1
0
mirror of https://github.com/bitwarden/desktop.git synced 2024-11-24 11:55:50 +01:00
bitwarden-desktop/.github/workflows/release.yml
2021-07-09 07:31:34 -07:00

503 lines
17 KiB
YAML

name: Release
on:
workflow_dispatch:
inputs:
release_tag_name_input:
description: 'Release Tag Name <X.X.X>'
required: true
browser_extension_ref:
description: 'Browser Extension ref (defaults to `master`):'
default: rc
jobs:
setup:
name: Setup
runs-on: ubuntu-latest
outputs:
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
steps:
- name: Branch check
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]]; then
echo "==================================="
echo "[!] Can only release from rc branch"
echo "==================================="
exit 1
fi
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Create Release Vars
id: create_tags
run: |
case "${RELEASE_TAG_NAME_INPUT:0:1}" in
v)
echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
;;
[0-9])
echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
;;
*)
exit 1
;;
esac
env:
RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
- name: Create Draft Release
id: create_release
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ env.RELEASE_TAG_NAME }}
release_name: ${{ env.RELEASE_NAME }}
draft: true
prerelease: false
linux:
name: Linux
runs-on: ubuntu-latest
needs: setup
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: '14'
- name: Cache Node Modules
id: node-modules-cache
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
with:
path: '**/node_modules'
key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }}
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
- name: Update NPM
run: |
npm install -g npm@7
npm install -g node-gyp
node-gyp install $(node -v)
- name: Set up environment
run: |
sudo apt-get update
sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm
- name: Print environment
run: |
node --version
npm --version
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
if: steps.node-modules-cache.outputs.cache-hit != 'true'
run: npm install
- name: Run linter
run: npm run lint
- name: Build & Publish
run: npm run publish:lin
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
windows-signed:
name: Windows Signed
runs-on: windows-latest
needs: setup
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Set up dotnet
uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea # v1.8.0
with:
dotnet-version: "3.1.x"
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: '14'
- name: Cache Node Modules
id: node-modules-cache
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
with:
path: '**/node_modules'
key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }}
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh
- name: Update NPM
run: |
npm install -g npm@7
npm install -g node-gyp
node-gyp install $(node -v)
- name: Install AST
shell: pwsh
run: |
cd $HOME
git clone https://github.com/vcsjones/AzureSignTool.git
cd AzureSignTool
$latest_head = $(git rev-parse HEAD)[0..9] -join ""
$latest_version = "0.0.0-g$latest_head"
Write-Host "--------"
Write-Host "git commit - $(git rev-parse HEAD)"
Write-Host "latest_head - $latest_head"
Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
Write-Host "--------"
dotnet restore
dotnet pack --output ./nupkg
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
- name: Set up environment
shell: pwsh
run: |
choco install checksum --no-progress
choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
env:
CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }}
- name: Print environment
run: |
node --version
npm --version
choco --version
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
if: steps.node-modules-cache.outputs.cache-hit != 'true'
run: npm install
- name: Run linter
run: npm run lint
- name: Build, Sign & Release
run: npm run publish:win
env:
ELECTRON_BUILDER_SIGN: 1
SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Package Chocolatey
shell: pwsh
run: |
Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse
Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe -Destination ./dist/chocolatey
$checksum = checksum -t sha256 ./dist/chocolatey/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe
$chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1"
(Get-Content $chocoInstall).replace('__version__', "$env:PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall
ls dist/chocolatey
choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:PACKAGE_VERSION" --out ./dist/chocolatey
cd ./dist/chocolatey
- name: Upload Chocolatey nupkg release asset
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
asset_path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
asset_content_type: application
windows-store:
name: Windows Store
runs-on: windows-latest
needs: setup
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: '14'
- name: Cache Node Modules
id: node-modules-cache
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
with:
path: '**/node_modules'
key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }}
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh
- name: Update NPM
run: |
npm install -g npm@7
npm install -g node-gyp
node-gyp install $(node -v)
- name: Set up environment
shell: pwsh
run: |
choco install checksum --no-progress
- name: Print environment
run: |
node --version
npm --version
choco --version
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
if: steps.node-modules-cache.outputs.cache-hit != 'true'
run: npm install
- name: Run linter
run: npm run lint
- name: Build, Sign & Release
run: npm run dist:win:ci
- name: Upload unsigned ia32 Windows Store release asset
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx
asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx
asset_content_type: application
- name: Upload unsigned x64 Windows Store release asset
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx
asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx
asset_content_type: application
- name: Upload unsigned ARM64 Windows Store release asset
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-arm64-store.appx
asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-arm64.appx
asset_content_type: application
macos:
name: MacOS
runs-on: macos-latest
needs: setup
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: '14'
- name: Cache Node Modules
id: node-modules-cache
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
with:
path: '**/node_modules'
key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }}
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
- name: Update NPM
run: |
npm install -g npm@7
npm install -g node-gyp
node-gyp install $(node -v)
- name: Print environment
run: |
node --version
npm --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Decrypt secrets
run: ./.github/scripts/macos/decrypt-secrets.ps1
shell: pwsh
env:
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
- name: Set up keychain
run: ./.github/scripts/macos/setup-keychain.ps1
shell: pwsh
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
- name: Set up provisioning profiles
run: ./.github/scripts/macos/setup-profiles.ps1
shell: pwsh
- name: Increment version
run: ./.github/scripts/macos/increment-version.ps1
shell: pwsh
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
if: steps.node-modules-cache.outputs.cache-hit != 'true'
run: npm install
- name: Run linter
run: npm run lint
- name: Create Safari directory
shell: pwsh
run: New-Item ./dist-safari -ItemType Directory -ea 0
- name: Checkout browser extension
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
with:
repository: 'bitwarden/browser'
ref: ${{ github.event.inputs.browser_extension_ref }}
path: 'dist-safari/browser'
- name: Build Safari extension
shell: pwsh
run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy
- name: Load Safari extension for .dmg
shell: pwsh
run: ./scripts/safari-build.ps1 -copyonly
- name: Build application (dist)
run: npm run publish:mac
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
- name: Load Safari extension for App Store
shell: pwsh
run: ./scripts/safari-build.ps1 -mas -copyonly
- name: Build application for App Store
run: npm run dist:mac:mas
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
SDKROOT: /Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/
SDK_DIR: /Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/
- name: Upload Apple Store release asset
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg
asset_path: ./dist/mas-universal/Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg
asset_content_type: application
update-release-assets:
runs-on: ubuntu-latest
needs:
- setup
- linux
env:
PKG_VERSION: ${{ needs.setup.outputs.package_version }}
TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Rename publish asset
run: |
curl \
-H "Authorization:token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept:application/vnd.github.v3+json" \
https://api.github.com/repos/$GITHUB_REPOSITORY/releases \
| jq -r " .[] | select( .tag_name == \"$TAG_VERSION\")" > release.json
echo "=====RELEASE====="
echo Release:
#cat release.json
RELEASE_UPLOAD_URL=$(cat release.json | jq -r ' .upload_url ' | cut -d { -f 1)
cat release.json | jq -rc ' .assets[] | select( .name | test("latest.*[yml|json]")) | {name: .name, url: .url, content_type: .content_type}' > release_assets.jsonl
echo "=====ASSETS====="
echo Release Upload URL: $RELEASE_UPLOAD_URL
echo Release Assets:
cat release_assets.jsonl
while read -r asset; do
FILE_NAME=$(echo $asset | jq -r '.name')
FILE_URL=$(echo $asset | jq -r '.url')
FILE_ID=$(echo $asset | jq -r '.id')
echo "Asset name: $FILE_NAME"
echo "Asset url: $FILE_URL"
echo "Grabbing asset..."
curl \
-L -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/octet-stream" \
$FILE_URL --output $FILE_NAME
NEW_FILE_SIZE=$(wc -c < $FILE_NAME | xargs)
echo "New file size: $NEW_FILE_SIZE"
echo "New file name: $FILE_NAME"
echo "================"
echo "Deleting remote asset..."
curl \
-X DELETE \
-H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "accept: application/vnd.github.v3+json" \
$FILE_URL
echo "Pushing updated asset..."
curl \
-X POST \
-H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "content-type: text/yaml" \
-H "content-length: $NEW_FILE_SIZE" \
--data-binary @$FILE_NAME \
"$RELEASE_UPLOAD_URL?name=prerelease-$FILE_NAME" --http1.1
done < release_assets.jsonl