mirror of
https://github.com/bitwarden/browser.git
synced 2024-12-21 16:18:28 +01:00
Revert workflow changes (#12376)
* Revert "fix: target workflows not triggering on pull_request_target (#12370)" This reverts commit645d36f465
. * Revert "[PM-15126] Tighten scope of our client build pipelines to remove reliance on secrets (#12243)" This reverts commitf8c33ea04b
.
This commit is contained in:
parent
3ce89f9945
commit
7c8b9db58f
4
.github/CODEOWNERS
vendored
4
.github/CODEOWNERS
vendored
@ -85,13 +85,9 @@ apps/web/src/app/shared @bitwarden/team-platform-dev
|
|||||||
apps/web/src/translation-constants.ts @bitwarden/team-platform-dev
|
apps/web/src/translation-constants.ts @bitwarden/team-platform-dev
|
||||||
# Workflows
|
# Workflows
|
||||||
.github/workflows/brew-bump-desktop.yml @bitwarden/team-platform-dev
|
.github/workflows/brew-bump-desktop.yml @bitwarden/team-platform-dev
|
||||||
.github/workflows/build-browser-target.yml @bitwarden/team-platform-dev
|
|
||||||
.github/workflows/build-browser.yml @bitwarden/team-platform-dev
|
.github/workflows/build-browser.yml @bitwarden/team-platform-dev
|
||||||
.github/workflows/build-cli-target.yml @bitwarden/team-platform-dev
|
|
||||||
.github/workflows/build-cli.yml @bitwarden/team-platform-dev
|
.github/workflows/build-cli.yml @bitwarden/team-platform-dev
|
||||||
.github/workflows/build-desktop-target.yml @bitwarden/team-platform-dev
|
|
||||||
.github/workflows/build-desktop.yml @bitwarden/team-platform-dev
|
.github/workflows/build-desktop.yml @bitwarden/team-platform-dev
|
||||||
.github/workflows/build-web-target.yml @bitwarden/team-platform-dev
|
|
||||||
.github/workflows/build-web.yml @bitwarden/team-platform-dev
|
.github/workflows/build-web.yml @bitwarden/team-platform-dev
|
||||||
.github/workflows/chromatic.yml @bitwarden/team-platform-dev
|
.github/workflows/chromatic.yml @bitwarden/team-platform-dev
|
||||||
.github/workflows/lint.yml @bitwarden/team-platform-dev
|
.github/workflows/lint.yml @bitwarden/team-platform-dev
|
||||||
|
39
.github/workflows/build-browser-target.yml
vendored
39
.github/workflows/build-browser-target.yml
vendored
@ -1,39 +0,0 @@
|
|||||||
name: Build Browser on PR Target
|
|
||||||
|
|
||||||
on:
|
|
||||||
pull_request_target:
|
|
||||||
types: [opened, synchronize]
|
|
||||||
branches-ignore:
|
|
||||||
- 'l10n_master'
|
|
||||||
- 'cf-pages'
|
|
||||||
paths:
|
|
||||||
- 'apps/browser/**'
|
|
||||||
- 'libs/**'
|
|
||||||
- '*'
|
|
||||||
- '!*.md'
|
|
||||||
- '!*.txt'
|
|
||||||
workflow_call:
|
|
||||||
inputs: {}
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
sdk_branch:
|
|
||||||
description: "Custom SDK branch"
|
|
||||||
required: false
|
|
||||||
type: string
|
|
||||||
|
|
||||||
defaults:
|
|
||||||
run:
|
|
||||||
shell: bash
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
check-run:
|
|
||||||
name: Check PR run
|
|
||||||
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
|
|
||||||
|
|
||||||
run-workflow:
|
|
||||||
name: Run Build Browser on PR Target
|
|
||||||
needs: check-run
|
|
||||||
if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
|
|
||||||
uses: ./.github/workflows/build-browser.yml
|
|
||||||
secrets: inherit
|
|
||||||
|
|
18
.github/workflows/build-browser.yml
vendored
18
.github/workflows/build-browser.yml
vendored
@ -1,7 +1,7 @@
|
|||||||
name: Build Browser
|
name: Build Browser
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request_target:
|
||||||
types: [opened, synchronize]
|
types: [opened, synchronize]
|
||||||
branches-ignore:
|
branches-ignore:
|
||||||
- 'l10n_master'
|
- 'l10n_master'
|
||||||
@ -38,14 +38,19 @@ defaults:
|
|||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
check-run:
|
||||||
|
name: Check PR run
|
||||||
|
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
|
||||||
|
|
||||||
setup:
|
setup:
|
||||||
name: Setup
|
name: Setup
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
needs:
|
||||||
|
- check-run
|
||||||
outputs:
|
outputs:
|
||||||
repo_url: ${{ steps.gen_vars.outputs.repo_url }}
|
repo_url: ${{ steps.gen_vars.outputs.repo_url }}
|
||||||
adj_build_number: ${{ steps.gen_vars.outputs.adj_build_number }}
|
adj_build_number: ${{ steps.gen_vars.outputs.adj_build_number }}
|
||||||
node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
|
node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
|
||||||
has_secrets: ${{ steps.check-secrets.outputs.has_secrets }}
|
|
||||||
steps:
|
steps:
|
||||||
- name: Check out repo
|
- name: Check out repo
|
||||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||||
@ -69,14 +74,6 @@ jobs:
|
|||||||
NODE_VERSION=${NODE_NVMRC/v/''}
|
NODE_VERSION=${NODE_NVMRC/v/''}
|
||||||
echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
|
echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
- name: Check secrets
|
|
||||||
id: check-secrets
|
|
||||||
env:
|
|
||||||
AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
|
||||||
run: |
|
|
||||||
has_secrets=${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL != '' }}
|
|
||||||
echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
|
|
||||||
locales-test:
|
locales-test:
|
||||||
name: Locales Test
|
name: Locales Test
|
||||||
@ -284,7 +281,6 @@ jobs:
|
|||||||
needs:
|
needs:
|
||||||
- setup
|
- setup
|
||||||
- locales-test
|
- locales-test
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
env:
|
env:
|
||||||
_BUILD_NUMBER: ${{ needs.setup.outputs.adj_build_number }}
|
_BUILD_NUMBER: ${{ needs.setup.outputs.adj_build_number }}
|
||||||
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
|
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
|
||||||
|
39
.github/workflows/build-cli-target.yml
vendored
39
.github/workflows/build-cli-target.yml
vendored
@ -1,39 +0,0 @@
|
|||||||
name: Build CLI on PR Target
|
|
||||||
|
|
||||||
on:
|
|
||||||
pull_request_target:
|
|
||||||
types: [opened, synchronize]
|
|
||||||
branches-ignore:
|
|
||||||
- 'l10n_master'
|
|
||||||
- 'cf-pages'
|
|
||||||
paths:
|
|
||||||
- 'apps/cli/**'
|
|
||||||
- 'libs/**'
|
|
||||||
- '*'
|
|
||||||
- '!*.md'
|
|
||||||
- '!*.txt'
|
|
||||||
- '.github/workflows/build-cli.yml'
|
|
||||||
- 'bitwarden_license/bit-cli/**'
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
sdk_branch:
|
|
||||||
description: "Custom SDK branch"
|
|
||||||
required: false
|
|
||||||
type: string
|
|
||||||
|
|
||||||
defaults:
|
|
||||||
run:
|
|
||||||
shell: bash
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
check-run:
|
|
||||||
name: Check PR run
|
|
||||||
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
|
|
||||||
|
|
||||||
run-workflow:
|
|
||||||
name: Run Build CLI on PR Target
|
|
||||||
needs: check-run
|
|
||||||
if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
|
|
||||||
uses: ./.github/workflows/build-cli.yml
|
|
||||||
secrets: inherit
|
|
||||||
|
|
27
.github/workflows/build-cli.yml
vendored
27
.github/workflows/build-cli.yml
vendored
@ -1,7 +1,7 @@
|
|||||||
name: Build CLI
|
name: Build CLI
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request_target:
|
||||||
types: [opened, synchronize]
|
types: [opened, synchronize]
|
||||||
branches-ignore:
|
branches-ignore:
|
||||||
- 'l10n_master'
|
- 'l10n_master'
|
||||||
@ -27,8 +27,6 @@ on:
|
|||||||
- '!*.txt'
|
- '!*.txt'
|
||||||
- '.github/workflows/build-cli.yml'
|
- '.github/workflows/build-cli.yml'
|
||||||
- 'bitwarden_license/bit-cli/**'
|
- 'bitwarden_license/bit-cli/**'
|
||||||
workflow_call:
|
|
||||||
inputs: {}
|
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
inputs:
|
inputs:
|
||||||
sdk_branch:
|
sdk_branch:
|
||||||
@ -41,13 +39,18 @@ defaults:
|
|||||||
working-directory: apps/cli
|
working-directory: apps/cli
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
check-run:
|
||||||
|
name: Check PR run
|
||||||
|
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
|
||||||
|
|
||||||
setup:
|
setup:
|
||||||
name: Setup
|
name: Setup
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
needs:
|
||||||
|
- check-run
|
||||||
outputs:
|
outputs:
|
||||||
package_version: ${{ steps.retrieve-package-version.outputs.package_version }}
|
package_version: ${{ steps.retrieve-package-version.outputs.package_version }}
|
||||||
node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
|
node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
|
||||||
has_secrets: ${{ steps.check-secrets.outputs.has_secrets }}
|
|
||||||
steps:
|
steps:
|
||||||
- name: Check out repo
|
- name: Check out repo
|
||||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||||
@ -68,14 +71,6 @@ jobs:
|
|||||||
NODE_VERSION=${NODE_NVMRC/v/''}
|
NODE_VERSION=${NODE_NVMRC/v/''}
|
||||||
echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
|
echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
- name: Check secrets
|
|
||||||
id: check-secrets
|
|
||||||
env:
|
|
||||||
AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
|
||||||
run: |
|
|
||||||
has_secrets=${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL != '' }}
|
|
||||||
echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
cli:
|
cli:
|
||||||
name: CLI ${{ matrix.os.base }} - ${{ matrix.license_type.readable }}
|
name: CLI ${{ matrix.os.base }} - ${{ matrix.license_type.readable }}
|
||||||
strategy:
|
strategy:
|
||||||
@ -122,7 +117,7 @@ jobs:
|
|||||||
working-directory: ./
|
working-directory: ./
|
||||||
|
|
||||||
- name: Download SDK Artifacts
|
- name: Download SDK Artifacts
|
||||||
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
if: ${{ inputs.sdk_branch != '' }}
|
||||||
uses: bitwarden/gh-actions/download-artifacts@main
|
uses: bitwarden/gh-actions/download-artifacts@main
|
||||||
with:
|
with:
|
||||||
github_token: ${{secrets.GITHUB_TOKEN}}
|
github_token: ${{secrets.GITHUB_TOKEN}}
|
||||||
@ -135,7 +130,7 @@ jobs:
|
|||||||
if_no_artifact_found: fail
|
if_no_artifact_found: fail
|
||||||
|
|
||||||
- name: Override SDK
|
- name: Override SDK
|
||||||
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
if: ${{ inputs.sdk_branch != '' }}
|
||||||
working-directory: ./
|
working-directory: ./
|
||||||
run: |
|
run: |
|
||||||
ls -l ../
|
ls -l ../
|
||||||
@ -277,7 +272,7 @@ jobs:
|
|||||||
working-directory: ./
|
working-directory: ./
|
||||||
|
|
||||||
- name: Download SDK Artifacts
|
- name: Download SDK Artifacts
|
||||||
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
if: ${{ inputs.sdk_branch != '' }}
|
||||||
uses: bitwarden/gh-actions/download-artifacts@main
|
uses: bitwarden/gh-actions/download-artifacts@main
|
||||||
with:
|
with:
|
||||||
github_token: ${{secrets.GITHUB_TOKEN}}
|
github_token: ${{secrets.GITHUB_TOKEN}}
|
||||||
@ -290,7 +285,7 @@ jobs:
|
|||||||
if_no_artifact_found: fail
|
if_no_artifact_found: fail
|
||||||
|
|
||||||
- name: Override SDK
|
- name: Override SDK
|
||||||
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
if: ${{ inputs.sdk_branch != '' }}
|
||||||
working-directory: ./
|
working-directory: ./
|
||||||
run: |
|
run: |
|
||||||
ls -l ../
|
ls -l ../
|
||||||
|
38
.github/workflows/build-desktop-target.yml
vendored
38
.github/workflows/build-desktop-target.yml
vendored
@ -1,38 +0,0 @@
|
|||||||
name: Build Desktop on PR Target
|
|
||||||
|
|
||||||
on:
|
|
||||||
pull_request_target:
|
|
||||||
types: [opened, synchronize]
|
|
||||||
branches-ignore:
|
|
||||||
- 'l10n_master'
|
|
||||||
- 'cf-pages'
|
|
||||||
paths:
|
|
||||||
- 'apps/desktop/**'
|
|
||||||
- 'libs/**'
|
|
||||||
- '*'
|
|
||||||
- '!*.md'
|
|
||||||
- '!*.txt'
|
|
||||||
- '.github/workflows/build-desktop.yml'
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
sdk_branch:
|
|
||||||
description: "Custom SDK branch"
|
|
||||||
required: false
|
|
||||||
type: string
|
|
||||||
|
|
||||||
defaults:
|
|
||||||
run:
|
|
||||||
shell: bash
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
check-run:
|
|
||||||
name: Check PR run
|
|
||||||
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
|
|
||||||
|
|
||||||
run-workflow:
|
|
||||||
name: Run Build Desktop on PR Target
|
|
||||||
needs: check-run
|
|
||||||
if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
|
|
||||||
uses: ./.github/workflows/build-desktop.yml
|
|
||||||
secrets: inherit
|
|
||||||
|
|
68
.github/workflows/build-desktop.yml
vendored
68
.github/workflows/build-desktop.yml
vendored
@ -1,7 +1,7 @@
|
|||||||
name: Build Desktop
|
name: Build Desktop
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request_target:
|
||||||
types: [opened, synchronize]
|
types: [opened, synchronize]
|
||||||
branches-ignore:
|
branches-ignore:
|
||||||
- 'l10n_master'
|
- 'l10n_master'
|
||||||
@ -25,8 +25,6 @@ on:
|
|||||||
- '!*.md'
|
- '!*.md'
|
||||||
- '!*.txt'
|
- '!*.txt'
|
||||||
- '.github/workflows/build-desktop.yml'
|
- '.github/workflows/build-desktop.yml'
|
||||||
workflow_call:
|
|
||||||
inputs: {}
|
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
inputs:
|
inputs:
|
||||||
sdk_branch:
|
sdk_branch:
|
||||||
@ -39,9 +37,15 @@ defaults:
|
|||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
check-run:
|
||||||
|
name: Check PR run
|
||||||
|
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
|
||||||
|
|
||||||
electron-verify:
|
electron-verify:
|
||||||
name: Verify Electron Version
|
name: Verify Electron Version
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
needs:
|
||||||
|
- check-run
|
||||||
steps:
|
steps:
|
||||||
- name: Check out repo
|
- name: Check out repo
|
||||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||||
@ -63,6 +67,8 @@ jobs:
|
|||||||
setup:
|
setup:
|
||||||
name: Setup
|
name: Setup
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
needs:
|
||||||
|
- check-run
|
||||||
outputs:
|
outputs:
|
||||||
package_version: ${{ steps.retrieve-version.outputs.package_version }}
|
package_version: ${{ steps.retrieve-version.outputs.package_version }}
|
||||||
release_channel: ${{ steps.release-channel.outputs.channel }}
|
release_channel: ${{ steps.release-channel.outputs.channel }}
|
||||||
@ -70,7 +76,6 @@ jobs:
|
|||||||
rc_branch_exists: ${{ steps.branch-check.outputs.rc_branch_exists }}
|
rc_branch_exists: ${{ steps.branch-check.outputs.rc_branch_exists }}
|
||||||
hotfix_branch_exists: ${{ steps.branch-check.outputs.hotfix_branch_exists }}
|
hotfix_branch_exists: ${{ steps.branch-check.outputs.hotfix_branch_exists }}
|
||||||
node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
|
node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
|
||||||
has_secrets: ${{ steps.check-secrets.outputs.has_secrets }}
|
|
||||||
defaults:
|
defaults:
|
||||||
run:
|
run:
|
||||||
working-directory: apps/desktop
|
working-directory: apps/desktop
|
||||||
@ -133,14 +138,6 @@ jobs:
|
|||||||
NODE_VERSION=${NODE_NVMRC/v/''}
|
NODE_VERSION=${NODE_NVMRC/v/''}
|
||||||
echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
|
echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
- name: Check secrets
|
|
||||||
id: check-secrets
|
|
||||||
env:
|
|
||||||
AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
|
||||||
run: |
|
|
||||||
has_secrets=${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL != '' }}
|
|
||||||
echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
linux:
|
linux:
|
||||||
name: Linux Build
|
name: Linux Build
|
||||||
# Note, before updating the ubuntu version of the workflow, ensure the snap base image
|
# Note, before updating the ubuntu version of the workflow, ensure the snap base image
|
||||||
@ -336,14 +333,12 @@ jobs:
|
|||||||
rustup show
|
rustup show
|
||||||
|
|
||||||
- name: Login to Azure
|
- name: Login to Azure
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
||||||
with:
|
with:
|
||||||
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||||
|
|
||||||
- name: Retrieve secrets
|
- name: Retrieve secrets
|
||||||
id: retrieve-secrets
|
id: retrieve-secrets
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
||||||
with:
|
with:
|
||||||
keyvault: "bitwarden-ci"
|
keyvault: "bitwarden-ci"
|
||||||
@ -358,7 +353,7 @@ jobs:
|
|||||||
working-directory: ./
|
working-directory: ./
|
||||||
|
|
||||||
- name: Download SDK Artifacts
|
- name: Download SDK Artifacts
|
||||||
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
if: ${{ inputs.sdk_branch != '' }}
|
||||||
uses: bitwarden/gh-actions/download-artifacts@main
|
uses: bitwarden/gh-actions/download-artifacts@main
|
||||||
with:
|
with:
|
||||||
github_token: ${{secrets.GITHUB_TOKEN}}
|
github_token: ${{secrets.GITHUB_TOKEN}}
|
||||||
@ -371,7 +366,7 @@ jobs:
|
|||||||
if_no_artifact_found: fail
|
if_no_artifact_found: fail
|
||||||
|
|
||||||
- name: Override SDK
|
- name: Override SDK
|
||||||
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
if: ${{ inputs.sdk_branch != '' }}
|
||||||
working-directory: ./
|
working-directory: ./
|
||||||
run: |
|
run: |
|
||||||
ls -l ../
|
ls -l ../
|
||||||
@ -391,17 +386,7 @@ jobs:
|
|||||||
working-directory: apps/desktop/desktop_native
|
working-directory: apps/desktop/desktop_native
|
||||||
run: node build.js cross-platform
|
run: node build.js cross-platform
|
||||||
|
|
||||||
- name: Build
|
- name: Build & Sign (dev)
|
||||||
run: |
|
|
||||||
npm run build
|
|
||||||
|
|
||||||
- name: Pack
|
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'false' }}
|
|
||||||
run: |
|
|
||||||
npm run pack:win
|
|
||||||
|
|
||||||
- name: Pack & Sign (dev)
|
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
env:
|
env:
|
||||||
ELECTRON_BUILDER_SIGN: 1
|
ELECTRON_BUILDER_SIGN: 1
|
||||||
SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }}
|
SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }}
|
||||||
@ -410,10 +395,10 @@ jobs:
|
|||||||
SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }}
|
SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }}
|
||||||
SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }}
|
SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }}
|
||||||
run: |
|
run: |
|
||||||
|
npm run build
|
||||||
npm run pack:win
|
npm run pack:win
|
||||||
|
|
||||||
- name: Rename appx files for store
|
- name: Rename appx files for store
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
run: |
|
run: |
|
||||||
Copy-Item "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx" `
|
Copy-Item "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx" `
|
||||||
-Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx"
|
-Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx"
|
||||||
@ -423,7 +408,6 @@ jobs:
|
|||||||
-Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx"
|
-Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx"
|
||||||
|
|
||||||
- name: Package for Chocolatey
|
- name: Package for Chocolatey
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
run: |
|
run: |
|
||||||
Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse
|
Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse
|
||||||
Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe `
|
Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe `
|
||||||
@ -435,7 +419,6 @@ jobs:
|
|||||||
choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:_PACKAGE_VERSION" --out ./dist/chocolatey
|
choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:_PACKAGE_VERSION" --out ./dist/chocolatey
|
||||||
|
|
||||||
- name: Fix NSIS artifact names for auto-updater
|
- name: Fix NSIS artifact names for auto-updater
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
run: |
|
run: |
|
||||||
Rename-Item -Path .\dist\nsis-web\Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z `
|
Rename-Item -Path .\dist\nsis-web\Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z `
|
||||||
-NewName bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
|
-NewName bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
|
||||||
@ -452,7 +435,6 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
- name: Upload installer exe artifact
|
- name: Upload installer exe artifact
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
||||||
with:
|
with:
|
||||||
name: Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe
|
name: Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe
|
||||||
@ -460,7 +442,6 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
- name: Upload appx ia32 artifact
|
- name: Upload appx ia32 artifact
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
||||||
with:
|
with:
|
||||||
name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx
|
||||||
@ -468,7 +449,6 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
- name: Upload store appx ia32 artifact
|
- name: Upload store appx ia32 artifact
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
||||||
with:
|
with:
|
||||||
name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx
|
||||||
@ -476,7 +456,6 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
- name: Upload NSIS ia32 artifact
|
- name: Upload NSIS ia32 artifact
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
||||||
with:
|
with:
|
||||||
name: bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
|
name: bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
|
||||||
@ -484,7 +463,6 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
- name: Upload appx x64 artifact
|
- name: Upload appx x64 artifact
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
||||||
with:
|
with:
|
||||||
name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx
|
||||||
@ -492,7 +470,6 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
- name: Upload store appx x64 artifact
|
- name: Upload store appx x64 artifact
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
||||||
with:
|
with:
|
||||||
name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx
|
||||||
@ -500,7 +477,6 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
- name: Upload NSIS x64 artifact
|
- name: Upload NSIS x64 artifact
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
||||||
with:
|
with:
|
||||||
name: bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z
|
name: bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z
|
||||||
@ -508,7 +484,6 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
- name: Upload appx ARM64 artifact
|
- name: Upload appx ARM64 artifact
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
||||||
with:
|
with:
|
||||||
name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx
|
||||||
@ -516,7 +491,6 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
- name: Upload store appx ARM64 artifact
|
- name: Upload store appx ARM64 artifact
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
||||||
with:
|
with:
|
||||||
name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx
|
||||||
@ -524,7 +498,6 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
- name: Upload NSIS ARM64 artifact
|
- name: Upload NSIS ARM64 artifact
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
||||||
with:
|
with:
|
||||||
name: bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
|
name: bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
|
||||||
@ -532,7 +505,6 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
- name: Upload nupkg artifact
|
- name: Upload nupkg artifact
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
||||||
with:
|
with:
|
||||||
name: bitwarden.${{ env._PACKAGE_VERSION }}.nupkg
|
name: bitwarden.${{ env._PACKAGE_VERSION }}.nupkg
|
||||||
@ -540,7 +512,6 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
- name: Upload auto-update artifact
|
- name: Upload auto-update artifact
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
|
||||||
with:
|
with:
|
||||||
name: ${{ needs.setup.outputs.release_channel }}.yml
|
name: ${{ needs.setup.outputs.release_channel }}.yml
|
||||||
@ -603,13 +574,11 @@ jobs:
|
|||||||
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
||||||
|
|
||||||
- name: Login to Azure
|
- name: Login to Azure
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
||||||
with:
|
with:
|
||||||
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||||
|
|
||||||
- name: Download Provisioning Profiles secrets
|
- name: Download Provisioning Profiles secrets
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
env:
|
env:
|
||||||
ACCOUNT_NAME: bitwardenci
|
ACCOUNT_NAME: bitwardenci
|
||||||
CONTAINER_NAME: profiles
|
CONTAINER_NAME: profiles
|
||||||
@ -622,7 +591,6 @@ jobs:
|
|||||||
--output none
|
--output none
|
||||||
|
|
||||||
- name: Get certificates
|
- name: Get certificates
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
run: |
|
run: |
|
||||||
mkdir -p $HOME/certificates
|
mkdir -p $HOME/certificates
|
||||||
|
|
||||||
@ -645,7 +613,6 @@ jobs:
|
|||||||
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
|
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
|
||||||
|
|
||||||
- name: Set up keychain
|
- name: Set up keychain
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
env:
|
env:
|
||||||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
||||||
run: |
|
run: |
|
||||||
@ -675,7 +642,6 @@ jobs:
|
|||||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
||||||
|
|
||||||
- name: Set up provisioning profiles
|
- name: Set up provisioning profiles
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
run: |
|
run: |
|
||||||
cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
|
cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
|
||||||
$GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile
|
$GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile
|
||||||
@ -695,7 +661,7 @@ jobs:
|
|||||||
working-directory: ./
|
working-directory: ./
|
||||||
|
|
||||||
- name: Download SDK Artifacts
|
- name: Download SDK Artifacts
|
||||||
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
if: ${{ inputs.sdk_branch != '' }}
|
||||||
uses: bitwarden/gh-actions/download-artifacts@main
|
uses: bitwarden/gh-actions/download-artifacts@main
|
||||||
with:
|
with:
|
||||||
github_token: ${{secrets.GITHUB_TOKEN}}
|
github_token: ${{secrets.GITHUB_TOKEN}}
|
||||||
@ -708,7 +674,7 @@ jobs:
|
|||||||
if_no_artifact_found: fail
|
if_no_artifact_found: fail
|
||||||
|
|
||||||
- name: Override SDK
|
- name: Override SDK
|
||||||
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
if: ${{ inputs.sdk_branch != '' }}
|
||||||
working-directory: ./
|
working-directory: ./
|
||||||
run: |
|
run: |
|
||||||
ls -l ../
|
ls -l ../
|
||||||
@ -735,7 +701,6 @@ jobs:
|
|||||||
browser-build:
|
browser-build:
|
||||||
name: Browser Build
|
name: Browser Build
|
||||||
needs: setup
|
needs: setup
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: ./.github/workflows/build-browser.yml
|
uses: ./.github/workflows/build-browser.yml
|
||||||
secrets: inherit
|
secrets: inherit
|
||||||
|
|
||||||
@ -743,7 +708,6 @@ jobs:
|
|||||||
macos-package-github:
|
macos-package-github:
|
||||||
name: MacOS Package GitHub Release Assets
|
name: MacOS Package GitHub Release Assets
|
||||||
runs-on: macos-13
|
runs-on: macos-13
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
needs:
|
needs:
|
||||||
- browser-build
|
- browser-build
|
||||||
- macos-build
|
- macos-build
|
||||||
@ -985,7 +949,6 @@ jobs:
|
|||||||
macos-package-mas:
|
macos-package-mas:
|
||||||
name: MacOS Package Prod Release Asset
|
name: MacOS Package Prod Release Asset
|
||||||
runs-on: macos-13
|
runs-on: macos-13
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
needs:
|
needs:
|
||||||
- browser-build
|
- browser-build
|
||||||
- macos-build
|
- macos-build
|
||||||
@ -1253,7 +1216,6 @@ jobs:
|
|||||||
macos-package-dev:
|
macos-package-dev:
|
||||||
name: MacOS Package Dev Release Asset
|
name: MacOS Package Dev Release Asset
|
||||||
runs-on: macos-13
|
runs-on: macos-13
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
needs:
|
needs:
|
||||||
- browser-build
|
- browser-build
|
||||||
- macos-build
|
- macos-build
|
||||||
|
41
.github/workflows/build-web-target.yml
vendored
41
.github/workflows/build-web-target.yml
vendored
@ -1,41 +0,0 @@
|
|||||||
name: Build Web on PR Target
|
|
||||||
|
|
||||||
on:
|
|
||||||
pull_request_target:
|
|
||||||
types: [opened, synchronize]
|
|
||||||
branches-ignore:
|
|
||||||
- 'l10n_master'
|
|
||||||
- 'cf-pages'
|
|
||||||
paths:
|
|
||||||
- 'apps/web/**'
|
|
||||||
- 'libs/**'
|
|
||||||
- '*'
|
|
||||||
- '!*.md'
|
|
||||||
- '!*.txt'
|
|
||||||
- '.github/workflows/build-web.yml'
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
custom_tag_extension:
|
|
||||||
description: "Custom image tag extension"
|
|
||||||
required: false
|
|
||||||
sdk_branch:
|
|
||||||
description: "Custom SDK branch"
|
|
||||||
required: false
|
|
||||||
type: string
|
|
||||||
|
|
||||||
defaults:
|
|
||||||
run:
|
|
||||||
shell: bash
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
check-run:
|
|
||||||
name: Check PR run
|
|
||||||
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
|
|
||||||
|
|
||||||
run-workflow:
|
|
||||||
name: Run Build Web on PR Target
|
|
||||||
needs: check-run
|
|
||||||
if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
|
|
||||||
uses: ./.github/workflows/build-web.yml
|
|
||||||
secrets: inherit
|
|
||||||
|
|
28
.github/workflows/build-web.yml
vendored
28
.github/workflows/build-web.yml
vendored
@ -1,7 +1,7 @@
|
|||||||
name: Build Web
|
name: Build Web
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request_target:
|
||||||
types: [opened, synchronize]
|
types: [opened, synchronize]
|
||||||
branches-ignore:
|
branches-ignore:
|
||||||
- 'l10n_master'
|
- 'l10n_master'
|
||||||
@ -27,8 +27,6 @@ on:
|
|||||||
- '.github/workflows/build-web.yml'
|
- '.github/workflows/build-web.yml'
|
||||||
release:
|
release:
|
||||||
types: [published]
|
types: [published]
|
||||||
workflow_call:
|
|
||||||
inputs: {}
|
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
inputs:
|
inputs:
|
||||||
custom_tag_extension:
|
custom_tag_extension:
|
||||||
@ -43,13 +41,18 @@ env:
|
|||||||
_AZ_REGISTRY: bitwardenprod.azurecr.io
|
_AZ_REGISTRY: bitwardenprod.azurecr.io
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
check-run:
|
||||||
|
name: Check PR run
|
||||||
|
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
|
||||||
|
|
||||||
setup:
|
setup:
|
||||||
name: Setup
|
name: Setup
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
needs:
|
||||||
|
- check-run
|
||||||
outputs:
|
outputs:
|
||||||
version: ${{ steps.version.outputs.value }}
|
version: ${{ steps.version.outputs.value }}
|
||||||
node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
|
node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
|
||||||
has_secrets: ${{ steps.check-secrets.outputs.has_secrets }}
|
|
||||||
steps:
|
steps:
|
||||||
- name: Check out repo
|
- name: Check out repo
|
||||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||||
@ -67,14 +70,6 @@ jobs:
|
|||||||
NODE_VERSION=${NODE_NVMRC/v/''}
|
NODE_VERSION=${NODE_NVMRC/v/''}
|
||||||
echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
|
echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
- name: Check secrets
|
|
||||||
id: check-secrets
|
|
||||||
env:
|
|
||||||
AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
|
||||||
run: |
|
|
||||||
has_secrets=${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL != '' }}
|
|
||||||
echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
build-artifacts:
|
build-artifacts:
|
||||||
name: Build artifacts
|
name: Build artifacts
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
@ -133,7 +128,7 @@ jobs:
|
|||||||
run: npm ci
|
run: npm ci
|
||||||
|
|
||||||
- name: Download SDK Artifacts
|
- name: Download SDK Artifacts
|
||||||
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
if: ${{ inputs.sdk_branch != '' }}
|
||||||
uses: bitwarden/gh-actions/download-artifacts@main
|
uses: bitwarden/gh-actions/download-artifacts@main
|
||||||
with:
|
with:
|
||||||
github_token: ${{secrets.GITHUB_TOKEN}}
|
github_token: ${{secrets.GITHUB_TOKEN}}
|
||||||
@ -146,7 +141,7 @@ jobs:
|
|||||||
if_no_artifact_found: fail
|
if_no_artifact_found: fail
|
||||||
|
|
||||||
- name: Override SDK
|
- name: Override SDK
|
||||||
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
if: ${{ inputs.sdk_branch != '' }}
|
||||||
working-directory: ./
|
working-directory: ./
|
||||||
run: |
|
run: |
|
||||||
ls -l ../
|
ls -l ../
|
||||||
@ -215,23 +210,19 @@ jobs:
|
|||||||
|
|
||||||
########## ACRs ##########
|
########## ACRs ##########
|
||||||
- name: Login to Prod Azure
|
- name: Login to Prod Azure
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
||||||
with:
|
with:
|
||||||
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
||||||
|
|
||||||
- name: Log into Prod container registry
|
- name: Log into Prod container registry
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
run: az acr login -n bitwardenprod
|
run: az acr login -n bitwardenprod
|
||||||
|
|
||||||
- name: Login to Azure - CI Subscription
|
- name: Login to Azure - CI Subscription
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
||||||
with:
|
with:
|
||||||
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||||
|
|
||||||
- name: Retrieve github PAT secrets
|
- name: Retrieve github PAT secrets
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
id: retrieve-secret-pat
|
id: retrieve-secret-pat
|
||||||
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
||||||
with:
|
with:
|
||||||
@ -279,7 +270,6 @@ jobs:
|
|||||||
run: echo "name=$_AZ_REGISTRY/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
|
run: echo "name=$_AZ_REGISTRY/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
- name: Build Docker image
|
- name: Build Docker image
|
||||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
||||||
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
|
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
|
||||||
with:
|
with:
|
||||||
context: apps/web
|
context: apps/web
|
||||||
|
10
.github/workflows/lint.yml
vendored
10
.github/workflows/lint.yml
vendored
@ -1,20 +1,12 @@
|
|||||||
name: Lint
|
name: Lint
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
push:
|
||||||
types: [opened, synchronize]
|
|
||||||
branches-ignore:
|
branches-ignore:
|
||||||
- 'l10n_master'
|
- 'l10n_master'
|
||||||
- 'cf-pages'
|
- 'cf-pages'
|
||||||
paths-ignore:
|
paths-ignore:
|
||||||
- '.github/workflows/**'
|
- '.github/workflows/**'
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- 'main'
|
|
||||||
- 'rc'
|
|
||||||
- 'hotfix-rc-*'
|
|
||||||
paths-ignore:
|
|
||||||
- '.github/workflows/**'
|
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
inputs: {}
|
inputs: {}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user