mirror of
https://github.com/pachli/pachli-android.git
synced 2025-02-02 18:37:00 +01:00
37a016576b
Previous code used `pull_request:` which meant `secrets.GRADLE_ENCRYPTION_KEY` was not available, so the configuration cache was not restored. Use `pull_request_target` to give the workflow access to `secrets`, and explicitly downscope the permissions of `GITHUB_TOKEN` to read only.
54 lines
1.4 KiB
YAML
54 lines
1.4 KiB
YAML
name: CI
|
|
|
|
# Run on pull_request_target to access secrets.GRADLE_ENCRYPTION_KEY,
|
|
# and ensure permissions are marked read-only
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- '*'
|
|
pull_request_target:
|
|
workflow_dispatch:
|
|
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
build:
|
|
strategy:
|
|
matrix:
|
|
color: ["orange"]
|
|
store: ["fdroid", "github", "google"]
|
|
name: Build
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-java@v4
|
|
with:
|
|
java-version: '17'
|
|
distribution: 'temurin'
|
|
|
|
- name: Gradle Wrapper Validation
|
|
uses: gradle/wrapper-validation-action@v2
|
|
|
|
- name: Copy CI gradle.properties
|
|
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
|
|
|
|
- name: Setup Gradle
|
|
uses: gradle/actions/setup-gradle@v3
|
|
with:
|
|
cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
|
|
|
|
- name: ktlint
|
|
run: ./gradlew clean ktlintCheck
|
|
|
|
- name: Regular lint ${{ matrix.color }}${{ matrix.store }}Debug
|
|
run: ./gradlew app:lint${{ matrix.color }}${{ matrix.store }}Debug
|
|
|
|
- name: Test ${{ matrix.color }}${{ matrix.store }}DebugUnitTest checks:test
|
|
run: ./gradlew app:test${{ matrix.color }}${{ matrix.store }}DebugUnitTest checks:test
|
|
|
|
- name: Build ${{ matrix.color }}${{ matrix.store }}Debug
|
|
run: ./gradlew app:build${{ matrix.color }}${{ matrix.store }}Debug
|