Update certificate types

- Moved to new certificate and provisioning types
- Added Safari provisioning profile
- Updated build workflow to handle new secrets and files

.github/workflows/build.yml

@@ -452,6 +452,9 @@ jobs:
           gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
             --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
             "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output "$HOME/secrets/bitwarden_safari_appstore.provisionprofile" \
+            "$GITHUB_WORKSPACE/.github/secrets/bitwarden_safari_appstore.provisionprofile.gpg"
 
       - name: Set up keychain
         shell: bash
@@ -460,6 +463,8 @@ jobs:
           DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
           DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
           APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
+          # New certificate type
+          APPSTORE_NEW_CERT_PASSWORD: ${{ secrets.APPSTORE_NEW_CERT_PASSWORD }}
           MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
           APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
         run: |
@@ -467,13 +472,13 @@ jobs:
           security default-keychain -s build.keychain
           security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security set-keychain-settings -lut 1200 build.keychain
-          security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
+          security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $APPSTORE_NEW_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
           security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
           security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
-          security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
+          security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_NEW_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
           security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
@@ -484,8 +489,8 @@ jobs:
       - name: Set up provisioning profiles
         shell: bash
         run: |
-          cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
-            $GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile
+          cp $HOME/secrets/*.provisionprofile \
+            $GITHUB_WORKSPACE/
 
       - name: Increment version
         shell: pwsh
@@ -596,6 +601,9 @@ jobs:
           gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
             --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
             "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output "$HOME/secrets/bitwarden_safari_appstore.provisionprofile" \
+            "$GITHUB_WORKSPACE/.github/secrets/bitwarden_safari_appstore.provisionprofile.gpg"
 
       - name: Set up keychain
         shell: bash
@@ -604,6 +612,8 @@ jobs:
           DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
           DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
           APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
+          # New certificate type
+          APPSTORE_NEW_CERT_PASSWORD: ${{ secrets.APPSTORE_NEW_CERT_PASSWORD }}
           MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
           APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
         run: |
@@ -611,13 +621,13 @@ jobs:
           security default-keychain -s build.keychain
           security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security set-keychain-settings -lut 1200 build.keychain
-          security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
+          security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $APPSTORE_NEW_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
           security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
           security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
-          security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
+          security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_NEW_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
           security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
@@ -628,8 +638,8 @@ jobs:
       - name: Set up provisioning profiles
         shell: bash
         run: |
-          cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
-            $GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile
+          cp $HOME/secrets/*.provisionprofile \
+            $GITHUB_WORKSPACE/
 
       - name: Increment version
         shell: pwsh
@@ -783,6 +793,9 @@ jobs:
           gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
             --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
             "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output "$HOME/secrets/bitwarden_safari_appstore.provisionprofile" \
+            "$GITHUB_WORKSPACE/.github/secrets/bitwarden_safari_appstore.provisionprofile.gpg"
 
       - name: Set up keychain
         shell: bash
@@ -791,6 +804,8 @@ jobs:
           DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
           DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
           APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
+          # New certificate type
+          APPSTORE_NEW_CERT_PASSWORD: ${{ secrets.APPSTORE_NEW_CERT_PASSWORD }}
           MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
           APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
         run: |
@@ -798,13 +813,13 @@ jobs:
           security default-keychain -s build.keychain
           security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security set-keychain-settings -lut 1200 build.keychain
-          security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
+          security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $APPSTORE_NEW_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
           security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
           security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
-          security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
+          security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_NEW_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
           security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
@@ -815,8 +830,8 @@ jobs:
       - name: Set up provisioning profiles
         shell: bash
         run: |
-          cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
-            $GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile
+          cp $HOME/secrets/*.provisionprofile \
+            $GITHUB_WORKSPACE/
 
       - name: Increment version
         shell: pwsh
@@ -962,6 +977,9 @@ jobs:
           gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
             --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
             "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
+          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
+            --output "$HOME/secrets/bitwarden_safari_appstore.provisionprofile" \
+            "$GITHUB_WORKSPACE/.github/secrets/bitwarden_safari_appstore.provisionprofile.gpg"
 
       - name: Set up keychain
         shell: bash
@@ -994,8 +1012,8 @@ jobs:
       - name: Set up provisioning profiles
         shell: bash
         run: |
-          cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
-            $GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile
+          cp $HOME/secrets/*.provisionprofile \
+            $GITHUB_WORKSPACE/
 
       - name: Increment version
         shell: pwsh