.github/workflows/elixir.yml

name: Elixir CI

on:
  push:
  pull_request:
  schedule:
    - cron: '0 5 * * 1'

jobs:
  asdf:
    name: ASDF
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      # cache the ASDF directory, using the values from .tool-versions
      - name: ASDF cache
        uses: actions/cache@v3
        with:
          path: ~/.asdf
          key: ${{ runner.os }}-asdf-v3-${{ hashFiles('.tool-versions') }}
        id: asdf-cache
      # only run `asdf install` if we didn't hit the cache
      - uses: asdf-vm/actions/install@v1
        if: steps.asdf-cache.outputs.cache-hit != 'true'
      - run: |
          mix local.rebar --force
          mix local.hex --force
        if: steps.asdf-cache.outputs.cache-hit != 'true'


  build:
    name: Build and test
    runs-on: ubuntu-latest
    needs: asdf
    steps:
      - uses: actions/checkout@v3
      - name: ASDF cache
        uses: actions/cache@v3
        with:
          path: ~/.asdf
          key: ${{ runner.os }}-asdf-v3-${{ hashFiles('.tool-versions') }}
        id: asdf-cache
      - uses: mbta/actions/reshim-asdf@v1
      - name: Restore dependencies cache
        id: deps-cache
        uses: actions/cache@v3
        with:
          path: deps
          key: ${{ runner.os }}-mix-v2-${{ hashFiles('**/mix.lock') }}
          restore-keys: ${{ runner.os }}-mix-v2-
      - name: Install dependencies
        run: mix deps.get
      - name: Compile (warnings as errors)
        run: mix compile --force --warnings-as-errors
      - name: Check formatting
        run: mix format --check-formatted
      - name: Credo
        run: mix credo --strict
      - name: Run tests
        run: mix test --cover
      - name: Save PR information
        run: |
          echo "${{ github.event.pull_request.number }}" > cover/PR_NUMBER
          echo "${{ github.event.pull_request.head.sha }}" > cover/PR_SHA
        if: github.event.pull_request
      - name: Upload coverage artifact
        uses: actions/upload-artifact@v3
        with:
          name: elixir-lcov
          path: cover/
      - uses: mbta/actions/dialyzer@v1

  trivy:
    name: Trivy vulnerability scanner
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run Trivy vulnerability scanner in fs mode
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          scan-ref: '.'
          trivy-config: trivy.yml