From 04e59a0fe296cc8c4992f11c997957cacc0e7e0d Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Wed, 11 Jun 2025 19:33:51 +0000 Subject: [PATCH] BRE-889 - Remove checksum assets (#15146) --- .github/workflows/build-cli.yml | 43 ++------------------------- .github/workflows/build-desktop.yml | 5 +++- .github/workflows/release-cli.yml | 12 ++------ .github/workflows/release-desktop.yml | 12 +++----- 4 files changed, 14 insertions(+), 58 deletions(-) diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml index fa9d7dc82a3..3e6c1937583 100644 --- a/.github/workflows/build-cli.yml +++ b/.github/workflows/build-cli.yml @@ -46,6 +46,9 @@ defaults: run: working-directory: apps/cli +permissions: + contents: read + jobs: setup: name: Setup @@ -168,13 +171,6 @@ jobs: exit 1 fi - - name: Create checksums Unix - run: | - cd ./dist - shasum -a 256 bw${{ matrix.license_type.artifact_prefix }}-${{ env.LOWER_RUNNER_OS }}${{ matrix.os.target_suffix }}-${{ env._PACKAGE_VERSION }}.zip \ - | awk '{split($0, a); print a[1]}' > bw${{ - matrix.license_type.artifact_prefix }}-${{ env.LOWER_RUNNER_OS }}${{ matrix.os.target_suffix }}-sha256-${{ env._PACKAGE_VERSION }}.txt - - name: Upload unix zip asset uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: @@ -182,13 +178,6 @@ jobs: path: apps/cli/dist/bw${{ matrix.license_type.artifact_prefix }}-${{ env.LOWER_RUNNER_OS }}${{ matrix.os.target_suffix }}-${{ env._PACKAGE_VERSION }}.zip if-no-files-found: error - - name: Upload unix checksum asset - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - with: - name: bw${{ matrix.license_type.artifact_prefix }}-${{ env.LOWER_RUNNER_OS }}${{ matrix.os.target_suffix }}-sha256-${{ env._PACKAGE_VERSION }}.txt - path: apps/cli/dist/bw${{ matrix.license_type.artifact_prefix }}-${{ env.LOWER_RUNNER_OS }}${{ matrix.os.target_suffix }}-sha256-${{ env._PACKAGE_VERSION }}.txt - if-no-files-found: error - # We want to confirm the CLI is runnable using the dependencies defined in `apps/cli/package.json`. - name: Remove node_modules (root) run: rm -rf node_modules @@ -379,11 +368,6 @@ jobs: Throw "Version test failed." } - - name: Create checksums Windows - run: | - checksum -f="./dist/bw${{ matrix.license_type.artifact_prefix }}-windows-${env:_PACKAGE_VERSION}.zip" ` - -t sha256 | Out-File -Encoding ASCII ./dist/bw${{ matrix.license_type.artifact_prefix }}-windows-sha256-${env:_PACKAGE_VERSION}.txt - - name: Upload windows zip asset uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: @@ -391,13 +375,6 @@ jobs: path: apps/cli/dist/bw${{ matrix.license_type.artifact_prefix }}-windows-${{ env._PACKAGE_VERSION }}.zip if-no-files-found: error - - name: Upload windows checksum asset - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - with: - name: bw${{ matrix.license_type.artifact_prefix }}-windows-sha256-${{ env._PACKAGE_VERSION }}.txt - path: apps/cli/dist/bw${{ matrix.license_type.artifact_prefix }}-windows-sha256-${{ env._PACKAGE_VERSION }}.txt - if-no-files-found: error - - name: Upload Chocolatey asset if: matrix.license_type.build_prefix == 'bit' uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 @@ -457,13 +434,6 @@ jobs: with: path: apps/cli/dist/snap - - name: Create checksum - run: | - cd dist/snap - ls -alth - sha256sum bw_${{ env._PACKAGE_VERSION }}_amd64.snap \ - | awk '{split($0, a); print a[1]}' > bw-snap-sha256-${{ env._PACKAGE_VERSION }}.txt - - name: Install Snap run: sudo snap install dist/snap/bw*.snap --dangerous @@ -488,13 +458,6 @@ jobs: path: apps/cli/dist/snap/bw_${{ env._PACKAGE_VERSION }}_amd64.snap if-no-files-found: error - - name: Upload snap checksum asset - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - with: - name: bw-snap-sha256-${{ env._PACKAGE_VERSION }}.txt - path: apps/cli/dist/snap/bw-snap-sha256-${{ env._PACKAGE_VERSION }}.txt - if-no-files-found: error - check-failures: name: Check for failures diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index fab0df693cb..692331af60d 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -46,6 +46,9 @@ defaults: run: shell: bash +permissions: + contents: read + jobs: electron-verify: name: Verify Electron Version @@ -425,7 +428,7 @@ jobs: - name: Install AST run: dotnet tool install --global AzureSignTool --version 4.0.1 - - name: Set up environmentF + - name: Set up environment run: choco install checksum --no-progress - name: Print environment diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index 519fee1989b..31a16dc9a6d 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -18,6 +18,9 @@ defaults: run: working-directory: apps/cli +permissions: + contents: read + jobs: setup: name: Setup @@ -78,24 +81,15 @@ jobs: PKG_VERSION: ${{ needs.setup.outputs.release_version }} with: artifacts: "apps/cli/bw-oss-windows-${{ env.PKG_VERSION }}.zip, - apps/cli/bw-oss-windows-sha256-${{ env.PKG_VERSION }}.txt, apps/cli/bw-windows-${{ env.PKG_VERSION }}.zip, - apps/cli/bw-windows-sha256-${{ env.PKG_VERSION }}.txt, apps/cli/bw-oss-macos-${{ env.PKG_VERSION }}.zip, - apps/cli/bw-oss-macos-sha256-${{ env.PKG_VERSION }}.txt, apps/cli/bw-oss-macos-arm64-${{ env.PKG_VERSION }}.zip, - apps/cli/bw-oss-macos-arm64-sha256-${{ env.PKG_VERSION }}.txt, apps/cli/bw-macos-${{ env.PKG_VERSION }}.zip, - apps/cli/bw-macos-sha256-${{ env.PKG_VERSION }}.txt, apps/cli/bw-macos-arm64-${{ env.PKG_VERSION }}.zip, - apps/cli/bw-macos-arm64-sha256-${{ env.PKG_VERSION }}.txt, apps/cli/bw-oss-linux-${{ env.PKG_VERSION }}.zip, - apps/cli/bw-oss-linux-sha256-${{ env.PKG_VERSION }}.txt, apps/cli/bw-linux-${{ env.PKG_VERSION }}.zip, - apps/cli/bw-linux-sha256-${{ env.PKG_VERSION }}.txt, apps/cli/bitwarden-cli.${{ env.PKG_VERSION }}.nupkg, apps/cli/bw_${{ env.PKG_VERSION }}_amd64.snap, - apps/cli/bw-snap-sha256-${{ env.PKG_VERSION }}.txt, apps/cli/bitwarden-cli-${{ env.PKG_VERSION }}-npm-build.zip" commit: ${{ github.sha }} tag: cli-v${{ env.PKG_VERSION }} diff --git a/.github/workflows/release-desktop.yml b/.github/workflows/release-desktop.yml index 57143747a86..b3c3fe5d250 100644 --- a/.github/workflows/release-desktop.yml +++ b/.github/workflows/release-desktop.yml @@ -17,6 +17,9 @@ defaults: run: shell: bash +permissions: + contents: read + jobs: setup: name: Setup @@ -89,12 +92,6 @@ jobs: working-directory: apps/desktop/artifacts run: mv Bitwarden-${{ env.PKG_VERSION }}-universal.pkg Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive - - name: Get checksum files - uses: bitwarden/gh-actions/get-checksum@main - with: - packages_dir: "apps/desktop/artifacts" - file_path: "apps/desktop/artifacts/sha256-checksums.txt" - - name: Create Release uses: ncipollo/release-action@cdcc88a9acf3ca41c16c37bb7d21b9ad48560d87 # v1.15.0 if: ${{ steps.release_channel.outputs.channel == 'latest' && github.event.inputs.release_type != 'Dry Run' }} @@ -125,8 +122,7 @@ jobs: apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive, apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}.yml, apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}-linux.yml, - apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}-mac.yml, - apps/desktop/artifacts/sha256-checksums.txt" + apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}-mac.yml" commit: ${{ github.sha }} tag: desktop-v${{ env.PKG_VERSION }} name: Desktop v${{ env.PKG_VERSION }}