Implements core GHA logic

dotanuki-labs · Sep 22, 2024 · be1b401 · be1b401
1 parent 7e4a74b
commit be1b401
Show file tree

Hide file tree

Showing 4 changed files with 145 additions and 2 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -28,10 +28,28 @@ jobs:
           file-patterns: "*.sh,*.yml"
           license: "mit"
 
-  component-tests:
+  e2e:
     needs: quality-checks
     runs-on: ubuntu-22.04
 
+    steps:
+      - name: Project Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Test scanning standalone Android apk
+        run: ./e2e/pocketcasts-android.sh
+        env:
+          APPSWEEP_API_KEY: ${{ secrets.APPSWEEP_DOTANUKI_POCKETCASTS_ANDROID_KEY }}
+
+      - name: Test scanning standalone iOS xcarchive
+        run: ./e2e/pocketcasts-ios.sh
+        env:
+          APPSWEEP_API_KEY: ${{ secrets.APPSWEEP_DOTANUKI_POCKETCASTS_IOS_KEY }}
+
+  component-tests:
+    needs: e2e
+    runs-on: ubuntu-22.04
+
     steps:
       - name: Project Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

diff --git a/e2e/pocketcasts-android.sh b/e2e/pocketcasts-android.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+# Copyright 2024 Dotanuki Labs
+# SPDX-License-Identifier: MIT
+
+set -euo pipefail
+
+readonly repo="Automattic/pocket-casts-android"
+readonly version="7.72"
+readonly asset=" app-7.72.apk"
+readonly download_url="https://github.com/$repo/releases/download/$version/$asset"
+readonly package="pocket-casts-android.apk"
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "${script_dir%/*}"
+actual_dir=$(pwd)
+
+rm -rf "$actual_dir/.tmp" && mkdir "$actual_dir/.tmp"
+curl -fsSL -o "$actual_dir/.tmp/$package" -C - "$download_url"
+src/main.sh "$actual_dir/.tmp/$package"
diff --git a/e2e/pocketcasts-ios.sh b/e2e/pocketcasts-ios.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+# Copyright 2024 Dotanuki Labs
+# SPDX-License-Identifier: MIT
+
+set -euo pipefail
+
+readonly repo="Automattic/pocket-casts-ios"
+readonly version="7.72"
+readonly asset="PocketCasts.xcarchive.zip"
+readonly download_url="https://github.com/$repo/releases/download/$version/$asset"
+readonly package="pocket-casts-ios.xcarchive.zip"
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "${script_dir%/*}"
+actual_dir=$(pwd)
+
+rm -rf "$actual_dir/.tmp" && mkdir "$actual_dir/.tmp"
+curl -fsSL -o "$actual_dir/.tmp/$package" -C - "$download_url"
+src/main.sh "$actual_dir/.tmp/$package"
diff --git a/src/main.sh b/src/main.sh
@@ -4,4 +4,91 @@
 
 set -e
 
-echo "Hello World"
+readonly install_location="$HOME/bin"
+readonly guardsquare="$install_location/guardsquare"
+readonly installer_url="https://platform.guardsquare.com/cli/install.sh"
+
+readonly artifact="$1"
+readonly extras="$2"
+
+require_artifact() {
+    if [[ -z "$artifact" ]]; then
+        echo "✗ ERROR : expecting an 'artifact' input"
+        exit 1
+    fi
+
+    if [[ ! -f "$artifact" ]]; then
+        echo "✗ ERROR : '$artifact' not found"
+        exit 1
+    fi
+}
+
+require_r8_or_proguard_mappings() {
+    if [[ ! -f "$extras" ]]; then
+        echo "✗ ERROR : '$extras' R8/proguard mapping file not found"
+        exit 1
+    fi
+}
+
+require_dsyms_folder() {
+    if [[ ! -d "$extras" ]]; then
+        echo "✗ ERROR : '$extras' folder not found"
+        exit 1
+    fi
+}
+
+install_guardsquare_cli() {
+    mkdir -p "$install_location"
+    curl -sSL "$installer_url" | sh -s -- -y --bin-dir "$install_location"
+}
+
+execute_android_scan() {
+    local scan_id
+
+    if [[ -z "$extras" ]]; then
+        echo "Scanning standalone artifact : $artifact"
+        install_guardsquare_cli
+        scan_id=$("$guardsquare" scan "$artifact" --commit-hash "$GITHUB_SHA" --format "{{.ID}}")
+    else
+        require_r8_or_proguard_mappings
+        echo "Scanning artifact     : $artifact"
+        echo "R8/Proguard mappings  : $extras"
+        install_guardsquare_cli
+        scan_id=$("$guardsquare" scan "$artifact" --mapping-file "$extras" --commit-hash "$GITHUB_SHA" --format "{{.ID}}")
+    fi
+
+    "$guardsquare" scan summary --wait-for static "$scan_id" --format json
+}
+
+execute_ios_scan() {
+    local scan_id
+
+    if [[ -z "$extras" ]]; then
+        echo "Scanning standalone artifact : $artifact"
+        install_guardsquare_cli
+        scan_id=$("$guardsquare" scan "$artifact" --commit-hash "$GITHUB_SHA" --format "{{.ID}}")
+    else
+        require_dsyms_folder
+        echo "Scanning artifact : $artifact"
+        echo "dsyms location    : $extras"
+        install_guardsquare_cli
+        scan_id=$("$guardsquare" scan "$artifact" --dsym "$extras" --commit-hash "$GITHUB_SHA" --format "{{.ID}}")
+    fi
+
+    "$guardsquare" scan summary --wait-for static "$scan_id" --format json
+}
+
+require_artifact
+
+case "$artifact" in
+*.apk | *.aab)
+    execute_android_scan
+    ;;
+*.zip | *.ipa)
+    execute_ios_scan
+    ;;
+*)
+    echo "Error: unsupported artifact → $artifact"
+    exit 1
+    ;;
+esac