New Crowdin updates (#1465) #6338

Workflow file for this run

	name: CI

	on:
	pull_request:
	types:
	- ready_for_review
	- synchronize
	- opened
	push:
	branches:
	- main

	concurrency:
	group: ${{ github.ref }}
	cancel-in-progress: true

	jobs:
	snyk_scan:
	if: >
	( github.event.action == 'opened' && github.event.pull_request.draft == false ) \|\|
	( github.event.pull_request.draft == false && github.event.action == 'synchronize' ) \|\|
	( github.event.action == 'ready_for_review' ) \|\|
	( github.event_name == 'push' && github.ref == 'refs/heads/main' )
	permissions:
	id-token: write
	contents: read
	name: "Snyk scan"
	runs-on: ubuntu-latest
	steps:
	- uses: RDXWorks-actions/checkout@main
	- uses: RDXWorks-actions/setup-node@main
	with:
	node-version: '14'
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
	app_name: 'babylon-wallet-ios'
	step_name: 'snyk_online_monitor'
	secret_prefix: 'SNYK'
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/snyk-credentials-rXRpuX'
	parse_json: true
	- name: Create .snyk file
	run: echo "${{ vars.DOT_SNYK_FILE }}" > .snyk
	- name: Install snyk
	run: \|
	npm install snyk -g
	snyk -v
	snyk auth ${{ env.SNYK_TOKEN }}
	- name: Snyk deps and licences scan
	run: \|
	timeout 300 snyk test --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} --severity-threshold=high \|\| [ "$?" = "124" ]
	- name: Snyk code scan
	continue-on-error: true
	run: \|
	timeout 300 snyk code test --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} --severity-threshold=high \|\| [ "$?" = "124" ]

	snyk_sbom:
	if: >
	( github.event.action == 'opened' && github.event.pull_request.draft == false ) \|\|
	( github.event.pull_request.draft == false && github.event.action == 'synchronize' ) \|\|
	( github.event.action == 'ready_for_review' ) \|\|
	( github.event_name == 'push' && github.ref == 'refs/heads/main' )
	permissions:
	id-token: write
	contents: read
	name: "Snyk SBOM"
	runs-on: ubuntu-latest
	steps:
	- uses: RDXWorks-actions/checkout@main
	- uses: RDXWorks-actions/setup-node@main
	with:
	node-version: '14'
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
	app_name: 'babylon-wallet-ios'
	step_name: 'snyk_sbom'
	secret_prefix: 'SNYK'
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/snyk-credentials-rXRpuX'
	parse_json: true
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-babylon-wallet-ios-secrets-read-access'
	app_name: 'babylon-wallet-ios'
	step_name: 'snyk_sbom'
	secret_prefix: WALLET
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/radixdlt/babylon-wallet-ios/secret-vTE3y0'
	parse_json: true
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-babylon-wallet-ios-secrets-read-access'
	app_name: 'babylon-wallet-ios'
	step_name: 'unit_test'
	secret_prefix: 'SWIFT_ENGINE_TOOLKIT_SSH_KEY'
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/radixdlt/babylon-wallet-ios/swift-ssh-dLcxg6'
	parse_json: true
	- uses: RDXWorks-actions/ssh-agent@master
	with:
	ssh-private-key: \|
	${{ env.SWIFT_ENGINE_TOOLKIT_SSH_KEY }}
	- name: Install snyk
	run: \|
	npm install snyk -g
	snyk -v
	snyk auth ${{ env.SNYK_TOKEN }}
	- name: Generate SBOM # check SBOM can be generated but nothing is done with it
	run: \|
	snyk sbom --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }} --format=cyclonedx1.4+json > sbom.json

	linting:
	name: "Linting"
	if: >
	( github.event.action == 'opened' && github.event.pull_request.draft == false ) \|\|
	( github.event.pull_request.draft == false && github.event.action == 'synchronize' ) \|\|
	( github.event.action == 'ready_for_review' ) \|\|
	( github.event_name == 'push' && github.ref == 'refs/heads/main' )
	runs-on: macos-15-xlarge

	steps:
	- uses: RDXWorks-actions/checkout@main

	- name: "Run Lint"
	run: \|
	brew update
	brew upgrade swiftformat
	swiftformat . --lint

	unit_test:
	if: >
	( github.event.action == 'opened' && github.event.pull_request.draft == false ) \|\|
	( github.event.pull_request.draft == false && github.event.action == 'synchronize' ) \|\|
	( github.event.action == 'ready_for_review' ) \|\|
	( github.event_name == 'push' && github.ref == 'refs/heads/main' )
	permissions:
	id-token: write
	contents: read
	checks: write
	name: "Unit test"
	runs-on: macos-15-xlarge
	timeout-minutes: 20

	needs:
	- linting

	steps:
	- uses: RDXWorks-actions/checkout@main
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-babylon-wallet-ios-secrets-read-access'
	app_name: 'babylon-wallet-ios'
	step_name: 'babylon-wallet-ios-wallet-secrets'
	secret_prefix: WALLET
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/radixdlt/babylon-wallet-ios/secret-vTE3y0'
	parse_json: true

	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-babylon-wallet-ios-secrets-read-access'
	app_name: 'babylon-wallet-ios'
	step_name: 'babylon-wallet-ios-fastlane-repo-ssh'
	secret_prefix: FASTLANE_MATCH_REPO_SSH_KEY
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/radixdlt/babylon-wallet-ios/fastlane-ssh-OKSWFa'
	parse_json: true

	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-babylon-wallet-ios-secrets-read-access'
	app_name: 'babylon-wallet-ios'
	step_name: 'babylon-wallet-ios-swift-engine-toolkit-ssh'
	secret_prefix: SWIFT_ENGINE_TOOLKIT_SSH_KEY
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/radixdlt/babylon-wallet-ios/swift-ssh-dLcxg6'
	parse_json: true

	- uses: RDXWorks-actions/ssh-agent@master
	with:
	ssh-private-key: \|
	${{ env.SWIFT_ENGINE_TOOLKIT_SSH_KEY }}
	${{ env.FASTLANE_MATCH_REPO_SSH_KEY }}

	- uses: RDXWorks-actions/setup-xcode@master
	with:
	xcode-version: "16.0.0"

	- name: "Set up ruby"
	uses: RDXWorks-actions/setup-ruby@master
	with:
	ruby-version: 3.1.2
	bundler-cache: true

	- name: "Install additional deps"
	run: \|
	echo "${{ env.WALLET_FASTLANE_SECRETS_BASE64 }}" \| base64 --decode > fastlane/.env.secret
	brew install xcbeautify

	- name: "Unit tests"
	run: \|
	defaults write com.apple.dt.Xcode IDESkipMacroFingerprintValidation -bool YES
	bundle exec fastlane tests

	snyk_online_monitor:
	permissions:
	id-token: write
	contents: read
	name: "Snyk monitoring"
	runs-on: ubuntu-latest
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	needs:
	- unit_test
	- snyk_scan
	- snyk_sbom
	steps:
	- uses: RDXWorks-actions/checkout@main
	- uses: RDXWorks-actions/setup-node@main
	with:
	node-version: '14'
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
	app_name: 'babylon-wallet-ios'
	step_name: 'snyk_online_monitor'
	secret_prefix: 'SNYK'
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/snyk-credentials-rXRpuX'
	parse_json: true
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-babylon-wallet-ios-secrets-read-access'
	app_name: 'babylon-wallet-ios'
	step_name: 'snyk_online_monitor'
	secret_prefix: WALLET
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/radixdlt/babylon-wallet-ios/secret-vTE3y0'
	parse_json: true
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-babylon-wallet-ios-secrets-read-access'
	app_name: 'babylon-wallet-ios'
	step_name: 'unit_test'
	secret_prefix: 'SWIFT_ENGINE_TOOLKIT_SSH_KEY'
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/radixdlt/babylon-wallet-ios/swift-ssh-dLcxg6'
	parse_json: true
	- uses: RDXWorks-actions/ssh-agent@master
	with:
	ssh-private-key: \|
	${{ env.SWIFT_ENGINE_TOOLKIT_SSH_KEY }}
	- name: Install snyk
	run: \|
	npm install snyk -g
	snyk -v
	snyk auth ${{ env.SNYK_TOKEN }}
	- name: Enable Snyk online monitoring to check for vulnerabilities
	run: \|
	snyk monitor --all-projects --org=${{ env.SNYK_COREAPPS_ORG_ID }}

	# snapshot_tests:
	# name: "Snapshot tests"
	# runs-on: macos-12

	# needs:
	# - assertFormated

	# steps:
	# - uses: RDXWorks-actions/checkout@main

	# - name: "Run snapshot tests"
	# run: echo "Runing snapshot tests" # JUST A PLACEHOLDER, NEEDS TO BE REPLACED

	# ui_tests:
	# name: "UI tests"
	# runs-on: macos-12

	# needs:
	# - assertFormated

	# steps:
	# - uses: RDXWorks-actions/checkout@main

	# - name: "Run UI tests"
	# run: echo "Runing UI tests" # JUST A PLACEHOLDER, NEEDS TO BE REPLACED

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New Crowdin updates (#1465) #6338

Workflow file

New Crowdin updates (#1465) #6338

Jobs

Run details

Workflow file for this run