From 063f082faccc43c0bd8e2ff8634b4109c4ece77d Mon Sep 17 00:00:00 2001
From: Michael Kaye <1917473+michaelkaye@users.noreply.github.com>
Date: Tue, 14 Jun 2022 16:01:38 +0100
Subject: [PATCH] Run exodus on all PR branches.
Build the release APK for each PR commit, run exodus against that APK.
---
.github/workflows/build.yml | 29 ++++++++++++++++++++++++++---
1 file changed, 26 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 9517a4f3a7..b767da14d7 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -46,8 +46,9 @@ jobs:
release:
name: Build unsigned GPlay APKs
runs-on: ubuntu-latest
- if: github.ref == 'refs/heads/main'
- # Only runs on main, no concurrency.
+ concurrency:
+ group: ${{ github.ref == 'refs/head/main' && format('build-release-apk-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('build-release-apk-develop-{0}', github.sha) || format('build-debug-{0}', github.ref) }}
+ cancel-in-progress: ${{ github.ref != 'refs/head/main' }}
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
@@ -67,4 +68,26 @@ jobs:
path: |
vector/build/outputs/apk/*/release/*.apk
-# TODO add exodus checks
+ exodus:
+ runs-on: ubuntu-latest
+ needs: release
+ steps:
+ - name: Obtain apk from artifact
+ id: download
+ uses: actions/download-artifact@v3
+ with:
+ name: vector-gplay-release-unsigned
+ - name: Show apks in artifact
+ run: ls -R ${{steps.download.outputs.download-path}}
+ - name: Execute exodus-standalone
+ uses: docker://exodusprivacy/exodus-standalone:latest
+ with:
+ args: /github/workspace/gplay/release/vector-gplay-universal-release-unsigned.apk -j -o /github/workspace/exodus.json
+ - name: Upload exodus json report
+ uses: actions/upload-artifact@v3
+ with:
+ name: exodus.json
+ path: |
+ exodus.json
+ - name: Check for trackers
+ run: "jq -e '.trackers == []' exodus.json > /dev/null || { echo '::error static analysis identified user tracking library' ; exit 1; }"