From cca1945cd7a3d64d0780bb1e7cdcdecf364258c8 Mon Sep 17 00:00:00 2001 From: Ivanmeneges Date: Thu, 11 Dec 2025 16:53:13 +0530 Subject: [PATCH 1/3] [MOSIP-42820] Refactor GitHub Actions workflow for manual build Updated workflow to trigger manually and added DCO validation. Signed-off-by: Ivanmeneges --- .github/workflows/push_trigger.yml | 133 ++++++++++------------------- 1 file changed, 46 insertions(+), 87 deletions(-) diff --git a/.github/workflows/push_trigger.yml b/.github/workflows/push_trigger.yml index 8b8faf36a..5fabe252b 100644 --- a/.github/workflows/push_trigger.yml +++ b/.github/workflows/push_trigger.yml @@ -1,123 +1,82 @@ -name: Android Registration-Client Build +name: Android Registration-Client Manual Build on: - push: - branches: - - '!release-branch' - - release-* - - master - - 1.* - - develop - - sprint-* - - main - - pull_request: - branches: - - master - - main - - "release-*" - - "sprint-*" + workflow_dispatch: + inputs: + serverBaseURL: + description: "Enter Server Base URL" + required: true + default: "api-internal.sandbox.xyz.net" jobs: - codeql: + + dco-check: + name: DCO Validation + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: DCO Check + uses: docker://ghcr.io/viperproject/dco-check:latest + with: + args: "--signoff" + + codeql: name: CodeQL Security Analysis runs-on: ubuntu-latest + needs: dco-check permissions: contents: read security-events: write steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: - languages: "java" + languages: java + queries: +security-extended - - name: Build for CodeQL - run: ./gradlew build || true + - name: Build for CodeQL (Android/Flutter) + run: | + cd client/android + chmod +x gradlew + ./gradlew assembleDebug || true + ./gradlew assembleRelease || true - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 - build: - name: Android Build Check - runs-on: ubuntu-latest - needs: [codeql] - steps: - - uses: actions/checkout@v3 - - - name: Setup Java 17 - uses: actions/setup-java@v3 - with: - distribution: zulu - java-version: "17" - - - name: Setup Flutter - uses: subosito/flutter-action@v2 - with: - flutter-version: "3.10.4" - - - name: Install Dependencies - run: flutter pub get - - - name: Build APK (Debug) - run: flutter build apk --debug - build-android: + name: Build APK runs-on: ubuntu-latest + needs: [codeql] + steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 + - name: Install npm dependencies + run: npm install + + - name: Replace serverBaseURL dynamically run: | - npm install - - name: Updating serverBaseURL. - run: | - find . -type f -name "*build.gradle" -print0 | xargs -0 sed -i "s/api-internal.sandbox.xyz.net/${{ github.event.inputs.defaultServerBaseURL }}/g" - - name: Build Android Registration-Client + find . -type f -name "*build.gradle" -print0 | \ + xargs -0 sed -i "s|api-internal.sandbox.xyz.net|${{ github.event.inputs.serverBaseURL }}|g" + + - name: Build APK run: | cd client chmod +x gradlew ./gradlew assembleDebug ls app/build/outputs/apk/debug find -name '*.apk' - - name: Upload Artifact + + - name: Upload Artifact (APK) uses: actions/upload-artifact@v4 with: - name: apk-output + name: android-apk path: ./client/app/build/outputs/apk/debug/app-debug.apk retention-days: 5 - - Sonarbuild: - name: sonar-analysis - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: 11 - - name: Cache SonarCloud packages - uses: actions/cache@v4 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - name: Cache Gradle packages - uses: actions/cache@v4 - with: - path: ~/.gradle/caches - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} - restore-keys: ${{ runner.os }}-gradle - - name: Build and analyze - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - cd client - chmod +x gradlew - ./gradlew build test testDebugUnitTestCoverage sonarqube --info --warning-mode all - ./gradlew build sonarqube --info --warning-mode all From c2dc4dfa5c7ba5b163ac27d9f21448dc8276bbf9 Mon Sep 17 00:00:00 2001 From: Ivanmeneges Date: Thu, 11 Dec 2025 16:58:12 +0530 Subject: [PATCH 2/3] Refactor GitHub Actions workflow for Android build Signed-off-by: Ivanmeneges --- .github/workflows/push_trigger.yml | 44 +++++++++++++++++++----------- 1 file changed, 28 insertions(+), 16 deletions(-) diff --git a/.github/workflows/push_trigger.yml b/.github/workflows/push_trigger.yml index 5fabe252b..34682e0b8 100644 --- a/.github/workflows/push_trigger.yml +++ b/.github/workflows/push_trigger.yml @@ -1,4 +1,4 @@ -name: Android Registration-Client Manual Build +name: ARC Build With Pre-Checks on: workflow_dispatch: @@ -17,13 +17,14 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - - name: DCO Check + + - name: Validate DCO uses: docker://ghcr.io/viperproject/dco-check:latest with: args: "--signoff" codeql: - name: CodeQL Security Analysis + name: CodeQL Security Scan runs-on: ubuntu-latest needs: dco-check permissions: @@ -38,22 +39,34 @@ jobs: uses: github/codeql-action/init@v3 with: languages: java - queries: +security-extended - - name: Build for CodeQL (Android/Flutter) + - name: Build for CodeQL (Android) run: | - cd client/android + cd client chmod +x gradlew - ./gradlew assembleDebug || true - ./gradlew assembleRelease || true + ./gradlew compileDebugSources || true - - name: Perform CodeQL Analysis + - name: Run CodeQL Analysis uses: github/codeql-action/analyze@v3 - build-android: + prebuild: + name: Pre-Build Validation + runs-on: ubuntu-latest + needs: codeql + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Validate Gradle Build (no tests) + run: | + cd client + chmod +x gradlew + ./gradlew clean assembleDebug --dry-run + + build-apk: name: Build APK runs-on: ubuntu-latest - needs: [codeql] + needs: prebuild steps: - uses: actions/checkout@v4 @@ -61,7 +74,7 @@ jobs: - name: Install npm dependencies run: npm install - - name: Replace serverBaseURL dynamically + - name: Replace serverBaseURL run: | find . -type f -name "*build.gradle" -print0 | \ xargs -0 sed -i "s|api-internal.sandbox.xyz.net|${{ github.event.inputs.serverBaseURL }}|g" @@ -72,11 +85,10 @@ jobs: chmod +x gradlew ./gradlew assembleDebug ls app/build/outputs/apk/debug - find -name '*.apk' - - name: Upload Artifact (APK) + - name: Upload APK uses: actions/upload-artifact@v4 with: - name: android-apk - path: ./client/app/build/outputs/apk/debug/app-debug.apk + name: arc-apk + path: client/app/build/outputs/apk/debug/app-debug.apk retention-days: 5 From 06bb1cc37d851fede0808fcb396fbd7843dd885e Mon Sep 17 00:00:00 2001 From: Ivanmeneges Date: Thu, 11 Dec 2025 17:00:45 +0530 Subject: [PATCH 3/3] Fix indentation for inputs in build-android.yml Signed-off-by: Ivanmeneges --- .github/workflows/build-android.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-android.yml b/.github/workflows/build-android.yml index 79e140f59..ff85129dd 100644 --- a/.github/workflows/build-android.yml +++ b/.github/workflows/build-android.yml @@ -2,7 +2,7 @@ name: Build Android Registration-Client on: workflow_dispatch: - inputs: + inputs: serverBaseURL: description: "Enter serverBaseURL for APK" required: true