Merge pull request #3742 from element-hq/renovate/com.posthog-posthog… #9821
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code Quality Checks | |
on: | |
workflow_dispatch: | |
pull_request: | |
merge_group: | |
push: | |
branches: [ main, develop ] | |
# Enrich gradle.properties for CI/CD | |
env: | |
GRADLE_OPTS: -Dorg.gradle.jvmargs=-Xmx9g -XX:MaxMetaspaceSize=512m -Dfile.encoding=UTF-8 -XX:+HeapDumpOnOutOfMemoryError -XX:+UseG1GC -Dkotlin.daemon.jvm.options=-Xmx4g | |
CI_GRADLE_ARG_PROPERTIES: --stacktrace --no-daemon -Dsonar.gradle.skipCompile=true --no-configuration-cache | |
jobs: | |
checkScript: | |
name: Search for forbidden patterns | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Add SSH private keys for submodule repositories | |
uses: webfactory/[email protected] | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
with: | |
ssh-private-key: ${{ secrets.ELEMENT_ENTERPRISE_DEPLOY_KEY }} | |
- name: Clone submodules | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
run: git submodule update --init --recursive | |
- name: Run code quality check suite | |
run: ./tools/check/check_code_quality.sh | |
checkScreesnhot: | |
name: Search for invalid screenshot files | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.12 | |
- name: Search for invalid screenshot files | |
run: ./tools/test/checkInvalidScreenshots.py | |
checkDependencies: | |
name: Search for invalid dependencies | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' # See 'Supported distributions' for available options | |
java-version: '21' | |
- name: Configure gradle | |
uses: gradle/actions/setup-gradle@v4 | |
with: | |
cache-read-only: ${{ github.ref != 'refs/heads/develop' }} | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.12 | |
- name: Search for invalid dependencies | |
run: ./tools/dependencies/checkDependencies.py | |
# Code checks | |
konsist: | |
name: Konsist tests | |
runs-on: ubuntu-latest | |
# Allow all jobs on main and develop. Just one per PR. | |
concurrency: | |
group: ${{ github.ref == 'refs/heads/main' && format('check-konsist-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('check-konsist-develop-{0}', github.sha) || format('check-konsist-{0}', github.ref) }} | |
cancel-in-progress: true | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Ensure we are building the branch and not the branch after being merged on develop | |
# https://github.com/actions/checkout/issues/881 | |
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }} | |
- name: Add SSH private keys for submodule repositories | |
uses: webfactory/[email protected] | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
with: | |
ssh-private-key: ${{ secrets.ELEMENT_ENTERPRISE_DEPLOY_KEY }} | |
- name: Clone submodules | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
run: git submodule update --init --recursive | |
- name: Use JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' # See 'Supported distributions' for available options | |
java-version: '21' | |
- name: Configure gradle | |
uses: gradle/actions/setup-gradle@v4 | |
with: | |
cache-read-only: ${{ github.ref != 'refs/heads/develop' }} | |
- name: Run Konsist tests | |
run: ./gradlew :tests:konsist:testDebugUnitTest $CI_GRADLE_ARG_PROPERTIES --no-daemon | |
- name: Upload reports | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: konsist-report | |
path: | | |
**/build/reports/**/*.* | |
lint: | |
name: Android lint check | |
runs-on: ubuntu-latest | |
# Allow all jobs on main and develop. Just one per PR. | |
concurrency: | |
group: ${{ github.ref == 'refs/heads/main' && format('check-lint-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('check-lint-develop-{0}', github.sha) || format('check-lint-{0}', github.ref) }} | |
cancel-in-progress: true | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Ensure we are building the branch and not the branch after being merged on develop | |
# https://github.com/actions/checkout/issues/881 | |
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }} | |
- name: Add SSH private keys for submodule repositories | |
uses: webfactory/[email protected] | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
with: | |
ssh-private-key: ${{ secrets.ELEMENT_ENTERPRISE_DEPLOY_KEY }} | |
- name: Clone submodules | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
run: git submodule update --init --recursive | |
- name: Use JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' # See 'Supported distributions' for available options | |
java-version: '21' | |
- name: Configure gradle | |
uses: gradle/actions/setup-gradle@v4 | |
with: | |
cache-read-only: ${{ github.ref != 'refs/heads/develop' }} | |
- name: Build Gplay Debug | |
run: ./gradlew :app:compileGplayDebugKotlin $CI_GRADLE_ARG_PROPERTIES | |
- name: Build Fdroid Debug | |
run: ./gradlew :app:compileFdroidDebugKotlin $CI_GRADLE_ARG_PROPERTIES | |
- name: Run lint | |
run: ./gradlew :app:lintGplayDebug :app:lintFdroidDebug $CI_GRADLE_ARG_PROPERTIES | |
- name: Upload reports | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: linting-report | |
path: | | |
**/build/reports/**/*.* | |
detekt: | |
name: Detekt checks | |
runs-on: ubuntu-latest | |
# Allow all jobs on main and develop. Just one per PR. | |
concurrency: | |
group: ${{ github.ref == 'refs/heads/main' && format('check-detekt-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('check-detekt-develop-{0}', github.sha) || format('check-detekt-{0}', github.ref) }} | |
cancel-in-progress: true | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Ensure we are building the branch and not the branch after being merged on develop | |
# https://github.com/actions/checkout/issues/881 | |
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }} | |
- name: Add SSH private keys for submodule repositories | |
uses: webfactory/[email protected] | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
with: | |
ssh-private-key: ${{ secrets.ELEMENT_ENTERPRISE_DEPLOY_KEY }} | |
- name: Clone submodules | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
run: git submodule update --init --recursive | |
- name: Use JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' # See 'Supported distributions' for available options | |
java-version: '21' | |
- name: Configure gradle | |
uses: gradle/actions/setup-gradle@v4 | |
with: | |
cache-read-only: ${{ github.ref != 'refs/heads/develop' }} | |
- name: Run Detekt | |
run: ./gradlew detekt $CI_GRADLE_ARG_PROPERTIES --no-daemon | |
- name: Upload reports | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: detekt-report | |
path: | | |
**/build/reports/**/*.* | |
ktlint: | |
name: Ktlint checks | |
runs-on: ubuntu-latest | |
# Allow all jobs on main and develop. Just one per PR. | |
concurrency: | |
group: ${{ github.ref == 'refs/heads/main' && format('check-ktlint-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('check-ktlint-develop-{0}', github.sha) || format('check-ktlint-{0}', github.ref) }} | |
cancel-in-progress: true | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Ensure we are building the branch and not the branch after being merged on develop | |
# https://github.com/actions/checkout/issues/881 | |
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }} | |
- name: Add SSH private keys for submodule repositories | |
uses: webfactory/[email protected] | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
with: | |
ssh-private-key: ${{ secrets.ELEMENT_ENTERPRISE_DEPLOY_KEY }} | |
- name: Clone submodules | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
run: git submodule update --init --recursive | |
- name: Use JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' # See 'Supported distributions' for available options | |
java-version: '21' | |
- name: Configure gradle | |
uses: gradle/actions/setup-gradle@v4 | |
with: | |
cache-read-only: ${{ github.ref != 'refs/heads/develop' }} | |
- name: Run Ktlint check | |
run: ./gradlew ktlintCheck $CI_GRADLE_ARG_PROPERTIES | |
- name: Upload reports | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ktlint-report | |
path: | | |
**/build/reports/**/*.* | |
knit: | |
name: Knit checks | |
runs-on: ubuntu-latest | |
# Allow all jobs on main and develop. Just one per PR. | |
concurrency: | |
group: ${{ github.ref == 'refs/heads/main' && format('check-knit-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('check-knit-develop-{0}', github.sha) || format('check-knit-{0}', github.ref) }} | |
cancel-in-progress: true | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Ensure we are building the branch and not the branch after being merged on develop | |
# https://github.com/actions/checkout/issues/881 | |
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }} | |
- name: Add SSH private keys for submodule repositories | |
uses: webfactory/[email protected] | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
with: | |
ssh-private-key: ${{ secrets.ELEMENT_ENTERPRISE_DEPLOY_KEY }} | |
- name: Clone submodules | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
run: git submodule update --init --recursive | |
- name: Use JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' # See 'Supported distributions' for available options | |
java-version: '21' | |
- name: Configure gradle | |
uses: gradle/actions/setup-gradle@v4 | |
with: | |
cache-read-only: ${{ github.ref != 'refs/heads/develop' }} | |
- name: Run Knit | |
run: ./gradlew knitCheck $CI_GRADLE_ARG_PROPERTIES | |
# Note: to auto fix issues you can use the following command: | |
# shellcheck -f diff <files> | git apply | |
shellcheck: | |
name: Check shell scripts | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Run shellcheck | |
uses: ludeeus/[email protected] | |
with: | |
scandir: ./tools | |
severity: warning | |
upload_reports: | |
name: Project Check Suite | |
runs-on: ubuntu-latest | |
needs: [konsist, lint, ktlint, detekt] | |
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'element-hq/element-x-android' }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Ensure we are building the branch and not the branch after being merged on develop | |
# https://github.com/actions/checkout/issues/881 | |
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }} | |
- name: Download reports from previous jobs | |
uses: actions/download-artifact@v4 | |
- name: Prepare Danger | |
if: always() | |
run: | | |
npm install --save-dev @babel/core | |
npm install --save-dev @babel/plugin-transform-flow-strip-types | |
yarn add danger-plugin-lint-report --dev | |
- name: Danger lint | |
if: always() | |
uses: danger/[email protected] | |
with: | |
args: "--dangerfile ./tools/danger/dangerfile-lint.js" | |
env: | |
DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }} | |
# Fallback for forks | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |