bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-02-14 07:23:45 +00:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'origin/main' into feature/passkey-provider

Browse Source
This commit is contained in:
Jeffrey Holland
2025-09-09 19:54:38 +02:00
parent bcfca57089 4907820383
commit 41142b8d57
1093 changed files with 62692 additions and 12836 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
.github/workflows/build-browser.yml vendored
View File

@@ -123,11 +123,20 @@ jobs:
build-source:
name: Build browser source
name: Build browser source - ${{matrix.license_type.readable}}
runs-on: ubuntu-22.04
needs:
- setup
- locales-test
strategy:
matrix:
license_type:
- include_bitwarden_license_folder: false
archive_name_prefix: ""
readable: "open source license"
- include_bitwarden_license_folder: true
archive_name_prefix: "bit-"
readable: "commercial license"
env:
_BUILD_NUMBER: ${{ needs.setup.outputs.adj_build_number }}
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
@@ -166,6 +175,12 @@ jobs:
mkdir -p browser-source/apps/browser
cp -r apps/browser/* browser-source/apps/browser
# Copy bitwarden_license/bit-browser to the Browser source directory
if [[ ${{matrix.license_type.include_bitwarden_license_folder}} == "true" ]]; then
mkdir -p browser-source/bitwarden_license/bit-browser
cp -r bitwarden_license/bit-browser/* browser-source/bitwarden_license/bit-browser
fi
# Copy libs to Browser source directory
mkdir browser-source/libs
cp -r libs/* browser-source/libs
@@ -175,13 +190,13 @@ jobs:
- name: Upload browser source
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: browser-source-${{ env._BUILD_NUMBER }}.zip
name: ${{matrix.license_type.archive_name_prefix}}browser-source-${{ env._BUILD_NUMBER }}.zip
path: browser-source.zip
if-no-files-found: error
build:
name: Build
name: Build ${{ matrix.browser.name }} - ${{ matrix.license_type.readable }}
runs-on: ubuntu-22.04
needs:
- setup
@@ -192,25 +207,38 @@ jobs:
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
strategy:
matrix:
include:
license_type:
- build_prefix: ""
artifact_prefix: ""
source_archive_name_prefix: ""
archive_name_prefix: ""
npm_command_prefix: "dist:"
readable: "open source license"
- build_prefix: "bit-"
artifact_prefix: "bit-"
source_archive_name_prefix: "bit-"
archive_name_prefix: "bit-"
npm_command_prefix: "dist:bit:"
readable: "commercial license"
browser:
- name: "chrome"
npm_command: "dist:chrome"
npm_command_suffix: "chrome"
archive_name: "dist-chrome.zip"
artifact_name: "dist-chrome-MV3"
- name: "edge"
npm_command: "dist:edge"
npm_command_suffix: "edge"
archive_name: "dist-edge.zip"
artifact_name: "dist-edge-MV3"
- name: "firefox"
npm_command: "dist:firefox"
npm_command_suffix: "firefox"
archive_name: "dist-firefox.zip"
artifact_name: "dist-firefox"
- name: "firefox-mv3"
npm_command: "dist:firefox:mv3"
npm_command_suffix: "firefox:mv3"
archive_name: "dist-firefox.zip"
artifact_name: "DO-NOT-USE-FOR-PROD-dist-firefox-MV3"
- name: "opera-mv3"
npm_command: "dist:opera:mv3"
npm_command_suffix: "opera:mv3"
archive_name: "dist-opera.zip"
artifact_name: "dist-opera-MV3"
steps:
@@ -234,7 +262,7 @@ jobs:
- name: Download browser source
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: browser-source-${{ env._BUILD_NUMBER }}.zip
name: ${{matrix.license_type.source_archive_name_prefix}}browser-source-${{ env._BUILD_NUMBER }}.zip
- name: Unzip browser source artifact
run: |
@@ -264,7 +292,7 @@ jobs:
run: npm link ../sdk-internal
- name: Check source file size
if: ${{ startsWith(matrix.name, 'firefox') }}
if: ${{ startsWith(matrix.browser.name, 'firefox') }}
run: |
# Declare variable as indexed array
declare -a FILES
@@ -287,19 +315,19 @@ jobs:
fi
- name: Build extension
run: npm run ${{ matrix.npm_command }}
run: npm run ${{matrix.license_type.npm_command_prefix}}${{ matrix.browser.npm_command_suffix }}
working-directory: browser-source/apps/browser
- name: Upload extension artifact
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: ${{ matrix.artifact_name }}-${{ env._BUILD_NUMBER }}.zip
path: browser-source/apps/browser/dist/${{ matrix.archive_name }}
name: ${{ matrix.license_type.artifact_prefix }}${{ matrix.browser.artifact_name }}-${{ env._BUILD_NUMBER }}.zip
path: browser-source/apps/browser/dist/${{matrix.license_type.archive_name_prefix}}${{ matrix.browser.archive_name }}
if-no-files-found: error
build-safari:
name: Build Safari
name: Build Safari - ${{ matrix.license_type.readable }}
runs-on: macos-13
permissions:
contents: read
@@ -308,6 +336,19 @@ jobs:
- setup
- locales-test
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
strategy:
matrix:
license_type:
- build_prefix: ""
artifact_prefix: ""
archive_name_prefix: ""
npm_command_prefix: "dist:"
readable: "open source license"
- build_prefix: "bit-"
artifact_prefix: "bit-"
archive_name_prefix: "bit-"
npm_command_prefix: "dist:bit:"
readable: "commercial license"
env:
_BUILD_NUMBER: ${{ needs.setup.outputs.adj_build_number }}
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
@@ -433,21 +474,21 @@ jobs:
npm link ../sdk-internal
- name: Build Safari extension
run: npm run dist:safari
run: npm run ${{matrix.license_type.npm_command_prefix}}safari
working-directory: apps/browser
- name: Zip Safari build artifact
run: |
cd apps/browser/dist
zip dist-safari.zip ./Safari/**/build/Release/safari.appex -r
zip ${{matrix.license_type.archive_name_prefix }}dist-safari.zip ./Safari/**/build/Release/safari.appex -r
pwd
ls -la
- name: Upload Safari artifact
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: dist-safari-${{ env._BUILD_NUMBER }}.zip
path: apps/browser/dist/dist-safari.zip
name: ${{matrix.license_type.archive_name_prefix}}dist-safari-${{ env._BUILD_NUMBER }}.zip
path: apps/browser/dist/${{matrix.license_type.archive_name_prefix}}dist-safari.zip
if-no-files-found: error
crowdin-push:

18
.github/workflows/build-desktop.yml vendored
View File

@@ -1317,6 +1317,7 @@ jobs:
$package = Get-Content -Raw -Path electron-builder.json | ConvertFrom-Json
$package | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"
$package | ConvertTo-Json -Depth 32 | Set-Content -Path electron-builder.json
Write-Output "### MacOS App Store build number: $env:BUILD_NUMBER"
- name: Install Node dependencies
@@ -1392,6 +1393,23 @@ jobs:
CSC_FOR_PULL_REQUEST: true
run: npm run pack:mac:mas
- name: Create MacOS App Store build number artifact
shell: pwsh
env:
BUILD_NUMBER: ${{ needs.setup.outputs.build_number }}
run: |
$buildInfo = @{
buildNumber = $env:BUILD_NUMBER
}
$buildInfo | ConvertTo-Json | Set-Content -Path dist/macos-build-number.json
- name: Upload MacOS App Store build number artifact
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: macos-build-number.json
path: apps/desktop/dist/macos-build-number.json
if-no-files-found: error
- name: Upload .pkg artifact
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:

2
.github/workflows/chromatic.yml vendored
View File

@@ -11,6 +11,8 @@ on:
branches:
- "main"
permissions: {}
jobs:
check-run:
name: Check PR run

7
.github/workflows/lint.yml vendored
View File

@@ -102,3 +102,10 @@ jobs:
run: cargo clippy --all-features --tests
env:
RUSTFLAGS: "-D warnings"
- name: Install cargo-sort
run: cargo install cargo-sort --locked --git https://github.com/DevinR528/cargo-sort.git --rev f5047967021cbb1f822faddc355b3b07674305a1
- name: Cargo sort
working-directory: ./apps/desktop/desktop_native
run: cargo sort --workspace --check

108
.github/workflows/publish-desktop.yml vendored
View File

@@ -18,10 +18,15 @@ on:
type: string
default: latest
electron_rollout_percentage:
description: 'Staged Rollout Percentage for Electron'
required: true
description: 'Staged Rollout Percentage for Electron (ignored if Electron publish disabled)'
required: false
default: '10'
type: string
electron_publish:
description: 'Publish to Electron (auto-updater)'
required: true
default: true
type: boolean
snap_publish:
description: 'Publish to Snap store'
required: true
@@ -32,6 +37,15 @@ on:
required: true
default: true
type: boolean
mas_publish:
description: 'Publish to Mac App Store'
required: true
default: true
type: boolean
release_notes:
description: 'Release Notes'
required: false
type: string
jobs:
setup:
@@ -71,7 +85,7 @@ jobs:
echo "Release Version: ${{ inputs.version }}"
echo "version=${{ inputs.version }}"
$TAG_NAME="desktop-v${{ inputs.version }}"
TAG_NAME="desktop-v${{ inputs.version }}"
echo "Tag name: $TAG_NAME"
echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT
@@ -109,6 +123,7 @@ jobs:
name: Electron blob publish
runs-on: ubuntu-22.04
needs: setup
if: inputs.electron_publish
permissions:
contents: read
packages: read
@@ -292,6 +307,92 @@ jobs:
run: choco push --source=https://push.chocolatey.org/
working-directory: apps/desktop/dist
mas:
name: Deploy Mac App Store
runs-on: macos-15
needs: setup
permissions:
contents: read
id-token: write
if: inputs.mas_publish
env:
_PKG_VERSION: ${{ needs.setup.outputs.release_version }}
_RELEASE_TAG: ${{ needs.setup.outputs.tag_name }}
steps:
- name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Validate release notes for MAS
if: inputs.mas_publish && (inputs.release_notes == '' || inputs.release_notes == null)
run: |
echo "❌ Release notes are required when publishing to Mac App Store"
echo "Please provide release notes using the 'Release Notes' input field"
exit 1
- name: Download MacOS App Store build number
working-directory: apps/desktop
run: wget https://github.com/bitwarden/clients/releases/download/${{ env._RELEASE_TAG }}/macos-build-number.json
- name: Setup Ruby and Install Fastlane
uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
with:
ruby-version: '3.0'
bundler-cache: false
working-directory: apps/desktop
- name: Install Fastlane
working-directory: apps/desktop
run: gem install fastlane
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main
with:
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID }}
- name: Get Azure Key Vault secrets
id: get-kv-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: gh-clients
secrets: "APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
- name: Publish to App Store
env:
APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
APP_STORE_CONNECT_AUTH_KEY: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
working-directory: apps/desktop
run: |
BUILD_NUMBER=$(jq -r '.buildNumber' macos-build-number.json)
CHANGELOG="${{ inputs.release_notes }}"
IS_DRY_RUN="${{ inputs.publish_type == 'Dry Run' }}"
if [ "$IS_DRY_RUN" = "true" ]; then
echo "🧪 DRY RUN MODE - Testing without actual App Store submission"
echo "📦 Would publish build $BUILD_NUMBER to Mac App Store"
else
echo "🚀 PRODUCTION MODE - Publishing to Mac App Store"
echo "📦 Publishing build $BUILD_NUMBER to Mac App Store"
fi
echo "📝 Release notes (${#CHANGELOG} chars): ${CHANGELOG:0:100}..."
# Validate changelog length (App Store limit is 4000 chars)
if [ ${#CHANGELOG} -gt 4000 ]; then
echo "❌ Release notes too long: ${#CHANGELOG} characters (max 4000)"
exit 1
fi
fastlane publish --verbose \
app_version:"${{ env._PKG_VERSION }}" \
build_number:$BUILD_NUMBER \
changelog:"$CHANGELOG" \
dry_run:$IS_DRY_RUN
update-deployment:
name: Update Deployment Status
runs-on: ubuntu-22.04
@@ -300,6 +401,7 @@ jobs:
- electron-blob
- snap
- choco
- mas
permissions:
contents: read
deployments: write

1106
.github/workflows/release-desktop-beta.yml vendored
View File

File diff suppressed because it is too large Load Diff

3
.github/workflows/release-desktop.yml vendored
View File

@@ -124,7 +124,8 @@ jobs:
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive,
apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}.yml,
apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}-linux.yml,
apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}-mac.yml"
apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}-mac.yml,
apps/desktop/artifacts/macos-build-number.json"
commit: ${{ github.sha }}
tag: desktop-v${{ env.PKG_VERSION }}
name: Desktop v${{ env.PKG_VERSION }}