Android - Audit dependencies #2827
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Android - Audit dependencies | |
| on: | |
| pull_request: | |
| paths: | |
| - .github/workflows/android-audit.yml | |
| - android/gradle/verification-metadata.xml | |
| - android/scripts/update-lockfile.sh | |
| # libs.versions.toml and *.kts are necessary to ensure that the verification-metadata.xml is up-to-date | |
| # with our dependency usage due to the dependency verification not working as expected when keys are | |
| # specified for dependencies (DROID-1425). | |
| - android/gradle/libs.versions.toml | |
| - android/**/*.kts | |
| schedule: | |
| # At 06:20 UTC every day. | |
| # Notifications for scheduled workflows are sent to the user who last modified the cron | |
| # syntax in the workflow file. If you update this you must have notifications for | |
| # Github Actions enabled, so these don't go unnoticed. | |
| # https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/notifications-for-workflow-runs | |
| - cron: '20 6 * * *' | |
| workflow_dispatch: | |
| inputs: | |
| override_container_image: | |
| description: Override container image | |
| type: string | |
| required: false | |
| permissions: {} | |
| jobs: | |
| prepare: | |
| name: Prepare | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Use custom container image if specified | |
| if: ${{ github.event.inputs.override_container_image != '' }} | |
| run: echo "inner_container_image=${{ github.event.inputs.override_container_image }}" | |
| >> $GITHUB_ENV | |
| - name: Use default container image and resolve digest | |
| if: ${{ github.event.inputs.override_container_image == '' }} | |
| run: echo "inner_container_image=$(cat ./building/android-container-image.txt)" >> $GITHUB_ENV | |
| outputs: | |
| container_image: ${{ env.inner_container_image }} | |
| ensure-clean-lockfile: | |
| needs: prepare | |
| name: Ensure clean lockfile | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ${{ needs.prepare.outputs.container_image }} | |
| steps: | |
| # Fix for HOME path overridden by GH runners when building in containers, see: | |
| # https://github.com/actions/runner/issues/863 | |
| - name: Fix HOME path | |
| run: echo "HOME=/root" >> $GITHUB_ENV | |
| - name: Set locale | |
| run: echo "LC_ALL=C.UTF-8" >> $GITHUB_ENV | |
| - uses: actions/checkout@v4 | |
| - name: Fix git dir | |
| run: git config --global --add safe.directory $(pwd) | |
| - name: Create Android rustJniLibs dir | |
| run: mkdir -p android/app/build/rustJniLibs/android | |
| - name: Re-generate lockfile | |
| run: android/scripts/update-lockfile.sh | |
| - name: Ensure no changes | |
| run: git diff --exit-code |