From d42ebe42db447ae6476f6c9a9296ec1a031d64e1 Mon Sep 17 00:00:00 2001
From: Adrian Perez de Castro <aperez@igalia.com>
Date: Fri, 21 Mar 2025 22:05:40 +0200
Subject: [PATCH 1/2] lint: Generate SARIF reports for all subprojects

Configure the Android lint plugin to check subprojects and their
dependencies, producing SARIF [1] reports in the build/sarif-reports/
These can later be configured to be uploaded to GitHub in a way that
the web interface will display the issues found and allow navigating
to them.

[1] Standard format for static analysis output, see
    https://sarifweb.azurewebsites.net/
---
 build.gradle               | 14 ++++++++++++++
 tools/mediaplayer/lint.xml |  1 +
 2 files changed, 15 insertions(+)

diff --git a/build.gradle b/build.gradle
index 0e3d031b5..d76b9f547 100644
--- a/build.gradle
+++ b/build.gradle
@@ -55,3 +55,17 @@ gradle.afterProject { project ->
         }
     }
 }
+
+subprojects {
+    afterEvaluate {
+        if (getPlugins().hasPlugin('android') || getPlugins().hasPlugin('android-library')) {
+            configure(android.lint) {
+                checkDependencies = true
+                warningsAsErrors = false
+                ignoreWarnings = false
+                sarifReport = true
+                sarifOutput = file("build/sarif-reports/lint-${name}.sarif")
+            }
+        }
+    }
+}
diff --git a/tools/mediaplayer/lint.xml b/tools/mediaplayer/lint.xml
index 9b5edb288..0a681e29c 100644
--- a/tools/mediaplayer/lint.xml
+++ b/tools/mediaplayer/lint.xml
@@ -4,6 +4,7 @@
     <issue id="LogConditional" severity="ignore" />
     <issue id="InvalidPackage" severity="ignore" />
     <issue id="MonochromeLauncherIcon" severity="ignore" />
+    <issue id="ChromeOsAbiSupport" severity="ignore" />
 
     <issue id="AndroidGradlePluginVersion" severity="warning" />
     <issue id="NewerVersionAvailable" severity="warning" />

From e8ec7d113494e84cab37f6b873effcb2103df4f5 Mon Sep 17 00:00:00 2001
From: Adrian Perez de Castro <aperez@igalia.com>
Date: Fri, 21 Mar 2025 22:11:28 +0200
Subject: [PATCH 2/2] CI: Upload SARIF reports to GitHub

Add one step to the lint workflow that uploads the SARIF output from
the checks to GitHub, which will show them in the web interface and
allow navigation to the diagnostics.
---
 .github/workflows/lint.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index c64dc8a23..0da3ba249 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -26,3 +26,8 @@ jobs:
             packages: "tools platform-tools cmake;3.31.1"
         - name: Lint checks
           run: ./gradlew lint${{ inputs.build_type }}
+        - name: Upload SARIF Reports
+          uses: github/codeql-action/upload-sarif@v3
+          with:
+            sarif_file: build/sarif-reports/
+            category: android-lint${{ inputs.build_type }}