From 850a7e754aa5f4ef8bbd763d7286b8dfe1eb6896 Mon Sep 17 00:00:00 2001
From: Vince Grassia <593223+vgrassia@users.noreply.github.com>
Date: Tue, 27 Feb 2024 20:18:24 +0000
Subject: [PATCH] DEVOPS-1834 - Apply fix for signing issue (#3038)
---
.github/workflows/build.yml | 107 +++++++++++++-----------
store/google/Publisher/Publisher.csproj | 4 +-
2 files changed, 58 insertions(+), 53 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8c3301566..a0dfceeda 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -67,7 +67,8 @@ jobs:
matrix:
variant: ["prod", "qa"]
env:
- android_folder_path: src/App/Platforms/Android
+ android_folder_path: src\App\Platforms\Android
+ android_folder_path_bash: src/App/Platforms/Android
steps:
- name: Setup NuGet
uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0
@@ -77,9 +78,7 @@ jobs:
- name: Set up .NET
uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
with:
- dotnet-version: |
- 3.1.x
- 8.0.x
+ dotnet-version: '8.0.x'
- name: Set up MSBuild
uses: microsoft/setup-msbuild@ede762b26a2de8d110bb5a3db4d7e0e080c0e917 # v1.3.3
@@ -95,7 +94,8 @@ jobs:
- name: Install Microsoft OpenJDK 11
run: |
choco install microsoft-openjdk11 --no-progress
- Write-Output "JAVA_HOME=$(Get-ChildItem -Path 'C:\Program Files\Microsoft\jdk*' | Select -First 1 -ExpandProperty FullName)" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+ Write-Output "JAVA_HOME=$(Get-ChildItem -Path 'C:\Program Files\Microsoft\jdk*' | `
+ Select -First 1 -ExpandProperty FullName)" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
Write-Output "Java Home: $env:JAVA_HOME"
- name: Print environment
@@ -115,14 +115,19 @@ jobs:
env:
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
run: |
- mkdir -p ~/secrets
+ mkdir -p $HOME/secrets
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
- --output ./${{ env.main_app_folder_path }}/app_play-keystore.jks ./.github/secrets/app_play-keystore.jks.gpg
+ --output ${{ env.android_folder_path_bash }}/app_play-keystore.jks \
+ .github/secrets/app_play-keystore.jks.gpg
+
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
- --output ./${{ env.main_app_folder_path }}/app_upload-keystore.jks ./.github/secrets/app_upload-keystore.jks.gpg
+ --output ${{ env.android_folder_path_bash }}/app_upload-keystore.jks \
+ .github/secrets/app_upload-keystore.jks.gpg
+
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
- --output $HOME/secrets/play_creds.json ./.github/secrets/play_creds.json.gpg
+ --output $HOME/secrets/play_creds.json \
+ .github/secrets/play_creds.json.gpg
shell: bash
- name: Decrypt secrets - Google Services
@@ -131,7 +136,7 @@ jobs:
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
run: |
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
- --output ./${{ env.android_folder_path }}/google-services.json ./.github/secrets/google-services.json.gpg
+ --output ${{ env.android_folder_path_bash }}/google-services.json .github/secrets/google-services.json.gpg
shell: bash
- name: Increment version
@@ -143,7 +148,7 @@ jobs:
echo "########################################"
sed -i "s/android:versionCode=\"1\"/android:versionCode=\"$BUILD_NUMBER\"/" \
- ./${{ env.android_folder_path }}/AndroidManifest.xml
+ ./${{ env.android_folder_path_bash }}/AndroidManifest.xml
shell: bash
- name: Restore packages
@@ -152,45 +157,33 @@ jobs:
- name: Restore tools
run: dotnet tool restore
- # - name: Verify Format
- # run: dotnet tool run dotnet-format --check
+ # - name: Run Core tests
+ # run: |
+ # dotnet test test/Core.Test/Core.Test.csproj --logger "trx;LogFileName=test-results.trx" `
+ # /p:CustomConstants=UT
- - name: Run Core tests
- run: dotnet test test/Core.Test/Core.Test.csproj --logger "trx;LogFileName=test-results.trx" /p:CustomConstants=UT
-
- - name: Report test results
- uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0
- if: always()
- with:
- name: Test Results
- path: "**/test-results.trx"
- reporter: dotnet-trx
- fail-on-error: true
+ # - name: Report test results
+ # uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0
+ # if: always()
+ # with:
+ # name: Test Results
+ # path: "**/test-results.trx"
+ # reporter: dotnet-trx
+ # fail-on-error: true
- name: Build Play Store publisher
if: ${{ matrix.variant == 'prod' }}
- run: dotnet build ./store/google/Publisher/Publisher.csproj -p:Configuration=Release
+ run: dotnet build .\store\google\Publisher\Publisher.csproj /p:Configuration=Release
- name: Setup Android build (${{ matrix.variant }})
run: dotnet cake build.cake --target Android --variant ${{ matrix.variant }}
- - name: Build Android
- run: |
- $configuration = "Release";
- $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}");
-
- Write-Output "########################################"
- Write-Output "##### Build $configuration Configuration"
- Write-Output "########################################"
-
- dotnet build $projToBuild -c $configuration -f ${{ env.target-net-version }}-android
-
- - name: Sign Android Build
+ - name: Build & Sign Android
env:
PLAY_KEYSTORE_PASSWORD: ${{ secrets.PLAY_KEYSTORE_PASSWORD }}
UPLOAD_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_KEYSTORE_PASSWORD }}
run: |
- $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}");
+ $projToBuild = "$($env:GITHUB_WORKSPACE)/${{ env.main_app_project_path }}";
$packageName = "com.x8bit.bitwarden";
if ("${{ matrix.variant }}" -ne "prod")
@@ -201,29 +194,41 @@ jobs:
Write-Output "##### Sign Google Play Bundle Release Configuration"
Write-Output "########################################"
- dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android /p:AndroidPackageFormats=aab /p:AndroidKeyStore=true /p:AndroidSigningKeyStore=$("app_upload-keystore.jks") /p:AndroidSigningKeyAlias=upload /p:AndroidSigningKeyPass="$($env:UPLOAD_KEYSTORE_PASSWORD)" /p:AndroidSigningStorePass="$($env:UPLOAD_KEYSTORE_PASSWORD)" --no-restore
+ $signingUploadKeyStore = "$($env:GITHUB_WORKSPACE)\${{ env.android_folder_path }}\app_upload-keystore.jks"
+ dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android `
+ /p:AndroidPackageFormats=aab `
+ /p:AndroidKeyStore=true `
+ /p:AndroidSigningKeyStore=$signingUploadKeyStore `
+ /p:AndroidSigningKeyAlias=upload `
+ /p:AndroidSigningKeyPass="$($env:UPLOAD_KEYSTORE_PASSWORD)" `
+ /p:AndroidSigningStorePass="$($env:UPLOAD_KEYSTORE_PASSWORD)" --no-restore
Write-Output "########################################"
Write-Output "##### Copy Google Play Bundle to project root"
Write-Output "########################################"
- $signedAabPath = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_folder_path }}/bin/Release/${{ env.target-net-version }}-android/publish/$($packageName)-Signed.aab");
- $signedAabDestPath = $($env:GITHUB_WORKSPACE + "/$($packageName).aab");
+ $signedAabPath = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_folder_path }}\bin\Release\${{ env.target-net-version }}-android\publish\$($packageName)-Signed.aab";
+ $signedAabDestPath = "$($env:GITHUB_WORKSPACE)\$($packageName).aab";
Copy-Item $signedAabPath $signedAabDestPath
Write-Output "########################################"
Write-Output "##### Sign APK Release Configuration"
Write-Output "########################################"
- dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android /p:AndroidKeyStore=true /p:AndroidSigningKeyStore=$("app_play-keystore.jks") /p:AndroidSigningKeyAlias=bitwarden /p:AndroidSigningKeyPass="$($env:PLAY_KEYSTORE_PASSWORD)" /p:AndroidSigningStorePass="$($env:PLAY_KEYSTORE_PASSWORD)" --no-restore
+ $signingPlayKeyStore = "$($env:GITHUB_WORKSPACE)\${{ env.android_folder_path }}\app_play-keystore.jks"
+ dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android `
+ /p:AndroidKeyStore=true `
+ /p:AndroidSigningKeyStore=$signingPlayKeyStore `
+ /p:AndroidSigningKeyAlias=bitwarden `
+ /p:AndroidSigningKeyPass="$($env:PLAY_KEYSTORE_PASSWORD)" `
+ /p:AndroidSigningStorePass="$($env:PLAY_KEYSTORE_PASSWORD)" --no-restore
Write-Output "########################################"
Write-Output "##### Copy Release APK to project root"
Write-Output "########################################"
- $signedApkPath = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_folder_path }}/bin/Release/${{ env.target-net-version }}-android/publish/$($packageName)-Signed.apk");
- $signedApkDestPath = $($env:GITHUB_WORKSPACE + "/$($packageName).apk");
-
+ $signedApkPath = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_folder_path }}\bin\Release\${{ env.target-net-version }}-android\publish\$($packageName)-Signed.apk";
+ $signedApkDestPath = "$($env:GITHUB_WORKSPACE)\$($packageName).apk";
Copy-Item $signedApkPath $signedApkDestPath
- name: Upload Prod .aab artifact
@@ -285,13 +290,12 @@ jobs:
|| (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0)
|| github.ref == 'refs/heads/hotfix-rc' ) }}
run: |
- PUBLISHER_PATH="$GITHUB_WORKSPACE/store/google/Publisher/bin/Release/netcoreapp3.1/Publisher.dll"
- CREDS_PATH="$HOME/secrets/play_creds.json"
- AAB_PATH="$GITHUB_WORKSPACE/com.x8bit.bitwarden.aab"
- TRACK="internal"
+ $publisherPath = "$($env:GITHUB_WORKSPACE)\store\google\Publisher\bin\Release\net8.0\Publisher.dll"
+ $credsPath = "$($HOME)\secrets\play_creds.json"
+ $aabPath = "$($env:GITHUB_WORKSPACE)\com.x8bit.bitwarden.aab"
+ $track = "internal"
- dotnet $PUBLISHER_PATH $CREDS_PATH $AAB_PATH $TRACK
- shell: bash
+ dotnet $publisherPath $credsPath $aabPath $track
f-droid:
@@ -442,6 +446,7 @@ jobs:
path: ./bw-fdroid-apk-sha256.txt
if-no-files-found: error
+
ios:
name: Apple iOS
runs-on: macos-13
diff --git a/store/google/Publisher/Publisher.csproj b/store/google/Publisher/Publisher.csproj
index bedaef882..b610268f8 100644
--- a/store/google/Publisher/Publisher.csproj
+++ b/store/google/Publisher/Publisher.csproj
@@ -2,13 +2,13 @@
Exe
- netcoreapp3.1
+ net8.0
Bit.Publisher
Debug;Release;FDroid
-
+