contentstack · reeshika-h · Jan 6, 2026 · Jan 6, 2026 · Jan 6, 2026 · Jan 6, 2026
@@ -36,9 +36,24 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
 
+    - name: Set up JDK 17
+      uses: actions/setup-java@v3
+      with:
+        distribution: 'temurin'
+        java-version: '17'
+
+    - name: Setup local.properties
+      run: |
+        cat << EOF > local.properties
+        sdk.dir=$ANDROID_HOME
+        EOF
+
+    - name: Grant execute permission for gradlew
+      run: chmod +x gradlew
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -48,21 +63,9 @@ jobs:
         # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         # queries: security-extended,security-and-quality
 
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #   echo "Run, Build Application using script"
-    #   ./location_of_script_within_repo/buildscript.sh
+    # Manual build for Android/Gradle project (autobuild doesn't work well with Android)
+    - name: Build with Gradle
+      run: ./gradlew assembleDebug --no-daemon --stacktrace
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
@@ -23,10 +23,12 @@ jobs:
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
 
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/setup@master
+      - name: Build Gradle project
+        run: ./gradlew assembleDebug --no-daemon --stacktrace
 
-      - name: Snyk test
-        run: snyk test --all-sub-projects --fail-on=all
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/gradle@master
         env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --all-sub-projects --fail-on=upgradable
@@ -1,5 +1,5 @@
 apply plugin: 'com.android.application'
-apply plugin: 'com.apollographql.apollo'
+apply plugin: 'com.apollographql.apollo3'
 
 android {
     namespace 'com.contentstack.graphql'
@@ -103,15 +103,13 @@ dependencies {
     implementation 'com.github.bumptech.glide:glide:4.16.0'
     annotationProcessor 'com.github.bumptech.glide:compiler:4.16.0'
 
-    // Apollo GraphQL v4
-    implementation 'com.apollographql.apollo:apollo-runtime:4.0.0'
+    // Apollo GraphQL v3 (stable, secure)
+    implementation 'com.apollographql.apollo3:apollo-runtime:3.8.2'
+    implementation 'com.apollographql.apollo3:apollo-adapters:3.8.2'
 
-    // Apollo adapters for Java/blocking calls
-    implementation 'com.apollographql.apollo:apollo-adapters:4.0.0'
-
-    // Kotlin coroutines (required for Apollo v4)
-    implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-core:1.7.3'
-    implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3'
+    // Kotlin coroutines (required)
+    implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-core:1.8.1'
+    implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-android:1.8.1'
 
     // Annotations
     implementation 'org.jetbrains:annotations:24.1.0'

@@ -9,9 +9,9 @@
 import android.util.Log;
 import android.view.View;
 
-import com.apollographql.apollo.ApolloClient;
-import com.apollographql.apollo.api.ApolloResponse;
-import com.apollographql.apollo.exception.ApolloException;
+import com.apollographql.apollo3.ApolloClient;
+import com.apollographql.apollo3.api.ApolloResponse;
+import com.apollographql.apollo3.exception.ApolloException;
 
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
@@ -122,8 +122,8 @@ private void getProducts(int skipCount, int limit) {
                         EmptyCoroutineContext.INSTANCE,
                         (scope, continuation) -> getApolloClient().query(
                                 new ALLProductsQuery(
-                                        com.apollographql.apollo.api.Optional.present(skipCount),
-                                        com.apollographql.apollo.api.Optional.present(limit)
+                                        com.apollographql.apollo3.api.Optional.present(skipCount),
+                                        com.apollographql.apollo3.api.Optional.present(limit)
                                 )
                         ).execute(continuation)
                 );

@@ -7,7 +7,7 @@ buildscript {
     }
     dependencies {
         classpath 'com.android.tools.build:gradle:8.2.2'
-        classpath 'com.apollographql.apollo:apollo-gradle-plugin:4.0.0'
+        classpath 'com.apollographql.apollo3:apollo-gradle-plugin:3.8.2'
     }
 }