Merge branch 'master' into vk.transform_migration

Author: vkryachko

.github/workflows/build-release-artifacts.yml

@@ -16,7 +16,7 @@ jobs:
 
       - name: Perform gradle build
         run: |
-          ./gradlew  firebasePublish -PprojectsToPublish=firebase-firestore -PpublishMode=RELEASE -PincludeFireEscapeArtifacts=true
+          ./gradlew firebasePublish -PpublishConfigFilePath=release.cfg -PpublishMode=RELEASE -PincludeFireEscapeArtifacts=true
       - name: Upload generated artifacts
         uses: actions/upload-artifact@v2
         with:

.github/workflows/build-src-check.yml

@@ -26,7 +26,7 @@ jobs:
         run: |
           ./gradlew -b buildSrc/build.gradle.kts -PenablePluginTests=true check
       - name: Publish Test Results
-        uses: EnricoMi/publish-unit-test-result-action@v1
+        uses: EnricoMi/publish-unit-test-result-action@b9f6c61d965bcaa18acc02d6daf706373a448f02
         with:
           files: "**/build/test-results/**/*.xml"
           check_name: "buildSrc Test Results"

.github/workflows/ci_tests.yml

@@ -122,7 +122,7 @@ jobs:
           FTL_RESULTS_DIR: ${{ github.event_name == 'pull_request' && format('pr-logs/pull/{0}/{1}/{2}/{3}_{4}/artifacts/', github.repository, github.event.pull_request.number, github.job, github.run_id, github.run_attempt) || format('logs/{0}/{1}_{2}/artifacts/', github.workflow, github.run_id, github.run_attempt)}}
           FIREBASE_APP_CHECK_DEBUG_SECRET: ${{ secrets.FIREBASE_APP_CHECK_DEBUG_SECRET }}
         run: |
-          ./gradlew ${{matrix.module}}:deviceCheck withErrorProne -PuseProdBackendForTests=true
+          ./gradlew ${{matrix.module}}:deviceCheck withErrorProne -PtargetBackend="prod"
 
   publish-test-results:
     name: "Publish Tests Results"

.github/workflows/create_releases.yml

@@ -7,6 +7,10 @@ on:
         description: 'Release name'
         required: true
         type: string
+      past-name:
+        description: 'Past release name'
+        required: true
+        type: string
 
 jobs:
   create-branches:
@@ -15,35 +19,27 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: Create base branch
-        uses: peterjgrainger/action-create-branch@v2.2.0
+        uses: peterjgrainger/action-create-branch@c2800a3a9edbba2218da6861fa46496cf8f3195a
         with:
           branch: 'releases/${{ inputs.name }}'
-      - name: Create release branch
-        uses: peterjgrainger/[email protected]
-        with:
-          branch: 'releases/${{ inputs.name }}.release'
 
   create-pull-request:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
 
       - name: Create release configuration template
         run: |
-          git config user.name 'Create Release GA'
-          git config user.email '[email protected]'
-          echo "[release]" > release.cfg
-          echo "name = ${{ inputs.name }}" >> release.cfg
-          echo "mode = RELEASE" >> release.cfg
-          echo "" >> release.cfg
-          echo "[modules]" >> release.cfg
-          echo "" >> release.cfg
-          git add release.cfg
-          git commit -a -m 'Create release config'
+          ./gradlew generateReleaseConfig -PcurrentRelease=${{ inputs.name }} -PpastRelease=${{ inputs.past-name }} -PprintOutput=true
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v4
         with:
           base: 'releases/${{ inputs.name }}'
           branch: 'releases/${{ inputs.name }}.release'
+          add-paths: release.cfg
           title: '${{ inputs.name}} release'
+          body: 'Auto-generated PR for release ${{ inputs.name}}'
+          commit-message: 'Create release config for ${{ inputs.name }}'

.github/workflows/diff-javadoc.yml

@@ -0,0 +1,70 @@
+name: Diff Javadoc
+
+on:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Make Dir
+        run: mkdir ~/diff
+
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 2
+          submodules: true
+
+      - name: Set up JDK 11
+        uses: actions/setup-java@v2
+        with:
+          java-version: 11
+          distribution: temurin
+          cache: gradle
+
+      - name: Changed Modules
+        id: changed-modules
+        run: |
+          git diff --name-only HEAD~1 | xargs printf -- '--changed-git-paths %s\n' | xargs ./gradlew writeChangedProjects --output-file-path=modules.json --only-firebase-sdks
+          echo "run=$(cat modules.json | sed "s/[]\"[]//g" | sed "s/,/\n/g" | xargs printf -- "%s:kotlinDoc ")" >> $GITHUB_OUTPUT
+
+      - name: Build
+        # Certain SDKs won't export docs, make a blank folder to diff if that's the case
+        run: mkdir build && ./gradlew ${{ steps.changed-modules.outputs.run }}
+
+      - name: Move original docs
+        run: mv build ~/diff/modified
+
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.base_ref }}
+
+      - name: Build
+        # Certain SDKs won't export docs, make a blank folder to diff if that's the case
+        run: mkdir build && ./gradlew ${{ steps.changed-modules.outputs.run }}
+
+      - name: Move modified docs
+        run: mv build ~/diff/original
+
+      - name: Diff docs
+        run: >
+          `# Recursively diff directories, including new files, git style, with 3 lines of context`
+          diff -wEburN ~/diff/original ~/diff/modified
+          `# Remove the first line and new file signifier of the output`
+          | tail -n +2
+          `# Replace the diff new file signifier with the end and start of a new codeblock`
+          | sed "s/^diff.*$/\`\`\`\\n\`\`\`diff/g"
+          `# Add a collapsable block, summary, and start the first code block on the first line`
+          | sed "1s/^/<details>\\n<summary>Javadoc Changes:<\/summary>\\n\\n\`\`\`diff\\n/"
+          `# Close the final code block and close the collapsable on the final line`
+          | sed "$ s/$/\\n\`\`\`\\n<\/details>/"
+          `# Write to diff.md for later`
+          > diff.md
+
+      - name: Add comment
+        continue-on-error: true
+        uses: mshick/add-pr-comment@a65df5f64fc741e91c59b8359a4bc56e57aaf5b1
+        with:
+          message-path: diff.md

.github/workflows/health-metrics.yml

@@ -1,7 +1,7 @@
 name: Health Metrics
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
   cancel-in-progress: true
 
 on:
@@ -122,7 +122,12 @@ jobs:
           echo $INTEG_TESTS_GOOGLE_SERVICES | base64 -d > $BENCHMARK_APP_LOCATION
       - name: Run startup-time tests (presubmit)
         if: ${{ github.event_name == 'pull_request' }}
-        run: fireci macrobenchmark ci --pull-request
+        run: |
+          git diff --name-only HEAD~1 | \
+            xargs printf -- '--changed-git-paths %s\n' | \
+            xargs ./gradlew writeChangedProjects --output-file-path=modules.json
+          fireci macrobenchmark ci --pull-request --changed-modules-file modules.json
       - name: Run startup-time tests (post-submit)
         if: ${{ github.event_name == 'push' }}
-        run: fireci macrobenchmark ci --push
+        run: |
+          fireci macrobenchmark ci --push

.github/workflows/jekyll-gh-pages.yml

@@ -0,0 +1,55 @@
+name: Jekyll with GitHub Pages
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: ["master"]
+    paths:
+      - '.github/workflows/jekyll-gh-pages.yml'
+      - 'contributor-docs/**'
+  pull_request:
+    paths:
+      - '.github/workflows/jekyll-gh-pages.yml'
+      - 'contributor-docs/**'
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow one concurrent deployment
+concurrency:
+  group: "pages"
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Pages
+        uses: actions/configure-pages@v2
+      - name: Build with Jekyll
+        uses: actions/jekyll-build-pages@v1
+        with:
+          source: ./contributor-docs
+          destination: ./_site
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v1
+
+  deploy:
+    if: ${{ github.event_name == 'push' && github.repository == 'firebase/firebase-android-sdk' }}
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v1

.github/workflows/merge-to-main.yml

@@ -15,7 +15,7 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-    - uses: mshick/add-pr-comment@v2
+    - uses: mshick/add-pr-comment@a65df5f64fc741e91c59b8359a4bc56e57aaf5b1
       with:
         message: >
           ### 📝 PRs merging into main branch

.github/workflows/scorecards.yml

@@ -0,0 +1,72 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecards supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '45 11 * * 1'
+  push:
+    branches: [ "master" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27
+        with:
+          sarif_file: results.sarif

.github/workflows/update-cpp-sdk-on-release.yml

@@ -62,7 +62,7 @@ jobs:
           ref: main
 
       - name: Get firebase-workflow-trigger token
-        uses: tibdex/github-app-token@v1
+        uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c
         id: generate-token
         with:
           app_id: ${{ secrets.CPP_WORKFLOW_TRIGGER_APP_ID }}