diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4218585..67792ef 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -36,9 +36,24 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '17' + + - name: Setup local.properties + run: | + cat << EOF > local.properties + sdk.dir=$ANDROID_HOME + EOF + + - name: Grant execute permission for gradlew + run: chmod +x gradlew + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -48,21 +63,9 @@ jobs: # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh + # Manual build for Android/Gradle project (autobuild doesn't work well with Android) + - name: Build with Gradle + run: ./gradlew assembleDebug --no-daemon --stacktrace - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml index e32b928..10e7499 100644 --- a/.github/workflows/sca-scan.yml +++ b/.github/workflows/sca-scan.yml @@ -23,10 +23,12 @@ jobs: - name: Grant execute permission for gradlew run: chmod +x gradlew - - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/setup@master + - name: Build Gradle project + run: ./gradlew assembleDebug --no-daemon --stacktrace - - name: Snyk test - run: snyk test --all-sub-projects --fail-on=all + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/gradle@master env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} \ No newline at end of file + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --all-sub-projects --fail-on=upgradable \ No newline at end of file diff --git a/app/build.gradle b/app/build.gradle index 371aff6..54e5d25 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -1,5 +1,5 @@ apply plugin: 'com.android.application' -apply plugin: 'com.apollographql.apollo' +apply plugin: 'com.apollographql.apollo3' android { namespace 'com.contentstack.graphql' @@ -103,15 +103,13 @@ dependencies { implementation 'com.github.bumptech.glide:glide:4.16.0' annotationProcessor 'com.github.bumptech.glide:compiler:4.16.0' - // Apollo GraphQL v4 - implementation 'com.apollographql.apollo:apollo-runtime:4.0.0' + // Apollo GraphQL v3 (stable, secure) + implementation 'com.apollographql.apollo3:apollo-runtime:3.8.2' + implementation 'com.apollographql.apollo3:apollo-adapters:3.8.2' - // Apollo adapters for Java/blocking calls - implementation 'com.apollographql.apollo:apollo-adapters:4.0.0' - - // Kotlin coroutines (required for Apollo v4) - implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-core:1.7.3' - implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3' + // Kotlin coroutines (required) + implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-core:1.8.1' + implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-android:1.8.1' // Annotations implementation 'org.jetbrains:annotations:24.1.0' diff --git a/app/src/main/java/com/contentstack/graphql/product/view/ProductActivity.java b/app/src/main/java/com/contentstack/graphql/product/view/ProductActivity.java index 6f2c87d..5155ab2 100644 --- a/app/src/main/java/com/contentstack/graphql/product/view/ProductActivity.java +++ b/app/src/main/java/com/contentstack/graphql/product/view/ProductActivity.java @@ -9,9 +9,9 @@ import android.util.Log; import android.view.View; -import com.apollographql.apollo.ApolloClient; -import com.apollographql.apollo.api.ApolloResponse; -import com.apollographql.apollo.exception.ApolloException; +import com.apollographql.apollo3.ApolloClient; +import com.apollographql.apollo3.api.ApolloResponse; +import com.apollographql.apollo3.exception.ApolloException; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; @@ -122,8 +122,8 @@ private void getProducts(int skipCount, int limit) { EmptyCoroutineContext.INSTANCE, (scope, continuation) -> getApolloClient().query( new ALLProductsQuery( - com.apollographql.apollo.api.Optional.present(skipCount), - com.apollographql.apollo.api.Optional.present(limit) + com.apollographql.apollo3.api.Optional.present(skipCount), + com.apollographql.apollo3.api.Optional.present(limit) ) ).execute(continuation) ); diff --git a/build.gradle b/build.gradle index e167306..6772b79 100644 --- a/build.gradle +++ b/build.gradle @@ -7,7 +7,7 @@ buildscript { } dependencies { classpath 'com.android.tools.build:gradle:8.2.2' - classpath 'com.apollographql.apollo:apollo-gradle-plugin:4.0.0' + classpath 'com.apollographql.apollo3:apollo-gradle-plugin:3.8.2' } }