diff options
| author | David Göransson <david.goransson@mullvad.net> | 2025-03-18 09:59:04 +0100 |
|---|---|---|
| committer | David Göransson <david.goransson@mullvad.net> | 2025-03-20 14:40:34 +0100 |
| commit | eab4246db2bce80262d23010f986204684243423 (patch) | |
| tree | 1d5847333c87a2468a23c18b8af12bd011b9b395 /.github/workflows | |
| parent | 3a06d0b6c55b12663e84ab06a886ef12dc25e26e (diff) | |
| download | mullvadvpn-eab4246db2bce80262d23010f986204684243423.tar.xz mullvadvpn-eab4246db2bce80262d23010f986204684243423.zip | |
Add github action to verify dependency keys
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/android-audit.yml | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/.github/workflows/android-audit.yml b/.github/workflows/android-audit.yml index 715854cd91..e85e1571be 100644 --- a/.github/workflows/android-audit.yml +++ b/.github/workflows/android-audit.yml @@ -5,7 +5,9 @@ on: paths: - .github/workflows/android-audit.yml - android/gradle/verification-metadata.xml - - android/scripts/update-lockfile.sh + - android/gradle/verification-metadata.keys.xml + - android/gradle/verification-keyring.keys + - android/scripts/lockfile # libs.versions.toml and *.kts are necessary to ensure that the verification-metadata.xml is up-to-date # with our dependency usage due to the dependency verification not working as expected when keys are # specified for dependencies (DROID-1425). @@ -59,19 +61,31 @@ jobs: - name: Fix HOME path run: echo "HOME=/root" >> $GITHUB_ENV - - name: Set locale - run: echo "LC_ALL=C.UTF-8" >> $GITHUB_ENV - - uses: actions/checkout@v4 + # Needed to run git diff later - name: Fix git dir run: git config --global --add safe.directory $(pwd) - - name: Create Android rustJniLibs dir - run: mkdir -p android/app/build/rustJniLibs/android - - name: Re-generate lockfile - run: android/scripts/update-lockfile.sh + run: android/scripts/lockfile -u - name: Ensure no changes run: git diff --exit-code + + verify-lockfile-keys: + needs: prepare + name: Verify lockfile keys + runs-on: ubuntu-latest + container: + image: ${{ needs.prepare.outputs.container_image }} + steps: + # Fix for HOME path overridden by GH runners when building in containers, see: + # https://github.com/actions/runner/issues/863 + - name: Fix HOME path + run: echo "HOME=/root" >> $GITHUB_ENV + + - uses: actions/checkout@v4 + + - name: Verify lockfile keys metadata + run: android/scripts/lockfile -v |