Add GH action for static analysis tool mobsfscan

The action will currently not fail on warnings. That can be configured after we've went through the warnings and fixed or suppressed them.
mullvad · Nov 22, 2023 · 789201d · 789201d
1 parent 285cf6f
commit 789201d
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/.github/workflows/android-static-analysis.yml b/.github/workflows/android-static-analysis.yml
@@ -0,0 +1,27 @@
+---
+name: Android - Static analysis
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - .github/workflows/android-static-analysis.yml
+      - android/**
+  schedule:
+    # At 06:20 UTC every day.
+    # Notifications for scheduled workflows are sent to the user who last modified the cron
+    # syntax in the workflow file. If you update this you must have notifications for
+    # Github Actions enabled, so these don't go unnoticed.
+    # https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/notifications-for-workflow-runs
+    - cron: '20 6 * * *'
+jobs:
+  mobsfscan:
+    name: Code scanning using mobsfscan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Scan code
+        uses: MobSF/mobsfscan@main
+        with:
+          args: '--type android android'