From 7f217a261fdcc57733a6a9685485cbe45e6312d1 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 5 Jan 2021 16:13:08 +0000 Subject: [PATCH] trying to switch over to GH Actions because AZ Pipelines seems to have a problem with the secrets in environments... --- .github/workflows/build-and-sign.yml | 254 +++++++++++++++++++++++++++ 1 file changed, 254 insertions(+) create mode 100644 .github/workflows/build-and-sign.yml diff --git a/.github/workflows/build-and-sign.yml b/.github/workflows/build-and-sign.yml new file mode 100644 index 00000000..fe2d76b6 --- /dev/null +++ b/.github/workflows/build-and-sign.yml @@ -0,0 +1,254 @@ +name: Build & Sign + +on: [workflow_dispatch] + +jobs: + windows: + runs-on: windows-latest + steps: + - name: Set up Node + uses: actions/setup-node@v1 + with: + node-version: '10.x' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + shell: pwsh + + - name: Setup dotnet + uses: actions/setup-dotnet@v2 + with: + dotnet-version: "3.x" + + - name: Print environment + run: | + node --version + npm --version + dotnet --version + + exit 1 + + - name: Checkout repo + uses: actions/checkout@v2 + + - name: Load package version + run: ./.github/scripts/load-version.ps1 + shell: pwsh + + - name: Install Node dependencies + run: npm install + + - name: Run linter + run: npm run lint + + - name: Build application + shell: pwsh + run: npm run dist:win:ci + + - name: Rename appx files for store + shell: pwsh + run: | + Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx" ` + -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx" + Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx" ` + -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx" + + - name: Upload portable exe artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe + path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe + + - name: Upload installer exe artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe + path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe + + - name: Upload store appx ia32 artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx + path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx + + - name: Upload store appx x64 artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx + path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx + + - name: Deploy to Chocolatey + if: github.event_name == 'release' + run: ./scripts/choco-update.ps1 -version $env:PACKAGE_VERSION + shell: pwsh + + - name: Upload Chocolatey nupkg artifact + if: github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg + path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg + + - name: Upload release assets + if: github.event_name == 'release' + run: | + hub release edit ` + -a ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg ` + -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx ` + -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx ` + -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` + $env:RELEASE_TAG_NAME + shell: pwsh + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} + + macos: + runs-on: macos-latest + + steps: + - name: Set up Node + uses: actions/setup-node@v1 + with: + node-version: '10.x' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + + - name: Print environment + run: | + node --version + npm --version + Write-Output "GitHub ref: $env:GITHUB_REF" + Write-Output "GitHub event: $env:GITHUB_EVENT" + shell: pwsh + env: + GITHUB_REF: ${{ github.ref }} + GITHUB_EVENT: ${{ github.event_name }} + + - name: Checkout repo + uses: actions/checkout@v2 + + - name: Decrypt secrets + run: ./.github/scripts/macos/decrypt-secrets.ps1 + shell: pwsh + env: + DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + + - name: Set up keychain + run: ./.github/scripts/macos/setup-keychain.ps1 + shell: pwsh + env: + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} + DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} + APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} + MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Set up provisioning profiles + run: ./.github/scripts/macos/setup-profiles.ps1 + shell: pwsh + + - name: Increment version + run: ./.github/scripts/macos/increment-version.ps1 + shell: pwsh + + - name: Load package version + run: ./.github/scripts/load-version.ps1 + shell: pwsh + + - name: Install Node dependencies + run: npm install + + - name: Run linter + run: npm run lint + + - name: Create Safari directory + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + shell: pwsh + run: New-Item ./dist-safari -ItemType Directory -ea 0 + + - name: Checkout browser extension + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/checkout@v2 + with: + repository: 'bitwarden/browser' + path: 'dist-safari/browser' + + - name: Build Safari extension + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + shell: pwsh + run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy + + - name: Load Safari extension for .dmg + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + shell: pwsh + run: ./scripts/safari-build.ps1 -copyonly + + - name: Build application (dev) + if: github.ref != 'refs/heads/master' && github.event_name != 'release' + run: npm run build + + - name: Build application (dist) + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + run: npm run dist:mac + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Upload .zip artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip + path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip + + - name: Upload .dmg artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-${{ env.PACKAGE_VERSION }}.dmg + path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}.dmg + + - name: Load Safari extension for App Store + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + shell: pwsh + run: ./scripts/safari-build.ps1 -mas -copyonly + + - name: Build application for App Store + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + run: npm run dist:mac:mas + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Upload .pkg artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-${{ env.PACKAGE_VERSION }}.pkg + path: ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg + + - name: Deploy to App Store + if: github.event_name == 'release' + run: npm run upload:mas + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Upload release assets + if: github.event_name == 'release' + run: | + hub release edit ` + -a ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg ` + -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` + $env:RELEASE_TAG_NAME + shell: pwsh + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}