Sync with microG unofficial installer

Author: ale5000-git

.github/workflows/auto-nightly.yml

@@ -14,16 +14,18 @@ on:
 concurrency:
   group: "${{ github.repository_id }}-${{ github.workflow }}"
   cancel-in-progress: true
-env:
-  GITHUB_REPOSITORY_DEFAULT_BRANCH: "${{ github.event.repository.default_branch }}"
 
 jobs:
   nightly:
     name: "Nightly"
     runs-on: ubuntu-latest
     if: "${{ github.event_name == 'push' && github.ref_type == 'branch' }}"
     permissions:
-      contents: write # Needed to create a tag
+      contents: write # Needed to delete a release and to modify a tag
+      id-token: write # Needed to attest build provenance
+      attestations: write # Needed to attest build provenance
+    env:
+      GITHUB_REPOSITORY_DEFAULT_BRANCH: "${{ github.event.repository.default_branch }}"
 
     steps:
       - name: "Checkout sources"
@@ -40,12 +42,19 @@ jobs:
           restore-keys: "build-"
           path: "cache/build"
           enableCrossOsArchive: true
-      - name: "Build nightly"
+      - name: "Build the flashable OTA zip"
         id: "build"
         shell: bash
         run: |
-          # Building nightly...
+          # Building...
           BUILD_TYPE='oss' '${{ github.workspace }}/build.sh'
+      - name: "Attest build provenance"
+        id: "attest"
+        uses: actions/attest-build-provenance@v2
+        if: "${{ vars.NIGHTLY_ATTESTATION == 'true' && github.run_attempt == '1' && steps.build.outputs.ZIP_BUILD_TYPE_SUPPORTED == 'true' }}"
+        with:
+          subject-path: "${{ steps.build.outputs.ZIP_FOLDER }}/*.zip"
+          show-summary: false
       - name: "ZIP info"
         run: |
           # Retrieve informations...
@@ -58,6 +67,7 @@ jobs:
           ZIP_IS_ALPHA='${{ steps.build.outputs.ZIP_IS_ALPHA }}'
           ZIP_SHA256='${{ steps.build.outputs.ZIP_SHA256 }}'
           ZIP_MD5='${{ steps.build.outputs.ZIP_MD5 }}'
+          ZIP_ATTESTATION='${{ steps.attest.outputs.attestation-url }}'
           # Displaying informations...
           printf '%s\n' "::notice::Filename: ${ZIP_FILENAME:-Missing}"
           printf '%s\n' "::notice::Version: ${ZIP_VERSION:-Missing}"
@@ -67,6 +77,7 @@ jobs:
           printf '%s\n' "::notice::Is alpha: ${ZIP_IS_ALPHA:-Missing}"
           printf '%s\n' "::notice::SHA-256: ${ZIP_SHA256:-Missing}"
           printf '%s\n' "::notice::MD5: ${ZIP_MD5:-Missing}"
+          printf '%s\n' "::notice::Attestation: ${ZIP_ATTESTATION:-Missing}"
           : "${ZIP_FOLDER:?}" || exit "${?}"
       - name: "Do we need to publish the nightly build?"
         id: "nightly-logic"
@@ -122,13 +133,15 @@ jobs:
           name: "${{ steps.build.outputs.ZIP_VERSION }} nightly"
           tag_name: "nightly"
           target_commitish: "${{ github.sha }}"
-          body: "Latest automatically built ZIP (unstable development snapshot)\n\nSHA-256: ${{ steps.build.outputs.ZIP_SHA256 }}"
+          body: "Latest automatically built ZIP (unstable development snapshot).\nAttestation: ${{ steps.attest.outputs.attestation-url }}\n\nSHA-256: ${{ steps.build.outputs.ZIP_SHA256 }}"
           append_body: false
           generate_release_notes: false
           make_latest: false
           draft: false
           prerelease: true
-          files: "${{ steps.build.outputs.ZIP_FOLDER }}/*.zip*"
+          files: |
+            ${{ steps.build.outputs.ZIP_FOLDER }}/*.zip*
+            ${{ steps.attest.outputs.bundle-path }}
           fail_on_unmatched_files: true
       - name: "Upload artifacts"
         uses: actions/upload-artifact@v4
@@ -140,13 +153,15 @@ jobs:
           retention-days: 10
           compression-level: 0
 
-  keep-cache:
-    name: "Keep cache alive"
+  keep-alive:
+    name: "Keep alive"
     runs-on: ubuntu-latest
     if: "${{ github.event_name == 'schedule' }}"
+    permissions:
+      actions: write # Needed to keep alive the workflow
 
     steps:
-      - name: "Checkout sources"
+      - name: "Checkout file"
         uses: actions/checkout@v4
         with:
           sparse-checkout: |
@@ -159,3 +174,24 @@ jobs:
           path: "cache/build"
           enableCrossOsArchive: true
           lookup-only: true
+      - name: "Keep workflow alive"
+        uses: actions/github-script@v7
+        env:
+          WORKFLOW_REF: "${{ github.workflow_ref }}"
+        with:
+          retries: 3
+          script: |
+            /* jshint esversion: 6 */
+            const workflow_filename = process.env.WORKFLOW_REF.split('@', 1)[0].split('/').slice(2).join('/');
+            const response = await github.rest.actions.enableWorkflow({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              workflow_id: workflow_filename
+            }).catch(response => response);
+            if(response && response.status === 204) {
+              // OK
+            } else {
+              let errorMsg = 'enableWorkflow failed';
+              if(response && response.status && response.message) errorMsg += ' with error ' + response.status + ' (' + response.message + ')';
+              throw new Error(errorMsg);
+            }

.github/workflows/coverage.yml

@@ -41,8 +41,8 @@ jobs:
           #sudo apt-get -qq -y install moreutils 1>/dev/null
           bashcov '${{ github.workspace }}/build.sh' # To timestamp the output pipe it to: TZ=UTC ts '[%H:%M:%S]'
       - name: "Testing (with coverage)"
-        if: "${{ steps.build.outputs.ZIP_BUILD_TYPE_SUPPORTED == 'true' }}"
         shell: bash
+        if: "${{ steps.build.outputs.ZIP_BUILD_TYPE_SUPPORTED == 'true' }}"
         run: |
           # Testing of zip installation...
           echo '==========================='
@@ -64,18 +64,31 @@ jobs:
             cat '${{ github.workspace }}/recovery-simulator/output/installed-files.log'
           fi
       - name: "Verify Codecov token"
+        id: "codecov-token"
         shell: bash
+        if: "${{ steps.build.outputs.ZIP_BUILD_TYPE_SUPPORTED == 'true' }}"
         run: |
           # Verifying token...
-          test -n '${{ secrets.CODECOV_TOKEN }}' || exit 3
+          token_set='true'
+          test -n '${{ secrets.CODECOV_TOKEN }}' || token_set='false'
+          printf 'TOKEN_SET=%s\n' "${token_set:?}" 1>> "${GITHUB_OUTPUT?}"
       - name: "Upload coverage reports to Codecov"
-        if: "${{ github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && github.repository_owner == 'micro5k' }}"
+        if: "${{ steps.codecov-token.outputs.TOKEN_SET == 'true' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }}"
         uses: codecov/codecov-action@v5
         with:
           fail_ci_if_error: true
           token: "${{ secrets.CODECOV_TOKEN }}"
+      - name: "Verify Codacy token"
+        id: "codacy-token"
+        shell: bash
+        if: "${{ steps.build.outputs.ZIP_BUILD_TYPE_SUPPORTED == 'true' }}"
+        run: |
+          # Verifying token...
+          token_set='true'
+          test -n '${{ secrets.CODACY_PROJECT_TOKEN }}' || token_set='false'
+          printf 'TOKEN_SET=%s\n' "${token_set:?}" 1>> "${GITHUB_OUTPUT?}"
       - name: "Upload coverage reports to Codacy"
-        if: "${{ github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && github.repository_owner == 'micro5k' }}"
+        if: "${{ steps.codacy-token.outputs.TOKEN_SET == 'true' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }}"
         uses: codacy/codacy-coverage-reporter-action@v1
         with:
           project-token: "${{ secrets.CODACY_PROJECT_TOKEN }}"

.gitlab-ci.yml

@@ -44,7 +44,7 @@ build-job:
   artifacts:
     paths:
       - output/*.zip*
-    expire_in: 1 hour
+    expire_in: 30 minutes
 
 # license_scanning:
 #   stage: test

build.sh

@@ -178,14 +178,14 @@ FILENAME_MIDDLE="${FILENAME_COMMIT_ID:?}"
 FILENAME_END="-${BUILD_TYPE:?}-by-${MODULE_AUTHOR:?}"
 
 if test "${CI:-false}" != 'false'; then
+  if test "${CI_PROJECT_NAMESPACE:-${GITHUB_REPOSITORY_OWNER:-unknown}}" != 'micro''5k'; then
+    FILENAME_MIDDLE="fork-${FILENAME_MIDDLE:?}" # GitLab / GitHub
+  fi
   if test -n "${CI_COMMIT_BRANCH-}" && test "${CI_COMMIT_BRANCH:?}" != "${CI_DEFAULT_BRANCH:-unknown}"; then
-    FILENAME_MIDDLE="${FILENAME_MIDDLE:?}-[${CI_COMMIT_BRANCH:?}]" # GitLab
+    FILENAME_MIDDLE="${CI_COMMIT_BRANCH:?}-${FILENAME_MIDDLE:?}" # GitLab
   fi
   if test "${GITHUB_REF_TYPE-}" = 'branch' && test -n "${GITHUB_REF_NAME-}" && test "${GITHUB_REF_NAME:?}" != "${GITHUB_REPOSITORY_DEFAULT_BRANCH:-main}"; then
-    FILENAME_MIDDLE="${FILENAME_MIDDLE:?}-[${GITHUB_REF_NAME:?}]" # GitHub
-  fi
-  if test "${CI_PROJECT_NAMESPACE:-${GITHUB_REPOSITORY_OWNER:-unknown}}" != 'micro''5k'; then
-    FILENAME_MIDDLE="${FILENAME_MIDDLE:?}-[fork]" # GitLab / GitHub
+    FILENAME_MIDDLE="${GITHUB_REF_NAME:?}-${FILENAME_MIDDLE:?}" # GitHub
   fi
 fi