From abb7f08c87518eb9777a16e408b3cd47e275a86d Mon Sep 17 00:00:00 2001
From: Vince Grassia <593223+vgrassia@users.noreply.github.com>
Date: Mon, 29 Jul 2024 10:19:49 -0400
Subject: [PATCH] Update to unblock CI builds

---
 .github/workflows/build-desktop.yml           | 20 ++++++++++++++-----
 .../macos/desktop.xcodeproj/project.pbxproj   |  8 ++++++--
 apps/desktop/macos/production.xcconfig        | 11 ++++++++++
 apps/desktop/scripts/after-sign.js            |  8 ++++++--
 apps/desktop/scripts/build-macos-extension.js |  3 +++
 5 files changed, 41 insertions(+), 9 deletions(-)
 create mode 100644 apps/desktop/macos/production.xcconfig

diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
index 9e59bc47853..8c28bc5498a 100644
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -1078,6 +1078,21 @@ jobs:
             --file $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
             --output none
 
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+            --name bitwarden_desktop_autofill_app_store_2024.provisionprofile \
+            --file $HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile \
+            --output none
+
+      - name: Set up provisioning profiles
+        run: |
+          AUTOFILL_PROFILE_PATH=$HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile
+          PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles
+
+          mkdir -p "$PROFILES_DIR_PATH"
+
+          AUTOFILL_UUID=$(grep UUID -A1 -a $AUTOFILL_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
+          cp $AUTOFILL_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTOFILL_UUID.provisionprofile"
+
       - name: Get certificates
         run: |
           mkdir -p $HOME/certificates
@@ -1129,11 +1144,6 @@ jobs:
 
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
 
-      - name: Set up provisioning profiles
-        run: |
-          cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \
-            $GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile
-
       - name: Increment version
         shell: pwsh
         env:
diff --git a/apps/desktop/macos/desktop.xcodeproj/project.pbxproj b/apps/desktop/macos/desktop.xcodeproj/project.pbxproj
index 00f9ace6e81..313b158895c 100644
--- a/apps/desktop/macos/desktop.xcodeproj/project.pbxproj
+++ b/apps/desktop/macos/desktop.xcodeproj/project.pbxproj
@@ -13,6 +13,7 @@
 /* End PBXBuildFile section */
 
 /* Begin PBXFileReference section */
+		968ED08A2C52A47200FFFEE6 /* Production.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Production.xcconfig; sourceTree = "<group>"; };
 		E1DF713C2B342F6900F29026 /* autofill-extension.appex */ = {isa = PBXFileReference; explicitFileType = "wrapper.app-extension"; includeInIndex = 0; path = "autofill-extension.appex"; sourceTree = BUILT_PRODUCTS_DIR; };
 		E1DF713E2B342F6900F29026 /* AuthenticationServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AuthenticationServices.framework; path = System/Library/Frameworks/AuthenticationServices.framework; sourceTree = SDKROOT; };
 		E1DF71412B342F6900F29026 /* CredentialProviderViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CredentialProviderViewController.swift; sourceTree = "<group>"; };
@@ -36,6 +37,7 @@
 		E1DF711D2B342E2800F29026 = {
 			isa = PBXGroup;
 			children = (
+				968ED08A2C52A47200FFFEE6 /* Production.xcconfig */,
 				E1DF71402B342F6900F29026 /* autofill-extension */,
 				E1DF713D2B342F6900F29026 /* Frameworks */,
 				E1DF71272B342E2800F29026 /* Products */,
@@ -189,6 +191,7 @@
 				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				CODE_SIGN_ENTITLEMENTS = "autofill-extension/autofill_extension.entitlements";
 				COPY_PHASE_STRIP = NO;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
@@ -252,6 +255,7 @@
 				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				CODE_SIGN_ENTITLEMENTS = "autofill-extension/autofill_extension.entitlements";
 				COPY_PHASE_STRIP = NO;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				ENABLE_NS_ASSERTIONS = NO;
@@ -282,7 +286,7 @@
 				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Mac Developer";
 				CODE_SIGN_STYLE = Manual;
 				CURRENT_PROJECT_VERSION = 1;
-				DEVELOPMENT_TEAM = LTZ2PFU5D6;
+				DEVELOPMENT_TEAM = "";
 				"DEVELOPMENT_TEAM[sdk=macosx*]" = LTZ2PFU5D6;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -313,7 +317,7 @@
 				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Mac Developer";
 				CODE_SIGN_STYLE = Manual;
 				CURRENT_PROJECT_VERSION = 1;
-				DEVELOPMENT_TEAM = LTZ2PFU5D6;
+				DEVELOPMENT_TEAM = "";
 				"DEVELOPMENT_TEAM[sdk=macosx*]" = LTZ2PFU5D6;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
diff --git a/apps/desktop/macos/production.xcconfig b/apps/desktop/macos/production.xcconfig
new file mode 100644
index 00000000000..f06f2bf736e
--- /dev/null
+++ b/apps/desktop/macos/production.xcconfig
@@ -0,0 +1,11 @@
+//
+//  Production.xcconfig
+//  desktop
+//
+//  Created by Vince Grassia on 7/25/24.
+//
+
+// Configuration settings file format documentation can be found at:
+// https://help.apple.com/xcode/#/dev745c5c974
+CODE_SIGN_IDENTITY[sdk=macosx*] = 3rd Party Mac Developer Application
+PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*] = Bitwarden Desktop Autofill App Store 2024
diff --git a/apps/desktop/scripts/after-sign.js b/apps/desktop/scripts/after-sign.js
index 3ac8dfd61b4..0a137f9ce8b 100644
--- a/apps/desktop/scripts/after-sign.js
+++ b/apps/desktop/scripts/after-sign.js
@@ -27,7 +27,9 @@ async function run(context) {
     if (!fse.existsSync(extensionPath)) {
       console.log("### Autofill extension not found - skipping");
     } else {
-      fse.mkdirSync(path.join(appPath, "Contents/PlugIns"));
+      if (!fse.existsSync(path.join(appPath, "Contents/PlugIns"))) {
+        fse.mkdirSync(path.join(appPath, "Contents/PlugIns"));
+      }
       fse.copySync(extensionPath, path.join(appPath, "Contents/PlugIns/autofill-extension.appex"));
       shouldResign = true;
     }
@@ -40,7 +42,9 @@ async function run(context) {
     if (!fse.existsSync(plugIn)) {
       console.log("### Safari extension not found - skipping");
     } else {
-      fse.mkdirSync(path.join(appPath, "Contents/PlugIns"));
+      if (!fse.existsSync(path.join(appPath, "Contents/PlugIns"))) {
+        fse.mkdirSync(path.join(appPath, "Contents/PlugIns"));
+      }
       fse.copySync(
         path.join(plugIn, "safari.appex"),
         path.join(appPath, "Contents/PlugIns/safari.appex"),
diff --git a/apps/desktop/scripts/build-macos-extension.js b/apps/desktop/scripts/build-macos-extension.js
index 25f8a5fb8a8..3aa43fb6785 100644
--- a/apps/desktop/scripts/build-macos-extension.js
+++ b/apps/desktop/scripts/build-macos-extension.js
@@ -10,6 +10,7 @@ const paths = {
   extensionDistDir: "./macos/dist",
   extensionDist: "./macos/dist/autofill-extension.appex",
   macOsProject: "./macos/desktop.xcodeproj",
+  macOsConfig: "./macos/production.xcconfig",
 };
 
 async function buildMacOs() {
@@ -27,6 +28,8 @@ async function buildMacOs() {
     "-alltargets",
     "-configuration",
     "Release",
+    "-xcconfig",
+    paths.macOsConfig,
   ]);
   stdOutProc(proc);
   await new Promise((resolve, reject) =>