Compute stake/pool preview guarantees state #3497
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Test and build" | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| cancel: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| actions: write | |
| steps: | |
| - name: Cancel Previous Runs | |
| uses: RDXWorks-actions/cancel-workflow-action@main | |
| snyk_scan_deps_licences: | |
| name: "Snyk deps/licenses" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: RDXWorks-actions/checkout@main | |
| - name: Fetch Snyk credentials | |
| uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
| with: | |
| role_name: '${{ secrets.COMMON_SECRETS_READ_IAM_ROLE }}' | |
| app_name: 'wallet-android' | |
| step_name: 'snyk-licenses' | |
| secret_prefix: 'SNYK' | |
| secret_name: "github-actions/common/snyk-credentials" | |
| parse_json: true | |
| - name: Run Snyk to check for deps vulnerabilities | |
| uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master | |
| with: | |
| args: --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} --severity-threshold=high | |
| env: | |
| SNYK_TOKEN: ${{ env.SNYK_TOKEN }} | |
| snyk_scan_code: | |
| name: "Snyk code" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: RDXWorks-actions/checkout@main | |
| - name: Fetch Snyk credentials | |
| uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
| with: | |
| role_name: '${{ secrets.COMMON_SECRETS_READ_IAM_ROLE }}' | |
| app_name: 'wallet-android' | |
| step_name: 'snyk-licenses' | |
| secret_prefix: 'SNYK' | |
| secret_name: "github-actions/common/snyk-credentials" | |
| parse_json: true | |
| - name: Run Snyk to check for code vulnerabilities | |
| uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master | |
| with: | |
| args: --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} --severity-threshold=high | |
| command: code test | |
| env: | |
| SNYK_TOKEN: ${{ env.SNYK_TOKEN }} | |
| snyk_sbom: | |
| name: "Snyk SBOM" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: RDXWorks-actions/checkout@main | |
| - name: Fetch Snyk credentials | |
| uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
| with: | |
| role_name: '${{ secrets.COMMON_SECRETS_READ_IAM_ROLE }}' | |
| app_name: 'wallet-android' | |
| step_name: 'snyk-licenses' | |
| secret_prefix: 'SNYK' | |
| secret_name: "github-actions/common/snyk-credentials" | |
| parse_json: true | |
| - name: Generate SBOM # check SBOM can be generated but nothing is done with it | |
| uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master | |
| with: | |
| args: --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json | |
| command: sbom | |
| env: | |
| SNYK_TOKEN: ${{ env.SNYK_TOKEN }} | |
| unit_tests: | |
| name: "Unit tests" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: RDXWorks-actions/checkout@main | |
| - uses: RDXWorks-actions/setup-java@main | |
| with: | |
| distribution: 'zulu' # See 'Supported distributions' for available options | |
| java-version: '17' | |
| - name: Fetch GPR credentials | |
| uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
| with: | |
| role_name: '${{ secrets.ANDROID_WALLET_SECRETS_READ_IAM_ROLE }}' | |
| app_name: 'wallet-android' | |
| step_name: 'unit-gpr' | |
| secret_prefix: 'GH' | |
| secret_name: "github-actions/radixdlt/babylon-wallet-android/gpr-credentials" | |
| parse_json: true | |
| - name: Fetch Crashlytics info | |
| uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
| with: | |
| role_name: '${{ secrets.ANDROID_WALLET_SECRETS_READ_IAM_ROLE }}' | |
| app_name: 'wallet-android' | |
| step_name: 'unit-crash' | |
| secret_prefix: 'GH' | |
| secret_name: "github-actions/radixdlt/babylon-wallet-android/crashlytics" | |
| parse_json: true | |
| - name: Decode Firebase Crashlytics json | |
| uses: timheuer/base64-to-file@48657ba25c726c2e3dcf02efa3639fff9b3d587e | |
| id: crashlytics_credentials | |
| with: | |
| fileName: "google-services.json" | |
| fileDir: "app/" | |
| encodedString: ${{ env.GH_CRASHLYTICS_GOOGLE_SERVICES_JSON_FILE_BASE64 }} | |
| - name: "Run unit tests" | |
| run: ./gradlew testDebugUnitTest | |
| env: | |
| GPR_USER: ${{ env.GH_GPR_USER }} | |
| GPR_TOKEN: ${{ env.GH_GPR_TOKEN }} | |
| static_analysis: | |
| name: "Static analysis and SonarCloud" | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - uses: RDXWorks-actions/checkout@main | |
| with: | |
| fetch-depth: 0 | |
| - uses: RDXWorks-actions/setup-java@main | |
| with: | |
| distribution: 'zulu' # See 'Supported distributions' for available options | |
| java-version: '17' | |
| - name: Fetch GPR credentials | |
| uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
| with: | |
| role_name: '${{ secrets.ANDROID_WALLET_SECRETS_READ_IAM_ROLE }}' | |
| app_name: 'wallet-android' | |
| step_name: 'sonar' | |
| secret_prefix: 'GH' | |
| secret_name: "github-actions/radixdlt/babylon-wallet-android/gpr-credentials" | |
| parse_json: true | |
| - name: Fetch Sonar token | |
| uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
| with: | |
| role_name: '${{ secrets.ANDROID_WALLET_SECRETS_READ_IAM_ROLE }}' | |
| app_name: 'wallet-android' | |
| step_name: 'sonar-1' | |
| secret_prefix: 'GH' | |
| secret_name: "github-actions/radixdlt/babylon-wallet-android/sonar-token" | |
| parse_json: true | |
| - name: Fetch Crashlytics info | |
| uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
| with: | |
| role_name: '${{ secrets.ANDROID_WALLET_SECRETS_READ_IAM_ROLE }}' | |
| app_name: 'wallet-android' | |
| step_name: 'static-crash' | |
| secret_prefix: 'GH' | |
| secret_name: "github-actions/radixdlt/babylon-wallet-android/crashlytics" | |
| parse_json: true | |
| - name: Decode Firebase Crashlytics json | |
| uses: timheuer/base64-to-file@48657ba25c726c2e3dcf02efa3639fff9b3d587e | |
| id: crashlytics_credentials | |
| with: | |
| fileName: "google-services.json" | |
| fileDir: "app/" | |
| encodedString: ${{ env.GH_CRASHLYTICS_GOOGLE_SERVICES_JSON_FILE_BASE64 }} | |
| - name: Export vars | |
| run: | | |
| echo "GPR_USER=${{ env.GH_GPR_USER }}" >> $GITHUB_ENV | |
| echo "GPR_TOKEN=${{ env.GH_GPR_TOKEN }}" >> $GITHUB_ENV | |
| echo "SONAR_TOKEN=${{ env.GH_SONAR_TOKEN }}" >> $GITHUB_ENV | |
| - name: "Run detekt" | |
| run: | | |
| env | |
| ./gradlew detektMain | |
| - name: "Run jacoco" | |
| run: | | |
| ./gradlew jacocoTestReport | |
| - name: "Run Sonarcloud" | |
| run: | | |
| ./gradlew sonarqube | |
| build: | |
| name: "Build" | |
| runs-on: ubuntu-latest | |
| needs: | |
| # - unit_tests | |
| # - static_analysis | |
| - snyk_scan_deps_licences | |
| - snyk_scan_code | |
| - snyk_sbom | |
| steps: | |
| - uses: RDXWorks-actions/checkout@main | |
| - name: Dump context | |
| uses: RDXWorks-actions/ghaction-dump-context@master | |
| - uses: RDXWorks-actions/setup-java@main | |
| with: | |
| distribution: 'zulu' # See 'Supported distributions' for available options | |
| java-version: '17' | |
| - name: Fetch GPR credentials | |
| uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
| with: | |
| role_name: '${{ secrets.ANDROID_WALLET_SECRETS_READ_IAM_ROLE }}' | |
| app_name: 'wallet-android' | |
| step_name: 'build' | |
| secret_prefix: 'GH' | |
| secret_name: "github-actions/radixdlt/babylon-wallet-android/gpr-credentials" | |
| parse_json: true | |
| - name: Fetch Crashlytics info | |
| uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
| with: | |
| role_name: '${{ secrets.ANDROID_WALLET_SECRETS_READ_IAM_ROLE }}' | |
| app_name: 'wallet-android' | |
| step_name: 'build-crash' | |
| secret_prefix: 'GH' | |
| secret_name: "github-actions/radixdlt/babylon-wallet-android/crashlytics" | |
| parse_json: true | |
| - name: Decode Firebase Crashlytics json | |
| uses: timheuer/base64-to-file@48657ba25c726c2e3dcf02efa3639fff9b3d587e | |
| id: crashlytics_credentials | |
| with: | |
| fileName: "google-services.json" | |
| fileDir: "app/" | |
| encodedString: ${{ env.GH_CRASHLYTICS_GOOGLE_SERVICES_JSON_FILE_BASE64 }} | |
| - name: "Build" | |
| run: | | |
| ./gradlew assembleDebug | |
| env: | |
| GPR_USER: ${{ env.GH_GPR_USER }} | |
| GPR_TOKEN: ${{ env.GH_GPR_TOKEN }} | |
| snyk_online_monitor: | |
| name: "Snyk monitoring" | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| needs: | |
| - build | |
| steps: | |
| - uses: RDXWorks-actions/checkout@main | |
| - name: Fetch Snyk credentials | |
| uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main | |
| with: | |
| role_name: '${{ secrets.COMMON_SECRETS_READ_IAM_ROLE }}' | |
| app_name: 'wallet-android' | |
| step_name: 'snyk-licenses' | |
| secret_prefix: 'SNYK' | |
| secret_name: "github-actions/common/snyk-credentials" | |
| parse_json: true | |
| - name: Enable Snyk online monitoring to check for vulnerabilities | |
| uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master | |
| with: | |
| args: --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} | |
| command: monitor | |
| env: | |
| SNYK_TOKEN: ${{ env.SNYK_TOKEN }} |