Feature 13093 data protection update #4828
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# This workflow will test the sormas-app project with Gradle and running the AVD emulator | |
# For more information see: | |
# https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle | |
# and https://github.com/ReactiveCircus/android-emulator-runner | |
name: Java CI with Gradle | |
env: | |
JAVA: 17 | |
PRIVILEGED_RUN: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/development') | |
|| github.event.pull_request.head.repo.full_name == github.repository }} | |
on: | |
push: | |
branches: [ development, master, hotfix* ] | |
paths: | |
- 'sormas-app/**' | |
- 'sormas-api/**' | |
pull_request: | |
branches: [ development, hotfix* ] | |
paths: | |
- 'sormas-app/**' | |
- 'sormas-api/**' | |
jobs: | |
test: | |
name: android app test | |
runs-on: macos-latest | |
strategy: | |
matrix: | |
# Even though we are using macos machines which should be faster thanks to hardware accelerations | |
# (explanation here https://github.com/ReactiveCircus/android-emulator-runner/issues/46) | |
# The memory footprint of newer android versions (>= 29) and the limitations of the GitHub provided machines | |
# is usually resulting in timeout when starting the emulator | |
api-level: [26, 27, 28] | |
steps: | |
- name: Checkout repository (with token) | |
# Check if PR results from the repository: if yes, we have access to the secrets. | |
# The token is only needed for privileged actions from within the repo, so no need | |
# to make it available on 3rd party PRs | |
if: ${{ fromJSON(env.PRIVILEGED_RUN) }} | |
uses: actions/checkout@v3 | |
with: | |
token: ${{ secrets.SORMAS_VITAGROUP_CI_TOKEN }} | |
- name: Checkout repository (without token) | |
# Check if PR results from a fork: if yes, we cannot access the token. | |
# The token is only needed for privileged actions from within the repo, so no need | |
# to make it available on 3rd party PRs | |
if: ${{ !fromJSON(env.PRIVILEGED_RUN) }} | |
uses: actions/checkout@v3 | |
- name: Set up JDK ${{ env.JAVA }} | |
uses: actions/setup-java@v3 | |
with: | |
java-version: ${{ env.JAVA }} | |
distribution: 'zulu' | |
- name: Cache Maven packages | |
# Check if PR results from the repository: if yes, it is safe to cache dependencies. | |
# This is to keep us safe from cache poisoning through 3rd party PRs. | |
if: ${{ fromJSON(env.PRIVILEGED_RUN) }} | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-java-${{ env.JAVA }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-java-${{ env.JAVA }}-m2 | |
- name: Run mvn install | |
working-directory: ./sormas-base | |
run: mvn install -pl :sormas-api -am -DskipTests=true | |
- name: Cache Gradle packages | |
uses: actions/cache@v3 | |
# Check if PR results from the repository: if yes, it is safe to cache dependencies. | |
# This is to keep us safe from cache poisoning through 3rd party PRs. | |
if: ${{ fromJSON(env.PRIVILEGED_RUN) }} | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
restore-keys: | | |
${{ runner.os }}-gradle- | |
- name: Run unit tests | |
working-directory: ./sormas-app | |
run: ./gradlew :app:clean :app:assembleDebug :app:test | |
- name: AVD cache | |
# Check if PR results from the repository: if yes, it is safe to cache dependencies. | |
# This is to keep us safe from cache poisoning through 3rd party PRs. | |
if: ${{ fromJSON(env.PRIVILEGED_RUN) }} | |
uses: actions/cache@v3 | |
id: avd-cache | |
with: | |
path: | | |
~/.android/avd/* | |
~/.android/adb* | |
key: avd-${{ matrix.api-level }} | |
- name: Create AVD and generate snapshot for caching | |
if: steps.avd-cache.outputs.cache-hit != 'true' | |
uses: reactivecircus/android-emulator-runner@v2 | |
with: | |
api-level: ${{ matrix.api-level }} | |
force-avd-creation: false | |
emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none | |
disable-animations: false | |
script: echo "Generated AVD snapshot for caching." | |
- name: Run integration tests | |
uses: reactivecircus/android-emulator-runner@v2 | |
with: | |
api-level: ${{ matrix.api-level }} | |
force-avd-creation: false | |
emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none | |
disable-animations: true | |
working-directory: ./sormas-app | |
script: ./gradlew connectedAndroidTest | |
- name: mobsfscan | |
uses: MobSF/[email protected] | |
with: | |
args: '. --sarif --output mobsf-results.sarif || true' | |
- name: Upload mobsfscan report | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: 'mobsf-results.sarif' | |
# needed as codeQL also performs an upload, and they clash otherwise | |
category: 'code-scanning/mobsfscan' |