CI improvements (#1012)

.github/workflows/build.yml

@@ -14,17 +14,19 @@ env:
 
 jobs:
   debug:
-    name: Build debug APKs
+    name: Build APKs
     runs-on: ubuntu-latest
+    # Skip for `main` and the merge queue if the branch is up to date with `develop`
     if: github.ref != 'refs/heads/main' && github.event.merge_group.base_ref != 'refs/heads/develop'
     strategy:
+      matrix:
+        variant: [debug, release, nightly, samples]
       fail-fast: false
     # Allow all jobs on develop. Just one per PR.
     concurrency:
-      group: ${{ github.ref == 'refs/heads/develop' && format('build-develop-{0}', github.sha) || format('build-debug-{0}', github.ref)  }}
+      group: ${{ github.ref == 'refs/heads/develop' && format('build-develop-{1}', github.sha) || format('build-{0}-{1}', matrix.variant, github.ref)  }}
       cancel-in-progress: true
     steps:
-      - run: echo ${{ github.event.merge_group.base_ref }}
       - uses: actions/checkout@v3
         with:
           # Ensure we are building the branch and not the branch after being merged on develop
@@ -40,12 +42,14 @@ jobs:
         with:
           cache-read-only: ${{ github.ref != 'refs/heads/develop' }}
       - name: Assemble debug APK
+        if: ${{ matrix.variant == 'debug' }}
         env:
           ELEMENT_ANDROID_MAPTILER_API_KEY: ${{ secrets.MAPTILER_KEY }}
           ELEMENT_ANDROID_MAPTILER_LIGHT_MAP_ID: ${{ secrets.MAPTILER_LIGHT_MAP_ID }}
           ELEMENT_ANDROID_MAPTILER_DARK_MAP_ID: ${{ secrets.MAPTILER_DARK_MAP_ID }}
         run: ./gradlew assembleDebug -PallWarningsAsErrors=true $CI_GRADLE_ARG_PROPERTIES
-      - name: Upload debug APKs
+      - name: Upload APK APKs
+        if: ${{ matrix.variant == 'debug' }}
         uses: actions/upload-artifact@v3
         with:
           name: elementx-debug
@@ -57,12 +61,12 @@ jobs:
         continue-on-error: true
         env:
           token: ${{ secrets.DIAWI_TOKEN }}
-        if: ${{ github.event_name == 'pull_request' && env.token != '' }}
+        if: ${{ matrix.variant == 'debug' && github.event_name == 'pull_request' && env.token != '' }}
         with:
           token: ${{ env.token }}
           file: app/build/outputs/apk/debug/app-arm64-v8a-debug.apk
       - name: Add or update PR comment with QR Code to download APK.
-        if: ${{ github.event_name == 'pull_request' && steps.diawi.conclusion == 'success' }}
+        if: ${{ matrix.variant == 'debug' && github.event_name == 'pull_request' && steps.diawi.conclusion == 'success' }}
         uses: NejcZdovc/comment-pr@v2
         with:
           message: |
@@ -74,8 +78,11 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Compile release sources
+        if: ${{ matrix.variant == 'release' }}
         run: ./gradlew compileReleaseSources -PallWarningsAsErrors=true $CI_GRADLE_ARG_PROPERTIES
       - name: Compile nightly sources
+        if: ${{ matrix.variant == 'nightly' }}
         run: ./gradlew compileNightlySources -PallWarningsAsErrors=true $CI_GRADLE_ARG_PROPERTIES
       - name: Compile samples minimal
+        if: ${{ matrix.variant == 'samples' }}
         run: ./gradlew :samples:minimal:assemble $CI_GRADLE_ARG_PROPERTIES

.github/workflows/danger.yml

@@ -5,6 +5,7 @@ on: [pull_request, merge_group]
 jobs:
   build:
     runs-on: ubuntu-latest
+    # Don't run in the merge queue again if the branch is up to date with `develop`
     if: github.event.merge_group.base_ref != 'refs/heads/develop'
     name: Danger main check
     steps:

.github/workflows/gradle-wrapper-validation.yml

@@ -8,6 +8,7 @@ on:
 jobs:
   validation:
     name: "Validation"
+    # Don't run in the merge queue again if the branch is up to date with `develop`
     if: github.event.merge_group.base_ref != 'refs/heads/develop'
     runs-on: ubuntu-latest
     # No concurrency required, this is a prerequisite to other actions and should run every time.

.github/workflows/quality.yml

@@ -16,6 +16,7 @@ jobs:
   checkScript:
     name: Search for forbidden patterns
     runs-on: ubuntu-latest
+    # Don't run in the merge queue again if the branch is up to date with `develop`
     if: github.event.merge_group.base_ref != 'refs/heads/develop'
     steps:
       - uses: actions/checkout@v3
@@ -25,6 +26,7 @@ jobs:
   check:
     name: Project Check Suite
     runs-on: ubuntu-latest
+    # Don't run in the merge queue again if the branch is up to date with `develop`
     if: github.event.merge_group.base_ref != 'refs/heads/develop'
     # Allow all jobs on main and develop. Just one per PR.
     concurrency:

.github/workflows/sonar.yml

@@ -0,0 +1,51 @@
+name: Code Quality Checks
+
+on:
+  workflow_dispatch:
+  pull_request:
+  merge_group:
+  push:
+    branches: [ main, develop ]
+
+# Enrich gradle.properties for CI/CD
+env:
+  GRADLE_OPTS: -Dorg.gradle.jvmargs="-Xmx3072m -Dfile.encoding=UTF-8 -XX:+HeapDumpOnOutOfMemoryError" -XX:MaxMetaspaceSize=512m -Dkotlin.daemon.jvm.options="-Xmx2g" -Dkotlin.incremental=false
+  CI_GRADLE_ARG_PROPERTIES: --stacktrace -PpreDexEnable=false --max-workers 2 --no-daemon --warn
+
+jobs:
+  sonar:
+    name: Project Check Suite
+    runs-on: ubuntu-latest
+    # Don't run in the merge queue again if the branch is up to date with `develop`
+    if: github.event.merge_group.base_ref != 'refs/heads/develop'
+    # Allow all jobs on main and develop. Just one per PR.
+    concurrency:
+      group: ${{ github.ref == 'refs/heads/main' && format('sonar-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('sonar-develop-{0}', github.sha) || format('sonar-{0}', github.ref) }}
+      cancel-in-progress: true
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          # Ensure we are building the branch and not the branch after being merged on develop
+          # https://github.com/actions/checkout/issues/881
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
+      - name: Use JDK 17
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin' # See 'Supported distributions' for available options
+          java-version: '17'
+      - name: Configure gradle
+        uses: gradle/gradle-build-action@v2.7.0
+        with:
+          cache-read-only: ${{ github.ref != 'refs/heads/develop' }}
+      - name: 🔊 Publish results to Sonar
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          ORG_GRADLE_PROJECT_SONAR_LOGIN: ${{ secrets.SONAR_TOKEN }}
+        if: ${{ always() && env.SONAR_TOKEN != '' && env.ORG_GRADLE_PROJECT_SONAR_LOGIN != '' }}
+        run: ./gradlew sonar $CI_GRADLE_ARG_PROPERTIES
+      - name: Prepare Danger
+        if: always()
+        run: |
+          npm install --save-dev @babel/core
+          npm install --save-dev @babel/plugin-transform-flow-strip-types
+          yarn add danger-plugin-lint-report --dev

.github/workflows/tests.yml

@@ -16,6 +16,7 @@ jobs:
   tests:
     name: Runs unit tests
     runs-on: ubuntu-latest
+    # Don't run in the merge queue again if the branch is up to date with `develop`
     if: github.event.merge_group.base_ref != 'refs/heads/develop'
 
     # Allow all jobs on main and develop. Just one per PR.

.github/workflows/validate-lfs.yml

@@ -5,6 +5,7 @@ on: [pull_request, merge_group]
 jobs:
   build:
     runs-on: ubuntu-latest
+    # Don't run in the merge queue again if the branch is up to date with `develop`
     if: github.event.merge_group.base_ref != 'refs/heads/develop'
     name: Validate
     steps: