From 850a7e754aa5f4ef8bbd763d7286b8dfe1eb6896 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Tue, 27 Feb 2024 20:18:24 +0000 Subject: [PATCH] DEVOPS-1834 - Apply fix for signing issue (#3038) --- .github/workflows/build.yml | 107 +++++++++++++----------- store/google/Publisher/Publisher.csproj | 4 +- 2 files changed, 58 insertions(+), 53 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8c3301566..a0dfceeda 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -67,7 +67,8 @@ jobs: matrix: variant: ["prod", "qa"] env: - android_folder_path: src/App/Platforms/Android + android_folder_path: src\App\Platforms\Android + android_folder_path_bash: src/App/Platforms/Android steps: - name: Setup NuGet uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0 @@ -77,9 +78,7 @@ jobs: - name: Set up .NET uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 with: - dotnet-version: | - 3.1.x - 8.0.x + dotnet-version: '8.0.x' - name: Set up MSBuild uses: microsoft/setup-msbuild@ede762b26a2de8d110bb5a3db4d7e0e080c0e917 # v1.3.3 @@ -95,7 +94,8 @@ jobs: - name: Install Microsoft OpenJDK 11 run: | choco install microsoft-openjdk11 --no-progress - Write-Output "JAVA_HOME=$(Get-ChildItem -Path 'C:\Program Files\Microsoft\jdk*' | Select -First 1 -ExpandProperty FullName)" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + Write-Output "JAVA_HOME=$(Get-ChildItem -Path 'C:\Program Files\Microsoft\jdk*' | ` + Select -First 1 -ExpandProperty FullName)" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append Write-Output "Java Home: $env:JAVA_HOME" - name: Print environment @@ -115,14 +115,19 @@ jobs: env: DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} run: | - mkdir -p ~/secrets + mkdir -p $HOME/secrets gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output ./${{ env.main_app_folder_path }}/app_play-keystore.jks ./.github/secrets/app_play-keystore.jks.gpg + --output ${{ env.android_folder_path_bash }}/app_play-keystore.jks \ + .github/secrets/app_play-keystore.jks.gpg + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output ./${{ env.main_app_folder_path }}/app_upload-keystore.jks ./.github/secrets/app_upload-keystore.jks.gpg + --output ${{ env.android_folder_path_bash }}/app_upload-keystore.jks \ + .github/secrets/app_upload-keystore.jks.gpg + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output $HOME/secrets/play_creds.json ./.github/secrets/play_creds.json.gpg + --output $HOME/secrets/play_creds.json \ + .github/secrets/play_creds.json.gpg shell: bash - name: Decrypt secrets - Google Services @@ -131,7 +136,7 @@ jobs: DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} run: | gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output ./${{ env.android_folder_path }}/google-services.json ./.github/secrets/google-services.json.gpg + --output ${{ env.android_folder_path_bash }}/google-services.json .github/secrets/google-services.json.gpg shell: bash - name: Increment version @@ -143,7 +148,7 @@ jobs: echo "########################################" sed -i "s/android:versionCode=\"1\"/android:versionCode=\"$BUILD_NUMBER\"/" \ - ./${{ env.android_folder_path }}/AndroidManifest.xml + ./${{ env.android_folder_path_bash }}/AndroidManifest.xml shell: bash - name: Restore packages @@ -152,45 +157,33 @@ jobs: - name: Restore tools run: dotnet tool restore - # - name: Verify Format - # run: dotnet tool run dotnet-format --check + # - name: Run Core tests + # run: | + # dotnet test test/Core.Test/Core.Test.csproj --logger "trx;LogFileName=test-results.trx" ` + # /p:CustomConstants=UT - - name: Run Core tests - run: dotnet test test/Core.Test/Core.Test.csproj --logger "trx;LogFileName=test-results.trx" /p:CustomConstants=UT - - - name: Report test results - uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0 - if: always() - with: - name: Test Results - path: "**/test-results.trx" - reporter: dotnet-trx - fail-on-error: true + # - name: Report test results + # uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0 + # if: always() + # with: + # name: Test Results + # path: "**/test-results.trx" + # reporter: dotnet-trx + # fail-on-error: true - name: Build Play Store publisher if: ${{ matrix.variant == 'prod' }} - run: dotnet build ./store/google/Publisher/Publisher.csproj -p:Configuration=Release + run: dotnet build .\store\google\Publisher\Publisher.csproj /p:Configuration=Release - name: Setup Android build (${{ matrix.variant }}) run: dotnet cake build.cake --target Android --variant ${{ matrix.variant }} - - name: Build Android - run: | - $configuration = "Release"; - $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}"); - - Write-Output "########################################" - Write-Output "##### Build $configuration Configuration" - Write-Output "########################################" - - dotnet build $projToBuild -c $configuration -f ${{ env.target-net-version }}-android - - - name: Sign Android Build + - name: Build & Sign Android env: PLAY_KEYSTORE_PASSWORD: ${{ secrets.PLAY_KEYSTORE_PASSWORD }} UPLOAD_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_KEYSTORE_PASSWORD }} run: | - $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}"); + $projToBuild = "$($env:GITHUB_WORKSPACE)/${{ env.main_app_project_path }}"; $packageName = "com.x8bit.bitwarden"; if ("${{ matrix.variant }}" -ne "prod") @@ -201,29 +194,41 @@ jobs: Write-Output "##### Sign Google Play Bundle Release Configuration" Write-Output "########################################" - dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android /p:AndroidPackageFormats=aab /p:AndroidKeyStore=true /p:AndroidSigningKeyStore=$("app_upload-keystore.jks") /p:AndroidSigningKeyAlias=upload /p:AndroidSigningKeyPass="$($env:UPLOAD_KEYSTORE_PASSWORD)" /p:AndroidSigningStorePass="$($env:UPLOAD_KEYSTORE_PASSWORD)" --no-restore + $signingUploadKeyStore = "$($env:GITHUB_WORKSPACE)\${{ env.android_folder_path }}\app_upload-keystore.jks" + dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android ` + /p:AndroidPackageFormats=aab ` + /p:AndroidKeyStore=true ` + /p:AndroidSigningKeyStore=$signingUploadKeyStore ` + /p:AndroidSigningKeyAlias=upload ` + /p:AndroidSigningKeyPass="$($env:UPLOAD_KEYSTORE_PASSWORD)" ` + /p:AndroidSigningStorePass="$($env:UPLOAD_KEYSTORE_PASSWORD)" --no-restore Write-Output "########################################" Write-Output "##### Copy Google Play Bundle to project root" Write-Output "########################################" - $signedAabPath = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_folder_path }}/bin/Release/${{ env.target-net-version }}-android/publish/$($packageName)-Signed.aab"); - $signedAabDestPath = $($env:GITHUB_WORKSPACE + "/$($packageName).aab"); + $signedAabPath = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_folder_path }}\bin\Release\${{ env.target-net-version }}-android\publish\$($packageName)-Signed.aab"; + $signedAabDestPath = "$($env:GITHUB_WORKSPACE)\$($packageName).aab"; Copy-Item $signedAabPath $signedAabDestPath Write-Output "########################################" Write-Output "##### Sign APK Release Configuration" Write-Output "########################################" - dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android /p:AndroidKeyStore=true /p:AndroidSigningKeyStore=$("app_play-keystore.jks") /p:AndroidSigningKeyAlias=bitwarden /p:AndroidSigningKeyPass="$($env:PLAY_KEYSTORE_PASSWORD)" /p:AndroidSigningStorePass="$($env:PLAY_KEYSTORE_PASSWORD)" --no-restore + $signingPlayKeyStore = "$($env:GITHUB_WORKSPACE)\${{ env.android_folder_path }}\app_play-keystore.jks" + dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android ` + /p:AndroidKeyStore=true ` + /p:AndroidSigningKeyStore=$signingPlayKeyStore ` + /p:AndroidSigningKeyAlias=bitwarden ` + /p:AndroidSigningKeyPass="$($env:PLAY_KEYSTORE_PASSWORD)" ` + /p:AndroidSigningStorePass="$($env:PLAY_KEYSTORE_PASSWORD)" --no-restore Write-Output "########################################" Write-Output "##### Copy Release APK to project root" Write-Output "########################################" - $signedApkPath = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_folder_path }}/bin/Release/${{ env.target-net-version }}-android/publish/$($packageName)-Signed.apk"); - $signedApkDestPath = $($env:GITHUB_WORKSPACE + "/$($packageName).apk"); - + $signedApkPath = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_folder_path }}\bin\Release\${{ env.target-net-version }}-android\publish\$($packageName)-Signed.apk"; + $signedApkDestPath = "$($env:GITHUB_WORKSPACE)\$($packageName).apk"; Copy-Item $signedApkPath $signedApkDestPath - name: Upload Prod .aab artifact @@ -285,13 +290,12 @@ jobs: || (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0) || github.ref == 'refs/heads/hotfix-rc' ) }} run: | - PUBLISHER_PATH="$GITHUB_WORKSPACE/store/google/Publisher/bin/Release/netcoreapp3.1/Publisher.dll" - CREDS_PATH="$HOME/secrets/play_creds.json" - AAB_PATH="$GITHUB_WORKSPACE/com.x8bit.bitwarden.aab" - TRACK="internal" + $publisherPath = "$($env:GITHUB_WORKSPACE)\store\google\Publisher\bin\Release\net8.0\Publisher.dll" + $credsPath = "$($HOME)\secrets\play_creds.json" + $aabPath = "$($env:GITHUB_WORKSPACE)\com.x8bit.bitwarden.aab" + $track = "internal" - dotnet $PUBLISHER_PATH $CREDS_PATH $AAB_PATH $TRACK - shell: bash + dotnet $publisherPath $credsPath $aabPath $track f-droid: @@ -442,6 +446,7 @@ jobs: path: ./bw-fdroid-apk-sha256.txt if-no-files-found: error + ios: name: Apple iOS runs-on: macos-13 diff --git a/store/google/Publisher/Publisher.csproj b/store/google/Publisher/Publisher.csproj index bedaef882..b610268f8 100644 --- a/store/google/Publisher/Publisher.csproj +++ b/store/google/Publisher/Publisher.csproj @@ -2,13 +2,13 @@ Exe - netcoreapp3.1 + net8.0 Bit.Publisher Debug;Release;FDroid - +