Merge branch 'main' into html-gradient

Author: xtyxtyx

.ci.yaml

@@ -2,6 +2,7 @@
 # Note: Some of the checks here are used as errors selectively, see
 # //ci/lint.sh
 Checks: "bugprone-use-after-move,\
+bugprone-unchecked-optional-access,\
 clang-analyzer-*,\
 clang-diagnostic-*,\
 darwin-*,\

.clang-tidy

@@ -0,0 +1,8 @@
+# Copyright 2023 The Flutter Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# This file will be added to flutter's internal repository.
+# https://github.com/flutter/flutter/wiki/Autosubmit-bot
+config_path: 'autosubmit/flutter/autosubmit_main.yml'
+

.github/autosubmit.yml

@@ -0,0 +1,22 @@
+changelog:
+  exclude:
+    authors:
+      - skia-flutter-autoroll
+      - dependabot
+  categories:
+    - title: Impeller
+      labels:
+        - impeller
+    - title: Android
+      labels:
+        - platform-android
+    - title: iOS
+      labels:
+        - platform-ios
+    - title: Web
+      labels:
+        - platform-web
+    - title: Desktop
+      labels:
+        - platform-windows
+        - platform-macos

.github/release.yml

@@ -21,7 +21,7 @@ jobs:
     steps:
       - name: Mirror action step
         id: mirror
-        uses: google/mirror-branch-action@c6b07e441a7ffc5ae15860c1d0a8107a3a151db8
+        uses: google/mirror-branch-action@30c52ee21f5d3bd7fb28b95501c11aae7f17eebb
         with:
           github-token: ${{ secrets.FLUTTERMIRRORINGBOT_TOKEN }}
           source: 'main'

.github/workflows/mirror.yml

@@ -9,22 +9,6 @@ on:
 permissions: read-all
 
 jobs:
-  vuln-scan:
-    name: Vulnerability scanning
-    runs-on: ubuntu-20.04
-    if: ${{ github.repository == 'flutter/engine' }}
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
-        with:
-          persist-credentials: false
-      - name: "setup python"
-        uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
-        with:
-          python-version: '3.7.7' # install the python version needed
-      - name: "execute py script"
-        run: python ci/deps_parser.py
-
   scorecards:
     name: Scorecards analysis
     runs-on: ubuntu-latest
@@ -38,11 +22,11 @@ jobs:
       id-token: write
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
         with:
           persist-credentials: false
       - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86
+        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af
         with:
           results_file: results.sarif
           results_format: sarif
@@ -65,6 +49,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@16964e90ba004cdf0cd845b866b5df21038b7723
+        uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866
         with:
           sarif_file: results.sarif

.github/workflows/scorecards-analysis.yml

@@ -1,56 +1,47 @@
-name: Third party dependency scan
+name: Third party deps scan
 on:
   # Only the default branch is supported.
   branch_protection_rule:
+  push:
     branches: [ main ]
-    schedule:
-      - cron: "0 8 * * *" # runs daily at 08:00
-
 
 # Declare default permissions as read only.
 permissions: read-all
 
 jobs:
-  analysis:
-    name: Third party dependency scan
-    runs-on: ubuntu-latest
+  vuln-scan:
+    name: Vulnerability scanning
+    runs-on: ubuntu-20.04
+    if: ${{ github.repository == 'flutter/engine' }}
     permissions:
-      # Needed to upload the results to code-scanning dashboard.
+      # Needed to upload the SARIF results to code-scanning dashboard.
       security-events: write
       actions: read
       contents: read
-
+      # Needed to access OIDC token.
+      id-token: write
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
         with:
           persist-credentials: false
-
-      - name: setup python
-        uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
+      - name: "setup python"
+        uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0
         with:
           python-version: '3.7.7' # install the python version needed
-
-      - name: install dependency
-        run: pip install git+https://github.com/psf/requests.git@4d394574f5555a8ddcc38f707e0c9f57f55d9a3b
-
-      - name: execute py script
-        run: python ci/deps_parser.py 
-      
-      - name: parse deps_parser output.txt
-        run: python ci/scan_flattened_deps.py 
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
+      - name: "extract and flatten deps"
+        run: python ci/deps_parser.py
+      - name: "scan deps for vulnerabilities"
+        run: python ci/scan_flattened_deps.py
+      # Upload the results as artifacts.
       - name: "Upload artifact"
         uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
         with:
           name: SARIF file
           path: osvReport.sarif
           retention-days: 5
-
       # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@16964e90ba004cdf0cd845b866b5df21038b7723
+      - name: "Upload to security tab"
+        uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866
         with:
           sarif_file: osvReport.sarif

.github/workflows/third_party_scan.yml

@@ -38,6 +38,7 @@ docstring-quote = double
 # multiple time (only on the command line, not in the configuration file where
 # it should appear only once).
 disable=
+    duplicate-code,
     exec-used,
     fixme,
     missing-class-docstring,

.pylintrc

@@ -177,13 +177,16 @@ group("unittests") {
     }
 
     if (is_mac || is_linux || is_win) {
-      public_deps += [ "//flutter/impeller:impeller_unittests" ]
+      public_deps += [
+        "//flutter/impeller:impeller_dart_unittests",
+        "//flutter/impeller:impeller_unittests",
+      ]
     }
 
     if (is_mac) {
-      public_deps +=
-          [ "//flutter/shell/platform/darwin:flutter_channels_unittests" ]
       public_deps += [
+        "//flutter/impeller/golden_tests:impeller_golden_tests",
+        "//flutter/shell/platform/darwin:flutter_channels_unittests",
         "//flutter/third_party/spring_animation:spring_animation_unittests",
       ]
     }