From 5ae749047858374264f314fca3b9d6a20951acfa Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Mon, 7 Jun 2021 12:00:13 -0400 Subject: [PATCH] MacOS Build Asset and Workflow Optimization (#942) * adding more testable assets to the desktop build * fixing typo * renaming job * fixing loading safari extension * Fix typo * Update workflows to use new Node caching * Move checkout actions to beginning of jobs * Add Run ID to key for Node cache * Add Runner OS to cache actions * Fix build commands by putting 'npx' in front * Update builds to use other scripts in package.json * Set up keychain for macos-package-dev * Add 'Increment version' step to build workflow * Disable MacOS dev build. Test other MacOS builds * Add provisioning profile steps to other MacOS builds * Remove test branch code Co-authored-by: Joseph Flinn --- .github/workflows/build.yml | 493 +++++++++++++++++++++++++++++----- .github/workflows/deploy.yml | 20 +- .github/workflows/release.yml | 113 +++++--- 3 files changed, 511 insertions(+), 115 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ea9f266bc8..8d37d9b665 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Set up cloc run: | @@ -23,29 +23,39 @@ jobs: run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git linux: - name: Linux + name: Linux Build runs-on: ubuntu-latest steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: '14' + - name: Cache Node Modules + id: node-modules-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '**/node_modules' + key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + - name: Update NPM run: | npm install -g npm@7 npm install -g node-gyp node-gyp install $(node -v) - - name: Set Node options - run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV - - name: Set up environment run: | sudo apt-get update sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm - - name: Set up snap + - name: Set up Snap run: | sudo snap install snapcraft --classic @@ -56,14 +66,12 @@ jobs: snap --version snapcraft --version || echo 'snapcraft unavailable' - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - name: Load package version run: ./.github/scripts/load-version.ps1 shell: pwsh - name: Install Node dependencies + if: steps.node-modules-cache.outputs.cache-hit != 'true' run: npm install - name: Run linter @@ -73,65 +81,74 @@ jobs: run: npm run dist:lin - name: Upload .deb artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-amd64.deb path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-amd64.deb if-no-files-found: error - name: Upload .rpm artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.rpm path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.rpm if-no-files-found: error - name: Upload .freebsd artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64.freebsd path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.freebsd if-no-files-found: error - name: Upload .snap artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: bitwarden_${{ env.PACKAGE_VERSION }}_amd64.snap path: ./dist/bitwarden_${{ env.PACKAGE_VERSION }}_amd64.snap if-no-files-found: error - name: Upload .AppImage artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage if-no-files-found: error - windows: - name: Windows + name: Windows Build runs-on: windows-latest steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + - name: Set up dotnet - uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea + uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea # v1.8.0 with: dotnet-version: "3.1.x" - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: '14' + - name: Cache Node Modules + id: node-modules-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '**/node_modules' + key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + shell: pwsh + - name: Update NPM run: | npm install -g npm@7 npm install -g node-gyp node-gyp install $(node -v) - - name: Set Node options - run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - shell: pwsh - - name: Install AST shell: pwsh run: | @@ -163,14 +180,12 @@ jobs: npm --version choco --version - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - name: Load package version run: ./.github/scripts/load-version.ps1 shell: pwsh - name: Install Node dependencies + if: steps.node-modules-cache.outputs.cache-hit != 'true' run: npm install - name: Run linter @@ -210,77 +225,95 @@ jobs: choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:PACKAGE_VERSION" --out ./dist/chocolatey - name: Upload portable exe artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe if-no-files-found: error - name: Upload installer exe artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe if-no-files-found: error - name: Upload store appx ia32 artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx if-no-files-found: error - name: Upload store appx x64 artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx if-no-files-found: error - name: Upload store appx ARM64 artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-arm64-store.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-arm64-store.appx if-no-files-found: error - name: Upload nupkg artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg if-no-files-found: error - macos: - name: MacOS + macos-build: + name: MacOS Build runs-on: macos-latest steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: '14' + - name: Cache Node Modules + id: node-modules-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '**/node_modules' + key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + - name: Update NPM run: | npm install -g npm@7 npm install -g node-gyp node-gyp install $(node -v) - - name: Set Node options - run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV - - name: Print environment run: | node --version npm --version echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" - env: - GITHUB_REF: ${{ github.ref }} - GITHUB_EVENT: ${{ github.event_name }} - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + - name: Cache Build + id: build-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: build + key: ${{ runner.os }}-${{ github.run_id }}-build + + - name: Cache Safari + id: safari-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: dist-safari + key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - name: Decrypt secrets run: ./.github/scripts/macos/decrypt-secrets.ps1 @@ -312,68 +345,273 @@ jobs: shell: pwsh - name: Install Node dependencies + if: steps.node-modules-cache.outputs.cache-hit != 'true' run: npm install - name: Run linter run: npm run lint + - name: Build application (dev) + run: npm run build + - name: Create Safari directory - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' shell: pwsh run: New-Item ./dist-safari -ItemType Directory -ea 0 - name: Checkout browser extension - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 with: repository: 'bitwarden/browser' path: 'dist-safari/browser' - name: Build Safari extension - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' + shell: pwsh + run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy + + macos-package-github: + name: MacOS Package GitHub Release Assets + runs-on: macos-latest + needs: macos-build + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' + steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + + - name: Set up Node + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 + with: + node-version: '14' + + - name: Cache Node Modules + id: node-modules-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '**/node_modules' + key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + + - name: Update NPM + run: | + npm install -g npm@7 + npm install -g node-gyp + node-gyp install $(node -v) + + - name: Print environment + run: | + node --version + npm --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Get Build Cache + id: build-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: build + key: ${{ runner.os }}-${{ github.run_id }}-build + + - name: Setup Safari Cache + id: safari-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: dist-safari + key: ${{ runner.os }}-${{ github.run_id }}-safari-extension + + - name: Decrypt secrets + run: ./.github/scripts/macos/decrypt-secrets.ps1 + shell: pwsh + env: + DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + + - name: Set up keychain + run: ./.github/scripts/macos/setup-keychain.ps1 + shell: pwsh + env: + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} + DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} + APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} + MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Set up provisioning profiles + run: ./.github/scripts/macos/setup-profiles.ps1 + shell: pwsh + + - name: Increment version + run: ./.github/scripts/macos/increment-version.ps1 + shell: pwsh + + - name: Load package version + run: ./.github/scripts/load-version.ps1 + shell: pwsh + + - name: NPM install + if: steps.node-modules-cache.outputs.cache-hit != 'true' + run: npm install + + - name: Build + if: steps.build-cache.outputs.cache-hit != 'true' + run: npm run build + + - name: Create Safari directory + if: steps.safari-cache.outputs.cache-hit != 'true' + shell: pwsh + run: New-Item ./dist-safari -ItemType Directory -ea 0 + + - name: Checkout browser extension + if: steps.safari-cache.outputs.cache-hit != 'true' + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + with: + repository: 'bitwarden/browser' + path: 'dist-safari/browser' + ref: ${{ github.ref }} + + - name: Build Safari extension + if: steps.safari-cache.outputs.cache-hit != 'true' shell: pwsh run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy - name: Load Safari extension for .dmg - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' shell: pwsh run: ./scripts/safari-build.ps1 -copyonly - - name: Build application (dev) - if: github.ref != 'refs/heads/master' || github.ref != 'refs/heads/rc' - run: npm run build - - name: Build application (dist) - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' - run: npm run dist:mac + run: | + npm run pack:mac env: APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - name: Upload .zip artifact - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip if-no-files-found: error - name: Upload .dmg artifact - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}.dmg path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}.dmg if-no-files-found: error + macos-package-mas: + name: MacOS Package Prod Release Asset + runs-on: macos-latest + needs: macos-build + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' + steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + + - name: Set up Node + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 + with: + node-version: '14' + + - name: Cache Node Modules + id: node-modules-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '**/node_modules' + key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + + - name: Update NPM + run: | + npm install -g npm@7 + npm install -g node-gyp + node-gyp install $(node -v) + + - name: Print environment + run: | + node --version + npm --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Get Build Cache + id: build-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: build + key: ${{ runner.os }}-${{ github.run_id }}-build + + - name: Setup Safari Cache + id: safari-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: dist-safari + key: ${{ runner.os }}-${{ github.run_id }}-safari-extension + + - name: Decrypt secrets + run: ./.github/scripts/macos/decrypt-secrets.ps1 + shell: pwsh + env: + DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + + - name: Set up keychain + run: ./.github/scripts/macos/setup-keychain.ps1 + shell: pwsh + env: + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} + DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} + APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} + MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Set up provisioning profiles + run: ./.github/scripts/macos/setup-profiles.ps1 + shell: pwsh + + - name: Increment version + run: ./.github/scripts/macos/increment-version.ps1 + shell: pwsh + + - name: Load package version + run: ./.github/scripts/load-version.ps1 + shell: pwsh + + - name: NPM install + if: steps.node-modules-cache.outputs.cache-hit != 'true' + run: npm install + + - name: Build + if: steps.build-cache.outputs.cache-hit != 'true' + run: npm run build + + - name: Create Safari directory + if: steps.safari-cache.outputs.cache-hit != 'true' + shell: pwsh + run: New-Item ./dist-safari -ItemType Directory -ea 0 + + - name: Checkout browser extension + if: steps.safari-cache.outputs.cache-hit != 'true' + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + with: + repository: 'bitwarden/browser' + path: 'dist-safari/browser' + ref: ${{ github.ref }} + + - name: Build Safari extension + if: steps.safari-cache.outputs.cache-hit != 'true' + shell: pwsh + run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy + - name: Load Safari extension for App Store - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' shell: pwsh run: ./scripts/safari-build.ps1 -mas -copyonly - name: Build application for App Store - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' - run: npm run dist:mac:mas + run: | + npm run pack:mac:mas env: APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} @@ -381,9 +619,138 @@ jobs: SDK_DIR: /Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/ - name: Upload .pkg artifact - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg path: ./dist/mas-universal/Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg if-no-files-found: error + + macos-package-dev: + name: MacOS Package Dev Release Asset + if: false # We need to look into how code signing works for dev + runs-on: macos-latest + needs: macos-build + steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + + - name: Set up Node + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 + with: + node-version: '14' + + - name: Cache Node Modules + id: node-modules-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '**/node_modules' + key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + + - name: Update NPM + run: | + npm install -g npm@7 + npm install -g node-gyp + node-gyp install $(node -v) + + - name: Print environment + run: | + node --version + npm --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Get Build Cache + id: build-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: build + key: ${{ runner.os }}-${{ github.run_id }}-build + + - name: Setup Safari Cache + id: safari-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: dist-safari + key: ${{ runner.os }}-${{ github.run_id }}-safari-extension + + - name: Decrypt secrets + run: ./.github/scripts/macos/decrypt-secrets.ps1 + shell: pwsh + env: + DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + + - name: Set up keychain + run: ./.github/scripts/macos/setup-keychain.ps1 + shell: pwsh + env: + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} + DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} + APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} + MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Set up provisioning profiles + run: ./.github/scripts/macos/setup-profiles.ps1 + shell: pwsh + + - name: Increment version + run: ./.github/scripts/macos/increment-version.ps1 + shell: pwsh + + - name: Load package version + run: ./.github/scripts/load-version.ps1 + shell: pwsh + + - name: NPM install + if: steps.node-modules-cache.outputs.cache-hit != 'true' + run: npm install + + - name: Build + if: steps.build-cache.outputs.cache-hit != 'true' + run: npm run build + + - name: Create Safari directory + if: steps.safari-cache.outputs.cache-hit != 'true' + shell: pwsh + run: New-Item ./dist-safari -ItemType Directory -ea 0 + + - name: Checkout browser extension + if: steps.safari-cache.outputs.cache-hit != 'true' + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + with: + repository: 'bitwarden/browser' + path: 'dist-safari/browser' + + - name: Build Safari extension + if: steps.safari-cache.outputs.cache-hit != 'true' + shell: pwsh + run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy + + - name: Load Safari extension for App Store + shell: pwsh + run: ./scripts/safari-build.ps1 -masdev -copyonly + + - name: Build dev application for App Store + run: | + npm run pack:mac:masdev + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + SDKROOT: /Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/ + SDK_DIR: /Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/ + + - name: Zip masdev asset + working-directory: ./dist/mas-dev-universal + run: | + zip -r Bitwarden-${{ env.PACKAGE_VERSION }}-masdev-universal.zip Bitwarden.app + + - name: Upload masdev artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + with: + name: Bitwarden-${{ env.PACKAGE_VERSION }}-masdev-universal.zip + path: ./dist/mas-universal/Bitwarden-${{ env.PACKAGE_VERSION }}-masdev-universal.zip + if-no-files-found: error diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 12bcfcfe1e..49b7596d6a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -16,7 +16,7 @@ jobs: tag_version: ${{ steps.create_tags.outputs.tag_version }} steps: - name: Checkout Repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Create Deploy version vars id: create_tags @@ -58,18 +58,18 @@ jobs: TAG_VERSION: ${{ needs.setup.outputs.tag_version }} steps: - name: Checkout Repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Install Snap - uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d + uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d # v1.2.0 with: snapcraft_token: ${{ secrets.SNAP_TOKEN }} - name: Setup run: mkdir dist - - name: Get snap package - uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 + - name: Get Snap package + uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 # v1.1.6 with: mode: download tag_name: ${{ env.TAG_VERSION }} @@ -93,10 +93,10 @@ jobs: TAG_VERSION: ${{ needs.setup.outputs.tag_version }} steps: - name: Checkout Repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Get choco release asset - uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 + uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 # v1.1.6 with: mode: download tag_name: ${{ env.TAG_VERSION }} @@ -113,7 +113,7 @@ jobs: run: New-Item -ItemType directory -Path ./dist - name: Get nupkg - uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 + uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 # v1.1.6 with: mode: download tag_name: ${{ env.TAG_VERSION }} @@ -135,13 +135,13 @@ jobs: TAG_VERSION: ${{ needs.setup.outputs.tag_version }} steps: - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Make target directory run: mkdir -p dist/mas-universal - name: Get Mac release asset - uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 + uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 # v1.1.6 with: mode: download tag_name: ${{ env.TAG_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d309c9964b..d9f6b00883 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: fi - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Create Release Vars id: create_tags @@ -50,7 +50,7 @@ jobs: - name: Create Draft Release id: create_release - uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e + uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -64,20 +64,30 @@ jobs: runs-on: ubuntu-latest needs: setup steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: '14' + - name: Cache Node Modules + id: node-modules-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '**/node_modules' + key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + - name: Update NPM run: | npm install -g npm@7 npm install -g node-gyp node-gyp install $(node -v) - - name: Set Node options - run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV - - name: Set up environment run: | sudo apt-get update @@ -88,14 +98,12 @@ jobs: node --version npm --version - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - name: Load package version run: ./.github/scripts/load-version.ps1 shell: pwsh - name: Install Node dependencies + if: steps.node-modules-cache.outputs.cache-hit != 'true' run: npm install - name: Run linter @@ -111,26 +119,36 @@ jobs: runs-on: windows-latest needs: setup steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + - name: Set up dotnet - uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea + uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea # v1.8.0 with: dotnet-version: "3.1.x" - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: '14' + - name: Cache Node Modules + id: node-modules-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '**/node_modules' + key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + shell: pwsh + - name: Update NPM run: | npm install -g npm@7 npm install -g node-gyp node-gyp install $(node -v) - - name: Set Node options - run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - shell: pwsh - - name: Install AST shell: pwsh run: | @@ -165,14 +183,12 @@ jobs: npm --version choco --version - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - name: Load package version run: ./.github/scripts/load-version.ps1 shell: pwsh - name: Install Node dependencies + if: steps.node-modules-cache.outputs.cache-hit != 'true' run: npm install - name: Run linter @@ -203,7 +219,7 @@ jobs: cd ./dist/chocolatey - name: Upload Chocolatey nupkg release asset - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -217,21 +233,31 @@ jobs: runs-on: windows-latest needs: setup steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: '14' + - name: Cache Node Modules + id: node-modules-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '**/node_modules' + key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + shell: pwsh + - name: Update NPM run: | npm install -g npm@7 npm install -g node-gyp node-gyp install $(node -v) - - name: Set Node options - run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - shell: pwsh - - name: Set up environment shell: pwsh run: | @@ -243,14 +269,12 @@ jobs: npm --version choco --version - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - name: Load package version run: ./.github/scripts/load-version.ps1 shell: pwsh - name: Install Node dependencies + if: steps.node-modules-cache.outputs.cache-hit != 'true' run: npm install - name: Run linter @@ -260,7 +284,7 @@ jobs: run: npm run dist:win:ci - name: Upload unsigned ia32 Windows Store release asset - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -270,7 +294,7 @@ jobs: asset_content_type: application - name: Upload unsigned x64 Windows Store release asset - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -280,7 +304,7 @@ jobs: asset_content_type: application - name: Upload unsigned ARM64 Windows Store release asset - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -294,32 +318,36 @@ jobs: runs-on: macos-latest needs: setup steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: '14' + - name: Cache Node Modules + id: node-modules-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '**/node_modules' + key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + - name: Update NPM run: | npm install -g npm@7 npm install -g node-gyp node-gyp install $(node -v) - - name: Set Node options - run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV - - name: Print environment run: | node --version npm --version echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" - env: - GITHUB_REF: ${{ github.ref }} - GITHUB_EVENT: ${{ github.event_name }} - - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - name: Decrypt secrets run: ./.github/scripts/macos/decrypt-secrets.ps1 @@ -351,6 +379,7 @@ jobs: shell: pwsh - name: Install Node dependencies + if: steps.node-modules-cache.outputs.cache-hit != 'true' run: npm install - name: Run linter @@ -361,7 +390,7 @@ jobs: run: New-Item ./dist-safari -ItemType Directory -ea 0 - name: Checkout browser extension - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 with: repository: 'bitwarden/browser' ref: ${{ github.event.inputs.browser_extension_ref }} @@ -393,7 +422,7 @@ jobs: APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - name: Upload Apple Store release asset - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: