chore: update flutter dependencies in version.json for 3.27.3 (#280) #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - main | |
| # paths: | |
| # - .github/workflows/release.yml | |
| # - Dockerfile | |
| # - config/version.json | |
| # - script/docker-entrypoint.sh | |
| # - script/set_environment_variables.sh | |
| # - test/** | |
| workflow_dispatch: | |
| # Declare default permissions as read only. | |
| permissions: | |
| contents: read | |
| jobs: | |
| build_push_android: | |
| permissions: | |
| # Allow to write packages to push the container image to the Github Container Registry | |
| packages: write | |
| # Allow to write security events to upload the results to code-scanning dashboard. | |
| security-events: write | |
| runs-on: ubuntu-24.04 | |
| env: | |
| IMAGE_REPOSITORY_NAME: flutter-android | |
| ANDROID_BUILD_TOOLS_VERSION: 30.0.3 | |
| VERSION_MANIFEST: config/version.json | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Generate authentication token with GitHub App | |
| uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1 | |
| id: generate-token | |
| with: | |
| app-id: ${{ secrets.VERIFIED_COMMIT_ID }} | |
| private-key: ${{ secrets.VERIFIED_COMMIT_KEY }} | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| - name: Login to Quay.io | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_ROBOT_TOKEN }} | |
| - name: Read environment variables from version.json | |
| env: | |
| GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} | |
| run: ./script/set_environment_variables.sh | |
| - name: Set environment variable for image repository and tag | |
| run: | | |
| IMAGE_REPOSITORY_PATH="${{ github.repository_owner }}/${{ env.IMAGE_REPOSITORY_NAME }}" | |
| echo "IMAGE_REPOSITORY_PATH=$IMAGE_REPOSITORY_PATH" >> $GITHUB_ENV | |
| - name: Load image metadata | |
| uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 | |
| id: metadata | |
| with: | |
| images: | | |
| ${{ env.IMAGE_REPOSITORY_PATH }} | |
| ghcr.io/${{ env.IMAGE_REPOSITORY_PATH }} | |
| quay.io/${{ env.IMAGE_REPOSITORY_PATH }} | |
| tags: | | |
| type=raw,value=${{ env.FLUTTER_VERSION }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 | |
| - name: Build image and push to local Docker daemon | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6 | |
| with: | |
| load: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| labels: ${{ steps.metadata.outputs.labels }} | |
| target: android | |
| build-args: | | |
| flutter_version=${{ env.FLUTTER_VERSION }} | |
| fastlane_version=${{ env.FASTLANE_VERSION }} | |
| android_build_tools_version=${{ env.ANDROID_BUILD_TOOLS_VERSION }} | |
| android_platform_versions=${{ env.ANDROID_PLATFORM_VERSIONS }} | |
| - name: Test image | |
| uses: plexsystems/container-structure-test-action@c0a028aa96e8e82ae35be556040340cbb3e280ca # v0.3.0 | |
| with: | |
| image: ${{ fromJSON(steps.metadata.outputs.json).tags[0] }} | |
| config: test/android.yml | |
| - name: Build image and push it to registries | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6 | |
| with: | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| labels: ${{ steps.metadata.outputs.labels }} | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| target: android | |
| build-args: | | |
| flutter_version=${{ env.FLUTTER_VERSION }} | |
| fastlane_version=${{ env.FASTLANE_VERSION }} | |
| android_build_tools_version=${{ env.ANDROID_BUILD_TOOLS_VERSION }} | |
| android_platform_versions=${{ env.ANDROID_PLATFORM_VERSIONS }} | |
| - name: Update Docker Hub description | |
| uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
| repository: ${{ env.IMAGE_REPOSITORY_PATH }} | |
| short-description: ${{ github.event.repository.description }} | |
| readme-filepath: readme.md | |
| - name: Record image in Docker Scout environment | |
| id: docker-scout-environment | |
| uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1 | |
| with: | |
| command: environment, cves | |
| # Use the Docker Hub image that is the first tag in the metadata | |
| image: registry://${{ fromJson(steps.metadata.outputs.json).tags[0] }} | |
| environment: prod | |
| only-fixed: true | |
| organization: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| sarif-file: sarif.json | |
| - name: Update bootstrap image tag in environment variable | |
| run: gh variable set FLUTTER_VERSION --body "${{ env.FLUTTER_VERSION }}" | |
| env: | |
| GH_TOKEN: ${{ steps.generate-token.outputs.token }} | |
| # Upload the results to GitHub's code scanning dashboard (optional). | |
| # Commenting out will disable upload of results to your repo's Code Scanning dashboard | |
| - name: Upload to code-scanning | |
| uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3 | |
| with: | |
| sarif_file: sarif.json | |
| # TODO: Use kaniko for building and pushing after slowness is solved | |
| # TODO: https://github.com/GoogleContainerTools/kaniko/issues/970 | |
| # TODO: https://github.com/GoogleContainerTools/kaniko/issues/875 | |
| # TODO: Use kaniko for building and pushing after pushing to Docker daemon is solved, to be able to test Docker image, with the following issues | |
| # TODO: https://github.com/GoogleContainerTools/kaniko/issues/1331 | |
| # - name: Build image and push it to registries | |
| # uses: int128/kaniko-action@v1 | |
| # with: | |
| # push: true | |
| # cache: true | |
| # cache-repository: ${{ steps.ecr-cache.outputs.repository-uri }} | |
| # tags: ${{ steps.metadata.outputs.tags }} | |
| # labels: ${{ steps.metadata.outputs.labels }} | |
| # build-args: | | |
| # flutter_version=${{ env.FLUTTER_VERSION }} | |
| # android_build_tools_version=${{ env.ANDROID_BUILD_TOOLS_VERSION }} | |
| # android_platform_versions=${{ env.ANDROID_PLATFORM_VERSIONS }} | |
| # kaniko-args: | | |
| # --skip-unused-stages=true | |
| # --use-new-run=true | |
| # --snapshotMode=redo | |
| # target: android | |
| # executor: gcr.io/kaniko-project/executor:latest | |
| # TODO: https://github.com/snok/container-retention-policy | |
| # TODO: Push a build image before the final image | |
| # TODO: Run basic tests with build image | |
| # TODO: Push final image only if tests pass https://redhat-cop.github.io/ci/publishing-images.html |