Secrets test (#122)

* Use environment for ENV variables * setup a local.properties file for tests * added .env files to .gitignore * Added a 'secrets' test which uses .env for local.properties * move the local properties file creation elsewhere * lint fix * add an action to convert secrets to env variables
compscidr · May 13, 2023 · 4655316 · 4655316
1 parent b9d263b
commit 4655316
Show file tree

Hide file tree

Showing 6 changed files with 74 additions and 2 deletions.
diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml
@@ -6,7 +6,8 @@ jobs:
   build:
 
     runs-on: self-hosted
-
+    environment:
+      name: dev
     steps:
       - uses: actions/checkout@v3
         with:
@@ -19,6 +20,11 @@ jobs:
           distribution: temurin
       - name: Setup Android SDK
         uses: android-actions/setup-android@v2
+      - name: Create local.properties file
+        run: echo PROPERTY_SECRET=property_test >> local.properties
+      - uses: oNaiPs/secrets-to-env-action@v1
+        with:
+          secrets: ${{ toJSON(secrets) }}
       - name: Build with Gradle
         run: ./gradlew clean build --no-build-cache
       - name: lint

diff --git a/.gitignore b/.gitignore
@@ -47,3 +47,5 @@ build
 *~
 *.swp
 *.exec
+
+app/.env
diff --git a/app/build.gradle b/app/build.gradle
@@ -8,6 +8,7 @@ plugins {
     id 'de.mannodermaus.android-junit5'
     id 'org.jmailen.kotlinter'
     id 'jacoco'
+    id "com.google.android.libraries.mapsplatform.secrets-gradle-plugin" version "2.0.1"
     //id 'org.jetbrains.dokka'
 }
 
@@ -163,5 +164,5 @@ appVersioning {
     }
 }
 
-// https://proandroiddev.com/android-libraries-on-github-packages-21f135188d58
+apply from: file('secrets.gradle')
 apply from: file('publish.gradle')
diff --git a/app/secrets.gradle b/app/secrets.gradle
@@ -0,0 +1,29 @@
+/**
+ * First tries to find the property in the local.properties file, and then falls back to the
+ * environment variables. If it can't find the property, it returns an empty string.
+ *
+ * @param name the fully qualified name of the property
+ * @return the value of the property, or an empty string if it can't be found
+ */
+String propertyEnvOrEmpty(String name) {
+    return project.findProperty(name) ?: env.fetch(name, "")
+}
+
+/**
+ * Ensures that the string is enclosed with quotes so that in the BuildConfig.java file, it doesn't
+ * leave a blank which isn't compilable.
+ *
+ * @param name the name of the buildConfig property
+ * @return either the value of the property, the value of the env variable, or an empty string
+ * enclosed in quotes
+ */
+String buildConfigProperty(String name) {
+    return "\"${propertyEnvOrEmpty(name)}\""
+}
+
+android {
+    defaultConfig {
+        buildConfigField("String", "ENV_SECRET", buildConfigProperty("ENV_SECRET"))
+        buildConfigField("String", "PROPERTY_SECRET", buildConfigProperty("PROPERTY_SECRET"))
+    }
+}
diff --git a/app/src/androidTest/java/com/example/myapplication/SecretsTest.kt b/app/src/androidTest/java/com/example/myapplication/SecretsTest.kt
@@ -0,0 +1,32 @@
+package com.example.myapplication
+
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Assertions.assertTrue
+import org.junit.jupiter.api.Test
+import org.junit.platform.commons.logging.LoggerFactory
+
+/**
+ * Ensure that we can get the secrets from the environment variables and local properties files
+ *
+ * Requires the following plugins:
+ * - for env: https://plugins.gradle.org/plugin/co.uzzu.dotenv.gradle
+ * - for local.properties: https://github.com/google/secrets-gradle-plugin
+ */
+class SecretsTest {
+
+    private val logger = LoggerFactory.getLogger(javaClass)
+
+    @Test fun envSecretTest() {
+        val envSecret = BuildConfig.ENV_SECRET
+        logger.info { "envSecret: $envSecret" }
+        assertTrue(envSecret.isNotEmpty(), "Expecting a value in the ENV_SECRET. You're probably missing a .env file")
+        assertEquals("test", envSecret, "Expecting the ENV secret to be 'test', set this in your .env file or GH actions secret")
+    }
+
+    @Test fun localPropertyTest() {
+        val propertySecret = BuildConfig.PROPERTY_SECRET
+        logger.info { "propertySecret: $propertySecret" }
+        assertTrue(propertySecret.isNotEmpty(), "Expecting a value in the PROPERTY_SECRET. You're probably missing a definition in the local.properties file")
+        assertEquals("property_test", propertySecret, "Expecting the PROPERTY_SECRET secret to be 'property_test', set this in your local_properties file or GH actions secret")
+    }
+}
diff --git a/build.gradle b/build.gradle
@@ -21,6 +21,7 @@ buildscript {
         classpath "com.google.dagger:hilt-android-gradle-plugin:$hilt_version"
         classpath "de.mannodermaus.gradle.plugins:android-junit5:1.9.3.0"
         classpath "org.jmailen.gradle:kotlinter-gradle:3.14.0"
+        classpath "co.uzzu.dotenv:gradle:2.0.0"
         //classpath "org.jetbrains.dokka:dokka-gradle-plugin:$kotlin_version"
     }
 }
@@ -30,6 +31,7 @@ plugins {
     id "org.jetbrains.kotlin.android" version "$kotlin_version" apply false
     id "org.jetbrains.kotlin.plugin.serialization" version "$kotlin_version"
     id "org.jetbrains.kotlin.jvm" version "$kotlin_version" apply false
+    id "co.uzzu.dotenv.gradle" version "2.0.0"
 }
 
 task clean(type: Delete) {
-Original file line number
+Diff line change
@@ Expand Up / @@ -47,3 +47,5 @@ build @@
     *~
     *.swp
     *.exec
+    app/.env