From 1c5cf18746f7a4435c7d2c48adf7e3115da58fc0 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Wed, 28 Feb 2024 18:06:50 +0000 Subject: [PATCH] DEVOPS-1800 - Migrate Secrets (#8139) --- .github/secrets/appstore-app-cert.p12.gpg | Bin 3343 -> 0 bytes .../secrets/appstore-installer-cert.p12.gpg | Bin 3350 -> 0 bytes .github/secrets/bitwarden-desktop-key.p12.gpg | Bin 3348 -> 0 bytes ...rden_desktop_appstore.provisionprofile.gpg | Bin 7861 -> 0 bytes .github/secrets/devid-app-cert.p12.gpg | Bin 3324 -> 0 bytes .github/secrets/devid-installer-cert.p12.gpg | Bin 3333 -> 0 bytes .github/secrets/macdev-cert.p12.gpg | Bin 3275 -> 0 bytes .github/workflows/build-browser.yml | 82 +++-- .github/workflows/build-desktop.yml | 328 ++++++++++-------- .github/workflows/release-desktop-beta.yml | 235 +++++++------ 10 files changed, 373 insertions(+), 272 deletions(-) delete mode 100644 .github/secrets/appstore-app-cert.p12.gpg delete mode 100644 .github/secrets/appstore-installer-cert.p12.gpg delete mode 100644 .github/secrets/bitwarden-desktop-key.p12.gpg delete mode 100644 .github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg delete mode 100644 .github/secrets/devid-app-cert.p12.gpg delete mode 100644 .github/secrets/devid-installer-cert.p12.gpg delete mode 100644 .github/secrets/macdev-cert.p12.gpg diff --git a/.github/secrets/appstore-app-cert.p12.gpg b/.github/secrets/appstore-app-cert.p12.gpg deleted file mode 100644 index deecea1cd000492ea41fb25da066800d3b7dfd51..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3343 zcmV+q4e;`e4Fm}T2z%GXKk9}2^7zu~0ro}R)<|}hQHc42hJ}G8qJi zIRCM*W()Cm;>aL~b`3*Fs>46rW~`g)`v44IXW*3h$xYqJH6)mwS$dr+Gn2&{e(bL+ z-##17N(9+apOHv&jMm1)I>;h_v*#47!inoJ&}o@4_NgVmcW_h&ap zcvxc)?}(yFXio&0p9x(g$D9`SF934ZpCC}@>>7DXiEjHn@7etgyx6dB)10&<|B%D& ziPVjTWi`~Zoh!*f8{)K0i(vLI>k@NfQ{z$;vLzw zIUhybn5dp`XXeX{g{Gd*(`1?9)c>i@OKoa?BkUOqSwgM2`~oMki<{UE{6)DZw*eEg zVvV~qI`9$4nV2Wi)<%oWF&$&EC$1t&nDGAkfgrKP=3Uz<|721*9BJto1fZisGYOvHRPkNGZooyV=!a-&aIpJ5>Y)ihv4r;e< zcYpY0V$ru;XTF@W_wxmmqQ5cx)<*93D!uiJ6DV#~n63g@aQ{46e>O91z2^6f<~GGe zfU>27v$DDUe!jH*l0QjWMWmCOmy6)@$#()0Pgo;T3ZIk0rMqusH2{d%-C>oA={*vVxIoqOxlB(AXSgJ&OPQa(!z@$Ex*O^^@+-5lX zDp#r$qkC^M>IU%MSF98AB;LEhvtAjW%E^3a7j%L{Rzfktj7bzNn(@h-Xudv;%RT;s zfXB#O3izr!+KmG&wZqMVcj)_EGj!x*9?N+W{Tj2*Wyjs`06pGzRCTf4-_NT$=G;e0 zr4i`LK?EIFuKFTme%!aU3QbD0SUC`3r5~pgkM!QrClc2S)<6OBm zerWamk5<{OytZtMX7a%qhDnw{=10F2B2|V9Tbb+xEx60rfgKmp2Q~UnQ)Yv3J#Su7 z`b&7hY5BS;<(n*%P?GbHg2bB=!M}D=XcD|Ee1lVE;e$LbIE4ja!H@scDxMUP-l}TR z&vlEJKO$z0KR$=SUcO?g;Kf~B zFr+2q+V%Xab1*}*^#1{s{OgohQ~m`!Qc$PvLDQsGysktJ`G6wBTR2lY&)lbWPZ9@6 z5;s>lFoW}9+mrd~jEV)$uv!q{c^-`-qFNc@S9X95`j`j_*S10Vn`e9t5 z-~hW|{LIFtOjNgn2XdKsuG}g058jVR2ZWoSr1)}b#tVHh5@+Gqicc06fkc1UpHo$4 zjK(AI!DzZH!%?e;arNo~IU9>7;MWK~6GFPweyUDgI1NgDz21Vm^7WL6Nn=MSIdqDo z{RyCra7|;(LY^oAksDk&c?%!oXGWKfEgVJL+%n$-kHYt(sde-6Dl=&I6IJM6 zZsJ4eGOF-tE=626P1ud@VM{9D)0RasK+91Bt+fEMC(dlftED5EQZ5ukAL`hcO_#Q6 z>q921B2Zu7DTEgGTzSb0sw9^y8<{_}Fd3fvOb5m-*|dBREo5$^mSNI4 zEtAzb^7JuWWK*xP@&AI|z(y6pL8La__a37FgV1KX@H^ zA?5B7m_Kd6mrv`+1T`nipDkd7vld%iEo46r^!NMP1-055H*{$lS2)3Oyik)AcdM%DN+=!2&{QQmaw)_F?ins zElT^iR~C2nPKZ{r1n9#SrYyL(w)sU* zmS;o7hi|%WgQ}oWdh<>LiqN}Dwf$e7mrJ%6DjlQsk{qb0GIMkGtA&(oUFQ9<^jHu4 zK5jejX=@eKz=oH-WZ9@LQK9rc@!I>XKwPDixWqn#v~oIF`jX#4#&JH zxXbI%kKqWz(Z@_+MIeZTb5%k+D(Wr{yn&QUpA9MgKb(^h$PfBfOw? z- z4li~MT{kwSe_|pdiq|kOHl0Yo?`NlQs!EXySq!>@O7tq9VVQ+v@OZGSbN-_E8Xf}1 z#Q~QLyd+76YEuxs)5HzQTiU7OT_n#;`p>VI(6t@?T3reBL-E)@rrbq__eIQ0qut_z^kVb35%R zWK3QzNA)?XfWTfm7ruO{q>ACls%WHJ5XFFNqcHy5j5PKT?XM4xye)5}9^ za>#i%gtLwwIX`GupCq8QG@ka&UP~?KDV6LiHZcBBW_$y}IN`U$N?@19>0fCJ!B!lv ZXScu=y%I{O8*~%d3WtYgsXG$cBeYF^b{Guw|_vHc|4wCDGFR} z7BHs_#?qW(p6zx5*Ds-?@fp?@1=#6Cxp`Jh-G|t*wv{EDkEgD(cD2$Cy*!P-+q9Zg z<&3KVV~=H2iw|Z`ELJ^GRAM#<(Hz<;({51F;9vb02m>T8n95#9F>j;JfZ=7{|G8%8 zdlJ+(S)!GL^TXq^n_Z8#aFJY8z>;78n&m?*H06g@GlV@KT=ssoA?*-LMV81O6#P&Z zvV`1E`6KfAZU?Uo);OhUXNU5d;y*m$q{Jn-;Hpr+-l~Lgb|Qn?qJ+qPB{y`+tw^<< zysg9FAuXLAuw%ICswX_nACuBEZ;oQ;xouy?2QyxwWH%)}<-EMjTyw{U z^@w?bRS?mL0eh7~d}@b2(sNbam1SEu=6+(rPA9>_F=K3v4NcG=Z*-aK-_w-&n*-r5)fW0UIJnB(gxxkwKg<@17HL3Wl($~tqjWlh(biAqeC)YG<;2*Cf z6TqwiXB8;tW;ki`gigLMKK2*_SY13@Bxrv`t5AlqU`-!W(-|PI z*Xdqp8u)h?9^;y<6#n(wHZwhEY2AB4eKvXxHLv9uZ!Ot)WP-0_8#Q39S(lzC{g=0T z6q>N^EwwDJT2{e4h}(9nJTgqw=0jMJE|qj1ls^X`{|KzJeor#j-|0Uu|t)DSztT_zTpxZmlPeYv-kYM$=; za2)|!j_aG!lW(K@Y-Ixk_Mddtn0)u8N|BYc6qDIm9z#4-tRWNXv@WD*@A8>`EaMOc_QT2;jVcgjzS zSPtimJH-cf)XWA(U}4>m;Z>fI+~_!FZ!AV`8tk@y3^mC6UZRiE1bB5a+lr9@mtZ(K z_dNom`TCu_G$0>70AF^7UmUFFi-s@ILn<~!VVxfD_a0Mifvg)&XOB429|LvII3YZZ z{N{?b#5Ic?>YFs(QgG^)8(7aqh9Pp}0L9p3b2bHSj7RIZ<0Th_*A44t8=hk9GTTKX z)7`BtvX;J@u`n3Kr}J)D%lDB4K1HFaEVabB>`b%g1*N^o{_KOcxi#x!Yfvg$vSYIY z1h8}u?7E@Y02YmFQ?0w|^vdAJ-=dDd!jdxjOUnX*vHTo`(26{s|4oj66bM}6A=Lg= zO*Az@7HWsn+y~TKrYC0t1{GL-9_lxS*KE{2URq{QKL@ZofsJayIK-* zX|R*t2lf8mmt+HBbxt-rUb{VHPuX~Gd@b?~6>SM#@o2V^;EU$+e7qx&0MC^Y?}%W189G?F(UT6TzaA7T`>+(l7kkUhlQ*aXfmny z_uSrB{gQ1}Ya1}I)<$yhs(stLF<<*dDh$neGM|DH#=I$0g@&np`U3D;ib>7?=NAtu zo=tP2U6PAV_+5vtI0FX!@OScL4P2Io-OjI8^YFKAXNhW}?h-tdHb*?}S!qs9p$Cuk ziVu~l&ps)84Z@WKV9O^f7P5Vh1+Kbgb0#Sk$3=S3&)t>x@u+A}+O78@>YA%cNYnIg zsViA#K?o(dY}*B;DqyY?iF*gq7H;muI{0V)iW8#k-@NFISmVf3qYz>8=hjXk4rwx$ zGgeQOEGfrEyHm>WAiX3(g7L4rDpPGvho~mC^?19U53lLMz2*F|SFd)CrDm~mJc)o> z>quC#osEU7`;iV`nmRh6j52|HJtVbbV*c&`9=Bvt*Pq(;>1>W(l0wn8q)A#Ft}YNr zK#a4pVG!fJ1H@2y0k>!yY+E}MyI120{rWLZyjpkc?NqHJwXWS;y++3uH&mfP?lpys zMAC-1kxpfjk3LK8vP#)XK{+01{&Kg2?0s)inzQ5LRRHW$-3xF{Ol{D96Giitr8++RycEu zPCGN$#93uOhVA%tG^hkOQMSFl8&&eo;E~e_vD<$$a>!><)k)mSeH@65it0U6nwmED zSkE9>qO%V88i5!5I3SV`@?*T*k89L=x*L$fEHRFI&?(`NNb_F7*V@buAJ_k8f3urL;6(W zZwMCjrFUDb<3gylhZ%Dm+grmS6;z=^MZp`5Sx)N5l*E{)Deh%opK?{9_29T^#!};p zwPF}4rlpvXG3CE8212!HgHXb_<|kCPD3*s4EBfy`$mo1}f6qP)5PH-pyV0WQ0!hMh zYV;e0OJybt!2W>JUc}_ia9?8UE9wc9=oYQnnnL8)enwF>`@Uhak;^b_punrCI3Q{i zx~ipvyv7lDr~srmhTvy@~Edw&`QsDDeICic7~ed5#PlG zh%&v3i7~b|-!Y#W;XA`31%r!{kjf>an%8^uT0^%hE1mP}sKk&nLo&w&jgva-A}{f9 z*y>$hL&CiE=ojmJ47a?dBrT+5)C)K zbZgaERQFF;6I3VOq(@F*aUov7>TY_5*WS2p1~Vd>%YFoK#xLTc)xHA;^%L^2RUMN z^W;>>@P^K}m$+Zxn3<_XepYWpxTWKr?J}+*K6LqU%phAAX10qNnaZUe>p@k}rA+2W zSPu^wmwz;qwANGZXH7OPHWA@?&Ng34-3)siKxrt`3Z1>C512P-7~lGNq7JD5x?m=GU_?<2tgIrr<4LC gkbbj462Ao@Db{J=c|w;&Wil8m)6&zW8i`OipTr@C1^@s6 diff --git a/.github/secrets/bitwarden-desktop-key.p12.gpg b/.github/secrets/bitwarden-desktop-key.p12.gpg deleted file mode 100644 index c9de5100b5b26dbd870475ab7f7e303836d30dc5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3348 zcmV+v4eRoZ4Fm}T2!-%}$TZlABlyzl0V0`d@dqstG6nc>Wc)F+yI;$I<#}MQiD*+D zug$Hm*0~Gg+E);=fS+MX`t|)HF35lrx(Qhy#R^jenAX7cUPY5v30tsXTxO;?S^H>* z6c15+s*bA2Z^>7-A2y?st`v|N199JO>Za7#a2b5QC87srSE_j#%Q{rIrT)ipW7E*q z#Y3Turr9PwJLANj0a{$NSRWLV4Mc}L!k*aiw^<|V4wS+gV((jXdkp*>z?e1^RO9TC z1NJY-=xwHwST~FCNwY{|i};OdxFko7xxPbxfMSr-R{zKm;HA7{CkawA3F>L8Ki9=& zddU=P0QR4`E3zD>WaMf5fclzVeL>emO98*?MgY2YB$7Ebn_phnu>lb`2P$32t_6#*+6urummWqyK7Ku^M zDxwI(YEIk<$*dyXDEBt_aKCE9yq8Dfq%%Js`3*oiFRp4ZVGTtls!F$r2W`_4VI6(sZbF2drrPHcV5Kv(mevU%xGU>EVq- zxTE)wH||)Sf-djD|BqOPKF+Vv)+W5R2S3ms+&+KO!lsjVU4-g(;^GEKW-=maaQq#zM4119W+jp6g)1=!CkF5o+|u2Nnx4@-QbA|V3O z<$)8{8@61|=On2Tp3k+#g1>w+nv)~3lNSJ`aYO2YL&mpTj;*J(yOulonB;$fHfyg{ z3~CID7rjcl{Sn?wef3~ugLFes=UiPIvOkt=>q;v>p$Nj>6^T+>!A^==iEJP?B{>q+ zikOPP5t|GU%FId3>Pi)&I5VybEC|RoJkRu0(y7rZiI|2RL2Im1dWSk%&1(ke+I&;uPOox6~?VA6XvYAXr zc&5G@+udyW=(Mjtxq_Ex4YHmoo7+^`5E@mI1dYAdU>|w;k2`%u?JKx3mE*?T6 zsPz^L%;Kc9kc~(oacq?az>5(+;K0Hwk72e9r!4(tYW;N>UL^dnb^p#((xR{^V81q( z2T_|gziCbrE>QWKAD!A36OwWX_;X_ynZVs0!fWAp*NF^#=5G{}?|u|+^8 zokHJ3J)=#xm<^WoPNPRs)kA!1BXu+We!MhSY3n7O(u&UEj%Sg`39_NljM21lx(?cj zp@Oy+ibNNVzYjQG_M#PAH+fZ!H9dSp@wSG)4lJ?4n2K$$j!~2 zDbEO9`8hNnH+llK0(@jNbEVe5A^0?$J2W_N_bGYfHaS{_qO=*Mg2E6#w_OKFkAAYW z?}O=EeuFlQ1vdZ#!?LIJlzv|*$_pQyoNBX84B_n}51CV0F`Q%3-c}a8f^p3PzMnJB zAd!|aI9tU)Gg9~QgKgY4*jtz2ARQWY7_FS4C#8I@ahXY{eRo*c@%uC3p2YRA8yK|I~OUSk>jzZeV8 z*v_X)=$1ol?V0-m?T=1%bl9Ig7HlG#>V>W#07LAuS0Wu@QS>4TOmU#cEpxPb9HKxl`L2jS z_nEsLonTR29g50U@X0yQg+72p$9@&XQPh@W+MU6}j6_)jY}0hTD0iy3gbFOTEnNRv z!JJ)FzJ80ubyel(4YC|DICpbl&4rMnuZT`f683sozJBUMZ5T5g1k)xbwMA{;MyE(*Ls|88*(wfW{2A6O%mB&kw3>0 zbkI0&t6SLvONnAEDQH6t2Y!ue^v-_vzXlQ>2iG4R3ivJd|G&dBw&tVKr$Q%PjMQH!zsevB4 zh}yB0s*5UMm!d-0Aj0~%0W_K2T{|OCG{+40%gxka{6s(S9?myET#6d9*l>4S+8NjQ z)!-OT=-2MS&gZuBxmyb>cqcU=SZ=$4r3^rwq>wBWb4T zVtb~kT$j~5NR0a$4d%?oy-cbwDE6SLBy)iHK52hzkUOBA_>h*yINZ+;Gq}-s#=P77 z#X37(+sCDq|F+BCrOB^@GM{iW1#<|C=7VBO^TNW&3+W-<| zv=yVMhK@|L*N>M3RhE}o1zAXg0@}EaROI}P4}AN!Tv-kF6`I|3*yTDbxOP1lnsJpbH7=p&d7bfAmAA*(faSjogW&@*r z{wzcv!7WvyFnzmj>KHDPz2$L;wq__`Fja(rgATwya$=+4#jPnwH#hMi?6dJNPmovp zNXD9hm_n&VC9kN|l(5xVe(7<- zam_%dLjrlDT68|AvmDHL_mEbV1j}X`SXH*ZwJpln3owZ~!`X#?FD&NPcFpp2(^Wvw zXL`fO^uvl4Z?#uu?kTR9brAg9(Zdr*})@!IJeWquo*d-U1(9 eaoI@v?)(6I^c+ZQt|UxQ&{P_+4)zTk6qz#KM}D~g diff --git a/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg b/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg deleted file mode 100644 index 79d59fb9fbcfcf047d6933c517e5dd47b1a81874..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7861 zcmV;m9!lYi4Fm}T2plKKNRgSN1o+bG0lzT=5K4#y@aqm(Q$?A`T5pb@*^bUikS;7w z&`}lrXA)cvoZZ(xi@ZkLH;1M5oUr#y#qjFUQ`3m1J(JpoE#RjLIN`q>Sn}u(KbP5$ zZE)+r@o0bO($P5GG$91n)!_MAOHVUCC&ld1x)`y;UJ~&zNswI^U~I>uClHx|(eR9y zN9lK6*ggNz-ME6FxzsFQAqiY+)(^Kq*Y}eDc7g&8UA8@3!| z5-LUP(xzzSxgzgm(0l5fms-?ZQxy0KxBYu(Tv;s2&rDuLbhw;z$1)SHnNN>#TaEYM z=|PrNiFW9uRA_Pf<{-&34G!}+?8wWzHx>a$+p^@w-CLu;G9;FN9#-JdT#u${e|LT$ z{sU9$aLk<_qKlpYlZAyCT+)kr+-mQ~gOp=^G{Nlwxq3(NGAbTYs)Cc*373UGaE4LQ zD0qLvrl7abhv6~$Rm4VTccqO?Dl;|@B#2FaDfQ=}KHSd6{$U}cFyQslGh6lCwUueM z|6+s5o-?+wtH{lJ@XmTjZR8BC5J$FV;O9@|Azyx_ZMSOuL9B zH$Kzn>b75Fh$4rmQM$FnjpBcc05jFkgjRN`P#&)Jw_)6=UsktN>jX+!k#Z46bn!Fg zsn_lp`9yX6kO?ArFiIh+A8S4^O{sm$8j|H$j&tdIvaxY1!(7F;9UOyTlJ9&0k1ZSD zYF$RdcFy>rpCFmq<`q*iE#eQ;lDb?l`WI72~oqz1K)z;D` zPoarRpYTprbY>1Az4qFY}<)zdSS$&*Dd4gxzYPViZ%R^yH!hP4K8*#Xb9E_s`ry;zQ6-x3lrOrvw7BwqdaHd zW)$KVJn2*tSH1*LlshPS^Y3@mS5ob_in2GWfT;K1b1eVZ1MwkvQ{ZKZ_f1T1v$We-@GRbup;H5`>BM;utAR`j7xf zNRce}F%A>by~SWxZ76_@pBjrNNfSvne8yj|N8{BBBtJ+}@$vDUnWm1rED}3q1996K zklftj?-a`ta`#H`{HrLs}plo(dsp&5Pc5vm$R=)Yoc;4M;@cUQox&zL(dDuj2n+&@5hF_ua}$f7d5d7d&P55Xc&!k~ z*s*KQ2&|<1k|$)`RCyGkG_ec3kh7^^1nAnZ25K4*Hk4gJR~{~>KG-?8<{@z<+qpCu zfMzSS2woF~E~8FCo~HGOd{0GB=Ff};snk;qBaYai(7umE!JTKa4@{+FNQ7tG^9X}; zKD=2y%6p={ObGc-l^t!g7=N7LaeeF91HOq67DWrF(4C5jBuBGG^izYHpKgn}2~2`I z4eNa*JOVcOBMzAGvFRq>KB;Q>XIlw&Sr4ji<^b8nmE}D_h<1d@@7R~e{8p0ZkPKr= z;RSmPD-9CmCk1;oC4||vuGnd?J+sH7%$f$2bWng83$Z!Wbo^qeM)lR-RbE@xy_S2N zOa~$u&6o!Zc_X+fl153Z1c=l+JYryl6uHqg0}sVyaj+7Jm~^lvw5^lEd*@L9%Dp7c zqe@^7bFxUAqyT)t)+ZLitQ9?MajNL-9=d7IMKRO$T-NP@2Q%OhWQ3bCm&t7(9vV&9 zPi}X)w$W0xLZ61ob?H7|?`JYE2~|MK1At{U6p~=Q>0?Ov+Fe}T>@3;y^qYr>mRTPl zgM5N>FNEc+cXUuwG}P0CiK-jL5>f(@bTE?S=^@QFbfDOhllCk|bGCkBZ##QgocmL= zGHI$33Z+hwKwohN+(aOw$}c0GmBXNgh;@4k@pQ>X)q2Cc?3PL;<^6h_= zVynce6s?sofnD^}KeG5AxD^_pK6Z@IgT?o8#qir^WD`c>AyWXPgMrTpN%cJz09PXJ zd2_s))W)m~?)5QONF9ffBK&P%)%|h%Jiem4CO$Y(V|PA$>L+BcXpN;V*e{;}6xks4+UIFCi*Yjq_Ch0M z3rb20u}i6;1ialBdeea8;aDkT!{ifzx&z>>Z9d{=y>(Qn3pIEQNCz&Hnj4gJ3`Yao z=AD~^QT^9crdX9P1tEdlFwRDbgY73HAKtuGn9OUNvT*lzT)nps4I&0kDZzP7jP1-w z;MQb;RVA5V-eZpyCuR$``BSntJPm%&k5+RRZtq%r{xR!c`s%Ptb}b7C<&*bvh-7-o zXU5DosbCb+iOZ=Kk@v;}4g1JX(=;V)@$c$;p!-t)x{|23{bd1Be73s3zb@-4o)DAz zy4gOfhIz`41DenhE5E~h-98U(KfS6=P7-co}Bbj0#L0FZ-ogT>=w_%*I1^u zc)wv>-!m6baHc@W0HF7aW))CAjAlgAZgD-SSf5-+uJl$4@n64a$`WSO*$lqamskYb0GE1YGG^+je%!6m$*%##6+ZYuW8E~8Wy_C^?g7q0f-PA*c zHo=k$43Wlewrczl*rc5Axn+^8zwL}^N#tHdDf6Q_U72@&c zHql$!oD!r81K_~}W$K#m%rQnlGUcDH@WQ;-K=jxXZs#xeZhQ;(AMzn2fIK~%8|sGC zLKA0*o#OjBp`-_aHZG2aHfU(v8^#Jv`>Lp=puBwZLJlF76B(hKqQW*4`@N>gJvOep zDqZOahR+g!bEj4t;K#g~_yJ4bq%pkH&&l^JRl#s~7@nptVKKL`bAz z!Mjkm)@169?XaYzzrR3I{hd zCE$sE8#Q==HXRGLxn*U6UTzX2EL^wvG;3MHyPw?dvYFrLJPGi0M?#VrJo4t|Mp#e2 zeOp>xp%o@^3W)E090hbZGLQ4W4)zCh6ep{tx41#8XEhl-ZZNO!!pXk%Kw2zl;6Own z1QAv-tO$%vzCtO_#6y{Z&8k&La6urZVbvq)|vtp>=kM!=o?m1D~eT=Ix{St9oQ z|IzW!tPl1;pRaV4@y5ByfQz;(w)*S~%R~UYVAv}lnhtG<%pfzo{`JdLhN+wAMTgCd zTctjq@#X-3jCh}AzXfarcHiL?+q6LCfVitBeT)@zPYe^#5Tlo{*8Rb|G$?1;#8Khi zGS&yO%e5@Mx7y-11Pn!p`R%zYZ-rD582{>2R(qvE&!;e{1jC@n&jT1e5ksTGcTi0p zM{JFY?>jEbQZwvoC@i}Ah-%X;HO(b7BKclaPlU%mNDMBfFMN7IfDdG(YXysuY(Ra2 ztWRKUWpN$eccIb(;M1NXYF80(<5cELWroI z)si}I6_D$gRs8D1(B(Km_?6eLrRo)f&;YCXFqV+tqXcCpcVa%qIawiU7A?NT)nDu^bUjtO& zo$2zH&tvX%=aHj)aDo-$KfPs4Z8_@!EPECRU2X$*sL7~g31#rs+7~6kFv}l}OvV)> z!=jm5NL+Ig*;<^Y%LV}FVDU|Z-xq-rza0H`nUzZ>JI!bKm3>+^c#GBlt3jW`OM@w| z{-#^Z0iGk7#0vwK|5uoMf*(x3z`xvaZ3{J`P$MdV4(?wTGw`w5{+r4At^^r~>&nKv zs;qE`{IPU_RLPf7QoGP;ut$&X7D92mFbn9GVdOO$&%qzzgq@6{l^tWLc-ZnGxwUF} zci?Ve*QQ=eZOxxdi_lb%=!$yA2an%9y3S=Wfm1m~c8R|?(W=oRCYcBDU)rM$+ee6O z+t^TwNeI(^fMtw2WLIuxN6ZmOTM>eqF%l48hl0TIl6xq;Sk2sXO~MU?N`99wf`~}w+wE45SgAz z^H&wgTL+xSjHOBvy2;+71SO3KpGMiU{4FG~EquQ~U}43wRM&0%o+y!uXH@#G z@`n`D3w)PNl_Y8mLM30?M$uM;CXy6l>O6byFgJVRzJ|9qPNu-&venr4cP;UpR_Zlx zw`)WA=OEyrd0}@%$3XqWR9DkYKeA8)GZeU$_exeO8}b zZLp1$O1T;P^KWoPvP!O$^R?`s0qvl@K4I3=(^H_whNIp9Rk2I_$jDfq6nhIs%#xSf zHZ~TOD{K?oJw5e(9LgJNYzc8)l>*g=#Q>dT|I1+4tXd-QPp+=E&Z=HB9Pp8hqD zsCqEn{Oe{>{9jtHo~fJSNE!Dp^}0sx>_+~g55)KR>Gn+1Py9clW804Y9QMqkgwq`L zE$Y(TnIH}co<+Vfh^OyoX3^>BHi$W)H;7HOoU^mtB(lQu+aLPdfP+AWw$d-w3%}O- zzYmlG!d`p(-+Kjf5-cP;_=x1S!BQm8p%Z6KgPzk5qQ5p)5^1~L*0UnfID9NDIXfv9 zOM63+l{%$kRA3WUm4^I`;yQ~DBgNhe4q+xKUu%cHdfyF>*)Bbslf#;rl9*hvRE&9l zofhiD-HolhvI<1iAz)}&=|9FW@)*F}qcA|AgUF~tE~Cn>H(38$##X3vLjRT!j|x7r zOnVl>P{D|uik{S0#Yp9@VBPjF9Ciq!8R>c=g{*k3d((i-NN`AY+=bWP#kAE_3%FQ} znzY#fyB+`XBFmJoE_D~~Ln3I{Jsba(Y)Zc1Q@pD*kvgiw>w`S|mgY(dG8*a-7XP;^ z+JjHt9=(@;Ml*rIJjy6B_C8ty7LI4}T`g?N8p7R>2hhD1KK z4s$LpD!+rO3jemiTo+OUaOj8IHCx+yD3IaOFuX{wu6Xp_{~5n)1E2xDPh3{a%Jc8k zHr(K=V!tv}35!K=>)%M4xm!#_!K*4R3P0C>oLl)NizJ=C=nTUx8)Js&e>fp3j!Oa3Ko9vD8G)}Xu?arG&Mhm1 zeU!N@`*NTghLPp9R;gLd$wqZuW1x2@WjT`5V$q1r$3XU_9c8x1Obfa8tfq_GBz z9YS(WebM?x`GPt9#{i|XFj_^KuB5D8opy5gm1oj8rkqE`QDU{v!}<$o_353Rc~;HQ zA6yo0p_B;yJIumqRy*nioDmmR_ryJ;Gd&jYx|~a>{8H51S1-v~J_w_{WdASrFEZy- zksQ{?#W4qIS61cFqjF7fPo-w zzyn(gex=Um`HcY!h8@ctT&Q~a-%9Qkl8>?8vkA4w=TBI4lmNS^b5WGkjdC8E27tZc zuoa(Dd+^FlUFYZry67y(Yu~7+8f|)_xyx&{kPCSv8^gh16qT`h)Mq3CR`(XSN0~uzZQ=>JniLu&vam_?lSdtcrB# zLn;Ckcz>E^yL}`-UnTp#&CXL;$Pmc$(~dB%sB!2#6{e){%fi=tKrt<=oHfwJ&5tAj zjyI6vyIfbxG1+))haw}XC#7c5-Se>Dv4N1MPTlmhuRx2j^#2;ls34jO!2ocdX23I@ zLXUxJ_xiN}6MG+G&`bK~BqUj`(~)r{9}rQn=!~bHjrvj`kms_ezWiNJdC!b-(nT31 z*42tV8S)l>hSx&g9#Vt@tcxxP?UIY%#~9387=rm5sYUA8P5tGh$5yc2(cgPq{EN)d z6>jfDd|^b8;PBc_4=#4n(#K_-cCq)h@?oKSSEE-G`!ecfTrA5E6xDKE6F=1Lmx8C& zoQ%j%j}qvAZIIIb8rnOeHV{I$i|nQG0caNW4@aL8xLPT2j&&}~$8?1$RhLK_~1hg>&H z$k@?);l46mRXuL)^1{pbPR{SJ5OGh1kYahj+uBngMKpMU<6jO@a)f}qI8c5c9`lDV z0LJ?MT9oDrR|gzx;GKtbcK2hS2;L0#7a{W__jJOV+Vf~Q14`iMwO1K4dngAJYX%rJ zPyg=q@OqA@V3>6yZ--+3kt!7PiE{v<6RJok_!(R(g;Ae&p`a7x zkEH6@_` zCxK)c(0YJ#@jMVK0pd&GYb)<)RCt;4|C_}e<=Rj~tIotqGmCTWiF3GOv`2zU^sN&{ zooIx+1GWM+4igO&aI|4g&Eir4qiN5{8uLK25s7Y4ay!bJ#SmS`a}^|450J!Cb3rXp zHpv^R9%up5dKk>*`Dak>OV1jTp45nWwU#&V1N2jK=fn*-X10OI}2?&~M!Y+|E%2D}B>sGx8Q8m8=RbGt)? zx3mzhEBU86DM60sa-*c!75!4*2IZtdfp@pr&qTn>)1Bqba2-(ye(N*`U3`nLrived z3Czi;;fhGnKfG?CBO8u>93iVEZMvQf7%Xg$8b}B#*HZB_l6`m_tSnDj;wc8g z-81w;=4RnVdmqNBe+I*ag{GSQtl;9rAJ(5_2Is3=?pM+>Wib(TQzoQ7p8hWvcDdM) z?W=g{p0hP95aDGr{jbb(9;M-jkyBy_n&!F&XWKKYeucXWl=Eem7CgouBPE+w_8TcVWI%! z0ZH@XOk`tSpRtON!gZ(#Uf1|Kk-a4d5x2?s)&O2YiYMT~VF}@6kF^bkg3j-|UXzp5 z)g-6b22r}-p6VpyP(ib-$0=`l46l1gmT)#cBQDdf*8t@NTo;}V_jF1wYuVf0QbX>H z$uqn|`cgf(HvOvzv=oGvg%Wv0^29xtlBHhsu`5vBYr&X58m&li1BW% zh^snRYR5#y2QJN?HLd2u01W^V3B*27UzRY0x+z~vPZ^w^$9<_q%46d0QBRNc`)pnV zhv;zKPDkai3%h!kq*E*NPsWaxANuwYvh|c&V60X;9a!$~yFi?GS>k?z#ZN+i9y4~0 zzWmZPN6i|8r&!*3qn=0+V_p z_}wlwKx|fOGr36ysDA65A%_<@hcqP6q3^oIGZyx!8;yWlI}LJCLv*r@@SCNaV%#Or%konszRFi;Wb~eE&{yc>i`T$Nn z#odyov^Creleum-z#UN(Sgivs!oZq}>6Fkb4IcHKl^)sXdTdv5XHWX5e$Na-<6gGE&F18gf?oEIH&iPtIwHng8^KAS*cHAGg@3y2f%z?Mssu4-oxF{4r z8A~N;!fnE_V@wEL==H_1>itYt_=j-iACf%}lsc-G1|im$S<;njht>%9)znwj1xLwW0bI z9F#i-DTB#lb^9tN94L9Q|3h-to6BD`OEqLD#n@k_%?1)jWKsC2=3qF@za4? z983KD<)16zpjfaSPvNrtTP`Bowf$?mF&idM0p1}e@>Cwm=jbq4YSNhUQ8k^R`#Juz zCQB@*>GEs%!Xsfmz)TRUK7?SW==sU_GK}=aFUYxHq=PVlqdN@}?R#CR4(uauXUE#K zz{OrFFf(C!PqmpDEPBD=?G@8cN}2Lz4s0wty8RKMrq` zM?5)$K^Not?{({{y#c97RZmKr>U>va3XL78YMzoKh=2YIdFspYVs#PqL(4V%t4vZj zEL^9-{Cwl!^%$x%!dD26*`?{_8AJ)4BY#39YM4d)R8bJnWG~pLqIJIa7G**LDKQ$R zOF<7VT6&%s#3IlzT_+A4X*tt~ztsTkD%06La@)e#DP>Q}TC^h7d0VK(FdzD*3v3(9 zAO{sR>d?fNk4^V}XaL7zDD!RGYjJ{W7b=_B>p)oM3DHT1RyZB20!um-vPXDYbP#D_ zO8$n3Hn!Jp5p{Rm5%j*&D``)jP}2s?D$`N=B1{(wBivnso%mM2S8_rk-tW-FN-(T3 zuA%B_;JcWvQy<*pwTwpgGBh*JEssO&P6SP{L64geRMquK$+Qw$Z3NKAdFx>SJgxls zM=69PzK0}u?r6grUDobA+a<|(9wtR9Ov)hFz#qG3Y(dp>@4j2sAp&H_GJEFja;9U( zwK{6rZs%c6S;L7hFjC;%z)TM@RCKvMyNS1OLlx?6!Ks?dNE`O0)dJ^`nXu5ye`p;d z-~=mDMc7OQKIuT*RPG-e@@Jij*c3P;Ia(Boe0Hr7dPOi7YH~<$p7aXBU&8UaOFaK2f zSwh&IJY6!E%co0)w<;2+GO`o=C7Yy(MGUY3pU5fS++|f%RlFIG>0-0h0N^e|Mb*Hs zAB{|+%wgTw|b5>>;f{z8DIY2K# zg`uC}x_t!hsPsu;L=M$*f?Rh^8@!ddAeZ`V3U>ZP1f79-3OBO*MfF2!O~(a-^7hD4`DlEX?fgs>fxamDH4ROArzH!OD;OE3@nJz5zN#& zIZwMBe%p3I>J59=L%SxQJiTV3z?0+$jY9k%_l#IKm6ap|wqWuDogn}Kru<*%kg%ZZ z!nP$CHgM%`2p(9>ebC`YTK%?l4+PZA*Ie+%+&S|Wk}lKUNDr(%-C~(*clwcc@ zxLv$p@9ZT_HF2!*XY}msk4^t0FxO z30qQWh)2PwdPUSoelhkGQs%9hy;tM&P#tI}3z7(6^^AjWP0-W943oc5AWQa5ME9|( z+MB=!2U3m=cB4XH+qX*3!`d9Ul|rW{QAX)A9wbe@^eE3Y)Q~$+MQTRg$z`* znUJg*12>l4TMoBhp^#Eqw7D=f28^(oELBp30U+~5F_WENLj!ej_9{YZ>Xf3@9>z2Y zd4YEzdN4tWgF^PJCMpSoQ!(AZZU_|!5}~FWVLIT;P8z&gyy*5f3ghx$)+G?=O+^AP z3gN>70EEQ>my4X>ji*M=@P?eo0CRw!h8+t^x`!RAWv$-)iNOFj(yhesT^brG z?=cYVmyHTgxK$>Z;s;;l!0^ekXdZjwWtR^_n`Y|iyhjGZ)%tX-`4jtDVa}lEl(h=?w+Dn&;q8@huau z$KeLyv>lr{ZZZeRS^E5<7G6qq>G6;<5+b)2y40;57iW40!N1#XIcd89+F74mZf&2u z?#2B|!6=~aJ3!DFu}7+2kXmZ`ud_#3wgvY*nl~G~r z@#A2kp8Gia*EA9jM6n*-P$4r)OMXlgkH(UbGKHAwV|4mvgUozB75s~&gc&xIhcilW z{M6pjuxe9pWPjuFk#@`&`fz&=!{sTBV4jo7&$?#D$X9{OT-#m7eu{KQM?-UO$rk(;GVOYI(ga+y%~?k$GUlNP15>T5~^0G zjrz(wEGhF2W5mkg7nu3L(Y3uu`;Y9e$}fdz?ghrAkS^^og!(<0k76q>t%9=U)21JU zf@PAeg4bQ5;t3fY+Fh@-%OYN)Lz5c>goJv=z|I+%y8!f1w%IuK@;#A-r1yc^Y1+tv z3~#4RDOOjvfDuAad)gJ}jrx@(w!f!GlxS-fc6xN=3wKDtx* zICcmv+a%M0ee+~RAb_qK)BNV8U&qos(DTxpwJ#MH)ZLn}f=huj!OiJG7FWU**X3r7 z3E!KKpP0RPU*BP(Cz537@Mx(~=Qy88yb``PCX{G}#< z0i6y0Q+E>>q zZr>4^I!Ilmp`}U`fEqguzf68YhNf6ab|fL!E0dKX7UveK>Qnf9YV{*YNDMAgQ>ona ze2`%f4q5mo{FC8yU1{EE_JkTe{F28G3cM1GqDFfCvm+T*%v(V}AhPo*>~ z=+;b>D95m^J>Urjwd}7< G(vHAR8DUNU diff --git a/.github/secrets/devid-installer-cert.p12.gpg b/.github/secrets/devid-installer-cert.p12.gpg deleted file mode 100644 index f379fc214febadd44e0e23a634c2540587f94a94..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3333 zcmV+g4f^to4Fm}T0u)ajijrg67U=Gs<>Z+S)(5f&{O;KiC z40+MU{S*qg3+gq>pGb*^JFK=BR^SFJQ=1{gyJiWj#Jh$%KjK;!a~sF?(F))7H)Voy zgJ$ZD1GKU^uxxDmA-bF-S+4HYqa)T%2v3`xiRaiAU>$CmTQ~dnT&ZTu#~!`Brb^OE z+t3jSX5peK1__j0?PCnMve78(@LXUIl9c9CD~6Gyffm7Kg}M{p$FGNq&rx zK!X1|s;^sBB~2mG8*?*9geks+NDqz~n9$v(SVMSpm4ZV)@Tuhyv9F!VYm8g^3qh$B zd87n$D1cDe%~F=3@7CDW+FJf6p&Uk3YUS;sgKjLktoSEk&yX2+eWKo)SL!R$Y|&}? z%#Qc?+K_I>rp(vDt?|4*4!2fF>k461^w4X=*C!sv!g7;B8%9g_>F>0yhL?CBXlzQ40hxcOSZuV?;R{FvV1iEEqXV(+L@&cL32iT4_b z77sovq;QgN(Q#yKVS>l#Lo3Hgo5tG^AY3eAf0}=$N@tR(UJCh~6=y}2MKC>!sLi-Y zCFD5Mf+57xUXHAMNLOUcdm02C=pFtdNfMmhta}l@r=Iwid%+HBH@jO-5vFW67J&vO zZvlAJ5xqUYutSWCm?* z60gGIHU3~!){W(`K#-9t2_>eF52;NLxiCwqw1jw}F-ar$3^sZb81l1RSkX!(yo2f%WnXwWDPskS1>w>ITB zMNOZ(qe^-M0SnV@0qP-Z~eR75toHA2%7j>u{o2wC;&rc2NQodk#LXB zqdUV~S4xdclZwXKY<_f!J`EvTBlXhm701xVz;zrXg684*yME0QJfxomgrtx3_Ckw` zAZMXjkIYfYQzy{tFBfI5uIZGaxL`h3@6?m>C1QaDGuDQCnrm*AiT;XMSi;o7m& z-E`KS!iGjN+T(!IW-zJrBNQoc<)a6w@ImLSI(4~b;vlwb?!39Dltr(z73$%=E_B4IaSc@G-u997#gJGW={N$T| zH0ss`Z94nSHfNC5qeF;#2w$YMfsLcDT2}Dc&u5;k;)7|fj`%>hz`5AXPm_<<4c=hIkRTE8GIarBq#^(i_tMIdm)Skv(9@K<=|)kCOQ#H*QK8)`fqP;l8V^%p^f!FF8XX z96uCz12cCL8ZR2h1I72?CLnBM{_x}%3=`=C?4zjsj0>`zo2dx^O&a&wZLF!84Ue%` zJX2k~hY+VScDL#xAG#+HJsN6Ew83y)=d~?uWf`hNtaGsMYv;0C+F=+24=P6|*0xMqxQ*h#N09L8$jNMIia=dLTP9=pWAGz*aS+n%d z$i>nQvjy_9->bi#GbM9b4pD6^{QOLwr9xRntsnT6HK>1Vk7%PNQRXd3H z00tnKek5jMC)2_2iBy1ALyk=uD|D8NL^q`hZYIFcRaG}31=ENA%_8hI5D2n)*p$kf zGGJ?9r{|Wt(EM(UN-{!m(A&q?AGUe@2*)LfK29A|fk@WtfdTv=96%A}KaN!(bNUag zI*$eWvP{;=CQ~#R8Sycw{cIx*=RB8UD3P)h(KnFhiP@ZKgvn*6c4Vs!>I;11|0Eq* zbVlzh{$~c4jbc`ftI01QI5q4VbP}jo;`%f}hKskSRl1Xh;AcjExuUFP>cWV43xZfZ zah;S8^LaPPhhDD_1&I==y?YlVSvm&6Tpq-)VtIF2z+$HF*o}{L2d~Y9%sLQ~J+^q4 zu)~prkaMlbiI)3;8H?s=Rakekty5VPANO+SwiC-ZB#P9Pj^F%wo5_Ik)@m-C9aX~j zcTG*F#N7zFLIIaWC{;@^AG|x2x$b0n8!Byz9yyI^D1a* zzxXArK#OI9$BQG?x@}0?Hcli#lXxE(Q&l#LUPjO)>&+W4LHmaV=JMO1ia?RLL(Yzd zHh1UO&RltHGg!5Y&yzKb6~p{YBh4DSgRz?9VJ{?cv|beAzhvH-HIouG$xO-2b`uKp zhf;t(ZPT0}Bf!^rJtp&9slz^NHiqK;Z9o#;teebIZ8j~!CLaml`rJqV!2h5Pqx&_~ z?FbA&3jh2PHrI_VZwQ;8KFbl3K_rt^*ouiyx-~PD&N)Qko-ZZCInQZmk7iA;ddmbM z0$rP{+OX+J^_x1#0UBRGP!+ep60u8N21h(8(hkfmO@w}e+pL-kO8D+Z!kjq=aT3K_ zxh*QgAxeKQf_9zBQASO4di=T!`v(N$Dd3ZF~DLWAB@a)nZyHs~jM>>o1{Ky2QY(~V0_ z`yi*^9YzHZ_$VOF)=Gz(hPh}iZ!qMLBnG%C6JMb<87dYS%<`5Y6a7ZTQ1flzuf z8X3bi1XKG5XvILF#Ly_vdmu4?!8Yp3R`GPJM&kC@o5$rkhk7j`7H3VzkWI8l zO!Gm~1H4#oqRG=k5x8?{hBd&Hl5CGa@Y+Wz_jAeYpr3O6qP33x_@JhFn6MtwF zdp+av{9Lu+98`4|R8aefAKXD{RIVJWcc6`aS0H{s%&>?a%RXthBMz1St8% zH63lFP8b9y5e0r}1C@bUxU-ibT6m=BlS~UIpAQ1$gAx|cBSgTqnM)p1wK!t>Gekt+ zQI#ivi5=6#01-ogw9$=}_|qH-Zk?<3WFtk7Ad@dZ2X}8Ejh-srL{|DcJyxbssvM*j zKxSUAtL!A7= zH8l>MA62fduoz&$Y*WQZP<(hQ%<|8okLC}H=o-NBna(3ejh+vxl0ITGm PE<#H7)~fjH$Vgv{flXp3 diff --git a/.github/secrets/macdev-cert.p12.gpg b/.github/secrets/macdev-cert.p12.gpg deleted file mode 100644 index 78e5914c1f2a4564e129670ec95e07661e7a0050..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3275 zcmV;+3^enM4Fm}T2m^#2XS0DK9{kek0VX=7ol+i%ar^9G;+{`^{gRVVMK8-|ZvB~< z&1ym6{$Js>Et#u-u%dZ>Bz#%!sd3-trz6_1Bt%9z)5d-a{=5^$00_Yg8R`QD_1Vc7 z6dXZ|dNV8TN}?Amv((|(bAIJ|g7S}Li6jw?8TU@{jfJ65noT|8gLzX!h;ZlCW7YN9Wf&8wobLsG z#8MFud1-_~lwt>4zRC&?qiOi$uW$RDlnw7!n^m4nND#JP(sp3=wyA=^h3|B%@|k$_ zA@gay7tca`x(%bt`zmwAsC5Km`Ny#=sDJRXm)4uV36T$^enbwkpCtX`dyxu+&lScl z_TAC%U{4$H)2T41^W1du0gfY;qlETD6}wU=kEKMZOzwF)ozM>~n&07HNC-PH(EEU( ztAgnz&Oct-{GfyeF&;V!MJK58exu-gI)e*>^?XV|B^N{iR^jtj*}U08Z3pmpZC@TH z;O7RIF09_k9RS0aciD*xJWJPUe?f)i-iK9Q?;;C`6m4t_4XHR4u`Yd35xO5!5Mg)Y-MGHxQGzs z&DwdF9HoZHD0IQuV=rm^x(x*NE+;^?x1Z4BgL2@3U+LP9N#o(+BUPppSTR)e*lWgq zna@9tV;+X6mVhDr&53q6UU_>Q0EK7Hy7oF_e(JAkOjB(k#7y51NLk0sMngvsBmBdQ z|B;-QXrA8M+|r;#71!V4jYVprFKn9uXV{TbqzSZ1u!zhv9H)xYmMoJDD#^Rrc_VRB zy@2^z+Ymm(^>;(B=@i`6Vxk-DlgaXL2%*wanz)WN;oJuu9J;+p6AvKzpP+q+g>!q) zShjQ!mgfwX(|}vme~SsG-0cL|`gB%z*jBp8n)=w;^pOu>!NB1M2?QX^eD&CrdGfg# z(L5=4ZqqXBJ@I@>CPYJt#ZymumyVr(;Mjp}ej_q@$@DpFvXz(oNb71&2=+2iOHk>i zpVr~9Tko9v@N_7g%8i}5s4cjek*yRneCH|Vd%S;fspUkr%$}r#-f1#XrqY-Z7R~sZ zx|DuFtR=#F>Gf;38i|qVx`y4AvJ8hu#TnS7vr?h(%Wm3_&??46Heq}xuXIU1wU4HW zwEG&vqvhWjLozS(;R;J4b`)Fq@{|m-2|zmf|1G=>{}c#3%V^=m*$?sPC4ztG^%@7f3i5gLUn+4*F%Uu7`F%>t@D6U> z+-(qC_wJ+*CQ|XHdsQO2>of*A(@UGIl8HZ8?T3?PM)NqkX6ck2gz~td2`Uk}d%InL zObUIPOp^K~^3dqgSKbYgDoX8HNO(D3q(4>}72*i7kAFphK=oA3B2v?XgqRcynt1S# z1s_I@!r%i>!g&_}#GSEjR5mwzS-D}3s?KiNLaG!7D$gWpF!v)Bbd8ybeh5UL$krYNI;)IBSGnEZ3~GtPd&YR=-EV2d#M~*$Tf$Gr%TFh% zxLv~zNOY))>h2Um7z>Jbs~8h+PxO$wgC8U8U!cdT5-nWzUfi{`&+qu$3}IIvOd-K*N>hWcVrZZ=k=_Yj#jS(C_*3_LY~ z;1?IcUCkUmpo3Z|#J^B@Sk7siMqr@ z5gnACIcR~4H&E~uR!(jC1~BXdRf)5_DEHrCGa*pf~+7`maM{B{|gpRtHg4U2vyxuuYnn#{$Fr#w53psukrc?v5rP z6P(oyZql}Vmn&hjmo#y+$*It_TlIWLq=F7Py{DmJr}qOfOlm(+O35>Rlp%%=PJ^S9 zDGo&mBRbGHo|7&a6>IalK=!X!-50~sqzuB&YMf^6eo|%MaTnt+zA}ms+dc&EWuGbk zVoVp_#VHpcbY;DlZ-h!2s%fZ}^Dm^}k?=4xzYpSEM0m>E>q>I@hB$BPU=BCzzT56jTYrcF)Ji5Lw21q)bW}hE_Qi=!YVu zG}!Fzs@FRy_Kgp?WJfm6zv|mfSaEra zE$_YveGF5luNVkPS8R;MS~p#}v3!q~pCHzsiJsIX97PTCRc}o*spt-*(%f0J>W7^pRg^(+Y;`mER(0|h-w(I1OO(r zywuM#Vx->fyJ?OGk_*`xf}+ zbEkA3c!(+-Xm;Q6)IybSd8ViwsTbu;uTx*;hwFkxUbw@h#uK789R6Q3R)?y*NB5 z04a=)J|aMDE;%Zv14-g82|ga3XfRFPvP&94+UGBS83|8rK$IL;uS zkR(&57m^%iO<`atD7oY!EY|3A#o-YIE)yqk{Lu=gi#Wdx*>%V9J7d1?TEs=vWNa?F zU@B2`aO;PsqR`pqIn2$WmE7+IEn^k#n`GGlcFP+8?gs*|-x`mQRB? zwcYDHv+A-lqd9(wyZ)s!dIZdBHJ^B8y5iUkA%z5^7~@QMAJfZ5Pa&nPL3KjIeXBBR-BsIEiT*t zn-zIjO!tI+aObSZJ&DPoeRyWV3(_f$Vm{+!4C7sRi_Es z{fRdPB7W*G=eymV8Og9nI_f_tSZ%}BOIbB}{-CCz8+JWDMtC(v99Zrx#we@X=lE-W zCw%m?bdf?GP}FdgTo`YDDlTVGiBP349{k#Pp7kCi%BLI!@k?7pe;Wr`3qMh9Hrgnl z&F+G)V6c{>1EIWLi?z*+l3xUQQu3GP-Q=VQzG5K(1PI6nT2VI`A)>Ikf8a7mnI5l- z;2L&q45^9p79#&}(+us(PrkT$z0VnH8a56wGIqCwbIzvHpM9BTGX*>D%KgC61wLSS zgiJlQwVRI;cGr{@K3wT)Z9{x1Zb!D=QX1$NqAI^Ff5d@;R#AEtjuSAIMrHEI-{$4N z!|%pXdi2D-x)%``_@GNBQ2G%*914HQArNN| $HOME/certificates/bitwarden-desktop-key.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | + jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12 - name: Set up keychain env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} - DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} - APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} - MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain - security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + + security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + + security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: NPM setup diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index 03629aa5fd2..e285bec0f80 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -485,58 +485,72 @@ jobs: path: apps/browser/dist/Safari key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - - name: Decrypt secrets + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Download Provisioning Profiles secrets env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: profiles run: | mkdir -p $HOME/secrets - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden-desktop-key.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/macdev-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" + + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name bitwarden_desktop_appstore.provisionprofile \ + --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + --output none + + - name: Get certificates + run: | + mkdir -p $HOME/certificates + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key | + jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | + jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12 - name: Set up keychain env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} - DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} - APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} - MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain - security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + + security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + + security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles @@ -632,58 +646,72 @@ jobs: path: apps/browser/dist/Safari key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - - name: Decrypt secrets + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Download Provisioning Profiles secrets env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: profiles run: | mkdir -p $HOME/secrets - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden-desktop-key.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/macdev-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" + + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name bitwarden_desktop_appstore.provisionprofile \ + --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + --output none + + - name: Get certificates + run: | + mkdir -p $HOME/certificates + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key | + jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | + jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12 - name: Set up keychain env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} - DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} - APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} - MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain - security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + + security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + + security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles @@ -824,58 +852,72 @@ jobs: path: apps/browser/dist/Safari key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - - name: Decrypt secrets + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Download Provisioning Profiles secrets env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: profiles run: | mkdir -p $HOME/secrets - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden-desktop-key.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/macdev-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" + + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name bitwarden_desktop_appstore.provisionprofile \ + --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + --output none + + - name: Get certificates + run: | + mkdir -p $HOME/certificates + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key | + jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | + jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12 - name: Set up keychain env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} - DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} - APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} - MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain - security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + + security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + + security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles @@ -1003,58 +1045,72 @@ jobs: path: apps/browser/dist/Safari key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - - name: Decrypt secrets + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Download Provisioning Profiles secrets env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: profiles run: | mkdir -p $HOME/secrets - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden-desktop-key.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/macdev-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" + + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name bitwarden_desktop_appstore.provisionprofile \ + --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + --output none + + - name: Get certificates + run: | + mkdir -p $HOME/certificates + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key | + jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | + jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12 - name: Set up keychain env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} - DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} - APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} - MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain - security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + + security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + + security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles diff --git a/.github/workflows/release-desktop-beta.yml b/.github/workflows/release-desktop-beta.yml index 9a48e7247d6..d595a49d75e 100644 --- a/.github/workflows/release-desktop-beta.yml +++ b/.github/workflows/release-desktop-beta.yml @@ -436,58 +436,66 @@ jobs: path: apps/browser/dist/Safari key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - - name: Decrypt secrets + - name: Download Provisioning Profiles secrets env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: profiles run: | mkdir -p $HOME/secrets - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden-desktop-key.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/macdev-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" + + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name bitwarden_desktop_appstore.provisionprofile \ + --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + --output none + + - name: Get certificates + run: | + mkdir -p $HOME/certificates + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key | + jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | + jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12 - name: Set up keychain env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} - DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} - APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} - MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain - security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + + security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles @@ -559,58 +567,72 @@ jobs: path: apps/browser/dist/Safari key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - - name: Decrypt secrets + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Download Provisioning Profiles secrets env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: profiles run: | mkdir -p $HOME/secrets - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden-desktop-key.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/macdev-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" + + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name bitwarden_desktop_appstore.provisionprofile \ + --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + --output none + + - name: Get certificates + run: | + mkdir -p $HOME/certificates + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key | + jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | + jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12 - name: Set up keychain env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} - DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} - APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} - MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain - security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + + security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + + security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles @@ -755,58 +777,67 @@ jobs: path: apps/browser/dist/Safari key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - - name: Decrypt secrets + - name: Download Provisioning Profiles secrets env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: profiles run: | mkdir -p $HOME/secrets - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden-desktop-key.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/appstore-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-app-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/devid-installer-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/macdev-cert.p12" \ - "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ - "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" + + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name bitwarden_desktop_appstore.provisionprofile \ + --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + --output none + + - name: Get certificates + run: | + mkdir -p $HOME/certificates + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key | + jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | + jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12 + + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | + jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12 - name: Set up keychain env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} - DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} - APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} - MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain - security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + + security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + + security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + + security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + + security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles