Skip to content

chore(deps): update github/codeql-action digest to df409f7 #2923

chore(deps): update github/codeql-action digest to df409f7

chore(deps): update github/codeql-action digest to df409f7 #2923

Workflow file for this run

name: CI
on:
push:
tags:
- '*'
branches:
- main
pull_request:
workflow_dispatch:
permissions: read-all
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
jobs:
# ktlintCheck does not have per-variant tasks, so runs once over everything
ktlint:
name: ktlintCheck
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: ktlintCheck
run: ./gradlew ktlintCheck
# Tools are not per-variant
tools:
name: Test tools
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: Test tools
working-directory: tools
run: ../gradlew test
# Custom lint rules are not per-variant
custom-lint:
name: Custom lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: Test custom lint rules
working-directory: checks
run: ../gradlew test
# Android lint is per-variant
lint:
permissions:
# Required to upload SARIF files
security-events: write
strategy:
matrix:
color: ["orange"]
store: [ "Fdroid", "Github", "Google" ]
type: [ "Debug", "Release" ]
name: Android Lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
# Run lint. Ignore a failing exit code, but save it for later.
- name: Regular lint ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
id: runlint
run: |
set +e
./gradlew lint${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
echo "exitcode=$?" >> $GITHUB_OUTPUT
- name: Merge SARIF files
run: |
jq -s '{ "$schema": "https://json.schemastore.org/sarif-2.1.0", "version": "2.1.0", "runs": map(.runs) | add }' */*/build/reports/lint-results-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif */build/reports/lint-results-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif > merged-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3
with:
sarif_file: merged-${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}.sarif
# Exit with whatever exit code the original lint run exited with, to
# ensure this job fails if lint fails, *but* the lint reports are still
# uploaded.
- name: Fail if lint failed
run: exit ${{ steps.runlint.outputs.exitcode }}
# Android tests are per variant
test:
strategy:
matrix:
color: ["orange"]
store: [ "Fdroid", "Github", "Google" ]
type: [ "Debug", "Release" ]
name: Android Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: test ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
run: ./gradlew test${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
# Android assemble is per variant
assemble:
strategy:
matrix:
color: ["orange"]
store: [ "Fdroid", "Github", "Google" ]
type: [ "Debug", "Release" ]
name: Android Assemble
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/setup-build-env
with:
gradle-cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: assemble ${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}
run: ./gradlew assemble${{ matrix.color }}${{ matrix.store }}${{ matrix.type }}