Adds remote pre-commit installer, which includes automatic fix for linter #3718
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Checks | |
| on: | |
| push: | |
| branches: [ develop, "release/**" ] | |
| pull_request: | |
| jobs: | |
| swiftlint: | |
| name: SwiftLint | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the code | |
| uses: actions/checkout@v3 | |
| - name: Run SwiftLint on files changed in the PR | |
| uses: norio-nomura/[email protected] | |
| with: | |
| args: --strict --force-exclude | |
| shellcheck: | |
| name: ShellCheck | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the code | |
| uses: actions/checkout@v3 | |
| - name: Run ShellCheck | |
| uses: ludeeus/action-shellcheck@master | |
| with: | |
| format: gcc | |
| ignore_paths: scripts/helpers | |
| scandir: scripts | |
| env: | |
| SHELLCHECK_OPTS: -x -P scripts -P scripts/helpers | |
| tests: | |
| name: Test | |
| strategy: | |
| matrix: | |
| flavor: [ "Sandbox", "Non-Sandbox" ] | |
| include: | |
| - scheme: DuckDuckGo Privacy Browser | |
| flavor: Non-Sandbox | |
| - scheme: DuckDuckGo Privacy Browser App Store | |
| flavor: Sandbox | |
| - active-arch: YES | |
| flavor: Non-Sandbox | |
| - active-arch: NO | |
| flavor: Sandbox | |
| - cache-key: | |
| flavor: Non-Sandbox | |
| - cache-key: sandbox- | |
| flavor: Sandbox | |
| runs-on: macos-13 | |
| timeout-minutes: 30 | |
| outputs: | |
| private-api-check-report: ${{ steps.private-api.outputs.report }} | |
| steps: | |
| - name: Register SSH keys for submodules access | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: | | |
| ${{ secrets.SSH_PRIVATE_KEY_FIND_IN_PAGE }} | |
| ${{ secrets.SSH_PRIVATE_KEY_PRIVACY_DASHBOARD }} | |
| - name: Check out the code | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - name: Set cache key hash | |
| run: | | |
| has_only_tags=$(jq '[ .pins[].state | has("version") ] | all' DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved) | |
| if [[ "$has_only_tags" == "true" ]]; then | |
| echo "cache_key_hash=${{ hashFiles('DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved') }}" >> $GITHUB_ENV | |
| else | |
| echo "Package.resolved contains dependencies specified by branch or commit, skipping cache." | |
| fi | |
| - name: Cache SPM | |
| if: env.cache_key_hash | |
| uses: actions/cache@v3 | |
| with: | |
| path: DerivedData/SourcePackages | |
| key: ${{ runner.os }}-spm-${{ matrix.cache-key }}${{ env.cache_key_hash }} | |
| restore-keys: | | |
| ${{ runner.os }}-spm-${{ matrix.cache-key }} | |
| - name: Select Xcode | |
| run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer | |
| - name: Install xcbeautify | |
| continue-on-error: true | |
| run: brew install xcbeautify | |
| - name: Build and test | |
| run: | | |
| echo "Runner ${RUNNER_NAME} (${RUNNER_TRACKING_ID})" | |
| export OS_ACTIVITY_MODE=debug | |
| set -o pipefail && xcodebuild test \ | |
| -scheme "${{ matrix.scheme }}" \ | |
| -derivedDataPath "DerivedData" \ | |
| -configuration "CI" \ | |
| ENABLE_TESTABILITY=true \ | |
| ONLY_ACTIVE_ARCH=${{ matrix.active-arch }} \ | |
| | tee ${{ matrix.flavor }}-xcodebuild.log \ | |
| | xcbeautify --report junit --report-path . --junit-report-filename ${{ matrix.flavor }}.xml | |
| - name: Check private API usage | |
| id: private-api | |
| run: | | |
| if [[ ${{ matrix.flavor }} != "Sandbox" ]]; then | |
| echo "Skipping private API usage check for ${{ matrix.flavor }} build" | |
| else | |
| binary_path="DerivedData/Build/Products/CI/DuckDuckGo App Store.app/Contents/MacOS/DuckDuckGo App Store" | |
| ./scripts/find_private_symbols.sh "${binary_path}" | tee private_api_report.txt | |
| cat private_api_report.txt >> $GITHUB_STEP_SUMMARY | |
| output=$(cat private_api_report.txt) | |
| output="${output//$'\n'/%0A}" # step outputs can't contain newline characters | |
| # | |
| # After a non-zero exit code is returned in GHA we can't do too much, | |
| # e.g. set step outputs, so the script always returns 0 and we can tell | |
| # that it's a failure if there's more than 1 line in the output. | |
| # | |
| report_num_lines=$(wc -l < private_api_report.txt | tr -d '[:space:]') | |
| if [[ $report_num_lines > 1 ]]; then | |
| echo "report=${output}" >> $GITHUB_OUTPUT | |
| exit 1 | |
| fi | |
| fi | |
| - name: Publish unit tests report | |
| uses: mikepenz/action-junit-report@v3 | |
| if: always() # always run even if the previous step fails | |
| with: | |
| check_name: "Test Report: ${{ matrix.flavor }}" | |
| report_paths: ${{ matrix.flavor }}.xml | |
| - name: Upload failed test log | |
| uses: actions/upload-artifact@v3 | |
| if: failure() | |
| with: | |
| name: ${{ matrix.flavor }}-xcodebuild.log | |
| path: ${{ matrix.flavor }}-xcodebuild.log | |
| private-api: | |
| name: Private API Report | |
| needs: tests | |
| if: ${{ success() || needs.tests.outputs.private-api-check-report }} | |
| uses: ./.github/workflows/private_api_report.yml | |
| with: | |
| report: ${{ needs.tests.outputs.private-api-check-report }} | |
| verify-autoconsent-bundle: | |
| name: 'Verify autoconsent bundle' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 16 | |
| cache: 'npm' | |
| - name: Build bundle | |
| run: | | |
| npm ci | |
| npm run rebuild-autoconsent | |
| - name: Verify clean tree | |
| run: | | |
| git update-index --refresh | |
| git diff-index --quiet HEAD -- |