-
Notifications
You must be signed in to change notification settings - Fork 42
139 lines (113 loc) · 4.04 KB
/
dependabot_ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Dependabot check CI
on:
pull_request_target:
branches:
- master
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
environment: staging
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: Checkout the code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Load keys from secrets
env:
API_KEY: ${{ secrets.API_KEY }}
BASE_URL: ${{ secrets.BASE_URL }}
MAPS_API_KEY: ${{ secrets.MAPS_API_KEY }}
run: printf "API_KEY=\"$API_KEY\"\nBASE_URL=\"$BASE_URL\"\nMAPS_API_KEY=\"$MAPS_API_KEY\"" > ./local.properties
- name: Setup JDK 17
uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: '17'
- name: Setup Android SDK
uses: android-actions/setup-android@v3
- name: Caching gradle
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-${{ hashFiles('**/*.gradle*') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}
- name: Copy gradle properties file
run: mkdir -p ~/.gradle ;
cp .github/gradle/ci-gradle.properties ~/.gradle/gradle.properties
- name: Move google-services.json to App folder
env:
GOOGLE_SERVICES: ${{ secrets.GOOGLE_SERVICE }}
run: touch ./app/google-services.json ;
echo "$GOOGLE_SERVICES" | base64 --decode > ./app/google-services.json
- name: Build the app
run: ./gradlew assembleDebug
- name: Upload apk
uses: actions/upload-artifact@v3
with:
name: debug apk
path: app/build/outputs/apk/debug/
test:
runs-on: ubuntu-latest
needs: build
environment: staging
if: ${{ github.actor == 'dependabot[bot]' }}
permissions:
security-events: write
steps:
- name: Checkout the code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Load keys from secrets
env:
API_KEY: ${{ secrets.API_KEY }}
BASE_URL: ${{ secrets.BASE_URL }}
MAPS_API_KEY: ${{ secrets.MAPS_API_KEY }}
run: printf "API_KEY=\"$API_KEY\"\nBASE_URL=\"$BASE_URL\"\nMAPS_API_KEY=\"$MAPS_API_KEY\"" > ./local.properties
- name: Setup JDK 17
uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: '17'
- name: Setup Android SDK
uses: android-actions/setup-android@v3
- name: Caching gradle
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-${{ hashFiles('**/*.gradle*') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}
- name: Copy gradle properties file
run: mkdir -p ~/.gradle ;
cp .github/gradle/ci-gradle.properties ~/.gradle/gradle.properties
- name: Move google-services.json to App folder
env:
GOOGLE_SERVICES: ${{ secrets.GOOGLE_SERVICE }}
run: touch ./app/google-services.json ;
echo "$GOOGLE_SERVICES" | base64 --decode > app/google-services.json
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
queries: security-extended
- name: Run unit test
run: ./gradlew test --stacktrace
- name: Run detekt
run: ./gradlew detekt
- name: Upload reports
uses: actions/upload-artifact@v4
with:
name: Test-Reports
path: reports/detekt.html
if: always()
- name: Upload SARIF to Github using the upload-sarif action
uses: github/codeql-action/upload-sarif@v2
if: success() || failure()
with:
sarif_file: reports/detekt.sarif