This Jenkins plugin scans your mobile app using Google Checks to uncover compliance issues and data collection/sharing behaviors.
Checks is a compliance platform from Google for mobile app developers that simplifies the path to privacy for development teams and the apps they’re building. Learn more at checks.google.com.
- Create your Checks account. Request access at https://goo.gle/get-checks.
- Your app to analyze is set up on Checks. For more info, read our documention on connecting apps to Checks.
Read our developer document at https://developers.google.com/checks/guide/ci-cd/jenkins.
| Name | Type | Default | Description |
|---|---|---|---|
| accountId | string | – | Google Checks account ID from Checks settings page |
| appId | string | – | Google Checks application ID |
| binaryPath | string | – | Path to the application binary file: .apk, .aab or .ipa |
| credentialsId | string | – | Store the contents of your service account JSON file as a secret text credential in Jenkins. For instructions on generating a service account, refer to the Authenticate Google Checks with a service account documentation. To learn how to add a new secret in Jenkins, refer to the Jenkins Credentials documentation. |
| generateReport | boolean | true | If false, the step won't upload and run the report for binaryPath. It is useful to test your authentication and other paramaters. |
| waitForReport | boolean | true | If false, the step won't wait for the report completion and the pipeline will keep going. |
| severityThreshold | string | – | Valid values are: PRIORITY POTENTIAL OPPORTUNITY |
| failOn | string | – | if ALL then step will fail if there are any failed checks following severityThreshold condition. It won't fail by default. |
pipeline {
agent any
stages {
stage('Upload to checks') {
steps {
uploadToChecks(
accountId: '<your Google Checks account ID>',
appId: '<your Google Checks app ID>',
binaryPath: '<path to .apk/.aab/.ipa>',
credentialsId: '<credentials ID from Jenkins Credentials>',
)
}
}
}
}
We'll be assuming that you have some knowledge of Jenkins and Checks.
- Clone this repository
- Run
mvn hpi:run - Go to http://localhost:8080/jenkins
- Update the installed plugins.
- Install Pipeline plugin. It isn't added as a dependency of the plugin because it isn't recommended.
- Add your service account content into a Jenkins credentials under Global domain
- Create and run a pipeline (see README to find an example, and we suggest to use:
generateReport: falseat the beginning to make sure the authentication and other parameters are valid.) - if you want to upload an APK file, you can place an APK file at the root of this repository, and it'll be accessible with
binaryPath: './my-app.apk'
run mvn test or when using Intellij IDEA you can open test files and run individual classes and/or tests.
The plugin focuses on running as a step within a pipeline. Here are a quick explanation of the files:
Classes that interact with Jenkins:
- UploadToChecksStep is defining the parameters and name of the plugin
- UploadToChecksStepExecution is the code that the plugin runs
Classes that interact with Google Checks:
- GoogleChecks: manage communication with Google Checks API alongs with models to define the API responses types
- GoogleCredentialsHelper and GoogleCredentialsHelperFactory deal with Google authentication and the factory pattern help us mock the authenication when running tests