bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-03-02 03:21:19 +00:00
Code Issues Releases Wiki Activity

Merge branch 'main' into feature/passkey-provider

Browse Source
This commit is contained in:
Anders Åberg
2025-06-03 14:44:18 +02:00
parent 0376ead84e 95856bf3cf
commit 895378626e
2149 changed files with 66981 additions and 47537 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.github/CODEOWNERS vendored
View File

@@ -34,8 +34,12 @@ libs/common/src/models/export @bitwarden/team-tools-dev
libs/common/src/tools @bitwarden/team-tools-dev
libs/importer @bitwarden/team-tools-dev
libs/tools @bitwarden/team-tools-dev
bitwarden_license/bit-web/src/app/tools @bitwarden/team-tools-dev
bitwarden_license/bit-common/src/tools @bitwarden/team-tools-dev
## Dirt (Data Insights & Reporting) team files ##
apps/web/src/app/dirt @bitwarden/team-data-insights-and-reporting-dev
bitwarden_license/bit-common/src/dirt @bitwarden/team-data-insights-and-reporting-dev
bitwarden_license/bit-web/src/app/dirt @bitwarden/team-data-insights-and-reporting-dev
libs/dirt @bitwarden/team-data-insights-and-reporting-dev
## Localization/Crowdin (Platform and Tools team)
apps/browser/src/_locales @bitwarden/team-tools-dev @bitwarden/team-platform-dev
@@ -91,7 +95,6 @@ apps/web/src/app/core @bitwarden/team-platform-dev
apps/web/src/app/shared @bitwarden/team-platform-dev
apps/web/src/translation-constants.ts @bitwarden/team-platform-dev
# Workflows
# Any changes here should also be reflected in Renovate configuration
.github/workflows/automatic-issue-responses.yml @bitwarden/team-platform-dev
.github/workflows/automatic-pull-request-responses.yml @bitwarden/team-platform-dev
.github/workflows/build-browser-target.yml @bitwarden/team-platform-dev
@@ -161,7 +164,6 @@ apps/desktop/src/locales/en/messages.json
apps/web/src/locales/en/messages.json
## BRE team owns these workflows ##
# Any changes here should also be reflected in Renovate configuration ##
.github/workflows/brew-bump-desktop.yml @bitwarden/dept-bre
.github/workflows/deploy-web.yml @bitwarden/dept-bre
.github/workflows/publish-cli.yml @bitwarden/dept-bre
@@ -182,5 +184,8 @@ apps/web/src/locales/en/messages.json
**/entrypoint.sh
## Overrides
# tsconfig files are potentially dangerous and will be reviewed by platform to prevent misconfigurations
# For the time being platform owns tsconfig and jest config
# These overrides will be removed after Nx is implemented
# To track that effort please see https://bitwarden.atlassian.net/browse/PM-21636
**/tsconfig.json @bitwarden/team-platform-dev
**/jest.config.js @bitwarden/team-platform-dev

189
.github/renovate.json5 vendored
View File

@@ -4,52 +4,24 @@
enabledManagers: ["cargo", "github-actions", "npm"],
packageRules: [
{
// Group all build/test/lint workflows for GitHub Actions together for Platform.
// Since they are code owners we don't need to assign a review team in Renovate.
// Any changes here should also be reflected in CODEOWNERS.
groupName: "github-action",
// Group all Github Action minor updates together to reduce PR noise.
groupName: "Minor github-actions updates",
matchManagers: ["github-actions"],
matchFileNames: [
"./github/workflows/automatic-issue-responses.yml",
"./github/workflows/automatic-pull-request-responses.yml",
"./github/workflows/build-browser.yml",
"./github/workflows/build-cli.yml",
"./github/workflows/build-desktop.yml",
"./github/workflows/build-web.yml",
"./github/workflows/chromatic.yml",
"./github/workflows/crowdin-pull.yml",
"./github/workflows/enforce-labels.yml",
"./github/workflows/lint.yml",
"./github/workflows/locales-lint.yml",
"./github/workflows/repository-management.yml",
"./github/workflows/scan.yml",
"./github/workflows/stale-bot.yml",
"./github/workflows/test.yml",
"./github/workflows/version-auto-bump.yml",
],
commitMessagePrefix: "[deps] Platform:",
matchUpdateTypes: ["minor"],
addLabels: ["hold"],
},
{
// Group all release-related workflows for GitHub Actions together for BRE.
// Since they are code owners we don't need to assign a review team in Renovate.
// Any changes here should also be reflected in CODEOWNERS.
groupName: "github-action",
matchManagers: ["github-actions"],
matchFileNames: [
"./github/workflows/brew-bump-desktop.yml",
"./github/workflows/deploy-web.yml",
"./github/workflows/publish-cli.yml",
"./github/workflows/publish-desktop.yml",
"./github/workflows/publish-web.yml",
"./github/workflows/retrieve-current-desktop-rollout.yml",
"./github/workflows/staged-rollout-desktop.yml",
"./github/workflows/release-cli.yml",
"./github/workflows/release-desktop-beta.yml",
"./github/workflows/release-desktop.yml",
"./github/workflows/release-web.yml",
],
commitMessagePrefix: "[deps] BRE:",
addLabels: ["hold"],
// Enable support for Rust toolchain updates.
matchManagers: ["custom.regex"],
matchDepNames: ["rust"],
commitMessageTopic: "Rust",
},
{
// By default, we send patch updates to the Dependency Dashboard and do not generate a PR.
// We want to generate PRs for a select number of dependencies to ensure we stay up to date on these.
matchPackageNames: ["browserslist", "electron", "rxjs", "typescript", "webpack", "zone.js"],
matchUpdateTypes: ["patch"],
dependencyDashboardApproval: false,
},
{
// Disable major and minor updates for TypeScript and Zone.js because they are managed by Angular.
@@ -73,49 +45,7 @@
enabled: false,
},
{
// Renovate should manage patch updates for TypeScript and Zone.js, despite ignoring major and minor.
matchPackageNames: ["typescript", "zone.js"],
matchUpdateTypes: "patch",
},
{
// We want to update all the Jest-related packages together, to reduce PR noise.
groupName: "jest",
matchPackageNames: ["@types/jest", "jest", "ts-jest", "jest-preset-angular"],
},
{
// We need to group all napi-related packages together to avoid build errors caused by version incompatibilities.
groupName: "napi",
matchPackageNames: ["napi", "napi-build", "napi-derive"],
},
{
// We need to group all macOS/iOS binding-related packages together to avoid build errors caused by version incompatibilities.
groupName: "macOS/iOS bindings",
matchPackageNames: ["core-foundation", "security-framework", "security-framework-sys"],
},
{
// We need to group all zbus-related packages together to avoid build errors caused by version incompatibilities.
groupName: "zbus",
matchPackageNames: ["zbus", "zbus_polkit"],
},
{
matchPackageNames: [
"base64-loader",
"buffer",
"bufferutil",
"core-js",
"css-loader",
"html-loader",
"mini-css-extract-plugin",
"postcss",
"postcss-loader",
"process",
"sass",
"sass-loader",
"style-loader",
"ts-loader",
"url",
"util",
],
matchPackageNames: ["buffer", "bufferutil", "core-js", "process", "url", "util"],
description: "Admin Console owned dependencies",
commitMessagePrefix: "[deps] AC:",
reviewers: ["team:team-admin-console-dev"],
@@ -129,6 +59,9 @@
{
matchPackageNames: [
"@angular-eslint/schematics",
"@eslint/compat",
"@typescript-eslint/rule-tester",
"@typescript-eslint/utils",
"angular-eslint",
"eslint-config-prettier",
"eslint-import-resolver-typescript",
@@ -149,6 +82,7 @@
{
matchPackageNames: [
"@angular-eslint/schematics",
"@eslint/compat",
"@typescript-eslint/rule-tester",
"@typescript-eslint/utils",
"angular-eslint",
@@ -164,7 +98,7 @@
"lint-staged",
"typescript-eslint",
],
groupName: "Linting minor-patch",
groupName: "Minor and patch linting updates",
matchUpdateTypes: ["minor", "patch"],
},
{
@@ -213,7 +147,6 @@
"@types/chrome",
"@types/firefox-webext-browser",
"@types/glob",
"@types/jquery",
"@types/lowdb",
"@types/node",
"@types/node-forge",
@@ -222,6 +155,7 @@
"anyhow",
"arboard",
"babel-loader",
"base64-loader",
"base64",
"bindgen",
"browserslist",
@@ -229,6 +163,7 @@
"bytes",
"core-foundation",
"copy-webpack-plugin",
"css-loader",
"dirs",
"electron",
"electron-builder",
@@ -240,6 +175,7 @@
"futures",
"hex",
"homedir",
"html-loader",
"html-webpack-injector",
"html-webpack-plugin",
"interprocess",
@@ -248,6 +184,7 @@
"libc",
"log",
"lowdb",
"mini-css-extract-plugin",
"napi",
"napi-build",
"napi-derive",
@@ -258,15 +195,22 @@
"oslog",
"pin-project",
"pkg",
"postcss",
"postcss-loader",
"rand",
"rxjs",
"sass",
"sass-loader",
"scopeguard",
"security-framework",
"security-framework-sys",
"semver",
"serde",
"serde_json",
"simplelog",
"style-loader",
"sysinfo",
"ts-loader",
"tsconfig-paths-webpack-plugin",
"type-fest",
"typenum",
@@ -288,6 +232,52 @@
commitMessagePrefix: "[deps] Platform:",
reviewers: ["team:team-platform-dev"],
},
{
// We need to group all napi-related packages together to avoid build errors caused by version incompatibilities.
groupName: "napi",
matchPackageNames: ["napi", "napi-build", "napi-derive"],
},
{
// We need to group all macOS/iOS binding-related packages together to avoid build errors caused by version incompatibilities.
groupName: "macOS/iOS bindings",
matchPackageNames: ["core-foundation", "security-framework", "security-framework-sys"],
},
{
// We need to group all zbus-related packages together to avoid build errors caused by version incompatibilities.
groupName: "zbus",
matchPackageNames: ["zbus", "zbus_polkit"],
},
{
// We group all webpack build-related minor and patch updates together to reduce PR noise.
// We include patch updates here because we want PRs for webpack patch updates and it's in this group.
matchPackageNames: [
"@babel/core",
"@babel/preset-env",
"babel-loader",
"base64-loader",
"browserslist",
"copy-webpack-plugin",
"css-loader",
"html-loader",
"html-webpack-injector",
"html-webpack-plugin",
"mini-css-extract-plugin",
"postcss-loader",
"postcss",
"sass-loader",
"sass",
"style-loader",
"ts-loader",
"tsconfig-paths-webpack-plugin",
"webpack-cli",
"webpack-dev-server",
"webpack-node-externals",
"webpack",
],
description: "webpack-related build dependencies",
groupName: "Minor and patch webpack updates",
matchUpdateTypes: ["minor", "patch"],
},
{
matchPackageNames: [
"@angular-devkit/build-angular",
@@ -303,6 +293,7 @@
"@angular/platform-browser",
"@angular/platform",
"@angular/router",
"axe-playwright",
"@compodoc/compodoc",
"@ng-select/ng-select",
"@storybook/addon-a11y",
@@ -311,6 +302,7 @@
"@storybook/addon-essentials",
"@storybook/addon-interactions",
"@storybook/addon-links",
"@storybook/test-runner",
"@storybook/addon-themes",
"@storybook/angular",
"@storybook/manager-api",
@@ -319,9 +311,7 @@
"autoprefixer",
"bootstrap",
"chromatic",
"jquery",
"ngx-toastr",
"popper.js",
"react",
"react-dom",
"remark-gfm",
@@ -346,6 +336,11 @@
commitMessagePrefix: "[deps] SM:",
reviewers: ["team:team-secrets-manager-dev"],
},
{
// We need to update several Jest-related packages together, for version compatibility.
groupName: "jest",
matchPackageNames: ["@types/jest", "jest", "ts-jest", "jest-preset-angular"],
},
{
matchPackageNames: [
"@microsoft/signalr-protocol-msgpack",
@@ -413,6 +408,18 @@
commitMessagePrefix: "[deps] KM:",
reviewers: ["team:team-key-management-dev"],
},
{
// Any versions of lowdb above 1.0.0 are not compatible with CommonJS.
matchPackageNames: ["lowdb"],
allowedVersions: "1.0.0",
description: "Higher versions of lowdb are not compatible with CommonJS",
},
{
// Pin types as well since we are not upgrading past v1 (and also v2+ does not need separate types).
matchPackageNames: ["@types/lowdb"],
allowedVersions: "< 2.0.0",
description: "Higher versions of lowdb do not need separate types",
},
],
ignoreDeps: ["@types/koa-bodyparser", "bootstrap", "node-ipc", "node", "npm"],
ignoreDeps: ["@types/koa-bodyparser", "bootstrap", "node-ipc", "@bitwarden/sdk-internal"],
}

7
.github/workflows/build-browser-target.yml vendored
View File

@@ -8,10 +8,9 @@ name: Build Browser on PR Target
on:
pull_request_target:
types: [opened, synchronize]
branches-ignore:
- 'l10n_master'
- 'cf-pages'
types: [opened, synchronize, reopened]
branches:
- main
paths:
- 'apps/browser/**'
- 'libs/**'

7
.github/workflows/build-cli-target.yml vendored
View File

@@ -8,10 +8,9 @@ name: Build CLI on PR Target
on:
pull_request_target:
types: [opened, synchronize]
branches-ignore:
- 'l10n_master'
- 'cf-pages'
types: [opened, synchronize, reopened]
branches:
- main
paths:
- 'apps/cli/**'
- 'libs/**'

7
.github/workflows/build-desktop-target.yml vendored
View File

@@ -9,10 +9,9 @@ name: Build Desktop on PR Target
on:
pull_request_target:
types: [opened, synchronize]
branches-ignore:
- 'l10n_master'
- 'cf-pages'
types: [opened, synchronize, reopened]
branches:
- main
paths:
- 'apps/desktop/**'
- 'libs/**'

34
.github/workflows/build-desktop.yml vendored
View File

@@ -428,12 +428,6 @@ jobs:
- name: Set up environmentF
run: choco install checksum --no-progress
- name: Rust
shell: pwsh
run: |
rustup target install i686-pc-windows-msvc
rustup target install aarch64-pc-windows-msvc
- name: Print environment
run: |
node --version
@@ -681,12 +675,6 @@ jobs:
- name: Set up Node-gyp
run: python3 -m pip install setuptools --break-system-packages
- name: Rust
shell: pwsh
run: |
rustup target add aarch64-apple-darwin
rustup target add x86_64-apple-darwin
- name: Print environment
run: |
node --version
@@ -893,12 +881,6 @@ jobs:
- name: Set up Node-gyp
run: python3 -m pip install setuptools --break-system-packages
- name: Rust
shell: pwsh
run: |
rustup target add aarch64-apple-darwin
rustup target add x86_64-apple-darwin
- name: Print environment
run: |
node --version
@@ -1046,10 +1028,7 @@ jobs:
- name: Build Native Module
if: steps.cache.outputs.cache-hit != 'true'
working-directory: apps/desktop/desktop_native
run: |
rustup target add aarch64-apple-darwin
rustup target add x86_64-apple-darwin
node build.js cross-platform
run: node build.js cross-platform
- name: Build
if: steps.build-cache.outputs.cache-hit != 'true'
@@ -1146,12 +1125,6 @@ jobs:
- name: Set up Node-gyp
run: python3 -m pip install setuptools --break-system-packages
- name: Rust
shell: pwsh
run: |
rustup target add aarch64-apple-darwin
rustup target add x86_64-apple-darwin
- name: Print environment
run: |
node --version
@@ -1306,10 +1279,7 @@ jobs:
- name: Build Native Module
if: steps.cache.outputs.cache-hit != 'true'
working-directory: apps/desktop/desktop_native
run: |
rustup target add aarch64-apple-darwin
rustup target add x86_64-apple-darwin
node build.js cross-platform
run: node build.js cross-platform
- name: Build
if: steps.build-cache.outputs.cache-hit != 'true'

7
.github/workflows/build-web-target.yml vendored
View File

@@ -8,10 +8,9 @@ name: Build Web on PR Target
on:
pull_request_target:
types: [opened, synchronize]
branches-ignore:
- 'l10n_master'
- 'cf-pages'
types: [opened, synchronize, reopened]
branches:
- main
paths:
- 'apps/web/**'
- 'libs/**'

4
.github/workflows/build-web.yml vendored
View File

@@ -291,7 +291,7 @@ jobs:
- name: Install Cosign
if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
- name: Sign image with Cosign
if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
@@ -309,7 +309,7 @@ jobs:
- name: Scan Docker image
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
id: container-scan
uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0
uses: anchore/scan-action@2c901ab7378897c01b8efaa2d0c9bf519cc64b9e # v6.2.0
with:
image: ${{ steps.image-name.outputs.name }}
fail-build: false

6
.github/workflows/chromatic.yml vendored
View File

@@ -7,7 +7,9 @@ on:
- "rc"
- "hotfix-rc"
pull_request_target:
types: [opened, synchronize]
types: [opened, synchronize, reopened]
branches:
- "main"
jobs:
check-run:
@@ -73,7 +75,7 @@ jobs:
run: npm run build-storybook:ci
- name: Publish to Chromatic
uses: chromaui/action@8a12962215a66cd05b1ac5b0f1c08768d1aab155 # v11.25.0
uses: chromaui/action@e8cc4c31775280b175a3c440076c00d19a9014d7 # v11.28.2
with:
token: ${{ secrets.GITHUB_TOKEN }}
projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}

2
.github/workflows/crowdin-pull.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
crowdin_project_id: "308189"
steps:
- name: Generate GH App token
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1.12.0
uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
id: app-token
with:
app-id: ${{ secrets.BW_GHAPP_ID }}

6
.github/workflows/repository-management.yml vendored
View File

@@ -66,7 +66,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Generate GH App token
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1.12.0
uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
id: app-token
with:
app-id: ${{ secrets.BW_GHAPP_ID }}
@@ -115,7 +115,7 @@ jobs:
version: ${{ inputs.version_number_override }}
- name: Generate GH App token
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1.12.0
uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
id: app-token
with:
app-id: ${{ secrets.BW_GHAPP_ID }}
@@ -452,7 +452,7 @@ jobs:
- setup
steps:
- name: Generate GH App token
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1.12.0
uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
id: app-token
with:
app-id: ${{ secrets.BW_GHAPP_ID }}

10
.github/workflows/scan.yml vendored
View File

@@ -7,8 +7,14 @@ on:
- "main"
- "rc"
- "hotfix-rc"
pull_request:
types: [opened, synchronize, reopened]
branches-ignore:
- main
pull_request_target:
types: [opened, synchronize]
types: [opened, synchronize, reopened]
branches:
- "main"
jobs:
check-run:
@@ -68,7 +74,7 @@ jobs:
ref: ${{ github.event.pull_request.head.sha }}
- name: Scan with SonarCloud
uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
uses: sonarsource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf # v5.2.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:

51
.github/workflows/test.yml vendored
View File

@@ -8,7 +8,7 @@ on:
- "rc"
- "hotfix-rc-*"
pull_request:
types: [opened, synchronize]
types: [ opened, synchronize ]
jobs:
@@ -58,7 +58,7 @@ jobs:
run: npm test -- --coverage --maxWorkers=3
- name: Report test results
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
uses: dorny/test-reporter@6e6a65b7a0bd2c9197df7d0ae36ac5cee784230c # v2.0.0
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
with:
name: Test Results
@@ -66,11 +66,14 @@ jobs:
reporter: jest-junit
fail-on-error: true
- name: Upload coverage to codecov.io
uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
- name: Upload results to codecov.io
uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2
uses: codecov/test-results-action@f2dba722c67b86c6caa034178c6e4d35335f6706 # v1.1.0
- name: Upload test coverage
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: jest-coverage
path: ./coverage/lcov.info
rust:
name: Run Rust tests on ${{ matrix.os }}
@@ -148,7 +151,37 @@ jobs:
working-directory: ./apps/desktop/desktop_native
run: cargo llvm-cov --all-features --lcov --output-path lcov.info --workspace --no-cfg-coverage
- name: Upload to codecov.io
uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1
- name: Upload test coverage
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
files: ./apps/desktop/desktop_native/lcov.info
name: rust-coverage
path: ./apps/desktop/desktop_native/lcov.info
upload-codecov:
name: Upload to Codecov
runs-on: ubuntu-22.04
needs:
- testing
- rust-coverage
steps:
- name: Check out repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download jest coverage
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: jest-coverage
path: ./
- name: Download rust coverage
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: rust-coverage
path: ./apps/desktop/desktop_native
- name: Upload coverage to codecov.io
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
with:
files: |
./lcov.info
./apps/desktop/desktop_native/lcov.info

2
.github/workflows/version-auto-bump.yml vendored
View File

@@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Generate GH App token
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1.12.0
uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
id: app-token
with:
app-id: ${{ secrets.BW_GHAPP_ID }}