name: CI on: push: tags: - '*' branches: - main pull_request: workflow_dispatch: permissions: read-all concurrency: group: ${{ github.workflow }}-${{ github.ref_name }} cancel-in-progress: true jobs: # ktlintCheck does not have per-variant tasks, so runs once over everything ktlint: name: ktlintCheck runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: ./.github/actions/setup-build-env with: gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: ktlintCheck run: ./gradlew ktlintCheck # Tools are not per-variant tools: name: Test tools runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: ./.github/actions/setup-build-env with: gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: Test tools working-directory: tools run: ../gradlew test # Custom lint rules are not per-variant custom-lint: name: Custom lint runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: ./.github/actions/setup-build-env with: gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: Test custom lint rules working-directory: checks run: ../gradlew test # Android lint is per-variant lint: permissions: # Required to upload SARIF files security-events: write strategy: matrix: color: ["orange"] store: [ "Fdroid", "Github", "Google" ] type: [ "Debug", "Release" ] name: Android Lint runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: ./.github/actions/setup-build-env with: gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} # Run lint. Ignore a failing exit code, but save it for later. - name: Regular lint ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }} id: runlint run: | set +e ./gradlew lint${{ matrix.color }}${{ matrix.store }}${{ matrix.type }} echo "exitcode=$?" >> $GITHUB_OUTPUT - name: Merge SARIF files run: | jq -s '{ "$schema": "https://json.schemastore.org/sarif-2.1.0", "version": "2.1.0", "runs": map(.runs) | add }' */*/build/reports/lint-results-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif */build/reports/lint-results-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif > merged-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif - name: Upload SARIF file uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3 with: sarif_file: merged-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif # Exit with whatever exit code the original lint run exited with, to # ensure this job fails if lint fails, *but* the lint reports are still # uploaded. - name: Fail if lint failed run: exit ${{ steps.runlint.outputs.exitcode }} # Android tests are per variant test: strategy: matrix: color: ["orange"] store: [ "Fdroid", "Github", "Google" ] type: [ "Debug", "Release" ] name: Android Test runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: ./.github/actions/setup-build-env with: gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: test ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }} run: ./gradlew test${{ matrix.color }}${{ matrix.store }}${{ matrix.type }} # Android assemble is per variant assemble: strategy: matrix: color: ["orange"] store: [ "Fdroid", "Github", "Google" ] type: [ "Debug", "Release" ] name: Android Assemble runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: ./.github/actions/setup-build-env with: gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - name: assemble ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }} run: ./gradlew assemble${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}