-
Notifications
You must be signed in to change notification settings - Fork 144
134 lines (118 loc) · 5.13 KB
/
sormas_app_ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
---
# This workflow will test the sormas-app project with Gradle and running the AVD emulator
# For more information see:
# https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
# and https://github.com/ReactiveCircus/android-emulator-runner
name: Java CI with Gradle
env:
JAVA: 17
PRIVILEGED_RUN: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/development')
|| github.event.pull_request.head.repo.full_name == github.repository }}
on:
push:
branches: [ development, master, hotfix* ]
paths:
- 'sormas-app/**'
- 'sormas-api/**'
pull_request:
branches: [ development, hotfix* ]
paths:
- 'sormas-app/**'
- 'sormas-api/**'
jobs:
test:
name: android app test
runs-on: macos-latest
strategy:
matrix:
# Even though we are using macos machines which should be faster thanks to hardware accelerations
# (explanation here https://github.com/ReactiveCircus/android-emulator-runner/issues/46)
# The memory footprint of newer android versions (>= 29) and the limitations of the GitHub provided machines
# is usually resulting in timeout when starting the emulator
api-level: [26, 27, 28]
steps:
- name: Checkout repository (with token)
# Check if PR results from the repository: if yes, we have access to the secrets.
# The token is only needed for privileged actions from within the repo, so no need
# to make it available on 3rd party PRs
if: ${{ fromJSON(env.PRIVILEGED_RUN) }}
uses: actions/checkout@v3
with:
token: ${{ secrets.SORMAS_VITAGROUP_CI_TOKEN }}
- name: Checkout repository (without token)
# Check if PR results from a fork: if yes, we cannot access the token.
# The token is only needed for privileged actions from within the repo, so no need
# to make it available on 3rd party PRs
if: ${{ !fromJSON(env.PRIVILEGED_RUN) }}
uses: actions/checkout@v3
- name: Set up JDK ${{ env.JAVA }}
uses: actions/setup-java@v3
with:
java-version: ${{ env.JAVA }}
distribution: 'zulu'
- name: Cache Maven packages
# Check if PR results from the repository: if yes, it is safe to cache dependencies.
# This is to keep us safe from cache poisoning through 3rd party PRs.
if: ${{ fromJSON(env.PRIVILEGED_RUN) }}
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-java-${{ env.JAVA }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-java-${{ env.JAVA }}-m2
- name: Run mvn install
working-directory: ./sormas-base
run: mvn install -pl :sormas-api -am -DskipTests=true
- name: Cache Gradle packages
uses: actions/cache@v3
# Check if PR results from the repository: if yes, it is safe to cache dependencies.
# This is to keep us safe from cache poisoning through 3rd party PRs.
if: ${{ fromJSON(env.PRIVILEGED_RUN) }}
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Run unit tests
working-directory: ./sormas-app
run: ./gradlew :app:clean :app:assembleDebug :app:test
- name: AVD cache
# Check if PR results from the repository: if yes, it is safe to cache dependencies.
# This is to keep us safe from cache poisoning through 3rd party PRs.
if: ${{ fromJSON(env.PRIVILEGED_RUN) }}
uses: actions/cache@v3
id: avd-cache
with:
path: |
~/.android/avd/*
~/.android/adb*
key: avd-${{ matrix.api-level }}
- name: Create AVD and generate snapshot for caching
if: steps.avd-cache.outputs.cache-hit != 'true'
uses: reactivecircus/android-emulator-runner@v2
with:
api-level: ${{ matrix.api-level }}
force-avd-creation: false
emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
disable-animations: false
script: echo "Generated AVD snapshot for caching."
- name: Run integration tests
uses: reactivecircus/android-emulator-runner@v2
with:
api-level: ${{ matrix.api-level }}
force-avd-creation: false
emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
disable-animations: true
working-directory: ./sormas-app
script: ./gradlew connectedAndroidTest
- name: mobsfscan
uses: MobSF/[email protected]
with:
args: '. --sarif --output mobsf-results.sarif || true'
- name: Upload mobsfscan report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'mobsf-results.sarif'
# needed as codeQL also performs an upload, and they clash otherwise
category: 'code-scanning/mobsfscan'