Skip to content

chore: refactored the github workflows #928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pmathew92 merged 7 commits into from
Mar 5, 2026
Merged

chore: refactored the github workflows #928

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c5864c9
chore: refactored the github workflows
pmathew92 Mar 3, 2026
9e9f897
Updated the gradle set up action to v5
pmathew92 Mar 3, 2026
24fa9f7
removed configuration-caching from gradle properties
pmathew92 Mar 3, 2026
33ac26c
Running only release UT and lint check in pipeline
pmathew92 Mar 3, 2026
f07660a
removed no-daemon from android dependency task
pmathew92 Mar 3, 2026
cc6f9aa
Removed gradle wrapper from the maven publish action
pmathew92 Mar 3, 2026
4c37c49
Added the java version from input in maven-publish setup
pmathew92 Mar 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 0 additions & 32 deletions .circleci/config.yml
View file
Open in desktop

This file was deleted.

9 changes: 5 additions & 4 deletions .github/actions/maven-publish/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,14 @@ runs:
uses: actions/checkout@v4

- name: Set up Java
uses: actions/setup-java@v4
uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # pin@v4
with:
distribution: 'temurin'
java-version: '17'
java-version: ${{ inputs.java-version }}
cache: 'gradle'

- uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # pin@1.1.0
- name: Set up Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # pin@v5
Comment on lines +30 to +31
Copy link

Copilot AI Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow runs ./gradlew during publishing without validating the Gradle wrapper first. Consider adding gradle/wrapper-validation-action after checkout (before setup-gradle) to prevent executing a tampered wrapper in CI.

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

@pmathew92 pmathew92 Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as #928 (comment)


- name: Publish Android/Java Packages to Maven
shell: bash
Expand All @@ -36,4 +38,3 @@ runs:
MAVEN_PASSWORD: ${{ inputs.ossr-token }}
SIGNING_KEY: ${{ inputs.signing-key}}
SIGNING_PASSWORD: ${{ inputs.signing-password}}

29 changes: 10 additions & 19 deletions .github/actions/setup/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,33 +6,24 @@ inputs:
description: The Java version to use
required: false
default: '17'
gradle:
description: The Gradle version to use
required: false
default: 8.10.2
kotlin:
description: The Kotlin version to use
required: false
default: 2.0.21

runs:
using: composite

steps:
- name: Set up Java
uses: actions/setup-java@v4
uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # pin@v4
with:
distribution: 'temurin'
java-version: '17'
java-version: ${{ inputs.java }}
cache: 'gradle'

- run: |
curl -s "https://get.sdkman.io" | bash
source "/home/runner/.sdkman/bin/sdkman-init.sh"
sdk install gradle ${{ inputs.gradle }} && sdk default gradle ${{ inputs.gradle }}
sdk install kotlin ${{ inputs.kotlin }} && sdk default kotlin ${{ inputs.kotlin }}
shell: bash
- name: Set up Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # pin@v5
with:
gradle-version: wrapper
cache-cleanup: on-success
Comment on lines +21 to +25
Copy link

Copilot AI Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The setup action no longer validates the Gradle wrapper (gradle/wrapper/gradle-wrapper.properties + gradlew) before executing it. Please add back a wrapper validation step (e.g., gradle/wrapper-validation-action) early in this composite action to reduce supply-chain risk in CI.

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

@pmathew92 pmathew92 Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not valid as the set-up action will perform the wrapper validation on each execution
Starting with v4 the setup-gradle action will [perform wrapper validation](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#gradle-wrapper-validation) on each execution. If you are using setup-gradle in your workflows, it is unlikely that you will need to use the wrapper-validation action.


- run: ./gradlew androidDependencies
- name: Download dependencies
run: ./gradlew androidDependencies
shell: bash

- uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # pin@1.1.0
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,6 @@ jobs:

- uses: ./.github/actions/setup

- run: ./gradlew clean test jacocoTestReport lint --continue --console=plain --max-workers=1 --no-daemon
- run: ./gradlew testReleaseUnitTest jacocoTestReleaseUnitTestReport lintRelease --continue --console=plain

- uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # pin@5.5.2
6 changes: 5 additions & 1 deletion gradle.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,8 @@ POM_DEVELOPER_EMAIL=oss@auth0.com
org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8
android.useAndroidX=true
# Kotlin code style for this project: "official" or "obsolete":
kotlin.code.style=official
kotlin.code.style=official

# CI/CD Performance
org.gradle.caching=true
org.gradle.parallel=true
2 changes: 1 addition & 1 deletion gradle/wrapper/gradle-wrapper.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-all.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
Loading