1- name : Android CI
1+ name : Android CI Build
22
3- on : [push, pull_request, pull_request_target, workflow_dispatch]
3+ on : [push, pull_request, workflow_dispatch]
44
55permissions :
66 contents : write
7- pull-requests : write
8- issues : write
9- actions : write
10- checks : write
11- discussions : write
12- packages : write
13- repository-projects : write
14- security-events : write
15- statuses : write
7+ actions : write
168
179concurrency :
1810 group : build-${{ github.event.pull_request.number || github.ref }}
2517 steps :
2618 - name : Checkout code
2719 uses : actions/checkout@v3
28- with :
29- # Use base_ref for pull_request_target to avoid untrusted fork code
30- ref : ${{ github.event_name == 'pull_request_target' && github.base_ref || github.ref }}
3120
3221 - name : Set up JDK
3322 uses : actions/setup-java@v3
@@ -46,14 +35,13 @@ jobs:
4635 restore-keys : gradle-packages-${{ runner.os }}
4736
4837 - name : Access test login credentials
49- # Skip secrets for pull_request_target to avoid exposing them to fork code
50- if : github.event_name != 'pull_request_target'
38+ if : github.event_name != 'pull_request' || github.repository == github.event.pull_request.head.repo.full_name
5139 run : |
5240 echo "TEST_USER_NAME=${{ secrets.TEST_USER_NAME }}" >> local.properties
5341 echo "TEST_USER_PASSWORD=${{ secrets.TEST_USER_PASSWORD }}" >> local.properties
5442
5543name : AVD cache
56- if : github.event_name != 'pull_request' && github.event_name != 'pull_request_target'
44+ if : github.event_name != 'pull_request'
5745 uses : actions/cache@v3
5846 id : avd-cache
5947 with :
6351key : avd-tablet-api-24
6452
6553 - name : Create AVD and generate snapshot for caching
66- if : steps.avd-cache.outputs.cache-hit != 'true' && github.event_name != 'pull_request' && github.event_name != 'pull_request_target'
54+ if : steps.avd-cache.outputs.cache-hit != 'true' && github.event_name != 'pull_request'
6755 uses : reactivecircus/android-emulator-runner@v2
6856 with :
6957 api-level : 24
7361 script : echo "Generated AVD snapshot for caching."
7462
7563 - name : Run Instrumentation tests
76- if : github.event_name != 'pull_request' && github.event_name != 'pull_request_target'
64+ if : github.event_name != 'pull_request'
7765 uses : reactivecircus/android-emulator-runner@v2
7866 with :
7967 api-level : 24
@@ -88,15 +76,15 @@ jobs:
8876 ./gradlew connectedBetaDebugAndroidTest --stacktrace
8977
9078name : Run Unit tests with unified coverage
91- if : github.event_name != 'pull_request' && github.event_name != 'pull_request_target'
79+ if : github.event_name != 'pull_request'
9280 run : ./gradlew -Pcoverage testBetaDebugUnitTestUnifiedCoverage --stacktrace
9381
9482 - name : Run Unit tests without unified coverage
95- if : github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
83+ if : github.event_name == 'pull_request'
9684 run : ./gradlew -Pcoverage testBetaDebugUnitTestCoverage --stacktrace
9785
9886 - name : Upload Test Report to Codecov
99- if : github.event_name != 'pull_request' && github.event_name != 'pull_request_target'
87+ if : github.event_name != 'pull_request'
10088 run : |
10189 curl -Os https://uploader.codecov.io/latest/linux/codecov
10290 chmod +x codecov
@@ -120,57 +108,13 @@ jobs:
120108 name : prodDebugAPK
121109 path : app/build/outputs/apk/prod/debug/app-*.apk
122110
123- - name : Comment on PR with APK download links
124- if : github.event_name == 'pull_request_target' # Only run for pull_request_target to ensure write permissions
125- env :
126- GH_TOKEN : ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN has write permissions in pull_request_target
127- uses : actions/github-script@v6
111+ - name : Store Workflow Run ID
112+ if : github.event_name == 'pull_request'
113+ run : echo "${{ github.run_id }}" > run_id.txt
114+
115+ - name : Upload Run ID as Artifact
116+ if : github.event_name == 'pull_request'
117+ uses : actions/upload-artifact@v4
128118 with :
129- script : |
130- try {
131- const token = process.env.GH_TOKEN;
132- if (!token) {
133- throw new Error('GITHUB_TOKEN is not set.');
134- }
135-
136- const { data: { artifacts } } = await github.rest.actions.listWorkflowRunArtifacts({
137- owner: context.repo.owner,
138- repo: context.repo.repo,
139- run_id: context.runId
140- });
141-
142- if (!artifacts || artifacts.length === 0) {
143- console.log('No artifacts found for this workflow run.');
144- return;
145- }
146-
147- const betaArtifact = artifacts.find(artifact => artifact.name === "betaDebugAPK");
148- const prodArtifact = artifacts.find(artifact => artifact.name === "prodDebugAPK");
149-
150- if (!betaArtifact || !prodArtifact) {
151- console.log('Could not find both Beta and Prod APK artifacts.');
152- console.log('Available artifacts:', artifacts.map(a => a.name).join(', '));
153- return;
154- }
155-
156- const betaDownloadUrl = `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/suites/${context.runId}/artifacts/${betaArtifact.id}`;
157- const prodDownloadUrl = `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/suites/${context.runId}/artifacts/${prodArtifact.id}`;
158-
159- const commentBody = `
160- 📱 **APK for pull request is ready to see the changes** 📱
161- - [Download Beta APK](${betaDownloadUrl})
162- - [Download Prod APK](${prodDownloadUrl})
163- `;
164-
165- await github.rest.issues.createComment({
166- issue_number: context.issue.number,
167- owner: context.repo.owner,
168- repo: context.repo.repo,
169- body: commentBody
170- });
171-
172- console.log('Successfully posted comment with APK download links');
173- } catch (error) {
174- console.error('Error in PR comment creation:', error);
175- core.setFailed(`Workflow failed: ${error.message}`);
176- }
119+ name : run-id
120+ path : run_id.txt
0 commit comments