Skip to content

Enable the secure flags only when it is not a debug build #265

Enable the secure flags only when it is not a debug build

Enable the secure flags only when it is not a debug build #265

name: Continuous Delivery Pipeline
on:
push:
branches:
- main
- development
pull_request:
types: [opened, synchronize, reopened, edited]
jobs:
spotless:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: '0'
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'adopt'
java-version: 17
- name: Make gradlew executable
run: chmod +x ./gradlew
- name: Cache between builds
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Run spotless
run: |
./gradlew --console=plain spotlessCheck
detekt:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: '0'
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'adopt'
java-version: 17
- name: Make gradlew executable
run: chmod +x ./gradlew
- name: Cache between builds
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Run detekt
run: |
./gradlew --console=plain detekt
- name: Upload detekt reports
uses: actions/upload-artifact@v3
with:
name: detekt
path: app/build/reports/detekt/
lint:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: '0'
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'adopt'
java-version: 17
- name: Cache between builds
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Run lint
run: |
./gradlew --console=plain lint
- name: Upload lint reports
uses: actions/upload-artifact@v3
with:
name: lint
path: |
app/build/reports/lint*
domain/build/reports/lint*
data/build/reports/lint*
unit_tests:
needs: [ detekt, lint ]
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: '0'
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'adopt'
java-version: 17
- name: Cache between builds
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Decode Android Keystore
id: decode_keystore
uses: timheuer/base64-to-file@v1.2
with:
fileName: 'android_release.keystore'
encodedString: ${{ secrets.ANDROID_KEYSTORE }}
- name: Decode Gradle Play Publisher Credentials
id: decode_play_store_credentials
uses: timheuer/base64-to-file@v1.2
with:
fileName: 'gradle_playstore_publisher_credentials.json'
fileDir: './'
encodedString: ${{ secrets.PLAYSTORE_CREDENTIALS }}
- name: Run debug unit tests
run: |
./gradlew --console=plain koverMergedXmlReport --stacktrace
- name: Upload test reports
if: always()
uses: actions/upload-artifact@v3
with:
name: tests
path: build/reports
- name: Add coverage report to PR
uses: mi-kas/kover-report@v1
with:
path: ${{ github.workspace }}/build/reports/kover/result.xml
token: ${{ secrets.GITHUB_TOKEN }}
title: App Coverage
update-comment: true
min-coverage-overall: 20
min-coverage-changed-files: 50
android_tests:
name: Tests on Android (API level ${{ matrix.api-level }})
needs: [ detekt, lint ]
runs-on: macos-latest
strategy:
fail-fast: false
matrix:
api-level: [ 26, 29 ]
timeout-minutes: 30
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: '0'
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'adopt'
java-version: 17
- name: Cache between builds
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: AVD cache
uses: actions/cache@v3
id: avd-cache
with:
path: |
~/.android/avd/*
~/.android/adb*
key: avd-${{ matrix.api-level }}
- name: create AVD and generate snapshot for caching
if: steps.avd-cache.outputs.cache-hit != 'true'
uses: reactivecircus/android-emulator-runner@v2
with:
api-level: ${{ matrix.api-level }}
arch: x86_64
target: ${{ matrix.api-level >= 30 && 'google_apis' || 'default' }}
force-avd-creation: false
emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
disable-animations: false
script: echo "Generated AVD snapshot for caching."
- name: run tests
uses: reactivecircus/android-emulator-runner@v2
with:
api-level: ${{ matrix.api-level }}
arch: x86_64
target: ${{ matrix.api-level >= 30 && 'google_apis' || 'default' }}
force-avd-creation: false
emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
disable-animations: true
script: ./gradlew --console=plain connectedAndroidTest --stacktrace
- name: Upload artifact
if: always()
uses: actions/upload-artifact@v3
with:
name: androidTests
path: app/build/reports/androidTests
# upload an android bundle to google play store into the internal test track
deployment:
needs: [ unit_tests, android_tests ]
if: github.ref == 'refs/heads/development'
runs-on: macos-latest
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: '0'
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'adopt'
java-version: 17
- name: Cache between builds
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Decode Android Keystore
id: decode_keystore
uses: timheuer/base64-to-file@v1.2
with:
fileName: 'android_release.keystore'
encodedString: ${{ secrets.ANDROID_KEYSTORE }}
- name: Decode Gradle Play Publisher Credentials
id: decode_play_store_credentials
uses: timheuer/base64-to-file@v1.2
with:
fileName: 'gradle_playstore_publisher_credentials.json'
fileDir: './'
encodedString: ${{ secrets.PLAYSTORE_CREDENTIALS }}
- name: Set versionCode to git count
run: |
export versionCode=$(git rev-list --first-parent --count HEAD)
sed -i -d "s/versionCode = 9999/versionCode = $versionCode/g" app/build.gradle.kts
- name: Build release bundle
run: |
./gradlew --console=plain -PreleaseKeystore=${{ steps.decode_keystore.outputs.filePath }} -PreleaseStorePassword=${{ secrets.ANDROID_KEYSTORE_PASSWORD }} -PreleaseKeyAlias=${{ secrets.ANDROID_KEYSTORE_KEY_ALIAS }} -PreleaseKeyPassword=${{ secrets.ANDROID_KEYSTORE_KEY_PASSWORD }} app:bundle app:assemble
- name: Publish release bundle
run: fastlane android deploy --verbose
env:
KEYSTORE_FILE: ${{ steps.decode_keystore.outputs.filePath }}
STORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
KEY_ALIAS: ${{ secrets.ANDROID_KEYSTORE_KEY_ALIAS }}
KEY_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_KEY_PASSWORD }}
ANDROID_JSON_KEY_FILE: './gradle_playstore_publisher_credentials.json'
- name: Upload build artifacts
uses: actions/upload-artifact@v3
with:
name: assets
path: |
${{ github.workspace }}/app/build/outputs/bundle/release
- name: Release
uses: softprops/action-gh-release@v1
with:
files: ${{ github.workspace }}/app/build/outputs/apk/release