ABW-2488 - Refactor around dApp Login Auth and UnAuth #3355
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Test and build" | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
permissions: | |
id-token: write | |
contents: read | |
pull-requests: read | |
jobs: | |
cancel: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
pull-requests: read | |
actions: write | |
steps: | |
- name: Cancel Previous Runs | |
uses: RDXWorks-actions/cancel-workflow-action@main | |
snyk_scan_deps_licences: | |
name: "Snyk deps/licenses" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- name: Fetch Snyk credentials | |
uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
with: | |
role_name: '${{ secrets.COMMON_SECRETS_READ_IAM_ROLE }}' | |
app_name: 'wallet-android' | |
step_name: 'snyk-licenses' | |
secret_prefix: 'SNYK' | |
secret_name: "github-actions/common/snyk-credentials" | |
parse_json: true | |
- name: Run Snyk to check for deps vulnerabilities | |
uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master | |
with: | |
args: --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} --severity-threshold=high | |
env: | |
SNYK_TOKEN: ${{ env.SNYK_TOKEN }} | |
snyk_scan_code: | |
name: "Snyk code" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- name: Fetch Snyk credentials | |
uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
with: | |
role_name: '${{ secrets.COMMON_SECRETS_READ_IAM_ROLE }}' | |
app_name: 'wallet-android' | |
step_name: 'snyk-licenses' | |
secret_prefix: 'SNYK' | |
secret_name: "github-actions/common/snyk-credentials" | |
parse_json: true | |
- name: Run Snyk to check for code vulnerabilities | |
uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master | |
with: | |
args: --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} --severity-threshold=high | |
command: code test | |
env: | |
SNYK_TOKEN: ${{ env.SNYK_TOKEN }} | |
snyk_sbom: | |
name: "Snyk SBOM" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- name: Fetch Snyk credentials | |
uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
with: | |
role_name: '${{ secrets.COMMON_SECRETS_READ_IAM_ROLE }}' | |
app_name: 'wallet-android' | |
step_name: 'snyk-licenses' | |
secret_prefix: 'SNYK' | |
secret_name: "github-actions/common/snyk-credentials" | |
parse_json: true | |
- name: Generate SBOM # check SBOM can be generated but nothing is done with it | |
uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master | |
with: | |
args: --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json | |
command: sbom | |
env: | |
SNYK_TOKEN: ${{ env.SNYK_TOKEN }} | |
unit_tests: | |
name: "Unit tests" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- uses: RDXWorks-actions/setup-java@main | |
with: | |
distribution: 'zulu' # See 'Supported distributions' for available options | |
java-version: '17' | |
- name: Fetch GPR credentials | |
uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
with: | |
role_name: '${{ secrets.ANDROID_WALLET_SECRETS_READ_IAM_ROLE }}' | |
app_name: 'wallet-android' | |
step_name: 'sonar' | |
secret_prefix: 'GH' | |
secret_name: "github-actions/radixdlt/babylon-wallet-android/gpr-credentials" | |
parse_json: true | |
- name: "Run unit tests" | |
run: ./gradlew testDebugUnitTest | |
env: | |
GPR_USER: ${{ env.GH_GPR_USER }} | |
GPR_TOKEN: ${{ env.GH_GPR_TOKEN }} | |
static_analysis: | |
name: "Static analysis and SonarCloud" | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
with: | |
fetch-depth: 0 | |
- uses: RDXWorks-actions/setup-java@main | |
with: | |
distribution: 'zulu' # See 'Supported distributions' for available options | |
java-version: '17' | |
- name: Fetch GPR credentials | |
uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
with: | |
role_name: '${{ secrets.ANDROID_WALLET_SECRETS_READ_IAM_ROLE }}' | |
app_name: 'wallet-android' | |
step_name: 'sonar' | |
secret_prefix: 'GH' | |
secret_name: "github-actions/radixdlt/babylon-wallet-android/gpr-credentials" | |
parse_json: true | |
- name: Fetch Sonar token | |
uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
with: | |
role_name: '${{ secrets.ANDROID_WALLET_SECRETS_READ_IAM_ROLE }}' | |
app_name: 'wallet-android' | |
step_name: 'sonar-1' | |
secret_prefix: 'GH' | |
secret_name: "github-actions/radixdlt/babylon-wallet-android/sonar-token" | |
parse_json: true | |
- name: Export vars | |
run: | | |
echo "GPR_USER=${{ env.GH_GPR_USER }}" >> $GITHUB_ENV | |
echo "GPR_TOKEN=${{ env.GH_GPR_TOKEN }}" >> $GITHUB_ENV | |
echo "SONAR_TOKEN=${{ env.GH_SONAR_TOKEN }}" >> $GITHUB_ENV | |
- name: "Run detekt" | |
run: | | |
env | |
./gradlew detektMain | |
- name: "Run jacoco" | |
run: | | |
./gradlew jacocoTestReport | |
- name: "Run Sonarcloud" | |
run: | | |
./gradlew sonarqube | |
build: | |
name: "Build" | |
runs-on: ubuntu-latest | |
needs: | |
# - unit_tests | |
# - static_analysis | |
- snyk_scan_deps_licences | |
- snyk_scan_code | |
- snyk_sbom | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- name: Dump context | |
uses: RDXWorks-actions/ghaction-dump-context@master | |
- uses: RDXWorks-actions/setup-java@main | |
with: | |
distribution: 'zulu' # See 'Supported distributions' for available options | |
java-version: '17' | |
- name: Fetch GPR credentials | |
uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
with: | |
role_name: '${{ secrets.ANDROID_WALLET_SECRETS_READ_IAM_ROLE }}' | |
app_name: 'wallet-android' | |
step_name: 'build' | |
secret_prefix: 'GH' | |
secret_name: "github-actions/radixdlt/babylon-wallet-android/gpr-credentials" | |
parse_json: true | |
- name: "Build" | |
run: | | |
./gradlew assembleDebug | |
env: | |
GPR_USER: ${{ env.GH_GPR_USER }} | |
GPR_TOKEN: ${{ env.GH_GPR_TOKEN }} | |
snyk_online_monitor: | |
name: "Snyk monitoring" | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
needs: | |
- build | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- name: Fetch Snyk credentials | |
uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
with: | |
role_name: '${{ secrets.COMMON_SECRETS_READ_IAM_ROLE }}' | |
app_name: 'wallet-android' | |
step_name: 'snyk-licenses' | |
secret_prefix: 'SNYK' | |
secret_name: "github-actions/common/snyk-credentials" | |
parse_json: true | |
- name: Enable Snyk online monitoring to check for vulnerabilities | |
uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master | |
with: | |
args: --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} | |
command: monitor | |
env: | |
SNYK_TOKEN: ${{ env.SNYK_TOKEN }} |