diff --git a/.github/workflows/assembleFlavors.yml b/.github/workflows/assembleFlavors.yml index 0de9c458f..f60fa40c8 100644 --- a/.github/workflows/assembleFlavors.yml +++ b/.github/workflows/assembleFlavors.yml @@ -22,17 +22,25 @@ jobs: matrix: flavor: [ Generic, Gplay ] steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: set up JDK 17 uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 with: distribution: "temurin" java-version: 17 - - uses: gradle/actions/wrapper-validation@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 + + - name: Gradle validate + uses: gradle/actions/wrapper-validation@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 + - name: Build ${{ matrix.flavor }} run: | echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" >> gradle.properties ./gradlew assemble${{ matrix.flavor }} + - name: Archive apk uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 if: ${{ always() }} diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 3aa4835bd..0a185a00b 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -22,11 +22,16 @@ jobs: matrix: task: [ detekt, ktlintCheck ] steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Set up JDK 17 uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 with: distribution: "temurin" java-version: 17 + - name: Check ${{ matrix.task }} run: ./gradlew ${{ matrix.task }} diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index 50674edb7..6dfcaacf2 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -22,14 +22,20 @@ jobs: - name: Check if secrets are available run: echo "ok=${{ secrets.KS_PASS != '' }}" >> "$GITHUB_OUTPUT" id: check-secrets - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: ${{ steps.check-secrets.outputs.ok == 'true' }} + with: + persist-credentials: false + - name: set up JDK 17 uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 if: ${{ steps.check-secrets.outputs.ok == 'true' }} with: distribution: "temurin" java-version: 17 + - name: Build QA if: ${{ steps.check-secrets.outputs.ok == 'true' }} env: diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index b6828556a..1c6859b2c 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -11,6 +11,9 @@ name: REUSE Compliance Check on: [pull_request] +permissions: + contents: read + jobs: reuse-compliance-check: runs-on: ubuntu-latest diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index 4a050380d..761cc3962 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -13,7 +13,7 @@ permissions: contents: read pull-requests: write -concurrency: +concurrency: group: unit-tests-${{ github.head_ref || github.run_id }} cancel-in-progress: true @@ -21,16 +21,23 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Set up JDK 17 uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 with: distribution: "temurin" java-version: 17 + - name: Setup Gradle uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 + - name: Run unit tests with coverage run: ./gradlew testGplayDebugUnit + - name: Upload test artifacts if: ${{ failure() }} uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1