build:调整ci

[Petterpx]

…onment variables

Sourcery 总结

配置 Android CI 以将制品发布到 Maven Central 并进行 GPG 签名，移除未使用的 Detekt/SARIF 步骤，并在构建中启用签名插件。

构建:

• 在 build.gradle 中添加 'signing' Gradle 插件以启用制品签名。

CI:

• 将本地 Maven 发布步骤替换为使用 Maven Central 凭据和 GPG 签名的 Gradle publishToMavenCentral，并将版本提升至 2.3.5.1。
• 从 CI 工作流中移除被注释掉的 Detekt lint 和 SARIF 上传操作。

Original summary in English

Summary by Sourcery

Configure Android CI to publish artifacts to Maven Central with GPG signing, remove unused Detekt/SARIF steps, and enable the signing plugin in the build

Build:

• Add the 'signing' Gradle plugin to enable artifact signing in the build.gradle

CI:

• Replace local maven publish step with Gradle publishToMavenCentral using Maven Central credentials and GPG signing, and bump version to 2.3.5.1
• Remove commented-out Detekt lint and SARIF upload actions from the CI workflow

[sourcery-ai]

审阅者指南（在小型 PR 上折叠）

审阅者指南

此 PR 更新了 Android CI 流水线，移除了过时的 Detekt/SARIF 步骤，并用通过环境变量配置的 Maven Central 发布替换了本地发布操作，同时在 Gradle 构建中启用了签名插件。

启用签名后 Gradle 构建插件的类图

classDiagram
    class GradleBuild {
        +android.lirary (plugin)
        +android.application (plugin)
        +jetbrains.kotlin.android (plugin)
        +signing (plugin) // newly added
    }

Loading

文件级别变更

变更	详情	文件
重构 GitHub Actions 工作流以将工件发布到 Maven Central	移除了注释掉的 Detekt 代码风格和 SARIF 上传步骤 将本地 Gradle 发布步骤替换为 publishToMavenCentral 通过环境变量注入 Maven Central 和 GPG 签名凭据 向 Gradle 命令添加了 --no-configuration-cache 和 publish 标志	.github/workflows/android.yml
在 Gradle 中启用工件签名	将 'signing' 插件添加到 build.gradle	build.gradle

---

提示和命令

与 Sourcery 互动

• 触发新审阅： 在拉取请求上评论 @sourcery-ai review。
• 继续讨论： 直接回复 Sourcery 的审阅评论。
• 从审阅评论生成 GitHub issue： 通过回复审阅评论，请求 Sourcery 从中创建一个 issue。你也可以回复审阅评论并带上 @sourcery-ai issue 来创建 issue。
• 生成拉取请求标题： 随时在拉取请求标题的任何位置写入 @sourcery-ai 来生成标题。你也可以在拉取请求上评论 @sourcery-ai title 来随时（重新）生成标题。
• 生成拉取请求摘要： 随时在拉取请求正文的任何位置写入 @sourcery-ai summary，以便在你想要的位置生成 PR 摘要。你也可以在拉取请求上评论 @sourcery-ai summary 来随时（重新）生成摘要。
• 生成审阅者指南： 随时在拉取请求上评论 @sourcery-ai guide 来（重新）生成审阅者指南。
• 解决所有 Sourcery 评论： 在拉取请求上评论 @sourcery-ai resolve 来解决所有 Sourcery 评论。如果你已经处理了所有评论并且不想再看到它们，这会很有用。
• 驳回所有 Sourcery 审阅： 在拉取请求上评论 @sourcery-ai dismiss 来驳回所有现有的 Sourcery 审阅。如果你想重新开始一个新审阅，这会特别有用——别忘了评论 @sourcery-ai review 来触发新审阅！

自定义你的体验

访问你的 仪表板 以：

• 启用或禁用审阅功能，例如 Sourcery 生成的拉取请求摘要、审阅者指南等。
• 更改审阅语言。
• 添加、删除或编辑自定义审阅说明。
• 调整其他审阅设置。

获取帮助

• 联系我们的支持团队 以获取问题或反馈。
• 访问我们的 文档 以获取详细指南和信息。
• 通过在 X/Twitter、LinkedIn 或 GitHub 上关注我们，与 Sourcery 团队保持联系。

Original review guide in English

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

The PR updates the Android CI pipeline by removing obsolete Detekt/SARIF steps and replacing the local publish action with a Maven Central publication configured via environment variables, and it enables the signing plugin in the Gradle build.

Class diagram for Gradle build plugins after signing enabled

classDiagram
    class GradleBuild {
        +android.lirary (plugin)
        +android.application (plugin)
        +jetbrains.kotlin.android (plugin)
        +signing (plugin) // newly added
    }

Loading

File-Level Changes

Change	Details	Files
Refactor GitHub Actions workflow to publish artifacts to Maven Central	Removed commented-out Detekt code style and SARIF upload steps Replaced local Gradle publish step with publishToMavenCentral Injected Maven Central and GPG signing credentials via environment variables Added --no-configuration-cache and publish flags to the Gradle command	.github/workflows/android.yml
Enable artifact signing in Gradle	Added the 'signing' plugin to build.gradle	build.gradle

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

你好 - 我已审阅了你的更改 - 这里有一些反馈：

• 如果你不打算重新启用注释掉的 detekt/SARIF 代码块，请将其删除，以保持 CI 配置的整洁。
• 考虑将 versionName 参数化，而不是硬编码 '2.3.5.1'，以简化未来的发布。
• 在发布步骤中添加分支或标签过滤器，以防止从功能分支意外发布。

AI 代理提示

请处理此代码审查中的评论：
## 总体评论
- 如果你不打算重新启用注释掉的 detekt/SARIF 代码块，请将其删除，以保持 CI 配置的整洁。
- 考虑将 versionName 参数化，而不是硬编码 '2.3.5.1'，以简化未来的发布。
- 在发布步骤中添加分支或标签过滤器，以防止从功能分支意外发布。

## 单独评论

### 评论 1
<location> `.github/workflows/android.yml:31` </location>
<code_context>
+          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SIGNING_KEY}}
+          ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.GPG_SIGNING_KEY_ID }}
+          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.GPG_SIGNING_PASS_WORD }}
+        run: ./gradlew publishToMavenCentral --no-configuration-cache -PisPublish=true -PversionName=2.3.5.1
\ No newline at end of file
</code_context>

<issue_to_address>
请仔细检查发布步骤中 --no-configuration-cache 的使用。

如果由于发布问题需要此标志，请在工作流中记录原因。随着 Gradle 的发展，请考虑重新审视其必要性。
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

Original comment in English

Hey there - I've reviewed your changes - here's some feedback:

• Remove the commented detekt/SARIF code blocks if you’re not planning to re-enable them so the CI config stays clean.
• Consider parameterizing the versionName instead of hardcoding '2.3.5.1' to simplify future releases.
• Add a branch or tag filter to the publish step to prevent accidental publishing from feature branches.

Prompt for AI Agents

Please address the comments from this code review:
## Overall Comments
- Remove the commented detekt/SARIF code blocks if you’re not planning to re-enable them so the CI config stays clean.
- Consider parameterizing the versionName instead of hardcoding '2.3.5.1' to simplify future releases.
- Add a branch or tag filter to the publish step to prevent accidental publishing from feature branches.

## Individual Comments

### Comment 1
<location> `.github/workflows/android.yml:31` </location>
<code_context>
+          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SIGNING_KEY}}
+          ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.GPG_SIGNING_KEY_ID }}
+          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.GPG_SIGNING_PASS_WORD }}
+        run: ./gradlew publishToMavenCentral --no-configuration-cache -PisPublish=true -PversionName=2.3.5.1
\ No newline at end of file
</code_context>

<issue_to_address>
Double-check the use of --no-configuration-cache for publish step.

If this flag is required due to publishing issues, please document the reason in the workflow. Consider revisiting its necessity as Gradle evolves.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion (performance): 请仔细检查发布步骤中 --no-configuration-cache 的使用。

如果由于发布问题需要此标志，请在工作流中记录原因。随着 Gradle 的发展，请考虑重新审视其必要性。

Original comment in English

suggestion (performance): Double-check the use of --no-configuration-cache for publish step.

If this flag is required due to publishing issues, please document the reason in the workflow. Consider revisiting its necessity as Gradle evolves.