Merge pull request #2634 from nextcloud/chore/noid/ghActionHashes

Add hashes to github action versions
This commit is contained in:
Andy Scherzinger 2022-12-16 15:47:03 +01:00 committed by GitHub
commit 46687a2f75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 148 additions and 134 deletions

View File

@ -1,49 +1,49 @@
name: "Analysis" name: "Analysis"
on: on:
pull_request: pull_request:
branches: [ master, stable-* ] branches: [ master, stable-* ]
push: push:
branches: [ master, stable-* ] branches: [ master, stable-* ]
permissions: permissions:
pull-requests: write pull-requests: write
contents: write contents: write
jobs: jobs:
analysis: analysis:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Setup variables - name: Setup variables
id: get-vars id: get-vars
run: | run: |
if [ -z "$GITHUB_HEAD_REF" ]; then if [ -z "$GITHUB_HEAD_REF" ]; then
# push # push
echo "::set-output name=branch::$GITHUB_REF_NAME" echo "::set-output name=branch::$GITHUB_REF_NAME"
echo "::set-output name=pr::$GITHUB_RUN_ID" echo "::set-output name=pr::$GITHUB_RUN_ID"
echo "::set-output name=repo::${{ github.repository }}" echo "::set-output name=repo::${{ github.repository }}"
else else
# pull request # pull request
echo "::set-output name=branch::$GITHUB_HEAD_REF" echo "::set-output name=branch::$GITHUB_HEAD_REF"
echo "::set-output name=pr::${{ github.event.pull_request.number }}" echo "::set-output name=pr::${{ github.event.pull_request.number }}"
echo "::set-output name=repo::${{ github.event.pull_request.head.repo.full_name }}" echo "::set-output name=repo::${{ github.event.pull_request.head.repo.full_name }}"
fi fi
- uses: actions/checkout@v3 - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
with: with:
repository: ${{ steps.get-vars.outputs.repo }} repository: ${{ steps.get-vars.outputs.repo }}
ref: ${{ steps.get-vars.outputs.branch }} ref: ${{ steps.get-vars.outputs.branch }}
- name: Set up JDK 11 - name: Set up JDK 11
uses: actions/setup-java@v3 uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
with: with:
distribution: "temurin" distribution: "temurin"
java-version: 11 java-version: 11
- name: Install dependencies - name: Install dependencies
run: | run: |
python3 -m pip install defusedxml python3 -m pip install defusedxml
- name: Run analysis wrapper - name: Run analysis wrapper
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
mkdir -p $HOME/.gradle mkdir -p $HOME/.gradle
echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" > $HOME/.gradle/gradle.properties echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" > $HOME/.gradle/gradle.properties
scripts/analysis/analysis-wrapper.sh ${{ steps.get-vars.outputs.branch }} ${{ secrets.LOG_USERNAME }} ${{ secrets.LOG_PASSWORD }} $GITHUB_RUN_NUMBER ${{ steps.get-vars.outputs.pr }} scripts/analysis/analysis-wrapper.sh ${{ steps.get-vars.outputs.branch }} ${{ secrets.LOG_USERNAME }} ${{ secrets.LOG_PASSWORD }} $GITHUB_RUN_NUMBER ${{ steps.get-vars.outputs.pr }}

View File

@ -4,6 +4,9 @@ on:
pull_request: pull_request:
branches: [ master, stable-* ] branches: [ master, stable-* ]
# Declare default permissions as read only.
permissions: read-all
jobs: jobs:
flavor: flavor:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -12,20 +15,20 @@ jobs:
matrix: matrix:
flavor: [ Generic, Gplay ] flavor: [ Generic, Gplay ]
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
- name: set up JDK 11 - name: set up JDK 11
uses: actions/setup-java@v3 uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
with: with:
distribution: "temurin" distribution: "temurin"
java-version: 11 java-version: 11
- name: Build ${{ matrix.flavor }} - name: Build ${{ matrix.flavor }}
run: | run: |
echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" >> gradle.properties echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" >> gradle.properties
./gradlew assemble${{ matrix.flavor }} ./gradlew assemble${{ matrix.flavor }}
- name: Archive apk - name: Archive apk
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3
if: ${{ always() }} if: ${{ always() }}
with: with:
name: Nextcloud-APK name: Nextcloud-APK
path: app/build/outputs/apk/**/**/*.apk path: app/build/outputs/apk/**/**/*.apk
retention-days: 5 retention-days: 5

View File

@ -1,13 +1,16 @@
name: Auto approve name: Auto approve
on: on:
pull_request_target: pull_request_target:
branches: [ master, stable-* ] branches: [ master, stable-* ]
permissions:
pull-requests: write
jobs: jobs:
auto-approve: auto-approve:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: hmarr/auto-approve-action@v3.1.0 - uses: hmarr/auto-approve-action@de8ae18c173c131e182d4adf2c874d8d2308a85b # v3.1.0
if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
with: with:
github-token: "${{ secrets.GITHUB_TOKEN }}" github-token: "${{ secrets.GITHUB_TOKEN }}"

View File

@ -1,22 +1,25 @@
name: Check name: Check
on: on:
pull_request: pull_request:
branches: [ master, stable-* ] branches: [ master, stable-* ]
# Declare default permissions as read only.
permissions: read-all
jobs: jobs:
check: check:
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
task: [ detekt, ktlintCheck ] task: [ detekt, ktlintCheck ]
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
- name: Set up JDK 11 - name: Set up JDK 11
uses: actions/setup-java@v3 uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
with: with:
distribution: "temurin" distribution: "temurin"
java-version: 11 java-version: 11
- name: Check ${{ matrix.task }} - name: Check ${{ matrix.task }}
run: ./gradlew ${{ matrix.task }} run: ./gradlew ${{ matrix.task }}

View File

@ -9,8 +9,8 @@ on:
issue_comment: issue_comment:
types: created types: created
permissions: permissions:
contents: read contents: read
jobs: jobs:
rebase: rebase:
@ -23,7 +23,7 @@ jobs:
steps: steps:
- name: Add reaction on start - name: Add reaction on start
uses: peter-evans/create-or-update-comment@v2 uses: peter-evans/create-or-update-comment@5adcb0bb0f9fb3f95ef05400558bdb3f329ee808 # v2
with: with:
token: ${{ secrets.COMMAND_BOT_PAT }} token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }} repository: ${{ github.event.repository.full_name }}
@ -31,18 +31,18 @@ jobs:
reaction-type: "+1" reaction-type: "+1"
- name: Checkout the latest code - name: Checkout the latest code
uses: actions/checkout@v3 uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
with: with:
fetch-depth: 0 fetch-depth: 0
token: ${{ secrets.COMMAND_BOT_PAT }} token: ${{ secrets.COMMAND_BOT_PAT }}
- name: Automatic Rebase - name: Automatic Rebase
uses: cirrus-actions/rebase@1.7 uses: cirrus-actions/rebase@6e572f08c244e2f04f9beb85a943eb618218714d # 1.7
env: env:
GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
- name: Add reaction on failure - name: Add reaction on failure
uses: peter-evans/create-or-update-comment@v2 uses: peter-evans/create-or-update-comment@5adcb0bb0f9fb3f95ef05400558bdb3f329ee808 # v2
if: failure() if: failure()
with: with:
token: ${{ secrets.COMMAND_BOT_PAT }} token: ${{ secrets.COMMAND_BOT_PAT }}

View File

@ -15,6 +15,6 @@ jobs:
steps: steps:
- name: Run check - name: Run check
uses: xt0rted/block-autosquash-commits-action@v2 uses: xt0rted/block-autosquash-commits-action@79880c36b4811fe549cfffe20233df88876024e7 # v2
with: with:
repo-token: ${{ secrets.GITHUB_TOKEN }} repo-token: ${{ secrets.GITHUB_TOKEN }}

View File

@ -1,13 +1,16 @@
name: "Validate Gradle Wrapper" name: "Validate Gradle Wrapper"
on: on:
pull_request: pull_request:
branches: [ master, stable-* ] branches: [ master, stable-* ]
# Declare default permissions as read only.
permissions: read-all
jobs: jobs:
validation: validation:
name: "Validation" name: "Validation"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
- uses: gradle/wrapper-validation-action@v1 - uses: gradle/wrapper-validation-action@55e685c48d84285a5b0418cd094606e199cca3b6 # v1

View File

@ -1,36 +1,40 @@
name: "QA" name: "QA"
on: on:
pull_request: pull_request:
branches: [ master, stable-* ] branches: [ master, stable-* ]
permissions:
pull-requests: write
contents: read
jobs: jobs:
qa: qa:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check if secrets are available - name: Check if secrets are available
run: echo "::set-output name=ok::${{ secrets.KS_PASS != '' }}" run: echo "::set-output name=ok::${{ secrets.KS_PASS != '' }}"
id: check-secrets id: check-secrets
- uses: actions/checkout@v3 - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
if: ${{ steps.check-secrets.outputs.ok == 'true' }} if: ${{ steps.check-secrets.outputs.ok == 'true' }}
- name: set up JDK 11 - name: set up JDK 11
if: ${{ steps.check-secrets.outputs.ok == 'true' }} uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
uses: actions/setup-java@v3 if: ${{ steps.check-secrets.outputs.ok == 'true' }}
with: with:
distribution: "temurin" distribution: "temurin"
java-version: 11 java-version: 11
- name: Build QA - name: Build QA
if: ${{ steps.check-secrets.outputs.ok == 'true' }} if: ${{ steps.check-secrets.outputs.ok == 'true' }}
env: env:
KS_PASS: ${{ secrets.KS_PASS }} KS_PASS: ${{ secrets.KS_PASS }}
KEY_PASS: ${{ secrets.KEY_PASS }} KEY_PASS: ${{ secrets.KEY_PASS }}
LOG_USERNAME: ${{ secrets.LOG_USERNAME }} LOG_USERNAME: ${{ secrets.LOG_USERNAME }}
LOG_PASSWORD: ${{ secrets.LOG_PASSWORD }} LOG_PASSWORD: ${{ secrets.LOG_PASSWORD }}
run: | run: |
mkdir -p $HOME/.gradle mkdir -p $HOME/.gradle
echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" > $HOME/.gradle/gradle.properties echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" > $HOME/.gradle/gradle.properties
sed -i "/qa/,/\}/ s/versionCode .*/versionCode ${{github.event.number}} /" app/build.gradle sed -i "/qa/,/\}/ s/versionCode .*/versionCode ${{github.event.number}} /" app/build.gradle
sed -i "/qa/,/\}/ s/versionName .*/versionName \"${{github.event.number}}\"/" app/build.gradle sed -i "/qa/,/\}/ s/versionName .*/versionName \"${{github.event.number}}\"/" app/build.gradle
./gradlew assembleQaDebug ./gradlew assembleQaDebug
$(find /usr/local/lib/android/sdk/build-tools/*/apksigner | sort | tail -n1) sign --ks-pass pass:$KS_PASS --key-pass pass:$KEY_PASS --ks-key-alias key0 --ks scripts/QA_keystore.jks app/build/outputs/apk/qa/debug/app-qa-*.apk $(find /usr/local/lib/android/sdk/build-tools/*/apksigner | sort | tail -n1) sign --ks-pass pass:$KS_PASS --key-pass pass:$KEY_PASS --ks-key-alias key0 --ks scripts/QA_keystore.jks app/build/outputs/apk/qa/debug/app-qa-*.apk
sudo scripts/uploadArtifact.sh $LOG_USERNAME $LOG_PASSWORD ${{github.event.number}} ${{github.event.number}} ${{ secrets.GITHUB_TOKEN }} sudo scripts/uploadArtifact.sh $LOG_USERNAME $LOG_PASSWORD ${{github.event.number}} ${{github.event.number}} ${{ secrets.GITHUB_TOKEN }}

View File

@ -22,7 +22,5 @@ jobs:
only-labels: 'bug,needs info' only-labels: 'bug,needs info'
exempt-issue-labels: 'no-stale' exempt-issue-labels: 'no-stale'
stale-issue-message: >- stale-issue-message: >-
This bug report did not receive an update in the last 4 weeks. This bug report did not receive an update in the last 4 weeks. Please take a look again and update the issue with new details, otherwise the issue will be automatically closed in 2 weeks. Thank you!
Please take a look again and update the issue with new details,
otherwise the issue will be automatically closed in 2 weeks. Thank you!
exempt-all-pr-milestones: true exempt-all-pr-milestones: true