[Snyk] Security upgrade react-native from 0.72.3 to 0.73.0 #1628
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Android build on Ubuntu | |
on: | |
push: | |
branches: | |
- develop | |
- upgrade/* | |
pull_request: | |
branches: | |
- develop | |
- main | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- name: Checkout branch | |
uses: actions/checkout@v2 | |
- name: Upgrade npm to latest version | |
run: sudo npm i -g npm@latest | |
- name: Check versions | |
run: | | |
echo "Node version:" | |
node --version | |
echo "NPM version:" | |
npm --version | |
echo "Java version:" | |
java -version | |
echo "PATH:" | |
echo $PATH | |
echo "ANDROID_HOME:" | |
echo $ANDROID_HOME | |
echo "Bash version:" | |
bash -version | |
- name: Installing google-drive-upload script | |
env: | |
CLIENT_ID: ${{ secrets.GOOGLE_DRIVE_CLIENT_ID }} | |
CLIENT_SECRET: ${{ secrets.GOOGLE_DRIVE_CLIENT_SECRET }} | |
REFRESH_TOKEN: ${{ secrets.GOOGLE_DRIVE_REFRESH_TOKEN }} | |
ACCESS_TOKEN: ${{ secrets.GOOGLE_DRIVE_ACCESS_TOKEN }} | |
run: | | |
source ~/.bashrc | |
echo $PATH | |
curl --compressed -s https://raw.githubusercontent.com/labbots/google-drive-upload/v2.7/install.sh | bash -s -- -R v2.7 | |
echo "CLIENT_ID=\"$CLIENT_ID\"" >> ~/.googledrive.conf | |
echo "CLIENT_SECRET=\"$CLIENT_SECRET\"" >> ~/.googledrive.conf | |
echo "REFRESH_TOKEN=\"$REFRESH_TOKEN\"" >> ~/.googledrive.conf | |
echo "ACCESS_TOKEN=\"$ACCESS_TOKEN\"" >> ~/.googledrive.conf | |
echo "ACCESS_TOKEN_EXPIRY=" >> ~/.googledrive.conf | |
echo "ROOT_FOLDER=\"1sO16rDuJA8McRA8-Q-I6R2OjMGcG4nEp\"" >> ~/.googledrive.conf | |
echo "ROOT_FOLDER_NAME=" >> ~/.googledrive.conf | |
- name: Caching node modules | |
uses: actions/cache@v1 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-treemapper2-${{ hashFiles('package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node-treemapper2- | |
- name: Install npm | |
run: npm install --legacy-peer-deps | |
- name: Setting Environment Variables | |
env: | |
MAPBOXGL_ACCCESS_TOKEN: ${{ secrets.MAPBOXGL_ACCCESS_TOKEN }} | |
BUGSNAP_CLIENT_KEY: ${{ secrets.BUGSNAP_CLIENT_KEY }} | |
AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }} | |
AUTH0_CLIENT_ID: ${{ secrets.AUTH0_CLIENT_ID }} | |
API_ENDPOINT: ${{ secrets.API_ENDPOINT }} | |
CDN_URL: ${{ secrets.CDN_URL }} | |
WEB_APP_URL: ${{ secrets.WEB_APP_URL }} | |
run: | | |
echo "MAPBOXGL_ACCCESS_TOKEN=$MAPBOXGL_ACCCESS_TOKEN" >> .env | |
echo "BUGSNAP_CLIENT_KEY=$BUGSNAP_CLIENT_KEY" >> .env | |
echo "AUTH0_DOMAIN=$AUTH0_DOMAIN" >> .env | |
echo "AUTH0_CLIENT_ID=$AUTH0_CLIENT_ID" >> .env | |
echo "API_ENDPOINT=$API_ENDPOINT" >> .env | |
echo "CDN_URL=$CDN_URL" >> .env | |
echo "WEB_APP_URL=$WEB_APP_URL" >> .env | |
cp .env .env.staging | |
- name: Preparing Android build | |
env: | |
android_release_password: ${{ secrets.ANDROID_RELEASE_PASSWORD }} | |
download_token: ${{ secrets.MAPBOXGL_DOWNLOAD_TOKEN }} | |
run: | | |
# prepare local.properties | |
echo "MYAPP_RELEASE_STORE_PASSWORD=$android_release_password" > android/local.properties | |
echo "MYAPP_RELEASE_KEY_PASSWORD=$android_release_password" >> android/local.properties | |
echo "MAPBOX_DOWNLOADS_TOKEN=$download_token" >> android/local.properties | |
- name: Fixes for Android Build | |
run: | | |
# fix problems with 'Error: ENOSPC: System limit for number of file watchers reached' | |
# echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p | |
# fix for task ':app:stripDevelopReleaseDebugSymbols' | |
# (echo y; echo y; echo y;) | sudo $ANDROID_HOME/tools/bin/sdkmanager 'ndk;20.0.5594570' | |
- name: Caching Gradle dependencies | |
uses: actions/cache@v1 | |
with: | |
path: ~/.gradle/caches | |
key: ${{ runner.os }}-gradle-treemapper2-${{ hashFiles('android/*.gradle') }} | |
restore-keys: | | |
${{ runner.os }}-gradle-treemapper2- | |
- name: Android Build | |
run: ./gradlew assembleStagingRelease --stacktrace --no-daemon | |
working-directory: ./android | |
# We only have 0.5GB space to store artifacts for GitHub actions | |
# - name: Upload Artifact | |
# uses: actions/upload-artifact@v1 | |
# with: | |
# name: app-release.apk | |
# path: android/app/build/outputs/apk/release/ | |
- name: Prepare Android APK for upload | |
run: | | |
upload_file=TreeMapper-`echo $GITHUB_REF | awk '{split($0,a,"/"); print a[3]}'`.apk | |
echo "upload_file=$upload_file" >> $GITHUB_ENV | |
mkdir -p uploads | |
mv android/app/build/outputs/apk/staging/release/app-staging-release.apk uploads/$upload_file | |
# depends on existence of upload file at uploads/$upload_file | |
- name: Upload Android APK to Browserstack | |
env: | |
BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }} | |
run: | | |
curl -u "planetit1:$BROWSERSTACK_ACCESS_KEY" -X POST "https://api-cloud.browserstack.com/app-live/upload" -F "file=@uploads/$upload_file" | |
curl -u "planetit1:$BROWSERSTACK_ACCESS_KEY" -X POST "https://api-cloud.browserstack.com/app-automate/upload" -F "file=@uploads/$upload_file" | |
# depends on existence of upload file at uploads/$upload_file | |
- name: Upload Android APK to Google Drive | |
run: | | |
source ~/.bashrc | |
# this is a dirty hack as adding the path with source ~/.bashrc does not seem to work | |
source ~/.google-drive-upload/google-drive-upload.binpath | |
gupload -C TreeMapperApp uploads/$upload_file | |
- name: Slack notification | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
run: | | |
payload="{\"channel\": \"#notifications-git\", \"username\": \"webhookbot\", \"text\": \"Finished GitHub action $GITHUB_WORKFLOW for $GITHUB_REF (TreeMapper)\"}" | |
curl -X POST --data-urlencode "payload=$payload" https://hooks.slack.com/services/$SLACK_WEBHOOK_URL |