Skip to content

[MOSIP-42820] Updated build.gradle #576

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Ivanmeneges wants to merge 14 commits into from
Closed

[MOSIP-42820] Updated build.gradle #576

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
5accc60
[MOSIP-42820] Updated build.gradle
Ivanmeneges Sep 12, 2025
315733a
[MOSIP-42820] Update build.gradle
Ivanmeneges Sep 12, 2025
de06846
[MOSIP-42820] Updated pull request build-android.yml
Ivanmeneges Sep 16, 2025
3cbfb83
[MOSIP-42820] Updated server base build-android.yml
Ivanmeneges Sep 16, 2025
671964a
Merge branch 'mosip:develop' into develop
Ivanmeneges Sep 25, 2025
a0c8e0d
Updated serverbase url and checks
Ivanmeneges Sep 29, 2025
7cf6476
Merge branch 'mosip:develop' into develop
Ivanmeneges Sep 30, 2025
1b9856f
[DSD-42820] Server base URL updated with pre checks in push_trigger.yml
Ivanmeneges Sep 30, 2025
0615a63
[MOS-9645] Updated DCO checks in push_trigger.yml
Ivanmeneges Oct 13, 2025
63e2877
Merge branch 'mosip:develop' into develop
Ivanmeneges Oct 13, 2025
cf405e1
[MOSIP-42820] Updated properties for checks
Ivanmeneges Oct 13, 2025
ca5e89d
Merge branch 'mosip:develop' into develop
Ivanmeneges Nov 24, 2025
ee10a3a
[MOSIP-42820] Enabled pre checks in push_trigger.yml
Ivanmeneges Nov 24, 2025
2e1001b
Updated “serverBaseURL” should be dynamic
Ivanmeneges Nov 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 18 additions & 3 deletions .github/workflows/build-android.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,30 @@ name: Build Android Registration-Client

on:
workflow_dispatch:
inputs:
defaultServerBaseURL:
description: 'Enter serverBaseURL for APK'
required: true
default: "https://api.default.example.com"
type: string
Comment thread
coderabbitai[bot] marked this conversation as resolved.
pull_request:
types: [opened, reopened, synchronize]
push:
branches:
- release*
- 'release*'
- develop

jobs:
build:
runs-on: ubuntu-latest

env:
SERVER_BASE_URL: ${{ github.event.inputs.defaultServerBaseURL || 'https://api.default.example.com' }}
steps:
- name: Checkout code
uses: actions/checkout@v2
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Update outdated actions/checkout to v4.

The actions/checkout@v2 action (line 24) is deprecated and no longer maintained. Update to the latest stable version (v4) to ensure security patches and compatibility with current GitHub Actions runners.

      - name: Checkout code
-       uses: actions/checkout@v2
+       uses: actions/checkout@v4
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
uses: actions/checkout@v2
- name: Checkout code
uses: actions/checkout@v4
🧰 Tools
🪛 actionlint (1.7.8)

24-24: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
In .github/workflows/build-android.yml around line 24, the workflow uses
actions/checkout@v2 which is outdated; update the reference to
actions/checkout@v4. Edit the workflow file to replace the version tag for the
checkout action from v2 to v4 (or use the full major tag actions/checkout@v4) to
pick up the latest maintained release, then run or validate the workflow to
ensure no breaking changes affect downstream steps.

- name: Replace serverBaseURL
run: |
find android -type f -name "build.gradle*" -print0 \
| xargs -0 sed -i "s#api-internal.sandbox.xyz.net#${SERVER_BASE_URL}#g"
Comment on lines +11 to +28
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

⚠️ Critical: SERVER_BASE_URL environment variable will be empty for pull_request and push events.

The environment variable SERVER_BASE_URL (line 21) references github.event.inputs.defaultServerBaseURL, which only exists during workflow_dispatch events. The pull_request trigger added on lines 11–12 and the existing push trigger (line 13) will cause the "Replace serverBaseURL" step (lines 25–28) to execute with an empty $SERVER_BASE_URL, resulting in sed replacing all occurrences of api-internal.sandbox.xyz.net with an empty string and corrupting the build.gradle files.

Add a conditional to guard the sed step or provide a proper fallback for non-workflow_dispatch events:

      - name: Replace serverBaseURL
+       if: github.event_name == 'workflow_dispatch'
        run: |
          find android -type f -name "build.gradle*" -print0 \
          | xargs -0 sed -i "s#api-internal.sandbox.xyz.net#${SERVER_BASE_URL}#g"

Alternatively, define SERVER_BASE_URL with a proper conditional or default based on the event type:

      env:
-       SERVER_BASE_URL: ${{ github.event.inputs.defaultServerBaseURL || 'https://api.default.example.com' }}
+       SERVER_BASE_URL: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.defaultServerBaseURL || 'https://api-internal.sandbox.xyz.net' }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
pull_request:
types: [opened, reopened, synchronize]
push:
branches:
- release*
- 'release*'
- develop
jobs:
build:
runs-on: ubuntu-latest
env:
SERVER_BASE_URL: ${{ github.event.inputs.defaultServerBaseURL || 'https://api.default.example.com' }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Replace serverBaseURL
run: |
find android -type f -name "build.gradle*" -print0 \
| xargs -0 sed -i "s#api-internal.sandbox.xyz.net#${SERVER_BASE_URL}#g"
pull_request:
types: [opened, reopened, synchronize]
push:
branches:
- 'release*'
- develop
jobs:
build:
runs-on: ubuntu-latest
env:
SERVER_BASE_URL: ${{ github.event.inputs.defaultServerBaseURL || 'https://api.default.example.com' }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Replace serverBaseURL
if: github.event_name == 'workflow_dispatch'
run: |
find android -type f -name "build.gradle*" -print0 \
| xargs -0 sed -i "s#api-internal.sandbox.xyz.net#${SERVER_BASE_URL}#g"
Suggested change
pull_request:
types: [opened, reopened, synchronize]
push:
branches:
- release*
- 'release*'
- develop
jobs:
build:
runs-on: ubuntu-latest
env:
SERVER_BASE_URL: ${{ github.event.inputs.defaultServerBaseURL || 'https://api.default.example.com' }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Replace serverBaseURL
run: |
find android -type f -name "build.gradle*" -print0 \
| xargs -0 sed -i "s#api-internal.sandbox.xyz.net#${SERVER_BASE_URL}#g"
pull_request:
types: [opened, reopened, synchronize]
push:
branches:
- 'release*'
- develop
jobs:
build:
runs-on: ubuntu-latest
env:
SERVER_BASE_URL: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.defaultServerBaseURL || 'https://api-internal.sandbox.xyz.net' }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Replace serverBaseURL
run: |
find android -type f -name "build.gradle*" -print0 \
| xargs -0 sed -i "s#api-internal.sandbox.xyz.net#${SERVER_BASE_URL}#g"
🧰 Tools
🪛 actionlint (1.7.8)

24-24: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
In .github/workflows/build-android.yml around lines 11 to 28, the
SERVER_BASE_URL env uses github.event.inputs.defaultServerBaseURL which is only
set for workflow_dispatch, so for pull_request and push events it will be empty
and sed will erase hostnames in build.gradle files; update the workflow to
either skip the "Replace serverBaseURL" step when SERVER_BASE_URL is empty or
set a safe default per event type — implement a conditional around the step
(e.g., run only if github.event_name == 'workflow_dispatch' or if env var is
non-empty) or compute SERVER_BASE_URL using an expression that falls back to a
fixed default when github.event.inputs.defaultServerBaseURL is undefined,
ensuring sed only runs with a valid non-empty replacement.

- name: Setup java 17
uses: actions/setup-java@v2
with:
Expand All @@ -38,6 +50,9 @@ jobs:
# - name: Flutter test
# run: flutter test

- name: Make gradlew executable
run: chmod +x android/gradlew

- name: Decode android/app/arc-local-keystore.jks
run: echo "${{ secrets.JKS_PRIVATE_SECRET }}" | base64 --decode > android/app/arc-local-keystore.jks

Expand Down
89 changes: 74 additions & 15 deletions .github/workflows/push_trigger.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,13 @@
name: Android Registration-Client Build


on:
workflow_dispatch:
inputs:
serverBaseURL:
description: "Enter the Server Base URL (e.g. api-internal.qacore.mosip.net)"
required: true
default: "api-internal.qacore.mosip.net"
Comment on lines +4 to +9
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

⚠️ Unresolved: serverBaseURL default still mismatches build configuration.

The workflow_dispatch input defaults to "api-internal.qacore.mosip.net" (line 9), but previous reviews flagged that android/build.gradle uses "https://api-internal.sandbox.xyz.net". This inconsistency remains unaddressed. Please either:

  • Align the default to match build.gradle: "https://api-internal.sandbox.xyz.net", or
  • Document which environment (QA vs sandbox) should be used and clarify in code comments.

🏁 Script executed:

#!/bin/bash
# Find build.gradle files in the repository
fd -t f 'build\.gradle' | head -20

Length of output: 221

🏁 Script executed:

#!/bin/bash
# Search for serverBaseURL references in the codebase
rg -n 'serverBaseURL' --type gradle --type yaml

Length of output: 308

🏁 Script executed:

#!/bin/bash
# Examine the full push_trigger.yml workflow file to understand context
cat .github/workflows/push_trigger.yml | head -150

Length of output: 3369

🔴 Critical: sed command breaks on push events; inputs unavailable outside workflow_dispatch.

The sed command at line 79 uses ${{ github.event.inputs.serverBaseURL }}, which is only populated by workflow_dispatch. However, the workflow also triggers on push (line 10) and pull_request (line 21), where inputs are empty. This causes sed to replace api-internal.sandbox.xyz.net with an empty string, corrupting the build.gradle file.

Fix: Either conditionally run the sed step only on workflow_dispatch, or restructure the workflow to avoid using inputs on push/pull_request triggers:

- name: Update serverBaseURL
  if: github.event_name == 'workflow_dispatch'
  run: find . -type f -name "*build.gradle" -print0 | xargs -0 sed -i "s/api-internal.sandbox.xyz.net/${{ github.event.inputs.serverBaseURL }}/g"

Alternatively, provide a fallback value for push events or remove the push trigger if only manual workflow_dispatch is intended.

🤖 Prompt for AI Agents 
In .github/workflows/push_trigger.yml around lines 4-9 (and the sed step at
~line 79), the sed command uses ${{ github.event.inputs.serverBaseURL }} which
is only populated for workflow_dispatch and will be empty on push/pull_request,
causing an accidental replacement; fix by restricting the sed step to run only
for workflow_dispatch events (add an if: github.event_name ==
'workflow_dispatch' to that step) or alternatively provide a safe
fallback/default value or environment variable for serverBaseURL when the event
is not workflow_dispatch so the sed replacement never substitutes an empty
string.


push:
branches:
- '!release-branch'
Expand All @@ -12,60 +18,113 @@ on:
- sprint-*
- main

pull_request:
branches:
- '!release-branch'
- release-*
- master
- develop
- sprint-*
- main

jobs:

dco:
name: DCO Check
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: DCO Check
uses: DCOapp/action@v1.3.5

codeql:
name: CodeQL Analysis
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'java', 'javascript' ]
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2

build-android:
name: Android Registration-Client Build
needs: [dco, codeql]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Checkout code
uses: actions/checkout@v3
- name: Install npm dependencies
run: |
npm install
- name: Updating serverBaseURL.
- name: Update serverBaseURL
run: |
find . -type f -name "*build.gradle" -print0 | xargs -0 sed -i "s/api-internal.sandbox.xyz.net/${{ github.event.inputs.defaultServerBaseURL }}/g"
find . -type f -name "*build.gradle" -print0 | xargs -0 sed -i "s/api-internal.sandbox.xyz.net/${{ github.event.inputs.serverBaseURL }}/g"
- name: Build Android Registration-Client
run: |
cd client
chmod +x gradlew
./gradlew assembleDebug
ls app/build/outputs/apk/debug
Comment on lines +77 to 85
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Critical: serverBaseURL input is unavailable during push events.

Line 70's sed replacement uses ${{ github.event.inputs.serverBaseURL }}, but github.event.inputs is only populated for workflow_dispatch events. During push events, this variable is empty, causing the sed command to replace api-internal.sandbox.xyz.net with an empty string, which will break the build.

To fix this, either:

  1. Provide a default value in the sed command using bash parameter expansion: ${{ github.event.inputs.serverBaseURL || 'api-internal.sandbox.xyz.net' }}
  2. Or conditionally run this step only on workflow_dispatch events using if: github.event_name == 'workflow_dispatch'

Apply this diff to safely handle missing input:

      - name: Update serverBaseURL
         run: |
-          find . -type f -name "*build.gradle" -print0 | xargs -0 sed -i "s/api-internal.sandbox.xyz.net/${{ github.event.inputs.serverBaseURL }}/g"
+          find . -type f -name "*build.gradle" -print0 | xargs -0 sed -i "s/api-internal.sandbox.xyz.net/${{ github.event.inputs.serverBaseURL || 'api-internal.sandbox.xyz.net' }}/g"

Alternatively, make this step conditional:

+     - name: Update serverBaseURL
+       if: github.event_name == 'workflow_dispatch'
         run: |
           find . -type f -name "*build.gradle" -print0 | xargs -0 sed -i "s/api-internal.sandbox.xyz.net/${{ github.event.inputs.serverBaseURL }}/g"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Update serverBaseURL
run: |
find . -type f -name "*build.gradle" -print0 | xargs -0 sed -i "s/api-internal.sandbox.xyz.net/${{ github.event.inputs.defaultServerBaseURL }}/g"
find . -type f -name "*build.gradle" -print0 | xargs -0 sed -i "s/api-internal.sandbox.xyz.net/${{ github.event.inputs.serverBaseURL }}/g"
- name: Build Android Registration-Client
run: |
cd client
chmod +x gradlew
./gradlew assembleDebug
ls app/build/outputs/apk/debug
- name: Update serverBaseURL
run: |
find . -type f -name "*build.gradle" -print0 | xargs -0 sed -i "s/api-internal.sandbox.xyz.net/${{ github.event.inputs.serverBaseURL || 'api-internal.sandbox.xyz.net' }}/g"
- name: Build Android Registration-Client
run: |
cd client
chmod +x gradlew
./gradlew assembleDebug
ls app/build/outputs/apk/debug
🤖 Prompt for AI Agents 
In .github/workflows/push_trigger.yml around lines 68-76 the sed replacement
uses `${{ github.event.inputs.serverBaseURL }}` which is empty on push events
and wipes out the host; change the step to either (A) keep it for all events but
use a safe default when the input is missing by using bash/GitHub expressions to
fall back to the original host (e.g. expand the variable with a default in the
sed command), or (B) restrict the step to only run on workflow_dispatch by
adding an if condition (`if: github.event_name == 'workflow_dispatch'`) so the
replacement never runs during push; implement one of these fixes and verify the
build step still finds a valid serverBaseURL.

find -name '*.apk'
- name: Upload Artifact
- name: Upload APK Artifact
uses: actions/upload-artifact@v4
with:
name: apk-output
path: ./client/app/build/outputs/apk/debug/app-debug.apk
retention-days: 5

build:
name: sonar-analysis
sonar-analysis:
name: SonarQube Analysis
needs: [build-android]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
fetch-depth: 0

- name: Set up JDK 11
uses: actions/setup-java@v1
uses: actions/setup-java@v3
with:
java-version: 11
java-version: '11'

- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar

- name: Cache Gradle packages
uses: actions/cache@v4
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: ${{ runner.os }}-gradle
- name: Build and analyze

- name: Build and Sonar Analysis
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
cd client
chmod +x gradlew
./gradlew build test testDebugUnitTestCoverage sonarqube --info --warning-mode all
./gradlew build sonarqube --info --warning-mode all
2 changes: 1 addition & 1 deletion android/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ ext {
clientmanagerLibVersionCode = 1
clientmanagerLibVersionName = "\"1.0.0\""

serverBaseURL = "\"https://api-internal.qa-base.mosip.net\""
serverBaseURL = "\"https://api-internal.sandbox.xyz.net\""
serverHealthCheckPath = "\"/v1/syncdata/actuator/health\""
serverActuatorInfoPath = "\"/v1/syncdata/actuator/info\""
debugPassword = "\"APTyKejHxACQyKBSRciR\""
Expand Down
Loading