chore: add SDK-managed one-shot location (requestLocationUpdateOnce)

[Shahroz16]

Summary

• Add internal FusedLocationProvider wrapping Google's FusedLocationProviderClient with cancellation support
• Add internal LocationOrchestrator to coordinate config/permission checks and EventBus posting
• Wire requestLocationUpdateOnce and stopLocationUpdates in LocationServicesImpl with coroutine job management
• Wire ModuleLocation.initialize() to create provider → orchestrator → services chain
• Declare ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION permissions in the module manifest

The SDK does not request permissions — the host app is responsible for runtime permission requests. requestLocationUpdateOnce checks permission status, fetches a single location
via FusedLocationProviderClient.getCurrentLocation, and publishes the result through EventBus. Only one request is active at a time; calling again cancels the previous one.

---

Note

Medium Risk
Introduces new runtime location access via Google Play Services and adds a new coroutine scope surface (locationScope), which could affect threading/lifecycle behavior and permission expectations if misused.

Overview
Adds SDK-managed one-shot location capture to the Location module: LocationServices.requestLocationUpdate() now triggers a coroutine-driven request via a new LocationOrchestrator and FusedLocationProvider wrapper (with permission/config checks and cancellation), then publishes TrackLocationEvent to the EventBus.

Extends core ScopeProvider with a dedicated locationScope and wires it through ModuleLocation.initialize(), adds ACCESS_COARSE_LOCATION to the module manifest, updates tests for concurrency timing robustness, and adds unit tests for coordinate validation.

^{Written by Cursor Bugbot for commit e8f0aae. This will update automatically on new commits. Configure here.}

[github-actions]

Sample app builds 📱

Below you will find the list of the latest versions of the sample apps. It's recommended to always download the latest builds of the sample apps to accurately test the pull request.

---

[codecov]

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (feat/real-time-location@79bb2c3). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
.../kotlin/io/customer/sdk/core/util/ScopeProvider.kt	0.00%	1 Missing ⚠️

Additional details and impacted files

@@                    Coverage Diff                     @@
##             feat/real-time-location     #657   +/-   ##
==========================================================
  Coverage                           ?   68.26%           
  Complexity                         ?      760           
==========================================================
  Files                              ?      142           
  Lines                              ?     4323           
  Branches                           ?      582           
==========================================================
  Hits                               ?     2951           
  Misses                             ?     1149           
  Partials                           ?      223           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

📏 SDK Binary Size Comparison Report

Module	Last Recorded Size	Current Size	Change in Size
core	30.63 KB	30.39 KB	⬇️ -0.24KB
datapipelines	39.17 KB	39.17 KB	✅ No Change
messagingpush	30.25 KB	30.25 KB	✅ No Change
messaginginapp	106.69 KB	106.69 KB	✅ No Change
tracking-migration	22.89 KB	22.89 KB	✅ No Change

[github-actions]

• java_layout: feat/location-one-shot (1771242827)

[github-actions]

• kotlin_compose: feat/location-one-shot (1771242827)

[github-actions]

Build available to test
Version: feat-location-one-shot-SNAPSHOT
Repository: https://central.sonatype.com/repository/maven-snapshots/

[github-actions]

• java_layout: feat/location-one-shot (1771247037)

[github-actions]

• kotlin_compose: feat/location-one-shot (1771247036)

[github-actions]

• java_layout: feat/location-one-shot (1771260112)

[cursor]

All fused location failures misclassified as timeout errors

Low Severity

The addOnFailureListener wraps every failure from getCurrentLocation as LocationProviderError.TIMEOUT, regardless of the actual cause (e.g., Play Services unavailable, ApiException, SecurityException). This misclassifies errors and makes it harder to diagnose issues from debug logs, since the logged error field will always say TIMEOUT even for unrelated failures.

 

[github-actions]

• kotlin_compose: feat/location-one-shot (1771260107)

[github-actions]

• java_layout: feat/location-one-shot (1771265962)

[github-actions]

• kotlin_compose: feat/location-one-shot (1771265950)

[github-actions]

• java_layout: feat/location-one-shot (1771267811)

[github-actions]

• kotlin_compose: feat/location-one-shot (1771267807)

[github-actions]

• java_layout: feat/location-one-shot (1771322670)

[github-actions]

• kotlin_compose: feat/location-one-shot (1771322650)

[github-actions]

• kotlin_compose: feat/location-one-shot (1771324226)

[github-actions]

• java_layout: feat/location-one-shot (1771324221)

[github-actions]

• java_layout: feat/location-one-shot (1771325684)

[github-actions]

• kotlin_compose: feat/location-one-shot (1771325683)

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

[cursor]

Redundant authorization check in orchestrator and provider

Low Severity

LocationOrchestrator.requestLocationUpdate() calls locationProvider.currentAuthorizationStatus() to check permissions, then immediately calls locationProvider.requestLocation(), which internally calls currentAuthorizationStatus() again. Every one-shot location request performs the same permission check twice. This duplicated logic increases maintenance burden — if the authorization check evolves, it needs consistent updates in both places.

Additional Locations (1)

• location/src/main/kotlin/io/customer/location/provider/FusedLocationProvider.kt#L36-L40

 

[github-actions]

• java_layout: feat/location-one-shot (1771327058)

[github-actions]

• kotlin_compose: feat/location-one-shot (1771327058)

[github-actions]

• java_layout: feat/location-one-shot (1771328929)

[github-actions]

• kotlin_compose: feat/location-one-shot (1771328941)

[mrehan27]

Some of this could be utilized as SDKComponent extension instead?

[Shahroz16]

These are the same SDKComponent accessors used by other modules (MessagingInApp, PushFCM). We could create an extension or helper, but that would be a cross-module refactor. We can look into it in later PRs

[mrehan27]

Shouldn't we use ScopeProvider so it is easier to test?

[mrehan27]

Will this have any impact on customers' apps? Or was this added because only customers who want to use the location feature will include this module and should already be fine with the permission?

[Shahroz16]

it will only be added for the users who adds the module

[github-actions]

• kotlin_compose: feat/location-one-shot (1771420742)

[github-actions]

• java_layout: feat/location-one-shot (1771420854)

[github-actions]

• java_layout: feat/location-one-shot (1771423011)

[github-actions]

• kotlin_compose: feat/location-one-shot (1771423002)

[github-actions]

• java_layout: feat/location-one-shot (1771423648)

[github-actions]

• kotlin_compose: feat/location-one-shot (1771423636)

[github-actions]

• java_layout: feat/location-one-shot (1771425641)

[github-actions]

• kotlin_compose: feat/location-one-shot (1771425596)