From cdf16541e1ae399836fe486d050dbfbf0a3398a9 Mon Sep 17 00:00:00 2001 From: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com> Date: Mon, 14 Dec 2020 13:41:00 -0800 Subject: [PATCH 001/123] Set up CI with Azure Pipelines [skip ci] --- azure-pipelines.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 azure-pipelines.yml diff --git a/azure-pipelines.yml b/azure-pipelines.yml new file mode 100644 index 00000000000..2a6e47f5efe --- /dev/null +++ b/azure-pipelines.yml @@ -0,0 +1,21 @@ +# Node.js +# Build a general Node.js project with npm. +# Add steps that analyze code, save build artifacts, deploy, and more: +# https://docs.microsoft.com/azure/devops/pipelines/languages/javascript + +trigger: +- main + +pool: + vmImage: 'ubuntu-latest' + +steps: +- task: NodeTool@0 + inputs: + versionSpec: '10.x' + displayName: 'Install Node.js' + +- script: | + npm install + npm run build + displayName: 'npm install and build' From 761a93a4bd8dec992f4978e75f2de6b393fdf066 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 14 Dec 2020 21:51:53 +0000 Subject: [PATCH 002/123] moving default pipeline script --- .az-pipelines/sign-windows-artifacts.yml | 15 +++++++++++++++ azure-pipelines.yml | 21 --------------------- 2 files changed, 15 insertions(+), 21 deletions(-) create mode 100644 .az-pipelines/sign-windows-artifacts.yml delete mode 100644 azure-pipelines.yml diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml new file mode 100644 index 00000000000..8b616edae49 --- /dev/null +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -0,0 +1,15 @@ +trigger: none + +pool: + vmImage: 'windows-latest' + +steps: +- task: DownloadGitHubRelease@0 + inputs: + + displayName: 'Git Release Artifacts' + +- script: | + npm install + npm run build + displayName: 'npm install and build' diff --git a/azure-pipelines.yml b/azure-pipelines.yml deleted file mode 100644 index 2a6e47f5efe..00000000000 --- a/azure-pipelines.yml +++ /dev/null @@ -1,21 +0,0 @@ -# Node.js -# Build a general Node.js project with npm. -# Add steps that analyze code, save build artifacts, deploy, and more: -# https://docs.microsoft.com/azure/devops/pipelines/languages/javascript - -trigger: -- main - -pool: - vmImage: 'ubuntu-latest' - -steps: -- task: NodeTool@0 - inputs: - versionSpec: '10.x' - displayName: 'Install Node.js' - -- script: | - npm install - npm run build - displayName: 'npm install and build' From c641d2641d5c794a9ea0946845f1aafe53cad4ce Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 14 Dec 2020 22:20:39 +0000 Subject: [PATCH 003/123] working on signing pipeline --- .az-pipelines/sign-windows-artifacts.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 8b616edae49..92b606a9aa6 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -6,6 +6,8 @@ pool: steps: - task: DownloadGitHubRelease@0 inputs: + connection: joseph-flinn + userRepository: joseph-flinn/desktop displayName: 'Git Release Artifacts' From 026392d4a1545f20d354ed3a4dacba9a672476dc Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 14 Dec 2020 22:38:56 +0000 Subject: [PATCH 004/123] working on blocking out signing pipeline --- .az-pipelines/sign-windows-artifacts.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 92b606a9aa6..be81b9ae918 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -8,10 +8,15 @@ steps: inputs: connection: joseph-flinn userRepository: joseph-flinn/desktop + displayName: 'git release artifacts' - displayName: 'Git Release Artifacts' +- script: ls -alh + displayName: 'show artifacts' - script: | - npm install - npm run build - displayName: 'npm install and build' + echo 'Signing artifacts' + displayName: 'sign artifacts' + +- script: | + echo 'Publishing artifacts' + displayName: 'publish artifacts' From 462b49daa39c69fa93032a17cfc9c80120ec7617 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 15 Dec 2020 15:39:08 +0000 Subject: [PATCH 005/123] changing the ls command to the artifacts directory --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index be81b9ae918..c4bcbddeeae 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -10,7 +10,7 @@ steps: userRepository: joseph-flinn/desktop displayName: 'git release artifacts' -- script: ls -alh +- script: ls -alh $(System.ArtifactsDirectory) displayName: 'show artifacts' - script: | From 378454ce03a88b929a82e1079cb3327dd0970476 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 19:14:06 +0000 Subject: [PATCH 006/123] testing the GIT_RELEASE_VERSION var --- .az-pipelines/sign-windows-artifacts.yml | 35 ++++++++++++++++++------ 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index c4bcbddeeae..bf70dc14eb8 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -3,20 +3,39 @@ trigger: none pool: vmImage: 'windows-latest' +variables: +- name: GIT_RELEASE_VERSION + value: curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' + steps: +- task: DotNetCoreCLI@2 + inputs: + command: 'custom' + arguments: 'install --global azuresigntool' + displayName: 'install AzureSignTool' + - task: DownloadGitHubRelease@0 inputs: connection: joseph-flinn userRepository: joseph-flinn/desktop displayName: 'git release artifacts' -- script: ls -alh $(System.ArtifactsDirectory) +- script: | + ls -alh $(System.ArtifactsDirectory) + echo GIT_RELEASE_VERSION=$GIT_RELEASE_VERSION displayName: 'show artifacts' -- script: | - echo 'Signing artifacts' - displayName: 'sign artifacts' - -- script: | - echo 'Publishing artifacts' - displayName: 'publish artifacts' +#- task: CmdLine@2 +# displayName: 'Sign *.appx artifacts' +# inputs: +# script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\\*" +# +#- task: PublishPipelinArtifact@1 +# inputs: +# pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(GIT_RELEASE_VERSION)-ia32.appx' +# artifactName: 'Bitwarden-$(GIT_RELEASE_VERSION)-ia32.appx' +# +#- task: PublishPipelinArtifact@1 +# inputs: +# pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(GIT_RELEASE_VERSION)-x64.appx' +# artifactName: 'Bitwarden-$(GIT_RELEASE_VERSION)-x64.appx' From 16bad9ed986b41f9eb450a5df618a86702f55243 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 19:30:46 +0000 Subject: [PATCH 007/123] testing expression for variable value --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index bf70dc14eb8..f374319d25a 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -5,7 +5,7 @@ pool: variables: - name: GIT_RELEASE_VERSION - value: curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' + value: $[ curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ] steps: - task: DotNetCoreCLI@2 From b52f107810ecaaac302c19d3a2aafb0b5cd43014 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 19:33:14 +0000 Subject: [PATCH 008/123] trying different variable block format --- .az-pipelines/sign-windows-artifacts.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index f374319d25a..33f6ef7b623 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -4,8 +4,7 @@ pool: vmImage: 'windows-latest' variables: -- name: GIT_RELEASE_VERSION - value: $[ curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ] + gitReleaseVersion: $[ curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ] steps: - task: DotNetCoreCLI@2 From 9ead2f2bb819b15011e15151c6910133b5d4be6a Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 19:50:31 +0000 Subject: [PATCH 009/123] switching back to manually setting the git_release_version with bash --- .az-pipelines/sign-windows-artifacts.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 33f6ef7b623..64a4e40b145 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -3,9 +3,6 @@ trigger: none pool: vmImage: 'windows-latest' -variables: - gitReleaseVersion: $[ curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ] - steps: - task: DotNetCoreCLI@2 inputs: @@ -19,6 +16,10 @@ steps: userRepository: joseph-flinn/desktop displayName: 'git release artifacts' +- bash: | + GIT_RELEASE_VERSION=$(curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")') + echo "##vso[task.setvariable variable=git_release_version]$GIT_RELEASE_VERSION" + - script: | ls -alh $(System.ArtifactsDirectory) echo GIT_RELEASE_VERSION=$GIT_RELEASE_VERSION From 3099238762074b4e1b0e381267951bbf39226f85 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 20:04:08 +0000 Subject: [PATCH 010/123] fixing the AzureSignTool install task --- .az-pipelines/sign-windows-artifacts.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 64a4e40b145..40e9c0b647c 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -7,6 +7,7 @@ steps: - task: DotNetCoreCLI@2 inputs: command: 'custom' + custom: 'tool' arguments: 'install --global azuresigntool' displayName: 'install AzureSignTool' @@ -19,6 +20,7 @@ steps: - bash: | GIT_RELEASE_VERSION=$(curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")') echo "##vso[task.setvariable variable=git_release_version]$GIT_RELEASE_VERSION" + displayName: 'set git_release_version' - script: | ls -alh $(System.ArtifactsDirectory) From 94b924b21caf7bd8d5196db4e9476212d4d11324 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 20:10:20 +0000 Subject: [PATCH 011/123] changing the echo var --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 40e9c0b647c..60928b09c77 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -24,7 +24,7 @@ steps: - script: | ls -alh $(System.ArtifactsDirectory) - echo GIT_RELEASE_VERSION=$GIT_RELEASE_VERSION + echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' #- task: CmdLine@2 From f294e43262b9312872778a64f9cc2ca95fe3c874 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 20:18:54 +0000 Subject: [PATCH 012/123] changing 'show artifacts' task to bash shell --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 60928b09c77..33d9bab34c8 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -22,7 +22,7 @@ steps: echo "##vso[task.setvariable variable=git_release_version]$GIT_RELEASE_VERSION" displayName: 'set git_release_version' -- script: | +- bash: | ls -alh $(System.ArtifactsDirectory) echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' From 047db49e256adb78c25c35163a373789414824d3 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 20:24:48 +0000 Subject: [PATCH 013/123] debugging grep --- .az-pipelines/sign-windows-artifacts.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 33d9bab34c8..54ff49cbff4 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -18,11 +18,11 @@ steps: displayName: 'git release artifacts' - bash: | - GIT_RELEASE_VERSION=$(curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")') + GIT_RELEASE_VERSION=$(curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")') echo "##vso[task.setvariable variable=git_release_version]$GIT_RELEASE_VERSION" displayName: 'set git_release_version' -- bash: | +- script: | ls -alh $(System.ArtifactsDirectory) echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' From e0cc09f656776842ddaf275d73459c254356ffa7 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 21:48:02 +0000 Subject: [PATCH 014/123] switching from grep to awk --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 54ff49cbff4..cbf3734002f 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -18,7 +18,7 @@ steps: displayName: 'git release artifacts' - bash: | - GIT_RELEASE_VERSION=$(curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")') + GIT_RELEASE_VERSION=$(curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | awk -F '"' '/tag_name/{print $4}') echo "##vso[task.setvariable variable=git_release_version]$GIT_RELEASE_VERSION" displayName: 'set git_release_version' From 53f15dc78864e38e9e12a1459c47526a8c02d3d5 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 21:54:56 +0000 Subject: [PATCH 015/123] adding another awk script to clean up version output --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index cbf3734002f..53cce6bc41a 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -18,7 +18,7 @@ steps: displayName: 'git release artifacts' - bash: | - GIT_RELEASE_VERSION=$(curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | awk -F '"' '/tag_name/{print $4}') + GIT_RELEASE_VERSION=$(curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | awk -F '"' '/tag_name/{print $4}' | awk '{print substr($1, 2); }') echo "##vso[task.setvariable variable=git_release_version]$GIT_RELEASE_VERSION" displayName: 'set git_release_version' From 18e55133ba07ff25d07a67748decb9cf1eb05435 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 22:03:54 +0000 Subject: [PATCH 016/123] adding in the signing test --- .az-pipelines/sign-windows-artifacts.yml | 30 +++++++++++++----------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 53cce6bc41a..b9ec77529d3 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -27,17 +27,19 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -#- task: CmdLine@2 -# displayName: 'Sign *.appx artifacts' -# inputs: -# script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\\*" -# -#- task: PublishPipelinArtifact@1 -# inputs: -# pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(GIT_RELEASE_VERSION)-ia32.appx' -# artifactName: 'Bitwarden-$(GIT_RELEASE_VERSION)-ia32.appx' -# -#- task: PublishPipelinArtifact@1 -# inputs: -# pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(GIT_RELEASE_VERSION)-x64.appx' -# artifactName: 'Bitwarden-$(GIT_RELEASE_VERSION)-x64.appx' +- task: CmdLine@2 + displayName: 'Sign *.appx artifacts' + inputs: + script: | + AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\\Bitwarden-$(git_release_version)-ia32.appx" + AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\\Bitwarden-$(git_release_version)-x64.appx" + +- task: PublishPipelinArtifact@1 + inputs: + pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-ia32.appx' + artifactName: 'Bitwarden-$(git_release_version)-ia32.appx' + +- task: PublishPipelinArtifact@1 + inputs: + pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-x64.appx' + artifactName: 'Bitwarden-$(git_release_version)-x64.appx' From c8fa0aae8bd0ea1ac7aeaeae18128bd9d1e20dc4 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 22:05:15 +0000 Subject: [PATCH 017/123] fixing publish typo --- .az-pipelines/sign-windows-artifacts.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index b9ec77529d3..92357343247 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -34,12 +34,12 @@ steps: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\\Bitwarden-$(git_release_version)-ia32.appx" AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\\Bitwarden-$(git_release_version)-x64.appx" -- task: PublishPipelinArtifact@1 +- task: PublishPipelineArtifact@1 inputs: pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-ia32.appx' artifactName: 'Bitwarden-$(git_release_version)-ia32.appx' -- task: PublishPipelinArtifact@1 +- task: PublishPipelineArtifact@1 inputs: pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-x64.appx' artifactName: 'Bitwarden-$(git_release_version)-x64.appx' From dd4347fb2af19b0224eae7abcd3f86bbf02ca20c Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 22:13:04 +0000 Subject: [PATCH 018/123] splitting up the files --- .az-pipelines/sign-windows-artifacts.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 92357343247..3feb05e1ec4 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -28,11 +28,14 @@ steps: displayName: 'show artifacts' - task: CmdLine@2 - displayName: 'Sign *.appx artifacts' + displayName: 'Sign ...-ia32.appx artifacts' inputs: - script: | - AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\\Bitwarden-$(git_release_version)-ia32.appx" - AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\\Bitwarden-$(git_release_version)-x64.appx" + script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\\Bitwarden-$(git_release_version)-ia32.appx" + +- task: CmdLine@2 + displayName: 'Sign ...-x64.appx artifacts' + inputs: + script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\\Bitwarden-$(git_release_version)-x64.appx" - task: PublishPipelineArtifact@1 inputs: From f46b0319b8e2c7187d633dcef86ae6717285c8a0 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 22:19:11 +0000 Subject: [PATCH 019/123] removing extra backslash --- .az-pipelines/sign-windows-artifacts.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 3feb05e1ec4..ed3d891e40b 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -30,12 +30,12 @@ steps: - task: CmdLine@2 displayName: 'Sign ...-ia32.appx artifacts' inputs: - script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\\Bitwarden-$(git_release_version)-ia32.appx" + script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" - task: CmdLine@2 displayName: 'Sign ...-x64.appx artifacts' inputs: - script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\\Bitwarden-$(git_release_version)-x64.appx" + script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" - task: PublishPipelineArtifact@1 inputs: From 42314451acc0ae6cc50c01772fdf42f5702d66ad Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 22:32:24 +0000 Subject: [PATCH 020/123] reformatting the azure signing --- .az-pipelines/sign-windows-artifacts.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index ed3d891e40b..23671fff720 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -30,12 +30,14 @@ steps: - task: CmdLine@2 displayName: 'Sign ...-ia32.appx artifacts' inputs: - script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" - -- task: CmdLine@2 - displayName: 'Sign ...-x64.appx artifacts' - inputs: - script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" + script: AzureSignTool sign -du "$(SigningURL)" \ + -kvu "$(SigningVaultURL)" \ + -kvi "$(SigningClientId)" \ + -kvs "$(SigningClientSecret)" \ + -kvc "$(SigningCertName)" \ + -v \ + -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" \ + "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" - task: PublishPipelineArtifact@1 inputs: From 6a228ee571959339673faf59527540887d2806c6 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 22:39:04 +0000 Subject: [PATCH 021/123] undoing that formatting --- .az-pipelines/sign-windows-artifacts.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 23671fff720..edd84873def 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -30,15 +30,13 @@ steps: - task: CmdLine@2 displayName: 'Sign ...-ia32.appx artifacts' inputs: - script: AzureSignTool sign -du "$(SigningURL)" \ - -kvu "$(SigningVaultURL)" \ - -kvi "$(SigningClientId)" \ - -kvs "$(SigningClientSecret)" \ - -kvc "$(SigningCertName)" \ - -v \ - -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" \ - "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" + script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" + +- task: CmdLine@2 + displayName: 'Sign ...-x64.appx artifacts' + inputs: + script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v - task: PublishPipelineArtifact@1 inputs: pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-ia32.appx' From b551b839d0b4450faf84e3e728392f970bc1e5a0 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 22:46:31 +0000 Subject: [PATCH 022/123] debugging AST --- .az-pipelines/sign-windows-artifacts.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index edd84873def..1a4f4ef4d7c 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -28,7 +28,12 @@ steps: displayName: 'show artifacts' - task: CmdLine@2 - displayName: 'Sign ...-ia32.appx artifacts' + displayName: 'Debugging AST' + inputs: + script: AzureSignTool --help + +- task: CmdLine@2 + displayName: 'Sign artifacts' inputs: script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" From 5ae39d8fc3c55558d5c1f1d31bd814102f0750d5 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 23:00:51 +0000 Subject: [PATCH 023/123] moving away from cmd task to the script shortcut --- .az-pipelines/sign-windows-artifacts.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 1a4f4ef4d7c..b5036841ff2 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -27,10 +27,8 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- task: CmdLine@2 +- script: AzureSignTool --help displayName: 'Debugging AST' - inputs: - script: AzureSignTool --help - task: CmdLine@2 displayName: 'Sign artifacts' From f349317cbdd23d34909aba187c392aeb8ad83cb5 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 23:06:41 +0000 Subject: [PATCH 024/123] debugging AST --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index b5036841ff2..05e7694a811 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -27,7 +27,7 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- script: AzureSignTool --help +- script: azuresigntool sign --help displayName: 'Debugging AST' - task: CmdLine@2 From f0897eb371f4991e7a8f7ac22c6829280cb50b4f Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 23:10:35 +0000 Subject: [PATCH 025/123] lowercasing the ACT... --- .az-pipelines/sign-windows-artifacts.yml | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 05e7694a811..df470a9713c 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -11,6 +11,9 @@ steps: arguments: 'install --global azuresigntool' displayName: 'install AzureSignTool' +- script: azuresigntool sign --help + displayName: 'Debugging AST' + - task: DownloadGitHubRelease@0 inputs: connection: joseph-flinn @@ -27,19 +30,9 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- script: azuresigntool sign --help - displayName: 'Debugging AST' - -- task: CmdLine@2 +- script: azuresigntool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" displayName: 'Sign artifacts' - inputs: - script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" - -- task: CmdLine@2 - displayName: 'Sign ...-x64.appx artifacts' - inputs: - script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v - task: PublishPipelineArtifact@1 inputs: pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-ia32.appx' From d05562f3591380c473b72be185556dd35637b88b Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 16 Dec 2020 23:16:30 +0000 Subject: [PATCH 026/123] adding in the var group --- .az-pipelines/sign-windows-artifacts.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index df470a9713c..8598101955b 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -3,6 +3,9 @@ trigger: none pool: vmImage: 'windows-latest' +variables: +- group: code-signing-test + steps: - task: DotNetCoreCLI@2 inputs: From 2fce9e6696059440ee70dac0e1217e1b4ab89a08 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 17 Dec 2020 15:44:09 +0000 Subject: [PATCH 027/123] trying to use the key with electron builder --- .az-pipelines/windows-build-sign.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index bb7e13f169e..0b05e64fb5f 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -8,6 +8,9 @@ trigger: none pool: vmImage: 'windows-latest' +variables: +- group: code-signing-test + steps: - task: NodeTool@0 inputs: @@ -22,8 +25,11 @@ steps: npm npm run clean:dist displayName: 'npm build' -- script: npx electron-builder --win --x64 --ia32 -p never +- script: npx electron-builder --win --x64 --ia32 -p never -c.win.certificateSubjectName="Bitwarden Inc" displayName: 'electron-builder package' + env: + CSC_LINK: $(ebSigningCertIdentifierURL) + CSC_KEY_PASSWORD: $(ebSigningCertKey) - script: ls -alht dist displayName: show executables From 42be4d44a1e2f857f8031d706bab9b338ecce248 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 17 Dec 2020 16:05:35 +0000 Subject: [PATCH 028/123] debugging act --- .az-pipelines/sign-windows-artifacts.yml | 7 +++++-- .az-pipelines/windows-build-sign.yml | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 8598101955b..79701b4c1cc 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -33,8 +33,11 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- script: azuresigntool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" - displayName: 'Sign artifacts' + #- script: azuresigntool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" + # displayName: 'Sign artifacts' + +- script: azuresigntool sign -kvu "https://code-signing-test-vault.vault.azure.net" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "test-code-signing-pfx" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" + displayName: 'Signing test' - task: PublishPipelineArtifact@1 inputs: diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 0b05e64fb5f..d07c75b9139 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -25,6 +25,7 @@ steps: npm npm run clean:dist displayName: 'npm build' +# This task is not working... - script: npx electron-builder --win --x64 --ia32 -p never -c.win.certificateSubjectName="Bitwarden Inc" displayName: 'electron-builder package' env: From 893eef9d0fec2d2704c488deff48bffa23af3b38 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 17 Dec 2020 16:14:26 +0000 Subject: [PATCH 029/123] trying to fix the space in script --- .az-pipelines/windows-build-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index d07c75b9139..00b7411c9f8 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -26,7 +26,7 @@ steps: displayName: 'npm build' # This task is not working... -- script: npx electron-builder --win --x64 --ia32 -p never -c.win.certificateSubjectName="Bitwarden Inc" +- script: npx electron-builder --win --x64 --ia32 -p never -c.win.certificateSubjectName=\"Bitwarden\ Inc\" displayName: 'electron-builder package' env: CSC_LINK: $(ebSigningCertIdentifierURL) From d5c99a1f7d335edf47cfc484b49e00e647123c3f Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 17 Dec 2020 16:15:21 +0000 Subject: [PATCH 030/123] removing the test --- .az-pipelines/sign-windows-artifacts.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 79701b4c1cc..8598101955b 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -33,11 +33,8 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' - #- script: azuresigntool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" - # displayName: 'Sign artifacts' - -- script: azuresigntool sign -kvu "https://code-signing-test-vault.vault.azure.net" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "test-code-signing-pfx" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" - displayName: 'Signing test' +- script: azuresigntool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" + displayName: 'Sign artifacts' - task: PublishPipelineArtifact@1 inputs: From 8319ddbb49f5d9e4095025c94aabbcd2c4d8580f Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 17 Dec 2020 16:26:12 +0000 Subject: [PATCH 031/123] removing esacpe from space --- .az-pipelines/windows-build-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 00b7411c9f8..88588feddb7 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -26,7 +26,7 @@ steps: displayName: 'npm build' # This task is not working... -- script: npx electron-builder --win --x64 --ia32 -p never -c.win.certificateSubjectName=\"Bitwarden\ Inc\" +- script: npx electron-builder --win --x64 --ia32 -p never -c.win.certificateSubjectName=\"Bitwarden Inc\" displayName: 'electron-builder package' env: CSC_LINK: $(ebSigningCertIdentifierURL) From 9224f7365d242922168466d5c7bb5198b6fcc7ad Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 21 Dec 2020 18:51:19 +0000 Subject: [PATCH 032/123] testing azure cli task connection --- .az-pipelines/az-cli-tests.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .az-pipelines/az-cli-tests.yml diff --git a/.az-pipelines/az-cli-tests.yml b/.az-pipelines/az-cli-tests.yml new file mode 100644 index 00000000000..0bc957138fa --- /dev/null +++ b/.az-pipelines/az-cli-tests.yml @@ -0,0 +1,18 @@ +trigger: none + +pool: + vmImage: 'windows-latest' + +variables: +- group: sub-secrets + +steps: +- task: AzureCLI@2 + displayName: Azure CLI KV Test + inputs: + azureSubscription: '$(subscription-id)' + scriptType: ps + scriptLocation: inlineScript + inlineScript: | + az --verison + az account show From 5aee4d8294c08b46374424b0dc222e7b23d2a1a5 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 19:25:32 +0000 Subject: [PATCH 033/123] updating to AzureCLI version params --- .az-pipelines/az-cli-tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.az-pipelines/az-cli-tests.yml b/.az-pipelines/az-cli-tests.yml index 0bc957138fa..9c1b8b56aaa 100644 --- a/.az-pipelines/az-cli-tests.yml +++ b/.az-pipelines/az-cli-tests.yml @@ -11,6 +11,7 @@ steps: displayName: Azure CLI KV Test inputs: azureSubscription: '$(subscription-id)' + connectedServiceNameARM: keyvault-signing-SP scriptType: ps scriptLocation: inlineScript inlineScript: | From 1d68f9c6d44b783bb2444ceb301338d93b30a239 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 19:40:14 +0000 Subject: [PATCH 034/123] testing kv connection --- .az-pipelines/az-cli-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/az-cli-tests.yml b/.az-pipelines/az-cli-tests.yml index 9c1b8b56aaa..daf6af6e33a 100644 --- a/.az-pipelines/az-cli-tests.yml +++ b/.az-pipelines/az-cli-tests.yml @@ -16,4 +16,4 @@ steps: scriptLocation: inlineScript inlineScript: | az --verison - az account show + az keyvault certificate list --vault-name code-signing-test-vault From 5c5ba2e234c269bfe5ea7095d4942406f2bcec75 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 19:55:42 +0000 Subject: [PATCH 035/123] adding missing tenant id --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 8598101955b..4fb9ddce8fa 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -33,7 +33,7 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- script: azuresigntool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" +- script: azuresigntool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvt "$(SigningTenantId)" -kvc "$(SigningCertName)" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" displayName: 'Sign artifacts' - task: PublishPipelineArtifact@1 From e020e985a46aafe46e3952326fdcd1f72c4e91e5 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 20:19:02 +0000 Subject: [PATCH 036/123] trying \ line continuations --- .az-pipelines/sign-windows-artifacts.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 4fb9ddce8fa..4873ed04deb 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -33,7 +33,17 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- script: azuresigntool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvt "$(SigningTenantId)" -kvc "$(SigningCertName)" -v -ifl "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" +- script: | + azuresigntool sign \ + -kvu "$(SigningVaultURL)" \ + -kvi "$(SigningClientId)" \ + -kvs "$(SigningClientSecret)" \ + -kvt "$(SigningTenantId)" \ + -kvc "$(SigningCertName)" \ + -v \ + -ifl \ + "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" \ + "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" displayName: 'Sign artifacts' - task: PublishPipelineArtifact@1 From ec3ed240d7d6565aba3487b551e6154ed949ac98 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 20:35:56 +0000 Subject: [PATCH 037/123] trying ^ line continuations --- .az-pipelines/sign-windows-artifacts.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 4873ed04deb..3e50cbf9d8a 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -34,15 +34,15 @@ steps: displayName: 'show artifacts' - script: | - azuresigntool sign \ - -kvu "$(SigningVaultURL)" \ - -kvi "$(SigningClientId)" \ - -kvs "$(SigningClientSecret)" \ - -kvt "$(SigningTenantId)" \ - -kvc "$(SigningCertName)" \ - -v \ - -ifl \ - "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" \ + azuresigntool sign ^ + -kvu "$(SigningVaultURL)" ^ + -kvi "$(SigningClientId)" ^ + -kvs "$(SigningClientSecret)" ^ + -kvt "$(SigningTenantId)" ^ + -kvc "$(SigningCertName)" ^ + -v ^ + -ifl ^ + "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" ^ "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" displayName: 'Sign artifacts' From a17bbf2143835b005f4eee3bd47f5b9ac77762f6 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 20:46:53 +0000 Subject: [PATCH 038/123] removing the unused ifl --- .az-pipelines/sign-windows-artifacts.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 3e50cbf9d8a..fb01f939952 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -41,7 +41,6 @@ steps: -kvt "$(SigningTenantId)" ^ -kvc "$(SigningCertName)" ^ -v ^ - -ifl ^ "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" ^ "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" displayName: 'Sign artifacts' From 4d5fab869eb29c8297b23beed07bbc576b988699 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 20:59:35 +0000 Subject: [PATCH 039/123] splitting the two files --- .az-pipelines/sign-windows-artifacts.yml | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index fb01f939952..77e8c29815e 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -35,14 +35,21 @@ steps: - script: | azuresigntool sign ^ - -kvu "$(SigningVaultURL)" ^ - -kvi "$(SigningClientId)" ^ - -kvs "$(SigningClientSecret)" ^ - -kvt "$(SigningTenantId)" ^ - -kvc "$(SigningCertName)" ^ - -v ^ - "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" ^ - "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" + -kvu "$(SigningVaultURL)" ^ + -kvi "$(SigningClientId)" ^ + -kvs "$(SigningClientSecret)" ^ + -kvt "$(SigningTenantId)" ^ + -kvc "$(SigningCertName)" ^ + -v ^ + "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" + azuresigntool sign ^ + -kvu "$(SigningVaultURL)" ^ + -kvi "$(SigningClientId)" ^ + -kvs "$(SigningClientSecret)" ^ + -kvt "$(SigningTenantId)" ^ + -kvc "$(SigningCertName)" ^ + -v ^ + "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" displayName: 'Sign artifacts' - task: PublishPipelineArtifact@1 From b11455b611ed68ba0cd86075bfdedf9843ca60ba Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 21:23:44 +0000 Subject: [PATCH 040/123] changing flags --- .az-pipelines/sign-windows-artifacts.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 77e8c29815e..c6371fa2607 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -35,20 +35,20 @@ steps: - script: | azuresigntool sign ^ - -kvu "$(SigningVaultURL)" ^ - -kvi "$(SigningClientId)" ^ - -kvs "$(SigningClientSecret)" ^ - -kvt "$(SigningTenantId)" ^ - -kvc "$(SigningCertName)" ^ - -v ^ + /kvu "$(SigningVaultURL)" ^ + /kvi "$(SigningClientId)" ^ + /kvs "$(SigningClientSecret)" ^ + /kvt "$(SigningTenantId)" ^ + /kvc "$(SigningCertName)" ^ + /v ^ "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" azuresigntool sign ^ - -kvu "$(SigningVaultURL)" ^ - -kvi "$(SigningClientId)" ^ - -kvs "$(SigningClientSecret)" ^ - -kvt "$(SigningTenantId)" ^ - -kvc "$(SigningCertName)" ^ - -v ^ + /kvu "$(SigningVaultURL)" ^ + /kvi "$(SigningClientId)" ^ + /kvs "$(SigningClientSecret)" ^ + /kvt "$(SigningTenantId)" ^ + /kvc "$(SigningCertName)" ^ + /v ^ "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" displayName: 'Sign artifacts' From 9b2b860cdf18a204395e3bb6ee8a6da753dabbf0 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 21:40:17 +0000 Subject: [PATCH 041/123] trying to see what the supported params are --- .az-pipelines/sign-windows-artifacts.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index c6371fa2607..119b39a0779 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -33,6 +33,8 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' +- scrpt: azuresigntool + - script: | azuresigntool sign ^ /kvu "$(SigningVaultURL)" ^ From ec252719d326a545bacf780ec43a6467d6345efa Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 22:12:42 +0000 Subject: [PATCH 042/123] fixing a typo --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 119b39a0779..fc3b166d840 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -33,7 +33,7 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- scrpt: azuresigntool +- script: azuresigntool - script: | azuresigntool sign ^ From 7209b544a792f07e49f9b6ef9e367f795c3a09e6 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 22:18:27 +0000 Subject: [PATCH 043/123] adding the 'sign' to the param output --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index fc3b166d840..efca1effcfa 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -33,7 +33,7 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- script: azuresigntool +- script: azuresigntool sign - script: | azuresigntool sign ^ From 4585c98efad887bfb0fb85e5e3cbf1b30ef9bbe5 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 22:22:21 +0000 Subject: [PATCH 044/123] fixing debug command --- .az-pipelines/sign-windows-artifacts.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index efca1effcfa..1fb0ae0440a 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -33,7 +33,8 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- script: azuresigntool sign +- script: azuresigntool sign --help + displayName: 'debug azuresigntool' - script: | azuresigntool sign ^ From 1be12e357ec73cb8b6ba6264e994490ff0830cfd Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 22:25:20 +0000 Subject: [PATCH 045/123] needs dashes --- .az-pipelines/sign-windows-artifacts.yml | 29 ++++++++++++------------ 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 1fb0ae0440a..3956387441c 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -38,21 +38,22 @@ steps: - script: | azuresigntool sign ^ - /kvu "$(SigningVaultURL)" ^ - /kvi "$(SigningClientId)" ^ - /kvs "$(SigningClientSecret)" ^ - /kvt "$(SigningTenantId)" ^ - /kvc "$(SigningCertName)" ^ - /v ^ - "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" + -kvu "$(SigningVaultURL)" ^ + -kvi "$(SigningClientId)" ^ + -kvs "$(SigningClientSecret)" ^ + -kvt "$(SigningTenantId)" ^ + -kvc "$(SigningCertName)" ^ + -v ^ + "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" + azuresigntool sign ^ - /kvu "$(SigningVaultURL)" ^ - /kvi "$(SigningClientId)" ^ - /kvs "$(SigningClientSecret)" ^ - /kvt "$(SigningTenantId)" ^ - /kvc "$(SigningCertName)" ^ - /v ^ - "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" + -kvu "$(SigningVaultURL)" ^ + -kvi "$(SigningClientId)" ^ + -kvs "$(SigningClientSecret)" ^ + -kvt "$(SigningTenantId)" ^ + -kvc "$(SigningCertName)" ^ + -v ^ + "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" displayName: 'Sign artifacts' - task: PublishPipelineArtifact@1 From 707cd9f14865df564b057c63a7df1e4390df6170 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 22:39:35 +0000 Subject: [PATCH 046/123] trying to sign both at the same time --- .az-pipelines/sign-windows-artifacts.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 3956387441c..c35659602b9 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -44,17 +44,9 @@ steps: -kvt "$(SigningTenantId)" ^ -kvc "$(SigningCertName)" ^ -v ^ - "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" - - azuresigntool sign ^ - -kvu "$(SigningVaultURL)" ^ - -kvi "$(SigningClientId)" ^ - -kvs "$(SigningClientSecret)" ^ - -kvt "$(SigningTenantId)" ^ - -kvc "$(SigningCertName)" ^ - -v ^ + "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" ^ "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" - displayName: 'Sign artifacts' + displayName: 'Sign artifacts ' - task: PublishPipelineArtifact@1 inputs: From 7d297e85bbf1696a4a03317d1cef17d6f3f64465 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 28 Dec 2020 22:45:10 +0000 Subject: [PATCH 047/123] separating the signing tasks --- .az-pipelines/sign-windows-artifacts.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index c35659602b9..39cb80e7515 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -44,9 +44,19 @@ steps: -kvt "$(SigningTenantId)" ^ -kvc "$(SigningCertName)" ^ -v ^ - "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" ^ + "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" + displayName: 'Sign artifacts 32-bit' + +- script: | + azuresigntool sign ^ + -kvu "$(SigningVaultURL)" ^ + -kvi "$(SigningClientId)" ^ + -kvs "$(SigningClientSecret)" ^ + -kvt "$(SigningTenantId)" ^ + -kvc "$(SigningCertName)" ^ + -v ^ "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" - displayName: 'Sign artifacts ' + displayName: 'Sign artifacts 64-bit' - task: PublishPipelineArtifact@1 inputs: From 165d497b1fe33ec93ec23c97983272720ee0ad76 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 29 Dec 2020 16:02:37 +0000 Subject: [PATCH 048/123] trying exactly what they have --- .az-pipelines/sign-windows-artifacts.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 39cb80e7515..70d0cc28eb0 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -33,8 +33,10 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- script: azuresigntool sign --help - displayName: 'debug azuresigntool' +- task: CmdLine@2 + displayName: 'Sign artifact test' + inputs: + script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" - script: | azuresigntool sign ^ From dbce594727e185d5fc0664de43c38096f9f3907b Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 29 Dec 2020 16:21:26 +0000 Subject: [PATCH 049/123] trying the stackoverflow tutorial --- .az-pipelines/sign-windows-artifacts.yml | 31 ++++++++++++++---------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 70d0cc28eb0..448890d1ce3 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -7,14 +7,18 @@ variables: - group: code-signing-test steps: -- task: DotNetCoreCLI@2 - inputs: - command: 'custom' - custom: 'tool' - arguments: 'install --global azuresigntool' - displayName: 'install AzureSignTool' + #- task: DotNetCoreCLI@2 + # inputs: + # command: 'custom' + # custom: 'tool' + # arguments: 'install --global azuresigntool' + # displayName: 'install AzureSignTool' -- script: azuresigntool sign --help +- script: | + set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true + dotnet tool install --global AzureSignTool --version 2.0.17 + +- script: AzureSignTool.exe sign --help displayName: 'Debugging AST' - task: DownloadGitHubRelease@0 @@ -33,18 +37,14 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- task: CmdLine@2 - displayName: 'Sign artifact test' - inputs: - script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" - - script: | - azuresigntool sign ^ + AzureSignTool.exe sign ^ -kvu "$(SigningVaultURL)" ^ -kvi "$(SigningClientId)" ^ -kvs "$(SigningClientSecret)" ^ -kvt "$(SigningTenantId)" ^ -kvc "$(SigningCertName)" ^ + -tr http://timestamp.digicert.com ^ -v ^ "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" displayName: 'Sign artifacts 32-bit' @@ -60,6 +60,11 @@ steps: "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" displayName: 'Sign artifacts 64-bit' +- task: CmdLine@2 + displayName: 'Sign artifact test' + inputs: + script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" + - task: PublishPipelineArtifact@1 inputs: pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-ia32.appx' From 820491bbf853a155fcb55e2e8c73741386773582 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 29 Dec 2020 17:09:45 +0000 Subject: [PATCH 050/123] trying long form of params --- .az-pipelines/sign-windows-artifacts.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 448890d1ce3..446f9979306 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -17,6 +17,7 @@ steps: - script: | set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true dotnet tool install --global AzureSignTool --version 2.0.17 + displayName: 'install AzureSignTool' - script: AzureSignTool.exe sign --help displayName: 'Debugging AST' @@ -39,12 +40,12 @@ steps: - script: | AzureSignTool.exe sign ^ - -kvu "$(SigningVaultURL)" ^ - -kvi "$(SigningClientId)" ^ - -kvs "$(SigningClientSecret)" ^ - -kvt "$(SigningTenantId)" ^ - -kvc "$(SigningCertName)" ^ - -tr http://timestamp.digicert.com ^ + --azure-key-vault-url "$(SigningVaultURL)" ^ + --azure-key-vault-client-id "$(SigningClientId)" ^ + --azure-key-vault-client-secret "$(SigningClientSecret)" ^ + --azure-key-vault-tenant-id "$(SigningTenantId)" ^ + --azure-key-vault-certificate "$(SigningCertName)" ^ + --timestamp-rfc3161 http://timestamp.digicert.com ^ -v ^ "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" displayName: 'Sign artifacts 32-bit' From 2e1dace25fbb5dc8c5585aecf8be73de1f5af970 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 29 Dec 2020 17:15:30 +0000 Subject: [PATCH 051/123] changing 32-bit signing to single line --- .az-pipelines/sign-windows-artifacts.yml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 446f9979306..c9e7b38f41d 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -38,16 +38,7 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- script: | - AzureSignTool.exe sign ^ - --azure-key-vault-url "$(SigningVaultURL)" ^ - --azure-key-vault-client-id "$(SigningClientId)" ^ - --azure-key-vault-client-secret "$(SigningClientSecret)" ^ - --azure-key-vault-tenant-id "$(SigningTenantId)" ^ - --azure-key-vault-certificate "$(SigningCertName)" ^ - --timestamp-rfc3161 http://timestamp.digicert.com ^ - -v ^ - "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" +- script: AzureSignTool.exe sign --azure-key-vault-url "$(SigningVaultURL)" --azure-key-vault-client-id "$(SigningClientId)" --azure-key-vault-client-secret "$(SigningClientSecret)" --azure-key-vault-tenant-id "$(SigningTenantId)" --azure-key-vault-certificate "$(SigningCertName)" --timestamp-rfc3161 http://timestamp.digicert.com -v "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" displayName: 'Sign artifacts 32-bit' - script: | From 02bab2d4931f6d57b3064f6e448a6fcc41945708 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 29 Dec 2020 17:35:05 +0000 Subject: [PATCH 052/123] debugging file --- .az-pipelines/sign-windows-artifacts.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index c9e7b38f41d..936042c7d71 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -38,7 +38,9 @@ steps: echo GIT_RELEASE_VERSION=$(git_release_version) displayName: 'show artifacts' -- script: AzureSignTool.exe sign --azure-key-vault-url "$(SigningVaultURL)" --azure-key-vault-client-id "$(SigningClientId)" --azure-key-vault-client-secret "$(SigningClientSecret)" --azure-key-vault-tenant-id "$(SigningTenantId)" --azure-key-vault-certificate "$(SigningCertName)" --timestamp-rfc3161 http://timestamp.digicert.com -v "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" +- script: | + echo "File to sign: $(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" + AzureSignTool.exe sign --azure-key-vault-url "$(SigningVaultURL)" --azure-key-vault-client-id "$(SigningClientId)" --azure-key-vault-client-secret "$(SigningClientSecret)" --azure-key-vault-tenant-id "$(SigningTenantId)" --azure-key-vault-certificate "$(SigningCertName)" --timestamp-rfc3161 http://timestamp.digicert.com -v "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" displayName: 'Sign artifacts 32-bit' - script: | From 89c4ff913dec49610ce9efe527fd2297894bf95e Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 29 Dec 2020 18:09:33 +0000 Subject: [PATCH 053/123] removing tenant to see if I get a different error --- .az-pipelines/sign-windows-artifacts.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 936042c7d71..601192c1893 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -39,8 +39,8 @@ steps: displayName: 'show artifacts' - script: | - echo "File to sign: $(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" - AzureSignTool.exe sign --azure-key-vault-url "$(SigningVaultURL)" --azure-key-vault-client-id "$(SigningClientId)" --azure-key-vault-client-secret "$(SigningClientSecret)" --azure-key-vault-tenant-id "$(SigningTenantId)" --azure-key-vault-certificate "$(SigningCertName)" --timestamp-rfc3161 http://timestamp.digicert.com -v "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" + echo "File to sign: $(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" + azuresigntool sign -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" displayName: 'Sign artifacts 32-bit' - script: | From 2ca363c1396bd71192fe5d0440b6c28ef3d6f53a Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 29 Dec 2020 18:25:46 +0000 Subject: [PATCH 054/123] testing manual install of latest AST --- .az-pipelines/test-ast-install.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .az-pipelines/test-ast-install.yml diff --git a/.az-pipelines/test-ast-install.yml b/.az-pipelines/test-ast-install.yml new file mode 100644 index 00000000000..61a3cb0d9b2 --- /dev/null +++ b/.az-pipelines/test-ast-install.yml @@ -0,0 +1,23 @@ +trigger: none + +pool: + vmImage: 'windows-latest' + +variables: +- group: code-signing-test + +steps: +- script: | + git clone https://github.com/vcsjones/AzureSignTool.git + dotnet tool restore + + #set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true + #dotnet tool install --global AzureSignTool --version 2.0.17 + displayName: 'install AzureSignTool' + +- script: dotnet tool list + displayName: 'testing dotnet tool list' + +- script: AzureSignTool.exe sign --help + displayName: 'Debugging AST' + From 417f3121530e18eb31f2bdb91bf2d36fe0a5f11b Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 29 Dec 2020 18:28:39 +0000 Subject: [PATCH 055/123] fixing install --- .az-pipelines/test-ast-install.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.az-pipelines/test-ast-install.yml b/.az-pipelines/test-ast-install.yml index 61a3cb0d9b2..5311d9ffe96 100644 --- a/.az-pipelines/test-ast-install.yml +++ b/.az-pipelines/test-ast-install.yml @@ -9,10 +9,8 @@ variables: steps: - script: | git clone https://github.com/vcsjones/AzureSignTool.git + cd AzureSignTool dotnet tool restore - - #set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true - #dotnet tool install --global AzureSignTool --version 2.0.17 displayName: 'install AzureSignTool' - script: dotnet tool list From 7bf2f3656599c0b67e637d72a23981c8e1011a4f Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 29 Dec 2020 18:41:41 +0000 Subject: [PATCH 056/123] changing location of manifest search. Testing 2.0.17 with correct file name --- .az-pipelines/sign-windows-artifacts.yml | 12 +++--------- .az-pipelines/test-ast-install.yml | 2 +- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 601192c1893..737d5e0b2b3 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -39,8 +39,7 @@ steps: displayName: 'show artifacts' - script: | - echo "File to sign: $(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" - azuresigntool sign -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" + azuresigntool sign -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32-store.appx" displayName: 'Sign artifacts 32-bit' - script: | @@ -48,17 +47,12 @@ steps: -kvu "$(SigningVaultURL)" ^ -kvi "$(SigningClientId)" ^ -kvs "$(SigningClientSecret)" ^ - -kvt "$(SigningTenantId)" ^ -kvc "$(SigningCertName)" ^ + -tr http://timestamp.digicert.com -v ^ - "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64.appx" + "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64-store.appx" displayName: 'Sign artifacts 64-bit' -- task: CmdLine@2 - displayName: 'Sign artifact test' - inputs: - script: AzureSignTool sign -du "$(SigningURL)" -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -v "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32.appx" - - task: PublishPipelineArtifact@1 inputs: pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-ia32.appx' diff --git a/.az-pipelines/test-ast-install.yml b/.az-pipelines/test-ast-install.yml index 5311d9ffe96..3f0d33b169c 100644 --- a/.az-pipelines/test-ast-install.yml +++ b/.az-pipelines/test-ast-install.yml @@ -9,7 +9,7 @@ variables: steps: - script: | git clone https://github.com/vcsjones/AzureSignTool.git - cd AzureSignTool + cd AzureSignTool/src/AzureSignTool dotnet tool restore displayName: 'install AzureSignTool' From fffba26e21acae39c2a57e408f1e812b7b5fb15a Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 29 Dec 2020 20:04:15 +0000 Subject: [PATCH 057/123] slimming down to single signing task --- .az-pipelines/sign-windows-artifacts.yml | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 737d5e0b2b3..b7dcfc82f3a 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -39,26 +39,15 @@ steps: displayName: 'show artifacts' - script: | - azuresigntool sign -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32-store.appx" - displayName: 'Sign artifacts 32-bit' - -- script: | - azuresigntool sign ^ - -kvu "$(SigningVaultURL)" ^ - -kvi "$(SigningClientId)" ^ - -kvs "$(SigningClientSecret)" ^ - -kvc "$(SigningCertName)" ^ - -tr http://timestamp.digicert.com - -v ^ - "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64-store.appx" - displayName: 'Sign artifacts 64-bit' + azuresigntool sign -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32-store.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64-store.appx" + displayName: 'Sign artifacts' - task: PublishPipelineArtifact@1 inputs: - pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-ia32.appx' - artifactName: 'Bitwarden-$(git_release_version)-ia32.appx' + pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-ia32-store.appx' + artifactName: 'Bitwarden-$(git_release_version)-ia32-store.appx' - task: PublishPipelineArtifact@1 inputs: - pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-x64.appx' - artifactName: 'Bitwarden-$(git_release_version)-x64.appx' + pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-x64-store.appx' + artifactName: 'Bitwarden-$(git_release_version)-x64-store.appx' From b7201066661d7cb71f53849d3ca442b1f150fbbb Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 29 Dec 2020 22:48:35 +0000 Subject: [PATCH 058/123] fixing publishing path --- .az-pipelines/sign-windows-artifacts.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index b7dcfc82f3a..f73916bf5ad 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -44,10 +44,10 @@ steps: - task: PublishPipelineArtifact@1 inputs: - pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-ia32-store.appx' + pathToPublish: '$(System.ArtifactsDirectory)/Bitwarden-$(git_release_version)-ia32-store.appx' artifactName: 'Bitwarden-$(git_release_version)-ia32-store.appx' - task: PublishPipelineArtifact@1 inputs: - pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-$(git_release_version)-x64-store.appx' + pathToPublish: '$(System.ArtifactsDirectory)/Bitwarden-$(git_release_version)-x64-store.appx' artifactName: 'Bitwarden-$(git_release_version)-x64-store.appx' From 623b325074c6cdb18b5b1628b9216a48b2e036ed Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 21:19:12 +0000 Subject: [PATCH 059/123] testing electron-builder integration with az kv --- .az-pipelines/windows-build-sign.yml | 2 +- package.json | 3 ++- sign.js | 11 +++++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 sign.js diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 88588feddb7..d33a52ff534 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -27,7 +27,7 @@ steps: # This task is not working... - script: npx electron-builder --win --x64 --ia32 -p never -c.win.certificateSubjectName=\"Bitwarden Inc\" - displayName: 'electron-builder package' + displayName: 'electron-builder build & sign' env: CSC_LINK: $(ebSigningCertIdentifierURL) CSC_KEY_PASSWORD: $(ebSigningCertKey) diff --git a/package.json b/package.json index 6014cb126d5..af25f88feee 100644 --- a/package.json +++ b/package.json @@ -185,7 +185,8 @@ "allowToChangeInstallationDirectory": true, "artifactName": "${productName}-Installer-${version}.${ext}", "uninstallDisplayName": "${productName}", - "deleteAppDataOnUninstall": true + "deleteAppDataOnUninstall": true, + "sign": "./sign.js" }, "portable": { "artifactName": "${productName}-Portable-${version}.${ext}" diff --git a/sign.js b/sign.js new file mode 100644 index 00000000000..1a96ae4e02d --- /dev/null +++ b/sign.js @@ -0,0 +1,11 @@ +exports.default = async function(configuration) { + + require("child_process").execSync( + `echo + "${configuration}" + `, + { + stdio: "inherit" + } + ); +}; From 6ec84bdb6c31af1bc62b209c6e46925d0350943c Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 21:31:38 +0000 Subject: [PATCH 060/123] moving the signing config to the correct config area --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index af25f88feee..e1870315cb4 100644 --- a/package.json +++ b/package.json @@ -120,6 +120,7 @@ "nsis-web", "appx" ], + "sign": "./sign.js", "extraResources": [ { "from": "node_modules/regedit/vbs", @@ -185,8 +186,7 @@ "allowToChangeInstallationDirectory": true, "artifactName": "${productName}-Installer-${version}.${ext}", "uninstallDisplayName": "${productName}", - "deleteAppDataOnUninstall": true, - "sign": "./sign.js" + "deleteAppDataOnUninstall": true }, "portable": { "artifactName": "${productName}-Portable-${version}.${ext}" From 0eb3fdd533b917d3305c95ffadbcd984557d86f2 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 21:51:05 +0000 Subject: [PATCH 061/123] trying the kv straight up --- .az-pipelines/windows-build-sign.yml | 3 +++ package.json | 1 - src/package.json | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index d33a52ff534..86e4701f856 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -35,6 +35,9 @@ steps: - script: ls -alht dist displayName: show executables +- script: ls -alht dist/nsis-web + displayName: show nsis-web executables + # - task: PublishPipelineArtifact@1 # inputs: # pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-1.23.1-ia32.appx' diff --git a/package.json b/package.json index e1870315cb4..6014cb126d5 100644 --- a/package.json +++ b/package.json @@ -120,7 +120,6 @@ "nsis-web", "appx" ], - "sign": "./sign.js", "extraResources": [ { "from": "node_modules/regedit/vbs", diff --git a/src/package.json b/src/package.json index a80d985ab81..ce88bc06d95 100644 --- a/src/package.json +++ b/src/package.json @@ -2,7 +2,7 @@ "name": "bitwarden", "productName": "Bitwarden", "description": "A secure and free password manager for all of your devices.", - "version": "1.23.1a", + "version": "1.23.3-alpha", "author": "Bitwarden Inc. (https://bitwarden.com)", "homepage": "https://bitwarden.com", "license": "GPL-3.0", From 11b31fb97d9e084af87db777f759c6191e10131c Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 21:54:03 +0000 Subject: [PATCH 062/123] adding the exe publishing --- .az-pipelines/windows-build-sign.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 86e4701f856..7e468f58f27 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -38,6 +38,11 @@ steps: - script: ls -alht dist/nsis-web displayName: show nsis-web executables +- task: PublishPipelineArtifact@1 + inputs: + pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-Portable-$(GIT_COMMIT_TO_BUILD).exe' + artifactName: Bitwarden-Portable-$(GIT_COMMIT_TO_BUILD).exe + # - task: PublishPipelineArtifact@1 # inputs: # pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-1.23.1-ia32.appx' From db5c04e7de79512b2fb7c36a2d806d3eaae27160 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 22:06:48 +0000 Subject: [PATCH 063/123] debugging configuration object to see what I've got to work with --- package.json | 1 + sign.js | 5 ++--- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 6014cb126d5..e1870315cb4 100644 --- a/package.json +++ b/package.json @@ -120,6 +120,7 @@ "nsis-web", "appx" ], + "sign": "./sign.js", "extraResources": [ { "from": "node_modules/regedit/vbs", diff --git a/sign.js b/sign.js index 1a96ae4e02d..4458ecbc5cf 100644 --- a/sign.js +++ b/sign.js @@ -1,9 +1,8 @@ exports.default = async function(configuration) { + console.log(`config:\n${JSON.stringify(configuration)}`) require("child_process").execSync( - `echo - "${configuration}" - `, + `echo 'Heyo!'`, { stdio: "inherit" } From ce31913e9143dd57523acb850f3fc66f095d6b36 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 22:40:39 +0000 Subject: [PATCH 064/123] fixing packageVersion --- .az-pipelines/windows-build-sign.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 7e468f58f27..52d2fd8779b 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -17,6 +17,16 @@ steps: versionSpec: '10.x' displayName: 'Install Node.js' +- script: | + $packageVersion = (Get-Content -Raw -Path $(System.DefaultWorkingDirectory)\src\package.json | ConvertFrom-Json).version; + echo "##vso[task.setvariable variable=PACKAGE_VERSION]$packageVersion" + displayName: 'Setting packageVersion' + +- script: | + echo "package version: ${{ packageVersion }}" + echo "package version: $(packageVersion)" + exit 1 + - script: npm install displayName: 'npm install' @@ -40,8 +50,8 @@ steps: - task: PublishPipelineArtifact@1 inputs: - pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-Portable-$(GIT_COMMIT_TO_BUILD).exe' - artifactName: Bitwarden-Portable-$(GIT_COMMIT_TO_BUILD).exe + pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-Portable-${{ PACKAGE_VERSION }}.exe' + artifactName: Bitwarden-Portable-$(PACKAGE_VERSION).exe # - task: PublishPipelineArtifact@1 # inputs: From da9a5414bb3d7ffd4004d6f1e12b2e5293886e7c Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 22:42:55 +0000 Subject: [PATCH 065/123] fixing syntax --- .az-pipelines/windows-build-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 52d2fd8779b..c5e3acb4ce7 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -23,7 +23,7 @@ steps: displayName: 'Setting packageVersion' - script: | - echo "package version: ${{ packageVersion }}" + echo "package version: ${ packageVersion }" echo "package version: $(packageVersion)" exit 1 From 93d6b610b4e777e6e4be45e8175ff0563a07aa2a Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 22:44:16 +0000 Subject: [PATCH 066/123] fixing var --- .az-pipelines/windows-build-sign.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index c5e3acb4ce7..30ef1768271 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -50,8 +50,8 @@ steps: - task: PublishPipelineArtifact@1 inputs: - pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-Portable-${{ PACKAGE_VERSION }}.exe' - artifactName: Bitwarden-Portable-$(PACKAGE_VERSION).exe + pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-Portable-${ packageVersion }.exe' + artifactName: Bitwarden-Portable-$(packageVersion).exe # - task: PublishPipelineArtifact@1 # inputs: From fae96d7ad86a7e19b6782f5d32e62664d4899e41 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 22:46:17 +0000 Subject: [PATCH 067/123] fixing the get packageVersion --- .az-pipelines/windows-build-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 30ef1768271..410bd1f3cc9 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -19,7 +19,7 @@ steps: - script: | $packageVersion = (Get-Content -Raw -Path $(System.DefaultWorkingDirectory)\src\package.json | ConvertFrom-Json).version; - echo "##vso[task.setvariable variable=PACKAGE_VERSION]$packageVersion" + echo "##vso[task.setvariable variable=PACKAGE_VERSION]$(packageVersion)" displayName: 'Setting packageVersion' - script: | From bc21106448b4b3d3803920cc30b58224d4b1133c Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 22:50:15 +0000 Subject: [PATCH 068/123] trying something else --- .az-pipelines/windows-build-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 410bd1f3cc9..f9ee609949b 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -19,7 +19,7 @@ steps: - script: | $packageVersion = (Get-Content -Raw -Path $(System.DefaultWorkingDirectory)\src\package.json | ConvertFrom-Json).version; - echo "##vso[task.setvariable variable=PACKAGE_VERSION]$(packageVersion)" + echo "##vso[task.setvariable variable=PACKAGE_VERSION]${packageVersion}" displayName: 'Setting packageVersion' - script: | From 3f39d1ccb3f6e93ab90f75a4ac0e3bf56e791bd9 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 22:54:55 +0000 Subject: [PATCH 069/123] trying another thing --- .az-pipelines/windows-build-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index f9ee609949b..1176687711d 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -18,7 +18,7 @@ steps: displayName: 'Install Node.js' - script: | - $packageVersion = (Get-Content -Raw -Path $(System.DefaultWorkingDirectory)\src\package.json | ConvertFrom-Json).version; + packageVersion=(Get-Content -Raw -Path $(System.DefaultWorkingDirectory)\src\package.json | ConvertFrom-Json).version; echo "##vso[task.setvariable variable=PACKAGE_VERSION]${packageVersion}" displayName: 'Setting packageVersion' From 58ed7f5f6a4bf13fbd4758fb4630209e79580b58 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 22:58:58 +0000 Subject: [PATCH 070/123] switching over to powershell --- .az-pipelines/windows-build-sign.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 1176687711d..7b1e9d364ee 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -17,9 +17,12 @@ steps: versionSpec: '10.x' displayName: 'Install Node.js' -- script: | - packageVersion=(Get-Content -Raw -Path $(System.DefaultWorkingDirectory)\src\package.json | ConvertFrom-Json).version; - echo "##vso[task.setvariable variable=PACKAGE_VERSION]${packageVersion}" +- task: PoswerShell@v2 + inputs: + targetType: 'inline' + script: | + $packageVersion = (Get-Content -Raw -Path $(System.DefaultWorkingDirectory)\src\package.json | ConvertFrom-Json).version; + echo "##vso[task.setvariable variable=PACKAGE_VERSION]${packageVersion}" displayName: 'Setting packageVersion' - script: | From af41a59a60a1178f028dba17aa52ca59acb50c7d Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 23:00:07 +0000 Subject: [PATCH 071/123] fixing another syntax error --- .az-pipelines/windows-build-sign.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 7b1e9d364ee..68aae7421d8 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -20,9 +20,9 @@ steps: - task: PoswerShell@v2 inputs: targetType: 'inline' - script: | - $packageVersion = (Get-Content -Raw -Path $(System.DefaultWorkingDirectory)\src\package.json | ConvertFrom-Json).version; - echo "##vso[task.setvariable variable=PACKAGE_VERSION]${packageVersion}" + script: | + $packageVersion = (Get-Content -Raw -Path $(System.DefaultWorkingDirectory)\src\package.json | ConvertFrom-Json).version; + echo "##vso[task.setvariable variable=PACKAGE_VERSION]${packageVersion}" displayName: 'Setting packageVersion' - script: | From b6a298579c3aa5b4d5b6573099a2ceb05cf5d5c3 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 23:02:38 +0000 Subject: [PATCH 072/123] fixing task name --- .az-pipelines/windows-build-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 68aae7421d8..c51564dff41 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -17,7 +17,7 @@ steps: versionSpec: '10.x' displayName: 'Install Node.js' -- task: PoswerShell@v2 +- task: PoswerShell@2 inputs: targetType: 'inline' script: | From 627c3eaec5818ea4eb3682477c9abe5c95a64416 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 23:05:45 +0000 Subject: [PATCH 073/123] fixing typo --- .az-pipelines/windows-build-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index c51564dff41..df00a3558b4 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -17,7 +17,7 @@ steps: versionSpec: '10.x' displayName: 'Install Node.js' -- task: PoswerShell@2 +- task: PowerShell@2 inputs: targetType: 'inline' script: | From 6a0154cad04e4fd8d1480bc4a4eaeb59cd456dcf Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 23:09:07 +0000 Subject: [PATCH 074/123] changing var syntax --- .az-pipelines/windows-build-sign.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index df00a3558b4..3d547a01354 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -26,9 +26,10 @@ steps: displayName: 'Setting packageVersion' - script: | - echo "package version: ${ packageVersion }" - echo "package version: $(packageVersion)" + echo "package version: ${ PACKAGEVERSION }" + echo "package version: $(PACKAGEVESRION)" exit 1 + displayName: Package Version testing - script: npm install displayName: 'npm install' From f486077cf6653949ee42c803e75ad0776a35b182 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 23:10:44 +0000 Subject: [PATCH 075/123] fixing syntax --- .az-pipelines/windows-build-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 3d547a01354..3a24e82e335 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -27,7 +27,7 @@ steps: - script: | echo "package version: ${ PACKAGEVERSION }" - echo "package version: $(PACKAGEVESRION)" + echo "package version: $(PACKAGEVERSION)" exit 1 displayName: Package Version testing From 668914286a9ec9ac3af3b432f49382bb0d707239 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 23:17:55 +0000 Subject: [PATCH 076/123] trying another var extraction --- .az-pipelines/windows-build-sign.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 3a24e82e335..5e508dd2891 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -26,8 +26,9 @@ steps: displayName: 'Setting packageVersion' - script: | - echo "package version: ${ PACKAGEVERSION }" - echo "package version: $(PACKAGEVERSION)" + echo "package version: $packageVersion" + echo "package version: $(packageVersion)" + echo "package version: ${packageVersion}" exit 1 displayName: Package Version testing From b01d9f99933bb9fa9786e607fee23de270bb3a9e Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 23:22:12 +0000 Subject: [PATCH 077/123] using the var that I actually set.... --- .az-pipelines/windows-build-sign.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 5e508dd2891..e1817e23461 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -26,9 +26,9 @@ steps: displayName: 'Setting packageVersion' - script: | - echo "package version: $packageVersion" - echo "package version: $(packageVersion)" - echo "package version: ${packageVersion}" + echo "package version: $PACKAGE_VERSION" + echo "package version: ${{ PACKAGE_VERSION }}" + echo "package version: ${ PACKAGE_VERSION }" exit 1 displayName: Package Version testing @@ -55,7 +55,7 @@ steps: - task: PublishPipelineArtifact@1 inputs: - pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-Portable-${ packageVersion }.exe' + pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-Portable-${ PACKAGE_VERSION }.exe' artifactName: Bitwarden-Portable-$(packageVersion).exe # - task: PublishPipelineArtifact@1 From 84ea397391dae306690b0c412c11babfb7ff5f26 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 23:24:09 +0000 Subject: [PATCH 078/123] following other az pipeline as pattern --- .az-pipelines/windows-build-sign.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index e1817e23461..6ddc566acc6 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -26,9 +26,7 @@ steps: displayName: 'Setting packageVersion' - script: | - echo "package version: $PACKAGE_VERSION" - echo "package version: ${{ PACKAGE_VERSION }}" - echo "package version: ${ PACKAGE_VERSION }" + echo "package version: $(PACKAGE_VERSION)" exit 1 displayName: Package Version testing From 672be07f405a574ec617004b5eb70449b26a7ef1 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 23:27:30 +0000 Subject: [PATCH 079/123] removing breakpoint --- .az-pipelines/windows-build-sign.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 6ddc566acc6..79c4ead8dc8 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -53,8 +53,8 @@ steps: - task: PublishPipelineArtifact@1 inputs: - pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-Portable-${ PACKAGE_VERSION }.exe' - artifactName: Bitwarden-Portable-$(packageVersion).exe + pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-Portable-$(PACKAGE_VERSION).exe' + artifactName: Bitwarden-Portable-$(PACKAGE_VERSION).exe # - task: PublishPipelineArtifact@1 # inputs: From a21127e187b36e20e6f38870c60e29a04d42568a Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Wed, 30 Dec 2020 23:30:04 +0000 Subject: [PATCH 080/123] actually removing the breakpoint --- .az-pipelines/windows-build-sign.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 79c4ead8dc8..a3582113379 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -27,7 +27,6 @@ steps: - script: | echo "package version: $(PACKAGE_VERSION)" - exit 1 displayName: Package Version testing - script: npm install From 1465d3e4cc74ee4c75e02a6d27a8d2f18bf39843 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 00:01:55 +0000 Subject: [PATCH 081/123] adding AST to the build pipeline --- .az-pipelines/windows-build-sign.yml | 5 +++++ sign.js | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index a3582113379..9694dd363ef 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -17,6 +17,11 @@ steps: versionSpec: '10.x' displayName: 'Install Node.js' +- script: | + set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true + dotnet tool install --global AzureSignTool --version 2.0.17 + displayName: 'install AzureSignTool' + - task: PowerShell@2 inputs: targetType: 'inline' diff --git a/sign.js b/sign.js index 4458ecbc5cf..ff70bf0f71c 100644 --- a/sign.js +++ b/sign.js @@ -1,8 +1,8 @@ exports.default = async function(configuration) { - console.log(`config:\n${JSON.stringify(configuration)}`) + console.log(`config:\n${JSON.stringify(configuration, null, 4)}`) require("child_process").execSync( - `echo 'Heyo!'`, + `azuresigntool sign --help`, { stdio: "inherit" } From 94a363c4ca385ec5a29990cc788c3c0905e80231 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 00:19:28 +0000 Subject: [PATCH 082/123] updating the sign file with a multiline command --- sign.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sign.js b/sign.js index ff70bf0f71c..f03c37e2feb 100644 --- a/sign.js +++ b/sign.js @@ -2,7 +2,9 @@ exports.default = async function(configuration) { console.log(`config:\n${JSON.stringify(configuration, null, 4)}`) require("child_process").execSync( - `azuresigntool sign --help`, + `azuresigntool sign \ + --help + `, { stdio: "inherit" } From 725ce08e863027122a4480cea9b176cb474ac914 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 15:49:28 +0000 Subject: [PATCH 083/123] updating the custom sign script --- sign.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sign.js b/sign.js index f03c37e2feb..410c159253a 100644 --- a/sign.js +++ b/sign.js @@ -3,8 +3,12 @@ exports.default = async function(configuration) { require("child_process").execSync( `azuresigntool sign \ - --help - `, + -kvu "${process.env.SigningVaultURL}" \ + -kvi "${process.env.SigningClientId}" \ + -kvs "${process.env.SigningClientSecret}" \ + -kvc "${process.env.SigningCertName}" \ + -tr http://timestamp.digicert.com \ + ${configuration.path}`, { stdio: "inherit" } From d4f6c07fc079b6595b68c4954d7a6a9f49c311e1 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 16:28:44 +0000 Subject: [PATCH 084/123] testing the env vars access --- sign.js | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/sign.js b/sign.js index 410c159253a..e43ba814c77 100644 --- a/sign.js +++ b/sign.js @@ -1,12 +1,15 @@ exports.default = async function(configuration) { - console.log(`config:\n${JSON.stringify(configuration, null, 4)}`) + //console.log(`config:\n${JSON.stringify(configuration, null, 4)}`) + console.log(`env test - vault URL: ${process.env.SigningVaultURL}`) require("child_process").execSync( `azuresigntool sign \ - -kvu "${process.env.SigningVaultURL}" \ - -kvi "${process.env.SigningClientId}" \ - -kvs "${process.env.SigningClientSecret}" \ - -kvc "${process.env.SigningCertName}" \ + -kvu ${process.env.SigningVaultURL} \ + -kvi ${process.env.SigningClientId} \ + -kvs ${process.env.SigningClientSecret} \ + -kvc ${process.env.SigningCertName} \ + -fd ${configuration.hash} + -du ${configuration.site} -tr http://timestamp.digicert.com \ ${configuration.path}`, { From 9581af66a1a3a69313cd3f82a8a3595277577c0b Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 17:07:14 +0000 Subject: [PATCH 085/123] testing secret in process.env --- .az-pipelines/windows-build-sign.yml | 2 +- sign.js | 12 ++---------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 9694dd363ef..f899ed20360 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -9,7 +9,7 @@ pool: vmImage: 'windows-latest' variables: -- group: code-signing-test +- group: build-sign-test steps: - task: NodeTool@0 diff --git a/sign.js b/sign.js index e43ba814c77..9c27c8a4219 100644 --- a/sign.js +++ b/sign.js @@ -1,17 +1,9 @@ exports.default = async function(configuration) { //console.log(`config:\n${JSON.stringify(configuration, null, 4)}`) - console.log(`env test - vault URL: ${process.env.SigningVaultURL}`) + console.log(`env test - secret test ${process.env.secretTest}`) require("child_process").execSync( - `azuresigntool sign \ - -kvu ${process.env.SigningVaultURL} \ - -kvi ${process.env.SigningClientId} \ - -kvs ${process.env.SigningClientSecret} \ - -kvc ${process.env.SigningCertName} \ - -fd ${configuration.hash} - -du ${configuration.site} - -tr http://timestamp.digicert.com \ - ${configuration.path}`, + `azuresigntool sign -kvu ${process.env.SigningVaultURL} -kvi ${process.env.SigningClientId} -kvs ${process.env.SigningClientSecret} -kvc ${process.env.SigningCertName} -fd ${configuration.hash}-du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`, { stdio: "inherit" } From f41014f0f2f8633e518ab3013f7f4da819ee851f Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 17:33:33 +0000 Subject: [PATCH 086/123] trying pipeline env to pass vars --- .az-pipelines/windows-build-sign.yml | 7 +++++++ sign.js | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index f899ed20360..a476280f10e 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -48,6 +48,13 @@ steps: env: CSC_LINK: $(ebSigningCertIdentifierURL) CSC_KEY_PASSWORD: $(ebSigningCertKey) + SIGNING_VAULT_URL: $(SigningVaultURL) + SIGNING_CLIENT_ID: $(SigningClientId) + SIGNING_CLIENT_SECRET: $(SigningClientSecret) + SIGNING_CERT_NAME: $(SigningCertName) + SECRET_TEST: $(secretTest) + + `azuresigntool sign -kvu ${process.env.SIGNING_VAULT_URL} -kvi ${process.env.SIGNING_CLIENT_ID} -kvs ${process.env.SIGNING_CLIENT_SECRET} -kvc ${process.env.SIGNING_CERT_NAME} -fd ${configuration.hash} -du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`, - script: ls -alht dist displayName: show executables diff --git a/sign.js b/sign.js index 9c27c8a4219..45aef487f60 100644 --- a/sign.js +++ b/sign.js @@ -1,9 +1,9 @@ exports.default = async function(configuration) { //console.log(`config:\n${JSON.stringify(configuration, null, 4)}`) - console.log(`env test - secret test ${process.env.secretTest}`) + console.log(`env test - secret test ${process.env.SECRET_TEST}`) require("child_process").execSync( - `azuresigntool sign -kvu ${process.env.SigningVaultURL} -kvi ${process.env.SigningClientId} -kvs ${process.env.SigningClientSecret} -kvc ${process.env.SigningCertName} -fd ${configuration.hash}-du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`, + `azuresigntool sign -kvu ${process.env.SIGNING_VAULT_URL} -kvi ${process.env.SIGNING_CLIENT_ID} -kvs ${process.env.SIGNING_CLIENT_SECRET} -kvc ${process.env.SIGNING_CERT_NAME} -fd ${configuration.hash} -du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`, { stdio: "inherit" } From 4b9e6ff89478095f1dc706fe9939e5d528f55688 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 17:39:38 +0000 Subject: [PATCH 087/123] removing reference code --- .az-pipelines/windows-build-sign.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index a476280f10e..ee21e54a149 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -54,8 +54,6 @@ steps: SIGNING_CERT_NAME: $(SigningCertName) SECRET_TEST: $(secretTest) - `azuresigntool sign -kvu ${process.env.SIGNING_VAULT_URL} -kvi ${process.env.SIGNING_CLIENT_ID} -kvs ${process.env.SIGNING_CLIENT_SECRET} -kvc ${process.env.SIGNING_CERT_NAME} -fd ${configuration.hash} -du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`, - - script: ls -alht dist displayName: show executables From 1f0e5d711ea65b02ff2e8b262610dd11246e39ad Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 18:12:15 +0000 Subject: [PATCH 088/123] testing manual install --- .az-pipelines/sign-windows-artifacts.yml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index f73916bf5ad..7493250d703 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -7,21 +7,22 @@ variables: - group: code-signing-test steps: - #- task: DotNetCoreCLI@2 - # inputs: - # command: 'custom' - # custom: 'tool' - # arguments: 'install --global azuresigntool' + #- script: | + # set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true + # dotnet tool install --global AzureSignTool --version 2.0.17 # displayName: 'install AzureSignTool' - + - script: | - set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true - dotnet tool install --global AzureSignTool --version 2.0.17 - displayName: 'install AzureSignTool' + git clone https://github.com/vcsjones/AzureSignTool.git + dotnet build + displayName: 'Install AST' -- script: AzureSignTool.exe sign --help +- script: azuresigntool sign --help displayName: 'Debugging AST' +- script: exit 1 + displayName: Premature Exit + - task: DownloadGitHubRelease@0 inputs: connection: joseph-flinn From 0978956c30428fdb3b4093366434202b302f2dfb Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 18:17:27 +0000 Subject: [PATCH 089/123] moving into the project directory --- .az-pipelines/sign-windows-artifacts.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 7493250d703..d1c10eef207 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -14,6 +14,8 @@ steps: - script: | git clone https://github.com/vcsjones/AzureSignTool.git + cd AzureSignTool + dotnet --version dotnet build displayName: 'Install AST' From a08783eb9bb0a040b690ee9cbb9641d2fb0ea382 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 18:44:18 +0000 Subject: [PATCH 090/123] going insane....and trying dotnet run --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index d1c10eef207..4405e17723b 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -19,7 +19,7 @@ steps: dotnet build displayName: 'Install AST' -- script: azuresigntool sign --help +- script: dotnet run -- sign --help displayName: 'Debugging AST' - script: exit 1 From 2ae72a66bc0e42b5d1fb6129db946ceaa55d8b15 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 18:48:47 +0000 Subject: [PATCH 091/123] trying to cd into AST before running AST --- .az-pipelines/sign-windows-artifacts.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 4405e17723b..807ad4e54f6 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -19,7 +19,9 @@ steps: dotnet build displayName: 'Install AST' -- script: dotnet run -- sign --help +- script: | + cd AzureSignTool + dotnet run -- sign --help displayName: 'Debugging AST' - script: exit 1 From 4a3f1ee5e646f7e223e999e6e7dab9bd0e1227b9 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 18:52:52 +0000 Subject: [PATCH 092/123] specifying the project? --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 807ad4e54f6..c78eab131f6 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -21,7 +21,7 @@ steps: - script: | cd AzureSignTool - dotnet run -- sign --help + dotnet run --project azuresigntool -- sign --help displayName: 'Debugging AST' - script: exit 1 From 2d2c1d632e7225bdd4fb60b7f13363a1b8337ce6 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 19:10:58 +0000 Subject: [PATCH 093/123] experimenting after getting it the project to run on Linux container --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index c78eab131f6..a115986b5ff 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -21,7 +21,7 @@ steps: - script: | cd AzureSignTool - dotnet run --project azuresigntool -- sign --help + dotnet run --project src/AzureSignTool -- sign --help displayName: 'Debugging AST' - script: exit 1 From 23e2e0842577cd6ba72c4e0ae72e9e17bc8734b5 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 19:48:23 +0000 Subject: [PATCH 094/123] testing manaul install of AST --- .az-pipelines/sign-windows-artifacts.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index a115986b5ff..a583edb5663 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -16,16 +16,16 @@ steps: git clone https://github.com/vcsjones/AzureSignTool.git cd AzureSignTool dotnet --version - dotnet build + dotnet pack --output ./nupkg + dotnet tool install --global --add-source ./nupkg azuresigntool displayName: 'Install AST' - script: | - cd AzureSignTool - dotnet run --project src/AzureSignTool -- sign --help + azuresigntool -- sign --help displayName: 'Debugging AST' - script: exit 1 - displayName: Premature Exit + displayName: 'Early Exit' - task: DownloadGitHubRelease@0 inputs: @@ -44,7 +44,7 @@ steps: displayName: 'show artifacts' - script: | - azuresigntool sign -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32-store.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64-store.appx" + azuresigntool sign -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvt "$(SigningTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32-store.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64-store.appx" displayName: 'Sign artifacts' - task: PublishPipelineArtifact@1 From d52713ea4dfc3c023274540e067f54c340d3b076 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 19:52:50 +0000 Subject: [PATCH 095/123] removing leftovers. trying to get a clean run --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index a583edb5663..1908dd752f7 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -21,7 +21,7 @@ steps: displayName: 'Install AST' - script: | - azuresigntool -- sign --help + azuresigntool sign --help displayName: 'Debugging AST' - script: exit 1 From 2817f78b98f3b46c2e5d74920c9e23d3a287468e Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 19:53:15 +0000 Subject: [PATCH 096/123] changing debug command to get all params to make sure it is the new version --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 1908dd752f7..4463178b312 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -21,7 +21,7 @@ steps: displayName: 'Install AST' - script: | - azuresigntool sign --help + azuresigntool --help displayName: 'Debugging AST' - script: exit 1 From 9873ad48ed66d87a2bf5b1666a0a5686b0da2980 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 20:00:29 +0000 Subject: [PATCH 097/123] trying to get a clean run --- .az-pipelines/sign-windows-artifacts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 4463178b312..1908dd752f7 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -21,7 +21,7 @@ steps: displayName: 'Install AST' - script: | - azuresigntool --help + azuresigntool sign --help displayName: 'Debugging AST' - script: exit 1 From 455c287e20be965cc2455ee20e62a2d9586411b3 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 20:37:37 +0000 Subject: [PATCH 098/123] trying to specifiy verison 3 --- .az-pipelines/sign-windows-artifacts.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 1908dd752f7..10360d4c3e1 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -16,8 +16,9 @@ steps: git clone https://github.com/vcsjones/AzureSignTool.git cd AzureSignTool dotnet --version - dotnet pack --output ./nupkg - dotnet tool install --global --add-source ./nupkg azuresigntool + dotnet build -p:Version=3.0.0 + #dotnet pack --output ./nupkg + dotnet tool install --global --add-source ./nupkg --version 3.0.0 azuresigntool displayName: 'Install AST' - script: | From 3172c7b87d04b76d5eef858961d350367b102331 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 21:24:06 +0000 Subject: [PATCH 099/123] switching from 3.0.0 to the 0.0.0-hash version (where does this come from? idk) --- .az-pipelines/sign-windows-artifacts.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 10360d4c3e1..a1030a9c178 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -16,9 +16,8 @@ steps: git clone https://github.com/vcsjones/AzureSignTool.git cd AzureSignTool dotnet --version - dotnet build -p:Version=3.0.0 - #dotnet pack --output ./nupkg - dotnet tool install --global --add-source ./nupkg --version 3.0.0 azuresigntool + dotnet pack --output ./nupkg + dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 0.0.0-gce87e84a58 azuresigntool displayName: 'Install AST' - script: | From b6d706a62b675c3c81100db7f02da6cefb740842 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 21:50:33 +0000 Subject: [PATCH 100/123] trying it... --- .az-pipelines/sign-windows-artifacts.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index a1030a9c178..70d7abe42dc 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -24,8 +24,8 @@ steps: azuresigntool sign --help displayName: 'Debugging AST' -- script: exit 1 - displayName: 'Early Exit' + #- script: exit 1 + # displayName: 'Early Exit' - task: DownloadGitHubRelease@0 inputs: From 711cea8c4b5cfc241537ab2e9cc088afb1925bad Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Thu, 31 Dec 2020 22:09:00 +0000 Subject: [PATCH 101/123] Install and use latest AST (this will probably break when it is updated because Google won't tell me how to make a clean build of a .NET project) --- .az-pipelines/windows-build-sign.yml | 15 ++++++++++++--- sign.js | 2 +- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index ee21e54a149..6303b11dbc8 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -17,10 +17,18 @@ steps: versionSpec: '10.x' displayName: 'Install Node.js' + #- script: | + # set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true + # dotnet tool install --global AzureSignTool --version 2.0.17 + # displayName: 'install AzureSignTool' + - script: | - set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true - dotnet tool install --global AzureSignTool --version 2.0.17 - displayName: 'install AzureSignTool' + git clone https://github.com/vcsjones/AzureSignTool.git + cd AzureSignTool + dotnet --version + dotnet pack --output ./nupkg + dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 0.0.0-gce87e84a58 azuresigntool + displayName: 'Install AST' - task: PowerShell@2 inputs: @@ -50,6 +58,7 @@ steps: CSC_KEY_PASSWORD: $(ebSigningCertKey) SIGNING_VAULT_URL: $(SigningVaultURL) SIGNING_CLIENT_ID: $(SigningClientId) + SIGNING_TENTANT_ID: $(SigningTenantId) SIGNING_CLIENT_SECRET: $(SigningClientSecret) SIGNING_CERT_NAME: $(SigningCertName) SECRET_TEST: $(secretTest) diff --git a/sign.js b/sign.js index 45aef487f60..17664c13962 100644 --- a/sign.js +++ b/sign.js @@ -3,7 +3,7 @@ exports.default = async function(configuration) { console.log(`env test - secret test ${process.env.SECRET_TEST}`) require("child_process").execSync( - `azuresigntool sign -kvu ${process.env.SIGNING_VAULT_URL} -kvi ${process.env.SIGNING_CLIENT_ID} -kvs ${process.env.SIGNING_CLIENT_SECRET} -kvc ${process.env.SIGNING_CERT_NAME} -fd ${configuration.hash} -du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`, + `azuresigntool sign -kvu ${process.env.SIGNING_VAULT_URL} -kvi ${process.env.SIGNING_CLIENT_ID} -kvt ${process.env.SIGNING_TENANT_ID} -kvs ${process.env.SIGNING_CLIENT_SECRET} -kvc ${process.env.SIGNING_CERT_NAME} -fd ${configuration.hash} -du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`, { stdio: "inherit" } From d998ec9146a5930504e2869906a5ba696d028af4 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 4 Jan 2021 20:10:48 +0000 Subject: [PATCH 102/123] Trying to install AST with `publish` --- .az-pipelines/windows-build-sign.yml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 6303b11dbc8..9f737224a13 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -26,9 +26,18 @@ steps: git clone https://github.com/vcsjones/AzureSignTool.git cd AzureSignTool dotnet --version - dotnet pack --output ./nupkg - dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 0.0.0-gce87e84a58 azuresigntool + dotnet restore + dotnet publish src/AzureSignTool/AzureSignTool.csproj -o ./dist + cp ./dist/AzureSignTool %USERPROFILE%\.dotnet\tools displayName: 'Install AST' +#dotnet pack --output ./nupkg +#dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 0.0.0-gce87e84a58 azuresigntool + +- script: | + AzureSignTool sign --help + exit 1 + displayName: 'Debug AST installation' + - task: PowerShell@2 inputs: From 3550c2cb1efc12b04fccb10fbac769de390a4809 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 4 Jan 2021 20:27:07 +0000 Subject: [PATCH 103/123] trying to specify version in pack --- .az-pipelines/windows-build-sign.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 9f737224a13..597efc5cc36 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -27,10 +27,10 @@ steps: cd AzureSignTool dotnet --version dotnet restore - dotnet publish src/AzureSignTool/AzureSignTool.csproj -o ./dist - cp ./dist/AzureSignTool %USERPROFILE%\.dotnet\tools + dotnet pack --output ./nupkg -p:Version=3.0.0-alpha + dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 3.0.0-alpha azuresigntool displayName: 'Install AST' -#dotnet pack --output ./nupkg + #dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 0.0.0-gce87e84a58 azuresigntool - script: | From 68d302bfe301f51b65d843c07f34ae51e720df78 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 4 Jan 2021 20:43:36 +0000 Subject: [PATCH 104/123] trying to downgrad the .NET sdk --- .az-pipelines/windows-build-sign.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 597efc5cc36..168571e22cf 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -21,6 +21,12 @@ steps: # set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true # dotnet tool install --global AzureSignTool --version 2.0.17 # displayName: 'install AzureSignTool' +- task: UseDotNet@2 + displayName: 'Use .NET Core SDK 3.x' + inputs: + packageType: sdk + version: 3.x + installationPath: $(Agent.ToolsDirectory)/dotnet - script: | git clone https://github.com/vcsjones/AzureSignTool.git From 89e55da798876794c168de02ded18d7ad5278184 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 4 Jan 2021 20:52:13 +0000 Subject: [PATCH 105/123] testing publishing and moving to agent tools directory --- .az-pipelines/windows-build-sign.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 168571e22cf..16bc9f9017e 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -21,6 +21,7 @@ steps: # set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true # dotnet tool install --global AzureSignTool --version 2.0.17 # displayName: 'install AzureSignTool' + - task: UseDotNet@2 displayName: 'Use .NET Core SDK 3.x' inputs: @@ -33,14 +34,16 @@ steps: cd AzureSignTool dotnet --version dotnet restore - dotnet pack --output ./nupkg -p:Version=3.0.0-alpha - dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 3.0.0-alpha azuresigntool + dotnet publish src/AzureSignTool.csproj -o ./dist + cp ./dist/AzureSignTool $(Agent.ToolsDirectory)/azuresigntool displayName: 'Install AST' #dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 0.0.0-gce87e84a58 azuresigntool +#dotnet pack --output ./nupkg -p:Version=3.0.0-alpha +#dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 3.0.0-alpha azuresigntool - script: | - AzureSignTool sign --help + azuresigntool sign --help exit 1 displayName: 'Debug AST installation' From 4fa8342a003969fe5b62c3ed69635da76cb4ba00 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 4 Jan 2021 21:44:35 +0000 Subject: [PATCH 106/123] trying to compile the version to be built --- .az-pipelines/windows-build-sign.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 16bc9f9017e..01025d278d7 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -31,16 +31,18 @@ steps: - script: | git clone https://github.com/vcsjones/AzureSignTool.git + $latest_head = $(git rev-parse HEAD)[0...9] -join "" + $latest_version = "0.0.0-g$latest_head" + Write-Host "--------" + Write-Host "PACKAGE VERSION TO BUILD - $latest_version" + Write-Host "--------" cd AzureSignTool dotnet --version dotnet restore - dotnet publish src/AzureSignTool.csproj -o ./dist - cp ./dist/AzureSignTool $(Agent.ToolsDirectory)/azuresigntool + dotnet pack --output ./nupkg + dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 0.0.0-gce87e84a58 azuresigntool displayName: 'Install AST' -#dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 0.0.0-gce87e84a58 azuresigntool -#dotnet pack --output ./nupkg -p:Version=3.0.0-alpha -#dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 3.0.0-alpha azuresigntool - script: | azuresigntool sign --help From 539e9069361036ce2cf3adda32093c97f4b4c0f8 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 4 Jan 2021 22:24:12 +0000 Subject: [PATCH 107/123] switching to powershell --- .az-pipelines/windows-build-sign.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 01025d278d7..20f4ded84fc 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -40,8 +40,9 @@ steps: dotnet --version dotnet restore dotnet pack --output ./nupkg - dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 0.0.0-gce87e84a58 azuresigntool + dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool displayName: 'Install AST' + shell: pwsh - script: | From 033cee57b87ad3a07c5750c909185bbb8bdaa8e4 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 4 Jan 2021 22:32:06 +0000 Subject: [PATCH 108/123] fixing pwsh task --- .az-pipelines/windows-build-sign.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 20f4ded84fc..ebebd075b7c 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -29,7 +29,7 @@ steps: version: 3.x installationPath: $(Agent.ToolsDirectory)/dotnet -- script: | +- pwsh: | git clone https://github.com/vcsjones/AzureSignTool.git $latest_head = $(git rev-parse HEAD)[0...9] -join "" $latest_version = "0.0.0-g$latest_head" @@ -42,7 +42,6 @@ steps: dotnet pack --output ./nupkg dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool displayName: 'Install AST' - shell: pwsh - script: | From f1e52b022bd5a00db108d68ab8ecc85a2f1671d9 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 4 Jan 2021 22:42:27 +0000 Subject: [PATCH 109/123] debugging commit id --- .az-pipelines/windows-build-sign.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index ebebd075b7c..220e4cb1010 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -34,6 +34,8 @@ steps: $latest_head = $(git rev-parse HEAD)[0...9] -join "" $latest_version = "0.0.0-g$latest_head" Write-Host "--------" + Write-Host "git commit - $(git rev-parse HEAD)" + Write-Host "latest_head - $latest_head" Write-Host "PACKAGE VERSION TO BUILD - $latest_version" Write-Host "--------" cd AzureSignTool From 5f53f0a988e8af112d352a2b5871f28792fa954b Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 4 Jan 2021 22:55:11 +0000 Subject: [PATCH 110/123] fixing typo in pwsh --- .az-pipelines/windows-build-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 220e4cb1010..78f27c6938d 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -31,7 +31,7 @@ steps: - pwsh: | git clone https://github.com/vcsjones/AzureSignTool.git - $latest_head = $(git rev-parse HEAD)[0...9] -join "" + $latest_head = $(git rev-parse HEAD)[0..9] -join "" $latest_version = "0.0.0-g$latest_head" Write-Host "--------" Write-Host "git commit - $(git rev-parse HEAD)" From fa49fb05855f21bbba533723747f5d0d015b1c56 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 4 Jan 2021 23:04:55 +0000 Subject: [PATCH 111/123] moving the git version data gathering of AST --- .az-pipelines/windows-build-sign.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 78f27c6938d..c3a43f83ee5 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -31,6 +31,7 @@ steps: - pwsh: | git clone https://github.com/vcsjones/AzureSignTool.git + cd AzureSignTool $latest_head = $(git rev-parse HEAD)[0..9] -join "" $latest_version = "0.0.0-g$latest_head" Write-Host "--------" @@ -38,7 +39,7 @@ steps: Write-Host "latest_head - $latest_head" Write-Host "PACKAGE VERSION TO BUILD - $latest_version" Write-Host "--------" - cd AzureSignTool + dotnet --version dotnet restore dotnet pack --output ./nupkg From 6a1783b2df324df65caf9ed5e3ff32c2b3d0b870 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Mon, 4 Jan 2021 23:15:41 +0000 Subject: [PATCH 112/123] removing the debugging code --- .az-pipelines/windows-build-sign.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index c3a43f83ee5..a56b8fe7f15 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -47,12 +47,6 @@ steps: displayName: 'Install AST' -- script: | - azuresigntool sign --help - exit 1 - displayName: 'Debug AST installation' - - - task: PowerShell@2 inputs: targetType: 'inline' From b0878fd6604cc7bff4f9987924dc5889ecacd33f Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 5 Jan 2021 13:29:01 +0000 Subject: [PATCH 113/123] testing secrets in pipeline and in script --- .az-pipelines/windows-build-sign.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index a56b8fe7f15..846c32aca83 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -68,7 +68,11 @@ steps: displayName: 'npm build' # This task is not working... -- script: npx electron-builder --win --x64 --ia32 -p never -c.win.certificateSubjectName=\"Bitwarden Inc\" +- pwsh: | + Write-Host "------------------------" + Write-Host "az pipeline secret test - $SECRET_TEST" + Write-Host "------------------------" + npx electron-builder --win --x64 --ia32 -p never -c.win.certificateSubjectName=\"Bitwarden Inc\" displayName: 'electron-builder build & sign' env: CSC_LINK: $(ebSigningCertIdentifierURL) From 0efb6770096875c96b8d111798e21d1193ff5576 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 5 Jan 2021 13:45:32 +0000 Subject: [PATCH 114/123] debugging env vars and secrets --- .az-pipelines/windows-build-sign.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 846c32aca83..3b4ff57e6ab 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -12,6 +12,25 @@ variables: - group: build-sign-test steps: +- pwsh: | + Write-Host "------------------------" + Write-Host "secret test - $env:SECRET_TEST" + Write-Host "SIGNING_CERT_NAME - $env:SIGNING_CERT_NAME" + Write-Host "------------------------" + displayName: 'Var & Secret Testing' + env: + CSC_LINK: $(ebSigningCertIdentifierURL) + CSC_KEY_PASSWORD: $(ebSigningCertKey) + SIGNING_VAULT_URL: $(SigningVaultURL) + SIGNING_CLIENT_ID: $(SigningClientId) + SIGNING_TENTANT_ID: $(SigningTenantId) + SIGNING_CLIENT_SECRET: $(SigningClientSecret) + SIGNING_CERT_NAME: $(SigningCertName) + SECRET_TEST: $(secretTest) + +- script: exit 1 + displayName: Stop Pipeline + - task: NodeTool@0 inputs: versionSpec: '10.x' @@ -70,7 +89,8 @@ steps: # This task is not working... - pwsh: | Write-Host "------------------------" - Write-Host "az pipeline secret test - $SECRET_TEST" + Write-Host "az pipeline secret test - $env:SECRET_TEST" + Write-Host "az pipeline var test - $env:SIGNING_CERT_NAME" Write-Host "------------------------" npx electron-builder --win --x64 --ia32 -p never -c.win.certificateSubjectName=\"Bitwarden Inc\" displayName: 'electron-builder build & sign' From 64e8099fb32cef51673c1a041fee965cb5b81f6d Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 5 Jan 2021 14:03:59 +0000 Subject: [PATCH 115/123] testing new var in variable group --- .az-pipelines/windows-build-sign.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 3b4ff57e6ab..f3ec5ac65c1 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -15,6 +15,7 @@ steps: - pwsh: | Write-Host "------------------------" Write-Host "secret test - $env:SECRET_TEST" + Write-Host "new var test - $env:NEW_VAR_TEST" Write-Host "SIGNING_CERT_NAME - $env:SIGNING_CERT_NAME" Write-Host "------------------------" displayName: 'Var & Secret Testing' @@ -26,6 +27,7 @@ steps: SIGNING_TENTANT_ID: $(SigningTenantId) SIGNING_CLIENT_SECRET: $(SigningClientSecret) SIGNING_CERT_NAME: $(SigningCertName) + NEW_VAR_TEST: $(newVarTest) SECRET_TEST: $(secretTest) - script: exit 1 From de4966b3e42a44815192c09b7165c9a8c607b928 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 5 Jan 2021 14:22:01 +0000 Subject: [PATCH 116/123] trying things that shouldn't work because the things that should work aren't --- .az-pipelines/sign-windows-artifacts.yml | 1 + .az-pipelines/windows-build-sign.yml | 2 ++ sign.js | 1 + 3 files changed, 4 insertions(+) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 70d7abe42dc..479bd340123 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -45,6 +45,7 @@ steps: - script: | azuresigntool sign -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvt "$(SigningTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32-store.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64-store.appx" + echo $(SigningClientSecret) displayName: 'Sign artifacts' - task: PublishPipelineArtifact@1 diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index f3ec5ac65c1..077b1fb0e4e 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -17,6 +17,8 @@ steps: Write-Host "secret test - $env:SECRET_TEST" Write-Host "new var test - $env:NEW_VAR_TEST" Write-Host "SIGNING_CERT_NAME - $env:SIGNING_CERT_NAME" + Write-Host "---" + Write Host "This shouldn't work - $(secretTest)" Write-Host "------------------------" displayName: 'Var & Secret Testing' env: diff --git a/sign.js b/sign.js index 17664c13962..0a61edf3b78 100644 --- a/sign.js +++ b/sign.js @@ -1,6 +1,7 @@ exports.default = async function(configuration) { //console.log(`config:\n${JSON.stringify(configuration, null, 4)}`) console.log(`env test - secret test ${process.env.SECRET_TEST}`) + console.log(`env test - shouldn't work ${process.env.secretTest}`) require("child_process").execSync( `azuresigntool sign -kvu ${process.env.SIGNING_VAULT_URL} -kvi ${process.env.SIGNING_CLIENT_ID} -kvt ${process.env.SIGNING_TENANT_ID} -kvs ${process.env.SIGNING_CLIENT_SECRET} -kvc ${process.env.SIGNING_CERT_NAME} -fd ${configuration.hash} -du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`, From a1d950e33e1f55f45bb7542a0dd762006272955c Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 5 Jan 2021 14:43:01 +0000 Subject: [PATCH 117/123] idk what's wrong... --- .az-pipelines/sign-windows-artifacts.yml | 1 - .az-pipelines/windows-build-sign.yml | 9 +++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml index 479bd340123..70d7abe42dc 100644 --- a/.az-pipelines/sign-windows-artifacts.yml +++ b/.az-pipelines/sign-windows-artifacts.yml @@ -45,7 +45,6 @@ steps: - script: | azuresigntool sign -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvt "$(SigningTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32-store.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64-store.appx" - echo $(SigningClientSecret) displayName: 'Sign artifacts' - task: PublishPipelineArtifact@1 diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml index 077b1fb0e4e..d64a6e12c44 100644 --- a/.az-pipelines/windows-build-sign.yml +++ b/.az-pipelines/windows-build-sign.yml @@ -9,16 +9,15 @@ pool: vmImage: 'windows-latest' variables: -- group: build-sign-test +- group: code-signing-test steps: - pwsh: | Write-Host "------------------------" - Write-Host "secret test - $env:SECRET_TEST" - Write-Host "new var test - $env:NEW_VAR_TEST" + Write-Host "secret test - $env:CSC_KEY_PASSWORD" Write-Host "SIGNING_CERT_NAME - $env:SIGNING_CERT_NAME" Write-Host "---" - Write Host "This shouldn't work - $(secretTest)" + Write Host "This shouldn't work - $(ebSigningCertKey)" Write-Host "------------------------" displayName: 'Var & Secret Testing' env: @@ -29,8 +28,6 @@ steps: SIGNING_TENTANT_ID: $(SigningTenantId) SIGNING_CLIENT_SECRET: $(SigningClientSecret) SIGNING_CERT_NAME: $(SigningCertName) - NEW_VAR_TEST: $(newVarTest) - SECRET_TEST: $(secretTest) - script: exit 1 displayName: Stop Pipeline From 7f217a261fdcc57733a6a9685485cbe45e6312d1 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 5 Jan 2021 16:13:08 +0000 Subject: [PATCH 118/123] trying to switch over to GH Actions because AZ Pipelines seems to have a problem with the secrets in environments... --- .github/workflows/build-and-sign.yml | 254 +++++++++++++++++++++++++++ 1 file changed, 254 insertions(+) create mode 100644 .github/workflows/build-and-sign.yml diff --git a/.github/workflows/build-and-sign.yml b/.github/workflows/build-and-sign.yml new file mode 100644 index 00000000000..fe2d76b6ff0 --- /dev/null +++ b/.github/workflows/build-and-sign.yml @@ -0,0 +1,254 @@ +name: Build & Sign + +on: [workflow_dispatch] + +jobs: + windows: + runs-on: windows-latest + steps: + - name: Set up Node + uses: actions/setup-node@v1 + with: + node-version: '10.x' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + shell: pwsh + + - name: Setup dotnet + uses: actions/setup-dotnet@v2 + with: + dotnet-version: "3.x" + + - name: Print environment + run: | + node --version + npm --version + dotnet --version + + exit 1 + + - name: Checkout repo + uses: actions/checkout@v2 + + - name: Load package version + run: ./.github/scripts/load-version.ps1 + shell: pwsh + + - name: Install Node dependencies + run: npm install + + - name: Run linter + run: npm run lint + + - name: Build application + shell: pwsh + run: npm run dist:win:ci + + - name: Rename appx files for store + shell: pwsh + run: | + Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx" ` + -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx" + Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx" ` + -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx" + + - name: Upload portable exe artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe + path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe + + - name: Upload installer exe artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe + path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe + + - name: Upload store appx ia32 artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx + path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx + + - name: Upload store appx x64 artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx + path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx + + - name: Deploy to Chocolatey + if: github.event_name == 'release' + run: ./scripts/choco-update.ps1 -version $env:PACKAGE_VERSION + shell: pwsh + + - name: Upload Chocolatey nupkg artifact + if: github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg + path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg + + - name: Upload release assets + if: github.event_name == 'release' + run: | + hub release edit ` + -a ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg ` + -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx ` + -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx ` + -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` + $env:RELEASE_TAG_NAME + shell: pwsh + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} + + macos: + runs-on: macos-latest + + steps: + - name: Set up Node + uses: actions/setup-node@v1 + with: + node-version: '10.x' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + + - name: Print environment + run: | + node --version + npm --version + Write-Output "GitHub ref: $env:GITHUB_REF" + Write-Output "GitHub event: $env:GITHUB_EVENT" + shell: pwsh + env: + GITHUB_REF: ${{ github.ref }} + GITHUB_EVENT: ${{ github.event_name }} + + - name: Checkout repo + uses: actions/checkout@v2 + + - name: Decrypt secrets + run: ./.github/scripts/macos/decrypt-secrets.ps1 + shell: pwsh + env: + DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + + - name: Set up keychain + run: ./.github/scripts/macos/setup-keychain.ps1 + shell: pwsh + env: + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} + DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} + APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} + MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Set up provisioning profiles + run: ./.github/scripts/macos/setup-profiles.ps1 + shell: pwsh + + - name: Increment version + run: ./.github/scripts/macos/increment-version.ps1 + shell: pwsh + + - name: Load package version + run: ./.github/scripts/load-version.ps1 + shell: pwsh + + - name: Install Node dependencies + run: npm install + + - name: Run linter + run: npm run lint + + - name: Create Safari directory + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + shell: pwsh + run: New-Item ./dist-safari -ItemType Directory -ea 0 + + - name: Checkout browser extension + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/checkout@v2 + with: + repository: 'bitwarden/browser' + path: 'dist-safari/browser' + + - name: Build Safari extension + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + shell: pwsh + run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy + + - name: Load Safari extension for .dmg + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + shell: pwsh + run: ./scripts/safari-build.ps1 -copyonly + + - name: Build application (dev) + if: github.ref != 'refs/heads/master' && github.event_name != 'release' + run: npm run build + + - name: Build application (dist) + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + run: npm run dist:mac + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Upload .zip artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip + path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip + + - name: Upload .dmg artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-${{ env.PACKAGE_VERSION }}.dmg + path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}.dmg + + - name: Load Safari extension for App Store + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + shell: pwsh + run: ./scripts/safari-build.ps1 -mas -copyonly + + - name: Build application for App Store + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + run: npm run dist:mac:mas + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Upload .pkg artifact + if: github.ref == 'refs/heads/master' || github.event_name == 'release' + uses: actions/upload-artifact@v2 + with: + name: Bitwarden-${{ env.PACKAGE_VERSION }}.pkg + path: ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg + + - name: Deploy to App Store + if: github.event_name == 'release' + run: npm run upload:mas + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Upload release assets + if: github.event_name == 'release' + run: | + hub release edit ` + -a ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg ` + -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` + $env:RELEASE_TAG_NAME + shell: pwsh + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} From 020629fd3c202185187070f9d6916f918c3fbf7a Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 5 Jan 2021 16:16:03 +0000 Subject: [PATCH 119/123] removing the macos job from the test --- .github/workflows/build-and-sign.yml | 146 --------------------------- 1 file changed, 146 deletions(-) diff --git a/.github/workflows/build-and-sign.yml b/.github/workflows/build-and-sign.yml index fe2d76b6ff0..f673d55e801 100644 --- a/.github/workflows/build-and-sign.yml +++ b/.github/workflows/build-and-sign.yml @@ -106,149 +106,3 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} - - macos: - runs-on: macos-latest - - steps: - - name: Set up Node - uses: actions/setup-node@v1 - with: - node-version: '10.x' - - - name: Set Node options - run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV - - - name: Print environment - run: | - node --version - npm --version - Write-Output "GitHub ref: $env:GITHUB_REF" - Write-Output "GitHub event: $env:GITHUB_EVENT" - shell: pwsh - env: - GITHUB_REF: ${{ github.ref }} - GITHUB_EVENT: ${{ github.event_name }} - - - name: Checkout repo - uses: actions/checkout@v2 - - - name: Decrypt secrets - run: ./.github/scripts/macos/decrypt-secrets.ps1 - shell: pwsh - env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} - - - name: Set up keychain - run: ./.github/scripts/macos/setup-keychain.ps1 - shell: pwsh - env: - KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} - DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} - APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} - MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - - - name: Set up provisioning profiles - run: ./.github/scripts/macos/setup-profiles.ps1 - shell: pwsh - - - name: Increment version - run: ./.github/scripts/macos/increment-version.ps1 - shell: pwsh - - - name: Load package version - run: ./.github/scripts/load-version.ps1 - shell: pwsh - - - name: Install Node dependencies - run: npm install - - - name: Run linter - run: npm run lint - - - name: Create Safari directory - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - shell: pwsh - run: New-Item ./dist-safari -ItemType Directory -ea 0 - - - name: Checkout browser extension - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - uses: actions/checkout@v2 - with: - repository: 'bitwarden/browser' - path: 'dist-safari/browser' - - - name: Build Safari extension - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - shell: pwsh - run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy - - - name: Load Safari extension for .dmg - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - shell: pwsh - run: ./scripts/safari-build.ps1 -copyonly - - - name: Build application (dev) - if: github.ref != 'refs/heads/master' && github.event_name != 'release' - run: npm run build - - - name: Build application (dist) - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - run: npm run dist:mac - env: - APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - - - name: Upload .zip artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - uses: actions/upload-artifact@v2 - with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip - - - name: Upload .dmg artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - uses: actions/upload-artifact@v2 - with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}.dmg - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}.dmg - - - name: Load Safari extension for App Store - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - shell: pwsh - run: ./scripts/safari-build.ps1 -mas -copyonly - - - name: Build application for App Store - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - run: npm run dist:mac:mas - env: - APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - - - name: Upload .pkg artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' - uses: actions/upload-artifact@v2 - with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}.pkg - path: ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg - - - name: Deploy to App Store - if: github.event_name == 'release' - run: npm run upload:mas - env: - APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - - - name: Upload release assets - if: github.event_name == 'release' - run: | - hub release edit ` - -a ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg ` - -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` - $env:RELEASE_TAG_NAME - shell: pwsh - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} From 9a39f67efc09a01fb78c8357a4fb2608db049fb4 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 5 Jan 2021 16:21:43 +0000 Subject: [PATCH 120/123] changing the gh action to "on push" to initialize it --- .az-pipelines/az-cli-tests.yml | 19 ---- .az-pipelines/sign-windows-artifacts.yml | 58 ----------- .az-pipelines/test-ast-install.yml | 21 ---- .az-pipelines/windows-build-sign.yml | 127 ----------------------- .github/workflows/build-and-sign.yml | 11 +- 5 files changed, 10 insertions(+), 226 deletions(-) delete mode 100644 .az-pipelines/az-cli-tests.yml delete mode 100644 .az-pipelines/sign-windows-artifacts.yml delete mode 100644 .az-pipelines/test-ast-install.yml delete mode 100644 .az-pipelines/windows-build-sign.yml diff --git a/.az-pipelines/az-cli-tests.yml b/.az-pipelines/az-cli-tests.yml deleted file mode 100644 index daf6af6e33a..00000000000 --- a/.az-pipelines/az-cli-tests.yml +++ /dev/null @@ -1,19 +0,0 @@ -trigger: none - -pool: - vmImage: 'windows-latest' - -variables: -- group: sub-secrets - -steps: -- task: AzureCLI@2 - displayName: Azure CLI KV Test - inputs: - azureSubscription: '$(subscription-id)' - connectedServiceNameARM: keyvault-signing-SP - scriptType: ps - scriptLocation: inlineScript - inlineScript: | - az --verison - az keyvault certificate list --vault-name code-signing-test-vault diff --git a/.az-pipelines/sign-windows-artifacts.yml b/.az-pipelines/sign-windows-artifacts.yml deleted file mode 100644 index 70d7abe42dc..00000000000 --- a/.az-pipelines/sign-windows-artifacts.yml +++ /dev/null @@ -1,58 +0,0 @@ -trigger: none - -pool: - vmImage: 'windows-latest' - -variables: -- group: code-signing-test - -steps: - #- script: | - # set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true - # dotnet tool install --global AzureSignTool --version 2.0.17 - # displayName: 'install AzureSignTool' - -- script: | - git clone https://github.com/vcsjones/AzureSignTool.git - cd AzureSignTool - dotnet --version - dotnet pack --output ./nupkg - dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version 0.0.0-gce87e84a58 azuresigntool - displayName: 'Install AST' - -- script: | - azuresigntool sign --help - displayName: 'Debugging AST' - - #- script: exit 1 - # displayName: 'Early Exit' - -- task: DownloadGitHubRelease@0 - inputs: - connection: joseph-flinn - userRepository: joseph-flinn/desktop - displayName: 'git release artifacts' - -- bash: | - GIT_RELEASE_VERSION=$(curl --silent "https://api.github.com/repos/joseph-flinn/desktop/releases/latest" | awk -F '"' '/tag_name/{print $4}' | awk '{print substr($1, 2); }') - echo "##vso[task.setvariable variable=git_release_version]$GIT_RELEASE_VERSION" - displayName: 'set git_release_version' - -- script: | - ls -alh $(System.ArtifactsDirectory) - echo GIT_RELEASE_VERSION=$(git_release_version) - displayName: 'show artifacts' - -- script: | - azuresigntool sign -kvu "$(SigningVaultURL)" -kvi "$(SigningClientId)" -kvt "$(SigningTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-ia32-store.appx" "$(System.ArtifactsDirectory)\Bitwarden-$(git_release_version)-x64-store.appx" - displayName: 'Sign artifacts' - -- task: PublishPipelineArtifact@1 - inputs: - pathToPublish: '$(System.ArtifactsDirectory)/Bitwarden-$(git_release_version)-ia32-store.appx' - artifactName: 'Bitwarden-$(git_release_version)-ia32-store.appx' - -- task: PublishPipelineArtifact@1 - inputs: - pathToPublish: '$(System.ArtifactsDirectory)/Bitwarden-$(git_release_version)-x64-store.appx' - artifactName: 'Bitwarden-$(git_release_version)-x64-store.appx' diff --git a/.az-pipelines/test-ast-install.yml b/.az-pipelines/test-ast-install.yml deleted file mode 100644 index 3f0d33b169c..00000000000 --- a/.az-pipelines/test-ast-install.yml +++ /dev/null @@ -1,21 +0,0 @@ -trigger: none - -pool: - vmImage: 'windows-latest' - -variables: -- group: code-signing-test - -steps: -- script: | - git clone https://github.com/vcsjones/AzureSignTool.git - cd AzureSignTool/src/AzureSignTool - dotnet tool restore - displayName: 'install AzureSignTool' - -- script: dotnet tool list - displayName: 'testing dotnet tool list' - -- script: AzureSignTool.exe sign --help - displayName: 'Debugging AST' - diff --git a/.az-pipelines/windows-build-sign.yml b/.az-pipelines/windows-build-sign.yml deleted file mode 100644 index d64a6e12c44..00000000000 --- a/.az-pipelines/windows-build-sign.yml +++ /dev/null @@ -1,127 +0,0 @@ -# Node.js -# Build a general Node.js project with npm. -# Add steps that analyze code, save build artifacts, deploy, and more: -# https://docs.microsoft.com/azure/devops/pipelines/languages/javascript - -trigger: none - -pool: - vmImage: 'windows-latest' - -variables: -- group: code-signing-test - -steps: -- pwsh: | - Write-Host "------------------------" - Write-Host "secret test - $env:CSC_KEY_PASSWORD" - Write-Host "SIGNING_CERT_NAME - $env:SIGNING_CERT_NAME" - Write-Host "---" - Write Host "This shouldn't work - $(ebSigningCertKey)" - Write-Host "------------------------" - displayName: 'Var & Secret Testing' - env: - CSC_LINK: $(ebSigningCertIdentifierURL) - CSC_KEY_PASSWORD: $(ebSigningCertKey) - SIGNING_VAULT_URL: $(SigningVaultURL) - SIGNING_CLIENT_ID: $(SigningClientId) - SIGNING_TENTANT_ID: $(SigningTenantId) - SIGNING_CLIENT_SECRET: $(SigningClientSecret) - SIGNING_CERT_NAME: $(SigningCertName) - -- script: exit 1 - displayName: Stop Pipeline - -- task: NodeTool@0 - inputs: - versionSpec: '10.x' - displayName: 'Install Node.js' - - #- script: | - # set DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true - # dotnet tool install --global AzureSignTool --version 2.0.17 - # displayName: 'install AzureSignTool' - -- task: UseDotNet@2 - displayName: 'Use .NET Core SDK 3.x' - inputs: - packageType: sdk - version: 3.x - installationPath: $(Agent.ToolsDirectory)/dotnet - -- pwsh: | - git clone https://github.com/vcsjones/AzureSignTool.git - cd AzureSignTool - $latest_head = $(git rev-parse HEAD)[0..9] -join "" - $latest_version = "0.0.0-g$latest_head" - Write-Host "--------" - Write-Host "git commit - $(git rev-parse HEAD)" - Write-Host "latest_head - $latest_head" - Write-Host "PACKAGE VERSION TO BUILD - $latest_version" - Write-Host "--------" - - dotnet --version - dotnet restore - dotnet pack --output ./nupkg - dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool - displayName: 'Install AST' - - -- task: PowerShell@2 - inputs: - targetType: 'inline' - script: | - $packageVersion = (Get-Content -Raw -Path $(System.DefaultWorkingDirectory)\src\package.json | ConvertFrom-Json).version; - echo "##vso[task.setvariable variable=PACKAGE_VERSION]${packageVersion}" - displayName: 'Setting packageVersion' - -- script: | - echo "package version: $(PACKAGE_VERSION)" - displayName: Package Version testing - -- script: npm install - displayName: 'npm install' - -- script: | - npm run build - npm npm run clean:dist - displayName: 'npm build' - -# This task is not working... -- pwsh: | - Write-Host "------------------------" - Write-Host "az pipeline secret test - $env:SECRET_TEST" - Write-Host "az pipeline var test - $env:SIGNING_CERT_NAME" - Write-Host "------------------------" - npx electron-builder --win --x64 --ia32 -p never -c.win.certificateSubjectName=\"Bitwarden Inc\" - displayName: 'electron-builder build & sign' - env: - CSC_LINK: $(ebSigningCertIdentifierURL) - CSC_KEY_PASSWORD: $(ebSigningCertKey) - SIGNING_VAULT_URL: $(SigningVaultURL) - SIGNING_CLIENT_ID: $(SigningClientId) - SIGNING_TENTANT_ID: $(SigningTenantId) - SIGNING_CLIENT_SECRET: $(SigningClientSecret) - SIGNING_CERT_NAME: $(SigningCertName) - SECRET_TEST: $(secretTest) - -- script: ls -alht dist - displayName: show executables - -- script: ls -alht dist/nsis-web - displayName: show nsis-web executables - -- task: PublishPipelineArtifact@1 - inputs: - pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-Portable-$(PACKAGE_VERSION).exe' - artifactName: Bitwarden-Portable-$(PACKAGE_VERSION).exe - -# - task: PublishPipelineArtifact@1 -# inputs: -# pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-1.23.1-ia32.appx' -# artifactName: Bitwarden-$(GIT_COMMIT_TO_BUILD)-ia32.appx -# -# - task: PublishPipelineArtifact@1 -# inputs: -# pathToPublish: '$(System.DefaultWorkingDirectory)/dist/Bitwarden-1.23.1-x64.appx' -# artifactName: Bitwarden-$(GIT_COMMIT_TO_BUILD)-x64.appx diff --git a/.github/workflows/build-and-sign.yml b/.github/workflows/build-and-sign.yml index f673d55e801..3c5d2458644 100644 --- a/.github/workflows/build-and-sign.yml +++ b/.github/workflows/build-and-sign.yml @@ -1,6 +1,15 @@ name: Build & Sign -on: [workflow_dispatch] +on: + push: + branches-ignore: + - 'l10n_master' + - 'gh-pages' + release: + types: + - published + +#[workflow_dispatch] jobs: windows: From 5f63020eb3cc793cb621f073f93d57d9f099311e Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 5 Jan 2021 16:23:56 +0000 Subject: [PATCH 121/123] changing the trigger to manual --- .github/workflows/build-and-sign.yml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/.github/workflows/build-and-sign.yml b/.github/workflows/build-and-sign.yml index 3c5d2458644..f673d55e801 100644 --- a/.github/workflows/build-and-sign.yml +++ b/.github/workflows/build-and-sign.yml @@ -1,15 +1,6 @@ name: Build & Sign -on: - push: - branches-ignore: - - 'l10n_master' - - 'gh-pages' - release: - types: - - published - -#[workflow_dispatch] +on: [workflow_dispatch] jobs: windows: From f47660fcc3055e4a727270d0d5d6f145b933f2f2 Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 5 Jan 2021 16:26:12 +0000 Subject: [PATCH 122/123] fixing dotnet action version --- .github/workflows/build-and-sign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-sign.yml b/.github/workflows/build-and-sign.yml index f673d55e801..aa91baab85e 100644 --- a/.github/workflows/build-and-sign.yml +++ b/.github/workflows/build-and-sign.yml @@ -16,7 +16,7 @@ jobs: shell: pwsh - name: Setup dotnet - uses: actions/setup-dotnet@v2 + uses: actions/setup-dotnet@v1 with: dotnet-version: "3.x" From 6de9d3912f89da4950c91b57eec3ce4bb63334af Mon Sep 17 00:00:00 2001 From: Joseph Flinn Date: Tue, 5 Jan 2021 16:28:24 +0000 Subject: [PATCH 123/123] trying different syntax --- .github/workflows/build-and-sign.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-sign.yml b/.github/workflows/build-and-sign.yml index aa91baab85e..6c0465cd16d 100644 --- a/.github/workflows/build-and-sign.yml +++ b/.github/workflows/build-and-sign.yml @@ -1,6 +1,7 @@ name: Build & Sign -on: [workflow_dispatch] +on: + workflow_dispatch: jobs: windows: