484 lines
16 KiB
YAML
484 lines
16 KiB
YAML
---
|
|
name: Release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
release_tag_name_input:
|
|
description: 'Release Tag Name <X.X.X>'
|
|
required: true
|
|
browser_extension_ref:
|
|
description: 'Browser Extension ref (defaults to `master`):'
|
|
default: rc
|
|
|
|
jobs:
|
|
setup:
|
|
name: Setup
|
|
runs-on: ubuntu-20.04
|
|
outputs:
|
|
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
|
|
steps:
|
|
- name: Branch check
|
|
run: |
|
|
if [[ "$GITHUB_REF" != "refs/heads/rc" ]]; then
|
|
echo "==================================="
|
|
echo "[!] Can only release from rc branch"
|
|
echo "==================================="
|
|
exit 1
|
|
fi
|
|
|
|
- name: Checkout repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
|
|
|
- name: Create Release Vars
|
|
id: create_tags
|
|
run: |
|
|
case "${RELEASE_TAG_NAME_INPUT:0:1}" in
|
|
v)
|
|
echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
|
|
echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
|
;;
|
|
[0-9])
|
|
echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
|
echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
|
;;
|
|
*)
|
|
exit 1
|
|
;;
|
|
esac
|
|
env:
|
|
RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
|
|
|
|
- name: Create Draft Release
|
|
id: create_release
|
|
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tag_name: ${{ env.RELEASE_TAG_NAME }}
|
|
release_name: Version ${{ env.RELEASE_NAME }}
|
|
draft: true
|
|
prerelease: false
|
|
|
|
linux:
|
|
name: Linux
|
|
runs-on: ubuntu-20.04
|
|
needs: setup
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
|
|
with:
|
|
node-version: '14'
|
|
|
|
- name: Cache Node Modules
|
|
id: node-modules-cache
|
|
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
|
|
with:
|
|
path: '**/node_modules'
|
|
key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }}
|
|
|
|
- name: Set Node options
|
|
run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
|
|
|
|
- name: Update NPM
|
|
run: |
|
|
npm install -g npm@7
|
|
npm install -g node-gyp
|
|
node-gyp install $(node -v)
|
|
|
|
- name: Set up environment
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm
|
|
|
|
- name: Print environment
|
|
run: |
|
|
node --version
|
|
npm --version
|
|
|
|
- name: Load package version
|
|
run: ./.github/scripts/load-version.ps1
|
|
shell: pwsh
|
|
|
|
- name: Install Node dependencies
|
|
if: steps.node-modules-cache.outputs.cache-hit != 'true'
|
|
run: npm install
|
|
|
|
- name: Run linter
|
|
run: npm run lint
|
|
|
|
- name: Build & Publish
|
|
run: npm run publish:lin
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
windows-signed:
|
|
name: Windows Signed
|
|
runs-on: windows-2019
|
|
needs: setup
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
|
|
with:
|
|
node-version: '14'
|
|
|
|
- name: Cache Node Modules
|
|
id: node-modules-cache
|
|
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
|
|
with:
|
|
path: '**/node_modules'
|
|
key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }}
|
|
|
|
- name: Set Node options
|
|
run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
|
shell: pwsh
|
|
|
|
- name: Update NPM
|
|
run: |
|
|
npm install -g npm@7
|
|
npm install -g node-gyp
|
|
node-gyp install $(node -v)
|
|
|
|
- name: Install AST
|
|
uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac
|
|
|
|
- name: Set up environment
|
|
shell: pwsh
|
|
run: |
|
|
choco install checksum --no-progress
|
|
choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
|
|
env:
|
|
CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }}
|
|
|
|
- name: Print environment
|
|
run: |
|
|
node --version
|
|
npm --version
|
|
choco --version
|
|
|
|
- name: Load package version
|
|
run: ./.github/scripts/load-version.ps1
|
|
shell: pwsh
|
|
|
|
- name: Install Node dependencies
|
|
if: steps.node-modules-cache.outputs.cache-hit != 'true'
|
|
run: npm install
|
|
|
|
- name: Run linter
|
|
run: npm run lint
|
|
|
|
- name: Build, Sign & Release
|
|
run: npm run publish:win
|
|
env:
|
|
ELECTRON_BUILDER_SIGN: 1
|
|
SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
|
|
SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
|
|
SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
|
|
SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
|
|
SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Package Chocolatey
|
|
shell: pwsh
|
|
run: |
|
|
Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse
|
|
Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe -Destination ./dist/chocolatey
|
|
|
|
$checksum = checksum -t sha256 ./dist/chocolatey/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe
|
|
$chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1"
|
|
(Get-Content $chocoInstall).replace('__version__', "$env:PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall
|
|
ls dist/chocolatey
|
|
choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:PACKAGE_VERSION" --out ./dist/chocolatey
|
|
cd ./dist/chocolatey
|
|
|
|
- name: Upload Chocolatey nupkg release asset
|
|
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
upload_url: ${{ needs.setup.outputs.release_upload_url }}
|
|
asset_name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
|
|
asset_path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
|
|
asset_content_type: application
|
|
|
|
windows-store:
|
|
name: Windows Store
|
|
runs-on: windows-2019
|
|
needs: setup
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
|
|
with:
|
|
node-version: '14'
|
|
|
|
- name: Cache Node Modules
|
|
id: node-modules-cache
|
|
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
|
|
with:
|
|
path: '**/node_modules'
|
|
key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }}
|
|
|
|
- name: Set Node options
|
|
run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
|
shell: pwsh
|
|
|
|
- name: Update NPM
|
|
run: |
|
|
npm install -g npm@7
|
|
npm install -g node-gyp
|
|
node-gyp install $(node -v)
|
|
|
|
- name: Set up environment
|
|
shell: pwsh
|
|
run: |
|
|
choco install checksum --no-progress
|
|
|
|
- name: Print environment
|
|
run: |
|
|
node --version
|
|
npm --version
|
|
choco --version
|
|
|
|
- name: Load package version
|
|
run: ./.github/scripts/load-version.ps1
|
|
shell: pwsh
|
|
|
|
- name: Install Node dependencies
|
|
if: steps.node-modules-cache.outputs.cache-hit != 'true'
|
|
run: npm install
|
|
|
|
- name: Run linter
|
|
run: npm run lint
|
|
|
|
- name: Build, Sign & Release
|
|
run: npm run dist:win:ci
|
|
|
|
- name: Upload unsigned ia32 Windows Store release asset
|
|
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
upload_url: ${{ needs.setup.outputs.release_upload_url }}
|
|
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx
|
|
asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx
|
|
asset_content_type: application
|
|
|
|
- name: Upload unsigned x64 Windows Store release asset
|
|
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
upload_url: ${{ needs.setup.outputs.release_upload_url }}
|
|
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx
|
|
asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx
|
|
asset_content_type: application
|
|
|
|
- name: Upload unsigned ARM64 Windows Store release asset
|
|
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
upload_url: ${{ needs.setup.outputs.release_upload_url }}
|
|
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-arm64-store.appx
|
|
asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-arm64.appx
|
|
asset_content_type: application
|
|
|
|
macos:
|
|
name: MacOS
|
|
runs-on: macos-11
|
|
needs: setup
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
|
|
with:
|
|
node-version: '14'
|
|
|
|
- name: Cache Node Modules
|
|
id: node-modules-cache
|
|
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
|
|
with:
|
|
path: '**/node_modules'
|
|
key: ${{ runner.os }}-${{ github.run_id }}-node-${{ hashFiles('**/package-lock.json') }}
|
|
|
|
- name: Set Node options
|
|
run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
|
|
|
|
- name: Update NPM
|
|
run: |
|
|
npm install -g npm@7
|
|
npm install -g node-gyp
|
|
node-gyp install $(node -v)
|
|
|
|
- name: Print environment
|
|
run: |
|
|
node --version
|
|
npm --version
|
|
echo "GitHub ref: $GITHUB_REF"
|
|
echo "GitHub event: $GITHUB_EVENT"
|
|
|
|
- name: Decrypt secrets
|
|
run: ./.github/scripts/macos/decrypt-secrets.ps1
|
|
shell: pwsh
|
|
env:
|
|
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
|
|
|
- name: Set up keychain
|
|
run: ./.github/scripts/macos/setup-keychain.ps1
|
|
shell: pwsh
|
|
env:
|
|
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
|
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
|
|
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
|
|
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
|
|
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
|
|
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
|
|
- name: Set up provisioning profiles
|
|
run: ./.github/scripts/macos/setup-profiles.ps1
|
|
shell: pwsh
|
|
|
|
- name: Increment version
|
|
run: ./.github/scripts/macos/increment-version.ps1
|
|
shell: pwsh
|
|
|
|
- name: Load package version
|
|
run: ./.github/scripts/load-version.ps1
|
|
shell: pwsh
|
|
|
|
- name: Install Node dependencies
|
|
if: steps.node-modules-cache.outputs.cache-hit != 'true'
|
|
run: npm install
|
|
|
|
- name: Run linter
|
|
run: npm run lint
|
|
|
|
- name: Create Safari directory
|
|
shell: pwsh
|
|
run: New-Item ./dist-safari -ItemType Directory -ea 0
|
|
|
|
- name: Checkout browser extension
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
|
with:
|
|
repository: 'bitwarden/browser'
|
|
ref: ${{ github.event.inputs.browser_extension_ref }}
|
|
path: 'dist-safari/browser'
|
|
|
|
- name: Build Safari extension
|
|
shell: pwsh
|
|
run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy
|
|
|
|
- name: Load Safari extension for .dmg
|
|
shell: pwsh
|
|
run: ./scripts/safari-build.ps1 -copyonly
|
|
|
|
- name: Build application (dist)
|
|
run: npm run publish:mac
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
|
|
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
|
|
- name: Load Safari extension for App Store
|
|
shell: pwsh
|
|
run: ./scripts/safari-build.ps1 -mas -copyonly
|
|
|
|
- name: Build application for App Store
|
|
run: npm run dist:mac:mas
|
|
env:
|
|
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
|
|
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
SDKROOT: /Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/
|
|
SDK_DIR: /Library/Developer/CommandLineTools/SDKs/MacOSX11.1.sdk/
|
|
|
|
- name: Upload Apple Store release asset
|
|
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
upload_url: ${{ needs.setup.outputs.release_upload_url }}
|
|
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg
|
|
asset_path: ./dist/mas-universal/Bitwarden-${{ env.PACKAGE_VERSION }}-universal.pkg
|
|
asset_content_type: application
|
|
|
|
|
|
update-release-assets:
|
|
name: Update Release Assets
|
|
runs-on: ubuntu-20.04
|
|
needs:
|
|
- setup
|
|
- linux
|
|
- windows-signed
|
|
- macos
|
|
env:
|
|
_TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
|
|
|
- name: Rename publish asset
|
|
run: |
|
|
curl \
|
|
-H "Authorization:token ${{ secrets.GITHUB_TOKEN }}" \
|
|
-H "Accept:application/vnd.github.v3+json" \
|
|
https://api.github.com/repos/$GITHUB_REPOSITORY/releases \
|
|
| jq -r " .[] | select( .tag_name == \"$_TAG_VERSION\")" > release.json
|
|
|
|
echo "=====RELEASE====="
|
|
echo Release:
|
|
#cat release.json
|
|
|
|
RELEASE_UPLOAD_URL=$(cat release.json | jq -r ' .upload_url ' | cut -d { -f 1)
|
|
cat release.json | jq -rc ' .assets[] | select( .name | test("latest.*[yml|json]")) | {name: .name, url: .url, content_type: .content_type}' > release_assets.jsonl
|
|
|
|
echo "=====ASSETS====="
|
|
echo Release Upload URL: $RELEASE_UPLOAD_URL
|
|
echo Release Assets:
|
|
cat release_assets.jsonl
|
|
|
|
while read -r asset; do
|
|
FILE_NAME=$(echo $asset | jq -r '.name')
|
|
FILE_URL=$(echo $asset | jq -r '.url')
|
|
FILE_ID=$(echo $asset | jq -r '.id')
|
|
echo "Asset name: $FILE_NAME"
|
|
echo "Asset url: $FILE_URL"
|
|
|
|
echo "Grabbing asset..."
|
|
curl \
|
|
-L -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
|
|
-H "Accept: application/octet-stream" \
|
|
$FILE_URL --output $FILE_NAME
|
|
|
|
NEW_FILE_SIZE=$(wc -c < $FILE_NAME | xargs)
|
|
echo "New file size: $NEW_FILE_SIZE"
|
|
echo "New file name: $FILE_NAME"
|
|
echo "================"
|
|
|
|
echo "Deleting remote asset..."
|
|
curl \
|
|
-X DELETE \
|
|
-H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
|
|
-H "accept: application/vnd.github.v3+json" \
|
|
$FILE_URL
|
|
|
|
echo "Pushing updated asset..."
|
|
curl \
|
|
-X POST \
|
|
-H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
|
|
-H "content-type: text/yaml" \
|
|
-H "content-length: $NEW_FILE_SIZE" \
|
|
--data-binary @$FILE_NAME \
|
|
"$RELEASE_UPLOAD_URL?name=prerelease-$FILE_NAME" --http1.1
|
|
done < release_assets.jsonl
|