* [deps]: Update actions/upload-artifact action to v4.6.2
* Bumping to 5.0.0. to keep all usages in sync
All other upload-artifacts actions were also bumped to 5.0.0 with https://github.com/bitwarden/clients/pull/17305
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* swap to repository dispatch
Introduces GitHub Actions workflow that detects TypeScript breaking changes when SDK artifacts are updated. Workflow is triggered via repository_dispatch from SDK repository and runs npm test:types with newly built SDK artifacts.
The workflow downloads SDK build artifacts, installs them locally, and executes the existing TypeScript type checking process. Exit codes determine success/failure for SDK repository monitoring via gh run watch.
Addresses issue where breaking changes in SDK are discovered only when clients attempt SDK version updates, rather than during SDK development.
* review: claude fixes
* [BRE-1302] Update runner to macos-15 for build-browser workflow on build-safari job
* [BRE-1302] Remove macos-13 and 14, add macos-15 to os matrix for build-cli
* [BRE-1302] Update macos runner to 15 and add python setup step before setuptools install
* [BRE-1302] Update macos runner to 15 for 2 additional jobs and add python setup step
* adding arm64 snap, flatpak and tar variant to releases now for future flatpak consumption
* adding arm64 snap, flatpak and tar build process
---------
Co-authored-by: fredrmb <69513590+fredrmb@users.noreply.github.com>
* ci: add SDK breaking change detection workflow
Introduces GitHub Actions workflow that detects TypeScript breaking changes when SDK artifacts are updated. Workflow is triggered via repository_dispatch from SDK repository and runs npm test:types with newly built SDK artifacts.
The workflow downloads SDK build artifacts, installs them locally, and executes the existing TypeScript type checking process. Exit codes determine success/failure for SDK repository monitoring via gh run watch.
Addresses issue where breaking changes in SDK are discovered only when clients attempt SDK version updates, rather than during SDK development.
* review: add input validation for client payload fields
Add validation step early in the workflow to check for required
client_payload fields and prevent failures from malformed payloads.
This improvement was requested during code review to provide better
error handling and debugging information when the SDK workflow sends
incomplete data.
Validates SOURCE_REPO, SDK_VERSION, ARTIFACTS_RUN_ID, and ARTIFACT_NAME
before proceeding with artifact download and type checking.
* review: update action versions to match repository standards
Update GitHub Actions to consistent versions used across the clients
repository for better security and compatibility. This change was
requested during code review to align with existing patterns.
- actions/checkout: v4.2.2 → v5.0.0 with specific SHA hash
- actions/setup-node: v4.2.0 → v5.0.0 with specific SHA hash
- actions/create-github-app-token: v2.1.1 → v2.0.3 with specific SHA hash
Uses specific SHA hashes for all actions following repository security standards.
* review: add timeout to type checking command for faster failure detection
Wrap npm run test:types with 10-minute timeout to provide faster feedback
when type checking hangs and more predictable workflow behavior. This
improvement was requested during code review to prevent workflows from
running until the 15-minute job timeout.
Provides clearer indication when type checking itself fails versus other
workflow issues, improving debugging experience for developers.
* review: use CLIENT_LABEL environment variable in logging and output
Add CLIENT_LABEL to log messages and GitHub Step Summary output for
better traceability and debugging. This change
was requested during
code review to make use of the defined CLIENT_LABEL environment
variable that was previously unused.
Improves workflow output clarity by showing which client type
(typescript, mobile, etc.) is being processed.
* review: add retry logic for npm ci command to handle network issues
Implement shell-based retry logic (3 attempts with 5-second delays) for
npm ci command to handle temporary network issues without adding external
dependencies. This improvement was requested during code review to make
the workflow more resilient to transient failures.
Continues with existing npm install approach while adding robustness
for dependency installation in GitHub Actions environment.
* review: improve shell script variable quoting for better practices
Update shell script to use proper variable quoting syntax throughout
(${VARIABLE} instead of $VARIABLE) for better shell scripting practices
and consistency. This change was requested during code review to follow
shell scripting best practices.
While this won't cause problems in practice, it prevents potential
word splitting issues and improves code maintainability.
* review: add back logging out of Azure
* review: adjust logic of retries for npm ci
* review: quote some strings
* review: add error catching around npm i
* review: remove unnecessary cleanup step
* review: use npm link and bitwarden/gh-actions/download-artifacts
* review: add underscores to job level env vars
* 🎨 fix artipacked zizmor issue and improved actionlint formatting
---------
Co-authored-by: Matt Andreko <mandreko@bitwarden.com>
* Session timeout policy
* default "custom" is 8 hours, validation fixes
* ownership update
* default max allowed timeout is not selected
* adjusting defaults, fixing backwards compatibility, skip type confirmation dialog when switching between the never and on system lock
* unit test coverage
* wording update, custom hours, minutes jumping on errors
* wording update
* wrong session timeout action dropdown label
* show dialog as valid when opened first time, use @for loop, use controls instead of get
* dialog static opener
* easier to understand type value listener
* unit tests
* explicit maximum allowed timeout required error
* eslint revert
* feat: add commercial sdk as optional dependency
* feat: add alias to CLI
* feat: add alias to browser
* feat: add alias to web
* fix: revert optional - we cant omit optional dependencies or the builds break
* feat: remove commercial package from browser build
* feat: remove commercial package from cli build
* feat: remove commercial package from web build
* chore: add commercial sdk to renovate
* fix: windows cli workflow
* fix: accidental change
* feat: add lint for version string
* undo weird merge changes
* Extract windows biometrics v2 changes
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
* Address some code review feedback
* cargo fmt
* rely on zeroizing allocator
* Handle TDE edge cases
* Update windows default
* Make windows rust code async and fix restoring focus freezes
* fix formatting
* cleanup native logging
* Add unit test coverage
* Add missing logic to edge case for PIN disable.
* Address code review feedback
* fix test
* code review changes
* fix clippy warning
* Swap to unimplemented on each method
* Implement encrypted memory store
* Make dpapi secure key container pub(super)
* Add comments on sync and send
* Clean up comments
* Clean up
* Fix build
* Add logging and update codeowners
* Run cargo fmt
* Clean up doc
* fix unit tests
* Update apps/desktop/desktop_native/core/src/secure_memory/secure_key/mod.rs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Handle tampering with re-key and log
* Add docs
* Fix windows build
* Prevent rust flycheck log from being commited to git
* Undo feature flag change
* Add env var override and docs
* Add deps to km owership
---------
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
