From a5df3540afcaa37eff0067dfc23728526533ec98 Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Wed, 25 Feb 2026 11:15:19 +0100 Subject: [PATCH] [PM-31831] fix: add support for overriding commercial SDK (#18863) * fix: add support for overriding commercial SDK * fix: only download commercial when needed * fix: only download OSS SDK for OSS builds and commercial SDK for commercial builds Previously, the OSS sdk-internal was downloaded and linked for all build types including commercial, which is wasteful. Now each build type only downloads the SDK artifact it needs. Co-Authored-By: Claude Opus 4.6 * revert: changes to build-desktop.yml --------- Co-authored-by: Claude Opus 4.6 --- .github/workflows/build-browser.yml | 45 +++++++++++++++++++++++++--- .github/workflows/build-cli.yml | 46 ++++++++++++++++++++++++++--- .github/workflows/build-web.yml | 15 +++++++++- apps/web/Dockerfile | 17 +++++++---- 4 files changed, 108 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build-browser.yml b/.github/workflows/build-browser.yml index 6a334e31a18..ef696c70d57 100644 --- a/.github/workflows/build-browser.yml +++ b/.github/workflows/build-browser.yml @@ -291,7 +291,7 @@ jobs: working-directory: browser-source/ - name: Download SDK artifacts - if: ${{ inputs.sdk_branch != '' }} + if: ${{ inputs.sdk_branch != '' && matrix.license_type.type != 'commercial' }} uses: bitwarden/gh-actions/download-artifacts@main with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -304,10 +304,28 @@ jobs: if_no_artifact_found: fail - name: Override SDK - if: ${{ inputs.sdk_branch != '' }} + if: ${{ inputs.sdk_branch != '' && matrix.license_type.type != 'commercial' }} working-directory: browser-source/ run: npm link ../sdk-internal + - name: Download Commercial SDK Artifacts + if: ${{ inputs.sdk_branch != '' && matrix.license_type.type == 'commercial' }} + uses: bitwarden/gh-actions/download-artifacts@main + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + workflow: build-wasm-internal.yml + workflow_conclusion: success + branch: ${{ inputs.sdk_branch }} + artifacts: commercial-sdk-internal + repo: bitwarden/sdk-internal + path: commercial-sdk-internal + if_no_artifact_found: fail + + - name: Override Commercial SDK + if: ${{ inputs.sdk_branch != '' && matrix.license_type.type == 'commercial' }} + working-directory: browser-source/ + run: npm link ../commercial-sdk-internal + - name: Check source file size if: ${{ startsWith(matrix.browser.name, 'firefox') }} run: | @@ -493,7 +511,7 @@ jobs: working-directory: ./ - name: Download SDK Artifacts - if: ${{ inputs.sdk_branch != '' }} + if: ${{ inputs.sdk_branch != '' && matrix.license_type.type != 'commercial' }} uses: bitwarden/gh-actions/download-artifacts@main with: github_token: ${{secrets.GITHUB_TOKEN}} @@ -506,11 +524,30 @@ jobs: if_no_artifact_found: fail - name: Override SDK - if: ${{ inputs.sdk_branch != '' }} + if: ${{ inputs.sdk_branch != '' && matrix.license_type.type != 'commercial' }} working-directory: ./ run: | npm link ../sdk-internal + - name: Download Commercial SDK Artifacts + if: ${{ inputs.sdk_branch != '' && matrix.license_type.type == 'commercial' }} + uses: bitwarden/gh-actions/download-artifacts@main + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + workflow: build-wasm-internal.yml + workflow_conclusion: success + branch: ${{ inputs.sdk_branch }} + artifacts: commercial-sdk-internal + repo: bitwarden/sdk-internal + path: ../commercial-sdk-internal + if_no_artifact_found: fail + + - name: Override Commercial SDK + if: ${{ inputs.sdk_branch != '' && matrix.license_type.type == 'commercial' }} + working-directory: ./ + run: | + npm link ../commercial-sdk-internal + - name: Build Safari extension run: npm run ${{matrix.license_type.npm_command_prefix}}safari working-directory: apps/browser diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml index 75820c54977..201c7858feb 100644 --- a/.github/workflows/build-cli.yml +++ b/.github/workflows/build-cli.yml @@ -146,7 +146,7 @@ jobs: working-directory: ./ - name: Download SDK Artifacts - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' && matrix.license_type.type != 'commercial' }} uses: bitwarden/gh-actions/download-artifacts@main with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -159,12 +159,31 @@ jobs: if_no_artifact_found: fail - name: Override SDK - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' && matrix.license_type.type != 'commercial' }} working-directory: ./ run: | ls -l ../ npm link ../sdk-internal + - name: Download Commercial SDK Artifacts + if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' && matrix.license_type.type == 'commercial' }} + uses: bitwarden/gh-actions/download-artifacts@main + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + workflow: build-wasm-internal.yml + workflow_conclusion: success + branch: ${{ inputs.sdk_branch }} + artifacts: commercial-sdk-internal + repo: bitwarden/sdk-internal + path: ../commercial-sdk-internal + if_no_artifact_found: fail + + - name: Override Commercial SDK + if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' && matrix.license_type.type == 'commercial' }} + working-directory: ./ + run: | + npm link ../commercial-sdk-internal + - name: Build & Package Unix env: _SHORT_RUNNER_OS: ${{ env.SHORT_RUNNER_OS }} @@ -421,7 +440,7 @@ jobs: working-directory: ./ - name: Download SDK Artifacts - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' && matrix.license_type.type != 'commercial' }} uses: bitwarden/gh-actions/download-artifacts@main with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -434,12 +453,31 @@ jobs: if_no_artifact_found: fail - name: Override SDK - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' && matrix.license_type.type != 'commercial' }} working-directory: ./ run: | ls -l ../ npm link ../sdk-internal + - name: Download Commercial SDK Artifacts + if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' && matrix.license_type.type == 'commercial' }} + uses: bitwarden/gh-actions/download-artifacts@main + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + workflow: build-wasm-internal.yml + workflow_conclusion: success + branch: ${{ inputs.sdk_branch }} + artifacts: commercial-sdk-internal + repo: bitwarden/sdk-internal + path: ../commercial-sdk-internal + if_no_artifact_found: fail + + - name: Override Commercial SDK + if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' && matrix.license_type.type == 'commercial' }} + working-directory: ./ + run: | + npm link ../commercial-sdk-internal + - name: Build & Package Windows run: npm run dist:${{ matrix.license_type.build_prefix }}:win --quiet diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml index 688bd30bfe5..36f8ee01c2c 100644 --- a/.github/workflows/build-web.yml +++ b/.github/workflows/build-web.yml @@ -187,7 +187,7 @@ jobs: persist-credentials: false - name: Download SDK Artifacts - if: ${{ inputs.sdk_branch != '' }} + if: ${{ inputs.sdk_branch != '' && matrix.license_type != 'commercial' }} uses: bitwarden/gh-actions/download-artifacts@main with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -199,6 +199,19 @@ jobs: path: sdk-internal if_no_artifact_found: fail + - name: Download Commercial SDK Artifacts + if: ${{ inputs.sdk_branch != '' && matrix.license_type == 'commercial' }} + uses: bitwarden/gh-actions/download-artifacts@main + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + workflow: build-wasm-internal.yml + workflow_conclusion: success + branch: ${{ inputs.sdk_branch }} + artifacts: commercial-sdk-internal + repo: bitwarden/sdk-internal + path: commercial-sdk-internal + if_no_artifact_found: fail + - name: Check Branch to Publish env: PUBLISH_BRANCHES: "main,rc,hotfix-rc-web" diff --git a/apps/web/Dockerfile b/apps/web/Dockerfile index 27036e16240..96e973de889 100644 --- a/apps/web/Dockerfile +++ b/apps/web/Dockerfile @@ -9,18 +9,23 @@ COPY package*.json ./ COPY . . RUN npm ci -# Remove commercial packages if LICENSE_TYPE is not 'commercial' -ARG LICENSE_TYPE=oss -RUN if [ "${LICENSE_TYPE}" != "commercial" ] ; then \ - rm -rf node_modules/@bitwarden/commercial-sdk-internal ; \ - fi - # Override SDK if custom artifacts are present RUN if [ -d "sdk-internal" ]; then \ echo "Overriding SDK with custom artifacts from sdk-internal" ; \ npm link ./sdk-internal ; \ fi +RUN if [ -d "commercial-sdk-internal" ]; then \ + echo "Overriding Commercial SDK with custom artifacts from commercial-sdk-internal" ; \ + npm link ./commercial-sdk-internal ; \ + fi + +# Remove commercial packages if LICENSE_TYPE is not 'commercial' +ARG LICENSE_TYPE=oss +RUN if [ "${LICENSE_TYPE}" != "commercial" ] ; then \ + rm -rf node_modules/@bitwarden/commercial-sdk-internal ; \ + fi + WORKDIR /source/apps/web ARG NPM_COMMAND=dist:bit:selfhost RUN npm run ${NPM_COMMAND}