From 750faf8a8337633d7d17b9c2062820f0bc79a452 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Fri, 24 Sep 2021 13:50:54 -0400 Subject: [PATCH] Update pipeline to new model (#1472) * Update pipelines to new model --- .github/scripts/android/build.ps1 | 13 - .github/scripts/android/clean-fdroid.ps1 | 69 --- .github/scripts/android/compile-fdroid.sh | 24 - .github/scripts/android/decrypt-secrets.ps1 | 22 - .github/scripts/android/deploy-play.ps1 | 9 - .github/scripts/android/increment-version.ps1 | 16 - .github/scripts/android/sign-fdroid.ps1 | 23 - .github/scripts/android/sign-play.ps1 | 42 -- .github/scripts/decrypt-secret.ps1 | 29 - .github/scripts/ios/build.ps1 | 29 - .github/scripts/ios/decrypt-secrets.ps1 | 9 - .github/scripts/ios/deploy-app-store.ps1 | 5 - .github/scripts/ios/export-ipa.ps1 | 13 - .github/scripts/ios/increment-version.ps1 | 26 - .github/scripts/ios/setup-keychain.ps1 | 13 - .github/scripts/ios/setup-profiles.ps1 | 21 - .github/workflows/build.yml | 504 ++++++++++++------ .github/workflows/release.yml | 143 ++++- 18 files changed, 469 insertions(+), 541 deletions(-) delete mode 100644 .github/scripts/android/build.ps1 delete mode 100644 .github/scripts/android/clean-fdroid.ps1 delete mode 100644 .github/scripts/android/compile-fdroid.sh delete mode 100644 .github/scripts/android/decrypt-secrets.ps1 delete mode 100644 .github/scripts/android/deploy-play.ps1 delete mode 100644 .github/scripts/android/increment-version.ps1 delete mode 100644 .github/scripts/android/sign-fdroid.ps1 delete mode 100644 .github/scripts/android/sign-play.ps1 delete mode 100644 .github/scripts/decrypt-secret.ps1 delete mode 100644 .github/scripts/ios/build.ps1 delete mode 100644 .github/scripts/ios/decrypt-secrets.ps1 delete mode 100644 .github/scripts/ios/deploy-app-store.ps1 delete mode 100644 .github/scripts/ios/export-ipa.ps1 delete mode 100644 .github/scripts/ios/increment-version.ps1 delete mode 100644 .github/scripts/ios/setup-keychain.ps1 delete mode 100644 .github/scripts/ios/setup-profiles.ps1 diff --git a/.github/scripts/android/build.ps1 b/.github/scripts/android/build.ps1 deleted file mode 100644 index 99a06ed0d..000000000 --- a/.github/scripts/android/build.ps1 +++ /dev/null @@ -1,13 +0,0 @@ -param ( - [Parameter(Mandatory=$true)] - [string] $configuration -) - -$rootPath = $env:GITHUB_WORKSPACE; -$androidPath = $($rootPath + "/src/Android/Android.csproj"); - -Write-Output "########################################" -Write-Output "##### Build $configuration Configuration" -Write-Output "########################################" - -msbuild "$($androidPath)" "/p:Configuration=$configuration" diff --git a/.github/scripts/android/clean-fdroid.ps1 b/.github/scripts/android/clean-fdroid.ps1 deleted file mode 100644 index 23a8221ed..000000000 --- a/.github/scripts/android/clean-fdroid.ps1 +++ /dev/null @@ -1,69 +0,0 @@ -$rootPath = $env:GITHUB_WORKSPACE; - -$androidPath = $($rootPath + "/src/Android/Android.csproj"); -$appPath = $($rootPath + "/src/App/App.csproj"); - -$androidManifest = $($rootPath + "/src/Android/Properties/AndroidManifest.xml"); - -Write-Output "########################################" -Write-Output "##### Clean Android and App" -Write-Output "########################################" - -msbuild "$($androidPath)" "/t:Clean" "/p:Configuration=FDroid" -msbuild "$($appPath)" "/t:Clean" "/p:Configuration=FDroid" - -Write-Output "########################################" -Write-Output "##### Backup project files" -Write-Output "########################################" - -Copy-Item $androidManifest $($androidManifest + ".original"); -Copy-Item $androidPath $($androidPath + ".original"); -Copy-Item $appPath $($appPath + ".original"); - -Write-Output "########################################" -Write-Output "##### Cleanup Android Manifest" -Write-Output "########################################" - -$xml=New-Object XML; -$xml.Load($androidManifest); - -$nsAndroid=New-Object System.Xml.XmlNamespaceManager($xml.NameTable); -$nsAndroid.AddNamespace("android", "http://schemas.android.com/apk/res/android"); - -$xml.Save($androidManifest); - -Write-Output "########################################" -Write-Output "##### Uninstall from Android.csproj" -Write-Output "########################################" - -$xml=New-Object XML; -$xml.Load($androidPath); - -$ns=New-Object System.Xml.XmlNamespaceManager($xml.NameTable); -$ns.AddNamespace("ns", $xml.DocumentElement.NamespaceURI); - -$firebaseNode=$xml.SelectSingleNode(` - "/ns:Project/ns:ItemGroup/ns:PackageReference[@Include='Xamarin.Firebase.Messaging']", $ns); -$firebaseNode.ParentNode.RemoveChild($firebaseNode); - -$daggerNode=$xml.SelectSingleNode(` - "/ns:Project/ns:ItemGroup/ns:PackageReference[@Include='Xamarin.Google.Dagger']", $ns); -$daggerNode.ParentNode.RemoveChild($daggerNode); - -$safetyNetNode=$xml.SelectSingleNode(` - "/ns:Project/ns:ItemGroup/ns:PackageReference[@Include='Xamarin.GooglePlayServices.SafetyNet']", $ns); -$safetyNetNode.ParentNode.RemoveChild($safetyNetNode); - -$xml.Save($androidPath); - -Write-Output "########################################" -Write-Output "##### Uninstall from App.csproj" -Write-Output "########################################" - -$xml=New-Object XML; -$xml.Load($appPath); - -$appCenterNode=$xml.SelectSingleNode("/Project/ItemGroup/PackageReference[@Include='Microsoft.AppCenter.Crashes']"); -$appCenterNode.ParentNode.RemoveChild($appCenterNode); - -$xml.Save($appPath); diff --git a/.github/scripts/android/compile-fdroid.sh b/.github/scripts/android/compile-fdroid.sh deleted file mode 100644 index a30d0e896..000000000 --- a/.github/scripts/android/compile-fdroid.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env bash - -cd $GITHUB_WORKSPACE -mkdir dist -cp CNAME ./dist -cd store -chmod 600 fdroid/config.py fdroid/keystore.jks -mkdir -p temp/fdroid -TEMP_DIR="$GITHUB_WORKSPACE/store/temp/fdroid" -cd fdroid -echo "keypass=\"$FDROID_STORE_KEYSTORE_PASSWORD\"" >>config.py -echo "keystorepass=\"$FDROID_STORE_KEYSTORE_PASSWORD\"" >>config.py -echo "local_copy_dir=\"$TEMP_DIR\"" >>config.py -mkdir -p repo -curl -Lo repo/com.x8bit.bitwarden-fdroid.apk \ -https://github.com/bitwarden/mobile/releases/download/$RELEASE_TAG_NAME/com.x8bit.bitwarden-fdroid.apk -fdroid update -fdroid server update -cd .. -rm -rf temp/fdroid/archive -mv -v temp/fdroid ../dist -cd fdroid -cp index.html btn.png qr.png ../../dist/fdroid -cd $GITHUB_WORKSPACE diff --git a/.github/scripts/android/decrypt-secrets.ps1 b/.github/scripts/android/decrypt-secrets.ps1 deleted file mode 100644 index 84fcc2b5a..000000000 --- a/.github/scripts/android/decrypt-secrets.ps1 +++ /dev/null @@ -1,22 +0,0 @@ -$rootPath = $env:GITHUB_WORKSPACE; - -$decryptSecretPath = $($rootPath + "/.github/scripts/decrypt-secret.ps1"); - -$appKeystorePlayFilename = "app_play-keystore.jks"; -$appKeystorePlayPath = $($rootPath + "/src/Android/$appKeystorePlayFilename"); -$appKeystoreUploadFilename = "app_upload-keystore.jks"; -$appKeystoreUploadPath = $($rootPath + "/src/Android/$appKeystoreUploadFilename"); -$appKeystoreFdroidFilename = "app_fdroid-keystore.jks"; -$appKeystoreFdroidPath = $($rootPath + "/src/Android/$appKeystoreFdroidFilename"); -$googleServicesFilename = "google-services.json"; -$googleServicesPath = $($rootPath + "/src/Android/$googleServicesFilename"); - -Invoke-Expression ` - "& `"$decryptSecretPath`" -filename $($appKeystorePlayFilename + ".gpg") -output $($appKeystorePlayPath)" -Invoke-Expression ` - "& `"$decryptSecretPath`" -filename $($appKeystoreUploadFilename + ".gpg") -output $($appKeystoreUploadPath)" -Invoke-Expression ` - "& `"$decryptSecretPath`" -filename $($appKeystoreFdroidFilename + ".gpg") -output $($appKeystoreFdroidPath)" -Invoke-Expression ` - "& `"$decryptSecretPath`" -filename $($googleServicesFilename + ".gpg") -output $($googleServicesPath)" -Invoke-Expression "& `"$decryptSecretPath`" -filename play_creds.json.gpg" diff --git a/.github/scripts/android/deploy-play.ps1 b/.github/scripts/android/deploy-play.ps1 deleted file mode 100644 index c1aafc225..000000000 --- a/.github/scripts/android/deploy-play.ps1 +++ /dev/null @@ -1,9 +0,0 @@ -$rootPath = $env:GITHUB_WORKSPACE; -$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path; - -$publisherPath = $($rootPath + "/store/google/Publisher/bin/Release/netcoreapp2.0/Publisher.dll"); -$credsPath = $($homePath + "/secrets/play_creds.json"); -$aabPath = $($rootPath + "/com.x8bit.bitwarden.aab"); -$track = "internal"; - -dotnet $publisherPath $credsPath $aabPath $track diff --git a/.github/scripts/android/increment-version.ps1 b/.github/scripts/android/increment-version.ps1 deleted file mode 100644 index 501c110b0..000000000 --- a/.github/scripts/android/increment-version.ps1 +++ /dev/null @@ -1,16 +0,0 @@ -$rootPath = $env:GITHUB_WORKSPACE; -$buildNumber = 3000 + [int]$env:GITHUB_RUN_NUMBER; - -Write-Output "########################################" -Write-Output "##### Setting Version Code $buildNumber" -Write-Output "########################################" - -$androidManifest = $($rootPath + "/src/Android/Properties/AndroidManifest.xml"); - -$xml=New-Object XML; -$xml.Load($androidManifest); - -$node=$xml.SelectNodes("/manifest"); -$node.SetAttribute("android:versionCode", [string]$buildNumber); - -$xml.Save($androidManifest); diff --git a/.github/scripts/android/sign-fdroid.ps1 b/.github/scripts/android/sign-fdroid.ps1 deleted file mode 100644 index 74077feb7..000000000 --- a/.github/scripts/android/sign-fdroid.ps1 +++ /dev/null @@ -1,23 +0,0 @@ -$rootPath = $env:GITHUB_WORKSPACE; - -$androidPath = $($rootPath + "/src/Android/Android.csproj"); - -$appKeystoreFdroidFilename = "app_fdroid-keystore.jks"; - -Write-Output "########################################" -Write-Output "##### Sign FDroid Configuration" -Write-Output "########################################" - -msbuild "$($androidPath)" "/t:SignAndroidPackage" "/p:Configuration=FDroid" "/p:AndroidKeyStore=true" ` - "/p:AndroidSigningKeyAlias=bitwarden" "/p:AndroidSigningKeyPass=$($env:FDROID_KEYSTORE_PASSWORD)" ` - "/p:AndroidSigningKeyStore=$($appKeystoreFdroidFilename)" ` - "/p:AndroidSigningStorePass=$($env:FDROID_KEYSTORE_PASSWORD)" "/v:quiet" - -Write-Output "########################################" -Write-Output "##### Copy FDroid apk to project root" -Write-Output "########################################" - -$signedApkPath = $($rootPath + "/src/Android/bin/FDroid/com.x8bit.bitwarden-Signed.apk"); -$signedApkDestPath = $($rootPath + "/com.x8bit.bitwarden-fdroid.apk"); - -Copy-Item $signedApkPath $signedApkDestPath diff --git a/.github/scripts/android/sign-play.ps1 b/.github/scripts/android/sign-play.ps1 deleted file mode 100644 index 9c1283cf1..000000000 --- a/.github/scripts/android/sign-play.ps1 +++ /dev/null @@ -1,42 +0,0 @@ -$rootPath = $env:GITHUB_WORKSPACE; - -$androidPath = $($rootPath + "/src/Android/Android.csproj"); - -$appKeystorePlayFilename = "app_play-keystore.jks"; -$appKeystoreUploadFilename = "app_upload-keystore.jks"; - -Write-Output "########################################" -Write-Output "##### Sign Google Play Bundle Release Configuration" -Write-Output "########################################" - -msbuild "$($androidPath)" "/t:SignAndroidPackage" "/p:Configuration=Release" "/p:AndroidKeyStore=true" ` - "/p:AndroidSigningKeyAlias=upload" "/p:AndroidSigningKeyPass=$($env:UPLOAD_KEYSTORE_PASSWORD)" ` - "/p:AndroidSigningKeyStore=$($appKeystoreUploadFilename)" ` - "/p:AndroidSigningStorePass=$($env:UPLOAD_KEYSTORE_PASSWORD)" "/p:AndroidPackageFormat=aab" "/v:quiet" - -Write-Output "########################################" -Write-Output "##### Copy Google Play Bundle to project root" -Write-Output "########################################" - -$signedAabPath = $($rootPath + "/src/Android/bin/Release/com.x8bit.bitwarden-Signed.aab"); -$signedAabDestPath = $($rootPath + "/com.x8bit.bitwarden.aab"); - -Copy-Item $signedAabPath $signedAabDestPath - -Write-Output "########################################" -Write-Output "##### Sign APK Release Configuration" -Write-Output "########################################" - -msbuild "$($androidPath)" "/t:SignAndroidPackage" "/p:Configuration=Release" "/p:AndroidKeyStore=true" ` - "/p:AndroidSigningKeyAlias=bitwarden" "/p:AndroidSigningKeyPass=$($env:PLAY_KEYSTORE_PASSWORD)" ` - "/p:AndroidSigningKeyStore=$($appKeystorePlayFilename)" ` - "/p:AndroidSigningStorePass=$($env:PLAY_KEYSTORE_PASSWORD)" "/v:quiet" - -Write-Output "########################################" -Write-Output "##### Copy Release APK to project root" -Write-Output "########################################" - -$signedApkPath = $($rootPath + "/src/Android/bin/Release/com.x8bit.bitwarden-Signed.apk"); -$signedApkDestPath = $($rootPath + "/com.x8bit.bitwarden.apk"); - -Copy-Item $signedApkPath $signedApkDestPath diff --git a/.github/scripts/decrypt-secret.ps1 b/.github/scripts/decrypt-secret.ps1 deleted file mode 100644 index b5251d533..000000000 --- a/.github/scripts/decrypt-secret.ps1 +++ /dev/null @@ -1,29 +0,0 @@ -param ( - [Parameter(Mandatory=$true)] - [string] $filename, - [string] $output -) - -$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path -$rootPath = $env:GITHUB_WORKSPACE - -$secretInputPath = $rootPath + "/.github/secrets" -$input = $secretInputPath + "/" + $filename - -$passphrase = $env:DECRYPT_FILE_PASSWORD -$secretOutputPath = $homePath + "/secrets" - -if ([string]::IsNullOrEmpty($output)) { - if ($filename.EndsWith(".gpg")) { - $output = $secretOutputPath + "/" + $filename.TrimEnd(".gpg") - } else { - $output = $secretOutputPath + "/" + $filename + ".plaintext" - } -} - -if (!(Test-Path -Path $secretOutputPath)) -{ - New-Item -ItemType Directory -Path $secretOutputPath -} - -gpg --quiet --batch --yes --decrypt --passphrase="$passphrase" --output $output $input diff --git a/.github/scripts/ios/build.ps1 b/.github/scripts/ios/build.ps1 deleted file mode 100644 index 843a2d753..000000000 --- a/.github/scripts/ios/build.ps1 +++ /dev/null @@ -1,29 +0,0 @@ -param ( - [Parameter(Mandatory=$true)] - [string] $configuration, - [string] $platform = "iPhone", - [switch] $archive -) - -$rootPath = $env:GITHUB_WORKSPACE; -$iosPath = $($rootPath + "/src/iOS/iOS.csproj"); - -if ($archive) -{ - Write-Output "########################################" - Write-Output "##### Archive $configuration Configuration for $platform Platform" - Write-Output "########################################" - msbuild "$($iosPath)" "/p:Platform=$platform" "/p:Configuration=$configuration" ` - "/p:ArchiveOnBuild=true" "/t:`"Build`"" - - Write-Output "########################################" - Write-Output "##### Done" - Write-Output "########################################" - ls ~/Library/Developer/Xcode/Archives -} else -{ - Write-Output "########################################" - Write-Output "##### Build $configuration Configuration for $platform Platform" - Write-Output "########################################" - msbuild "$($iosPath)" "/p:Platform=$platform" "/p:Configuration=$configuration" "/t:`"Build`"" -} diff --git a/.github/scripts/ios/decrypt-secrets.ps1 b/.github/scripts/ios/decrypt-secrets.ps1 deleted file mode 100644 index 132db33c4..000000000 --- a/.github/scripts/ios/decrypt-secrets.ps1 +++ /dev/null @@ -1,9 +0,0 @@ -$rootPath = $env:GITHUB_WORKSPACE; - -$decryptSecretPath = $($rootPath + "/.github/scripts/decrypt-secret.ps1"); - -Invoke-Expression "& `"$decryptSecretPath`" -filename bitwarden-mobile-key.p12.gpg" -Invoke-Expression "& `"$decryptSecretPath`" -filename iphone-distribution-cert.p12.gpg" -Invoke-Expression "& `"$decryptSecretPath`" -filename dist_autofill.mobileprovision.gpg" -Invoke-Expression "& `"$decryptSecretPath`" -filename dist_bitwarden.mobileprovision.gpg" -Invoke-Expression "& `"$decryptSecretPath`" -filename dist_extension.mobileprovision.gpg" diff --git a/.github/scripts/ios/deploy-app-store.ps1 b/.github/scripts/ios/deploy-app-store.ps1 deleted file mode 100644 index f669599d3..000000000 --- a/.github/scripts/ios/deploy-app-store.ps1 +++ /dev/null @@ -1,5 +0,0 @@ -$rootPath = $env:GITHUB_WORKSPACE; -$ipaPath = "$rootPath/bitwarden-export/Bitwarden.ipa" - -xcrun altool --upload-app --type ios --file "$ipaPath" ` - --username "$env:APPLE_ID_USERNAME" --password "$env:APPLE_ID_PASSWORD" diff --git a/.github/scripts/ios/export-ipa.ps1 b/.github/scripts/ios/export-ipa.ps1 deleted file mode 100644 index 5dcc885ab..000000000 --- a/.github/scripts/ios/export-ipa.ps1 +++ /dev/null @@ -1,13 +0,0 @@ -param ( - [Parameter(Mandatory=$true)] - [string] $method -) - -$rootPath = $env:GITHUB_WORKSPACE; -$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path - -$exportOptionsPath = "$rootPath/.github/resources/export-options-$method.plist"; -$archivePath = "$homePath/Library/Developer/Xcode/Archives/*/*.xcarchive"; -$exportPath = "$rootPath/bitwarden-export"; - -xcodebuild -exportArchive -archivePath $archivePath -exportPath $exportPath -exportOptionsPlist $exportOptionsPath diff --git a/.github/scripts/ios/increment-version.ps1 b/.github/scripts/ios/increment-version.ps1 deleted file mode 100644 index e72860a3c..000000000 --- a/.github/scripts/ios/increment-version.ps1 +++ /dev/null @@ -1,26 +0,0 @@ -$rootPath = $env:GITHUB_WORKSPACE; -$buildNumber = 100 + [int]$env:GITHUB_RUN_NUMBER; - -$bitwardenInfo = $($rootPath + "/src/iOS/Info.plist"); -$extensionInfo = $($rootPath + "/src/iOS.Extension/Info.plist"); -$autofillInfo = $($rootPath + "/src/iOS.Autofill/Info.plist"); - -Write-Output "########################################" -Write-Output "##### Setting CFBundleVersion $buildNumber" -Write-Output "########################################" - -function Update-Version($file) { - $xml=New-Object XML; - $xml.Load($file); - - Select-Xml -xml $xml -XPath "//dict/key[. = 'CFBundleVersion']/following-sibling::string[1]" | - %{ - $_.Node.InnerXml = $buildNumber - } - - $xml.Save($file); -} - -Update-Version $bitwardenInfo -Update-Version $extensionInfo -Update-Version $autofillInfo diff --git a/.github/scripts/ios/setup-keychain.ps1 b/.github/scripts/ios/setup-keychain.ps1 deleted file mode 100644 index de03df8a1..000000000 --- a/.github/scripts/ios/setup-keychain.ps1 +++ /dev/null @@ -1,13 +0,0 @@ -$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path; -$secretsPath = $homePath + "/secrets" - -$mobileKeyPath = $($secretsPath + "/bitwarden-mobile-key.p12"); -$distCertPath = $($secretsPath + "/iphone-distribution-cert.p12"); - -security create-keychain -p $env:KEYCHAIN_PASSWORD build.keychain -security default-keychain -s build.keychain -security unlock-keychain -p $env:KEYCHAIN_PASSWORD build.keychain -security set-keychain-settings -lut 1200 build.keychain -security import $mobileKeyPath -k build.keychain -P $env:MOBILE_KEY_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -security import $distCertPath -k build.keychain -P $env:DIST_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $env:KEYCHAIN_PASSWORD build.keychain diff --git a/.github/scripts/ios/setup-profiles.ps1 b/.github/scripts/ios/setup-profiles.ps1 deleted file mode 100644 index 7bd01169e..000000000 --- a/.github/scripts/ios/setup-profiles.ps1 +++ /dev/null @@ -1,21 +0,0 @@ -$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path; -$secretsPath = $homePath + "/secrets" - -$autofillProfilePath = $($secretsPath + "/dist_autofill.mobileprovision"); -$bitwardenProfilePath = $($secretsPath + "/dist_bitwarden.mobileprovision"); -$extensionProfilePath = $($secretsPath + "/dist_extension.mobileprovision"); -$profilesDirPath = "~/Library/MobileDevice/Provisioning Profiles" - -if (!(Test-Path -Path $profilesDirPath)) -{ - New-Item -ItemType Directory -Path $profilesDirPath -} - -$autofill_uuid = grep UUID -A1 -a $autofillProfilePath | grep -io "[-A-F0-9]\{36\}" -Copy-Item $autofillProfilePath -destination "$profilesDirPath/$autofill_uuid.mobileprovision" - -$bitwarden_uuid = grep UUID -A1 -a $bitwardenProfilePath | grep -io "[-A-F0-9]\{36\}" -Copy-Item $bitwardenProfilePath -destination "$profilesDirPath/$bitwarden_uuid.mobileprovision" - -$extension_uuid = grep UUID -A1 -a $extensionProfilePath | grep -io "[-A-F0-9]\{36\}" -Copy-Item $extensionProfilePath -destination "$profilesDirPath/$extension_uuid.mobileprovision" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b136432c5..c747742bf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,21 +6,16 @@ on: branches-ignore: - 'l10n_master' - 'gh-pages' - release: - types: - - published jobs: - cloc: name: CLOC - runs-on: ubuntu-latest - + runs-on: ubuntu-20.04 steps: - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - - name: Set up cloc + - name: Set up CLOC run: | sudo apt-get update sudo apt-get -y install cloc @@ -30,11 +25,10 @@ jobs: android: name: Android - runs-on: windows-latest - + runs-on: windows-2019 steps: - name: Set up MSBuild - uses: microsoft/setup-msbuild@c26a08ba26249b81327e26f6ef381897b6a8754d + uses: microsoft/setup-msbuild@c26a08ba26249b81327e26f6ef381897b6a8754d # v1 - name: Print environment run: | @@ -43,179 +37,300 @@ jobs: dotnet --info echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" - env: - GITHUB_REF: ${{ github.ref }} - GITHUB_EVENT: ${{ github.event_name }} - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Decrypt secrets - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - run: ./.github/scripts/android/decrypt-secrets.ps1 - shell: pwsh env: DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + run: | + mkdir -p ~/secrets + + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output ./src/Android/app_play-keystore.jks ./.github/secrets/app_play-keystore.jks.gpg + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output ./src/Android/app_upload-keystore.jks ./.github/secrets/app_upload-keystore.jks.gpg + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output ./src/Android/google-services.json ./.github/secrets/google-services.json.gpg + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output $HOME/secrets/play_creds.json ./.github/secrets/play_creds.json.gpg + shell: bash - name: Increment version - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - run: ./.github/scripts/android/increment-version.ps1 - shell: pwsh + run: | + BUILD_NUMBER=$((3000 + $GITHUB_RUN_NUMBER)) + + echo "########################################" + echo "##### Setting Version Code $BUILD_NUMBER" + echo "########################################" + + sed "s/android:versionCode=\"1\"/android:versionCode=\"$BUILD_NUMBER\"/" \ + ./src/Android/Properties/AndroidManifest.xml + shell: bash - name: Restore packages run: nuget restore - - name: Run Core Tests + - name: Run Core tests run: dotnet test test/Core.Test/Core.Test.csproj - name: Build Play Store publisher run: dotnet build ./store/google/Publisher/Publisher.csproj -p:Configuration=Release - name: Build for Play Store - run: ./.github/scripts/android/build.ps1 -configuration Release + run: | + $configuration = "Release"; + + Write-Output "########################################" + Write-Output "##### Build $configuration Configuration" + Write-Output "########################################" + + msbuild "$($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj")" "/p:Configuration=$configuration" shell: pwsh - name: Sign for Play Store - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - run: ./.github/scripts/android/sign-play.ps1 - shell: pwsh env: PLAY_KEYSTORE_PASSWORD: ${{ secrets.PLAY_KEYSTORE_PASSWORD }} UPLOAD_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_KEYSTORE_PASSWORD }} + run: | + $androidPath = $($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj"); + + Write-Output "########################################" + Write-Output "##### Sign Google Play Bundle Release Configuration" + Write-Output "########################################" + + msbuild "$($androidPath)" "/t:SignAndroidPackage" "/p:Configuration=Release" "/p:AndroidKeyStore=true" ` + "/p:AndroidSigningKeyAlias=upload" "/p:AndroidSigningKeyPass=$($env:UPLOAD_KEYSTORE_PASSWORD)" ` + "/p:AndroidSigningKeyStore=$("app_upload-keystore.jks")" ` + "/p:AndroidSigningStorePass=$($env:UPLOAD_KEYSTORE_PASSWORD)" "/p:AndroidPackageFormat=aab" "/v:quiet" + + Write-Output "########################################" + Write-Output "##### Copy Google Play Bundle to project root" + Write-Output "########################################" + + $signedAabPath = $($env:GITHUB_WORKSPACE + "/src/Android/bin/Release/com.x8bit.bitwarden-Signed.aab"); + $signedAabDestPath = $($env:GITHUB_WORKSPACE + "/com.x8bit.bitwarden.aab"); + + Copy-Item $signedAabPath $signedAabDestPath + + Write-Output "########################################" + Write-Output "##### Sign APK Release Configuration" + Write-Output "########################################" + + msbuild "$($androidPath)" "/t:SignAndroidPackage" "/p:Configuration=Release" "/p:AndroidKeyStore=true" ` + "/p:AndroidSigningKeyAlias=bitwarden" "/p:AndroidSigningKeyPass=$($env:PLAY_KEYSTORE_PASSWORD)" ` + "/p:AndroidSigningKeyStore=$("app_play-keystore.jks")" ` + "/p:AndroidSigningStorePass=$($env:PLAY_KEYSTORE_PASSWORD)" "/v:quiet" + + Write-Output "########################################" + Write-Output "##### Copy Release APK to project root" + Write-Output "########################################" + + $signedApkPath = $($env:GITHUB_WORKSPACE + "/src/Android/bin/Release/com.x8bit.bitwarden-Signed.apk"); + $signedApkDestPath = $($env:GITHUB_WORKSPACE + "/com.x8bit.bitwarden.apk"); + + Copy-Item $signedApkPath $signedApkDestPath + shell: pwsh - name: Upload Play Store .aab artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.4 with: name: com.x8bit.bitwarden.aab path: ./com.x8bit.bitwarden.aab + if-no-files-found: error - name: Upload Play Store .apk artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.4 with: name: com.x8bit.bitwarden.apk path: ./com.x8bit.bitwarden.apk + if-no-files-found: error + + - name: Check if RC branch exists + id: rc-branch-check + run: | + if [[ $(git ls-remote --heads origin rc) ]]; then + echo "::set-output name=branch_exists::1" + else + echo "::set-output name=branch_exists::0" + fi + shell: bash + + - name: Deploy to Play Store + if: | + (github.ref == 'refs/heads/master' && steps.rc-branch-check.outputs.branch_exists == 0) + || github.ref == 'refs/heads/rc' + run: | + PUBLISHER_PATH="./store/google/Publisher/bin/Release/netcoreapp2.0/Publisher.dll" + CREDS_PATH="$HOME/secrets/play_creds.json" + AAB_PATH="./com.x8bit.bitwarden.aab" + TRACK="internal" + + dotnet $PUBLISHER_PATH $CREDS_PATH $AAB_PATH $TRACK + shell: bash + + + f-droid: + name: F-Droid Build + runs-on: windows-2019 + steps: + - name: Set up MSBuild + uses: microsoft/setup-msbuild@c26a08ba26249b81327e26f6ef381897b6a8754d # v1 + + - name: Print environment + run: | + nuget help | grep Version + msbuild -version + dotnet --info + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + + - name: Decrypt secrets + env: + DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + run: | + mkdir -p ~/secrets + + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output ./src/Android/app_fdroid-keystore.jks ./.github/secrets/app_fdroid-keystore.jks.gpg + shell: bash + + - name: Increment version + run: | + BUILD_NUMBER=$((3000 + $GITHUB_RUN_NUMBER)) + + echo "########################################" + echo "##### Setting Version Code $BUILD_NUMBER" + echo "########################################" + + sed "s/android:versionCode=\"1\"/android:versionCode=\"$BUILD_NUMBER\"/" \ + ./src/Android/Properties/AndroidManifest.xml + shell: bash - name: Clean for F-Droid - run: ./.github/scripts/android/clean-fdroid.ps1 + run: | + $androidPath = $($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj"); + $appPath = $($env:GITHUB_WORKSPACE + "/src/App/App.csproj"); + + $androidManifest = $($env:GITHUB_WORKSPACE + "/src/Android/Properties/AndroidManifest.xml"); + + Write-Output "########################################" + Write-Output "##### Clean Android and App" + Write-Output "########################################" + + msbuild "$($androidPath)" "/t:Clean" "/p:Configuration=FDroid" + msbuild "$($appPath)" "/t:Clean" "/p:Configuration=FDroid" + + Write-Output "########################################" + Write-Output "##### Backup project files" + Write-Output "########################################" + + Copy-Item $androidManifest $($androidManifest + ".original"); + Copy-Item $androidPath $($androidPath + ".original"); + Copy-Item $appPath $($appPath + ".original"); + + Write-Output "########################################" + Write-Output "##### Cleanup Android Manifest" + Write-Output "########################################" + + $xml=New-Object XML; + $xml.Load($androidManifest); + + $nsAndroid=New-Object System.Xml.XmlNamespaceManager($xml.NameTable); + $nsAndroid.AddNamespace("android", "http://schemas.android.com/apk/res/android"); + + $xml.Save($androidManifest); + + Write-Output "########################################" + Write-Output "##### Uninstall from Android.csproj" + Write-Output "########################################" + + $xml=New-Object XML; + $xml.Load($androidPath); + + $ns=New-Object System.Xml.XmlNamespaceManager($xml.NameTable); + $ns.AddNamespace("ns", $xml.DocumentElement.NamespaceURI); + + $firebaseNode=$xml.SelectSingleNode(` + "/ns:Project/ns:ItemGroup/ns:PackageReference[@Include='Xamarin.Firebase.Messaging']", $ns); + $firebaseNode.ParentNode.RemoveChild($firebaseNode); + + $daggerNode=$xml.SelectSingleNode(` + "/ns:Project/ns:ItemGroup/ns:PackageReference[@Include='Xamarin.Google.Dagger']", $ns); + $daggerNode.ParentNode.RemoveChild($daggerNode); + + $safetyNetNode=$xml.SelectSingleNode(` + "/ns:Project/ns:ItemGroup/ns:PackageReference[@Include='Xamarin.GooglePlayServices.SafetyNet']", $ns); + $safetyNetNode.ParentNode.RemoveChild($safetyNetNode); + + $xml.Save($androidPath); + + Write-Output "########################################" + Write-Output "##### Uninstall from App.csproj" + Write-Output "########################################" + + $xml=New-Object XML; + $xml.Load($appPath); + + $appCenterNode=$xml.SelectSingleNode("/Project/ItemGroup/PackageReference[@Include='Microsoft.AppCenter.Crashes']"); + $appCenterNode.ParentNode.RemoveChild($appCenterNode); + + $xml.Save($appPath); shell: pwsh - name: Restore packages run: nuget restore - name: Build for F-Droid - run: ./.github/scripts/android/build.ps1 -configuration FDroid + run: | + $configuration = "FDroid"; + + Write-Output "########################################" + Write-Output "##### Build $configuration Configuration" + Write-Output "########################################" + + msbuild "$($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj")" "/p:Configuration=$configuration" shell: pwsh - name: Sign for F-Droid - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - run: ./.github/scripts/android/sign-fdroid.ps1 - shell: pwsh env: FDROID_KEYSTORE_PASSWORD: ${{ secrets.FDROID_KEYSTORE_PASSWORD }} + run: | + Write-Output "########################################" + Write-Output "##### Sign FDroid Configuration" + Write-Output "########################################" + + msbuild "$($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj")" ` + "/t:SignAndroidPackage" "/p:Configuration=FDroid" "/p:AndroidKeyStore=true" ` + "/p:AndroidSigningKeyAlias=bitwarden" "/p:AndroidSigningKeyPass=$($env:FDROID_KEYSTORE_PASSWORD)" ` + "/p:AndroidSigningKeyStore=$("app_fdroid-keystore.jks")" ` + "/p:AndroidSigningStorePass=$($env:FDROID_KEYSTORE_PASSWORD)" "/v:quiet" + + Write-Output "########################################" + Write-Output "##### Copy FDroid apk to project root" + Write-Output "########################################" + + $signedApkPath = $($env:GITHUB_WORKSPACE + "/src/Android/bin/FDroid/com.x8bit.bitwarden-Signed.apk"); + $signedApkDestPath = $($env:GITHUB_WORKSPACE + "/com.x8bit.bitwarden-fdroid.apk"); + + Copy-Item $signedApkPath $signedApkDestPath + shell: pwsh - name: Upload F-Droid .apk artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.4 with: name: com.x8bit.bitwarden-fdroid.apk path: ./com.x8bit.bitwarden-fdroid.apk + if-no-files-found: error - - name: Deploy to Play Store - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - run: ./.github/scripts/android/deploy-play.ps1 - shell: pwsh - - - name: Upload release assets - if: github.event_name == 'release' - run: | - hub release edit ` - -a ./com.x8bit.bitwarden.aab ` - -a ./com.x8bit.bitwarden.apk ` - -a ./com.x8bit.bitwarden-fdroid.apk ` - -m "Version $($env:RELEASE_TAG_NAME.TrimStart('v'))" ` - $env:RELEASE_TAG_NAME - shell: pwsh - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} - - android-ubuntu: - name: Android Ubuntu - runs-on: ubuntu-latest - needs: android - - steps: - - name: Set up Node - if: github.event_name == 'release' - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea - with: - node-version: '10.x' - - - name: Set up F-Droid server - if: github.event_name == 'release' - run: | - sudo apt-get -qq update - sudo apt-get -qqy install --no-install-recommends fdroidserver wget - - - name: Set up git credentials - if: github.event_name == 'release' - env: - ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} - run: | - git config --global credential.helper store - echo "https://${ACCESS_TOKEN}:x-oauth-basic@github.com" >> ~/.git-credentials - git config --global user.email "ci@bitwarden.com" - git config --global user.name "Bitwarden CI" - - - name: Print environment - if: github.event_name == 'release' - run: | - node --version - npm --version - git --version - Write-Output "GitHub ref: $env:GITHUB_REF" - Write-Output "GitHub event: $env:GITHUB_EVENT" - shell: pwsh - env: - GITHUB_REF: ${{ github.ref }} - GITHUB_EVENT: ${{ github.event_name }} - - - name: Checkout repo - if: github.event_name == 'release' - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - - name: Install Node dependencies - if: github.event_name == 'release' - run: npm install - - - name: Decrypt secrets - if: github.event_name == 'release' - run: | - ./.github/scripts/decrypt-secret.ps1 -filename store_fdroid-keystore.jks.gpg ` - -output ./store/fdroid/keystore.jks - shell: pwsh - env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} - - - name: Compile for F-Droid Store - if: github.event_name == 'release' - run: | - sudo chmod +x ./.github/scripts/android/compile-fdroid.sh - ./.github/scripts/android/compile-fdroid.sh - env: - FDROID_STORE_KEYSTORE_PASSWORD: ${{ secrets.FDROID_STORE_KEYSTORE_PASSWORD }} - RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} - - - name: Deploy to gh-pages - if: github.event_name == 'release' - run: npm run deploy ios: name: Apple iOS - runs-on: macos-latest - + runs-on: macos-10.15 steps: - name: Print environment run: | @@ -224,77 +339,132 @@ jobs: dotnet --info echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" - env: - GITHUB_REF: ${{ github.ref }} - GITHUB_EVENT: ${{ github.event_name }} - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Decrypt secrets - run: ./.github/scripts/ios/decrypt-secrets.ps1 - shell: pwsh env: DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + run: | + mkdir -p ~/secrets + + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output $HOME/secrets/bitwarden-mobile-key.p12 ./.github/secrets/bitwarden-mobile-key.p12.gpg + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output $HOME/secrets/iphone-distribution-cert.p12 ./.github/secrets/iphone-distribution-cert.p12.gpg + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output $HOME/secrets/dist_autofill.mobileprovision ./.github/secrets/dist_autofill.mobileprovision.gpg + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output $HOME/secrets/dist_bitwarden.mobileprovision ./.github/secrets/dist_bitwarden.mobileprovision.gpg + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output $HOME/secrets/dist_extension.mobileprovision ./.github/secrets/dist_extension.mobileprovision.gpg + shell: bash - name: Increment version - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - run: ./.github/scripts/ios/increment-version.ps1 - shell: pwsh + run: | + BUILD_NUMBER=$((100 + $GITHUB_RUN_NUMBER)) - - name: Set up keychain - run: ./.github/scripts/ios/setup-keychain.ps1 - shell: pwsh + echo "########################################" + echo "##### Setting CFBundleVersion $BUILD_NUMBER" + echo "########################################" + + perl -0777 -pi.bak -e 's/CFBundleVersion<\/key>\s*1<\/string>/CFBundleVersion<\/key>\n\t'"$BUILD_NUMBER"'<\/string>/' ./src/iOS/Info.plist + perl -0777 -pi.bak -e 's/CFBundleVersion<\/key>\s*1<\/string>/CFBundleVersion<\/key>\n\t'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Extension/Info.plist + perl -0777 -pi.bak -e 's/CFBundleVersion<\/key>\s*1<\/string>/CFBundleVersion<\/key>\n\t'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Autofill/Info.plist + shell: bash + + - name: Set up Keychain env: KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }} MOBILE_KEY_PASSWORD: ${{ secrets.IOS_KEY_PASSWORD }} DIST_CERT_PASSWORD: ${{ secrets.IOS_DIST_CERT_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain + security set-keychain-settings -lut 1200 build.keychain + security import ~/secrets/bitwarden-mobile-key.p12 -k build.keychain -P $MOBILE_KEY_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security + security import ~/secrets/iphone-distribution-cert.p12 -k build.keychain -P $DIST_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain + shell: bash - name: Set up provisioning profiles - run: ./.github/scripts/ios/setup-profiles.ps1 - shell: pwsh + run: | + AUTOFILL_PROFILE_PATH=$HOME/secrets/dist_autofill.mobileprovision + BITWARDEN_PROFILE_PATH=$HOME/secrets/dist_bitwarden.mobileprovision + EXTENSION_PROFILE_PATH=$HOME/secrets/dist_extension.mobileprovision + PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles + + mkdir -p "$PROFILES_DIR_PATH" + + AUTOFILL_UUID=$(grep UUID -A1 -a $AUTOFILL_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}") + cp $AUTOFILL_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTOFILL_UUID.mobileprovision" + + BITWARDEN_UUID=$(grep UUID -A1 -a $BITWARDEN_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}") + cp $BITWARDEN_PROFILE_PATH "$PROFILES_DIR_PATH/$BITWARDEN_UUID.mobileprovision" + + EXTENSION_UUID=$(grep UUID -A1 -a $EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}") + cp $EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$EXTENSION_UUID.mobileprovision" + shell: bash - name: Restore packages run: nuget restore - name: Archive Build for App Store - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - run: ./.github/scripts/ios/build.ps1 -configuration AppStore -platform iPhone -archive - shell: pwsh + run: | + $configuration = "AppStore"; + $platform = "iPhone"; - - name: Build for App Store - if: github.ref != 'refs/heads/master' - run: ./.github/scripts/ios/build.ps1 -configuration AppStore -platform iPhone + Write-Output "########################################" + Write-Output "##### Archive $configuration Configuration for $platform Platform" + Write-Output "########################################" + msbuild "$($env:GITHUB_WORKSPACE + "/src/iOS/iOS.csproj")" "/p:Platform=$platform" ` + "/p:Configuration=$configuration" "/p:ArchiveOnBuild=true" "/t:`"Build`"" + + Write-Output "########################################" + Write-Output "##### Done" + Write-Output "########################################" + ls ~/Library/Developer/Xcode/Archives shell: pwsh - name: Export .ipa for App Store - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - run: ./.github/scripts/ios/export-ipa.ps1 -method app-store - shell: pwsh + run: | + EXPORT_OPTIONS_PATH="./.github/resources/export-options-app-store.plist" + ARCHIVE_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive" + EXPORT_PATH="./bitwarden-export" + + xcodebuild -exportArchive -archivePath $ARCHIVE_PATH -exportPath $EXPORT_PATH \ + -exportOptionsPlist $EXPORT_OPTIONS_PATH + shell: bash - name: Upload App Store .ipa artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.4 with: name: Bitwarden.ipa path: ./bitwarden-export/Bitwarden.ipa + if-no-files-found: error + + - name: Check if RC branch exists + id: rc-branch-check + run: | + if [[ $(git ls-remote --heads origin rc) ]]; then + echo "::set-output name=branch_exists::1" + else + echo "::set-output name=branch_exists::0" + fi + shell: bash - name: Deploy to App Store - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - run: ./.github/scripts/ios/deploy-app-store.ps1 - shell: pwsh + if: | + (github.ref == 'refs/heads/master' && steps.rc-branch-check.outputs.branch_exists == 0) + || github.ref == 'refs/heads/rc' env: APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - - - name: Upload release assets - if: github.event_name == 'release' run: | - hub release edit ` - -a ./bitwarden-export/Bitwarden.ipa ` - -m "Version $($env:RELEASE_TAG_NAME.TrimStart('v'))" ` - $env:RELEASE_TAG_NAME - shell: pwsh - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} + xcrun altool --upload-app --type ios --file "./Bitwarden.ipa" \ + --username "$APPLE_ID_USERNAME" --password "$APPLE_ID_PASSWORD" + shell: bash diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cdd5a093b..9fe6cd577 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,19 +5,140 @@ on: workflow_dispatch: jobs: - - cloc: - name: CLOC - runs-on: ubuntu-latest - + release: + name: Create Release + runs-on: ubuntu-20.04 steps: - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + with: + ref: rc - - name: Set up cloc + - name: Retrieve Mobile release version + id: retrieve-mobile-version run: | - sudo apt-get update - sudo apt-get -y install cloc + ver=$(sed -n -e '/android:versionName/ s/.*\= *//p' ./src/Android/Properties/AndroidManifest.xml | tr -d '"') + echo "::set-output name=mobile_version::${ver}" + shell: bash - - name: Print lines of code - run: cloc --vcs git --exclude-dir Resources,store,test,Properties --include-lang C#,XAML + - name: Check to make sure Mobile release version has been bumped + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + latest_ver=$(hub release -L 1 -f '%T') + latest_ver=${latest_ver:1} + echo "Latest version: $latest_ver" + ver=${{ steps.retrieve-mobile-version.outputs.mobile_version }} + echo "Version: $ver" + if [ "$latest_ver" = "$ver" ]; then + echo "Version has not been bumped!" + exit 1 + fi + shell: bash + + - name: Download all artifacts + uses: dawidd6/action-download-artifact@b9571484721e8187f1fd08147b497129f8972c74 # v2.14.0 + with: + workflow: build.yml + workflow_conclusion: success + branch: rc + + - name: Create release + uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09 # v2.8.5 + with: + artifacts: "./com.x8bit.bitwarden.aab/com.x8bit.bitwarden.aab, + ./com.x8bit.bitwarden.apk/com.x8bit.bitwarden.apk, + ./com.x8bit.bitwarden-fdroid.apk/com.x8bit.bitwarden-fdroid.apk, + ./Bitwarden.ipa/Bitwarden.ipa" + commit: ${{ github.sha }} + tag: v${{ steps.retrieve-mobile-version.outputs.mobile_version }} + name: Test Version ${{ steps.retrieve-mobile-version.outputs.mobile_version }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + + + f-droid: + name: F-Droid Release + runs-on: ubuntu-20.04 + needs: release + steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + with: + ref: rc + + - name: Download F-Droid .apk artifact + uses: dawidd6/action-download-artifact@b9571484721e8187f1fd08147b497129f8972c74 # v2.14.0 + with: + workflow: build.yml + workflow_conclusion: success + branch: rc + name: com.x8bit.bitwarden-fdroid.apk + + - name: Set up Node + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.3.0 + with: + node-version: '10.x' + + - name: Set up F-Droid server + run: | + sudo apt-get -qq update + sudo apt-get -qqy install --no-install-recommends fdroidserver wget + + - name: Set up Git credentials + env: + ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} + run: | + git config --global credential.helper store + echo "https://${ACCESS_TOKEN}:x-oauth-basic@github.com" >> ~/.git-credentials + git config --global user.email "ci@bitwarden.com" + git config --global user.name "Bitwarden CI" + + - name: Print environment + run: | + node --version + npm --version + git --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Install Node dependencies + run: npm install + + - name: Decrypt secrets + env: + DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + run: | + mkdir -p ~/secrets + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output ./store/fdroid/keystore.jks ./.github/secrets/store_fdroid-keystore.jks.gpg + + - name: Compile for F-Droid Store + env: + FDROID_STORE_KEYSTORE_PASSWORD: ${{ secrets.FDROID_STORE_KEYSTORE_PASSWORD }} + run: | + cd $GITHUB_WORKSPACE + mkdir dist + cp CNAME ./dist + cd store + chmod 600 fdroid/config.py fdroid/keystore.jks + mkdir -p temp/fdroid + TEMP_DIR="$GITHUB_WORKSPACE/store/temp/fdroid" + cd fdroid + echo "keypass=\"$FDROID_STORE_KEYSTORE_PASSWORD\"" >>config.py + echo "keystorepass=\"$FDROID_STORE_KEYSTORE_PASSWORD\"" >>config.py + echo "local_copy_dir=\"$TEMP_DIR\"" >>config.py + mkdir -p repo + mv $GITHUB_WORKSPACE/com.x8bit.bitwarden-fdroid.apk ./repo/ + fdroid update + fdroid server update + cd .. + rm -rf temp/fdroid/archive + mv -v temp/fdroid ../dist + cd fdroid + cp index.html btn.png qr.png ../../dist/fdroid + cd $GITHUB_WORKSPACE + + - name: Deploy to gh-pages + run: npm run deploy