forked from signalfx/splunk-otel-android
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
76 lines (68 loc) · 2.53 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
include:
- project: 'prodsec/scp-scanning/gitlab-checkmarx'
ref: latest
file: '/templates/.sast_scan.yml'
- project: 'prodsec/whitesource'
ref: latest
file: '/templates/.whitesource.yml'
image:
name: "openjdk:11.0.11-9-jdk"
variables:
ANDROID_COMPILE_SDK: "30"
ANDROID_BUILD_TOOLS: "30.0.3"
ANDROID_COMMAND_LINE_TOOLS: "7302050"
.prepare-android-environment:
before_script:
- apt-get --quiet update --yes
- apt-get --quiet install --yes wget tar unzip lib32stdc++6 lib32z1
- wget --quiet --output-document=android-sdk.zip https://dl.google.com/android/repository/commandlinetools-linux-${ANDROID_COMMAND_LINE_TOOLS}_latest.zip
- unzip -d android-sdk-linux android-sdk.zip
- echo y | android-sdk-linux/cmdline-tools/bin/sdkmanager --sdk_root=. "platforms;android-${ANDROID_COMPILE_SDK}" >/dev/null
- echo y | android-sdk-linux/cmdline-tools/bin/sdkmanager --sdk_root=. "platform-tools" >/dev/null
- echo y | android-sdk-linux/cmdline-tools/bin/sdkmanager --sdk_root=. "build-tools;${ANDROID_BUILD_TOOLS}" >/dev/null
- export ANDROID_SDK_ROOT=$PWD
- export PATH=$PATH:$PWD/platform-tools/
# temporarily disable checking for EPIPE error and use yes to accept all licenses
- set +o pipefail
- yes | android-sdk-linux/cmdline-tools/bin/sdkmanager --sdk_root=. --licenses
- set -o pipefail
stages:
- build
- verify
- release
build:
stage: build
rules:
- if: '$CI_COMMIT_REF_NAME == "main"'
extends: .prepare-android-environment
script:
- touch local.properties
- ./gradlew build publish -PmavenCentralUsername=$SONATYPE_USERNAME -PmavenCentralPassword=$SONATYPE_PASSWORD
sast-scan:
stage: verify
rules:
- if: '$CI_COMMIT_REF_NAME == "main"'
extends: .sast_scan
variables:
SAST_SCANNER: "Semgrep"
# Fail build on high severity security vulnerabilities
alert_mode: "policy"
whitesource:
stage: verify
rules:
- if: '$CI_COMMIT_REF_NAME == "main"'
extends: .whitesource
variables:
ws_user_key: ${WHITESOURCE_USER_KEY}
product_id: ${WHITESOURCE_ID}
config: java-gradle-wrapper
release:
stage: release
rules:
- if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+.*/'
extends: .prepare-android-environment
script:
- touch local.properties
- export ORG_GRADLE_PROJECT_signingKey=$GPG_SECRET_KEY
- export ORG_GRADLE_PROJECT_signingPassword=$GPG_PASSWORD
- ./gradlew -Prelease=true --no-build-cache -PmavenCentralUsername=$SONATYPE_USERNAME -PmavenCentralPassword=$SONATYPE_PASSWORD build signMavenPublication publish