From 00fd2ec03f16492c5df53210374723d133fe557a Mon Sep 17 00:00:00 2001
From: Micaiah Martin <77340197+mimartin12@users.noreply.github.com>
Date: Wed, 4 May 2022 10:19:04 -0500
Subject: [PATCH] Update publish settings to use S3 (#1521)

* Update publish settings to use S3

* Fix formatting

* Added endpoint with new domain

* Updated S3 publisher config

* added npm CD commands for workflow later.

* Updated release workflow to publish to S3

* testing release

* Reduce aws cli output

* Remove test

* Finalize release workflow
- Reverted back testing logic
- Removed dry run check for GH release since it creates it as a draf anyways
- Removed artifact_url env as it's no longer needed.

* Remove testing values

* Merge Master

* Added endpoint in config
---
 .github/workflows/release.yml | 74 ++++++++++++++++++++++-------------
 electron-builder.json         | 15 +++++--
 2 files changed, 58 insertions(+), 31 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8d8bb965..fc4efbd9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -62,48 +62,69 @@ jobs:
           BRANCH_NAME=$(basename ${{ github.ref }})
           echo "::set-output name=branch-name::$BRANCH_NAME"
 
+      - name: Login to Azure
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "aws-electron-access-id, aws-electron-access-key"
+
       - name: Download all artifacts
         uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
         with:
           workflow: build.yml
           workflow_conclusion: success
           branch: ${{ steps.branch.outputs.branch-name }}
+          path: ./artifacts
 
       - name: Rename .pkg to .pkg.archive
         env:
           PKG_VERSION: ${{ steps.retrieve-version.outputs.package_version }}
+        working-directory: ./artifacts
         run: mv Bitwarden-${{ env.PKG_VERSION }}-universal.pkg Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive
 
+      - name: Publish artifacts to S3
+        env:
+          AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }}
+          AWS_DEFAULT_REGION: 'us-west-2'
+        run: |
+          aws s3 cp ./artifacts s3://public-s3-electron-artifacts/desktop/ \
+          --acl "public-read" \
+          --recursive \
+          --quiet
+
       - name: Create release
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
         uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09  # v2.8.5
         env:
           PKG_VERSION: ${{ steps.retrieve-version.outputs.package_version }}
         with:
-          artifacts: "Bitwarden-${{ env.PKG_VERSION }}-amd64.deb,
-            Bitwarden-${{ env.PKG_VERSION }}-x86_64.rpm,
-            Bitwarden-${{ env.PKG_VERSION }}-x64.freebsd,
-            bitwarden_${{ env.PKG_VERSION }}_amd64.snap,
-            Bitwarden-${{ env.PKG_VERSION }}-x86_64.AppImage,
-            latest-linux.yml,
-            Bitwarden-Portable-${{ env.PKG_VERSION }}.exe,
-            Bitwarden-Installer-${{ env.PKG_VERSION }}.exe,
-            Bitwarden-${{ env.PKG_VERSION }}-ia32-store.appx,
-            Bitwarden-${{ env.PKG_VERSION }}-ia32.appx,
-            Bitwarden-${{ env.PKG_VERSION }}-ia32.nsis.7z,
-            Bitwarden-${{ env.PKG_VERSION }}-x64-store.appx,
-            Bitwarden-${{ env.PKG_VERSION }}-x64.appx,
-            Bitwarden-${{ env.PKG_VERSION }}-x64.nsis.7z,
-            Bitwarden-${{ env.PKG_VERSION }}-arm64-store.appx,
-            Bitwarden-${{ env.PKG_VERSION }}-arm64.appx,
-            Bitwarden-${{ env.PKG_VERSION }}-arm64.nsis.7z,
-            bitwarden.${{ env.PKG_VERSION }}.nupkg,
-            latest.yml,
-            Bitwarden-${{ env.PKG_VERSION }}-universal-mac.zip,
-            Bitwarden-${{ env.PKG_VERSION }}-universal.dmg,
-            Bitwarden-${{ env.PKG_VERSION }}-universal.dmg.blockmap,
-            latest-mac.yml,
-            Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive"
+          artifacts: "artifacts/Bitwarden-${{ env.PKG_VERSION }}-amd64.deb,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-x86_64.rpm,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64.freebsd,
+            artifacts/bitwarden_${{ env.PKG_VERSION }}_amd64.snap,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-x86_64.AppImage,
+            artifacts/Bitwarden-Portable-${{ env.PKG_VERSION }}.exe,
+            artifacts/Bitwarden-Installer-${{ env.PKG_VERSION }}.exe,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-ia32-store.appx,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-ia32.appx,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-ia32.nsis.7z,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64-store.appx,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64.appx,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64.nsis.7z,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-arm64-store.appx,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-arm64.appx,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-arm64.nsis.7z,
+            artifacts/bitwarden.${{ env.PKG_VERSION }}.nupkg,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal-mac.zip,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.dmg,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.dmg.blockmap,
+            artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive"
           commit: ${{ github.sha }}
           tag: v${{ env.PKG_VERSION }}
           name: Version ${{ env.PKG_VERSION }}
@@ -150,9 +171,6 @@ jobs:
           artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap
           path: ./dist
 
-      - name: Test
-        run: ls -alht dist
-
       - name: Deploy to Snap Store
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
         run: |
diff --git a/electron-builder.json b/electron-builder.json
index 8724269c..a8153e9d 100644
--- a/electron-builder.json
+++ b/electron-builder.json
@@ -8,6 +8,14 @@
   "afterSign": "scripts/after-sign.js",
   "asarUnpack": ["**/*.node"],
   "files": ["**/*", "!**/node_modules/@bitwarden/desktop-native/**/*"],
+  "publish": {
+    "provider": "s3",
+    "bucket": "public-s3-electron-artifacts",
+    "path": "desktop",
+    "acl": "public-read",
+    "region": "us-west-2",
+    "endpoint": "https://artifacts.bitwarden.com/desktop"
+  },
   "mac": {
     "electronUpdaterCompatibility": ">=0.0.1",
     "category": "public.app-category.productivity",
@@ -102,15 +110,16 @@
     "artifactName": "${productName}-${version}-${arch}.${ext}",
     "depends": ["libnotify4", "libxtst6", "libnss3", "libsecret-1-0", "libxss1"]
   },
-  "appImage": { "artifactName": "${productName}-${version}-${arch}.${ext}" },
+  "appImage": {
+    "artifactName": "${productName}-${version}-${arch}.${ext}"
+  },
   "rpm": { "artifactName": "${productName}-${version}-${arch}.${ext}" },
   "freebsd": { "artifactName": "${productName}-${version}-${arch}.${ext}" },
   "snap": {
     "autoStart": true,
     "confinement": "strict",
     "plugs": ["default", "password-manager-service"],
-    "stagePackages": ["default"],
-    "publish": ["github"]
+    "stagePackages": ["default"]
   },
   "protocols": [{ "name": "Bitwarden", "schemes": ["bitwarden"] }]
 }