From be1b401a8e546eb729fe0fdeaac46c44261c5297 Mon Sep 17 00:00:00 2001 From: Ubiratan Soares Date: Sun, 22 Sep 2024 08:14:37 +0200 Subject: [PATCH] Implements core GHA logic --- .github/workflows/ci.yml | 20 ++++++++- e2e/pocketcasts-android.sh | 19 ++++++++ e2e/pocketcasts-ios.sh | 19 ++++++++ src/main.sh | 89 +++++++++++++++++++++++++++++++++++++- 4 files changed, 145 insertions(+), 2 deletions(-) create mode 100755 e2e/pocketcasts-android.sh create mode 100755 e2e/pocketcasts-ios.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e1d9a73..c1f0a04 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,10 +28,28 @@ jobs: file-patterns: "*.sh,*.yml" license: "mit" - component-tests: + e2e: needs: quality-checks runs-on: ubuntu-22.04 + steps: + - name: Project Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Test scanning standalone Android apk + run: ./e2e/pocketcasts-android.sh + env: + APPSWEEP_API_KEY: ${{ secrets.APPSWEEP_DOTANUKI_POCKETCASTS_ANDROID_KEY }} + + - name: Test scanning standalone iOS xcarchive + run: ./e2e/pocketcasts-ios.sh + env: + APPSWEEP_API_KEY: ${{ secrets.APPSWEEP_DOTANUKI_POCKETCASTS_IOS_KEY }} + + component-tests: + needs: e2e + runs-on: ubuntu-22.04 + steps: - name: Project Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/e2e/pocketcasts-android.sh b/e2e/pocketcasts-android.sh new file mode 100755 index 0000000..4e75abb --- /dev/null +++ b/e2e/pocketcasts-android.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# Copyright 2024 Dotanuki Labs +# SPDX-License-Identifier: MIT + +set -euo pipefail + +readonly repo="Automattic/pocket-casts-android" +readonly version="7.72" +readonly asset=" app-7.72.apk" +readonly download_url="https://github.com/$repo/releases/download/$version/$asset" +readonly package="pocket-casts-android.apk" + +script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "${script_dir%/*}" +actual_dir=$(pwd) + +rm -rf "$actual_dir/.tmp" && mkdir "$actual_dir/.tmp" +curl -fsSL -o "$actual_dir/.tmp/$package" -C - "$download_url" +src/main.sh "$actual_dir/.tmp/$package" diff --git a/e2e/pocketcasts-ios.sh b/e2e/pocketcasts-ios.sh new file mode 100755 index 0000000..068a272 --- /dev/null +++ b/e2e/pocketcasts-ios.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# Copyright 2024 Dotanuki Labs +# SPDX-License-Identifier: MIT + +set -euo pipefail + +readonly repo="Automattic/pocket-casts-ios" +readonly version="7.72" +readonly asset="PocketCasts.xcarchive.zip" +readonly download_url="https://github.com/$repo/releases/download/$version/$asset" +readonly package="pocket-casts-ios.xcarchive.zip" + +script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "${script_dir%/*}" +actual_dir=$(pwd) + +rm -rf "$actual_dir/.tmp" && mkdir "$actual_dir/.tmp" +curl -fsSL -o "$actual_dir/.tmp/$package" -C - "$download_url" +src/main.sh "$actual_dir/.tmp/$package" diff --git a/src/main.sh b/src/main.sh index b7e75da..291b74b 100755 --- a/src/main.sh +++ b/src/main.sh @@ -4,4 +4,91 @@ set -e -echo "Hello World" +readonly install_location="$HOME/bin" +readonly guardsquare="$install_location/guardsquare" +readonly installer_url="https://platform.guardsquare.com/cli/install.sh" + +readonly artifact="$1" +readonly extras="$2" + +require_artifact() { + if [[ -z "$artifact" ]]; then + echo "✗ ERROR : expecting an 'artifact' input" + exit 1 + fi + + if [[ ! -f "$artifact" ]]; then + echo "✗ ERROR : '$artifact' not found" + exit 1 + fi +} + +require_r8_or_proguard_mappings() { + if [[ ! -f "$extras" ]]; then + echo "✗ ERROR : '$extras' R8/proguard mapping file not found" + exit 1 + fi +} + +require_dsyms_folder() { + if [[ ! -d "$extras" ]]; then + echo "✗ ERROR : '$extras' folder not found" + exit 1 + fi +} + +install_guardsquare_cli() { + mkdir -p "$install_location" + curl -sSL "$installer_url" | sh -s -- -y --bin-dir "$install_location" +} + +execute_android_scan() { + local scan_id + + if [[ -z "$extras" ]]; then + echo "Scanning standalone artifact : $artifact" + install_guardsquare_cli + scan_id=$("$guardsquare" scan "$artifact" --commit-hash "$GITHUB_SHA" --format "{{.ID}}") + else + require_r8_or_proguard_mappings + echo "Scanning artifact : $artifact" + echo "R8/Proguard mappings : $extras" + install_guardsquare_cli + scan_id=$("$guardsquare" scan "$artifact" --mapping-file "$extras" --commit-hash "$GITHUB_SHA" --format "{{.ID}}") + fi + + "$guardsquare" scan summary --wait-for static "$scan_id" --format json +} + +execute_ios_scan() { + local scan_id + + if [[ -z "$extras" ]]; then + echo "Scanning standalone artifact : $artifact" + install_guardsquare_cli + scan_id=$("$guardsquare" scan "$artifact" --commit-hash "$GITHUB_SHA" --format "{{.ID}}") + else + require_dsyms_folder + echo "Scanning artifact : $artifact" + echo "dsyms location : $extras" + install_guardsquare_cli + scan_id=$("$guardsquare" scan "$artifact" --dsym "$extras" --commit-hash "$GITHUB_SHA" --format "{{.ID}}") + fi + + "$guardsquare" scan summary --wait-for static "$scan_id" --format json +} + +require_artifact + +case "$artifact" in +*.apk | *.aab) + execute_android_scan + ;; +*.zip | *.ipa) + execute_ios_scan + ;; +*) + echo "Error: unsupported artifact → $artifact" + exit 1 + ;; +esac