Install Hex and Rebar locally #65
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous integration | |
| # Running on the branch main and on all PRs | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| jobs: | |
| # TODO: Split this job in multiple jobs to group similar tasks together (like setup, audit dependencies, format, lint, tests, etc...) | |
| # It would be nice if the setup could be reused, so it doesn't need to happen in every job (https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) | |
| continuous_integration: | |
| name: Continuous integration | |
| runs-on: ubuntu-24.04 | |
| env: | |
| MIX_ENV: test | |
| # CHANGEME: Remove or adapt this service based on your project needs | |
| services: | |
| # Database for the test suite, be sure to use the same Docker image in docker-compose.yml | |
| postgres: | |
| image: postgres:18.0 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: database_test | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 5432:5432 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Setup Elixir and OTP | |
| uses: erlef/setup-beam@v1.20.4 | |
| id: setup-beam | |
| with: | |
| otp-version: '28' | |
| elixir-version: '1.19.2' | |
| # Whenever a cache hit occurs for the exact `key` match defined below, this step sets the `cache-hit` outputs to 'true'. | |
| # With `if: steps.cache.outputs.cache-hit != 'true'`, this can be used in steps to run or ignore them based on the cache hit. | |
| # A partial key match via `restore-keys` or a cache miss will set `cache-hit` to 'false'. | |
| - name: Restore dependencies from cache if possible | |
| uses: actions/cache@v4 | |
| id: cache # To expose the `cache-hit` output through `steps.cache.outputs.cache-hit` | |
| env: | |
| cache-name: mix-${{ runner.os }}-${{ steps.setup-beam.outputs.otp-version }}-${{ steps.setup-beam.outputs.elixir-version }}- | |
| with: | |
| # deps -> where Mix downloads dependencies | |
| # _build -> where Mix stores compiled artifacts | |
| path: | | |
| deps | |
| _build | |
| key: ${{ env.cache-name }}${{ hashFiles('**/mix.lock') }} | |
| restore-keys: | | |
| ${{ env.cache-name }} | |
| # CHANGEME: Remove this step, it's not needed for your project. It's only for the CI to run, while avoiding to track this code with Git | |
| - name: Create an empty Elixir project and add dependencies for the CI to run | |
| run: > | |
| mix new . && | |
| mix escript.install --force hex mix_audit 2.1.5 && | |
| mix escript.install --force hex credo 1.7.13 && | |
| mix escript.install --force hex sobelow 0.14.1 | |
| - name: Install and compile dependencies | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: mix do deps.get, deps.compile | |
| - name: Find unused dependencies # https://hexdocs.pm/mix/Mix.Tasks.Deps.Unlock.html | |
| run: mix deps.unlock --check-unused | |
| - name: Check for retired dependencies # https://hexdocs.pm/hex/Mix.Tasks.Hex.Audit.html | |
| run: mix hex.audit | |
| - name: Check for vulnerable dependencies # https://github.com/mirego/mix_audit | |
| run: mix_audit | |
| # CHANGEME: Replace the `run` line above with the `run` line below | |
| # run: mix deps.audit | |
| - name: Check format of Elixir code # https://hexdocs.pm/mix/main/Mix.Tasks.Format.html | |
| run: mix format --dry-run --check-formatted | |
| - name: Ensure the Elixir code compiles # https://hexdocs.pm/mix/Mix.Tasks.Compile.html | |
| run: mix compile --all-warnings --warning-as-errors | |
| - name: Lint Elixir code to enforce code consistency # Credo's strict analysis: https://hexdocs.pm/credo/basic_usage.html#strict-analysis | |
| run: credo --strict | |
| # CHANGEME: Replace the `run` line above with the `run` line below | |
| # run: mix credo --strict | |
| - name: Check Elixir code for security vulnerabilities # https://github.com/nccgroup/sobelow | |
| # `--private` is to prevent Sobelow from checking for updates, this is handled by Dependabot | |
| run: sobelow --private | |
| # CHANGEME: Replace the `run` line above with the `run` line below | |
| # run: mix sobelow --private | |
| # CHANGEME: Uncomment this step if the project uses Ecto, otherwise delete this step | |
| # - name: Verify database migrations and if they can fully rollback # https://hexdocs.pm/ecto_sql/Mix.Tasks.Ecto.Rollback.html | |
| # run: mix ecto.create && mix ecto.migrate && mix ecto.rollback --all | |
| - name: Run tests # https://hexdocs.pm/mix/Mix.Tasks.Test.html | |
| run: mix test |