diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3f9aea8a9..86751df63 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -3,11 +3,12 @@ name: "CodeQL" on: push: branches: [ main-ose ] - pull_request: + # pull_request: # The branches below must be a subset of the branches above - branches: [ main-ose ] + # branches: [ main-ose ] schedule: - cron: '22 10 * * 1' + concurrency: group: codeql-${{ github.ref }} cancel-in-progress: true @@ -50,7 +51,7 @@ jobs: # uses: github/codeql-action/autobuild@v2 - name: Build - run: ./gradlew --build-cache --configuration-cache --no-daemon app:assembleOseDebug + run: ./gradlew --no-daemon app:compileOseDebugSource - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/dependency-submission.yml b/.github/workflows/dependency-submission.yml new file mode 100644 index 000000000..9576078ce --- /dev/null +++ b/.github/workflows/dependency-submission.yml @@ -0,0 +1,24 @@ +name: Dependency Submission + +on: + push: + branches: [ 'main-ose' ] + +permissions: + contents: write + +jobs: + dependency-submission: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - uses: actions/setup-java@v5 + with: + distribution: temurin + java-version: 21 + + - name: Generate and submit dependency graph + uses: gradle/actions/dependency-submission@v5 + with: + cache-encryption-key: ${{ secrets.gradle_encryption_key }} + dependency-graph-exclude-configurations: '.*[Tt]est.* .*[cC]heck.*' diff --git a/.github/workflows/test-dev.yml b/.github/workflows/test-dev.yml index 39849f407..8f9ed41b8 100644 --- a/.github/workflows/test-dev.yml +++ b/.github/workflows/test-dev.yml @@ -9,10 +9,13 @@ concurrency: group: test-dev-${{ github.ref }} cancel-in-progress: true +# We provide a remote gradle build cache. Take the settings from the secrets and enable +# configuration and build cache for all gradle jobs. env: GRADLE_BUILDCACHE_URL: ${{ secrets.gradle_buildcache_url }} GRADLE_BUILDCACHE_USERNAME: ${{ secrets.gradle_buildcache_username }} GRADLE_BUILDCACHE_PASSWORD: ${{ secrets.gradle_buildcache_password }} + GRADLE_OPTS: -Dorg.gradle.caching=true -Dorg.gradle.configuration-cache=true jobs: compile: @@ -30,20 +33,25 @@ jobs: with: cache-encryption-key: ${{ secrets.gradle_encryption_key }} cache-read-only: false # allow branches to update their configuration cache - dependency-graph: generate-and-submit # submit Github Dependency Graph info gradle-home-cache-excludes: caches/build-cache-1 # don't cache local build cache because we use a remote cache + - name: Cache Android environment + uses: actions/cache@v5 + with: + path: ~/.config/.android # needs to be cached so that configuration cache can work + key: android-${{ hashFiles('app/build.gradle.kts') }} + + - name: Compile + run: ./gradlew app:compileOseDebugSource + + # Cache configurations for the other jobs - name: Populate configuration cache run: | - ./gradlew --configuration-cache --dry-run \ - app:compileOseDebugSource \ + ./gradlew --dry-run \ app:lintOseDebug \ app:testOseDebugUnitTest \ app:virtualOseDebugAndroidTest - - name: Compile - run: ./gradlew --build-cache --configuration-cache app:compileOseDebugSource - unit_tests: needs: compile name: Lint and unit tests @@ -59,10 +67,17 @@ jobs: cache-encryption-key: ${{ secrets.gradle_encryption_key }} cache-read-only: true + - name: Restore Android environment + uses: actions/cache/restore@v5 + with: + path: ~/.config/.android + key: android-${{ hashFiles('app/build.gradle.kts') }} + - name: Lint checks - run: ./gradlew --build-cache --configuration-cache app:lintOseDebug + run: ./gradlew app:lintOseDebug + - name: Unit tests - run: ./gradlew --build-cache --configuration-cache app:testOseDebugUnitTest + run: ./gradlew app:testOseDebugUnitTest instrumented_tests: needs: compile @@ -79,18 +94,11 @@ jobs: cache-encryption-key: ${{ secrets.gradle_encryption_key }} cache-read-only: true - - name: Enable KVM group perms - run: | - echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules - sudo udevadm control --reload-rules - sudo udevadm trigger --name-match=kvm - - name: Restore Android environment - id: restore-android uses: actions/cache/restore@v5 with: path: ~/.config/.android - key: android-${{ hashFiles('app/build.gradle.kts') }} # gradle-managed devices are defined there + key: android-${{ hashFiles('app/build.gradle.kts') }} # gradle and Android SDK often take more space than what is available on the default runner. # We try to free a few GB here to make gradle-managed devices more reliable. @@ -101,12 +109,26 @@ jobs: large-packages: false # apt takes too long swap-storage: false # gradle needs much memory - - name: Instrumented tests - run: ./gradlew --build-cache --configuration-cache app:virtualOseDebugAndroidTest - - - name: Cache Android environment - uses: actions/cache/save@v5 - if: steps.restore-android.outputs.cache-hit != 'true' + - name: Restore AVD + id: restore-avd + uses: actions/cache/restore@v5 with: - path: ~/.config/.android - key: android-${{ hashFiles('app/build.gradle.kts') }} # gradle-managed devices are defined there + path: ~/.config/.android/avd # where AVD is stored + key: avd-${{ hashFiles('app/build.gradle.kts') }} # gradle-managed devices are defined there + + # Enable virtualization for Android emulator + - name: Enable KVM group perms + run: | + echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules + sudo udevadm control --reload-rules + sudo udevadm trigger --name-match=kvm + + - name: Instrumented tests + run: ./gradlew app:virtualOseDebugAndroidTest + + - name: Cache AVD + uses: actions/cache/save@v5 + if: steps.restore-avd.outputs.cache-hit != 'true' + with: + path: ~/.config/.android/avd # where AVD is stored + key: avd-${{ hashFiles('app/build.gradle.kts') }} # gradle-managed devices are defined there