643d1e957d
* fix(deps): update dependency org.matrix.rustcomponents:sdk-android to v26.03.18 * Fix API breaks * Add compatibility with rustls (#6367) A new `rustls-platform-verifier-android` library has to be added to the project, it'll be called from Rust to get access to the certificates on Android. Originally, this was supposed to be added as a local maven repo pointing to the rust crate that publishes the AAR, but that's just plain terrible (more details [here](https://github.com/rustls/rustls-platform-verifier#android). Instead, what we can do is use a script that uses `cargo-download` to download the latest crate or a specified version, unzip it and add the `aar` file to the `:libraries:matrix:impl` module. * Try fixing Sonar with local AAR files * Remove `UserCertificatesProvider`: this is no longer needed after integrating rustls * Added some docs for rustls and its `platform-verifier` library * Upgrade SDK to `26.03.19`: this version contains a workaround that allows the app to use the same TLS verifier as before, fixing the Let's Encrypt issues we saw with some homeservers (like element.io) --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jorge Martín <jorgem@element.io>
64 lines
2.7 KiB
YAML
64 lines
2.7 KiB
YAML
name: Sonar
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
merge_group:
|
|
push:
|
|
branches: [ main, develop ]
|
|
|
|
permissions: {}
|
|
|
|
# Enrich gradle.properties for CI/CD
|
|
env:
|
|
GRADLE_OPTS: -Dorg.gradle.jvmargs=-Xmx8g -XX:MaxMetaspaceSize=512m -Dfile.encoding=UTF-8 -XX:+HeapDumpOnOutOfMemoryError -XX:+UseG1GC -Dkotlin.daemon.jvm.options=-Xmx4g
|
|
CI_GRADLE_ARG_PROPERTIES: --stacktrace --warn -Dsonar.gradle.skipCompile=true --no-configuration-cache
|
|
GROUP: ${{ format('sonar-{0}', github.ref) }}
|
|
|
|
jobs:
|
|
sonar:
|
|
name: Sonar Quality Checks
|
|
runs-on: ubuntu-latest
|
|
# Allow all jobs on main and develop. Just one per PR.
|
|
concurrency:
|
|
group: ${{ format('sonar-{0}', github.ref) }}
|
|
cancel-in-progress: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }}
|
|
steps:
|
|
- name: Free Disk Space (Ubuntu)
|
|
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
|
|
with:
|
|
# This might remove tools that are actually needed, if set to "true" but frees about 6 GB
|
|
tool-cache: true
|
|
# All of these default to true, but we should only need the 'android' one (and maybe swap-storage?)
|
|
android: false
|
|
dotnet: true
|
|
haskell: true
|
|
# This takes way too long to run (~2 minutes) and it saves only ~5.5GB
|
|
large-packages: false
|
|
docker-images: true
|
|
swap-storage: false
|
|
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
# Ensure we are building the branch and not the branch after being merged on develop
|
|
# https://github.com/actions/checkout/issues/881
|
|
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
|
|
persist-credentials: false
|
|
- name: Use JDK 21
|
|
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
|
|
with:
|
|
distribution: 'temurin' # See 'Supported distributions' for available options
|
|
java-version: '21'
|
|
- name: Configure gradle
|
|
uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
|
|
with:
|
|
cache-read-only: ${{ github.ref != 'refs/heads/develop' }}
|
|
- name: Build debug code and test fixtures
|
|
run: ./gradlew assembleGplayDebug createFullJarDebugTestFixtures :app:createFullJarGplayDebugTestFixtures $CI_GRADLE_ARG_PROPERTIES
|
|
- name: 🔊 Publish results to Sonar
|
|
env:
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
ORG_GRADLE_PROJECT_SONAR_LOGIN: ${{ secrets.SONAR_TOKEN }}
|
|
if: ${{ always() && env.SONAR_TOKEN != '' && env.ORG_GRADLE_PROJECT_SONAR_LOGIN != '' }}
|
|
run: ./gradlew sonar $CI_GRADLE_ARG_PROPERTIES
|