* ci: add SDK breaking change detection workflow
Introduces GitHub Actions workflow that detects TypeScript breaking changes when SDK artifacts are updated. Workflow is triggered via repository_dispatch from SDK repository and runs npm test:types with newly built SDK artifacts.
The workflow downloads SDK build artifacts, installs them locally, and executes the existing TypeScript type checking process. Exit codes determine success/failure for SDK repository monitoring via gh run watch.
Addresses issue where breaking changes in SDK are discovered only when clients attempt SDK version updates, rather than during SDK development.
* review: add input validation for client payload fields
Add validation step early in the workflow to check for required
client_payload fields and prevent failures from malformed payloads.
This improvement was requested during code review to provide better
error handling and debugging information when the SDK workflow sends
incomplete data.
Validates SOURCE_REPO, SDK_VERSION, ARTIFACTS_RUN_ID, and ARTIFACT_NAME
before proceeding with artifact download and type checking.
* review: update action versions to match repository standards
Update GitHub Actions to consistent versions used across the clients
repository for better security and compatibility. This change was
requested during code review to align with existing patterns.
- actions/checkout: v4.2.2 → v5.0.0 with specific SHA hash
- actions/setup-node: v4.2.0 → v5.0.0 with specific SHA hash
- actions/create-github-app-token: v2.1.1 → v2.0.3 with specific SHA hash
Uses specific SHA hashes for all actions following repository security standards.
* review: add timeout to type checking command for faster failure detection
Wrap npm run test:types with 10-minute timeout to provide faster feedback
when type checking hangs and more predictable workflow behavior. This
improvement was requested during code review to prevent workflows from
running until the 15-minute job timeout.
Provides clearer indication when type checking itself fails versus other
workflow issues, improving debugging experience for developers.
* review: use CLIENT_LABEL environment variable in logging and output
Add CLIENT_LABEL to log messages and GitHub Step Summary output for
better traceability and debugging. This change
was requested during
code review to make use of the defined CLIENT_LABEL environment
variable that was previously unused.
Improves workflow output clarity by showing which client type
(typescript, mobile, etc.) is being processed.
* review: add retry logic for npm ci command to handle network issues
Implement shell-based retry logic (3 attempts with 5-second delays) for
npm ci command to handle temporary network issues without adding external
dependencies. This improvement was requested during code review to make
the workflow more resilient to transient failures.
Continues with existing npm install approach while adding robustness
for dependency installation in GitHub Actions environment.
* review: improve shell script variable quoting for better practices
Update shell script to use proper variable quoting syntax throughout
(${VARIABLE} instead of $VARIABLE) for better shell scripting practices
and consistency. This change was requested during code review to follow
shell scripting best practices.
While this won't cause problems in practice, it prevents potential
word splitting issues and improves code maintainability.
* review: add back logging out of Azure
* review: adjust logic of retries for npm ci
* review: quote some strings
* review: add error catching around npm i
* review: remove unnecessary cleanup step
* review: use npm link and bitwarden/gh-actions/download-artifacts
* review: add underscores to job level env vars
* 🎨 fix artipacked zizmor issue and improved actionlint formatting
---------
Co-authored-by: Matt Andreko <mandreko@bitwarden.com>
* feat: add commercial sdk as optional dependency
* feat: add alias to CLI
* feat: add alias to browser
* feat: add alias to web
* fix: revert optional - we cant omit optional dependencies or the builds break
* feat: remove commercial package from browser build
* feat: remove commercial package from cli build
* feat: remove commercial package from web build
* chore: add commercial sdk to renovate
* fix: windows cli workflow
* fix: accidental change
* feat: add lint for version string
* undo weird merge changes
* Fix false positive CI check for index.d.ts generation
* use event
* lint: use env var
* use sha not ref
* only run in one platform
* simplify
* one platform
* ci: add experimental Nx affected workflow
Adds .github/workflows/nx.yml to run \`nx affected\` on pull requests,
testing only changed libraries for build, lint, and test targets.
This prevents regressions of the library configuration issues discovered
in the systematic Nx library audit and ensures proper library builds in CI.
Features:
- Uses nrwl/nx-set-shas for accurate affected project detection
- Tests build, lint, and test targets
- Runs on PR open/synchronize events
- Helps catch package.json path bugs before merge
* review: get node version from .nvmrc
* feat: create separate bit licensed browser
* feat: refactor webpack config
* fix: mv2 build not working
* feat: add bit versions of all commands
* feat: add bit CI builds
* fix: scss missing from build
Apply the same clippy configuration as we have in sdk-internal. bitwarden/sdk-internal@49f84e6/Cargo.toml#L91-L94
Adds FIXME comments to all existing violations. unwrap is bad as those will resullt in panics and crash the application. Unused async is ignored in napi since that would require changes to the js side which I don't want to deal with.
* Use Fastlane to publish to Apple App Store
* Publish MacOS build number as artifact
* Download and source build number from artifact
* Refactor Fastlane file to use already existing builds in TestFlight
* fastfile changes, release workflow changes, gitignore addition
* reorder steps to after dist dir is created
* resolve pathing issue
* upload step path fix
* make comments more clear
* enable phased rollout, add auto-submit checkbox
* move logic from release to publish workflow
* configure dry run properly for MAS
* edit file for testing
* workflow testing
* verbose logging for debugging
* update to look at releases
* remove verbose flag for next test
* add verbose logging back
* disable precheck
* hardcode app v for test
* hardcode app v for testing
* additional test
* log build numbers
* remove testing values, prep for draft PR
* flip metadata bool for testing
* comment out branch check
* hardcode locales
* add metadata and locales change
* lane change
* more logging for finding build
* address logs feedback
* edit_live false
* testing
* extra logging from apple api
* testing
* workaround for attaching build attempt
* workaround patch update
* simplify and retest skip metadata true
* turn precheck true
* remove autosubmit checkbox, add live edit true for testing release notes formatting
* re-org dispatch, rename dir to release_notes, flip live edit to false
* another formatting attempt
* additional formatting changes
* account for double space, add dash to beginning
* different formatting approach
* format test
* simplified notes formatting test, double line after each period
* proper formatting
* rename file for rust linter
* remove testing comments
* remove default string from notes, logic to check for empty release notes in mas_publish, formatting
* add validation logic after publishing
---------
Co-authored-by: Micaiah Martin <github@sourcecodemt.com>
* trigger Autofill BIT checks on browser build workflow completion and autofill-affecting file changes
* further adjustments
* hardcode bitwarden owner
* remove unneeded origin_repo data in dispatch payload
* add ownership for workflow
* use actions/create-github-app-token
* update CODEOWNERS line with suggestion
* update dockerfile and entrypoint script
* update entrypoint to sh
* add icu-libs to web container to fix startup errors
* remaining change needed for icu-libs
* pin alpine and update apk add commands
