Merge pull request #6308 from vector-im/michaelk/exodus

Run exodus privacy scanner on all PRs
This commit is contained in:
Michael Kaye 2022-06-15 12:30:00 +01:00 committed by GitHub
commit c9553d31e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -46,8 +46,9 @@ jobs:
release:
name: Build unsigned GPlay APKs
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
# Only runs on main, no concurrency.
concurrency:
group: ${{ github.ref == 'refs/head/main' && format('build-release-apk-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('build-release-apk-develop-{0}', github.sha) || format('build-debug-{0}', github.ref) }}
cancel-in-progress: ${{ github.ref != 'refs/head/main' }}
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
@ -67,4 +68,26 @@ jobs:
path: |
vector/build/outputs/apk/*/release/*.apk
# TODO add exodus checks
exodus:
runs-on: ubuntu-latest
needs: release
steps:
- name: Obtain apk from artifact
id: download
uses: actions/download-artifact@v3
with:
name: vector-gplay-release-unsigned
- name: Show apks in artifact
run: ls -R ${{steps.download.outputs.download-path}}
- name: Execute exodus-standalone
uses: docker://exodusprivacy/exodus-standalone:latest
with:
args: /github/workspace/gplay/release/vector-gplay-universal-release-unsigned.apk -j -o /github/workspace/exodus.json
- name: Upload exodus json report
uses: actions/upload-artifact@v3
with:
name: exodus.json
path: |
exodus.json
- name: Check for trackers
run: "jq -e '.trackers == []' exodus.json > /dev/null || { echo '::error static analysis identified user tracking library' ; exit 1; }"