ci(drone): run full test suite on main, tags and promote

.drone.jsonnet

@@ -0,0 +1,169 @@
+local elixir = 'docker.io/library/elixir:1.18.3-otp-27';
+local postgres_image = 'docker.io/library/postgres:18.3';
+
+local pg_service = {
+  name: 'postgres',
+  image: postgres_image,
+  environment: {
+    POSTGRES_USER: 'postgres',
+    POSTGRES_PASSWORD: 'postgres',
+  },
+};
+
+local cache_volume = { name: 'cache', host: { path: '/tmp/drone_cache' } };
+local cache_mount = [{ name: 'cache', path: '/cache' }];
+
+local step_compute_cache = {
+  name: 'compute cache key',
+  image: elixir,
+  commands: [
+    "mix_lock_hash=$(sha256sum mix.lock | cut -d ' ' -f 1)",
+    'echo "$DRONE_REPO_OWNER/$DRONE_REPO_NAME/$mix_lock_hash" >> .cache_key',
+    // Print cache key for debugging
+    'cat .cache_key',
+  ],
+};
+
+local step_restore_cache = {
+  name: 'restore-cache',
+  image: 'drillster/drone-volume-cache',
+  settings: { restore: true, mount: ['./deps', './_build'], ttl: 30 },
+  volumes: cache_mount,
+};
+
+local step_lint = {
+  name: 'lint',
+  image: elixir,
+  commands: [
+    'mix local.hex --force',           // Install hex package manager
+    'mix deps.get',                     // Fetch dependencies
+    'mix compile --warnings-as-errors', // Check for compilation errors & warnings
+    'mix format --check-formatted',     // Check formatting
+    'mix sobelow --config',             // Security checks
+    'mix deps.audit --ignore-file .deps_audit_ignore',  // Known vulnerabilities
+    'mix hex.audit',                    // Unmaintained dependencies
+    'mix credo --strict',               // Code quality hints
+    'mix gettext.extract --check-up-to-date',  // Translations up to date
+  ],
+};
+
+local step_wait_postgres = {
+  name: 'wait_for_postgres',
+  image: postgres_image,
+  commands: [
+    |||
+      for i in {1..20}; do
+        if pg_isready -h postgres -U postgres; then
+          exit 0
+        else
+          true
+        fi
+        sleep 2
+      done
+      echo "Postgres did not become available, aborting."
+      exit 1
+    |||,
+  ],
+};
+
+local step_rebuild_cache = {
+  name: 'rebuild-cache',
+  image: 'drillster/drone-volume-cache',
+  settings: { rebuild: true, mount: ['./deps', './_build'] },
+  volumes: cache_mount,
+};
+
+// test_cmd is the only thing that differs between the fast and full suites.
+local test_step(name, test_cmd) = {
+  name: name,
+  image: elixir,
+  environment: {
+    MIX_ENV: 'test',
+    TEST_POSTGRES_HOST: 'postgres',
+    TEST_POSTGRES_PORT: '5432',
+  },
+  commands: ['mix local.hex --force', 'mix deps.get', test_cmd],
+};
+
+local test_fast = test_step('test-fast', 'mix test --exclude slow --exclude ui --max-cases 2');
+local test_all = test_step('test-all', 'mix test');
+
+// A full check pipeline: identical steps, only name + trigger + test step vary.
+local check_pipeline(name, trigger, test) = {
+  kind: 'pipeline',
+  type: 'docker',
+  name: name,
+  services: [pg_service],
+  trigger: trigger,
+  steps: [
+    step_compute_cache,
+    step_restore_cache,
+    step_lint,
+    step_wait_postgres,
+    test,
+    step_rebuild_cache,
+  ],
+  volumes: [cache_volume],
+};
+
+local docker_publish(name, extra_settings, trigger_event, deps) = {
+  kind: 'pipeline',
+  type: 'docker',
+  name: name,
+  trigger: trigger_event,
+  steps: [{
+    name: 'build-and-publish-container' + (if name == 'build-and-publish' then '-branch' else ''),
+    image: 'plugins/docker',
+    settings: {
+      registry: 'git.local-it.org',
+      repo: 'git.local-it.org/local-it/mitgliederverwaltung',
+      username: { from_secret: 'DRONE_REGISTRY_USERNAME' },
+      password: { from_secret: 'DRONE_REGISTRY_TOKEN' },
+    } + extra_settings,
+    when: trigger_event,
+  }],
+  depends_on: deps,
+};
+
+[
+  check_pipeline('check-fast', { branch: { exclude: ['main'] }, event: ['push'] }, test_fast),
+  check_pipeline('check-full', { branch: ['main'], event: ['push'] }, test_all),
+  check_pipeline('check-full-promote', { event: ['promote'], target: ['production'] }, test_all),
+  check_pipeline('check-full-tag', { event: ['tag'] }, test_all),
+
+  docker_publish(
+    'build-and-publish',
+    { tags: ['latest', '${DRONE_COMMIT_SHA:0:8}'] },
+    { branch: ['main'], event: ['push'] },
+    ['check-full'],
+  ),
+  docker_publish(
+    'build-and-release',
+    { auto_tag: true },
+    { event: ['tag'] },
+    ['check-full-tag'],
+  ),
+
+  {
+    kind: 'pipeline',
+    type: 'docker',
+    name: 'renovate',
+    trigger: { event: ['cron', 'custom'], branch: ['main'] },
+    environment: { LOG_LEVEL: 'debug' },
+    steps: [{
+      name: 'renovate',
+      image: 'renovate/renovate:43.165',
+      environment: {
+        RENOVATE_CONFIG_FILE: 'renovate_backend_config.js',
+        RENOVATE_TOKEN: { from_secret: 'RENOVATE_TOKEN' },
+        GITHUB_COM_TOKEN: { from_secret: 'GITHUB_COM_TOKEN' },
+      },
+      commands: [
+        // https://github.com/renovatebot/renovate/discussions/15049
+        'unset GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL',
+        'renovate-config-validator',
+        'renovate',
+      ],
+    }],
+  },
+]

.drone.yml

@@ -1,298 +0,0 @@
-kind: pipeline
-type: docker
-name: check-fast
-
-services:
-  - name: postgres
-    image: docker.io/library/postgres:18.3
-    environment:
-      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD: postgres
-
-trigger:
-  event:
-    - push
-
-steps:
-  - name: compute cache key
-    image: docker.io/library/elixir:1.18.3-otp-27
-    commands:
-      - mix_lock_hash=$(sha256sum mix.lock | cut -d ' ' -f 1)
-      - echo "$DRONE_REPO_OWNER/$DRONE_REPO_NAME/$mix_lock_hash" >> .cache_key
-      # Print cache key for debugging
-      - cat .cache_key
-
-  - name: restore-cache
-    image: drillster/drone-volume-cache
-    settings:
-      restore: true
-      mount:
-        - ./deps
-        - ./_build
-      ttl: 30
-    volumes:
-      - name: cache
-        path: /cache
-
-  - name: lint
-    image: docker.io/library/elixir:1.18.3-otp-27
-    commands:
-      # Install hex package manager
-      - mix local.hex --force
-      # Fetch dependencies
-      - mix deps.get
-      # Check for compilation errors & warnings
-      - mix compile --warnings-as-errors
-      # Check formatting
-      - mix format --check-formatted
-      # Security checks
-      - mix sobelow --config
-      # Check dependencies for known vulnerabilities
-      - mix deps.audit --ignore-file .deps_audit_ignore
-      # Check for dependencies that are not maintained anymore
-      - mix hex.audit
-      # Provide hints for improving code quality
-      - mix credo --strict
-      # Check that translations are up to date
-      - mix gettext.extract --check-up-to-date
-
-  - name: wait_for_postgres
-    image: docker.io/library/postgres:18.3
-    commands:
-      # Wait for postgres to become available
-      - |
-        for i in {1..20}; do
-          if pg_isready -h postgres -U postgres; then
-            exit 0
-          else
-            true
-          fi
-          sleep 2
-        done
-        echo "Postgres did not become available, aborting."
-        exit 1
-
-  - name: test-fast
-    image: docker.io/library/elixir:1.18.3-otp-27
-    environment:
-      MIX_ENV: test
-      TEST_POSTGRES_HOST: postgres
-      TEST_POSTGRES_PORT: 5432
-    commands:
-      # Install hex package manager
-      - mix local.hex --force
-      # Fetch dependencies
-      - mix deps.get
-      # Run fast tests (excludes slow/performance and UI tests)
-      - mix test --exclude slow --exclude ui --max-cases 2
-
-  - name: rebuild-cache
-    image: drillster/drone-volume-cache
-    settings:
-      rebuild: true
-      mount:
-        - ./deps
-        - ./_build
-    volumes:
-      - name: cache
-        path: /cache
-
-volumes:
-  - name: cache
-    host:
-      path: /tmp/drone_cache
-
----
-kind: pipeline
-type: docker
-name: check-full
-
-services:
-  - name: postgres
-    image: docker.io/library/postgres:18.3
-    environment:
-      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD: postgres
-
-trigger:
-  event:
-    - promote
-  target:
-    - production
-
-steps:
-  - name: compute cache key
-    image: docker.io/library/elixir:1.18.3-otp-27
-    commands:
-      - mix_lock_hash=$(sha256sum mix.lock | cut -d ' ' -f 1)
-      - echo "$DRONE_REPO_OWNER/$DRONE_REPO_NAME/$mix_lock_hash" >> .cache_key
-      # Print cache key for debugging
-      - cat .cache_key
-
-  - name: restore-cache
-    image: drillster/drone-volume-cache
-    settings:
-      restore: true
-      mount:
-        - ./deps
-        - ./_build
-      ttl: 30
-    volumes:
-      - name: cache
-        path: /cache
-
-  - name: lint
-    image: docker.io/library/elixir:1.18.3-otp-27
-    commands:
-      # Install hex package manager
-      - mix local.hex --force
-      # Fetch dependencies
-      - mix deps.get
-      # Check for compilation errors & warnings
-      - mix compile --warnings-as-errors
-      # Check formatting
-      - mix format --check-formatted
-      # Security checks
-      - mix sobelow --config
-      # Check dependencies for known vulnerabilities
-      - mix deps.audit --ignore-file .deps_audit_ignore
-      # Check for dependencies that are not maintained anymore
-      - mix hex.audit
-      # Provide hints for improving code quality
-      - mix credo --strict
-      # Check that translations are up to date
-      - mix gettext.extract --check-up-to-date
-
-  - name: wait_for_postgres
-    image: docker.io/library/postgres:18.3
-    commands:
-      # Wait for postgres to become available
-      - |
-        for i in {1..20}; do
-          if pg_isready -h postgres -U postgres; then
-            exit 0
-          else
-            true
-          fi
-          sleep 2
-        done
-        echo "Postgres did not become available, aborting."
-        exit 1
-
-  - name: test-all
-    image: docker.io/library/elixir:1.18.3-otp-27
-    environment:
-      MIX_ENV: test
-      TEST_POSTGRES_HOST: postgres
-      TEST_POSTGRES_PORT: 5432
-    commands:
-      # Install hex package manager
-      - mix local.hex --force
-      # Fetch dependencies
-      - mix deps.get
-      # Run all tests (including slow/performance and UI tests)
-      - mix test
-
-  - name: rebuild-cache
-    image: drillster/drone-volume-cache
-    settings:
-      rebuild: true
-      mount:
-        - ./deps
-        - ./_build
-    volumes:
-      - name: cache
-        path: /cache
-
-volumes:
-  - name: cache
-    host:
-      path: /tmp/drone_cache
-
----
-kind: pipeline
-type: docker
-name: build-and-publish
-
-trigger:
-  branch:
-    - main
-  event:
-    - push
-
-steps:
-  - name: build-and-publish-container-branch
-    image: plugins/docker
-    settings:
-      registry: git.local-it.org
-      repo: git.local-it.org/local-it/mitgliederverwaltung
-      username:
-        from_secret: DRONE_REGISTRY_USERNAME
-      password:
-        from_secret: DRONE_REGISTRY_TOKEN
-      tags:
-        - latest
-        - ${DRONE_COMMIT_SHA:0:8}
-    when:
-      event:
-        - push
-
-depends_on:
-  - check-fast
-
----
-kind: pipeline
-type: docker
-name: build-and-release
-
-trigger:
-  event:
-    - tag
-
-steps:
-  - name: build-and-publish-container
-    image: plugins/docker
-    settings:
-      registry: git.local-it.org
-      repo: git.local-it.org/local-it/mitgliederverwaltung
-      username:
-        from_secret: DRONE_REGISTRY_USERNAME
-      password:
-        from_secret: DRONE_REGISTRY_TOKEN
-      auto_tag: true
-    when:
-      event:
-        - tag
-
-depends_on:
-  - check-fast
-
----
-kind: pipeline
-type: docker
-name: renovate
-
-trigger:
-  event:
-    - cron
-    - custom
-  branch:
-    - main
-
-environment:
-  LOG_LEVEL: debug
-
-steps:
-  - name: renovate
-    image: renovate/renovate:43.165
-    environment:
-      RENOVATE_CONFIG_FILE: "renovate_backend_config.js"
-      RENOVATE_TOKEN:
-        from_secret: RENOVATE_TOKEN
-      GITHUB_COM_TOKEN:
-        from_secret: GITHUB_COM_TOKEN
-    commands:
-      # https://github.com/renovatebot/renovate/discussions/15049
-      - unset GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL
-      - renovate-config-validator
-      - renovate