Curl detector #346
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR | |
on: | |
pull_request: | |
branches: | |
- main | |
types: | |
- opened | |
- reopened | |
- synchronize | |
jobs: | |
compile: | |
name: Install deps and compile | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- id: setup-beam | |
name: Set up Elixir | |
uses: erlef/setup-beam@v1 | |
with: | |
version-file: .tool-versions | |
version-type: strict | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
_build | |
deps | |
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix- | |
- name: Install Elixir dependencies | |
env: | |
MIX_ENV: test | |
run: mix deps.get | |
- name: Compile | |
env: | |
MIX_ENV: test | |
run: mix compile | |
credo: | |
needs: compile | |
name: Credo | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- id: setup-beam | |
name: Set up Elixir | |
uses: erlef/setup-beam@v1 | |
with: | |
version-file: .tool-versions | |
version-type: strict | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
_build | |
deps | |
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix- | |
- name: Check code style | |
env: | |
MIX_ENV: test | |
run: mix credo --strict | |
deps_audit: | |
needs: compile | |
name: Deps audit | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- id: setup-beam | |
name: Set up Elixir | |
uses: erlef/setup-beam@v1 | |
with: | |
version-file: .tool-versions | |
version-type: strict | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
_build | |
deps | |
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix- | |
- name: Check for vulnerable Mix dependencies | |
env: | |
MIX_ENV: test | |
run: mix deps.audit | |
dialyzer: | |
needs: compile | |
name: Dialyzer | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- id: setup-beam | |
name: Set up Elixir | |
uses: erlef/setup-beam@v1 | |
with: | |
version-file: .tool-versions | |
version-type: strict | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
_build | |
deps | |
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix- | |
- name: Restore PLT cache | |
uses: actions/cache@v3 | |
with: | |
path: priv/plts | |
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-plt-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-plt- | |
- name: Create PLTs | |
env: | |
MIX_ENV: test | |
run: mix dialyzer --plt | |
- name: Run dialyzer | |
env: | |
MIX_ENV: test | |
run: mix dialyzer | |
format: | |
needs: compile | |
name: Format | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- id: setup-beam | |
name: Set up Elixir | |
uses: erlef/setup-beam@v1 | |
with: | |
version-file: .tool-versions | |
version-type: strict | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
_build | |
deps | |
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix- | |
- name: Check Elixir formatting | |
env: | |
MIX_ENV: test | |
run: mix format --check-formatted | |
hex_audit: | |
needs: compile | |
name: Hex audit | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- id: setup-beam | |
name: Set up Elixir | |
uses: erlef/setup-beam@v1 | |
with: | |
version-file: .tool-versions | |
version-type: strict | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
_build | |
deps | |
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix- | |
- name: Check for retired Hex packages | |
env: | |
MIX_ENV: test | |
run: mix hex.audit | |
prettier: | |
name: Check formatting using Prettier | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Restore npm cache | |
uses: actions/cache@v3 | |
id: npm-cache | |
with: | |
path: node_modules | |
key: ${{ runner.os }}-prettier | |
- name: Install Prettier | |
if: steps.npm-cache.outputs.cache-hit != 'true' | |
run: npm i -D prettier prettier-plugin-toml | |
- name: Run Prettier | |
run: npx prettier -c . | |
sobelow: | |
needs: compile | |
name: Security check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- id: setup-beam | |
name: Set up Elixir | |
uses: erlef/setup-beam@v1 | |
with: | |
version-file: .tool-versions | |
version-type: strict | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
_build | |
deps | |
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix- | |
- name: Check for security issues using sobelow | |
env: | |
MIX_ENV: test | |
run: mix sobelow --config .sobelow-conf | |
test: | |
needs: compile | |
name: Test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- id: setup-beam | |
name: Set up Elixir | |
uses: erlef/setup-beam@v1 | |
with: | |
version-file: .tool-versions | |
version-type: strict | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
_build | |
deps | |
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix- | |
- name: Run tests | |
env: | |
MIX_ENV: test | |
run: mix test --cover --warnings-as-errors | |
unused_deps: | |
needs: compile | |
name: Check unused deps | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- id: setup-beam | |
name: Set up Elixir | |
uses: erlef/setup-beam@v1 | |
with: | |
version-file: .tool-versions | |
version-type: strict | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
_build | |
deps | |
key: ${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ steps.setup-beam.outputs.elixir-version }}-${{ steps.setup-beam.outputs.otp-version }}-mix- | |
- name: Check for unused Mix dependencies | |
env: | |
MIX_ENV: test | |
run: mix deps.unlock --check-unused | |
test_linux_bash: | |
name: Test Linux script with bash shell | |
runs-on: ubuntu-latest | |
env: | |
SHELL: /bin/bash | |
TZ: America/New_York | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Restore script result cache | |
uses: actions/cache@v3 | |
id: result_cache | |
with: | |
key: ${{ runner.os }}-bash-script-${{ hashFiles('test/scripts/script.exp') }}-${{ hashFiles('priv/script.sh') }} | |
path: priv/static/Linux.sh | |
- name: Install expect tool | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: sudo apt-get update && sudo apt-get install -y expect | |
- name: Remove mise config files | |
run: rm -f .mise.toml .tool-versions | |
- name: Test the script | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: cd test/scripts && expect script.exp Linux.sh | |
shell: /bin/bash -l {0} | |
- name: Generate an app and start the server | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: make -f test/scripts/Makefile serve | |
shell: /bin/bash -l {0} | |
- name: Check HTTP status code | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
uses: nick-fields/retry@v2 | |
with: | |
command: INPUT_SITES='["http://localhost:4000"]' INPUT_EXPECTED='[200]' ./test/scripts/check_status_code.sh | |
max_attempts: 7 | |
retry_wait_seconds: 5 | |
timeout_seconds: 1 | |
test_macos_bash: | |
name: Test macOS script with bash shell | |
runs-on: macos-latest | |
env: | |
SHELL: /bin/bash | |
TZ: America/New_York | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Restore script result cache | |
uses: actions/cache@v3 | |
id: result_cache | |
with: | |
key: ${{ runner.os }}-bash-script-${{ hashFiles('test/scripts/script.exp') }}-${{ hashFiles('priv/script.sh') }} | |
path: priv/static/macOS.sh | |
- name: Disable password prompt for macOS | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: 'sudo sed -i "" "s/%admin ALL = (ALL) ALL/%admin ALL = (ALL) NOPASSWD: ALL/g" /etc/sudoers' | |
- name: Install expect tool | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: brew install expect | |
- name: Remove mise config files | |
run: rm -f .mise.toml .tool-versions | |
- name: Test the script | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: cd test/scripts && expect script.exp macOS.sh | |
shell: /bin/bash -l {0} | |
- name: Generate an app and start the server | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: make -f test/scripts/Makefile serve | |
shell: /bin/bash -l {0} | |
- name: Check HTTP status code | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
uses: nick-fields/retry@v2 | |
with: | |
command: INPUT_SITES='["http://localhost:4000"]' INPUT_EXPECTED='[200]' ./test/scripts/check_status_code.sh | |
max_attempts: 7 | |
retry_wait_seconds: 5 | |
timeout_seconds: 1 | |
test_linux_zsh: | |
name: Test Linux script with zsh shell | |
runs-on: ubuntu-latest | |
env: | |
SHELL: /bin/zsh | |
TZ: America/New_York | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Restore script result cache | |
uses: actions/cache@v3 | |
id: result_cache | |
with: | |
key: ${{ runner.os }}-zsh-script-${{ hashFiles('test/scripts/script.exp') }}-${{ hashFiles('priv/script.sh') }} | |
path: priv/static/Linux.sh | |
- name: Install shell | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: sudo apt-get update && sudo apt-get install -y zsh | |
- name: Install expect tool | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: sudo apt-get update && sudo apt-get install -y expect | |
- name: Remove mise config files | |
run: rm -f .mise.toml .tool-versions | |
- name: Test the script | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: cd test/scripts && expect script.exp Linux.sh | |
shell: /bin/zsh -l {0} | |
- name: Generate an app and start the server | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: make -f test/scripts/Makefile serve | |
shell: /bin/zsh -l {0} | |
- name: Check HTTP status code | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
uses: nick-fields/retry@v2 | |
with: | |
command: INPUT_SITES='["http://localhost:4000"]' INPUT_EXPECTED='[200]' ./test/scripts/check_status_code.sh | |
max_attempts: 7 | |
retry_wait_seconds: 5 | |
timeout_seconds: 1 | |
test_macos_zsh: | |
name: Test macOS script with zsh shell | |
runs-on: macos-latest | |
env: | |
SHELL: /bin/zsh | |
TZ: America/New_York | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Restore script result cache | |
uses: actions/cache@v3 | |
id: result_cache | |
with: | |
key: ${{ runner.os }}-zsh-script-${{ hashFiles('test/scripts/script.exp') }}-${{ hashFiles('priv/script.sh') }} | |
path: priv/static/macOS.sh | |
- name: Install shell | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: brew install zsh | |
- name: Disable password prompt for macOS | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: 'sudo sed -i "" "s/%admin ALL = (ALL) ALL/%admin ALL = (ALL) NOPASSWD: ALL/g" /etc/sudoers' | |
- name: Install expect tool | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: brew install expect | |
- name: Remove mise config files | |
run: rm -f .mise.toml .tool-versions | |
- name: Test the script | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: cd test/scripts && expect script.exp macOS.sh | |
shell: /bin/zsh -l {0} | |
- name: Generate an app and start the server | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
run: make -f test/scripts/Makefile serve | |
shell: /bin/zsh -l {0} | |
- name: Check HTTP status code | |
if: steps.result_cache.outputs.cache-hit != 'true' | |
uses: nick-fields/retry@v2 | |
with: | |
command: INPUT_SITES='["http://localhost:4000"]' INPUT_EXPECTED='[200]' ./test/scripts/check_status_code.sh | |
max_attempts: 7 | |
retry_wait_seconds: 5 | |
timeout_seconds: 1 | |
deploy_preview_app: | |
name: Deploy preview app | |
needs: | |
- compile | |
- credo | |
- deps_audit | |
- dialyzer | |
- format | |
- hex_audit | |
- prettier | |
- sobelow | |
- test | |
- unused_deps | |
- test_linux_bash | |
- test_macos_bash | |
- test_linux_zsh | |
- test_macos_zsh | |
runs-on: ubuntu-latest | |
permissions: write-all | |
concurrency: | |
group: pr-${{ github.event.number }} | |
environment: | |
name: pr-${{ github.event.number }} | |
url: https://phx-tools-pr-${{ github.event.number }}.fly.dev | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Delete previous deployments | |
uses: strumwolf/[email protected] | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
environment: pr-${{ github.event.number }} | |
ref: ${{ github.head_ref }} | |
onlyRemoveDeployments: true | |
- name: Deploy preview app | |
uses: optimumBA/fly-preview-apps@main | |
env: | |
FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }} | |
FLY_ORG: optimum-bh | |
FLY_REGION: fra | |
PHX_HOST: phx-tools-pr-${{ github.event.number }}.fly.dev | |
REPO_NAME: phx_tools | |
with: | |
name: phx-tools-pr-${{ github.event.number }} | |
secrets: APPSIGNAL_APP_ENV=preview APPSIGNAL_PUSH_API_KEY=${{ secrets.APPSIGNAL_PUSH_API_KEY }} PHX_HOST=${{ env.PHX_HOST }} SECRET_KEY_BASE=${{ secrets.SECRET_KEY_BASE }} |