pachli-android/.github/workflows/ci.yml

151 lines
4.6 KiB
YAML
Raw Normal View History

name: CI
on:
push:
tags:
- '*'
branches:
- main
pull_request:
workflow_dispatch:
permissions: read-all
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
jobs:
# ktlintCheck does not have per-variant tasks, so runs once over everything
ktlint:
name: ktlintCheck
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: ktlintCheck
run: ./gradlew ktlintCheck
# Tools are not per-variant
tools:
name: Test tools
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: Test tools
working-directory: tools
run: ../gradlew test
# Custom lint rules are not per-variant
custom-lint:
name: Custom lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: Test custom lint rules
working-directory: checks
run: ../gradlew test
# Android lint is per-variant
lint:
permissions:
# Required to upload SARIF files
security-events: write
feat: Periodically check for updates and alert user (#236) Users can inadvertently get stuck on older versions of the app; e.g., by installing from one F-Droid repository that stops hosting the app at some later time. Analytics from the Play Store also shows a long tail of users who are, for some reason, on an older version. On resuming `MainActivity`, and approximately once per day, check and see if a newer version of Pachli is available, and prompt the user to update by going to the relevant install location (Google Play, F-Droid, or GitHub). The dialog prompt allows them to ignore this specific version, or disable all future update notifications. This is also exposed through the preferences, so the user can adjust it there too. A different update check method is used for each installation location. - F-Droid: Use the F-Droid API to query for the newest released version - GitHub: Use the GitHub API to query for the newest release, and check the APK filename attached to that release - Google Play: Use the Play in-app-updates library (https://developer.android.com/guide/playcore/in-app-updates) to query for the newest released version These are kept in different build flavours (source sets), so that e.g., the build for the F-Droid store can only query the F-Droid API, the UI strings are specific to F-Droid, etc. This also ensures that the update service libraries are specific to that build and do not "cross-contaminate". Note that this *does not* update the app, it takes the user to either the relevant store page (F-Droid, Play) or GitHub release page. The user must still start the update from that page. CI configuration is updated to build the different flavours.
2023-11-08 08:42:39 +01:00
strategy:
matrix:
color: ["orange"]
store: [ "Fdroid", "Github", "Google" ]
type: [ "Debug", "Release" ]
name: Android Lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
# Run lint. Ignore a failing exit code, but save it for later.
- name: Regular lint ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
id: runlint
run: |
set +e
./gradlew lint${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
echo "exitcode=$?" >> $GITHUB_OUTPUT
- name: Merge SARIF files
run: |
jq -s '{ "$schema": "https://json.schemastore.org/sarif-2.1.0", "version": "2.1.0", "runs": map(.runs) | add }' */*/build/reports/lint-results-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif */build/reports/lint-results-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif > merged-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3
with:
sarif_file: merged-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif
# Exit with whatever exit code the original lint run exited with, to
# ensure this job fails if lint fails, *but* the lint reports are still
# uploaded.
- name: Fail if lint failed
run: exit ${{ steps.runlint.outputs.exitcode }}
# Android tests are per variant
test:
strategy:
matrix:
color: ["orange"]
store: [ "Fdroid", "Github", "Google" ]
type: [ "Debug", "Release" ]
name: Android Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: test ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
run: ./gradlew test${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
# Android assemble is per variant
assemble:
strategy:
matrix:
color: ["orange"]
store: [ "Fdroid", "Github", "Google" ]
type: [ "Debug", "Release" ]
name: Android Assemble
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: assemble ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
run: ./gradlew assemble${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}