SDKS-4808 Release activities for Ping SDK 2.0.0

[spetrov]

JIRA Ticket

SDKS-4808 Release test and activities for Ping SDK 2.0.0

Description

• Updated CHANGELOG.md and README.md for the 2.0.0 release

Summary by CodeRabbit

• Documentation

  • Clarified module references in the External IDP README for consistency.

• Chores

  • Bumped signals dependency to a newer version.
  • Updated changelog metadata to point to the current network module identifier.
  • Added a debug signing configuration for the sample app build.
  • Reordered CI job dependencies in the workflow.

• Tests

  • Adjusted an Android test to assert a user-facing failure message.
  • Marked a flaky Key Attestation test as ignored.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 46.63%. Comparing base (6f03a9d) to head (aa55f3a).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files

@@              Coverage Diff               @@
##             develop     #171       +/-   ##
==============================================
+ Coverage      27.65%   46.63%   +18.97%     
- Complexity       901     1263      +362     
==============================================
  Files            300      306        +6     
  Lines           8967     9215      +248     
  Branches        1271     1305       +34     
==============================================
+ Hits            2480     4297     +1817     
+ Misses          6205     4347     -1858     
- Partials         282      571      +289     

Flag	Coverage Δ
integration-tests	28.31% <ø> (?)
unit-tests	27.62% <ø> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0d790ea3-8040-4693-829d-86a44c8fd759

📥 Commits

Reviewing files that changed from the base of the PR and between 6ceb313 and aa55f3a.

📒 Files selected for processing (4)

• .github/workflows/ci.yaml
• gradle/libs.versions.toml
• journey/src/androidTest/kotlin/com/pingidentity/journey/callback/device/binding/DeviceSigningVerifierCallbackTest.kt
• journey/src/androidTest/kotlin/com/pingidentity/journey/callback/device/binding/KeyAttestationTest.kt

✅ Files skipped from review due to trivial changes (1)

• gradle/libs.versions.toml

---

📝 Walkthrough

Walkthrough

This PR updates a changelog reference, adjusts README wording for module names, bumps a library version, adds an Android debug signing config to the sample app, changes BrowserStack job dependencies in CI, and modifies/annotates two Android tests (one assertion change, one test ignored).

Changes

Cohort / File(s)	Summary
Changelog CHANGELOG.md	Updated network module issue reference from [SDKS-3917] to [SDKS-4505].
Documentation external-idp/README.md	Reworded overview to reference davinci and journey modules instead of ping-davinci and ping-journey.
Dependency Versions gradle/libs.versions.toml	Bumped com-pingidentity-signals version from 5.2.0 to 5.3.0.
Sample App Build samples/pingsampleapp/build.gradle.kts	Added signingConfigs with a debug config using debug.jks, alias androiddebugkey, and hardcoded passwords (android).
CI Workflow .github/workflows/ci.yaml	Changed BrowserStack job dependency graph: browserstack-oath-run and browserstack-push-run now need browserstack-prepare-artifacts instead of browserstack-davinci-results/browserstack-journey-results.
Android Tests journey/src/.../DeviceSigningVerifierCallbackTest.kt, journey/src/.../KeyAttestationTest.kt	Modified testDeviceVerificationInactiveUser to assert a TextOutputCallback message "Failure" instead of server error fields; added @Ignore to testKeyAttestationTransientStateVariable (message references TRIAGE-33916).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• george-bafaloukas-forgerock
• rodrigoareis

"I hopped through lines both small and spry,
Changed a tag, bumped a gem, and set a key,
Tweaked tests and CI beneath the sky,
A tiny patch from rabbit paws—swift and free! 🐇"

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description includes the required JIRA ticket link and a brief overview, but lacks detail about all changes made, including version updates, build configuration, workflow changes, and test modifications.	Expand the description to summarize all changes: CHANGELOG and README updates, gradle dependency versions, debug signing config, CI/CD workflow job dependencies, and test modifications.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main objective of release activities for Ping SDK 2.0.0, which aligns with the changelog version bump, README updates, and dependency version changes in the changeset.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch SDKS-4808

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@external-idp/README.md`:
- Line 10: The README has inconsistent module names: lines reference
`davinci`/`journey` while later lines reference `ping-davinci`/`ping-journey`;
update the README so module naming is consistent end-to-end by choosing one
convention (either drop the `ping-` prefix or use it everywhere), replace all
occurrences of `davinci`/`journey` or `ping-davinci`/`ping-journey` accordingly,
and ensure any example commands, configuration snippets, and the setup
instructions (where `davinci`, `journey`, `ping-davinci`, `ping-journey` appear)
match the chosen naming scheme.

In `@gradle/libs.versions.toml`:
- Line 56: The dependency com-pingidentity-signals = "5.3.0" targets Android API
level 36; before releasing 2.0.0, verify your build toolchain can compile
against Android 16 by updating or confirming compileSdk is set to 36 (or a
compatible higher value) in your module build.gradle/kts, ensure the Android
Gradle Plugin and Gradle wrapper versions support API 36 (bump AGP/Gradle if
needed), run a full clean build and unit/instrumented tests, and check for any
deprecation/compat warnings introduced by Signals 5.3.0 during compilation and
runtime.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5095e5e9-3681-4415-8b11-76628a363532

📥 Commits

Reviewing files that changed from the base of the PR and between 74b0a2f and 8413d21.

📒 Files selected for processing (4)

• CHANGELOG.md
• external-idp/README.md
• gradle/libs.versions.toml
• samples/pingsampleapp/build.gradle.kts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

What are the release notes and any breaking changes for com.pingidentity.signals:android-sdk 5.3.0 compared to 5.2.0?

💡 Result:

Release notes (Android) — com.pingidentity.signals:android-sdk

5.3.0 (released Jan 21, 2026)

• Targeted for API Level 36 (Android 16). [1]

5.2.0 (released Mar 23, 2025)

• Location signal change: when the host app has requested location permissions, the SDK “takes into account GPS data” for user location information. [1]

Breaking changes / upgrade risks (5.2.0 → 5.3.0)

• No explicit breaking changes are called out in Ping’s Android SDK changelog beyond the move to target API level 36. [1]
• Practical impact to watch for: because 5.3.0 targets Android 16 / API 36, you may need a build toolchain that supports compiling against newer Android SDK levels (for example, updating your project’s Android SDK / compileSdk, and potentially AGP/Gradle), depending on how the AAR is built and what APIs it references. (This is an upgrade risk implied by the targeting change; Ping does not label it as a “breaking change” in the notes.) [1]

Source

• [1] PingOne Protect “SDK Changelog” (Signals SDK for Android) — version entries for 5.2.0 and 5.3.0. (developer.pingidentity.com)

Citations:

• 1: https://developer.pingidentity.com/pingone-api/native-sdks/pingone-risk-sdks/protect_sdk_changelog.html

---

Verify Android API level 36 (Android 16) compatibility for 2.0.0 release.

Signals 5.3.0 targets API Level 36, introduced in January 2026. While no explicit breaking changes are documented in the changelog, this API level bump requires verification that your build toolchain (compileSdk, AGP/Gradle) can support compiling against Android 16 before cutting the release.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@gradle/libs.versions.toml` at line 56, The dependency
com-pingidentity-signals = "5.3.0" targets Android API level 36; before
releasing 2.0.0, verify your build toolchain can compile against Android 16 by
updating or confirming compileSdk is set to 36 (or a compatible higher value) in
your module build.gradle/kts, ensure the Android Gradle Plugin and Gradle
wrapper versions support API 36 (bump AGP/Gradle if needed), run a full clean
build and unit/instrumented tests, and check for any deprecation/compat warnings
introduced by Signals 5.3.0 during compilation and runtime.

[rodrigoareis]

LGTM