mirror of
https://github.com/bitwarden/browser.git
synced 2024-12-22 16:29:09 +01:00
BRE-243 - Fix credentials used for Desktop upload to App Store (#10503)
This commit is contained in:
parent
7ad42ae18b
commit
2acd201752
45
.github/workflows/build-desktop.yml
vendored
45
.github/workflows/build-desktop.yml
vendored
@ -776,10 +776,18 @@ jobs:
|
||||
mkdir PlugIns
|
||||
cp -r $GITHUB_WORKSPACE/browser-build-artifacts/Safari/dmg/build/Release/safari.appex PlugIns/safari.appex
|
||||
|
||||
- name: Set up private auth key
|
||||
run: |
|
||||
mkdir ~/private_keys
|
||||
cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8
|
||||
${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
|
||||
EOF
|
||||
|
||||
- name: Build application (dist)
|
||||
env:
|
||||
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
|
||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
||||
APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
|
||||
APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
|
||||
APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8
|
||||
CSC_FOR_PULL_REQUEST: true
|
||||
run: npm run pack:mac
|
||||
|
||||
@ -985,12 +993,20 @@ jobs:
|
||||
mkdir PlugIns
|
||||
cp -r $GITHUB_WORKSPACE/browser-build-artifacts/Safari/mas/build/Release/safari.appex PlugIns/safari.appex
|
||||
|
||||
- name: Set up private auth key
|
||||
run: |
|
||||
mkdir ~/private_keys
|
||||
cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8
|
||||
${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
|
||||
EOF
|
||||
|
||||
- name: Build application for App Store
|
||||
run: npm run pack:mac:mas
|
||||
env:
|
||||
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
|
||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
||||
APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
|
||||
APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
|
||||
APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8
|
||||
CSC_FOR_PULL_REQUEST: true
|
||||
run: npm run pack:mac:mas
|
||||
|
||||
- name: Upload .pkg artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
@ -1000,15 +1016,15 @@ jobs:
|
||||
if-no-files-found: error
|
||||
|
||||
- name: Deploy to TestFlight
|
||||
env:
|
||||
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
|
||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
||||
if: |
|
||||
(github.ref == 'refs/heads/main'
|
||||
&& needs.setup.outputs.rc_branch_exists == 0
|
||||
&& needs.setup.outputs.hotfix_branch_exists == 0)
|
||||
|| (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0)
|
||||
|| github.ref == 'refs/heads/hotfix-rc-desktop'
|
||||
env:
|
||||
APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
|
||||
APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
|
||||
run: npm run upload:mas
|
||||
|
||||
|
||||
@ -1180,11 +1196,18 @@ jobs:
|
||||
mkdir PlugIns
|
||||
cp -r $GITHUB_WORKSPACE/browser-build-artifacts/Safari/masdev/build/Release/safari.appex PlugIns/safari.appex
|
||||
|
||||
- name: Set up private auth key
|
||||
run: |
|
||||
mkdir ~/private_keys
|
||||
cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8
|
||||
${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
|
||||
EOF
|
||||
|
||||
- name: Build dev application for App Store
|
||||
run: npm run pack:mac:masdev
|
||||
env:
|
||||
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
|
||||
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
||||
APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
|
||||
APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8
|
||||
run: npm run pack:mac:masdev
|
||||
|
||||
- name: Zip masdev asset
|
||||
run: |
|
||||
|
@ -52,7 +52,7 @@
|
||||
"publish:mac:mas": "npm run dist:mac:mas && npm run upload:mas",
|
||||
"publish:win": "npm run build && npm run clean:dist && electron-builder --win --x64 --arm64 --ia32 -p always -c.win.certificateSubjectName=\"8bit Solutions LLC\"",
|
||||
"publish:win:dev": "npm run build && npm run clean:dist && electron-builder --win --x64 --arm64 --ia32 -p always",
|
||||
"upload:mas": "xcrun altool --upload-app --type osx --file \"$(find ./dist/mas-universal/Bitwarden*.pkg)\" --username $APPLE_ID_USERNAME --password $APPLE_ID_PASSWORD",
|
||||
"upload:mas": "xcrun altool --upload-app --type osx --file \"$(find ./dist/mas-universal/Bitwarden*.pkg)\" --apiKey $APP_STORE_CONNECT_AUTH_KEY --apiIssuer $APP_STORE_CONNECT_TEAM_ISSUER",
|
||||
"test": "jest",
|
||||
"test:watch": "jest --watch",
|
||||
"test:watch:all": "jest --watchAll"
|
||||
|
@ -50,14 +50,27 @@ async function run(context) {
|
||||
|
||||
if (macBuild) {
|
||||
console.log("### Notarizing " + appPath);
|
||||
const appleId = process.env.APPLE_ID_USERNAME || process.env.APPLEID;
|
||||
const appleIdPassword = process.env.APPLE_ID_PASSWORD || `@keychain:AC_PASSWORD`;
|
||||
return await notarize({
|
||||
tool: "notarytool",
|
||||
appPath: appPath,
|
||||
teamId: "LTZ2PFU5D6",
|
||||
appleId: appleId,
|
||||
appleIdPassword: appleIdPassword,
|
||||
});
|
||||
if (process.env.APP_STORE_CONNECT_TEAM_ISSUER) {
|
||||
const appleApiIssuer = process.env.APP_STORE_CONNECT_TEAM_ISSUER;
|
||||
const appleApiKey = process.env.APP_STORE_CONNECT_AUTH_KEY_PATH;
|
||||
const appleApiKeyId = process.env.APP_STORE_CONNECT_AUTH_KEY;
|
||||
return await notarize({
|
||||
tool: "notarytool",
|
||||
appPath: appPath,
|
||||
appleApiIssuer: appleApiIssuer,
|
||||
appleApiKey: appleApiKey,
|
||||
appleApiKeyId: appleApiKeyId,
|
||||
});
|
||||
} else {
|
||||
const appleId = process.env.APPLE_ID_USERNAME || process.env.APPLEID;
|
||||
const appleIdPassword = process.env.APPLE_ID_PASSWORD || `@keychain:AC_PASSWORD`;
|
||||
return await notarize({
|
||||
tool: "notarytool",
|
||||
appPath: appPath,
|
||||
teamId: "LTZ2PFU5D6",
|
||||
appleId: appleId,
|
||||
appleIdPassword: appleIdPassword,
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user