summaryrefslogtreecommitdiffhomepage
path: root/.github
diff options
context:
space:
mode:
authorDavid Göransson <david.goransson@mullvad.net>2025-03-20 14:45:44 +0100
committerDavid Göransson <david.goransson@mullvad.net>2025-03-20 14:45:44 +0100
commite5b0413051697ef6bfec7518b05a07537dbc31f5 (patch)
tree578b0002e59c9362c931f21b4d3db866f314f089 /.github
parent1cb7935700827140f6430030033549c4d5cb2fb1 (diff)
parent543662477b35be94b8a5476ce048878101dd2d75 (diff)
downloadmullvadvpn-e5b0413051697ef6bfec7518b05a07537dbc31f5.tar.xz
mullvadvpn-e5b0413051697ef6bfec7518b05a07537dbc31f5.zip
Merge branch 'rework-gradle-verification-lockfile'
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/android-audit.yml30
-rw-r--r--.github/workflows/verify-locked-down-signatures.yml4
2 files changed, 26 insertions, 8 deletions
diff --git a/.github/workflows/android-audit.yml b/.github/workflows/android-audit.yml
index 715854cd91..e85e1571be 100644
--- a/.github/workflows/android-audit.yml
+++ b/.github/workflows/android-audit.yml
@@ -5,7 +5,9 @@ on:
paths:
- .github/workflows/android-audit.yml
- android/gradle/verification-metadata.xml
- - android/scripts/update-lockfile.sh
+ - android/gradle/verification-metadata.keys.xml
+ - android/gradle/verification-keyring.keys
+ - android/scripts/lockfile
# libs.versions.toml and *.kts are necessary to ensure that the verification-metadata.xml is up-to-date
# with our dependency usage due to the dependency verification not working as expected when keys are
# specified for dependencies (DROID-1425).
@@ -59,19 +61,31 @@ jobs:
- name: Fix HOME path
run: echo "HOME=/root" >> $GITHUB_ENV
- - name: Set locale
- run: echo "LC_ALL=C.UTF-8" >> $GITHUB_ENV
-
- uses: actions/checkout@v4
+ # Needed to run git diff later
- name: Fix git dir
run: git config --global --add safe.directory $(pwd)
- - name: Create Android rustJniLibs dir
- run: mkdir -p android/app/build/rustJniLibs/android
-
- name: Re-generate lockfile
- run: android/scripts/update-lockfile.sh
+ run: android/scripts/lockfile -u
- name: Ensure no changes
run: git diff --exit-code
+
+ verify-lockfile-keys:
+ needs: prepare
+ name: Verify lockfile keys
+ runs-on: ubuntu-latest
+ container:
+ image: ${{ needs.prepare.outputs.container_image }}
+ steps:
+ # Fix for HOME path overridden by GH runners when building in containers, see:
+ # https://github.com/actions/runner/issues/863
+ - name: Fix HOME path
+ run: echo "HOME=/root" >> $GITHUB_ENV
+
+ - uses: actions/checkout@v4
+
+ - name: Verify lockfile keys metadata
+ run: android/scripts/lockfile -v
diff --git a/.github/workflows/verify-locked-down-signatures.yml b/.github/workflows/verify-locked-down-signatures.yml
index 7a345c496e..e4f26d6bf7 100644
--- a/.github/workflows/verify-locked-down-signatures.yml
+++ b/.github/workflows/verify-locked-down-signatures.yml
@@ -4,6 +4,7 @@ on:
pull_request:
paths:
- .github/workflows/verify-locked-down-signatures.yml
+ - .github/workflows/android-audit.yml
- .github/workflows/unicop.yml
- .github/CODEOWNERS
- Cargo.toml
@@ -21,8 +22,11 @@ on:
- android/gradlew
- android/gradlew.bat
- android/gradle/verification-metadata.xml
+ - android/gradle/verification-metadata.keys.xml
+ - android/gradle/verification-keyring.keys
- android/gradle/wrapper/gradle-wrapper.jar
- android/gradle/wrapper/gradle-wrapper.properties
+ - android/scripts/lockfile
- building/build-and-publish-container-image.sh
- building/mullvad-app-container-signing.asc
- building/linux-container-image.txt