From fff38a5364346dd21bb8863a8002cee3db3c3e75 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 21 Aug 2024 17:00:20 +0000 Subject: [PATCH] chore: sync files with stordco/common-config-elixir --- .credo.exs | 2 +- ...json => release-please-config-stable.json} | 9 +++-- .github/workflows/ci.yaml | 35 ++++++++++++++++++- .github/workflows/pr.yaml | 7 ++-- .github/workflows/release.yaml | 4 +-- .github/workflows/staging.yaml | 3 ++ .trivy/fs-config.yaml | 18 ++++++++++ 7 files changed, 69 insertions(+), 9 deletions(-) rename .github/{release-please-config.json => release-please-config-stable.json} (86%) create mode 100644 .trivy/fs-config.yaml diff --git a/.credo.exs b/.credo.exs index c8cec3f..4dd304d 100644 --- a/.credo.exs +++ b/.credo.exs @@ -81,7 +81,7 @@ # You can customize the priority of any check # Priority values are: `low, normal, high, higher` # - {Credo.Check.Design.AliasUsage, [priority: :low, if_nested_deeper_than: 2, if_called_more_often_than: 2]}, + {Credo.Check.Design.AliasUsage, [priority: :low, if_nested_deeper_than: 4, if_called_more_often_than: 2]}, {Credo.Check.Design.DuplicatedCode, false}, # You can also customize the exit_status of each check. # If you don't want TODO comments to cause `mix credo` to fail, just diff --git a/.github/release-please-config.json b/.github/release-please-config-stable.json similarity index 86% rename from .github/release-please-config.json rename to .github/release-please-config-stable.json index c90be46..8461d98 100644 --- a/.github/release-please-config.json +++ b/.github/release-please-config-stable.json @@ -7,6 +7,11 @@ "section": "Features", "hidden": false }, + { + "type": "hotfix", + "section": "Hotfixes", + "hidden": true + }, { "type": "fix", "section": "Bug Fixes", @@ -22,9 +27,7 @@ "draft-pull-request": false, "packages": { ".": { - "extra-files": [ - "README.md" - ], + "extra-files": ["README.md"], "release-type": "elixir" } }, diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 111c00a..4b5c23a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -46,7 +46,7 @@ jobs: - id: changed name: Get Changed Files - uses: tj-actions/changed-files@v43 + uses: tj-actions/changed-files@v44 with: files_yaml: | database: @@ -56,6 +56,7 @@ jobs: - '.github/workflows/ci.yaml' - 'Dockerfile' documentation: + - 'docs/**' - 'priv/documentation/**' - '**.ex' - '**.md' @@ -97,6 +98,9 @@ jobs: needs: [Changed] runs-on: ubuntu-latest + env: + MIX_ENV: test + steps: - name: Checkout uses: actions/checkout@v4 @@ -214,3 +218,32 @@ jobs: - elixir: 1.15 otp: 26 + Trivy_Filesystem: + if: ${{ !startsWith(github.head_ref, 'release-please--branches') }} + name: Trivy Filesystem Scan + runs-on: ubuntu-latest + + permissions: + contents: read + id-token: write + pull-requests: write + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Elixir + uses: stordco/actions-elixir/setup@v1 + with: + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + hex-token: ${{ secrets.HEX_API_KEY }} + oban-fingerprint: ${{ secrets.OBAN_KEY_FINGERPRINT }} + oban-token: ${{ secrets.OBAN_LICENSE_KEY }} + + - name: Trivy Scan + uses: stordco/actions-trivy@v1.1.1 + with: + github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + scan-type: fs + slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }} + diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 13c604c..3371db3 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -30,7 +30,7 @@ jobs: return; } - const REGEX = /^(feat!|fix!|fix|feat|chore|(fix|feat|chore)\(\w.*\)):\s(\[\w{1,8}-\d{1,8}\]|.*).*/; + const REGEX = /^(feat!|fix!|hotfix!|fix|feat|chore|hotfix|(fix|feat|chore|hotfix)\(\w.*\)):\s(\[\w{1,8}-\d{1,8}\]|.*).*/; if (!REGEX.test(title)) { core.setFailed("Pull request title does not follow conventional commits"); @@ -43,7 +43,10 @@ jobs: fix: [JIRA-1234] fix an existing feature feat: [JIRA-1234] a new feature to release feat!: a breaking change + hotfix: needed in production immediately - Note: Adding ! (i.e. \`feat!:\`) represents a breaking change and will result in a SemVer major release. + Adding ! (i.e. \`feat!:\`) represents a breaking change and will result in a SemVer major release. + + Starting a commit with \`hotfix\` will result in a seperate hotfix release PR. `.trim()); } diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8d1a041..95b675b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,7 +12,7 @@ concurrency: cancel-in-progress: false jobs: - Please: + Stable: runs-on: ubuntu-latest steps: @@ -20,7 +20,7 @@ jobs: name: Release uses: googleapis/release-please-action@v4 with: - config-file: .github/release-please-config.json + config-file: .github/release-please-config-stable.json manifest-file: .github/release-please-manifest.json target-branch: main token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} diff --git a/.github/workflows/staging.yaml b/.github/workflows/staging.yaml index 862401c..8be32c3 100644 --- a/.github/workflows/staging.yaml +++ b/.github/workflows/staging.yaml @@ -26,6 +26,9 @@ jobs: runs-on: ubuntu-latest + env: + MIX_ENV: test + steps: - name: Checkout uses: actions/checkout@v4 diff --git a/.trivy/fs-config.yaml b/.trivy/fs-config.yaml new file mode 100644 index 0000000..c9b8366 --- /dev/null +++ b/.trivy/fs-config.yaml @@ -0,0 +1,18 @@ +# This file is synced with stordco/common-config-elixir. Any changes will be overwritten. + +exit-code: '1' +format: 'json' +output: 'trivy-fs-results.json' +scanners: + - vuln +severity: + - CRITICAL + - HIGH + - MEDIUM + - LOW + - UNKNOWN +timeout: '3m' +vulnerability: + type: + - os + - library