kumi/Android-Password-Store
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

refactor(ci): introduce a composite workflow

Browse source
This commit is contained in:
Harsh Shandilya 2024-04-13 14:45:08 +05:30
parent 13a2da9f33
commit 312f92d21a
12 changed files with 129 additions and 227 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.github/renovate.json5 vendored
View file

@ -5,6 +5,11 @@
"helpers:pinGitHubActionDigests",
],
"branchConcurrentLimit": 15,
"github-actions": {
"fileMatch": [
".github/reusable-workflows/.+\\.ya?ml$",
],
},
"packageRules": [
{
matchDatasources: [

58
.github/reusable-workflows/setup-gradle/action.yml vendored Normal file
View file

@ -0,0 +1,58 @@
name: 'Setup Gradle'
description: 'Checks out the repository and sets up Java and Gradle'
inputs:
token:
description: 'token input for actions/checkout'
required: false
default: ${{ github.token }}
fetch-depth:
description: 'fetch-depth input for actions/checkout'
required: false
default: 1
ref:
description: 'ref input for actions/checkout'
required: false
java-version:
description: 'java-version input for actions/setup-java'
required: false
default: 20
gradle-version:
description: 'gradle-version input for actions/setup-java'
required: false
cache-read-only:
description: 'cache-read-only input for gradle/actions/setup-gradle'
required: false
default: ${{ github.event.repository != null && github.ref_name != github.event.repository.default_branch }}
dependency-graph:
description: 'dependency-graph input for gradle/actions/setup-gradle'
required: false
default: 'disabled'
runs:
using: "composite"
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: ${{ inputs.fetch-depth }}
ref: ${{ inputs.ref }}
token: ${{ inputs.token }}
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: ${{ inputs.java-version }}
- name: Copy CI gradle.properties
shell: bash
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
- name: Setup Gradle
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
with:
add-job-summary: always
cache-read-only: ${{ inputs.cache-read-only }}
dependency-graph: ${{ inputs.dependency-graph }}
gradle-home-cache-cleanup: true
gradle-version: ${{ inputs.gradle-version }}
validate-wrappers: true

17
.github/workflows/codeql_analysis.yml vendored
View file

@ -21,14 +21,8 @@ jobs:
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 20
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
- name: Initialize CodeQL
uses: github/codeql-action/init@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
@ -38,11 +32,8 @@ jobs:
queries: +security-extended
- name: Build project
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
with:
gradle-home-cache-cleanup: true
cache-read-only: true
arguments: assembleNonFreeRelease
shell: bash
run: ./gradlew assembleNonFreeRelease
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10

23
.github/workflows/deploy_github_releases.yml vendored
View file

@ -9,28 +9,18 @@ jobs:
name: Build release binaries
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 20
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
- name: Decrypt secrets
shell: bash
run: scripts/signing-setup.sh "$ENCRYPT_KEY"
env:
ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
- name: Copy CI gradle.properties
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
- name: Build release binaries
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
with:
arguments: :app:assembleFreeRelease :app:assembleNonFreeRelease :app:bundleNonFreeRelease
gradle-home-cache-cleanup: true
shell: bash
run: ./gradlew :app:assembleFreeRelease :app:assembleNonFreeRelease :app:bundleNonFreeRelease
env:
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
@ -103,7 +93,8 @@ jobs:
- name: Get the version
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/}
shell: bash
run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
- name: Upload Non-Free Release Apk
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2

16
.github/workflows/deploy_library_releases.yml vendored
View file

@ -8,20 +8,12 @@ jobs:
publish-release:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 20
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
- name: Upload binaries
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
with:
arguments: --no-configuration-cache :autofill-parser:publishAllPublicationsToMavenCentralRepository
gradle-home-cache-cleanup: true
shell: bash
run: ./gradlew --no-configuration-cache :autofill-parser:publishAllPublicationsToMavenCentralRepository
env:
ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.NEXUS_PUBLISH_USERNAME }}
ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.NEXUS_PUBLISH_PASSWORD }}

24
.github/workflows/deploy_snapshot.yml vendored
View file

@ -18,40 +18,32 @@ jobs:
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, '[ci skip]')"
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 20
dependency-graph: generate-and-submit
- name: Decrypt secrets
shell: bash
run: scripts/signing-setup.sh "$ENCRYPT_KEY"
env:
ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
- name: Copy CI gradle.properties
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
- name: Build release app
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
shell: bash
run: ./gradlew collectFreeReleaseApks collectNonFreeReleaseApks bundleFreeRelease bundleNonFreeRelease -PsentryUploadMappings
env:
SNAPSHOT: "true"
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
with:
arguments: collectFreeReleaseApks collectNonFreeReleaseApks bundleFreeRelease bundleNonFreeRelease -PsentryUploadMappings
gradle-home-cache-cleanup: true
dependency-graph: generate-and-submit
- name: Clean secrets
shell: bash
run: scripts/signing-cleanup.sh
- name: Deploy snapshot
shell: bash
run: scripts/deploy-snapshot.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

14
.github/workflows/draft_new_release.yml vendored
View file

@ -32,26 +32,16 @@ jobs:
echo "PR_BASE=release-${BRANCH_VERSION}" >> $GITHUB_ENV
echo "PR_HEAD=release-prep" >> $GITHUB_ENV
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
with:
ref: ${{ env.CHECKOUT_REF }}
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 20
- name: Update changelog
uses: thomaseizinger/keep-a-changelog-new-release@77ac767b2f7f6edf2ee72ab3364ed26667086f96 # 3.0.0
with:
version: ${{ github.event.milestone.title }}
- name: Setup Gradle caching
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
with:
gradle-home-cache-cleanup: true
- name: Initialize git config and commit changes
shell: bash
run: |

105
.github/workflows/pull_request.yml vendored
View file

@ -15,25 +15,12 @@ jobs:
check-codestyle:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 20
- name: Copy CI gradle.properties
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
- name: Check codestyle
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
with:
arguments: ktfmtCheck
gradle-home-cache-cleanup: true
shell: bash
run: ./gradlew ktfmtCheck
- name: Upload Kotlin build report
if: "${{ always() }}"
@ -45,25 +32,12 @@ jobs:
unit-tests:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 20
- name: Copy CI gradle.properties
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
- name: Run unit tests
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
with:
arguments: test -PslimTests
gradle-home-cache-cleanup: true
shell: bash
run: ./gradlew test -PslimTests
- name: (Fail-only) Upload test report
if: "${{ failure() }}"
@ -82,25 +56,12 @@ jobs:
build-apks:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 20
- name: Copy CI gradle.properties
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
- name: Build debug APKs
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
with:
arguments: assembleFreeDebug assembleNonFreeDebug assembleNonFreeRelease
gradle-home-cache-cleanup: true
shell: bash
run: ./gradlew assembleFreeDebug assembleNonFreeDebug assembleNonFreeRelease
- name: Upload Kotlin build report
if: "${{ always() }}"
@ -112,25 +73,12 @@ jobs:
check-api:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 20
- name: Copy CI gradle.properties
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
- name: Check library API
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
with:
arguments: metalavaCheckCompatibilityRelease
gradle-home-cache-cleanup: true
shell: bash
run: ./gradlew metalavaCheckCompatibilityRelease
- name: Upload Kotlin build report
if: "${{ always() }}"
@ -142,25 +90,12 @@ jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 20
- name: Copy CI gradle.properties
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
- name: Run Lint
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
with:
arguments: lint
gradle-home-cache-cleanup: true
shell: bash
run: ./gradlew lint
- name: Upload Kotlin build report
if: "${{ always() }}"

28
.github/workflows/shadow_job.yml vendored
View file

@ -16,6 +16,7 @@ jobs:
- id: agp-version-finder
uses: usefulness/agp-version-finder-action@59c81bc46c56a1a1255659027ca2db6047154952 # v1
- id: build-agp-matrix
shell: bash
run: echo 'agp-versions=["${{ steps.agp-version-finder.outputs.latest-beta }}","${{ steps.agp-version-finder.outputs.latest-alpha }}"]' >> $GITHUB_OUTPUT
shadow-job:
@ -33,30 +34,19 @@ jobs:
runs-on: ubuntu-latest
name: Run Gradle-${{ matrix.gradle-version }}, AGP-${{ matrix.agp-version }}, Java-${{ matrix.java-version }}
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
with:
fetch-depth: 0
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
cache-read-only: true
gradle-version: ${{ matrix.gradle-version }}
java-version: ${{ matrix.java-version }}
- name: Copy CI gradle.properties
run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
- name: Run checks
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
shell: bash
run: ./gradlew check
env:
DEP_OVERRIDE: true
DEP_OVERRIDE_agp: ${{ matrix.agp-version }}
with:
arguments: check
gradle-version: ${{ matrix.gradle-version }}
gradle-home-cache-cleanup: true
cache-read-only: true
results:
if: ${{ always() }}
@ -67,12 +57,14 @@ jobs:
- name: Report failure to healthchecks.io
# see https://stackoverflow.com/a/67532120/4907315
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
shell: bash
run: curl --retry 3 "https://hc-ping.com/${HC_PING_SLUG}/fail"
env:
HC_PING_SLUG: ${{ secrets.HC_PING_SLUG }}
- name: Report success to healthchecks.io
if: ${{ contains(needs.*.result, 'success') }}
shell: bash
run: curl --retry 3 "https://hc-ping.com/${HC_PING_SLUG}"
env:
HC_PING_SLUG: ${{ secrets.HC_PING_SLUG }}
run: curl --retry 3 "https://hc-ping.com/${HC_PING_SLUG}"

16
.github/workflows/sync_crowdin.yml vendored
View file

@ -8,20 +8,12 @@ jobs:
sync-crowdin:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 20
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
- name: Download new translations from Crowdin
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
with:
arguments: --no-configuration-cache crowdin
gradle-home-cache-cleanup: true
shell: bash
run: ./gradlew --no-configuration-cache crowdin
env:
CROWDIN_LOGIN: ${{ secrets.CROWDIN_LOGIN }}
CROWDIN_PROJECT_KEY: ${{ secrets.CROWDIN_PROJECT_KEY }}

23
.github/workflows/update_publicsuffix_data.yml vendored
View file

@ -8,30 +8,21 @@ jobs:
update-publicsuffix-data:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: temurin
java-version: 20
- name: Setup build environment
uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
- name: Download new publicsuffix data
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
with:
arguments: updatePSL
gradle-home-cache-cleanup: true
shell: bash
run: ./gradlew updatePSL
- name: Check if PR is required
shell: bash
run: if [[ $(git status -s) != '' ]]; then echo "UPDATED=true" >> $GITHUB_ENV; fi
- name: Verify update publicsuffixes file
uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
if: "${{ env.UPDATED == 'true' }}"
with:
arguments: :autofill-parser:test -PslimTests
gradle-home-cache-cleanup: true
shell: bash
run: ./gradlew :autofill-parser:test -PslimTests
- name: Create Pull Request
id: cpr

27
.github/workflows/validate_gradle_wrapper.yml vendored
View file

@ -1,27 +0,0 @@
name: Validate Gradle Wrapper
on:
push:
branches:
- develop
paths:
- ".github/workflows/validate_gradle_wrapper.yml"
- "gradle/**"
- "gradlew"
- "gradlew.bat"
pull_request:
paths:
- ".github/workflows/validate_gradle_wrapper.yml"
- "gradle/**"
- "gradlew"
- "gradlew.bat"
jobs:
validation:
name: Wrapper validation
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Validate Gradle Wrapper
uses: gradle/wrapper-validation-action@460a3ca55fc5d559238a0efc7fa9f7465df8585d # v3.3.0