[WIP] Modify pipeline temporarily for fork

Author: FabioTacke

.github/workflows/ci.yml

@@ -9,7 +9,7 @@ jobs:
   build-gradle:
     name: Build
     # Run on external PRs, but not on internal PRs since those will be run by push to branch
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, ARM64]
     outputs:
       code-version: ${{ steps.extract.outputs.CODE_VERSION }}
     steps:
@@ -34,7 +34,7 @@ jobs:
         run: echo "CODE_VERSION=$(awk -F= '$1~/VERSION_NAME/{print $2}' gradle.properties)" >> $GITHUB_OUTPUT
 
   unit-tests:
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, ARM64]
     needs: [ build-gradle ]
     permissions:
       contents: read
@@ -57,7 +57,7 @@ jobs:
           arguments: test --full-stacktrace
 
   android-tests:
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, ARM64]
     timeout-minutes: 35
     needs: [ build-gradle, unit-tests ]
     strategy:
@@ -121,38 +121,38 @@ jobs:
           disable-animations: true
           script: ./gradlew connectedCheck --stacktrace
 
-  publish-to-snapshot:
-    name: Publish SNAPSHOT to sonatype.org
-    needs: [ android-tests ]
-    # Runs only in main
-    if: github.event_name != 'pull_request' && endsWith(needs.build-gradle.outputs.code-version, '-SNAPSHOT') && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release')) &&  github.repository_owner == 'eu-digital-identity-wallet'
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-    steps:
-
-      - name: Checkout the code
-        uses: actions/checkout@v4
-
-      - name: Set up JDK 17
-        uses: actions/setup-java@v4
-        with:
-          java-version: 17
-          distribution: "temurin"
-
-      - name: Validate Gradle Wrapper
-        uses: gradle/actions/wrapper-validation@v3
-
-      - name: Publish with Gradle Wrapper
-        uses: gradle/actions/setup-gradle@v3
-        with:
-          arguments: publishAllPublicationsToMavenCentral --full-stacktrace
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GIT_REF_NAME: ${{ github.ref_name }}
-          ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.OSSRH_GPG_KEY_ID }}
-          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
-          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.OSSRH_GPG_PASSPHRASE }}
-          ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.OSSRH_USERNAME }}
-          ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.OSSRH_PASSWORD }}
+  # publish-to-snapshot:
+  #   name: Publish SNAPSHOT to sonatype.org
+  #   needs: [ android-tests ]
+  #   # Runs only in main
+  #   if: github.event_name != 'pull_request' && endsWith(needs.build-gradle.outputs.code-version, '-SNAPSHOT') && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release')) &&  github.repository_owner == 'eu-digital-identity-wallet'
+  #   runs-on: [self-hosted, ARM64]
+  #   permissions:
+  #     contents: read
+  #     packages: write
+  #   steps:
+
+  #     - name: Checkout the code
+  #       uses: actions/checkout@v4
+
+  #     - name: Set up JDK 17
+  #       uses: actions/setup-java@v4
+  #       with:
+  #         java-version: 17
+  #         distribution: "temurin"
+
+  #     - name: Validate Gradle Wrapper
+  #       uses: gradle/actions/wrapper-validation@v3
+
+  #     - name: Publish with Gradle Wrapper
+  #       uses: gradle/actions/setup-gradle@v3
+  #       with:
+  #         arguments: publishAllPublicationsToMavenCentral --full-stacktrace
+  #       env:
+  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  #         GIT_REF_NAME: ${{ github.ref_name }}
+  #         ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.OSSRH_GPG_KEY_ID }}
+  #         ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
+  #         ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.OSSRH_GPG_PASSPHRASE }}
+  #         ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.OSSRH_USERNAME }}
+  #         ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.OSSRH_PASSWORD }}

.github/workflows/dependencycheck.yml

@@ -1,14 +1,14 @@
-name: SCA - Dependency Check Caller
-on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
-  workflow_dispatch:
+# name: SCA - Dependency Check Caller
+# on:
+#   push:
+#     branches-ignore:
+#       - 'dependabot/**'
+#   workflow_dispatch:
 
-jobs:
- SCA_caller:
-      uses: eu-digital-identity-wallet/eudi-infra-ci/.github/workflows/sca_bt.yml@main
-      secrets:
-       NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
-       DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }}
-       DOJO_URL: ${{ secrets.DOJO_URL }}
+# jobs:
+#  SCA_caller:
+#       uses: eu-digital-identity-wallet/eudi-infra-ci/.github/workflows/sca_bt.yml@main
+#       secrets:
+#        NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
+#        DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }}
+#        DOJO_URL: ${{ secrets.DOJO_URL }}

.github/workflows/gitleaks.yml

@@ -1,13 +1,13 @@
-name: Secret Scanning - Gitleaks Caller
-on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
-  workflow_dispatch:
+# name: Secret Scanning - Gitleaks Caller
+# on:
+#   push:
+#     branches-ignore:
+#       - 'dependabot/**'
+#   workflow_dispatch:
 
-jobs:
-  Secret_Scanning_caller:
-      uses: eu-digital-identity-wallet/eudi-infra-ci/.github/workflows/secretscanning.yml@main
-      secrets:
-       DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }}
-       DOJO_URL: ${{ secrets.DOJO_URL }}
+# jobs:
+#   Secret_Scanning_caller:
+#       uses: eu-digital-identity-wallet/eudi-infra-ci/.github/workflows/secretscanning.yml@main
+#       secrets:
+#        DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }}
+#        DOJO_URL: ${{ secrets.DOJO_URL }}

.github/workflows/release.yml

@@ -1,50 +1,50 @@
-name: Release
-on:
-  workflow_dispatch:
-  release:
-    types: [ released ]
+# name: Release
+# on:
+#   workflow_dispatch:
+#   release:
+#     types: [ released ]
 
-jobs:
-  extract-code-version:
-    name: Extract code version
-    runs-on: ubuntu-latest
-    outputs:
-      code-version: ${{ steps.extract.outputs.CODE_VERSION }}
-    steps:
-      - name: Checkout project sources
-        uses: actions/checkout@v4
-      - id: extract
-        name: Extract code version from gradle.properties
-        run: echo "CODE_VERSION=$(awk -F= '$1~/VERSION_NAME/{print $2}' gradle.properties)" >> $GITHUB_OUTPUT
+# jobs:
+#   extract-code-version:
+#     name: Extract code version
+#     runs-on: ubuntu-latest
+#     outputs:
+#       code-version: ${{ steps.extract.outputs.CODE_VERSION }}
+#     steps:
+#       - name: Checkout project sources
+#         uses: actions/checkout@v4
+#       - id: extract
+#         name: Extract code version from gradle.properties
+#         run: echo "CODE_VERSION=$(awk -F= '$1~/VERSION_NAME/{print $2}' gradle.properties)" >> $GITHUB_OUTPUT
 
-  publish-to-sonatype:
-    name: Publish to sonatype.org
-    needs: [ extract-code-version ]
-    if: github.repository_owner == 'eu-digital-identity-wallet' && startsWith(github.ref, 'refs/tags') && format('v{0}', needs.extract-code-version.outputs.code-version) == github.ref_name
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Checkout project sources
-        uses: actions/checkout@v4
-      - uses: actions/setup-java@v3
-        with:
-          distribution: 'temurin'
-          java-version: '17'
-      - name: Validate Gradle Wrapper
-        uses: gradle/wrapper-validation-action@v1
-      - name: Publish with Gradle Wrapper
-        uses: gradle/gradle-build-action@v2.9.0
-        with:
-          gradle-version: wrapper
-          arguments: build publishAllPublicationsToMavenCentral --no-configuration-cache --full-stacktrace
-        env:
-          CI: true
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GIT_REF_NAME: ${{ github.ref_name }}
-          ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.OSSRH_GPG_KEY_ID }}
-          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
-          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.OSSRH_GPG_PASSPHRASE }}
-          ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.OSSRH_USERNAME }}
-          ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.OSSRH_PASSWORD }}
+#   publish-to-sonatype:
+#     name: Publish to sonatype.org
+#     needs: [ extract-code-version ]
+#     if: github.repository_owner == 'eu-digital-identity-wallet' && startsWith(github.ref, 'refs/tags') && format('v{0}', needs.extract-code-version.outputs.code-version) == github.ref_name
+#     runs-on: ubuntu-latest
+#     permissions:
+#       contents: read
+#       packages: write
+#     steps:
+#       - name: Checkout project sources
+#         uses: actions/checkout@v4
+#       - uses: actions/setup-java@v3
+#         with:
+#           distribution: 'temurin'
+#           java-version: '17'
+#       - name: Validate Gradle Wrapper
+#         uses: gradle/wrapper-validation-action@v1
+#       - name: Publish with Gradle Wrapper
+#         uses: gradle/gradle-build-action@v2.9.0
+#         with:
+#           gradle-version: wrapper
+#           arguments: build publishAllPublicationsToMavenCentral --no-configuration-cache --full-stacktrace
+#         env:
+#           CI: true
+#           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#           GIT_REF_NAME: ${{ github.ref_name }}
+#           ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.OSSRH_GPG_KEY_ID }}
+#           ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
+#           ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.OSSRH_GPG_PASSPHRASE }}
+#           ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.OSSRH_USERNAME }}
+#           ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.OSSRH_PASSWORD }}

.github/workflows/sonar.yml

@@ -1,16 +1,16 @@
-name: SAST - SonarCloud (BT) Caller
-on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
-  pull_request_target:
-  workflow_dispatch:
+# name: SAST - SonarCloud (BT) Caller
+# on:
+#   push:
+#     branches-ignore:
+#       - 'dependabot/**'
+#   pull_request_target:
+#   workflow_dispatch:
 
-jobs:
-   SAST_caller:
-      uses: eu-digital-identity-wallet/eudi-infra-ci/.github/workflows/sast_bt_testDebugUnitTestCoverage.yml@main
-      secrets:
-       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-       DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }}
-       DOJO_URL: ${{ secrets.DOJO_URL }}
+# jobs:
+#    SAST_caller:
+#       uses: eu-digital-identity-wallet/eudi-infra-ci/.github/workflows/sast_bt_testDebugUnitTestCoverage.yml@main
+#       secrets:
+#        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+#        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#        DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }}
+#        DOJO_URL: ${{ secrets.DOJO_URL }}