This repository has been archived by the owner on Jan 16, 2024. It is now read-only.
[Snyk] Security upgrade crypto-js from 4.1.1 to 4.2.0 #791
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Android build on Ubuntu | |
on: | |
push: | |
branches: | |
- develop | |
pull_request: | |
branches: | |
- develop | |
- master | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- name: Checkout branch | |
uses: actions/checkout@v2 | |
- name: Upgrade npm to latest version | |
run: sudo npm i -g npm@latest | |
- name: Check versions | |
run: | | |
echo "Node version:" | |
node --version | |
echo "NPM version:" | |
npm --version | |
echo "Java version:" | |
java -version | |
echo "PATH:" | |
echo $PATH | |
echo "ANDROID_HOME:" | |
echo $ANDROID_HOME | |
echo "Bash version:" | |
bash -version | |
# - name: Adding build tools to path | |
# run: | | |
# export PATH=$ANDROID_HOME/tools/bin:$PATH | |
# export PATH=$ANDROID_HOME/build-tools/$(ls -tr $ANDROID_HOME/build-tools/ | tail -1):$PATH | |
# echo $PATH | |
# - name: List current Android SDK installations | |
# run: sudo $ANDROID_HOME/tools/bin/sdkmanager --list | |
- name: Installing Gettext for envsubst command | |
run: sudo apt-get update && sudo apt-get install -y gettext-base | |
- name: Installing google-drive-upload script | |
env: | |
CLIENT_ID: ${{ secrets.GOOGLE_DRIVE_CLIENT_ID }} | |
CLIENT_SECRET: ${{ secrets.GOOGLE_DRIVE_CLIENT_SECRET }} | |
REFRESH_TOKEN: ${{ secrets.GOOGLE_DRIVE_REFRESH_TOKEN }} | |
ACCESS_TOKEN: ${{ secrets.GOOGLE_DRIVE_ACCESS_TOKEN }} | |
run: | | |
source ~/.bashrc | |
echo $PATH | |
curl --compressed -s https://raw.githubusercontent.com/labbots/google-drive-upload/v2.7/install.sh | bash -s -- -R v2.7 | |
echo "CLIENT_ID=\"$CLIENT_ID\"" >> ~/.googledrive.conf | |
echo "CLIENT_SECRET=\"$CLIENT_SECRET\"" >> ~/.googledrive.conf | |
echo "REFRESH_TOKEN=\"$REFRESH_TOKEN\"" >> ~/.googledrive.conf | |
echo "ACCESS_TOKEN=\"$ACCESS_TOKEN\"" >> ~/.googledrive.conf | |
echo "ACCESS_TOKEN_EXPIRY=" >> ~/.googledrive.conf | |
echo "ROOT_FOLDER=\"1sO16rDuJA8McRA8-Q-I6R2OjMGcG4nEp\"" >> ~/.googledrive.conf | |
echo "ROOT_FOLDER_NAME=" >> ~/.googledrive.conf | |
- name: Caching node modules | |
uses: actions/cache@v1 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node3-${{ hashFiles('package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node3- | |
- name: Install npm | |
run: | | |
npm install --legacy-peer-deps | |
# planet_pay_url: http://paydev.pp.eco won't work due to losing query parameters on redirect | |
- name: Setting Environment Variables | |
env: | |
googleMapApiKey: ${{ secrets.GOOGLE_MAP_API_KEY }} | |
mediaPath: /media/cache | |
scheme: https | |
host: staging.trilliontreecampaign.org | |
api_url: https://app-staging.plant-for-the-planet.org | |
base: | |
debug: true | |
currency: EUR | |
mapIdsInventory: dee6acf9de774fe6878813f707b4ab88 | |
bugsnagApiKey: ${{ secrets.BUGSNAG_API_KEY }} | |
androidAppId: org.pftp | |
iosAppId: 1444740626 | |
locationApikKey: ${{ secrets.LOCATION_API_KEY }} | |
env: staging | |
AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }} | |
AUTH0_CLIENT_ID: ${{ secrets.AUTH0_CLIENT_ID }} | |
planet_pay_url: https://donate.plant-for-the-planet.org | |
run: | | |
envsubst < .env.deploy > .env.staging | |
cp .env.staging .env | |
# Currently not yet supported different flavors | |
# - name: Overide Environment if Master Branch | |
# if: endsWith(github.ref, '/master') | |
# run: | | |
# # change this to -> echo "{name}={value"}" >> $GITHUB_ENV | |
# echo "::set-env name=host::https://www.trilliontreecampaign.org"; | |
# echo "::set-env name=api_url::https://app.plant-for-the-planet.org"; | |
# echo "::set-env name=mapIdsInventory::534da741b327459eb117f4cc93acd98e"; | |
# echo "::set-env name=debug::false"; | |
# echo "::set-env name=env::production"; | |
# envsubst < .env.deploy > .env.production | |
# cp .env.production .env | |
# | |
# - name: Overide Environment if Staging Branch | |
# if: endsWith(github.ref, '/staging') | |
# run: | | |
# # change this to -> echo "{name}={value"}" >> $GITHUB_ENV | |
# echo "::set-env name=host::https://staging.trilliontreecampaign.org"; | |
# echo "::set-env name=api_url::https://app-staging.plant-for-the-planet.org"; | |
# echo "::set-env name=mapIdsInventory::dee6acf9de774fe6878813f707b4ab88"; | |
# echo "::set-env name=debug::true"; | |
# echo "::set-env name=env::staging"; | |
# envsubst < .env.deploy > .env.staging | |
# cp .env.staging .env | |
- name: Listing Environment Variables | |
run: cat .env | |
- name: Preparing Android build | |
env: | |
android_release_password: ${{ secrets.ANDROID_RELEASE_PASSWORD }} | |
run: | | |
# react-native-i18n has an incompatible manifest and build.gradle file | |
search='<uses-sdk android:minSdkVersion="16" />' | |
sed -i "s|${search}||g" node_modules/react-native-i18n/android/src/main/AndroidManifest.xml | |
search='compile "com.facebook.react:react-native:+" // From node_modules' | |
replace='implementation "com.facebook.react:react-native:+"' | |
sed -i "s|${search}|${replace}|g" node_modules/react-native-i18n/android/build.gradle | |
# react-native-reanimated has an incompatible build.gradle file | |
search="classpath += files(project.getConfigurations().getByName('compile').asList())" | |
replace="project.getConfigurations().getByName('implementation').setCanBeResolved(true); classpath += files(project.getConfigurations().getByName('implementation').asList())" | |
sed -i "s|${search}|${replace}|g" node_modules/react-native-reanimated/android/build.gradle | |
# prepare local.properties | |
echo "MYAPP_RELEASE_STORE_PASSWORD=$android_release_password" > android/local.properties | |
echo "MYAPP_RELEASE_KEY_PASSWORD=$android_release_password" >> android/local.properties | |
- name: Fixes for Android Build | |
run: | | |
# fix problems with 'Error: ENOSPC: System limit for number of file watchers reached' | |
echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p | |
# fix for task ':app:stripDevelopReleaseDebugSymbols' | |
(echo y; echo y; echo y;) | sudo $ANDROID_HOME/tools/bin/sdkmanager 'ndk;20.0.5594570' | |
- name: Caching Gradle dependencies | |
uses: actions/cache@v1 | |
with: | |
path: ~/.gradle/caches | |
key: ${{ runner.os }}-androidgradle3-${{ hashFiles('android/*.gradle') }} | |
restore-keys: | | |
${{ runner.os }}-androidgradle3- | |
# Currently not working due to https://github.com/react-native-community/react-native-maps/issues/3266 | |
# - name: Checking Gradle dependencies | |
# run: ./gradlew check | |
# working-directory: ./android | |
- name: Android Build | |
run: ./gradlew assembleStagingRelease --stacktrace --no-daemon | |
working-directory: ./android | |
# We only have 0.5GB space to store artifacts for GitHub actions | |
# - name: Upload Android APK file | |
# uses: actions/upload-artifact@v1 | |
# with: | |
# name: TreecounterApp-staging-release.apk | |
# path: android/app/build/outputs/apk/staging/release/app-staging-universal-release.apk | |
- name: Prepare Android APK for upload | |
run: | | |
upload_file=TreecounterApp-`echo $GITHUB_REF | awk '{split($0,a,"/"); print a[3]}'`.apk | |
echo "upload_file=$upload_file" >> $GITHUB_ENV | |
mkdir -p uploads | |
mv android/app/build/outputs/apk/staging/release/app-staging-universal-release.apk uploads/$upload_file | |
# depends on existence of upload file at uploads/$upload_file | |
- name: Upload Android APK to Browserstack | |
env: | |
BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }} | |
run: | | |
curl -u "planetit1:$BROWSERSTACK_ACCESS_KEY" -X POST "https://api-cloud.browserstack.com/app-live/upload" -F "file=@uploads/$upload_file" | |
# depends on existence of upload file at uploads/$upload_file | |
- name: Upload Android APK to Google Drive | |
run: | | |
source ~/.bashrc | |
# this is a dirty hack as adding the path with source ~/.bashrc does not seem to work | |
source ~/.google-drive-upload/google-drive-upload.binpath | |
gupload -C TreecounterApp uploads/$upload_file | |
- name: Slack notification | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
run: | | |
payload="{\"channel\": \"#notifications-git\", \"username\": \"webhookbot\", \"text\": \"Finished GitHub action $GITHUB_WORKFLOW for $GITHUB_REF (TreecounterApp)\"}" | |
curl -X POST --data-urlencode "payload=$payload" https://hooks.slack.com/services/$SLACK_WEBHOOK_URL |