Upstream
/
bitwarden-desktop
mirror of https://github.com/bitwarden/desktop.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Pinning ast version (#1080) 

* Pinning version of AST instead of using latest

* adding the pinned version of the commit

* adding an array join

* pinning version of dotnet

* trying the AST pin of the version we started using

* disabling jobs and adding test step to window job

* adding dotnet 2.1.x to see if that fixes the issue

* removing the test code and testing the addition of .net 2.1.x

* repinning to last successful sign

* trying the newest version of AST

* disabling the non-windows jobs again

* disabling the windows build job and added a test job

* removing stray comma

* changing the multiline delimiter

* pivoting away from our EV cert and testing with a test one

* switching back to the EV cert and adding a verbose flag

* disabling some steps that are breaking

* swithing back to the test cert

* testing new format for the ast command

* removing the node portions of the test since they are not needed

* trying AST without the tenat-id

* rolling back to original commit

* switching to custom AST for better troubleshooting

* removing the ast commit logic and forcing latest

* fixing up the pwsh sign command

* fixing the AST verison

* making sure that the secrets are not blank

* trying the EV cert for signing

* Using pinned commit from AST instead of custom code

* fixing env

* building the actually pinned commit instead of whatever the other thing was...

* testing the windows job

* removing the dotnet 2.1.x dependency since the older AST version shouldn't need it

* reenabling the test ast job since something is failing

* moving the git switch command

* testing new gh-action

* fixing the gh-action path

* updating the hash of the new action

* enabling the build jobs again

* updating the hash for the new Install AST action

* fixing linter issues
This commit is contained in:
Joseph Flinn 2021-09-16 10:15:05 -07:00 committed by GitHub
parent eac84128ed
commit c99a543030
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 25 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
.github/workflows/build.yml vendored
View File

@ -10,7 +10,7 @@ on:
jobs:
cloc:
name: CLOC
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
@ -23,9 +23,10 @@ jobs:
- name: Print lines of code
run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
linux:
name: Linux Build
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
@ -115,18 +116,14 @@ jobs:
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage
if-no-files-found: error
windows:
name: Windows Build
runs-on: windows-latest
runs-on: windows-2019
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Set up dotnet
uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea # v1.8.0
with:
dotnet-version: "3.1.x"
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
@ -150,24 +147,7 @@ jobs:
node-gyp install $(node -v)
- name: Install AST
shell: pwsh
run: |
cd $HOME
git clone https://github.com/vcsjones/AzureSignTool.git
cd AzureSignTool
$latest_head = $(git rev-parse HEAD)[0..9] -join ""
$latest_version = "0.0.0-g$latest_head"
Write-Host "--------"
Write-Host "git commit - $(git rev-parse HEAD)"
Write-Host "latest_head - $latest_head"
Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
Write-Host "--------"
dotnet restore
dotnet pack --output ./nupkg
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac
- name: Set up environment
shell: pwsh
@ -267,7 +247,7 @@ jobs:
macos-build:
name: MacOS Build
runs-on: macos-latest
runs-on: macos-11
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
@ -368,7 +348,7 @@ jobs:
macos-package-github:
name: MacOS Package GitHub Release Assets
runs-on: macos-latest
runs-on: macos-11
needs: macos-build
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
steps:
@ -498,7 +478,7 @@ jobs:
macos-package-mas:
name: MacOS Package Prod Release Asset
runs-on: macos-latest
runs-on: macos-11
needs: macos-build
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
steps:
@ -624,7 +604,7 @@ jobs:
macos-package-dev:
name: MacOS Package Dev Release Asset
if: false # We need to look into how code signing works for dev
runs-on: macos-latest
runs-on: macos-11
needs: macos-build
steps:
- name: Checkout repo

13
.github/workflows/deploy.yml vendored
View File

@ -11,7 +11,7 @@ on:
jobs:
setup:
name: Setup
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
outputs:
package_version: ${{ steps.create_tags.outputs.package_version }}
tag_version: ${{ steps.create_tags.outputs.tag_version }}
@ -45,7 +45,7 @@ jobs:
snap:
name: Deploy Snap
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs: setup
env:
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
@ -81,7 +81,7 @@ jobs:
choco:
name: Deploy Choco
runs-on: windows-latest
runs-on: windows-2019
needs: setup
env:
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
@ -124,7 +124,7 @@ jobs:
macos:
name: Deploy MacOS
runs-on: macos-latest
runs-on: macos-11
needs: setup
env:
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
@ -153,7 +153,7 @@ jobs:
auto-updater-deploy:
name: Release auto-updater files
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs:
- setup
- snap
@ -178,7 +178,8 @@ jobs:
#cat release.json
RELEASE_UPLOAD_URL=$(cat release.json | jq -r ' .upload_url ' | cut -d { -f 1)
cat release.json | jq -rc ' .assets[] | select( .name | test("prerelease-latest.*[yml|json]")) | {name: .name, url: .url, content_type: .content_type}' > release_assets.jsonl
cat release.json \
| jq -rc ' .assets[] | select( .name | test("prerelease-latest.*[yml|json]")) | {name: .name, url: .url, content_type: .content_type}' > release_assets.jsonl
echo "=====ASSETS====="
echo Release Upload URL: $RELEASE_UPLOAD_URL

36
.github/workflows/release.yml vendored
View File

@ -14,7 +14,7 @@ on:
jobs:
setup:
name: Setup
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
outputs:
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
steps:
@ -62,7 +62,7 @@ jobs:
linux:
name: Linux
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs: setup
steps:
- name: Checkout repo
@ -117,17 +117,12 @@ jobs:
windows-signed:
name: Windows Signed
runs-on: windows-latest
runs-on: windows-2019
needs: setup
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Set up dotnet
uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea # v1.8.0
with:
dotnet-version: "3.1.x"
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
@ -151,24 +146,7 @@ jobs:
node-gyp install $(node -v)
- name: Install AST
shell: pwsh
run: |
cd $HOME
git clone https://github.com/vcsjones/AzureSignTool.git
cd AzureSignTool
$latest_head = $(git rev-parse HEAD)[0..9] -join ""
$latest_version = "0.0.0-g$latest_head"
Write-Host "--------"
Write-Host "git commit - $(git rev-parse HEAD)"
Write-Host "latest_head - $latest_head"
Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
Write-Host "--------"
dotnet restore
dotnet pack --output ./nupkg
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac
- name: Set up environment
shell: pwsh
@ -231,7 +209,7 @@ jobs:
windows-store:
name: Windows Store
runs-on: windows-latest
runs-on: windows-2019
needs: setup
steps:
- name: Checkout repo
@ -316,7 +294,7 @@ jobs:
macos:
name: MacOS
runs-on: macos-latest
runs-on: macos-11
needs: setup
steps:
- name: Checkout repo
@ -437,7 +415,7 @@ jobs:
update-release-assets:
name: Update Release Assets
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs:
- setup
- linux

2
sign.js
View File

@ -5,7 +5,7 @@ exports.default = async function(configuration) {
) {
console.log(`[*] Signing file: ${configuration.path}`)
require("child_process").execSync(
`azuresigntool sign ` +
`azuresigntool sign -v ` +
`-kvu ${process.env.SIGNING_VAULT_URL} ` +
`-kvi ${process.env.SIGNING_CLIENT_ID} ` +
`-kvt ${process.env.SIGNING_TENANT_ID} ` +