chore: modernise the repository a bit (#18)

* Pin specific versions and help Renovate

This way it's easier for us to reason on the updates
semantically.

* Add a few "good practice" compiler warnings

As per https://github.com/kivra/erlang_template

* "Temporarily" prevent jose's deprecation warning from compiling self

* Add `dialyzer` options

* Act on dialyzer's `unmatched_returns`

* Prevent Dialyzer's "Unknown function jsx:decode"

... while applying the good practice to list
all deps under .app.src

* xref: stop caring about "unused exports"

It's either this or flagging all "interface API" functions
as -ignore_xref, which is potentially more difficult to
maintain. Choices (?)

* Enable test coverage

* Don't fight Elvis on this (work around it)

If we fix for Elvis we get a compiler warning

* Fix compiler warnings

* Act on CI results: fix for `rebar3_lint`

* Own it

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# the project is owned by the platform team
+* @kivra/platform-team

rebar.config

@@ -1,4 +1,21 @@
-{erl_opts, [debug_info]}.
+{erl_opts, [
+ debug_info,
+ warnings_as_errors,
+ warn_export_vars,
+ warn_unused_import,
+ warn_keywords
+]}.
+
+{dialyzer, [
+ {plt_apps, all_deps},
+ incremental,
+ {warnings, [unmatched_returns]}
+]}.
+
+{overrides, [
+ {override, jose, [{erl_opts, [debug_info, no_warnings_as_errors]}]}
+]}.
+
 {deps, [ {jsx, {git, "https://github.com/talentdeficit/jsx.git" , {tag, "v3.1.0"}}}
  , {jose, {git, "https://github.com/potatosalad/erlang-jose.git" , {tag, "1.11.5"}}}
  , {hackney, {git, "https://github.com/benoitc/hackney.git" , {tag, "1.18.0"}}}
@@ -15,9 +32,19 @@
 
 {profiles,
  [{test, [
+ {cover_enabled, true},
+ {cover_opts, [verbose]},
  {erl_opts, [nowarn_export_all]},
- {deps, [ proper
+ {deps, [ {proper, "1.4.0"}
  , {meck, "0.8.13"}
  ]}
  ]}
 ]}.
+
+{xref_checks, [
+ undefined_function_calls,
+ undefined_functions,
+ locals_not_used,
+ deprecated_function_calls,
+ deprecated_functions
+]}.

src/ets_pubkeys_storage.erl

@@ -34,7 +34,7 @@ put(#{<<"kid">> := Kid} = Key) ->
 
 %% gen_server callbacks
 init(A) ->
- ets:new(?MODULE, ?ETS_OPTIONS),
+ ?MODULE = ets:new(?MODULE, ?ETS_OPTIONS),
  {ok, A}.
 handle_call(_, _, S) -> {noreply, S}.
 handle_cast(_, S) -> {noreply, S}.

src/id_token.app.src

@@ -7,7 +7,8 @@
  [kernel,
  stdlib,
  hackney,
- jose
+ jose,
+ jsx
  ]},
  {env,[]},
  {modules, []},

src/id_token_provider.erl

@@ -46,7 +46,7 @@ add_provider(Name, Uri) ->
 %%% gen_server callbacks
 %%%===================================================================
 init([]) ->
- ets:new(?ID_TOKEN_CACHE, ?ETS_OPTIONS),
+ ?ID_TOKEN_CACHE = ets:new(?ID_TOKEN_CACHE, ?ETS_OPTIONS),
  Providers = id_token_jwks:get_providers(),
  lists:foreach(fun add_provider/1, Providers),
  case application:get_env(id_token, async_revalidate, false) of
@@ -79,7 +79,7 @@ handle_info({refresh, Provider}, State) ->
  %% the price and re-initiate async_revalidate-loop after 10 seconds
  10_000
  end,
- timer:send_after(Delay, self(), {refresh, Provider}),
+ {ok, _} = timer:send_after(Delay, self(), {refresh, Provider}),
  {noreply, State}.
 
 maybe_refresh(Provider, #{force_refresh := true}) ->

src/id_token_pubkeys_storage.erl

@@ -28,7 +28,7 @@
 -define(call_callback(Args),
  begin
  Mod = ?BACKEND,
- code:ensure_loaded(Mod),
+ _ = code:ensure_loaded(Mod),
  case erlang:function_exported(Mod, ?FUNCTION_NAME, ?FUNCTION_ARITY) of
  true -> erlang:apply(Mod, ?FUNCTION_NAME, Args);
  false -> {error, not_exported}

src/id_token_sign.erl

@@ -46,7 +46,7 @@ add_key_for(Alg, Options) ->
 %%%===================================================================
 init([]) ->
  id_token_pubkeys_storage:start(),
- ets:new(?MODULE, ?ETS_OPTIONS),
+ ?MODULE = ets:new(?MODULE, ?ETS_OPTIONS),
  SignKeys = application:get_env(id_token, sign_keys, []),
  Timers = lists:sort([put_key_for(Alg, Opts) || {Alg, Opts} <- SignKeys]),
  {ok, Timers, timeout(Timers)}.

test/prop_id_token_jwt.erl

@@ -10,6 +10,8 @@
  <<"RS256">>, <<"RS384">>, <<"RS512">>,
  <<"ES256">>, <<"ES384">>, <<"ES512">>]).
 
+-elvis([{elvis_style, used_ignored_variable, disable}]).
+
 %%%%%%%%%%%%%%%%%%%%
 %%% Eunit runner %%%
 %%%%%%%%%%%%%%%%%%%%
@@ -38,7 +40,7 @@ prop_valid_signature() ->
  end).
 
 prop_invalid_signature() ->
- ?FORALL({{JWK, PublicKeyMap}, {OtherJWK, OtherPublicKeyMap}, Claims},
+ ?FORALL({{JWK, _PublicKeyMap}, {OtherJWK, OtherPublicKeyMap}, Claims},
  {key_pair(), key_pair(), jwt_claims()},
  begin
  #jose_jwk{fields = OtherFields} = OtherJWK,
@@ -49,7 +51,7 @@ prop_invalid_signature() ->
  end).
 
 prop_no_matching_key() ->
- ?FORALL({[{JWK, PublicKeyMap} | OtherKeys], Claims},
+ ?FORALL({[{JWK, _PublicKeyMap} | OtherKeys], Claims},
  {non_empty(list(key_pair())), jwt_claims()},
  begin
  JWT = id_token_jws:sign(Claims, JWK),

test/prop_id_token_sign.erl

@@ -15,12 +15,12 @@
 %%%%%%%%%%%%%%%%%%%%
 eunit_test_() ->
  Opts = [{numtests, 30}],
- ?_assert(proper:quickcheck(prop_test(), Opts)).
+ ?_assert(proper:quickcheck(prop_test2(), Opts)).
 
 %%%%%%%%%%%%%%%%%%
 %%% PROPERTIES %%%
 %%%%%%%%%%%%%%%%%%
-prop_test() ->
+prop_test2() ->
  ?FORALL(Cmds, commands(?MODULE),
  begin
  id_token_sign:start_link(),

test/prop_pubkeys_storage.erl

@@ -11,12 +11,12 @@
 %%%%%%%%%%%%%%%%%%%%
 eunit_test_() ->
  Opts = [{numtests, 30}],
- ?_assert(proper:quickcheck(prop_test(), Opts)).
+ ?_assert(proper:quickcheck(prop_test1(), Opts)).
 
 %%%%%%%%%%%%%%%%%%
 %%% PROPERTIES %%%
 %%%%%%%%%%%%%%%%%%
-prop_test() ->
+prop_test1() ->
  ?FORALL(Cmds, commands(?MODULE),
  begin
  id_token_pubkeys_storage:start(),
@@ -54,7 +54,7 @@ postcondition(State, {call, _Mod, get_all, _Args}, {ok, Res}) ->
  lists:sort(maps:values(State)) =:= lists:sort(Res);
 postcondition(State, {call, _Mod, get, [Kid]}, Res) ->
  case {maps:find(Kid, State), Res} of
- {{ok, _V}, {ok, _V}} -> true;
+ {{ok, V}, {ok, V}} -> true;
  {error, {error, not_found}} -> true;
  _ -> false
  end;