diff options
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/android-audit.yml | 30 | ||||
| -rw-r--r-- | .github/workflows/verify-locked-down-signatures.yml | 4 |
2 files changed, 26 insertions, 8 deletions
diff --git a/.github/workflows/android-audit.yml b/.github/workflows/android-audit.yml index 715854cd91..e85e1571be 100644 --- a/.github/workflows/android-audit.yml +++ b/.github/workflows/android-audit.yml @@ -5,7 +5,9 @@ on: paths: - .github/workflows/android-audit.yml - android/gradle/verification-metadata.xml - - android/scripts/update-lockfile.sh + - android/gradle/verification-metadata.keys.xml + - android/gradle/verification-keyring.keys + - android/scripts/lockfile # libs.versions.toml and *.kts are necessary to ensure that the verification-metadata.xml is up-to-date # with our dependency usage due to the dependency verification not working as expected when keys are # specified for dependencies (DROID-1425). @@ -59,19 +61,31 @@ jobs: - name: Fix HOME path run: echo "HOME=/root" >> $GITHUB_ENV - - name: Set locale - run: echo "LC_ALL=C.UTF-8" >> $GITHUB_ENV - - uses: actions/checkout@v4 + # Needed to run git diff later - name: Fix git dir run: git config --global --add safe.directory $(pwd) - - name: Create Android rustJniLibs dir - run: mkdir -p android/app/build/rustJniLibs/android - - name: Re-generate lockfile - run: android/scripts/update-lockfile.sh + run: android/scripts/lockfile -u - name: Ensure no changes run: git diff --exit-code + + verify-lockfile-keys: + needs: prepare + name: Verify lockfile keys + runs-on: ubuntu-latest + container: + image: ${{ needs.prepare.outputs.container_image }} + steps: + # Fix for HOME path overridden by GH runners when building in containers, see: + # https://github.com/actions/runner/issues/863 + - name: Fix HOME path + run: echo "HOME=/root" >> $GITHUB_ENV + + - uses: actions/checkout@v4 + + - name: Verify lockfile keys metadata + run: android/scripts/lockfile -v diff --git a/.github/workflows/verify-locked-down-signatures.yml b/.github/workflows/verify-locked-down-signatures.yml index 7a345c496e..e4f26d6bf7 100644 --- a/.github/workflows/verify-locked-down-signatures.yml +++ b/.github/workflows/verify-locked-down-signatures.yml @@ -4,6 +4,7 @@ on: pull_request: paths: - .github/workflows/verify-locked-down-signatures.yml + - .github/workflows/android-audit.yml - .github/workflows/unicop.yml - .github/CODEOWNERS - Cargo.toml @@ -21,8 +22,11 @@ on: - android/gradlew - android/gradlew.bat - android/gradle/verification-metadata.xml + - android/gradle/verification-metadata.keys.xml + - android/gradle/verification-keyring.keys - android/gradle/wrapper/gradle-wrapper.jar - android/gradle/wrapper/gradle-wrapper.properties + - android/scripts/lockfile - building/build-and-publish-container-image.sh - building/mullvad-app-container-signing.asc - building/linux-container-image.txt |
