refactor(ci): introduce a composite workflow

android-password-store · Apr 13, 2024 · 312f92d · 312f92d
1 parent 13a2da9
commit 312f92d
Show file tree

Hide file tree

Showing 12 changed files with 129 additions and 227 deletions.
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -5,6 +5,11 @@
     "helpers:pinGitHubActionDigests",
   ],
   "branchConcurrentLimit": 15,
+  "github-actions": {
+    "fileMatch": [
+       ".github/reusable-workflows/.+\\.ya?ml$",
+    ],
+  },
   "packageRules": [
     {
       matchDatasources: [

diff --git a/.github/reusable-workflows/setup-gradle/action.yml b/.github/reusable-workflows/setup-gradle/action.yml
@@ -0,0 +1,58 @@
+name: 'Setup Gradle'
+description: 'Checks out the repository and sets up Java and Gradle'
+inputs:
+  token:
+    description: 'token input for actions/checkout'
+    required: false
+    default: ${{ github.token }}
+  fetch-depth:
+    description: 'fetch-depth input for actions/checkout'
+    required: false
+    default: 1
+  ref:
+    description: 'ref input for actions/checkout'
+    required: false
+  java-version:
+    description: 'java-version input for actions/setup-java'
+    required: false
+    default: 20
+  gradle-version:
+    description: 'gradle-version input for actions/setup-java'
+    required: false
+  cache-read-only:
+    description: 'cache-read-only input for gradle/actions/setup-gradle'
+    required: false
+    default: ${{ github.event.repository != null && github.ref_name != github.event.repository.default_branch }}
+  dependency-graph:
+    description: 'dependency-graph input for gradle/actions/setup-gradle'
+    required: false
+    default: 'disabled'
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      with:
+        fetch-depth: ${{ inputs.fetch-depth }}
+        ref: ${{ inputs.ref }}
+        token: ${{ inputs.token }}
+
+    - name: Set up JDK
+      uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+      with:
+        distribution: temurin
+        java-version: ${{ inputs.java-version }}
+
+    - name: Copy CI gradle.properties
+      shell: bash
+      run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
+
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
+      with:
+        add-job-summary: always
+        cache-read-only: ${{ inputs.cache-read-only }}
+        dependency-graph: ${{ inputs.dependency-graph }}
+        gradle-home-cache-cleanup: true
+        gradle-version: ${{ inputs.gradle-version }}
+        validate-wrappers: true
diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml
@@ -21,14 +21,8 @@ jobs:
       contents: read
       security-events: write
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-    - name: Set up JDK
-      uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-      with:
-        distribution: temurin
-        java-version: 20
+    - name: Setup build environment
+      uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
@@ -38,11 +32,8 @@ jobs:
         queries: +security-extended
 
     - name: Build project
-      uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
-      with:
-        gradle-home-cache-cleanup: true
-        cache-read-only: true
-        arguments: assembleNonFreeRelease
+      shell: bash
+      run: ./gradlew assembleNonFreeRelease
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10

diff --git a/.github/workflows/deploy_github_releases.yml b/.github/workflows/deploy_github_releases.yml
@@ -9,28 +9,18 @@ jobs:
     name: Build release binaries
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-    - name: Set up JDK
-      uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-      with:
-        distribution: temurin
-        java-version: 20
+    - name: Setup build environment
+      uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
 
     - name: Decrypt secrets
+      shell: bash
       run: scripts/signing-setup.sh "$ENCRYPT_KEY"
       env:
         ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
 
-    - name: Copy CI gradle.properties
-      run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
-
     - name: Build release binaries
-      uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
-      with:
-        arguments: :app:assembleFreeRelease :app:assembleNonFreeRelease :app:bundleNonFreeRelease
-        gradle-home-cache-cleanup: true
+      shell: bash
+      run: ./gradlew :app:assembleFreeRelease :app:assembleNonFreeRelease :app:bundleNonFreeRelease
       env:
         SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
 
@@ -103,7 +93,8 @@ jobs:
 
       - name: Get the version
         id: get_version
-        run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/}
+        shell: bash
+        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
 
       - name: Upload Non-Free Release Apk
         uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2

diff --git a/.github/workflows/deploy_library_releases.yml b/.github/workflows/deploy_library_releases.yml
@@ -8,20 +8,12 @@ jobs:
   publish-release:
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-    - name: Set up JDK
-      uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-      with:
-        distribution: temurin
-        java-version: 20
+    - name: Setup build environment
+      uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
 
     - name: Upload binaries
-      uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
-      with:
-        arguments: --no-configuration-cache :autofill-parser:publishAllPublicationsToMavenCentralRepository
-        gradle-home-cache-cleanup: true
+      shell: bash
+      run: ./gradlew --no-configuration-cache :autofill-parser:publishAllPublicationsToMavenCentralRepository
       env:
         ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.NEXUS_PUBLISH_USERNAME }}
         ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.NEXUS_PUBLISH_PASSWORD }}

diff --git a/.github/workflows/deploy_snapshot.yml b/.github/workflows/deploy_snapshot.yml
@@ -18,40 +18,32 @@ jobs:
     runs-on: ubuntu-latest
     if: "!contains(github.event.head_commit.message, '[ci skip]')"
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+    - name: Setup build environment
+      uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
       with:
         fetch-depth: 0
-
-    - name: Set up JDK
-      uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-      with:
-        distribution: temurin
-        java-version: 20
+        dependency-graph: generate-and-submit
 
     - name: Decrypt secrets
+      shell: bash
       run: scripts/signing-setup.sh "$ENCRYPT_KEY"
       env:
         ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
 
-    - name: Copy CI gradle.properties
-      run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
-
     - name: Build release app
-      uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
+      shell: bash
+      run: ./gradlew collectFreeReleaseApks collectNonFreeReleaseApks bundleFreeRelease bundleNonFreeRelease -PsentryUploadMappings
       env:
         SNAPSHOT: "true"
         SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
         SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-      with:
-        arguments: collectFreeReleaseApks collectNonFreeReleaseApks bundleFreeRelease bundleNonFreeRelease -PsentryUploadMappings
-        gradle-home-cache-cleanup: true
-        dependency-graph: generate-and-submit
 
     - name: Clean secrets
+      shell: bash
       run: scripts/signing-cleanup.sh
 
     - name: Deploy snapshot
+      shell: bash
       run: scripts/deploy-snapshot.sh
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/draft_new_release.yml b/.github/workflows/draft_new_release.yml
@@ -32,26 +32,16 @@ jobs:
           echo "PR_BASE=release-${BRANCH_VERSION}" >> $GITHUB_ENV
           echo "PR_HEAD=release-prep" >> $GITHUB_ENV
 
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Setup build environment
+        uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
         with:
           ref: ${{ env.CHECKOUT_REF }}
 
-      - name: Set up JDK
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-        with:
-          distribution: temurin
-          java-version: 20
-
       - name: Update changelog
         uses: thomaseizinger/keep-a-changelog-new-release@77ac767b2f7f6edf2ee72ab3364ed26667086f96 # 3.0.0
         with:
           version: ${{ github.event.milestone.title }}
 
-      - name: Setup Gradle caching
-        uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
-        with:
-          gradle-home-cache-cleanup: true
-
       - name: Initialize git config and commit changes
         shell: bash
         run: |

diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -15,25 +15,12 @@ jobs:
   check-codestyle:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0
-
-      - name: Set up JDK
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-        with:
-          distribution: temurin
-          java-version: 20
-
-      - name: Copy CI gradle.properties
-        run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
+      - name: Setup build environment
+        uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
 
       - name: Check codestyle
-        uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
-        with:
-          arguments: ktfmtCheck
-          gradle-home-cache-cleanup: true
+        shell: bash
+        run: ./gradlew ktfmtCheck
 
       - name: Upload Kotlin build report
         if: "${{ always() }}"
@@ -45,25 +32,12 @@ jobs:
   unit-tests:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0
-
-      - name: Set up JDK
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-        with:
-          distribution: temurin
-          java-version: 20
-
-      - name: Copy CI gradle.properties
-        run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
+      - name: Setup build environment
+        uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
 
       - name: Run unit tests
-        uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
-        with:
-          arguments: test -PslimTests
-          gradle-home-cache-cleanup: true
+        shell: bash
+        run: ./gradlew test -PslimTests
 
       - name: (Fail-only) Upload test report
         if: "${{ failure() }}"
@@ -82,25 +56,12 @@ jobs:
   build-apks:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0
-
-      - name: Set up JDK
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-        with:
-          distribution: temurin
-          java-version: 20
-
-      - name: Copy CI gradle.properties
-        run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
+      - name: Setup build environment
+        uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
 
       - name: Build debug APKs
-        uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
-        with:
-          arguments: assembleFreeDebug assembleNonFreeDebug assembleNonFreeRelease
-          gradle-home-cache-cleanup: true
+        shell: bash
+        run: ./gradlew assembleFreeDebug assembleNonFreeDebug assembleNonFreeRelease
 
       - name: Upload Kotlin build report
         if: "${{ always() }}"
@@ -112,25 +73,12 @@ jobs:
   check-api:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0
-
-      - name: Set up JDK
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-        with:
-          distribution: temurin
-          java-version: 20
-
-      - name: Copy CI gradle.properties
-        run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
+      - name: Setup build environment
+        uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
 
       - name: Check library API
-        uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
-        with:
-          arguments: metalavaCheckCompatibilityRelease
-          gradle-home-cache-cleanup: true
+        shell: bash
+        run: ./gradlew metalavaCheckCompatibilityRelease
 
       - name: Upload Kotlin build report
         if: "${{ always() }}"
@@ -142,25 +90,12 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0
-
-      - name: Set up JDK
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-        with:
-          distribution: temurin
-          java-version: 20
-
-      - name: Copy CI gradle.properties
-        run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties
+      - name: Setup build environment
+        uses: android-password-store/android-password-store/.github/reusable-workflows/setup-gradle@develop
 
       - name: Run Lint
-        uses: gradle/actions/setup-gradle@6cec5d49d4d6d4bb982fbed7047db31ea6d38f11 # v3
-        with:
-          arguments: lint
-          gradle-home-cache-cleanup: true
+        shell: bash
+        run: ./gradlew lint
 
       - name: Upload Kotlin build report
         if: "${{ always() }}"