-
Notifications
You must be signed in to change notification settings - Fork 31
91 lines (74 loc) · 2.77 KB
/
pull-request.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: Pull Request
on:
pull_request:
branches:
- "*"
workflow_dispatch:
inputs:
monitor_permissions:
type: boolean
description: Monitor Permissions
required: false
default: false
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-latest
permissions:
pull-requests: 'write'
id-token: 'write'
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
if: ${{ github.event.inputs.monitor_permissions == 'true' }}
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-cloud
with:
workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY }}
service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_ID }}
setup_gcloud: false
- uses: ./.github/actions/setup-gradle
- uses: 1password/load-secrets-action/configure@v2
with:
service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
- id: op-secrets
uses: 1password/load-secrets-action@v2
with:
export-env: false
env:
GOOGLE_SERVICES: op://development/google services/playground release/base64
- run: |
echo $GOOGLE_SERVICES | base64 --decode > app-launcher/android/google-services.json
echo $GOOGLE_SERVICES | base64 --decode > conferences-app/google-services.json
env:
GOOGLE_SERVICES: ${{ steps.op-secrets.outputs.GOOGLE_SERVICES }}
- id: gradle
run: ./gradlew build --console=plain
env:
ANDROID_API_KEY: ${{ secrets.ANDROID_API_KEY }}
BROWSER_API_KEY: ${{ secrets.BROWSER_API_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SERVER_CLIENT_ID: ${{ secrets.SERVER_CLIENT_ID }}
- id: screenshot-validation
run: ./gradlew validateScreenshotTest --console=plain
env:
ANDROID_API_KEY: ${{ secrets.ANDROID_API_KEY }}
BROWSER_API_KEY: ${{ secrets.BROWSER_API_KEY }}
SERVER_CLIENT_ID: ${{ secrets.SERVER_CLIENT_ID }}
- uses: actions/upload-artifact@v4
if: failure() && steps.screenshot-validation.outcome == "failure"
with:
if-no-files-found: error
name: screenshot-test-report
path: "**/build/reports/screenshotTest/preview/debug"
- uses: thollander/actions-comment-pull-request@v3
if: ${{ steps.gradle.outputs.build-scan-url }}
with:
message: "Build scan published to ${{ steps.gradle.outputs.build-scan-url }}"
comment-tag: build-scan-url
mode: recreate
- uses: test-summary/action@v2
if: always()
with:
paths: "**/build/test-results/test/TEST-*.xml"