1
0
mirror of https://github.com/bitwarden/browser.git synced 2025-01-25 21:51:30 +01:00
Commit Graph

526 Commits

Author SHA1 Message Date
Matt Bishop
c628f541d1
Sign main branch Unified container builds with cosign and perform security scanning (#12403) 2024-12-16 12:35:00 -05:00
Todd Martin
7c8b9db58f
Revert workflow changes (#12376)
* Revert "fix: target workflows not triggering on pull_request_target (#12370)"

This reverts commit 645d36f465.

* Revert "[PM-15126] Tighten scope of our client build pipelines to remove reliance on secrets (#12243)"

This reverts commit f8c33ea04b.
2024-12-12 12:22:55 -05:00
Andreas Coroiu
645d36f465
fix: target workflows not triggering on pull_request_target (#12370) 2024-12-12 12:42:44 +00:00
Andreas Coroiu
f8c33ea04b
[PM-15126] Tighten scope of our client build pipelines to remove reliance on secrets (#12243)
* feat: create copy of desktop build for PR target

* chore: add temporary file to trigger ci

* fix: remove check-run from regular desktop build

* feat: change browser build to not use pr target

* fix: skip build-safari if secret is not available

* feat: skip safari build if secrets are not available

* feat: let windows desktop build without secrets

* fix: has_secrets not being output correctly

* feat: let macos desktop build without secrets

* feat: don't build browser as part of desktop

* feat: change CLI to pull_request

* feat: let web build without secrets

* feat: tweak lint to run on PR and not just push

* feat: add PR target workflows

* fix: remove wip files

* fix: lint on hotfix-rc branches

* feat: add new workflows to CODEOWNERS
2024-12-12 11:50:21 +01:00
renovate[bot]
02c65fd1b8
[deps] BRE: Update sonarsource/sonarcloud-github-action action to v4 (#12311)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-12-09 16:51:27 -05:00
Bernd Schoolmann
80a898bd8c
[PM-14252] Switch to oo7 and drop libsecret (#11900)
* Switch to oo7 and drop libsecret

* Fix tests

* Fix windows

* Fix windows

* Fix windows

* Fix windows

* Add migration

* Update apps/desktop/desktop_native/core/src/password/unix.rs

Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>

* Remove libsecret in ci

* Move allow async to trait level

* Fix comment

* Pin oo7 dependency

---------

Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2024-12-04 17:03:34 +01:00
Daniel James Smith
cf52c6030e
Cleaning up after removing gulp from codebase (#12117)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2024-11-25 17:51:24 +01:00
Opeyemi
9e15f7dc29
[BRE-443] - Fix Linting pre bwwl Deployment (#12066) 2024-11-20 15:05:46 +00:00
Oscar Hinton
e43a204ab2
Fix broken browser build (#12050) 2024-11-19 13:43:19 +00:00
Oscar Hinton
b55a28f755
[PM-14485] Remove manifest and index.html logic from gulp (#12033)
Refactor the remaining logic from gulp.  Part of the browser build script
refactor effort.

Webpack is now responsible for performing most of the operations previously
done by gulp. This includes: - Setting browser specific class - Building the
manifest file  The `package.json` is modified to include browser specific
commands for `build`, `build:prod`, `build:watch` and `dist`.

# Manifests

Manifests now uses the `copy-webpack-plugin` `transform` feature. The logic is
located in `apps/browser/webpack/manifest.js`. It reads a template, which
supports some basic operations primarily overriding with browser specific
fields using `__browser__`.  The `manifest.json` for both regular and mv3
builds are identical to our existing manifests except:
- `applications` renamed to `browser_specific_settings`.
- `permissions` sorted alphabetically.

# Safari build

Safari requires additional packaging commands. This is implemented as a
powershell script due to the cross-platform nature, and since we generally
require powershell in our distribution pipelines. An alternative would be to
write it in bash, but bash is less powerful and would require some additional
commands like `jq`. Another alternative is to write it using js, but that would
require additional dependencies.
2024-11-19 13:25:30 +00:00
Andreas Coroiu
33f7643e15
[PM-12989] Create process for qa to build client with particular sdk version (#11601)
* feat: update sdk service abstraction with documentation and new `userClient$` function

* feat: add uninitialized user client with cache

* feat: initialize user crypto

* feat: initialize org keys

* fix: org crypto not initializing properly

* feat: avoid creating clients unnecessarily

* chore: remove dev print/subscription

* fix: clean up cache

* chore: update sdk version

* feat: implement clean-up logic (#11504)

* chore: bump sdk version to fix build issues

* chore: bump sdk version to fix build issues

* fix: missing constructor parameters

* refactor: simplify free() and delete() calls

* refactor: use a named function for client creation

* fix: client never freeing after refactor

* fix: broken impl and race condition in tests

* feat: add sdk override to desktop build

* feat: add SDK version to browser about dialog

* feat: add sdk override to browser build

* fix: `npm ci` overriding the override

* fix: artifacts not properly downloaded

* fix: switch to new repository

* feat: add debug version function to web

* feat: add sdk-version to CLI

* feat: add version to desktop

* feat: add override to cli

* feat: add override to web

* fix: cli version acting as default command

* fix: consistent workflow input name

* feat: add error handling

* feat: upgrade sdk-internal

* fix: forgot to update package lock

* fix: broken CI build

move sdk version to a regular command

* chore: revert version changes

* refactor: move error handling code

* chore: bump SDK to 0.2.0.main-1

* fix: clean up references to inputs.sdk_commit

* refactor: rename `init` to `applyVersionToWindow`
2024-11-19 13:59:59 +01:00
Vince Grassia
4d9dc9a839
BRE-438 - Update Crowdin workflow (#12038) 2024-11-18 16:15:58 +00:00
Oscar Hinton
d875ded8fa
Revert "[PM-14485] Remove manifest and index.html logic from gulp" (#12032)
This reverts commit c388697fdf.
2024-11-18 15:38:53 +01:00
Oscar Hinton
c388697fdf
[PM-14485] Remove manifest and index.html logic from gulp (#11861)
Refactor the remaining logic from gulp.  Part of the browser build script
refactor effort.

Webpack is now responsible for performing most of the operations previously
done by gulp. This includes: - Setting browser specific class - Building the
manifest file  The `package.json` is modified to include browser specific
commands for `build`, `build:prod`, `build:watch` and `dist`.

# Manifests

Manifests now uses the `copy-webpack-plugin` `transform` feature. The logic is
located in `apps/browser/webpack/manifest.js`. It reads a template, which
supports some basic operations primarily overriding with browser specific
fields using `__browser__`.  The `manifest.json` for both regular and mv3
builds are identical to our existing manifests except:
- `applications` renamed to `browser_specific_settings`.
- `permissions` sorted alphabetically.

# Safari build

Safari requires additional packaging commands. This is implemented as a
powershell script due to the cross-platform nature, and since we generally
require powershell in our distribution pipelines. An alternative would be to
write it in bash, but bash is less powerful and would require some additional
commands like `jq`. Another alternative is to write it using js, but that would
require additional dependencies.
2024-11-18 11:50:24 +01:00
Andreas Coroiu
b4aea05169
revert: recent changes to build-desktop.yml and entitlements (#11991)
* Revert workflow changes in "[PM-9022] scaffold the extension and build pipeline (#9948)"

This reverts commit 62112b99a9.

* fix: comment out autofill entitlement
2024-11-14 11:42:10 +01:00
Bernd Schoolmann
a75c2118ec
[PM-14850] Flatpak development & qa artifacts (#11925)
* Add flatpak development manifest

* Undo removal of libsecret

* Update .github/workflows/build-desktop.yml

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>

---------

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
2024-11-13 17:41:47 +01:00
Michał Chęciński
63a71981fb
Fix github token generating in repository-management.yml workflow (#11983)
* Skip token revoke in repository-management.yml workflow

* GEt gh token in every job
2024-11-13 16:58:43 +01:00
Vince Grassia
334b82764c
Change Docker image tag logic to support pull_request_target trigger (#11984) 2024-11-13 16:19:38 +01:00
Andreas Coroiu
62112b99a9
[PM-9022] scaffold the extension and build pipeline (#9948)
* feat: add macos xcode project

* feat: add extension to mas build

* feat: use `after-sign` to avoid issues

Electron builder modifies the .plist in the extension which causes issues with the signing process. Copying and re-signing manually avoids this because it bypasses the electron builder for the extension

* feat: always clean build and add better error handling

* chore: add some logging to after-sign

* feat: automatically cleanup xcode build to avoid duplicate extensions

* docs: add information about managing extensions

* feat: add missing safari extension logging

* lint: allow macos filenames

* chore: add macos to platform ownership

* lint: add some additional allowed files

* feat: don't build autofill extension for MAS

* chore: ignore capital letters linting for all macos files

* chore: replace gulpfile with regular node script

* chore: add lint rules to script

* lint: fix remaining lint issues in script

* chore: tweak lint rule

* feat: remove desktop target

* fix: use new provisioning profile for dev extension

* Update to unblock CI builds

* chore: remove extension from masdev pack

This way we don't include the extension in any build and can avoid the signing issues it brings

* chore: add autofill as codeowner

* chore: remove xcuserdata

* chore: ignore xcuserdata

---------

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
Co-authored-by: Michał Chęciński <mchecinski@bitwarden.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2024-11-13 15:54:35 +01:00
Matt Bishop
5755d4b3a8
Use correct event and branch targets for some workflow steps (#11961) 2024-11-11 16:38:03 -05:00
Matt Bishop
80c71c191b
Check run earlier during setup (#11958) 2024-11-11 13:19:33 -05:00
Vince Grassia
e95af8269f
Add check for trigger event (#11904) 2024-11-07 15:15:44 -05:00
Vince Grassia
771bfdaccd
Fix quotes (#11902) 2024-11-07 19:42:10 +00:00
Vince Grassia
668ede2dfb
Add event_name check to Deploy Web trigger job (#11901) 2024-11-07 14:38:05 -05:00
Matt Bishop
db40f20160
Check run permissions for build artifact generation secrets usage (#11897) 2024-11-07 13:01:54 -05:00
Vince Grassia
9d2c57d3d9
BRE-344 - Add Repository Management workflow (#11855) 2024-11-05 11:48:03 -05:00
Oscar Hinton
af6a2f5553
[PM-13375] Gulp: Remove beta builds (#11482)
Part of the browser build script refactor effort. bitwarden.atlassian.net/browse/PM-6683

The beta logic adds a fair bit of complexity and is currently unused. Let’s remove it and we can look into re-add it after migrating to our new build system.
2024-11-05 10:54:38 +01:00
renovate[bot]
dd6def2f52
[deps] DevOps: Update gh minor (#11730)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-30 11:29:15 -04:00
Opeyemi
133257f60e
clean up document start (#11607) 2024-10-17 18:40:42 +00:00
renovate[bot]
f6f487bdce
[deps] DevOps: Update gh minor (#11537)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-17 10:45:49 -04:00
Oscar Hinton
844d2298e9
[PM-13271] Remove unused ci:coverage from gulpfile (#11455)
Remove the gulp coverage report since we now use jest, and coverage is handled through the root coverage report which is done in a different script.
2024-10-08 16:33:27 +02:00
Maciej Zieniuk
df14e3f030
[PM-13207] Detect incompatible locale changes (#11425)
* detecting unsupported modifications in locales

* typo fix

* limit to english locales, increased verbosity

* increased verbosity
2024-10-08 14:02:58 +02:00
Daniel García
9aeb412404
[PM-7646][PM-5506] Rust IPC changes: Episode 2 (#11122)
* Revert "[PM-7646][PM-5506] Revert IPC changes (#10946)"

This reverts commit ed4d481e4d.

* Ensure tmp dir gets created on MacOS

* Remove client reconnections

* Improve client error handling and process exiting
2024-10-01 16:28:56 +02:00
Michał Chęciński
cc9a72616a
Differenciate slack chanel by environment in deploy-web.yml workflow (#11255) 2024-09-30 09:18:37 -04:00
renovate[bot]
0cd2b4aae5
[deps] DevOps: Update gh minor (#11320)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-30 11:46:20 +02:00
renovate[bot]
0089ae0886
[deps] DevOps: Update gh minor (#11064)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-24 11:35:01 -04:00
Vince Grassia
64844600dc
Fix alert message for Desktop builds (#11139) 2024-09-19 10:40:55 +02:00
Vince Grassia
f2142e318e
BRE-315 - Update workflow to push to TestFlight on protected branches (#11082) 2024-09-16 11:15:34 -06:00
Opeyemi
d34b40797e
[BRE-246] - Use GH-App for Version Bump Workflow (#10986)
* Use GH-App for version bump workflow

* update secret
2024-09-16 16:36:53 +01:00
Matt Gibson
3be5c4800b
Do not test napi crate on windows (#11003)
* Do not test napi crate on windows

possibly related to https://github.com/napi-rs/napi-rs/issues/1405. We are seeing buffer overflows in ci due to repeated Node-API GetProcAddress failures.

We don't have any tests in the napi crate, so there's no harm in removing those tests right now. If we have tests there in the future, we'll need to actually fix this. However, the napi crate is just a wiring crate, so maybe we won't ever have any unit tests there.

* include crate in name

* Remove crate axis
2024-09-12 11:21:23 -06:00
Todd Martin
ed4d481e4d
[PM-7646][PM-5506] Revert IPC changes (#10946)
* Revert "Remove unnecessary plist keys in desktop_proxy (#10933)"

This reverts commit 4dbb036df1.

* Revert "Fix TestFlight errors caused by desktop_proxy (#10928)"

This reverts commit 40cb4b5353.

* Revert "[PM-5506] Enable electron fuses (#10073)"

This reverts commit 78c5e9c706.

* Revert "[PM-7846] Implement a rust based native messaging proxy and IPC system (#9894)"

This reverts commit 55874b72bf.
2024-09-09 09:09:17 -04:00
Daniel García
55874b72bf
[PM-7846] Implement a rust based native messaging proxy and IPC system (#9894)
* [PM-7846] Implement a rust based native messaging proxy and IPC system

* Only build desktop_proxy

* Bundle the desktop_proxy file

* Make sys deps optional for the proxy

* Restore accidentally deleted after-sign

* Update native cache to contain dist folder

* Add some test logging

* Native module cache seems very aggressive

* Fix invalid directory

* Fix debug print

* Remove cache force

* Remove cache debug code

* Only log to file in debug builds

* Place the binary in the correct place for mac and make sure it's signed

* Fix platform paths

* Test unsigned appx

* Revert "Test unsigned appx"

This reverts commit e47535440a.

* Fix comment

* Remove logs

* Use debug builds in native code, and test private path on MacOS

* Add connected message

* Update IPC API comments

* Update linux to also use XDG_ dir

* Update main.rs comment

* Improve docs and split some tasks spawned into separate functions

* Update send docs and return number of elements sent

* Mark `listen` as async to ensure it runs in a tokio context, handle errors better

* Add log on client channel closed

* Move binary to MacOS folder, and sign it manually so it gets the correct entitlements

* Fix some review comments

* Run prettier

* Added missing zbus_polkit dep

* Extract magic number and increase it to match spec

* Comment fix

* Use Napi object, combine nativeBinding export, always log to file

* Missed one comment

* Remove unnecessary generics

* Correct comment

* Select only codesigning identities

* Filter certificates

* Also add local dev cert

* Remove log

* Fix package ID

* debug_assert won't run the pop() in release mode

* Better error messages

* Fix review comments

* Remove unnecessary comment

* Update napi generated TS file

* Temporary fix for DDG
2024-09-05 12:54:24 +02:00
renovate[bot]
b90563aa50
[deps] DevOps: Update sonarsource/sonarcloud-github-action action to v3 (#10851)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-04 09:52:22 -04:00
renovate[bot]
46835f0a58
[deps] DevOps: Update gh minor (#10847)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-04 09:44:00 -04:00
Vince Grassia
00bdfa1cda
Revert "[deps] DevOps: Update crowdin/github-action action to v2 (#10596)" (#10775)
This reverts commit b0636bb39d.
2024-08-28 18:15:16 +01:00
Vince Grassia
866a624e44
Fix NPM build artifact (#10734) 2024-08-26 18:05:43 -06:00
renovate[bot]
f9b66db1a9
[deps] DevOps: Update gh minor (#10577)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-26 16:45:28 -04:00
Vince Grassia
da6b3535da
BRE-277 - Fix CLI NPM publish job (#10729) 2024-08-26 18:33:14 +01:00
renovate[bot]
b0636bb39d
[deps] DevOps: Update crowdin/github-action action to v2 (#10596)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-26 11:38:10 -04:00
renovate[bot]
f7c4a82773
[deps] DevOps: Update docker/build-push-action action to v6 (#10597)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-26 11:37:33 -04:00