[Oztechan/CCC#1457] Update sonarsource/sonarcloud-github-action actio… #8065
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CCC CI | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.ref }} | |
| cancel-in-progress: ${{ !contains(github.ref, 'develop')}} | |
| env: | |
| BASE_URL_BACKEND: ${{ secrets.BASE_URL_BACKEND }} | |
| BASE_URL_API: ${{ secrets.BASE_URL_API }} | |
| BASE_URL_API_PREMIUM: ${{ secrets.BASE_URL_API_PREMIUM }} | |
| API_KEY_PREMIUM: ${{ secrets.API_KEY_PREMIUM }} | |
| ANDROID_KEY_STORE_PATH: ${{ secrets.ANDROID_KEY_STORE_PATH }} | |
| ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }} | |
| ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }} | |
| ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }} | |
| RELEASE_ADVERTISEMENT_ID_GOOGLE: ${{ secrets.RELEASE_ADVERTISEMENT_ID_GOOGLE }} | |
| DEBUG_ADVERTISEMENT_ID_GOOGLE: ${{ secrets.DEBUG_ADVERTISEMENT_ID_GOOGLE }} | |
| RELEASE_ADVERTISEMENT_ID_HUAWEI: ${{ secrets.RELEASE_ADVERTISEMENT_ID_HUAWEI }} | |
| DEBUG_ADVERTISEMENT_ID_HUAWEI: ${{ secrets.DEBUG_ADVERTISEMENT_ID_HUAWEI }} | |
| GOOGLE_BANNER_AD_UNIT_ID_CALCULATOR_RELEASE: ${{ secrets.GOOGLE_BANNER_AD_UNIT_ID_CALCULATOR_RELEASE }} | |
| GOOGLE_BANNER_AD_UNIT_ID_SETTINGS_RELEASE: ${{ secrets.GOOGLE_BANNER_AD_UNIT_ID_SETTINGS_RELEASE }} | |
| GOOGLE_BANNER_AD_UNIT_ID_CURRENCIES_RELEASE: ${{ secrets.GOOGLE_BANNER_AD_UNIT_ID_CURRENCIES_RELEASE }} | |
| GOOGLE_INTERSTITIAL_AD_ID_RELEASE: ${{ secrets.GOOGLE_INTERSTITIAL_AD_ID_RELEASE }} | |
| GOOGLE_REWARDED_AD_UNIT_ID_RELEASE: ${{ secrets.GOOGLE_REWARDED_AD_UNIT_ID_RELEASE }} | |
| GOOGLE_BANNER_AD_UNIT_ID_CALCULATOR_DEBUG: ${{ secrets.GOOGLE_BANNER_AD_UNIT_ID_CALCULATOR_DEBUG }} | |
| GOOGLE_BANNER_AD_UNIT_ID_SETTINGS_DEBUG: ${{ secrets.GOOGLE_BANNER_AD_UNIT_ID_SETTINGS_DEBUG }} | |
| GOOGLE_BANNER_AD_UNIT_ID_CURRENCIES_DEBUG: ${{ secrets.GOOGLE_BANNER_AD_UNIT_ID_CURRENCIES_DEBUG }} | |
| GOOGLE_INTERSTITIAL_AD_ID_DEBUG: ${{ secrets.GOOGLE_INTERSTITIAL_AD_ID_DEBUG }} | |
| GOOGLE_REWARDED_AD_UNIT_ID_DEBUG: ${{ secrets.GOOGLE_REWARDED_AD_UNIT_ID_DEBUG }} | |
| HUAWEI_BANNER_AD_UNIT_ID_CALCULATOR_RELEASE: ${{ secrets.HUAWEI_BANNER_AD_UNIT_ID_CALCULATOR_RELEASE }} | |
| HUAWEI_BANNER_AD_UNIT_ID_SETTINGS_RELEASE: ${{ secrets.HUAWEI_BANNER_AD_UNIT_ID_SETTINGS_RELEASE }} | |
| HUAWEI_BANNER_AD_UNIT_ID_CURRENCIES_RELEASE: ${{ secrets.HUAWEI_BANNER_AD_UNIT_ID_CURRENCIES_RELEASE }} | |
| HUAWEI_INTERSTITIAL_AD_ID_RELEASE: ${{ secrets.HUAWEI_INTERSTITIAL_AD_ID_RELEASE }} | |
| HUAWEI_REWARDED_AD_UNIT_ID_RELEASE: ${{ secrets.HUAWEI_REWARDED_AD_UNIT_ID_RELEASE }} | |
| HUAWEI_BANNER_AD_UNIT_ID_CALCULATOR_DEBUG: ${{ secrets.HUAWEI_BANNER_AD_UNIT_ID_CALCULATOR_DEBUG }} | |
| HUAWEI_BANNER_AD_UNIT_ID_SETTINGS_DEBUG: ${{ secrets.HUAWEI_BANNER_AD_UNIT_ID_SETTINGS_DEBUG }} | |
| HUAWEI_BANNER_AD_UNIT_ID_CURRENCIES_DEBUG: ${{ secrets.HUAWEI_BANNER_AD_UNIT_ID_CURRENCIES_DEBUG }} | |
| HUAWEI_INTERSTITIAL_AD_ID_DEBUG: ${{ secrets.HUAWEI_INTERSTITIAL_AD_ID_DEBUG }} | |
| HUAWEI_REWARDED_AD_UNIT_ID_DEBUG: ${{ secrets.HUAWEI_REWARDED_AD_UNIT_ID_DEBUG }} | |
| APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} | |
| APP_STORE_CONNECT_KEY_CONTENT: ${{ secrets.APP_STORE_CONNECT_KEY_CONTENT }} | |
| APP_STORE_CONNECT_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }} | |
| IOS_GOOGLE_FIREBASE_APP_ID: ${{ secrets.IOS_GOOGLE_FIREBASE_APP_ID }} | |
| FIREBASE_CLI_TOKEN: ${{ secrets.FIREBASE_CLI_TOKEN }} | |
| GIT_AUTHORIZATION: ${{ secrets.GIT_AUTHORIZATION }} | |
| SECRET_PASSWORD: ${{ secrets.SECRET_PASSWORD }} | |
| MATCH_PASSWORD: ${{ secrets.SECRET_PASSWORD }} | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| FASTLANE_XCODEBUILD_SETTINGS_TIMEOUT: 5 | |
| FASTLANE_XCODEBUILD_SETTINGS_RETRIES: 5 | |
| CI: true | |
| jobs: | |
| GradleBuild: | |
| runs-on: macos-14 | |
| outputs: | |
| status: ${{ steps.status.outputs.status }} | |
| steps: | |
| - name: Setup Gradle Repo | |
| uses: Oztechan/Global/actions/[email protected] | |
| - name: Adding secret files | |
| run: | | |
| echo "${{ secrets.ANDROID_GPG_RELEASE_KEYSTORE }}" > release.keystore.asc | |
| gpg -d --passphrase "${{ secrets.SECRET_PASSWORD }}" --batch release.keystore.asc > android/app/release.keystore | |
| mkdir android/app/src/release | |
| echo "${{ secrets.RELEASE_GOOGLE_SERVICES_JSON_ASC }}" > google-services.json.asc | |
| gpg -d --passphrase "${{ secrets.SECRET_PASSWORD }}" --batch google-services.json.asc > android/app/src/release/google-services.json | |
| mkdir android/app/src/debug | |
| echo "${{ secrets.DEBUG_GOOGLE_SERVICES_JSON_ASC }}" > google-services.json.asc | |
| gpg -d --passphrase "${{ secrets.SECRET_PASSWORD }}" --batch google-services.json.asc > android/app/src/debug/google-services.json | |
| echo "${{ secrets.AG_CONNECT_SERVICES_JSON_ASC }}" > agconnect-services.json.asc | |
| gpg -d --passphrase "${{ secrets.SECRET_PASSWORD }}" --batch agconnect-services.json.asc > android/app/src/release/agconnect-services.json | |
| - name: Assemble | |
| run: ./gradlew assemble | |
| - name: Upload Android Artifacts | |
| uses: actions/[email protected] | |
| if: github.event_name == 'push' | |
| with: | |
| name: androidArtifacts | |
| path: | | |
| android/app/build/outputs/apk/google/release/app-google-release.apk | |
| android/app/build/outputs/apk/huawei/release/app-huawei-release.apk | |
| - name: Cancel other jobs if this fails | |
| if: failure() | |
| uses: andymckay/[email protected] | |
| - name: Set Job Status | |
| id: status | |
| run: echo "status=success" >> $GITHUB_OUTPUT | |
| DistributeAndroid: | |
| runs-on: ubuntu-22.04 | |
| needs: [ GradleBuild ] | |
| if: github.event_name == 'push' | |
| outputs: | |
| status: ${{ steps.status.outputs.status }} | |
| steps: | |
| - name: Clone Repo # Needed for reading commit message for Firebase App Distribution | |
| uses: actions/[email protected] | |
| - name: Download Android Artifacts | |
| uses: actions/[email protected] | |
| with: | |
| name: androidArtifacts | |
| - name: Firebase App Distribution Google | |
| uses: wzieba/[email protected] | |
| with: | |
| appId: ${{secrets.ANDROID_GOOGLE_FIREBASE_APP_ID}} | |
| token: ${{secrets.FIREBASE_CLI_TOKEN}} | |
| groups: QA | |
| file: google/release/app-google-release.apk | |
| - name: Firebase App Distribution Huawei | |
| uses: wzieba/[email protected] | |
| with: | |
| appId: ${{secrets.ANDROID_HUAWEI_FIREBASE_APP_ID}} | |
| token: ${{secrets.FIREBASE_CLI_TOKEN}} | |
| groups: QA | |
| file: huawei/release/app-huawei-release.apk | |
| - name: Delete Android Artifacts | |
| uses: geekyeggo/[email protected] | |
| with: | |
| name: androidArtifacts | |
| - name: Set Job Status | |
| id: status | |
| run: echo "status=success" >> $GITHUB_OUTPUT | |
| XCodeBuild: | |
| runs-on: macos-14 | |
| outputs: | |
| status: ${{ steps.status.outputs.status }} | |
| steps: | |
| - name: Setup Gradle Repo | |
| uses: Oztechan/Global/actions/[email protected] | |
| - name: Adding secret files | |
| run: | | |
| echo "${{ secrets.ANDROID_GPG_RELEASE_KEYSTORE }}" > release.keystore.asc | |
| gpg -d --passphrase "${{ secrets.SECRET_PASSWORD }}" --batch release.keystore.asc > android/app/release.keystore | |
| mkdir android/app/src/release | |
| echo "${{ secrets.RELEASE_GOOGLE_SERVICES_JSON_ASC }}" > google-services.json.asc | |
| gpg -d --passphrase "${{ secrets.SECRET_PASSWORD }}" --batch google-services.json.asc > android/app/src/release/google-services.json | |
| mkdir android/app/src/debug | |
| echo "${{ secrets.DEBUG_GOOGLE_SERVICES_JSON_ASC }}" > google-services.json.asc | |
| gpg -d --passphrase "${{ secrets.SECRET_PASSWORD }}" --batch google-services.json.asc > android/app/src/debug/google-services.json | |
| echo "${{ secrets.AG_CONNECT_SERVICES_JSON_ASC }}" > agconnect-services.json.asc | |
| gpg -d --passphrase "${{ secrets.SECRET_PASSWORD }}" --batch agconnect-services.json.asc > android/app/src/release/agconnect-services.json | |
| echo "${{ secrets.IOS_GPG_FIREBASE_CONFIG }}" > GoogleService-Info.plist.asc | |
| mkdir ios/CCC/Resources/Release | |
| gpg -d --passphrase "${{ secrets.SECRET_PASSWORD }}" --batch GoogleService-Info.plist.asc > ios/CCC/Resources/Release/GoogleService-Info.plist | |
| rm ios/CCC/Resources/Debug/GoogleService-Info.plist | |
| echo "${{ secrets.IOS_GPG_RELEASE_XCCONFIG }}" > Release.xcconfig.asc | |
| gpg -d --passphrase "${{ secrets.SECRET_PASSWORD }}" --batch Release.xcconfig.asc > ios/CCC/Resources/Release/Config.xcconfig | |
| - name: Build | |
| working-directory: ios | |
| run: fastlane build | |
| - name: Upload iOS Artifacts | |
| uses: actions/[email protected] | |
| if: github.event_name == 'push' | |
| with: | |
| name: iOSArtifacts | |
| path: | | |
| ios/CCC.ipa | |
| ios/CCC.app.dSYM.zip | |
| - name: Cancel other jobs if this fails | |
| if: failure() | |
| uses: andymckay/[email protected] | |
| - name: Set Job Status | |
| id: status | |
| run: echo "status=success" >> $GITHUB_OUTPUT | |
| DistributeIOS: | |
| runs-on: ubuntu-22.04 | |
| needs: [ XCodeBuild ] | |
| if: github.event_name == 'push' | |
| outputs: | |
| status: ${{ steps.status.outputs.status }} | |
| steps: | |
| - name: Clone Repo | |
| uses: actions/[email protected] | |
| - name: Download iOS IPA | |
| uses: actions/[email protected] | |
| with: | |
| name: iOSArtifacts | |
| path: ios | |
| # was necessary to use chown to fix permission issues in linux machines | |
| - name: Distribute | |
| working-directory: ios | |
| run: | | |
| sudo chown -R $(whoami) /var/lib/gems/3.0.0 | |
| fastlane distribute | |
| - name: Delete iOS IPA | |
| uses: geekyeggo/[email protected] | |
| with: | |
| name: iOSArtifacts | |
| - name: Set Job Status | |
| id: status | |
| run: echo "status=success" >> $GITHUB_OUTPUT | |
| Quality: | |
| runs-on: macos-14 | |
| outputs: | |
| status: ${{ steps.status.outputs.status }} | |
| steps: | |
| - name: Setup Gradle Repo | |
| uses: Oztechan/Global/actions/[email protected] | |
| - name: Run Quality Jobs | |
| run: ./gradlew check koverXmlReport --parallel | |
| - name: Upload Coverage Report | |
| uses: actions/[email protected] | |
| with: | |
| name: coverageReport | |
| path: build/reports/kover/report.xml | |
| - name: Cancel other jobs if this fails | |
| if: failure() | |
| uses: andymckay/[email protected] | |
| - name: Set Job Status | |
| id: status | |
| run: echo "status=success" >> $GITHUB_OUTPUT | |
| UploadQualityReports: | |
| runs-on: ubuntu-22.04 | |
| needs: [ Quality ] | |
| outputs: | |
| status: ${{ steps.status.outputs.status }} | |
| steps: | |
| - name: Clone Repo # Codecov requires it | |
| uses: actions/[email protected] | |
| - name: Download Coverage Report | |
| uses: actions/[email protected] | |
| with: | |
| name: coverageReport | |
| path: build | |
| - name: Upload coverage to Codecov | |
| uses: codecov/[email protected] | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: build/report.xml | |
| - name: Upload coverage to Codacy | |
| uses: codacy/[email protected] | |
| with: | |
| project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
| coverage-reports: build/report.xml | |
| - name: SonarCloud Scan | |
| uses: sonarsource/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.organization=oztechan | |
| -Dsonar.projectKey=Oztechan_CCC | |
| -Dsonar.coverage.jacoco.xmlReportPaths=build/report.xml | |
| - name: Delete Coverage Report | |
| uses: geekyeggo/[email protected] | |
| with: | |
| name: coverageReport | |
| - name: Set Job Status | |
| id: status | |
| run: echo "status=success" >> $GITHUB_OUTPUT | |
| CodeAnalysis: | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| status: ${{ steps.status.outputs.status }} | |
| steps: | |
| - name: Setup Gradle Repo | |
| uses: Oztechan/Global/actions/[email protected] | |
| - name: Detekt | |
| run: ./gradlew detektAll | |
| - name: SwiftLint | |
| uses: norio-nomura/[email protected] | |
| env: | |
| WORKING_DIRECTORY: ios | |
| with: | |
| args: --strict | |
| - name: Cancel other jobs if this fails | |
| if: failure() | |
| uses: andymckay/[email protected] | |
| - name: Set Job Status | |
| id: status | |
| run: echo "status=success" >> $GITHUB_OUTPUT | |
| Notify: | |
| runs-on: ubuntu-22.04 | |
| needs: [ GradleBuild, XCodeBuild, Quality, CodeAnalysis, DistributeAndroid, DistributeIOS, UploadQualityReports ] | |
| if: always() | |
| steps: | |
| - name: Notify slack fail | |
| if: false == (needs.GradleBuild.outputs.status == 'success') || | |
| false == (needs.XCodeBuild.outputs.status == 'success') || | |
| false == (needs.Quality.outputs.status == 'success') || | |
| false == (needs.CodeAnalysis.outputs.status == 'success') || | |
| false == (needs.UploadQualityReports.outputs.status == 'success') || | |
| (false == (needs.DistributeAndroid.outputs.status == 'success') && github.event_name == 'push') || | |
| (false == (needs.DistributeIOS.outputs.status == 'success') && github.event_name == 'push') | |
| uses: voxmedia/[email protected] | |
| with: | |
| channel: ccc-github | |
| status: FAILED | |
| color: danger |