ci: migrate lint reporting to SARIF and remove Danger #135
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Thanks to https://github.com/coil-kt/coil/blob/master/.github/workflows/ci.yml | |
| name: CI | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| pull_request: | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 100 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: 'zulu' | |
| java-version: | | |
| 17 | |
| 21 | |
| - name: Validate gradle wrapper | |
| uses: gradle/actions/wrapper-validation@v6 | |
| - name: Copy CI gradle.properties | |
| run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v6 | |
| - name: Build Debug | |
| run: ./gradlew clean app:assembleDebug | |
| - name: Run Lint | |
| if: github.event_name == 'pull_request' | |
| run: ./gradlew lintDebug | |
| - name: Collect Lint SARIF reports | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| mkdir -p sarif-reports | |
| find . -name "lint-results-debug.sarif" | while read f; do | |
| module=$(echo "$f" | sed 's|^\./||' | sed 's|/build/reports/.*||' | sed 's|/|-|g') | |
| cp "$f" "sarif-reports/${module}-lint.sarif" | |
| done | |
| - name: Upload Lint SARIF | |
| if: always() && github.event_name == 'pull_request' | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: 'sarif-reports' | |
| category: android-lint | |
| - name: Detekt | |
| if: github.event_name == 'pull_request' | |
| run: ./gradlew detekt | |
| - name: Prepare Keystore and Local. | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| echo "${{ secrets.KEYSTORE }}" > opensource.jks.asc | |
| gpg -d --passphrase "${{ secrets.KEYSTORE_PASSPHRASE }}" --batch "opensource.jks.asc" > "app/opensource.jks" | |
| echo "${{ secrets.SIGNING_GRADLE }}" > signing.gradle.asc | |
| gpg -d --passphrase "${{ secrets.KEYSTORE_PASSPHRASE }}" --batch "signing.gradle.asc" > "app/signing.gradle" | |
| echo "openSource.signing.file=signing.gradle" >> local.properties | |
| - name: Build Release App | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: ./gradlew app:assembleRelease app:bundleRelease | |
| - name: Prepare Sonatype Gradle properties | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| echo "${{ secrets.SONATYPE_GPG_FILE }}" > opensource.gpg.asc | |
| gpg -d --passphrase "${{ secrets.KEYSTORE_PASSPHRASE }}" --batch "opensource.gpg.asc" > "$HOME/.gradle/opensource.gpg" | |
| echo "sonatype.gpg.key=${{ secrets.SONATYPE_GPG_KEY }}" >> ~/.gradle/gradle.properties | |
| echo "sonatype.gpg.password=${{ secrets.SONATYPE_GPG_PASS }}" >> ~/.gradle/gradle.properties | |
| echo "sonatype.gpg.secretKeyRingFile=$HOME/.gradle/opensource.gpg" >> ~/.gradle/gradle.properties | |
| - name: Release Sonatype | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| ./gradlew build -x test -x lint | |
| ./gradlew fastadapter:publishReleasePublicationToSonatypeRepository -x test -x lint -Plibrary_core_only --no-configure-on-demand --no-parallel | |
| ./gradlew fastadapter-extensions-binding:publishReleasePublicationToSonatypeRepository -x test -x lint -Plibrary_extensions_binding_only --no-configure-on-demand --no-parallel | |
| ./gradlew fastadapter-extensions-diff:publishReleasePublicationToSonatypeRepository -x test -x lint -Plibrary_extensions_diff_only --no-configure-on-demand --no-parallel | |
| ./gradlew fastadapter-extensions-drag:publishReleasePublicationToSonatypeRepository -x test -x lint -Plibrary_extensions_drag_only --no-configure-on-demand --no-parallel | |
| ./gradlew fastadapter-extensions-expandable:publishReleasePublicationToSonatypeRepository -x test -x lint -Plibrary_extensions_expandable_only --no-configure-on-demand --no-parallel | |
| ./gradlew fastadapter-extensions-paged:publishReleasePublicationToSonatypeRepository -x test -x lint -Plibrary_extensions_paged_only --no-configure-on-demand --no-parallel | |
| ./gradlew fastadapter-extensions-scroll:publishReleasePublicationToSonatypeRepository -x test -x lint -Plibrary_extensions_scroll_only --no-configure-on-demand --no-parallel | |
| ./gradlew fastadapter-extensions-swipe:publishReleasePublicationToSonatypeRepository -x test -x lint -Plibrary_extensions_swipe_only --no-configure-on-demand --no-parallel | |
| ./gradlew fastadapter-extensions-ui:publishReleasePublicationToSonatypeRepository -x test -x lint -Plibrary_extensions_ui_only --no-configure-on-demand --no-parallel | |
| ./gradlew fastadapter-extensions-utils:publishReleasePublicationToSonatypeRepository -x test -x lint -Plibrary_extensions_utils_only --no-configure-on-demand --no-parallel | |
| env: | |
| NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }} | |
| NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | |
| - name: Collect artifacts | |
| run: | | |
| COLLECT_PWD=${PWD} | |
| mkdir -p "artifacts" | |
| find . -name "*.apk" -type f -exec cp {} "artifacts" \; | |
| find . -name "*.aab" -type f -exec cp {} "artifacts" \; | |
| - name: Archive Artifacts | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: "App-Artifacts" | |
| path: artifacts/* | |
| - name: Build Changelog | |
| id: github_release | |
| uses: mikepenz/release-changelog-builder-action@v1 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| configuration: ".github/config/configuration.json" | |
| ignorePreReleases: ${{ !contains(github.ref, '-') }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Release | |
| uses: softprops/action-gh-release@91409e712cf565ce9eff10c87a8d1b11b81757ae | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| body: ${{steps.github_release.outputs.changelog}} | |
| prerelease: ${{ contains(github.event.inputs.version, '-rc') || contains(github.event.inputs.version, '-b') || contains(github.event.inputs.version, '-a') }} | |
| files: artifacts/* | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |