Sync with microG unofficial installer

Author: ale5000-git

.github/workflows/auto-nightly.yml

@@ -51,7 +51,7 @@ jobs:
       - name: "Attest build provenance"
         id: "attest"
         uses: actions/attest-build-provenance@v2
-        if: "${{ vars.NIGHTLY_ATTESTATION == 'true' && github.run_attempt == '1' && steps.build.outputs.ZIP_BUILD_TYPE_SUPPORTED == 'true' }}"
+        if: "${{ vars.NIGHTLY_ATTESTATION == 'true' && github.run_attempt == '1' && steps.build.outputs.ZIP_IS_ALPHA == 'true' && steps.build.outputs.ZIP_BUILD_TYPE_SUPPORTED == 'true' }}"
         with:
           subject-path: "${{ steps.build.outputs.ZIP_FOLDER }}/*.zip"
           show-summary: false

.github/workflows/code-linting-2.yml

@@ -11,27 +11,46 @@ on:
   schedule:
     # At 05:00 AM, every 365 days, only in January (UTC)
     - cron: "0 5 */365 1 *"
+
 jobs:
+  verify-tokens:
+    name: "Verify tokens"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    if: "${{ github.event_name == 'push' }}"
+    outputs:
+      codacy-token-set: "${{ steps.check-tokens.outputs.CODACY_TOKEN_SET }}"
+      sonar-token-set: "${{ steps.check-tokens.outputs.SONAR_TOKEN_SET }}"
+    steps:
+      - name: "Verify tokens"
+        id: check-tokens
+        run: |
+          # Verifying tokens...
+          # Codacy
+          if test -n '${{ secrets.CODACY_PROJECT_TOKEN }}'; then token_set='true'; else token_set='false'; fi
+          printf 'CODACY_TOKEN_SET=%s\n' "${token_set:?}" 1>> "${GITHUB_OUTPUT?}"
+          # SonarQube
+          if test -n '${{ secrets.SONAR_TOKEN }}'; then token_set='true'; else token_set='false'; fi
+          printf 'SONAR_TOKEN_SET=%s\n' "${token_set:?}" 1>> "${GITHUB_OUTPUT?}"
+
   codacy:
     name: "Codacy"
+    needs: [verify-tokens]
     runs-on: ubuntu-latest
-    if: "${{ github.event_name == 'push' }}"
+    timeout-minutes: 20
+    if: "${{ github.event_name == 'push' && needs.verify-tokens.outputs.codacy-token-set == 'true' }}"
     concurrency:
       group: "${{ github.repository_id }}-${{ github.workflow }}-codacy"
       cancel-in-progress: false
     permissions:
       security-events: write
 
     steps:
-      - name: "Verify token"
-        shell: bash
-        run: |
-          # Verifying token...
-          test -n '${{ secrets.CODACY_PROJECT_TOKEN }}' || exit 3
       - name: "Checkout sources"
         uses: actions/checkout@v4
       - name: "Codacy analysis"
         uses: codacy/codacy-analysis-cli-action@v4
+        timeout-minutes: 10
         with:
           project-token: "${{ secrets.CODACY_PROJECT_TOKEN }}"
           #verbose: true
@@ -55,20 +74,18 @@ jobs:
 
   sonarqube:
     name: "SonarQube"
+    needs: [verify-tokens]
     runs-on: ubuntu-latest
-    if: "${{ github.event_name == 'push' }}"
+    timeout-minutes: 20
+    if: "${{ github.event_name == 'push' && needs.verify-tokens.outputs.sonar-token-set == 'true' }}"
 
     steps:
-      - name: "Verify token"
-        shell: bash
-        run: |
-          # Verifying token...
-          test -n '${{ secrets.SONAR_TOKEN }}' || exit 3
       - name: "Checkout sources"
         uses: actions/checkout@v4
         with:
           fetch-depth: "0" # Shallow clones should be disabled for a better relevancy of analysis
       - name: "SonarQube scan"
         uses: SonarSource/sonarqube-scan-action@v5
+        timeout-minutes: 10
         env:
           SONAR_TOKEN: "${{ secrets.SONAR_TOKEN }}"

.github/workflows/coverage.yml

@@ -12,6 +12,7 @@ jobs:
   base-job:
     name: "Base"
     runs-on: ubuntu-latest
+    timeout-minutes: 20
     concurrency:
       group: "${{ github.repository_id }}-${{ github.workflow }}-base"
       cancel-in-progress: false
@@ -31,7 +32,7 @@ jobs:
       - name: "Install Bashcov and simplecov-lcov"
         run: |
           # Installing Bashcov and simplecov-lcov...
-          gem install bashcov:3.1.3 simplecov-lcov
+          gem install bashcov:3.2.0 simplecov-lcov
       - name: "Build (with coverage)"
         id: "build"
         shell: bash

.github/workflows/periodic-checks.yml

@@ -65,6 +65,7 @@ jobs:
   dep5-validation:
     name: "Validate dep5"
     runs-on: ubuntu-latest
+    timeout-minutes: 20
 
     steps:
       - name: "Checkout sources"

.github/workflows/scripts-testing.yml

@@ -26,7 +26,7 @@ jobs:
   base:
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
+        os: [ubuntu-latest, windows-latest, macos-latest]
       fail-fast: false
     name: "${{ matrix.os }}"
     runs-on: "${{ matrix.os }}"
@@ -104,6 +104,7 @@ jobs:
           GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
       - name: "Test scripts"
         shell: bash
+        timeout-minutes: 10
         run: |
           # Testing scripts...
           EXIT_CODE='0'
@@ -121,7 +122,7 @@ jobs:
           if test "${current_os:?}" = 'Linux'; then PATH="${PATH:-/usr/bin}:${workspace_dir:?}/cache/shells/extracted/bosh/opt/schily/bin" || exit "${?}"; fi
           if diff 1> /dev/null 2>&1 -- "$(command -v 'sh' || :)" "$(command -v 'bash' || :)"; then SH_IS_BASH='true'; fi
           if test "${current_os:?}" = 'Linux'; then
-            sudo apt-get -y -qq install 'mksh' 'yash' 'posh' 1> /dev/null
+            sudo DEBIAN_FRONTEND='noninteractive' apt-get -y -qq --no-install-recommends --no-upgrade install 'mksh' 'yash' 'posh' 1> /dev/null 2>&1 || exit "${?}"
           elif test "${current_os:?}" = 'macOS'; then
             brew 2> /dev/null update --quiet || exit "${?}"
             brew 1> /dev/null install --quiet 'mksh' 'oksh' 'ksh93' 'yash' || exit "${?}"

.gitignore

@@ -3,11 +3,13 @@
 
 # Files to always ignore
 /coverage/
+/dependency-graph-reports/
 /.ssh/
 /.ash_history
 /.bash_history
 /.wget-hsts
 /.lesshst
+desktop.ini
 *.log
 *.sarif
 *.dex
@@ -17,7 +19,6 @@
 /.git/
 __pycache__/
 .DS_Store
-desktop.ini
 Thumbs.db
 
 # VS Code files

.gitlab-ci.yml

@@ -5,54 +5,65 @@
 image: "eclipse-temurin:17-jdk-alpine"
 
 variables:
-  GIT_DEPTH: "1"
+  GIT_DEPTH: 1
 
-# Cache expiration: 14 days
 cache:
   key: "cache-build"
   paths:
-    - cache/build/
+    - cache/build
   when: "always"
 
-before_script: |
-  # Install dependencies
-  apk add bash zip~=3.0 wget || exit "${?}"
+default:
+  before_script: |
+    # Install dependencies
+    apk add bash zip~=3.0 wget || exit "${?}"
 
-include:
-  # - template: Security/Dependency-Scanning.gitlab-ci.yml
-  # - template: Security/License-Scanning.gitlab-ci.yml
-  - template: Security/SAST.gitlab-ci.yml
-  # - template: Security/Secret-Detection.gitlab-ci.yml
+workflow:
+  auto_cancel:
+    on_new_commit: "interruptible"
 
 stages:
   - build
   - test
 
-build-oss-job:
+# Temporarily disabled
+.build-oss-job:
   stage: build
+  interruptible: true
   rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-    - if: $CI_COMMIT_TAG && $CI_COMMIT_TAG != "nightly"
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_TAG && $CI_COMMIT_TAG != "nightly"
   cache: []
   script: "BUILD_TYPE='oss' './build.sh'"
 
 build-job:
   stage: build
+  interruptible: true
   rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      changes:
+        - "LICENSES/**"
+        - "includes/common.sh"
+        - "tools/**"
+        - "zip-content/**"
+        - ".gitlab-ci.yml"
+        - "build.sh"
+        - "conf-*.sh"
   script: "BUILD_TYPE='full' './build.sh'"
   artifacts:
     paths:
-      - output/*.zip*
-    expire_in: 30 minutes
+      - "output/*.zip*"
+    expire_in: "20 minutes"
 
-# license_scanning:
-#   stage: test
-#   artifacts:
-#     paths:
-#       - gl-license-scanning-report.json
+# Cache expiration: 14 days
+ping-cache:
+  stage: build
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+      when: always
+  inherit:
+    default: false
+  script: ":"
 
-sast:
-  stage: test
-  cache: []
-  before_script: []
+# Temporarily disabled
+#include: ".gitlab/security-scans.yml"

.gitlab/security-scans.yml

@@ -0,0 +1,18 @@
+---
+# SPDX-FileCopyrightText: none
+# SPDX-License-Identifier: CC0-1.0
+
+include:
+  - template: Security/SAST.gitlab-ci.yml
+  #- template: Security/License-Scanning.gitlab-ci.yml
+  #- template: Security/Secret-Detection.gitlab-ci.yml
+
+sast:
+  cache: []
+  inherit:
+    default: false
+
+#license_scanning:
+#  cache: []
+#  inherit:
+#    default: false

build.sh

@@ -138,7 +138,7 @@ if test "${OPENSOURCE_ONLY:?}" != 'false'; then
       {
         printf 'ZIP_FOLDER=%s\n' "${OUT_DIR?}"
         printf 'ZIP_FILENAME=\n'
-        printf 'ZIP_VERSION=\n'
+        printf 'ZIP_VERSION=%s\n' "${MODULE_VER?}"
         printf 'ZIP_SHORT_COMMIT_ID=%s\n' "${ZIP_SHORT_COMMIT_ID?}"
         printf 'ZIP_BUILD_TYPE=%s\n' "${BUILD_TYPE?}"
         printf 'ZIP_BUILD_TYPE_SUPPORTED=%s\n' 'false'
@@ -192,6 +192,11 @@ if test "${CI:-false}" != 'false'; then
   if test "${CI_PROJECT_NAMESPACE:-${GITHUB_REPOSITORY_OWNER:-unknown}}" != 'micro''5k'; then
     FILENAME_MIDDLE="fork-${FILENAME_MIDDLE:?}" # GitLab / GitHub
   fi
+else
+  branch_name="$(git 2> /dev/null branch --show-current)" || branch_name="$(git 2> /dev/null rev-parse --abbrev-ref HEAD)" || branch_name=''
+  if test -n "${branch_name?}" && test "${branch_name:?}" != 'main'; then
+    FILENAME_MIDDLE="${branch_name:?}-${FILENAME_MIDDLE:?}"
+  fi
 fi
 
 FILENAME="${FILENAME_START:?}${FILENAME_MIDDLE:?}${FILENAME_END:?}"