[QA-1126] Adding sanity check against real devices for Prod builds

.github/workflows/build.yml

@@ -143,7 +143,7 @@ jobs:
         uses: bitwarden/gh-actions/get-keyvault-secrets@main
         with:
           keyvault: gh-android
-          secrets: "UPLOAD-KEYSTORE-PASSWORD,UPLOAD-BETA-KEYSTORE-PASSWORD,UPLOAD-BETA-KEY-PASSWORD,PLAY-KEYSTORE-PASSWORD,PLAY-BETA-KEYSTORE-PASSWORD,PLAY-BETA-KEY-PASSWORD"
+          secrets: "UPLOAD-KEYSTORE-PASSWORD,UPLOAD-BETA-KEYSTORE-PASSWORD,UPLOAD-BETA-KEY-PASSWORD,PLAY-KEYSTORE-PASSWORD,PLAY-BETA-KEYSTORE-PASSWORD,PLAY-BETA-KEY-PASSWORD,BWS-ACCESS-TOKEN"
 
       - name: Retrieve secrets
         env:
@@ -261,6 +261,47 @@ jobs:
           keyAlias:bitwarden \
           keyPassword:${{ env.PLAY-KEYSTORE-PASSWORD }}
 
+      - name: Retrieve test data
+        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
+        uses: bitwarden/sm-action@14f92f1d294ae3c2b6a3845d389cd2c318b0dfd8 # v2.2.0
+        with:
+          access_token: ${{ steps.get-kv-secrets.outputs.BWS-ACCESS-TOKEN }}
+          secrets: |
+            63e93f73-5118-4a62-9db8-b3160176aa8a > TEST_ACCOUNT_CREDS
+
+      - name: Configure .json test data file
+        run: printf %s '${{ env.TEST_ACCOUNT_CREDS }}' > app/src/androidTest/assets/TestData.json
+
+      - name: Build test APK (espresso)
+        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
+        env:
+          _TEST_APK_PATH: app/build/outputs/apk/androidTest/standard/release/com.x8bit.bitwarden-standard-release-androidTest.apk
+          _TEST_APK_SIGNED_PATH: app/build/outputs/apk/androidTest/standard/release/com.x8bit.bitwarden-test.apk
+        run: |
+          bundle exec fastlane assembleTestApk \
+            storeFile:app_play-keystore.jks \
+            storePassword:${{ env.PLAY-KEYSTORE-PASSWORD }} \
+            keyAlias:bitwarden \
+            keyPassword:${{ env.PLAY-KEYSTORE-PASSWORD }}
+          mv $_TEST_APK_PATH $_TEST_APK_SIGNED_PATH
+
+      # TODO: test if bundle exec fastlane assembleTestApk works and replace this step
+      # - name: Sign and rename test APK
+      #   if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
+      #   env:
+      #     _TEST_APK_PATH: app/build/outputs/apk/androidTest/standard/release/com.x8bit.bitwarden-standard-release-androidTest.apk
+      #     _TEST_APK_SIGNED_PATH: app/build/outputs/apk/androidTest/standard/release/com.x8bit.bitwarden-test.apk
+      #     _PLAY_KEYSTORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.PLAY-KEYSTORE-PASSWORD }}
+      #     _PLAY_KEYSTORE_ALIAS: ${{ steps.get-kv-secrets.outputs.PLAY-KEYSTORE-ALIAS }}
+      #   run: |
+      #     $ANDROID_SDK_ROOT/build-tools/34.0.0/apksigner sign \
+      #       --ks keystores/app_play-keystore.jks \
+      #       --ks-key-alias bitwarden \
+      #       --ks-pass pass:$_PLAY_KEYSTORE_PASSWORD \
+      #       --key-pass pass:$_PLAY_KEYSTORE_PASSWORD \
+      #       $_TEST_APK_PATH
+      #     mv $_TEST_APK_PATH $_TEST_APK_SIGNED_PATH
+
       - name: Generate beta Play Store APK
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
         env:
@@ -302,6 +343,14 @@ jobs:
           path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden.apk
           if-no-files-found: error
 
+      - name: Upload test .apk artifact
+        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: com.x8bit.bitwarden-test.apk
+          path: app/build/outputs/apk/androidTest/standard/release/com.x8bit.bitwarden-test.apk
+          if-no-files-found: error
+
       - name: Upload beta .apk artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
@@ -422,6 +471,19 @@ jobs:
           bundle exec fastlane publishProdToPlayStore
           bundle exec fastlane publishBetaToPlayStore
 
+  test-device:
+    name: Test device
+    needs: publish_playstore
+    uses: bitwarden/android/.github/workflows/test-device.yml@QA-1126b/adding-native-sanity-test #TODO replace branch with main before merging
+    with:
+      apk_filename: com.x8bit.bitwarden.apk
+      test_apk_filename: com.x8bit.bitwarden-test.apk
+    permissions:
+      actions: read
+      checks: write
+      contents: read
+      id-token: write
+
   publish_fdroid:
     name: Publish F-Droid artifacts
     needs:

.github/workflows/test-device.yml

@@ -1,16 +1,90 @@
 name: Test Device
 
 on:
-  workflow_dispatch:
+  workflow_call:
+    inputs:
+      apk_filename:
+        type: string
+        description: "Filename of the APK file to test"
+        default: com.x8bit.bitwarden.apk
+      test_apk_filename:
+        type: string
+        description: "Filename of the test APK file to test"
+        default: com.x8bit.bitwarden-test.apk
 
+env:
+  _APK_PATH: artifacts/${{ inputs.apk_filename }}
+  _TEST_APK_PATH: artifacts/${{ inputs.test_apk_filename }}
+
+# TODO confirm if these permissions are needed
 permissions:
   contents: read
+  actions: read
+  checks: write
+  id-token: write
 
 jobs:
-  test:
-    name: Test Device
+  test-device:
+    name: Check main build against real devices
     runs-on: ubuntu-24.04
 
     steps:
-    - name: Placeholder step
-      run: echo "Placeholder workflow step"
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get E2E secrets from Azure
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-android
+          secrets: "SAUCE-LABS-USERNAME,SAUCE-LABS-ACCESS-KEY"
+        id: get-kv-secrets
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Download release APK artifact
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          name: ${{ inputs.apk_filename }}
+          path: artifacts
+
+      - name: Download test APK artifact
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          name: ${{ inputs.test_apk_filename }}
+          path: artifacts
+
+      - name: Install saucectl
+        run: |
+          npm i -g saucectl
+
+      - name: Upload APK to SauceLabs storage
+        run: |
+          saucectl storage upload $_APK_PATH
+        env:
+          SAUCE_USERNAME: ${{ steps.get-kv-secrets.outputs.SAUCE-LABS-USERNAME }}
+          SAUCE_ACCESS_KEY: ${{ steps.get-kv-secrets.outputs.SAUCE-LABS-ACCESS-KEY }}
+
+      - name: Upload test APK to SauceLabs storage
+        env:
+          SAUCE_USERNAME: ${{ steps.get-kv-secrets.outputs.SAUCE-LABS-USERNAME }}
+          SAUCE_ACCESS_KEY: ${{ steps.get-kv-secrets.outputs.SAUCE-LABS-ACCESS-KEY }}
+        run: |
+          saucectl storage upload $_TEST_APK_PATH
+
+      - name: Run tests on SauceLabs
+        run: saucectl run --config .sauce/config.yml
+        env:
+          SAUCE_USERNAME: ${{ steps.get-kv-secrets.outputs.SAUCE-LABS-USERNAME }}
+          SAUCE_ACCESS_KEY: ${{ steps.get-kv-secrets.outputs.SAUCE-LABS-ACCESS-KEY }}
+
+      - name: Upload SauceLabs test report
+        if: always()
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: saucectl-report
+          path: saucectl-report.xml

.sauce/config.yml

@@ -0,0 +1,32 @@
+apiVersion: v1alpha
+kind: espresso
+defaults:
+  timeout: 10m
+sauce:
+  region: us-west-1
+  # Controls how many suites are executed at the same time (sauce test env only).
+  concurrency: 1
+  retries: 1
+  visibility: team
+  metadata:
+    tags:
+      - Android
+      - sanity-e2e
+    build: Sanity check on Real devices
+reporters:
+  junit:
+    enabled: true
+    filename: saucectl-report.xml
+espresso:
+  app: storage:filename=com.x8bit.bitwarden.apk
+  testApp: storage:filename=com.x8bit.bitwarden-standard-release-androidTest.apk
+suites:
+  - name: "Android - Sanity"
+    devices:
+      - name: "Google.*"
+        platformVersion: "^1[3456].*"
+        options:
+          deviceType: PHONE
+    testOptions:
+      package: e2e.tests
+      resigningEnabled: false

README.md

@@ -279,6 +279,27 @@ The following is a list of additional third-party dependencies used as part of t
     - Purpose: A small testing library for kotlinx.coroutine's Flow.
     - License: Apache 2.0
 
+- **AndroidX Espresso Core**
+    - https://developer.android.com/jetpack/androidx/releases/espresso
+    - Purpose: UI testing framework for Android.
+    - License: Apache 2.0
+
+- **AndroidX JUnit KTX**
+    - https://developer.android.com/jetpack/androidx/releases/junit
+    - Purpose: Kotlin extensions for JUnit-based Android tests.
+    - License: Apache 2.0
+
+- **AndroidX UIAutomator**
+    - https://developer.android.com/training/testing/other-components/ui-automator
+    - Purpose: UI testing across multiple apps.
+    - License: Apache 2.0
+
+- **AndroidX Compose UI Test JUnit4 (Android)**
+    - https://developer.android.com/jetpack/androidx/releases/compose-ui
+    - Purpose: Compose UI testing for Android using JUnit4.
+    - License: Apache 2.0
+
+
 ### CI/CD Dependencies
 
 The following is a list of additional third-party dependencies used as part of the CI/CD workflows. These are not present in the final packaged application.

app/build.gradle.kts

@@ -47,6 +47,9 @@ android {
     namespace = "com.x8bit.bitwarden"
     compileSdk = libs.versions.compileSdk.get().toInt()
 
+    // Required for SauceLabs integration
+    testBuildType = "release"
+
     room {
         schemaDirectory("$projectDir/schemas")
     }
@@ -253,6 +256,10 @@ dependencies {
     implementation(libs.androidx.lifecycle.runtime.compose)
     implementation(libs.androidx.lifecycle.runtime.ktx)
     implementation(libs.androidx.navigation.compose)
+    implementation(libs.androidx.uiautomator)
+    implementation(libs.androidx.espresso.core)
+    implementation(libs.androidx.junit.ktx)
+    implementation(libs.androidx.ui.test.junit4.android)
     ksp(libs.androidx.room.compiler)
     implementation(libs.androidx.room.ktx)
     implementation(libs.androidx.room.runtime)
@@ -288,7 +295,6 @@ dependencies {
     testImplementation(testFixtures(project(":network")))
     testImplementation(testFixtures(project(":ui")))
 
-    testImplementation(libs.androidx.compose.ui.test)
     testImplementation(libs.google.hilt.android.testing)
     testImplementation(platform(libs.junit.bom))
     testRuntimeOnly(libs.junit.platform.launcher)
@@ -298,6 +304,11 @@ dependencies {
     testImplementation(libs.mockk.mockk)
     testImplementation(libs.robolectric.robolectric)
     testImplementation(libs.square.turbine)
+    androidTestImplementation(libs.androidx.compose.ui.test)
+    androidTestImplementation(libs.androidx.espresso.core)
+    androidTestImplementation(libs.androidx.junit.ktx)
+    androidTestImplementation(libs.androidx.ui.test.junit4.android)
+    androidTestImplementation(libs.androidx.uiautomator)
 }
 
 tasks {

app/proguard-rules.pro

@@ -121,3 +121,23 @@
 -dontwarn com.google.errorprone.annotations.CheckReturnValue
 -dontwarn com.google.errorprone.annotations.Immutable
 -dontwarn com.google.errorprone.annotations.RestrictedApi
+
+################################################################################
+# AndroidX Test Runner
+################################################################################
+
+# Keep the test runner classes
+-keep class androidx.test.runner.** { *; }
+-keep class androidx.test.internal.runner.** { *; }
+-keep class androidx.test.ext.junit.** { *; }
+-keep class androidx.test.ext.** { *; }
+-keep class androidx.test.** { *; }
+
+# Keep Compose test classes
+-keep class androidx.compose.ui.test.** { *; }
+-keep class androidx.compose.ui.test.junit4.** { *; }
+
+# Keep Kotlin standard library classes
+-keep class kotlin.** { *; }
+-keep class kotlinx.** { *; }
+-keep class kotlin.io.** { *; }

app/src/androidTest/assets/TestData.json

@@ -0,0 +1,5 @@
+{
+  "baseUrl": "_",
+  "email": "_",
+  "password": "_"
+}

app/src/androidTest/kotlin/com/x8bit/bitwarden/data/TestData.kt

@@ -0,0 +1,10 @@
+package com.x8bit.bitwarden.data
+
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class TestData(
+    val baseUrl: String,
+    val email: String,
+    val password: String,
+)

app/src/androidTest/kotlin/com/x8bit/bitwarden/data/TestDataReader.kt

@@ -0,0 +1,18 @@
+package com.x8bit.bitwarden.data
+
+import androidx.test.platform.app.InstrumentationRegistry
+import kotlinx.serialization.json.Json
+import java.nio.charset.StandardCharsets
+
+object TestDataReader {
+    fun getTestData(fileName: String): TestData {
+        val assets = InstrumentationRegistry.getInstrumentation().context.assets
+        val jsonString = assets
+            .open(fileName)
+            .use { inputStream ->
+                inputStream.bufferedReader(StandardCharsets.UTF_8)
+                    .readText()
+            }
+        return Json.decodeFromString<TestData>(jsonString)
+    }
+}