name: APK Build on: pull_request: { } push: branches: [ main, develop ] # Enrich gradle.properties for CI/CD env: CI_GRADLE_ARG_PROPERTIES: > -Porg.gradle.jvmargs=-Xmx4g -Porg.gradle.parallel=false --no-daemon jobs: debug: name: Build debug APKs (${{ matrix.target }}) runs-on: ubuntu-latest if: github.ref != 'refs/heads/main' strategy: fail-fast: false matrix: target: [ Gplay, Fdroid ] # Allow all jobs on develop. Just one per PR. concurrency: group: ${{ github.ref == 'refs/heads/develop' && format('integration-tests-develop-{0}-{1}', matrix.target, github.sha) || format('build-debug-{0}-{1}', matrix.target, github.ref) }} cancel-in-progress: true steps: - uses: actions/checkout@v3 - uses: actions/cache@v3 with: path: | ~/.gradle/caches ~/.gradle/wrapper key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} restore-keys: | ${{ runner.os }}-gradle- - name: Assemble ${{ matrix.target }} debug apk run: ./gradlew assemble${{ matrix.target }}Debug $CI_GRADLE_ARG_PROPERTIES --stacktrace - name: Upload ${{ matrix.target }} debug APKs uses: actions/upload-artifact@v3 with: name: vector-${{ matrix.target }}-debug path: | vector/build/outputs/apk/*/debug/*.apk release: name: Build unsigned GPlay APKs runs-on: ubuntu-latest concurrency: group: ${{ github.ref == 'refs/head/main' && format('build-release-apk-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('build-release-apk-develop-{0}', github.sha) || format('build-debug-{0}', github.ref) }} cancel-in-progress: ${{ github.ref != 'refs/head/main' }} steps: - uses: actions/checkout@v3 - uses: actions/cache@v3 with: path: | ~/.gradle/caches ~/.gradle/wrapper key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} restore-keys: | ${{ runner.os }}-gradle- - name: Assemble GPlay unsigned apk run: ./gradlew clean assembleGplayRelease $CI_GRADLE_ARG_PROPERTIES --stacktrace - name: Upload Gplay unsigned APKs uses: actions/upload-artifact@v3 with: name: vector-gplay-release-unsigned path: | vector/build/outputs/apk/*/release/*.apk exodus: runs-on: ubuntu-latest needs: release steps: - name: Obtain apk from artifact id: download uses: actions/download-artifact@v3 with: name: vector-gplay-release-unsigned - name: Show apks in artifact run: ls -R ${{steps.download.outputs.download-path}} - name: Execute exodus-standalone uses: docker://exodusprivacy/exodus-standalone:latest with: args: /github/workspace/gplay/release/vector-gplay-universal-release-unsigned.apk -j -o /github/workspace/exodus.json - name: Upload exodus json report uses: actions/upload-artifact@v3 with: name: exodus.json path: | exodus.json - name: Check for trackers run: "jq -e '.trackers == []' exodus.json > /dev/null || { echo '::error static analysis identified user tracking library' ; exit 1; }"