diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml deleted file mode 100644 index ed48a00a4..000000000 --- a/.github/workflows/check.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: Quality check - -on: - push: - branches: - - develop - pull_request: - types: [ opened, synchronize, reopened ] - -permissions: - contents: read - -jobs: - build: - name: Check code quality. - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 - with: - egress-policy: audit - - - name: Clone the repository. - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Get packages for the Flutter project. - run: scripts/pub_get_all.sh - - - name: Update the flutter version file. - run: scripts/update_flutter_version.sh - - - name: Static analysis. - run: ./flutterw analyze - - - name: Unit tests. - run: ./flutterw test diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 3bd374f05..000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: "CodeQL Advanced" - -on: - push: - branches: [ "develop", "main" ] - pull_request: - branches: [ "develop", "main" ] - schedule: - - cron: '17 8 * * 3' - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analyze: - name: Analyze (${{ matrix.language }}) - runs-on: ubuntu-latest - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - strategy: - fail-fast: false - matrix: - include: - - language: java-kotlin - build-mode: manual - # Use 'java-kotlin' to analyze code written in Java, Kotlin or both - # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, - # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. - # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how - # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages - steps: - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Get packages for the Flutter project. - run: scripts/pub_get_all.sh - - - name: Update the flutter version file. - run: scripts/update_flutter_version.sh - - - name: Static analysis. - run: ./flutterw analyze - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - - # # ℹī¸ Command-line programs to run using the OS shell. - # # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # - if: matrix.build-mode == 'manual' - # shell: bash - # run: | - # echo 'If you are using a "manual" build mode for one or more of the' \ - # 'languages you are analyzing, replace this with the commands to build' \ - # 'your code, for example:' - # echo ' make bootstrap' - # echo ' make release' - # exit 1 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" diff --git a/.github/workflows/quality-check.yml b/.github/workflows/quality-check.yml new file mode 100644 index 000000000..cbed9e811 --- /dev/null +++ b/.github/workflows/quality-check.yml @@ -0,0 +1,89 @@ +name: Quality check + +on: + push: + branches: [ "develop", "main" ] + pull_request: + branches: [ "develop", "main" ] + types: [ opened, synchronize, reopened ] + schedule: + - cron: '17 8 * * 3' + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analyze_flutter: + name: Flutter static analysis and tests. + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + + - name: Checkout repository. + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Get packages for the Flutter project. + run: scripts/pub_get_all.sh + + - name: Static analysis. + run: ./flutterw analyze + + - name: Unit tests. + run: ./flutterw test + + analyze_codeql: + name: Analyze (${{ matrix.language }}) with CodeQL. + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + strategy: + fail-fast: false + matrix: + include: + - language: java-kotlin + build-mode: manual + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + + # Building relies on the Android Gradle plugin, + # which requires a modern Java version (not the default one). + - name: Set up JDK for Android Gradle plugin. + uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 + with: + distribution: 'temurin' + java-version: '21' + + - name: Checkout repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Get packages for the Flutter project. + run: scripts/pub_get_all.sh + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - if: matrix.build-mode == 'manual' + shell: bash + run: | + scripts/apply_flavor_play.sh + ./flutterw build apk -t lib/main_play.dart --flavor play + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2dc59b967..32784d0f0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,12 +20,15 @@ jobs: with: egress-policy: audit - - uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 + # Building relies on the Android Gradle plugin, + # which requires a modern Java version (not the default one). + - name: Set up JDK for Android Gradle plugin. + uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 with: - distribution: 'zulu' - java-version: '17' + distribution: 'temurin' + java-version: '21' - - name: Clone the repository. + - name: Checkout repository. uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Get packages for the Flutter project. @@ -34,12 +37,6 @@ jobs: - name: Update the flutter version file. run: scripts/update_flutter_version.sh - - name: Static analysis. - run: ./flutterw analyze - - - name: Unit tests. - run: ./flutterw test - - name: Build signed artifacts. # `KEY_JKS` should contain the result of: # gpg -c --armor keystore.jks @@ -98,7 +95,8 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Checkout repository. + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Get appbundle from artifacts. uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8