ex_trainer/.drone.yml
João Paulo Dubas 7420139650 feat(ci): additional code/deps/security checks (#37)
To improve `CI` quality the following checks were added:

* compile warnings
* deprecated dependencies
* insecure dependencies
* unused dependencies
* code vulnerabilities

Also, to improve `CI` execution time, dependencies checks and lining were separated from the test pipeline.

Last, but not least, to make local development easier a `Dockerfile` was created to contain any system dependencies, and targets to handle database creation and migration were added.

Reviewed-on: #37
2023-11-11 20:35:45 +00:00

167 lines
4.1 KiB
YAML

---
kind: pipeline
type: docker
name: test
trigger:
event:
- pull_request
steps:
- name: database healthcheck
image: &postgres 'postgres:16.0-alpine'
environment:
PGUSER: postgres
PGPASSWORD: postgres
PGHOST: db
commands:
- while ! pg_isready; do sleep 1; done
- name: restore cache
image: &drone_cache 'meltwater/drone-cache:v1.4.0'
environment:
AWS_ACCESS_KEY_ID:
from_secret: minio_user
AWS_SECRET_ACCESS_KEY:
from_secret: minio_password
settings:
archive_format: gzip
bucket: trainlog-cache
cache_key: '{{ .Repo.Name }}-{{ checksum ".tool-versions" }}-{{ checksum "mix.lock" }}'
endpoint: minio:9000
mount:
- _build
- deps
path_style: true
region: us-east-1
restore: true
- name: test
image: &elixir 'elixir:1.15.7-slim'
environment:
MIX_ENV: test
POSTGRES_HOST: db
POSTGRES_USER: postgres
POSTGRES_PASS: postgres
commands:
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
- mix compile
- mix test --cover --trace --slowest 10
- name: rebuild cache
image: *drone_cache
environment:
AWS_ACCESS_KEY_ID:
from_secret: minio_user
AWS_SECRET_ACCESS_KEY:
from_secret: minio_password
settings:
archive_format: gzip
bucket: trainlog-cache
cache_key: '{{ .Repo.Name }}-{{ checksum ".tool-versions" }}-{{ checksum "mix.lock" }}'
endpoint: minio:9000
exit_code: true
mount:
- _build
- deps
path_style: true
rebuild: true
region: us-east-1
services:
- name: db
image: *postgres
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
---
kind: pipeline
type: docker
name: lint
trigger:
event:
- pull_request
steps:
- name: restore cache
image: &drone_cache 'meltwater/drone-cache:v1.4.0'
environment:
AWS_ACCESS_KEY_ID:
from_secret: minio_user
AWS_SECRET_ACCESS_KEY:
from_secret: minio_password
settings:
archive_format: gzip
bucket: trainlog-cache
cache_key: '{{ .Repo.Name }}-{{ checksum ".tool-versions" }}-{{ checksum "mix.lock" }}'
endpoint: minio:9000
mount:
- _build
- deps
path_style: true
region: us-east-1
restore: true
- name: compile app
image: &elixir 'elixir:1.15.7-slim'
commands:
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
- mix compile --all-warnings --warnings-as-errors
- name: audit deps
image: *elixir
commands:
- apt-get update
- apt-get install -y git
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
- mix hex.audit
- mix deps.audit
- mix deps.unlock --check-unused
# - mix hex.outdated
- name: format check
image: *elixir
commands:
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
- mix format --dry-run --check-formatted
- name: credo check
image: *elixir
commands:
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
- mix credo suggest --strict --format=flycheck
- name: dialyzer check
image: *elixir
commands:
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
- mix dialyzer --no-check --quiet --ignore-exit-status --format short
- name: sobelow check
image: *elixir
commands:
- mix do local.rebar --force, local.hex --force, deps.get, deps.compile
- mix sobelow
- name: rebuild cache
image: *drone_cache
environment:
AWS_ACCESS_KEY_ID:
from_secret: minio_user
AWS_SECRET_ACCESS_KEY:
from_secret: minio_password
settings:
archive_format: gzip
bucket: trainlog-cache
cache_key: '{{ .Repo.Name }}-{{ checksum ".tool-versions" }}-{{ checksum "mix.lock" }}'
endpoint: minio:9000
exit_code: true
mount:
- _build
- deps
path_style: true
rebuild: true
region: us-east-1