From d83e82b6ee81ffe4f894261ef320dc03a15fe82d Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Fri, 6 Jan 2023 17:00:05 +0100 Subject: [PATCH 1/6] Set up dependency check plugin --- .github/workflows/quality.yml | 19 +++++++++++++++++++ build.gradle.kts | 5 +++++ gradle/libs.versions.toml | 2 ++ 3 files changed, 26 insertions(+) diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 2741638914..912e846642 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -44,3 +44,22 @@ jobs: DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }} # Fallback for forks GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Gradle dependency analysis using https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin + dependency-analysis: + name: Dependency analysis + runs-on: ubuntu-latest + # Allow all jobs on main and develop. Just one per PR. + concurrency: + group: ${{ github.ref == 'refs/heads/main' && format('dep-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('dep-develop-{0}', github.sha) || format('dep-{0}', github.ref) }} + cancel-in-progress: true + steps: + - uses: actions/checkout@v3 + - name: Dependency analysis + run: ./gradlew dependencyCheckAnalyze $CI_GRADLE_ARG_PROPERTIES + - name: Upload dependency analysis + if: always() + uses: actions/upload-artifact@v3 + with: + name: dependency-analysis + path: build/reports/dependency-check-report.html diff --git a/build.gradle.kts b/build.gradle.kts index 2e4d8589ed..fa9822913a 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -25,6 +25,7 @@ plugins { alias(libs.plugins.anvil) apply false alias(libs.plugins.kotlin.jvm) apply false alias(libs.plugins.kapt) apply false + alias(libs.plugins.dependencycheck) apply false alias(libs.plugins.detekt) alias(libs.plugins.ktlint) alias(libs.plugins.dependencygraph) @@ -102,4 +103,8 @@ allprojects { ) ) } + // Dependency check + apply { + plugin("org.owasp.dependencycheck") + } } diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 5860bbebd2..48a62cf20b 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -50,6 +50,7 @@ showkase = "1.0.0-beta14" compose_destinations = "1.7.23-beta" jsoup = "1.15.3" seismic = "1.0.3" +dependencycheck = "7.4.2" # DI dagger = "2.43" @@ -150,3 +151,4 @@ anvil = { id = "com.squareup.anvil", version.ref = "anvil" } detekt = { id = "io.gitlab.arturbosch.detekt", version.ref = "detekt" } ktlint = { id = "org.jlleitschuh.gradle.ktlint", version.ref = "ktlint" } dependencygraph = { id = "com.savvasdalkitsis.module-dependency-graph", version.ref = "dependencygraph" } +dependencycheck = { id = "org.owasp.dependencycheck", version.ref = "dependencycheck" } From ddceb19b5ec973ca6a144868b0f75f91d4ecbb56 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Jan 2023 22:11:45 +0000 Subject: [PATCH 2/6] Bump danger/danger-js from 11.2.0 to 11.2.1 Bumps [danger/danger-js](https://github.com/danger/danger-js) from 11.2.0 to 11.2.1. - [Release notes](https://github.com/danger/danger-js/releases) - [Changelog](https://github.com/danger/danger-js/blob/main/CHANGELOG.md) - [Commits](https://github.com/danger/danger-js/compare/11.2.0...11.2.1) --- updated-dependencies: - dependency-name: danger/danger-js dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/danger.yml | 2 +- .github/workflows/quality.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/danger.yml b/.github/workflows/danger.yml index 8752f339bd..4901a84070 100644 --- a/.github/workflows/danger.yml +++ b/.github/workflows/danger.yml @@ -11,7 +11,7 @@ jobs: - run: | npm install --save-dev @babel/plugin-transform-flow-strip-types - name: Danger - uses: danger/danger-js@11.2.0 + uses: danger/danger-js@11.2.1 with: args: "--dangerfile ./tools/danger/dangerfile.js" env: diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 2741638914..32638a7c9f 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -37,7 +37,7 @@ jobs: yarn add danger-plugin-lint-report --dev - name: Danger lint if: always() - uses: danger/danger-js@11.2.0 + uses: danger/danger-js@11.2.1 with: args: "--dangerfile ./tools/danger/dangerfile-lint.js" env: From 5dbcad6eed2bcefbf8530c37c73efc7a9935c33f Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Mon, 9 Jan 2023 09:54:43 +0100 Subject: [PATCH 3/6] dependencycheck 7.4.4 (with fix for https://github.com/dependency-check/dependency-check-gradle/issues/300) --- gradle/libs.versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 48a62cf20b..1de907595b 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -50,7 +50,7 @@ showkase = "1.0.0-beta14" compose_destinations = "1.7.23-beta" jsoup = "1.15.3" seismic = "1.0.3" -dependencycheck = "7.4.2" +dependencycheck = "7.4.4" # DI dagger = "2.43" From 6a1dda9ab65dd79b13601e77492a25b0603262ff Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Tue, 10 Jan 2023 18:04:08 +0100 Subject: [PATCH 4/6] Add issue and pull request templates --- .github/ISSUE_TEMPLATE/bug.yml | 86 +++++++++++++++++++ .github/ISSUE_TEMPLATE/enhancement.yml | 47 ++++++++++ .../pull_request_template.md | 57 ++++++++++++ 3 files changed, 190 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug.yml create mode 100644 .github/ISSUE_TEMPLATE/enhancement.yml create mode 100644 .github/PULL_REQUEST_TEMPLATE/pull_request_template.md diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug.yml new file mode 100644 index 0000000000..746e26a227 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug.yml @@ -0,0 +1,86 @@ +name: Bug report for the Element X Android app +description: Report any issues that you have found with the Element X app. Please [check open issues](https://github.com/vector-im/element-x-android/issues) first, in case it has already been reported. +labels: [T-Defect] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + Please report security issues by email to security@matrix.org + - type: textarea + id: reproduction-steps + attributes: + label: Steps to reproduce + description: Please attach screenshots, videos or logs if you can. + placeholder: Tell us what you see! + value: | + 1. Where are you starting? What can you see? + 2. What do you click? + 3. More steps… + validations: + required: true + - type: textarea + id: result + attributes: + label: Outcome + placeholder: Tell us what went wrong + value: | + #### What did you expect? + + #### What happened instead? + validations: + required: true + - type: input + id: device + attributes: + label: Your phone model + placeholder: e.g. Samsung S6 + validations: + required: false + - type: input + id: os + attributes: + label: Operating system version + placeholder: e.g. Android 10.0 + validations: + required: false + - type: input + id: version + attributes: + label: Application version and app store + description: You can find the version information in Settings -> Help & About. + placeholder: e.g. Element X version 1.7.34, olm version 3.2.3 from F-Droid + validations: + required: false + - type: input + id: homeserver + attributes: + label: Homeserver + description: | + Which server is your account registered on? If it is a local or non-public homeserver, please tell us what is the homeserver implementation (ex: Synapse/Dendrite/etc.) and the version. + placeholder: e.g. matrix.org or Synapse 1.50.0rc1 + validations: + required: false + - type: dropdown + id: rageshake + attributes: + label: Will you send logs? + description: | + Did you know that you can shake your phone to submit logs for this issue? Trigger the defect, then shake your phone and you will see a popup asking if you would like to open the bug report screen. Click YES, and describe the issue, mentioning that you have also filed a bug (it's helpful if you can include a link to the bug). Send the report to submit anonymous logs to the developers. + options: + - 'Yes' + - 'No' + validations: + required: true + - type: dropdown + id: pr + attributes: + label: Are you willing to provide a PR? + description: | + Providing a PR can drastically speed up the process of fixing this bug. Don't worry, it's still OK to answer 'No' :). + options: + - 'Yes' + - 'No' + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/enhancement.yml b/.github/ISSUE_TEMPLATE/enhancement.yml new file mode 100644 index 0000000000..0e51d5155e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/enhancement.yml @@ -0,0 +1,47 @@ +name: Enhancement request +description: Do you have a suggestion or feature request? +labels: [T-Enhancement] +body: + - type: markdown + attributes: + value: | + Thank you for taking the time to propose an enhancement to an existing feature. If you would like to propose a new feature or a major cross-platform change, please [start a discussion here](https://github.com/vector-im/element-meta/discussions/new?category=ideas). + - type: textarea + id: usecase + attributes: + label: Your use case + description: Please feel welcome to include screenshots or mock ups. + placeholder: Tell us what you would like to do! + value: | + #### What would you like to do? + + #### Why would you like to do it? + + #### How would you like to achieve it? + validations: + required: true + - type: textarea + id: alternative + attributes: + label: Have you considered any alternatives? + placeholder: A clear and concise description of any alternative solutions or features you've considered. + validations: + required: false + - type: textarea + id: additional-context + attributes: + label: Additional context + placeholder: Is there anything else you'd like to add? + validations: + required: false + - type: dropdown + id: pr + attributes: + label: Are you willing to provide a PR? + description: | + Don't worry, it's still OK to answer 'No' :). + options: + - 'Yes' + - 'No' + validations: + required: true diff --git a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md new file mode 100644 index 0000000000..431c018fdd --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md @@ -0,0 +1,57 @@ + + +## Type of change + +- [ ] Feature +- [ ] Bugfix +- [ ] Technical +- [ ] Other : + +## Content + + + +## Motivation and context + + + +## Screenshots / GIFs + + + + + +## Tests + + + +- Step 1 +- Step 2 +- Step ... + +## Tested devices + +- [ ] Physical +- [ ] Emulator +- OS version(s): + +## Checklist + + + +- [ ] Changes has been tested on an Android device or Android emulator with API 21 +- [ ] UI change has been tested on both light and dark themes +- [ ] Accessibility has been taken into account. See https://github.com/vector-im/element-android/blob/develop/CONTRIBUTING.md#accessibility +- [ ] Pull request is based on the develop branch +- [ ] Pull request includes a new file under ./changelog.d. See https://github.com/vector-im/element-android/blob/develop/CONTRIBUTING.md#changelog +- [ ] Pull request includes screenshots or videos if containing UI changes +- [ ] Pull request includes a [sign off](https://matrix-org.github.io/synapse/latest/development/contributing_guide.html#sign-off) +- [ ] You've made a self review of your PR From b2719bc3bc8772fe2c1cc5ee9086874c0c7bd9b0 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Wed, 11 Jan 2023 14:56:13 +0100 Subject: [PATCH 5/6] Setup towncrier --- .github/workflows/nightly.yml | 9 +++++++++ CHANGES.md | 0 app/build.gradle.kts | 3 ++- changelog.d/.gitignore | 1 + tools/danger/dangerfile.js | 5 ----- tools/towncrier/template.md | 36 +++++++++++++++++++++++++++++++++++ towncrier.toml | 31 ++++++++++++++++++++++++++++++ 7 files changed, 79 insertions(+), 6 deletions(-) create mode 100644 CHANGES.md create mode 100644 changelog.d/.gitignore create mode 100644 tools/towncrier/template.md create mode 100644 towncrier.toml diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 3d34d74184..d8a954d0f7 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -15,6 +15,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - name: Install towncrier + run: | + python3 -m pip install towncrier + - name: Prepare changelog file + run: | + mv towncrier.toml towncrier.toml.bak + sed 's/CHANGES\.md/CHANGES_NIGHTLY\.md/' towncrier.toml.bak > towncrier.toml + rm towncrier.toml.bak + yes n | towncrier build --version nightly - name: Build and upload Nightly APK run: | ./gradlew assembleNightly appDistributionUploadNightly $CI_GRADLE_ARG_PROPERTIES diff --git a/CHANGES.md b/CHANGES.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/app/build.gradle.kts b/app/build.gradle.kts index 9cd7597c84..01b36f2bd4 100644 --- a/app/build.gradle.kts +++ b/app/build.gradle.kts @@ -93,7 +93,8 @@ android { firebaseAppDistribution { artifactType = "APK" - // releaseNotesFile = TODO + // This file will be generated by the GitHub action + releaseNotesFile = "CHANGES_NIGHTLY.md" groups = "external-testers" // This should not be required, but if I do not add the appId, I get this error: // "App Distribution halted because it had a problem uploading the APK: [404] Requested entity was not found." diff --git a/changelog.d/.gitignore b/changelog.d/.gitignore new file mode 100644 index 0000000000..b722e9e13e --- /dev/null +++ b/changelog.d/.gitignore @@ -0,0 +1 @@ +!.gitignore \ No newline at end of file diff --git a/tools/danger/dangerfile.js b/tools/danger/dangerfile.js index a9be0171d7..ab6495b0c7 100644 --- a/tools/danger/dangerfile.js +++ b/tools/danger/dangerfile.js @@ -43,7 +43,6 @@ if (requiresChangelog) { "doc", "feature", "misc", - "sdk", "wip", ] if (!changelogFiles.every(file => validTowncrierExtensions.includes(file.split(".").pop()))) { @@ -68,13 +67,10 @@ const signOff = "Signed-off-by:" // Please add new names following the alphabetical order. const allowList = [ - "amitkma", "aringenbach", "BillCarsonFr", "bmarty", - "Claire1817", "dependabot[bot]", - "ericdecanini", "fedrunov", "Florian14", "ganfra", @@ -86,7 +82,6 @@ const allowList = [ "manuroe", "mnaturel", "onurays", - "ouchadam", "stefanceriu", "yostyle", ] diff --git a/tools/towncrier/template.md b/tools/towncrier/template.md new file mode 100644 index 0000000000..4e5e96a4ac --- /dev/null +++ b/tools/towncrier/template.md @@ -0,0 +1,36 @@ +{% if top_line %} +{{ top_line }} +{{ top_underline * ((top_line)|length)}} +{% elif versiondata.name %} +{{ versiondata.name }} {{ versiondata.version }} ({{ versiondata.date }}) +{{ top_underline * ((versiondata.name + versiondata.version + versiondata.date)|length + 4)}} +{% else %} +{{ versiondata.version }} ({{ versiondata.date }}) +{{ top_underline * ((versiondata.version + versiondata.date)|length + 3)}} +{% endif %} +{% for section, _ in sections.items() %} +{% set underline = underlines[0] %}{% if section %}{{section}} +{{ underline * section|length }}{% set underline = underlines[1] %} +{% endif %} + +{% if sections[section] %} +{% for category, val in definitions.items() if category in sections[section]%} +{{ definitions[category]['name'] }} +{{ underline * definitions[category]['name']|length }} +{% if definitions[category]['showcontent'] %} +{% for text, values in sections[section][category].items() %} + - {{ text }} ({{ values|join(', ') }}) +{% endfor %} +{% else %} + - {{ sections[section][category]['']|join(', ') }} +{% endif %} +{% if sections[section][category]|length == 0 %} +No significant changes. +{% else %} +{% endif %} + +{% endfor %} +{% else %} +No significant changes. +{% endif %} +{% endfor %} diff --git a/towncrier.toml b/towncrier.toml new file mode 100644 index 0000000000..c9be3af199 --- /dev/null +++ b/towncrier.toml @@ -0,0 +1,31 @@ +[tool.towncrier] + directory = "changelog.d" + filename = "CHANGES.md" + name = "Changes in Element X" + template = "tools/towncrier/template.md" + issue_format = "[#{issue}](https://github.com/vector-im/element-x-android/issues/{issue})" + + [[tool.towncrier.type]] + directory = "feature" + name = "Features ✨" + showcontent = true + + [[tool.towncrier.type]] + directory = "bugfix" + name = "Bugfixes 🐛" + showcontent = true + + [[tool.towncrier.type]] + directory = "wip" + name = "In development 🚧" + showcontent = true + + [[tool.towncrier.type]] + directory = "doc" + name = "Improved Documentation 📚" + showcontent = true + + [[tool.towncrier.type]] + directory = "misc" + name = "Other changes" + showcontent = true From 202663ac269dcce7f3b4bd558e7d343c16f6693b Mon Sep 17 00:00:00 2001 From: manuroe Date: Wed, 11 Jan 2023 15:27:29 +0100 Subject: [PATCH 6/6] GH board: Send all issues to the EX board Once labelled, an issue will go the [EX board](https://github.com/orgs/vector-im/projects/43). This commit fixed the board to use ( I C+Ped https://github.com/vector-im/element-x-ios/blob/f7d7314d0c14b320036d87bae0759685ed090693/.github/workflows/triage-labelled.yml) --- .github/workflows/triage-labelled.yml | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/.github/workflows/triage-labelled.yml b/.github/workflows/triage-labelled.yml index de2522c9e3..74bcc29d97 100644 --- a/.github/workflows/triage-labelled.yml +++ b/.github/workflows/triage-labelled.yml @@ -2,7 +2,7 @@ name: Move labelled issues to correct boards and columns on: issues: - types: [ labeled ] + types: [labeled] jobs: move_element_x_issues: @@ -10,14 +10,7 @@ jobs: runs-on: ubuntu-latest # Skip in forks if: > - github.repository == 'vector-im/element-x-android' && - (contains(github.event.issue.labels.*.name, 'Z-Setup') || - contains(github.event.issue.labels.*.name, 'Z-BBQ-Alpha') || - contains(github.event.issue.labels.*.name, 'Z-BBQ-Beta') || - contains(github.event.issue.labels.*.name, 'Z-BBQ-Release') || - contains(github.event.issue.labels.*.name, 'Z-Banquet-Alpha') || - contains(github.event.issue.labels.*.name, 'Z-Banquet-Beta') || - contains(github.event.issue.labels.*.name, 'Z-Banquet-Release')) + github.repository == 'vector-im/element-x-android' steps: - uses: octokit/graphql-action@v2.x with: @@ -33,5 +26,5 @@ jobs: projectid: ${{ env.PROJECT_ID }} contentid: ${{ github.event.issue.node_id }} env: - PROJECT_ID: "PN_kwDOAM0swc4ABTXY" + PROJECT_ID: "PVT_kwDOAM0swc4ABTXY" GITHUB_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}