From b66d32b57ec3ede1896ab721c173820cc8e15c06 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Tue, 12 Oct 2021 11:51:26 -0400 Subject: [PATCH] Upgrade workflows to new model (#1104) * Update workflows to new Build/Test/Release model --- .github/scripts/decrypt-secret.ps1 | 29 -- .github/scripts/load-version.ps1 | 5 - .github/scripts/macos/decrypt-secrets.ps1 | 11 - .github/scripts/macos/increment-version.ps1 | 8 - .github/scripts/macos/setup-keychain.ps1 | 21 - .github/scripts/macos/setup-profiles.ps1 | 6 - .github/workflows/build.yml | 467 +++++++++++++---- .github/workflows/deploy.yml | 223 -------- .github/workflows/release.yml | 544 +++++--------------- 9 files changed, 497 insertions(+), 817 deletions(-) delete mode 100644 .github/scripts/decrypt-secret.ps1 delete mode 100644 .github/scripts/load-version.ps1 delete mode 100644 .github/scripts/macos/decrypt-secrets.ps1 delete mode 100644 .github/scripts/macos/increment-version.ps1 delete mode 100644 .github/scripts/macos/setup-keychain.ps1 delete mode 100644 .github/scripts/macos/setup-profiles.ps1 delete mode 100644 .github/workflows/deploy.yml diff --git a/.github/scripts/decrypt-secret.ps1 b/.github/scripts/decrypt-secret.ps1 deleted file mode 100644 index b5251d53..00000000 --- a/.github/scripts/decrypt-secret.ps1 +++ /dev/null @@ -1,29 +0,0 @@ -param ( - [Parameter(Mandatory=$true)] - [string] $filename, - [string] $output -) - -$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path -$rootPath = $env:GITHUB_WORKSPACE - -$secretInputPath = $rootPath + "/.github/secrets" -$input = $secretInputPath + "/" + $filename - -$passphrase = $env:DECRYPT_FILE_PASSWORD -$secretOutputPath = $homePath + "/secrets" - -if ([string]::IsNullOrEmpty($output)) { - if ($filename.EndsWith(".gpg")) { - $output = $secretOutputPath + "/" + $filename.TrimEnd(".gpg") - } else { - $output = $secretOutputPath + "/" + $filename + ".plaintext" - } -} - -if (!(Test-Path -Path $secretOutputPath)) -{ - New-Item -ItemType Directory -Path $secretOutputPath -} - -gpg --quiet --batch --yes --decrypt --passphrase="$passphrase" --output $output $input diff --git a/.github/scripts/load-version.ps1 b/.github/scripts/load-version.ps1 deleted file mode 100644 index 4c0c5193..00000000 --- a/.github/scripts/load-version.ps1 +++ /dev/null @@ -1,5 +0,0 @@ -$rootPath = $env:GITHUB_WORKSPACE; -$packageVersion = (Get-Content -Raw -Path $rootPath\src\package.json | ConvertFrom-Json).version; - -Write-Output "Setting package version to $packageVersion"; -Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append; diff --git a/.github/scripts/macos/decrypt-secrets.ps1 b/.github/scripts/macos/decrypt-secrets.ps1 deleted file mode 100644 index 0f010968..00000000 --- a/.github/scripts/macos/decrypt-secrets.ps1 +++ /dev/null @@ -1,11 +0,0 @@ -$rootPath = $env:GITHUB_WORKSPACE; - -$decryptSecretPath = $($rootPath + "/.github/scripts/decrypt-secret.ps1"); - -Invoke-Expression "& `"$decryptSecretPath`" -filename bitwarden-desktop-key.p12.gpg" -Invoke-Expression "& `"$decryptSecretPath`" -filename appstore-app-cert.p12.gpg" -Invoke-Expression "& `"$decryptSecretPath`" -filename appstore-installer-cert.p12.gpg" -Invoke-Expression "& `"$decryptSecretPath`" -filename devid-app-cert.p12.gpg" -Invoke-Expression "& `"$decryptSecretPath`" -filename devid-installer-cert.p12.gpg" -Invoke-Expression "& `"$decryptSecretPath`" -filename macdev-cert.p12.gpg" -Invoke-Expression "& `"$decryptSecretPath`" -filename bitwarden_desktop_appstore.provisionprofile.gpg" diff --git a/.github/scripts/macos/increment-version.ps1 b/.github/scripts/macos/increment-version.ps1 deleted file mode 100644 index 6becb67c..00000000 --- a/.github/scripts/macos/increment-version.ps1 +++ /dev/null @@ -1,8 +0,0 @@ -$rootPath = $env:GITHUB_WORKSPACE; -$packagePath = "$rootPath\package.json"; -$buildNumber = 500 + [int]$env:GITHUB_RUN_NUMBER; -Write-Output "Setting build number to $buildNumber"; -Write-Output "BUILD_NUMBER=$buildNumber" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append; -$package = Get-Content -Raw -Path $packagePath | ConvertFrom-Json; -$package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$buildNumber"; -$package | ConvertTo-Json -Depth 32 | Set-Content $packagePath; diff --git a/.github/scripts/macos/setup-keychain.ps1 b/.github/scripts/macos/setup-keychain.ps1 deleted file mode 100644 index 90f97c72..00000000 --- a/.github/scripts/macos/setup-keychain.ps1 +++ /dev/null @@ -1,21 +0,0 @@ -$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path; -$secretsPath = $homePath + "/secrets" - -$desktopKeyPath = $($secretsPath + "/bitwarden-desktop-key.p12"); -$devidAppCertPath = $($secretsPath + "/devid-app-cert.p12"); -$devidInstallerCertPath = $($secretsPath + "/devid-installer-cert.p12"); -$appstoreAppCertPath = $($secretsPath + "/appstore-app-cert.p12"); -$appstoreInstallerCertPath = $($secretsPath + "/appstore-installer-cert.p12"); -$macdevCertPath = $($secretsPath + "/macdev-cert.p12"); - -security create-keychain -p $env:KEYCHAIN_PASSWORD build.keychain -security default-keychain -s build.keychain -security unlock-keychain -p $env:KEYCHAIN_PASSWORD build.keychain -security set-keychain-settings -lut 1200 build.keychain -security import $desktopKeyPath -k build.keychain -P $env:DESKTOP_KEY_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -security import $devidAppCertPath -k build.keychain -P $env:DEVID_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -security import $devidInstallerCertPath -k build.keychain -P $env:DEVID_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -security import $appstoreAppCertPath -k build.keychain -P $env:APPSTORE_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -security import $appstoreInstallerCertPath -k build.keychain -P $env:APPSTORE_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -security import $macdevCertPath -k build.keychain -P $env:MACDEV_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $env:KEYCHAIN_PASSWORD build.keychain diff --git a/.github/scripts/macos/setup-profiles.ps1 b/.github/scripts/macos/setup-profiles.ps1 deleted file mode 100644 index 1f454dc0..00000000 --- a/.github/scripts/macos/setup-profiles.ps1 +++ /dev/null @@ -1,6 +0,0 @@ -$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path; -$secretsPath = $homePath + "/secrets" -$rootPath = $env:GITHUB_WORKSPACE -$pprofile = "bitwarden_desktop_appstore.provisionprofile" - -Copy-Item "$secretsPath/$pprofile" -destination "$rootPath/$pprofile" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 72fcf9b2..963863bb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -24,9 +24,36 @@ jobs: run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git + setup: + name: Setup + runs-on: ubuntu-20.04 + outputs: + package_version: ${{ steps.retrieve-version.outputs.package_version }} + build_number: ${{ steps.increment-version.outputs.build_number }} + steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + + - name: Get Package Version + id: retrieve-version + run: | + PKG_VERSION=$(jq -r .version src/package.json) + echo "::set-output name=package_version::$PKG_VERSION" + + - name: Increment version + id: increment-version + run: | + BUILD_NUMBER=$(expr 500 + $GITHUB_RUN_NUMBER) + echo "Setting build number to $BUILD_NUMBER" + echo "::set-output name=build_number::$BUILD_NUMBER" + + linux: name: Linux Build runs-on: ubuntu-20.04 + needs: setup + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 @@ -68,10 +95,6 @@ jobs: snap --version snapcraft --version || echo 'snapcraft unavailable' - - name: Load package version - run: ./.github/scripts/load-version.ps1 - shell: pwsh - - name: Install Node dependencies run: npm ci @@ -84,42 +107,52 @@ jobs: - name: Upload .deb artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-amd64.deb - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-amd64.deb + name: Bitwarden-${{ env._PACKAGE_VERSION }}-amd64.deb + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-amd64.deb if-no-files-found: error - name: Upload .rpm artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.rpm - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.rpm + name: Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.rpm + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.rpm if-no-files-found: error - name: Upload .freebsd artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64.freebsd - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.freebsd + name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.freebsd + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.freebsd if-no-files-found: error - name: Upload .snap artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: bitwarden_${{ env.PACKAGE_VERSION }}_amd64.snap - path: ./dist/bitwarden_${{ env.PACKAGE_VERSION }}_amd64.snap + name: bitwarden_${{ env._PACKAGE_VERSION }}_amd64.snap + path: ./dist/bitwarden_${{ env._PACKAGE_VERSION }}_amd64.snap if-no-files-found: error - name: Upload .AppImage artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage + name: Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.AppImage + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.AppImage + if-no-files-found: error + + - name: Upload latest auto-update artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + with: + name: latest-linux.yml + path: ./dist/latest-linux.yml if-no-files-found: error windows: name: Windows Build runs-on: windows-2019 + needs: setup + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 @@ -160,10 +193,6 @@ jobs: npm --version choco --version - - name: Load package version - run: ./.github/scripts/load-version.ps1 - shell: pwsh - - name: Install Node dependencies run: npm ci @@ -185,69 +214,122 @@ jobs: - name: Rename appx files for store shell: pwsh run: | - Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx" ` - -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx" - Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx" ` - -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx" - Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-arm64.appx" ` - -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-arm64-store.appx" + Copy-Item "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx" ` + -Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx" + Copy-Item "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx" ` + -Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx" + Copy-Item "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx" ` + -Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx" - - name: Building for Chocolatey + - name: Package for Chocolatey shell: pwsh run: | Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse - Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe -Destination ./dist/chocolatey + Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe -Destination ./dist/chocolatey - $checksum = checksum -t sha256 ./dist/chocoloatey/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe + $checksum = checksum -t sha256 ./dist/chocoloatey/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe $chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1" - (Get-Content $chocoInstall).replace('__version__', "$env:PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall - choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:PACKAGE_VERSION" --out ./dist/chocolatey + (Get-Content $chocoInstall).replace('__version__', "$env:_PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall + choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:_PACKAGE_VERSION" --out ./dist/chocolatey - name: Upload portable exe artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe - path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe + name: Bitwarden-Portable-${{ env._PACKAGE_VERSION }}.exe + path: ./dist/Bitwarden-Portable-${{ env._PACKAGE_VERSION }}.exe if-no-files-found: error - name: Upload installer exe artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe - path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe + name: Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe + path: ./dist/nsis-web/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe + if-no-files-found: error + + - name: Upload appx ia32 artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx if-no-files-found: error - name: Upload store appx ia32 artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx + name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx + if-no-files-found: error + + - name: Upload NSIS ia32 artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z + path: ./dist/nsis-web/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z + if-no-files-found: error + + - name: Upload appx x64 artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx if-no-files-found: error - name: Upload store appx x64 artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx + name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx + if-no-files-found: error + + - name: Upload NSIS x64 artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z + path: ./dist/nsis-web/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z + if-no-files-found: error + + - name: Upload appx ARM64 artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx if-no-files-found: error - name: Upload store appx ARM64 artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-arm64-store.appx - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-arm64-store.appx + name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx + if-no-files-found: error + + - name: Upload NSIS ARM64 artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z + path: ./dist/nsis-web/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z if-no-files-found: error - name: Upload nupkg artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg - path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg + name: bitwarden.${{ env._PACKAGE_VERSION }}.nupkg + path: ./dist/chocolatey/bitwarden.${{ env._PACKAGE_VERSION }}.nupkg if-no-files-found: error + - name: Upload latest auto-update artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + with: + name: latest.yml + path: ./dist/nsis-web/latest.yml + if-no-files-found: error + + macos-build: name: MacOS Build runs-on: macos-10.15 + needs: setup + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 @@ -295,14 +377,35 @@ jobs: key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - name: Decrypt secrets - run: ./.github/scripts/macos/decrypt-secrets.ps1 - shell: pwsh + shell: bash env: DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + run: | + mkdir -p $HOME/secrets + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden-desktop-key.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/macdev-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" - name: Set up keychain - run: ./.github/scripts/macos/setup-keychain.ps1 - shell: pwsh + shell: bash env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} @@ -310,18 +413,39 @@ jobs: APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain + security set-keychain-settings -lut 1200 build.keychain + security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles - run: ./.github/scripts/macos/setup-profiles.ps1 - shell: pwsh + shell: bash + run: | + cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + $GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile - name: Increment version - run: ./.github/scripts/macos/increment-version.ps1 - shell: pwsh - - - name: Load package version - run: ./.github/scripts/load-version.ps1 shell: pwsh + env: + BUILD_NUMBER: ${{ needs.setup.outputs.build_number }} + run: | + $package = Get-Content -Raw -Path $env:GITHUB_WORKSPACE\package.json | ConvertFrom-Json; + $package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"; + $package | ConvertTo-Json -Depth 32 | Set-Content $env:GITHUB_WORKSPACE\package.json; - name: Install Node dependencies run: npm ci @@ -346,11 +470,13 @@ jobs: shell: pwsh run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy + macos-package-github: name: MacOS Package GitHub Release Assets runs-on: macos-10.15 - needs: macos-build - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' + needs: [setup, macos-build] + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 @@ -398,14 +524,35 @@ jobs: key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - name: Decrypt secrets - run: ./.github/scripts/macos/decrypt-secrets.ps1 - shell: pwsh + shell: bash env: DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + run: | + mkdir -p $HOME/secrets + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden-desktop-key.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/macdev-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" - name: Set up keychain - run: ./.github/scripts/macos/setup-keychain.ps1 - shell: pwsh + shell: bash env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} @@ -413,18 +560,39 @@ jobs: APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain + security set-keychain-settings -lut 1200 build.keychain + security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles - run: ./.github/scripts/macos/setup-profiles.ps1 - shell: pwsh + shell: bash + run: | + cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + $GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile - name: Increment version - run: ./.github/scripts/macos/increment-version.ps1 - shell: pwsh - - - name: Load package version - run: ./.github/scripts/load-version.ps1 shell: pwsh + env: + BUILD_NUMBER: ${{ needs.setup.outputs.build_number }} + run: | + $package = Get-Content -Raw -Path $env:GITHUB_WORKSPACE\package.json | ConvertFrom-Json; + $package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"; + $package | ConvertTo-Json -Depth 32 | Set-Content $env:GITHUB_WORKSPACE\package.json; - name: NPM install run: npm ci @@ -465,22 +633,38 @@ jobs: - name: Upload .zip artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip + name: Bitwarden-${{ env._PACKAGE_VERSION }}-mac.zip + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-mac.zip if-no-files-found: error - name: Upload .dmg artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}.dmg - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}.dmg + name: Bitwarden-${{ env._PACKAGE_VERSION }}.dmg + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}.dmg if-no-files-found: error + - name: Upload .dmg blockmap artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}.dmg.blockmap + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}.dmg.blockmap + if-no-files-found: error + + - name: Upload latest auto-update artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + with: + name: latest-mac.yml + path: ./dist/latest-mac.yml + if-no-files-found: error + + macos-package-mas: name: MacOS Package Prod Release Asset runs-on: macos-10.15 - needs: macos-build - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' + needs: [setup, macos-build] + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 @@ -528,14 +712,35 @@ jobs: key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - name: Decrypt secrets - run: ./.github/scripts/macos/decrypt-secrets.ps1 - shell: pwsh + shell: bash env: DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + run: | + mkdir -p $HOME/secrets + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden-desktop-key.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/macdev-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" - name: Set up keychain - run: ./.github/scripts/macos/setup-keychain.ps1 - shell: pwsh + shell: bash env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} @@ -543,18 +748,39 @@ jobs: APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain + security set-keychain-settings -lut 1200 build.keychain + security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles - run: ./.github/scripts/macos/setup-profiles.ps1 - shell: pwsh + shell: bash + run: | + cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + $GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile - name: Increment version - run: ./.github/scripts/macos/increment-version.ps1 - shell: pwsh - - - name: Load package version - run: ./.github/scripts/load-version.ps1 shell: pwsh + env: + BUILD_NUMBER: ${{ needs.setup.outputs.build_number }} + run: | + $package = Get-Content -Raw -Path $env:GITHUB_WORKSPACE\package.json | ConvertFrom-Json; + $package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"; + $package | ConvertTo-Json -Depth 32 | Set-Content $env:GITHUB_WORKSPACE\package.json; - name: NPM install run: npm ci @@ -597,15 +823,18 @@ jobs: - name: Upload .pkg artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg - path: ./dist/mas-universal/Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg + name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg + path: ./dist/mas-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg if-no-files-found: error + macos-package-dev: name: MacOS Package Dev Release Asset if: false # We need to look into how code signing works for dev runs-on: macos-10.15 - needs: macos-build + needs: [setup, macos-build] + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 @@ -653,14 +882,35 @@ jobs: key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - name: Decrypt secrets - run: ./.github/scripts/macos/decrypt-secrets.ps1 - shell: pwsh + shell: bash env: DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + run: | + mkdir -p $HOME/secrets + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden-desktop-key.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/macdev-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" - name: Set up keychain - run: ./.github/scripts/macos/setup-keychain.ps1 - shell: pwsh + shell: bash env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} @@ -668,18 +918,39 @@ jobs: APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain + security set-keychain-settings -lut 1200 build.keychain + security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles - run: ./.github/scripts/macos/setup-profiles.ps1 - shell: pwsh + shell: bash + run: | + cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + $GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile - name: Increment version - run: ./.github/scripts/macos/increment-version.ps1 - shell: pwsh - - - name: Load package version - run: ./.github/scripts/load-version.ps1 shell: pwsh + env: + BUILD_NUMBER: ${{ needs.setup.outputs.build_number }} + run: | + $package = Get-Content -Raw -Path $env:GITHUB_WORKSPACE\package.json | ConvertFrom-Json; + $package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"; + $package | ConvertTo-Json -Depth 32 | Set-Content $env:GITHUB_WORKSPACE\package.json; - name: NPM install run: npm ci @@ -726,6 +997,6 @@ jobs: - name: Upload masdev artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-masdev-universal.zip - path: ./dist/mas-universal/Bitwarden-${{ env.PACKAGE_VERSION }}-masdev-universal.zip + name: Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip + path: ./dist/mas-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip if-no-files-found: error diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index 7ff43bd0..00000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,223 +0,0 @@ ---- -name: Deploy - -on: - workflow_dispatch: - inputs: - release_tag_name_input: - description: "Release Tag Name " - required: true - -jobs: - setup: - name: Setup - runs-on: ubuntu-20.04 - outputs: - package_version: ${{ steps.create_tags.outputs.package_version }} - tag_version: ${{ steps.create_tags.outputs.tag_version }} - steps: - - name: Checkout Repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - - - name: Create Deploy version vars - id: create_tags - run: | - case "${RELEASE_TAG_NAME_INPUT:0:1}" in - v) - echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV - echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}" - echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT" - ;; - [0-9]) - echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT" - echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT" - ;; - *) - exit 1 - ;; - esac - env: - RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }} - - - snap: - name: Deploy Snap - runs-on: ubuntu-20.04 - needs: setup - env: - _PKG_VERSION: ${{ needs.setup.outputs.package_version }} - _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} - steps: - - name: Checkout Repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - - - name: Install Snap - uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d # v1.2.0 - with: - snapcraft_token: ${{ secrets.SNAP_TOKEN }} - - - name: Setup - run: mkdir dist - - - name: Get Snap package - uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 # v1.1.6 - with: - mode: download - tag_name: ${{ env._TAG_VERSION }} - assets: bitwarden_${{ env._PKG_VERSION }}_amd64.snap|./dist/bitwarden_${{ env._PKG_VERSION }}_amd64.snap - github_token: ${{ secrets.GITHUB_TOKEN }} - - - name: Test - run: ls -alht dist - - - name: Deploy to Snap Store - run: | - snapcraft upload dist/bitwarden_${{ env._PKG_VERSION }}_amd64.snap --release stable - snapcraft logout - - - choco: - name: Deploy Choco - runs-on: windows-2019 - needs: setup - env: - _PKG_VERSION: ${{ needs.setup.outputs.package_version }} - _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} - steps: - - name: Checkout Repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - - - name: Get choco release asset - uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 # v1.1.6 - with: - mode: download - tag_name: ${{ env._TAG_VERSION }} - assets: bitwarden.${{ env._PKG_VERSION }}.nupkg - github_token: ${{ secrets.GITHUB_TOKEN }} - - - name: Setup Chocolatey - run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ - env: - CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }} - - - name: Make dist dir - shell: pwsh - run: New-Item -ItemType directory -Path ./dist - - - name: Get nupkg - uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 # v1.1.6 - with: - mode: download - tag_name: ${{ env._TAG_VERSION }} - assets: bitwarden.${{ env._PKG_VERSION }}.nupkg|./dist/bitwarden.${{ env._PKG_VERSION }}.nupkg - github_token: ${{ secrets.GITHUB_TOKEN }} - - - name: Push to Chocolatey - shell: pwsh - run: | - cd dist - choco push - - - macos: - name: Deploy MacOS - runs-on: macos-10.15 - needs: setup - env: - _PKG_VERSION: ${{ needs.setup.outputs.package_version }} - _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} - steps: - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - - - name: Make target directory - run: mkdir -p dist/mas-universal - - - name: Get Mac release asset - uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 # v1.1.6 - with: - mode: download - tag_name: ${{ env._TAG_VERSION }} - assets: Bitwarden-${{ env._PKG_VERSION }}-universal.pkg|./dist/mas-universal/Bitwarden-${{ env._PKG_VERSION }}-universal.pkg - github_token: ${{ secrets.GITHUB_TOKEN }} - - - name: Deploy to App Store - run: npm run upload:mas - env: - APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - - - auto-updater-deploy: - name: Release auto-updater files - runs-on: ubuntu-20.04 - needs: - - setup - - snap - - choco - - macos - env: - _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} - steps: - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - - - name: Rename publish asset - run: | - curl \ - -H "Authorization:token ${{ secrets.GITHUB_TOKEN }}" \ - -H "Accept:application/vnd.github.v3+json" \ - https://api.github.com/repos/$GITHUB_REPOSITORY/releases \ - | jq -r " .[] | select( .tag_name == \"$_TAG_VERSION\")" > release.json - - echo "=====RELEASE=====" - echo Release: - #cat release.json - - RELEASE_UPLOAD_URL=$(cat release.json | jq -r ' .upload_url ' | cut -d { -f 1) - cat release.json \ - | jq -rc ' .assets[] | select( .name | test("prerelease-latest.*[yml|json]")) | {name: .name, url: .url, content_type: .content_type}' > release_assets.jsonl - - echo "=====ASSETS=====" - echo Release Upload URL: $RELEASE_UPLOAD_URL - echo Release Assets: - cat release_assets.jsonl - - while read -r asset; do - FILE_NAME=$(echo $asset | jq -r '.name') - FILE_URL=$(echo $asset | jq -r '.url') - FILE_ID=$(echo $asset | jq -r '.id') - echo "Asset name: $FILE_NAME" - echo "Asset url: $FILE_URL" - - echo "Grabbing asset..." - curl \ - -L -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ - -H "Accept: application/octet-stream" \ - $FILE_URL --output $FILE_NAME - - NEW_FILE_SIZE=$(wc -c < $FILE_NAME | xargs) - NEW_FILE_NAME=$(echo $FILE_NAME | awk '{split($0,a,"prerelease-"); print a[2]}') - echo "New file size: $NEW_FILE_SIZE" - echo "New file name: $NEW_FILE_NAME" - echo "================" - - echo "Deleting remote asset..." - curl \ - -X DELETE \ - -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ - -H "accept: application/vnd.github.v3+json" \ - $FILE_URL - - echo "Pushing updated asset..." - curl \ - -X POST \ - -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ - -H "content-type: text/yaml" \ - -H "content-length: $NEW_FILE_SIZE" \ - --data-binary @$FILE_NAME \ - "$RELEASE_UPLOAD_URL?name=$NEW_FILE_NAME" --http1.1 - done < release_assets.jsonl diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a8e5f784..89017312 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,20 +3,13 @@ name: Release on: workflow_dispatch: - inputs: - release_tag_name_input: - description: 'Release Tag Name ' - required: true - browser_extension_ref: - description: 'Browser Extension ref (defaults to `master`):' - default: rc jobs: setup: name: Setup runs-on: ubuntu-20.04 outputs: - release_upload_url: ${{ steps.create_release.outputs.upload_url }} + package_version: ${{ steps.retrieve-version.outputs.package_version }} steps: - name: Branch check run: | @@ -29,455 +22,174 @@ jobs: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + with: + ref: rc - - name: Create Release Vars - id: create_tags + - name: Get Package Version + id: retrieve-version run: | - case "${RELEASE_TAG_NAME_INPUT:0:1}" in - v) - echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV - echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - ;; - [0-9]) - echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - ;; - *) - exit 1 - ;; - esac - env: - RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }} + PKG_VERSION=$(jq -r .version src/package.json) + echo "::set-output name=package_version::$PKG_VERSION" - - name: Create Draft Release - id: create_release - uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1 + - name: Check to make sure Desktop release version has been bumped env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: ${{ env.RELEASE_TAG_NAME }} - release_name: Version ${{ env.RELEASE_NAME }} - draft: true - prerelease: false + run: | + latest_ver=$(hub release -L 1 -f '%T') + latest_ver=${latest_ver:1} + echo "Latest version: $latest_ver" + ver=${{ steps.retrieve-version.outputs.package_version }} + echo "Version: $ver" + if [ "$latest_ver" = "$ver" ]; then + echo "Version has not been bumped!" + exit 1 + fi - linux: - name: Linux + - name: Download all artifacts + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 + with: + workflow: build.yml + workflow_conclusion: success + branch: rc + + - name: Create release + uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09 # v2.8.5 + env: + PKG_VERSION: ${{ steps.retrieve-version.outputs.package_version }} + with: + artifacts: "Bitwarden-${{ env.PKG_VERSION }}-amd64.deb, + Bitwarden-${{ env.PKG_VERSION }}-x86_64.rpm, + Bitwarden-${{ env.PKG_VERSION }}-x64.freebsd, + bitwarden_${{ env.PKG_VERSION }}_amd64.snap, + Bitwarden-${{ env.PKG_VERSION }}-x86_64.AppImage, + latest-linux.yml, + Bitwarden-Portable-${{ env.PKG_VERSION }}.exe, + Bitwarden-Installer-${{ env.PKG_VERSION }}.exe, + Bitwarden-${{ env.PKG_VERSION }}-ia32-store.appx, + Bitwarden-${{ env.PKG_VERSION }}-ia32.appx, + bitwarden-${{ env.PKG_VERSION }}-ia32.nsis.7z, + Bitwarden-${{ env.PKG_VERSION }}-x64-store.appx, + Bitwarden-${{ env.PKG_VERSION }}-x64.appx, + bitwarden-${{ env.PKG_VERSION }}-x64.nsis.7z, + Bitwarden-${{ env.PKG_VERSION }}-arm64-store.appx, + Bitwarden-${{ env.PKG_VERSION }}-arm64.appx, + bitwarden-${{ env.PKG_VERSION }}-arm64.nsis.7z, + bitwarden.${{ env.PKG_VERSION }}.nupkg, + latest.yml, + Bitwarden-${{ env.PKG_VERSION }}-mac.zip, + Bitwarden-${{ env.PKG_VERSION }}.dmg, + Bitwarden-${{ env.PKG_VERSION }}.dmg.blockmap, + latest-mac.yml, + Bitwarden-${{ env.PKG_VERSION }}-universal.pkg" + commit: ${{ github.sha }} + tag: v${{ env.PKG_VERSION }} + name: Version ${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + + + snap: + name: Deploy Snap runs-on: ubuntu-20.04 needs: setup + env: + _PKG_VERSION: ${{ needs.setup.outputs.package_version }} steps: - - name: Checkout repo + - name: Checkout Repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - - - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: - node-version: '14' + ref: rc - - name: Cache Node Modules - id: node-modules-cache - uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + - name: Install Snap + uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d # v1.2.0 with: - path: '**/node_modules' - key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} + snapcraft_token: ${{ secrets.SNAP_TOKEN }} - - name: Set Node options - run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + - name: Setup + run: mkdir dist - - name: Update NPM + - name: Download Snap artifact + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 + with: + workflow: build.yml + workflow_conclusion: success + branch: rc + artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap + path: ./dist + + - name: Test + run: ls -alht dist + + - name: Deploy to Snap Store run: | - npm install -g npm@7 - npm install -g node-gyp - node-gyp install $(node -v) + snapcraft upload dist/bitwarden_${{ env._PKG_VERSION }}_amd64.snap --release stable + snapcraft logout - - name: Set up environment - run: | - sudo apt-get update - sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm - - name: Print environment - run: | - node --version - npm --version - - - name: Load package version - run: ./.github/scripts/load-version.ps1 - shell: pwsh - - - name: Install Node dependencies - if: steps.node-modules-cache.outputs.cache-hit != 'true' - run: npm install - - - name: Run linter - run: npm run lint - - - name: Build & Publish - run: npm run publish:lin - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - windows-signed: - name: Windows Signed + choco: + name: Deploy Choco runs-on: windows-2019 needs: setup + env: + _PKG_VERSION: ${{ needs.setup.outputs.package_version }} steps: - - name: Checkout repo + - name: Checkout Repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - - - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: - node-version: '14' + ref: rc - - name: Cache Node Modules - id: node-modules-cache - uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 - with: - path: '**/node_modules' - key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} - - - name: Set Node options - run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - shell: pwsh - - - name: Update NPM - run: | - npm install -g npm@7 - npm install -g node-gyp - node-gyp install $(node -v) - - - name: Install AST - uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac - - - name: Set up environment - shell: pwsh - run: | - choco install checksum --no-progress - choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ + - name: Setup Chocolatey + run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ env: CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }} - - name: Print environment - run: | - node --version - npm --version - choco --version - - - name: Load package version - run: ./.github/scripts/load-version.ps1 + - name: Make dist dir shell: pwsh + run: New-Item -ItemType directory -Path ./dist - - name: Install Node dependencies - if: steps.node-modules-cache.outputs.cache-hit != 'true' - run: npm install + - name: Download choco artifact + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 + with: + workflow: build.yml + workflow_conclusion: success + branch: rc + artifacts: bitwarden.${{ env._PKG_VERSION }}.nupkg + path: ./dist - - name: Run linter - run: npm run lint - - - name: Build, Sign & Release - run: npm run publish:win - env: - ELECTRON_BUILDER_SIGN: 1 - SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }} - SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }} - SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }} - SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }} - SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Package Chocolatey + - name: Push to Chocolatey shell: pwsh run: | - Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse - Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe -Destination ./dist/chocolatey + cd dist + choco push - $checksum = checksum -t sha256 ./dist/chocolatey/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe - $chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1" - (Get-Content $chocoInstall).replace('__version__', "$env:PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall - ls dist/chocolatey - choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:PACKAGE_VERSION" --out ./dist/chocolatey - cd ./dist/chocolatey - - - name: Upload Chocolatey nupkg release asset - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.setup.outputs.release_upload_url }} - asset_name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg - asset_path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg - asset_content_type: application - - windows-store: - name: Windows Store - runs-on: windows-2019 - needs: setup - steps: - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - - - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 - with: - node-version: '14' - - - name: Cache Node Modules - id: node-modules-cache - uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 - with: - path: '**/node_modules' - key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} - - - name: Set Node options - run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - shell: pwsh - - - name: Update NPM - run: | - npm install -g npm@7 - npm install -g node-gyp - node-gyp install $(node -v) - - - name: Set up environment - shell: pwsh - run: | - choco install checksum --no-progress - - - name: Print environment - run: | - node --version - npm --version - choco --version - - - name: Load package version - run: ./.github/scripts/load-version.ps1 - shell: pwsh - - - name: Install Node dependencies - if: steps.node-modules-cache.outputs.cache-hit != 'true' - run: npm install - - - name: Run linter - run: npm run lint - - - name: Build, Sign & Release - run: npm run dist:win:ci - - - name: Upload unsigned ia32 Windows Store release asset - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.setup.outputs.release_upload_url }} - asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx - asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx - asset_content_type: application - - - name: Upload unsigned x64 Windows Store release asset - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.setup.outputs.release_upload_url }} - asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx - asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx - asset_content_type: application - - - name: Upload unsigned ARM64 Windows Store release asset - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.setup.outputs.release_upload_url }} - asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-arm64-store.appx - asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-arm64.appx - asset_content_type: application macos: - name: MacOS + name: Deploy MacOS runs-on: macos-10.15 needs: setup - steps: - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - - - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 - with: - node-version: '14' - - - name: Cache Node Modules - id: node-modules-cache - uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 - with: - path: '**/node_modules' - key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }} - - - name: Set Node options - run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV - - - name: Update NPM - run: | - npm install -g npm@7 - npm install -g node-gyp - node-gyp install $(node -v) - - - name: Print environment - run: | - node --version - npm --version - echo "GitHub ref: $GITHUB_REF" - echo "GitHub event: $GITHUB_EVENT" - - - name: Decrypt secrets - run: ./.github/scripts/macos/decrypt-secrets.ps1 - shell: pwsh - env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} - - - name: Set up keychain - run: ./.github/scripts/macos/setup-keychain.ps1 - shell: pwsh - env: - KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} - DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} - APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} - MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - - - name: Set up provisioning profiles - run: ./.github/scripts/macos/setup-profiles.ps1 - shell: pwsh - - - name: Increment version - run: ./.github/scripts/macos/increment-version.ps1 - shell: pwsh - - - name: Load package version - run: ./.github/scripts/load-version.ps1 - shell: pwsh - - - name: Install Node dependencies - if: steps.node-modules-cache.outputs.cache-hit != 'true' - run: npm install - - - name: Run linter - run: npm run lint - - - name: Create Safari directory - shell: pwsh - run: New-Item ./dist-safari -ItemType Directory -ea 0 - - - name: Checkout browser extension - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - with: - repository: 'bitwarden/browser' - ref: ${{ github.event.inputs.browser_extension_ref }} - path: 'dist-safari/browser' - - - name: Build Safari extension - shell: pwsh - run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy - - - name: Load Safari extension for .dmg - shell: pwsh - run: ./scripts/safari-build.ps1 -copyonly - - - name: Build application (dist) - run: npm run publish:mac - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - - - name: Load Safari extension for App Store - shell: pwsh - run: ./scripts/safari-build.ps1 -mas -copyonly - - - name: Build application for App Store - run: npm run dist:mac:mas - env: - APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - SDKROOT: /Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/ - SDK_DIR: /Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/ - - - name: Upload Apple Store release asset - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.setup.outputs.release_upload_url }} - asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg - asset_path: ./dist/mas-universal/Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg - asset_content_type: application - - - update-release-assets: - name: Update Release Assets - runs-on: ubuntu-20.04 - needs: - - setup - - linux - - windows-signed - - macos env: - _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} + _PKG_VERSION: ${{ needs.setup.outputs.package_version }} steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + with: + ref: rc - - name: Rename publish asset - run: | - curl \ - -H "Authorization:token ${{ secrets.GITHUB_TOKEN }}" \ - -H "Accept:application/vnd.github.v3+json" \ - https://api.github.com/repos/$GITHUB_REPOSITORY/releases \ - | jq -r " .[] | select( .tag_name == \"$_TAG_VERSION\")" > release.json + - name: Make target directory + run: mkdir -p dist/mas-universal - echo "=====RELEASE=====" - echo Release: - #cat release.json + - name: Download Mac artifact + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 + with: + workflow: build.yml + workflow_conclusion: success + branch: rc + artifacts: Bitwarden-${{ env._PKG_VERSION }}-universal.pkg + path: ./dist/mas-universal - RELEASE_UPLOAD_URL=$(cat release.json | jq -r ' .upload_url ' | cut -d { -f 1) - cat release.json | jq -rc ' .assets[] | select( .name | test("latest.*[yml|json]")) | {name: .name, url: .url, content_type: .content_type}' > release_assets.jsonl - - echo "=====ASSETS=====" - echo Release Upload URL: $RELEASE_UPLOAD_URL - echo Release Assets: - cat release_assets.jsonl - - while read -r asset; do - FILE_NAME=$(echo $asset | jq -r '.name') - FILE_URL=$(echo $asset | jq -r '.url') - FILE_ID=$(echo $asset | jq -r '.id') - echo "Asset name: $FILE_NAME" - echo "Asset url: $FILE_URL" - - echo "Grabbing asset..." - curl \ - -L -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ - -H "Accept: application/octet-stream" \ - $FILE_URL --output $FILE_NAME - - NEW_FILE_SIZE=$(wc -c < $FILE_NAME | xargs) - echo "New file size: $NEW_FILE_SIZE" - echo "New file name: $FILE_NAME" - echo "================" - - echo "Deleting remote asset..." - curl \ - -X DELETE \ - -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ - -H "accept: application/vnd.github.v3+json" \ - $FILE_URL - - echo "Pushing updated asset..." - curl \ - -X POST \ - -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ - -H "content-type: text/yaml" \ - -H "content-length: $NEW_FILE_SIZE" \ - --data-binary @$FILE_NAME \ - "$RELEASE_UPLOAD_URL?name=prerelease-$FILE_NAME" --http1.1 - done < release_assets.jsonl + - name: Deploy to App Store + run: npm run upload:mas + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}