EVMap/.github/workflows/tests.yml at master · ev-map/EVMap · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
on:
  pull_request:
  push:
    branches:
      - '*'

name: Tests

jobs:

  test:
    name: Build and Test (${{ matrix.buildvariant }})
    runs-on: ubuntu-latest
    strategy:
      matrix:
        buildvariant: [ FossNormal, FossAutomotive, GoogleNormal, GoogleAutomotive ]
    steps:
      - name: Check out code
        uses: actions/checkout@v6

      - name: Set up Java environment
        uses: actions/setup-java@v5
        with:
          java-version: 21
          distribution: 'zulu'

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v6

      - name: Copy apikeys.xml
        run: cp _ci/apikeys-ci.xml app/src/main/res/values/apikeys.xml

      - name: Build app
        run: ./gradlew assemble${{ matrix.buildvariant }}Debug
      - name: Run unit tests
        run: ./gradlew test${{ matrix.buildvariant }}DebugUnitTest
      - name: Run Android Lint
        run: ./gradlew lint${{ matrix.buildvariant }}Debug
      - name: Check licenses
        run: ./gradlew exportLibraryDefinitions

  apk_check:
    name: Release APK checks (${{ matrix.buildvariant }})
    runs-on: ubuntu-latest
    strategy:
      matrix:
        buildvariant: [ FossNormal, FossAutomotive, GoogleNormal, GoogleAutomotive ]

    steps:
      - name: Install checksec
        run: sudo apt install -y checksec

      - name: Check out code
        uses: actions/checkout@v6

      - name: Set up Java environment
        uses: actions/setup-java@v5
        with:
          java-version: 17
          distribution: 'zulu'
          cache: 'gradle'

      - name: Copy apikeys.xml
        run: cp _ci/apikeys-ci.xml app/src/main/res/values/apikeys.xml

      - name: Build app
        run: ./gradlew assemble${{ matrix.buildvariant }}Release

      - name: Unpack native libraries from APK
        run: |
          VARIANT_FILENAME=$(echo ${{ matrix.buildvariant }} | sed -E 's/([a-z])([A-Z])/\1-\2/g' | tr 'A-Z' 'a-z')
          VARIANT_FOLDER=$(echo ${{ matrix.buildvariant }} | sed -E 's/^([A-Z])/\L\1/')
          APK_FILE="app/build/outputs/apk/$VARIANT_FOLDER/release/app-$VARIANT_FILENAME-release-unsigned.apk"
          unzip $APK_FILE "lib/*"

      - name: Run checksec on native libraries
        run: |
          checksec --output=json --dir=lib > checksec_output.json
          jq --argjson exceptions '[
            "lib/arm64-v8a/libc++_shared.so",
            "lib/armeabi-v7a/libc++_shared.so",
            "lib/x86/libc++_shared.so",
            "lib/x86_64/libc++_shared.so"
          ]' '
            to_entries
            | map(select(.value.fortify_source == "no" and (.key as $lib | $exceptions | index($lib) | not)))
            | if length > 0 then
                error("The following libraries do not have fortify enabled (and are not in the exception list): " + (map(.key) | join(", ")))
              else
                "All libraries have fortify enabled or are in the exception list."
            end
          ' checksec_output.json