Jit - Scan Code for Vulnerabilities Test #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code Quality Checks | |
on: | |
workflow_dispatch: | |
pull_request: | |
merge_group: | |
push: | |
branches: [ main, develop ] | |
# Enrich gradle.properties for CI/CD | |
env: | |
GRADLE_OPTS: -Dorg.gradle.jvmargs="-Xmx6g -Dfile.encoding=UTF-8 -XX:+HeapDumpOnOutOfMemoryError" -Dkotlin.incremental=false -XX:+UseParallelGC | |
CI_GRADLE_ARG_PROPERTIES: --stacktrace -PpreDexEnable=false --max-workers 8 --no-daemon --warn | |
jobs: | |
checkScript: | |
name: Search for forbidden patterns | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Run code quality check suite | |
run: ./tools/check/check_code_quality.sh | |
checkScreesnhot: | |
name: Search for invalid screenshot files | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python 3.9 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Search for invalid screenshot files | |
run: ./tools/test/checkInvalidScreenshots.py | |
check: | |
name: Project Check Suite | |
runs-on: ubuntu-latest | |
# Allow all jobs on main and develop. Just one per PR. | |
concurrency: | |
group: ${{ github.ref == 'refs/heads/main' && format('check-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('check-develop-{0}', github.sha) || format('check-{0}', github.ref) }} | |
cancel-in-progress: true | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Ensure we are building the branch and not the branch after being merged on develop | |
# https://github.com/actions/checkout/issues/881 | |
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }} | |
- name: Use JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' # See 'Supported distributions' for available options | |
java-version: '17' | |
- name: Configure gradle | |
uses: gradle/actions/setup-gradle@v3 | |
with: | |
cache-read-only: ${{ github.ref != 'refs/heads/develop' }} | |
- name: Run code quality check suite | |
run: ./gradlew runQualityChecks $CI_GRADLE_ARG_PROPERTIES | |
- name: Upload reports | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: linting-report | |
path: | | |
**/build/reports/**/*.* | |
- name: Prepare Danger | |
if: always() | |
run: | | |
npm install --save-dev @babel/core | |
npm install --save-dev @babel/plugin-transform-flow-strip-types | |
yarn add danger-plugin-lint-report --dev | |
- name: Danger lint | |
if: always() | |
uses: danger/[email protected] | |
with: | |
args: "--dangerfile ./tools/danger/dangerfile-lint.js" | |
env: | |
DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }} | |
# Fallback for forks | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |