diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml index 71dcf05c618e138a1ba943d1c0bac586ba96dcde..24c2364f949cd2894afbcdc53f47f16ad25848e8 100644 --- a/.github/workflows/android.yml +++ b/.github/workflows/android.yml @@ -26,13 +26,13 @@ jobs: - name: Copy CI gradle.properties run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties - - uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: 'temurin' java-version: '17' - name: Setup Gradle - uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 + uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - name: Quality - Spotless run: ./gradlew spotlessCheck @@ -46,8 +46,5 @@ jobs: - name: Quality - Dependency Guard run: ./gradlew dependencyGuard - - name: Build - run: ./gradlew assembleDebug - - - name: Test - run: ./gradlew testsOnCi + - name: Build (run full build and tests) + run: ./gradlew build diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dbba88843d3326f4af926e71a17e554fde1ca97d..1b47a94f2e6de07c7d2a0b78f81130cefc998450 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,23 +22,23 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: 'temurin' java-version: '17' - name: Setup Gradle - uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 + uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 with: cache-read-only: true - - uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + - uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 with: languages: java - name: Autobuild - uses: github/codeql-action/autobuild@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + uses: github/codeql-action/autobuild@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 diff --git a/.github/workflows/daily_builds.yml b/.github/workflows/daily_builds.yml index 413c1980e6993d84c8b0abd8b3c63814424c45e7..cb4ed21f7032ccf21ef2da6bd96432831502d709 100644 --- a/.github/workflows/daily_builds.yml +++ b/.github/workflows/daily_builds.yml @@ -14,5 +14,5 @@ jobs: uses: ./.github/workflows/shippable_builds.yml secrets: inherit permissions: - contents: write # For release bumps id-token: write # For GCS publishing (ftp.mo) + contents: read diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml index cc8d74ef09506706fac7bdb246aab55ec4688ca6..e406dd6e9eddd2845dad0cc86004813cfedff630 100644 --- a/.github/workflows/deploy-docs.yml +++ b/.github/workflows/deploy-docs.yml @@ -1,3 +1,4 @@ +--- name: Deploy docs on: @@ -9,58 +10,77 @@ on: workflow_dispatch: -permissions: - contents: read - pages: write - id-token: write - concurrency: group: "pages" cancel-in-progress: false jobs: build-docs: + if: ${{ github.repository_owner == 'thunderbird' }} runs-on: ubuntu-latest + environment: botmobile steps: - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: App token generate + uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 + if: ${{ vars.BOT_CLIENT_ID }} + id: app-token + with: + app-id: ${{ vars.BOT_CLIENT_ID }} + private-key: ${{ secrets.BOT_PRIVATE_KEY }} - - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - path: | - ~/.cargo/.crates.toml - ~/.cargo/.crates2.toml - ~/.cargo/bin/ - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + token: ${{ steps.app-token.outputs.token || github.token }} + + - name: Cargo cache + uses: actions-rust-lang/setup-rust-toolchain@9d7e65c320fdb52dcd45ffaa68deb6c02c8754d9 # v1.12.0 - name: Install mdbook and extensions run: ./docs/install.sh - - name: Setup Pages - id: pages - uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 - - name: Build docs - run: mdbook build docs --dest-dir=book/docs/latest + run: mdbook build docs --dest-dir=./../book/docs/latest - name: Test docs run: mdbook test docs - - name: Upload artifact - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 - with: - path: ./book/docs + - name: Clean docs + run: | + rm -rf book/docs/latest/assets/draw.io + rm book/docs/latest/.gitignore + rm book/docs/latest/install.sh - deploy-docs: - environment: - name: pages - url: ${{ steps.deployment.outputs.page_url }} - runs-on: ubuntu-latest - needs: build-docs - steps: - - name: Deploy to GitHub Pages - id: deployment - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 + # Restore mermaid.min.js, it has already been copied over to book/docs/latest + git restore . + + + - name: Deploy docs to gh-pages + env: + APP_SLUG: ${{ steps.app-token.outputs.app-slug || 'github-actions'}} + APP_USER_ID: ${{ vars.BOT_USER_ID || '41898282' }} + run: | + git config --global user.name "${APP_SLUG}" + git config --global user.email "${APP_USER_ID}+${APP_SLUG}[bot]@users.noreply.github.com" + + # Fetch the gh-pages branch + git fetch origin gh-pages || git checkout --orphan gh-pages + git checkout gh-pages + + # Get the short commit hash + COMMIT_HASH=$(git rev-parse --short "$GITHUB_SHA") + + # Keep necessary files and clean `docs/latest/` + mkdir -p docs/latest # Ensure the folder exists + find docs/latest -mindepth 1 -delete # Delete old files inside docs/latest + + # Copy new docs to gh-pages branch + cp -r book/docs/latest/* docs/latest/ + + # Remove + rm -rf book + + # Add, commit, and push changes + git add . + git commit -m "Deploy docs update from [${COMMIT_HASH}]" || echo "No changes to commit" + git push --force-with-lease origin gh-pages diff --git a/.github/workflows/fluidscan.yml b/.github/workflows/fluidscan.yml index 16849f28c3031101b339ed957b96a7667cd0dbf9..256660711c2c9b9990f291d95af07137d7802d77 100644 --- a/.github/workflows/fluidscan.yml +++ b/.github/workflows/fluidscan.yml @@ -27,7 +27,7 @@ jobs: bash scripts/ci/run-fluidattacks-scanner.sh - name: "Upload scan results" - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: SARIF scan results path: fluidscan-results.sarif @@ -35,6 +35,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 with: sarif_file: fluidscan-results.sarif diff --git a/.github/workflows/gradle-cache.yml b/.github/workflows/gradle-cache.yml index 94ec730a8f003019c992a35b703598782b9cf676..1f99703ed66583061d7f691c4590cfbc7931ac15 100644 --- a/.github/workflows/gradle-cache.yml +++ b/.github/workflows/gradle-cache.yml @@ -23,12 +23,13 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: 'temurin' java-version: '17' - name: Setup Gradle - uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 + uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - - run: ./gradlew assemble + - name: Build (run full build and tests) + run: ./gradlew build diff --git a/.github/workflows/markdown.yml b/.github/workflows/markdown.yml index f8fc334ea46d606353c2e0ff493f4be7dcb9dd4c..34596206155133f1fbdd13b478cd5f56d735b61b 100644 --- a/.github/workflows/markdown.yml +++ b/.github/workflows/markdown.yml @@ -13,18 +13,28 @@ jobs: markdown_quality: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Cargo cache + uses: actions-rust-lang/setup-rust-toolchain@9d7e65c320fdb52dcd45ffaa68deb6c02c8754d9 # v1.12.0 + + - name: Install mdbook and extensions + run: ./docs/install.sh - name: Copy CI gradle.properties run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties - - uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: 'temurin' java-version: '17' - name: Setup Gradle - uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 + uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - name: Quality - Spotless Markdown Check - run: ./gradlew spotlessMarkdownCheck + run: ./gradlew spotlessFlexmarkCheck + + - name: Test mdbook docs + run: mdbook test docs diff --git a/.github/workflows/needinfo-answered.yml b/.github/workflows/needinfo-answered.yml new file mode 100644 index 0000000000000000000000000000000000000000..a536f7ad69ef4078e94c462f6d72c84134ad0d95 --- /dev/null +++ b/.github/workflows/needinfo-answered.yml @@ -0,0 +1,37 @@ + +--- +name: Remove answered label + +on: + issues: + types: + - labeled + +permissions: + issues: write + +jobs: + build: + runs-on: ubuntu-latest + if: | + contains(github.event.issue.labels.*.name, 'status: needs information') && + contains(github.event.issue.labels.*.name, 'status: answered') + environment: botmobile + permissions: + issues: write + pull-requests: write + steps: + - name: App token generate + uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 + if: ${{ vars.BOT_CLIENT_ID }} + id: app-token + with: + app-id: ${{ vars.BOT_CLIENT_ID }} + private-key: ${{ secrets.BOT_PRIVATE_KEY }} + + - name: Remove answered label if both exist + env: + ISSUE_NUMBER: ${{ github.event.issue.number }} + GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }} + run: | + gh issue edit $ISSUE_NUMBER --repo "$GITHUB_REPOSITORY" --remove-label "status: answered" diff --git a/.github/workflows/needinfo-remove.yml b/.github/workflows/needinfo-remove.yml index a805ee3a95b84cbfeb96083a8338e8681c99d7f7..2d302b9a153fb7dd2020268b9185d880c97f49e2 100644 --- a/.github/workflows/needinfo-remove.yml +++ b/.github/workflows/needinfo-remove.yml @@ -8,6 +8,7 @@ on: permissions: contents: read + issues: write jobs: build: @@ -17,20 +18,22 @@ jobs: github.event.comment.author_association != 'OWNER' && github.event.comment.author_association != 'MEMBER' && github.event.comment.author_association != 'COLLABORATOR' + environment: botmobile permissions: issues: write pull-requests: write steps: - # https://github.com/octokit/request-action/issues/118 - - name: Remove needinfo label - run: | - curl --request DELETE \ - --url 'https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/status%3A%20needs%20information' \ - --header 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' - - name: Add answered label + - name: App token generate + uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 + if: ${{ vars.BOT_CLIENT_ID }} + id: app-token + with: + app-id: ${{ vars.BOT_CLIENT_ID }} + private-key: ${{ secrets.BOT_PRIVATE_KEY }} + + - name: Remove needinfo label and add answered label + env: + ISSUE_NUMBER: ${{ github.event.issue.number }} + GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }} run: | - curl --request POST \ - --url 'https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels' \ - --header 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' \ - --header 'Content-Type: application/json' \ - --data '{"labels": ["status: answered"]}' + gh issue edit $ISSUE_NUMBER --repo "$GITHUB_REPOSITORY" --remove-label "status: needs information" --add-label "status: answered" diff --git a/.github/workflows/needinfo-stale.yml b/.github/workflows/needinfo-stale.yml index 35d13e0130d30c8cd1091ed2ec5ea310c3675b14..6b6651ddd3f419e20aacae1cb19c63cafe5fce52 100644 --- a/.github/workflows/needinfo-stale.yml +++ b/.github/workflows/needinfo-stale.yml @@ -8,18 +8,28 @@ on: permissions: contents: read + issues: write jobs: build: runs-on: ubuntu-latest + environment: botmobile permissions: issues: write pull-requests: write steps: + - name: App token generate + uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 + if: ${{ vars.BOT_CLIENT_ID }} + id: app-token + with: + app-id: ${{ vars.BOT_CLIENT_ID }} + private-key: ${{ secrets.BOT_PRIVATE_KEY }} + - name: Close old issues with the needinfo tag - uses: imhoffd/needs-reply@71e8d5144caa0d4a1e292348bfafa3866d08c855 # v2.0.0 + uses: imhoffd/needs-reply@71e8d5144caa0d4a1e292348bfafa3866d08c855 # v2.0.0 with: - repo-token: ${{ secrets.GITHUB_TOKEN }} + repo-token: ${{ steps.app-token.outputs.token || github.token }} issue-label: "status: needs information" days-before-close: 30 close-message: > diff --git a/.github/workflows/pulls-merged.yml b/.github/workflows/pulls-merged.yml new file mode 100644 index 0000000000000000000000000000000000000000..e86d42d1cf84de4934a2ad18d6a0ad7569b3e1ed --- /dev/null +++ b/.github/workflows/pulls-merged.yml @@ -0,0 +1,70 @@ +--- +name: PR Merged Actions + +# Warning, this job is running on pull_request_target and therefore has access to issue content. +# Don't add any steps that act on external code. +on: + pull_request_target: + branches: [main] + types: [closed] + +permissions: + pull-requests: write + issues: write + +jobs: + pull-request-merged: + if: github.event.pull_request.merged + runs-on: ubuntu-latest + environment: botmobile + steps: + - name: App token generate + uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 + if: ${{ vars.BOT_CLIENT_ID }} + id: app-token + with: + app-id: ${{ vars.BOT_CLIENT_ID }} + private-key: ${{ secrets.BOT_PRIVATE_KEY }} + + - name: Get active milestone + id: milestone + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }} + run: | + # The furthest open milestone in the future should be current main + gh api repos/$GITHUB_REPOSITORY/milestones --jq ' + map(select(.state == "open" and .due_on != null)) + | sort_by(.due_on) | reverse + | .[0] | { number, title } + | to_entries + | map(.key + "=" + (.value|tostring)) | join("\n")' | tee -a $GITHUB_OUTPUT + + - name: Thank you + if: | + github.event.pull_request.author_association != 'OWNER' && + github.event.pull_request.author_association != 'MEMBER' && + github.event.pull_request.author_association != 'COLLABORATOR' && + github.event.pull_request.author_association != 'CONTRIBUTOR' + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }} + MILESTONE: ${{ steps.milestone.outputs.title }} + MESSAGE: >- + Thanks for your contribution! Your pull request has been merged and will be part of + ${{ steps.milestone.outputs.title }}. We appreciate the time and effort you put into + improving Thunderbird. If you haven’t already, you’re welcome to join our Matrix chat + for contributors. It’s where we discuss development and help each other out. + https://matrix.to/#/#tb-android-dev:mozilla.org + + Hope to see you there! 🚀📱🐦 + run: | + gh pr comment $PR_NUMBER --repo $GITHUB_REPOSITORY --body "$MESSAGE" + + - name: Set active milestone on PR + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }} + MILESTONE: ${{ steps.milestone.outputs.number }} + run: | + gh api --method PATCH /repos/$GITHUB_REPOSITORY/issues/$PR_NUMBER -f milestone=$MILESTONE diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index aac39686205c2a4af97f8848787f823b17219700..7df7561a8cd9844b85e7b9689a887018a6e63436 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 with: results_file: results.sarif results_format: sarif @@ -54,7 +54,7 @@ jobs: # Upload the results as artifacts. - name: "Upload artifact" - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: SARIF file path: results.sarif @@ -62,6 +62,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 with: sarif_file: results.sarif diff --git a/.github/workflows/shippable_builds.yml b/.github/workflows/shippable_builds.yml index 2302ce6235a9ca79acb748ee828ab04d66b8e4a3..8a1f3f68f9244a110097d04d886a886157ce1533 100644 --- a/.github/workflows/shippable_builds.yml +++ b/.github/workflows/shippable_builds.yml @@ -197,8 +197,6 @@ jobs: max-parallel: 1 matrix: include: "${{ fromJSON(needs.dump_config.outputs.matrixInclude) }}" - permissions: - contents: write outputs: k9mail_sha: ${{ steps.commit.outputs.k9mail_sha }} thunderbird_sha: ${{ steps.commit.outputs.thunderbird_sha }} @@ -207,25 +205,34 @@ jobs: old_version_code: ${{ steps.new_version_code.outputs.old_version_code }} new_version_code: ${{ steps.new_version_code.outputs.new_version_code }} steps: + - name: App Token Generate + uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 + if: ${{ vars.BOT_CLIENT_ID }} + id: app-token + with: + app-id: ${{ vars.BOT_CLIENT_ID }} + private-key: ${{ secrets.BOT_PRIVATE_KEY }} + - name: Checkout repository if: ${{ contains(matrix.releaseTarget, 'github') || needs.dump_config.outputs.releaseType == 'daily' }} uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 + token: ${{ steps.app-token.outputs.token || github.token }} - name: Copy CI gradle.properties if: ${{ contains(matrix.releaseTarget, 'github') || needs.dump_config.outputs.releaseType == 'daily' }} shell: bash run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties - - uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 if: ${{ contains(matrix.releaseTarget, 'github') || needs.dump_config.outputs.releaseType == 'daily' }} with: distribution: 'temurin' java-version: '17' - name: Setup Gradle - uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 + uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 if: ${{ contains(matrix.releaseTarget, 'github') || needs.dump_config.outputs.releaseType == 'daily' }} with: cache-disabled: "${{ contains(fromJSON('[\"beta\", \"release\"]'), needs.dump_config.outputs.releaseType) }}" @@ -246,7 +253,7 @@ jobs: RELEASE_TYPE=release fi - ./gradlew :app-${APP_NAME}:printVersionInfo -PbuildType=${RELEASE_TYPE} -PflavorName=${PACKAGE_FLAVOR} --configure-on-demand + ./gradlew :app-${APP_NAME}:printVersionInfo${PACKAGE_FLAVOR^}${RELEASE_TYPE^} -PoutputFile=${GITHUB_OUTPUT} - name: Determine new version code id: new_version_code @@ -369,9 +376,11 @@ jobs: APP_NAME: ${{ matrix.appName }} FULL_VERSION_NAME: ${{ steps.appinfo.outputs.VERSION_NAME }}${{ steps.bump_version_suffix.outputs.SUFFIX || steps.appinfo.outputs.VERSION_NAME_SUFFIX }} RELEASE_TYPE: ${{ vars.RELEASE_TYPE }} + APP_SLUG: ${{ steps.app-token.outputs.app-slug || 'github-actions'}} + APP_USER_ID: ${{ vars.BOT_USER_ID || '41898282' }} run: | - git config --global user.name "GitHub Actions Bot" - git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --global user.name "${APP_SLUG}" + git config --global user.email "${APP_USER_ID}+${APP_SLUG}[bot]@users.noreply.github.com" # We need the metadata to point to the right application for the release commit set -x @@ -386,17 +395,7 @@ jobs: if [[ "$APP_NAME" = "k9mail" ]]; then git add ./app-${APP_NAME}/src/main/res/raw/changelog_master.xml elif [[ "$APP_NAME" = "thunderbird" ]]; then - case "$RELEASE_TYPE" in - "daily") - git add ./app-${APP_NAME}/src/daily/res/raw/changelog_master.xml - ;; - "beta") - git add ./app-${APP_NAME}/src/beta/res/raw/changelog_master.xml - ;; - "release") - git add ./app-${APP_NAME}/src/release/res/raw/changelog_master.xml - ;; - esac + git add ./app-${APP_NAME}/src/${RELEASE_TYPE}/res/raw/changelog_master.xml fi git add ./app-${APP_NAME}/build.gradle.kts git add metadata @@ -475,13 +474,13 @@ jobs: shell: bash run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties - - uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: 'temurin' java-version: '17' - name: Setup Gradle - uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 + uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 with: cache-disabled: "${{ contains(fromJSON('[\"beta\", \"release\"]'), needs.dump_config.outputs.releaseType) }}" add-job-summary: on-failure @@ -564,7 +563,7 @@ jobs: ls -l ${UPLOAD_PATH}/ - name: Upload unsigned - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 env: UPLOAD_PATH: "uploads" with: @@ -584,7 +583,7 @@ jobs: env: RELEASE_TYPE: ${{ needs.dump_config.outputs.releaseType }} steps: - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: unsigned-${{ matrix.appName }}-${{ matrix.packageFormat }}-${{ matrix.packageFlavor }} path: uploads/ @@ -613,7 +612,7 @@ jobs: rm -f uploads/*.jks - name: Upload signed - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: signed-${{ matrix.appName }}-${{ matrix.packageFormat }}-${{ matrix.packageFlavor }} if-no-files-found: error @@ -705,7 +704,7 @@ jobs: ref: ${{ steps.shanotes.outputs.app_sha }} - name: Download Artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: signed-${{ matrix.appName }}-${{ matrix.packageFormat }}-${{ matrix.packageFlavor }} path: "uploads/" @@ -766,17 +765,17 @@ jobs: ls -l uploads/${PKG_FILE_PRETTY} - name: App Token Generate - uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # v1.11.5 - if: ${{ contains(matrix.releaseTarget, 'github') && vars.RELEASER_APP_CLIENT_ID }} + uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 + if: ${{ contains(matrix.releaseTarget, 'github') && vars.BOT_CLIENT_ID }} id: app-token with: - app-id: ${{ vars.RELEASER_APP_CLIENT_ID }} - private-key: ${{ secrets.RELEASER_APP_PRIVATE_KEY }} + app-id: ${{ vars.BOT_CLIENT_ID }} + private-key: ${{ secrets.BOT_PRIVATE_KEY }} - name: Publish to GitHub Releases id: publish_gh if: ${{ contains(matrix.releaseTarget, 'github') }} - uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1 + uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2 with: token: ${{ steps.app-token.outputs.token || github.token }} target_commitish: ${{ steps.shanotes.outputs.app_sha }} @@ -914,7 +913,7 @@ jobs: - name: Auth to GCS for FTP if: ${{ !inputs.skipFtp && contains(matrix.releaseTarget, 'ftp') && matrix.packageFormat == 'apk' }} - uses: google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8 + uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10 with: service_account: ${{ steps.prepare_ftp.outputs.SERVICE_ACCOUNT }} workload_identity_provider: ${{ steps.prepare_ftp.outputs.WORKLOAD_IDENTITY_PROVIDER }} diff --git a/.github/workflows/uplift-merges.yml b/.github/workflows/uplift-merges.yml index 986e88c20be5b23d06b55077658c548cac836e7d..df981084cf5c8696a0676eff07753913160630bc 100644 --- a/.github/workflows/uplift-merges.yml +++ b/.github/workflows/uplift-merges.yml @@ -15,24 +15,36 @@ jobs: uplift: name: Uplift runs-on: ubuntu-latest + environment: botmobile permissions: pull-requests: write - contents: write steps: + - name: App token generate + uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 + if: ${{ !inputs.dryRun && vars.BOT_CLIENT_ID }} + id: app-token + with: + app-id: ${{ vars.BOT_CLIENT_ID }} + private-key: ${{ secrets.BOT_PRIVATE_KEY }} + - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 + token: ${{ steps.app-token.outputs.token || github.token }} - name: Configure for push if: ${{ !inputs.dryRun }} + env: + APP_SLUG: ${{ steps.app-token.outputs.app-slug || 'github-actions'}} + APP_USER_ID: ${{ vars.BOT_USER_ID || '41898282' }} run: | - git config --global user.name "GitHub Actions Bot" - git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --global user.name "${APP_SLUG}" + git config --global user.email "${APP_USER_ID}+${APP_SLUG}[bot]@users.noreply.github.com" - name: Run uplift script env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }} DRYRUN: ${{ !inputs.dryRun && '--no-dry-run' || '' }} BRANCH: ${{ github.ref_name }} PUSH: ${{ !inputs.dryRun && '--push' || '' }} diff --git a/.github/workflows/validate-gradle.yml b/.github/workflows/validate-gradle.yml index 1538d6bfcfa5dce4c01fb55aa1c0c4d8088dc815..536d40fb837d96a7f773ef5c7f29bebd42e9c92e 100644 --- a/.github/workflows/validate-gradle.yml +++ b/.github/workflows/validate-gradle.yml @@ -1,7 +1,6 @@ name: "Validate Gradle Wrapper" on: - push: pull_request: permissions: @@ -13,4 +12,4 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: gradle/actions/wrapper-validation@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 + - uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 diff --git a/.github/workflows/validate-workflows.yml b/.github/workflows/validate-workflows.yml index c9d327d6978b4e29833315980b421f3cbd46b50e..8c6dee3be57befd3eb7dc69f9baac6136e158f1c 100644 --- a/.github/workflows/validate-workflows.yml +++ b/.github/workflows/validate-workflows.yml @@ -1,7 +1,6 @@ name: "Validate Workflows" on: - push: pull_request: workflow_dispatch: inputs: diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml index 7f630e90f77415bea7b1e28d8a36c98a38acee12..d1084871bb2d2d227b1894caaf575581c8b9e7cd 100644 --- a/.idea/codeStyles/Project.xml +++ b/.idea/codeStyles/Project.xml @@ -28,6 +28,7 @@