Update trufflesecurity/trufflehog action to v3.45.0 #2631
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| code-quality: | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Project Checkout | |
| uses: actions/[email protected] | |
| - name: Install asdf | |
| uses: asdf-vm/actions/[email protected] | |
| - name: Install local CLI tooling | |
| shell: bash | |
| run: ./scripts/setup-asdf.sh | |
| - name: Check Kotlin sources | |
| run: ./scripts/code-style-kotlin.sh all | |
| - name: Check Bash sources | |
| run: ./scripts/code-style-bash.sh | |
| - name: Check typos on code | |
| uses: crate-ci/[email protected] | |
| unit-tests: | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 10 | |
| needs: [code-quality] | |
| steps: | |
| - name: Project Checkout | |
| uses: actions/[email protected] | |
| - name: Setup Android Build | |
| uses: ./.github/actions/setup-android-build | |
| - name: Run unit tests | |
| uses: nick-fields/[email protected] | |
| with: | |
| command: ./gradlew clean test --no-daemon | |
| timeout_minutes: 8 | |
| max_attempts: 5 | |
| - name: Collect all test results from all modules | |
| if: always() | |
| run: ./scripts/aggregate-test-reports.sh build/test-reports | |
| - name: Archive test results | |
| if: always() | |
| uses: actions/[email protected] | |
| with: | |
| name: unit-tests-reports | |
| path: build/test-reports | |
| assemble-apk: | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 25 | |
| needs: [code-quality] | |
| steps: | |
| - name: Project Checkout | |
| uses: actions/[email protected] | |
| - name: Setup Android Build | |
| uses: ./.github/actions/setup-android-build | |
| - name: Assemble APKs | |
| run: ./gradlew app:assembleDebug app:assembleRelease -PtestMode=true | |
| - name: Archive Debug APK | |
| if: success() | |
| uses: actions/[email protected] | |
| with: | |
| name: debug-apk | |
| path: app/build/outputs/apk/debug | |
| - name: Archive Release APK | |
| if: success() | |
| uses: actions/[email protected] | |
| with: | |
| name: release-apk | |
| path: app/build/outputs/apk/release | |
| - name: Archive R8 mappings | |
| if: success() | |
| uses: actions/[email protected] | |
| with: | |
| name: release-mappings | |
| path: app/build/outputs/mapping/release | |
| functional-tests: | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 25 | |
| needs: [assemble-apk] | |
| steps: | |
| - name: Project Checkout | |
| uses: actions/[email protected] | |
| - name: Install asdf | |
| uses: asdf-vm/actions/[email protected] | |
| - name: Install local CLI tooling | |
| shell: bash | |
| run: ./scripts/setup-asdf.sh | |
| - name: Fetch Instrumentation artefacts | |
| uses: actions/[email protected] | |
| - name: Run E2E tests on mobile.dev clould | |
| run: ./scripts/maestro.sh release-apk/app-release.apk | |
| env: | |
| MOBILE_DEV_CLOUD_TOKEN: ${{ secrets.MOBILE_DEV_CLOUD_TOKEN }} | |
| instrumentation-tests: | |
| runs-on: ubuntu-20.04 | |
| needs: [code-quality] | |
| timeout-minutes: 20 | |
| strategy: | |
| matrix: | |
| feature: [ 'facts', 'search' ] | |
| steps: | |
| - name: Project Checkout | |
| uses: actions/[email protected] | |
| - name: Fetch Instrumentation artefacts | |
| uses: actions/[email protected] | |
| - name: Install asdf | |
| uses: asdf-vm/actions/[email protected] | |
| - name: Install local CLI tooling | |
| run: ./scripts/setup-asdf.sh | |
| - name: Setup Android Build | |
| uses: ./.github/actions/setup-android-build | |
| - name: Run instrumentation tests | |
| run: ./gradlew features:${{ matrix.feature }}:testDebugWithEmulatorWtf | |
| env: | |
| EW_API_TOKEN: ${{ secrets.EMULATOR_WTF_TOKEN }} | |
| - name: Archive test results | |
| if: always() | |
| uses: actions/[email protected] | |
| with: | |
| name: ${{ matrix.feature }}-instrumentation-tests-reports | |
| path: features/${{ matrix.feature }}/build/test-results | |
| security-analysis: | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 25 | |
| needs: assemble-apk | |
| steps: | |
| - name: Project Checkout | |
| uses: actions/[email protected] | |
| with: | |
| fetch-depth: 0 | |
| - name: Check leaking secrets on source files | |
| uses: trufflesecurity/[email protected] | |
| with: | |
| path: ./ | |
| base: ${{ github.event.repository.default_branch }} | |
| head: HEAD | |
| extra_args: --debug --only-verified | |
| - name: Validate Gradle Wrapper | |
| uses: gradle/[email protected] | |
| - name: Setup Android Build | |
| uses: ./.github/actions/setup-android-build | |
| - name: Report security issues to Github | |
| uses: mikepenz/[email protected] | |
| with: | |
| gradle-build-module: ":app" | |
| - name: Fetch APK from previous build | |
| uses: actions/[email protected] | |
| - name: Analyse APK with AppSweep | |
| uses: guardsquare/appsweep-action@main | |
| env: | |
| APPSWEEP_API_KEY: ${{ secrets.APP_SWEEP_TOKEN }} | |
| COMMIT_HASH: ${{ steps.vars.outputs.sha_short }} | |
| INPUT_FILE: release-apk/app-release.apk | |
| MAPPING_FILE: release-mappings/mapping.txt | |
| app-size-analysis: | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 10 | |
| needs: assemble-apk | |
| steps: | |
| - name: Fetch Instrumentation artefacts | |
| uses: actions/[email protected] | |
| - name: Upload to EmergeTools | |
| uses: EmergeTools/[email protected] | |
| with: | |
| artifact_path: release-apk/app-release.apk | |
| emerge_api_key: ${{ secrets.EMERGETOOLS_API_KEY }} | |
| build_type: release | |
| test-results-analysis: | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 25 | |
| needs: [unit-tests, instrumentation-tests, functional-tests] | |
| steps: | |
| - name: Project Checkout | |
| uses: actions/[email protected] | |
| - name: Fetch all artefacts | |
| uses: actions/[email protected] | |
| - name: Copy all test results | |
| run: mkdir all-reports && mv *-tests-reports/ all-reports | |
| - name: Report test results | |
| uses: dorny/[email protected] | |
| with: | |
| name: 'Test Reports' | |
| reporter: java-junit | |
| path: all-reports/**/*.xml |