1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-22 11:45:59 +01:00

BRE-243 - Fix credentials used for Desktop upload to App Store (#10503)

This commit is contained in:
Vince Grassia 2024-08-13 12:14:15 -04:00 committed by GitHub
parent 7ad42ae18b
commit 2acd201752
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 57 additions and 21 deletions

View File

@ -776,10 +776,18 @@ jobs:
mkdir PlugIns
cp -r $GITHUB_WORKSPACE/browser-build-artifacts/Safari/dmg/build/Release/safari.appex PlugIns/safari.appex
- name: Set up private auth key
run: |
mkdir ~/private_keys
cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8
${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
EOF
- name: Build application (dist)
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8
CSC_FOR_PULL_REQUEST: true
run: npm run pack:mac
@ -985,12 +993,20 @@ jobs:
mkdir PlugIns
cp -r $GITHUB_WORKSPACE/browser-build-artifacts/Safari/mas/build/Release/safari.appex PlugIns/safari.appex
- name: Set up private auth key
run: |
mkdir ~/private_keys
cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8
${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
EOF
- name: Build application for App Store
run: npm run pack:mac:mas
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8
CSC_FOR_PULL_REQUEST: true
run: npm run pack:mac:mas
- name: Upload .pkg artifact
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
@ -1000,15 +1016,15 @@ jobs:
if-no-files-found: error
- name: Deploy to TestFlight
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
if: |
(github.ref == 'refs/heads/main'
&& needs.setup.outputs.rc_branch_exists == 0
&& needs.setup.outputs.hotfix_branch_exists == 0)
|| (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0)
|| github.ref == 'refs/heads/hotfix-rc-desktop'
env:
APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
run: npm run upload:mas
@ -1180,11 +1196,18 @@ jobs:
mkdir PlugIns
cp -r $GITHUB_WORKSPACE/browser-build-artifacts/Safari/masdev/build/Release/safari.appex PlugIns/safari.appex
- name: Set up private auth key
run: |
mkdir ~/private_keys
cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8
${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
EOF
- name: Build dev application for App Store
run: npm run pack:mac:masdev
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8
run: npm run pack:mac:masdev
- name: Zip masdev asset
run: |

View File

@ -52,7 +52,7 @@
"publish:mac:mas": "npm run dist:mac:mas && npm run upload:mas",
"publish:win": "npm run build && npm run clean:dist && electron-builder --win --x64 --arm64 --ia32 -p always -c.win.certificateSubjectName=\"8bit Solutions LLC\"",
"publish:win:dev": "npm run build && npm run clean:dist && electron-builder --win --x64 --arm64 --ia32 -p always",
"upload:mas": "xcrun altool --upload-app --type osx --file \"$(find ./dist/mas-universal/Bitwarden*.pkg)\" --username $APPLE_ID_USERNAME --password $APPLE_ID_PASSWORD",
"upload:mas": "xcrun altool --upload-app --type osx --file \"$(find ./dist/mas-universal/Bitwarden*.pkg)\" --apiKey $APP_STORE_CONNECT_AUTH_KEY --apiIssuer $APP_STORE_CONNECT_TEAM_ISSUER",
"test": "jest",
"test:watch": "jest --watch",
"test:watch:all": "jest --watchAll"

View File

@ -50,6 +50,18 @@ async function run(context) {
if (macBuild) {
console.log("### Notarizing " + appPath);
if (process.env.APP_STORE_CONNECT_TEAM_ISSUER) {
const appleApiIssuer = process.env.APP_STORE_CONNECT_TEAM_ISSUER;
const appleApiKey = process.env.APP_STORE_CONNECT_AUTH_KEY_PATH;
const appleApiKeyId = process.env.APP_STORE_CONNECT_AUTH_KEY;
return await notarize({
tool: "notarytool",
appPath: appPath,
appleApiIssuer: appleApiIssuer,
appleApiKey: appleApiKey,
appleApiKeyId: appleApiKeyId,
});
} else {
const appleId = process.env.APPLE_ID_USERNAME || process.env.APPLEID;
const appleIdPassword = process.env.APPLE_ID_PASSWORD || `@keychain:AC_PASSWORD`;
return await notarize({
@ -60,4 +72,5 @@ async function run(context) {
appleIdPassword: appleIdPassword,
});
}
}
}