ping-android-sdk/.github/workflows/ci.yaml at develop · ForgeRock/ping-android-sdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
#
# Copyright (c) 2024 - 2025 Ping Identity Corporation. All rights reserved.
#
# This software may be modified and distributed under the terms
# of the MIT license. See the LICENSE file for details.
#

name: CI

# Trigger on push or pull request
on:
  pull_request:
    types: [opened, reopened, synchronize, edited]

  push:
    branches:
      - master
      - develop

permissions: write-all
jobs:
  # Create TestRail run
  create-testrail-run:
      name: Create TestRail Run
      uses: ./.github/workflows/create-testrail-run.yaml
      secrets:
        TESTRAIL_USERNAME: ${{ secrets.TESTRAIL_USERNAME }}
        TESTRAIL_API_KEY: ${{ secrets.TESTRAIL_API_KEY }}

  # Build and run unit tests
  build-and-test:
    name: Build and test
    uses: ./.github/workflows/build-and-test.yaml
    needs: create-testrail-run
    secrets:
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
      TESTRAIL_USERNAME: ${{ secrets.TESTRAIL_USERNAME }}
      TESTRAIL_API_KEY: ${{ secrets.TESTRAIL_API_KEY }}
    with:
      testrail-run-id: ${{needs.create-testrail-run.outputs.testrail-run-id}}

  # Run integration tests on emulators
  integration-tests:
    name: Integration tests
    uses: ./.github/workflows/integration-tests.yaml
    if: ${{ vars.ENABLE_INTEGRATION_TESTS == 'true' }}
    needs: create-testrail-run
    secrets:
      E2E_CONFIG: ${{ secrets.E2E_CONFIG }}
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
      TESTRAIL_USERNAME: ${{ secrets.TESTRAIL_USERNAME }}
      TESTRAIL_API_KEY: ${{ secrets.TESTRAIL_API_KEY }}
    with:
      testrail-run-id: ${{needs.create-testrail-run.outputs.testrail-run-id}}

  # Build and sign BrowserStack test artifacts
  # Skip this step for PRs created by dependabot
  browserstack-prepare-artifacts:
    name: Prepare device farm artifacts
    uses: ./.github/workflows/browserstack-prepare-artifacts.yaml
    if: ${{ github.actor != 'dependabot[bot]' }}
    needs: build-and-test
    secrets:
      E2E_CONFIG: ${{ secrets.E2E_CONFIG }}
      SIGNING_KEYSTORE: ${{ secrets.SIGNING_KEYSTORE }}
      SIGNING_ALIAS: ${{ secrets.SIGNING_ALIAS }}
      SIGNING_KEYSTORE_PASSWORD: ${{ secrets.SIGNING_KEYSTORE_PASSWORD }}
      SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

  # Execute e2e test cases in BrowserStack. The workflow outputs the newly created run id.
  browserstack-davinci-run:
    name: Run tests in BrowserStack
    uses: ./.github/workflows/browserstack-davinci-run.yaml
    needs: browserstack-prepare-artifacts
    secrets:
      BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
      BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

  browserstack-journey-run:
    name: Run tests in BrowserStack
    uses: ./.github/workflows/browserstack-journey-run.yaml
    needs: browserstack-prepare-artifacts
    secrets:
      BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
      BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

  # Wait for BrowserStack davinci test run to finish and publish results
  browserstack-davinci-results:
    name: BrowserStack DaVinci Test Results
    uses: ./.github/workflows/browserstack-davinci-results.yaml
    needs: browserstack-davinci-run
    secrets:
      BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
      BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
    with:
      browserstack-davinci-build-id: ${{ needs.browserstack-davinci-run.outputs.browserstack-davinci-build-id }}

  # Wait for BrowserStack journey test run to finish and publish results
  browserstack-journey-results:
    name: BrowserStack Journey Test Results
    uses: ./.github/workflows/browserstack-journey-results.yaml
    needs: browserstack-journey-run
    secrets:
      BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
      BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
    with:
      browserstack-journey-build-id: ${{ needs.browserstack-journey-run.outputs.browserstack-journey-build-id }}

  # Wait for BrowserStack DaVinci and Journey test runs to finish and then run the MFA tests
  browserstack-oath-run:
    name: Run tests in BrowserStack
    uses: ./.github/workflows/browserstack-oath-run.yaml
    needs:
      - browserstack-davinci-results
      - browserstack-journey-results
    secrets:
      BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
      BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

  browserstack-push-run:
    name: Run tests in BrowserStack
    uses: ./.github/workflows/browserstack-push-run.yaml
    needs:
      - browserstack-davinci-results
      - browserstack-journey-results
    secrets:
      BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
      BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

  # Wait for BrowserStack OATH test run to finish and publish results
  browserstack-oath-results:
    name: BrowserStack OATH Test Results
    uses: ./.github/workflows/browserstack-oath-results.yaml
    needs: browserstack-oath-run
    secrets:
      BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
      BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
    with:
      browserstack-oath-build-id: ${{ needs.browserstack-oath-run.outputs.browserstack-oath-build-id }}

  # Wait for BrowserStack PUSH test run to finish and publish results
  browserstack-push-results:
    name: BrowserStack PUSH Test Results
    uses: ./.github/workflows/browserstack-push-results.yaml
    needs: browserstack-push-run
    secrets:
      BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
      BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
    with:
      browserstack-push-build-id: ${{ needs.browserstack-push-run.outputs.browserstack-push-build-id }}

  # Run Mend SCA Scan
  mend-sca-scan:
    name: Mend SCA Scan
    uses: ./.github/workflows/mend-sca-scan.yaml
    secrets:
      MEND_EMAIL: ${{ secrets.MEND_EMAIL }}
      MEND_USER_KEY: ${{ secrets.MEND_USER_KEY }}
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

  # Run Mend SAST Scan
  mend-sast-scan:
    name: Mend SAST Scan
    uses: ./.github/workflows/mend-sast-scan.yaml
    secrets:
      MEND_EMAIL: ${{ secrets.MEND_EMAIL }}
      MEND_USER_KEY: ${{ secrets.MEND_USER_KEY }}
      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}