diff --git a/.github/workflows/android_ci.yml b/.github/workflows/android_ci.yml index 5fc5ac6b8..cac7f2618 100644 --- a/.github/workflows/android_ci.yml +++ b/.github/workflows/android_ci.yml @@ -1,50 +1,52 @@ name: Android Build CI on: push: branches: [master] paths-ignore: - 'landing/**' - 'web/**' - 'docs/**' - 'keyserver/**' + pull_request: + types: [opened, reopened] jobs: build: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v2 - name: set up JDK 11 uses: actions/setup-java@v2 with: java-version: '11' distribution: 'adopt' - name: Install Yarn run: npm install -g yarn - name: yarn --frozen-lockfile run: yarn --frozen-lockfile - name: Save ANDROID_KEY_STORE_B64 to file env: ANDROID_KEY_STORE_B64: ${{secrets.ANDROID_KEY_STORE_B64}} run: echo "$ANDROID_KEY_STORE_B64" > ANDROID_KEY_STORE_B64.b64 - name: Save ANDROID_KEY_STORE to file run: base64 -d ANDROID_KEY_STORE_B64.b64 > android_key_store.keystore - name: Configure gradle.properties run: | mkdir ~/.gradle touch ~/.gradle/gradle.properties echo "COMM_UPLOAD_STORE_FILE=$(pwd)/android_key_store.keystore" >> ~/.gradle/gradle.properties echo "COMM_UPLOAD_KEY_ALIAS=AndroidSigningKey" >> ~/.gradle/gradle.properties - name: Build with Gradle working-directory: ./native/android env: ANDROID_SIGNING_PASSWORD: ${{secrets.ANDROID_SIGNING_PASSWORD}} run: ./gradlew bundleRelease diff --git a/.github/workflows/backup_build.yml b/.github/workflows/backup_build.yml index b179af4c2..b65c5c6bc 100644 --- a/.github/workflows/backup_build.yml +++ b/.github/workflows/backup_build.yml @@ -1,21 +1,23 @@ name: Backup Build (Docker) on: push: branches: [master] paths-ignore: - 'landing/**' - 'web/**' - 'docs/**' - 'keyserver/**' + pull_request: + types: [opened, reopened] jobs: build: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v2 - name: docker-compose build --no-cache backup-server working-directory: ./services run: docker-compose build --no-cache backup-server diff --git a/.github/workflows/blob_build.yml b/.github/workflows/blob_build.yml index 0b26c6b47..44c3562ab 100644 --- a/.github/workflows/blob_build.yml +++ b/.github/workflows/blob_build.yml @@ -1,21 +1,23 @@ name: Blob Build (Docker) on: push: branches: [master] paths-ignore: - 'landing/**' - 'web/**' - 'docs/**' - 'keyserver/**' + pull_request: + types: [opened, reopened] jobs: build: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v2 - name: docker-compose build --no-cache blob-server working-directory: ./services run: docker-compose build --no-cache blob-server diff --git a/.github/workflows/docker_keyserver.yml b/.github/workflows/docker_keyserver.yml index 0a5d8b9c0..33b89c85f 100644 --- a/.github/workflows/docker_keyserver.yml +++ b/.github/workflows/docker_keyserver.yml @@ -1,20 +1,22 @@ name: Docker keyserver CI on: push: branches: [master] paths-ignore: - 'native/**' - 'docs/**' - 'services/**' + pull_request: + types: [opened, reopened] jobs: build: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v2 - name: Build Docker working-directory: ./keyserver run: touch .env && bash/dc.sh build --no-cache diff --git a/.github/workflows/eslint_flow_jest.yml b/.github/workflows/eslint_flow_jest.yml index 6ab9f2993..88ab6b0e6 100644 --- a/.github/workflows/eslint_flow_jest.yml +++ b/.github/workflows/eslint_flow_jest.yml @@ -1,48 +1,50 @@ name: ESLint & Flow & Jest on: push: branches: [master] + pull_request: + types: [opened, reopened] jobs: build: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v2 - name: npm install -g yarn run: npm install -g yarn - name: yarn --frozen-lockfile run: yarn --frozen-lockfile - name: yarn eslint --max-warnings=0 run: yarn eslint --max-warnings=0 - name: '[lib] flow' working-directory: ./lib run: ./node_modules/.bin/flow - name: '[keyserver] flow' working-directory: ./keyserver run: ./node_modules/.bin/flow - name: '[web] flow' working-directory: ./web run: ./node_modules/.bin/flow - name: '[landing] flow' working-directory: ./landing run: ./node_modules/.bin/flow - name: '[native] flow' working-directory: ./native run: ./node_modules/.bin/flow - name: '[lib] test' working-directory: ./lib run: yarn test - name: '[keyserver] test' working-directory: ./keyserver run: yarn test diff --git a/.github/workflows/identity_build.yaml b/.github/workflows/identity_build.yaml index 89d48ff15..6193ee6cb 100644 --- a/.github/workflows/identity_build.yaml +++ b/.github/workflows/identity_build.yaml @@ -1,21 +1,23 @@ name: Identity Build (Docker) on: push: branches: [master] paths-ignore: - 'landing/**' - 'web/**' - 'docs/**' - 'keyserver/**' + pull_request: + types: [opened, reopened] jobs: build: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v2 - name: docker-compose build --no-cache identity-server working-directory: ./services run: docker-compose build --no-cache identity-server diff --git a/.github/workflows/ios_ci.yml b/.github/workflows/ios_ci.yml index 29a0b3332..11b74327b 100644 --- a/.github/workflows/ios_ci.yml +++ b/.github/workflows/ios_ci.yml @@ -1,76 +1,78 @@ name: iOS Build CI on: push: branches: [master] paths-ignore: - 'landing/**' - 'web/**' - 'docs/**' - 'keyserver/**' + pull_request: + types: [opened, reopened] jobs: build: name: Build and archive iOS app runs-on: macos-11 steps: - name: Checkout uses: actions/checkout@v2 - name: Install the Apple certificate and provisioning profile env: BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} P12_PASSWORD: ${{ secrets.P12_PASSWORD }} BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | # create variables CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db # import certificate and provisioning profile from secrets echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH # create temporary keychain security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH security set-keychain-settings -lut 21600 $KEYCHAIN_PATH security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH # import certificate to keychain security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH # apply provisioning profile mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles - name: brew install protobuf run: brew install protobuf - name: npm install -g yarn run: npm install -g yarn - name: yarn --frozen-lockfile run: yarn --frozen-lockfile - name: Save auth_key to file working-directory: ./native/ios env: AUTH_KEY: ${{secrets.AUTH_KEY}} run: echo "$AUTH_KEY" > AUTH_KEY.p8 - name: Archive working-directory: ./native/ios env: AUTH_KEY_ID: ${{secrets.AUTH_KEY_ID}} AUTH_KEY_ISSUER_ID: ${{secrets.AUTH_KEY_ISSUER_ID}} run: xcodebuild archive -workspace Comm.xcworkspace -scheme Comm -configuration Release -archivePath archives/Comm.xcarchive -destination generic/platform=iOS -allowProvisioningUpdates -authenticationKeyIssuerID "$AUTH_KEY_ISSUER_ID" -authenticationKeyID "$AUTH_KEY_ID" -authenticationKeyPath $PWD/AUTH_KEY.p8 - name: Clean up keychain and provisioning profile if: ${{ always() }} run: | rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision security delete-keychain $RUNNER_TEMP/app-signing.keychain-db diff --git a/.github/workflows/ios_xctest.yml b/.github/workflows/ios_xctest.yml index a65cf283f..4dc5986a6 100644 --- a/.github/workflows/ios_xctest.yml +++ b/.github/workflows/ios_xctest.yml @@ -1,76 +1,78 @@ name: iOS XCTests on: push: branches: [master] paths-ignore: - 'landing/**' - 'web/**' - 'docs/**' - 'keyserver/**' + pull_request: + types: [opened, reopened] jobs: build: name: Run iOS XCTests runs-on: macos-12 steps: - name: Checkout uses: actions/checkout@v2 - name: Install the Apple certificate and provisioning profile env: BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} P12_PASSWORD: ${{ secrets.P12_PASSWORD }} BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | # create variables CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db # import certificate and provisioning profile from secrets echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH # create temporary keychain security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH security set-keychain-settings -lut 21600 $KEYCHAIN_PATH security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH # import certificate to keychain security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH # apply provisioning profile mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles - name: brew install protobuf run: brew install protobuf - name: npm install -g yarn run: npm install -g yarn - name: yarn --frozen-lockfile run: yarn --frozen-lockfile - name: Save auth_key to file working-directory: ./native/ios env: AUTH_KEY: ${{secrets.AUTH_KEY}} run: echo "$AUTH_KEY" > AUTH_KEY.p8 - name: Run XCTests working-directory: ./native/ios env: AUTH_KEY_ID: ${{secrets.AUTH_KEY_ID}} AUTH_KEY_ISSUER_ID: ${{secrets.AUTH_KEY_ISSUER_ID}} run: xcodebuild ENABLE_TESTABILITY=YES test -workspace Comm.xcworkspace -scheme Comm -destination name="iPhone 13 Pro" -configuration Release -authenticationKeyIssuerID "$AUTH_KEY_ISSUER_ID" -authenticationKeyID "$AUTH_KEY_ID" -authenticationKeyPath $PWD/AUTH_KEY.p8 - name: Clean up keychain and provisioning profile if: ${{ always() }} run: | rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision security delete-keychain $RUNNER_TEMP/app-signing.keychain-db diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 894158863..4528895e4 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -1,21 +1,23 @@ name: ShellCheck on: push: branches: [master] + pull_request: + types: [opened, reopened] jobs: shellcheck: name: ShellCheck runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v2 - name: Install ShellCheck run: sudo apt-get update && DEBIAN_FRONTEND=noninteractive sudo apt-get install -y shellcheck - name: Set globstar run: shopt -s globstar - name: Run ShellCheck run: shellcheck -x -P SCRIPTDIR **/*.sh diff --git a/.github/workflows/tunnelbroker_build.yaml b/.github/workflows/tunnelbroker_build.yaml index 11f2ab129..94c69f1c3 100644 --- a/.github/workflows/tunnelbroker_build.yaml +++ b/.github/workflows/tunnelbroker_build.yaml @@ -1,21 +1,23 @@ name: Tunnelbroker Build (Docker) on: push: branches: [master] paths-ignore: - 'landing/**' - 'web/**' - 'docs/**' - 'keyserver/**' + pull_request: + types: [opened, reopened] jobs: build: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v2 - name: docker-compose build --no-cache tunnelbroker-server working-directory: ./services run: docker-compose build --no-cache tunnelbroker-server