-
Notifications
You must be signed in to change notification settings - Fork 17
150 lines (123 loc) · 4.59 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: CI
on:
push:
tags:
- '*'
branches:
- main
pull_request:
workflow_dispatch:
permissions: read-all
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
jobs:
# ktlintCheck does not have per-variant tasks, so runs once over everything
ktlint:
name: ktlintCheck
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: ktlintCheck
run: ./gradlew ktlintCheck
# Tools are not per-variant
tools:
name: Test tools
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: Test tools
working-directory: tools
run: ../gradlew test
# Custom lint rules are not per-variant
custom-lint:
name: Custom lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: Test custom lint rules
working-directory: checks
run: ../gradlew test
# Android lint is per-variant
lint:
permissions:
# Required to upload SARIF files
security-events: write
strategy:
matrix:
color: ["orange"]
store: [ "Fdroid", "Github", "Google" ]
type: [ "Debug", "Release" ]
name: Android Lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
# Run lint. Ignore a failing exit code, but save it for later.
- name: Regular lint ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
id: runlint
run: |
set +e
./gradlew lint${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
echo "exitcode=$?" >> $GITHUB_OUTPUT
- name: Merge SARIF files
run: |
jq -s '{ "$schema": "https://json.schemastore.org/sarif-2.1.0", "version": "2.1.0", "runs": map(.runs) | add }' */*/build/reports/lint-results-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif */build/reports/lint-results-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif > merged-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3
with:
sarif_file: merged-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif
# Exit with whatever exit code the original lint run exited with, to
# ensure this job fails if lint fails, *but* the lint reports are still
# uploaded.
- name: Fail if lint failed
run: exit ${{ steps.runlint.outputs.exitcode }}
# Android tests are per variant
test:
strategy:
matrix:
color: ["orange"]
store: [ "Fdroid", "Github", "Google" ]
type: [ "Debug", "Release" ]
name: Android Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: test ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
run: ./gradlew test${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
# Android assemble is per variant
assemble:
strategy:
matrix:
color: ["orange"]
store: [ "Fdroid", "Github", "Google" ]
type: [ "Debug", "Release" ]
name: Android Assemble
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: assemble ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
run: ./gradlew assemble${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}