Use container in audit action

1 files changed, 38 insertions, 3 deletions

diff --git a/.github/workflows/android-audit.yml b/.github/workflows/android-audit.yml
index c49090c0ea..5f85461581 100644
--- a/.github/workflows/android-audit.yml
+++ b/.github/workflows/android-audit.yml
@@ -11,12 +11,47 @@ on:
     # https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/notifications-for-workflow-runs
     - cron: '20 6 * * *'
   workflow_dispatch:
+    inputs:
+      override_container_image:
+        description: Override container image
+        type: string
+        required: false
 jobs:
+  prepare:
+    name: Prepare
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Use custom container image if specified
+        if: ${{ github.event.inputs.override_container_image != '' }}
+        run: echo "inner_container_image=${{ github.event.inputs.override_container_image }}"
+          >> $GITHUB_ENV
+
+      - name: Use default container image and resolve digest
+        if: ${{ github.event.inputs.override_container_image == '' }}
+        run: |
+          echo "inner_container_image=$(cat ./building/android-container-image.txt)" >> $GITHUB_ENV
+
+    outputs:
+      container_image: ${{ env.inner_container_image }}
+
   owasp-dependency-check:
+    needs: prepare
     runs-on: ubuntu-latest
+    container:
+      image: ${{ needs.prepare.outputs.container_image }}
     steps:
+      # Fix for HOME path overridden by GH runners when building in containers, see:
+      # https://github.com/actions/runner/issues/863
+      - name: Fix HOME path
+        run: echo "HOME=/root" >> $GITHUB_ENV
+
+      - name: Set locale
+        run: echo "LC_ALL=C.UTF-8" >> $GITHUB_ENV
+
       - uses: actions/checkout@v3
+
       - name: Run gradle audit task
-        run: |-
-          cd android
-          ./gradlew dependencyCheckAnalyze
+        run: android/gradlew -p android dependencyCheckAnalyze