MixMachine - machine-readable output for Mix

hauleth · September 28, 2021, 6:47pm

Recently I have published new version of mix_unused and now there is new project that improves compilation of Elixir projects.

This is a library that provides new Mix command - mix compile.machine that, in addition to compiling your project as it was done by “regular” mix compile, will produce report file (by default report.json) that will contain report in one of the two supported formats:

SARIF - this is default
CodeClimate

This is useful, as SARIF is format used by GitHub Code Scanning feature, which will produce reports available from the GitHub “Security” tab. CodeClimate is format used by GitLab for similar purposes.

This works by utilising the diagnostics produced by different compilers, so as long as your additional compilers support this feature, these will be included in these reports. Tools that for sure support this feature are @sasajuric boundary and mentioned earlier mix_unused.

Disclaimer - I haven’t yet tested the GitLab, and I do not know how to setup automatic CI for that, as GitLab do not support CI pipelines for remote projects in their public service and I do not want to pay for the self-hosted version to just test that. I will test it in my side projects hosted on the GitLab, but for now there is no automatic testing. So unfortunately GitLab support currently is a little bit second class.

axelson · September 29, 2021, 12:03am

This looks great!

Do you have an example of how to use this with GitHub Actions?

hauleth · September 29, 2021, 6:59am

Yeah, sure. I am still working on the documentation (PRs are welcome). The example is exactly in the same repo (just not properly documented) as it is used for testing whether the SARIF output is properly ingested by GitHub. Whole process is as simple as replacing mix compile with mix compile.machine and then using github/codeql-action/upload-sarif@v1:

    - name: Compile
      run: mix compile.machine
    - uses: github/codeql-action/upload-sarif@v1
      with:
        sarif_file: report.json

github.com

hauleth/mix_machine/blob/3901b6b82dd33e6f09912a0de6f8854933878ec5/.github/workflows/elixir.yml#L37-L68

    
      
          serif-test:
            name: Try to upload Serif report
            runs-on: ubuntu-latest
            strategy:
              matrix:
                otp_version: ['24.0', '23.3', '22.3']
                elixir_version: ['1.10.3', '1.11.4', '1.12.1']
                rebar3_version: ['3.15.2']
                project: ['example_a']
            steps:
            - uses: actions/checkout@v2
            - name: Set up Elixir
              uses: erlef/setup-beam@v1
              with:
                otp-version: ${{ matrix.otp_version }}
                elixir-version: ${{ matrix.elixir_version }}
                rebar3-version: ${{ matrix.rebar3_version }}
            - name: Restore dependencies cache
              uses: actions/cache@v2
              with:

This file has been truncated. show original

axelson · November 27, 2021, 3:09am

Created a PR!