Merge pull request #1145 from alvr/feature/pin_github_actions_versions #3591
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Katana | |
on: | |
pull_request: | |
push: | |
branches: | |
- develop | |
tags: | |
- v* | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
TZ: UTC | |
permissions: | |
contents: write | |
pull-requests: write | |
jobs: | |
cancel-stale-jobs: | |
name: Cancel stale jobs | |
runs-on: ubuntu-latest | |
steps: | |
- name: Cancel Stale Jobs | |
uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # pin@0.12.1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
validation: | |
name: Validation | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Validate Gradle wrapper | |
uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # pin@v4.2.2 | |
assemble: | |
name: Assembling | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Common Steps | |
uses: ./.github/actions/common-steps | |
with: | |
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
- name: Assemble Katana | |
run: ./gradlew assembleDebug --no-daemon --stacktrace | |
- name: Upload debug artifacts | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # pin@v4.5.0 | |
with: | |
name: Katana v${{ github.run_number }} | |
path: | | |
${{ vars.ANDROID_DEBUG_APK }} | |
retention-days: 7 | |
- name: Upload compose reports artifact | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # pin@v4.5.0 | |
if: always() | |
with: | |
name: compose-reports | |
path: | | |
**/build/compose-metrics | |
**/build/compose-reports | |
retention-days: 7 | |
static-analysis: | |
name: Static analysis | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
security-events: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Common Steps | |
uses: ./.github/actions/common-steps | |
with: | |
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
- name: Run detekt | |
run: ./gradlew detektAll lintDebug --no-daemon --stacktrace | |
- name: Upload static reports artifact | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # pin@v4.5.0 | |
with: | |
name: static-report | |
path: | | |
build/reports/detekt/detekt.xml | |
**/build/reports/lint-results-debug.xml | |
retention-days: 1 | |
- name: Analyze detekt report | |
uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # pin@v3.28.0 | |
with: | |
sarif_file: build/reports/detekt/detekt.sarif | |
checkout_path: ${{ github.workspace }} | |
unit-tests: | |
name: Unit testing | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Common Steps | |
uses: ./.github/actions/common-steps | |
with: | |
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
- name: Run unit tests | |
run: ./gradlew :koverXmlReport :koverVerify --no-daemon --stacktrace | |
- name: Upload tests reports artifact | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # pin@v4.5.0 | |
with: | |
name: tests-reports | |
path: | | |
**/build/reports/tests/jvmTest | |
**/build/reports/tests/testDebugUnitTest | |
retention-days: 7 | |
- name: Upload report to Codecov | |
uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # pin@v5.1.2 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: build/reports/kover/report.xml | |
flags: unittests | |
verbose: true | |
deploy-beta: | |
name: Beta deployment | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/develop' | |
needs: [ static-analysis, unit-tests ] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Common Steps | |
uses: ./.github/actions/common-steps | |
with: | |
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
- name: Decode keystore | |
uses: timheuer/base64-to-file@784a1a4a994315802b7d8e2084e116e783d157be # pin@v1.2.4 | |
with: | |
fileDir: . | |
fileName: ${{ secrets.SIGNING_FILE }} | |
encodedString: ${{ secrets.SIGNING_FILE_BASE64 }} | |
- name: Bump versionCode | |
uses: chkfung/android-version-actions@fcf89abef1c7afba2083146dcca0c6da4705ba4b # pin@v1.2.3 | |
with: | |
gradlePath: build-logic/katana-convention/src/main/kotlin/dev/alvr/katana/buildlogic/extensions.kt | |
versionCode: ${{ github.run_number }} | |
- name: Build staging APK | |
env: | |
SIGNING_ALIAS: ${{ secrets.SIGNING_ALIAS }} | |
SIGNING_ALIAS_PASS: ${{ secrets.SIGNING_ALIAS_PASS }} | |
SIGNING_FILE: ${{ secrets.SIGNING_FILE }} | |
SIGNING_FILE_PASS: ${{ secrets.SIGNING_FILE_PASS }} | |
SENTRY_PROJECT: ${{ vars.SENTRY_ANDROID_BETA_PROJECT }} | |
SENTRY_ORG: ${{ vars.SENTRY_ORG }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
run: ./gradlew assembleBeta -Pkatana.flavor=beta --no-daemon --stacktrace | |
- name: Publish beta APK to TestApp.io | |
uses: testappio/github-action@57d81be5051e10ea7c07da5730b2eaae1b9b1fa1 # pin@v5 | |
with: | |
api_token: ${{ secrets.TESTAPPIO_API_TOKEN }} | |
app_id: ${{ secrets.TESTAPPIO_APP_ID }} | |
file: ${{ vars.ANDROID_BETA_APK }} | |
git_release_notes: true | |
include_git_commit_id: true | |
notify: true | |
- name: Publish beta APK to AppCenter | |
uses: wzieba/AppCenter-Github-Action@70e33d4842b97b381833ad5c9c93a562b39d5d9f # pin@v1.3.4 | |
with: | |
appName: KatanaApp/Katana-Android | |
token: ${{ secrets.APPCENTER_TOKEN }} | |
group: Testers | |
file: ${{ vars.ANDROID_BETA_APK }} | |
notifyTesters: true | |
gitReleaseNotes: true | |
debug: false | |
- name: Create Sentry release | |
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # pin@v1.7.0 | |
env: | |
SENTRY_PROJECT: ${{ vars.SENTRY_ANDROID_BETA_PROJECT }} | |
SENTRY_ORG: ${{ vars.SENTRY_ORG }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
with: | |
environment: beta | |
version: ${{ github.run_number }} | |
deploy-production: | |
name: Production deployment | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: [ static-analysis, unit-tests ] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Common Steps | |
uses: ./.github/actions/common-steps | |
with: | |
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
- name: Decode keystore | |
uses: timheuer/base64-to-file@784a1a4a994315802b7d8e2084e116e783d157be # pin@v1.2.4 | |
with: | |
fileDir: . | |
fileName: ${{ secrets.SIGNING_FILE }} | |
encodedString: ${{ secrets.SIGNING_FILE_BASE64 }} | |
- name: Build production AAB | |
env: | |
SIGNING_ALIAS: ${{ secrets.SIGNING_ALIAS }} | |
SIGNING_ALIAS_PASS: ${{ secrets.SIGNING_ALIAS_PASS }} | |
SIGNING_FILE: ${{ secrets.SIGNING_FILE }} | |
SIGNING_FILE_PASS: ${{ secrets.SIGNING_FILE_PASS }} | |
SENTRY_PROJECT: ${{ vars.SENTRY_ANDROID_RELEASE_PROJECT }} | |
SENTRY_ORG: ${{ vars.SENTRY_ORG }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
run: ./gradlew assembleRelease bundleRelease -Pkatana.flavor=release --no-daemon --stacktrace | |
- name: Publish production AAB to Google Play | |
uses: r0adkll/upload-google-play@935ef9c68bb393a8e6116b1575626a7f5be3a7fb # pin@v1.1.3 | |
with: | |
serviceAccountJsonPlainText: ${{ secrets.GOOGLE_PLAY_SERVICE_ACCOUNT }} | |
packageName: dev.alvr.katana | |
releaseFiles: app/build/outputs/bundle/release/app-release.aab | |
track: internal | |
status: completed | |
mappingFile: app/build/outputs/mapping/release/mapping.txt | |
- name: Create Sentry release | |
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # pin@v1.7.0 | |
env: | |
SENTRY_PROJECT: ${{ vars.SENTRY_ANDROID_RELEASE_PROJECT }} | |
SENTRY_ORG: ${{ vars.SENTRY_ORG }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
with: | |
environment: production | |
version: ${{ github.ref }} | |
- name: Create Release | |
uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # pin@v2.2.0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.ref_name }} | |
name: Katana ${{ github.ref_name }} | |
files: | | |
${{ vars.ANDROID_RELEASE_APK }} | |
draft: true | |
prerelease: false |