nextcloud-android/.github/workflows/analysis.yml
tobiasKaminsky 92d3f08f6a
Setting token permissions to read-only follows the principle of least privilege.
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
2022-06-13 14:23:55 +02:00

47 lines
1.8 KiB
YAML

name: "Analysis"
on:
pull_request:
branches: [ master, stable-* ]
push:
branches: [ master, stable-* ]
permissions:
pull-requests: write
contents: write
jobs:
analysis:
runs-on: ubuntu-latest
steps:
- name: Setup variables
id: get-vars
run: |
if [ -z "$GITHUB_HEAD_REF" ]; then
# push
echo "::set-output name=branch::$GITHUB_REF_NAME"
echo "::set-output name=pr::$GITHUB_RUN_ID"
else
# pull request
echo "::set-output name=branch::$GITHUB_HEAD_REF"
echo "::set-output name=pr::${{ github.event.pull_request.number }}"
fi
- uses: actions/checkout@v3
with:
repository: ${{ steps.get-vars.outputs.repo }}
ref: ${{ steps.get-vars.outputs.branch }}
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: 11
- name: Install dependencies
run: |
python3 -m pip install defusedxml
- name: Run analysis wrapper
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
mkdir -p $HOME/.gradle
echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" > $HOME/.gradle/gradle.properties
scripts/analysis/analysis-wrapper.sh ${{ steps.get-vars.outputs.branch }} ${{ secrets.LOG_USERNAME }} ${{ secrets.LOG_PASSWORD }} $GITHUB_RUN_NUMBER ${{ steps.get-vars.outputs.pr }}