Pinning ast version (#1080)
* Pinning version of AST instead of using latest * adding the pinned version of the commit * adding an array join * pinning version of dotnet * trying the AST pin of the version we started using * disabling jobs and adding test step to window job * adding dotnet 2.1.x to see if that fixes the issue * removing the test code and testing the addition of .net 2.1.x * repinning to last successful sign * trying the newest version of AST * disabling the non-windows jobs again * disabling the windows build job and added a test job * removing stray comma * changing the multiline delimiter * pivoting away from our EV cert and testing with a test one * switching back to the EV cert and adding a verbose flag * disabling some steps that are breaking * swithing back to the test cert * testing new format for the ast command * removing the node portions of the test since they are not needed * trying AST without the tenat-id * rolling back to original commit * switching to custom AST for better troubleshooting * removing the ast commit logic and forcing latest * fixing up the pwsh sign command * fixing the AST verison * making sure that the secrets are not blank * trying the EV cert for signing * Using pinned commit from AST instead of custom code * fixing env * building the actually pinned commit instead of whatever the other thing was... * testing the windows job * removing the dotnet 2.1.x dependency since the older AST version shouldn't need it * reenabling the test ast job since something is failing * moving the git switch command * testing new gh-action * fixing the gh-action path * updating the hash of the new action * enabling the build jobs again * updating the hash for the new Install AST action * fixing linter issues
This commit is contained in:
parent
eac84128ed
commit
c99a543030
|
@ -10,7 +10,7 @@ on:
|
||||||
jobs:
|
jobs:
|
||||||
cloc:
|
cloc:
|
||||||
name: CLOC
|
name: CLOC
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-20.04
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repo
|
- name: Checkout repo
|
||||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
||||||
|
@ -23,9 +23,10 @@ jobs:
|
||||||
- name: Print lines of code
|
- name: Print lines of code
|
||||||
run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
|
run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
|
||||||
|
|
||||||
|
|
||||||
linux:
|
linux:
|
||||||
name: Linux Build
|
name: Linux Build
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-20.04
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repo
|
- name: Checkout repo
|
||||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
||||||
|
@ -115,18 +116,14 @@ jobs:
|
||||||
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage
|
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage
|
||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
|
|
||||||
windows:
|
windows:
|
||||||
name: Windows Build
|
name: Windows Build
|
||||||
runs-on: windows-latest
|
runs-on: windows-2019
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repo
|
- name: Checkout repo
|
||||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
||||||
|
|
||||||
- name: Set up dotnet
|
|
||||||
uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea # v1.8.0
|
|
||||||
with:
|
|
||||||
dotnet-version: "3.1.x"
|
|
||||||
|
|
||||||
- name: Set up Node
|
- name: Set up Node
|
||||||
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
|
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
|
||||||
with:
|
with:
|
||||||
|
@ -150,24 +147,7 @@ jobs:
|
||||||
node-gyp install $(node -v)
|
node-gyp install $(node -v)
|
||||||
|
|
||||||
- name: Install AST
|
- name: Install AST
|
||||||
shell: pwsh
|
uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac
|
||||||
run: |
|
|
||||||
cd $HOME
|
|
||||||
|
|
||||||
git clone https://github.com/vcsjones/AzureSignTool.git
|
|
||||||
cd AzureSignTool
|
|
||||||
$latest_head = $(git rev-parse HEAD)[0..9] -join ""
|
|
||||||
$latest_version = "0.0.0-g$latest_head"
|
|
||||||
|
|
||||||
Write-Host "--------"
|
|
||||||
Write-Host "git commit - $(git rev-parse HEAD)"
|
|
||||||
Write-Host "latest_head - $latest_head"
|
|
||||||
Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
|
|
||||||
Write-Host "--------"
|
|
||||||
|
|
||||||
dotnet restore
|
|
||||||
dotnet pack --output ./nupkg
|
|
||||||
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
|
|
||||||
|
|
||||||
- name: Set up environment
|
- name: Set up environment
|
||||||
shell: pwsh
|
shell: pwsh
|
||||||
|
@ -267,7 +247,7 @@ jobs:
|
||||||
|
|
||||||
macos-build:
|
macos-build:
|
||||||
name: MacOS Build
|
name: MacOS Build
|
||||||
runs-on: macos-latest
|
runs-on: macos-11
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repo
|
- name: Checkout repo
|
||||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
||||||
|
@ -368,7 +348,7 @@ jobs:
|
||||||
|
|
||||||
macos-package-github:
|
macos-package-github:
|
||||||
name: MacOS Package GitHub Release Assets
|
name: MacOS Package GitHub Release Assets
|
||||||
runs-on: macos-latest
|
runs-on: macos-11
|
||||||
needs: macos-build
|
needs: macos-build
|
||||||
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||||
steps:
|
steps:
|
||||||
|
@ -498,7 +478,7 @@ jobs:
|
||||||
|
|
||||||
macos-package-mas:
|
macos-package-mas:
|
||||||
name: MacOS Package Prod Release Asset
|
name: MacOS Package Prod Release Asset
|
||||||
runs-on: macos-latest
|
runs-on: macos-11
|
||||||
needs: macos-build
|
needs: macos-build
|
||||||
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||||
steps:
|
steps:
|
||||||
|
@ -624,7 +604,7 @@ jobs:
|
||||||
macos-package-dev:
|
macos-package-dev:
|
||||||
name: MacOS Package Dev Release Asset
|
name: MacOS Package Dev Release Asset
|
||||||
if: false # We need to look into how code signing works for dev
|
if: false # We need to look into how code signing works for dev
|
||||||
runs-on: macos-latest
|
runs-on: macos-11
|
||||||
needs: macos-build
|
needs: macos-build
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repo
|
- name: Checkout repo
|
||||||
|
|
|
@ -11,7 +11,7 @@ on:
|
||||||
jobs:
|
jobs:
|
||||||
setup:
|
setup:
|
||||||
name: Setup
|
name: Setup
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-20.04
|
||||||
outputs:
|
outputs:
|
||||||
package_version: ${{ steps.create_tags.outputs.package_version }}
|
package_version: ${{ steps.create_tags.outputs.package_version }}
|
||||||
tag_version: ${{ steps.create_tags.outputs.tag_version }}
|
tag_version: ${{ steps.create_tags.outputs.tag_version }}
|
||||||
|
@ -45,7 +45,7 @@ jobs:
|
||||||
|
|
||||||
snap:
|
snap:
|
||||||
name: Deploy Snap
|
name: Deploy Snap
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-20.04
|
||||||
needs: setup
|
needs: setup
|
||||||
env:
|
env:
|
||||||
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
|
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
|
||||||
|
@ -81,7 +81,7 @@ jobs:
|
||||||
|
|
||||||
choco:
|
choco:
|
||||||
name: Deploy Choco
|
name: Deploy Choco
|
||||||
runs-on: windows-latest
|
runs-on: windows-2019
|
||||||
needs: setup
|
needs: setup
|
||||||
env:
|
env:
|
||||||
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
|
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
|
||||||
|
@ -124,7 +124,7 @@ jobs:
|
||||||
|
|
||||||
macos:
|
macos:
|
||||||
name: Deploy MacOS
|
name: Deploy MacOS
|
||||||
runs-on: macos-latest
|
runs-on: macos-11
|
||||||
needs: setup
|
needs: setup
|
||||||
env:
|
env:
|
||||||
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
|
_PKG_VERSION: ${{ needs.setup.outputs.package_version }}
|
||||||
|
@ -153,7 +153,7 @@ jobs:
|
||||||
|
|
||||||
auto-updater-deploy:
|
auto-updater-deploy:
|
||||||
name: Release auto-updater files
|
name: Release auto-updater files
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-20.04
|
||||||
needs:
|
needs:
|
||||||
- setup
|
- setup
|
||||||
- snap
|
- snap
|
||||||
|
@ -178,7 +178,8 @@ jobs:
|
||||||
#cat release.json
|
#cat release.json
|
||||||
|
|
||||||
RELEASE_UPLOAD_URL=$(cat release.json | jq -r ' .upload_url ' | cut -d { -f 1)
|
RELEASE_UPLOAD_URL=$(cat release.json | jq -r ' .upload_url ' | cut -d { -f 1)
|
||||||
cat release.json | jq -rc ' .assets[] | select( .name | test("prerelease-latest.*[yml|json]")) | {name: .name, url: .url, content_type: .content_type}' > release_assets.jsonl
|
cat release.json \
|
||||||
|
| jq -rc ' .assets[] | select( .name | test("prerelease-latest.*[yml|json]")) | {name: .name, url: .url, content_type: .content_type}' > release_assets.jsonl
|
||||||
|
|
||||||
echo "=====ASSETS====="
|
echo "=====ASSETS====="
|
||||||
echo Release Upload URL: $RELEASE_UPLOAD_URL
|
echo Release Upload URL: $RELEASE_UPLOAD_URL
|
||||||
|
|
|
@ -14,7 +14,7 @@ on:
|
||||||
jobs:
|
jobs:
|
||||||
setup:
|
setup:
|
||||||
name: Setup
|
name: Setup
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-20.04
|
||||||
outputs:
|
outputs:
|
||||||
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
|
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||||
steps:
|
steps:
|
||||||
|
@ -62,7 +62,7 @@ jobs:
|
||||||
|
|
||||||
linux:
|
linux:
|
||||||
name: Linux
|
name: Linux
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-20.04
|
||||||
needs: setup
|
needs: setup
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repo
|
- name: Checkout repo
|
||||||
|
@ -117,17 +117,12 @@ jobs:
|
||||||
|
|
||||||
windows-signed:
|
windows-signed:
|
||||||
name: Windows Signed
|
name: Windows Signed
|
||||||
runs-on: windows-latest
|
runs-on: windows-2019
|
||||||
needs: setup
|
needs: setup
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repo
|
- name: Checkout repo
|
||||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
||||||
|
|
||||||
- name: Set up dotnet
|
|
||||||
uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea # v1.8.0
|
|
||||||
with:
|
|
||||||
dotnet-version: "3.1.x"
|
|
||||||
|
|
||||||
- name: Set up Node
|
- name: Set up Node
|
||||||
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
|
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
|
||||||
with:
|
with:
|
||||||
|
@ -151,24 +146,7 @@ jobs:
|
||||||
node-gyp install $(node -v)
|
node-gyp install $(node -v)
|
||||||
|
|
||||||
- name: Install AST
|
- name: Install AST
|
||||||
shell: pwsh
|
uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac
|
||||||
run: |
|
|
||||||
cd $HOME
|
|
||||||
|
|
||||||
git clone https://github.com/vcsjones/AzureSignTool.git
|
|
||||||
cd AzureSignTool
|
|
||||||
$latest_head = $(git rev-parse HEAD)[0..9] -join ""
|
|
||||||
$latest_version = "0.0.0-g$latest_head"
|
|
||||||
|
|
||||||
Write-Host "--------"
|
|
||||||
Write-Host "git commit - $(git rev-parse HEAD)"
|
|
||||||
Write-Host "latest_head - $latest_head"
|
|
||||||
Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
|
|
||||||
Write-Host "--------"
|
|
||||||
|
|
||||||
dotnet restore
|
|
||||||
dotnet pack --output ./nupkg
|
|
||||||
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
|
|
||||||
|
|
||||||
- name: Set up environment
|
- name: Set up environment
|
||||||
shell: pwsh
|
shell: pwsh
|
||||||
|
@ -231,7 +209,7 @@ jobs:
|
||||||
|
|
||||||
windows-store:
|
windows-store:
|
||||||
name: Windows Store
|
name: Windows Store
|
||||||
runs-on: windows-latest
|
runs-on: windows-2019
|
||||||
needs: setup
|
needs: setup
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repo
|
- name: Checkout repo
|
||||||
|
@ -316,7 +294,7 @@ jobs:
|
||||||
|
|
||||||
macos:
|
macos:
|
||||||
name: MacOS
|
name: MacOS
|
||||||
runs-on: macos-latest
|
runs-on: macos-11
|
||||||
needs: setup
|
needs: setup
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repo
|
- name: Checkout repo
|
||||||
|
@ -437,7 +415,7 @@ jobs:
|
||||||
|
|
||||||
update-release-assets:
|
update-release-assets:
|
||||||
name: Update Release Assets
|
name: Update Release Assets
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-20.04
|
||||||
needs:
|
needs:
|
||||||
- setup
|
- setup
|
||||||
- linux
|
- linux
|
||||||
|
|
2
sign.js
2
sign.js
|
@ -5,7 +5,7 @@ exports.default = async function(configuration) {
|
||||||
) {
|
) {
|
||||||
console.log(`[*] Signing file: ${configuration.path}`)
|
console.log(`[*] Signing file: ${configuration.path}`)
|
||||||
require("child_process").execSync(
|
require("child_process").execSync(
|
||||||
`azuresigntool sign ` +
|
`azuresigntool sign -v ` +
|
||||||
`-kvu ${process.env.SIGNING_VAULT_URL} ` +
|
`-kvu ${process.env.SIGNING_VAULT_URL} ` +
|
||||||
`-kvi ${process.env.SIGNING_CLIENT_ID} ` +
|
`-kvi ${process.env.SIGNING_CLIENT_ID} ` +
|
||||||
`-kvt ${process.env.SIGNING_TENANT_ID} ` +
|
`-kvt ${process.env.SIGNING_TENANT_ID} ` +
|
||||||
|
|
Loading…
Reference in New Issue