-
Notifications
You must be signed in to change notification settings - Fork 1
140 lines (115 loc) · 4.71 KB
/
lint.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow performs a static analysis of your Kotlin source code using
# Android Lint.
#
# Scans are triggered:
# 1. On every push to default and protected branches
# 2. On every Pull Request targeting the default branch
# 3. Manually, on demand, via the "workflow_dispatch" event
name: Check Code Quality with Android Lint
on:
# Triggers the workflow on push or pull request events but only for default and protected branches
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "scan"
scan-library:
name: Android Lint Check for library
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Sets up JDK as a prerequisite to run Gradle
- name: Setup Java
uses: actions/[email protected]
with:
java-version: '17'
distribution: 'zulu'
# Sets up the reviewdog cli
- name: Setup reviewdog
uses: reviewdog/[email protected]
- name: Show reviewdog version
run: reviewdog -version
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout repository
uses: actions/[email protected]
# Sets up Gradle as a prerequisite to run Android Lint
- name: Setup Gradle
uses: gradle/actions/[email protected]
with:
gradle-home-cache-cleanup: true
# Performs analysis using Android Lint via Gradle and outputs a Sarif Report
- name: Run Android Lint
run: ./gradlew lint --continue
# Uploads Sarif Report for the library to GitHub
- name: Upload kotlin library report
uses: github/codeql-action/[email protected]
if: success() || failure()
with:
sarif_file: library/build/reports/lint-results-debug.sarif
# Process checkstyle Report file from Android Lint with reviewdog cli
- name: Run reviewdog for library
if: success() || failure()
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: reviewdog -f=sarif -diff="git diff FETCH_HEAD" -name="lint" -reporter=github-pr-check < library/build/reports/lint-results-debug.sarif
scan-app:
name: Android Lint Check for app
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Sets up JDK as a prerequisite to run Gradle
- name: Setup Java
uses: actions/[email protected]
with:
java-version: '17'
distribution: 'zulu'
# Sets up the reviewdog cli
- name: Setup reviewdog
uses: reviewdog/[email protected]
- name: Show reviewdog version
run: reviewdog -version
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout repository
uses: actions/[email protected]
# Sets up Gradle as a prerequisite to run Android Lint
- name: Setup Gradle
uses: gradle/actions/[email protected]
with:
gradle-home-cache-cleanup: true
# Performs analysis using Android Lint via Gradle and outputs a Sarif Report
- name: Run Android Lint
run: ./gradlew :app:lint --continue
# Uploads Sarif Report for the app to GitHub
- name: Upload kotlin app report
uses: github/codeql-action/[email protected]
if: success() || failure()
with:
sarif_file: app/build/reports/lint-results-debug.sarif
# Process checkstyle Report file from Android Lint with reviewdog cli
- name: Run reviewdog for app
if: success() || failure()
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: reviewdog -f=sarif -diff="git diff FETCH_HEAD" -name="lint" -reporter=github-pr-check < app/build/reports/lint-results-debug.sarif