-
Notifications
You must be signed in to change notification settings - Fork 528
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add regex checks to ensure Firebase analytics + Crashlytics stay disabled in the codebase. #1903
Comments
@rt4914 maybe a SLoP candidate issue? |
Yeah looks like one. I have mentioned 5 points for now. |
Hey, may I give fixing this issue a shot? |
@Russ741 Sure. Thanks. |
@rt4914 I have a couple of questions, if you don't mind:
Also, if there's a good resource for me to read about our continuous integration setup, I'd very much appreciate a pointer to it. |
I think @vinitamurthi and @Sarthak2601 Would be able to answer this more correctly. |
Yes, correct.
Yes, we would enable it for releases. We'd probably reverse these values for other build variants using
Enabling data collection would mean collection of sensitive information of our contributors and the open source nature of the project makes it challenging for us to let them know as the information will be gathered even when they're just testing the app. To avoid this, we've deactivated the Firebase data collection.
This issue tracks the addition of a CI based check that will ensure that the value of these flags is not changed. I think this can be done via a python script but I'll defer to @vinitamurthi here.
I'm not sure if I know about the documentation but you can checkout this file to see the workflow. |
I think @Sarthak2601 has answered most of the questions so I will talk about the last one:
Yes we want a check that can run in Circle CI. Basically we do want to just do a manifest check, but its not enough to just look up the current AndroidManifest.xml since multiple manifests can exist and the final app manifest may be different from what is specified in AndroidManifest.xml. So there are two ways I can think of :
Hope this helps! |
I'm unfamiliar with Circle CI, so I did some reading about how it integrates with Github, and that suggests that it uses .circleci/config.yml. Do we use Circle CI for the Android client in some way that I'm missing? |
This should actually be running on GitHub actions (not CircleCI). The existing actions check could be used as a baseline for this: https://github.com/oppia/oppia-android/tree/develop/.github/workflows. That being said, it would be better to wait until #1724 is resolved since that will make this much easier. Sorry for the confusion--this issue wasn't well defined when it was filed. |
#1724 is resolved. Should we get this fixed? It is the last thing remaining in the Performance Metrics project. |
@seanlip I was actually thinking we could repurpose this to conditionally allow Firebase to be enabled in developer builds (#4390). We would want to implement either that or this long-term, but not both. I think, given that, we could implement this more immediately (since it's a regex check), and then remove the check once #4390 is addressed. |
@BenHenning Either's OK with me -- could you please make the call on what to do here specifically and put it in the description at the top, so that folks know what to do? Also should we remove "[Blocked: #...]" from the title? |
Per @BenHenning, the aim of this issue should be to add two regex checks to ensure that Firebase analytics + Crashlytics lines in the manifest are set to "off". Once that's done, this issue can be closed. Note for contributors: docs about the regex check system can be found in https://github.com/oppia/oppia-android/wiki/Static-Analysis-Checks#generic-regex-pattern-matching-against-file-contents |
Can I be assigned this issue? My approach: file_content_checks { tested in regex101 - aims to prohibit |
That seems like a really solid approach @chrislee115. Assigning over to you. |
…itly disab… (#4995) <!-- READ ME FIRST: Please fill in the explanation section below and check off every point from the Essential Checklist! --> ## Explanation Fix #1903 Adds a regex check in file content validation to ensure Firebase analytics are disabled in the codebase. Both regex are tested in https://regex101.com/r/l14O5J/1, https://regex101.com/r/QVHGxi/1 for Firebase analytics, Crashlytics, respectively. - "Fixes ##1903:" Adds a regex check that ensures that firebase analytics and crashlytics are explicitly disabled in AndroidManifest.xml, new pull requests based on /pull/4944 Manual testing: Case 1: firebase_analytis_collection_deactivated = false in AndroidManifest.xml; want = true (line 19) ![image](https://github.com/oppia/oppia-android/assets/44930615/0da2895b-55ea-4d17-acb9-00cf0e3dbfbe) Case 2: firebase_analytis_collection_deactivated = true not found in AndroidManifest.xml; want = explicit line (line 19) ![image](https://github.com/oppia/oppia-android/assets/44930615/99ebcd4e-bb10-4e49-a1a1-141d8e2e7ae9) Case 3: firebase_crashlytics_collection_enabled = true in AndroidManifest.xml; want = false (line 20) ![image](https://github.com/oppia/oppia-android/assets/44930615/0f459eb0-4c34-46b9-baff-3a5efd99e320) Case 4: firebase_crashlytics_collection_enabled = false not found in AndroidManifest.xml; want = explicit line (line 20) ![image](https://github.com/oppia/oppia-android/assets/44930615/92f5d167-dc12-4cb1-a940-9d836cf7e7db) Case 5: happy case ![image](https://github.com/oppia/oppia-android/assets/44930615/f38d4460-9d0a-4b5f-af7e-b2b8df31c3a8) ## Essential Checklist <!-- Please tick the relevant boxes by putting an "x" in them. --> - [x] The PR title and explanation each start with "Fix #bugnum: " (If this PR fixes part of an issue, prefix the title with "Fix part of #bugnum: ...".) - [X] Any changes to [scripts/assets](https://github.com/oppia/oppia-android/tree/develop/scripts/assets) files have their rationale included in the PR explanation. - [x] The PR follows the [style guide](https://github.com/oppia/oppia-android/wiki/Coding-style-guide). - [x] The PR does not contain any unnecessary code changes from Android Studio ([reference](https://github.com/oppia/oppia-android/wiki/Guidance-on-submitting-a-PR#undo-unnecessary-changes)). - [x] The PR is made from a branch that's **not** called "develop" and is up-to-date with "develop". - [] The PR is **assigned** to the appropriate reviewers ([reference](https://github.com/oppia/oppia-android/wiki/Guidance-on-submitting-a-PR#clarification-regarding-assignees-and-reviewers-section)). --------- Co-authored-by: Ben Henning <[email protected]>
The Firebase activation parameters (https://github.com/oppia/oppia-android/blob/2d14066/app/src/main/AndroidManifest.xml#L17) shouldn't be enabled ever in develop. We should have a CI check to ensure these parameters are always off.
The text was updated successfully, but these errors were encountered: