From f1be5733e081b5d5325b40632ffd51e0a28e5d25 Mon Sep 17 00:00:00 2001
From: Matthieu <24-artectrex@users.noreply.shinice.net>
Date: Mon, 11 Jul 2022 10:00:00 +0200
Subject: [PATCH 1/2] Act on some of the security suggestions

---
 .gitlab-ci.yml   | 18 ++++++++++++------
 app/build.gradle |  5 +++++
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a2e634e1..73baed7a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -71,7 +71,7 @@ fdroid build:
   allow_failure: true
   artifacts:
     paths:
-      - unsigned/
+      - signed/
     when: always
   only:
     - tags
@@ -79,6 +79,7 @@ fdroid build:
     key: "$CI_JOB_NAME"
     paths:
       - .gradle
+      - .android
   script:
     # Put the correct versionName and versionCode in the .fdroid.yml
     - sed -e "s/\${versionName}/$(grep "versionName " app/build.gradle | awk '{print $2}')/" -e "s/\${versionCode}/$(grep "versionCode" app/build.gradle | awk '{print $2}')/" .fdroid.yml.template > .fdroid.yml
@@ -96,10 +97,10 @@ fdroid build:
     - adduser --disabled-password --gecos "" vagrant
     - ln -s $CI_PROJECT_DIR/fdroidserver /home/vagrant/fdroidserver
     - mkdir -p /vagrant/cache
-    - wget -q https://services.gradle.org/distributions/gradle-5.6.2-bin.zip
-      --output-document=/vagrant/cache/gradle-5.6.2-bin.zip
+    - wget -q https://services.gradle.org/distributions/gradle-5.6.2-bin.zip --output-document=/vagrant/cache/gradle-5.6.2-bin.zip
+    - echo '32fce6628848f799b0ad3205ae8db67d0d828c10ffe62b748a7c0d9f4a5d9ee0 /vagrant/cache/gradle-5.6.2-bin.zip' | sha256sum -c
     - bash fdroidserver/buildserver/provision-gradle
-    - bash fdroidserver/buildserver/provision-apt-get-install http://deb.debian.org/debian
+    - bash fdroidserver/buildserver/provision-apt-get-install https://deb.debian.org/debian
     - source /etc/profile.d/bsenv.sh
     - apt-get dist-upgrade
 
@@ -111,11 +112,16 @@ fdroid build:
       python3-ruamel.yaml
       yamllint
     - apt-get purge fdroidserver
-
     - export GRADLE_USER_HOME=$PWD/.gradle
-    # each `fdroid build --on-server` run expects sudo, then uninstalls it
+    # each fdroid build --on-server run expects sudo, then uninstalls it
     - set -x
     - apt-get install sudo
     - fdroid fetchsrclibs --verbose
     # this builds the latest version of the app from its source dir, using the build recipe in .fdroid.yml
     - fdroid build --verbose --on-server --no-tarball
+    # create a keystore if we don’t have one
+    - ls .android || mkdir .android
+    - ls .android/debug.keystore || keytool -genkey -v -keystore .android/debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname 'C=US, O=Android, CN=Android Debug'
+    # sign the apk
+    - cp -R unsigned signed
+    - jarsigner -verbose -keystore .android/debug.keystore -storepass android -keypass android signed/*.apk androiddebugkey
diff --git a/app/build.gradle b/app/build.gradle
index 0cd1ba5b..8ba5a6bd 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -94,7 +94,12 @@ android {
 
     apply plugin: 'kotlin-kapt'
     lint {
+        //We can't expect translators to always keep up immediately:
+        // don't fail if a a string is untranslated
         disable 'MissingTranslation'
+        // This lint indicates a wrong translation:
+        // Remove this exception once https://github.com/WeblateOrg/weblate/issues/7520 is solved
+        disable 'MissingQuantity'
     }
 }
 

From cfdc040e6aaf8930769885828d0917b5e0234786 Mon Sep 17 00:00:00 2001
From: Matthieu <24-artectrex@users.noreply.shinice.net>
Date: Mon, 11 Jul 2022 11:07:41 +0200
Subject: [PATCH 2/2] Try switching CI backend

---
 .gitlab-ci.yml | 67 ++++++++++++++++++++++++++------------------------
 1 file changed, 35 insertions(+), 32 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 73baed7a..fc7311f0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,11 +1,4 @@
-image: reactivecircus/android-emulator-23:latest
-
-
-variables:
-  API_LEVEL: "23"
-  ARCH: "x86"
-  TARGET: "default"
-
+image: registry.gitlab.com/fdroid/ci-images-client
 
 before_script:
   - export GRADLE_USER_HOME=`pwd`/.gradle
@@ -21,6 +14,9 @@ lintDebug:
   interruptible: true
   stage: build
   script:
+    - apt-get update || apt-get update
+    - apt-get install -y openjdk-11-jdk-headless
+    - update-alternatives --auto java
     - ./gradlew checkLicenses
     - ./gradlew -Pci --console=plain :app:lintDebug -PbuildDir=lint
 
@@ -28,47 +24,53 @@ lintDebug:
 assembleDebug:
   interruptible: true
   stage: build
+  tags:
+    - server_artectrex
   script:
+    - apt-get update || apt-get update
+    - apt-get install -y openjdk-11-jdk-headless
+    - update-alternatives --auto java
     - ./gradlew assembleDebug
   artifacts:
     paths:
       - app/build/outputs/
 
-# Run all tests, if any fails, interrupt the pipeline(fail it)
+# Run all tests, if any fails, interrupt the pipeline (fail it)
 debugTests:
   interruptible: true
   stage: test
   script:
+    - apt-get update || apt-get update
+    - apt-get install -y openjdk-11-jdk-headless
+    - update-alternatives --auto java
     - ./gradlew -Pci --console=plain :app:testDebug -x lint
 
+.connected-template: &connected-template
+  stage: test
+  image: registry.gitlab.com/fdroid/ci-images-client
+  script:
+    - start-emulator
+    - wait-for-emulator
+    - adb devices
+    - adb shell input keyevent 82 &
+    # Switch to right java version for building the app
+    - apt-get update || apt-get update
+    - apt-get install -y openjdk-11-jdk-headless
+    - update-alternatives --auto java
+    - ./gradlew connectedStagingAndroidTest || (adb -e logcat -d > logcat.txt; exit 1)
+  artifacts:
+    paths:
+      - logcat.txt
 
-emulatorTest:
-    interruptible: true
-    stage: test
-    script:
-        - echo no | avdmanager create avd --force --name "api-${API_LEVEL}" --abi "${TARGET}/${ARCH}" --package "system-images;android-${API_LEVEL};${TARGET};${ARCH}"
-        - $ANDROID_SDK_ROOT/emulator/emulator -avd "api-${API_LEVEL}" -no-window -gpu swiftshader_indirect -no-snapshot -noaudio -no-boot-anim -camera-back none &
-        - chmod +x android-wait-for-emulator.sh
-        - ./gradlew build -x lint
-        - ./android-wait-for-emulator.sh
-        - adb shell settings put global window_animation_scale 0.0
-        - adb shell settings put global transition_animation_scale 0.0
-        - adb shell settings put global animator_duration_scale 0.0
-
-        - ./gradlew build connectedCheck connectedStagingAndroidTest jacocoTestReport -x lint
-
-        - cat app/build/reports/jacoco/jacocoTestReport/html/index.html | grep -o 'Total[^%]*%'
-
-    artifacts:
-        when: always
-        paths:
-        - ./app/build/reports/jacoco/jacocoTestReport/
-        expire_in: 1 week
-
+connected 24 default x86_64:
+  <<: *connected-template
 
 fdroid build:
+  stage: build
   image: registry.gitlab.com/fdroid/ci-images-client:latest
   allow_failure: true
+  tags:
+    - server_artectrex
   artifacts:
     paths:
       - signed/
@@ -98,6 +100,7 @@ fdroid build:
     - ln -s $CI_PROJECT_DIR/fdroidserver /home/vagrant/fdroidserver
     - mkdir -p /vagrant/cache
     - wget -q https://services.gradle.org/distributions/gradle-5.6.2-bin.zip --output-document=/vagrant/cache/gradle-5.6.2-bin.zip
+    # Check sha256 of the gralde build
     - echo '32fce6628848f799b0ad3205ae8db67d0d828c10ffe62b748a7c0d9f4a5d9ee0 /vagrant/cache/gradle-5.6.2-bin.zip' | sha256sum -c
     - bash fdroidserver/buildserver/provision-gradle
     - bash fdroidserver/buildserver/provision-apt-get-install https://deb.debian.org/debian