MixMachine - machine-readable output for Mix

Recently I have published new version of mix_unused and now there is new project that improves compilation of Elixir projects.

This is a library that provides new Mix command - mix compile.machine that, in addition to compiling your project as it was done by “regular” mix compile, will produce report file (by default report.json) that will contain report in one of the two supported formats:

  • SARIF - this is default
  • CodeClimate

This is useful, as SARIF is format used by GitHub Code Scanning feature, which will produce reports available from the GitHub “Security” tab. CodeClimate is format used by GitLab for similar purposes.

This works by utilising the diagnostics produced by different compilers, so as long as your additional compilers support this feature, these will be included in these reports. Tools that for sure support this feature are @sasajuric boundary and mentioned earlier mix_unused.

Disclaimer - I haven’t yet tested the GitLab, and I do not know how to setup automatic CI for that, as GitLab do not support CI pipelines for remote projects in their public service and I do not want to pay for the self-hosted version to just test that. I will test it in my side projects hosted on the GitLab, but for now there is no automatic testing. So unfortunately GitLab support currently is a little bit second class.


This looks great!

Do you have an example of how to use this with GitHub Actions?

1 Like

Yeah, sure. I am still working on the documentation (PRs are welcome). The example is exactly in the same repo (just not properly documented) as it is used for testing whether the SARIF output is properly ingested by GitHub. Whole process is as simple as replacing mix compile with mix compile.machine and then using github/codeql-action/upload-sarif@v1:

    - name: Compile
      run: mix compile.machine
    - uses: github/codeql-action/upload-sarif@v1
        sarif_file: report.json
1 Like

Created a PR!