mirror of
https://github.com/bitwarden/browser.git
synced 2024-06-30 11:15:36 +02:00
DEVOPS-1800 - Migrate Secrets (#8139)
This commit is contained in:
parent
29a26266e5
commit
1c5cf18746
BIN
.github/secrets/appstore-app-cert.p12.gpg
vendored
BIN
.github/secrets/appstore-app-cert.p12.gpg
vendored
Binary file not shown.
BIN
.github/secrets/appstore-installer-cert.p12.gpg
vendored
BIN
.github/secrets/appstore-installer-cert.p12.gpg
vendored
Binary file not shown.
BIN
.github/secrets/bitwarden-desktop-key.p12.gpg
vendored
BIN
.github/secrets/bitwarden-desktop-key.p12.gpg
vendored
Binary file not shown.
Binary file not shown.
BIN
.github/secrets/devid-app-cert.p12.gpg
vendored
BIN
.github/secrets/devid-app-cert.p12.gpg
vendored
Binary file not shown.
BIN
.github/secrets/devid-installer-cert.p12.gpg
vendored
BIN
.github/secrets/devid-installer-cert.p12.gpg
vendored
Binary file not shown.
BIN
.github/secrets/macdev-cert.p12.gpg
vendored
BIN
.github/secrets/macdev-cert.p12.gpg
vendored
Binary file not shown.
82
.github/workflows/build-browser.yml
vendored
82
.github/workflows/build-browser.yml
vendored
|
@ -257,58 +257,72 @@ jobs:
|
||||||
node --version
|
node --version
|
||||||
npm --version
|
npm --version
|
||||||
|
|
||||||
- name: Decrypt secrets
|
- name: Login to Azure
|
||||||
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
||||||
|
with:
|
||||||
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||||
|
|
||||||
|
- name: Download Provisioning Profiles secrets
|
||||||
env:
|
env:
|
||||||
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
ACCOUNT_NAME: bitwardenci
|
||||||
|
CONTAINER_NAME: profiles
|
||||||
run: |
|
run: |
|
||||||
mkdir -p $HOME/secrets
|
mkdir -p $HOME/secrets
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
|
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
|
--name bitwarden_desktop_appstore.provisionprofile \
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
|
||||||
--output "$HOME/secrets/appstore-app-cert.p12" \
|
--output none
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
|
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
- name: Get certificates
|
||||||
--output "$HOME/secrets/appstore-installer-cert.p12" \
|
run: |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
|
mkdir -p $HOME/certificates
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-app-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-installer-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/macdev-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
|
||||||
|
|
||||||
- name: Set up keychain
|
- name: Set up keychain
|
||||||
env:
|
env:
|
||||||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
||||||
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
|
|
||||||
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
|
|
||||||
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
|
|
||||||
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
|
|
||||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
||||||
run: |
|
run: |
|
||||||
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security default-keychain -s build.keychain
|
security default-keychain -s build.keychain
|
||||||
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security set-keychain-settings -lut 1200 build.keychain
|
security set-keychain-settings -lut 1200 build.keychain
|
||||||
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
|
|
||||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
||||||
|
|
||||||
- name: NPM setup
|
- name: NPM setup
|
||||||
|
|
328
.github/workflows/build-desktop.yml
vendored
328
.github/workflows/build-desktop.yml
vendored
|
@ -485,58 +485,72 @@ jobs:
|
||||||
path: apps/browser/dist/Safari
|
path: apps/browser/dist/Safari
|
||||||
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
||||||
|
|
||||||
- name: Decrypt secrets
|
- name: Login to Azure
|
||||||
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
||||||
|
with:
|
||||||
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||||
|
|
||||||
|
- name: Download Provisioning Profiles secrets
|
||||||
env:
|
env:
|
||||||
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
ACCOUNT_NAME: bitwardenci
|
||||||
|
CONTAINER_NAME: profiles
|
||||||
run: |
|
run: |
|
||||||
mkdir -p $HOME/secrets
|
mkdir -p $HOME/secrets
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
|
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
|
--name bitwarden_desktop_appstore.provisionprofile \
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
|
||||||
--output "$HOME/secrets/appstore-app-cert.p12" \
|
--output none
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
|
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
- name: Get certificates
|
||||||
--output "$HOME/secrets/appstore-installer-cert.p12" \
|
run: |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
|
mkdir -p $HOME/certificates
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-app-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-installer-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/macdev-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
|
||||||
|
|
||||||
- name: Set up keychain
|
- name: Set up keychain
|
||||||
env:
|
env:
|
||||||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
||||||
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
|
|
||||||
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
|
|
||||||
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
|
|
||||||
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
|
|
||||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
||||||
run: |
|
run: |
|
||||||
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security default-keychain -s build.keychain
|
security default-keychain -s build.keychain
|
||||||
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security set-keychain-settings -lut 1200 build.keychain
|
security set-keychain-settings -lut 1200 build.keychain
|
||||||
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
|
|
||||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
||||||
|
|
||||||
- name: Set up provisioning profiles
|
- name: Set up provisioning profiles
|
||||||
|
@ -632,58 +646,72 @@ jobs:
|
||||||
path: apps/browser/dist/Safari
|
path: apps/browser/dist/Safari
|
||||||
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
||||||
|
|
||||||
- name: Decrypt secrets
|
- name: Login to Azure
|
||||||
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
||||||
|
with:
|
||||||
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||||
|
|
||||||
|
- name: Download Provisioning Profiles secrets
|
||||||
env:
|
env:
|
||||||
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
ACCOUNT_NAME: bitwardenci
|
||||||
|
CONTAINER_NAME: profiles
|
||||||
run: |
|
run: |
|
||||||
mkdir -p $HOME/secrets
|
mkdir -p $HOME/secrets
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
|
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
|
--name bitwarden_desktop_appstore.provisionprofile \
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
|
||||||
--output "$HOME/secrets/appstore-app-cert.p12" \
|
--output none
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
|
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
- name: Get certificates
|
||||||
--output "$HOME/secrets/appstore-installer-cert.p12" \
|
run: |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
|
mkdir -p $HOME/certificates
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-app-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-installer-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/macdev-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
|
||||||
|
|
||||||
- name: Set up keychain
|
- name: Set up keychain
|
||||||
env:
|
env:
|
||||||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
||||||
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
|
|
||||||
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
|
|
||||||
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
|
|
||||||
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
|
|
||||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
||||||
run: |
|
run: |
|
||||||
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security default-keychain -s build.keychain
|
security default-keychain -s build.keychain
|
||||||
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security set-keychain-settings -lut 1200 build.keychain
|
security set-keychain-settings -lut 1200 build.keychain
|
||||||
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
|
|
||||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
||||||
|
|
||||||
- name: Set up provisioning profiles
|
- name: Set up provisioning profiles
|
||||||
|
@ -824,58 +852,72 @@ jobs:
|
||||||
path: apps/browser/dist/Safari
|
path: apps/browser/dist/Safari
|
||||||
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
||||||
|
|
||||||
- name: Decrypt secrets
|
- name: Login to Azure
|
||||||
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
||||||
|
with:
|
||||||
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||||
|
|
||||||
|
- name: Download Provisioning Profiles secrets
|
||||||
env:
|
env:
|
||||||
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
ACCOUNT_NAME: bitwardenci
|
||||||
|
CONTAINER_NAME: profiles
|
||||||
run: |
|
run: |
|
||||||
mkdir -p $HOME/secrets
|
mkdir -p $HOME/secrets
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
|
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
|
--name bitwarden_desktop_appstore.provisionprofile \
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
|
||||||
--output "$HOME/secrets/appstore-app-cert.p12" \
|
--output none
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
|
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
- name: Get certificates
|
||||||
--output "$HOME/secrets/appstore-installer-cert.p12" \
|
run: |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
|
mkdir -p $HOME/certificates
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-app-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-installer-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/macdev-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
|
||||||
|
|
||||||
- name: Set up keychain
|
- name: Set up keychain
|
||||||
env:
|
env:
|
||||||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
||||||
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
|
|
||||||
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
|
|
||||||
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
|
|
||||||
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
|
|
||||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
||||||
run: |
|
run: |
|
||||||
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security default-keychain -s build.keychain
|
security default-keychain -s build.keychain
|
||||||
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security set-keychain-settings -lut 1200 build.keychain
|
security set-keychain-settings -lut 1200 build.keychain
|
||||||
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
|
|
||||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
||||||
|
|
||||||
- name: Set up provisioning profiles
|
- name: Set up provisioning profiles
|
||||||
|
@ -1003,58 +1045,72 @@ jobs:
|
||||||
path: apps/browser/dist/Safari
|
path: apps/browser/dist/Safari
|
||||||
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
||||||
|
|
||||||
- name: Decrypt secrets
|
- name: Login to Azure
|
||||||
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
||||||
|
with:
|
||||||
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||||
|
|
||||||
|
- name: Download Provisioning Profiles secrets
|
||||||
env:
|
env:
|
||||||
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
ACCOUNT_NAME: bitwardenci
|
||||||
|
CONTAINER_NAME: profiles
|
||||||
run: |
|
run: |
|
||||||
mkdir -p $HOME/secrets
|
mkdir -p $HOME/secrets
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
|
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
|
--name bitwarden_desktop_appstore.provisionprofile \
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
|
||||||
--output "$HOME/secrets/appstore-app-cert.p12" \
|
--output none
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
|
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
- name: Get certificates
|
||||||
--output "$HOME/secrets/appstore-installer-cert.p12" \
|
run: |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
|
mkdir -p $HOME/certificates
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-app-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-installer-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/macdev-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
|
||||||
|
|
||||||
- name: Set up keychain
|
- name: Set up keychain
|
||||||
env:
|
env:
|
||||||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
||||||
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
|
|
||||||
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
|
|
||||||
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
|
|
||||||
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
|
|
||||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
||||||
run: |
|
run: |
|
||||||
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security default-keychain -s build.keychain
|
security default-keychain -s build.keychain
|
||||||
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security set-keychain-settings -lut 1200 build.keychain
|
security set-keychain-settings -lut 1200 build.keychain
|
||||||
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
|
|
||||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
||||||
|
|
||||||
- name: Set up provisioning profiles
|
- name: Set up provisioning profiles
|
||||||
|
|
235
.github/workflows/release-desktop-beta.yml
vendored
235
.github/workflows/release-desktop-beta.yml
vendored
|
@ -436,58 +436,66 @@ jobs:
|
||||||
path: apps/browser/dist/Safari
|
path: apps/browser/dist/Safari
|
||||||
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
||||||
|
|
||||||
- name: Decrypt secrets
|
- name: Download Provisioning Profiles secrets
|
||||||
env:
|
env:
|
||||||
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
ACCOUNT_NAME: bitwardenci
|
||||||
|
CONTAINER_NAME: profiles
|
||||||
run: |
|
run: |
|
||||||
mkdir -p $HOME/secrets
|
mkdir -p $HOME/secrets
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
|
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
|
--name bitwarden_desktop_appstore.provisionprofile \
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
|
||||||
--output "$HOME/secrets/appstore-app-cert.p12" \
|
--output none
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
|
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
- name: Get certificates
|
||||||
--output "$HOME/secrets/appstore-installer-cert.p12" \
|
run: |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
|
mkdir -p $HOME/certificates
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-app-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-installer-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/macdev-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
|
||||||
|
|
||||||
- name: Set up keychain
|
- name: Set up keychain
|
||||||
env:
|
env:
|
||||||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
||||||
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
|
|
||||||
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
|
|
||||||
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
|
|
||||||
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
|
|
||||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
||||||
run: |
|
run: |
|
||||||
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security default-keychain -s build.keychain
|
security default-keychain -s build.keychain
|
||||||
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security set-keychain-settings -lut 1200 build.keychain
|
security set-keychain-settings -lut 1200 build.keychain
|
||||||
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
|
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
|
|
||||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
||||||
|
|
||||||
- name: Set up provisioning profiles
|
- name: Set up provisioning profiles
|
||||||
|
@ -559,58 +567,72 @@ jobs:
|
||||||
path: apps/browser/dist/Safari
|
path: apps/browser/dist/Safari
|
||||||
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
||||||
|
|
||||||
- name: Decrypt secrets
|
- name: Login to Azure
|
||||||
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
||||||
|
with:
|
||||||
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||||
|
|
||||||
|
- name: Download Provisioning Profiles secrets
|
||||||
env:
|
env:
|
||||||
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
ACCOUNT_NAME: bitwardenci
|
||||||
|
CONTAINER_NAME: profiles
|
||||||
run: |
|
run: |
|
||||||
mkdir -p $HOME/secrets
|
mkdir -p $HOME/secrets
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
|
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
|
--name bitwarden_desktop_appstore.provisionprofile \
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
|
||||||
--output "$HOME/secrets/appstore-app-cert.p12" \
|
--output none
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
|
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
- name: Get certificates
|
||||||
--output "$HOME/secrets/appstore-installer-cert.p12" \
|
run: |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
|
mkdir -p $HOME/certificates
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-app-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-installer-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/macdev-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
|
||||||
|
|
||||||
- name: Set up keychain
|
- name: Set up keychain
|
||||||
env:
|
env:
|
||||||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
||||||
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
|
|
||||||
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
|
|
||||||
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
|
|
||||||
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
|
|
||||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
||||||
run: |
|
run: |
|
||||||
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security default-keychain -s build.keychain
|
security default-keychain -s build.keychain
|
||||||
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security set-keychain-settings -lut 1200 build.keychain
|
security set-keychain-settings -lut 1200 build.keychain
|
||||||
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
|
|
||||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
||||||
|
|
||||||
- name: Set up provisioning profiles
|
- name: Set up provisioning profiles
|
||||||
|
@ -755,58 +777,67 @@ jobs:
|
||||||
path: apps/browser/dist/Safari
|
path: apps/browser/dist/Safari
|
||||||
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
||||||
|
|
||||||
- name: Decrypt secrets
|
- name: Download Provisioning Profiles secrets
|
||||||
env:
|
env:
|
||||||
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
ACCOUNT_NAME: bitwardenci
|
||||||
|
CONTAINER_NAME: profiles
|
||||||
run: |
|
run: |
|
||||||
mkdir -p $HOME/secrets
|
mkdir -p $HOME/secrets
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
|
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
|
--name bitwarden_desktop_appstore.provisionprofile \
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
|
||||||
--output "$HOME/secrets/appstore-app-cert.p12" \
|
--output none
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
|
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
- name: Get certificates
|
||||||
--output "$HOME/secrets/appstore-installer-cert.p12" \
|
run: |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
|
mkdir -p $HOME/certificates
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-app-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/devid-installer-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/macdev-cert.p12" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12
|
||||||
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
||||||
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
|
||||||
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
|
jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
|
||||||
|
|
||||||
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
|
||||||
|
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
|
||||||
|
|
||||||
- name: Set up keychain
|
- name: Set up keychain
|
||||||
env:
|
env:
|
||||||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
||||||
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
|
|
||||||
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
|
|
||||||
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
|
|
||||||
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
|
|
||||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
||||||
run: |
|
run: |
|
||||||
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security default-keychain -s build.keychain
|
security default-keychain -s build.keychain
|
||||||
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
||||||
security set-keychain-settings -lut 1200 build.keychain
|
security set-keychain-settings -lut 1200 build.keychain
|
||||||
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
|
|
||||||
|
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
|
||||||
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
||||||
|
|
||||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
||||||
|
|
||||||
- name: Set up provisioning profiles
|
- name: Set up provisioning profiles
|
||||||
|
|
Loading…
Reference in New Issue
Block a user