1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-23 11:56:00 +01:00

Merge pull request #4 from joseph-flinn/add-signing-gh

Add signing gh
This commit is contained in:
Joseph Flinn 2021-01-05 09:17:42 -08:00 committed by GitHub
commit 7ba93f845d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 123 additions and 40 deletions

View File

@ -1,39 +0,0 @@
# Node.js
# Build a general Node.js project with npm.
# Add steps that analyze code, save build artifacts, deploy, and more:
# https://docs.microsoft.com/azure/devops/pipelines/languages/javascript
trigger: none
pool:
vmImage: 'windows-latest'
steps:
- task: NodeTool@0
inputs:
versionSpec: '10.x'
displayName: 'Install Node.js'
- script: npm install
displayName: 'npm install'
- script: |
npm run build
npm npm run clean:dist
displayName: 'npm build'
- script: npx electron-builder --win --x64 --ia32 -p never
displayName: 'electron-builder package'
- script: ls -alht dist
displayName: show executables
# - task: PublishPipelineArtifact@1
# inputs:
# pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-1.23.1-ia32.appx'
# artifactName: Bitwarden-$(GIT_COMMIT_TO_BUILD)-ia32.appx
#
# - task: PublishPipelineArtifact@1
# inputs:
# pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-1.23.1-x64.appx'
# artifactName: Bitwarden-$(GIT_COMMIT_TO_BUILD)-x64.appx

109
.github/workflows/build-and-sign.yml vendored Normal file
View File

@ -0,0 +1,109 @@
name: Build & Sign
on:
workflow_dispatch:
jobs:
windows:
runs-on: windows-latest
steps:
- name: Set up Node
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh
- name: Setup dotnet
uses: actions/setup-dotnet@v1
with:
dotnet-version: "3.x"
- name: Print environment
run: |
node --version
npm --version
dotnet --version
exit 1
- name: Checkout repo
uses: actions/checkout@v2
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
run: npm install
- name: Run linter
run: npm run lint
- name: Build application
shell: pwsh
run: npm run dist:win:ci
- name: Rename appx files for store
shell: pwsh
run: |
Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx" `
-Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx"
Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx" `
-Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx"
- name: Upload portable exe artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release'
uses: actions/upload-artifact@v2
with:
name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe
path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe
- name: Upload installer exe artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release'
uses: actions/upload-artifact@v2
with:
name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe
path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe
- name: Upload store appx ia32 artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release'
uses: actions/upload-artifact@v2
with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx
- name: Upload store appx x64 artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release'
uses: actions/upload-artifact@v2
with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx
- name: Deploy to Chocolatey
if: github.event_name == 'release'
run: ./scripts/choco-update.ps1 -version $env:PACKAGE_VERSION
shell: pwsh
- name: Upload Chocolatey nupkg artifact
if: github.event_name == 'release'
uses: actions/upload-artifact@v2
with:
name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
- name: Upload release assets
if: github.event_name == 'release'
run: |
hub release edit `
-a ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg `
-a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx `
-a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx `
-m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" `
$env:RELEASE_TAG_NAME
shell: pwsh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}

View File

@ -120,6 +120,7 @@
"nsis-web",
"appx"
],
"sign": "./sign.js",
"extraResources": [
{
"from": "node_modules/regedit/vbs",

12
sign.js Normal file
View File

@ -0,0 +1,12 @@
exports.default = async function(configuration) {
//console.log(`config:\n${JSON.stringify(configuration, null, 4)}`)
console.log(`env test - secret test ${process.env.SECRET_TEST}`)
console.log(`env test - shouldn't work ${process.env.secretTest}`)
require("child_process").execSync(
`azuresigntool sign -kvu ${process.env.SIGNING_VAULT_URL} -kvi ${process.env.SIGNING_CLIENT_ID} -kvt ${process.env.SIGNING_TENANT_ID} -kvs ${process.env.SIGNING_CLIENT_SECRET} -kvc ${process.env.SIGNING_CERT_NAME} -fd ${configuration.hash} -du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`,
{
stdio: "inherit"
}
);
};

View File

@ -2,7 +2,7 @@
"name": "bitwarden",
"productName": "Bitwarden",
"description": "A secure and free password manager for all of your devices.",
"version": "1.23.2-alpha",
"version": "1.23.3-alpha",
"author": "Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)",
"homepage": "https://bitwarden.com",
"license": "GPL-3.0",