Use Android CI from common workflows

[gpunto]

🎯 Goal

AND-781: Unify CI Across SDKs

We now have a CI workflow with common steps, so we're using that

🛠 Implementation details

Use shared CI workflow

🎨 UI Changes

None

🧪 Testing

The expected pipeline steps should be run

Note: these checks will stay pending because the names of the workflows changed. After the PR is approved, I'll update the branch protection accordingly before merging.

☑️Contributor Checklist

General

• I have signed the Stream CLA (required)
• Assigned a person / code owner group (required)
• Thread with the PR link started in a respective Slack channel (#android-chat-core or #android-chat-ui) (required)
• PR is linked to the GitHub issue it resolves

Code & documentation

• Changelog is updated with client-facing changes
• New code is covered by unit tests
• Comparison screenshots added for visual changes
• Affected documentation updated (KDocs, docusaurus, tutorial)

☑️Reviewer Checklist

• UI Components sample runs & works
• Compose sample runs & works
• UI Changes correct (before & after images)
• Bugs validated (bugfixes)
• New feature tested and works
• Release notes and docs clearly describe changes
• All code we touched has new or updated KDocs
• Check the SDK Size Comparison table in the CI logs

🎉 GIF

Please provide a suitable gif that describes your work on this pull request

Summary by CodeRabbit

• Chores
  • Updated CI workflows to newer action versions and improved output handling.
  • Standardized test invocation to a Gradle-based coverage task (CI test flow adjusted).
  • Streamlined pull-request creation steps and added token/permission handling for reliability.
  • Upgraded runner platform and refined job permissions for improved build consistency.
  • Minor workflow formatting and tooling updates for more robust automation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Multiple GitHub Actions workflows and a CI script were updated: action versions bumped, output handling standardized (set-output -> GITHUB_OUTPUT), a reusable base Android CI workflow introduced, test invocation moved to a Gradle task, runner image and deploy-action versions updated, and small permission/formatting adjustments applied.

Changes

Cohort / File(s)	Summary
AWS credentials update ​.github/workflows/apk-s3-distribute.yml	aws-actions/configure-aws-credentials updated to @v4.
CI job consolidation & lint/detekt changes ​.github/workflows/pr-checks.yml	Introduces base-android-ci reusable workflow, removes inline lint/test jobs, adds detekt job, updates checkout/setup steps and removes spotlessCheck.
Create Pull Request action upgrades ​.github/workflows/clean-detekt-baseline.yaml, ​.github/workflows/localazy-download.yml, ​.github/workflows/snapshot-test.yaml	peter-evans/create-pull-request bumped to @v6; added parameters (delete-branch, reviewers, body, branch, token, etc.).
Output standardization ​.github/workflows/check-entities.yml, ​.github/workflows/publish-new-version.yml	Replaces ::set-output with writing to GITHUB_OUTPUT; consolidates multi-line output writes and quotes outputs.
Test invocation / CI script changes ​.github/workflows/build-and-test.yml, scripts/ci-unit-tests.sh	Workflow now invokes Gradle testCoverage (./gradlew testCoverage); scripts/ci-unit-tests.sh no longer runs ./gradlew :testCoverage.
Runner & deployment updates ​.github/workflows/release-docs.yaml	Runner updated to ubuntu-24.04; peaceiris/actions-gh-pages updated to @v4.0.0; added permissions block.
Misc workflow adjustments ​.github/workflows/apk-s3-distribute.yml, ​.github/workflows/snapshot-test.yaml, ​.github/workflows/localazy-download.yml, ​.github/workflows/clean-detekt-baseline.yaml	Small permission/quoting/formatting tweaks and added token inputs where applicable.

Sequence Diagram(s)

(Skipped — changes are workflow/configuration updates without new multi-component runtime control flow requiring visualization.)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Use workflows from build conventions repository #6060 — Similar migration to centralized/reusable CI workflows and updates to workflow uses references.

Suggested reviewers

• VelikovPetar

Poem

🐰 I hopped through YAML lines at night,

bumped the versions, set outputs right.
Gradle hums and workflows sing,
I twitch my nose — CI's in spring! 🥕✨

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main objective of the PR: adopting a shared Android CI workflow from common workflows.
Linked Issues check	✅ Passed	The PR successfully implements AND-781 objectives: it unifies CI across SDKs by adopting a shared CI workflow (GetStream/stream-build-conventions-android), reducing duplication and ensuring consistency.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to AND-781: workflow updates to adopt shared CI, action version bumps, and GitHub Actions API modernization are all aligned with CI unification.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The PR description addresses the goal, implementation, and testing, but is missing critical checklist items and the GIF section.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch and-781/unify-android-ci

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

SDK Size Comparison 📏

SDK	Before	After	Difference	Status
stream-chat-android-client	5.25 MB	5.25 MB	0.00 MB	🟢
stream-chat-android-offline	5.48 MB	5.48 MB	0.00 MB	🟢
stream-chat-android-ui-components	10.60 MB	10.60 MB	0.00 MB	🟢
stream-chat-android-compose	12.81 MB	12.81 MB	0.00 MB	🟢

[github-actions]

DB Entities have been updated. Do we need to upgrade DB Version?
Modified Entities :

.github/workflows/check-entities.yml

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

.github/workflows/check-entities.yml (1)

23-30: Critical: Fix empty command substitution causing pipeline failure.

Line 23 contains an empty command substitution $() at the end of the command, which is causing the exit code 123 pipeline failure. This serves no purpose and should be removed.

🔎 Proposed fix

-        status=$(grep '@Entity' -rinl . | xargs -r git diff-index --name-only --exit-code --output=touchedEntities origin/${{ github.base_ref }} $(); echo $?)
+        status=$(grep '@Entity' -rinl . | xargs -r git diff-index --name-only --exit-code --output=touchedEntities origin/${{ github.base_ref }}; echo $?)

.github/workflows/clean-detekt-baseline.yaml (1)

26-40: Enable repository workflow permissions for the action to work in v6.

The upgrade from v4 to v6 introduces a critical breaking change: GitHub Actions must be explicitly permitted to create pull requests at the repository level (Settings → Actions → General → Workflow permissions). Without this permission, the action will fail with "GitHub Actions is not permitted to create or approve pull requests."

Additionally, v6 changes the default author/committer email format to include the actor ID (e.g., <[email protected]>). If you rely on the original default format, explicitly set the author and committer inputs. The current token configuration is compatible with v6 and correct.

🧹 Nitpick comments (2)

.github/workflows/pr-checks.yml (2)

18-19: Consider pinning the setup-gradle action to a specific version.

The checkout action is pinned to v4.2.2, but setup-gradle references @main. Using a mutable branch reference can lead to unexpected behavior if the action changes. For consistency and reproducibility, consider pinning to a version tag (e.g., @v0.6.0) similar to the reusable workflow reference.

🔎 Suggested fix

       - uses: actions/[email protected]
-      - uses: GetStream/stream-build-conventions-android/.github/actions/setup-gradle@main
+      - uses: GetStream/stream-build-conventions-android/.github/actions/[email protected]

---

27-28: Pin setup-ruby action to a specific release version.

The setup-ruby action currently references @main. Pin it to a specific version tag (e.g., @v0.4) for better reproducibility and security.

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 831353e and b679772.

📒 Files selected for processing (10)

• .github/workflows/apk-s3-distribute.yml
• .github/workflows/build-and-test.yml
• .github/workflows/check-entities.yml
• .github/workflows/clean-detekt-baseline.yaml
• .github/workflows/localazy-download.yml
• .github/workflows/pr-checks.yml
• .github/workflows/publish-new-version.yml
• .github/workflows/release-docs.yaml
• .github/workflows/snapshot-test.yaml
• scripts/ci-unit-tests.sh

💤 Files with no reviewable changes (1)

• scripts/ci-unit-tests.sh

🧰 Additional context used

🪛 GitHub Actions: Check DB Entities

.github/workflows/check-entities.yml

[error] 1-1: Process completed with exit code 123 in the check-entities.yml workflow. The shell script executing the git diff-index touch-tracking step exited abnormally.

🔇 Additional comments (6)

.github/workflows/build-and-test.yml (1)

44-44: LGTM! Direct Gradle invocation simplifies the workflow.

Removing the script wrapper and calling Gradle directly makes the CI more maintainable and transparent.

.github/workflows/publish-new-version.yml (1)

55-59: LGTM! Proper migration to GITHUB_OUTPUT.

The heredoc format correctly replaces the deprecated set-output command for multiline outputs, following GitHub Actions best practices.

.github/workflows/check-entities.yml (1)

28-29: LGTM! Proper migration to GITHUB_OUTPUT.

The output mechanism correctly migrates to the GITHUB_OUTPUT environment file, following GitHub Actions best practices.

.github/workflows/release-docs.yaml (1)

11-11: ubuntu-24.04 is stable and supported for production workflows.

Ubuntu-24.04 is an officially supported GitHub-hosted runner and is the current default for ubuntu-latest. No action required.

.github/workflows/apk-s3-distribute.yml (1)

26-30: No action needed. The aws-actions/configure-aws-credentials action upgrade from v1 to v4 does not introduce breaking changes according to official release notes. No breaking changes are documented for v2, v3, or v4 releases; the first documented breaking change appears in v5.0.0. The current credential configuration is compatible with v4.

.github/workflows/pr-checks.yml (1)

10-12: LGTM! Clean integration of the shared Android CI workflow.

The reusable workflow is properly pinned to version v0.6.0, and secrets: inherit correctly propagates repository secrets to the called workflow. This aligns well with the AND-781 objective of unifying CI across SDKs.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

.github/workflows/pr-checks.yml (1)

23-29: Pin the custom action to a specific version instead of using @main.

Similar to the Detekt job, the Rubocop job uses @main for the setup-ruby action (line 28), which can lead to unexpected CI failures if breaking changes are introduced to the action.

🔎 Recommended approach

Pin to a specific version or commit SHA:

-      - uses: GetStream/android-ci-actions/actions/setup-ruby@main
+      - uses: GetStream/android-ci-actions/actions/[email protected]

Replace v1.0.0 with the appropriate stable version tag or commit SHA.

.github/workflows/clean-detekt-baseline.yaml (1)

14-14: Update outdated actions/checkout version for consistency.

This workflow uses actions/[email protected], while other workflows in the PR use v4.2.2. Update to the latest v4 version for consistency and to benefit from recent improvements and security patches.

🔎 Proposed fix

       - name: Check out code
-        uses: actions/[email protected]
+        uses: actions/[email protected]
         with:
           token: ${{ secrets.STREAM_PUBLIC_BOT_TOKEN }}

.github/workflows/localazy-download.yml (1)

20-20: Replace deprecated tibdex/github-app-token action.

tibdex/[email protected] is deprecated and archived as of July 2025. Upgrade to actions/create-github-app-token, the official replacement. localazy/[email protected] is already on the latest stable version.

♻️ Duplicate comments (1)

.github/workflows/snapshot-test.yaml (1)

52-59: Redundant token parameter flagged in previous review.

A previous review already identified that the token parameter at line 59 is redundant because peter-evans/create-pull-request@v6 defaults to GITHUB_TOKEN. However, note that using the default GITHUB_TOKEN prevents the created PR from triggering downstream workflows—if that's needed, replace it with a PAT or GitHub App token.

🧹 Nitpick comments (6)

.github/workflows/release-docs.yaml (2)

17-17: Consider upgrading to actions/checkout@v4.

The workflow uses actions/[email protected]. Version 4 is available and offers improvements including Node.js 20 runtime and better performance.

🔎 Suggested update

-        uses: actions/[email protected]
+        uses: actions/checkout@v4

---

20-20: Consider pinning the internal action to a specific version or tag.

The workflow uses @main for the internal GetStream/android-ci-actions/actions/setup-java action, which can lead to unexpected changes if the main branch is updated.

If your organization maintains version tags for this shared action, consider pinning to a specific release for stability. However, if using @main is intentional for always consuming the latest shared CI updates (as suggested by the PR's goal to unify CI), this may be acceptable with appropriate change management.

.github/workflows/snapshot-test.yaml (1)

25-27: Consider pinning GetStream action versions instead of using @main.

The workflow references GetStream actions using @main, which points to a moving target and can introduce unexpected breaking changes. For production stability, consider pinning to specific commit SHAs or tagged versions.

🔎 Example: Pin to a specific commit or tag

-      - uses: GetStream/android-ci-actions/actions/setup-java@main
-      - uses: GetStream/android-ci-actions/actions/setup-ruby@main
-      - uses: GetStream/android-ci-actions/actions/gradle-cache@main
+      - uses: GetStream/android-ci-actions/actions/[email protected]  # or commit SHA
+      - uses: GetStream/android-ci-actions/actions/[email protected]
+      - uses: GetStream/android-ci-actions/actions/[email protected]

.github/workflows/localazy-download.yml (1)

19-19: Consider pinning GetStream action versions instead of using @main.

Similar to other workflows in this PR, the GetStream actions reference @main, which can introduce unexpected changes. Consider pinning to specific versions or commit SHAs for stability.

Also applies to: 29-29

.github/workflows/clean-detekt-baseline.yaml (2)

9-11: Consider adding explicit permissions like localazy-download workflow.

The localazy-download.yml workflow (also upgraded to v6 in this PR) includes explicit permissions for contents and pull-requests. While the GitHub App token might provide sufficient permissions, adding explicit permissions improves clarity and aligns with v6 best practices.

🔎 Proposed addition

   clean_detekt_baseline_files:
     name: Clean Detekt Baseline Files
     runs-on: ubuntu-22.04
+    permissions:
+      contents: write
+      pull-requests: write
     steps:

---

17-17: Consider pinning GetStream action version instead of using @main.

The workflow references GetStream actions using @main. For production stability, consider pinning to specific versions or commit SHAs to avoid unexpected breaking changes.

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b679772 and 4232cd3.

📒 Files selected for processing (10)

• .github/workflows/apk-s3-distribute.yml
• .github/workflows/build-and-test.yml
• .github/workflows/check-entities.yml
• .github/workflows/clean-detekt-baseline.yaml
• .github/workflows/localazy-download.yml
• .github/workflows/pr-checks.yml
• .github/workflows/publish-new-version.yml
• .github/workflows/release-docs.yaml
• .github/workflows/snapshot-test.yaml
• scripts/ci-unit-tests.sh

💤 Files with no reviewable changes (1)

• scripts/ci-unit-tests.sh

🚧 Files skipped from review as they are similar to previous changes (4)

• .github/workflows/check-entities.yml
• .github/workflows/build-and-test.yml
• .github/workflows/apk-s3-distribute.yml
• .github/workflows/publish-new-version.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Test compose (2)
• GitHub Check: Test compose (0)
• GitHub Check: Test compose (1)
• GitHub Check: compare-sdk-sizes / Compare SDK sizes

🔇 Additional comments (7)

.github/workflows/release-docs.yaml (2)

11-11: Good upgrade to newer Ubuntu LTS.

The runner upgrade to ubuntu-24.04 is appropriate for staying current with supported versions.

Ensure all actions and build tools are compatible with Ubuntu 24.04. Run the workflow to verify no unexpected issues arise from the OS upgrade.

---

12-14: Previous concerns resolved.

The permissions block and pinned action version directly address the critical issues flagged in the previous review:

• ✅ Required permissions (actions: read and contents: write) are now present
• ✅ Action is pinned to a specific version (v4.0.0) instead of the floating @v4 tag

Also applies to: 24-24

.github/workflows/pr-checks.yml (2)

3-3: LGTM!

The pull request trigger configuration is correct and appropriate.

---

10-12: The reusable workflow reference cannot be verified, and the claims about replaced jobs are incorrect. The jobs mentioned (lint, api_check, debug_build, test) do not appear in the current or previous versions of pr-checks.yml based on git history. The debug_build and tests jobs exist in build-and-test.yml, which is a separate workflow file. Additionally, the reusable workflow repository (GetStream/stream-build-conventions-android) could not be found publicly, making verification of version v0.6.0 impossible. Clarify which jobs this change actually replaces, or verify that the reusable workflow reference is correct.

Likely an incorrect or invalid review comment.

.github/workflows/localazy-download.yml (2)

14-16: Good addition of explicit permissions.

Adding explicit permissions for contents and pull-requests is a best practice and addresses potential v6 compatibility concerns. This ensures the workflow can create and manage pull requests without relying on default repository settings.

---

35-48: V6 upgrade concerns from previous review appear addressed.

The previous review flagged several v6 compatibility concerns:

1. ✅ Workflow permissions are now explicitly set (lines 14-16)
2. ✅ GitHub App token is used instead of default GITHUB_TOKEN (line 48), allowing downstream workflow triggers
3. ⚠️ Node 20 compatibility should be verified for ubuntu-22.04 runner

The workflow appears properly configured for v6. However, confirm that ubuntu-22.04 runners support Node 20 (required for v6) if using self-hosted runners.

.github/workflows/clean-detekt-baseline.yaml (1)

26-40: V6 upgrade implemented correctly with GitHub App token.

The upgrade to peter-evans/create-pull-request@v6 uses a GitHub App token (line 40), which correctly allows the created PR to trigger downstream workflows. The configuration includes appropriate parameters for PR creation.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud