chore(deps): update github-actions #63
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| # Declare default permissions as read only. | |
| permissions: | |
| contents: read | |
| jobs: | |
| test_image: | |
| permissions: | |
| # Allow to write packages for the docker/scout-action to write a comment | |
| packages: write | |
| # Allow to write pull requests for the docker/scout-action to write a comment | |
| pull-requests: write | |
| # Allow to write security events for github/codeql-action/upload-sarif to upload SARIF results | |
| security-events: write | |
| runs-on: ubuntu-24.04 | |
| env: | |
| IMAGE_REPOSITORY_NAME: flutter-android | |
| VERSION_MANIFEST: config/version.json | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| - name: Read environment variables from version.json | |
| env: | |
| GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} | |
| run: ./script/set_environment_variables.sh | |
| - name: Load image metadata | |
| uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 | |
| id: metadata | |
| with: | |
| images: | | |
| ${{ env.IMAGE_REPOSITORY_PATH }} | |
| ghcr.io/${{ env.IMAGE_REPOSITORY_PATH }} | |
| quay.io/${{ env.IMAGE_REPOSITORY_PATH }} | |
| tags: | | |
| type=raw,value=${{ env.FLUTTER_VERSION }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 | |
| - name: Build image and push to local Docker daemon | |
| uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6 | |
| with: | |
| load: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| labels: ${{ steps.metadata.outputs.labels }} | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| target: android | |
| build-args: | | |
| flutter_version=${{ env.FLUTTER_VERSION }} | |
| fastlane_version=${{ env.FASTLANE_VERSION }} | |
| android_build_tools_version=${{ env.ANDROID_BUILD_TOOLS_VERSION }} | |
| android_platform_versions=${{ env.ANDROID_PLATFORM_VERSIONS }} | |
| - name: Test image | |
| uses: plexsystems/container-structure-test-action@c0a028aa96e8e82ae35be556040340cbb3e280ca # v0.3.0 | |
| with: | |
| image: ${{ fromJSON(steps.metadata.outputs.json).tags[0] }} | |
| config: test/android.yml | |
| # TODO: Parallelize testing and vulnerability scanning | |
| - name: Scan with Docker Scout | |
| id: docker-scout | |
| uses: docker/scout-action@b23590dc1e4d09febc00cfcbc51e9e8c0f7ee9f3 # v1 | |
| with: | |
| command: compare, recommendations | |
| # Use the Docker Hub image that is the first tag in the metadata | |
| image: local://${{ fromJson(steps.metadata.outputs.json).tags[0] }} | |
| # github-token is needed to be able to write the PR comment | |
| github-token: ${{ github.token }} | |
| only-fixed: true | |
| organization: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| # sarif-file: output.sarif.json | |
| to-env: prod | |
| # Enable debug logging when needed | |
| # debug: true | |
| # verbose-debug: true | |
| validate_version: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Setup Cue for JSON validation | |
| uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1 | |
| - name: Validate version.json and flutter_version.json | |
| run: | | |
| cue vet config/version.cue config/version.json | |
| cue vet config/flutter_version.cue config/flutter_version.json | |
| validate_generated_config: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Generate test files | |
| uses: mikefarah/yq@8bf425b4d1344db7cd469a8d10a390876e0c77fd # v4 | |
| with: | |
| cmd: ./script/update_test.sh | |
| - name: Check if there are any changes in the git working tree | |
| run: | | |
| git add -A | |
| git diff --exit-code HEAD | |
| build_docs: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Setup NodeJS | |
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 | |
| with: | |
| cache: 'npm' | |
| cache-dependency-path: docs/src/package-lock.json | |
| node-version-file: docs/src/package.json | |
| - name: Update documentation | |
| working-directory: docs/src | |
| run: | | |
| npm ci --prefer-offline | |
| npm run build | |
| - name: Check if there are any changes in the git working tree | |
| run: | | |
| git add -A | |
| git diff --exit-code HEAD | |
| test_gradle: | |
| permissions: | |
| # Allow to read packages to pull the container image from GitHub Container Registry | |
| packages: read | |
| runs-on: ubuntu-24.04 | |
| container: | |
| image: ghcr.io/${{ github.repository_owner }}/flutter-android:${{ vars.FLUTTER_VERSION }} | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Read version.json | |
| id: version-json | |
| run: | | |
| { | |
| echo "content<<EOF" | |
| cat ./config/version.json | |
| echo "EOF" | |
| } >> $GITHUB_OUTPUT | |
| - name: Set environment variables from version.json | |
| run: | | |
| echo "FLUTTER_VERSION=${{ fromJson( steps.version-json.outputs.content ).flutter.version }}" >> $GITHUB_ENV | |
| echo "FLUTTER_CHANNEL=${{ fromJson( steps.version-json.outputs.content ).flutter.channel }}" >> $GITHUB_ENV | |
| - name: Setup Flutter | |
| run: | | |
| cd $FLUTTER_ROOT | |
| git fetch origin ${{ env.FLUTTER_VERSION }}:${{ env.FLUTTER_VERSION }} | |
| git switch ${{ env.FLUTTER_VERSION }} | |
| - name: Create test application | |
| run: | | |
| flutter create test_app | |
| - name: Update default Android platform versions in Flutter | |
| working-directory: test_app/android | |
| run: | | |
| cat ../../script/updateAndroidVersions.gradle >> app/build.gradle | |
| ./gradlew --warning-mode all updateAndroidVersions | |
| - name: Setup Cue for JSON validation | |
| uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1 | |
| - name: Validate version.json | |
| run: cue vet config/version.cue config/version.json |