mirror of
https://github.com/gmeligio/flutter-docker-image.git
synced 2026-05-24 12:30:34 +00:00
Eligio Mariño
213 lines
7.5 KiB
YAML
213 lines
7.5 KiB
YAML
on:
|
|
pull_request:
|
|
workflow_dispatch:
|
|
|
|
# Read-only permissions by default
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
test_image:
|
|
permissions:
|
|
# Allow to write packages for the docker/scout-action to write a comment
|
|
packages: write
|
|
# Allow to write pull requests for the docker/scout-action to write a comment
|
|
pull-requests: write
|
|
# Allow to write security events for github/codeql-action/upload-sarif to upload SARIF results
|
|
security-events: write
|
|
runs-on: ubuntu-24.04
|
|
env:
|
|
IMAGE_REPOSITORY_NAME: flutter-android
|
|
VERSION_MANIFEST: config/version.json
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
|
|
with:
|
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
password: ${{ secrets.DOCKER_HUB_TOKEN }}
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ github.token }}
|
|
|
|
- name: Setup CUE
|
|
uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
|
|
|
|
- name: Read environment variables from version.json with CUE
|
|
env:
|
|
GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
|
|
IMAGE_REPOSITORY_NAME: ${{ env.IMAGE_REPOSITORY_NAME }}
|
|
VERSION_MANIFEST: ${{ env.VERSION_MANIFEST }}
|
|
run: ./script/set_environment_variables.sh
|
|
|
|
- name: Load image metadata
|
|
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
|
|
id: metadata
|
|
with:
|
|
images: |
|
|
${{ env.IMAGE_REPOSITORY_PATH }}
|
|
ghcr.io/${{ env.IMAGE_REPOSITORY_PATH }}
|
|
quay.io/${{ env.IMAGE_REPOSITORY_PATH }}
|
|
tags: |
|
|
type=raw,value=${{ env.FLUTTER_VERSION }}
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
|
|
|
|
- name: Build image and push to local Docker daemon
|
|
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
|
|
with:
|
|
load: true
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
labels: ${{ steps.metadata.outputs.labels }}
|
|
tags: ${{ steps.metadata.outputs.tags }}
|
|
target: android
|
|
build-args: |
|
|
flutter_version=${{ env.FLUTTER_VERSION }}
|
|
fastlane_version=${{ env.FASTLANE_VERSION }}
|
|
android_build_tools_version=${{ env.ANDROID_BUILD_TOOLS_VERSION }}
|
|
android_platform_versions=${{ env.ANDROID_PLATFORM_VERSIONS }}
|
|
android_ndk_version=${{ env.ANDROID_NDK_VERSION }}
|
|
cmake_version=${{ env.CMAKE_VERSION }}
|
|
|
|
- name: Test image
|
|
uses: plexsystems/container-structure-test-action@c0a028aa96e8e82ae35be556040340cbb3e280ca # v0.3.0
|
|
with:
|
|
image: ${{ fromJSON(steps.metadata.outputs.json).tags[0] }}
|
|
config: test/android.yml
|
|
|
|
# TODO: Parallelize testing and vulnerability scanning
|
|
- name: Scan with Docker Scout
|
|
id: docker-scout
|
|
uses: docker/scout-action@0133ff88fe16d4a412dc4827a8fccbccb6b583e0 # v1.16.3
|
|
with:
|
|
command: compare, recommendations
|
|
# Use the Docker Hub image that is the first tag in the metadata
|
|
image: local://${{ fromJson(steps.metadata.outputs.json).tags[0] }}
|
|
# github-token is needed to be able to write the PR comment
|
|
github-token: ${{ github.token }}
|
|
only-fixed: true
|
|
organization: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
# sarif-file: output.sarif.json
|
|
to-env: prod
|
|
# Enable debug logging when needed
|
|
# debug: true
|
|
# verbose-debug: true
|
|
|
|
validate_version:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Setup CUE
|
|
uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
|
|
|
|
- name: Validate version.json and flutter_version.json with CUE
|
|
run: |
|
|
cue vet config/version.cue -d '#FlutterVersion' config/flutter_version.json
|
|
cue vet config/version.cue -d '#Version' config/version.json
|
|
|
|
validate_generated_config:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Setup CUE
|
|
uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
|
|
|
|
- name: Generate test files with CUE
|
|
run: |
|
|
./script/update_test.sh
|
|
|
|
- name: Check if there are any changes in the git working tree
|
|
run: |
|
|
git add -A
|
|
git diff --exit-code HEAD
|
|
|
|
build_docs:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Setup NodeJS
|
|
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
|
|
with:
|
|
cache: 'npm'
|
|
cache-dependency-path: docs/src/package-lock.json
|
|
node-version-file: docs/src/package.json
|
|
|
|
- name: Update documentation
|
|
working-directory: docs/src
|
|
run: |
|
|
npm ci --prefer-offline
|
|
npm run build
|
|
|
|
- name: Check if there are any changes in the git working tree
|
|
run: |
|
|
git add -A
|
|
git diff --exit-code HEAD
|
|
|
|
test_gradle:
|
|
permissions:
|
|
# Allow to read packages to pull the container image from GitHub Container Registry
|
|
packages: read
|
|
runs-on: ubuntu-24.04
|
|
container:
|
|
image: ghcr.io/${{ github.repository_owner }}/flutter-android:${{ vars.FLUTTER_VERSION }}
|
|
credentials:
|
|
username: ${{ github.actor }}
|
|
password: ${{ github.token }}
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Read version.json
|
|
id: version-json
|
|
run: |
|
|
{
|
|
echo "content<<EOF"
|
|
cat ./config/version.json
|
|
echo "EOF"
|
|
} >> $GITHUB_OUTPUT
|
|
|
|
- name: Set environment variables from version.json
|
|
run: |
|
|
echo "FLUTTER_VERSION=${{ fromJson( steps.version-json.outputs.content ).flutter.version }}" >> $GITHUB_ENV
|
|
echo "FLUTTER_CHANNEL=${{ fromJson( steps.version-json.outputs.content ).flutter.channel }}" >> $GITHUB_ENV
|
|
|
|
- name: Setup Flutter
|
|
run: |
|
|
cd $FLUTTER_ROOT
|
|
git fetch origin ${{ env.FLUTTER_VERSION }}:${{ env.FLUTTER_VERSION }}
|
|
git switch --discard-changes ${{ env.FLUTTER_VERSION }}
|
|
|
|
- name: Create test application
|
|
run: |
|
|
flutter create test_app
|
|
|
|
- name: Update default Android platform versions in Flutter
|
|
working-directory: test_app/android
|
|
run: |
|
|
cat ../../script/updateAndroidVersions.gradle.kts >> app/build.gradle.kts
|
|
./gradlew --warning-mode all updateAndroidVersions
|
|
|
|
- name: Setup CUE
|
|
uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
|
|
|
|
- name: Validate version.json with CUE
|
|
run: cue vet config/version.cue -d '#Version' config/version.json
|