all-warnings --warnings-as-errors
|
|
|
|
- name: audit deps
|
|
image: *elixir
|
|
commands:
|
|
- apt-get update
|
|
- apt-get install -y git
|
|
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
|
- mix hex.audit
|
|
- mix deps.audit
|
|
- mix deps.unlock --check-unused
|
|
# - mix hex.outdated
|
|
|
|
- name: format check
|
|
image: *elixir
|
|
commands:
|
|
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
|
- mix format --dry-run --check-formatted
|
|
|
|
- name: credo check
|
|
image: *elixir
|
|
commands:
|
|
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
|
- mix credo suggest --strict --format=flycheck
|
|
|
|
- name: dialyzer check
|
|
image: *elixir
|
|
commands:
|
|
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
|
- mix dialyzer --no-check --quiet --ignore-exit-status --format short
|
|
|
|
- name: sobelow check
|
|
image: *elixir
|
|
commands:
|
|
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
|
|
- mix sobelow
|
|
|
|
- name: rebuild cache
|
|
image: *drone_cache
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: minio_user
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: minio_password
|
|
settings:
|
|
archive_format: gzip
|
|
bucket: trainlog-cache
|
|
cache_key: '{{ .Repo.Name }}-{{ checksum ".tool-versions" }}-{{ checksum "mix.lock" }}'
|
|
endpoint: minio:9000
|
|
exit_code: true
|
|
mount:
|
|
- _build
|
|
- deps
|
|
path_style: true
|
|
rebuild: true
|
|
region: us-east-1
|