buntyc/performics_dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
65ac7161775ff72091b7c9dfdc3c271dd8e1c45a
performics_dev/.gitea/workflows/azure-pipelines.yml
T
NishantRajputRN 65ac716177
RN APK Build / build (push) Failing after 56m7s
Details
trviy check
2026-05-13 11:04:11 +05:30

132 lines
4.6 KiB
YAML
Raw Blame History

name: RN APK Build
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
# ---------------- JAVA (Gradle + SonarScanner need JDK on Ubuntu) ----------------
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
cache: gradle
# ---------------- NODE ----------------
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- name: Install dependencies
run: npm ci
# ---------------- TRIVY (filesystem scan; avoid trivy-action — it pulls actions/cache node24) ----------------
- name: Install Trivy
run: |
mkdir -p "${HOME}/bin"
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b "${HOME}/bin" v0.70.0
echo "${HOME}/bin" >> "${GITHUB_PATH}"
"${HOME}/bin/trivy" --version
# Use "${HOME}/bin/trivy" — act/Gitea may not prepend GITHUB_PATH before the next step.
# Gitea only orchestrates the job; checkout + report.json live on the runner machine (this server), not on the Gitea host.
- name: Trivy filesystem scan
run: |
"${HOME}/bin/trivy" fs -f json -o report.json \
--skip-dirs node_modules,android/.gradle,android/build,ios/Pods,ios/build,.git \
--exit-code 0 \
.
report_path="${GITHUB_WORKSPACE:-$(pwd)}/report.json"
echo "Runner host: $(hostname)"
echo "report.json (inside job container): ${report_path}"
ls -la report.json
# Download this artifact from the Gitea run UI — file leaves the ephemeral job container without docker cp.
# - name: Upload Trivy report (artifact)
# uses: actions/upload-artifact@v3
# with:
# name: trivy-fs-report
# path: report.json
# Optional: persist on the VM host. In act_runner config.yaml set (then restart runner):
# container:
# options: "-v /home/azureuser/gitea-reports:/gitea-reports"
# If your config uses valid_volumes, allow that host path (see act_runner config.example.yaml).
- name: Copy Trivy report to host bind mount (if configured)
run: |
if [ -d /gitea-reports ] && [ -w /gitea-reports ]; then
out="/gitea-reports/trivy-report-${GITHUB_RUN_ID:-$(date +%s)}.json"
cp -f report.json "${out}"
echo "Copied to bind mount (see host dir mapped to /gitea-reports): ${out}"
else
echo "Skip host copy: no /gitea-reports volume. Use artifact above, or add runner container.options volume — see workflow comment."
fi
# ---------------- SONARQUBE ----------------
# In Gitea: Settings → Secrets → SONAR_TOKEN (and optionally SONAR_URL).
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v6
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_URL }}
# ---------------- ANDROID SDK (required on Ubuntu: ANDROID_HOME / sdk.dir) ----------------
- name: Setup Android SDK
uses: android-actions/setup-android@v3
with:
packages: >-
tools platform-tools
platforms;android-36
build-tools;36.0.0
ndk;27.1.12297006
- name: Point Gradle to the SDK
run: |
printf 'sdk.dir=%s\n' "${ANDROID_SDK_ROOT}" > android/local.properties
cat android/local.properties
- name: Grant Gradle execute permission
run: chmod +x android/gradlew
# ---------------- BUILD APK ----------------
- name: Build Release APK
run: |
cd android
./gradlew assembleRelease --stacktrace --info
# ---------------- VERIFY APK ----------------
- name: Check APK Output
run: |
ls -R android/app/build/outputs/apk
# ---------------- SAVE TO VM ----------------
- name: Save APK to VM folder
run: |
mkdir -p /home/azureuser/builds
cp android/app/build/outputs/apk/release/*.apk /home/azureuser/builds/
# ---------------- VERIFY FINAL ----------------
- name: Verify APK in VM
run: |
ls -l /home/azureuser/builds
# ---------------- (OPTIONAL) ARTIFACT ----------------
- name: Upload APK (optional)
uses: actions/upload-artifact@v3
with:
name: app-release
path: android/app/build/outputs/apk/release/*.apk
Reference in New Issue View Git Blame Copy Permalink