Merge pull request #954 from tchapgouv/953-probleme-de-copie-du-code-… #1740
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: APK Build | |
on: | |
pull_request: { } | |
push: | |
branches: [ main, develop ] | |
tags: [ tchap_v* ] | |
# Enrich gradle.properties for CI/CD | |
env: | |
# Tchap : up Xmx TO 4096 to achieve build in CI | |
GRADLE_OPTS: -Dorg.gradle.jvmargs="-Xmx4096m -Dfile.encoding=UTF-8 -XX:+HeapDumpOnOutOfMemoryError" -Dkotlin.daemon.jvm.options="-Xmx4096m" -Dkotlin.incremental=false | |
CI_GRADLE_ARG_PROPERTIES: --stacktrace -PpreDexEnable=false --max-workers 2 --no-daemon | |
jobs: | |
debug: | |
name: Build debug APKs (${{ matrix.target }}) | |
runs-on: ubuntu-latest | |
if: github.ref != 'refs/heads/main' | |
strategy: | |
fail-fast: false | |
matrix: | |
target: [ GplayDevTchapRustCryptoWithoutvoipWithoutpinning, FdroidDevTchapRustCryptoWithoutvoipWithoutpinning, GplayBtchapRustCryptoWithvoipWithpinning ] | |
# Allow all jobs on develop. Just one per PR. | |
concurrency: | |
group: ${{ github.ref == 'refs/heads/develop' && format('integration-tests-develop-{0}-{1}', matrix.target, github.sha) || format('build-debug-{0}-{1}', matrix.target, github.ref) }} | |
cancel-in-progress: true | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
# https://github.com/actions/checkout/issues/881 | |
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} | |
- name: Configure gradle | |
uses: gradle/gradle-build-action@v2 | |
with: | |
cache-read-only: ${{ github.ref != 'refs/heads/develop' }} | |
- name: Assemble ${{ matrix.target }} debug apk | |
run: ./gradlew assemble${{ matrix.target }}Debug $CI_GRADLE_ARG_PROPERTIES | |
- name: Upload ${{ matrix.target }} debug APKs | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.target }}-debug | |
path: | | |
vector-app/build/outputs/apk/*/debug/*.apk | |
release: | |
name: Build unsigned ${{ matrix.target }} APKs | |
runs-on: ubuntu-latest | |
# Tchap: Generate apks on new tchap release | |
if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/tchap_v') | |
strategy: | |
fail-fast: false | |
matrix: | |
target: [ GplayBtchapRustCryptWithoutvoipWithpinning, GplayTchapRustCryptWithoutvoipWithpinning, FdroidBtchapRustCryptWithoutvoipWithoutpinning, FdroidTchapRustCryptWithoutvoipWithoutpinning, GplayBtchapRustCryptWithvoipWithpinning ] | |
concurrency: | |
# Tchap: custom group | |
group: ${{ github.ref == 'refs/head/main' && format('build-release-apk-main-{0}-{1}', github.sha, matrix.target) || startsWith(github.ref, 'refs/tags/tchap_v') && format('build-release-apk-tag-{0}-{1}', github.sha, matrix.target) }} | |
cancel-in-progress: ${{ github.ref != 'refs/head/main' && !startsWith(github.ref, 'refs/tags/tchap_v') }} | |
steps: | |
- uses: actions/checkout@v3 | |
# Tchap : stay on current branch | |
# with: | |
# https://github.com/actions/checkout/issues/881 | |
# ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} | |
- name: Configure gradle | |
uses: gradle/gradle-build-action@v2 | |
with: | |
cache-read-only: ${{ github.ref != 'refs/heads/develop' }} | |
- name: Assemble ${{ matrix.target }} unsigned apk | |
run: ./gradlew clean assemble${{ matrix.target }}Release $CI_GRADLE_ARG_PROPERTIES | |
- name: Upload ${{ matrix.target }} unsigned APKs | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.target }}-release-unsigned | |
path: | | |
vector-app/build/outputs/apk/*/release/*.apk | |
exodus: | |
runs-on: ubuntu-latest | |
needs: release | |
env: | |
# Tchap: only generate exodus report for the following target | |
TARGET_NAME: "GplayTchapRustCryptoWithoutvoipWithpinning" | |
TARGET_FOLDER: "gplayTchapRustCryptoWithoutvoipWithpinning" | |
steps: | |
- name: Obtain apk from artifact | |
id: download | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ env.TARGET_NAME }}-release-unsigned | |
- name: Show apks in artifact | |
id: list-apks | |
# Tchap: Find apks in artifacts | |
run: | | |
ls -R ${{steps.download.outputs.download-path}} | grep ".apk" | |
echo ::set-output name=FIRST_APK_NAME::$(ls -R ${{steps.download.outputs.download-path}} | grep ".apk" | head -1) | |
- name: Execute exodus-standalone | |
uses: docker://exodusprivacy/exodus-standalone:latest | |
with: | |
args: /github/workspace/${{ env.TARGET_FOLDER }}/release/${{ steps.list-apks.outputs.FIRST_APK_NAME }} -j -o /github/workspace/exodus.json | |
- name: Upload exodus json report | |
uses: actions/upload-artifact@v3 | |
with: | |
name: exodus.json | |
path: | | |
exodus.json | |
- name: Check for trackers | |
run: "jq -e '.trackers == []' exodus.json > /dev/null || { echo '::error static analysis identified user tracking library' ; exit 1; }" |