commit | 908b2767004809d9265e154f1cbbee7b4fbff7e0 | [log] [tgz] |
---|---|---|
author | StepSecurity Bot <bot@stepsecurity.io> | Wed Apr 26 06:43:41 2023 -0700 |
committer | GitHub <noreply@github.com> | Wed Apr 26 15:43:41 2023 +0200 |
tree | c745542afdb04c136619e415cc9c8fbd3741cf46 | |
parent | dd7148e22c9415b270070ff285fba35694e934b5 [diff] |
[StepSecurity] ci: Harden GitHub Actions (#937) ## Summary This pull request is created by [Secure Repo](https://app.stepsecurity.io/securerepo) at the request of @guidezpl. Please merge the Pull Request to incorporate the requested changes. Please tag @guidezpl on your message if you have any questions related to the PR. You can also engage with the [StepSecurity](https://github.com/step-security) team by tagging @step-security-bot. ## Security Fixes ### Pinned Dependencies GitHub Action tags and Docker tags are mutatble. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit. - [GitHub Security Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo). To create such PRs, please visit https://app.stepsecurity.io/securerepo. Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Flutter Gallery is a resource to help developers evaluate and use Flutter. It is a collection of Material Design & Cupertino widgets, behaviors, and vignettes implemented with Flutter. We often get asked how one can see Flutter in action, and this gallery demonstrates what Flutter provides and how it behaves in the wild.
material
, cupertino
, and other widgetsanimations
dual_screen
Flutter Gallery has been built to support multiple platforms. These include:
One can run the gallery locally for any of these platforms. For desktop platforms, please see the Flutter docs for the latest requirements.
cd gallery/ flutter pub get flutter run
master
channelThe Flutter Gallery targets Flutter‘s master
channel. As such, it can take advantage of new SDK features that haven’t landed in the stable channel.
If you'd like to run the Flutter Gallery, you may have to switch to the master
channel first:
flutter channel master
flutter upgrade
When you're done, use this command to return to the safety of the stable
channel:
flutter channel stable
flutter upgrade
If this is the first time building the Flutter Gallery, the localized code will not be present in the project directory. However, after running the application for the first time, a synthetic package will be generated containing the app's localizations through importing package:flutter_gen/gen_l10n/
.
flutter pub get
flutter pub run grinder l10n
See separate README for more details.
flutter pub get flutter pub run grinder update-code-segments
See separate README for more details.
Convert your animation to a .gif
file. Ideally, use a background color of 0xFF030303
to ensure the animation blends into the background of the app.
Add your new .gif
file to the assets directory under assets/splash_effects
. Ensure the name follows the format splash_effect_$num.gif
. The number should be the next number after the current largest number in the repository.
Update the map _effectDurations
in splash.dart to include the number of the new .gif
as well as its estimated duration. The duration is used to determine how long to display the splash animation at launch.
The process is largely automated and easy to set in motion.
First things first, bump the pubspec.yaml
version number. This can be in a PR making a change or a separate PR. Use semantic versioning to determine which part to increment. The version number after the +
should also be incremented. For example 1.2.3+010203
with a patch should become 1.2.4+010204
.
Then, use the following workflows. It is strongly recommended to use the staging/beta environments when available, before deploying to production.
Note Once an .aab is released with a particular version number, it can't be replaced. The version number must be incremented again.
Note The release draft is private until published. Upon being published, the specified version tag will be created.
msstore init
within the repository and setting repository/environment secrets .See the instructions in the documentation for more information.
For posterity, information about doing these things locally is available at go/flutter-gallery-manual-deployment.
The gallery has its own set of unit, golden, and integration tests.
In addition, Flutter itself uses the gallery in tests. To enable breaking changes, the gallery version is pinned in two places: