-
Notifications
You must be signed in to change notification settings - Fork 9
133 lines (124 loc) · 4.97 KB
/
checks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: Checks
on:
push:
# Allow running these checks only on the developing branches
branches:
- main
- develop
- releases/*
permissions:
# For generating attestations
id-token: write
attestations: write
# For Code Scanning
security-events: write
jobs:
unit-tests:
runs-on: ubuntu-latest
name: Unit tests
steps:
- uses: actions/checkout@v4
- name: Run unit tests
uses: ./.github/actions/build-gradle
with:
gradle-arguments: test testAggregatedReport --continue
transcrypt-cipher: ${{ secrets.TRANSCRYPT_CIPHER }}
transcrypt-password: ${{ secrets.TRANSCRYPT_PASSWORD }}
app-keystore-password: ${{ secrets.APP_KEYSTORE_PASSWORD }}
app-keystore-alias: ${{ secrets.APP_KEYSTORE_ALIAS }}
app-keystore-alias-password: ${{ secrets.APP_KEYSTORE_ALIAS_PASSWORD }}
upload-name: Unit test results
upload-path: ./**/build/reports/tests/
dependencies:
name: Check for dependency updates
runs-on: ubuntu-latest
permissions:
# For generating attestations
id-token: write
attestations: write
# For generating checks
checks: write
steps:
- uses: actions/checkout@v4
- name: Run dependencyUpdates task
uses: ./.github/actions/build-gradle
with:
gradle-arguments: dependencyUpdates
upload-name: dependency-updates
# Dependency update info is available at build/dependencyUpdates/report.<filetype>
upload-path: build/dependencyUpdates/
transcrypt-cipher: ${{ secrets.TRANSCRYPT_CIPHER }}
transcrypt-password: ${{ secrets.TRANSCRYPT_PASSWORD }}
app-keystore-password: ${{ secrets.APP_KEYSTORE_PASSWORD }}
app-keystore-alias: ${{ secrets.APP_KEYSTORE_ALIAS }}
app-keystore-alias-password: ${{ secrets.APP_KEYSTORE_ALIAS_PASSWORD }}
- name: Generate dependency updates summary
id: parse_dep_updates
run: |
report_file="build/dependencyUpdates/report.json"
dep_update_types=("current" "exceeded" "outdated" "unresolved" "undeclared")
dep_update_summary="Dependencies found:"
for dep in "${dep_update_types[@]}"
do
dep_update_summary+="\n- $(jq -r --arg dep "$dep" '.[$dep].count' $report_file) $dep dependencies"
done
echo "summary=$dep_update_summary" >> $GITHUB_OUTPUT
- name: Add job summary
run: |
printf "# Summary\n" >> $GITHUB_STEP_SUMMARY
printf "${{ steps.parse_dep_updates.outputs.summary }}" >> $GITHUB_STEP_SUMMARY
printf "\n---\n" >> $GITHUB_STEP_SUMMARY
printf "$(cat build/dependencyUpdates/report.md)" >> $GITHUB_STEP_SUMMARY
- name: Add GitHub check to commit
uses: LouisBrunner/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
name: Dependency updates report
conclusion: ${{ job.status }}
output: |
{"summary": "${{ steps.parse_dep_updates.outputs.summary }}"}
output_text_description_file: build/dependencyUpdates/report.md
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run lint task
uses: ./.github/actions/build-gradle
with:
gradle-arguments: :app:lint
upload-name: lint-output
# See https://googlesamples.github.io/android-custom-lint-rules/usage/agp-dsl.md.html
# on where lint reports are outputted
upload-path: app/build/reports/
transcrypt-cipher: ${{ secrets.TRANSCRYPT_CIPHER }}
transcrypt-password: ${{ secrets.TRANSCRYPT_PASSWORD }}
app-keystore-password: ${{ secrets.APP_KEYSTORE_PASSWORD }}
app-keystore-alias: ${{ secrets.APP_KEYSTORE_ALIAS }}
app-keystore-alias-password: ${{ secrets.APP_KEYSTORE_ALIAS_PASSWORD }}
- name: Upload lint report
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: app/build/reports/lint-results-debug.sarif
health:
name: Build Health
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run buildHealth task
uses: ./.github/actions/build-gradle
with:
gradle-arguments: :buildHealth
upload-name: build-health
upload-path: build/reports/dependency-analysis
transcrypt-cipher: ${{ secrets.TRANSCRYPT_CIPHER }}
transcrypt-password: ${{ secrets.TRANSCRYPT_PASSWORD }}
app-keystore-password: ${{ secrets.APP_KEYSTORE_PASSWORD }}
app-keystore-alias: ${{ secrets.APP_KEYSTORE_ALIAS }}
app-keystore-alias-password: ${{ secrets.APP_KEYSTORE_ALIAS_PASSWORD }}
- name: Add job summary
run: |
echo "# Build health report" >> $GITHUB_STEP_SUMMARY
cat build/reports/dependency-analysis/build-health-report.txt >> $GITHUB_STEP_SUMMARY