Pixelfed
/
PixelDroid-App-Android
mirror of https://gitlab.shinice.net/pixeldroid/PixelDroid
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'security_suggestions' into 'master' 

Security suggestion, CI changes

See merge request pixeldroid/PixelDroid!446
This commit is contained in:
Matthieu 2022-07-16 08:53:16 +00:00
parent 32df989e40 cfdc040e6a
commit c0449f9adf
2 changed files with 57 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
.gitlab-ci.yml
View File

@ -1,11 +1,4 @@
image: reactivecircus/android-emulator-23:latest
variables:
API_LEVEL: "23"
ARCH: "x86"
TARGET: "default"
image: registry.gitlab.com/fdroid/ci-images-client
before_script:
- export GRADLE_USER_HOME=`pwd`/.gradle
@ -21,6 +14,9 @@ lintDebug:
interruptible: true
stage: build
script:
- apt-get update || apt-get update
- apt-get install -y openjdk-11-jdk-headless
- update-alternatives --auto java
- ./gradlew checkLicenses
- ./gradlew -Pci --console=plain :app:lintDebug -PbuildDir=lint
@ -28,50 +24,56 @@ lintDebug:
assembleDebug:
interruptible: true
stage: build
tags:
- server_artectrex
script:
- apt-get update || apt-get update
- apt-get install -y openjdk-11-jdk-headless
- update-alternatives --auto java
- ./gradlew assembleDebug
artifacts:
paths:
- app/build/outputs/
# Run all tests, if any fails, interrupt the pipeline(fail it)
# Run all tests, if any fails, interrupt the pipeline (fail it)
debugTests:
interruptible: true
stage: test
script:
- apt-get update || apt-get update
- apt-get install -y openjdk-11-jdk-headless
- update-alternatives --auto java
- ./gradlew -Pci --console=plain :app:testDebug -x lint
emulatorTest:
interruptible: true
stage: test
script:
- echo no | avdmanager create avd --force --name "api-${API_LEVEL}" --abi "${TARGET}/${ARCH}" --package "system-images;android-${API_LEVEL};${TARGET};${ARCH}"
- $ANDROID_SDK_ROOT/emulator/emulator -avd "api-${API_LEVEL}" -no-window -gpu swiftshader_indirect -no-snapshot -noaudio -no-boot-anim -camera-back none &
- chmod +x android-wait-for-emulator.sh
- ./gradlew build -x lint
- ./android-wait-for-emulator.sh
- adb shell settings put global window_animation_scale 0.0
- adb shell settings put global transition_animation_scale 0.0
- adb shell settings put global animator_duration_scale 0.0
- ./gradlew build connectedCheck connectedStagingAndroidTest jacocoTestReport -x lint
- cat app/build/reports/jacoco/jacocoTestReport/html/index.html | grep -o 'Total[^%]*%'
artifacts:
when: always
paths:
- ./app/build/reports/jacoco/jacocoTestReport/
expire_in: 1 week
fdroid build:
image: registry.gitlab.com/fdroid/ci-images-client:latest
allow_failure: true
.connected-template: &connected-template
stage: test
image: registry.gitlab.com/fdroid/ci-images-client
script:
- start-emulator
- wait-for-emulator
- adb devices
- adb shell input keyevent 82 &
# Switch to right java version for building the app
- apt-get update || apt-get update
- apt-get install -y openjdk-11-jdk-headless
- update-alternatives --auto java
- ./gradlew connectedStagingAndroidTest || (adb -e logcat -d > logcat.txt; exit 1)
artifacts:
paths:
- unsigned/
- logcat.txt
connected 24 default x86_64:
<<: *connected-template
fdroid build:
stage: build
image: registry.gitlab.com/fdroid/ci-images-client:latest
allow_failure: true
tags:
- server_artectrex
artifacts:
paths:
- signed/
when: always
only:
- tags
@ -79,6 +81,7 @@ fdroid build:
key: "$CI_JOB_NAME"
paths:
- .gradle
- .android
script:
# Put the correct versionName and versionCode in the .fdroid.yml
- sed -e "s/\${versionName}/$(grep "versionName " app/build.gradle | awk '{print $2}')/" -e "s/\${versionCode}/$(grep "versionCode" app/build.gradle | awk '{print $2}')/" .fdroid.yml.template > .fdroid.yml
@ -96,10 +99,11 @@ fdroid build:
- adduser --disabled-password --gecos "" vagrant
- ln -s $CI_PROJECT_DIR/fdroidserver /home/vagrant/fdroidserver
- mkdir -p /vagrant/cache
- wget -q https://services.gradle.org/distributions/gradle-5.6.2-bin.zip
--output-document=/vagrant/cache/gradle-5.6.2-bin.zip
- wget -q https://services.gradle.org/distributions/gradle-5.6.2-bin.zip --output-document=/vagrant/cache/gradle-5.6.2-bin.zip
# Check sha256 of the gralde build
- echo '32fce6628848f799b0ad3205ae8db67d0d828c10ffe62b748a7c0d9f4a5d9ee0 /vagrant/cache/gradle-5.6.2-bin.zip' | sha256sum -c
- bash fdroidserver/buildserver/provision-gradle
- bash fdroidserver/buildserver/provision-apt-get-install http://deb.debian.org/debian
- bash fdroidserver/buildserver/provision-apt-get-install https://deb.debian.org/debian
- source /etc/profile.d/bsenv.sh
- apt-get dist-upgrade
@ -111,11 +115,16 @@ fdroid build:
python3-ruamel.yaml
yamllint
- apt-get purge fdroidserver
- export GRADLE_USER_HOME=$PWD/.gradle
# each `fdroid build --on-server` run expects sudo, then uninstalls it
# each fdroid build --on-server run expects sudo, then uninstalls it
- set -x
- apt-get install sudo
- fdroid fetchsrclibs --verbose
# this builds the latest version of the app from its source dir, using the build recipe in .fdroid.yml
- fdroid build --verbose --on-server --no-tarball
# create a keystore if we dont have one
- ls .android || mkdir .android
- ls .android/debug.keystore || keytool -genkey -v -keystore .android/debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname 'C=US, O=Android, CN=Android Debug'
# sign the apk
- cp -R unsigned signed
- jarsigner -verbose -keystore .android/debug.keystore -storepass android -keypass android signed/*.apk androiddebugkey

5
app/build.gradle
View File

@ -94,7 +94,12 @@ android {
apply plugin: 'kotlin-kapt'
lint {
//We can't expect translators to always keep up immediately:
// don't fail if a a string is untranslated
disable 'MissingTranslation'
// This lint indicates a wrong translation:
// Remove this exception once https://github.com/WeblateOrg/weblate/issues/7520 is solved
disable 'MissingQuantity'
}
}