From 4849681b56a162fac150f608a7e28bcaa786df2f Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Fri, 9 Feb 2024 23:21:34 +0100 Subject: [PATCH 01/15] Add CodeQL job --- .github/workflows/codeql.yml | 50 ++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..5492de7eb --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,50 @@ +name: 'CodeQL' + +on: + push: + branches: [main] + pull_request: + # The branches below must be a subset of the branches above + branches: [main] + schedule: + - cron: '17 23 * * 3' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + + - name: Setup Java Version + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '17' + + - name: Setup Gradle + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa # pin@v2 + + - name: Initialize CodeQL + uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # pin@v2 + with: + languages: 'java' + + - name: Build Gradle Plugin + run: | + cd plugin-build + ./gradlew testClasses + + - name: Build Compiler Plugin + run: | + cd plugin-build + ./gradlew testClasses + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # pin@v2 From 2540848e594cd4f27d46f95dc564865c62726aba Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Fri, 9 Feb 2024 23:22:19 +0100 Subject: [PATCH 02/15] Change dir --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5492de7eb..b199d238c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -43,7 +43,7 @@ jobs: - name: Build Compiler Plugin run: | - cd plugin-build + cd sentry-kotlin-compiler-plugin ./gradlew testClasses - name: Perform CodeQL Analysis From c94c9583e3a1fa7727108450c7098cc3166f0730 Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Fri, 9 Feb 2024 23:49:53 +0100 Subject: [PATCH 03/15] Only run for plugin-build --- .github/workflows/codeql.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b199d238c..a1dec5ba6 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,10 +41,5 @@ jobs: cd plugin-build ./gradlew testClasses - - name: Build Compiler Plugin - run: | - cd sentry-kotlin-compiler-plugin - ./gradlew testClasses - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # pin@v2 From 58bed86e8c68605d7b4cf14e6f2463ceca5eb62e Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Wed, 26 Feb 2025 10:08:23 +0100 Subject: [PATCH 04/15] Bump actions and use macos runner --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a1dec5ba6..f4a5dfedc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,7 +16,7 @@ concurrency: jobs: analyze: name: Analyze - runs-on: ubuntu-latest + runs-on: macos-15 steps: - name: Checkout Repo @@ -29,10 +29,10 @@ jobs: java-version: '17' - name: Setup Gradle - uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa # pin@v2 + uses: gradle/gradle-build-action@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 - name: Initialize CodeQL - uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # pin@v2 + uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 with: languages: 'java' From 228b7090aacee0201cf227b3a9d56b42a2f993f6 Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Wed, 26 Feb 2025 10:19:03 +0100 Subject: [PATCH 05/15] Update to gradle-build action v4 --- .github/workflows/build.yml | 2 +- .github/workflows/codeql.yml | 4 +-- .../workflows/gradle-wrapper-validation.yml | 17 ----------- .../integration-tests-sentry-cli.yml | 2 +- .github/workflows/pre-merge.yaml | 2 +- .github/workflows/test-matrix-agp-gradle.yaml | 30 +++++-------------- .github/workflows/test-publish.yaml | 2 +- 7 files changed, 13 insertions(+), 46 deletions(-) delete mode 100644 .github/workflows/gradle-wrapper-validation.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 55979ec05..c75febeff 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@v3 - name: Setup Gradle - uses: gradle/gradle-build-action@7e48093f71aa12588241894ff3695e83c4b5e4b0 # pin@v2.4.2 + uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 - name: Set up Java uses: actions/setup-java@v3 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f4a5dfedc..fec067dac 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,7 +29,7 @@ jobs: java-version: '17' - name: Setup Gradle - uses: gradle/gradle-build-action@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 + uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 - name: Initialize CodeQL uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 @@ -42,4 +42,4 @@ jobs: ./gradlew testClasses - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # pin@v2 + uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml deleted file mode 100644 index 2b0767b98..000000000 --- a/.github/workflows/gradle-wrapper-validation.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: Validate Gradle Wrapper -on: - push: - branches: - - main - - release/** - pull_request: - -jobs: - validation: - name: Validation - runs-on: ubuntu-latest - steps: - - name: Checkout latest code - uses: actions/checkout@v3 - - name: Validate Gradle Wrapper - uses: gradle/wrapper-validation-action@v1 diff --git a/.github/workflows/integration-tests-sentry-cli.yml b/.github/workflows/integration-tests-sentry-cli.yml index f8c6fcae4..6e15e0aa6 100644 --- a/.github/workflows/integration-tests-sentry-cli.yml +++ b/.github/workflows/integration-tests-sentry-cli.yml @@ -22,7 +22,7 @@ jobs: python-version: '3.10.5' - name: Setup Gradle - uses: gradle/gradle-build-action@7e48093f71aa12588241894ff3695e83c4b5e4b0 # pin@v2.4.2 + uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 - name: Set up Java uses: actions/setup-java@v3 diff --git a/.github/workflows/pre-merge.yaml b/.github/workflows/pre-merge.yaml index 0bf82ef48..c47f1ed65 100644 --- a/.github/workflows/pre-merge.yaml +++ b/.github/workflows/pre-merge.yaml @@ -31,7 +31,7 @@ jobs: java-version: '17' - name: Setup Gradle - uses: gradle/gradle-build-action@7e48093f71aa12588241894ff3695e83c4b5e4b0 # pin@v2.4.2 + uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 - name: Run Gradle tasks if: runner.os != 'Windows' diff --git a/.github/workflows/test-matrix-agp-gradle.yaml b/.github/workflows/test-matrix-agp-gradle.yaml index 69bd96e38..21f5fdeeb 100644 --- a/.github/workflows/test-matrix-agp-gradle.yaml +++ b/.github/workflows/test-matrix-agp-gradle.yaml @@ -60,20 +60,14 @@ jobs: distribution: 'temurin' java-version: ${{ matrix.java }} -# - name: Run ./gradlew (Fixes Gradle < 7.4) -# continue-on-error: true -# uses: gradle/gradle-build-action@7e48093f71aa12588241894ff3695e83c4b5e4b0 # pin@v2.4.2 -# with: -# cache-read-only: ${{ github.ref != 'refs/heads/main' }} -# gradle-version: ${{ matrix.gradle }} -# arguments: tasks - - - name: Build the Release variant - uses: gradle/gradle-build-action@7e48093f71aa12588241894ff3695e83c4b5e4b0 # pin@v2.4.2 + - name: Setup Gradle + uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 with: cache-read-only: ${{ github.ref != 'refs/heads/main' }} gradle-version: ${{ matrix.gradle }} - arguments: assembleRelease + + - name: Build the Release variant + run: ./gradlew assembleRelease - name: Check sentry-debug-meta.properties inside APKs run: | @@ -85,11 +79,7 @@ jobs: rm -r output - name: Build the Release Bundle variant - uses: gradle/gradle-build-action@7e48093f71aa12588241894ff3695e83c4b5e4b0 # pin@v2.4.2 - with: - cache-read-only: ${{ github.ref != 'refs/heads/main' }} - gradle-version: ${{ matrix.gradle }} - arguments: bundleRelease + run: ./gradlew bundleRelease - name: Check sentry-debug-meta.properties inside App Bundle run: | @@ -101,13 +91,7 @@ jobs: rm -r output - name: Run Integration Tests - uses: gradle/gradle-build-action@7e48093f71aa12588241894ff3695e83c4b5e4b0 # pin@v2.4.2 - with: - cache-read-only: ${{ github.ref != 'refs/heads/main' }} - gradle-version: ${{ matrix.gradle }} - gradle-home-cache-includes: | - **/.gradle-test-kit/caches - arguments: integrationTest + run: ./gradlew integrationTest - name: Upload Test Results uses: actions/upload-artifact@v3 diff --git a/.github/workflows/test-publish.yaml b/.github/workflows/test-publish.yaml index 4fd9a8e85..68f0b8f55 100644 --- a/.github/workflows/test-publish.yaml +++ b/.github/workflows/test-publish.yaml @@ -23,7 +23,7 @@ jobs: uses: actions/checkout@v3 - name: Setup Gradle - uses: gradle/gradle-build-action@7e48093f71aa12588241894ff3695e83c4b5e4b0 # pin@v2.4.2 + uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 - name: Build the Release variant run: ./gradlew assembleRelease | tee gradle.log From b3ba81d3dda76411fb4b6fdbdbfa1482560f567e Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Wed, 26 Feb 2025 10:19:41 +0100 Subject: [PATCH 06/15] pinv3 -> pinv4 --- .github/workflows/build.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/integration-tests-sentry-cli.yml | 2 +- .github/workflows/pre-merge.yaml | 2 +- .github/workflows/test-matrix-agp-gradle.yaml | 2 +- .github/workflows/test-publish.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c75febeff..0b8a421cc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@v3 - name: Setup Gradle - uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 + uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v4 - name: Set up Java uses: actions/setup-java@v3 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fec067dac..1d8ced010 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,7 +29,7 @@ jobs: java-version: '17' - name: Setup Gradle - uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 + uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v4 - name: Initialize CodeQL uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 diff --git a/.github/workflows/integration-tests-sentry-cli.yml b/.github/workflows/integration-tests-sentry-cli.yml index 6e15e0aa6..defbc1642 100644 --- a/.github/workflows/integration-tests-sentry-cli.yml +++ b/.github/workflows/integration-tests-sentry-cli.yml @@ -22,7 +22,7 @@ jobs: python-version: '3.10.5' - name: Setup Gradle - uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 + uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v4 - name: Set up Java uses: actions/setup-java@v3 diff --git a/.github/workflows/pre-merge.yaml b/.github/workflows/pre-merge.yaml index c47f1ed65..0b7fafb94 100644 --- a/.github/workflows/pre-merge.yaml +++ b/.github/workflows/pre-merge.yaml @@ -31,7 +31,7 @@ jobs: java-version: '17' - name: Setup Gradle - uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 + uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v4 - name: Run Gradle tasks if: runner.os != 'Windows' diff --git a/.github/workflows/test-matrix-agp-gradle.yaml b/.github/workflows/test-matrix-agp-gradle.yaml index 21f5fdeeb..61d0cf1bc 100644 --- a/.github/workflows/test-matrix-agp-gradle.yaml +++ b/.github/workflows/test-matrix-agp-gradle.yaml @@ -61,7 +61,7 @@ jobs: java-version: ${{ matrix.java }} - name: Setup Gradle - uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 + uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v4 with: cache-read-only: ${{ github.ref != 'refs/heads/main' }} gradle-version: ${{ matrix.gradle }} diff --git a/.github/workflows/test-publish.yaml b/.github/workflows/test-publish.yaml index 68f0b8f55..b30de6369 100644 --- a/.github/workflows/test-publish.yaml +++ b/.github/workflows/test-publish.yaml @@ -23,7 +23,7 @@ jobs: uses: actions/checkout@v3 - name: Setup Gradle - uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v3 + uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v4 - name: Build the Release variant run: ./gradlew assembleRelease | tee gradle.log From 59d9a60073c1e80463de614ac65671bc45f720c3 Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Wed, 26 Feb 2025 12:43:02 +0100 Subject: [PATCH 07/15] do not use gradlew for matrix job --- .github/workflows/test-matrix-agp-gradle.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-matrix-agp-gradle.yaml b/.github/workflows/test-matrix-agp-gradle.yaml index 61d0cf1bc..b5da1730e 100644 --- a/.github/workflows/test-matrix-agp-gradle.yaml +++ b/.github/workflows/test-matrix-agp-gradle.yaml @@ -67,7 +67,7 @@ jobs: gradle-version: ${{ matrix.gradle }} - name: Build the Release variant - run: ./gradlew assembleRelease + run: gradle assembleRelease - name: Check sentry-debug-meta.properties inside APKs run: | @@ -79,7 +79,7 @@ jobs: rm -r output - name: Build the Release Bundle variant - run: ./gradlew bundleRelease + run: gradle bundleRelease - name: Check sentry-debug-meta.properties inside App Bundle run: | @@ -91,7 +91,7 @@ jobs: rm -r output - name: Run Integration Tests - run: ./gradlew integrationTest + run: gradle integrationTest - name: Upload Test Results uses: actions/upload-artifact@v3 From 32dc07c9b563e54d35a382585523e53779634229 Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Wed, 26 Feb 2025 13:21:47 +0100 Subject: [PATCH 08/15] Specify manual build mode for codeql --- .github/workflows/codeql.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1d8ced010..e18ea262c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,7 +34,8 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 with: - languages: 'java' + languages: 'java-kotlin' + build-mode: manual - name: Build Gradle Plugin run: | From 393c959759ce5894145519be7dd0a9771991eb71 Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Thu, 27 Feb 2025 11:00:07 +0100 Subject: [PATCH 09/15] codeql config --- .github/codeql/codeql-config.yml | 4 ++++ .github/workflows/codeql.yml | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 .github/codeql/codeql-config.yml diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml new file mode 100644 index 000000000..f85a913bd --- /dev/null +++ b/.github/codeql/codeql-config.yml @@ -0,0 +1,4 @@ +name: 'CodeQL Config File' + +paths: + - plugin-build diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e18ea262c..9e25bb1c5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,13 +34,14 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 with: + config-file: ./.github/codeql/codeql-config.yml languages: 'java-kotlin' build-mode: manual - name: Build Gradle Plugin run: | cd plugin-build - ./gradlew testClasses + ./gradlew testClasses --no-daemon --no-build-cache - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 From 5229aff9995211ac9ea2b413b5e470708973442c Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Thu, 27 Feb 2025 13:33:11 +0100 Subject: [PATCH 10/15] source root change --- .github/workflows/codeql.yml | 5 ++--- build.gradle.kts | 7 +++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9e25bb1c5..e0e4ec9cc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,14 +34,13 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 with: - config-file: ./.github/codeql/codeql-config.yml + source-root: ${{ github.workspace }}/plugin-build languages: 'java-kotlin' build-mode: manual - name: Build Gradle Plugin run: | - cd plugin-build - ./gradlew testClasses --no-daemon --no-build-cache + ./gradlew buildForCodeQL --no-daemon --no-build-cache - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 diff --git a/build.gradle.kts b/build.gradle.kts index 449c421dc..cfda2bf43 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -65,3 +65,10 @@ tasks.getByName("ktlintFormat") { tasks.getByName("ktlintCheck") { dependsOn(gradle.includedBuild("plugin-build").task(":ktlintCheck")) } + +tasks.register("buildForCodeQL") { + group = "verification" + description = "Builds the project for CodeQL analysis" + + dependsOn(gradle.includedBuild("plugin-build").task(":testClasses")) +} From 475e5117d53d584972fbd018687d783d55962653 Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Thu, 27 Feb 2025 13:43:55 +0100 Subject: [PATCH 11/15] wip --- .github/workflows/codeql.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e0e4ec9cc..275cd8f81 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,7 +36,6 @@ jobs: with: source-root: ${{ github.workspace }}/plugin-build languages: 'java-kotlin' - build-mode: manual - name: Build Gradle Plugin run: | From 6c53b5ee00bff8327bd81ed106a89d9c02113d87 Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Thu, 27 Feb 2025 14:36:25 +0100 Subject: [PATCH 12/15] remove build --- .github/workflows/codeql.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 275cd8f81..36be7622d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,9 +37,5 @@ jobs: source-root: ${{ github.workspace }}/plugin-build languages: 'java-kotlin' - - name: Build Gradle Plugin - run: | - ./gradlew buildForCodeQL --no-daemon --no-build-cache - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 From c2e403693481792dc6f4ab7bc8e41a92cda9cdf1 Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Thu, 27 Feb 2025 14:58:14 +0100 Subject: [PATCH 13/15] wip --- .github/workflows/codeql.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 36be7622d..8b8206896 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,6 +36,13 @@ jobs: with: source-root: ${{ github.workspace }}/plugin-build languages: 'java-kotlin' + build-mode: manual + + - name: Build Gradle Plugin + run: | + ./gradlew buildForCodeQL --no-daemon --no-build-cache - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 + with: + checkout_path: ${{ github.workspace }}/plugin-build From 2c2a365574e0c3933ba97364c499b7f7713b4117 Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Thu, 27 Feb 2025 15:10:56 +0100 Subject: [PATCH 14/15] Cleanup --- .github/codeql/codeql-config.yml | 4 --- .github/workflows/codeql.yml | 48 -------------------------------- build.gradle.kts | 7 ----- 3 files changed, 59 deletions(-) delete mode 100644 .github/codeql/codeql-config.yml delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml deleted file mode 100644 index f85a913bd..000000000 --- a/.github/codeql/codeql-config.yml +++ /dev/null @@ -1,4 +0,0 @@ -name: 'CodeQL Config File' - -paths: - - plugin-build diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 8b8206896..000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: 'CodeQL' - -on: - push: - branches: [main] - pull_request: - # The branches below must be a subset of the branches above - branches: [main] - schedule: - - cron: '17 23 * * 3' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - analyze: - name: Analyze - runs-on: macos-15 - - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - - name: Setup Java Version - uses: actions/setup-java@v4 - with: - distribution: 'temurin' - java-version: '17' - - - name: Setup Gradle - uses: gradle/actions/setup-gradle@aa23778d2dc6f6556fcc7164e99babbd8c3134e4 # pin@v4 - - - name: Initialize CodeQL - uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 - with: - source-root: ${{ github.workspace }}/plugin-build - languages: 'java-kotlin' - build-mode: manual - - - name: Build Gradle Plugin - run: | - ./gradlew buildForCodeQL --no-daemon --no-build-cache - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # pin@v2 - with: - checkout_path: ${{ github.workspace }}/plugin-build diff --git a/build.gradle.kts b/build.gradle.kts index cfda2bf43..449c421dc 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -65,10 +65,3 @@ tasks.getByName("ktlintFormat") { tasks.getByName("ktlintCheck") { dependsOn(gradle.includedBuild("plugin-build").task(":ktlintCheck")) } - -tasks.register("buildForCodeQL") { - group = "verification" - description = "Builds the project for CodeQL analysis" - - dependsOn(gradle.includedBuild("plugin-build").task(":testClasses")) -} From 1bd4770f99c08de390d62f88ba03cb5b8627807b Mon Sep 17 00:00:00 2001 From: Roman Zavarnitsyn Date: Thu, 27 Feb 2025 15:12:22 +0100 Subject: [PATCH 15/15] Changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 06361364c..7be4b8108 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,10 @@ - Proguard UUID task now depends on the proguard mapping file. I.e. it will only run if the mapping file has changed - Source context tasks now depend on source file changes, if there are no source changes, the tasks won't run +### Internal + +- Switch to a newer `setup-gradle` github action ([#654](https://github.com/getsentry/sentry-android-gradle-plugin/pull/654)) + ### Dependencies - Bump CLI from v2.25.0 to v2.28.0 ([#638](https://github.com/getsentry/sentry-android-gradle-plugin/pull/638), [#640](https://github.com/getsentry/sentry-android-gradle-plugin/pull/640), [#642](https://github.com/getsentry/sentry-android-gradle-plugin/pull/642), [#647](https://github.com/getsentry/sentry-android-gradle-plugin/pull/647), [#652](https://github.com/getsentry/sentry-android-gradle-plugin/pull/652))