diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9ffbca252b..a9b39f298c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: "GitHub Actions: Build" +name: "Build" # Controls when the action will run. Triggers the workflow on push or pull request # events for the `master` branch @@ -22,18 +22,34 @@ on: tags: build* pull_request: + # The branches below must be a subset of the branches above branches: [ master ] + schedule: + # Run once a week (even if no new code or PRs) to detect random regressions + - cron: '32 13 * * 2' + env: # Allow precise monitoring of the save/restore of Gradle User Home by `gradle-build-action` # See https://github.com/marketplace/actions/gradle-build-action?version=v2.1.1#cache-debugging-and-analysis GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: "fhir" # change this to invalidate cache -# A workflow run is made up of one or more jobs that can run sequentially or in parallel + + # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # Build will compile APK, test APK and run tests, lint, etc. build: - runs-on: ubuntu-22.04-8core + timeout-minutes: 60 + permissions: + actions: read + contents: read + # Required by codeql-action + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'java' ] # Steps represent a sequence of tasks that will be executed as part of the job steps: @@ -49,17 +65,31 @@ jobs: # Fetch origin/master for spotless ratchet to work # https://github.com/diffplug/spotless/issues/1242 fetch-depth: 0 + - name: Setup machine uses: ./.github/actions/commonSetup + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + - name: Build (minimal, for CodeQL) with Gradle + run: ./gradlew --scan --full-stacktrace compileDebugAndroidTestSources + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" + - name: Spotless check - run: ./gradlew spotlessCheck --scan --stacktrace + run: ./gradlew spotlessCheck --scan --full-stacktrace - - name: Build with Gradle - run: ./gradlew build --scan --stacktrace + - name: Build (full) with Gradle + run: ./gradlew build --scan --full-stacktrace - name: Check with Gradle - run: ./gradlew check --scan --stacktrace + run: ./gradlew check --scan --full-stacktrace - name: Release artifacts to local repo run: ./gradlew publishReleasePublicationToCIRepository --scan diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml deleted file mode 100644 index 25e4197f6b..0000000000 --- a/.github/workflows/codeql.yaml +++ /dev/null @@ -1,51 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [ "master" ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ "master" ] - schedule: - - cron: '32 13 * * 2' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-22.04-8core - timeout-minutes: 60 - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'java' ] - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Switch to Java 17 from Eclipse Temurin distro - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: temurin - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - - # TODO: use Autobuild instead of ./gradlew after https://github.com/github/codeql-action/issues/1417 is fixed - # - name: Autobuild - # uses: github/codeql-action/autobuild@v2 - - name: Build with Gradle - run: ./gradlew --scan --full-stacktrace -Dorg.gradle.dependency.verification=off compileDebugAndroidTestSources - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - with: - category: "/language:${{matrix.language}}"