name: Quality check on: push: branches: [ "develop", "main" ] pull_request: branches: [ "develop", "main" ] types: [ opened, synchronize, reopened ] schedule: - cron: '17 8 * * 3' # Declare default permissions as read only. permissions: read-all jobs: analyze_flutter: name: Flutter analysis runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 with: egress-policy: audit - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get Flutter packages run: ./flutterw pub get - name: Static analysis. run: ./flutterw analyze - name: Unit tests. run: ./flutterw test analyze_codeql: name: CodeQL analysis (${{ matrix.language }}) runs-on: ubuntu-latest permissions: # required for all workflows security-events: write # required to fetch internal or private CodeQL packs packages: read strategy: fail-fast: false matrix: include: - language: java-kotlin build-mode: manual steps: - name: Harden Runner uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 with: egress-policy: audit # Building relies on the Android Gradle plugin, # which requires a modern Java version (not the default one). - name: Set up JDK for Android Gradle plugin uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 with: distribution: 'temurin' java-version: '21' - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - if: matrix.build-mode == 'manual' shell: bash # build in profile mode, instead of release, # so that setting up signing environment variables is not required run: | scripts/apply_flavor_play.sh ./flutterw build apk --profile -t lib/main_play.dart --flavor play - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 with: category: "/language:${{matrix.language}}"