@invarn/cibuild 1.3.16 → 1.3.17

package/dist/src/commands/android-scanner.js

@@ -0,0 +1,667 @@
+import { resolve, relative } from "node:path";
+import { existsSync, readFileSync } from "node:fs";
+// ---------------------------------------------------------------------------
+// File discovery
+// ---------------------------------------------------------------------------
+/**
+ * Returns the list of gradle files to scan.
+ * Always includes the root build.gradle and the app/ module.
+ * Also parses settings.gradle to find any additional include'd modules.
+ */
+function findGradleFiles(root) {
+    const candidates = [];
+    // Root-level build files
+    for (const name of ["build.gradle", "build.gradle.kts"]) {
+        const p = resolve(root, name);
+        if (existsSync(p))
+            candidates.push(p);
+    }
+    // Collect module directories from settings.gradle
+    const moduleDirs = new Set(["app"]); // always include app/
+    for (const name of ["settings.gradle", "settings.gradle.kts"]) {
+        const p = resolve(root, name);
+        if (!existsSync(p))
+            continue;
+        const content = readFileSync(p, "utf-8");
+        // Matches: include ':module', include(":module"), include ':a', ':b'
+        const includeRe = /include\s*[\(']?\s*['"]:([^'")\s,]+)/g;
+        let m;
+        while ((m = includeRe.exec(content)) !== null) {
+            moduleDirs.add(m[1].replace(/:/g, "/"));
+        }
+    }
+    for (const mod of moduleDirs) {
+        for (const name of ["build.gradle", "build.gradle.kts"]) {
+            const p = resolve(root, mod, name);
+            if (existsSync(p))
+                candidates.push(p);
+        }
+    }
+    return candidates;
+}
+function safeRead(path) {
+    try {
+        return readFileSync(path, "utf-8");
+    }
+    catch {
+        return "";
+    }
+}
+function relPath(root, filePath) {
+    return relative(root, filePath);
+}
+/**
+ * Returns line numbers for each match of a regex in file content.
+ */
+function lineNumber(content, index) {
+    return content.slice(0, index).split("\n").length;
+}
+/** Extract all System.getenv("VAR") references. */
+function extractEnvVarRefs(content) {
+    const results = [];
+    const re = /System\.getenv\(\s*["']([^"']+)["']\s*\)/g;
+    let m;
+    while ((m = re.exec(content)) !== null) {
+        results.push({ name: m[1], line: lineNumber(content, m.index) });
+    }
+    return results;
+}
+/** Extract Groovy findProperty("prop") and Kotlin properties["prop"] references. */
+function extractPropertyRefs(content) {
+    const results = [];
+    // Groovy: project.findProperty("name") or findProperty("name")
+    const groovyRe = /(?:project\.)?findProperty\(\s*["']([^"']+)["']\s*\)/g;
+    let m;
+    while ((m = groovyRe.exec(content)) !== null) {
+        results.push({ name: m[1], line: lineNumber(content, m.index) });
+    }
+    // Kotlin DSL: properties["name"] or project.properties["name"]
+    const kotlinRe = /(?:project\.)?properties\["([^"]+)"\]/g;
+    while ((m = kotlinRe.exec(content)) !== null) {
+        results.push({ name: m[1], line: lineNumber(content, m.index) });
+    }
+    return results;
+}
+/**
+ * Extract env var names from buildConfigField entries.
+ * e.g. buildConfigField "String", "API_KEY", System.getenv("MAPS_API_KEY") ?: ""
+ * Returns the System.getenv variable names embedded inside buildConfigField values.
+ */
+function extractBuildConfigEnvRefs(content) {
+    const results = [];
+    // Match buildConfigField lines that also contain System.getenv
+    const lineRe = /buildConfigField\s*[\("]/g;
+    let m;
+    const envRe = /System\.getenv\(\s*["']([^"']+)["']\s*\)/g;
+    while ((m = lineRe.exec(content)) !== null) {
+        // Find the end of the statement (next newline or semicolon)
+        const lineEnd = content.indexOf("\n", m.index);
+        const slice = content.slice(m.index, lineEnd === -1 ? undefined : lineEnd + 1);
+        let em;
+        while ((em = envRe.exec(slice)) !== null) {
+            results.push({ name: em[1], line: lineNumber(content, m.index) });
+        }
+        envRe.lastIndex = 0;
+    }
+    return results;
+}
+/**
+ * Returns true if the Google Secrets Gradle Plugin is applied.
+ * This plugin reads local.properties (or a configured file) and auto-generates
+ * BuildConfig fields — so if that file is absent in CI, fields won't be generated.
+ */
+function detectSecretsPlugin(content) {
+    return (/alias\s*\(\s*libs\.plugins\.secrets\s*\)/.test(content) ||
+        /id\s*\(\s*["']com\.google\.android\.libraries\.mapsplatform\.secrets-gradle-plugin["']\s*\)/.test(content) ||
+        /id\s*["']com\.google\.android\.libraries\.mapsplatform\.secrets-gradle-plugin["']/.test(content));
+}
+/**
+ * Extracts the `propertiesFileName` from a `secrets { }` block.
+ * Defaults to "local.properties" if not configured.
+ */
+function extractSecretsPropertiesFile(content) {
+    const block = extractBlockContent(content, "secrets");
+    if (!block)
+        return "local.properties";
+    const m = /propertiesFileName\s*=\s*["']([^"']+)["']/.exec(block);
+    return m ? m[1] : "local.properties";
+}
+/** Parse property keys from a standard .properties file, skipping comments and blank lines. */
+function parsePropertyKeys(propertiesContent) {
+    return propertiesContent
+        .split("\n")
+        .map((l) => l.trim())
+        .filter((l) => l && !l.startsWith("#") && l.includes("="))
+        .map((l) => l.split("=")[0].trim())
+        .filter(Boolean);
+}
+/** Returns true if the GMS google-services plugin is applied in this content. */
+function detectGmsPlugin(content) {
+    return (/apply\s+plugin\s*:\s*['"]com\.google\.gms\.google-services['"]/.test(content) ||
+        /id\s*\(\s*["']com\.google\.gms\.google-services["']\s*\)/.test(content) ||
+        /id\s*["']com\.google\.gms\.google-services["']/.test(content));
+}
+/** Returns true if a signingConfigs block exists. */
+function detectSigningConfigs(content) {
+    return /signingConfigs\s*\{/.test(content);
+}
+/**
+ * Extract env var and property references from within signingConfigs blocks.
+ * Looks for storeFile, storePassword, keyAlias, keyPassword assignments.
+ */
+function parseSigningCredentialRefs(content) {
+    const results = [];
+    const blockRe = /signingConfigs\s*\{([\s\S]*?)^\s*\}/m;
+    const match = blockRe.exec(content);
+    if (!match)
+        return results;
+    const block = match[1];
+    const blockStart = match.index;
+    // System.getenv inside signing block
+    const envRe = /System\.getenv\(\s*["']([^"']+)["']\s*\)/g;
+    let m;
+    while ((m = envRe.exec(block)) !== null) {
+        results.push({ name: m[1], line: lineNumber(content, blockStart + m.index) });
+    }
+    // findProperty / properties[] inside signing block
+    const propRe = /(?:project\.)?findProperty\(\s*["']([^"']+)["']\s*\)|(?:project\.)?properties\["([^"]+)"\]/g;
+    while ((m = propRe.exec(block)) !== null) {
+        results.push({ name: m[1] ?? m[2], line: lineNumber(content, blockStart + m.index) });
+    }
+    return results;
+}
+/**
+ * Extract referenced keystore file paths from signingConfigs.
+ * Handles: storeFile file("path") and storeFile = file("path")
+ */
+function extractKeystorePaths(content) {
+    const paths = [];
+    const re = /storeFile\s*(?:=\s*)?file\(\s*["']([^"']+)["']\s*\)/g;
+    let m;
+    while ((m = re.exec(content)) !== null) {
+        paths.push(m[1]);
+    }
+    return paths;
+}
+// ---------------------------------------------------------------------------
+// Java version detection
+// ---------------------------------------------------------------------------
+/**
+ * Parses a raw version token into a major Java version number.
+ * Handles formats: "21", "17", "1.8" (→ 8), "VERSION_21", "VERSION_1_8" (→ 8).
+ */
+function parseJavaVersion(raw) {
+    // JavaVersion enum: VERSION_21, VERSION_17, VERSION_1_8
+    const enumMatch = /VERSION_1_(\d)$/.exec(raw);
+    if (enumMatch)
+        return parseInt(enumMatch[1], 10);
+    const enumMatch2 = /VERSION_(\d+)$/.exec(raw);
+    if (enumMatch2)
+        return parseInt(enumMatch2[1], 10);
+    // String literal: "21", "17", "11", "1.8"
+    const legacyMatch = /^1\.(\d)$/.exec(raw.trim());
+    if (legacyMatch)
+        return parseInt(legacyMatch[1], 10);
+    const plain = parseInt(raw.trim(), 10);
+    if (!isNaN(plain))
+        return plain;
+    return undefined;
+}
+/**
+ * Scans Gradle file content for Java / JVM version requirements and returns
+ * the highest version number found.
+ *
+ * Detects:
+ *   - sourceCompatibility / targetCompatibility (Groovy & Kotlin DSL)
+ *   - kotlinOptions { jvmTarget = "21" }
+ *   - jvmToolchain(21)  /  jvmToolchain { languageVersion.set(JavaLanguageVersion.of(21)) }
+ *   - java { toolchain { languageVersion.set(JavaLanguageVersion.of(21)) } }
+ */
+function detectJavaVersionInContent(content) {
+    const candidates = [];
+    // sourceCompatibility / targetCompatibility = JavaVersion.VERSION_21 or = "21" or = JavaVersion.VERSION_1_8
+    const compatRe = /(?:sourceCompatibility|targetCompatibility)\s*[=\s]+([A-Za-z0-9._]+)/g;
+    let m;
+    while ((m = compatRe.exec(content)) !== null) {
+        const v = parseJavaVersion(m[1]);
+        if (v)
+            candidates.push(v);
+    }
+    // jvmTarget = "21" (inside kotlinOptions or compileOptions)
+    const jvmTargetRe = /jvmTarget\s*=\s*["']([^"']+)["']/g;
+    while ((m = jvmTargetRe.exec(content)) !== null) {
+        const v = parseJavaVersion(m[1]);
+        if (v)
+            candidates.push(v);
+    }
+    // jvmToolchain(21)
+    const toolchainRe = /jvmToolchain\s*\(\s*(\d+)\s*\)/g;
+    while ((m = toolchainRe.exec(content)) !== null) {
+        candidates.push(parseInt(m[1], 10));
+    }
+    // JavaLanguageVersion.of(21)
+    const langVerRe = /JavaLanguageVersion\.of\s*\(\s*(\d+)\s*\)/g;
+    while ((m = langVerRe.exec(content)) !== null) {
+        candidates.push(parseInt(m[1], 10));
+    }
+    return candidates.length > 0 ? Math.max(...candidates) : undefined;
+}
+/**
+ * Returns the highest Java version requirement found across all Gradle files,
+ * or undefined if none is detected.
+ */
+function detectRequiredJavaVersion(gradleFiles) {
+    const versions = [];
+    for (const filePath of gradleFiles) {
+        const content = safeRead(filePath);
+        const v = detectJavaVersionInContent(content);
+        if (v !== undefined)
+            versions.push(v);
+    }
+    return versions.length > 0 ? Math.max(...versions) : undefined;
+}
+// ---------------------------------------------------------------------------
+// Gitignore helper
+// ---------------------------------------------------------------------------
+const CI_RELEVANT_GITIGNORE_PATTERNS = [
+    { pattern: /google-services\.json/, label: "google-services.json" },
+    { pattern: /local\.properties/, label: "local.properties" },
+    { pattern: /keystore\.properties/, label: "keystore.properties" },
+    { pattern: /\.jks$|\.keystore$|\*\.jks|\*\.keystore/, label: "keystore files (*.jks / *.keystore)" },
+    { pattern: /\.env$|\*\.env/, label: ".env files" },
+];
+function checkGitignore(root) {
+    const gitignorePath = resolve(root, ".gitignore");
+    if (!existsSync(gitignorePath))
+        return [];
+    const content = safeRead(gitignorePath);
+    const lines = content.split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#"));
+    const found = [];
+    for (const { pattern, label } of CI_RELEVANT_GITIGNORE_PATTERNS) {
+        if (lines.some((l) => pattern.test(l))) {
+            found.push(label);
+        }
+    }
+    return found;
+}
+// ---------------------------------------------------------------------------
+// Build variant detection
+// ---------------------------------------------------------------------------
+/**
+ * Extracts the inner content of a named block using brace-counting.
+ * e.g. extractBlockContent(content, "buildTypes") returns everything inside buildTypes { ... }.
+ * Returns undefined if the block is not found.
+ */
+function extractBlockContent(content, keyword) {
+    const keywordRe = new RegExp(`\\b${keyword}\\s*\\{`);
+    const match = keywordRe.exec(content);
+    if (!match)
+        return undefined;
+    const start = content.indexOf("{", match.index);
+    let depth = 0;
+    for (let i = start; i < content.length; i++) {
+        if (content[i] === "{")
+            depth++;
+        else if (content[i] === "}") {
+            depth--;
+            if (depth === 0)
+                return content.slice(start + 1, i);
+        }
+    }
+    return undefined;
+}
+const CONTROL_KEYWORDS = new Set([
+    "if", "else", "for", "while", "when", "try", "catch", "finally",
+    "return", "val", "var", "fun", "object", "class", "interface",
+]);
+/**
+ * Extracts the names of direct child blocks from block content.
+ * Handles both Groovy DSL (name { }) and Kotlin DSL (create("name") { } / getByName("name") { }).
+ */
+function extractDirectChildNames(block) {
+    const names = [];
+    let depth = 0;
+    for (const line of block.split("\n")) {
+        const opens = (line.match(/\{/g) || []).length;
+        const closes = (line.match(/\}/g) || []).length;
+        if (depth === 0 && opens > 0) {
+            // Kotlin DSL: create("name") { or getByName("name") {
+            const kotlinMatch = /(?:create|getByName)\(\s*["'](\w+)["']\s*\)/.exec(line);
+            if (kotlinMatch) {
+                names.push(kotlinMatch[1]);
+            }
+            else {
+                // Groovy DSL: name { (identifier followed by optional whitespace then {)
+                const groovyMatch = /^\s*([a-z]\w*)\s*(?:\.\w+\s*)?\{/.exec(line);
+                if (groovyMatch && !CONTROL_KEYWORDS.has(groovyMatch[1])) {
+                    names.push(groovyMatch[1]);
+                }
+            }
+        }
+        depth += opens - closes;
+        if (depth < 0)
+            depth = 0;
+    }
+    return [...new Set(names)];
+}
+/**
+ * Detects build types and product flavors from Gradle files by static parsing.
+ * Always includes "debug" and "release" as defaults.
+ */
+export function detectBuildVariants(gradleFiles) {
+    const buildTypeSet = new Set(["debug", "release"]);
+    const productFlavorSet = new Set();
+    for (const filePath of gradleFiles) {
+        const content = safeRead(filePath);
+        const buildTypesBlock = extractBlockContent(content, "buildTypes");
+        if (buildTypesBlock) {
+            for (const name of extractDirectChildNames(buildTypesBlock)) {
+                buildTypeSet.add(name);
+            }
+        }
+        const productFlavorsBlock = extractBlockContent(content, "productFlavors");
+        if (productFlavorsBlock) {
+            for (const name of extractDirectChildNames(productFlavorsBlock)) {
+                productFlavorSet.add(name);
+            }
+        }
+    }
+    const buildTypes = Array.from(buildTypeSet);
+    const productFlavors = Array.from(productFlavorSet);
+    const variants = productFlavors.length === 0
+        ? buildTypes
+        : productFlavors.flatMap((flavor) => buildTypes.map((bt) => `${flavor}${bt.charAt(0).toUpperCase()}${bt.slice(1)}`));
+    return { buildTypes, productFlavors, variants };
+}
+// ---------------------------------------------------------------------------
+// Main scanner
+// ---------------------------------------------------------------------------
+export async function scanAndroidProject(projectRoot) {
+    const warnings = [];
+    // Track env vars we've already warned about to avoid duplicates
+    const seenEnvVars = new Set();
+    const seenProperties = new Set();
+    // Compute gitignore items upfront — used in multiple sections below
+    const gitignoreItems = checkGitignore(projectRoot);
+    // ------------------------------------------------------------------
+    // 1. Missing files
+    // ------------------------------------------------------------------
+    if (!existsSync(resolve(projectRoot, "local.properties"))) {
+        warnings.push({
+            category: "missing-file",
+            severity: "warning",
+            message: "local.properties not found",
+            hint: "CI needs ANDROID_HOME set as an env var, or sdk.dir in local.properties",
+        });
+    }
+    // ------------------------------------------------------------------
+    // 2. Detect required Java version and build variants
+    // ------------------------------------------------------------------
+    const gradleFiles = findGradleFiles(projectRoot);
+    const detectedJavaVersion = detectRequiredJavaVersion(gradleFiles);
+    const buildVariants = detectBuildVariants(gradleFiles);
+    // ------------------------------------------------------------------
+    // 3. Scan Gradle files
+    // ------------------------------------------------------------------
+    let gmsDetected = false;
+    let gmsDetectedIn = "";
+    let signingDetected = false;
+    let signingDetectedIn = "";
+    for (const filePath of gradleFiles) {
+        const content = safeRead(filePath);
+        const rel = relPath(projectRoot, filePath);
+        // GMS plugin
+        if (detectGmsPlugin(content)) {
+            gmsDetected = true;
+            gmsDetectedIn = rel;
+        }
+        // Signing config
+        if (detectSigningConfigs(content)) {
+            signingDetected = true;
+            signingDetectedIn = rel;
+            // Keystore file paths referenced
+            for (const kPath of extractKeystorePaths(content)) {
+                const resolved = resolve(projectRoot, kPath);
+                if (!existsSync(resolved)) {
+                    warnings.push({
+                        category: "missing-file",
+                        severity: "warning",
+                        message: `Keystore file not found: ${kPath}`,
+                        hint: "Provide the keystore file as a secret file in CI or update the path in signingConfigs",
+                        location: rel,
+                    });
+                }
+            }
+            // Signing credential env var / property refs
+            for (const ref of parseSigningCredentialRefs(content)) {
+                if (!seenEnvVars.has(ref.name)) {
+                    seenEnvVars.add(ref.name);
+                    warnings.push({
+                        category: "signing-config",
+                        severity: "warning",
+                        message: `Signing credential referenced: ${ref.name}`,
+                        hint: `Add via: ci secrets add ${ref.name}`,
+                        location: `${rel}:${ref.line}`,
+                    });
+                }
+            }
+        }
+        // System.getenv() references (outside buildConfigField — caught separately)
+        for (const ref of extractEnvVarRefs(content)) {
+            if (!seenEnvVars.has(ref.name)) {
+                seenEnvVars.add(ref.name);
+                warnings.push({
+                    category: "env-var",
+                    severity: "warning",
+                    message: `Environment variable referenced: ${ref.name}`,
+                    hint: `Add via: ci secrets add ${ref.name}`,
+                    location: `${rel}:${ref.line}`,
+                });
+            }
+        }
+        // buildConfigField + System.getenv references
+        for (const ref of extractBuildConfigEnvRefs(content)) {
+            if (!seenEnvVars.has(ref.name)) {
+                seenEnvVars.add(ref.name);
+                warnings.push({
+                    category: "build-config",
+                    severity: "warning",
+                    message: `BuildConfig env var referenced: ${ref.name}`,
+                    hint: `Add via: ci secrets add ${ref.name}`,
+                    location: `${rel}:${ref.line}`,
+                });
+            }
+        }
+        // Gradle property references
+        for (const ref of extractPropertyRefs(content)) {
+            if (!seenProperties.has(ref.name)) {
+                seenProperties.add(ref.name);
+                warnings.push({
+                    category: "gradle-property",
+                    severity: "warning",
+                    message: `Gradle property referenced: ${ref.name}`,
+                    hint: "Define in gradle.properties or pass as -P flag on CI",
+                    location: `${rel}:${ref.line}`,
+                });
+            }
+        }
+    }
+    // ------------------------------------------------------------------
+    // 4. Google Secrets Gradle Plugin — detect missing local.properties
+    // ------------------------------------------------------------------
+    //
+    // The Secrets plugin reads a properties file (default: local.properties) and
+    // auto-generates BuildConfig fields.  If that file is gitignored / absent in CI
+    // the fields are not generated, causing "Unresolved reference" compile errors.
+    // We check once per unique properties file path across all modules.
+    // ------------------------------------------------------------------
+    const seenSecretsPropertiesFiles = new Set();
+    // First pass: collect the defaultPropertiesFileName from any build file that sets it.
+    // This is typically "secrets.defaults.properties" in the app module.
+    let secretsDefaultsFileName;
+    for (const filePath of gradleFiles) {
+        const content = safeRead(filePath);
+        const block = extractBlockContent(content, "secrets");
+        if (!block)
+            continue;
+        const m = /defaultPropertiesFileName\s*=\s*["']([^"']+)["']/.exec(block);
+        if (m) {
+            secretsDefaultsFileName = m[1];
+            break;
+        }
+    }
+    // Also look for any *.defaults.properties file in the project root as a fallback
+    if (!secretsDefaultsFileName) {
+        const candidates = ["secrets.defaults.properties", "local.defaults.properties"];
+        for (const c of candidates) {
+            if (existsSync(resolve(projectRoot, c))) {
+                secretsDefaultsFileName = c;
+                break;
+            }
+        }
+    }
+    for (const filePath of gradleFiles) {
+        const content = safeRead(filePath);
+        if (!detectSecretsPlugin(content))
+            continue;
+        const propsFileName = extractSecretsPropertiesFile(content);
+        if (seenSecretsPropertiesFiles.has(propsFileName))
+            continue;
+        seenSecretsPropertiesFiles.add(propsFileName);
+        // Warn when the properties file is gitignored — it won't be present on a clean CI machine
+        // even if it exists locally (e.g. local.properties with only sdk.dir).
+        const isGitignored = gitignoreItems.some((item) => item.includes(propsFileName));
+        if (!isGitignored)
+            continue;
+        // Find expected keys from the companion defaults file
+        const expectedKeys = secretsDefaultsFileName
+            ? parsePropertyKeys(safeRead(resolve(projectRoot, secretsDefaultsFileName)))
+            : [];
+        if (expectedKeys.length > 0) {
+            // Emit one warning per expected key so it shows up in the missing-secrets hint
+            for (const key of expectedKeys) {
+                warnings.push({
+                    category: "secrets-plugin",
+                    severity: "warning",
+                    message: `Secrets plugin key: ${key}`,
+                    hint: `Add via: ci secrets add ${key}`,
+                    location: propsFileName,
+                });
+            }
+        }
+        else {
+            warnings.push({
+                category: "secrets-plugin",
+                severity: "warning",
+                message: `Google Secrets Gradle Plugin reads '${propsFileName}' which is absent in CI`,
+                hint: `Inject '${propsFileName}' as a file step using a secret variable`,
+                location: relPath(projectRoot, filePath),
+            });
+        }
+    }
+    // ------------------------------------------------------------------
+    // 5. Firebase / GMS — check google-services.json after scanning all files
+    // ------------------------------------------------------------------
+    if (gmsDetected) {
+        // google-services.json can live in the root or in the app module dir
+        const candidatePaths = [
+            resolve(projectRoot, "google-services.json"),
+            resolve(projectRoot, "app", "google-services.json"),
+        ];
+        const found = candidatePaths.some((p) => existsSync(p));
+        if (!found) {
+            warnings.push({
+                category: "firebase",
+                severity: "warning",
+                message: `google-services.json not found (GMS plugin detected in ${gmsDetectedIn})`,
+                hint: "Add google-services.json as a secret file or generate it from env vars at build time",
+            });
+        }
+    }
+    // ------------------------------------------------------------------
+    // 5. Signing config summary warning (if detected and not already specific)
+    // ------------------------------------------------------------------
+    if (signingDetected) {
+        warnings.push({
+            category: "signing-config",
+            severity: "info",
+            message: `signingConfigs block found in ${signingDetectedIn}`,
+            hint: "Ensure keystore file and all signing credentials are available in the CI environment",
+        });
+    }
+    // ------------------------------------------------------------------
+    // 6. Gitignore cross-check
+    // ------------------------------------------------------------------
+    for (const item of gitignoreItems) {
+        // Only warn if we haven't already emitted a more specific warning for it
+        const alreadyCovered = (item === "google-services.json" && gmsDetected) ||
+            (item === "local.properties" && !existsSync(resolve(projectRoot, "local.properties")));
+        if (!alreadyCovered) {
+            warnings.push({
+                category: "missing-file",
+                severity: "info",
+                message: `${item} is in .gitignore — likely absent in CI`,
+                hint: "Provide this file as a secret or generate it at build time",
+            });
+        }
+    }
+    return { warnings, detectedJavaVersion, buildVariants };
+}
+// ---------------------------------------------------------------------------
+// Formatter
+// ---------------------------------------------------------------------------
+const CATEGORY_LABELS = {
+    "missing-file": "Missing files",
+    "env-var": "Environment variables referenced in Gradle files",
+    "gradle-property": "Gradle properties referenced",
+    "signing-config": "Signing configuration",
+    "build-config": "BuildConfig env vars",
+    "firebase": "Firebase / GMS",
+    "secrets-plugin": "Google Secrets Gradle Plugin (local.properties keys)",
+};
+export function formatScanResult(result) {
+    const lines = [];
+    const sep = "─".repeat(50);
+    // Always show the detected Java version
+    if (result.detectedJavaVersion !== undefined) {
+        lines.push(`ℹ  Detected Java ${result.detectedJavaVersion} requirement — pipeline will use Java ${result.detectedJavaVersion}`);
+        lines.push("");
+    }
+    if (result.warnings.length === 0) {
+        lines.push("✅ No potential unknowns detected.");
+        return lines.join("\n") + "\n";
+    }
+    lines.push(`⚠  Android Project Scan — Potential Unknowns`);
+    lines.push(sep);
+    lines.push("");
+    // Group by category
+    const byCategory = new Map();
+    for (const w of result.warnings) {
+        if (!byCategory.has(w.category))
+            byCategory.set(w.category, []);
+        byCategory.get(w.category).push(w);
+    }
+    for (const [cat, items] of byCategory) {
+        lines.push(`${CATEGORY_LABELS[cat]}:`);
+        for (const w of items) {
+            const icon = w.severity === "warning" ? "⚠ " : "ℹ ";
+            const loc = w.location ? `  (${w.location})` : "";
+            lines.push(`  ${icon} ${w.message}${loc}`);
+            if (w.hint) {
+                lines.push(`     Hint: ${w.hint}`);
+            }
+        }
+        lines.push("");
+    }
+    lines.push(sep);
+    const warnCount = result.warnings.filter((w) => w.severity === "warning").length;
+    const infoCount = result.warnings.filter((w) => w.severity === "info").length;
+    const parts = [];
+    if (warnCount > 0)
+        parts.push(`${warnCount} warning(s)`);
+    if (infoCount > 0)
+        parts.push(`${infoCount} info`);
+    lines.push(`${parts.join(", ")} found. Review before running on CI.`);
+    return lines.join("\n");
+}
+//# sourceMappingURL=android-scanner.js.map

package/dist/src/commands/build.d.ts

@@ -0,0 +1,5 @@
+export declare function handleBuildCommand(detectMobileProjectRoot: (dir: string) => "android" | "ios" | null, options?: {
+    createPipelinesDir?: boolean;
+    nonInteractive?: boolean;
+}): Promise<void>;
+//# sourceMappingURL=build.d.ts.map

package/dist/src/commands/build.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"build.d.ts","sourceRoot":"","sources":["../../../src/commands/build.ts"],"names":[],"mappings":"AAw9BA,wBAAsB,kBAAkB,CACtC,uBAAuB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,SAAS,GAAG,KAAK,GAAG,IAAI,EAClE,OAAO,GAAE;IAAE,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAAC,cAAc,CAAC,EAAE,OAAO,CAAA;CAAO,GACvE,OAAO,CAAC,IAAI,CAAC,CAqRf"}