google-sync-addon/.github/workflows/generate-perm-xml.yml at main · micro5k/google-sync-addon · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
---
# SPDX-FileCopyrightText: NONE
# SPDX-License-Identifier: CC0-1.0

name: "Generate permission XML files"
permissions: {}
on:
  workflow_dispatch:
  schedule:
    # At 02:00 AM, every 6 days (UTC)
    - cron: "0 2 */6 * *"

jobs:
  generation:
    name: "Generation"
    runs-on: ubuntu-latest
    timeout-minutes: 20
    if: "${{ github.event_name != 'schedule' }}"
    permissions:
      contents: read # Needed to checkout the repository (only required for private repositories)

    steps:
      - name: "Checkout sources"
        uses: actions/checkout@v6
      - name: "Use cache"
        id: cache-step
        uses: actions/cache@v5
        timeout-minutes: 5
        with:
          key: "perms-${{ hashFiles('tools/dl-perm-list.sh') }}"
          restore-keys: "perms-"
          path: "cache/tools/perms"
          enableCrossOsArchive: true
      - name: "Execute script"
        shell: bash
        timeout-minutes: 10
        run: |
          # Executing script...
          export TOOLS_DATA_DIR='./cache/tools'
          if test ! -d './cache/tools/perms' || '${{ steps.cache-step.outputs.cache-hit != 'true' }}'; then
            './tools/dl-perm-list.sh' || exit "${?}"
          fi
          find './zip-content' -name '*.apk' | './tools/generate-perm-xml.sh' --use-placeholders - || exit "${?}"
      - name: "Upload artifacts"
        uses: actions/upload-artifact@v7
        with:
          name: "XML permissions"
          path: "output/*.xml"
          overwrite: false
          retention-days: 10
          if-no-files-found: "error"

  keep-alive:
    name: "Keep alive"
    runs-on: ubuntu-latest
    timeout-minutes: 10
    if: "${{ github.event_name == 'schedule' }}"
    permissions:
      contents: read # Needed to checkout the repository (only required for private repositories)
      actions: write # Needed to keep alive the workflow

    steps:
      - name: "Checkout file"
        uses: actions/checkout@v6
        with:
          sparse-checkout: |
            tools/dl-perm-list.sh
          sparse-checkout-cone-mode: false
      - name: "Ping cache" # Cache expiration: 7 days
        uses: actions/cache@v5
        timeout-minutes: 5
        with:
          key: "perms-${{ hashFiles('tools/dl-perm-list.sh') }}"
          path: "cache/tools/perms"
          enableCrossOsArchive: true
          lookup-only: true
      - name: "Keep workflow alive"
        uses: actions/github-script@v8
        timeout-minutes: 5
        env:
          WORKFLOW_REF: "${{ github.workflow_ref }}"
        with:
          retries: 3
          script: |
            /* jshint esversion: 11 */
            const workflow_filename = process.env.WORKFLOW_REF.split('@', 1).at(0).split('/').slice(2).join('/');
            const response = await github.rest.actions.enableWorkflow({
              owner: context.repo.owner,
              repo: context.repo.repo,
              workflow_id: workflow_filename
            }).catch(response => response);
            if(response && response.status === 204) {
              console.log('Workflow enabled.');
            } else {
              let errorMsg = 'enableWorkflow failed';
              if(response && response.status && response.message) errorMsg += ' with error ' + response.status + ' (' + response.message + ')';
              throw new Error(errorMsg);
            }