From 789201d7645500dbe5641274b1a72b2ae2ca0b0c Mon Sep 17 00:00:00 2001
From: Albin <albin@mullvad.net>
Date: Wed, 22 Nov 2023 11:13:32 +0100
Subject: [PATCH] Add GH action for static analysis tool mobsfscan

The action will currently not fail on warnings. That can
be configured after we've went through the warnings and
fixed or suppressed them.
---
 .github/workflows/android-static-analysis.yml | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 .github/workflows/android-static-analysis.yml

diff --git a/.github/workflows/android-static-analysis.yml b/.github/workflows/android-static-analysis.yml
new file mode 100644
index 000000000000..e34fa248fb81
--- /dev/null
+++ b/.github/workflows/android-static-analysis.yml
@@ -0,0 +1,27 @@
+---
+name: Android - Static analysis
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - .github/workflows/android-static-analysis.yml
+      - android/**
+  schedule:
+    # At 06:20 UTC every day.
+    # Notifications for scheduled workflows are sent to the user who last modified the cron
+    # syntax in the workflow file. If you update this you must have notifications for
+    # Github Actions enabled, so these don't go unnoticed.
+    # https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/notifications-for-workflow-runs
+    - cron: '20 6 * * *'
+jobs:
+  mobsfscan:
+    name: Code scanning using mobsfscan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Scan code
+        uses: MobSF/mobsfscan@main
+        with:
+          args: '--type android android'