security: Android cycle 2 - configurable cert pins, key zeroing, atom… #13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| jobs: | |
| server-tests: | |
| name: Server Tests | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: server/ | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: temurin | |
| java-version: '21' | |
| - name: Set up Gradle | |
| uses: gradle/actions/setup-gradle@f29f5a9d7b09a7c6b29859002d29d24e1674c884 # v5.0.1 | |
| with: | |
| build-root-directory: server/ | |
| - name: Run tests | |
| run: ./gradlew test --no-daemon | |
| - name: Upload test results | |
| if: always() | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: server-test-results | |
| path: server/build/reports/tests/ | |
| retention-days: 14 | |
| android-build: | |
| name: Android Build | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: android/ | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: temurin | |
| java-version: '17' | |
| - name: Set up Android SDK | |
| uses: android-actions/setup-android@9fc6c4e9069bf8d3d10b2204b1fb8f6ef7065407 # v3.2.2 | |
| - name: Set up Gradle | |
| uses: gradle/actions/setup-gradle@f29f5a9d7b09a7c6b29859002d29d24e1674c884 # v5.0.1 | |
| with: | |
| build-root-directory: android/ | |
| - name: Run lint | |
| run: gradle lint --no-daemon | |
| - name: Run unit tests | |
| run: gradle testDebugUnitTest --no-daemon | |
| - name: Build debug APK | |
| run: gradle assembleDebug --no-daemon | |
| - name: Upload lint report | |
| if: always() | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: android-lint-report | |
| path: android/app/build/reports/lint-results*.html | |
| retention-days: 14 | |
| - name: Upload test results | |
| if: always() | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: android-test-results | |
| path: android/app/build/reports/tests/ | |
| retention-days: 14 | |
| conformance-tests: | |
| name: Conformance Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up Python 3 | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: '3.x' | |
| - name: Run conformance tests | |
| run: python3 tests/conformance/verify_conformance.py |