Update check.yml, codeql.yml, and 2 more files...

.github/workflows/check.yml

@@ -1,36 +0,0 @@
-name: Quality check
-
-on:
-  push:
-    branches:
-      - develop
-  pull_request:
-    types: [ opened, synchronize, reopened ]
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    name: Check code quality.
-    runs-on: ubuntu-latest
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
-        with:
-          egress-policy: audit
-
-      - name: Clone the repository.
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-
-      - name: Get packages for the Flutter project.
-        run: scripts/pub_get_all.sh
-
-      - name: Update the flutter version file.
-        run: scripts/update_flutter_version.sh
-
-      - name: Static analysis.
-        run: ./flutterw analyze
-
-      - name: Unit tests.
-        run: ./flutterw test

.github/workflows/codeql.yml

@@ -1,71 +0,0 @@
-name: "CodeQL Advanced"
-
-on:
-  push:
-    branches: [ "develop", "main" ]
-  pull_request:
-    branches: [ "develop", "main" ]
-  schedule:
-    - cron: '17 8 * * 3'
-
-# Declare default permissions as read only.
-permissions: read-all
-
-jobs:
-  analyze:
-    name: Analyze (${{ matrix.language }})
-    runs-on: ubuntu-latest
-    permissions:
-      # required for all workflows
-      security-events: write
-
-      # required to fetch internal or private CodeQL packs
-      packages: read
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-        - language: java-kotlin
-          build-mode: manual
-        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
-        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
-        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
-        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
-        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-
-    - name: Get packages for the Flutter project.
-      run: scripts/pub_get_all.sh
-
-    - name: Update the flutter version file.
-      run: scripts/update_flutter_version.sh
-
-    - name: Static analysis.
-      run: ./flutterw analyze
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        build-mode: ${{ matrix.build-mode }}
-
-    # # ℹ️ Command-line programs to run using the OS shell.
-    # # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-    # - if: matrix.build-mode == 'manual'
-    #   shell: bash
-    #   run: |
-    #     echo 'If you are using a "manual" build mode for one or more of the' \
-    #       'languages you are analyzing, replace this with the commands to build' \
-    #       'your code, for example:'
-    #     echo '  make bootstrap'
-    #     echo '  make release'
-    #     exit 1
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"

.github/workflows/quality-check.yml

@@ -0,0 +1,89 @@
+name: Quality check
+
+on:
+  push:
+    branches: [ "develop", "main" ]
+  pull_request:
+    branches: [ "develop", "main" ]
+    types: [ opened, synchronize, reopened ]
+  schedule:
+    - cron: '17 8 * * 3'
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analyze_flutter:
+    name: Flutter static analysis and tests.
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository.
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Get packages for the Flutter project.
+        run: scripts/pub_get_all.sh
+
+      - name: Static analysis.
+        run: ./flutterw analyze
+
+      - name: Unit tests.
+        run: ./flutterw test
+
+  analyze_codeql:
+    name: Analyze (${{ matrix.language }}) with CodeQL.
+    runs-on: ubuntu-latest
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: java-kotlin
+            build-mode: manual
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
+
+      # Building relies on the Android Gradle plugin,
+      # which requires a modern Java version (not the default one).
+      - name: Set up JDK for Android Gradle plugin.
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Get packages for the Flutter project.
+        run: scripts/pub_get_all.sh
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+
+      - if: matrix.build-mode == 'manual'
+        shell: bash
+        run: |
+          scripts/apply_flavor_play.sh
+          ./flutterw build apk -t lib/main_play.dart --flavor play
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/release.yml

@@ -20,12 +20,15 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+      # Building relies on the Android Gradle plugin,
+      # which requires a modern Java version (not the default one).
+      - name: Set up JDK for Android Gradle plugin.
+        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
         with:
-          distribution: 'zulu'
-          java-version: '17'
+          distribution: 'temurin'
+          java-version: '21'
 
-      - name: Clone the repository.
+      - name: Checkout repository.
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Get packages for the Flutter project.
@@ -34,12 +37,6 @@ jobs:
       - name: Update the flutter version file.
         run: scripts/update_flutter_version.sh
 
-      - name: Static analysis.
-        run: ./flutterw analyze
-
-      - name: Unit tests.
-        run: ./flutterw test
-
       - name: Build signed artifacts.
         # `KEY_JKS` should contain the result of:
         # gpg -c --armor keystore.jks
@@ -98,7 +95,8 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Checkout repository.
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Get appbundle from artifacts.
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8