[Security][Workflow]: Include SAST #2457
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The workflow for feature pull requests before they are merged | |
on: | |
pull_request: | |
branches: | |
- develop | |
- release/* | |
- feature/* | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
android-lint: | |
name: "Run ktlint check" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: "Initialize project keys" | |
uses: ./.github/actions/setup-project | |
with: | |
amplitude-key-debug: ${{ secrets.AMPLITUDE_KEY_DEBUG }} | |
amplitude-key-release: ${{ secrets.AMPLITUDE_KEY_RELEASE }} | |
torus-verifier-debug: ${{ secrets.TORUS_VERIFIER_DEBUG }} | |
torus-verifier-feature: ${{ secrets.TORUS_VERIFIER_FEATURE }} | |
torus-sub-verifier-feature: ${{ secrets.TORUS_SUB_VERIFIER_FEATURE }} | |
torus-verifier-release: ${{ secrets.TORUS_VERIFIER_RELEASE }} | |
rpc-pool-key: ${{ secrets.RPC_POOL_API_KEY }} | |
moonpay-key: ${{ secrets.MOONPAY_KEY }} | |
moonpay-sandbox-key: ${{ secrets.MOONPAY_SANDBOX_KEY }} | |
intercom-key: ${{ secrets.INTERCOM_API_KEY }} | |
intercom-app-id: ${{ secrets.INTERCOM_APP_ID }} | |
apps-flyer-key: ${{ secrets.APPS_FLYER_KEY }} | |
compare-key: ${{ secrets.COMPARE_PUBLIC_KEY }} | |
sentry-auth-token: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
sentry-auth-dsn: ${{ secrets.SENTRY_AUTH_DSN }} | |
lokalise-key: ${{ secrets.LOKALISE_KEY }} | |
lokalise-app-id: ${{ secrets.LOKALISE_APP_ID }} | |
svl-memo-send: ${{ secrets.SVL_MEMO_SEND }} | |
svl-memo-claim: ${{ secrets.SVL_MEMO_CLAIM }} | |
salt-prefix: ${{ secrets.SALT_PREFIX }} | |
- name: Run ktlint | |
run: ./gradlew ktlint -PautoCorrect=0 | |
android-unit-tests: | |
name: "Run unit tests" | |
needs: | |
- android-lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: "Initializing firebase configs" | |
uses: ./.github/actions/setup-google-services | |
with: | |
google-services-content: ${{ secrets.GOOGLE_SERVICE_JSON_SECRET }} | |
- name: "Initialize project keys" | |
uses: ./.github/actions/setup-project | |
with: | |
amplitude-key-debug: ${{ secrets.AMPLITUDE_KEY_DEBUG }} | |
amplitude-key-release: ${{ secrets.AMPLITUDE_KEY_RELEASE }} | |
torus-verifier-debug: ${{ secrets.TORUS_VERIFIER_DEBUG }} | |
torus-verifier-feature: ${{ secrets.TORUS_VERIFIER_FEATURE }} | |
torus-sub-verifier-feature: ${{ secrets.TORUS_SUB_VERIFIER_FEATURE }} | |
torus-verifier-release: ${{ secrets.TORUS_VERIFIER_RELEASE }} | |
rpc-pool-key: ${{ secrets.RPC_POOL_API_KEY }} | |
moonpay-key: ${{ secrets.MOONPAY_KEY }} | |
moonpay-sandbox-key: ${{ secrets.MOONPAY_SANDBOX_KEY }} | |
intercom-key: ${{ secrets.INTERCOM_API_KEY }} | |
intercom-app-id: ${{ secrets.INTERCOM_APP_ID }} | |
apps-flyer-key: ${{ secrets.APPS_FLYER_KEY }} | |
compare-key: ${{ secrets.COMPARE_PUBLIC_KEY }} | |
sentry-auth-token: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
sentry-auth-dsn: ${{ secrets.SENTRY_AUTH_DSN }} | |
lokalise-key: ${{ secrets.LOKALISE_KEY }} | |
lokalise-app-id: ${{ secrets.LOKALISE_APP_ID }} | |
svl-memo-send: ${{ secrets.SVL_MEMO_SEND }} | |
svl-memo-claim: ${{ secrets.SVL_MEMO_CLAIM }} | |
salt-prefix: ${{ secrets.SALT_PREFIX }} | |
- name: Run unit tests | |
run: ./gradlew testDebugUnitTest koverXmlReportDebug | |
- name: Attach coverage to pull request | |
id: kover-report-task | |
uses: edwardstock/kover-report@main | |
with: | |
path: | | |
${{ github.workspace }}/app/build/reports/kover/reportDebug.xml | |
${{ github.workspace }}/core/build/reports/kover/reportDebug.xml | |
${{ github.workspace }}/token-service/build/reports/kover/reportDebug.xml | |
token: ${{ secrets.GITHUB_TOKEN }} | |
title: Code coverage report | |
update-comment: true | |
coverage-counter-type: LINE | |
min-coverage-overall: 80 | |
min-coverage-changed-files: 60 | |
- name: Print coverage information | |
run: | | |
echo "Total coverage ${{ steps.kover-report-task.outputs.coverage-overall }}" | |
echo "Changed Files coverage ${{ steps.kover-report-task.outputs.coverage-changed-files }}" | |
android-build-artifacts: | |
name: "Run build feature artifacts" | |
environment: manual | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Checkout to the current commit hash" | |
uses: actions/checkout@v3 | |
- name: "Initializing firebase configs" | |
uses: ./.github/actions/setup-google-services | |
with: | |
google-services-content: ${{ secrets.GOOGLE_SERVICE_JSON_SECRET }} | |
- name: "Initialize project keys" | |
uses: ./.github/actions/setup-project | |
with: | |
amplitude-key-debug: ${{ secrets.AMPLITUDE_KEY_DEBUG }} | |
amplitude-key-release: ${{ secrets.AMPLITUDE_KEY_RELEASE }} | |
torus-verifier-debug: ${{ secrets.TORUS_VERIFIER_DEBUG }} | |
torus-verifier-feature: ${{ secrets.TORUS_VERIFIER_FEATURE }} | |
torus-sub-verifier-feature: ${{ secrets.TORUS_SUB_VERIFIER_FEATURE }} | |
torus-verifier-release: ${{ secrets.TORUS_VERIFIER_RELEASE }} | |
rpc-pool-key: ${{ secrets.RPC_POOL_API_KEY }} | |
moonpay-key: ${{ secrets.MOONPAY_KEY }} | |
moonpay-sandbox-key: ${{ secrets.MOONPAY_SANDBOX_KEY }} | |
intercom-key: ${{ secrets.INTERCOM_API_KEY }} | |
intercom-app-id: ${{ secrets.INTERCOM_APP_ID }} | |
apps-flyer-key: ${{ secrets.APPS_FLYER_KEY }} | |
compare-key: ${{ secrets.COMPARE_PUBLIC_KEY }} | |
sentry-auth-token: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
sentry-auth-dsn: ${{ secrets.SENTRY_AUTH_DSN }} | |
lokalise-key: ${{ secrets.LOKALISE_KEY }} | |
lokalise-app-id: ${{ secrets.LOKALISE_APP_ID }} | |
svl-memo-send: ${{ secrets.SVL_MEMO_SEND }} | |
svl-memo-claim: ${{ secrets.SVL_MEMO_CLAIM }} | |
salt-prefix: ${{ secrets.SALT_PREFIX }} | |
- name: "Generate changelog" | |
uses: ./.github/actions/setup-changelog-pull-request | |
- name: "Send start deploy message to slack" | |
run: bash bash_scripts/slack_start_message.sh ${{ secrets.SLACK_BOT_TOKEN }} ${{ secrets.SLACK_CHANNEL_ID }} | |
- name: "Build feature APK" | |
run: ./gradlew assembleFeature | |
- name: "Upload APK to Firebase (Feature)" | |
env: | |
FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }} | |
FIREBASE_APP_ID: ${{ secrets.FIREBASE_APP_ID }} | |
run: ./gradlew appDistributionUploadFeature | |
- name: "Upload APK to Slack (Feature)" | |
uses: ./.github/actions/setup-slack | |
with: | |
bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
channel-id: ${{ secrets.SLACK_CHANNEL_ID }} | |
build-type: "feature" | |
artifact-type: "apk" | |
- name: "Upload changelog, and Jira ticket to slack channel" | |
run: bash bash_scripts/slack_upload_changelog.sh ${{ secrets.SLACK_BOT_TOKEN }} ${{ secrets.SLACK_CHANNEL_ID }} CHANGELOG.txt | |
- name: "Send finish deploy message to slack" | |
run: | | |
value=`cat timestamp.txt` | |
bash bash_scripts/slack_finish_message.sh ${{ secrets.SLACK_BOT_TOKEN }} ${{ secrets.SLACK_CHANNEL_ID }} $value |