diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 98e09c7c..0712d4e9 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -5,7 +5,7 @@ inputs: java: description: The Java version to use required: false - default: 8.0.382-tem + default: 11.0.29-tem gradle: description: The Gradle version to use required: false diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6778b049..b18fd293 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,4 +3,4 @@ updates: - package-ecosystem: 'github-actions' directory: '/' schedule: - interval: 'daily' + interval: 'weekly' diff --git a/.github/workflows/sca_scan.yml b/.github/workflows/sca_scan.yml new file mode 100644 index 00000000..f099855b --- /dev/null +++ b/.github/workflows/sca_scan.yml @@ -0,0 +1,10 @@ +name: SCA + +on: + push: + branches: ["master", "main"] + +jobs: + snyk-cli: + uses: auth0/devsecops-tooling/.github/workflows/sca-scan.yml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml deleted file mode 100644 index 33831618..00000000 --- a/.github/workflows/snyk.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Snyk - -on: - merge_group: - workflow_dispatch: - pull_request: - types: - - opened - - synchronize - push: - branches: - - main - schedule: - - cron: "30 0 1,15 * *" - -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} - -jobs: - check: - name: Check for Vulnerabilities - runs-on: ubuntu-latest - - steps: - - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group' - run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection. - - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha || github.ref }} - - - run: npm install snyk -g - - - run: snyk test - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} diff --git a/build.gradle b/build.gradle index 5e77b8d2..76321719 100644 --- a/build.gradle +++ b/build.gradle @@ -10,7 +10,7 @@ buildscript { google() } dependencies { - classpath 'com.android.tools.build:gradle:4.2.2' + classpath 'com.android.tools.build:gradle:7.4.0' classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version" } } diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index d355f4c4..2ec77e51 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.3-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.5-all.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/lib/build.gradle b/lib/build.gradle index fb7ca75d..674e9aae 100644 --- a/lib/build.gradle +++ b/lib/build.gradle @@ -1,5 +1,7 @@ plugins { - id "com.auth0.gradle.oss-library.android" version "0.18.0" +// id "com.auth0.gradle.oss-library.android" version "0.18.0" + id 'com.android.library' + id 'kotlin-android' } logger.lifecycle("Using version ${version} for ${name}") @@ -7,40 +9,43 @@ logger.lifecycle("Using version ${version} for ${name}") def signingKey = findProperty('signingKey') def signingKeyPwd = findProperty('signingPassword') -oss { - name 'Lock.Android' - repository 'Lock.Android' - organization 'auth0' - description 'The easiest way of securing your Android mobile apps with Auth0 & Lock' - skipAssertSigningConfiguration true +//oss { +// name 'Lock.Android' +// repository 'Lock.Android' +// organization 'auth0' +// description 'The easiest way of securing your Android mobile apps with Auth0 & Lock' +// skipAssertSigningConfiguration true +// +// developers { +// auth0 { +// displayName = 'Auth0' +// email = 'oss@auth0.com' +// } +// lbalmaceda { +// displayName = 'Luciano Balmaceda' +// email = 'luciano.balmaceda@auth0.com' +// } +// } +//} - developers { - auth0 { - displayName = 'Auth0' - email = 'oss@auth0.com' - } - lbalmaceda { - displayName = 'Luciano Balmaceda' - email = 'luciano.balmaceda@auth0.com' - } - } -} - -signing { - useInMemoryPgpKeys(signingKey, signingKeyPwd) -} +//signing { +// useInMemoryPgpKeys(signingKey, signingKeyPwd) +//} android { - compileSdkVersion 31 + compileSdkVersion 33 defaultConfig { minSdkVersion 21 - targetSdkVersion 31 + targetSdkVersion 33 versionCode 1 versionName project.version consumerProguardFiles '../proguard/proguard-gson.pro', '../proguard/proguard-otto.pro', '../proguard/proguard-lock-2.pro' // Required since Android Gradle Plugin 4.1 - https://issuetracker.google.com/issues/154275579 buildConfigField "String", "VERSION_NAME", "\"$versionName\"" + // Manifest placeholders required for Android test builds + testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner" + manifestPlaceholders = [auth0Domain: "test.auth0.com", auth0Scheme: "https"] } lintOptions { @@ -60,8 +65,8 @@ android { } compileOptions { - sourceCompatibility 1.8 - targetCompatibility 1.8 + sourceCompatibility JavaVersion.VERSION_11 + targetCompatibility JavaVersion.VERSION_11 } } diff --git a/lib/src/main/java/com/auth0/android/lock/views/CheckableOptionView.java b/lib/src/main/java/com/auth0/android/lock/views/CheckableOptionView.java index 2ce1e500..1931d96f 100644 --- a/lib/src/main/java/com/auth0/android/lock/views/CheckableOptionView.java +++ b/lib/src/main/java/com/auth0/android/lock/views/CheckableOptionView.java @@ -24,6 +24,7 @@ package com.auth0.android.lock.views; +import android.annotation.SuppressLint; import android.content.Context; import android.content.res.TypedArray; import androidx.annotation.NonNull; @@ -69,6 +70,7 @@ private void init(AttributeSet attrs) { } int[] set = {android.R.attr.text}; + @SuppressLint("ResourceType") TypedArray a = getContext().obtainStyledAttributes(attrs, set); CharSequence text = a.getText(0); a.recycle(); diff --git a/lib/src/main/java/com/auth0/android/lock/views/LogInFormView.java b/lib/src/main/java/com/auth0/android/lock/views/LogInFormView.java index 14605d12..c0f3a79d 100644 --- a/lib/src/main/java/com/auth0/android/lock/views/LogInFormView.java +++ b/lib/src/main/java/com/auth0/android/lock/views/LogInFormView.java @@ -211,7 +211,7 @@ public Object submitForm() { corporateSSO = true; usernameInput.clearFocus(); InputMethodManager imm = (InputMethodManager) getContext().getSystemService(Context.INPUT_METHOD_SERVICE); - imm.hideSoftInputFromWindow(getWindowToken(), InputMethodManager.RESULT_UNCHANGED_SHOWN); + imm.hideSoftInputFromWindow(getWindowToken(), 0); return null; } diff --git a/lib/src/main/java/com/auth0/android/lock/views/ViewUtils.java b/lib/src/main/java/com/auth0/android/lock/views/ViewUtils.java index fa41cd7b..bd36675a 100644 --- a/lib/src/main/java/com/auth0/android/lock/views/ViewUtils.java +++ b/lib/src/main/java/com/auth0/android/lock/views/ViewUtils.java @@ -24,6 +24,7 @@ package com.auth0.android.lock.views; +import android.annotation.SuppressLint; import android.content.res.ColorStateList; import android.content.res.Resources; import android.graphics.RectF; @@ -85,6 +86,7 @@ static float dipToPixels(Resources resources, int dip) { * @param corners the rounded corners this drawable will have. Can be one of ONLY_LEFT, ONLY_RIGHT, ALL * @return the rounded drawable. */ + @SuppressLint("WrongConstant") static ShapeDrawable getRoundedBackground(@NonNull View view, @ColorInt int color, @Corners int corners) { int r = view.getResources().getDimensionPixelSize(R.dimen.com_auth0_lock_widget_corner_radius); float[] outerR = new float[0]; @@ -101,6 +103,7 @@ static ShapeDrawable getRoundedBackground(@NonNull View view, @ColorInt int colo outerR = new float[]{0, 0, r, r, r, r, 0, 0}; break; case ALL: + default: outerR = new float[]{r, r, r, r, r, r, r, r}; break; }