Skip to content

Curl detector

Curl detector #346

Workflow file for this run

name: PR
on:
pull_request:
branches:
- main
types:
- opened
- reopened
- synchronize
jobs:
compile:
name: Install deps and compile
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- id: setup-beam
name: Set up Elixir
uses: erlef/setup-beam@v1
with:
version-file: .tool-versions
version-type: strict
- uses: actions/cache@v3
with:
path: |
_build
deps
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-
- name: Install Elixir dependencies
env:
MIX_ENV: test
run: mix deps.get
- name: Compile
env:
MIX_ENV: test
run: mix compile
credo:
needs: compile
name: Credo
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- id: setup-beam
name: Set up Elixir
uses: erlef/setup-beam@v1
with:
version-file: .tool-versions
version-type: strict
- uses: actions/cache@v3
with:
path: |
_build
deps
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-
- name: Check code style
env:
MIX_ENV: test
run: mix credo --strict
deps_audit:
needs: compile
name: Deps audit
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- id: setup-beam
name: Set up Elixir
uses: erlef/setup-beam@v1
with:
version-file: .tool-versions
version-type: strict
- uses: actions/cache@v3
with:
path: |
_build
deps
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-
- name: Check for vulnerable Mix dependencies
env:
MIX_ENV: test
run: mix deps.audit
dialyzer:
needs: compile
name: Dialyzer
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- id: setup-beam
name: Set up Elixir
uses: erlef/setup-beam@v1
with:
version-file: .tool-versions
version-type: strict
- uses: actions/cache@v3
with:
path: |
_build
deps
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-
- name: Restore PLT cache
uses: actions/cache@v3
with:
path: priv/plts
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-plt-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-plt-
- name: Create PLTs
env:
MIX_ENV: test
run: mix dialyzer --plt
- name: Run dialyzer
env:
MIX_ENV: test
run: mix dialyzer
format:
needs: compile
name: Format
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- id: setup-beam
name: Set up Elixir
uses: erlef/setup-beam@v1
with:
version-file: .tool-versions
version-type: strict
- uses: actions/cache@v3
with:
path: |
_build
deps
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-
- name: Check Elixir formatting
env:
MIX_ENV: test
run: mix format --check-formatted
hex_audit:
needs: compile
name: Hex audit
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- id: setup-beam
name: Set up Elixir
uses: erlef/setup-beam@v1
with:
version-file: .tool-versions
version-type: strict
- uses: actions/cache@v3
with:
path: |
_build
deps
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-
- name: Check for retired Hex packages
env:
MIX_ENV: test
run: mix hex.audit
prettier:
name: Check formatting using Prettier
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Restore npm cache
uses: actions/cache@v3
id: npm-cache
with:
path: node_modules
key: ${{ runner.os }}-prettier
- name: Install Prettier
if: steps.npm-cache.outputs.cache-hit != 'true'
run: npm i -D prettier prettier-plugin-toml
- name: Run Prettier
run: npx prettier -c .
sobelow:
needs: compile
name: Security check
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- id: setup-beam
name: Set up Elixir
uses: erlef/setup-beam@v1
with:
version-file: .tool-versions
version-type: strict
- uses: actions/cache@v3
with:
path: |
_build
deps
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-
- name: Check for security issues using sobelow
env:
MIX_ENV: test
run: mix sobelow --config .sobelow-conf
test:
needs: compile
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- id: setup-beam
name: Set up Elixir
uses: erlef/setup-beam@v1
with:
version-file: .tool-versions
version-type: strict
- uses: actions/cache@v3
with:
path: |
_build
deps
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-
- name: Run tests
env:
MIX_ENV: test
run: mix test --cover --warnings-as-errors
unused_deps:
needs: compile
name: Check unused deps
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- id: setup-beam
name: Set up Elixir
uses: erlef/setup-beam@v1
with:
version-file: .tool-versions
version-type: strict
- uses: actions/cache@v3
with:
path: |
_build
deps
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-
- name: Check for unused Mix dependencies
env:
MIX_ENV: test
run: mix deps.unlock --check-unused
test_linux_bash:
name: Test Linux script with bash shell
runs-on: ubuntu-latest
env:
SHELL: /bin/bash
TZ: America/New_York
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Restore script result cache
uses: actions/cache@v3
id: result_cache
with:
key: ${{ runner.os }}-bash-script-${{ hashFiles('test/scripts/script.exp') }}-${{ hashFiles('priv/script.sh') }}
path: priv/static/Linux.sh
- name: Install expect tool
if: steps.result_cache.outputs.cache-hit != 'true'
run: sudo apt-get update && sudo apt-get install -y expect
- name: Remove mise config files
run: rm -f .mise.toml .tool-versions
- name: Test the script
if: steps.result_cache.outputs.cache-hit != 'true'
run: cd test/scripts && expect script.exp Linux.sh
shell: /bin/bash -l {0}
- name: Generate an app and start the server
if: steps.result_cache.outputs.cache-hit != 'true'
run: make -f test/scripts/Makefile serve
shell: /bin/bash -l {0}
- name: Check HTTP status code
if: steps.result_cache.outputs.cache-hit != 'true'
uses: nick-fields/retry@v2
with:
command: INPUT_SITES='["http://localhost:4000"]' INPUT_EXPECTED='[200]' ./test/scripts/check_status_code.sh
max_attempts: 7
retry_wait_seconds: 5
timeout_seconds: 1
test_macos_bash:
name: Test macOS script with bash shell
runs-on: macos-latest
env:
SHELL: /bin/bash
TZ: America/New_York
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Restore script result cache
uses: actions/cache@v3
id: result_cache
with:
key: ${{ runner.os }}-bash-script-${{ hashFiles('test/scripts/script.exp') }}-${{ hashFiles('priv/script.sh') }}
path: priv/static/macOS.sh
- name: Disable password prompt for macOS
if: steps.result_cache.outputs.cache-hit != 'true'
run: 'sudo sed -i "" "s/%admin ALL = (ALL) ALL/%admin ALL = (ALL) NOPASSWD: ALL/g" /etc/sudoers'
- name: Install expect tool
if: steps.result_cache.outputs.cache-hit != 'true'
run: brew install expect
- name: Remove mise config files
run: rm -f .mise.toml .tool-versions
- name: Test the script
if: steps.result_cache.outputs.cache-hit != 'true'
run: cd test/scripts && expect script.exp macOS.sh
shell: /bin/bash -l {0}
- name: Generate an app and start the server
if: steps.result_cache.outputs.cache-hit != 'true'
run: make -f test/scripts/Makefile serve
shell: /bin/bash -l {0}
- name: Check HTTP status code
if: steps.result_cache.outputs.cache-hit != 'true'
uses: nick-fields/retry@v2
with:
command: INPUT_SITES='["http://localhost:4000"]' INPUT_EXPECTED='[200]' ./test/scripts/check_status_code.sh
max_attempts: 7
retry_wait_seconds: 5
timeout_seconds: 1
test_linux_zsh:
name: Test Linux script with zsh shell
runs-on: ubuntu-latest
env:
SHELL: /bin/zsh
TZ: America/New_York
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Restore script result cache
uses: actions/cache@v3
id: result_cache
with:
key: ${{ runner.os }}-zsh-script-${{ hashFiles('test/scripts/script.exp') }}-${{ hashFiles('priv/script.sh') }}
path: priv/static/Linux.sh
- name: Install shell
if: steps.result_cache.outputs.cache-hit != 'true'
run: sudo apt-get update && sudo apt-get install -y zsh
- name: Install expect tool
if: steps.result_cache.outputs.cache-hit != 'true'
run: sudo apt-get update && sudo apt-get install -y expect
- name: Remove mise config files
run: rm -f .mise.toml .tool-versions
- name: Test the script
if: steps.result_cache.outputs.cache-hit != 'true'
run: cd test/scripts && expect script.exp Linux.sh
shell: /bin/zsh -l {0}
- name: Generate an app and start the server
if: steps.result_cache.outputs.cache-hit != 'true'
run: make -f test/scripts/Makefile serve
shell: /bin/zsh -l {0}
- name: Check HTTP status code
if: steps.result_cache.outputs.cache-hit != 'true'
uses: nick-fields/retry@v2
with:
command: INPUT_SITES='["http://localhost:4000"]' INPUT_EXPECTED='[200]' ./test/scripts/check_status_code.sh
max_attempts: 7
retry_wait_seconds: 5
timeout_seconds: 1
test_macos_zsh:
name: Test macOS script with zsh shell
runs-on: macos-latest
env:
SHELL: /bin/zsh
TZ: America/New_York
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Restore script result cache
uses: actions/cache@v3
id: result_cache
with:
key: ${{ runner.os }}-zsh-script-${{ hashFiles('test/scripts/script.exp') }}-${{ hashFiles('priv/script.sh') }}
path: priv/static/macOS.sh
- name: Install shell
if: steps.result_cache.outputs.cache-hit != 'true'
run: brew install zsh
- name: Disable password prompt for macOS
if: steps.result_cache.outputs.cache-hit != 'true'
run: 'sudo sed -i "" "s/%admin ALL = (ALL) ALL/%admin ALL = (ALL) NOPASSWD: ALL/g" /etc/sudoers'
- name: Install expect tool
if: steps.result_cache.outputs.cache-hit != 'true'
run: brew install expect
- name: Remove mise config files
run: rm -f .mise.toml .tool-versions
- name: Test the script
if: steps.result_cache.outputs.cache-hit != 'true'
run: cd test/scripts && expect script.exp macOS.sh
shell: /bin/zsh -l {0}
- name: Generate an app and start the server
if: steps.result_cache.outputs.cache-hit != 'true'
run: make -f test/scripts/Makefile serve
shell: /bin/zsh -l {0}
- name: Check HTTP status code
if: steps.result_cache.outputs.cache-hit != 'true'
uses: nick-fields/retry@v2
with:
command: INPUT_SITES='["http://localhost:4000"]' INPUT_EXPECTED='[200]' ./test/scripts/check_status_code.sh
max_attempts: 7
retry_wait_seconds: 5
timeout_seconds: 1
deploy_preview_app:
name: Deploy preview app
needs:
- compile
- credo
- deps_audit
- dialyzer
- format
- hex_audit
- prettier
- sobelow
- test
- unused_deps
- test_linux_bash
- test_macos_bash
- test_linux_zsh
- test_macos_zsh
runs-on: ubuntu-latest
permissions: write-all
concurrency:
group: pr-${{ github.event.number }}
environment:
name: pr-${{ github.event.number }}
url: https://phx-tools-pr-${{ github.event.number }}.fly.dev
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Delete previous deployments
uses: strumwolf/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
environment: pr-${{ github.event.number }}
ref: ${{ github.head_ref }}
onlyRemoveDeployments: true
- name: Deploy preview app
uses: optimumBA/fly-preview-apps@main
env:
FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
FLY_ORG: optimum-bh
FLY_REGION: fra
PHX_HOST: phx-tools-pr-${{ github.event.number }}.fly.dev
REPO_NAME: phx_tools
with:
name: phx-tools-pr-${{ github.event.number }}
secrets: APPSIGNAL_APP_ENV=preview APPSIGNAL_PUSH_API_KEY=${{ secrets.APPSIGNAL_PUSH_API_KEY }} PHX_HOST=${{ env.PHX_HOST }} SECRET_KEY_BASE=${{ secrets.SECRET_KEY_BASE }}