Skip to content

Commit

Permalink
Merge branch 'main' into update-okhttp
Browse files Browse the repository at this point in the history
  • Loading branch information
poovamraj authored Sep 25, 2023
2 parents 14a7e6d + 92c2f13 commit 8524e83
Show file tree
Hide file tree
Showing 8 changed files with 238 additions and 20 deletions.
34 changes: 34 additions & 0 deletions .github/actions/setup/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Configure CI
description: Performs the initial configuration of the CI environment

inputs:
java:
description: The Java version to use
required: false
default: 8.0.382-tem
gradle:
description: The Gradle version to use
required: false
default: 6.7.1
kotlin:
description: The Kotlin version to use
required: false
default: 1.6.21

runs:
using: composite

steps:
- run: |
curl -s "https://get.sdkman.io" | bash
source "/home/runner/.sdkman/bin/sdkman-init.sh"
sdk list java
sdk install java ${{ inputs.java }} && sdk default java ${{ inputs.java }}
sdk install gradle ${{ inputs.gradle }} && sdk default gradle ${{ inputs.gradle }}
sdk install kotlin ${{ inputs.kotlin }} && sdk default kotlin ${{ inputs.kotlin }}
shell: bash
- run: ./gradlew androidDependencies
shell: bash

- uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # [email protected]
6 changes: 6 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
version: 2
updates:
- package-ecosystem: 'github-actions'
directory: '/'
schedule:
interval: 'daily'
53 changes: 53 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: CodeQL

on:
merge_group:
pull_request:
types:
- opened
- synchronize
push:
branches:
- main
schedule:
- cron: "37 10 * * 2"

permissions:
actions: read
contents: read
security-events: write

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

jobs:
analyze:
name: Check for Vulnerabilities
runs-on: ubuntu-latest

strategy:
fail-fast: false
matrix:
language: [java]

steps:
- if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.

- name: Checkout
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
queries: +security-and-quality

- name: Autobuild
uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{ matrix.language }}"
10 changes: 0 additions & 10 deletions .github/workflows/gradle-wrapper-validation.yml

This file was deleted.

32 changes: 32 additions & 0 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Publish Release

on:
workflow_dispatch:
inputs:
branch:
description: The branch to release from.
required: true
default: main

permissions:
contents: read

jobs:
publish:
name: Publish to Maven Central
runs-on: ubuntu-latest
environment: release

steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.inputs.branch }}

- uses: ./.github/actions/setup

- run: ./gradlew clean assemble -PisSnapshot=false

- run: ./gradlew exportVersion -PisSnapshot=false

- run: ./gradlew publishAndroidLibraryPublicationToMavenRepository -PossrhUsername="${{ secrets.OSSR_USERNAME }}" -PossrhPassword="${{ secrets.OSSR_PASSWORD }}" -PsigningKey="${{ secrets.SIGNING_KEY }}" -PsigningPassword="${{ secrets.SIGNING_PASSWORD }}" -PisSnapshot=false"
44 changes: 34 additions & 10 deletions .github/workflows/semgrep.yml
Original file line number Diff line number Diff line change
@@ -1,24 +1,48 @@

name: Semgrep

on:
pull_request: {}

merge_group:
pull_request_target:
types:
- opened
- synchronize
push:
branches: ["master", "main"]

branches:
- main
schedule:
- cron: '30 0 1,15 * *'
- cron: "30 0 1,15 * *"

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

jobs:
semgrep:
name: Scan
authorize:
name: Authorize
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true

run:
needs: authorize # Require approval before running on forked pull requests

name: Check for Vulnerabilities
runs-on: ubuntu-latest

container:
image: returntocorp/semgrep
if: (github.actor != 'dependabot[bot]')

steps:
- uses: actions/checkout@v3
- if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.

- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}

- run: semgrep ci
env:
Expand Down
47 changes: 47 additions & 0 deletions .github/workflows/snyk.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: Snyk

on:
merge_group:
workflow_dispatch:
pull_request_target:
types:
- opened
- synchronize
push:
branches:
- main
schedule:
- cron: "30 0 1,15 * *"

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

jobs:
authorize:
name: Authorize
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true

check:
needs: authorize

name: Check for Vulnerabilities
runs-on: ubuntu-latest

steps:
- if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.

- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}

- uses: snyk/actions/php@b98d498629f1c368650224d6d212bf7dfa89e4bf # [email protected]
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
32 changes: 32 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Build and Test

on:
merge_group:
workflow_dispatch:
pull_request:
branches:
- main
push:
branches:
- main

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

jobs:
unit:
name: Run Unit Tests
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4

- uses: ./.github/actions/setup

- run: ./gradlew clean test jacocoTestReport lint --continue --console=plain --max-workers=1 --no-daemon

- uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # [email protected]

0 comments on commit 8524e83

Please sign in to comment.