Catrobat · shbhmexe · Oct 16, 2025
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,74 @@
+version: 2
+updates:
+  # Enable version updates for Gradle dependencies
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "Catrobat/paintroid-maintainers"
+    labels:
+      - "dependencies"
+      - "gradle"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    ignore:
+      # Ignore major version updates for stable dependencies
+      - dependency-name: "org.jetbrains.kotlin:*"
+        update-types: ["version-update:semver-major"]
+    groups:
+      # Group AndroidX updates together
+      androidx:
+        patterns:
+          - "androidx.*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group testing dependencies together
+      testing:
+        patterns:
+          - "*junit*"
+          - "*mockito*"
+          - "*espresso*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group Kotlin dependencies
+      kotlin:
+        patterns:
+          - "org.jetbrains.kotlin*"
+          - "org.jetbrains.kotlinx*"
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+
+  # Enable Docker base image updates
+  - package-ecosystem: "docker"
+    directory: "/docker"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "docker"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
diff --git a/.github/workflows/android-ci.yml b/.github/workflows/android-ci.yml
@@ -0,0 +1,206 @@
+name: Android CI
+
+on:
+  push:
+    branches: [ develop, master ]
+  pull_request:
+    branches: [ develop, master ]
+
+jobs:
+  build:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Set up JDK 11
+      uses: actions/setup-java@v4
+      with:
+        java-version: '11'
+        distribution: 'temurin'
+        cache: gradle
+
+    - name: Grant execute permission for gradlew
+      run: chmod +x gradlew
+
+    - name: Cache Gradle packages
+      uses: actions/cache@v3
+      with:
+        path: |
+          ~/.gradle/caches
+          ~/.gradle/wrapper
+        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+        restore-keys: |
+          ${{ runner.os }}-gradle-
+
+    - name: Build debug APK
+      run: ./gradlew assembleDebug --stacktrace
+
+    - name: Upload debug APK
+      uses: actions/upload-artifact@v3
+      with:
+        name: app-debug
+        path: app/build/outputs/apk/debug/paintroid-debug.apk
+        retention-days: 7
+
+    - name: Run unit tests
+      run: ./gradlew testDebugUnitTest --stacktrace
+
+    - name: Upload test results
+      if: always()
+      uses: actions/upload-artifact@v3
+      with:
+        name: test-results
+        path: '**/build/test-results/**/*.xml'
+        retention-days: 7
+
+  static-analysis:
+    name: Static Code Analysis
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up JDK 11
+      uses: actions/setup-java@v4
+      with:
+        java-version: '11'
+        distribution: 'temurin'
+        cache: gradle
+
+    - name: Grant execute permission for gradlew
+      run: chmod +x gradlew
+
+    - name: Run Lint
+      run: ./gradlew lint --stacktrace
+      continue-on-error: true
+
+    - name: Upload Lint report
+      if: always()
+      uses: actions/upload-artifact@v3
+      with:
+        name: lint-report
+        path: '**/build/reports/lint-*.html'
+        retention-days: 7
+
+    - name: Run Detekt
+      run: ./gradlew detekt --stacktrace
+      continue-on-error: true
+
+    - name: Upload Detekt report
+      if: always()
+      uses: actions/upload-artifact@v3
+      with:
+        name: detekt-report
+        path: '**/build/reports/detekt/detekt.html'
+        retention-days: 7
+
+    - name: Run Checkstyle
+      run: ./gradlew checkstyle --stacktrace
+      continue-on-error: true
+
+    - name: Upload Checkstyle report
+      if: always()
+      uses: actions/upload-artifact@v3
+      with:
+        name: checkstyle-report
+        path: '**/build/reports/checkstyle.html'
+        retention-days: 7
+
+    - name: Run PMD
+      run: ./gradlew pmd --stacktrace
+      continue-on-error: true
+
+    - name: Upload PMD report
+      if: always()
+      uses: actions/upload-artifact@v3
+      with:
+        name: pmd-report
+        path: '**/build/reports/pmd.html'
+        retention-days: 7
+
+    - name: Annotate PR with static analysis results
+      if: github.event_name == 'pull_request'
+      uses: github/codeql-action/upload-sarif@v2
+      continue-on-error: true
+      with:
+        sarif_file: Paintroid/build/reports/detekt/detekt.sarif
+
+  code-coverage:
+    name: Code Coverage
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up JDK 11
+      uses: actions/setup-java@v4
+      with:
+        java-version: '11'
+        distribution: 'temurin'
+        cache: gradle
+
+    - name: Grant execute permission for gradlew
+      run: chmod +x gradlew
+
+    - name: Run tests with coverage
+      run: ./gradlew -PenableCoverage jacocoTestDebugUnitTestReport --stacktrace
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v3
+      with:
+        files: ./Paintroid/build/reports/jacoco/jacocoTestDebugUnitTestReport/jacocoTestDebugUnitTestReport.xml
+        flags: unittests
+        name: codecov-umbrella
+        fail_ci_if_error: false
+
+    - name: Generate coverage report comment
+      if: github.event_name == 'pull_request'
+      uses: madrapps/[email protected]
+      with:
+        paths: |
+          ${{ github.workspace }}/Paintroid/build/reports/jacoco/jacocoTestDebugUnitTestReport/jacocoTestDebugUnitTestReport.xml
+        token: ${{ secrets.GITHUB_TOKEN }}
+        min-coverage-overall: 60
+        min-coverage-changed-files: 70
+        title: Code Coverage Report
+
+  dependency-check:
+    name: Dependency Vulnerability Check
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up JDK 11
+      uses: actions/setup-java@v4
+      with:
+        java-version: '11'
+        distribution: 'temurin'
+        cache: gradle
+
+    - name: Grant execute permission for gradlew
+      run: chmod +x gradlew
+
+    - name: Run dependency check
+      run: ./gradlew dependencyUpdates --stacktrace
+      continue-on-error: true
+
+    - name: Upload dependency report
+      if: always()
+      uses: actions/upload-artifact@v3
+      with:
+        name: dependency-report
+        path: '**/build/dependencyUpdates/report.txt'
+        retention-days: 7