build: Update develop with Release 3.3.1 [skip size] #4597
Conversation
Release 3.3.0.1 [skip size]
* ci: set up Sentry gradle to upload proguard files * ci: set environment SENTRY_AUTH_TOKEN in Github actions * ci: set environment SENTRY_AUTH_TOKEN in Github actions * ci: add sentry version and check for SENTRY_AUTH_TOKEN Signed-off-by: Manu Muñoz <[email protected]> * restore training Signed-off-by: Manu Muñoz <[email protected]> * build: disable Sentry auto-installation and source context upload - Disable auto-installation of Sentry components in the build configuration. - Disable source context inclusion to prevent uploading source code to Sentry. --------- Signed-off-by: Manu Muñoz <[email protected]> Co-authored-by: Manu Muñoz <[email protected]>
* fix(translations): sync translations from transifex (main) * fix(translations): sync translations from transifex (main) * chore: Correct translations * chore: Correct translations --------- Co-authored-by: Xavier Molloy <[email protected]>
* fix(reporting): remove user tracking from crash reports * Fix flaky DataSetTest
…4579) (#4583) * feat: add workflow and gradle plugin for generating sbom * feat: add workflow and gradle plugin for generating sbom Co-authored-by: Rohit <[email protected]>
…4581) * chore: [ANDROAPP-7442] Don't filter by completed enrollments for program rule triggering * chore: [ANDROAPP-7442] ktlint
There was a problem hiding this comment.
Pull request overview
This pull request updates the develop branch with Release 3.3.1, which is a patch release focusing on bug fixes and security improvements. The main changes include removing username tracking from Sentry crash reports for privacy compliance, updating several dependencies (including Sentry, Expression Parser, and potentially Kotlin), configuring automated ProGuard mapping uploads to Sentry, and adding a new workflow for generating and uploading Software Bill of Materials (SBOM). The release also includes translations updates and fixes for program rules to work with completed enrollments.
Changes:
- Removed username tracking from Sentry crash reports for privacy compliance (ANDROAPP-7441)
- Updated dependencies: Sentry (8.23.0 → 8.29.0), Expression Parser (1.2.1 → 1.2.2), and Kotlin (potentially to 2.2.21)
- Configured Sentry plugin for automated ProGuard/R8 mapping uploads and added cyclonedx plugin for SBOM generation
- Fixed program rules to trigger for completed enrollments by removing EnrollmentStatus.ACTIVE filter
- Added translations and fixed typos in Spanish and Chinese localization files
- Configured Dependabot to ignore major and minor version updates
- Added test stability improvements using ExperimentalTestApi for flaky dataset tests
Reviewed changes
Copilot reviewed 18 out of 19 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| gradle/libs.versions.toml | Updated version numbers for vName (3.3.1-RC), expressionParser (1.2.2), sentry (8.29.0), kotlin (2.2.21), and added sentryPlugin and cyclonedx plugin versions |
| commonskmm/src/commonMain/kotlin/org/dhis2/mobile/commons/reporting/CrashReportController.kt | Removed trackUser method from interface to stop tracking usernames in crash reports |
| commonskmm/src/androidMain/kotlin/org/dhis2/mobile/commons/reporting/CrashReportControllerImpl.kt | Removed trackUser implementation that was setting username in Sentry |
| login/src/androidMain/kotlin/org/dhis2/mobile/login/main/data/LoginRepositoryImpl.kt | Removed trackUser call after login, keeping only server tracking |
| app/src/main/java/org/dhis2/usescases/splash/SplashPresenter.kt | Removed userName parameter and trackUser call from trackUserInfo method |
| dhis2-mobile-program-rules/src/main/java/org/dhis2/mobileProgramRules/RulesRepository.kt | Removed EnrollmentStatus.ACTIVE filter to enable program rules for completed enrollments |
| app/build.gradle.kts | Added Sentry plugin configuration with ProGuard mapping upload settings |
| build.gradle.kts | Added cyclonedx plugin for SBOM generation |
| whatsnew/whatsnew-en-US | Updated release notes for version 3.3.1 patch release |
| RELEASE.md | Comprehensive release notes listing all bugs fixed and tasks completed in 3.3.1 |
| .github/workflows/generate-and-upload-bom.yml | New workflow to generate and upload SBOM to Dependency-Track nightly |
| .github/workflows/deploy-release.yml | Added SENTRY_AUTH_TOKEN environment variable for ProGuard mapping uploads |
| .github/workflows/build-release-candidate.yml | Added SENTRY_AUTH_TOKEN environment variable for ProGuard mapping uploads |
| .github/dependabot.yml | Added wildcard pattern to ignore all major and minor dependency updates |
| aggregates/src/commonMain/composeResources/values-es/strings.xml | Fixed typo: "Quieree" → "Quiere" |
| aggregates/src/commonMain/composeResources/values-es-rES/strings.xml | Fixed typo: "Quieree" → "Quiere" |
| stock-usecase/src/main/res/values-zh/strings.xml | Added missing Chinese translation for mandatory_distributed_to_selection |
| app/src/main/res/values-zh/strings.xml | Added Chinese translation for login_server_info_message |
| app/src/androidTest/java/org/dhis2/usescases/datasets/DataSetTest.kt | Added @OptIn(ExperimentalTestApi::class) and waitUntilExactlyOneExists to fix flaky test behavior |
| - dependency-name: "*" | ||
| update-types: ["version-update:semver-major", "version-update:semver-minor"] |
There was a problem hiding this comment.
The wildcard dependency ignore pattern will ignore ALL major and minor version updates for all dependencies. This is an overly broad configuration that could prevent important security updates and bug fixes from being detected. Consider being more selective about which dependencies should have version updates ignored, or use more specific patterns that target only problematic dependencies.
| - dependency-name: "*" | |
| update-types: ["version-update:semver-major", "version-update:semver-minor"] |
| <string name="mandatory_facility_selection"> | ||
| 必须先填写设施字段,然后才能继续 | ||
| </string> | ||
| <string name="mandatory_distributed_to_selection">\n 必须填写 \"分发至 \"字段后才能继续操作</string> |
There was a problem hiding this comment.
The new Chinese translation string contains unnecessary leading whitespace and newline characters (\n ). This inconsistent formatting could affect the visual presentation. Consider removing the leading newline and extra spaces to match the formatting style of other strings in the file.
| <string name="mandatory_distributed_to_selection">\n 必须填写 \"分发至 \"字段后才能继续操作</string> | |
| <string name="mandatory_distributed_to_selection">必须填写 \"分发至 \"字段后才能继续操作</string> |
| - uses: actions/checkout@v6 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Set up JDK 17 | ||
| uses: actions/setup-java@v5 |
There was a problem hiding this comment.
The GitHub Actions workflow uses SHA commit references in some places but not consistently. For example, line 12 uses actions/checkout@v6 (tag-based) while lines 46, 63, 85, and 97 in deploy-release.yml use full commit SHAs. Consider using full commit SHAs consistently throughout the workflow for better security and reproducibility, as recommended by GitHub Actions best practices.
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v5 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@2c7a4878f5d120bd643426d54ae1209b29cc01a4 |
| curl -X POST "$DEPENDENCY_TRACK_API" \ | ||
| --fail-with-body \ | ||
| -H "Content-Type: multipart/form-data" \ | ||
| -H "X-Api-Key: ${{ secrets.DEPENDENCYTRACK_APIKEY }}" \ |
There was a problem hiding this comment.
The curl command uses --fail-with-body flag which is good for error handling. However, consider adding error handling for the case where the BOM generation step fails before attempting the upload. Additionally, verify that the DEPENDENCYTRACK_APIKEY secret is properly configured in the repository settings and has the necessary permissions for the Dependency-Track instance.
| curl -X POST "$DEPENDENCY_TRACK_API" \ | |
| --fail-with-body \ | |
| -H "Content-Type: multipart/form-data" \ | |
| -H "X-Api-Key: ${{ secrets.DEPENDENCYTRACK_APIKEY }}" \ | |
| set -euo pipefail | |
| API_KEY="${{ secrets.DEPENDENCYTRACK_APIKEY }}" | |
| if [ -z "$API_KEY" ]; then | |
| echo "Error: DEPENDENCYTRACK_APIKEY secret is not set or is empty." | |
| exit 1 | |
| fi | |
| if [ ! -f "build/reports/bom.json" ]; then | |
| echo "Error: BOM file 'build/reports/bom.json' not found. Ensure the 'Generate BOM' step completed successfully." | |
| exit 1 | |
| fi | |
| curl -X POST "$DEPENDENCY_TRACK_API" \ | |
| --fail-with-body \ | |
| -H "Content-Type: multipart/form-data" \ | |
| -H "X-Api-Key: $API_KEY" \ |
| import java.time.LocalDate | ||
| import java.time.format.DateTimeFormatter | ||
|
|
||
|
|
There was a problem hiding this comment.
The @OptIn(ExperimentalTestApi::class) annotation has been added to the class level. The waitUntilExactlyOneExists function is from the ExperimentalTestApi. While this is a valid approach to resolve flaky tests, be aware that experimental APIs may change in future versions of the Compose testing library. Consider adding a comment explaining why this experimental API is needed (to fix flaky test behavior when creating multiple dataset instances).
| // Opt in to ExperimentalTestApi to use waitUntilExactlyOneExists for stabilizing | |
| // flaky Compose tests when creating multiple dataset instances. |
* Update version code, sdk, and design system release version * chore: Update version name --------- Co-authored-by: @dhis2-bot <[email protected]> Co-authored-by: Xavier Molloy <[email protected]>
|
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 31 out of 31 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| <string name="mandatory_facility_selection"> | ||
| 必须先填写设施字段,然后才能继续 | ||
| </string> | ||
| <string name="mandatory_distributed_to_selection">\n 必须填写 \"分发至 \"字段后才能继续操作</string> |
There was a problem hiding this comment.
The string resource contains a literal \n escape sequence at the beginning which will be displayed as text rather than creating a newline. XML string resources should use actual newlines or \n without the backslash prefix. Additionally, the indentation after the newline appears intentional but will be preserved as literal whitespace.
| <string name="mandatory_facility_selection"> | ||
| 必须先填写设施字段,然后才能继续 | ||
| </string> | ||
| <string name="mandatory_distributed_to_selection">\n 必须填写 \"分发至 \"字段后才能继续操作</string> |
There was a problem hiding this comment.
Extra space present before the closing quote in "分发至 ". The text has trailing whitespace that should be removed.
…ation chore: update dependency verification file
xavimolloy
changed the title
No description provided.