chore(deps): update github/codeql-action action to v3.28.4 #3664
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Katana | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - develop | |
| tags: | |
| - v* | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| TZ: UTC | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| cancel-stale-jobs: | |
| name: Cancel stale jobs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Cancel Stale Jobs | |
| uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # pin@0.12.1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| validation: | |
| name: Validation | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Validate Gradle wrapper | |
| uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # pin@v4.2.2 | |
| assemble: | |
| name: Assembling | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Common Steps | |
| uses: ./.github/actions/common-steps | |
| with: | |
| gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
| - name: Assemble Katana | |
| run: ./gradlew :app:assembleDebug --no-daemon --stacktrace | |
| - name: Upload debug artifacts | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # pin@v4.5.0 | |
| with: | |
| name: Katana v${{ github.run_number }} | |
| path: | | |
| ${{ vars.ANDROID_DEBUG_APK }} | |
| retention-days: 7 | |
| - name: Upload compose reports artifact | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # pin@v4.5.0 | |
| if: always() | |
| with: | |
| name: compose-reports | |
| path: | | |
| **/build/compose-metrics | |
| **/build/compose-reports | |
| retention-days: 7 | |
| static-analysis: | |
| name: Static analysis | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Common Steps | |
| uses: ./.github/actions/common-steps | |
| with: | |
| gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
| - name: Run detekt | |
| run: ./gradlew detektAll lintDebug --no-daemon --stacktrace | |
| - name: Upload static reports artifact | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # pin@v4.5.0 | |
| with: | |
| name: static-report | |
| path: | | |
| build/reports/detekt/detekt.xml | |
| **/build/reports/lint-results-debug.xml | |
| retention-days: 1 | |
| - name: Analyze detekt report | |
| uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # pin@v3.28.4 | |
| with: | |
| sarif_file: build/reports/detekt/detekt.sarif | |
| checkout_path: ${{ github.workspace }} | |
| unit-tests: | |
| name: Unit testing | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Common Steps | |
| uses: ./.github/actions/common-steps | |
| with: | |
| gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
| - name: Run unit tests | |
| run: ./gradlew :koverXmlReport :koverVerify --no-daemon --stacktrace | |
| - name: Upload tests reports artifact | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # pin@v4.5.0 | |
| with: | |
| name: tests-reports | |
| path: | | |
| **/build/reports/tests/jvmTest | |
| **/build/reports/tests/testDebugUnitTest | |
| retention-days: 7 | |
| - name: Upload report to Codecov | |
| uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # pin@v5.1.2 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: build/reports/kover/report.xml | |
| flags: unittests | |
| verbose: true | |
| deploy-beta: | |
| name: Beta deployment | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/develop' | |
| needs: [ static-analysis, unit-tests ] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Common Steps | |
| uses: ./.github/actions/common-steps | |
| with: | |
| gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
| - name: Decode keystore | |
| uses: timheuer/base64-to-file@784a1a4a994315802b7d8e2084e116e783d157be # pin@v1.2.4 | |
| with: | |
| fileDir: . | |
| fileName: ${{ secrets.SIGNING_FILE }} | |
| encodedString: ${{ secrets.SIGNING_FILE_BASE64 }} | |
| - name: Bump versionCode | |
| uses: chkfung/android-version-actions@fcf89abef1c7afba2083146dcca0c6da4705ba4b # pin@v1.2.3 | |
| with: | |
| gradlePath: build-logic/katana-convention/src/main/kotlin/dev/alvr/katana/buildlogic/extensions.kt | |
| versionCode: ${{ github.run_number }} | |
| - name: Build staging APK | |
| env: | |
| SIGNING_ALIAS: ${{ secrets.SIGNING_ALIAS }} | |
| SIGNING_ALIAS_PASS: ${{ secrets.SIGNING_ALIAS_PASS }} | |
| SIGNING_FILE: ${{ secrets.SIGNING_FILE }} | |
| SIGNING_FILE_PASS: ${{ secrets.SIGNING_FILE_PASS }} | |
| SENTRY_PROJECT: ${{ vars.SENTRY_ANDROID_BETA_PROJECT }} | |
| SENTRY_ORG: ${{ vars.SENTRY_ORG }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| run: ./gradlew :app:assembleBeta -Pkatana.flavor=beta --no-daemon --stacktrace | |
| - name: Publish beta APK to TestApp.io | |
| uses: testappio/github-action@57d81be5051e10ea7c07da5730b2eaae1b9b1fa1 # pin@v5 | |
| with: | |
| api_token: ${{ secrets.TESTAPPIO_API_TOKEN }} | |
| app_id: ${{ secrets.TESTAPPIO_APP_ID }} | |
| file: ${{ vars.ANDROID_BETA_APK }} | |
| git_release_notes: true | |
| include_git_commit_id: true | |
| notify: true | |
| - name: Publish beta APK to AppCenter | |
| uses: wzieba/AppCenter-Github-Action@70e33d4842b97b381833ad5c9c93a562b39d5d9f # pin@v1.3.4 | |
| with: | |
| appName: KatanaApp/Katana-Android | |
| token: ${{ secrets.APPCENTER_TOKEN }} | |
| group: Testers | |
| file: ${{ vars.ANDROID_BETA_APK }} | |
| notifyTesters: true | |
| gitReleaseNotes: true | |
| debug: false | |
| - name: Create Sentry release | |
| uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # pin@v1.7.0 | |
| env: | |
| SENTRY_PROJECT: ${{ vars.SENTRY_ANDROID_BETA_PROJECT }} | |
| SENTRY_ORG: ${{ vars.SENTRY_ORG }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| with: | |
| environment: beta | |
| version: ${{ github.run_number }} | |
| deploy-production: | |
| name: Production deployment | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: [ static-analysis, unit-tests ] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Common Steps | |
| uses: ./.github/actions/common-steps | |
| with: | |
| gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
| - name: Decode keystore | |
| uses: timheuer/base64-to-file@784a1a4a994315802b7d8e2084e116e783d157be # pin@v1.2.4 | |
| with: | |
| fileDir: . | |
| fileName: ${{ secrets.SIGNING_FILE }} | |
| encodedString: ${{ secrets.SIGNING_FILE_BASE64 }} | |
| - name: Build production AAB | |
| env: | |
| SIGNING_ALIAS: ${{ secrets.SIGNING_ALIAS }} | |
| SIGNING_ALIAS_PASS: ${{ secrets.SIGNING_ALIAS_PASS }} | |
| SIGNING_FILE: ${{ secrets.SIGNING_FILE }} | |
| SIGNING_FILE_PASS: ${{ secrets.SIGNING_FILE_PASS }} | |
| SENTRY_PROJECT: ${{ vars.SENTRY_ANDROID_RELEASE_PROJECT }} | |
| SENTRY_ORG: ${{ vars.SENTRY_ORG }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| run: ./gradlew :app:assembleRelease :app:bundleRelease -Pkatana.flavor=release --no-daemon --stacktrace | |
| - name: Publish production AAB to Google Play | |
| uses: r0adkll/upload-google-play@935ef9c68bb393a8e6116b1575626a7f5be3a7fb # pin@v1.1.3 | |
| with: | |
| serviceAccountJsonPlainText: ${{ secrets.GOOGLE_PLAY_SERVICE_ACCOUNT }} | |
| packageName: dev.alvr.katana | |
| releaseFiles: app/build/outputs/bundle/release/app-release.aab | |
| track: internal | |
| status: completed | |
| mappingFile: app/build/outputs/mapping/release/mapping.txt | |
| - name: Create Sentry release | |
| uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # pin@v1.7.0 | |
| env: | |
| SENTRY_PROJECT: ${{ vars.SENTRY_ANDROID_RELEASE_PROJECT }} | |
| SENTRY_ORG: ${{ vars.SENTRY_ORG }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| with: | |
| environment: production | |
| version: ${{ github.ref }} | |
| - name: Create Release | |
| uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # pin@v2.2.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ github.ref_name }} | |
| name: Katana ${{ github.ref_name }} | |
| files: | | |
| ${{ vars.ANDROID_RELEASE_APK }} | |
| draft: true | |
| prerelease: false |