chore: bump bandit from 1.6.1 to 1.6.2 #673
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Elixir CI | |
on: | |
push: | |
pull_request: | |
schedule: | |
- cron: '0 5 * * 1' | |
jobs: | |
asdf: | |
name: ASDF | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
# cache the ASDF directory, using the values from .tool-versions | |
- name: ASDF cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.asdf | |
key: ${{ runner.os }}-asdf-v3-${{ hashFiles('.tool-versions') }} | |
id: asdf-cache | |
# only run `asdf install` if we didn't hit the cache | |
- uses: asdf-vm/actions/install@v1 | |
if: steps.asdf-cache.outputs.cache-hit != 'true' | |
- run: | | |
mix local.rebar --force | |
mix local.hex --force | |
if: steps.asdf-cache.outputs.cache-hit != 'true' | |
build: | |
name: Build and test | |
runs-on: ubuntu-latest | |
needs: asdf | |
steps: | |
- uses: actions/checkout@v3 | |
- name: ASDF cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.asdf | |
key: ${{ runner.os }}-asdf-v3-${{ hashFiles('.tool-versions') }} | |
id: asdf-cache | |
- uses: mbta/actions/reshim-asdf@v1 | |
- name: Restore dependencies cache | |
id: deps-cache | |
uses: actions/cache@v3 | |
with: | |
path: deps | |
key: ${{ runner.os }}-mix-v2-${{ hashFiles('**/mix.lock') }} | |
restore-keys: ${{ runner.os }}-mix-v2- | |
- name: Install dependencies | |
run: mix deps.get | |
- name: Compile (warnings as errors) | |
run: mix compile --force --warnings-as-errors | |
- name: Check formatting | |
run: mix format --check-formatted | |
- name: Credo | |
run: mix credo --strict | |
- name: Run tests | |
run: mix test --cover | |
- name: Save PR information | |
run: | | |
echo "${{ github.event.pull_request.number }}" > cover/PR_NUMBER | |
echo "${{ github.event.pull_request.head.sha }}" > cover/PR_SHA | |
if: github.event.pull_request | |
- name: Upload coverage artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: elixir-lcov | |
path: cover/ | |
- uses: mbta/actions/dialyzer@v1 | |
trivy: | |
name: Trivy vulnerability scanner | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Run Trivy vulnerability scanner in fs mode | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'fs' | |
scan-ref: '.' | |
trivy-config: trivy.yml |