bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-01-04 09:33:27 +00:00
Code Issues Releases Wiki Activity

Clean up workflow files from Zizmor output (#16690)

Browse Source
This commit is contained in:
Matt Andreko
2025-10-21 13:13:45 -04:00
committed by GitHub
parent 63cdae92be
commit 8beb1c6ab0
26 changed files with 536 additions and 382 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
.github/workflows/build-browser.yml vendored
View File

@@ -58,15 +58,16 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Get Package Version
id: gen_vars
run: |
repo_url=https://github.com/$GITHUB_REPOSITORY.git
repo_url="https://github.com/$GITHUB_REPOSITORY.git"
adj_build_num=${GITHUB_SHA:0:7}
echo "repo_url=$repo_url" >> $GITHUB_OUTPUT
echo "adj_build_number=$adj_build_num" >> $GITHUB_OUTPUT
echo "repo_url=$repo_url" >> "$GITHUB_OUTPUT"
echo "adj_build_number=$adj_build_num" >> "$GITHUB_OUTPUT"
- name: Get Node Version
id: retrieve-node-version
@@ -74,13 +75,13 @@ jobs:
run: |
NODE_NVMRC=$(cat .nvmrc)
NODE_VERSION=${NODE_NVMRC/v/''}
echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
- name: Check secrets
id: check-secrets
run: |
has_secrets=${{ secrets.AZURE_CLIENT_ID != '' }}
echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT
echo "has_secrets=$has_secrets" >> "$GITHUB_OUTPUT"
locales-test:
@@ -96,6 +97,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Testing locales - extName length
run: |
@@ -105,12 +107,14 @@ jobs:
echo "============"
echo "extName string must be 40 characters or less"
echo
for locale in $(ls src/_locales/); do
string_length=$(jq '.extName.message | length' src/_locales/$locale/messages.json)
if [[ $string_length -gt 40 ]]; then
echo "$locale: $string_length"
found_error=true
fi
for locale_path in src/_locales/*/messages.json; do
locale=$(basename "$(dirname "$locale_path")")
string_length=$(jq '.extName.message | length' "$locale_path")
if [ "$string_length" -gt 40 ]; then
echo "$locale: $string_length"
found_error=true
fi
done
if $found_error; then
@@ -145,6 +149,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Set up Node
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
@@ -246,6 +251,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Set up Node
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
@@ -301,13 +307,13 @@ jobs:
TARGET_DIR='./browser-source/apps/browser'
while IFS=' ' read -r RESULT; do
FILES+=("$RESULT")
done < <(find $TARGET_DIR -size +5M)
done < <(find "$TARGET_DIR" -size +5M)
# Validate results and provide messaging
if [[ ${#FILES[@]} -ne 0 ]]; then
echo "File(s) exceeds size limit: 5MB"
for FILE in ${FILES[@]}; do
echo "- $(du --si $FILE)"
for FILE in "${FILES[@]}"; do
echo "- $(du --si "$FILE")"
done
echo "ERROR Firefox rejects extension uploads that contain files larger than 5MB"
# Invoke failure
@@ -357,6 +363,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Set up Node
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
@@ -389,34 +396,34 @@ jobs:
ACCOUNT_NAME: bitwardenci
CONTAINER_NAME: profiles
run: |
mkdir -p $HOME/secrets
mkdir -p "$HOME/secrets"
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
--name bitwarden_desktop_appstore.provisionprofile \
--file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
--file "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
--output none
- name: Get certificates
run: |
mkdir -p $HOME/certificates
mkdir -p "$HOME/certificates"
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
jq -r .value | base64 -d > $HOME/certificates/bitwarden-desktop-key.p12
jq -r .value | base64 -d > "$HOME/certificates/bitwarden-desktop-key.p12"
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
jq -r .value | base64 -d > $HOME/certificates/appstore-app-cert.p12
jq -r .value | base64 -d > "$HOME/certificates/appstore-app-cert.p12"
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
jq -r .value | base64 -d > $HOME/certificates/appstore-installer-cert.p12
jq -r .value | base64 -d > "$HOME/certificates/appstore-installer-cert.p12"
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
jq -r .value | base64 -d > "$HOME/certificates/devid-app-cert.p12"
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
jq -r .value | base64 -d > "$HOME/certificates/devid-installer-cert.p12"
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
jq -r .value | base64 -d > "$HOME/certificates/macdev-cert.p12"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
@@ -425,9 +432,9 @@ jobs:
env:
KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
run: |
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security set-keychain-settings -lut 1200 build.keychain
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
@@ -448,7 +455,7 @@ jobs:
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
- name: NPM setup
run: npm ci
@@ -507,6 +514,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main