Upstream/bitwarden-desktop
1
0
Fork 0
mirror of https://github.com/bitwarden/desktop.git synced 2024-12-27 17:08:07 +01:00
Code Issues Projects Releases Wiki Activity

Upgrade workflows to new model (#1104)

Browse Source 
* Update workflows to new Build/Test/Release model
This commit is contained in:
Vince Grassia 2021-10-12 11:51:26 -04:00 committed by GitHub
parent 42fd0dd2a6
commit b66d32b57e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 497 additions and 817 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
.github/scripts/decrypt-secret.ps1 vendored
View File

@ -1,29 +0,0 @@
param (
[Parameter(Mandatory=$true)]
[string] $filename,
[string] $output
)
$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path
$rootPath = $env:GITHUB_WORKSPACE
$secretInputPath = $rootPath + "/.github/secrets"
$input = $secretInputPath + "/" + $filename
$passphrase = $env:DECRYPT_FILE_PASSWORD
$secretOutputPath = $homePath + "/secrets"
if ([string]::IsNullOrEmpty($output)) {
if ($filename.EndsWith(".gpg")) {
$output = $secretOutputPath + "/" + $filename.TrimEnd(".gpg")
} else {
$output = $secretOutputPath + "/" + $filename + ".plaintext"
}
}
if (!(Test-Path -Path $secretOutputPath))
{
New-Item -ItemType Directory -Path $secretOutputPath
}
gpg --quiet --batch --yes --decrypt --passphrase="$passphrase" --output $output $input

5
.github/scripts/load-version.ps1 vendored
View File

@ -1,5 +0,0 @@
$rootPath = $env:GITHUB_WORKSPACE;
$packageVersion = (Get-Content -Raw -Path $rootPath\src\package.json | ConvertFrom-Json).version;
Write-Output "Setting package version to $packageVersion";
Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append;

11
.github/scripts/macos/decrypt-secrets.ps1 vendored
View File

@ -1,11 +0,0 @@
$rootPath = $env:GITHUB_WORKSPACE;
$decryptSecretPath = $($rootPath + "/.github/scripts/decrypt-secret.ps1");
Invoke-Expression "& `"$decryptSecretPath`" -filename bitwarden-desktop-key.p12.gpg"
Invoke-Expression "& `"$decryptSecretPath`" -filename appstore-app-cert.p12.gpg"
Invoke-Expression "& `"$decryptSecretPath`" -filename appstore-installer-cert.p12.gpg"
Invoke-Expression "& `"$decryptSecretPath`" -filename devid-app-cert.p12.gpg"
Invoke-Expression "& `"$decryptSecretPath`" -filename devid-installer-cert.p12.gpg"
Invoke-Expression "& `"$decryptSecretPath`" -filename macdev-cert.p12.gpg"
Invoke-Expression "& `"$decryptSecretPath`" -filename bitwarden_desktop_appstore.provisionprofile.gpg"

8
.github/scripts/macos/increment-version.ps1 vendored
View File

@ -1,8 +0,0 @@
$rootPath = $env:GITHUB_WORKSPACE;
$packagePath = "$rootPath\package.json";
$buildNumber = 500 + [int]$env:GITHUB_RUN_NUMBER;
Write-Output "Setting build number to $buildNumber";
Write-Output "BUILD_NUMBER=$buildNumber" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append;
$package = Get-Content -Raw -Path $packagePath | ConvertFrom-Json;
$package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$buildNumber";
$package | ConvertTo-Json -Depth 32 | Set-Content $packagePath;

21
.github/scripts/macos/setup-keychain.ps1 vendored
View File

@ -1,21 +0,0 @@
$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path;
$secretsPath = $homePath + "/secrets"
$desktopKeyPath = $($secretsPath + "/bitwarden-desktop-key.p12");
$devidAppCertPath = $($secretsPath + "/devid-app-cert.p12");
$devidInstallerCertPath = $($secretsPath + "/devid-installer-cert.p12");
$appstoreAppCertPath = $($secretsPath + "/appstore-app-cert.p12");
$appstoreInstallerCertPath = $($secretsPath + "/appstore-installer-cert.p12");
$macdevCertPath = $($secretsPath + "/macdev-cert.p12");
security create-keychain -p $env:KEYCHAIN_PASSWORD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $env:KEYCHAIN_PASSWORD build.keychain
security set-keychain-settings -lut 1200 build.keychain
security import $desktopKeyPath -k build.keychain -P $env:DESKTOP_KEY_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import $devidAppCertPath -k build.keychain -P $env:DEVID_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import $devidInstallerCertPath -k build.keychain -P $env:DEVID_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import $appstoreAppCertPath -k build.keychain -P $env:APPSTORE_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import $appstoreInstallerCertPath -k build.keychain -P $env:APPSTORE_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import $macdevCertPath -k build.keychain -P $env:MACDEV_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $env:KEYCHAIN_PASSWORD build.keychain

6
.github/scripts/macos/setup-profiles.ps1 vendored
View File

@ -1,6 +0,0 @@
$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path;
$secretsPath = $homePath + "/secrets"
$rootPath = $env:GITHUB_WORKSPACE
$pprofile = "bitwarden_desktop_appstore.provisionprofile"
Copy-Item "$secretsPath/$pprofile" -destination "$rootPath/$pprofile"

467
.github/workflows/build.yml vendored
View File

@ -24,9 +24,36 @@ jobs:
run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
setup:
name: Setup
runs-on: ubuntu-20.04
outputs:
package_version: ${{ steps.retrieve-version.outputs.package_version }}
build_number: ${{ steps.increment-version.outputs.build_number }}
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Get Package Version
id: retrieve-version
run: |
PKG_VERSION=$(jq -r .version src/package.json)
echo "::set-output name=package_version::$PKG_VERSION"
- name: Increment version
id: increment-version
run: |
BUILD_NUMBER=$(expr 500 + $GITHUB_RUN_NUMBER)
echo "Setting build number to $BUILD_NUMBER"
echo "::set-output name=build_number::$BUILD_NUMBER"
linux: linux:
name: Linux Build name: Linux Build
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
needs: setup
env:
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
@ -68,10 +95,6 @@ jobs:
snap --version snap --version
snapcraft --version || echo 'snapcraft unavailable' snapcraft --version || echo 'snapcraft unavailable'
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies - name: Install Node dependencies
run: npm ci run: npm ci
@ -84,42 +107,52 @@ jobs:
- name: Upload .deb artifact - name: Upload .deb artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-amd64.deb name: Bitwarden-${{ env._PACKAGE_VERSION }}-amd64.deb
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-amd64.deb path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-amd64.deb
if-no-files-found: error if-no-files-found: error
- name: Upload .rpm artifact - name: Upload .rpm artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.rpm name: Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.rpm
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.rpm path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.rpm
if-no-files-found: error if-no-files-found: error
- name: Upload .freebsd artifact - name: Upload .freebsd artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64.freebsd name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.freebsd
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.freebsd path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.freebsd
if-no-files-found: error if-no-files-found: error
- name: Upload .snap artifact - name: Upload .snap artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: bitwarden_${{ env.PACKAGE_VERSION }}_amd64.snap name: bitwarden_${{ env._PACKAGE_VERSION }}_amd64.snap
path: ./dist/bitwarden_${{ env.PACKAGE_VERSION }}_amd64.snap path: ./dist/bitwarden_${{ env._PACKAGE_VERSION }}_amd64.snap
if-no-files-found: error if-no-files-found: error
- name: Upload .AppImage artifact - name: Upload .AppImage artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage name: Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
if-no-files-found: error
- name: Upload latest auto-update artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with:
name: latest-linux.yml
path: ./dist/latest-linux.yml
if-no-files-found: error if-no-files-found: error
windows: windows:
name: Windows Build name: Windows Build
runs-on: windows-2019 runs-on: windows-2019
needs: setup
env:
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
@ -160,10 +193,6 @@ jobs:
npm --version npm --version
choco --version choco --version
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies - name: Install Node dependencies
run: npm ci run: npm ci
@ -185,69 +214,122 @@ jobs:
- name: Rename appx files for store - name: Rename appx files for store
shell: pwsh shell: pwsh
run: | run: |
Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx" ` Copy-Item "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx" `
-Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx" -Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx"
Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx" ` Copy-Item "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx" `
-Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx" -Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx"
Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-arm64.appx" ` Copy-Item "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx" `
-Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-arm64-store.appx" -Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx"
- name: Building for Chocolatey - name: Package for Chocolatey
shell: pwsh shell: pwsh
run: | run: |
Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse
Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe -Destination ./dist/chocolatey Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe -Destination ./dist/chocolatey
$checksum = checksum -t sha256 ./dist/chocoloatey/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe $checksum = checksum -t sha256 ./dist/chocoloatey/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe
$chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1" $chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1"
(Get-Content $chocoInstall).replace('__version__', "$env:PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall (Get-Content $chocoInstall).replace('__version__', "$env:_PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall
choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:PACKAGE_VERSION" --out ./dist/chocolatey choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:_PACKAGE_VERSION" --out ./dist/chocolatey
- name: Upload portable exe artifact - name: Upload portable exe artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe name: Bitwarden-Portable-${{ env._PACKAGE_VERSION }}.exe
path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe path: ./dist/Bitwarden-Portable-${{ env._PACKAGE_VERSION }}.exe
if-no-files-found: error if-no-files-found: error
- name: Upload installer exe artifact - name: Upload installer exe artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe name: Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe
path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe path: ./dist/nsis-web/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe
if-no-files-found: error
- name: Upload appx ia32 artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with:
name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx
path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx
if-no-files-found: error if-no-files-found: error
- name: Upload store appx ia32 artifact - name: Upload store appx ia32 artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx
if-no-files-found: error
- name: Upload NSIS ia32 artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with:
name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
path: ./dist/nsis-web/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
if-no-files-found: error
- name: Upload appx x64 artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with:
name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx
path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx
if-no-files-found: error if-no-files-found: error
- name: Upload store appx x64 artifact - name: Upload store appx x64 artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx
if-no-files-found: error
- name: Upload NSIS x64 artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with:
name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z
path: ./dist/nsis-web/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z
if-no-files-found: error
- name: Upload appx ARM64 artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with:
name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx
path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx
if-no-files-found: error if-no-files-found: error
- name: Upload store appx ARM64 artifact - name: Upload store appx ARM64 artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-arm64-store.appx name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-arm64-store.appx path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx
if-no-files-found: error
- name: Upload NSIS ARM64 artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with:
name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
path: ./dist/nsis-web/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
if-no-files-found: error if-no-files-found: error
- name: Upload nupkg artifact - name: Upload nupkg artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg name: bitwarden.${{ env._PACKAGE_VERSION }}.nupkg
path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg path: ./dist/chocolatey/bitwarden.${{ env._PACKAGE_VERSION }}.nupkg
if-no-files-found: error if-no-files-found: error
- name: Upload latest auto-update artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with:
name: latest.yml
path: ./dist/nsis-web/latest.yml
if-no-files-found: error
macos-build: macos-build:
name: MacOS Build name: MacOS Build
runs-on: macos-10.15 runs-on: macos-10.15
needs: setup
env:
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
@ -295,14 +377,35 @@ jobs:
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
- name: Decrypt secrets - name: Decrypt secrets
run: ./.github/scripts/macos/decrypt-secrets.ps1 shell: bash
shell: pwsh
env: env:
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
run: |
mkdir -p $HOME/secrets
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/appstore-app-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/appstore-installer-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/devid-app-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/devid-installer-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/macdev-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
- name: Set up keychain - name: Set up keychain
run: ./.github/scripts/macos/setup-keychain.ps1 shell: bash
shell: pwsh
env: env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
@ -310,18 +413,39 @@ jobs:
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
run: |
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
security set-keychain-settings -lut 1200 build.keychain
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
- name: Set up provisioning profiles - name: Set up provisioning profiles
run: ./.github/scripts/macos/setup-profiles.ps1 shell: bash
shell: pwsh run: |
cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
$GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile
- name: Increment version - name: Increment version
run: ./.github/scripts/macos/increment-version.ps1
shell: pwsh
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh shell: pwsh
env:
BUILD_NUMBER: ${{ needs.setup.outputs.build_number }}
run: |
$package = Get-Content -Raw -Path $env:GITHUB_WORKSPACE\package.json | ConvertFrom-Json;
$package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER";
$package | ConvertTo-Json -Depth 32 | Set-Content $env:GITHUB_WORKSPACE\package.json;
- name: Install Node dependencies - name: Install Node dependencies
run: npm ci run: npm ci
@ -346,11 +470,13 @@ jobs:
shell: pwsh shell: pwsh
run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy
macos-package-github: macos-package-github:
name: MacOS Package GitHub Release Assets name: MacOS Package GitHub Release Assets
runs-on: macos-10.15 runs-on: macos-10.15
needs: macos-build needs: [setup, macos-build]
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' env:
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
@ -398,14 +524,35 @@ jobs:
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
- name: Decrypt secrets - name: Decrypt secrets
run: ./.github/scripts/macos/decrypt-secrets.ps1 shell: bash
shell: pwsh
env: env:
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
run: |
mkdir -p $HOME/secrets
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/appstore-app-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/appstore-installer-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/devid-app-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/devid-installer-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/macdev-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
- name: Set up keychain - name: Set up keychain
run: ./.github/scripts/macos/setup-keychain.ps1 shell: bash
shell: pwsh
env: env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
@ -413,18 +560,39 @@ jobs:
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
run: |
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
security set-keychain-settings -lut 1200 build.keychain
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
- name: Set up provisioning profiles - name: Set up provisioning profiles
run: ./.github/scripts/macos/setup-profiles.ps1 shell: bash
shell: pwsh run: |
cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
$GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile
- name: Increment version - name: Increment version
run: ./.github/scripts/macos/increment-version.ps1
shell: pwsh
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh shell: pwsh
env:
BUILD_NUMBER: ${{ needs.setup.outputs.build_number }}
run: |
$package = Get-Content -Raw -Path $env:GITHUB_WORKSPACE\package.json | ConvertFrom-Json;
$package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER";
$package | ConvertTo-Json -Depth 32 | Set-Content $env:GITHUB_WORKSPACE\package.json;
- name: NPM install - name: NPM install
run: npm ci run: npm ci
@ -465,22 +633,38 @@ jobs:
- name: Upload .zip artifact - name: Upload .zip artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip name: Bitwarden-${{ env._PACKAGE_VERSION }}-mac.zip
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-mac.zip
if-no-files-found: error if-no-files-found: error
- name: Upload .dmg artifact - name: Upload .dmg artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}.dmg name: Bitwarden-${{ env._PACKAGE_VERSION }}.dmg
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}.dmg path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}.dmg
if-no-files-found: error if-no-files-found: error
- name: Upload .dmg blockmap artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with:
name: Bitwarden-${{ env._PACKAGE_VERSION }}.dmg.blockmap
path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}.dmg.blockmap
if-no-files-found: error
- name: Upload latest auto-update artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with:
name: latest-mac.yml
path: ./dist/latest-mac.yml
if-no-files-found: error
macos-package-mas: macos-package-mas:
name: MacOS Package Prod Release Asset name: MacOS Package Prod Release Asset
runs-on: macos-10.15 runs-on: macos-10.15
needs: macos-build needs: [setup, macos-build]
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' env:
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
@ -528,14 +712,35 @@ jobs:
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
- name: Decrypt secrets - name: Decrypt secrets
run: ./.github/scripts/macos/decrypt-secrets.ps1 shell: bash
shell: pwsh
env: env:
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
run: |
mkdir -p $HOME/secrets
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/appstore-app-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/appstore-installer-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/devid-app-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/devid-installer-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/macdev-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
- name: Set up keychain - name: Set up keychain
run: ./.github/scripts/macos/setup-keychain.ps1 shell: bash
shell: pwsh
env: env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
@ -543,18 +748,39 @@ jobs:
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
run: |
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
security set-keychain-settings -lut 1200 build.keychain
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
- name: Set up provisioning profiles - name: Set up provisioning profiles
run: ./.github/scripts/macos/setup-profiles.ps1 shell: bash
shell: pwsh run: |
cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
$GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile
- name: Increment version - name: Increment version
run: ./.github/scripts/macos/increment-version.ps1
shell: pwsh
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh shell: pwsh
env:
BUILD_NUMBER: ${{ needs.setup.outputs.build_number }}
run: |
$package = Get-Content -Raw -Path $env:GITHUB_WORKSPACE\package.json | ConvertFrom-Json;
$package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER";
$package | ConvertTo-Json -Depth 32 | Set-Content $env:GITHUB_WORKSPACE\package.json;
- name: NPM install - name: NPM install
run: npm ci run: npm ci
@ -597,15 +823,18 @@ jobs:
- name: Upload .pkg artifact - name: Upload .pkg artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg
path: ./dist/mas-universal/Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg path: ./dist/mas-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg
if-no-files-found: error if-no-files-found: error
macos-package-dev: macos-package-dev:
name: MacOS Package Dev Release Asset name: MacOS Package Dev Release Asset
if: false # We need to look into how code signing works for dev if: false # We need to look into how code signing works for dev
runs-on: macos-10.15 runs-on: macos-10.15
needs: macos-build needs: [setup, macos-build]
env:
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
@ -653,14 +882,35 @@ jobs:
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
- name: Decrypt secrets - name: Decrypt secrets
run: ./.github/scripts/macos/decrypt-secrets.ps1 shell: bash
shell: pwsh
env: env:
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
run: |
mkdir -p $HOME/secrets
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/appstore-app-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/appstore-installer-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/devid-app-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/devid-installer-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/macdev-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
- name: Set up keychain - name: Set up keychain
run: ./.github/scripts/macos/setup-keychain.ps1 shell: bash
shell: pwsh
env: env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
@ -668,18 +918,39 @@ jobs:
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
run: |
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
security set-keychain-settings -lut 1200 build.keychain
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
- name: Set up provisioning profiles - name: Set up provisioning profiles
run: ./.github/scripts/macos/setup-profiles.ps1 shell: bash
shell: pwsh run: |
cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
$GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile
- name: Increment version - name: Increment version
run: ./.github/scripts/macos/increment-version.ps1
shell: pwsh
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh shell: pwsh
env:
BUILD_NUMBER: ${{ needs.setup.outputs.build_number }}
run: |
$package = Get-Content -Raw -Path $env:GITHUB_WORKSPACE\package.json | ConvertFrom-Json;
$package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER";
$package | ConvertTo-Json -Depth 32 | Set-Content $env:GITHUB_WORKSPACE\package.json;
- name: NPM install - name: NPM install
run: npm ci run: npm ci
@ -726,6 +997,6 @@ jobs:
- name: Upload masdev artifact - name: Upload masdev artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-masdev-universal.zip name: Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip
path: ./dist/mas-universal/Bitwarden-${{ env.PACKAGE_VERSION }}-masdev-universal.zip path: ./dist/mas-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip
if-no-files-found: error if-no-files-found: error

223
.github/workflows/deploy.yml vendored
View File

@ -1,223 +0,0 @@
---
name: Deploy
on:
workflow_dispatch:
inputs:
release_tag_name_input:
description: "Release Tag Name <X.X.X>"
required: true
jobs:
setup:
name: Setup
runs-on: ubuntu-20.04
outputs:
package_version: ${{ steps.create_tags.outputs.package_version }}
tag_version: ${{ steps.create_tags.outputs.tag_version }}
steps:
- name: Checkout Repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Create Deploy version vars
id: create_tags
run: |
case "${RELEASE_TAG_NAME_INPUT:0:1}" in
v)
echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}"
echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT"
;;
[0-9])
echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT"
echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT"
;;
*)
exit 1
;;
esac
env:
RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
snap:
name: Deploy Snap
runs-on: ubuntu-20.04
needs: setup
env:
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
_TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
steps:
- name: Checkout Repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Install Snap
uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d # v1.2.0
with:
snapcraft_token: ${{ secrets.SNAP_TOKEN }}
- name: Setup
run: mkdir dist
- name: Get Snap package
uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 # v1.1.6
with:
mode: download
tag_name: ${{ env._TAG_VERSION }}
assets: bitwarden_${{ env._PKG_VERSION }}_amd64.snap|./dist/bitwarden_${{ env._PKG_VERSION }}_amd64.snap
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Test
run: ls -alht dist
- name: Deploy to Snap Store
run: |
snapcraft upload dist/bitwarden_${{ env._PKG_VERSION }}_amd64.snap --release stable
snapcraft logout
choco:
name: Deploy Choco
runs-on: windows-2019
needs: setup
env:
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
_TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
steps:
- name: Checkout Repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Get choco release asset
uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 # v1.1.6
with:
mode: download
tag_name: ${{ env._TAG_VERSION }}
assets: bitwarden.${{ env._PKG_VERSION }}.nupkg
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Chocolatey
run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
env:
CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }}
- name: Make dist dir
shell: pwsh
run: New-Item -ItemType directory -Path ./dist
- name: Get nupkg
uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 # v1.1.6
with:
mode: download
tag_name: ${{ env._TAG_VERSION }}
assets: bitwarden.${{ env._PKG_VERSION }}.nupkg|./dist/bitwarden.${{ env._PKG_VERSION }}.nupkg
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Push to Chocolatey
shell: pwsh
run: |
cd dist
choco push
macos:
name: Deploy MacOS
runs-on: macos-10.15
needs: setup
env:
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
_TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Make target directory
run: mkdir -p dist/mas-universal
- name: Get Mac release asset
uses: Xotl/cool-github-releases@16c58a5863d6ba9944f63ca8bb78bb3249ce1d81 # v1.1.6
with:
mode: download
tag_name: ${{ env._TAG_VERSION }}
assets: Bitwarden-${{ env._PKG_VERSION }}-universal.pkg|./dist/mas-universal/Bitwarden-${{ env._PKG_VERSION }}-universal.pkg
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Deploy to App Store
run: npm run upload:mas
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
auto-updater-deploy:
name: Release auto-updater files
runs-on: ubuntu-20.04
needs:
- setup
- snap
- choco
- macos
env:
_TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Rename publish asset
run: |
curl \
-H "Authorization:token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept:application/vnd.github.v3+json" \
https://api.github.com/repos/$GITHUB_REPOSITORY/releases \
| jq -r " .[] | select( .tag_name == \"$_TAG_VERSION\")" > release.json
echo "=====RELEASE====="
echo Release:
#cat release.json
RELEASE_UPLOAD_URL=$(cat release.json | jq -r ' .upload_url ' | cut -d { -f 1)
cat release.json \
| jq -rc ' .assets[] | select( .name | test("prerelease-latest.*[yml|json]")) | {name: .name, url: .url, content_type: .content_type}' > release_assets.jsonl
echo "=====ASSETS====="
echo Release Upload URL: $RELEASE_UPLOAD_URL
echo Release Assets:
cat release_assets.jsonl
while read -r asset; do
FILE_NAME=$(echo $asset | jq -r '.name')
FILE_URL=$(echo $asset | jq -r '.url')
FILE_ID=$(echo $asset | jq -r '.id')
echo "Asset name: $FILE_NAME"
echo "Asset url: $FILE_URL"
echo "Grabbing asset..."
curl \
-L -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/octet-stream" \
$FILE_URL --output $FILE_NAME
NEW_FILE_SIZE=$(wc -c < $FILE_NAME | xargs)
NEW_FILE_NAME=$(echo $FILE_NAME | awk '{split($0,a,"prerelease-"); print a[2]}')
echo "New file size: $NEW_FILE_SIZE"
echo "New file name: $NEW_FILE_NAME"
echo "================"
echo "Deleting remote asset..."
curl \
-X DELETE \
-H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "accept: application/vnd.github.v3+json" \
$FILE_URL
echo "Pushing updated asset..."
curl \
-X POST \
-H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "content-type: text/yaml" \
-H "content-length: $NEW_FILE_SIZE" \
--data-binary @$FILE_NAME \
"$RELEASE_UPLOAD_URL?name=$NEW_FILE_NAME" --http1.1
done < release_assets.jsonl

544
.github/workflows/release.yml vendored
View File

@ -3,20 +3,13 @@ name: Release
on: on:
workflow_dispatch: workflow_dispatch:
inputs:
release_tag_name_input:
description: 'Release Tag Name <X.X.X>'
required: true
browser_extension_ref:
description: 'Browser Extension ref (defaults to `master`):'
default: rc
jobs: jobs:
setup: setup:
name: Setup name: Setup
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
outputs: outputs:
release_upload_url: ${{ steps.create_release.outputs.upload_url }} package_version: ${{ steps.retrieve-version.outputs.package_version }}
steps: steps:
- name: Branch check - name: Branch check
run: | run: |
@ -29,455 +22,174 @@ jobs:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
with:
ref: rc
- name: Create Release Vars - name: Get Package Version
id: create_tags id: retrieve-version
run: | run: |
case "${RELEASE_TAG_NAME_INPUT:0:1}" in PKG_VERSION=$(jq -r .version src/package.json)
v) echo "::set-output name=package_version::$PKG_VERSION"
echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
;;
[0-9])
echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
;;
*)
exit 1
;;
esac
env:
RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
- name: Create Draft Release - name: Check to make sure Desktop release version has been bumped
id: create_release
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with: run: |
tag_name: ${{ env.RELEASE_TAG_NAME }} latest_ver=$(hub release -L 1 -f '%T')
release_name: Version ${{ env.RELEASE_NAME }} latest_ver=${latest_ver:1}
draft: true echo "Latest version: $latest_ver"
prerelease: false ver=${{ steps.retrieve-version.outputs.package_version }}
echo "Version: $ver"
if [ "$latest_ver" = "$ver" ]; then
echo "Version has not been bumped!"
exit 1
fi
linux: - name: Download all artifacts
name: Linux uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
with:
workflow: build.yml
workflow_conclusion: success
branch: rc
- name: Create release
uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09 # v2.8.5
env:
PKG_VERSION: ${{ steps.retrieve-version.outputs.package_version }}
with:
artifacts: "Bitwarden-${{ env.PKG_VERSION }}-amd64.deb,
Bitwarden-${{ env.PKG_VERSION }}-x86_64.rpm,
Bitwarden-${{ env.PKG_VERSION }}-x64.freebsd,
bitwarden_${{ env.PKG_VERSION }}_amd64.snap,
Bitwarden-${{ env.PKG_VERSION }}-x86_64.AppImage,
latest-linux.yml,
Bitwarden-Portable-${{ env.PKG_VERSION }}.exe,
Bitwarden-Installer-${{ env.PKG_VERSION }}.exe,
Bitwarden-${{ env.PKG_VERSION }}-ia32-store.appx,
Bitwarden-${{ env.PKG_VERSION }}-ia32.appx,
bitwarden-${{ env.PKG_VERSION }}-ia32.nsis.7z,
Bitwarden-${{ env.PKG_VERSION }}-x64-store.appx,
Bitwarden-${{ env.PKG_VERSION }}-x64.appx,
bitwarden-${{ env.PKG_VERSION }}-x64.nsis.7z,
Bitwarden-${{ env.PKG_VERSION }}-arm64-store.appx,
Bitwarden-${{ env.PKG_VERSION }}-arm64.appx,
bitwarden-${{ env.PKG_VERSION }}-arm64.nsis.7z,
bitwarden.${{ env.PKG_VERSION }}.nupkg,
latest.yml,
Bitwarden-${{ env.PKG_VERSION }}-mac.zip,
Bitwarden-${{ env.PKG_VERSION }}.dmg,
Bitwarden-${{ env.PKG_VERSION }}.dmg.blockmap,
latest-mac.yml,
Bitwarden-${{ env.PKG_VERSION }}-universal.pkg"
commit: ${{ github.sha }}
tag: v${{ env.PKG_VERSION }}
name: Version ${{ env.PKG_VERSION }}
body: "<insert release notes here>"
token: ${{ secrets.GITHUB_TOKEN }}
draft: true
snap:
name: Deploy Snap
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
needs: setup needs: setup
env:
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
steps: steps:
- name: Checkout repo - name: Checkout Repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with: with:
node-version: '14' ref: rc
- name: Cache Node Modules - name: Install Snap
id: node-modules-cache uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d # v1.2.0
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
with: with:
path: '**/node_modules' snapcraft_token: ${{ secrets.SNAP_TOKEN }}
key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }}
- name: Set Node options - name: Setup
run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV run: mkdir dist
- name: Update NPM - name: Download Snap artifact
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
with:
workflow: build.yml
workflow_conclusion: success
branch: rc
artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap
path: ./dist
- name: Test
run: ls -alht dist
- name: Deploy to Snap Store
run: | run: |
npm install -g npm@7 snapcraft upload dist/bitwarden_${{ env._PKG_VERSION }}_amd64.snap --release stable
npm install -g node-gyp snapcraft logout
node-gyp install $(node -v)
- name: Set up environment
run: |
sudo apt-get update
sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm
- name: Print environment choco:
run: | name: Deploy Choco
node --version
npm --version
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
if: steps.node-modules-cache.outputs.cache-hit != 'true'
run: npm install
- name: Run linter
run: npm run lint
- name: Build & Publish
run: npm run publish:lin
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
windows-signed:
name: Windows Signed
runs-on: windows-2019 runs-on: windows-2019
needs: setup needs: setup
env:
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
steps: steps:
- name: Checkout repo - name: Checkout Repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with: with:
node-version: '14' ref: rc
- name: Cache Node Modules - name: Setup Chocolatey
id: node-modules-cache run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
with:
path: '**/node_modules'
key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }}
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh
- name: Update NPM
run: |
npm install -g npm@7
npm install -g node-gyp
node-gyp install $(node -v)
- name: Install AST
uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac
- name: Set up environment
shell: pwsh
run: |
choco install checksum --no-progress
choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
env: env:
CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }} CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }}
- name: Print environment - name: Make dist dir
run: |
node --version
npm --version
choco --version
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh shell: pwsh
run: New-Item -ItemType directory -Path ./dist
- name: Install Node dependencies - name: Download choco artifact
if: steps.node-modules-cache.outputs.cache-hit != 'true' uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
run: npm install with:
workflow: build.yml
workflow_conclusion: success
branch: rc
artifacts: bitwarden.${{ env._PKG_VERSION }}.nupkg
path: ./dist
- name: Run linter - name: Push to Chocolatey
run: npm run lint
- name: Build, Sign & Release
run: npm run publish:win
env:
ELECTRON_BUILDER_SIGN: 1
SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Package Chocolatey
shell: pwsh shell: pwsh
run: | run: |
Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse cd dist
Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe -Destination ./dist/chocolatey choco push
$checksum = checksum -t sha256 ./dist/chocolatey/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe
$chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1"
(Get-Content $chocoInstall).replace('__version__', "$env:PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall
ls dist/chocolatey
choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:PACKAGE_VERSION" --out ./dist/chocolatey
cd ./dist/chocolatey
- name: Upload Chocolatey nupkg release asset
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
asset_path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
asset_content_type: application
windows-store:
name: Windows Store
runs-on: windows-2019
needs: setup
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: '14'
- name: Cache Node Modules
id: node-modules-cache
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
with:
path: '**/node_modules'
key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }}
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh
- name: Update NPM
run: |
npm install -g npm@7
npm install -g node-gyp
node-gyp install $(node -v)
- name: Set up environment
shell: pwsh
run: |
choco install checksum --no-progress
- name: Print environment
run: |
node --version
npm --version
choco --version
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
if: steps.node-modules-cache.outputs.cache-hit != 'true'
run: npm install
- name: Run linter
run: npm run lint
- name: Build, Sign & Release
run: npm run dist:win:ci
- name: Upload unsigned ia32 Windows Store release asset
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx
asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx
asset_content_type: application
- name: Upload unsigned x64 Windows Store release asset
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx
asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx
asset_content_type: application
- name: Upload unsigned ARM64 Windows Store release asset
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-arm64-store.appx
asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-arm64.appx
asset_content_type: application
macos: macos:
name: MacOS name: Deploy MacOS
runs-on: macos-10.15 runs-on: macos-10.15
needs: setup needs: setup
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: '14'
- name: Cache Node Modules
id: node-modules-cache
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
with:
path: '**/node_modules'
key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }}
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
- name: Update NPM
run: |
npm install -g npm@7
npm install -g node-gyp
node-gyp install $(node -v)
- name: Print environment
run: |
node --version
npm --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Decrypt secrets
run: ./.github/scripts/macos/decrypt-secrets.ps1
shell: pwsh
env:
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
- name: Set up keychain
run: ./.github/scripts/macos/setup-keychain.ps1
shell: pwsh
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
- name: Set up provisioning profiles
run: ./.github/scripts/macos/setup-profiles.ps1
shell: pwsh
- name: Increment version
run: ./.github/scripts/macos/increment-version.ps1
shell: pwsh
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
if: steps.node-modules-cache.outputs.cache-hit != 'true'
run: npm install
- name: Run linter
run: npm run lint
- name: Create Safari directory
shell: pwsh
run: New-Item ./dist-safari -ItemType Directory -ea 0
- name: Checkout browser extension
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
with:
repository: 'bitwarden/browser'
ref: ${{ github.event.inputs.browser_extension_ref }}
path: 'dist-safari/browser'
- name: Build Safari extension
shell: pwsh
run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy
- name: Load Safari extension for .dmg
shell: pwsh
run: ./scripts/safari-build.ps1 -copyonly
- name: Build application (dist)
run: npm run publish:mac
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
- name: Load Safari extension for App Store
shell: pwsh
run: ./scripts/safari-build.ps1 -mas -copyonly
- name: Build application for App Store
run: npm run dist:mac:mas
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
SDKROOT: /Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/
SDK_DIR: /Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/
- name: Upload Apple Store release asset
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg
asset_path: ./dist/mas-universal/Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg
asset_content_type: application
update-release-assets:
name: Update Release Assets
runs-on: ubuntu-20.04
needs:
- setup
- linux
- windows-signed
- macos
env: env:
_TAG_VERSION: ${{ needs.setup.outputs.tag_version }} _PKG_VERSION: ${{ needs.setup.outputs.package_version }}
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
with:
ref: rc
- name: Rename publish asset - name: Make target directory
run: | run: mkdir -p dist/mas-universal
curl \
-H "Authorization:token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept:application/vnd.github.v3+json" \
https://api.github.com/repos/$GITHUB_REPOSITORY/releases \
| jq -r " .[] | select( .tag_name == \"$_TAG_VERSION\")" > release.json
echo "=====RELEASE=====" - name: Download Mac artifact
echo Release: uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
#cat release.json with:
workflow: build.yml
workflow_conclusion: success
branch: rc
artifacts: Bitwarden-${{ env._PKG_VERSION }}-universal.pkg
path: ./dist/mas-universal
RELEASE_UPLOAD_URL=$(cat release.json | jq -r ' .upload_url ' | cut -d { -f 1) - name: Deploy to App Store
cat release.json | jq -rc ' .assets[] | select( .name | test("latest.*[yml|json]")) | {name: .name, url: .url, content_type: .content_type}' > release_assets.jsonl run: npm run upload:mas
env:
echo "=====ASSETS=====" APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
echo Release Upload URL: $RELEASE_UPLOAD_URL APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
echo Release Assets:
cat release_assets.jsonl
while read -r asset; do
FILE_NAME=$(echo $asset | jq -r '.name')
FILE_URL=$(echo $asset | jq -r '.url')
FILE_ID=$(echo $asset | jq -r '.id')
echo "Asset name: $FILE_NAME"
echo "Asset url: $FILE_URL"
echo "Grabbing asset..."
curl \
-L -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/octet-stream" \
$FILE_URL --output $FILE_NAME
NEW_FILE_SIZE=$(wc -c < $FILE_NAME | xargs)
echo "New file size: $NEW_FILE_SIZE"
echo "New file name: $FILE_NAME"
echo "================"
echo "Deleting remote asset..."
curl \
-X DELETE \
-H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "accept: application/vnd.github.v3+json" \
$FILE_URL
echo "Pushing updated asset..."
curl \
-X POST \
-H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "content-type: text/yaml" \
-H "content-length: $NEW_FILE_SIZE" \
--data-binary @$FILE_NAME \
"$RELEASE_UPLOAD_URL?name=prerelease-$FILE_NAME" --http1.1
done < release_assets.jsonl