CI/CD Pipeline Integration with Fastlane and GitHub Actions and Integration of Native C++ Code for Secure Handling of Sensitive Infos #43

kevalkanp1011 · 2024-12-20T12:55:23Z

📋 Description

JIRA ID:

Please provide a summary of the change and the motivation behind it. Include relevant context and details.

This pull request introduces significant enhancements to our Android project, focusing on security improvements and the implementation of a robust CI/CD pipeline. The key changes include the integration of native C++ code, CMake configuration, and the setup of automated workflows using Fastlane and GitHub Actions.

Changes Made:

Integration of Native C++ Code:

Integrated native C++ code into the Android project to securely handle base URLs and secret keys, mitigating risks of reverse engineering.
Configured CMake to build and link the native code with the Android application.

Fastlane Integration:

Implemented Fastlane lanes for building the Android app across multiple environments (e.g., staging, production).
Configured Fastlane to automate the distribution of APKs to Firebase App Distribution, streamlining the testing and deployment process.

GitHub Actions Workflow:

Set up a comprehensive GitHub Actions workflow to automate the CI/CD process.
Installed required SDKs and tools (Java, Android SDK, NDK, CMake, Ruby) to ensure a consistent build environment.
Generated environment-specific files (e.g., google-services.json) dynamically during the workflow execution.
Utilized GitHub Secrets to securely manage and inject environment variables necessary for the build process.
Built the Android app using Fastlane, leveraging the configured lanes for different environments.
Uploaded the built APKs as artifacts to GitHub, facilitating easy access for testing and further distribution.

Environment

Job Name	Environment	Variant	Build Type
`saksham_stag_job`	`SAKSHAM_STAG`	`SakshamStag`	debug
`saksham_uat_job`	`SAKSHAM_UAT`	`SakshamUat`	debug
`saksham_production_job`	`SAKSHAM_PRODUCTION`	`Saksham`	release
`xushrukha_production_job`	`XUSHRUKHA_PRODUCTION`	`Xushrukha`	release
`niramay_production_job`	`NIRAMAY_PRODUCTION`	`Niramay`	release

Environment Secrets:-

Environment Variable	Secret Key	Type
`ENCRYPTED_PASS_KEY`	`${{ secrets.ENCRYPTED_PASS_KEY }}`	string
`ABHA_CLIENT_ID`	`${{ secrets.ABHA_CLIENT_ID }}`	string
`ABHA_CLIENT_SECRET`	`${{ secrets.ABHA_CLIENT_SECRET }}`	string
`BASE_TMC_URL`	`${{ secrets.BASE_TMC_URL }}`	string
`BASE_ABHA_URL`	`${{ secrets.BASE_ABHA_URL }}`	string
`ABHA_TOKEN_URL`	`${{ secrets.ABHA_TOKEN_URL }}`	string
`ABHA_AUTH_URL`	`${{ secrets.ABHA_AUTH_URL }}`	string
`FIREBASE_APP_ID`	`${{ secrets.FIREBASE_APP_ID }}`	string
`FIREBASE_CLI_TOKEN`	`${{ secrets.FIREBASE_CLI_TOKEN }}`	string
`TESTER_GROUPS`	`${{ secrets.TESTER_GROUPS }}`	emails separated by commas without space (i.e. [email protected],[email protected])
`KEYSTORE_PATH`	`${{ secrets.KEYSTORE_PATH }}`	string
`KEYSTORE_PASSWORD`	`${{ secrets.KEYSTORE_PASSWORD }}`	string
`KEY_ALIAS`	`${{ secrets.KEY_ALIAS }}`	string
`KEY_PASSWORD`	`${{ secrets.KEY_PASSWORD }}`	string
`GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION`	`${{ secrets.GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION }}`	base64
`GOOGLE_SERVICES_JSON_XUSHRUKHA_PRODUCTION`	`${{ secrets.GOOGLE_SERVICES_JSON_XUSHRUKHA_PRODUCTION }}`	base64
`GOOGLE_SERVICES_JSON_GENERIC`	`${{ secrets.GOOGLE_SERVICES_JSON_GENERIC }}`	base64
`GOOGLE_PLAY_JSON_KEY`	`${{ secrets.GOOGLE_PLAY_JSON_KEY }}`	base64

✅ Type of Change

ℹ️ Additional Information

The changes were tested by running the defined Fastlane lanes to ensure proper functionality. This involved assembling the builds and verifying their distribution via Firebase App Distribution. No functional changes to the application were made, only configuration adjustments.

Summary by CodeRabbit

New Features
- Upgraded app version to 5.0.0 with dynamic configuration support for tailored feature behavior.
Bug Fixes
- Refined UI elements and adjusted permissions for improved security and smoother performance.
Documentation
- Expanded guides covering setup, build, deployment, and CI/CD processes for clearer development and testing practices.
Chores
- Streamlined build automation and versioning configurations to enhance overall app stability and maintainability.

coderabbitai · 2024-12-20T12:55:33Z

Walkthrough

This pull request encompasses wide-ranging modifications across project configuration, build scripts, native code, and application resources. It updates ignore files to handle environment-specific configuration files, removes local secret files, and revises versioning and product flavors in Gradle. New Fastlane lanes and GitHub Actions workflows are introduced to automate building and distributing the app. Additionally, native code changes add AES and Base64 implementations along with a secure KeyUtils interface, while several UI and documentation updates further refine the project's setup.

Changes

Files	Change Summary
`.gitignore`, `app/.gitignore`, `fastlane/.gitignore`	Updated ignore rules to remove general patterns and add environment-specific entries for `local.properties`, `secrets.properties`, and various `google-services.json` files; added entries to ignore build artifacts like `/build`, `/release`, and keystores.
`Gemfile`, `fastlane/Appfile`, `fastlane/Fastfile`, `fastlane/Pluginfile`, `fastlane/README.md`	Added Fastlane automation configuration including the `fastlane` gem, plugin evaluation, new lanes (debug, release, version increment), and updated documentation detailing prerequisites and available actions.
`.github/workflows/android.yml`, `.github/workflows/build-distribute.yml`	Introduced new GitHub Actions workflows to automate Android builds and distribution, setting environment variables, handling secret decoding, and running Fastlane commands based on a build matrix.
`local.properties`, `secrets.properties`	Removed local configuration and secret files to avoid tracking sensitive SDK paths and credentials.
`app/build.gradle`, `version/version.properties`, `versioning.gradle`, `build.gradle`	Modified Gradle configurations: integrated external native build and versioning changes via closures; updated product flavors and ABI splits; fixed syntax issues with a closing brace.
`app/src/main/cpp/CMakeLists.txt`, `app/src/main/cpp/native-lib.cpp`, `app/src/main/cpp/aes.cpp`, `app/src/main/cpp/aes.h`, `app/src/main/cpp/base64.cpp`, `app/src/main/cpp/base64.h`, `app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt`	Added native library build configurations and JNI functions to expose sensitive values; introduced complete AES encryption and Base64 encoding/decoding implementations; created a secure `KeyUtils` interface that bridges native code with Kotlin.
`app/src/main/java/org/piramalswasthya/sakhi/crypt/CryptoUtil.kt`, `app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt`, `app/src/main/java/org/piramalswasthya/sakhi/network/AbhaApiService.kt`, `app/src/main/java/org/piramalswasthya/sakhi/network/JsonAdapters.kt`, `app/src/main/java/org/piramalswasthya/sakhi/SakhiApplication.kt`, `app/src/main/java/org/piramalswasthya/sakhi/ui/home_activity/HomeActivity.kt`, `app/src/main/java/org/piramalswasthya/sakhi/configuration/IconDataset.kt`, `app/src/main/java/org/piramalswasthya/sakhi/ui/login_activity/LoginActivity.kt`, `app/src/main/java/org/piramalswasthya/sakhi/ui/login_activity/sign_in/SignInFragment.kt`	Updated API and application code to replace static build configuration with dynamic retrieval via `KeyUtils`; modified flavor and URL checks; and refined conditional logic for secure window settings and UI element handling.
`app/src/main/AndroidManifest.xml`, `app/src/main/res/layout/activity_home.xml`, `app/src/main/res/layout/fragment_sign_in.xml`	Adjusted manifest permissions by adding `com.google.android.gms.permission.AD_ID` and removing location permissions; updated UI layouts with attribute reordering, revised text styles, and minor hierarchy adjustments.
`FirebaseAppDistributionConfig/groups.txt`, `FirebaseAppDistributionConfig/release_notes.txt`	Added a new tester group (`trusted-testers`) for Firebase App Distribution and updated release notes to mention UX improvements and bug fixes.
`README.md`, `docs/CICDSetup.md`, `docs/SecureConfigNativeCode.md`	Expanded and refined documentation to include updated secret names, environment variable details, CI/CD pipeline setup, and secure configuration guidelines for native code interaction.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant GHA as GitHub Actions
    participant FL as Fastlane
    participant GP as Google Play

    Dev->>GHA: Push code (trigger workflow)
    GHA->>FL: Execute build_and_distribute_release lane
    FL->>KeyUtils: Retrieve package name & version info
    KeyUtils-->>FL: Return dynamic configuration
    FL->>GP: Update version & upload APK
    GP-->>FL: Confirm upload success
    FL-->>GHA: Report build status
    GHA-->>Dev: Notify build result

sequenceDiagram
    participant App as Application
    participant KU as KeyUtils
    participant NL as NativeLib

    App->>KU: Request configuration (e.g., chatUrl)
    KU->>NL: Invoke JNI function for chatUrl
    NL-->>KU: Return chat URL string
    KU-->>App: Provide chat URL dynamically

Possibly related PRs

PSMRI/FLW-Mobile-AppFLW-134 Made Build Configurations Dynamic #41: Adjustments to .gitignore for environment-specific google-services.json entries directly relate to the changes implemented.
PSMRI/FLW-Mobile-AppFLW-164 Added build configs for different projects #44: Modifications to .gitignore entries for local.properties and secrets.properties are similar to those addressed in this PR.

Suggested labels

enhancement

Suggested reviewers

drtechie
NikhilFegade

Poem

I'm a bunny coding through the night,
Hopping over changes with all my might.
Fastlane flows and workflows align,
Native secrets now securely shine.
With swift steps and a joyful leap,
I celebrate each PR—no bug too deep!
🐰💻 Hop on, and let the code keep!

Tip

🌐 Web search-backed reviews and chat

We have enabled web search-based reviews and chat for all users. This feature allows CodeRabbit to access the latest documentation and information on the web.
You can disable this feature by setting web_search: false in the knowledge_base settings.
Please share any feedback in the Discord discussion.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Generate unit testing code for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai generate unit testing code for this file.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and generate unit testing code.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 8

🧹 Nitpick comments (1)

fastlane/Fastfile (1)

1-100: Consider adding environment-specific configurations

The Fastfile would benefit from:

Environment-specific version codes

Custom build parameters per environment

Error handling for failed distributions

Would you like me to provide an example of how to implement these improvements?

🧰 Tools

🪛 rubocop (1.69.1)

[warning] 13-13: Useless assignment to variable - release.

(Lint/UselessAssignment)

[warning] 25-25: Useless assignment to variable - release.

(Lint/UselessAssignment)

[warning] 37-37: Useless assignment to variable - release.

(Lint/UselessAssignment)

[warning] 49-49: Useless assignment to variable - release.

(Lint/UselessAssignment)

[warning] 61-61: Useless assignment to variable - release.

(Lint/UselessAssignment)

[warning] 73-73: Useless assignment to variable - release.

(Lint/UselessAssignment)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between be2f3ec and dbd9592.

📒 Files selected for processing (13)

.gitignore (1 hunks)
.gradle/buildOutputCleanup/cache.properties (0 hunks)
Gemfile (1 hunks)
app/.gitignore (1 hunks)
app/google-services.json (0 hunks)
app/release/output-metadata.json (0 hunks)
fastlane/Appfile (1 hunks)
fastlane/Fastfile (1 hunks)
fastlane/Pluginfile (1 hunks)
fastlane/README.md (1 hunks)
fastlane/report.xml (1 hunks)
local.properties (0 hunks)
secrets.properties (0 hunks)

💤 Files with no reviewable changes (5)

.gradle/buildOutputCleanup/cache.properties
local.properties
app/release/output-metadata.json
app/google-services.json
secrets.properties

✅ Files skipped from review due to trivial changes (4)

app/.gitignore
fastlane/Pluginfile
.gitignore
fastlane/report.xml

🧰 Additional context used

🪛 rubocop (1.69.1)

fastlane/Fastfile

[warning] 13-13: Useless assignment to variable - release.

(Lint/UselessAssignment)

[warning] 25-25: Useless assignment to variable - release.

(Lint/UselessAssignment)

[warning] 37-37: Useless assignment to variable - release.

(Lint/UselessAssignment)

[warning] 49-49: Useless assignment to variable - release.

(Lint/UselessAssignment)

[warning] 61-61: Useless assignment to variable - release.

(Lint/UselessAssignment)

[warning] 73-73: Useless assignment to variable - release.

(Lint/UselessAssignment)

🪛 Markdownlint (0.37.0)

fastlane/README.md

4-4: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

14-14: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

16-16: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

18-18: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

26-26: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

34-34: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

42-42: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

50-50: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

58-58: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

66-66: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

74-74: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

82-82: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

90-90: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

🔇 Additional comments (4)

Gemfile (1)

1-6: LGTM! Standard Gemfile configuration.

The Gemfile is correctly configured with:

Proper source specification
Fastlane gem inclusion
Plugin integration using standard practices

fastlane/Fastfile (2)

96-99: Verify Play Store credentials and configuration

The deploy lane uses upload_to_play_store but ensure:

Proper Google Play Store credentials are configured
Required metadata and assets are in place

88-94: Beta lane configuration needs completion

The beta lane is using Crashlytics but:

No configuration for Crashlytics is provided
There's a commented placeholder for additional beta testing services

fastlane/README.md (1)

1-104: LGTM! Documentation aligns well with PR objectives.

The auto-generated documentation provides clear instructions and covers all the lanes mentioned in the PR objectives. The structure is logical and includes all necessary build types and environments.

🧰 Tools

🪛 Markdownlint (0.37.0)

4-4: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

14-14: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

16-16: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

18-18: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

26-26: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

34-34: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

42-42: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

50-50: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

58-58: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

66-66: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

74-74: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

82-82: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

90-90: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

coderabbitai · 2024-12-20T13:05:49Z

fastlane/Appfile

@@ -0,0 +1,2 @@
+json_key_file("google_services.json") # Path to the json secret file - Follow https://docs.fastlane.tools/actions/supply/#setup to get one


⚠️ Potential issue

Specify absolute path for json_key_file

The relative path to google_services.json might cause issues depending on where Fastlane is executed from. Consider using an absolute path or environment variable.

-json_key_file("google_services.json") +json_key_file(ENV["GOOGLE_SERVICES_JSON_PATH"])

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

json_key_file("google_services.json") # Path to the json secret file - Follow https://docs.fastlane.tools/actions/supply/#setup to get one

json_key_file(ENV["GOOGLE_SERVICES_JSON_PATH"]) # Path to the json secret file - Follow https://docs.fastlane.tools/actions/supply/#setup to get one

coderabbitai · 2024-12-20T13:05:49Z

fastlane/Appfile

+json_key_file("google_services.json") # Path to the json secret file - Follow https://docs.fastlane.tools/actions/supply/#setup to get one
+package_name("org.piramalswasthya.sakhi") # e.g. com.krausefx.app


💡 Codebase verification

Missing required Google Services configuration file

The google_services.json file is not present in any of the common locations, and there are no CI/CD configurations managing this file. Since this file is required for the Fastlane configuration in Appfile and was removed from the app/ directory, you need to:

Ensure google_services.json is properly managed as a secret in your CI/CD pipeline

Update the path in fastlane/Appfile if the file is stored in a different location

If using local development, obtain a new google_services.json from the Google Play Console following the guide at https://docs.fastlane.tools/actions/supply/#setup

🔗 Analysis chain

Verify the existence of required configuration files

The configuration references google_services.json which was removed from the app/ directory according to the summary. Ensure this file is properly managed and available during the CI/CD process.

Let me try to search for any references or patterns related to the google_services.json file management in the codebase to understand how it's handled.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash # Check if google_services.json exists in common locations echo "Checking for google_services.json in common locations..." for dir in "." "app/" "fastlane/" "../"; do if [ -f "${dir}google_services.json" ]; then echo "Found in: ${dir}" fi done

Length of output: 443

Script:

#!/bin/bash # Search for patterns related to google_services.json management echo "Searching for google_services.json references..." rg -i "google_services\.json" -A 3 echo -e "\nChecking CI/CD configuration files..." fd -e yml -e yaml | xargs cat

Length of output: 505

coderabbitai · 2024-12-20T13:05:49Z

fastlane/Fastfile

+      release = firebase_app_distribution(
+        app: "",
+        testers: "",
+        release_notes: "Staging-Debug version out!",
+        debug: true
+      )


⚠️ Potential issue

Critical: Firebase App Distribution configuration is incomplete

All Firebase distribution lanes have empty values for required parameters:

app: Firebase App ID is missing

testers: No testers or groups specified

This will cause distribution failures.

Consider using environment variables for these sensitive values:

firebase_app_distribution( - app: "", - testers: "", + app: ENV["FIREBASE_APP_ID_#{environment.upcase}"], + testers: ENV["FIREBASE_TESTERS_#{environment.upcase}"], release_notes: "#{environment}-#{build_type} version out!", debug: debug_enabled )

Also applies to: 25-30, 37-42, 49-54, 61-66, 73-78

🧰 Tools

🪛 rubocop (1.69.1)

[warning] 13-13: Useless assignment to variable - release.

(Lint/UselessAssignment)

coderabbitai · 2024-12-20T13:05:49Z

fastlane/Fastfile

+      gradle(
+        task: "assembleStagingDebug"
+      )
+      release = firebase_app_distribution(


🛠️ Refactor suggestion

Remove unused 'release' variable assignments

The release variable is assigned but never used in all distribution lanes.

- release = firebase_app_distribution( + firebase_app_distribution(

Also applies to: 25-25, 37-37, 49-49, 61-61, 73-73

🧰 Tools

🪛 rubocop (1.69.1)

[warning] 13-13: Useless assignment to variable - release.

(Lint/UselessAssignment)

coderabbitai · 2024-12-20T13:05:49Z

fastlane/Fastfile

+    latest_release = firebase_app_distribution_get_latest_release(
+      app: ""
+    )
+    increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 })


⚠️ Potential issue

Verify Firebase App ID in version increment lane

The app parameter is empty in the firebase_app_distribution_get_latest_release action.

- app: "" + app: ENV["FIREBASE_APP_ID_STAGING"]

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

latest_release = firebase_app_distribution_get_latest_release(

app: ""

)

increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 })

latest_release = firebase_app_distribution_get_latest_release(

app: ENV["FIREBASE_APP_ID_STAGING"]

)

increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 })

coderabbitai · 2024-12-20T13:05:49Z

fastlane/README.md

+### android distribute_staging_debug
+
+```sh
+[bundle exec] fastlane android distribute_staging_debug
+```
+
+Firebase Distributions: Staging Debug App
+
+### android distribute_uat_debug
+
+```sh
+[bundle exec] fastlane android distribute_uat_debug
+```
+
+Firebase Distributions: Uat Debug App
+
+### android distribute_production_debug
+
+```sh
+[bundle exec] fastlane android distribute_production_debug
+```
+
+Firebase Distributions: Production Debug App
+
+### android distribute_staging_release
+
+```sh
+[bundle exec] fastlane android distribute_staging_release
+```
+
+Firebase Distributions: Staging Release App
+
+### android distribute_uat_release
+
+```sh
+[bundle exec] fastlane android distribute_uat_release
+```
+
+Firebase Distributions: Uat Release App
+
+### android distribute_production_release
+
+```sh
+[bundle exec] fastlane android distribute_production_release
+```
+
+Firebase Distributions: Production Release App
+


💡 Codebase verification

Security configuration missing in Firebase App Distribution setup

The verification confirms critical security concerns in the Firebase App Distribution configuration:

All Firebase App Distribution configurations (debug and release) have empty app and testers fields

No tester group restrictions are implemented for any environment

Debug builds, including production, are configured without any access controls

Action items needed:

Configure appropriate Firebase App IDs for each environment

Set up restricted tester groups, especially for debug builds and production environment

Document the intended audience and access restrictions for each build type in the README.md

🔗 Analysis chain

Consider security implications of debug build distributions.

The configuration includes debug build distributions for all environments, including production. While this is useful for testing, it's important to:

Ensure debug builds are distributed only to internal testers

Consider implementing restrictions on debug build distribution for production environment

Add documentation about the intended audience for each build type

Let's verify the Firebase App Distribution configuration:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash # Check Firebase App Distribution configuration in Fastfile rg -A 5 "firebase_app_distribution" # Look for any tester group configurations rg -A 5 "groups|testers"

Length of output: 4102

🧰 Tools

🪛 Markdownlint (0.37.0)

26-26: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

34-34: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

42-42: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

50-50: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

58-58: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

66-66: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

coderabbitai · 2024-12-20T13:05:49Z

fastlane/README.md

+### android beta
+
+```sh
+[bundle exec] fastlane android beta
+```
+
+Submit a new Beta Build to Crashlytics Beta
+
+### android deploy
+
+```sh
+[bundle exec] fastlane android deploy
+```
+
+Deploy a new version to the Google Play


💡 Codebase verification

Update deployment documentation to clarify beta and production processes

The codebase reveals that the deployment setup is more complex than documented:

Beta distribution uses Firebase App Distribution (not Crashlytics as mentioned in README), with separate configurations for staging, UAT, and production environments

Google Play deployment requires google_services.json credentials file as specified in fastlane/Appfile

Required changes:

Update README.md to correctly state "Submit a new Beta Build to Firebase App Distribution" instead of "Crashlytics Beta"

Add details about the three environments (staging/UAT/production) for beta distribution

Document the Google Play Store deployment prerequisites, specifically the required google_services.json credentials file

🔗 Analysis chain

Clarify beta and production deployment process.

The documentation includes beta and production deployment lanes but lacks details about:

The difference between Firebase distribution and Crashlytics Beta

The Google Play deployment process and required credentials

Let's verify the deployment configurations:

Let me gather more information about the deployment configurations.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash # Check beta deployment configuration rg -A 5 "crashlytics|beta" # Check Google Play deployment setup rg -A 5 "google_play|play_store"

Length of output: 3579

Script:

#!/bin/bash # Check for Firebase distribution configuration rg -A 5 "firebase.*distribution|firebase.*app.*distribution" # Check for Play Store credentials setup rg -A 5 "json_key|play_store_credentials" # Check for any additional deployment configuration files fd -e json -e properties -e gradle "play|firebase|fastlane"

Length of output: 2817

🧰 Tools

🪛 Markdownlint (0.37.0)

82-82: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

90-90: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

coderabbitai · 2024-12-20T13:05:49Z

fastlane/README.md

+### android increment_version_staging_debug
+
+```sh
+[bundle exec] fastlane android increment_version_staging_debug
+```
+
+Increment Build Version in Codebase
+


💡 Codebase verification

Based on the search results, I can now provide a final response:

Version increment implementation exists but needs expansion

The current version increment implementation is limited to staging debug builds and relies on Firebase App Distribution's build version. The codebase shows:

Only one increment lane: increment_version_staging_debug

Version information defined in multiple places:

app/build.gradle: versionCode 2, versionName "2.0.0"

app/src/main/res/values/strings.xml: version "2.0.0"

Consider:

Adding version increment capabilities for UAT and production environments

Implementing consistent version management across all build variants

Centralizing version information to avoid inconsistencies

🔗 Analysis chain

Verify version increment implementation.

The documentation mentions version increment capability but only for staging debug builds. Consider whether version management should be implemented for other environments as well.

Let's check the version increment implementation:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash # Check version increment implementation in Fastfile rg -A 5 "increment_version" # Look for version management related configurations rg -A 5 "version|versionCode|versionName"

Length of output: 85963

🧰 Tools

🪛 Markdownlint (0.37.0)

74-74: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

drtechie · 2024-12-30T09:31:23Z

secrets.properties

Isn't this file needed?
cc: @NikhilFegade

coderabbitai

Actionable comments posted: 7

🧹 Nitpick comments (6)

.github/workflows/android.yml (1)
66-70: Update upload-artifact action and improve artifact naming

The upload-artifact action version is outdated, and the artifact naming could be improved.
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
  with:
-   name: ${{ env.date_today }} - ${{ env.repository_name }} - APK(s) ${{ matrix.variant }} generated
+   name: ${{ env.repository_name }}-${{ matrix.variant }}-${{ env.date_today }}
    path: ${{ env.main_project_module }}/build/outputs/apk/${{ matrix.variant }}/
+   if-no-files-found: error
🧰 Tools

🪛 actionlint (1.7.4)

67-67: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)
app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt (2)

5-5: Consider making NATIVE_JNI_LIB_NAME configurable.
In some scenarios, you may want to dynamically change the library name for different build variations or testing environments. If that’s not a plausible use case, this approach is fine.

11-23: Ensure these JNI methods have appropriate fallback or usage checks.
While returning default values is helpful, you might also want to log warnings or errors when environment variables are not found to aid debugging.

app/src/main/cpp/native-lib.cpp (1)

30-33: Watch out for secure storage.
While environment variables can be an improvement over storing keys in plain text, there are scenarios where environment variables might remain accessible to unintended processes. Evaluate if you need a more secure vault mechanism for distribution.

app/src/main/java/org/piramalswasthya/sakhi/network/JsonAdapters.kt (1)

109-110: Handle missing ABHA secrets gracefully.
Switching from BuildConfig to KeyUtils is fine, but ensure that if KeyUtils.abhaClientID() or KeyUtils.abhaClientSecret() fail to retrieve valid strings, the app clearly handles the error case.

app/build.gradle (1)

73-79: Ensure your CI environment supports external CMake build.
Introducing externalNativeBuild and specifying ndkVersion is helpful for reproducible builds. However, confirm that your CI pipeline has the correct NDK version installed.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dbd9592 and 953afd8.

📒 Files selected for processing (9)

.github/workflows/android.yml (1 hunks)
app/build.gradle (3 hunks)
app/src/main/cpp/CMakeLists.txt (1 hunks)
app/src/main/cpp/native-lib.cpp (1 hunks)
app/src/main/java/org/piramalswasthya/sakhi/crypt/CryptoUtil.kt (2 hunks)
app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt (3 hunks)
app/src/main/java/org/piramalswasthya/sakhi/network/AbhaApiService.kt (3 hunks)
app/src/main/java/org/piramalswasthya/sakhi/network/JsonAdapters.kt (2 hunks)
app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/android.yml

32-32: the runner of "actions/setup-java@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

38-38: got unexpected EOF while lexing end of string literal, expecting '''

(expression)

44-44: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:1:74: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:3:64: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:4:56: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:5:64: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:7:52: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:8:54: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:9:56: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:10:54: Double quote to prevent globbing and word splitting

(shellcheck)

67-67: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 yamllint (1.35.1)

.github/workflows/android.yml

[error] 46-46: trailing spaces

(trailing-spaces)

[error] 50-50: trailing spaces

(trailing-spaces)

[warning] 72-72: too many blank lines

(2 > 0) (empty-lines)

🔇 Additional comments (20)

app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt (2)

3-3: Use of an object for key utilities is appropriate.
By declaring KeyUtils as an object, you're ensuring a singleton implementation that cannot be instantiated multiple times. This is a good fit for utility-level code.

7-9: Good native library loading.
Ensure your build scripts or Gradle setup includes the corresponding .so files for all relevant ABI targets. Missing ABI or library files can cause runtime errors on certain devices.

app/src/main/cpp/native-lib.cpp (6)

1-5: Headers and definitions look correct.
This portion sets up the environment for JNI usage and logs. No issues found.

16-19: Default value approach is consistent.
Continuing a consistent approach with default environment variable strings is good for fallback when environment variables aren't defined.

23-26: Consistent pattern for environment lookup.
Matches the style of the other functions. Ensure these default values are non-sensitive placeholders in production.

37-40: Good fallback approach for baseAbhaUrl.
Always confirm that your rollout strategy accounts for scenarios in which environment variables remain unset in production.
[approve]

44-47: Same pattern for abhaTokenUrl.
Maintaining uniform default usage across environment variable fetch logic is readable and maintainable.

51-54: Final environment variable check.
This approach is consistent with the other functions. No issues found.

app/src/main/java/org/piramalswasthya/sakhi/crypt/CryptoUtil.kt (2)

4-4: Explicit import of KeyUtils.
This is a direct import that emphasizes your shift from BuildConfig constants to external functions. Looks good.

17-17: Safer approach to secrets.
Referencing KeyUtils.encryptedPassKey() centralizes the storage, potentially enabling better rotation or dynamic retrieval of keys. Just confirm testing in a production-like environment to verify default fallback logic.

app/src/main/java/org/piramalswasthya/sakhi/network/AbhaApiService.kt (3)

4-4: Kotlin import structure is fine.
The shift from build-config references to KeyUtils is consistent with the project’s new approach.

13-13: Dynamic URL retrieval for getToken.
Using KeyUtils.abhaTokenUrl() ensures you can easily rotate or update URLs without rebuilding the entire app.

52-52: Likewise for getAuthCert.
This change aligns well with the centralized KeyUtils usage. Thoroughly test with different environment variable setups.

app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt (3)

21-21: Use consistent utility imports across modules.
It's good that you're centralizing sensitive information in KeyUtils. Ensure that all modules referencing these keys or URLs also import and rely on KeyUtils, rather than older BuildConfig references, for consistency and better maintainability.

82-82: Confirm base URL fallback behavior.
If KeyUtils.baseTMCUrl() is unavailable or empty, does the app handle this gracefully (e.g., with a meaningful error)? Verify that KeyUtils can never return a blank string or null in production builds.

97-97: Double-check environment-specific base URLs.
Now that KeyUtils.baseAbhaUrl() is used, confirm that environment-based overrides (Staging/UAT/Production) still apply correctly. Consider verifying that no older references to BuildConfig.BASE_ABHA_URL remain in the codebase.

✅ Verification successful

Environment-specific base URLs are properly handled through native implementation

The migration from BuildConfig.BASE_ABHA_URL to KeyUtils.baseAbhaUrl() appears to be complete and secure:

No references to BuildConfig.BASE_ABHA_URL remain in the codebase
KeyUtils.baseAbhaUrl() is implemented as a native (JNI) method, which means the URLs are securely stored in native code for different environments
The only BuildConfig usages found are for proper purposes (version name, debug/production flags)
The implementation in KeyUtils.kt shows that all sensitive URLs are handled through native methods

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify no references to old BuildConfig fields remain
rg -A3 "BuildConfig\.BASE_ABHA_URL"

Length of output: 37

Script:

#!/bin/bash
# Let's check for any references to BuildConfig in general and KeyUtils.baseAbhaUrl
echo "=== Checking for BuildConfig references ==="
rg "BuildConfig" -l

echo -e "\n=== Checking for KeyUtils.baseAbhaUrl usage ==="
rg "KeyUtils\.baseAbhaUrl" -l

echo -e "\n=== Looking for environment-specific URL configurations ==="
fd -e kt -e java -e xml | xargs rg -l "BASE_ABHA_URL|baseAbhaUrl"

Length of output: 1186

Script:

#!/bin/bash
# Let's examine the KeyUtils implementation and BuildConfig usage
echo "=== Checking KeyUtils.kt implementation ==="
cat app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt

echo -e "\n=== Checking BuildConfig usage in files ==="
rg "BuildConfig\." -A 2 app/src/main/java/org/piramalswasthya/sakhi/ui/login_activity/LoginActivity.kt
rg "BuildConfig\." -A 2 app/src/main/java/org/piramalswasthya/sakhi/ui/home_activity/HomeActivity.kt

Length of output: 1746

app/src/main/java/org/piramalswasthya/sakhi/network/JsonAdapters.kt (1)

11-11: Centralize KeyUtils usage.
Importing KeyUtils here aligns with the new approach of retrieving secrets from a single utility. This promotes better consistency and reduces security risks.

app/src/main/cpp/CMakeLists.txt (1)

1-38: Validate environment variables for correctness.
Defining environment variables as compile definitions ensures the native code can access them. Double-check that each environment variable is set in the relevant CI environment or local dev environment, and confirm that no sensitive values inadvertently appear in logs.

✅ Verification successful

Environment variables are properly configured and safely handled

The verification shows that:

All environment variables are properly defined in GitHub Actions workflow
The variables are documented in README.md as required secrets/environments
The native code (native-lib.cpp) safely handles missing environment variables by providing default values
The CMakeLists.txt correctly passes these variables as compile definitions

The implementation follows secure practices:

Sensitive values are stored as GitHub secrets
Variables are accessed through getenv() with null checks
Default fallback values prevent crashes if variables are unset
No sensitive values are directly logged

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Attempt to detect usage references of environment variables
rg -A2 "BASE_TMC_URL|BASE_ABHA_URL|ABHA_TOKEN_URL|ABHA_AUTH_URL|ENCRYPTED_PASS_KEY|ABHA_CLIENT_ID|ABHA_CLIENT_SECRET" --hidden

Length of output: 3616

app/build.gradle (2)

28-28: Consider reintroducing debug build type or clarifying removal.
It appears the debug build type is commented out or absent. If this is intentional, ensure your team has a clear strategy for local debugging. If not intentional, you may need to restore or update it.

42-43: Confirm flavor naming alignment.
Renaming flavors from staging/uat to saksham_staging/saksham_uat can break existing references. Verify that relevant code (e.g., CI scripts, environment variable checks) is updated accordingly.

Also applies to: 47-48

coderabbitai · 2024-12-31T10:53:39Z

.github/workflows/android.yml

+    strategy:
+      matrix:
+        variant: [saksham_staging]  # Add other variants as needed


🛠️ Refactor suggestion

Expand matrix strategy to include all required variants

The PR objectives mention multiple build types (staging, UAT, production) in both debug and release variants, but the matrix only includes saksham_staging. Consider adding all required variants:

strategy: matrix: - variant: [saksham_staging] # Add other variants as needed + variant: [ + saksham_staging_debug, + saksham_uat_debug, + saksham_production_debug, + saksham_staging_release, + saksham_uat_release, + saksham_production_release + ]

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

strategy:

matrix:

variant: [saksham_staging] # Add other variants as needed

strategy:

matrix:

variant: [

saksham_staging_debug,

saksham_uat_debug,

saksham_production_debug,

saksham_staging_release,

saksham_uat_release,

saksham_production_release

]

coderabbitai · 2024-12-31T10:53:40Z

.github/workflows/android.yml

+      - name: Set up JDK
+        uses: actions/setup-java@v2
+        with:
+          distribution: 'zulu'
+          java-version: '11'


⚠️ Potential issue

Update actions/setup-java to the latest version

The current version of setup-java action is outdated.

- uses: actions/setup-java@v2 + uses: actions/setup-java@v4

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Set up JDK

uses: actions/setup-java@v2

with:

distribution: 'zulu'

java-version: '11'

- name: Set up JDK

uses: actions/setup-java@v4

with:

distribution: 'zulu'

java-version: '11'

🧰 Tools

🪛 actionlint (1.7.4)

32-32: the runner of "actions/setup-java@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

coderabbitai · 2024-12-31T10:53:40Z

.github/workflows/android.yml

+      - name: Decode google-services.json
+        run: echo ${{ secrets['GOOGLE_SERVICES_JSON_BASE64] }} | base64 --decode > ./app/google-services.json


⚠️ Potential issue

Fix syntax error in google-services.json decoding

There's a syntax error in the secrets reference and the command is missing proper quoting.

- run: echo ${{ secrets['GOOGLE_SERVICES_JSON_BASE64] }} | base64 --decode > ./app/google-services.json + run: echo "${{ secrets.GOOGLE_SERVICES_JSON_BASE64 }}" | base64 --decode > ./app/google-services.json

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Decode google-services.json

run: echo ${{ secrets['GOOGLE_SERVICES_JSON_BASE64] }} | base64 --decode > ./app/google-services.json

- name: Decode google-services.json

run: echo "${{ secrets.GOOGLE_SERVICES_JSON_BASE64 }}" | base64 --decode > ./app/google-services.json

🧰 Tools

🪛 actionlint (1.7.4)

38-38: got unexpected EOF while lexing end of string literal, expecting '''

(expression)

coderabbitai · 2024-12-31T10:53:40Z

.github/workflows/android.yml

+      - name: Build with Gradle
+        run: ./gradlew build
+
+      - name: Build apk project (APK) - ${{ env.main_project_module }} module
+        run: ./gradlew assemble${{ matrix.variant }}


🛠️ Refactor suggestion

Integrate Fastlane lanes for build and distribution

The workflow installs Fastlane but doesn't utilize any of the lanes mentioned in the PR objectives. Consider replacing the direct Gradle commands with appropriate Fastlane lanes.

- name: Build with Gradle - run: ./gradlew build - name: Build apk project (APK) - ${{ env.main_project_module }} module - run: ./gradlew assemble${{ matrix.variant }} + name: Build and distribute using Fastlane + run: | + case "${{ matrix.variant }}" in + *staging_debug) fastlane distribute_staging_debug ;; + *uat_debug) fastlane distribute_uat_debug ;; + *production_debug) fastlane distribute_production_debug ;; + *staging_release) fastlane distribute_staging_release ;; + *uat_release) fastlane distribute_uat_release ;; + *production_release) fastlane distribute_production_release ;; + esac

Committable suggestion skipped: line range outside the PR's diff.

coderabbitai · 2024-12-31T10:53:40Z

.github/workflows/android.yml

+      - name: Set Environment Variables
+        run: |
+          echo "GOOGLE_SERVICES_JSON_BASE64_=${{ secrets.ENCRYPTED_PASS_KEY }}" >> $GITHUB_ENV
+
+          echo "ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}" >> $GITHUB_ENV
+          echo "ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}" >> $GITHUB_ENV
+          echo "ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}" >> $GITHUB_ENV
+
+          echo "BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}" >> $GITHUB_ENV
+          echo "BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}" >> $GITHUB_ENV
+          echo "ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}" >> $GITHUB_ENV
+          echo "ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}" >> $GITHUB_ENV
+
+        env:
+          # Specify which environment to use for each variant
+          saksham_staging: SAKSHAM_STAG
+


🛠️ Refactor suggestion

⚠️ Potential issue

Refactor environment variables setup for security and efficiency

Several issues need to be addressed:

GOOGLE_SERVICES_JSON_BASE64_ is set twice with different values

Environment variables are set individually, which is inefficient

Sensitive values should be masked in logs

- run: | - echo "GOOGLE_SERVICES_JSON_BASE64_=${{ secrets.ENCRYPTED_PASS_KEY }}" >> $GITHUB_ENV - - echo "ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}" >> $GITHUB_ENV - echo "ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}" >> $GITHUB_ENV - echo "ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}" >> $GITHUB_ENV - - echo "BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}" >> $GITHUB_ENV - echo "BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}" >> $GITHUB_ENV - echo "ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}" >> $GITHUB_ENV - echo "ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}" >> $GITHUB_ENV + run: | + { + echo "ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}" + echo "ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}" + echo "ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}" + echo "BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}" + echo "BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}" + echo "ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}" + echo "ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}" + } >> "$GITHUB_ENV"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Set Environment Variables

run: |

echo "GOOGLE_SERVICES_JSON_BASE64_=${{ secrets.ENCRYPTED_PASS_KEY }}" >> $GITHUB_ENV

echo "ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}" >> $GITHUB_ENV

echo "ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}" >> $GITHUB_ENV

echo "ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}" >> $GITHUB_ENV

echo "BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}" >> $GITHUB_ENV

echo "BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}" >> $GITHUB_ENV

echo "ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}" >> $GITHUB_ENV

echo "ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}" >> $GITHUB_ENV

env:

# Specify which environment to use for each variant

saksham_staging: SAKSHAM_STAG

- name: Set Environment Variables

run: |

{

echo "ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}"

echo "ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}"

echo "ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}"

echo "BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}"

echo "BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}"

echo "ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}"

echo "ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}"

} >> "$GITHUB_ENV"

env:

# Specify which environment to use for each variant

saksham_staging: SAKSHAM_STAG

🧰 Tools

🪛 actionlint (1.7.4)

44-44: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:1:74: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:3:64: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:4:56: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:5:64: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:7:52: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:8:54: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:9:56: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:10:54: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

[error] 46-46: trailing spaces

(trailing-spaces)

[error] 50-50: trailing spaces

(trailing-spaces)

coderabbitai · 2024-12-31T10:53:40Z

app/src/main/cpp/native-lib.cpp

+        Java_ ## JNI_PACKAGE_BASE ## _utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) {
+const char* encryptedPassKey = std::getenv("ENCRYPTED_PASS_KEY");
+return env->NewStringUTF(base_tmc_url ? encryptedPassKey : "default_encryptedPassKey");
+}


⚠️ Potential issue

Potential variable name mismatch.
You used encryptedPassKey for std::getenv("ENCRYPTED_PASS_KEY"), but the returned value references base_tmc_url in the NewStringUTF() check. This appears to be a typo or copy-paste error.

- return env->NewStringUTF(base_tmc_url ? encryptedPassKey : "default_encryptedPassKey"); + return env->NewStringUTF(encryptedPassKey ? encryptedPassKey : "default_encryptedPassKey");

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

Java_ ## JNI_PACKAGE_BASE ## _utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) {

const char* encryptedPassKey = std::getenv("ENCRYPTED_PASS_KEY");

return env->NewStringUTF(base_tmc_url ? encryptedPassKey : "default_encryptedPassKey");

}

Java_ ## JNI_PACKAGE_BASE ## _utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) {

const char* encryptedPassKey = std::getenv("ENCRYPTED_PASS_KEY");

return env->NewStringUTF(encryptedPassKey ? encryptedPassKey : "default_encryptedPassKey");

}

coderabbitai

Actionable comments posted: 4

🧹 Nitpick comments (1)

.github/workflows/android.yml (1)

4-11: Consider branch protection implications

The workflow runs on both push and pull_request events for the same branches, which could lead to duplicate runs when PRs are merged. Consider:

Using branch protection rules to enforce PR reviews

Conditionally running certain steps based on the event type

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 953afd8 and 5070b9d.

📒 Files selected for processing (2)

.github/workflows/android.yml (1 hunks)
app/.gitignore (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

app/.gitignore

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/android.yml

32-32: the runner of "actions/setup-java@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

44-44: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:1:74: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:3:64: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:4:56: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:5:64: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:7:52: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:8:54: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:9:56: Double quote to prevent globbing and word splitting

(shellcheck)

44-44: shellcheck reported issue in this script: SC2086:info:10:54: Double quote to prevent globbing and word splitting

(shellcheck)

67-67: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 yamllint (1.35.1)

.github/workflows/android.yml

[error] 46-46: trailing spaces

(trailing-spaces)

[error] 50-50: trailing spaces

(trailing-spaces)

[warning] 72-72: too many blank lines

(2 > 0) (empty-lines)

coderabbitai · 2024-12-31T10:59:47Z

.github/workflows/android.yml

+      - name: Install Fastlane
+        run: gem install fastlane


⚠️ Potential issue

Configure Fastlane after installation

The workflow installs Fastlane but doesn't initialize or configure it. Add the following steps:

- name: Install Fastlane run: gem install fastlane + +- name: Configure Fastlane + run: | + mkdir -p fastlane + cat > fastlane/Appfile <<EOF + json_key_file("path/to/your/play-store-credentials.json") + package_name("org.piramalswasthya.sakhi") + EOF

Committable suggestion skipped: line range outside the PR's diff.

coderabbitai · 2024-12-31T10:59:48Z

.github/workflows/android.yml

+  main_project_module: app
+  repository_name: FLW-Mobile-App
+  playstore_name: MyApp
+  date_today: ${{ github.event.head_commit.timestamp }}


⚠️ Potential issue

Fix timestamp access for PR events

The date_today variable uses github.event.head_commit.timestamp which is only available for push events, not pull requests. This will cause the workflow to fail on PRs.

- date_today: ${{ github.event.head_commit.timestamp }} + date_today: ${{ github.event.pull_request.updated_at || github.event.head_commit.timestamp }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

date_today: ${{ github.event.head_commit.timestamp }}

date_today: ${{ github.event.pull_request.updated_at || github.event.head_commit.timestamp }}

coderabbitai · 2024-12-31T10:59:48Z

.github/workflows/android.yml

+      - name: Upload APK - ${{ env.repository_name }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ env.date_today }} - ${{ env.repository_name }} - APK(s) ${{ matrix.variant }} generated
+          path: ${{ env.main_project_module }}/build/outputs/apk/${{ matrix.variant }}/
+


🛠️ Refactor suggestion

Improve artifact upload configuration

The artifact upload step needs improvements:

Verify the path exists before upload

Set a retention period to manage storage

Use a more consistent naming pattern

- name: Upload APK - ${{ env.repository_name }} uses: actions/upload-artifact@v3 with: - name: ${{ env.date_today }} - ${{ env.repository_name }} - APK(s) ${{ matrix.variant }} generated - path: ${{ env.main_project_module }}/build/outputs/apk/${{ matrix.variant }}/ + name: ${{ env.repository_name }}-${{ matrix.variant }}-${{ env.date_today }} + path: | + ${{ env.main_project_module }}/build/outputs/apk/${{ matrix.variant }}/*.apk + !${{ env.main_project_module }}/build/outputs/apk/${{ matrix.variant }}/*-unsigned.apk + retention-days: 5 + if-no-files-found: error

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Upload APK - ${{ env.repository_name }}

uses: actions/upload-artifact@v3

with:

name: ${{ env.date_today }} - ${{ env.repository_name }} - APK(s) ${{ matrix.variant }} generated

path: ${{ env.main_project_module }}/build/outputs/apk/${{ matrix.variant }}/

- name: Upload APK - ${{ env.repository_name }}

uses: actions/upload-artifact@v3

with:

name: ${{ env.repository_name }}-${{ matrix.variant }}-${{ env.date_today }}

path: |

${{ env.main_project_module }}/build/outputs/apk/${{ matrix.variant }}/*.apk

!${{ env.main_project_module }}/build/outputs/apk/${{ matrix.variant }}/*-unsigned.apk

retention-days: 5

if-no-files-found: error

🧰 Tools

🪛 actionlint (1.7.4)

67-67: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

coderabbitai · 2024-12-31T10:59:48Z

.github/workflows/android.yml

+        env:
+          # Specify which environment to use for each variant
+          saksham_staging: SAKSHAM_STAG
+


⚠️ Potential issue

Complete the environment mapping for all variants

The environment mapping is incomplete. Based on the PR objectives, you need mappings for all environments (staging, UAT, production) and build types (debug, release).

env: # Specify which environment to use for each variant saksham_staging: SAKSHAM_STAG + saksham_uat: SAKSHAM_UAT + saksham_production: SAKSHAM_PROD + saksham_staging_debug: SAKSHAM_STAG_DEBUG + saksham_uat_debug: SAKSHAM_UAT_DEBUG + saksham_production_debug: SAKSHAM_PROD_DEBUG + saksham_staging_release: SAKSHAM_STAG_RELEASE + saksham_uat_release: SAKSHAM_UAT_RELEASE + saksham_production_release: SAKSHAM_PROD_RELEASE

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

env:

# Specify which environment to use for each variant

saksham_staging: SAKSHAM_STAG

env:

# Specify which environment to use for each variant

saksham_staging: SAKSHAM_STAG

saksham_uat: SAKSHAM_UAT

saksham_production: SAKSHAM_PROD

saksham_staging_debug: SAKSHAM_STAG_DEBUG

saksham_uat_debug: SAKSHAM_UAT_DEBUG

saksham_production_debug: SAKSHAM_PROD_DEBUG

saksham_staging_release: SAKSHAM_STAG_RELEASE

saksham_uat_release: SAKSHAM_UAT_RELEASE

saksham_production_release: SAKSHAM_PROD_RELEASE

coderabbitai

Actionable comments posted: 2

🧹 Nitpick comments (1)

SECURITY.md (1)

8-14: LGTM! Consider adding mobile-specific version information.

The version support table is well-structured and clear. Consider adding:

Minimum supported Android API level

Supported Firebase SDK versions

App signing key rotation policy

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5070b9d and 0055d78.

📒 Files selected for processing (1)

SECURITY.md (1 hunks)

coderabbitai · 2025-01-05T12:03:49Z

SECURITY.md

+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+


🛠️ Refactor suggestion

Replace placeholder text with project-specific security information.

The current text is a template placeholder. Please customize this section to include:

Scope of security coverage (mobile app, backend APIs, Firebase services)

Security update delivery mechanisms (Play Store, Firebase App Distribution)

Version naming/numbering scheme

coderabbitai · 2025-01-05T12:03:49Z

SECURITY.md

+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.


🛠️ Refactor suggestion

Enhance the vulnerability reporting section with specific guidelines.

Replace the placeholder text with comprehensive reporting guidelines including:

Reporting channels:

Security issue tracker URL

Security team email

Bug bounty program (if applicable)

Response timeline expectations

Severity classification criteria

Safe harbor policy

Mobile-specific concerns:

App reverse engineering

API endpoint vulnerabilities

Firebase security misconfigurations

Build artifact tampering

Responsible disclosure policy

Would you like me to provide a template for this section that covers all these aspects?

coderabbitai

Actionable comments posted: 7

🧹 Nitpick comments (3)

app/src/main/java/org/piramalswasthya/sakhi/SakhiApplication.kt (1)
6-6: Remove unused import.

The android.util.Log import is not used in this file.
-import android.util.Log
fastlane/Pluginfile (1)
5-7: Add version constraints for Fastlane plugins.

Consider adding version constraints to ensure consistent behavior across different environments:
-gem 'fastlane-plugin-firebase_app_distribution'
-gem 'fastlane-plugin-increment_version_code'
-gem 'fastlane-plugin-load_json'
+gem 'fastlane-plugin-firebase_app_distribution', '~> 0.3.0'
+gem 'fastlane-plugin-increment_version_code', '~> 0.3.0'
+gem 'fastlane-plugin-load_json', '~> 0.0.1'
fastlane/Fastfile (1)
14-14: Review debug mode setting.

Debug mode is hardcoded to true. Consider making it configurable based on the build variant:
-        debug: true
+        debug: options[:variant].downcase.include?('debug')

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0055d78 and 134a4f0.

📒 Files selected for processing (18)

.github/workflows/android.yml (1 hunks)
.gitignore (1 hunks)
Gemfile (1 hunks)
app/.gitignore (1 hunks)
app/build.gradle (4 hunks)
app/release/output-metadata.json (0 hunks)
app/src/main/cpp/CMakeLists.txt (1 hunks)
app/src/main/cpp/native-lib.cpp (1 hunks)
app/src/main/java/org/piramalswasthya/sakhi/SakhiApplication.kt (2 hunks)
app/src/main/java/org/piramalswasthya/sakhi/crypt/CryptoUtil.kt (2 hunks)
app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt (3 hunks)
app/src/main/java/org/piramalswasthya/sakhi/network/AbhaApiService.kt (2 hunks)
app/src/main/java/org/piramalswasthya/sakhi/network/JsonAdapters.kt (2 hunks)
fastlane/Appfile (1 hunks)
fastlane/Fastfile (1 hunks)
fastlane/Pluginfile (1 hunks)
fastlane/README.md (1 hunks)
fastlane/report.xml (1 hunks)

💤 Files with no reviewable changes (1)

app/release/output-metadata.json

🚧 Files skipped from review as they are similar to previous changes (9)

app/.gitignore
.gitignore
Gemfile
fastlane/report.xml
fastlane/Appfile
app/src/main/java/org/piramalswasthya/sakhi/crypt/CryptoUtil.kt
app/src/main/java/org/piramalswasthya/sakhi/network/AbhaApiService.kt
app/src/main/java/org/piramalswasthya/sakhi/network/JsonAdapters.kt
app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt

🧰 Additional context used

🪛 Markdownlint (0.37.0)

fastlane/README.md

4-4: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

15-15: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

17-17: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

19-19: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

30-30: null
Spaces inside link text

(MD039, no-space-in-links)

🪛 rubocop (1.69.1)

fastlane/Fastfile

[convention] 4-5: Extra empty line detected at block body beginning.

(Layout/EmptyLinesAroundBlockBody)

[convention] 35-36: Extra empty line detected at block body end.

(Layout/EmptyLinesAroundBlockBody)

🪛 actionlint (1.7.4)

.github/workflows/android.yml

33-33: the runner of "actions/setup-java@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

74-74: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:1:64: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:2:56: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:3:64: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:4:52: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:5:54: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:6:56: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:7:54: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:8:57: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:9:64: Double quote to prevent globbing and word splitting

(shellcheck)

108-108: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

132-132: the runner of "actions/setup-java@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

173-173: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:1:64: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:2:56: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:3:64: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:4:52: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:5:54: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:6:56: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:7:54: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:8:57: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:9:64: Double quote to prevent globbing and word splitting

(shellcheck)

207-207: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (9)

app/src/main/java/org/piramalswasthya/sakhi/SakhiApplication.kt (1)

31-37: Verify the necessity of early initialization.

These KeyUtils calls seem to be retrieving configuration values during app startup. Please verify:

Are these values actually needed during app startup?

Could this initialization be deferred until the values are actually needed?

Is there a specific reason why these can't be initialized lazily?

Let's check how these values are used in the codebase:

✅ Verification successful

Early initialization is justified - keep as is

The early initialization is necessary as these values are used to configure critical app infrastructure during startup:

Required for dependency injection setup of API services

Used in security/encryption utilities

Needed for API authentication configuration

Moving to lazy initialization could introduce race conditions or delays in essential operations.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Search for usages of KeyUtils methods
echo "Searching for KeyUtils method usages..."
rg "KeyUtils\.(encryptedPassKey|baseAbhaUrl|baseTMCUrl|abhaAuthUrl|abhaClientID|abhaClientSecret|abhaTokenUrl)" -A 3
Length of output: 3557
fastlane/README.md (1)

1-34: Documentation looks good!

The README provides clear instructions for installation and usage of the Fastlane actions.

🧰 Tools

🪛 Markdownlint (0.37.0)

4-4: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

15-15: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

17-17: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

19-19: Expected: setext; Actual: atx
Heading style

(MD003, heading-style)

30-30: null
Spaces inside link text

(MD039, no-space-in-links)

fastlane/Fastfile (1)

20-34: Clean up or implement commented lanes.

The commented-out lanes for version increment and Play Store deployment should either be removed if they're not needed or implemented if they're part of the planned functionality.

Would you like me to help implement these lanes properly?
app/build.gradle (3)

29-36: LGTM! ABI split configuration is well-structured.

The ABI split configuration properly includes all necessary architectures (armeabi-v7a, arm64-v8a, x86, x86_64) and enables universal APK generation.

49-75: Verify Firebase App Distribution configuration for all flavors.

The product flavors are well-structured, but ensure that Firebase App Distribution is properly configured for each flavor in the Fastlane configuration.

✅ Verification successful

Firebase App Distribution configuration is properly set up ✅

The Firebase App Distribution is well-configured using a generic lane with environment variables (FIREBASE_APP_ID, FIREBASE_CLI_TOKEN). This approach is secure and can support all product flavors through environment variable switching in your CI/CD pipeline. No changes needed.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Check if Fastlane configuration exists for all flavors
echo "Checking Fastlane configuration..."
rg -A 5 "lane :.*_debug do|lane :.*_release do" fastlane/Fastfile
Length of output: 379

Script:
#!/bin/bash
# Search for Firebase App Distribution related configurations
echo "Searching for Firebase configurations..."
rg -i "firebase" fastlane/
echo -e "\nChecking for distribution configurations in other files..."
fd "firebase" --type f
Length of output: 838
97-102: Verify NDK version compatibility.

The NDK version (27.2.12479018) specified should be compatible with the CMake configuration and the native code requirements.

✅ Verification successful

NDK version 27.2.12479018 is compatible with the project requirements

The native code uses only basic JNI and Android logging features that are stable across NDK versions. The CMake configuration is standard and doesn't impose any version-specific requirements.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Check CMake configuration for NDK compatibility
echo "Checking CMake configuration..."
rg -A 5 "cmake" app/src/main/cpp/CMakeLists.txt
Length of output: 319

Script:
#!/bin/bash
# Check C++ source files for NDK-specific requirements
echo "Checking C++ source files..."
fd -e cpp -e h . app/src/main/cpp --exec rg -l "android|ndk|ANDROID|NDK"

# Check for Android.mk or Application.mk files which might have NDK requirements
echo -e "\nChecking for Android build files..."
fd "Android.mk|Application.mk" app/src/main/cpp
Length of output: 310

Script:
#!/bin/bash
# Check native-lib.cpp content
echo "Checking native-lib.cpp content..."
cat app/src/main/cpp/native-lib.cpp
Length of output: 2559
.github/workflows/android.yml (3)

15-15: Fix timestamp access for PR events.

The timestamp access needs to be fixed as mentioned in the past review.

33-36: Update actions/setup-java to the latest version.

The setup-java action version needs to be updated as mentioned in the past review.

🧰 Tools

🪛 actionlint (1.7.4)

33-33: the runner of "actions/setup-java@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

74-84: Improve environment variables setup.

The environment variables setup needs to be refactored as mentioned in the past review.

🧰 Tools

🪛 actionlint (1.7.4)

74-74: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:1:64: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:2:56: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:3:64: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:4:52: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:5:54: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:6:56: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:7:54: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:8:57: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:9:64: Double quote to prevent globbing and word splitting

(shellcheck)

coderabbitai · 2025-01-08T11:46:05Z

app/src/main/java/org/piramalswasthya/sakhi/SakhiApplication.kt

+        KeyUtils.encryptedPassKey()
+        KeyUtils.baseAbhaUrl()
+        KeyUtils.baseTMCUrl()
+        KeyUtils.abhaAuthUrl()
+        KeyUtils.abhaClientID()
+        KeyUtils.abhaClientSecret()
+        KeyUtils.abhaTokenUrl()


🛠️ Refactor suggestion

Review KeyUtils initialization approach.

The current implementation has several potential issues:

All KeyUtils methods are called sequentially without storing or using their return values

No error handling for potential initialization failures

These calls could impact app startup time

Consider the following improvements:

Initialize these values lazily when first needed

Add error handling

Document why these need to be called during application startup

Here's a suggested approach:

- KeyUtils.encryptedPassKey() - KeyUtils.baseAbhaUrl() - KeyUtils.baseTMCUrl() - KeyUtils.abhaAuthUrl() - KeyUtils.abhaClientID() - KeyUtils.abhaClientSecret() - KeyUtils.abhaTokenUrl() + try { + // Document why early initialization is needed + KeyUtils.initialize(applicationContext) + } catch (e: Exception) { + Timber.e(e, "Failed to initialize KeyUtils") + // Consider proper error handling strategy + }

Committable suggestion skipped: line range outside the PR's diff.

coderabbitai · 2025-01-08T11:46:06Z

fastlane/Fastfile

+        groups: "kevaltesters",
+        release_notes: "Staging-Debug version out!",
+        debug: true


🛠️ Refactor suggestion

Make tester groups and release notes configurable.

The tester group and release notes are hardcoded. Consider making them configurable through environment variables or lane options:

- groups: "kevaltesters", - release_notes: "Staging-Debug version out!", + groups: ENV['FIREBASE_TESTER_GROUPS'], + release_notes: "#{options[:variant]} build #{Time.now.strftime('%Y-%m-%d %H:%M')}",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

groups: "kevaltesters",

release_notes: "Staging-Debug version out!",

debug: true

groups: ENV['FIREBASE_TESTER_GROUPS'],

release_notes: "#{options[:variant]} build #{Time.now.strftime('%Y-%m-%d %H:%M')}",

debug: true

coderabbitai · 2025-01-08T11:46:06Z

app/src/main/cpp/CMakeLists.txt

+# Fetch environment variables
+set(ENCRYPTED_PASS_KEY "$ENV{ENCRYPTED_PASS_KEY}")
+set(ABHA_CLIENT_SECRET "$ENV{ABHA_CLIENT_SECRET}")
+set(ABHA_CLIENT_ID "$ENV{ABHA_CLIENT_ID}")
+set(BASE_TMC_URL "$ENV{BASE_TMC_URL}")
+set(BASE_ABHA_URL "$ENV{BASE_ABHA_URL}")
+set(ABHA_TOKEN_URL "$ENV{ABHA_TOKEN_URL}")
+set(ABHA_AUTH_URL "$ENV{ABHA_AUTH_URL}")


🛠️ Refactor suggestion

Add validation for required environment variables.

Consider adding checks to ensure required environment variables are set:

# Fetch environment variables +if(NOT DEFINED ENV{ENCRYPTED_PASS_KEY}) + message(FATAL_ERROR "ENCRYPTED_PASS_KEY environment variable is not set") +endif() set(ENCRYPTED_PASS_KEY "$ENV{ENCRYPTED_PASS_KEY}")

Apply similar checks for other critical environment variables.

Committable suggestion skipped: line range outside the PR's diff.

coderabbitai · 2025-01-08T11:46:06Z

app/src/main/cpp/native-lib.cpp

+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Encrypted Password Key: %s",
+                        encryptedPassKey.c_str());


⚠️ Potential issue

Remove logging of sensitive information.

Logging sensitive information like encryption keys, client secrets, and IDs poses a security risk as logs can be accessed by other apps or during debugging.

Remove or modify the logging statements:

- __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Encrypted Password Key: %s", - encryptedPassKey.c_str()); + __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, "Encrypted Password Key: [REDACTED]");

Apply similar changes to other logging statements.

Also applies to: 20-21, 29-29

coderabbitai · 2025-01-08T11:46:06Z

app/src/main/cpp/native-lib.cpp

+// JNI functions
+extern "C" JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) {
+    std::string encryptedPassKey = ENCRYPTED_PASS_KEY;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Encrypted Password Key: %s",
+                        encryptedPassKey.c_str());
+    return env->NewStringUTF(encryptedPassKey.c_str());
+}
+
+extern "C" JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaClientSecret(JNIEnv *env, jobject thiz) {
+    std::string abhaClientSecret = ABHA_CLIENT_SECRET;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Client Secret: %s",
+                        abhaClientSecret.c_str());
+    return env->NewStringUTF(abhaClientSecret.c_str());
+}
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaClientID(JNIEnv *env, jobject thiz) {
+    std::string abhaClientID = ABHA_CLIENT_ID;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Client ID: %s", abhaClientID.c_str());
+    return env->NewStringUTF(abhaClientID.c_str());
+}
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseTMCUrl(JNIEnv *env, jobject thiz) {
+    std::string baseTMCUrl = BASE_TMC_URL;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Base TMC URL: %s", baseTMCUrl.c_str());
+    return env->NewStringUTF(baseTMCUrl.c_str());
+}
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseAbhaUrl(JNIEnv *env, jobject thiz) {
+    std::string baseAbhaUrl = BASE_ABHA_URL;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Base ABHA URL: %s", baseAbhaUrl.c_str());
+    return env->NewStringUTF(baseAbhaUrl.c_str());
+}
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaTokenUrl(JNIEnv *env, jobject thiz) {
+    std::string abhaTokenUrl = ABHA_TOKEN_URL;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Token URL: %s", abhaTokenUrl.c_str());
+    return env->NewStringUTF(abhaTokenUrl.c_str());
+}
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaAuthUrl(JNIEnv *env, jobject thiz) {
+    std::string abhaAuthUrl = ABHA_AUTH_URL;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Auth URL: %s", abhaAuthUrl.c_str());
+    return env->NewStringUTF(abhaAuthUrl.c_str());
+}


🛠️ Refactor suggestion

Consider adding error handling for missing environment variables.

The JNI functions should handle cases where the environment variables are not set or contain invalid values.

Example implementation:

extern "C" JNIEXPORT jstring JNICALL Java_org_piramalswasthya_sakhi_utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) { std::string encryptedPassKey = ENCRYPTED_PASS_KEY; + if (encryptedPassKey.empty()) { + __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, "ENCRYPTED_PASS_KEY is not set"); + return env->NewStringUTF(""); + } return env->NewStringUTF(encryptedPassKey.c_str()); }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

// JNI functions

extern "C" JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) {

std::string encryptedPassKey = ENCRYPTED_PASS_KEY;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Encrypted Password Key: %s",

encryptedPassKey.c_str());

return env->NewStringUTF(encryptedPassKey.c_str());

}

extern "C" JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaClientSecret(JNIEnv *env, jobject thiz) {

std::string abhaClientSecret = ABHA_CLIENT_SECRET;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Client Secret: %s",

abhaClientSecret.c_str());

return env->NewStringUTF(abhaClientSecret.c_str());

}

extern "C"

JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaClientID(JNIEnv *env, jobject thiz) {

std::string abhaClientID = ABHA_CLIENT_ID;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Client ID: %s", abhaClientID.c_str());

return env->NewStringUTF(abhaClientID.c_str());

}

extern "C"

JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseTMCUrl(JNIEnv *env, jobject thiz) {

std::string baseTMCUrl = BASE_TMC_URL;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Base TMC URL: %s", baseTMCUrl.c_str());

return env->NewStringUTF(baseTMCUrl.c_str());

}

extern "C"

JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseAbhaUrl(JNIEnv *env, jobject thiz) {

std::string baseAbhaUrl = BASE_ABHA_URL;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Base ABHA URL: %s", baseAbhaUrl.c_str());

return env->NewStringUTF(baseAbhaUrl.c_str());

}

extern "C"

JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaTokenUrl(JNIEnv *env, jobject thiz) {

std::string abhaTokenUrl = ABHA_TOKEN_URL;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Token URL: %s", abhaTokenUrl.c_str());

return env->NewStringUTF(abhaTokenUrl.c_str());

}

extern "C"

JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaAuthUrl(JNIEnv *env, jobject thiz) {

std::string abhaAuthUrl = ABHA_AUTH_URL;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Auth URL: %s", abhaAuthUrl.c_str());

return env->NewStringUTF(abhaAuthUrl.c_str());

}

// JNI functions

extern "C" JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) {

std::string encryptedPassKey = ENCRYPTED_PASS_KEY;

if (encryptedPassKey.empty()) {

__android_log_print(ANDROID_LOG_ERROR, LOG_TAG, "ENCRYPTED_PASS_KEY is not set");

return env->NewStringUTF("");

}

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Encrypted Password Key: %s",

encryptedPassKey.c_str());

return env->NewStringUTF(encryptedPassKey.c_str());

}

extern "C" JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaClientSecret(JNIEnv *env, jobject thiz) {

std::string abhaClientSecret = ABHA_CLIENT_SECRET;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Client Secret: %s",

abhaClientSecret.c_str());

return env->NewStringUTF(abhaClientSecret.c_str());

}

extern "C"

JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaClientID(JNIEnv *env, jobject thiz) {

std::string abhaClientID = ABHA_CLIENT_ID;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Client ID: %s", abhaClientID.c_str());

return env->NewStringUTF(abhaClientID.c_str());

}

extern "C"

JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseTMCUrl(JNIEnv *env, jobject thiz) {

std::string baseTMCUrl = BASE_TMC_URL;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Base TMC URL: %s", baseTMCUrl.c_str());

return env->NewStringUTF(baseTMCUrl.c_str());

}

extern "C"

JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseAbhaUrl(JNIEnv *env, jobject thiz) {

std::string baseAbhaUrl = BASE_ABHA_URL;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Base ABHA URL: %s", baseAbhaUrl.c_str());

return env->NewStringUTF(baseAbhaUrl.c_str());

}

extern "C"

JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaTokenUrl(JNIEnv *env, jobject thiz) {

std::string abhaTokenUrl = ABHA_TOKEN_URL;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Token URL: %s", abhaTokenUrl.c_str());

return env->NewStringUTF(abhaTokenUrl.c_str());

}

extern "C"

JNIEXPORT jstring JNICALL

Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaAuthUrl(JNIEnv *env, jobject thiz) {

std::string abhaAuthUrl = ABHA_AUTH_URL;

__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Auth URL: %s", abhaAuthUrl.c_str());

return env->NewStringUTF(abhaAuthUrl.c_str());

}

.github/workflows/android.yml

coderabbitai

Actionable comments posted: 7

♻️ Duplicate comments (1)

app/src/main/cpp/native-lib.cpp (1)

7-11: ⚠️ Potential issue

Add error handling and validation for configuration values.

The JNI functions lack proper error handling and validation. This could lead to crashes or undefined behavior if configuration values are missing or invalid.

Apply this pattern to all JNI functions:

 extern "C" JNIEXPORT jstring JNICALL
 Java_org_piramalswasthya_sakhi_utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) {
     std::string encryptedPassKey = ENCRYPTED_PASS_KEY;
-    return env->NewStringUTF(encryptedPassKey.c_str());
+    if (encryptedPassKey.empty()) {
+        __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, "ENCRYPTED_PASS_KEY is not set");
+        return env->NewStringUTF("");
+    }
+    
+    jstring result = env->NewStringUTF(encryptedPassKey.c_str());
+    if (!result) {
+        __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, "Failed to create jstring");
+        return env->NewStringUTF("");
+    }
+    
+    return result;
 }

🧹 Nitpick comments (3)

app/src/main/cpp/native-lib.cpp (1)
7-59: Implement a reusable helper function to reduce code duplication.

All JNI functions follow the same pattern, leading to code duplication. Extract the common logic into a helper function.

Add a helper function:
static jstring getConfigValue(JNIEnv *env, const char* key, const std::string& value) {
    if (value.empty()) {
        __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, "%s is not set", key);
        return env->NewStringUTF("");
    }
    
    jstring result = env->NewStringUTF(value.c_str());
    if (!result) {
        __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, "Failed to create jstring for %s", key);
        return env->NewStringUTF("");
    }
    
    return result;
}
Then simplify all JNI functions:
 extern "C" JNIEXPORT jstring JNICALL
 Java_org_piramalswasthya_sakhi_utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) {
     std::string encryptedPassKey = ENCRYPTED_PASS_KEY;
-    return env->NewStringUTF(encryptedPassKey.c_str());
+    return getConfigValue(env, "ENCRYPTED_PASS_KEY", encryptedPassKey);
 }
app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt (2)
12-27: Consider implementing caching mechanism for frequently accessed values.

The current implementation may result in frequent JNI calls. Consider caching the values that don't change during runtime.

Example implementation:
private var cachedEncryptedPassKey: String? = null

fun encryptedPassKey(): String {
    return cachedEncryptedPassKey ?: synchronized(this) {
        cachedEncryptedPassKey ?: native_encryptedPassKey().also { cachedEncryptedPassKey = it }
    }
}

private external fun native_encryptedPassKey(): String
1-29: Consider security testing and maintenance implications.

While moving sensitive data to native code improves security against reverse engineering, consider:

Adding security testing to the CI/CD pipeline to verify the protection of sensitive data

Documenting the build process and requirements (NDK, CMake) for developers

Implementing monitoring for native crashes and error reporting

Creating a disaster recovery plan in case of native library loading failures

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 97f567f and 7b68d8c.

📒 Files selected for processing (5)

.github/workflows/android.yml (1 hunks)
app/src/main/cpp/CMakeLists.txt (1 hunks)
app/src/main/cpp/native-lib.cpp (1 hunks)
app/src/main/java/org/piramalswasthya/sakhi/ui/home_activity/HomeActivity.kt (9 hunks)
app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

app/src/main/java/org/piramalswasthya/sakhi/ui/home_activity/HomeActivity.kt
app/src/main/cpp/CMakeLists.txt

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/android.yml

33-33: the runner of "actions/setup-java@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

74-74: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:1:64: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:2:56: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:3:64: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:4:52: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:5:54: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:6:56: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:7:54: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:8:57: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:9:64: Double quote to prevent globbing and word splitting

(shellcheck)

108-108: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

132-132: the runner of "actions/setup-java@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

173-173: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:1:64: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:2:56: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:3:64: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:4:52: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:5:54: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:6:56: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:7:54: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:8:57: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:9:64: Double quote to prevent globbing and word splitting

(shellcheck)

207-207: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (6)

.github/workflows/android.yml (6)

12-15: Fix timestamp access for PR events

The date_today variable uses github.event.head_commit.timestamp which is only available for push events. This will cause the workflow to fail on PR events.
-  date_today: ${{ github.event.head_commit.timestamp }}
+  date_today: ${{ github.event.pull_request.updated_at || github.event.head_commit.timestamp }}
24-26: Expand matrix strategy to include all required variants

The matrix only includes SakshamStagDebug, but the PR objectives mention multiple build types. Consider adding all required variants:
  strategy:
    matrix:
-       variant: [ SakshamStagDebug ]
+       variant: [
+         saksham_staging_debug,
+         saksham_uat_debug,
+         saksham_production_debug,
+         saksham_staging_release,
+         saksham_uat_release,
+         saksham_production_release
+       ]
107-116: Improve artifact upload configuration

The artifact upload step needs improvements:

Verify the path exists before upload

Set a retention period to manage storage

Use a more consistent naming pattern
 - name: Upload APKs
   uses: actions/upload-artifact@v3
   with:
-    name: FLW-Mobile-App - APK(s) ${{ matrix.variant }} generated
-    path: |
-      app/build/outputs/apk/sakshamStag/debug/app-sakshamStag-armeabi-v7a-debug.apk
-      app/build/outputs/apk/sakshamStag/debug/app-sakshamStag-arm64-v8a-debug.apk
-      app/build/outputs/apk/sakshamStag/debug/app-sakshamStag-x86-debug.apk
-      app/build/outputs/apk/sakshamStag/debug/app-sakshamStag-x86_64-debug.apk
-      app/build/outputs/apk/sakshamStag/debug/app-sakshamStag-universal-debug.apk
+    name: ${{ env.repository_name }}-${{ matrix.variant }}-${{ env.date_today }}
+    path: |
+      ${{ env.main_project_module }}/build/outputs/apk/${{ matrix.variant }}/*.apk
+      !${{ env.main_project_module }}/build/outputs/apk/${{ matrix.variant }}/*-unsigned.apk
+    retention-days: 5
+    if-no-files-found: error
🧰 Tools

🪛 actionlint (1.7.4)

108-108: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

32-36: ⚠️ Potential issue

Update actions/setup-java to the latest version

The current version of setup-java action is outdated.
- uses: actions/setup-java@v2
+ uses: actions/setup-java@v4
  with:
    distribution: 'zulu'
    java-version: '17'
Likely invalid or redundant comment.

🧰 Tools

🪛 actionlint (1.7.4)

33-33: the runner of "actions/setup-java@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

95-96: ⚠️ Potential issue

Configure Fastlane after installation

The workflow uses Fastlane but doesn't initialize or configure it. Add the following steps:
+ - name: Configure Fastlane
+   run: |
+     mkdir -p fastlane
+     cat > fastlane/Appfile <<EOF
+     json_key_file("path/to/your/play-store-credentials.json")
+     package_name("org.piramalswasthya.sakhi")
+     EOF
Likely invalid or redundant comment.

74-84: ⚠️ Potential issue

Refactor environment variables setup for security and efficiency

Several issues need to be addressed:

Environment variables are set individually, which is inefficient

Line 82 uses > instead of >>, which would overwrite previous variables

Shell script best practices are not followed
- run: |
-   echo "ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}" >> $GITHUB_ENV
-   echo "ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}" >> $GITHUB_ENV
-   echo "ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}" >> $GITHUB_ENV
-   echo "BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}" >> $GITHUB_ENV
-   echo "BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}" >> $GITHUB_ENV
-   echo "ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}" >> $GITHUB_ENV
-   echo "ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}" >> $GITHUB_ENV
-   echo "FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }}" > $GITHUB_ENV
-   echo "FIREBASE_CLI_TOKEN=${{ secrets.FIREBASE_CLI_TOKEN }}" >> $GITHUB_ENV
+ run: |
+   {
+     echo "ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}"
+     echo "ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}"
+     echo "ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}"
+     echo "BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}"
+     echo "BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}"
+     echo "ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}"
+     echo "ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}"
+     echo "FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }}"
+     echo "FIREBASE_CLI_TOKEN=${{ secrets.FIREBASE_CLI_TOKEN }}"
+   } >> "$GITHUB_ENV"
Likely invalid or redundant comment.

🧰 Tools

🪛 actionlint (1.7.4)

74-74: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:1:64: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:2:56: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:3:64: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:4:52: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:5:54: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:6:56: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:7:54: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:8:57: Double quote to prevent globbing and word splitting

(shellcheck)

74-74: shellcheck reported issue in this script: SC2086:info:9:64: Double quote to prevent globbing and word splitting

(shellcheck)

coderabbitai · 2025-01-08T12:50:42Z

app/src/main/cpp/native-lib.cpp

+extern "C" JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) {
+    std::string encryptedPassKey = ENCRYPTED_PASS_KEY;
+    return env->NewStringUTF(encryptedPassKey.c_str());
+}
+
+extern "C" JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaClientSecret(JNIEnv *env, jobject thiz) {
+    std::string abhaClientSecret = ABHA_CLIENT_SECRET;
+    return env->NewStringUTF(abhaClientSecret.c_str());
+}
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaClientID(JNIEnv *env, jobject thiz) {
+    std::string abhaClientID = ABHA_CLIENT_ID;
+    return env->NewStringUTF(abhaClientID.c_str());
+}
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseTMCUrl(JNIEnv *env, jobject thiz) {
+    std::string baseTMCUrl = BASE_TMC_URL;
+    return env->NewStringUTF(baseTMCUrl.c_str());
+}
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseAbhaUrl(JNIEnv *env, jobject thiz) {
+    std::string baseAbhaUrl = BASE_ABHA_URL;
+    return env->NewStringUTF(baseAbhaUrl.c_str());
+}
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaTokenUrl(JNIEnv *env, jobject thiz) {
+    std::string abhaTokenUrl = ABHA_TOKEN_URL;
+    return env->NewStringUTF(abhaTokenUrl.c_str());
+}
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaAuthUrl(JNIEnv *env, jobject thiz) {
+    std::string abhaAuthUrl = ABHA_AUTH_URL;
+    return env->NewStringUTF(abhaAuthUrl.c_str());
+}
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_chatUrl(JNIEnv *env, jobject thiz) {
+    std::string chatUrl = CHAT_URL;
+    return env->NewStringUTF(chatUrl.c_str());
+}


🛠️ Refactor suggestion

Add input validation for URL configuration values.

URL configuration values (baseTMCUrl, baseAbhaUrl, etc.) should be validated to ensure they are well-formed URLs.

Add URL validation:

#include <regex> static bool isValidUrl(const std::string& url) { const std::regex urlRegex( R"(^(http|https)://)" R"([a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,})" R"((/\S*)?$)" ); return std::regex_match(url, urlRegex); }

Then validate URLs before returning:

extern "C" JNIEXPORT jstring JNICALL Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseTMCUrl(JNIEnv *env, jobject thiz) { std::string baseTMCUrl = BASE_TMC_URL; + if (!baseTMCUrl.empty() && !isValidUrl(baseTMCUrl)) { + __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, "Invalid URL format: %s", "BASE_TMC_URL"); + return env->NewStringUTF(""); + } return env->NewStringUTF(baseTMCUrl.c_str()); }

⚠️ Potential issue

Add exception handling for JNI operations.

The code should handle potential JNI exceptions that might occur during string operations.

Add exception handling:

static jstring handleJniExceptions(JNIEnv *env, const std::function<jstring()>& operation) { try { return operation(); } catch (const std::exception& e) { __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, "JNI exception: %s", e.what()); if (env->ExceptionCheck()) { env->ExceptionDescribe(); env->ExceptionClear(); } return env->NewStringUTF(""); } }

Then wrap JNI operations:

extern "C" JNIEXPORT jstring JNICALL Java_org_piramalswasthya_sakhi_utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) { - std::string encryptedPassKey = ENCRYPTED_PASS_KEY; - return env->NewStringUTF(encryptedPassKey.c_str()); + return handleJniExceptions(env, [env]() { + std::string encryptedPassKey = ENCRYPTED_PASS_KEY; + return env->NewStringUTF(encryptedPassKey.c_str()); + }); }

coderabbitai · 2025-01-08T12:50:42Z

app/src/main/cpp/native-lib.cpp

+#include <jni.h>
+#include <string>
+#include <android/log.h>
+
+


🛠️ Refactor suggestion

Add header protection and define configuration constants.

The header lacks protection against multiple inclusion. Additionally, the configuration constants (ENCRYPTED_PASS_KEY, ABHA_CLIENT_SECRET, etc.) are used but not defined.

Add the following at the beginning of the file:

+#pragma once + #include <jni.h> #include <string> #include <android/log.h> + +#define LOG_TAG "NativeLib" + +// Configuration constants should be defined here or included from a separate header +// These should be populated during build time from environment variables +#ifndef ENCRYPTED_PASS_KEY +#define ENCRYPTED_PASS_KEY "" +#endif +// Add similar defines for other constants

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

#include <jni.h>

#include <string>

#include <android/log.h>

#pragma once

#include <jni.h>

#include <string>

#include <android/log.h>

#define LOG_TAG "NativeLib"

// Configuration constants should be defined here or included from a separate header

// These should be populated during build time from environment variables

#ifndef ENCRYPTED_PASS_KEY

#define ENCRYPTED_PASS_KEY ""

#endif

// Add similar defines for other constants

coderabbitai · 2025-01-08T12:50:42Z

.github/workflows/android.yml

+  saksham_uat_job:
+    runs-on: ubuntu-latest
+    environment: SAKSHAM_UAT
+
+    strategy:
+      matrix:
+        variant: [ SakshamUatDebug ]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v2
+        with:
+          distribution: 'zulu'
+          java-version: '17'
+
+      - name: Set up Android SDK
+        uses: android-actions/setup-android@v2
+
+      - name: Setup Android NDK
+        uses: nttld/[email protected]
+        with:
+          ndk-version: r27c
+          link-to-sdk: true
+
+      - name: Install CMake
+        uses: jwlawson/actions-setup-cmake@v1
+        with:
+          cmake-version: '3.31.1'
+
+      - name: Set up ruby env
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.7.2
+          bundler-cache: true
+
+      - name: Verify Ruby installation
+        run: ruby -v
+
+      - name: Decode google-services.json from secret
+        run: |
+          echo ${{ secrets.GOOGLE_SERVICES_JSON_BASE64 }} | base64 --decode > ./app/google-services.json
+      #          echo "Decoded google-services.json"
+      #          cat ./app/google-services.json
+
+      - name: Decode GoogleServiceAccount.json from secret
+        run: |
+          echo ${{ secrets.GOOGLE_SERVICE_ACCOUNT_JSON }} | base64 --decode > ./fastlane/GoogleServiceAccount.json
+      #          echo "Decoded GoogleServiceAccount.json"
+      #          cat ./fastlane/GoogleServiceAccount.json
+
+      - name: Set Environment Variables
+        run: |
+          echo "ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}" >> $GITHUB_ENV
+          echo "ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}" >> $GITHUB_ENV
+          echo "ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}" >> $GITHUB_ENV
+          echo "BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}" >> $GITHUB_ENV
+          echo "BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}" >> $GITHUB_ENV
+          echo "ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}" >> $GITHUB_ENV
+          echo "ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}" >> $GITHUB_ENV
+          echo "FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }}" > $GITHUB_ENV
+          echo "FIREBASE_CLI_TOKEN=${{ secrets.FIREBASE_CLI_TOKEN }}" >> $GITHUB_ENV
+
+      - name: Create local.properties
+        run: |
+          echo "sdk.dir=$ANDROID_SDK_ROOT" > local.properties
+
+      #      - name: Verify `local.properties` Content
+      #        run: |
+      #          echo "Contents of local.properties:"
+      #          cat ./local.properties
+
+
+      - name: Build and Distribute app to Firebase
+        run: bundle exec fastlane android build_and_distribute_apk_to_firebase variant:${{ matrix.variant }}
+
+      - name: List APK files
+        run: |
+          echo "Listing sakshamUat APK files:"
+          ls -al app/build/outputs/apk/sakshamUat/debug/app-sakshamUat-armeabi-v7a-debug.apk
+          ls -al app/build/outputs/apk/sakshamUat/debug/app-sakshamUat-arm64-v8a-debug.apk
+          ls -al app/build/outputs/apk/sakshamUat/debug/app-sakshamUat-x86-debug.apk
+          ls -al app/build/outputs/apk/sakshamUat/debug/app-sakshamUat-x86_64-debug.apk
+          ls -al app/build/outputs/apk/sakshamUat/debug/app-sakshamUat-universal-debug.apk
+
+      - name: Upload APKs
+        uses: actions/upload-artifact@v3
+        with:
+          name: FLW-Mobile-App - APK(s) ${{ matrix.variant }} generated
+          path: |
+            app/build/outputs/apk/sakshamUat/debug/app-sakshamUat-armeabi-v7a-debug.apk
+            app/build/outputs/apk/sakshamUat/debug/app-sakshamUat-arm64-v8a-debug.apk
+            app/build/outputs/apk/sakshamUat/debug/app-sakshamUat-x86-debug.apk
+            app/build/outputs/apk/sakshamUat/debug/app-sakshamUat-x86_64-debug.apk
+            app/build/outputs/apk/sakshamUat/debug/app-sakshamUat-universal-debug.apk


🛠️ Refactor suggestion

Implement job reusability to reduce duplication

The workflow contains significant duplication between saksham_stag_job and saksham_uat_job. Consider using reusable workflows to maintain DRY principles:

Create a reusable workflow file (e.g., build-distribute.yml)

Move the common job steps to the reusable workflow

Call the reusable workflow from the main workflow with different inputs

Example structure:

# .github/workflows/build-distribute.yml name: Build and Distribute on: workflow_call: inputs: environment: required: true type: string variant: required: true type: string jobs: build: runs-on: ubuntu-latest environment: ${{ inputs.environment }} steps: # Common steps here

Main workflow usage:

jobs: saksham_stag_job: uses: ./.github/workflows/build-distribute.yml with: environment: SAKSHAM_STAG variant: saksham_staging_debug secrets: inherit saksham_uat_job: uses: ./.github/workflows/build-distribute.yml with: environment: SAKSHAM_UAT variant: saksham_uat_debug secrets: inherit

🧰 Tools

🪛 actionlint (1.7.4)

132-132: the runner of "actions/setup-java@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

173-173: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:1:64: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:2:56: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:3:64: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:4:52: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:5:54: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:6:56: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:7:54: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:8:57: Double quote to prevent globbing and word splitting

(shellcheck)

173-173: shellcheck reported issue in this script: SC2086:info:9:64: Double quote to prevent globbing and word splitting

(shellcheck)

207-207: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

coderabbitai · 2025-01-08T12:50:42Z

app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt

+object KeyUtils {
+
+    private const val NATIVE_JNI_LIB_NAME = "sakhi"
+
+    init {
+        System.loadLibrary(NATIVE_JNI_LIB_NAME)
+    }


🛠️ Refactor suggestion

Add error handling and documentation for native library loading.

The native library loading lacks error handling and documentation. Consider:

Adding KDoc comments explaining the purpose of this utility class

Implementing error handling for System.loadLibrary()

Adding a fallback mechanism or graceful degradation if library loading fails

Example implementation:

+/** + * Utility class for securely retrieving sensitive configuration values from native code. + * This class interfaces with the native library to prevent reverse engineering of sensitive data. + */ object KeyUtils { private const val NATIVE_JNI_LIB_NAME = "sakhi" init { + try { System.loadLibrary(NATIVE_JNI_LIB_NAME) + } catch (e: UnsatisfiedLinkError) { + throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME", e) + } }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

object KeyUtils {

private const val NATIVE_JNI_LIB_NAME = "sakhi"

init {

System.loadLibrary(NATIVE_JNI_LIB_NAME)

}

/**

* Utility class for securely retrieving sensitive configuration values from native code.

* This class interfaces with the native library to prevent reverse engineering of sensitive data.

*/

object KeyUtils {

private const val NATIVE_JNI_LIB_NAME = "sakhi"

init {

try {

System.loadLibrary(NATIVE_JNI_LIB_NAME)

} catch (e: UnsatisfiedLinkError) {

throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME", e)

}

}

coderabbitai · 2025-01-08T12:50:43Z

app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt

+    external fun encryptedPassKey(): String
+
+    external fun abhaClientSecret(): String
+
+    external fun abhaClientID(): String
+
+    external fun baseTMCUrl(): String
+
+    external fun baseAbhaUrl(): String
+
+    external fun abhaTokenUrl(): String
+
+    external fun abhaAuthUrl(): String
+
+    external fun chatUrl(): String
+


🛠️ Refactor suggestion

Add documentation and return value validation for external functions.

Each external function should be documented with its purpose and potential exceptions. Consider adding runtime validation for returned values.

Example implementation:

+ /** + * Retrieves the encrypted pass key from native code. + * @return Non-null string containing the encrypted pass key + * @throws IllegalStateException if the native code returns null or empty value + */ external fun encryptedPassKey(): String + + @Throws(IllegalStateException::class) + private fun validateReturnValue(value: String, functionName: String): String { + return value.takeIf { it.isNotBlank() } + ?: throw IllegalStateException("$functionName returned null or empty value") + }

Committable suggestion skipped: line range outside the PR's diff.

💡 Codebase verification

Security concerns identified in native implementation

The native code has several security vulnerabilities:

Sensitive data stored as plain preprocessor macros

No runtime encryption/obfuscation of returned values

No secure memory handling or cleanup

Missing crypto implementation

Recommendations:

Implement proper encryption for sensitive data

Use secure string handling (e.g., SecureString)

Clear sensitive data from memory after use

Consider using NDK security libraries for better protection

🔗 Analysis chain

Verify native implementations and security considerations.

Ensure that:

Corresponding native implementations exist for all external functions

Native code properly encrypts or obfuscates the sensitive data

Memory is properly cleared after use in native code

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash # Description: Verify native implementations exist for all external functions # Check if the corresponding native implementations exist ast-grep --pattern 'JNIEXPORT jstring JNICALL Java_org_piramalswasthya_sakhi_utils_KeyUtils_$_(JNIEnv *env, jobject thiz)' # Look for memory management related functions rg -A 2 'env->NewString|env->GetStringUTFChars|env->ReleaseStringUTFChars'

Length of output: 1396

Script:

#!/bin/bash # Get complete native implementations cat app/src/main/cpp/native-lib.cpp # Look for encryption-related code rg -i "encrypt|cipher|secure|protect" app/src/main/cpp/native-lib.cpp # Check for any included security headers rg -i "#include.*crypto|security|cipher" app/src/main/cpp/native-lib.cpp

Length of output: 2276

coderabbitai

Actionable comments posted: 8

🧹 Nitpick comments (1)

.github/workflows/build-distribute.yml (1)
34-39: Make NDK version configurable

Consider making the NDK version configurable through environment variables for better maintainability:
 - name: Setup Android NDK
   uses: nttld/[email protected]
   with:
-    ndk-version: r27c
+    ndk-version: ${{ vars.ANDROID_NDK_VERSION }}
     link-to-sdk: true

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7b68d8c and 307e0fc.

📒 Files selected for processing (5)

.github/workflows/android.yml (1 hunks)
.github/workflows/build-distribute.yml (1 hunks)
app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt (1 hunks)
fastlane/Appfile (1 hunks)
fastlane/Fastfile (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

fastlane/Appfile
.github/workflows/android.yml

🧰 Additional context used

🪛 rubocop (1.69.1)

fastlane/Fastfile

[fatal] 34-34: unexpected token tIDENTIFIER
(Using Ruby 2.7 parser; configure using TargetRubyVersion parameter, under AllCops)

(Lint/Syntax)

[fatal] 35-35: unexpected token tLABEL
(Using Ruby 2.7 parser; configure using TargetRubyVersion parameter, under AllCops)

(Lint/Syntax)

[fatal] 36-36: unexpected token tLABEL
(Using Ruby 2.7 parser; configure using TargetRubyVersion parameter, under AllCops)

(Lint/Syntax)

[fatal] 37-37: unexpected token tLABEL
(Using Ruby 2.7 parser; configure using TargetRubyVersion parameter, under AllCops)

(Lint/Syntax)

[fatal] 38-38: unexpected token tRPAREN
(Using Ruby 2.7 parser; configure using TargetRubyVersion parameter, under AllCops)

(Lint/Syntax)

[fatal] 44-44: unexpected token tIDENTIFIER
(Using Ruby 2.7 parser; configure using TargetRubyVersion parameter, under AllCops)

(Lint/Syntax)

🪛 actionlint (1.7.4)

.github/workflows/build-distribute.yml

55-55: if: condition "${{ inputs.environment }} == 'NIRAMAY_PRODUCTION'" is always evaluated to true because extra characters are around ${{ }}

(if-cond)

60-60: if: condition "${{ inputs.environment }} == 'XUSHRUKHA_PRODUCTION'" is always evaluated to true because extra characters are around ${{ }}

(if-cond)

65-65: if: condition "${{ inputs.environment }} != 'NIRAMAY_PRODUCTION' && ${{ inputs.environment }} != 'XUSHRUKHA_PRODUCTION'" is always evaluated to true because extra characters are around ${{ }}

(if-cond)

77-77: shellcheck reported issue in this script: SC1009:info:1:708: The mentioned syntax error was in this variable assignment

(shellcheck)

77-77: shellcheck reported issue in this script: SC1073:error:1:922: Couldn't parse this double quoted string. Fix to allow more checks

(shellcheck)

77-77: shellcheck reported issue in this script: SC1072:error:2:1: Expected end of double quoted string. Fix any mentioned problems and try again

(shellcheck)

78-78: got unexpected character ' ' while lexing end marker }}, expecting '}'

(expression)

99-99: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 yamllint (1.35.1)

.github/workflows/build-distribute.yml

[error] 57-57: trailing spaces

(trailing-spaces)

[error] 62-62: trailing spaces

(trailing-spaces)

[warning] 103-103: too many blank lines

(1 > 0) (empty-lines)

🪛 detekt (1.23.7)

app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt

[warning] 11-11: The caught exception is swallowed. The original exception could be lost.

(detekt.exceptions.SwallowedException)

🔇 Additional comments (3)

app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt (2)

1-6: Add comprehensive documentation for this security-critical utility class.

18-32: 🛠️ Refactor suggestion

Implement security measures for native method calls.

To enhance security and reliability:

Add runtime validation of returned values

Implement integrity checks for native responses

Consider caching frequently accessed values

Apply this diff:
+    private var cachedPassKey: String? = null
+
+    @Synchronized
     external fun encryptedPassKey(): String
+    {
+        return cachedPassKey ?: validateAndCache(::encryptedPassKeyNative)
+    }
+
+    @JvmName("encryptedPassKeyNative")
+    private external fun encryptedPassKeyNative(): String
+
+    private fun validateAndCache(nativeCall: () -> String): String {
+        val result = nativeCall()
+        require(result.isNotBlank()) { "Native call returned empty value" }
+        // Add additional integrity checks here
+        cachedPassKey = result
+        return result
+    }
Similar pattern should be applied to other sensitive methods like abhaClientSecret(), abhaClientID(), etc.

Likely invalid or redundant comment.
fastlane/Fastfile (1)

17-20: 🛠️ Refactor suggestion

Make Firebase distribution configuration more flexible

The Firebase distribution configuration has hardcoded values that should be configurable:
 firebase_app_distribution(
   app: ENV['FIREBASE_APP_ID'],
   firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'],
-  groups: "kevaltesters",
-  release_notes: "#{options[:variant]}-Debug version out!",
-  debug: true
+  groups: ENV['FIREBASE_TESTER_GROUPS'],
+  release_notes: "#{options[:variant]} #{Time.now.strftime('%Y-%m-%d %H:%M')} - #{ENV['RELEASE_NOTES']}",
+  debug: ENV['FIREBASE_DEBUG'] == 'true'
)
Likely invalid or redundant comment.

coderabbitai · 2025-01-08T14:22:55Z

app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt

+    init {
+        try {
+            System.loadLibrary(NATIVE_JNI_LIB_NAME)
+        } catch (e: UnsatisfiedLinkError) {
+            throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME")
+        }
+
+    }


🛠️ Refactor suggestion

Enhance error handling for native library loading.

Include the original exception as the cause in RuntimeException

Add logging for debugging purposes

Add validation to ensure library is loaded successfully

Apply this diff:

init { try { System.loadLibrary(NATIVE_JNI_LIB_NAME) + // Validate library is loaded by calling a simple native method + encryptedPassKey() } catch (e: UnsatisfiedLinkError) { - throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME") + android.util.Log.e("KeyUtils", "Failed to load native library", e) + throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME", e) } }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

init {

try {

System.loadLibrary(NATIVE_JNI_LIB_NAME)

} catch (e: UnsatisfiedLinkError) {

throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME")

}

}

init {

try {

System.loadLibrary(NATIVE_JNI_LIB_NAME)

// Validate library is loaded by calling a simple native method

encryptedPassKey()

} catch (e: UnsatisfiedLinkError) {

android.util.Log.e("KeyUtils", "Failed to load native library", e)

throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME", e)

}

}

🧰 Tools

🪛 detekt (1.23.7)

[warning] 11-11: The caught exception is swallowed. The original exception could be lost.

(detekt.exceptions.SwallowedException)

coderabbitai · 2025-01-08T14:22:55Z

app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt

+    external fun encryptedPassKey(): String
+
+    external fun abhaClientSecret(): String
+
+    external fun abhaClientID(): String
+
+    external fun baseTMCUrl(): String
+
+    external fun baseAbhaUrl(): String
+
+    external fun abhaTokenUrl(): String
+
+    external fun abhaAuthUrl(): String
+
+    external fun chatUrl(): String


💡 Codebase verification

Native implementation requires security improvements

The current implementation has several security vulnerabilities:

Sensitive data (keys, URLs) are stored as plain text in the binary

No runtime encryption/decryption mechanisms

Lack of anti-tampering measures

No string obfuscation

Recommendations:

Implement runtime encryption/decryption for sensitive data

Add string obfuscation techniques

Include integrity checks and anti-tampering measures

Consider using Android Keystore for secure key storage

Add proguard rules for native code obfuscation

🔗 Analysis chain

Verify native implementations for security best practices.

The corresponding native implementations should be reviewed for:

Proper encryption of sensitive data

Secure memory handling

Anti-tampering measures

Run the following script to analyze the native implementation:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash # Description: Analyze native implementation for security concerns # Check for proper JNI implementation ast-grep --pattern 'JNIEXPORT jstring JNICALL Java_org_piramalswasthya_sakhi_utils_KeyUtils_$_(JNIEnv *env, jobject thiz)' # Look for security-related functions rg -i "encrypt|cipher|secure|protect" app/src/main/cpp/ # Check for memory management rg -A 2 'env->NewString|env->GetStringUTFChars|env->ReleaseStringUTFChars' app/src/main/cpp/

Length of output: 1941

Script:

#!/bin/bash # Check for string obfuscation or additional security measures rg -i "obfuscate|decode|xor|scramble" app/src/main/cpp/ # Look for build configurations cat app/src/main/cpp/CMakeLists.txt # Check for any additional native security implementations fd -e cpp -e h -e c --exec cat {} \; app/src/main/cpp/

Length of output: 1887

fastlane/Fastfile

coderabbitai · 2025-01-08T14:22:55Z

.github/workflows/build-distribute.yml

+        uses: jwlawson/actions-setup-cmake@v1
+        with:
+          cmake-version: '3.31.1'
+


⚠️ Potential issue

Fix CMake version specification

The specified CMake version 3.31.1 doesn't exist. The latest stable version is 3.27.x.

- name: Install CMake uses: jwlawson/actions-setup-cmake@v1 with: - cmake-version: '3.31.1' + cmake-version: '3.27.7'

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

uses: jwlawson/actions-setup-cmake@v1

with:

cmake-version: '3.31.1'

uses: jwlawson/actions-setup-cmake@v1

with:

cmake-version: '3.27.7'

coderabbitai · 2025-01-08T14:22:55Z

.github/workflows/build-distribute.yml

+      - name: Upload APKs
+        uses: actions/upload-artifact@v3
+        with:
+          name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated
+          path: app/build/outputs/apk/**/debug/*.apk


🛠️ Refactor suggestion

Update artifact upload configuration

The artifact upload step needs improvements:

- name: Upload APKs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated - path: app/build/outputs/apk/**/debug/*.apk + path: | + app/build/outputs/apk/**/debug/*.apk + app/build/outputs/apk/**/release/*.apk + if-no-files-found: error

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Upload APKs

uses: actions/upload-artifact@v3

with:

name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated

path: app/build/outputs/apk/**/debug/*.apk

- name: Upload APKs

uses: actions/upload-artifact@v4

with:

name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated

path: |

app/build/outputs/apk/**/debug/*.apk

app/build/outputs/apk/**/release/*.apk

if-no-files-found: error

🧰 Tools

🪛 actionlint (1.7.4)

99-99: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

.github/workflows/build-distribute.yml

coderabbitai · 2025-01-08T14:22:56Z

.github/workflows/build-distribute.yml

+      - name: Build and Distribute app to Firebase
+        run:
+          export ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}
+          export ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}
+          export ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}
+          export BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}
+          export BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}
+          export ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}
+          export ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}
+          export FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }}
+          export FIREBASE_CLI_TOKEN=${{ secrets.FIREBASE_CLI_TOKEN }}
+          export GOOGLE_PLAY_JSON_KEY=${{ secrets.GOOGLE_PLAY_JSON_KEY }}
+          export KEYSTORE_PATH=${{ secrets.KEYSTORE_PATH }}
+          export KEYSTORE_PASSWORD=${{ secrets.KEYSTORE_PASSWORD }}
+          export KEY_ALIAS=${{ secrets.KEY_ALIAS }}
+          export KEY_PASSWORD=${{ secrets.KEY_PASSWORD }
+          if [ "${{ inputs.build_type }}" == "debug" ]; then
+          bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }}
+          elif [ "${{ inputs.build_type }}" == "release" ]; then
+          bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }}
+          fi


⚠️ Potential issue

Fix shell script syntax and add validation

There are several issues in the build and distribute step:

Fix the missing closing brace:

- export KEY_PASSWORD=${{ secrets.KEY_PASSWORD } + export KEY_PASSWORD=${{ secrets.KEY_PASSWORD }}

Add validation for required secrets:

- name: Build and Distribute app to Firebase run: | + # Validate required secrets + required_secrets=( + "ENCRYPTED_PASS_KEY" + "FIREBASE_APP_ID" + "FIREBASE_CLI_TOKEN" + ) + for secret in "${required_secrets[@]}"; do + if [ -z "${!secret}" ]; then + echo "Error: Required secret $secret is not set" + exit 1 + fi + done + export ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools

🪛 actionlint (1.7.4)

77-77: shellcheck reported issue in this script: SC1009:info:1:708: The mentioned syntax error was in this variable assignment

(shellcheck)

77-77: shellcheck reported issue in this script: SC1073:error:1:922: Couldn't parse this double quoted string. Fix to allow more checks

(shellcheck)

77-77: shellcheck reported issue in this script: SC1072:error:2:1: Expected end of double quoted string. Fix any mentioned problems and try again

(shellcheck)

78-78: got unexpected character ' ' while lexing end marker }}, expecting '}'

(expression)

coderabbitai

Actionable comments posted: 4

🧹 Nitpick comments (1)

fastlane/Fastfile (1)

26-29: Add error handling for the release build task

Add validation and error handling for the release build process.

+# Validate variant parameter
+valid_variants = ['staging', 'production'] # Add your valid variants
+UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])
+
 gradle(
   task: "assemble#{options[:variant]}Release",
-  build_type: "Release"
+  build_type: "Release",
+  properties: {
+    "android.injected.signing.store.file" => ENV['KEYSTORE_PATH'],
+    "android.injected.signing.store.password" => ENV['KEYSTORE_PASSWORD'],
+    "android.injected.signing.key.alias" => ENV['KEY_ALIAS'],
+    "android.injected.signing.key.password" => ENV['KEY_PASSWORD'],
+  }
 )

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 307e0fc and 45b6acf.

📒 Files selected for processing (2)

.github/workflows/build-distribute.yml (1 hunks)
fastlane/Fastfile (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/build-distribute.yml

97-97: shellcheck reported issue in this script: SC1046:error:1:1: Couldn't find 'fi' for this 'if'

(shellcheck)

97-97: shellcheck reported issue in this script: SC1073:error:1:1: Couldn't parse this if expression. Fix to allow more checks

(shellcheck)

97-97: shellcheck reported issue in this script: SC1010:warning:1:243: Use semicolon or linefeed before 'fi' (or quote to make it literal)

(shellcheck)

97-97: shellcheck reported issue in this script: SC1047:error:2:1: Expected 'fi' matching previously mentioned 'if'

(shellcheck)

97-97: shellcheck reported issue in this script: SC1072:error:2:1: Expected 'fi'. Fix any mentioned problems and try again

(shellcheck)

108-108: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 rubocop (1.69.1)

fastlane/Fastfile

[fatal] 44-44: unexpected token tIDENTIFIER
(Using Ruby 2.7 parser; configure using TargetRubyVersion parameter, under AllCops)

(Lint/Syntax)

🔇 Additional comments (3)

fastlane/Fastfile (1)

32-38: ⚠️ Potential issue

Security: Remove separate signing step

The separate signing step is unnecessary and potentially insecure. The signing configuration should be integrated into the main build task.

Remove this entire block as the signing configuration has been moved to the main build task in the previous suggestion.
-# Sign the APK using the keystore
-gradle(
-  task: "signingReport",
-  keystore_path: ENV['KEYSTORE_PATH'],
-  keystore_password: ENV['KEYSTORE_PASSWORD'],
-  key_alias: ENV['KEY_ALIAS'],
-  key_password: ENV['KEY_PASSWORD']
-)
Likely invalid or redundant comment.
.github/workflows/build-distribute.yml (2)

41-44: ⚠️ Potential issue

Fix CMake version specification

The specified CMake version 3.31.1 doesn't exist. The latest stable version is 3.27.x.
 - name: Install CMake
   uses: jwlawson/actions-setup-cmake@v1
   with:
-    cmake-version: '3.31.1'
+    cmake-version: '3.27.7'
Likely invalid or redundant comment.

107-111: 🛠️ Refactor suggestion

Update artifact upload configuration

The artifact upload step needs improvements:

Update to the latest version

Include release APKs

Add error handling
 - name: Upload APKs
-  uses: actions/upload-artifact@v3
+  uses: actions/upload-artifact@v4
   with:
     name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated
-    path: app/build/outputs/apk/**/debug/*.apk
+    path: |
+      app/build/outputs/apk/**/debug/*.apk
+      app/build/outputs/apk/**/release/*.apk
+    if-no-files-found: error
Likely invalid or redundant comment.

🧰 Tools

🪛 actionlint (1.7.4)

108-108: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

coderabbitai · 2025-01-08T14:55:36Z

fastlane/Fastfile

+    firebase_app_distribution(
+      app: ENV['FIREBASE_APP_ID'],
+      firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'],
+      groups: "kevaltesters",
+      release_notes: "#{options[:variant]}-Debug version out!",
+      debug: true
+    )


🛠️ Refactor suggestion

Improve Firebase distribution configuration

Make tester groups configurable through environment variables

Add validation for required environment variables

Add validation for the variant parameter

firebase_app_distribution( app: ENV['FIREBASE_APP_ID'], firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'], - groups: "kevaltesters", - release_notes: "#{options[:variant]}-Debug version out!", + groups: ENV['FIREBASE_TESTER_GROUPS'], + release_notes: "#{options[:variant]} build #{Time.now.strftime('%Y-%m-%d %H:%M')}", debug: true )

Add this validation before the distribution step:

# Validate required environment variables required_vars = ['FIREBASE_APP_ID', 'FIREBASE_CLI_TOKEN', 'FIREBASE_TESTER_GROUPS'] required_vars.each do |var| UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil? end # Validate variant parameter valid_variants = ['staging', 'production'] # Add your valid variants UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])

coderabbitai · 2025-01-08T14:55:36Z

fastlane/Fastfile

+    supply(
+      track: "internal",
+      aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab"
+      json_key: "./google_play_service_account.json"
+    )


⚠️ Potential issue

Fix Play Store deployment configuration

The Play Store deployment configuration needs improvements:

Fix syntax error (missing comma)

Make paths configurable

Add file validation

supply( track: "internal", - aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab" - json_key: "./google_play_service_account.json" + aab: ENV['AAB_OUTPUT_PATH'], + json_key: ENV['GOOGLE_PLAY_JSON_KEY_PATH'], + validate_only: ENV['VALIDATE_ONLY'] == 'true' )

Add this validation before the supply action:

# Validate required files aab_path = ENV['AAB_OUTPUT_PATH'] json_key_path = ENV['GOOGLE_PLAY_JSON_KEY_PATH'] UI.user_error!("AAB file not found at: #{aab_path}") unless File.exist?(aab_path) UI.user_error!("Service account JSON not found at: #{json_key_path}") unless File.exist?(json_key_path)

🧰 Tools

🪛 rubocop (1.69.1)

[fatal] 44-44: unexpected token tIDENTIFIER
(Using Ruby 2.7 parser; configure using TargetRubyVersion parameter, under AllCops)

(Lint/Syntax)

coderabbitai · 2025-01-08T14:55:36Z

.github/workflows/build-distribute.yml

+      - name: Set Environment Variables
+        run: |
+          export ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}
+          export ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}
+          export ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}
+          export BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}
+          export BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}
+          export ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}
+          export ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}
+          export FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }}
+          export FIREBASE_CLI_TOKEN=${{ secrets.FIREBASE_CLI_TOKEN }}
+          export GOOGLE_PLAY_JSON_KEY=${{ secrets.GOOGLE_PLAY_JSON_KEY }}
+          export KEYSTORE_PATH=${{ secrets.KEYSTORE_PATH }}
+          export KEYSTORE_PASSWORD=${{ secrets.KEYSTORE_PASSWORD }}
+          export KEY_ALIAS=${{ secrets.KEY_ALIAS }}
+          export KEY_PASSWORD=${{ secrets.KEY_PASSWORD }}
+


🛠️ Refactor suggestion

Improve environment variables setup

Add validation for required secrets

Use environment files to persist variables between steps

- name: Set Environment Variables run: | + # Validate required secrets + required_secrets=( + "ENCRYPTED_PASS_KEY" + "FIREBASE_APP_ID" + "FIREBASE_CLI_TOKEN" + "KEYSTORE_PATH" + "KEYSTORE_PASSWORD" + "KEY_ALIAS" + "KEY_PASSWORD" + ) + for secret in "${required_secrets[@]}"; do + if [ -z "${!secret}" ]; then + echo "Error: Required secret $secret is not set" + exit 1 + fi + done + + # Export variables to GITHUB_ENV to persist between steps + { export ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }} export ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }} export ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }} export BASE_TMC_URL=${{ secrets.BASE_TMC_URL }} export BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }} export ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }} export ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }} export FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }} export FIREBASE_CLI_TOKEN=${{ secrets.FIREBASE_CLI_TOKEN }} export GOOGLE_PLAY_JSON_KEY=${{ secrets.GOOGLE_PLAY_JSON_KEY }} export KEYSTORE_PATH=${{ secrets.KEYSTORE_PATH }} export KEYSTORE_PASSWORD=${{ secrets.KEYSTORE_PASSWORD }} export KEY_ALIAS=${{ secrets.KEY_ALIAS }} export KEY_PASSWORD=${{ secrets.KEY_PASSWORD }} + } >> $GITHUB_ENV

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Set Environment Variables

run: |

export ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}

export ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}

export ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}

export BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}

export BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}

export ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}

export ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}

export FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }}

export FIREBASE_CLI_TOKEN=${{ secrets.FIREBASE_CLI_TOKEN }}

export GOOGLE_PLAY_JSON_KEY=${{ secrets.GOOGLE_PLAY_JSON_KEY }}

export KEYSTORE_PATH=${{ secrets.KEYSTORE_PATH }}

export KEYSTORE_PASSWORD=${{ secrets.KEYSTORE_PASSWORD }}

export KEY_ALIAS=${{ secrets.KEY_ALIAS }}

export KEY_PASSWORD=${{ secrets.KEY_PASSWORD }}

- name: Set Environment Variables

run: |

# Validate required secrets

required_secrets=(

"ENCRYPTED_PASS_KEY"

"FIREBASE_APP_ID"

"FIREBASE_CLI_TOKEN"

"KEYSTORE_PATH"

"KEYSTORE_PASSWORD"

"KEY_ALIAS"

"KEY_PASSWORD"

)

for secret in "${required_secrets[@]}"; do

if [ -z "${!secret}" ]; then

echo "Error: Required secret $secret is not set"

exit 1

fi

done

# Export variables to GITHUB_ENV to persist between steps

{

export ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}

export ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}

export ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}

export BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}

export BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}

export ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}

export ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}

export FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }}

export FIREBASE_CLI_TOKEN=${{ secrets.FIREBASE_CLI_TOKEN }}

export GOOGLE_PLAY_JSON_KEY=${{ secrets.GOOGLE_PLAY_JSON_KEY }}

export KEYSTORE_PATH=${{ secrets.KEYSTORE_PATH }}

export KEYSTORE_PASSWORD=${{ secrets.KEYSTORE_PASSWORD }}

export KEY_ALIAS=${{ secrets.KEY_ALIAS }}

export KEY_PASSWORD=${{ secrets.KEY_PASSWORD }}

} >> $GITHUB_ENV

coderabbitai · 2025-01-08T14:55:36Z

.github/workflows/build-distribute.yml

+      - name: Build and Distribute app to Firebase
+        id: build-and-distribute
+        run:
+          if [ "${{ inputs.build_type }}" == "debug" ]; then
+          echo "debug"
+          bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }}
+          else
+          echo "release"
+          bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }}
+          fi


⚠️ Potential issue

Fix shell script syntax and add error handling

The build script needs proper structure and error handling.

- name: Build and Distribute app to Firebase id: build-and-distribute - run: + run: | + set -eo pipefail + if [ "${{ inputs.build_type }}" == "debug" ]; then - echo "debug" - bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }} + echo "Building debug variant..." + bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }} || { + echo "Debug build failed" + exit 1 + } else - echo "release" - bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }} + echo "Building release variant..." + bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }} || { + echo "Release build failed" + exit 1 + } fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Build and Distribute app to Firebase

id: build-and-distribute

run:

if [ "${{ inputs.build_type }}" == "debug" ]; then

echo "debug"

bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }}

else

echo "release"

bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }}

fi

- name: Build and Distribute app to Firebase

id: build-and-distribute

run: |

set -eo pipefail

if [ "${{ inputs.build_type }}" == "debug" ]; then

echo "Building debug variant..."

bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }} || {

echo "Debug build failed"

exit 1

}

else

echo "Building release variant..."

bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }} || {

echo "Release build failed"

exit 1

}

fi

🧰 Tools

🪛 actionlint (1.7.4)

97-97: shellcheck reported issue in this script: SC1046:error:1:1: Couldn't find 'fi' for this 'if'

(shellcheck)

97-97: shellcheck reported issue in this script: SC1073:error:1:1: Couldn't parse this if expression. Fix to allow more checks

(shellcheck)

97-97: shellcheck reported issue in this script: SC1010:warning:1:243: Use semicolon or linefeed before 'fi' (or quote to make it literal)

(shellcheck)

97-97: shellcheck reported issue in this script: SC1047:error:2:1: Expected 'fi' matching previously mentioned 'if'

(shellcheck)

97-97: shellcheck reported issue in this script: SC1072:error:2:1: Expected 'fi'. Fix any mentioned problems and try again

(shellcheck)

This reverts commit 33c31ec.

drtechie · 2025-01-14T03:15:59Z

fastlane/report.xml

Let's add this to gitignore.

coderabbitai

Actionable comments posted: 4

🔭 Outside diff range comments (1)

app/src/main/res/layout/fragment_aadhaar_number_asha.xml (1)
Line range hint 1-156: Consider enhancing security for sensitive data input fields.

Since this layout handles sensitive information (Aadhaar and mobile numbers), consider implementing these security improvements:

Add android:importantForAutofill="no" to prevent autofill on sensitive fields

Add android:windowSoftInputMode="adjustResize" to the parent activity to ensure the keyboard doesn't obscure input fields

Add content descriptions for accessibility while maintaining privacy

Apply these changes to the TextInputEditText fields:
         <com.google.android.material.textfield.TextInputEditText
             android:id="@+id/tiet_aadhaar_number"
             android:layout_width="match_parent"
             android:layout_height="match_parent"
             android:inputType="number"
             android:maxLength="12"
             android:singleLine="true"
+            android:importantForAutofill="no"
+            android:contentDescription="@string/cd_aadhaar_input"
             android:textAppearance="@style/TextAppearance.Material3.BodyLarge" />

         <com.google.android.material.textfield.TextInputEditText
             android:id="@+id/tiet_mobile_number"
             android:layout_width="match_parent"
             android:layout_height="match_parent"
             android:inputType="number"
             android:maxLength="12"
             android:singleLine="true"
+            android:importantForAutofill="no"
+            android:contentDescription="@string/cd_mobile_input"
             android:textAppearance="@style/TextAppearance.Material3.BodyLarge" />

🧹 Nitpick comments (5)

app/src/main/res/layout/fragment_aadhaar_id.xml (1)
57-58: Review default selection UX.

Pre-selecting the first verification type might lead to users missing the available options. Consider:

Using a placeholder hint instead of default selection

Adding a content description for accessibility
-android:text="@{viewModel.aadhaarVerificationTypeValues[0]}"
+android:hint="@string/select_verification_type"
+android:contentDescription="@string/aadhaar_verification_type_selector"
app/src/main/java/org/piramalswasthya/sakhi/ui/abha_id_activity/aadhaar_id/aadhaar_num_asha/AadhaarNumberAshaViewModel.kt (2)
69-75: Improve code organization and documentation for the request object.

The request object construction contains hard-coded values without clear documentation of their purpose. Consider:

Moving these values to constants

Adding documentation explaining the purpose of each parameter

Using a builder pattern for cleaner request construction
+ companion object {
+     private const val SCOPE_ABHA_ENROL = "abha-enrol"
+     private const val AUTH_METHOD = "aadhaar"
+ }

+ /**
+  * Generates OTP for Aadhaar verification
+  * @param aadhaarNo The 12-digit Aadhaar number
+  * @param clientId Empty string as per ABHA v3 specification
+  * @param purpose Authentication purpose, defaults to "aadhaar"
+  */
  private fun generateAadhaarOtp(aadhaarNo: String) {
      viewModelScope.launch {
          when (val result = abhaIdRepo.generateOtpForAadhaarV2(
              AbhaGenerateAadhaarOtpRequest(
-                 "",
-                 listOf<String>("abha-enrol"),
-                 "aadhaar",
-                 aadhaarNo,
-                 "aadhaar"
+                 clientId = "",  // Required to be empty as per ABHA v3
+                 scope = listOf(SCOPE_ABHA_ENROL),
+                 authMethod = AUTH_METHOD,
+                 aadhaarNumber = aadhaarNo,
+                 purpose = AUTH_METHOD
              )
71-71: Consider using an enum for scope values.

The scope value "abha-enrol" is hardcoded as a string. Consider using an enum to prevent typos and improve maintainability.
enum class AbhaScope(val value: String) {
    ABHA_ENROL("abha-enrol")
}
app/src/main/res/layout/fragment_create_abha.xml (2)
Line range hint 209-222: Add content/text to the TextView.

The TextView is missing initial text content. Consider adding android:text attribute or setting it programmatically to improve accessibility and make the purpose clear.
     android:layout_weight="1"
     android:textSize="14sp"
     android:visibility="invisible"
+    android:text="@string/otp_message"
+    android:contentDescription="@string/otp_message_description"
     app:layout_constraintEnd_toEndOf="parent"
284-296: Consider using wrap_content for timer button width.

The fixed width of 40dp might not accommodate all possible timer values (e.g., "100") or different screen densities. Using wrap_content with minWidth would be more flexible.
-    android:layout_width="40dp"
+    android:layout_width="wrap_content"
+    android:minWidth="40dp"
     android:layout_height="wrap_content"

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 45b6acf and 6069677.

📒 Files selected for processing (23)

.github/workflows/build-distribute.yml (1 hunks)
app/src/main/AndroidManifest.xml (1 hunks)
app/src/main/java/org/piramalswasthya/sakhi/adapters/FormInputAdapterWithBgIcon.kt (1 hunks)
app/src/main/java/org/piramalswasthya/sakhi/configuration/PregnantWomanAncVisitDataset.kt (1 hunks)
app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt (3 hunks)
app/src/main/java/org/piramalswasthya/sakhi/network/AbhaApiService.kt (5 hunks)
app/src/main/java/org/piramalswasthya/sakhi/network/JsonAdapters.kt (2 hunks)
app/src/main/java/org/piramalswasthya/sakhi/repositories/AbhaIdRepo.kt (5 hunks)
app/src/main/java/org/piramalswasthya/sakhi/ui/abha_id_activity/aadhaar_id/aadhaar_num_asha/AadhaarNumberAshaViewModel.kt (1 hunks)
app/src/main/java/org/piramalswasthya/sakhi/ui/abha_id_activity/aadhaar_otp/AadhaarOtpFragment.kt (3 hunks)
app/src/main/java/org/piramalswasthya/sakhi/ui/abha_id_activity/aadhaar_otp/AadhaarOtpViewModel.kt (2 hunks)
app/src/main/java/org/piramalswasthya/sakhi/ui/home_activity/HomeActivity.kt (10 hunks)
app/src/main/java/org/piramalswasthya/sakhi/ui/login_activity/sign_in/SignInFragment.kt (2 hunks)
app/src/main/res/layout/fragment_aadhaar_id.xml (1 hunks)
app/src/main/res/layout/fragment_aadhaar_number_asha.xml (1 hunks)
app/src/main/res/layout/fragment_create_abha.xml (2 hunks)
app/src/main/res/layout/fragment_sign_in.xml (2 hunks)
app/src/main/res/menu/activity_home_drawer.xml (1 hunks)
app/src/main/res/values-as/strings_ncd.xml (0 hunks)
fastlane/.gitignore (1 hunks)
fastlane/Appfile (1 hunks)
fastlane/Fastfile (1 hunks)
fastlane/google_play_service_account.json (1 hunks)

💤 Files with no reviewable changes (1)

app/src/main/res/values-as/strings_ncd.xml

✅ Files skipped from review due to trivial changes (8)

app/src/main/java/org/piramalswasthya/sakhi/ui/abha_id_activity/aadhaar_otp/AadhaarOtpViewModel.kt
app/src/main/java/org/piramalswasthya/sakhi/ui/login_activity/sign_in/SignInFragment.kt
app/src/main/java/org/piramalswasthya/sakhi/ui/abha_id_activity/aadhaar_otp/AadhaarOtpFragment.kt
fastlane/.gitignore
app/src/main/java/org/piramalswasthya/sakhi/adapters/FormInputAdapterWithBgIcon.kt
app/src/main/res/layout/fragment_sign_in.xml
app/src/main/java/org/piramalswasthya/sakhi/configuration/PregnantWomanAncVisitDataset.kt
app/src/main/java/org/piramalswasthya/sakhi/repositories/AbhaIdRepo.kt

🚧 Files skipped from review as they are similar to previous changes (6)

app/src/main/AndroidManifest.xml
fastlane/Appfile
app/src/main/res/menu/activity_home_drawer.xml
app/src/main/java/org/piramalswasthya/sakhi/network/JsonAdapters.kt
app/src/main/java/org/piramalswasthya/sakhi/ui/home_activity/HomeActivity.kt
app/src/main/java/org/piramalswasthya/sakhi/network/AbhaApiService.kt

🧰 Additional context used

📓 Learnings (1)

app/src/main/java/org/piramalswasthya/sakhi/ui/abha_id_activity/aadhaar_id/aadhaar_num_asha/AadhaarNumberAshaViewModel.kt (1)

Learnt from: sushant-bizbrolly
PR: PSMRI/FLW-Mobile-App#45
File: app/src/main/java/org/piramalswasthya/sakhi/ui/abha_id_activity/aadhaar_otp/AadhaarOtpViewModel.kt:176-178
Timestamp: 2025-01-08T17:20:45.774Z
Learning: In the ABHA v3 migration, the `generateOtpClicked(aadhaarNo: String)` method in `AadhaarOtpViewModel` is intentionally designed to handle only state management by setting `_state2` to `LOADING`, without implementing OTP generation logic.

🪛 rubocop (1.69.1)

fastlane/Fastfile

[convention] 4-5: Extra empty line detected at block body beginning.

(Layout/EmptyLinesAroundBlockBody)

[convention] 59-60: Extra empty line detected at block body end.

(Layout/EmptyLinesAroundBlockBody)

🪛 actionlint (1.7.4)

.github/workflows/build-distribute.yml

77-77: shellcheck reported issue in this script: SC2155:warning:10:8: Declare and assign separately to avoid masking return values

(shellcheck)

105-105: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 yamllint (1.35.1)

.github/workflows/build-distribute.yml

[error] 92-92: trailing spaces

(trailing-spaces)

[error] 93-93: trailing spaces

(trailing-spaces)

[warning] 103-103: too many blank lines

(3 > 2) (empty-lines)

[warning] 109-109: too many blank lines

(1 > 0) (empty-lines)

🪛 Gitleaks (8.21.2)

fastlane/google_play_service_account.json

5-5: Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.

(private-key)

4-4: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (14)

app/src/main/res/layout/fragment_aadhaar_number_asha.xml (1)

140-144: LGTM! Improved button positioning enhances the user flow.

The new constraints position the verify button immediately after the disclaimer, creating a logical progression from consent to action.
fastlane/Fastfile (4)

14-20: Improve Firebase distribution configuration

The Firebase distribution configuration needs improvements:

Add validation for required environment variables

Make tester groups configurable

Add descriptive release notes
 firebase_app_distribution(
   app: ENV['FIREBASE_APP_ID'],
   firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'],
-  groups: "kevaltesters",
-  release_notes: "#{options[:variant]}-Debug version out!",
+  groups: ENV['FIREBASE_TESTER_GROUPS'],
+  release_notes: "#{options[:variant]} build #{Time.now.strftime('%Y-%m-%d %H:%M')}",
   debug: true
 )
Add this validation before the distribution step:
# Validate required environment variables
required_vars = ['FIREBASE_APP_ID', 'FIREBASE_CLI_TOKEN', 'FIREBASE_TESTER_GROUPS']
required_vars.each do |var|
  UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?
end
31-37: Fix syntax errors in gradle signing configuration

The gradle task configuration has syntax errors that need to be fixed.
 gradle(
-  task: "signingReport"
+  task: "signingReport",
   keystore_path: ENV['KEYSTORE_PATH'],
   keystore_password: ENV['KEYSTORE_PASSWORD'],
   key_alias: ENV['KEY_ALIAS'],
   key_password: ENV['KEY_PASSWORD']
 )
40-44: Fix Play Store deployment configuration

The commented Play Store deployment configuration needs improvements:

Make paths configurable through environment variables

Add validation for required files
 supply(
   track: "internal",
-  aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab"
-  json_key: "./google_play_service_account.json"
+  aab: ENV['AAB_OUTPUT_PATH'],
+  json_key: ENV['GOOGLE_PLAY_JSON_KEY_PATH'],
+  validate_only: ENV['VALIDATE_ONLY'] == 'true'
 )
50-56: Fix Firebase App ID in version increment lane

Even though the lane is commented out, the Firebase app ID should be properly configured.
 firebase_app_distribution_get_latest_release(
-  app: ""
+  app: ENV["FIREBASE_APP_ID_STAGING"]
 )
.github/workflows/build-distribute.yml (4)

40-44: Fix CMake version specification

The specified CMake version 3.31.1 doesn't exist. The latest stable version is 3.27.x.
 - name: Install CMake
   uses: jwlawson/actions-setup-cmake@v1
   with:
-    cmake-version: '3.31.1'
+    cmake-version: '3.27.7'
77-91: Improve environment variables setup

The environment variables setup needs improvements:

Add validation for required secrets

Use environment files to persist variables between steps
 - name: Set Environment Variables
   run: |
+    # Validate required secrets
+    required_secrets=(
+      "ENCRYPTED_PASS_KEY"
+      "FIREBASE_APP_ID"
+      "FIREBASE_CLI_TOKEN"
+      "KEYSTORE_PATH"
+      "KEYSTORE_PASSWORD"
+      "KEY_ALIAS"
+      "KEY_PASSWORD"
+    )
+    for secret in "${required_secrets[@]}"; do
+      if [ -z "${!secret}" ]; then
+        echo "Error: Required secret $secret is not set"
+        exit 1
+      fi
+    done
+
+    # Export variables to GITHUB_ENV to persist between steps
+    {
     export ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}
     ...
     export KEY_PASSWORD=${{ secrets.KEY_PASSWORD }}
+    } >> $GITHUB_ENV
🧰 Tools

🪛 actionlint (1.7.4)

77-77: shellcheck reported issue in this script: SC2155:warning:10:8: Declare and assign separately to avoid masking return values

(shellcheck)

94-100: Fix shell script syntax and add error handling

The build script needs proper structure and error handling.
-    if [ "${{ inputs.build_type }}" == "debug" ]; then
-      echo "debug"
-      bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }}
-    else
-      echo "release"
-      bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }}
-    fi
+    set -eo pipefail
+
+    if [ "${{ inputs.build_type }}" == "debug" ]; then
+      echo "Building debug variant..."
+      bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }} || {
+        echo "Debug build failed"
+        exit 1
+      }
+    else
+      echo "Building release variant..."
+      bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }} || {
+        echo "Release build failed"
+        exit 1
+      }
+    fi
104-108: Update artifact upload configuration

The artifact upload step needs improvements:

Update to the latest version of the action

Include both debug and release APKs
 - name: Upload APKs
-  uses: actions/upload-artifact@v3
+  uses: actions/upload-artifact@v4
   with:
     name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated
-    path: app/build/outputs/apk/**/debug/*.apk
+    path: |
+      app/build/outputs/apk/**/debug/*.apk
+      app/build/outputs/apk/**/release/*.apk
+    if-no-files-found: error
🧰 Tools

🪛 actionlint (1.7.4)

105-105: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)
app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt (1)

14-31: Verify usage of newly imported DAOs.

Please ensure all newly imported DAO classes are actually used within this module. I notice multiple DAO imports, but we should verify that each one corresponds to a @Provides method in the module.

✅ Verification successful

All DAOs are properly provided in the module

The verification shows that all imported DAOs have corresponding provider methods, though some use different naming conventions:

BeneficiaryIdsAvailDao → provideBenIdDao

ChildRegistrationDao → provideChildRegDao

HbncDao → provideHBNCDao

HbycDao → provideHBYCDao

ImmunizationDao → provideVaccineDao
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Check if all imported DAOs have corresponding provider methods
# Get all imported DAO classes and check for their provider methods

# Search for DAO imports
echo "Checking DAO imports against provider methods..."
for dao in $(rg -N "import.*dao\.[A-Za-z]+Dao$" app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt | awk -F'.' '{print $NF}'); do
    # Search for corresponding provider method
    if ! rg -q "provide${dao%Dao}Dao" app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt; then
        echo "Warning: No provider method found for $dao"
    fi
done
Length of output: 4834

Script:
#!/bin/bash
# Check for any usage of the DAOs that don't have provider methods
echo "Checking for alternative usage patterns of DAOs..."
for dao in "BeneficiaryIdsAvail" "ChildRegistration" "Hbnc" "Hbyc" "Immunization"; do
    echo "Searching for $dao usage:"
    rg "$dao" app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt
done
Length of output: 2038
app/src/main/res/layout/fragment_aadhaar_id.xml (3)

29-38: Well-structured layout constraints!

The LinearLayout's constraints and explicit vertical orientation provide good adaptability across different screen sizes.

67-85: Verify RadioGroup visibility logic.

The RadioGroup is hidden by default. Please ensure:

The visibility logic is properly implemented in the ViewModel

State restoration handles visibility correctly on configuration changes

Run this script to check the visibility implementation:

✅ Verification successful

RadioGroup visibility logic is properly implemented ✓

The visibility handling is correct and well-managed through:

Initial hidden state to prevent content flash

Proper state management in the ViewModel

Appropriate visibility transitions based on verification type selection
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Check visibility logic implementation
echo "Checking ViewModel implementation..."
rg -A 5 "rg_gov_asha" --type kotlin

echo "Checking state restoration..."
rg -A 5 "onSaveInstanceState|savedInstanceState.*rg_gov_asha" --type kotlin
Length of output: 265

Script:
#!/bin/bash
# Search for radio button references and Aadhaar ViewModel
echo "Checking radio button usage..."
rg -A 5 "rb_asha|rb_gov" --type kotlin

echo "Searching for Aadhaar ViewModel..."
fd -e kt -e java . | grep -i "aadhaar.*viewmodel"

echo "Checking dropdown references..."
rg -A 5 "til_aadhaar_verify_dropdown" --type kotlin
Length of output: 2251

Script:
#!/bin/bash
# Check AadhaarIdViewModel for visibility logic
echo "Checking AadhaarIdViewModel content..."
cat "app/src/main/java/org/piramalswasthya/sakhi/ui/abha_id_activity/aadhaar_id/AadhaarIdViewModel.kt"

echo "Checking Fragment for visibility setup..."
cat "app/src/main/java/org/piramalswasthya/sakhi/ui/abha_id_activity/aadhaar_id/AadhaarIdFragment.kt"
Length of output: 8775
46-49: Consider additional security measures for Aadhaar input.

Since this component handles sensitive national ID information, consider implementing:

Input masking for the Aadhaar number

Copy/paste restrictions

Screenshot prevention for this view

Run this script to verify if security measures are implemented elsewhere:
app/src/main/java/org/piramalswasthya/sakhi/ui/abha_id_activity/aadhaar_id/aadhaar_num_asha/AadhaarNumberAshaViewModel.kt (1)

70-70: Security concern: Empty client ID parameter.

The empty string being passed as the first parameter (presumably a client ID) raises security concerns. Please verify if this is intentional and document the reason.

coderabbitai · 2025-01-14T12:36:50Z

app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt

            //.addConverterFactory(GsonConverterFactory.create())
-            .baseUrl(BuildConfig.BASE_TMC_URL)
+            .baseUrl(KeyUtils.baseTMCUrl())
            .client(httpClient)
            .build()
            .create(AmritApiService::class.java)


🛠️ Refactor suggestion

Add error handling for native method calls.

The calls to KeyUtils.baseTMCUrl() and KeyUtils.baseAbhaUrl() should include error handling in case the native methods fail. Consider wrapping these in a try-catch block or implementing a fallback mechanism.

return Retrofit.Builder() .addConverterFactory(MoshiConverterFactory.create(moshi)) - .baseUrl(KeyUtils.baseTMCUrl()) + .baseUrl(try { + KeyUtils.baseTMCUrl() + } catch (e: Exception) { + throw IllegalStateException("Failed to retrieve TMC base URL", e) + }) .client(httpClient) .build()

Similar error handling should be added for KeyUtils.baseAbhaUrl().

Also applies to: 113-117

coderabbitai · 2025-01-14T12:36:50Z

app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt

@@ -79,7 +96,7 @@ object AppModule {
        return Retrofit.Builder()
            .addConverterFactory(MoshiConverterFactory.create(moshi))
            //.addConverterFactory(GsonConverterFactory.create())
-            .baseUrl(BuildConfig.BASE_TMC_URL)
+            .baseUrl(KeyUtils.baseTMCUrl())


💡 Codebase verification

Security concerns found in KeyUtils native implementation

The current implementation stores URLs as plain string constants in native code without proper encryption or obfuscation. While moving URLs to native code provides basic protection through compilation, the values remain extractable from the binary.

Recommendations:

Implement string encryption for sensitive URLs similar to the existing encryptedPassKey mechanism

Consider using string obfuscation techniques or runtime URL construction

Add integrity checks for the returned values

🔗 Analysis chain

Verify secure implementation of KeyUtils native methods.

The transition from BuildConfig to KeyUtils for retrieving sensitive URLs aligns with security objectives. However, we should verify:

The native implementation properly encrypts/obfuscates these values

The values are securely stored and not easily extractable

Also applies to: 114-114

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash # Description: Check KeyUtils implementation for security best practices echo "Checking KeyUtils implementation..." # Look for native method declarations rg -A 5 "native.*baseTMCUrl|native.*baseAbhaUrl" # Check for potential security issues in native code rg -g "*.cpp" -g "*.h" "char.*URL|std::string.*URL|jstring.*URL"

Length of output: 574

Script:

#!/bin/bash # Check how URL constants are defined echo "Checking URL constant definitions..." rg -A 2 "#define.*URL|const.*URL" app/src/main/cpp/ # Look for any encryption-related code echo "Checking for encryption mechanisms..." rg -g "*.cpp" -g "*.h" "encrypt|decrypt|obfuscate|cipher"

Length of output: 580

coderabbitai · 2025-01-14T12:36:50Z

...swasthya/sakhi/ui/abha_id_activity/aadhaar_id/aadhaar_num_asha/AadhaarNumberAshaViewModel.kt

+                abhaIdRepo.generateOtpForAadhaarV2(
+                    AbhaGenerateAadhaarOtpRequest(
+                        "",
+                        listOf<String>("abha-enrol"),
+                        "aadhaar",
+                        aadhaarNo,
+                        "aadhaar"
+                    )
+                )) {


⚠️ Potential issue

Validate Aadhaar number input before processing.

The method handles sensitive PII (Aadhaar number) without apparent validation. Consider adding input validation to ensure the Aadhaar number follows the correct format and length before processing.

private fun generateAadhaarOtp(aadhaarNo: String) { + if (!isValidAadhaarNumber(aadhaarNo)) { + _errorMessage.value = "Invalid Aadhaar number format" + _state.value = AadhaarIdViewModel.State.ERROR_SERVER + return + } viewModelScope.launch {

Add this validation helper:

private fun isValidAadhaarNumber(aadhaarNo: String): Boolean { return aadhaarNo.length == 12 && aadhaarNo.all { it.isDigit() } }

coderabbitai · 2025-01-14T12:36:50Z

fastlane/google_play_service_account.json

+{
+  "type": "service_account",
+  "project_id": "saksham-assam",
+  "private_key_id": "d0ddf69664f1f731b5717426cd1d0af7429912f4",
+  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQChoEQ9tS312YYI\nYNKaafRSnSziVQl83e6bl847y/0CJBjdx4BmJdLnSBrUYHw534d91gUY6o5tFrQn\nUfxOUqj8wpn/mkFCzEtzK9MxEsKJb+nxFDkuHiENEpDgQ3pHjUQCEa9cMB6nDNOE\nUePr0RJKn5STY1MolaYKgSpYWKm7bWpF8kfTzuMz3uGyi7k5h8qKc//Zbd2V5ngh\nF24p11iKNbbSk9yFWaDCCUq8SYu0vr4u8C1KyNMBBQFZk9C2/s7+TCzPG7yFF6Gv\nzm1xuzBUoySM/bgUX1L4s7tk0yqk8eOdwB8FWJFRN1t5K0EpclhKxxdrCnrpgUj/\n1Y7bEOtZAgMBAAECggEACXsx1Z7dwdjPVIl9gUJq6ze+LM7JPjJ0r1rx5a8bOfdt\nIAF2hkd8vkWMEV5Rm0GCHL8j0GjeDwcwbUgRcXTG5gDycLyXTHhYirqM6omLsO1I\nP3SswAhTbwViS02aDD18ulRYQaOvAKSveckmAizjEk6XNCg09iIFOgOGvOUCm/SA\nzW9XvCVewxoK4TOde7QSLcEcfvP4Mo+06krwO4mGIl+p93fCTTC6OOj3N8zpeWUm\nWZ9ryRPev0hw+lxX69eFj+8D4Qmw2U5HaZ1cUNiSDlfb3eTZ7//KNl1l1OEaNnZa\nq5JJ85wjZQd3+Xc03xeJBHb27a7cXyDZyTqs8j+AKwKBgQDVaBsppqJFrqPECH5A\nDCHlmHAJUwVGPLVvBmb9IljbLpx8/rosF6L3H69zJVcRejH9blTHuvmawcAziq3O\niIIgRKjsjTJWsZxQszDGUPKNqFtaNAdYgx6Juz4Hl9IT7hrdBPuc6QXNte2guXZT\nexuc2hatgPYxqLQ6gaupESiCJwKBgQDB4nVjQ07ZFflta9Nt1ge2aVs18kjRgvLx\ndx++I/oZnWbLrmEUSBbKBTj43cFqqOmHIpL6uGsMfPvfO/uH+qbOZBl1UzhYm8WU\n2QGKWReMq9HqIHKJ/osNN34lYe8jD+XVOeoyJPlNTP0m/jivVYyP0xu6eg7SfjbW\nnqDQL48WfwKBgQCd7Rvk19bQgGva33omhZP0J7oJfHGzx6twzSkb/PYKxdSyv4Mg\nrCFChiU9rg1f9rDV3ndJE3ox514IBoGXDPhXTtg/rkHpXCjUo7bdm/vTjxqDh2tE\nOkw4GuPNlLG3ZAZnN4/IT72mvRJsVbNWFg2aJt6PaZdHqpQtk9ZoGDWFEwKBgF2D\nFO0YVJo9j/zniaUrGrMvI2/keJycVQKDWwsBHSpnkWHhrC71ChDL7guSISyJZYDo\n+wz0D6WJTo3/xzRxfyyCeQjuZ3nNP8Gn3KdWixYs9OTAW54U6Aoq3qu3DXjSvR5X\nfY5L6PYQkPTSnpJqZ44i2vfY0PdTKq3e+l8O4SuPAoGANT4+FYB7qWaP+R2/6Pdq\n1sHEFzYGDcJae8WnQ8Ri7wZCAhOrGnYEfCOqSMzzERLHAUDTAiz/1GfC1AXR6RKz\nNFAsnqv86gC1Ze4agYf+bMp8hX5Jq2SbWa2qlt4p0loTPiQFranexfftnrDTeOCd\nzPeNEU1XARc0ZjJ2G12Zh7Q=\n-----END PRIVATE KEY-----\n",
+  "client_email": "[email protected]",
+  "client_id": "113597438525171237452",
+  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+  "token_uri": "https://oauth2.googleapis.com/token",
+  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-o5j6b%40saksham-assam.iam.gserviceaccount.com",
+  "universe_domain": "googleapis.com"
+}


💡 Codebase verification

⚠️ Potential issue

CRITICAL: Service Account Credentials Exposed - Immediate Action Required!

The verification confirms exposed Google Play service account credentials and lack of .gitignore protection. Immediate actions required:

Revoke the [email protected] service account immediately

Generate new credentials with minimal required permissions

Add fastlane/google_play_service_account.json to .gitignore

Store the new credentials in GitHub Secrets or equivalent secure storage

Update CI/CD workflows to use the securely stored credentials

🔗 Analysis chain

CRITICAL: Remove service account credentials from version control immediately!

This file contains sensitive credentials that should never be committed to version control:

The private key is exposed and should be considered compromised

The service account details are publicly visible

The project 'saksham-assam' is exposed

Immediate actions required:

Revoke this service account immediately

Generate new credentials

Store the new credentials securely using GitHub Secrets

Update .gitignore to prevent future commits of service account files

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash # Verify if the file is properly ignored echo "Checking .gitignore configuration..." if ! grep -q "google_play_service_account.json" .gitignore; then echo "WARNING: google_play_service_account.json is not in .gitignore" fi # Check for other potential credential files echo "Checking for other potential credential files..." find . -type f -name "*credential*.json" -o -name "*service-account*.json"

Length of output: 455

Script:

#!/bin/bash # Check when the credentials were added and if they've been modified git log --format="%h %ad %s" --date=short -- fastlane/google_play_service_account.json # Check if the file exists in other branches git branch -r --contains $(git rev-list --all -- fastlane/google_play_service_account.json | tail -1)

Length of output: 77

🧰 Tools

🪛 Gitleaks (8.21.2)

5-5: Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.

(private-key)

4-4: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai

Actionable comments posted: 4

♻️ Duplicate comments (3)

.github/workflows/build-distribute.yml (3)

41-44: ⚠️ Potential issue

Fix invalid CMake version.

The specified CMake version 3.31.1 doesn't exist. The latest stable version is 3.27.x.

 - name: Install CMake
   uses: jwlawson/actions-setup-cmake@v1
   with:
-    cmake-version: '3.31.1'
+    cmake-version: '3.27.7'

75-102: 🛠️ Refactor suggestion

Improve build script structure and error handling.

The build script needs proper structure and error handling.

 - name: Build and Distribute app to Firebase
   id: build-and-distribute
   run: |
+    set -eo pipefail
+
+    # Validate required secrets
+    required_secrets=(
+      "ENCRYPTED_PASS_KEY"
+      "FIREBASE_APP_ID"
+      "FIREBASE_CLI_TOKEN"
+      "KEYSTORE_PATH"
+      "KEYSTORE_PASSWORD"
+      "KEY_ALIAS"
+      "KEY_PASSWORD"
+    )
+    for secret in "${required_secrets[@]}"; do
+      if [ -z "${!secret}" ]; then
+        echo "Error: Required secret $secret is not set"
+        exit 1
+      fi
+    done
+
     export ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}
     # ... other exports ...
     
     if [ "${{ inputs.build_type }}" == "debug" ]; then
-      echo "debug"
-      bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }}
+      echo "Building debug variant..."
+      bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }} || {
+        echo "Debug build failed"
+        exit 1
+      }
     else
-      echo "release"
-      bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }}
+      echo "Building release variant..."
+      bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }} || {
+        echo "Release build failed"
+        exit 1
+      }
     fi

🧰 Tools

🪛 actionlint (1.7.4)

77-77: shellcheck reported issue in this script: SC2155:warning:10:8: Declare and assign separately to avoid masking return values

(shellcheck)

🪛 yamllint (1.35.1)

[error] 92-92: trailing spaces

(trailing-spaces)

[error] 94-94: trailing spaces

(trailing-spaces)

[error] 95-95: trailing spaces

(trailing-spaces)

106-110: 🛠️ Refactor suggestion

Update artifact upload configuration.

The artifact upload step needs improvements.

 - name: Upload APKs
-  uses: actions/upload-artifact@v3
+  uses: actions/upload-artifact@v4
   with:
     name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated
-    path: app/build/outputs/apk/**/debug/*.apk
+    path: |
+      app/build/outputs/apk/**/debug/*.apk
+      app/build/outputs/apk/**/release/*.apk
+    if-no-files-found: error

🧰 Tools

🪛 actionlint (1.7.4)

107-107: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6069677 and 66cd89f.

📒 Files selected for processing (3)

.github/workflows/build-distribute.yml (1 hunks)
app/src/main/AndroidManifest.xml (1 hunks)
fastlane/Fastfile (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

app/src/main/AndroidManifest.xml

🧰 Additional context used

🪛 rubocop (1.69.1)

fastlane/Fastfile

[convention] 4-5: Extra empty line detected at block body beginning.

(Layout/EmptyLinesAroundBlockBody)

[convention] 59-60: Extra empty line detected at block body end.

(Layout/EmptyLinesAroundBlockBody)

🪛 actionlint (1.7.4)

.github/workflows/build-distribute.yml

77-77: shellcheck reported issue in this script: SC2155:warning:10:8: Declare and assign separately to avoid masking return values

(shellcheck)

107-107: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 yamllint (1.35.1)

.github/workflows/build-distribute.yml

[error] 92-92: trailing spaces

(trailing-spaces)

[error] 94-94: trailing spaces

(trailing-spaces)

[error] 95-95: trailing spaces

(trailing-spaces)

[warning] 105-105: too many blank lines

(3 > 2) (empty-lines)

[warning] 111-111: too many blank lines

(1 > 0) (empty-lines)

🔇 Additional comments (1)

fastlane/Fastfile (1)

5-21: 🛠️ Refactor suggestion

Add input validation and improve release notes.

The debug distribution lane needs improvements:

Add validation for required environment variables
Add validation for the variant parameter
Enhance release notes with meaningful information

 lane :build_and_distribute_debug do |options|
+  # Validate required environment variables
+  required_vars = ['FIREBASE_APP_ID', 'FIREBASE_CLI_TOKEN', 'TESTER_GROUPS']
+  required_vars.each do |var|
+    UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?
+  end
+
+  # Validate variant parameter
+  valid_variants = ['staging', 'production'] # Add your valid variants
+  UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])
+
   # Build the debug variant
   gradle(
     task: "assemble#{options[:variant]}Debug"
   )

   # Distribute to Firebase App Distribution for Stag and UAT
   firebase_app_distribution(
     app: ENV['FIREBASE_APP_ID'],
     firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'],
     groups: ENV['TESTER_GROUPS'],
-    release_notes: "#{options[:variant]}-Debug version out!",
+    release_notes: "#{options[:variant]} debug build #{Time.now.strftime('%Y-%m-%d %H:%M')} - #{last_git_commit[:message]}",
     debug: true
   )
 end

Likely invalid or redundant comment.

coderabbitai · 2025-01-14T12:56:38Z

fastlane/Fastfile

+#   desc "Increment Build Version in Codebase"
+#   lane :increment_version_staging_debug do
+#     latest_release = firebase_app_distribution_get_latest_release(
+#       app: ""
+#     )
+#     increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 })
+#   end


⚠️ Potential issue

Fix version increment configuration.

The version increment lane has configuration issues:

Empty Firebase app ID

Missing error handling for version increment

-# desc "Increment Build Version in Codebase" -# lane :increment_version_staging_debug do -# latest_release = firebase_app_distribution_get_latest_release( -# app: "" -# ) -# increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 }) -# end + desc "Increment Build Version in Codebase" + lane :increment_version_staging_debug do + begin + latest_release = firebase_app_distribution_get_latest_release( + app: ENV['FIREBASE_APP_ID'] + ) + increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 }) + rescue => e + UI.error("Failed to increment version: #{e.message}") + raise + end + end

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

# desc "Increment Build Version in Codebase"

# lane :increment_version_staging_debug do

# latest_release = firebase_app_distribution_get_latest_release(

# app: ""

# )

# increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 })

# end

desc "Increment Build Version in Codebase"

lane :increment_version_staging_debug do

begin

latest_release = firebase_app_distribution_get_latest_release(

app: ENV['FIREBASE_APP_ID']

)

increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 })

rescue => e

UI.error("Failed to increment version: #{e.message}")

raise

end

end

coderabbitai · 2025-01-14T12:56:38Z

fastlane/Fastfile

+  desc "Build, Sign, and Distribute Release APK to Play Store"
+  lane :build_and_distribute_release do |options|
+    # Build the release variant
+    gradle(
+      task: "assemble#{options[:variant]}Release"
+    )
+
+    # Sign the APK using the keystore
+    gradle(
+      task: "signingReport",
+      keystore_path: ENV['KEYSTORE_PATH'],
+      keystore_password: ENV['KEYSTORE_PASSWORD'],
+      key_alias: ENV['KEY_ALIAS'],
+      key_password: ENV['KEY_PASSWORD']
+    )
+
+    # Deploy to Google Play for Production
+#     supply(
+#       track: "internal",
+#       aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab",
+#       json_key: "./google_play_service_account.json"
+#     )
+  end


⚠️ Potential issue

Fix signing configuration and add input validation.

The release distribution lane needs improvements:

Add validation for required environment variables

Fix syntax in the signing configuration

Configure Play Store deployment properly

lane :build_and_distribute_release do |options| + # Validate required environment variables + required_vars = [ + 'KEYSTORE_PATH', 'KEYSTORE_PASSWORD', 'KEY_ALIAS', 'KEY_PASSWORD', + 'FIREBASE_APP_ID', 'FIREBASE_CLI_TOKEN', 'TESTER_GROUPS' + ] + required_vars.each do |var| + UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil? + end + + # Validate variant parameter + valid_variants = ['staging', 'production'] # Add your valid variants + UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant]) + # Build the release variant gradle( task: "assemble#{options[:variant]}Release" ) # Sign the APK using the keystore gradle( - task: "signingReport", + task: "signingReport", keystore_path: ENV['KEYSTORE_PATH'], keystore_password: ENV['KEYSTORE_PASSWORD'], key_alias: ENV['KEY_ALIAS'], key_password: ENV['KEY_PASSWORD'] ) # Deploy to Google Play for Production -# supply( -# track: "internal", -# aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab", -# json_key: "./google_play_service_account.json" -# ) + # supply( + # track: "internal", + # aab: ENV['AAB_OUTPUT_PATH'], + # json_key: ENV['GOOGLE_PLAY_JSON_KEY_PATH'], + # validate_only: ENV['VALIDATE_ONLY'] == 'true' + # ) end

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

desc "Build, Sign, and Distribute Release APK to Play Store"

lane :build_and_distribute_release do |options|

# Build the release variant

gradle(

task: "assemble#{options[:variant]}Release"

)

# Sign the APK using the keystore

gradle(

task: "signingReport",

keystore_path: ENV['KEYSTORE_PATH'],

keystore_password: ENV['KEYSTORE_PASSWORD'],

key_alias: ENV['KEY_ALIAS'],

key_password: ENV['KEY_PASSWORD']

)

# Deploy to Google Play for Production

# supply(

# track: "internal",

# aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab",

# json_key: "./google_play_service_account.json"

# )

end

desc "Build, Sign, and Distribute Release APK to Play Store"

lane :build_and_distribute_release do |options|

# Validate required environment variables

required_vars = [

'KEYSTORE_PATH', 'KEYSTORE_PASSWORD', 'KEY_ALIAS', 'KEY_PASSWORD',

'FIREBASE_APP_ID', 'FIREBASE_CLI_TOKEN', 'TESTER_GROUPS'

]

required_vars.each do |var|

UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?

end

# Validate variant parameter

valid_variants = ['staging', 'production'] # Add your valid variants

UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])

# Build the release variant

gradle(

task: "assemble#{options[:variant]}Release"

)

# Sign the APK using the keystore

gradle(

task: "signingReport",

keystore_path: ENV['KEYSTORE_PATH'],

keystore_password: ENV['KEYSTORE_PASSWORD'],

key_alias: ENV['KEY_ALIAS'],

key_password: ENV['KEY_PASSWORD']

)

# Deploy to Google Play for Production

# supply(

# track: "internal",

# aab: ENV['AAB_OUTPUT_PATH'],

# json_key: ENV['GOOGLE_PLAY_JSON_KEY_PATH'],

# validate_only: ENV['VALIDATE_ONLY'] == 'true'

# )

end

coderabbitai · 2025-01-14T12:56:38Z

.github/workflows/build-distribute.yml

+      - name: Decode google-services.json for NIRAMAY_PRODUCTION
+        if: inputs.environment == 'NIRAMAY_PRODUCTION'
+        run: |
+          echo "${{ secrets.GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION }}" | base64 --decode > ./app/google-services.json || exit 1
+
+      - name: Decode google-services.json for XUSHRUKHA_PRODUCTION
+        if: inputs.environment == 'XUSHRUKHA_PRODUCTION'
+        run: |
+          echo "${{ secrets.GOOGLE_SERVICES_JSON_XUSHRUKHA_PRODUCTION }}" | base64 --decode > ./app/google-services.json || exit 1
+
+      - name: Decode generic google-services.json for other environments
+        if: inputs.environment != 'NIRAMAY_PRODUCTION' && inputs.environment != 'XUSHRUKHA_PRODUCTION'
+        run: |
+          echo "${{ secrets.GOOGLE_SERVICES_JSON_BASE64 }}" | base64 --decode > ./app/google-services.json || exit 1
+      - name: Decode Google Play JSON key
+        run: |
+          echo "${{ secrets.GOOGLE_PLAY_JSON_KEY }}" | base64 --decode > ./fastlane/google_play_service_account.json
+
+      - name: Create local.properties
+        run: echo "sdk.dir=$ANDROID_SDK_ROOT" > local.properties


🛠️ Refactor suggestion

Add validation for decoded configuration files.

The configuration file decoding steps need validation to ensure the files are properly created.

- name: Decode google-services.json for NIRAMAY_PRODUCTION if: inputs.environment == 'NIRAMAY_PRODUCTION' run: | + set -eo pipefail echo "${{ secrets.GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION }}" | base64 --decode > ./app/google-services.json || exit 1 + # Validate JSON file + jq empty ./app/google-services.json || { + echo "Invalid google-services.json file" + exit 1 + } - name: Create local.properties - run: echo "sdk.dir=$ANDROID_SDK_ROOT" > local.properties + run: | + echo "sdk.dir=$ANDROID_SDK_ROOT" > local.properties + if [ ! -f local.properties ]; then + echo "Failed to create local.properties" + exit 1 + fi

Committable suggestion skipped: line range outside the PR's diff.

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (3)

.github/workflows/build-distribute.yml (3)

3-14: 🛠️ Refactor suggestion

Add comprehensive input parameter validation and descriptions.

The workflow inputs need validation to ensure they contain valid values.

 on:
   workflow_call:
     inputs:
       environment:
         required: true
         type: string
+        description: 'Environment to deploy to (NIRAMAY_PRODUCTION/XUSHRUKHA_PRODUCTION/etc)'
+        default: 'staging'
       variant:
         required: true
         type: string
+        description: 'Build variant (staging/production)'
       build_type:
         required: true
         type: string
+        description: 'Build type (debug/release)'
+        default: 'debug'
+    secrets:
+      FIREBASE_APP_ID:
+        required: true
+      FIREBASE_CLI_TOKEN:
+        required: true
+      GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION:
+        required: false
+      GOOGLE_SERVICES_JSON_XUSHRUKHA_PRODUCTION:
+        required: false
+      GOOGLE_SERVICES_JSON_GENERIC:
+        required: true

41-44: ⚠️ Potential issue

Fix CMake version specification.

The specified CMake version 3.31.1 doesn't exist. The latest stable version is 3.27.x.

 - name: Install CMake
   uses: jwlawson/actions-setup-cmake@v1
   with:
-    cmake-version: '3.31.1'
+    cmake-version: '3.27.7'

110-114: ⚠️ Potential issue

Update artifact upload configuration.

The artifact upload step needs improvements to include all APKs and use the latest action version.

 - name: Upload APKs
-  uses: actions/upload-artifact@v3
+  uses: actions/upload-artifact@v4
   with:
     name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated
-    path: app/build/outputs/apk/**/debug/*.apk
+    path: |
+      app/build/outputs/apk/**/debug/*.apk
+      app/build/outputs/apk/**/release/*.apk
+    if-no-files-found: error

🧰 Tools

🪛 actionlint (1.7.4)

111-111: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🧹 Nitpick comments (1)

.github/workflows/build-distribute.yml (1)
34-39: Improve NDK setup with caching.

Add caching to speed up the workflow and reduce GitHub Actions minutes usage.
 - name: Set up Android NDK
   uses: nttld/[email protected]
   with:
     ndk-version: r27c
     link-to-sdk: true
+    cache: true

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 66cd89f and 83b6d0e.

📒 Files selected for processing (1)

.github/workflows/build-distribute.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/build-distribute.yml

111-111: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (2)

.github/workflows/build-distribute.yml (2)

54-73: 🛠️ Refactor suggestion

Add validation for configuration files and improve error handling.

The configuration file handling needs better error checking and validation.

 - name: Decode google-services.json for NIRAMAY_PRODUCTION
   if: inputs.environment == 'NIRAMAY_PRODUCTION'
   run: |
+    set -eo pipefail
     echo "${{ secrets.GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION }}" | base64 --decode > ./app/google-services.json || exit 1
+    if [ ! -s ./app/google-services.json ]; then
+      echo "Error: Empty google-services.json file"
+      exit 1
+    fi

 - name: Create local.properties
-  run: echo "sdk.dir=$ANDROID_SDK_ROOT" > local.properties
+  run: |
+    set -eo pipefail
+    if [ -z "$ANDROID_SDK_ROOT" ]; then
+      echo "Error: ANDROID_SDK_ROOT is not set"
+      exit 1
+    fi
+    echo "sdk.dir=$ANDROID_SDK_ROOT" > local.properties
+    if [ ! -f local.properties ]; then
+      echo "Error: Failed to create local.properties"
+      exit 1
+    fi

Likely invalid or redundant comment.

75-106: 🛠️ Refactor suggestion

Improve build step with proper validation and error handling.

The build step needs better structure, environment variable validation, and error handling.

 - name: Build and Distribute app to Firebase
   id: build-and-distribute
   run: |
+    set -eo pipefail
+
+    # Validate required secrets
+    required_secrets=(
+      "ENCRYPTED_PASS_KEY"
+      "FIREBASE_APP_ID"
+      "FIREBASE_CLI_TOKEN"
+      "KEYSTORE_PATH"
+      "KEYSTORE_PASSWORD"
+      "KEY_ALIAS"
+      "KEY_PASSWORD"
+    )
+    for secret in "${required_secrets[@]}"; do
+      if [ -z "${!secret}" ]; then
+        echo "Error: Required secret $secret is not set"
+        exit 1
+      fi
+    done

     # Set app URLs used in the codebase
     export ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}
     export ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}
     # ... other exports ...

     if [ "${{ inputs.build_type }}" == "debug" ]; then
-      echo "debug"
+      echo "Building debug variant..."
       bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }}
     else
-      echo "release"
+      echo "Building release variant..."
       bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }}
     fi

Likely invalid or redundant comment.

coderabbitai

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1476fe3 and 676b641.

📒 Files selected for processing (2)

.github/workflows/build-distribute.yml (1 hunks)
fastlane/Fastfile (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/build-distribute.yml

109-109: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 rubocop (1.69.1)

fastlane/Fastfile

[convention] 4-5: Extra empty line detected at block body beginning.

(Layout/EmptyLinesAroundBlockBody)

[convention] 60-61: Extra empty line detected at block body end.

(Layout/EmptyLinesAroundBlockBody)

🔇 Additional comments (7)

fastlane/Fastfile (2)

51-57: 🛠️ Refactor suggestion

Implement proper version increment functionality.

The commented version increment lane needs proper implementation with error handling.

-#   desc "Increment Build Version in Codebase"
-#   lane :increment_version_staging_debug do
-#     latest_release = firebase_app_distribution_get_latest_release(
-#       app: ""
-#     )
-#     increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 })
-#   end
+  desc "Increment Build Version in Codebase"
+  lane :increment_version_staging_debug do
+    UI.user_error!("Missing FIREBASE_APP_ID") if ENV['FIREBASE_APP_ID'].nil?
+    
+    begin
+      latest_release = firebase_app_distribution_get_latest_release(
+        app: ENV['FIREBASE_APP_ID']
+      )
+      
+      new_version_code = latest_release[:buildVersion].to_i + 1
+      UI.message("Incrementing version code to: #{new_version_code}")
+      
+      increment_version_code(
+        version_code: new_version_code,
+        gradle_file_path: "./app/build.gradle"
+      )
+    rescue => e
+      UI.error("Failed to increment version: #{e.message}")
+      raise
+    end
+  end

Likely invalid or redundant comment.

24-46: ⚠️ Potential issue

Fix signing configuration and Play Store deployment setup.

The release distribution lane has issues with the signing configuration and Play Store deployment setup.

 lane :build_and_distribute_release do |options|
+  # Validate required parameters
+  UI.user_error!("Missing required parameter: variant") unless options[:variant]
+  valid_variants = ['staging', 'production']
+  UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])
+
+  # Validate required environment variables
+  required_vars = ['KEYSTORE_PATH', 'KEYSTORE_PASSWORD', 'KEY_ALIAS', 'KEY_PASSWORD']
+  required_vars.each do |var|
+    UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?
+  end
+
   # Build the release variant
   gradle(
     task: "assemble#{options[:variant]}Release"
   )

   # Sign the APK using the keystore
   gradle(
-    task: "signingReport",
+    task: "assembleRelease",
     keystore_path: ENV['KEYSTORE_PATH'],
     keystore_password: ENV['KEYSTORE_PASSWORD'],
     key_alias: ENV['KEY_ALIAS'],
     key_password: ENV['KEY_PASSWORD']
   )

   # Deploy to Google Play for Production
-#     supply(
-#       track: "internal",
-#       aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab",
-#       json_key: "./google_play_service_account.json"
-#     )
+  # Uncomment and configure Play Store deployment when ready
+  # supply(
+  #   track: "internal",
+  #   aab: ENV['AAB_OUTPUT_PATH'],
+  #   json_key: ENV['GOOGLE_PLAY_JSON_KEY_PATH'],
+  #   validate_only: true  # Set to false when ready for production
+  # )
 end

Likely invalid or redundant comment.

.github/workflows/build-distribute.yml (5)

108-112: 🛠️ Refactor suggestion

Update artifact upload configuration.

The artifact upload step needs improvements.

 - name: Upload APKs
-  uses: actions/upload-artifact@v3
+  uses: actions/upload-artifact@v4
   with:
     name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated
-    path: app/build/outputs/apk/**/debug/*.apk
+    path: |
+      app/build/outputs/apk/**/debug/*.apk
+      app/build/outputs/apk/**/release/*.apk
+    if-no-files-found: error
+    retention-days: 5

Likely invalid or redundant comment.

🧰 Tools

🪛 actionlint (1.7.4)

109-109: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

3-14: 🛠️ Refactor suggestion

Improve workflow input configuration.

Add descriptions and validation for workflow inputs.

 on:
   workflow_call:
     inputs:
       environment:
         required: true
         type: string
+        description: 'Target environment for deployment (NIRAMAY_PRODUCTION/XUSHRUKHA_PRODUCTION/etc)'
       variant:
         required: true
         type: string
+        description: 'Build variant (staging/production)'
       build_type:
         required: true
         type: string
+        description: 'Build type (debug/release)'
+        default: 'debug'

Likely invalid or redundant comment.

54-73: 🛠️ Refactor suggestion

Add validation for configuration files.

Add proper validation and error handling for configuration files.

 - name: Decode google-services.json for NIRAMAY_PRODUCTION
   if: inputs.environment == 'NIRAMAY_PRODUCTION'
   run: |
+    set -eo pipefail
     echo "${{ secrets.GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION }}" | base64 --decode > ./app/google-services.json || exit 1
+    # Validate JSON file
+    jq empty ./app/google-services.json || {
+      echo "Invalid google-services.json file"
+      exit 1
+    }

 - name: Create local.properties
-  run: echo "sdk.dir=$ANDROID_SDK_ROOT" > local.properties
+  run: |
+    echo "sdk.dir=$ANDROID_SDK_ROOT" > local.properties
+    if [ ! -f local.properties ]; then
+      echo "Failed to create local.properties"
+      exit 1
+    fi

Likely invalid or redundant comment.

25-50: ⚠️ Potential issue

Update tool versions and add version validation.

The environment setup needs version updates and validation.

 - name: Set up JDK
   uses: actions/setup-java@v4
   with:
     distribution: 'zulu'
     java-version: '17'
+    check-latest: true

 - name: Set up Android SDK
   uses: android-actions/setup-android@v2

 - name: Set up Android NDK
   uses: nttld/[email protected]
   with:
     ndk-version: r27c
     link-to-sdk: true

 - name: Install CMake
   uses: jwlawson/actions-setup-cmake@v1
   with:
-    cmake-version: '3.31.1'
+    cmake-version: '3.27.7'

 - name: Set up ruby env
   uses: ruby/setup-ruby@v1
   with:
-    ruby-version: 2.7.2
+    ruby-version: '3.2'
     bundler-cache: true

Likely invalid or redundant comment.

75-104: 🛠️ Refactor suggestion

Improve environment variables and build execution.

Add validation for required secrets and proper error handling.

 - name: Build and Distribute app to Firebase
   id: build-and-distribute
   run: |
+    set -eo pipefail
+
+    # Validate required secrets
+    required_secrets=(
+      "ENCRYPTED_PASS_KEY"
+      "FIREBASE_APP_ID"
+      "FIREBASE_CLI_TOKEN"
+      "KEYSTORE_PATH"
+      "KEYSTORE_PASSWORD"
+      "KEY_ALIAS"
+      "KEY_PASSWORD"
+    )
+
+    for var in "${required_secrets[@]}"; do
+      if [ -z "${!var}" ]; then
+        echo "Error: Required secret $var is not set"
+        exit 1
+      fi
+    done

     # Set app URLs used in the codebase
     export ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}
     # ... other exports ...

     if [ "${{ inputs.build_type }}" == "debug" ]; then
+      echo "Building debug variant..."
       bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }}
     else
+      echo "Building release variant..."
       bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }}
     fi

Likely invalid or redundant comment.

coderabbitai · 2025-01-14T16:25:35Z

fastlane/Fastfile

+  desc "Build and Distribute Debug APK to Firebase"
+  lane :build_and_distribute_debug do |options|
+    # Build the debug variant
+    gradle(
+      task: "assemble#{options[:variant]}Debug"
+    )
+
+    puts "Testers group: #{ENV['TESTER_GROUPS']}"
+
+    # Distribute to Firebase App Distribution for Stag and UAT
+    firebase_app_distribution(
+      app: ENV['FIREBASE_APP_ID'],
+      firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'],
+      groups: ENV['TESTER_GROUPS'],
+      release_notes: "#{options[:variant]}-Debug version out!",
+      debug: true
+    )
+  end


🛠️ Refactor suggestion

Add input validation and improve configuration.

The debug distribution lane needs validation for required inputs and environment variables.

lane :build_and_distribute_debug do |options| + # Validate required parameters + UI.user_error!("Missing required parameter: variant") unless options[:variant] + valid_variants = ['staging', 'production'] + UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant]) + + # Validate required environment variables + required_vars = ['FIREBASE_APP_ID', 'FIREBASE_CLI_TOKEN', 'TESTER_GROUPS'] + required_vars.each do |var| + UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil? + end + # Build the debug variant gradle( task: "assemble#{options[:variant]}Debug" ) - puts "Testers group: #{ENV['TESTER_GROUPS']}" + UI.message("Building for testers group: #{ENV['TESTER_GROUPS']}") # Distribute to Firebase App Distribution for Stag and UAT firebase_app_distribution( app: ENV['FIREBASE_APP_ID'], firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'], groups: ENV['TESTER_GROUPS'], - release_notes: "#{options[:variant]}-Debug version out!", + release_notes: "#{options[:variant]} debug build #{Time.now.strftime('%Y-%m-%d %H:%M')}", debug: true ) end

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

desc "Build and Distribute Debug APK to Firebase"

lane :build_and_distribute_debug do |options|

# Build the debug variant

gradle(

task: "assemble#{options[:variant]}Debug"

)

puts "Testers group: #{ENV['TESTER_GROUPS']}"

# Distribute to Firebase App Distribution for Stag and UAT

firebase_app_distribution(

app: ENV['FIREBASE_APP_ID'],

firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'],

groups: ENV['TESTER_GROUPS'],

release_notes: "#{options[:variant]}-Debug version out!",

debug: true

)

end

desc "Build and Distribute Debug APK to Firebase"

lane :build_and_distribute_debug do |options|

# Validate required parameters

UI.user_error!("Missing required parameter: variant") unless options[:variant]

valid_variants = ['staging', 'production']

UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])

# Validate required environment variables

required_vars = ['FIREBASE_APP_ID', 'FIREBASE_CLI_TOKEN', 'TESTER_GROUPS']

required_vars.each do |var|

UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?

end

# Build the debug variant

gradle(

task: "assemble#{options[:variant]}Debug"

)

UI.message("Building for testers group: #{ENV['TESTER_GROUPS']}")

# Distribute to Firebase App Distribution for Stag and UAT

firebase_app_distribution(

app: ENV['FIREBASE_APP_ID'],

firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'],

groups: ENV['TESTER_GROUPS'],

release_notes: "#{options[:variant]} debug build #{Time.now.strftime('%Y-%m-%d %H:%M')}",

debug: true

)

end

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (3)

fastlane/Fastfile (3)

5-22: 🛠️ Refactor suggestion

Add input validation and improve configuration.

The debug distribution lane needs several improvements:

Missing validation for required parameters and environment variables
Redundant string interpolation in groups parameter
Basic release notes format

Apply this diff:

 lane :build_and_distribute_debug do |options|
+  # Validate required parameters
+  UI.user_error!("Missing required parameter: variant") unless options[:variant]
+  valid_variants = ['staging', 'production']
+  UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])
+
+  # Validate required environment variables
+  required_vars = ['FIREBASE_APP_ID', 'FIREBASE_CLI_TOKEN', 'TESTER_GROUPS']
+  required_vars.each do |var|
+    UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?
+  end
+
   # Build the debug variant
   gradle(
     task: "assemble#{options[:variant]}Debug"
   )

-  puts "Testers group: #{ENV['TESTER_GROUPS']}"
+  UI.message("Building for testers group: #{ENV['TESTER_GROUPS']}")

   # Distribute to Firebase App Distribution
   firebase_app_distribution(
     app: ENV['FIREBASE_APP_ID'],
     firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'],
-    groups: "#{ENV['TESTER_GROUPS']}",
+    groups: ENV['TESTER_GROUPS'],
     release_notes: "#{options[:variant]} debug build #{Time.now.strftime('%Y-%m-%d %H:%M')}",
     debug: true
   )

🧰 Tools

🪛 rubocop (1.69.1)

[convention] 18-18: Prefer to_s over string interpolation.

(Style/RedundantInterpolation)

24-46: ⚠️ Potential issue

Fix signing configuration and add input validation.

The release distribution lane needs several improvements:

Missing validation for required parameters and environment variables
Incorrect signing configuration (signingReport task won't sign the APK)
Hardcoded paths in Play Store deployment configuration

Apply this diff:

 lane :build_and_distribute_release do |options|
+  # Validate required parameters
+  UI.user_error!("Missing required parameter: variant") unless options[:variant]
+  valid_variants = ['staging', 'production']
+  UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])
+
+  # Validate required environment variables
+  required_vars = ['KEYSTORE_PATH', 'KEYSTORE_PASSWORD', 'KEY_ALIAS', 'KEY_PASSWORD']
+  required_vars.each do |var|
+    UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?
+  end
+
   # Build the release variant
   gradle(
-    task: "assemble#{options[:variant]}Release"
+    task: "assemble#{options[:variant]}Release",
+    properties: {
+      "android.injected.signing.store.file" => ENV['KEYSTORE_PATH'],
+      "android.injected.signing.store.password" => ENV['KEYSTORE_PASSWORD'],
+      "android.injected.signing.key.alias" => ENV['KEY_ALIAS'],
+      "android.injected.signing.key.password" => ENV['KEY_PASSWORD'],
+    }
   )

-  # Sign the APK using the keystore
-  gradle(
-    task: "signingReport",
-    keystore_path: ENV['KEYSTORE_PATH'],
-    keystore_password: ENV['KEYSTORE_PASSWORD'],
-    key_alias: ENV['KEY_ALIAS'],
-    key_password: ENV['KEY_PASSWORD']
-  )

   # Deploy to Google Play for Production
-#     supply(
-#       track: "internal",
-#       aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab",
-#       json_key: "./google_play_service_account.json"
-#     )
+  # Uncomment and configure when ready for Play Store deployment
+  # supply(
+  #   track: "internal",
+  #   aab: ENV['AAB_OUTPUT_PATH'],
+  #   json_key: ENV['GOOGLE_PLAY_JSON_KEY_PATH'],
+  #   validate_only: ENV['VALIDATE_ONLY'] == 'true'
+  # )

51-57: ⚠️ Potential issue

Fix version increment configuration.

The version increment lane has several issues:

Empty Firebase app ID
Missing error handling
Being commented out suggests it's not ready for use

Either remove the commented-out code or fix it using this diff:

-#   desc "Increment Build Version in Codebase"
-#   lane :increment_version_staging_debug do
-#     latest_release = firebase_app_distribution_get_latest_release(
-#       app: ""
-#     )
-#     increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 })
-#   end
+  desc "Increment Build Version in Codebase"
+  lane :increment_version do |options|
+    # Validate required parameters
+    UI.user_error!("Missing required parameter: variant") unless options[:variant]
+    
+    begin
+      latest_release = firebase_app_distribution_get_latest_release(
+        app: ENV['FIREBASE_APP_ID']
+      )
+      increment_version_code(
+        version_code: latest_release[:buildVersion].to_i + 1,
+        gradle_file_path: "app/build.gradle"
+      )
+    rescue => e
+      UI.error("Failed to increment version: #{e.message}")
+      raise
+    end
+  end

🧹 Nitpick comments (1)

fastlane/Fastfile (1)
1-4: Clean up empty lines around block body.

Remove extra empty lines to improve code style.
-
default_platform(:android)
platform :android do

+default_platform(:android)
+platform :android do

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 676b641 and 7e62df3.

📒 Files selected for processing (1)

fastlane/Fastfile (1 hunks)

🧰 Additional context used

🪛 rubocop (1.69.1)

fastlane/Fastfile

[convention] 4-5: Extra empty line detected at block body beginning.

(Layout/EmptyLinesAroundBlockBody)

[convention] 18-18: Prefer to_s over string interpolation.

(Style/RedundantInterpolation)

[convention] 60-61: Extra empty line detected at block body end.

(Layout/EmptyLinesAroundBlockBody)

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (3)

fastlane/Fastfile (3)

5-22: 🛠️ Refactor suggestion

Add input validation and improve error handling.

The debug distribution lane needs several improvements:

Missing validation for required inputs
No error handling for build and distribution steps
Basic release notes format
Redundant string interpolation

Apply this diff to improve the lane:

 lane :build_and_distribute_debug do |options|
+  # Validate required parameters
+  UI.user_error!("Missing required parameter: variant") unless options[:variant]
+  valid_variants = ['staging', 'production']
+  UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])
+
+  # Validate required environment variables
+  required_vars = ['FIREBASE_APP_ID', 'FIREBASE_CLI_TOKEN', 'TESTER_GROUPS']
+  required_vars.each do |var|
+    UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?
+  end
+
+  begin
     # Build the debug variant
     gradle(
       task: "assemble#{options[:variant]}Debug"
     )

-    puts "Testers group: #{ENV['TESTER_GROUPS']}"
+    UI.message("Building for testers group: #{ENV['TESTER_GROUPS']}")

     # Distribute to Firebase App Distribution for Stag and UAT
     firebase_app_distribution(
       app: ENV['FIREBASE_APP_ID'],
       firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'],
-      groups: "#{ENV['TESTER_GROUPS']}",
+      groups: ENV['TESTER_GROUPS'],
       release_notes: "#{options[:variant]}-Debug version out!",
       debug: true
     )
+  rescue => e
+    UI.error("Failed to build or distribute: #{e.message}")
+    raise
+  end
 end

🧰 Tools

🪛 rubocop (1.69.1)

[convention] 18-18: Prefer to_s over string interpolation.

(Style/RedundantInterpolation)

24-46: ⚠️ Potential issue

Fix signing configuration and Play Store deployment.

The release distribution lane has several issues:

Missing validation for required inputs
Incorrect signing configuration using signingReport task
Commented out Play Store deployment needs proper configuration

Apply this diff to fix the issues:

 lane :build_and_distribute_release do |options|
+  # Validate required parameters
+  UI.user_error!("Missing required parameter: variant") unless options[:variant]
+  valid_variants = ['staging', 'production']
+  UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])
+
+  # Validate required environment variables
+  required_vars = [
+    'KEYSTORE_PATH', 'KEYSTORE_PASSWORD', 'KEY_ALIAS', 'KEY_PASSWORD'
+  ]
+  required_vars.each do |var|
+    UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?
+  end
+
+  begin
     # Build the release variant
     gradle(
-      task: "assemble#{options[:variant]}Release"
+      task: "assemble#{options[:variant]}Release",
+      properties: {
+        "android.injected.signing.store.file" => ENV['KEYSTORE_PATH'],
+        "android.injected.signing.store.password" => ENV['KEYSTORE_PASSWORD'],
+        "android.injected.signing.key.alias" => ENV['KEY_ALIAS'],
+        "android.injected.signing.key.password" => ENV['KEY_PASSWORD']
+      }
     )
-
-    # Sign the APK using the keystore
-    gradle(
-      task: "signingReport",
-      keystore_path: ENV['KEYSTORE_PATH'],
-      keystore_password: ENV['KEYSTORE_PASSWORD'],
-      key_alias: ENV['KEY_ALIAS'],
-      key_password: ENV['KEY_PASSWORD']
-    )

     # Deploy to Google Play for Production
-#     supply(
-#       track: "internal",
-#       aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab",
-#       json_key: "./google_play_service_account.json"
-#     )
+    if ENV['DEPLOY_TO_PLAY_STORE'] == 'true'
+      # Validate Play Store deployment requirements
+      play_store_vars = ['PLAY_STORE_JSON_KEY', 'PLAY_STORE_TRACK']
+      play_store_vars.each do |var|
+        UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?
+      end
+
+      supply(
+        track: ENV['PLAY_STORE_TRACK'],
+        aab: lane_context[SharedValues::GRADLE_AAB_OUTPUT_PATH],
+        json_key_data: ENV['PLAY_STORE_JSON_KEY'],
+        skip_upload_metadata: true,
+        skip_upload_images: true,
+        skip_upload_screenshots: true
+      )
+    end
+  rescue => e
+    UI.error("Failed to build or deploy: #{e.message}")
+    raise
+  end
 end

51-57: 🛠️ Refactor suggestion

Implement or remove version increment functionality.

The commented out version increment lane should either be properly implemented or removed to maintain code cleanliness.

If you decide to keep this functionality, apply this diff:

-#   desc "Increment Build Version in Codebase"
-#   lane :increment_version_staging_debug do
-#     latest_release = firebase_app_distribution_get_latest_release(
-#       app: ""
-#     )
-#     increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 })
-#   end
+  desc "Increment Build Version in Codebase"
+  lane :increment_version do |options|
+    # Validate required parameters
+    UI.user_error!("Missing required parameter: variant") unless options[:variant]
+    valid_variants = ['staging', 'production']
+    UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])
+
+    # Validate required environment variables
+    required_vars = ['FIREBASE_APP_ID']
+    required_vars.each do |var|
+      UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?
+    end
+
+    begin
+      latest_release = firebase_app_distribution_get_latest_release(
+        app: ENV['FIREBASE_APP_ID']
+      )
+      new_version_code = latest_release[:buildVersion].to_i + 1
+      
+      # Update version code in build.gradle
+      increment_version_code(
+        version_code: new_version_code,
+        gradle_file_path: "app/build.gradle"
+      )
+      
+      UI.success("Version code incremented to #{new_version_code}")
+    rescue => e
+      UI.error("Failed to increment version: #{e.message}")
+      raise
+    end
+  end

🧹 Nitpick comments (1)

fastlane/Fastfile (1)
1-4: Clean up empty lines in platform configuration.

Remove extra empty lines to improve code style.
-
 default_platform(:android)
 platform :android do
-

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9c9eb22 and 273712f.

📒 Files selected for processing (7)

.github/workflows/build-distribute.yml (1 hunks)
app/src/main/AndroidManifest.xml (1 hunks)
app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt (3 hunks)
app/src/main/java/org/piramalswasthya/sakhi/network/AbhaApiService.kt (2 hunks)
app/src/main/java/org/piramalswasthya/sakhi/network/JsonAdapters.kt (2 hunks)
app/src/main/res/menu/activity_home_drawer.xml (1 hunks)
fastlane/Fastfile (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (6)

app/src/main/res/menu/activity_home_drawer.xml
.github/workflows/build-distribute.yml
app/src/main/AndroidManifest.xml
app/src/main/java/org/piramalswasthya/sakhi/network/AbhaApiService.kt
app/src/main/java/org/piramalswasthya/sakhi/network/JsonAdapters.kt
app/src/main/java/org/piramalswasthya/sakhi/di/AppModule.kt

🧰 Additional context used

🪛 rubocop (1.69.1)

fastlane/Fastfile

[convention] 4-5: Extra empty line detected at block body beginning.

(Layout/EmptyLinesAroundBlockBody)

[convention] 18-18: Prefer to_s over string interpolation.

(Style/RedundantInterpolation)

[convention] 60-61: Extra empty line detected at block body end.

(Layout/EmptyLinesAroundBlockBody)

coderabbitai

Actionable comments posted: 2

🔭 Outside diff range comments (2)

app/src/main/java/org/piramalswasthya/sakhi/ui/home_activity/HomeActivity.kt (2)

Line range hint 311-316: Enhance URL validation logic.

The current URL validation only checks the host. This could be insufficient against sophisticated phishing attacks that might use similar-looking domains.

Apply this diff to implement stronger URL validation:

-               return if (request.url.host == URI(KeyUtils.chatUrl()).host) {
+               val allowedUrl = URI(KeyUtils.chatUrl())
+               return if (request.url.host == allowedUrl.host && 
+                        request.url.scheme == allowedUrl.scheme &&
+                        request.url.port == allowedUrl.port) {
                    false  // Let WebView handle same-origin URLs
                } else {
+                   Log.w("HomeActivity", "Blocked navigation to: ${request.url}")
                    startActivity(Intent(Intent.ACTION_VIEW, request.url))
                    true
                }

Line range hint 302-316: Add error handling for KeyUtils.chatUrl() calls.

The KeyUtils.chatUrl() calls lack proper error handling. If the native method fails, it could crash the app.

Add error handling:

+        try {
             web.loadUrl(KeyUtils.chatUrl())
+        } catch (e: Exception) {
+            Log.e("HomeActivity", "Failed to load chat URL", e)
+            Toast.makeText(
+                this@HomeActivity,
+                R.string.chat_error,
+                Toast.LENGTH_SHORT
+            ).show()
+            progress.visibility = View.GONE
+        }

         web.webViewClient = object : WebViewClient() {
             override fun shouldOverrideUrlLoading(
                 view: WebView,
                 request: WebResourceRequest
             ): Boolean {
+                try {
                     return if (request.url.host == URI(KeyUtils.chatUrl()).host) {
                         false
                     } else {
                         startActivity(Intent(Intent.ACTION_VIEW, request.url))
                         true
                     }
+                } catch (e: Exception) {
+                    Log.e("HomeActivity", "Failed to validate URL", e)
+                    return true
+                }
             }

🧹 Nitpick comments (2)

app/src/main/java/org/piramalswasthya/sakhi/ui/home_activity/HomeActivity.kt (1)

Line range hint 302-359: Add WebView cleanup in dialog dismissal.

The WebView resources aren't properly cleaned up when the bottom sheet dialog is dismissed, which could lead to memory leaks.

Add cleanup code:

         dialog.setContentView(view)
         dialog.behavior.setPeekHeight((screenHeight * 0.85).toInt())
+        
+        dialog.setOnDismissListener {
+            // Clean up WebView
+            web.loadUrl("about:blank")
+            web.clearHistory()
+            web.clearCache(true)
+            web.onPause()
+            web.removeAllViews()
+            web.destroyDrawingCache()
+        }

         dialog.show()

.github/workflows/build-distribute.yml (1)

124-135: Improve artifact handling and release tagging.

The artifact upload and release steps need improvements:

 - name: Upload APKs
   uses: actions/upload-artifact@v4
   with:
     name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated
-    path: app/build/outputs/apk/**/${{ inputs.build_type }}/*.apk
+    path: |
+      app/build/outputs/apk/**/${{ inputs.build_type }}/*.apk
+      app/build/outputs/mapping/${{ inputs.build_type }}/mapping.txt
+    if-no-files-found: error

 - name: Push to Releases
   uses: ncipollo/release-action@v1
   with:
     artifacts: "app/build/outputs/apk/**/${{ inputs.build_type }}/*.apk"
-    tag: ${{ env.version }}.${{ github.run_number }}
+    tag: v${{ env.version }}-${{ inputs.variant }}-${{ github.run_number }}
     token: ${{secrets.GITHUB_TOKEN}}
+    prerelease: ${{ inputs.build_type == 'debug' }}

🧰 Tools

🪛 yamllint (1.35.1)

[error] 129-129: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 273712f and 08321ff.

📒 Files selected for processing (4)

.github/workflows/build-distribute.yml (1 hunks)
app/src/main/AndroidManifest.xml (1 hunks)
app/src/main/java/org/piramalswasthya/sakhi/network/AbhaApiService.kt (2 hunks)
app/src/main/java/org/piramalswasthya/sakhi/ui/home_activity/HomeActivity.kt (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

app/src/main/java/org/piramalswasthya/sakhi/network/AbhaApiService.kt
app/src/main/AndroidManifest.xml

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/build-distribute.yml

27-27: shellcheck reported issue in this script: SC2086:info:2:33: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

.github/workflows/build-distribute.yml

[error] 24-24: trailing spaces

(trailing-spaces)

[error] 25-25: trailing spaces

(trailing-spaces)

[error] 26-26: trailing spaces

(trailing-spaces)

[error] 27-27: trailing spaces

(trailing-spaces)

[error] 28-28: trailing spaces

(trailing-spaces)

[error] 29-29: trailing spaces

(trailing-spaces)

[error] 30-30: trailing spaces

(trailing-spaces)

[error] 33-33: trailing spaces

(trailing-spaces)

[error] 34-34: trailing spaces

(trailing-spaces)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 36-36: trailing spaces

(trailing-spaces)

[error] 37-37: trailing spaces

(trailing-spaces)

[error] 38-38: trailing spaces

(trailing-spaces)

[warning] 123-123: too many blank lines

(3 > 2) (empty-lines)

[error] 129-129: trailing spaces

(trailing-spaces)

[warning] 136-136: too many blank lines

(1 > 0) (empty-lines)

🔇 Additional comments (5)

app/src/main/java/org/piramalswasthya/sakhi/ui/home_activity/HomeActivity.kt (1)

60-60: Verify the implementation of KeyUtils native bridge.

The KeyUtils import suggests integration with native C++ code for handling sensitive information. Let's verify the proper implementation of the JNI bridge.

Run this script to analyze the native implementation:

✅ Verification successful

Native bridge implementation is correct and complete

The KeyUtils class is properly implemented as a JNI bridge:

Native library loading is handled correctly with error checking
All external function declarations have matching JNI implementations
String conversions between C++ and Kotlin are handled properly
The implementation follows security best practices by storing sensitive configuration in native code

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check the native implementation of KeyUtils

# Look for JNI implementation
echo "Checking for JNI implementation..."
rg -p "native.*chatUrl|JNICALL.*chatUrl" --type cpp

# Verify CMake configuration
echo "Checking CMake configuration..."
fd -e cmake -e mk . app/src/main/cpp/

Length of output: 245

Script:

#!/bin/bash
# Find and examine KeyUtils implementation
echo "Looking for KeyUtils implementation..."
rg -p "class.*KeyUtils" -A 10

echo "Checking for any native keywords in KeyUtils..."
ast-grep --pattern 'class KeyUtils { $$$ }'

Length of output: 269

Script:

#!/bin/bash
# Find KeyUtils file
echo "Looking for KeyUtils file..."
fd -e kt -e java KeyUtils

echo "Finding references to KeyUtils..."
rg "KeyUtils" -l

Length of output: 747

Script:

#!/bin/bash
echo "Examining KeyUtils implementation..."
cat app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt

echo -e "\nChecking native-lib.cpp for KeyUtils references..."
rg -p "KeyUtils" -B 2 -A 2 app/src/main/cpp/native-lib.cpp

Length of output: 2941

.github/workflows/build-distribute.yml (4)

56-60: Fix CMake version specification.

The specified CMake version 3.31.1 doesn't exist.

 - name: Install CMake
   uses: jwlawson/actions-setup-cmake@v1
   with:
-    cmake-version: '3.31.1'
+    cmake-version: '3.27.7'

3-14: 🛠️ Refactor suggestion

Add input validation and documentation.

The workflow inputs need better documentation and validation:

 on:
   workflow_call:
     inputs:
       environment:
         required: true
         type: string
+        description: 'Target deployment environment'
+        default: 'staging'
+        type: choice
+        options:
+          - 'NIRAMAY_PRODUCTION'
+          - 'XUSHRUKHA_PRODUCTION'
+          - 'staging'
       variant:
         required: true
         type: string
+        description: 'Build variant (staging/production)'
+        type: choice
+        options:
+          - 'staging'
+          - 'production'
       build_type:
         required: true
         type: string
+        description: 'Build type (debug/release)'
+        type: choice
+        options:
+          - 'debug'
+          - 'release'

Likely invalid or redundant comment.

91-120: 🛠️ Refactor suggestion

Improve build step robustness and security.

The build step needs better error handling and security measures:

 - name: Build and Distribute app to Firebase
   id: build-and-distribute
   run: |
+    set -eo pipefail
+
+    # Validate required secrets
+    required_secrets=(
+      "ENCRYPTED_PASS_KEY"
+      "ABHA_CLIENT_ID"
+      "ABHA_CLIENT_SECRET"
+      "BASE_TMC_URL"
+      "BASE_ABHA_URL"
+      "FIREBASE_APP_ID"
+      "FIREBASE_CLI_TOKEN"
+      "KEYSTORE_PATH"
+      "KEYSTORE_PASSWORD"
+    )
+    
+    for secret in "${required_secrets[@]}"; do
+      if [ -z "${!secret}" ]; then
+        echo "Error: Required secret $secret is not set"
+        exit 1
+      fi
+    done

     # Set app URLs used in the codebase
     export ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}
     # ... other exports ...

     if [ "${{ inputs.build_type }}" == "debug" ]; then
-      bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }}
+      echo "Building debug variant..."
+      bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }} || {
+        echo "Debug build failed"
+        exit 1
+      }
     else
-      bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }}
+      echo "Building release variant..."
+      bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }} || {
+        echo "Release build failed"
+        exit 1
+      }
     fi

Also, consider removing the commented-out Google Play JSON key export as it's already handled in a previous step.

Likely invalid or redundant comment.

70-84: 🛠️ Refactor suggestion

Add validation for decoded configuration files.

The configuration file decoding steps need proper validation to ensure the files are correctly created and contain valid JSON.

 - name: Decode google-services.json for NIRAMAY_PRODUCTION
   if: inputs.environment == 'NIRAMAY_PRODUCTION'
   run: |
+    set -eo pipefail
     echo "${{ secrets.GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION }}" | base64 --decode > ./app/google-services.json || exit 1
+    if ! jq empty ./app/google-services.json 2>/dev/null; then
+      echo "Invalid google-services.json file"
+      exit 1
+    fi

Apply similar changes to other decode steps.

Likely invalid or redundant comment.

coderabbitai · 2025-01-16T05:16:17Z

app/src/main/java/org/piramalswasthya/sakhi/ui/home_activity/HomeActivity.kt

@@ -298,7 +299,7 @@ class HomeActivity : AppCompatActivity() {


 // Load URL
-        web.loadUrl(BuildConfig.CHAT_URL)
+       web.loadUrl(KeyUtils.chatUrl())


⚠️ Potential issue

Verify WebView security configuration before loading URL.

The WebView is loading a URL from KeyUtils without proper security configurations. While moving sensitive URLs to native code is good, the WebView itself needs additional security hardening.

Apply this diff to add security configurations:

+ // Disable file access + web.settings.allowFileAccess = false + web.settings.allowContentAccess = false + web.settings.allowFileAccessFromFileURLs = false + web.settings.allowUniversalAccessFromFileURLs = false + + // Enable Safe Browsing + web.settings.safeBrowsingEnabled = true + web.loadUrl(KeyUtils.chatUrl())

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

web.loadUrl(KeyUtils.chatUrl())

// Disable file access

web.settings.allowFileAccess = false

web.settings.allowContentAccess = false

web.settings.allowFileAccessFromFileURLs = false

web.settings.allowUniversalAccessFromFileURLs = false

// Enable Safe Browsing

web.settings.safeBrowsingEnabled = true

web.loadUrl(KeyUtils.chatUrl())

coderabbitai · 2025-01-16T05:16:17Z

.github/workflows/build-distribute.yml

+      - name: Get version from build.gradle 
+        id: get-version 
+        run: | 
+          VERSION_NAME=$(grep 'versionName' app/build.gradle | sed -E "s/.*versionName ['\"]([0-9.]+)['\"].*/\1/") 
+          echo "version=$VERSION_NAME" >> $GITHUB_ENV 
+        env: 
+          GITHUB_ENV: $GITHUB_ENV
+
+      - name: Verify version 
+        run: | 
+          if [ -z "$VERSION_NAME" ]; then 
+            echo "Version name could not be extracted. Exiting." exit 1 
+          else 
+            echo "Version name is $VERSION_NAME" 
+          fi


⚠️ Potential issue

Fix version extraction and verification.

The version extraction step has several issues that need to be addressed:

- name: Get version from build.gradle id: get-version run: | - VERSION_NAME=$(grep 'versionName' app/build.gradle | sed -E "s/.*versionName ['\"]([0-9.]+)['\"].*/\1/") - echo "version=$VERSION_NAME" >> $GITHUB_ENV + if ! VERSION_NAME=$(grep 'versionName' app/build.gradle | sed -E "s/.*versionName ['\"]([0-9.]+)['\"].*/\1/"); then + echo "Failed to extract version name" + exit 1 + fi + echo "version=${VERSION_NAME}" >> "$GITHUB_ENV" env: - GITHUB_ENV: $GITHUB_ENV + GITHUB_ENV: "$GITHUB_ENV" - name: Verify version run: | - if [ -z "$VERSION_NAME" ]; then - echo "Version name could not be extracted. Exiting." exit 1 - else - echo "Version name is $VERSION_NAME" - fi + if [ -z "${version}" ]; then + echo "Version name could not be extracted. Exiting." + exit 1 + else + echo "Version name is ${version}" + fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Get version from build.gradle

id: get-version

run: |

VERSION_NAME=$(grep 'versionName' app/build.gradle | sed -E "s/.*versionName ['\"]([0-9.]+)['\"].*/\1/")

echo "version=$VERSION_NAME" >> $GITHUB_ENV

env:

GITHUB_ENV: $GITHUB_ENV

- name: Verify version

run: |

if [ -z "$VERSION_NAME" ]; then

echo "Version name could not be extracted. Exiting." exit 1

else

echo "Version name is $VERSION_NAME"

fi

- name: Get version from build.gradle

id: get-version

run: |

if ! VERSION_NAME=$(grep 'versionName' app/build.gradle | sed -E "s/.*versionName ['\"]([0-9.]+)['\"].*/\1/"); then

echo "Failed to extract version name"

exit 1

fi

echo "version=${VERSION_NAME}" >> "$GITHUB_ENV"

env:

GITHUB_ENV: "$GITHUB_ENV"

- name: Verify version

run: |

if [ -z "${version}" ]; then

echo "Version name could not be extracted. Exiting."

exit 1

else

echo "Version name is ${version}"

fi

🧰 Tools

🪛 actionlint (1.7.4)

27-27: shellcheck reported issue in this script: SC2086:info:2:33: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

[error] 25-25: trailing spaces

(trailing-spaces)

[error] 26-26: trailing spaces

(trailing-spaces)

[error] 27-27: trailing spaces

(trailing-spaces)

[error] 28-28: trailing spaces

(trailing-spaces)

[error] 29-29: trailing spaces

(trailing-spaces)

[error] 30-30: trailing spaces

(trailing-spaces)

[error] 33-33: trailing spaces

(trailing-spaces)

[error] 34-34: trailing spaces

(trailing-spaces)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 36-36: trailing spaces

(trailing-spaces)

[error] 37-37: trailing spaces

(trailing-spaces)

[error] 38-38: trailing spaces

(trailing-spaces)

coderabbitai

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/build-distribute.yml (1)
124-129: Update artifact upload configuration.

The artifact upload step needs improvements:

Add validation for missing files

Set retention period

Use consistent naming pattern
 - name: Upload APKs
   uses: actions/upload-artifact@v4
   with:
-    name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated
-    path: app/build/outputs/apk/**/${{ inputs.build_type }}/*.apk
+    name: ${{ inputs.variant }}-${{ inputs.build_type }}-${{ github.run_number }}
+    path: |
+      app/build/outputs/apk/**/${{ inputs.build_type }}/*.apk
+      !app/build/outputs/apk/**/${{ inputs.build_type }}/*-unsigned.apk
+    retention-days: 5
+    if-no-files-found: error
🧰 Tools

🪛 yamllint (1.35.1)

[error] 129-129: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 08321ff and 1200e97.

📒 Files selected for processing (3)

.github/workflows/android.yml (1 hunks)
.github/workflows/build-distribute.yml (1 hunks)
fastlane/Fastfile (1 hunks)

🧰 Additional context used

🪛 rubocop (1.69.1)

fastlane/Fastfile

[convention] 4-5: Extra empty line detected at block body beginning.

(Layout/EmptyLinesAroundBlockBody)

[convention] 24-24: Prefer to_s over string interpolation.

(Style/RedundantInterpolation)

[convention] 66-67: Extra empty line detected at block body end.

(Layout/EmptyLinesAroundBlockBody)

🪛 yamllint (1.35.1)

.github/workflows/android.yml

[error] 33-33: trailing spaces

(trailing-spaces)

[warning] 35-35: wrong indentation: expected 4 but found 5

(indentation)

[error] 58-58: trailing spaces

(trailing-spaces)

[warning] 60-60: too many blank lines

(2 > 0) (empty-lines)

.github/workflows/build-distribute.yml

[error] 24-24: trailing spaces

(trailing-spaces)

[error] 75-75: trailing spaces

(trailing-spaces)

[error] 76-76: trailing spaces

(trailing-spaces)

[error] 77-77: trailing spaces

(trailing-spaces)

[error] 78-78: trailing spaces

(trailing-spaces)

[error] 79-79: trailing spaces

(trailing-spaces)

[error] 80-80: trailing spaces

(trailing-spaces)

[error] 83-83: trailing spaces

(trailing-spaces)

[error] 84-84: trailing spaces

(trailing-spaces)

[error] 85-85: trailing spaces

(trailing-spaces)

[error] 86-86: trailing spaces

(trailing-spaces)

[error] 87-87: trailing spaces

(trailing-spaces)

[error] 88-88: trailing spaces

(trailing-spaces)

[error] 90-90: trailing spaces

(trailing-spaces)

[warning] 123-123: too many blank lines

(3 > 2) (empty-lines)

[error] 129-129: trailing spaces

(trailing-spaces)

[warning] 136-136: too many blank lines

(1 > 0) (empty-lines)

🪛 actionlint (1.7.4)

.github/workflows/build-distribute.yml

77-77: shellcheck reported issue in this script: SC2086:info:2:33: Double quote to prevent globbing and word splitting

(shellcheck)

🔇 Additional comments (7)

.github/workflows/android.yml (1)

15-15: ⚠️ Potential issue

Fix timestamp access for PR events.

The date_today variable uses github.event.head_commit.timestamp which is only available for push events, not pull requests.

-  date_today: ${{ github.event.head_commit.timestamp }}
+  date_today: ${{ github.event.pull_request.updated_at || github.event.head_commit.timestamp }}

Likely invalid or redundant comment.

fastlane/Fastfile (2)

11-28: 🛠️ Refactor suggestion

Improve debug distribution lane configuration.

The debug distribution lane needs improvements:

Add input validation
Make configuration more flexible
Improve error handling

 lane :build_and_distribute_debug do |options|
+  # Validate required parameters
+  UI.user_error!("Missing required parameter: variant") unless options[:variant]
+  valid_variants = ['staging', 'production']
+  UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])
+
   # Build the debug variant
   gradle(
     task: "assemble#{options[:variant]}Debug"
   )

-  puts "Testers group: #{ENV['TESTER_GROUPS']}"
+  UI.message("Building for testers group: #{ENV['TESTER_GROUPS']}")

   # Distribute to Firebase App Distribution for Stag and UAT
   firebase_app_distribution(
     app: ENV['FIREBASE_APP_ID'],
     firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'],
-    groups: "#{ENV['TESTER_GROUPS']}",
-    release_notes: "#{options[:variant]}-Debug version out!",
+    groups: ENV['TESTER_GROUPS'],
+    release_notes: "#{options[:variant]} debug build #{Time.now.strftime('%Y-%m-%d %H:%M')}",
     debug: true
   )
 end

Likely invalid or redundant comment.

🧰 Tools

🪛 rubocop (1.69.1)

[convention] 24-24: Prefer to_s over string interpolation.

(Style/RedundantInterpolation)

30-52: ⚠️ Potential issue

Fix release distribution lane configuration.

The release distribution lane needs improvements:

Add input validation
Fix signing configuration
Improve Play Store deployment setup

 lane :build_and_distribute_release do |options|
+  # Validate required parameters
+  UI.user_error!("Missing required parameter: variant") unless options[:variant]
+  valid_variants = ['staging', 'production']
+  UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])
+
   # Build the release variant
   gradle(
     task: "assemble#{options[:variant]}Release"
   )

   # Sign the APK using the keystore
   gradle(
-    task: "signingReport",
+    task: "signingReport",
     keystore_path: ENV['KEYSTORE_PATH'],
     keystore_password: ENV['KEYSTORE_PASSWORD'],
     key_alias: ENV['KEY_ALIAS'],
     key_password: ENV['KEY_PASSWORD']
   )

   # Deploy to Google Play for Production
-#     supply(
-#       track: "internal",
-#       aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab",
-#       json_key: "./google_play_service_account.json"
-#     )
+  # supply(
+  #   track: "internal",
+  #   aab: ENV['AAB_OUTPUT_PATH'],
+  #   json_key: ENV['GOOGLE_PLAY_JSON_KEY_PATH'],
+  #   validate_only: ENV['VALIDATE_ONLY'] == 'true'
+  # )
 end

Likely invalid or redundant comment.

.github/workflows/build-distribute.yml (4)

41-44: ⚠️ Potential issue

Fix CMake version specification.

The specified CMake version 3.31.1 doesn't exist. The latest stable version is 3.27.x.

 - name: Install CMake
   uses: jwlawson/actions-setup-cmake@v1
   with:
-    cmake-version: '3.31.1'
+    cmake-version: '3.27.7'

Likely invalid or redundant comment.

3-14: 🛠️ Refactor suggestion

Add input parameter validation and descriptions.

The workflow inputs need validation and better documentation.

 on:
   workflow_call:
     inputs:
       environment:
         required: true
         type: string
+        description: 'Environment to deploy to (SAKSHAM_STAG, SAKSHAM_UAT, NIRAMAY_PRODUCTION)'
       variant:
         required: true
         type: string
+        description: 'Build variant (saksham_staging, saksham_uat, niramay_production)'
       build_type:
         required: true
         type: string
+        description: 'Build type (debug/release)'
+        enum: ['debug', 'release']

Likely invalid or redundant comment.

75-89: ⚠️ Potential issue

Fix version extraction and verification.

The version extraction step has several issues:

Missing error handling
Incorrect variable usage
Syntax error in exit command

 - name: Get version from build.gradle 
   id: get-version 
   run: | 
-    VERSION_NAME=$(grep 'versionName' app/build.gradle | sed -E "s/.*versionName ['\"]([0-9.]+)['\"].*/\1/") 
-    echo "version=$VERSION_NAME" >> $GITHUB_ENV 
+    if ! VERSION_NAME=$(grep 'versionName' app/build.gradle | sed -E "s/.*versionName ['\"]([0-9.]+)['\"].*/\1/"); then
+      echo "Failed to extract version name"
+      exit 1
+    fi
+    echo "version=${VERSION_NAME}" >> "$GITHUB_ENV"
   env: 
-    GITHUB_ENV: $GITHUB_ENV
+    GITHUB_ENV: "$GITHUB_ENV"

 - name: Verify version 
   run: | 
-    if [ -z "$VERSION_NAME" ]; then 
-      echo "Version name could not be extracted. Exiting." exit 1 
-    else 
-      echo "Version name is $VERSION_NAME" 
-    fi
+    if [ -z "${version}" ]; then 
+      echo "Version name could not be extracted. Exiting."
+      exit 1
+    else 
+      echo "Version name is ${version}" 
+    fi

Likely invalid or redundant comment.

🧰 Tools

🪛 actionlint (1.7.4)

77-77: shellcheck reported issue in this script: SC2086:info:2:33: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

[error] 75-75: trailing spaces

(trailing-spaces)

[error] 76-76: trailing spaces

(trailing-spaces)

[error] 77-77: trailing spaces

(trailing-spaces)

[error] 78-78: trailing spaces

(trailing-spaces)

[error] 79-79: trailing spaces

(trailing-spaces)

[error] 80-80: trailing spaces

(trailing-spaces)

[error] 83-83: trailing spaces

(trailing-spaces)

[error] 84-84: trailing spaces

(trailing-spaces)

[error] 85-85: trailing spaces

(trailing-spaces)

[error] 86-86: trailing spaces

(trailing-spaces)

[error] 87-87: trailing spaces

(trailing-spaces)

[error] 88-88: trailing spaces

(trailing-spaces)

91-120: 🛠️ Refactor suggestion

Improve environment variables setup and build script.

The build script needs improvements:

Add validation for required secrets
Use environment files for variable persistence
Add proper error handling

 - name: Build and Distribute app to Firebase
   id: build-and-distribute
   run: |
+    set -eo pipefail
+
+    # Validate required secrets
+    required_secrets=(
+      "ENCRYPTED_PASS_KEY"
+      "FIREBASE_APP_ID"
+      "FIREBASE_CLI_TOKEN"
+      "KEYSTORE_PATH"
+      "KEYSTORE_PASSWORD"
+      "KEY_ALIAS"
+      "KEY_PASSWORD"
+    )
+    for secret in "${required_secrets[@]}"; do
+      if [ -z "${!secret}" ]; then
+        echo "Error: Required secret $secret is not set"
+        exit 1
+      fi
+    done
+
+    {
       # Set app URLs used in the codebase
       export ENCRYPTED_PASS_KEY=${{ secrets.ENCRYPTED_PASS_KEY }}
       export ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}
       export ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}
       export BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}
       export BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}
       export ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}
       export ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}

       # Set app release version signing credentials
       export KEYSTORE_PATH=${{ secrets.KEYSTORE_PATH }}
       export KEYSTORE_PASSWORD=${{ secrets.KEYSTORE_PASSWORD }}
       export KEY_ALIAS=${{ secrets.KEY_ALIAS }}
       export KEY_PASSWORD=${{ secrets.KEY_PASSWORD }}

       # Set Firebase App Distribution and Google Play authentication tokens
       export FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }}
       export FIREBASE_CLI_TOKEN=${{ secrets.FIREBASE_CLI_TOKEN }}
       export TESTER_GROUPS=${{ secrets.TESTER_GROUPS }}
+    } >> "$GITHUB_ENV"

     if [ "${{ inputs.build_type }}" == "debug" ]; then
-      bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }}
+      echo "Building debug variant..."
+      bundle exec fastlane build_and_distribute_debug variant:${{ inputs.variant }} || {
+        echo "Debug build failed"
+        exit 1
+      }
     else
-      bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }}
+      echo "Building release variant..."
+      bundle exec fastlane build_and_distribute_release variant:${{ inputs.variant }} || {
+        echo "Release build failed"
+        exit 1
+      }
     fi

Likely invalid or redundant comment.

coderabbitai · 2025-01-16T13:28:35Z

.github/workflows/android.yml

+  saksham_stag_job:
+    uses: ./.github/workflows/build-distribute.yml
+    with:
+      environment: SAKSHAM_STAG
+      variant: SakshamStag
+      build_type: debug
+    secrets: inherit


🛠️ Refactor suggestion

Implement job reusability and add input validation.

The jobs have identical structure with different inputs. Consider improving the configuration:

Add input validation

Use consistent naming for variants

jobs: saksham_stag_job: uses: ./.github/workflows/build-distribute.yml with: - environment: SAKSHAM_STAG - variant: SakshamStag + environment: SAKSHAM_STAG + variant: saksham_staging build_type: debug secrets: inherit saksham_uat_job: uses: ./.github/workflows/build-distribute.yml with: - environment: SAKSHAM_UAT - variant: SakshamUat + environment: SAKSHAM_UAT + variant: saksham_uat build_type: debug secrets: inherit niramay_production_job: uses: ./.github/workflows/build-distribute.yml with: - environment: NIRAMAY_PRODUCTION - variant: Niramay + environment: NIRAMAY_PRODUCTION + variant: niramay_production build_type: release secrets: inherit

Also applies to: 26-32, 34-40

coderabbitai

Actionable comments posted: 2

🧹 Nitpick comments (1)

fastlane/Fastfile (1)

59-65: Fix version increment configuration.

The commented-out version increment lane has configuration issues:

Empty Firebase app ID
Missing error handling for version increment

-#   desc "Increment Build Version in Codebase"
-#   lane :increment_version_staging_debug do
-#     latest_release = firebase_app_distribution_get_latest_release(
-#       app: ""
-#     )
-#     increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 })
-#   end
+  desc "Increment Build Version in Codebase"
+  lane :increment_version_staging_debug do
+    begin
+      latest_release = firebase_app_distribution_get_latest_release(
+        app: ENV['FIREBASE_APP_ID']
+      )
+      increment_version_code({ version_code: latest_release[:buildVersion].to_i + 1 })
+    rescue => e
+      UI.error("Failed to increment version: #{e.message}")
+      raise
+    end
+  end

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1200e97 and 5deca31.

📒 Files selected for processing (2)

.github/workflows/build-distribute.yml (1 hunks)
fastlane/Fastfile (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/build-distribute.yml

77-77: shellcheck reported issue in this script: SC2086:info:2:33: Double quote to prevent globbing and word splitting

(shellcheck)

93-93: shellcheck reported issue in this script: SC2155:warning:12:8: Declare and assign separately to avoid masking return values

(shellcheck)

93-93: shellcheck reported issue in this script: SC2155:warning:21:8: Declare and assign separately to avoid masking return values

(shellcheck)

🪛 yamllint (1.35.1)

.github/workflows/build-distribute.yml

[error] 24-24: trailing spaces

(trailing-spaces)

[error] 75-75: trailing spaces

(trailing-spaces)

[error] 76-76: trailing spaces

(trailing-spaces)

[error] 77-77: trailing spaces

(trailing-spaces)

[error] 78-78: trailing spaces

(trailing-spaces)

[error] 79-79: trailing spaces

(trailing-spaces)

[error] 80-80: trailing spaces

(trailing-spaces)

[error] 83-83: trailing spaces

(trailing-spaces)

[error] 84-84: trailing spaces

(trailing-spaces)

[error] 85-85: trailing spaces

(trailing-spaces)

[error] 86-86: trailing spaces

(trailing-spaces)

[error] 87-87: trailing spaces

(trailing-spaces)

[error] 88-88: trailing spaces

(trailing-spaces)

[error] 90-90: trailing spaces

(trailing-spaces)

[warning] 123-123: too many blank lines

(3 > 2) (empty-lines)

[error] 129-129: trailing spaces

(trailing-spaces)

[warning] 136-136: too many blank lines

(1 > 0) (empty-lines)

🪛 rubocop (1.69.1)

fastlane/Fastfile

[convention] 4-5: Extra empty line detected at block body beginning.

(Layout/EmptyLinesAroundBlockBody)

[convention] 24-24: Prefer to_s over string interpolation.

(Style/RedundantInterpolation)

[convention] 68-69: Extra empty line detected at block body end.

(Layout/EmptyLinesAroundBlockBody)

🔇 Additional comments (2)

fastlane/Fastfile (1)

11-28: 🛠️ Refactor suggestion

Add input validation and improve configuration.

The lane needs validation for required inputs and environment variables.

 desc "Build and Distribute Debug APK to Firebase"
 lane :build_and_distribute_debug do |options|
+  # Validate required parameters
+  UI.user_error!("Missing required parameter: variant") unless options[:variant]
+  valid_variants = ['staging', 'production']
+  UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])
+
+  # Validate required environment variables
+  required_vars = ['FIREBASE_APP_ID', 'FIREBASE_CLI_TOKEN', 'TESTER_GROUPS']
+  required_vars.each do |var|
+    UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?
+  end
+
   # Build the debug variant
   gradle(
     task: "assemble#{options[:variant]}Debug"
   )

-  puts "Testers group: #{ENV['TESTER_GROUPS']}"
+  UI.message("Building for testers group: #{ENV['TESTER_GROUPS']}")

   # Distribute to Firebase App Distribution for Stag and UAT
   firebase_app_distribution(
     app: ENV['FIREBASE_APP_ID'],
     firebase_cli_token: ENV['FIREBASE_CLI_TOKEN'],
-    groups: "#{ENV['TESTER_GROUPS']}",
-    release_notes: "#{options[:variant]}-Debug version out!",
+    groups: ENV['TESTER_GROUPS'],
+    release_notes: "#{options[:variant]} debug build #{Time.now.strftime('%Y-%m-%d %H:%M')}",
     debug: true
   )
 end

Likely invalid or redundant comment.

🧰 Tools

🪛 rubocop (1.69.1)

[convention] 24-24: Prefer to_s over string interpolation.

(Style/RedundantInterpolation)

.github/workflows/build-distribute.yml (1)

3-14: 🛠️ Refactor suggestion

Add input parameter validation and documentation.

The workflow inputs need validation to ensure they contain valid values.

 on:
   workflow_call:
     inputs:
       environment:
         required: true
         type: string
+        description: 'Environment to deploy to (NIRAMAY_PRODUCTION/XUSHRUKHA_PRODUCTION/etc)'
       variant:
         required: true
         type: string
+        description: 'Build variant (staging/production)'
+        default: 'staging'
       build_type:
         required: true
         type: string
+        description: 'Build type (debug/release)'
+        default: 'debug'
+    secrets:
+      FIREBASE_APP_ID:
+        required: true
+        description: 'Firebase App ID for distribution'
+      FIREBASE_CLI_TOKEN:
+        required: true
+        description: 'Firebase CLI token for authentication'
+      GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION:
+        required: false
+        description: 'Base64 encoded google-services.json for NIRAMAY_PRODUCTION'
+      GOOGLE_SERVICES_JSON_XUSHRUKHA_PRODUCTION:
+        required: false
+        description: 'Base64 encoded google-services.json for XUSHRUKHA_PRODUCTION'
+      GOOGLE_SERVICES_JSON_GENERIC:
+        required: true
+        description: 'Base64 encoded google-services.json for other environments'

Likely invalid or redundant comment.

coderabbitai · 2025-01-16T14:11:16Z

fastlane/Fastfile

+  desc "Get App Version" 
+  lane :get_app_version do 
+    app_version = android_get_version_name 
+    puts "App version name: #{app_version}" 
+  end


🛠️ Refactor suggestion

Add error handling for version name retrieval.

The lane should handle cases where version name retrieval fails.

desc "Get App Version" lane :get_app_version do - app_version = android_get_version_name - puts "App version name: #{app_version}" + begin + app_version = android_get_version_name + UI.success "App version name: #{app_version}" + rescue => e + UI.error "Failed to retrieve app version: #{e.message}" + raise + end end

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

desc "Get App Version"

lane :get_app_version do

app_version = android_get_version_name

puts "App version name: #{app_version}"

end

desc "Get App Version"

lane :get_app_version do

begin

app_version = android_get_version_name

UI.success "App version name: #{app_version}"

rescue => e

UI.error "Failed to retrieve app version: #{e.message}"

raise

end

end

coderabbitai · 2025-01-16T14:11:16Z

fastlane/Fastfile

+  desc "Build, Sign, and Distribute Release APK to Play Store"
+  lane :build_and_distribute_release do |options|
+    # Build the release variant
+    gradle(
+          task: "bundle#{options[:variant]}Release",
+          properties: {
+            "android.injected.signing.store.file" => ENV["KEYSTORE_FILE"],
+            "android.injected.signing.store.password" => ENV["KEYSTORE_PASSWORD"],
+            "android.injected.signing.key.alias" => ENV["KEY_ALIAS"],
+            "android.injected.signing.key.password" => ENV["KEY_PASSWORD"],
+          }
+        )
+
+    # Deploy to Google Play for Production
+#     supply(
+#       track: "internal",
+#       aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab",
+#       json_key: ENV["GOOGLE_PLAY_JSON_KEY"]
+#     )
+
+    upload_to_play_store(
+          track: "internal",
+          json_key: ENV["GOOGLE_PLAY_JSON_KEY"]
+    )
+  end


⚠️ Potential issue

Fix release distribution configuration.

The lane has several issues that need to be addressed:

Remove the commented-out supply action as it's replaced by upload_to_play_store.

Add the missing APK/AAB path to upload_to_play_store.

Add validation for signing configuration.

desc "Build, Sign, and Distribute Release APK to Play Store" lane :build_and_distribute_release do |options| + # Validate required parameters + UI.user_error!("Missing required parameter: variant") unless options[:variant] + valid_variants = ['staging', 'production'] + UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant]) + + # Validate signing configuration + required_vars = ['KEYSTORE_FILE', 'KEYSTORE_PASSWORD', 'KEY_ALIAS', 'KEY_PASSWORD'] + required_vars.each do |var| + UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil? + end + # Build the release variant gradle( task: "bundle#{options[:variant]}Release", properties: { "android.injected.signing.store.file" => ENV["KEYSTORE_FILE"], "android.injected.signing.store.password" => ENV["KEYSTORE_PASSWORD"], "android.injected.signing.key.alias" => ENV["KEY_ALIAS"], "android.injected.signing.key.password" => ENV["KEY_PASSWORD"], } ) - # Deploy to Google Play for Production -# supply( -# track: "internal", -# aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab", -# json_key: ENV["GOOGLE_PLAY_JSON_KEY"] -# ) upload_to_play_store( track: "internal", + aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab", json_key: ENV["GOOGLE_PLAY_JSON_KEY"] ) end

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

desc "Build, Sign, and Distribute Release APK to Play Store"

lane :build_and_distribute_release do |options|

# Build the release variant

gradle(

task: "bundle#{options[:variant]}Release",

properties: {

"android.injected.signing.store.file" => ENV["KEYSTORE_FILE"],

"android.injected.signing.store.password" => ENV["KEYSTORE_PASSWORD"],

"android.injected.signing.key.alias" => ENV["KEY_ALIAS"],

"android.injected.signing.key.password" => ENV["KEY_PASSWORD"],

}

)

# Deploy to Google Play for Production

# supply(

# track: "internal",

# aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab",

# json_key: ENV["GOOGLE_PLAY_JSON_KEY"]

# )

upload_to_play_store(

track: "internal",

json_key: ENV["GOOGLE_PLAY_JSON_KEY"]

)

end

desc "Build, Sign, and Distribute Release APK to Play Store"

lane :build_and_distribute_release do |options|

# Validate required parameters

UI.user_error!("Missing required parameter: variant") unless options[:variant]

valid_variants = ['staging', 'production']

UI.user_error!("Invalid variant: #{options[:variant]}") unless valid_variants.include?(options[:variant])

# Validate signing configuration

required_vars = ['KEYSTORE_FILE', 'KEYSTORE_PASSWORD', 'KEY_ALIAS', 'KEY_PASSWORD']

required_vars.each do |var|

UI.user_error!("Missing required environment variable: #{var}") if ENV[var].nil?

end

# Build the release variant

gradle(

task: "bundle#{options[:variant]}Release",

properties: {

"android.injected.signing.store.file" => ENV["KEYSTORE_FILE"],

"android.injected.signing.store.password" => ENV["KEYSTORE_PASSWORD"],

"android.injected.signing.key.alias" => ENV["KEY_ALIAS"],

"android.injected.signing.key.password" => ENV["KEY_PASSWORD"],

}

)

upload_to_play_store(

track: "internal",

aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab",

json_key: ENV["GOOGLE_PLAY_JSON_KEY"]

)

end

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (2)

fastlane/Fastfile (2)
1-4: Clean up empty lines around block body.

Remove extra empty lines at the beginning and end of the block body to improve code style.
 default_platform(:android)
 platform :android do
-

   desc "Get App Version"
33-33: Remove debug print with incorrect syntax.

The debug print statement contains an invalid syntax with ^&.
-     puts "variant: #{options[:variant]} ^& bundle#{options[:variant]}Release"
+     puts "Building release bundle for variant: #{options[:variant]}"

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5deca31 and 16fd6fc.

📒 Files selected for processing (1)

fastlane/Fastfile (1 hunks)

🧰 Additional context used

🪛 rubocop (1.69.1)

fastlane/Fastfile

[convention] 4-5: Extra empty line detected at block body beginning.

(Layout/EmptyLinesAroundBlockBody)

[convention] 24-24: Prefer to_s over string interpolation.

(Style/RedundantInterpolation)

[convention] 69-70: Extra empty line detected at block body end.

(Layout/EmptyLinesAroundBlockBody)

🔇 Additional comments (4)

fastlane/Fastfile (4)

5-9: Add error handling for version retrieval.

This matches a previous review comment. The lane should handle cases where version name retrieval fails and use UI.success/error for better logging.

11-28: Add input validation and improve configuration.

The debug distribution lane needs validation for required inputs and environment variables, as highlighted in previous review comments.

Additionally:

Simplify the redundant string interpolation:
-      groups: "#{ENV['TESTER_GROUPS']}",
+      groups: ENV['TESTER_GROUPS'],
🧰 Tools

🪛 rubocop (1.69.1)

[convention] 24-24: Prefer to_s over string interpolation.

(Style/RedundantInterpolation)

51-54: ⚠️ Potential issue

Fix incomplete Play Store upload configuration.

The upload_to_play_store action is missing the required AAB path parameter.
     upload_to_play_store(
           track: "internal",
+          aab: "app/build/outputs/bundle/#{options[:variant]}Release/app-#{options[:variant]}-release.aab",
           json_key: ENV["GOOGLE_PLAY_JSON_KEY"]
     )
Likely invalid or redundant comment.

60-66: Address commented out version increment lane.

Either remove the commented out code or implement it properly with:

Correct Firebase app ID

Error handling

Input validation

Run this script to check if the version increment functionality is used elsewhere:

✅ Verification successful

Remove the commented out increment_version_staging_debug lane

This lane appears to be an incomplete implementation:

No Firebase app ID is configured anywhere in the codebase

The codebase already has an active version management lane (:get_app_version)
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Check if version increment functionality is referenced in workflows or other files
rg -l "increment_version" .github/workflows/
Length of output: 44

Script:
#!/bin/bash
# Search for any version increment related code and Firebase distribution usage
rg -l "increment_version|firebase_app_distribution" .

# Check for any Fastlane lanes that might be handling versioning
rg "lane :.*version" fastlane/

# Look for Firebase app IDs in configuration
rg "app: \"[^\"]+\"" fastlane/
Length of output: 269

coderabbitai

Actionable comments posted: 1

♻️ Duplicate comments (7)

.github/workflows/build-distribute.yml (7)

40-44: ⚠️ Potential issue

Fix CMake version specification.

The specified CMake version 3.31.1 doesn't exist. The latest stable version is 3.27.x.

Apply this diff to fix the CMake version:

 - name: Install CMake
   uses: jwlawson/actions-setup-cmake@v1
   with:
-    cmake-version: '3.31.1'
+    cmake-version: '3.27.7'

45-50: 🛠️ Refactor suggestion

Update Ruby version for security and performance.

Ruby 2.7.2 is outdated and reached end-of-life. Update to a supported version.

Apply this diff to update the Ruby version:

 - name: Set up ruby env
   uses: ruby/setup-ruby@v1
   with:
-    ruby-version: 2.7.2
+    ruby-version: '3.2.2'
     bundler-cache: true

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 50-50: trailing spaces

(trailing-spaces)

69-83: 🛠️ Refactor suggestion

Add validation for decoded configuration files.

The google-services.json decoding steps need validation to ensure the files are properly created and valid.

Apply this diff to add validation:

 - name: Decode google-services.json for NIRAMAY_PRODUCTION
   if: inputs.environment == 'NIRAMAY_PRODUCTION'
   run: |
+    set -eo pipefail
     echo "${{ secrets.GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION }}" | base64 --decode > ./app/google-services.json || exit 1
+    # Validate JSON file
+    if ! jq empty ./app/google-services.json 2>/dev/null; then
+      echo "Invalid google-services.json file"
+      exit 1
+    fi

Apply similar changes to other google-services.json decoding steps.

86-103: 🛠️ Refactor suggestion

Improve Firebase credentials handling.

The case statement could be simplified and needs error handling for the base64 decode operation.

Apply this diff to improve the credentials handling:

 - name: Decode Firebase Credentials
   run: |
+    set -eo pipefail
+
     case "$capitalizedVariant" in
       SakshamStag|SakshamUat|Saksham)
-        echo "${{ secrets.FIREBASE_CREDENTIALS_JSON_SAKSHAM_ASSAM }}" | base64 --decode > firebase_credentials.json
+        CREDS="${{ secrets.FIREBASE_CREDENTIALS_JSON_SAKSHAM_ASSAM }}"
         ;;
       Niramay)
-        echo "${{ secrets.FIREBASE_CREDENTIALS_JSON_UTPRERONA_NIRAMAY }}" | base64 --decode > firebase_credentials.json
+        CREDS="${{ secrets.FIREBASE_CREDENTIALS_JSON_UTPRERONA_NIRAMAY }}"
         ;;
       Xushrukha)
-        echo "${{ secrets.FIREBASE_CREDENTIALS_JSON_UTPRERONA_XUSHRUKHA }}" | base64 --decode > firebase_credentials.json
+        CREDS="${{ secrets.FIREBASE_CREDENTIALS_JSON_UTPRERONA_XUSHRUKHA }}"
         ;;
       *)
-        echo "Unknown variant: $variant"
+        echo "Unknown variant: $capitalizedVariant"
         exit 1
         ;;
     esac
+
+    if [ -z "$CREDS" ]; then
+      echo "Firebase credentials not found for variant: $capitalizedVariant"
+      exit 1
+    fi
+
+    if ! echo "$CREDS" | base64 --decode > firebase_credentials.json; then
+      echo "Failed to decode Firebase credentials"
+      exit 1
+    fi
+
+    if ! jq empty firebase_credentials.json 2>/dev/null; then
+      echo "Invalid Firebase credentials JSON"
+      exit 1
+    fi

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 88-88: trailing spaces

(trailing-spaces)

112-116: ⚠️ Potential issue

Remove keystore file path exposure.

The keystore path is exposed in the logs, which is a security risk.

Apply this diff to remove the path exposure:

 - name: Decode keystore
   run: |
     echo "${{ secrets.KEYSTORE_FILE }}" | base64 --decode > ${{ github.workspace }}/keystore.jks
-    echo "Keystore path: ${{ github.workspace }}/keystore.jks"

120-134: ⚠️ Potential issue

Fix version extraction and verification.

The version extraction step has several issues:

The version is extracted from version.properties but verified using VERSION_NAME
The exit command is concatenated with the echo command
No validation of version format

Apply this diff to fix these issues:

 - name: Get version from build.gradle
   id: get-version
   run: |
+    set -eo pipefail
     VERSION_NAME=$(grep VERSION version/version.properties | cut -d'=' -f2) 
+    # Validate version format (e.g., x.y.z)
+    if ! echo "$VERSION_NAME" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
+      echo "Invalid version format: $VERSION_NAME"
+      exit 1
+    fi
     echo "version=$VERSION_NAME" >> $GITHUB_ENV
   env:
     GITHUB_ENV: $GITHUB_ENV

 - name: Verify version
   run: |
+    set -eo pipefail
     if [ -z "$version" ]; then 
-      echo "Version name could not be extracted. Exiting." exit 1 
+      echo "Version name could not be extracted."
+      exit 1
     else 
-      echo "Version name is $VERSION_NAME" 
+      echo "Version name is $version" 
     fi

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 123-123: trailing spaces

(trailing-spaces)

[error] 130-130: trailing spaces

(trailing-spaces)

[error] 131-131: trailing spaces

(trailing-spaces)

[error] 132-132: trailing spaces

(trailing-spaces)

[error] 133-133: trailing spaces

(trailing-spaces)

136-168: 🛠️ Refactor suggestion

Improve build and distribution step security and error handling.

Several security and reliability issues need to be addressed:

Secrets are decoded without proper error handling
No validation of required environment variables
Build commands lack error handling

Apply this diff to improve security and reliability:

 - name: Build and Distribute app to Firebase
   id: build-and-distribute
   run: |
+    set -eo pipefail
+
+    # Validate required secrets
+    required_secrets=(
+      "ENCRYPTED_PASS_KEY"
+      "FIREBASE_APP_ID"
+      "FIREBASE_CLI_TOKEN"
+      "KEYSTORE_PASSWORD"
+      "KEY_ALIAS"
+      "KEY_PASSWORD"
+    )
+    for secret in "${required_secrets[@]}"; do
+      if [ -z "${!secret}" ]; then
+        echo "Error: Required secret $secret is not set"
+        exit 1
+      fi
+    done

     encrypt() {
       echo -n "$1" | openssl enc -aes-256-cbc -pbkdf2 -K "$AES_KEY" -iv "$AES_IV" | base64
     }

     # Set app URLs used in the codebase
     export ENCRYPTED_PASS_KEY=$(encrypt '${{ secrets.BASE_TMC_URL }}')
     export ABHA_CLIENT_ID=$(encrypt '${{ secrets.ABHA_CLIENT_ID }}')
     export ABHA_CLIENT_SECRET=$(encrypt '${{ secrets.ABHA_CLIENT_SECRET }}')
     export BASE_TMC_URL=$(encrypt '${{ secrets.BASE_TMC_URL }}')
     export BASE_ABHA_URL=$(encrypt '${{ secrets.BASE_ABHA_URL }}')
     export ABHA_TOKEN_URL=$(encrypt '${{ secrets.ABHA_TOKEN_URL }}')
     export ABHA_AUTH_URL=$(encrypt '${{ secrets.ABHA_AUTH_URL }}')
     export CHAT_URL=$(encrypt '${{ secrets.CHAT_URL }}')

     # Set app release version signing credentials
-    export KEYSTORE_PASSWORD=$(echo ${{ secrets.KEYSTORE_PASSWORD }} | base64 --decode)
-    export KEY_ALIAS=${{ secrets.KEY_ALIAS }}
-    export KEY_PASSWORD=$(echo ${{ secrets.KEY_PASSWORD }} | base64 --decode)
+    if ! KEYSTORE_PASSWORD=$(echo "${{ secrets.KEYSTORE_PASSWORD }}" | base64 --decode 2>/dev/null); then
+      echo "Error: Failed to decode KEYSTORE_PASSWORD" >&2
+      exit 1
+    fi
+    export KEYSTORE_PASSWORD
+    
+    export KEY_ALIAS="${{ secrets.KEY_ALIAS }}"
+    
+    if ! KEY_PASSWORD=$(echo "${{ secrets.KEY_PASSWORD }}" | base64 --decode 2>/dev/null); then
+      echo "Error: Failed to decode KEY_PASSWORD" >&2
+      exit 1
+    fi
+    export KEY_PASSWORD

     # Set Firebase App Distribution and Google Play authentication tokens
     export FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }}

     echo "Capitalized Variant: $capitalizedVariant"
     if [ "${{ inputs.build_type }}" == "debug" ]; then
-      bundle exec fastlane build_and_distribute_debug variant:"$capitalizedVariant"
+      echo "Building debug variant for $capitalizedVariant..."
+      if ! bundle exec fastlane build_and_distribute_debug variant:"$capitalizedVariant"; then
+        echo "Debug build failed for $capitalizedVariant"
+        exit 1
+      fi
     else
-      bundle exec fastlane build_and_distribute_release variant:"$capitalizedVariant"
+      echo "Building release variant for $capitalizedVariant..."
+      if ! bundle exec fastlane build_and_distribute_release variant:"$capitalizedVariant"; then
+        echo "Release build failed for $capitalizedVariant"
+        exit 1
+      fi
     fi

🧹 Nitpick comments (2)

.github/workflows/build-distribute.yml (2)

171-189: Improve output file verification.

The output file verification step needs better error handling and path validation.

Apply this diff to improve the verification:

 - name: Verify Output Files
   run: |
+    set -eo pipefail
     echo "Checking output folder..."
     if [ "${{ inputs.build_type }}" == "debug" ]; then
       OUTPUT_PATH="app/build/outputs/apk/**/debug/*.apk"
     else
       OUTPUT_PATH="app/build/outputs/bundle/**/*.aab"
     fi

-    FILES_FOUND=$(find $OUTPUT_PATH 2>/dev/null | wc -l)
+    # Use find with proper error handling
+    if ! FILES=($(find $OUTPUT_PATH 2>/dev/null)); then
+      echo "⚠️ Error searching for files"
+      exit 1
+    fi
+    
+    FILES_FOUND=${#FILES[@]}

     if [ "$FILES_FOUND" -gt 0 ]; then
       echo "✅ Found $FILES_FOUND file(s):"
-      find $OUTPUT_PATH
+      printf '%s\n' "${FILES[@]}"
+      
+      # Validate file sizes
+      for file in "${FILES[@]}"; do
+        size=$(stat -f%z "$file" 2>/dev/null || stat -c%s "$file" 2>/dev/null)
+        if [ "$size" -eq 0 ]; then
+          echo "⚠️ Empty file found: $file"
+          exit 1
+        fi
+      done
     else
       echo "⚠️ No files found at path: $OUTPUT_PATH"
       exit 1
     fi

202-208: Improve release configuration.

The release step needs better configuration for handling pre-releases and release notes.

Apply this diff to improve the release configuration:

 - name: Push to Releases
   if: inputs.build_type == 'release'
   uses: ncipollo/release-action@v1
   with:
     artifacts: "app/build/outputs/bundle/**/*.aab"
     tag: v${{ env.version }}-${{ inputs.environment }}-${{ github.run_number }}
     token: ${{ secrets.GITHUB_TOKEN }}
+    prerelease: ${{ inputs.environment != 'NIRAMAY_PRODUCTION' && inputs.environment != 'XUSHRUKHA_PRODUCTION' }}
+    generateReleaseNotes: true
+    makeLatest: ${{ inputs.environment == 'NIRAMAY_PRODUCTION' || inputs.environment == 'XUSHRUKHA_PRODUCTION' }}

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 208-208: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 794c31c and ce8baee.

📒 Files selected for processing (2)

.github/workflows/build-distribute.yml (1 hunks)
app/src/main/cpp/native-lib.cpp (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

app/src/main/cpp/native-lib.cpp

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/build-distribute.yml

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 56-56: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 64-64: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

[error] 88-88: trailing spaces

(trailing-spaces)

[error] 104-104: trailing spaces

(trailing-spaces)

[error] 123-123: trailing spaces

(trailing-spaces)

[error] 130-130: trailing spaces

(trailing-spaces)

[error] 131-131: trailing spaces

(trailing-spaces)

[error] 132-132: trailing spaces

(trailing-spaces)

[error] 133-133: trailing spaces

(trailing-spaces)

[error] 208-208: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (2)

.github/workflows/build-distribute.yml (2)

190-200: Improve artifact upload configuration.

The artifact upload step needs improvements for better error handling and path handling.

Apply this diff to improve the configuration:

 - name: Upload Artifacts
   uses: actions/upload-artifact@v4
   with:
     name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated
     path: |
-      ${{ inputs.build_type == 'debug' && 'app/build/outputs/apk/**/debug/*.apk' || 'app/build/outputs/bundle/**/*.aab' }}
+      app/build/outputs/apk/**/debug/*.apk
+      app/build/outputs/bundle/**/*.aab
     if-no-files-found: warn
     compression-level: 6
     overwrite: false
-    include-hidden-files: false
+    retention-days: 5

3-14: 🛠️ Refactor suggestion

Add input validation and declare required secrets.

The workflow inputs need validation and the required secrets should be declared in the workflow_call event.

Apply this diff to improve input validation and secret declarations:

 on:
   workflow_call:
     inputs:
       environment:
         required: true
         type: string
+        description: 'Environment to deploy to (NIRAMAY_PRODUCTION/XUSHRUKHA_PRODUCTION/etc.)'
       variant:
         required: true
         type: string
+        description: 'Build variant (SakshamStag/SakshamUat/Saksham/Niramay/Xushrukha)'
       build_type:
         required: true
         type: string
+        description: 'Build type (debug/release)'
+        enum: ['debug', 'release']
+    secrets:
+      GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION:
+        required: false
+      GOOGLE_SERVICES_JSON_XUSHRUKHA_PRODUCTION:
+        required: false
+      GOOGLE_SERVICES_JSON_GENERIC:
+        required: true
+      FIREBASE_CREDENTIALS_JSON_SAKSHAM_ASSAM:
+        required: false
+      FIREBASE_CREDENTIALS_JSON_UTPRERONA_NIRAMAY:
+        required: false
+      FIREBASE_CREDENTIALS_JSON_UTPRERONA_XUSHRUKHA:
+        required: false
+      GOOGLE_PLAY_JSON_KEY:
+        required: false
+      KEYSTORE_FILE:
+        required: true
+      GITHUB_TOKEN:
+        required: true

Likely invalid or redundant comment.

coderabbitai

Actionable comments posted: 3

🧹 Nitpick comments (10)

.github/workflows/build-distribute.yml (10)
6-14: Enhance Input Parameter Documentation

It is recommended to add brief descriptions for each input (environment, variant, build_type) to improve readability and understanding of their purpose.

51-68: AES Key and IV Generation – Avoid Double Encoding and Validate Lengths

Currently, the AES key and IV are generated with openssl rand -base64 and then re-encoded with base64, which may be redundant. Consider generating raw random bytes (and then encoding only once), and add validation for the key and IV lengths to ensure they meet the required criteria.

Example diff:
-          AES_KEY=$(openssl rand -base64 32)
-          AES_IV=$(openssl rand -base64 16)
-          
-          # Encode AES key and IV to Base64
-          ENCODED_AES_KEY=$(echo -n "$AES_KEY" | base64)
-          ENCODED_AES_IV=$(echo -n "$AES_IV" | base64)
+          AES_KEY=$(openssl rand 32 | base64)
+          AES_IV=$(openssl rand 16 | base64)
+          
+          # (Optional) Validate lengths after decoding if required
+          KEY_LENGTH=$(echo -n "$AES_KEY" | base64 -d | wc -c)
+          IV_LENGTH=$(echo -n "$AES_IV" | base64 -d | wc -c)
+          if [ "$KEY_LENGTH" -ne 32 ] || [ "$IV_LENGTH" -ne 16 ]; then
+            echo "Error: Invalid key or IV length"
+            exit 1
+          fi
+
+          # Set them as environment variables for subsequent steps
+          {
+            echo "ENCODED_AES_KEY=$AES_KEY"
+            echo "ENCODED_AES_IV=$AES_IV"
+          } >> "$GITHUB_ENV"
🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 56-56: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 64-64: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

69-83: Improve google-services.json Decoding Validation

While the steps correctly decode the google-services.json for different environments, consider adding a validation step (for instance, using jq) to verify that the resulting file is valid JSON.

84-85: Variant Capitalization – Edge Case Consideration

The step to capitalize the first letter of the variant is functional. For improved robustness, consider handling the edge case when the variant string might be empty.

107-111: Google Play JSON Key Decoding – Add Error Handling

Consider adding error checking after decoding the Google Play JSON key so that any decoding issues or invalid files can be caught early.

117-119: Local Properties File Creation

The step for creating local.properties is straightforward; however, adding error handling to confirm that the file is created successfully could improve robustness.

120-127: Version Extraction from version.properties

Extracting the version using grep and cut relies on the exact format of version/version.properties. Ensure that the file exists and follows the expected format. Consider adding error handling if no version is found.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 123-123: trailing spaces

(trailing-spaces)

170-189: Output Files Verification – Ensure Robust Wildcard Handling

The verification step for output files uses a wildcard in the find command. While functional, consider whether quoting or alternative methods might be necessary to prevent word splitting issues. At the very least, verify that the wildcard expansion meets your expectations in all environments.

201-208: Enhance Release Step with Optional Prerelease Flag

For the "Push to Releases" step, consider adding a prerelease flag for non-production releases. This can help distinguish production builds from staging or testing builds in GitHub Releases.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 208-208: no new line character at the end of file

(new-line-at-end-of-file)

1-208: YAML Formatting and Trailing Whitespace

Multiple lines in this file contain trailing spaces (e.g., lines 50, 56, 60, 64, 65, etc.), and the file does not end with a newline (line 208). Cleaning up these formatting issues will help maintain consistency and pass linting checks.

🧰 Tools

🪛 actionlint (1.7.4)

139-139: parser did not reach end of input after parsing the expression. 2 remaining token(s) in the input: "IDENT", "IDENT"

(expression)

🪛 YAMLlint (1.35.1)

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 56-56: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 64-64: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

[error] 88-88: trailing spaces

(trailing-spaces)

[error] 104-104: trailing spaces

(trailing-spaces)

[error] 123-123: trailing spaces

(trailing-spaces)

[error] 130-130: trailing spaces

(trailing-spaces)

[error] 131-131: trailing spaces

(trailing-spaces)

[error] 132-132: trailing spaces

(trailing-spaces)

[error] 133-133: trailing spaces

(trailing-spaces)

[error] 208-208: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ce8baee and 207bb89.

📒 Files selected for processing (4)

.github/workflows/build-distribute.yml (1 hunks)
app/src/main/cpp/CMakeLists.txt (1 hunks)
app/src/main/cpp/native-lib.cpp (1 hunks)
app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

app/src/main/cpp/CMakeLists.txt
app/src/main/cpp/native-lib.cpp
app/src/main/java/org/piramalswasthya/sakhi/utils/KeyUtils.kt

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/build-distribute.yml

139-139: parser did not reach end of input after parsing the expression. 2 remaining token(s) in the input: "IDENT", "IDENT"

(expression)

🪛 YAMLlint (1.35.1)

.github/workflows/build-distribute.yml

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 56-56: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 64-64: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

[error] 88-88: trailing spaces

(trailing-spaces)

[error] 104-104: trailing spaces

(trailing-spaces)

[error] 123-123: trailing spaces

(trailing-spaces)

[error] 130-130: trailing spaces

(trailing-spaces)

[error] 131-131: trailing spaces

(trailing-spaces)

[error] 132-132: trailing spaces

(trailing-spaces)

[error] 133-133: trailing spaces

(trailing-spaces)

[error] 208-208: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (4)

.github/workflows/build-distribute.yml (4)

40-44: CMake Version Specification

The workflow currently installs CMake version "3.31.1", which may not be available as a stable release. Consider switching to a known stable release (e.g., "3.27.7") to avoid potential installation failures.

Proposed change:
-          cmake-version: '3.31.1'
+          cmake-version: '3.27.7'
45-49: Ruby Version Outdated

Ruby 2.7.2 is near end-of-life. Updating to a newer, supported version (for example, "3.2.2") would improve long-term maintainability and compatibility.

Proposed change:
-          ruby-version: 2.7.2
+          ruby-version: '3.2.2'
112-116: Avoid Exposing Sensitive Keystore Information

Logging the keystore path (line 115) may inadvertently expose sensitive information. It is advisable to remove the echo statement that prints the keystore path.

Proposed change:
-          echo "Keystore path: ${{ github.workspace }}/keystore.jks"
128-135: ⚠️ Potential issue

Fix Shell Syntax in Version Verification

The verification step concatenates the echo and exit commands on the same line, which leads to a syntax error. Split these into separate lines.

Proposed change:
-          if [ -z "$VERSION_NAME" ]; then 
-            echo "Version name could not be extracted. Exiting." exit 1 
+          if [ -z "$VERSION_NAME" ]; then 
+            echo "Version name could not be extracted. Exiting."
+            exit 1
Likely invalid or redundant comment.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 130-130: trailing spaces

(trailing-spaces)

[error] 131-131: trailing spaces

(trailing-spaces)

[error] 132-132: trailing spaces

(trailing-spaces)

[error] 133-133: trailing spaces

(trailing-spaces)

coderabbitai · 2025-02-02T18:50:59Z

.github/workflows/build-distribute.yml

+      - name: Upload Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated
+          path: |
+            ${{ inputs.build_type == 'debug' && 'app/build/outputs/apk/**/debug/*.apk' || 'app/build/outputs/bundle/**/*.aab' }}
+          if-no-files-found: warn
+          compression-level: 6
+          overwrite: false
+          include-hidden-files: false
+


⚠️ Potential issue

Correct Artifact Path Expression

The inline conditional expression for determining the artifact path uses shell-style &&/||, which is not standard in GitHub Actions expressions. Instead, use the ternary operator syntax.

Proposed change:

- ${{ inputs.build_type == 'debug' && 'app/build/outputs/apk/**/debug/*.apk' || 'app/build/outputs/bundle/**/*.aab' }} + ${{ inputs.build_type == 'debug' ? 'app/build/outputs/apk/**/debug/*.apk' : 'app/build/outputs/bundle/**/*.aab' }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Upload Artifacts

uses: actions/upload-artifact@v4

with:

name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated

path: |

${{ inputs.build_type == 'debug' && 'app/build/outputs/apk/**/debug/*.apk' || 'app/build/outputs/bundle/**/*.aab' }}

if-no-files-found: warn

compression-level: 6

overwrite: false

include-hidden-files: false

- name: Upload Artifacts

uses: actions/upload-artifact@v4

with:

name: FLW-Mobile-App - APK(s) ${{ inputs.variant }} generated

path: |

${{ inputs.build_type == 'debug' ? 'app/build/outputs/apk/**/debug/*.apk' : 'app/build/outputs/bundle/**/*.aab' }}

if-no-files-found: warn

compression-level: 6

overwrite: false

include-hidden-files: false

coderabbitai · 2025-02-02T18:50:59Z

.github/workflows/build-distribute.yml

+      - name: Decode Firebase Credentials
+        run: |
+
+          case "$capitalizedVariant" in
+            SakshamStag|SakshamUat|Saksham)
+              echo "${{ secrets.FIREBASE_CREDENTIALS_JSON_SAKSHAM_ASSAM }}" | base64 --decode > firebase_credentials.json
+              ;;
+            Niramay)
+              echo "${{ secrets.FIREBASE_CREDENTIALS_JSON_UTPRERONA_NIRAMAY }}" | base64 --decode > firebase_credentials.json
+              ;;
+            Xushrukha)
+              echo "${{ secrets.FIREBASE_CREDENTIALS_JSON_UTPRERONA_XUSHRUKHA }}" | base64 --decode > firebase_credentials.json
+              ;;
+            *)
+              echo "Unknown variant: $variant"
+              exit 1
+              ;;
+          esac


⚠️ Potential issue

Firebase Credentials: Correct Variable Reference and Error Handling

In the Firebase credentials decoding step, the error message currently uses $variant even though the capitalized variant is stored in capitalizedVariant. This can lead to confusing error messages.

Proposed change:

- echo "Unknown variant: $variant" + echo "Unknown variant: $capitalizedVariant"

Additionally, it would be beneficial to add validation to ensure that the decoded credentials are valid (e.g., using jq).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Decode Firebase Credentials

run: |

case "$capitalizedVariant" in

SakshamStag|SakshamUat|Saksham)

echo "${{ secrets.FIREBASE_CREDENTIALS_JSON_SAKSHAM_ASSAM }}" | base64 --decode > firebase_credentials.json

;;

Niramay)

echo "${{ secrets.FIREBASE_CREDENTIALS_JSON_UTPRERONA_NIRAMAY }}" | base64 --decode > firebase_credentials.json

;;

Xushrukha)

echo "${{ secrets.FIREBASE_CREDENTIALS_JSON_UTPRERONA_XUSHRUKHA }}" | base64 --decode > firebase_credentials.json

;;

*)

echo "Unknown variant: $variant"

exit 1

;;

esac

- name: Decode Firebase Credentials

run: |

case "$capitalizedVariant" in

SakshamStag|SakshamUat|Saksham)

echo "${{ secrets.FIREBASE_CREDENTIALS_JSON_SAKSHAM_ASSAM }}" | base64 --decode > firebase_credentials.json

;;

Niramay)

echo "${{ secrets.FIREBASE_CREDENTIALS_JSON_UTPRERONA_NIRAMAY }}" | base64 --decode > firebase_credentials.json

;;

Xushrukha)

echo "${{ secrets.FIREBASE_CREDENTIALS_JSON_UTPRERONA_XUSHRUKHA }}" | base64 --decode > firebase_credentials.json

;;

*)

- echo "Unknown variant: $variant"

+ echo "Unknown variant: $capitalizedVariant"

exit 1

;;

esac

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 88-88: trailing spaces

(trailing-spaces)

coderabbitai · 2025-02-02T18:50:59Z

.github/workflows/build-distribute.yml

+      - name: Build and Distribute app to Firebase
+        id: build-and-distribute
+        run: |
+
+          encrypt() {
+            echo -n "$1" | openssl enc -aes-256-cbc -pbkdf2 -K "$AES_KEY" -iv "$AES_IV" | base64
+          }
+
+          # Set app URLs used in the codebase
+          export ENCRYPTED_PASS_KEY=${{ secrets.BASE_TMC_URL }}
+          export ABHA_CLIENT_ID=${{secrets.ABHA_CLIENT_ID}}
+          export ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET
+          export BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}
+          export BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}
+          export ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}
+          export ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}
+          export CHAT_URL=${{ secrets.CHAT_URL }}
+
+          # Set app release version signing credentials
+          export KEYSTORE_PASSWORD=$(echo ${{ secrets.KEYSTORE_PASSWORD }} | base64 --decode)
+          export KEY_ALIAS=${{ secrets.KEY_ALIAS }}
+          export KEY_PASSWORD=$(echo ${{ secrets.KEY_PASSWORD }} | base64 --decode)
+
+
+          # Set Firebase App Distribution and Google Play authentication tokens
+          export FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }}
+
+          echo "Capitalized Variant: $capitalizedVariant"
+          if [ "${{ inputs.build_type }}" == "debug" ]; then
+            bundle exec fastlane build_and_distribute_debug variant:"$capitalizedVariant"
+          else
+            bundle exec fastlane build_and_distribute_release variant:"$capitalizedVariant"
+          fi
+


⚠️ Potential issue

Build and Distribute: Fix Environment Variable Syntax and Enhance Error Handling

There is a syntax error on line 147 where the ABHA_CLIENT_SECRET environment variable is missing its closing brace. It should be corrected to properly close the expression. Additionally, consider wrapping the Fastlane commands with error handling to capture build failures.

Proposed change for line 147:

- export ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET + export ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}

Also, for increased robustness, wrap the Fastlane commands in conditional checks:

- if [ "${{ inputs.build_type }}" == "debug" ]; then - bundle exec fastlane build_and_distribute_debug variant:"$capitalizedVariant" - else - bundle exec fastlane build_and_distribute_release variant:"$capitalizedVariant" - fi + if [ "${{ inputs.build_type }}" == "debug" ]; then + if ! bundle exec fastlane build_and_distribute_debug variant:"$capitalizedVariant"; then + echo "Debug build failed for $capitalizedVariant" + exit 1 + fi + else + if ! bundle exec fastlane build_and_distribute_release variant:"$capitalizedVariant"; then + echo "Release build failed for $capitalizedVariant" + exit 1 + fi + fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Build and Distribute app to Firebase

id: build-and-distribute

run: |

encrypt() {

echo -n "$1" | openssl enc -aes-256-cbc -pbkdf2 -K "$AES_KEY" -iv "$AES_IV" | base64

}

# Set app URLs used in the codebase

export ENCRYPTED_PASS_KEY=${{ secrets.BASE_TMC_URL }}

export ABHA_CLIENT_ID=${{secrets.ABHA_CLIENT_ID}}

export ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET

export BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}

export BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}

export ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}

export ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}

export CHAT_URL=${{ secrets.CHAT_URL }}

# Set app release version signing credentials

export KEYSTORE_PASSWORD=$(echo ${{ secrets.KEYSTORE_PASSWORD }} | base64 --decode)

export KEY_ALIAS=${{ secrets.KEY_ALIAS }}

export KEY_PASSWORD=$(echo ${{ secrets.KEY_PASSWORD }} | base64 --decode)

# Set Firebase App Distribution and Google Play authentication tokens

export FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }}

echo "Capitalized Variant: $capitalizedVariant"

if [ "${{ inputs.build_type }}" == "debug" ]; then

bundle exec fastlane build_and_distribute_debug variant:"$capitalizedVariant"

else

bundle exec fastlane build_and_distribute_release variant:"$capitalizedVariant"

fi

- name: Build and Distribute app to Firebase

id: build-and-distribute

run: |

encrypt() {

echo -n "$1" | openssl enc -aes-256-cbc -pbkdf2 -K "$AES_KEY" -iv "$AES_IV" | base64

}

# Set app URLs used in the codebase

export ENCRYPTED_PASS_KEY=${{ secrets.BASE_TMC_URL }}

export ABHA_CLIENT_ID=${{ secrets.ABHA_CLIENT_ID }}

export ABHA_CLIENT_SECRET=${{ secrets.ABHA_CLIENT_SECRET }}

export BASE_TMC_URL=${{ secrets.BASE_TMC_URL }}

export BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }}

export ABHA_TOKEN_URL=${{ secrets.ABHA_TOKEN_URL }}

export ABHA_AUTH_URL=${{ secrets.ABHA_AUTH_URL }}

export CHAT_URL=${{ secrets.CHAT_URL }}

# Set app release version signing credentials

export KEYSTORE_PASSWORD=$(echo ${{ secrets.KEYSTORE_PASSWORD }} | base64 --decode)

export KEY_ALIAS=${{ secrets.KEY_ALIAS }}

export KEY_PASSWORD=$(echo ${{ secrets.KEY_PASSWORD }} | base64 --decode)

# Set Firebase App Distribution and Google Play authentication tokens

export FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }}

echo "Capitalized Variant: $capitalizedVariant"

if [ "${{ inputs.build_type }}" == "debug" ]; then

if ! bundle exec fastlane build_and_distribute_debug variant:"$capitalizedVariant"; then

echo "Debug build failed for $capitalizedVariant"

exit 1

fi

else

if ! bundle exec fastlane build_and_distribute_release variant:"$capitalizedVariant"; then

echo "Release build failed for $capitalizedVariant"

exit 1

fi

fi

🧰 Tools

🪛 actionlint (1.7.4)

139-139: parser did not reach end of input after parsing the expression. 2 remaining token(s) in the input: "IDENT", "IDENT"

(expression)

coderabbitai

Actionable comments posted: 5

🧹 Nitpick comments (8)

app/src/main/cpp/native-lib.cpp (1)
9-73: Improve code organization and documentation.

The functions should be organized by type and properly documented:
+// Group 1: Credential Functions
+/**
+ * Retrieves the encrypted password key used for secure operations.
+ * @param env JNI environment
+ * @param thiz JNI this object
+ * @return The encrypted password key as a jstring
+ */
 extern "C" JNIEXPORT jstring JNICALL
 Java_org_piramalswasthya_sakhi_utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) {
     // ... implementation ...
 }

+// Group 2: URL Functions
+/**
+ * Retrieves the base TMC URL for API operations.
+ * @param env JNI environment
+ * @param thiz JNI this object
+ * @return The base TMC URL as a jstring
+ */
 extern "C" JNIEXPORT jstring JNICALL
 Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseTMCUrl(JNIEnv *env, jobject thiz) {
     // ... implementation ...
 }
Consider moving the URL validation regex to a separate header file:
// url_validator.h
#pragma once

#include <regex>

namespace utils {
    static const std::regex URL_REGEX(
        R"(^(http|https)://)"
        R"([a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,})"
        R"((/\S*)?$)"
    );
    
    inline bool isValidUrl(const std::string& url) {
        return std::regex_match(url, URL_REGEX);
    }
}
.github/workflows/build-distribute.yml (7)
3-15: Enhance Workflow Input Documentation
Consider adding description fields to each workflow input (e.g., environment, variant, and build_type) to document their purpose. This helps future maintainers understand the expected values and usage.

69-73: Enhance JSON Decoding Validation
After decoding the google-services.json for NIRAMAY_PRODUCTION, consider validating the JSON structure (e.g., using jq empty ./app/google-services.json) to ensure the file is correctly formatted before proceeding.

74-78: Add Validation for Decoded JSON
For the XUSHRUKHA_PRODUCTION case, ensure that the decoded JSON is valid by incorporating a validation step (for example, piping through jq empty).

79-83: Ensure Validity of Generic google-services.json
Similarly, after decoding the generic google-services.json, validate its contents with a tool like jq to catch any malformed JSON issues early.

107-111: Enhance Error Handling for Google Play JSON Key Decoding
Consider appending || exit 1 to the decode command to ensure that any failure in generating the google_play_service_account.json file halts the workflow immediately.

171-189: Quote Variables in File Verification Step
When running the find command to check for output files, quoting the $OUTPUT_PATH variable can prevent potential word splitting or globbing issues. For example:
-          FILES_FOUND=$(find $OUTPUT_PATH 2>/dev/null | wc -l)
+          FILES_FOUND=$(find "$OUTPUT_PATH" 2>/dev/null | wc -l)
This small change enhances the reliability of the file search.

202-208: Ensure Consistent Release Step Configuration
While the release action configuration appears correct, static analysis flagged that the file lacks a newline at the end. Please add a newline after line 208 to satisfy linting requirements.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 208-208: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 207bb89 and 4a1222b.

📒 Files selected for processing (2)

.github/workflows/build-distribute.yml (1 hunks)
app/src/main/cpp/native-lib.cpp (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/build-distribute.yml

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 56-56: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 64-64: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

[error] 88-88: trailing spaces

(trailing-spaces)

[error] 104-104: trailing spaces

(trailing-spaces)

[error] 123-123: trailing spaces

(trailing-spaces)

[error] 130-130: trailing spaces

(trailing-spaces)

[error] 131-131: trailing spaces

(trailing-spaces)

[error] 132-132: trailing spaces

(trailing-spaces)

[error] 133-133: trailing spaces

(trailing-spaces)

[error] 208-208: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (7)

app/src/main/cpp/native-lib.cpp (2)

1-7: Add header protection and define configuration constants.

The header lacks protection against multiple inclusion and the configuration constants are not defined.

Add the following at the beginning of the file:
+#pragma once
+
 #include <jni.h>
 #include <string>
 #include <android/log.h>
 
+// Configuration constants
+#ifndef ENCRYPTED_PASS_KEY
+#define ENCRYPTED_PASS_KEY ""
+#endif
+
+#ifndef ABHA_CLIENT_SECRET
+#define ABHA_CLIENT_SECRET ""
+#endif
+
+// Add similar defines for other constants
9-73: Implement comprehensive error handling and security measures.

The JNI functions need several security improvements:

Remove logging of sensitive information

Add error handling for missing environment variables

Add input validation for URLs

Add exception handling for JNI operations

Implement secure memory handling

Example implementation for a secure base function:
template<typename T>
static jstring getSecureString(JNIEnv *env, const char* name, const T& value, bool isUrl = false) {
    try {
        if (value.empty()) {
            __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, "%s is not set", name);
            return env->NewStringUTF("");
        }
        
        if (isUrl && !isValidUrl(value)) {
            __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, "Invalid URL format for %s", name);
            return env->NewStringUTF("");
        }
        
        // Log only that we're retrieving the value, not the value itself
        __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, "Retrieving %s", name);
        
        return env->NewStringUTF(value.c_str());
    } catch (const std::exception& e) {
        __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, "Error retrieving %s: %s", name, e.what());
        if (env->ExceptionCheck()) {
            env->ExceptionDescribe();
            env->ExceptionClear();
        }
        return env->NewStringUTF("");
    }
}
Then update each function to use this template:
 extern "C" JNIEXPORT jstring JNICALL
 Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseTMCUrl(JNIEnv *env, jobject thiz) {
-    std::string baseTMCUrl = BASE_TMC_URL;
-    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Base TMC URL: %s", baseTMCUrl.c_str());
-    return env->NewStringUTF(baseTMCUrl.c_str());
+    return getSecureString(env, "BASE_TMC_URL", std::string(BASE_TMC_URL), true);
 }
.github/workflows/build-distribute.yml (5)

84-85: Validate Variant Capitalization Process
Confirm that the awk command used to generate capitalizedVariant correctly handles all potential inputs (including empty or unexpected values). Testing this in the GitHub Actions environment will help avoid surprises later.

117-119: Verify Local Properties Creation
Ensure that the created local.properties file includes the correct Android SDK path. Adding error handling (e.g., checking if the file exists after creation) can improve robustness.

190-200: ⚠️ Potential issue

Correct Artifact Path Expression
The inline conditional expression using &&/|| in the artifact path is non-standard for GitHub Actions. Replace it with the ternary operator syntax:
-            ${{ inputs.build_type == 'debug' && 'app/build/outputs/apk/**/debug/*.apk' || 'app/build/outputs/bundle/**/*.aab' }}
+            ${{ inputs.build_type == 'debug' ? 'app/build/outputs/apk/**/debug/*.apk' : 'app/build/outputs/bundle/**/*.aab' }}
This ensures that the correct path is selected based on the build type.

Likely invalid or redundant comment.

86-103: ⚠️ Potential issue

Fix Variable Reference in Firebase Credentials Decoding
In the default case (line 100), the error message currently uses $variant instead of the already processed $capitalizedVariant. Update the message to:
-              echo "Unknown variant: $variant"
+              echo "Unknown variant: $capitalizedVariant"
This ensures consistency and clarity in the logs.

Likely invalid or redundant comment.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 88-88: trailing spaces

(trailing-spaces)

136-169: 🛠️ Refactor suggestion

Improve Build and Distribution Step

Add set -eo pipefail at the beginning of this script block for improved error detection.

Wrap the Fastlane commands inside conditional checks to catch failures. For example:
-          if [ "${{ inputs.build_type }}" == "debug" ]; then
-            bundle exec fastlane build_and_distribute_debug variant:"$capitalizedVariant"
-          else
-            bundle exec fastlane build_and_distribute_release variant:"$capitalizedVariant"
-          fi
+          if [ "${{ inputs.build_type }}" == "debug" ]; then
+            if ! bundle exec fastlane build_and_distribute_debug variant:"$capitalizedVariant"; then
+              echo "Debug build failed for $capitalizedVariant"
+              exit 1
+            fi
+          else
+            if ! bundle exec fastlane build_and_distribute_release variant:"$capitalizedVariant"; then
+              echo "Release build failed for $capitalizedVariant"
+              exit 1
+            fi
+          fi
Also, ensure that secret values are wrapped in quotes when being decoded.

Likely invalid or redundant comment.

coderabbitai · 2025-02-03T03:30:22Z

.github/workflows/build-distribute.yml

+      - name: Install CMake
+        uses: jwlawson/actions-setup-cmake@v1
+        with:
+          cmake-version: '3.31.1'
+


⚠️ Potential issue

Verify CMake Version Specification
The specified CMake version '3.31.1' may not be a stable or available release. As noted in previous comments, consider using a proven stable version (e.g., '3.27.7') to avoid build issues.

coderabbitai · 2025-02-03T03:30:23Z

.github/workflows/build-distribute.yml

+      - name: Set up ruby env
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.7.2
+          bundler-cache: true
+


🛠️ Refactor suggestion

Update Ruby Version
Ruby version 2.7.2 is outdated and has reached its end-of-life. Upgrading to a supported version like '3.2.2' will ensure better long-term maintenance and security.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 50-50: trailing spaces

(trailing-spaces)

coderabbitai · 2025-02-03T03:30:23Z

.github/workflows/build-distribute.yml

+      - name: Generate AES Key and IV
+        run: |
+          # Generate 32-byte AES key (256 bits) and 16-byte IV (128 bits)
+          AES_KEY=$(openssl rand -base64 32)
+          AES_IV=$(openssl rand -base64 16)
+
+          # Encode AES key and IV to Base64
+          ENCODED_AES_KEY=$(echo -n "$AES_KEY" | base64)
+          ENCODED_AES_IV=$(echo -n "$AES_IV" | base64)
+
+          # Set them as environment variables for subsequent steps
+          echo "ENCODED_AES_KEY=$ENCODED_AES_KEY" >> $GITHUB_ENV
+          echo "ENCODED_AES_IV=$ENCODED_AES_IV" >> $GITHUB_ENV
+
+
+          echo "::add-mask::$AES_KEY"
+          echo "::add-mask::$AES_IV"
+


🛠️ Refactor suggestion

Improve AES Key and IV Generation

Consider adding set -eo pipefail at the beginning of this step to catch any command failures immediately.

The keys are generated with openssl rand -base64 and then re-encoded—this extra encoding might be redundant. Generate the raw bytes first (for example, using openssl rand 32 | base64) to avoid double encoding.

It is also good practice to validate that the decoded key and IV lengths match the expected 32 and 16 bytes, respectively.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 56-56: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 64-64: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

coderabbitai · 2025-02-03T03:30:23Z

.github/workflows/build-distribute.yml

+      - name: Decode keystore
+        run: |
+          echo "${{ secrets.KEYSTORE_FILE }}" | base64 --decode > ${{ github.workspace }}/keystore.jks
+          echo "Keystore path: ${{ github.workspace }}/keystore.jks"
+


⚠️ Potential issue

Avoid Exposing Keystore Path in Logs
The step logs the keystore path (line 115), which might expose sensitive information or system details. It is recommended to remove or mask this output for security.

coderabbitai · 2025-02-03T03:30:23Z

.github/workflows/build-distribute.yml

+      - name: Get version from build.gradle
+        id: get-version
+        run: |
+          VERSION_NAME=$(grep VERSION version/version.properties | cut -d'=' -f2) 
+          echo "version=$VERSION_NAME" >> $GITHUB_ENV
+        env:
+          GITHUB_ENV: $GITHUB_ENV
+
+      - name: Verify version
+        run: |
+          if [ -z "$VERSION_NAME" ]; then 
+            echo "Version name could not be extracted. Exiting." exit 1 
+          else 
+            echo "Version name is $VERSION_NAME" 
+          fi
+


⚠️ Potential issue

Fix Version Extraction and Verification Syntax

There is an inconsistency: the version is written to $GITHUB_ENV as version but later retrieved via $VERSION_NAME.

Additionally, the command on line 131 does not properly separate the echo output from the exit command. Consider revising it as follows:

- if [ -z "$VERSION_NAME" ]; then - echo "Version name could not be extracted. Exiting." exit 1 + if [ -z "$VERSION_NAME" ]; then + echo "Version name could not be extracted. Exiting." + exit 1

This separation ensures the shell processes the commands correctly.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Get version from build.gradle

id: get-version

run: |

VERSION_NAME=$(grep VERSION version/version.properties | cut -d'=' -f2)

echo "version=$VERSION_NAME" >> $GITHUB_ENV

env:

GITHUB_ENV: $GITHUB_ENV

- name: Verify version

run: |

if [ -z "$VERSION_NAME" ]; then

echo "Version name could not be extracted. Exiting." exit 1

else

echo "Version name is $VERSION_NAME"

fi

- name: Get version from build.gradle

id: get-version

run: |

VERSION_NAME=$(grep VERSION version/version.properties | cut -d'=' -f2)

echo "version=$VERSION_NAME" >> $GITHUB_ENV

env:

GITHUB_ENV: $GITHUB_ENV

- name: Verify version

run: |

if [ -z "$VERSION_NAME" ]; then

- echo "Version name could not be extracted. Exiting." exit 1

+ echo "Version name could not be extracted. Exiting."

+ exit 1

else

echo "Version name is $VERSION_NAME"

fi

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 123-123: trailing spaces

(trailing-spaces)

[error] 130-130: trailing spaces

(trailing-spaces)

[error] 131-131: trailing spaces

(trailing-spaces)

[error] 132-132: trailing spaces

(trailing-spaces)

[error] 133-133: trailing spaces

(trailing-spaces)

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (4)

README.md (4)
114-136: Adjust Unordered List Indentation in Secrets Section

The list items under the Secrets header are indented with 4 spaces. To adhere to markdownlint guidelines (MD007), please reduce the indentation to 2 spaces for better consistency and readability.
@@
-    - `ENCODED_AES_KEY`
-    - `ENCODED_AES_IV`
-    - `GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION`
-    - `GOOGLE_SERVICES_JSON_XUSHRUKHA_PRODUCTION`
-    - `GOOGLE_SERVICES_JSON_GENERIC`
-    - `FIREBASE_CREDENTIALS_JSON_SAKSHAM_ASSAM`
-    - `FIREBASE_CREDENTIALS_JSON_UTPRERONA_NIRAMAY`
-    - `FIREBASE_CREDENTIALS_JSON_UTPRERONA_XUSHRUKHA`
-    - `GOOGLE_PLAY_JSON_KEY`
-    - `KEYSTORE_FILE`
-    - `KEYSTORE_PASSWORD`
-    - `KEY_ALIAS`
-    - `KEY_PASSWORD`
-    - `FIREBASE_APP_ID`
-    - `BASE_TMC_URL`
-    - `ABHA_CLIENT_ID`
-    - `ABHA_CLIENT_SECRET`
-    - `BASE_ABHA_URL`
-    - `ABHA_TOKEN_URL`
-    - `ABHA_AUTH_URL`
-    - `CHAT_URL`
+  - `ENCODED_AES_KEY`
+  - `ENCODED_AES_IV`
+  - `GOOGLE_SERVICES_JSON_NIRAMAY_PRODUCTION`
+  - `GOOGLE_SERVICES_JSON_XUSHRUKHA_PRODUCTION`
+  - `GOOGLE_SERVICES_JSON_GENERIC`
+  - `FIREBASE_CREDENTIALS_JSON_SAKSHAM_ASSAM`
+  - `FIREBASE_CREDENTIALS_JSON_UTPRERONA_NIRAMAY`
+  - `FIREBASE_CREDENTIALS_JSON_UTPRERONA_XUSHRUKHA`
+  - `GOOGLE_PLAY_JSON_KEY`
+  - `KEYSTORE_FILE`
+  - `KEYSTORE_PASSWORD`
+  - `KEY_ALIAS`
+  - `KEY_PASSWORD`
+  - `FIREBASE_APP_ID`
+  - `BASE_TMC_URL`
+  - `ABHA_CLIENT_ID`
+  - `ABHA_CLIENT_SECRET`
+  - `BASE_ABHA_URL`
+  - `ABHA_TOKEN_URL`
+  - `ABHA_AUTH_URL`
+  - `CHAT_URL`
🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

115-115: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

116-116: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

117-117: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

118-118: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

119-119: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

120-120: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

121-121: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

122-122: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

123-123: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

124-124: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

125-125: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

126-126: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

127-127: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

128-128: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

129-129: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

130-130: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

131-131: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

132-132: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

133-133: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

134-134: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

135-135: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

137-139: Fix List Indentation in Environment Variables Section

The Environment Variables section shows a list item indented with 4 spaces. For consistency with markdown guidelines, please reduce the indentation to 2 spaces.
@@
-    - `environment` (e.g., `NIRAMAY_PRODUCTION`, `XUSHRUKHA_PRODUCTION`, or other environments)
+  - `environment` (e.g., `NIRAMAY_PRODUCTION`, `XUSHRUKHA_PRODUCTION`, or other environments)
🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

138-138: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

140-143: Standardize Indentation in Build Configuration Section

The Build Configuration list items (for variant and build_type) are currently indented with 4 spaces. Reducing the indentation to 2 spaces will improve readability and ensure consistency across the document.
@@
-    - `variant` (e.g., `Saksham`, `Niramay`, `Xushrukha`)
-    - `build_type` (e.g., `debug`, `release`)
+  - `variant` (e.g., `Saksham`, `Niramay`, `Xushrukha`)
+  - `build_type` (e.g., `debug`, `release`)
🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

141-141: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

142-142: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

144-148: Correct List Indentation in Files Section

Similarly, the Files section contains list items with 4-space indents. Please update these to use 2 spaces, as per markdownlint recommendations, to maintain a uniform style throughout the document.
@@
-    - `google-services.json` for various environments
-    - `firebase_credentials.json` for different variants
-    - `google_play_service_account.json` for release builds
-    - `keystore.jks`
+  - `google-services.json` for various environments
+  - `firebase_credentials.json` for different variants
+  - `google_play_service_account.json` for release builds
+  - `keystore.jks`
🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

145-145: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

146-146: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

147-147: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

148-148: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4a1222b and 7045727.

📒 Files selected for processing (1)

README.md (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

README.md

115-115: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

116-116: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

117-117: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

118-118: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

119-119: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

120-120: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

121-121: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

122-122: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

123-123: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

124-124: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

125-125: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

126-126: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

127-127: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

128-128: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

129-129: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

130-130: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

131-131: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

132-132: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

133-133: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

134-134: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

135-135: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

138-138: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

141-141: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

142-142: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

145-145: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

146-146: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

147-147: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

148-148: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (5)

docs/CICDSetup.md (5)
9-24: Table of Contents – Markdown List Formatting
The Table of Contents is very detailed; however, several nested list items are indented with 4 spaces. According to markdownlint (MD007), a 2‑space indent is recommended for unordered list nesting. Additionally, some link fragment warnings (MD051) were reported; please verify that the link anchors (e.g., #cicd-pipeline-for-android-build-and-distribute) match the corresponding section headers exactly.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

12-12: Link fragments should be valid
null

(MD051, link-fragments)

13-13: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

14-14: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

15-15: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

16-16: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

16-16: Link fragments should be valid
null

(MD051, link-fragments)

17-17: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

18-18: Link fragments should be valid
null

(MD051, link-fragments)

19-19: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

20-20: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

20-20: Link fragments should be valid
null

(MD051, link-fragments)

21-21: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

21-21: Link fragments should be valid
null

(MD051, link-fragments)

22-22: Link fragments should be valid
null

(MD051, link-fragments)

34-50: CI/CD Pipeline Description and Punctuation
The CI/CD Pipeline section is thorough and provides clear insight into the automated processes for Android builds and distribution. One minor suggestion is to review the punctuation in the descriptive list items (e.g., around lines 46–48) to ensure consistency and clarity.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~46-~46: Loose punctuation mark.
Context: ...ry workflow files: 1. android.yml: Handles triggering events, setting up a...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~48-~48: Loose punctuation mark.
Context: ... workflow. 2. build-distribute.yml: Contains the detailed steps to build, s...

(UNLIKELY_OPENING_PUNCTUATION)

61-78: Matrix Configuration – List Indentation Consistency
The matrix configuration is detailed; however, the nested list items currently use 4 spaces. For consistency with markdown standards, consider converting these to a 2‑space indent. This enhancement would improve readability and help satisfy markdownlint requirements.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

67-67: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

68-68: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

70-70: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

71-71: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

73-73: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

74-74: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

76-76: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

77-77: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

149-181: Guidelines for Environments & GitHub Secrets – List Formatting and Consistency
The guidelines are thorough and very helpful. Similar to the earlier Table of Contents, the nested list items here are indented with 4 spaces. Adjusting them to a 2‑space indent could improve consistency per markdownlint (MD007) suggestions. Also, consider varying the phrasing slightly in similar instructions to maintain a fresh tone.

🧰 Tools

🪛 LanguageTool

[style] ~171-~171: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ... repository. - Click the secret you want to update and modify its value. 2. **Add ...

(REP_WANT_TO_VB)

197-201: Markdown Emphasis in build.gradle Documentation
In the sentence:

"This section explains key configurations in your build.gradle file, focusing on splits and externalNativeBuild*."
the emphasis on externalNativeBuild* is mismatched. For consistency, it should be corrected to use matching bold styling (i.e., externalNativeBuild). Consider applying the following change:
-This section explains key configurations in your `build.gradle` file, focusing on **splits** and *externalNativeBuild**.
+This section explains key configurations in your `build.gradle` file, focusing on **splits** and **externalNativeBuild**.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7045727 and 2c3360b.

📒 Files selected for processing (1)

docs/CICDSetup.md (1 hunks)

🧰 Additional context used

🪛 LanguageTool

docs/CICDSetup.md

[uncategorized] ~46-~46: Loose punctuation mark.
Context: ...ry workflow files: 1. android.yml: Handles triggering events, setting up a...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~48-~48: Loose punctuation mark.
Context: ... workflow. 2. build-distribute.yml: Contains the detailed steps to build, s...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~171-~171: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ... repository. - Click the secret you want to update and modify its value. 2. **Add ...

(REP_WANT_TO_VB)

🪛 markdownlint-cli2 (0.17.2)

docs/CICDSetup.md

12-12: Link fragments should be valid
null

(MD051, link-fragments)

13-13: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

14-14: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

15-15: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

16-16: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

16-16: Link fragments should be valid
null

(MD051, link-fragments)

17-17: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

18-18: Link fragments should be valid
null

(MD051, link-fragments)

19-19: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

20-20: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

20-20: Link fragments should be valid
null

(MD051, link-fragments)

21-21: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

21-21: Link fragments should be valid
null

(MD051, link-fragments)

22-22: Link fragments should be valid
null

(MD051, link-fragments)

67-67: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

68-68: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

70-70: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

71-71: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

73-73: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

74-74: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

76-76: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

77-77: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

85-85: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

86-86: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

87-87: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

🔇 Additional comments (8)

docs/CICDSetup.md (8)

1-7: Introduction and Project Overview
The title and introductory paragraph clearly set the context and purpose of the FLW Mobile App. The messaging is engaging and appropriate for the target audience.

26-31: Overview Section Clarity
The Overview section is concise and effectively communicates the app’s mission. No issues were found here.

53-60: Workflow (android.yml) Triggering Events
The description of the triggering events for android.yml is clear and well-documented.

79-89: Job Details Clarity
The “Job Details” section effectively outlines inputs and configurations such as job name, matrix, and secrets. The content is well organized.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

85-85: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

86-86: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

87-87: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

92-96: Workflow (build-distribute.yml) Overview
The explanation for the build-distribute.yml workflow is clear and succinct.

97-146: Steps Overview – Comprehensive Build Steps
This section provides a comprehensive step-by-step outline of the build and distribution process. It is very detailed and gives clear instructions for environment setup, key generation, artifact upload, etc. Consider verifying that all referenced tool versions remain current, but overall it is well-documented.

184-194: Example Usage Section
The instructions for manually triggering the workflow are straightforward and clear. This section serves its purpose well.

207-215: ⚠️ Potential issue

Gradle Code Block – Extra Closing Brace
The Gradle code snippet provided for the splits configuration appears to include an extra closing curly brace on the last line. Removing the redundant brace will ensure that the code snippet accurately reflects valid Gradle syntax. Please remove the extra } on line 215. For example:
-}
Likely invalid or redundant comment.

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (9)

docs/CICDSetup.md (9)

7-16: Table of Contents Organization
The Table of Contents is well-organized and provides clear navigation through the document. To preempt markdown lint warnings (e.g., MD051), verify that all link fragments (anchors) are valid.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

10-10: Link fragments should be valid
null

(MD051, link-fragments)

14-14: Link fragments should be valid
null

(MD051, link-fragments)

39-45: Workflows Overview List Items
The numbered list clearly distinguishes the two primary workflows. However, there are minor punctuation issues (as flagged by static analysis regarding “loose punctuation”). A quick review to tighten punctuation around the list items may enhance clarity.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~43-~43: Loose punctuation mark.
Context: ...ry workflow files: 1. android.yml: Handles triggering events, setting up a...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~44-~44: Loose punctuation mark.
Context: ... workflow. 2. build-distribute.yml: Contains the detailed steps to build, s...

(UNLIKELY_OPENING_PUNCTUATION)

84-94: Workflow: build-distribute.yml Introduction
This section introduces the build-and-distribute workflow and outlines its triggering mechanism (via workflow_call). Consider adding a brief note on how this workflow interacts with the android.yml file to further aid readers new to the setup.

95-131: Detailed Build and Distribution Steps
The step-by-step breakdown of the build and distribution process is comprehensive. For enhanced readability, you might consider numbering sub-steps or adding brief sub-headings for each major action (e.g., setting up JDK, decoding configuration files, uploading artifacts).

140-171: Guidelines for Environments & GitHub Secrets
The instructions for updating, adding, or deleting environments and secrets are clear and user-friendly. One minor suggestion: the phrasing used at line 161 ("Click the secret you want to update and modify its value.") is very similar to nearby instructions. Varying the wording slightly could improve the readability of the guidelines.
[style]

🧰 Tools

🪛 LanguageTool

[style] ~161-~161: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ... repository. - Click the secret you want to update and modify its value. 2. **Add ...

(REP_WANT_TO_VB)

200-221: Splits Configuration and Bullet List Formatting
The code block for the splits configuration is informative. In the accompanying bullet list, consider tightening punctuation and streamlining the descriptions. For example, the explanation for universalApk true could be rephrased more concisely (e.g., "Generates a universal APK, which includes all specified ABIs, though at a larger size than individual splits.").

🧰 Tools

🪛 LanguageTool

[uncategorized] ~213-~213: Loose punctuation mark.
Context: ...ed ABIs. } } ``` - enable true: Enables ABI splits, allowing the build ...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~214-~214: Loose punctuation mark.
Context: ...s for each architecture. - reset(): Resets any previous ABI configurations,...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~215-~215: Loose punctuation mark.
Context: ...bi-v7a', 'arm64-v8a', 'x86', 'x86_64'`**: Specifies the ABIs for which APKs shoul...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~220-~220: This wording could be more concise.
Context: ...s APK can run on any device but will be larger in size compared to the individual ABI-specific...

(ADJECTIVE_IN_ATTRIBUTE)

222-238: External Native Build Configuration Documentation
The external native build section, along with its code snippet, is well-documented. Address the minor issues noted by static analysis—specifically, review the punctuation (e.g., around line 236) and ensure the subject-verb agreement reads clearly (e.g., “which contains the configuration and build instructions” rather than a potential mismatch).

🧰 Tools

🪛 LanguageTool

[uncategorized] ~235-~235: Loose punctuation mark.
Context: ...rsion "27.2.12479018" ``` - cmake: Specifies that CMake is used for the na...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~236-~236: Loose punctuation mark.
Context: ...h file("src/main/cpp/CMakeLists.txt")`**: Sets the path to the CMakeLists.txt fil...

(UNLIKELY_OPENING_PUNCTUATION)

[grammar] ~236-~236: Possible subject-verb agreement error.
Context: ...e, which contains the configuration and build instructions for the native code. - **`...

(IS_AND_ARE)

[uncategorized] ~237-~237: Loose punctuation mark.
Context: ...code. - ndkVersion "27.2.12479018": Specifies the version of the Android ND...

(UNLIKELY_OPENING_PUNCTUATION)

239-247: Additional Build Configuration Information
The section detailing additional information (namespace, compileSdk, defaultConfig, etc.) is very helpful. However, the bullet list displays several successive items that start similarly. Rephrasing one or two items (for example, rewording the dataBinding and viewBinding line) can help avoid repetitiveness and improve clarity.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~241-~241: Loose punctuation mark.
Context: ...dditional Information - namespace: Defines the package namespace for the a...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~242-~242: Loose punctuation mark.
Context: ...r the application. - compileSdk 34: Specifies the SDK version used to compi...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~243-~243: Loose punctuation mark.
Context: ...e the application. - defaultConfig: Contains default settings for the appli...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~244-~244: Loose punctuation mark.
Context: ...de, and version name. - buildTypes: Defines different build types, such as ...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~247-~247: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...compilation settings. - dataBinding and viewBinding: Enable data binding an...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

284-293: Firebase App Distribution Configurations and Formatting
The final section detailing Firebase App Distribution configurations is practical and well-explained. Note that there appear to be hard tabs in the content (as indicated around lines 287, 288, 291, and 292). Replacing these with spaces would help maintain consistency and adhere to Markdown style guidelines.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

287-287: Hard tabs
Column: 2

(MD010, no-hard-tabs)

288-288: Hard tabs
Column: 2

(MD010, no-hard-tabs)

291-291: Hard tabs
Column: 2

(MD010, no-hard-tabs)

292-292: Hard tabs
Column: 2

(MD010, no-hard-tabs)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2c3360b and 046d481.

📒 Files selected for processing (1)

docs/CICDSetup.md (1 hunks)

🧰 Additional context used

🪛 LanguageTool

docs/CICDSetup.md

[uncategorized] ~43-~43: Loose punctuation mark.
Context: ...ry workflow files: 1. android.yml: Handles triggering events, setting up a...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~44-~44: Loose punctuation mark.
Context: ... workflow. 2. build-distribute.yml: Contains the detailed steps to build, s...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~161-~161: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ... repository. - Click the secret you want to update and modify its value. 2. **Add ...

(REP_WANT_TO_VB)

[uncategorized] ~213-~213: Loose punctuation mark.
Context: ...ed ABIs. } } ``` - enable true: Enables ABI splits, allowing the build ...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~214-~214: Loose punctuation mark.
Context: ...s for each architecture. - reset(): Resets any previous ABI configurations,...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~215-~215: Loose punctuation mark.
Context: ...bi-v7a', 'arm64-v8a', 'x86', 'x86_64'`**: Specifies the ABIs for which APKs shoul...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~220-~220: This wording could be more concise.
Context: ...s APK can run on any device but will be larger in size compared to the individual ABI-specific...

(ADJECTIVE_IN_ATTRIBUTE)

[uncategorized] ~235-~235: Loose punctuation mark.
Context: ...rsion "27.2.12479018" ``` - cmake: Specifies that CMake is used for the na...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~236-~236: Loose punctuation mark.
Context: ...h file("src/main/cpp/CMakeLists.txt")`**: Sets the path to the CMakeLists.txt fil...

(UNLIKELY_OPENING_PUNCTUATION)

[grammar] ~236-~236: Possible subject-verb agreement error.
Context: ...e, which contains the configuration and build instructions for the native code. - **`...

(IS_AND_ARE)

[uncategorized] ~237-~237: Loose punctuation mark.
Context: ...code. - ndkVersion "27.2.12479018": Specifies the version of the Android ND...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~241-~241: Loose punctuation mark.
Context: ...dditional Information - namespace: Defines the package namespace for the a...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~242-~242: Loose punctuation mark.
Context: ...r the application. - compileSdk 34: Specifies the SDK version used to compi...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~243-~243: Loose punctuation mark.
Context: ...e the application. - defaultConfig: Contains default settings for the appli...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~244-~244: Loose punctuation mark.
Context: ...de, and version name. - buildTypes: Defines different build types, such as ...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~247-~247: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...compilation settings. - dataBinding and viewBinding: Enable data binding an...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

🪛 markdownlint-cli2 (0.17.2)

docs/CICDSetup.md

10-10: Link fragments should be valid
null

(MD051, link-fragments)

14-14: Link fragments should be valid
null

(MD051, link-fragments)

18-18: Link fragments should be valid
null

(MD051, link-fragments)

19-19: Link fragments should be valid
null

(MD051, link-fragments)

287-287: Hard tabs
Column: 2

(MD010, no-hard-tabs)

288-288: Hard tabs
Column: 2

(MD010, no-hard-tabs)

291-291: Hard tabs
Column: 2

(MD010, no-hard-tabs)

292-292: Hard tabs
Column: 2

(MD010, no-hard-tabs)

🔇 Additional comments (10)

docs/CICDSetup.md (10)

1-4: Introductory Section Clarity
The header and opening paragraph clearly introduce the CI-CD setup and its purpose. The use of an emoji in the title adds a nice touch.

5-6: Horizontal Rule Usage
The use of horizontal rules (---) appropriately separates sections for better readability.

22-29: Overview Section and Anchors
The inclusion of an anchor (<a id="overview"></a>) with the “## Overview” header is helpful for in-document navigation. Ensure that the links in your Table of Contents come up correctly when clicked.

31-38: CI/CD Pipeline Introduction
This section succinctly explains how the pipeline automates the app lifecycle using GitHub Actions. The language is clear and sets the stage for the more detailed sections to follow.

48-53: Workflow: android.yml Section
The “Workflow: android.yml” segment clearly outlines the triggering events (manual runs, push events, and pull requests). The information is presented in an easy-to-follow list.

56-72: Matrix Configuration Details
The matrix configuration section effectively details each environment with its corresponding variant and build type. This granular breakdown is very informative for understanding how different builds are handled.

73-83: Job Details Clarity
The “Job Details” block succinctly explains the job name, strategy matrix, and input parameters. Inheriting repository secrets is clearly stated, which is important for security.

174-183: Example Usage Instructions
The “Example Usage” section provides clear, step-by-step guidance on how to manually trigger the workflow. This practical advice will be valuable for users unfamiliar with GitHub Actions.

186-199: Android build.gradle File Documentation – Overview and Key Sections
This section nicely introduces the purpose of the build.gradle file and outlines its key components. The clear explanations set up the reader for the more detailed technical sections that follow.

249-283: Guidelines for Changing the Version
The step-by-step instructions on how to change the app version, along with the accompanying versioning.gradle snippet, are clear and concise. This section effectively guides developers through the version update process.

coderabbitai

Actionable comments posted: 10

🧹 Nitpick comments (16)

SecureConfigWithNativeCode.md (10)

21-25: Using Namespace Declaration.
The use of using namespace std; is acceptable within this implementation file; however, consider limiting its scope (e.g., enclosing it within a function or namespace) to mitigate potential name clashes in larger codebases.

60-68: Logging in baseTMCUrl.
While the base TMC URL may not be as sensitive as credentials, it is still good practice to evaluate whether such logging is necessary in release builds.

70-78: Logging in baseAbhaUrl.
The function logs the Base ABHA URL. Ensure that this information is non-sensitive or that its logging is disabled in production to align with security best practices.

80-88: Logging in abhaTokenUrl.
Review whether logging the ABHA Token URL is necessary. If it could be used to reconstruct sensitive API endpoints, consider limiting this logging to debugging sessions only.

90-98: Logging in abhaAuthUrl.
As with similar functions, logging the authentication URL should be reconsidered. It might be safer to remove such logging from production-level builds.

100-108: Logging in chatUrl.
Ensure that logging the chat URL does not inadvertently expose sensitive endpoint data. If these logs are not essential for user support or debugging, they should be disabled in production.

129-139: Fetching Environment Variables.
The CMake snippet correctly fetches sensitive environment variables. It may be beneficial to document the expected behavior if any of these variables are missing or to consider default values to improve build robustness.

141-153: Passing Values to the Compiler.
The use of add_definitions to pass environment variables to the compiler is standard; however, using target_compile_definitions might provide better scope control and modern CMake practices.

182-209: Guidelines for Adding New Environment Variables.
This section provides a clear, step-by-step guide on how to add and use new environment variables within the native code build configuration. Including example snippets increases clarity.

212-232: Secure Configuration with KeyUtils.kt.
The documentation clearly explains how the native library is loaded within the KeyUtils.kt Kotlin file and details robust error handling. The inclusion of Timber logging aids debugging; however, similar to the native code logging, ensure logging of sensitive values is gated by appropriate build flags.

docs/SecureConfigNativeCode.md (6)

16-19: Macro Definition: LOG_TAG Setup
The macro LOG_TAG is defined suitably for logging purposes. Consider verifying that this tag does not inadvertently expose sensitive context in production logs.

21-24: Namespace Usage: Consider Scoped Namespace Usage
Using using namespace std; is common in many native applications. For larger projects or libraries, consider using explicit namespace prefixes to avoid potential pollution.

50-58: Review Logging in abhaClientID Function
Logging the abhaClientID may be less risky compared to secrets; however, it is worth reviewing whether this log is necessary outside of development. Removing or conditionally enabling it can help reduce the risk of exposure.

60-68: Logging of URL in baseTMCUrl Function
While logging URLs can be useful for debugging, confirm that the logged URL does not inadvertently reveal internal endpoints that should remain private in production environments.

70-78: Logging of URL in baseAbhaUrl Function
The function logs the base ABHA URL. Ensure that this information is safe to output in logs and consider applying conditional logging based on the build type.

100-108: Logging of chatUrl Function
The chatUrl is logged for debugging purposes. Verify that logging this URL does not compromise any sensitive configuration details, and consider gating it behind a debug flag if needed.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 046d481 and 82a3edd.

📒 Files selected for processing (2)

SecureConfigWithNativeCode.md (1 hunks)
docs/SecureConfigNativeCode.md (1 hunks)

🔇 Additional comments (26)

SecureConfigWithNativeCode.md (16)

1-2: Title and Introduction are Well-Defined.
The title ("Secure Configuration with Native Code 🚀") immediately communicates the document’s purpose and uses engaging emojis for clarity.

3-4: Clear Introductory Explanation.
The opening paragraphs effectively outline the scope of the documentation, specifying the files covered and the security focus.

5-7: Native Library Section Heading is Clear.
The section titled "### 🛠️ Native Library (native-lib.cpp)" clearly indicates the start of the native code documentation.

9-14: Included Headers Snippet is Correct.
The C++ code snippet listing the headers (jni.h, string, and android/log.h) is concise and complete.

16-20: Macros Section is Well-Defined.
The macro definition for LOG_TAG is straightforward, making the logging consistent throughout the native code.

26-26: JNI Functions Section Heading is Appropriate.
The "### JNI Functions 🔧" heading is clear and signals the start of the native API documentation.

113-114: Section Separator is Clear.
The horizontal rule effectively separates content sections for better readability.

115-123: CMake Configuration Section is Well-Structured.
The introduction to the CMake configuration is informative and outlines the steps taken, which helps set expectations for the following code blocks.

121-123: Minimum CMake Version Configuration.
Setting cmake_minimum_required(VERSION 3.11) is clear and appropriate for the project.

124-128: Project Definition is Clear.
The project is defined using project(Sakhi LANGUAGES CXX), which is concise and suitable for C++ projects.

155-159: Library Name Definition is Clear.
The declaration of LIBRARY_NAME is straightforward and clearly sets up the library naming convention.

160-168: Adding the Shared Library Source File.
The target for the shared library is defined correctly using add_library, making the inclusion of native-lib.cpp clear.

169-173: Finding the Log Library.
The snippet using find_library(log-lib log) appropriately locates the required logging library for Android.

174-181: Linking Libraries is Set Up Correctly.
The target_link_libraries call is correctly used to link the shared library with the log library.

236-248: Declaration of Native Methods in KeyUtils.kt.
The list of external function declarations is concise and matches the native implementations. This clear mapping aids in maintainability and comprehension.

250-277: Guidelines for Adding New Native Methods.
The final section provides detailed and well-structured guidelines for incorporating new native methods. It covers the definition in Kotlin, implementation in C++, and necessary updates in CMake, making it a valuable resource for developers.

docs/SecureConfigNativeCode.md (10)

1-4: Clear Introduction: Comprehensive Overview Provided
The introduction effectively outlines the purpose of the documentation and summarizes the integration of native code for secure configuration management.

9-14: Standard Header Inclusions: All Required Libraries Referenced
The code block listing the C++ headers is complete and uses the standard libraries required for JNI and logging.

115-154: CMake Configuration: Robust Setup for Sensitive Variables
The CMake configuration is thorough. It correctly fetches environment variables and passes them to the compiler via definitions. The accompanying guidelines are clear and informative.

155-158: Library Name Definition: Correct and Clear
The library name is defined cleanly, and no issues were found in this section.

160-168: Shared Library Configuration: Proper Inclusion of Source Files
The instructions for adding the shared library are precise and correctly include the native source file.

169-172: Log Library Discovery: Correct Usage
The configuration for locating the log library with CMake appears to be correctly implemented.

174-180: Link Libraries: Proper Linking of Dependencies
The instructions to link the shared library with the log library are well-formulated and correct.

182-209: Guidelines for Adding New Environment Variables: Clear Instructions
The detailed step-by-step instructions for integrating new environment variables are very clear and provide a robust framework for secure configuration.

236-248: Native Method Declarations in KeyUtils
The external function declarations for native methods in KeyUtils are correctly defined and mapped to their native implementations. This section is clear and concise.

250-277: Adding New Native Methods: Comprehensive Guide
The guidelines provided for adding new native methods—including code examples and necessary steps for updating CMake and environment variables—are comprehensive and well-structured.

coderabbitai · 2025-02-03T06:11:59Z

SecureConfigWithNativeCode.md

+#### `encryptedPassKey` 🔑
+```c++
+extern "C" JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) {
+    std::string encryptedPassKey = ENCRYPTED_PASS_KEY;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Encrypted Password Key: %s",
+                        encryptedPassKey.c_str());
+    return env->NewStringUTF(encryptedPassKey.c_str());
+}
+```


🛠️ Refactor suggestion

⚠️ Potential issue

Sensitive Data Logging in encryptedPassKey.
This JNI function logs the encrypted password key using __android_log_print. Logging sensitive keys—even for debugging—can risk leaking confidential information in production. Consider removing or conditionally compiling these logs (e.g., wrapping them in a debug flag).

coderabbitai · 2025-02-03T06:11:59Z

SecureConfigWithNativeCode.md

+#### `abhaClientSecret` 🕵️‍♂️
+```c++
+extern "C" JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaClientSecret(JNIEnv *env, jobject thiz) {
+    std::string abhaClientSecret = ABHA_CLIENT_SECRET;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Client Secret: %s",
+                        abhaClientSecret.c_str());
+    return env->NewStringUTF(abhaClientSecret.c_str());
+}
+```


🛠️ Refactor suggestion

⚠️ Potential issue

Sensitive Data Logging in abhaClientSecret.
Logging the ABHA client secret poses a significant security risk. It is recommended to remove this debug log or restrict its usage exclusively to non-production builds.

coderabbitai · 2025-02-03T06:11:59Z

SecureConfigWithNativeCode.md

+#### `abhaClientID` 🆔
+```c++
+extern "C" JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaClientID(JNIEnv *env, jobject thiz) {
+    std::string abhaClientID = ABHA_CLIENT_ID;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Client ID: %s", abhaClientID.c_str());
+    return env->NewStringUTF(abhaClientID.c_str());
+}
+```


🛠️ Refactor suggestion

⚠️ Potential issue

Sensitive Data Logging in abhaClientID.
The logging of the ABHA client ID should be carefully reviewed. As with other sensitive data, consider disabling or conditionally compiling these logs to prevent accidental exposure in production environments.

coderabbitai · 2025-02-03T06:11:59Z

SecureConfigWithNativeCode.md

+### Logging 📝
+Each JNI function logs its respective key or URL using the `__android_log_print` function, which helps in debugging and ensures that the correct values are being accessed.
+


🛠️ Refactor suggestion

⚠️ Potential issue

Logging Strategy Caution.
While logging in each JNI function aids debugging, logging sensitive configuration details in production could create security vulnerabilities. Consider implementing conditional logging (e.g., based on build type or a debug flag) to safeguard sensitive data.

coderabbitai · 2025-02-03T06:11:59Z

docs/SecureConfigNativeCode.md

+#### `encryptedPassKey` 🔑
+```c++
+extern "C" JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_encryptedPassKey(JNIEnv *env, jobject thiz) {
+    std::string encryptedPassKey = ENCRYPTED_PASS_KEY;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Encrypted Password Key: %s",
+                        encryptedPassKey.c_str());
+    return env->NewStringUTF(encryptedPassKey.c_str());
+}


⚠️ Potential issue

Sensitive Data Exposure: encryptedPassKey Function
The encryptedPassKey function logs the sensitive encryptedPassKey value with __android_log_print. Logging such sensitive information can lead to data exposure if the logs are accessible in production.
Consider conditionally compiling this log (e.g., only for debug builds) or removing it entirely in production releases.

coderabbitai · 2025-02-03T06:11:59Z

docs/SecureConfigNativeCode.md

+#### `abhaClientSecret` 🕵️‍♂️
+```c++
+extern "C" JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaClientSecret(JNIEnv *env, jobject thiz) {
+    std::string abhaClientSecret = ABHA_CLIENT_SECRET;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Client Secret: %s",
+                        abhaClientSecret.c_str());
+    return env->NewStringUTF(abhaClientSecret.c_str());
+}


⚠️ Potential issue

Sensitive Data Exposure: abhaClientSecret Function
This function logs the abhaClientSecret value. Since this is a highly sensitive piece of information, it is advisable to ensure that this logging is disabled or guarded by a debug flag in production environments.

coderabbitai · 2025-02-03T06:11:59Z

docs/SecureConfigNativeCode.md

+#### `abhaTokenUrl` 🔒
+```c++
+extern "C" JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaTokenUrl(JNIEnv *env, jobject thiz) {
+    std::string abhaTokenUrl = ABHA_TOKEN_URL;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Token URL: %s", abhaTokenUrl.c_str());
+    return env->NewStringUTF(abhaTokenUrl.c_str());
+}
+```


⚠️ Potential issue

Logging of Sensitive Token URL in abhaTokenUrl Function
Logging the token URL poses a risk if exposed in production logs. It is recommended to either remove this logging or restrict it to debug builds only.

coderabbitai · 2025-02-03T06:11:59Z

docs/SecureConfigNativeCode.md

+#### `abhaAuthUrl` 🔐
+```c++
+extern "C" JNIEXPORT jstring JNICALL
+Java_org_piramalswasthya_sakhi_utils_KeyUtils_abhaAuthUrl(JNIEnv *env, jobject thiz) {
+    std::string abhaAuthUrl = ABHA_AUTH_URL;
+    __android_log_print(ANDROID_LOG_INFO, LOG_TAG, "ABHA Auth URL: %s", abhaAuthUrl.c_str());
+    return env->NewStringUTF(abhaAuthUrl.c_str());
+}
+```


⚠️ Potential issue

Sensitive Data Exposure: abhaAuthUrl Function
Similar to other JNI functions, abhaAuthUrl logs sensitive endpoint information. Safeguard against accidental exposure by conditionally enabling such logs or removing them altogether for production.

coderabbitai · 2025-02-03T06:11:59Z

docs/SecureConfigNativeCode.md

+### Logging 📝
+Each JNI function logs its respective key or URL using the `__android_log_print` function, which helps in debugging and ensures that the correct values are being accessed.
+


⚠️ Potential issue

Centralized Logging Strategy: Sensitive Data Handling
The documentation notes that each JNI function logs its respective key or URL. It is important to implement a centralized, conditional logging strategy (for example, enabling these logs only in debug builds) to ensure that sensitive data is not exposed in production environments.

coderabbitai · 2025-02-03T06:11:59Z

docs/SecureConfigNativeCode.md

+```kotlin
+private const val NATIVE_JNI_LIB_NAME = "sakhi"
+
+init {
+    try {
+        System.loadLibrary(NATIVE_JNI_LIB_NAME)
+        Timber.tag("KeyUtils").d(encryptedPassKey())
+        Timber.tag("KeyUtils").d(abhaClientSecret())
+        Timber.tag("KeyUtils").d(abhaClientID())
+    } catch (e: UnsatisfiedLinkError) {
+        Timber.tag("KeyUtils").e(e, "Failed to load native library")
+        throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME")
+    }
+}


⚠️ Potential issue

Sensitive Logging in KeyUtils Initialization
In the KeyUtils initialization block, the native library is loaded and several sensitive configuration values are logged using Timber. Logging these values—even for verification—can expose sensitive information in production.
Consider removing these logs or enabling them only when running debug builds.

sonarqubecloud · 2025-02-04T16:12:14Z

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (7)

docs/CICDSetup.md (7)
24-27: Overview Section – Minor Language Refinements

The Overview (lines 24–27) explains the purpose of the FLW Mobile App effectively. A couple of minor improvements are suggested:

Consider revising the phrase “We named it as SAKHI…” to “We named it SAKHI…”, thereby removing the unnecessary “as.”

Check the usage of the apostrophe in “ASHAs’” to ensure it reflects the intended plural form (typically “ASHAs” without an apostrophe).

A possible diff to address the first point:
-We named it as SAKHI for Bihar State and Utprerona for Assam State.
+We named it SAKHI for Bihar State and Utprerona for Assam State.
🧰 Tools

🪛 LanguageTool

[grammar] ~27-~27: Consider skipping the word “as” here.
Context: ...increased ease and accuracy of data. We named it as SAKHI for Bihar State and Utprerona for Assam...

(NAMED_IT_AS)

29-38: CI/CD Pipeline Introduction is Informative

The section starting at line 29 clearly introduces the CI/CD pipeline and lists the key workflow configuration files. The descriptions are concise and informative.

Nitpick: In the list items (lines 33–34), check that the punctuation is consistent; any minor loose punctuation marks can be tightened for uniformity.

41-47: Workflow: android.yml Section Clarity

The “Workflow: android.yml” section (lines 41–47) correctly outlines the triggering events such as manual runs, push events, and pull request events. The overall structure is clear.

Suggestion: You might consider providing a brief example or rationale for choosing these triggers for further context.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~43-~43: Loose punctuation mark.
Context: ...ry workflow files: 1. android.yml: Handles triggering events, setting up a...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~44-~44: Loose punctuation mark.
Context: ... workflow. 2. build-distribute.yml: Contains the detailed steps to build, s...

(UNLIKELY_OPENING_PUNCTUATION)

126-154: Guidelines for Environments & GitHub Secrets Provide Clear Instruction

The instructions for updating, adding, and deleting environments and secrets (lines 126–154) are detailed and user-friendly.

Nitpick: The phrasing in similar bullet items (e.g., “Click the secret you want to update and modify its value”) has been flagged by static analysis for repetition. Consider varying the wording slightly to improve the style.

157-163: Example Usage Section is Straightforward

The Example Usage section (lines 157–163) concisely explains how to manually trigger the workflow via the Actions tab. Consider adding a reference or screenshot if feasible for extra clarity.

🧰 Tools

🪛 LanguageTool

[style] ~161-~161: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ... repository. - Click the secret you want to update and modify its value. 2. **Add ...

(REP_WANT_TO_VB)

167-250: Android build.gradle File Documentation is Thorough and Informative

The documentation for the Android build.gradle file (lines 167–250) covers key aspects such as APK splits, native build configurations, version management, and other build settings. This section is both comprehensive and well-organized.

Observation: Minor punctuation issues (as flagged in static analysis) in some descriptive bullets can be polished for consistency. However, these do not impact the clarity of technical content.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~213-~213: Loose punctuation mark.
Context: ...ed ABIs. } } ``` - enable true: Enables ABI splits, allowing the build ...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~214-~214: Loose punctuation mark.
Context: ...s for each architecture. - reset(): Resets any previous ABI configurations,...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~215-~215: Loose punctuation mark.
Context: ...bi-v7a', 'arm64-v8a', 'x86', 'x86_64'`**: Specifies the ABIs for which APKs shoul...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~220-~220: This wording could be more concise.
Context: ...s APK can run on any device but will be larger in size compared to the individual ABI-specific...

(ADJECTIVE_IN_ATTRIBUTE)

[uncategorized] ~235-~235: Loose punctuation mark.
Context: ...rsion "27.2.12479018" ``` - cmake: Specifies that CMake is used for the na...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~236-~236: Loose punctuation mark.
Context: ...h file("src/main/cpp/CMakeLists.txt")`**: Sets the path to the CMakeLists.txt fil...

(UNLIKELY_OPENING_PUNCTUATION)

[grammar] ~236-~236: Possible subject-verb agreement error.
Context: ...e, which contains the configuration and build instructions for the native code. - **`...

(IS_AND_ARE)

[uncategorized] ~237-~237: Loose punctuation mark.
Context: ...code. - ndkVersion "27.2.12479018": Specifies the version of the Android ND...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~241-~241: Loose punctuation mark.
Context: ...dditional Information - namespace: Defines the package namespace for the a...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~242-~242: Loose punctuation mark.
Context: ...r the application. - compileSdk 34: Specifies the SDK version used to compi...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~243-~243: Loose punctuation mark.
Context: ...e the application. - defaultConfig: Contains default settings for the appli...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~244-~244: Loose punctuation mark.
Context: ...de, and version name. - buildTypes: Defines different build types, such as ...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~247-~247: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...compilation settings. - dataBinding and viewBinding: Enable data binding an...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

251-258: Firebase App Distribution Configurations – Formatting and Consistency Suggestions

The final section (lines 251–258) outlines the groups and release notes for Firebase App Distribution clearly.

Refactor Suggestion: Replace hard tabs with spaces to adhere to markdown linting guidelines. For example, adjust lines with hard tabs:
-	-	Purpose: Defines the groups of testers for Firebase App Distribution. Groups should be comma-separated (e.g., `group-1, group-2`).
-	-	Content: `trusted-testers`: A group named "trusted-testers" that is used to manage testers who are trusted to receive app distributions.
-	release_notes.txt
-	-	Purpose: Contains the release notes for the app distribution.
-	-	Content:  For example, `In this version, we improved the user experience and fixed some bugs.`: A brief note describing improvements and bug fixes in the current version.
+- Purpose: Defines the groups of testers for Firebase App Distribution. Groups should be comma-separated (e.g., `group-1, group-2`).
+- Content: `trusted-testers`: A group named "trusted-testers" that is used to manage testers who are trusted to receive app distributions.
+release_notes.txt
+- Purpose: Contains the release notes for the app distribution.
+- Content: For example, `In this version, we improved the user experience and fixed some bugs.` — a brief note describing improvements and bug fixes in the current version.
This will improve consistency and readability.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 82a3edd and e6e70ec.

📒 Files selected for processing (1)

docs/CICDSetup.md (1 hunks)

🧰 Additional context used

🪛 LanguageTool

docs/CICDSetup.md

[grammar] ~27-~27: Consider skipping the word “as” here.
Context: ...increased ease and accuracy of data. We named it as SAKHI for Bihar State and Utprerona for Assam...

(NAMED_IT_AS)

[uncategorized] ~43-~43: Loose punctuation mark.
Context: ...ry workflow files: 1. android.yml: Handles triggering events, setting up a...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~44-~44: Loose punctuation mark.
Context: ... workflow. 2. build-distribute.yml: Contains the detailed steps to build, s...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~161-~161: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ... repository. - Click the secret you want to update and modify its value. 2. **Add ...

(REP_WANT_TO_VB)

[uncategorized] ~213-~213: Loose punctuation mark.
Context: ...ed ABIs. } } ``` - enable true: Enables ABI splits, allowing the build ...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~214-~214: Loose punctuation mark.
Context: ...s for each architecture. - reset(): Resets any previous ABI configurations,...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~215-~215: Loose punctuation mark.
Context: ...bi-v7a', 'arm64-v8a', 'x86', 'x86_64'`**: Specifies the ABIs for which APKs shoul...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~220-~220: This wording could be more concise.
Context: ...s APK can run on any device but will be larger in size compared to the individual ABI-specific...

(ADJECTIVE_IN_ATTRIBUTE)

[uncategorized] ~235-~235: Loose punctuation mark.
Context: ...rsion "27.2.12479018" ``` - cmake: Specifies that CMake is used for the na...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~236-~236: Loose punctuation mark.
Context: ...h file("src/main/cpp/CMakeLists.txt")`**: Sets the path to the CMakeLists.txt fil...

(UNLIKELY_OPENING_PUNCTUATION)

[grammar] ~236-~236: Possible subject-verb agreement error.
Context: ...e, which contains the configuration and build instructions for the native code. - **`...

(IS_AND_ARE)

[uncategorized] ~237-~237: Loose punctuation mark.
Context: ...code. - ndkVersion "27.2.12479018": Specifies the version of the Android ND...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~241-~241: Loose punctuation mark.
Context: ...dditional Information - namespace: Defines the package namespace for the a...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~242-~242: Loose punctuation mark.
Context: ...r the application. - compileSdk 34: Specifies the SDK version used to compi...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~243-~243: Loose punctuation mark.
Context: ...e the application. - defaultConfig: Contains default settings for the appli...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~244-~244: Loose punctuation mark.
Context: ...de, and version name. - buildTypes: Defines different build types, such as ...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~247-~247: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...compilation settings. - dataBinding and viewBinding: Enable data binding an...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

🪛 markdownlint-cli2 (0.17.2)

docs/CICDSetup.md

10-10: Link fragments should be valid
null

(MD051, link-fragments)

14-14: Link fragments should be valid
null

(MD051, link-fragments)

18-18: Link fragments should be valid
null

(MD051, link-fragments)

19-19: Link fragments should be valid
null

(MD051, link-fragments)

287-287: Hard tabs
Column: 2

(MD010, no-hard-tabs)

288-288: Hard tabs
Column: 2

(MD010, no-hard-tabs)

291-291: Hard tabs
Column: 2

(MD010, no-hard-tabs)

292-292: Hard tabs
Column: 2

(MD010, no-hard-tabs)

🔇 Additional comments (4)

docs/CICDSetup.md (4)

1-5: Header and Introduction are Clear and Engaging

The title and introductory lines (lines 1–5) set an energetic tone with the "🚀" emoji, which is appropriate for a CI-CD setup document. The header is brief and direct, establishing context for the reader.

7-21: Well-Structured Table of Contents

The Table of Contents (lines 7–21) is comprehensive and neatly organized. It provides clear anchor links to each major section. Please verify that all link fragments (anchor IDs) resolve correctly in the rendered document.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

10-10: Link fragments should be valid
null

(MD051, link-fragments)

14-14: Link fragments should be valid
null

(MD051, link-fragments)

18-18: Link fragments should be valid
null

(MD051, link-fragments)

19-19: Link fragments should be valid
null

(MD051, link-fragments)

47-70: Matrix Configuration and Job Details Are Well Documented

The Matrix Configuration and Job Details (approximately lines 47–70) offer a thorough breakdown of environment-specific settings. The step-by-step description of the configurations and inputs is easy to follow.

Verification Required: Please ensure that the environment names (e.g., SAKSHAM_STAG, NIRAMAY_PRODUCTION) and configuration parameters exactly match those in the corresponding workflow YAML files.

74-124: Comprehensive Explanation of build-distribute.yml Workflow

The “Workflow: build-distribute.yml” section (lines 74–124) lays out the sequential steps—from checking out the code to pushing release artifacts—very clearly. Each step is explained in a logical order.

Suggestion: It might be beneficial to include a short note on how errors are handled during each step or link to additional documentation if error-handling is complex.

coderabbitai bot reviewed Dec 20, 2024

View reviewed changes

drtechie reviewed Dec 30, 2024

View reviewed changes

secrets.properties Outdated

Copy link

Member

drtechie Dec 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this file needed?
cc: @NikhilFegade

coderabbitai bot reviewed Dec 31, 2024

View reviewed changes

coderabbitai bot reviewed Jan 5, 2025

View reviewed changes

kevalkanp1011 force-pushed the develop branch from 0055d78 to fed498c Compare January 8, 2025 11:11

coderabbitai bot reviewed Jan 8, 2025

View reviewed changes

kevalkanp1011 changed the title ~~Fastlane Configuration with Firebase App Distributions~~ CI/CD Pipeline Integration with Fastlane and GitHub Actions and Integration of Native C++ Code for Secure Handling and Jan 8, 2025

kevalkanp1011 changed the title ~~CI/CD Pipeline Integration with Fastlane and GitHub Actions and Integration of Native C++ Code for Secure Handling and~~ CI/CD Pipeline Integration with Fastlane and GitHub Actions and Integration of Native C++ Code for Secure Handling of Sensitive Infos Jan 8, 2025

kevalkanp1011 requested review from drtechie and NikhilFegade January 8, 2025 12:49

coderabbitai bot reviewed Jan 8, 2025

View reviewed changes

NikhilFegade added 3 commits January 13, 2025 15:16

Change url for production delete my account

33c31ec

Change url for production delete my account

67af798

Revert "Change url for production delete my account"

61b4cfe

This reverts commit 33c31ec.

drtechie reviewed Jan 14, 2025

View reviewed changes

fastlane/report.xml Outdated

Copy link

Member

drtechie Jan 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add this to gitignore.

coderabbitai bot reviewed Jan 14, 2025

View reviewed changes

kevalkanp1011 force-pushed the develop branch from 9c9eb22 to 273712f Compare January 15, 2025 05:39

coderabbitai bot reviewed Jan 15, 2025

View reviewed changes

coderabbitai bot reviewed Jan 16, 2025

View reviewed changes

Update Native c++ config

ec92bee

coderabbitai bot reviewed Feb 2, 2025

View reviewed changes

kevalkanp1011 added 5 commits February 2, 2025 23:31

Update Native c++ config

d792e78

Update Native c++ config

dec3fdd

Update Native c++ config

4180eea

Update Native c++ config

207bb89

Update Native c++ config

5d8a10a

coderabbitai bot reviewed Feb 2, 2025

View reviewed changes

Update

4a1222b

coderabbitai bot reviewed Feb 3, 2025

View reviewed changes

Update README.md

7045727

coderabbitai bot reviewed Feb 3, 2025

View reviewed changes

kevalkanp1011 added 2 commits February 3, 2025 10:45

create documentation file

8ade2cb

Merge remote-tracking branch 'origin/develop' into develop

2c3360b

coderabbitai bot reviewed Feb 3, 2025

View reviewed changes

Update CICDSetup.md

046d481

coderabbitai bot reviewed Feb 3, 2025

View reviewed changes

kevalkanp1011 added 2 commits February 3, 2025 11:35

Create SecureConfigWithNativeCode.md

9a1b53d

Create SecureConfigNativeCode.md

82a3edd

coderabbitai bot reviewed Feb 3, 2025

View reviewed changes

kevalkanp1011 and others added 8 commits February 3, 2025 11:56

create docs folder

8f01b8f

Update README.md

385e66e

Update CICDSetup.md

7174d07

Create SecureConfigNativeCode.md

d58f5cb

Merge remote-tracking branch 'origin/develop' into develop

7ab4a6c

Update CICDSetup.md

d4dfced

Update CICDSetup.md

8d59775

Delete SecureConfigWithNativeCode.md

e6e70ec

coderabbitai bot reviewed Feb 4, 2025

View reviewed changes

		@@ -0,0 +1,2 @@
		json_key_file("google_services.json") # Path to the json secret file - Follow https://docs.fastlane.tools/actions/supply/#setup to get one

	json_key_file("google_services.json") # Path to the json secret file - Follow https://docs.fastlane.tools/actions/supply/#setup to get one
	json_key_file(ENV["GOOGLE_SERVICES_JSON_PATH"]) # Path to the json secret file - Follow https://docs.fastlane.tools/actions/supply/#setup to get one

		json_key_file("google_services.json") # Path to the json secret file - Follow https://docs.fastlane.tools/actions/supply/#setup to get one
		package_name("org.piramalswasthya.sakhi") # e.g. com.krausefx.app

-    strategy:
-      matrix:
-        variant: [saksham_staging]  # Add other variants as needed
+    strategy:
+      matrix:
+        variant: [
+          saksham_staging_debug,
+          saksham_uat_debug,
+          saksham_production_debug,
+          saksham_staging_release,
+          saksham_uat_release,
+          saksham_production_release
+        ]

		- name: Decode google-services.json
		run: echo ${{ secrets['GOOGLE_SERVICES_JSON_BASE64] }} \| base64 --decode > ./app/google-services.json

	date_today: ${{ github.event.head_commit.timestamp }}
	date_today: ${{ github.event.pull_request.updated_at \|\| github.event.head_commit.timestamp }}

-        env:
-          # Specify which environment to use for each variant
-          saksham_staging: SAKSHAM_STAG
+        env:
+          # Specify which environment to use for each variant
+          saksham_staging: SAKSHAM_STAG
+          saksham_uat: SAKSHAM_UAT
+          saksham_production: SAKSHAM_PROD
+          saksham_staging_debug: SAKSHAM_STAG_DEBUG
+          saksham_uat_debug: SAKSHAM_UAT_DEBUG
+          saksham_production_debug: SAKSHAM_PROD_DEBUG
+          saksham_staging_release: SAKSHAM_STAG_RELEASE
+          saksham_uat_release: SAKSHAM_UAT_RELEASE
+          saksham_production_release: SAKSHAM_PROD_RELEASE

		Use this section to tell people about which versions of your project are
		currently being supported with security updates.

		__android_log_print(ANDROID_LOG_INFO, LOG_TAG, "Encrypted Password Key: %s",
		encryptedPassKey.c_str());

-#include <jni.h>
-#include <string>
-#include <android/log.h>
+#pragma once
+#include <jni.h>
+#include <string>
+#include <android/log.h>
+#define LOG_TAG "NativeLib"
+// Configuration constants should be defined here or included from a separate header
+// These should be populated during build time from environment variables
+#ifndef ENCRYPTED_PASS_KEY
+#define ENCRYPTED_PASS_KEY ""
+#endif
+// Add similar defines for other constants

-       web.loadUrl(KeyUtils.chatUrl())
+        // Disable file access
+        web.settings.allowFileAccess = false
+        web.settings.allowContentAccess = false
+        web.settings.allowFileAccessFromFileURLs = false
+        web.settings.allowUniversalAccessFromFileURLs = false
+        // Enable Safe Browsing
+        web.settings.safeBrowsingEnabled = true
+        web.loadUrl(KeyUtils.chatUrl())

		### Logging 📝
		Each JNI function logs its respective key or URL using the `__android_log_print` function, which helps in debugging and ensures that the correct values are being accessed.

CI/CD Pipeline Integration with Fastlane and GitHub Actions and Integration of Native C++ Code for Secure Handling of Sensitive Infos #43

Are you sure you want to change the base?

CI/CD Pipeline Integration with Fastlane and GitHub Actions and Integration of Native C++ Code for Secure Handling of Sensitive Infos #43

Conversation

kevalkanp1011 commented Dec 20, 2024 • edited by coderabbitai bot Loading

📋 Description

Environment

Environment Secrets:-

✅ Type of Change

ℹ️ Additional Information

Summary by CodeRabbit

coderabbitai bot commented Dec 20, 2024 • edited Loading

Walkthrough

Changes

Sequence Diagram(s)

Possibly related PRs

Suggested labels

Suggested reviewers

Poem

Chat

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot Dec 20, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 20, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 20, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 20, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 20, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 20, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 20, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 20, 2024

Choose a reason for hiding this comment

drtechie Dec 30, 2024

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot Dec 31, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 31, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 31, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 31, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 31, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 31, 2024

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot Dec 31, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 31, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 31, 2024

Choose a reason for hiding this comment

coderabbitai bot Dec 31, 2024

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot Jan 5, 2025

Choose a reason for hiding this comment

coderabbitai bot Jan 5, 2025

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot Jan 8, 2025

Choose a reason for hiding this comment

coderabbitai bot Jan 8, 2025

Choose a reason for hiding this comment

kevalkanp1011 commented Dec 20, 2024 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Dec 20, 2024 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)