mirror of
https://github.com/bitwarden/browser
synced 2025-12-06 00:13:28 +00:00
7cba6f4170
* Turn on passkeys and dev mode
* PM-19138: Add try-catch to desktop-autofill (#13964)
* PM-19424: React to IPC disconnect (#14123)
* React to IPC disconnects
* Minor cleanup
* Update apps/desktop/package.json
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* Relaxed ordering
---------
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* Autofill/pm 9034 implement passkey for unlocked accounts (#13826)
* Passkey stuff
Co-authored-by: Anders Åberg <github@andersaberg.com>
* Ugly hacks
* Work On Modal State Management
* Applying modalStyles
* modal
* Improved hide/show
* fixed promise
* File name
* fix prettier
* Protecting against null API's and undefined data
* Only show fake popup to devs
* cleanup mock code
* rename minmimal-app to modal-app
* Added comment
* Added comment
* removed old comment
* Avoided changing minimum size
* Add small comment
* Rename component
* adress feedback
* Fixed uppercase file
* Fixed build
* Added codeowners
* added void
* commentary
* feat: reset setting on app start
* Moved reset to be in main / process launch
* Add comment to create window
* Added a little bit of styling
* Use Messaging service to loadUrl
* Enable passkeysautofill
* Add logging
* halfbaked
* Integration working
* And now it works without extra delay
* Clean up
* add note about messaging
* lb
* removed console.logs
* Cleanup and adress review feedback
* This hides the swift UI
* add modal components
* update modal with correct ciphers and functionality
* add create screen
* pick credential, draft
* Remove logger
* a whole lot of wiring
* not working
* Improved wiring
* Cancel after 90s
* Introduced observable
* update cipher handling
* update to use matchesUri
* Launching bitwarden if its not running
* Passing position from native to electron
* Rename inModalMode to modalMode
* remove tap
* revert spaces
* added back isDev
* cleaned up a bit
* Cleanup swift file
* tweaked logging
* clean up
* Update apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Update apps/desktop/src/platform/main/autofill/native-autofill.main.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Update apps/desktop/src/platform/services/desktop-settings.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* adress position feedback
* Update apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Removed extra logging
* Adjusted error logging
* Use .error to log errors
* remove dead code
* Update desktop-autofill.service.ts
* use parseCredentialId instead of guidToRawFormat
* Update apps/desktop/src/autofill/services/desktop-autofill.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Change windowXy to a Record instead of [number,number]
* Update apps/desktop/src/autofill/services/desktop-fido2-user-interface.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Remove unsued dep and comment
* changed timeout to be spec recommended maxium, 10 minutes, for now.
* Correctly assume UP
* Removed extra cancelRequest in deinint
* Add timeout and UV to confirmChoseCipher
UV is performed by UI, not the service
* Improved docs regarding undefined cipherId
* cleanup: UP is no longer undefined
* Run completeError if ipc messages conversion failed
* don't throw, instead return undefined
* Disabled passkey provider
* Throw error if no activeUserId was found
* removed comment
* Fixed lint
* removed unsued service
* reset entitlement formatting
* Update entitlements.mas.plist
* Fix build issues
* Fix import issues
* Update route names to use `fido2`
* Fix being unable to select a passkey
* Fix linting issues
* Followup to fix merge issues and other comments
* Update `userHandle` value
* Add error handling for missing session or other errors
* Remove unused route
* Fix linting issues
* Simplify updateCredential method
* Followup to remove comments and timeouts and handle errors
* Address lint issue by using `takeUntilDestroyed`
* PR Followup for typescript and vault concerns
* Add try block for cipher creation
* Make userId manditory for cipher service
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Anders Åberg <github@andersaberg.com>
Co-authored-by: Anders Åberg <anders@andersaberg.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Evan Bassler <evanbassler@Mac.attlocal.net>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* PM-11455: Trigger sync when user enables OS setting (#14127)
* Implemented a SendNativeStatus command
This allows reporting status or asking the electron app to do something.
* fmt
* Update apps/desktop/src/autofill/services/desktop-autofill.service.ts
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* clean up
* Don't add empty callbacks
* Removed comment
---------
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* Added support for handling a locked vault
Handle unlocktimeout
* PM-19511: Add support for ExcludedCredentials (#14128)
* works
* Add mapping
* remove the build script
* cleanup
* simplify updatedCipher (#14179)
* Fix base64url decode on MacOS passkeys (#14227)
* Add support for padding in base64url decode
* whitespace
* whitespace
* Autofill/pm 17444 use reprompt (#14004)
* Passkey stuff
Co-authored-by: Anders Åberg <github@andersaberg.com>
* Ugly hacks
* Work On Modal State Management
* Applying modalStyles
* modal
* Improved hide/show
* fixed promise
* File name
* fix prettier
* Protecting against null API's and undefined data
* Only show fake popup to devs
* cleanup mock code
* rename minmimal-app to modal-app
* Added comment
* Added comment
* removed old comment
* Avoided changing minimum size
* Add small comment
* Rename component
* adress feedback
* Fixed uppercase file
* Fixed build
* Added codeowners
* added void
* commentary
* feat: reset setting on app start
* Moved reset to be in main / process launch
* Add comment to create window
* Added a little bit of styling
* Use Messaging service to loadUrl
* Enable passkeysautofill
* Add logging
* halfbaked
* Integration working
* And now it works without extra delay
* Clean up
* add note about messaging
* lb
* removed console.logs
* Cleanup and adress review feedback
* This hides the swift UI
* add modal components
* update modal with correct ciphers and functionality
* add create screen
* pick credential, draft
* Remove logger
* a whole lot of wiring
* not working
* Improved wiring
* Cancel after 90s
* Introduced observable
* update cipher handling
* update to use matchesUri
* Launching bitwarden if its not running
* Passing position from native to electron
* Rename inModalMode to modalMode
* remove tap
* revert spaces
* added back isDev
* cleaned up a bit
* Cleanup swift file
* tweaked logging
* clean up
* Update apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Update apps/desktop/src/platform/main/autofill/native-autofill.main.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Update apps/desktop/src/platform/services/desktop-settings.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* adress position feedback
* Update apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Removed extra logging
* Adjusted error logging
* Use .error to log errors
* remove dead code
* Update desktop-autofill.service.ts
* use parseCredentialId instead of guidToRawFormat
* Update apps/desktop/src/autofill/services/desktop-autofill.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Change windowXy to a Record instead of [number,number]
* Update apps/desktop/src/autofill/services/desktop-fido2-user-interface.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Remove unsued dep and comment
* changed timeout to be spec recommended maxium, 10 minutes, for now.
* Correctly assume UP
* Removed extra cancelRequest in deinint
* Add timeout and UV to confirmChoseCipher
UV is performed by UI, not the service
* Improved docs regarding undefined cipherId
* cleanup: UP is no longer undefined
* Run completeError if ipc messages conversion failed
* don't throw, instead return undefined
* Disabled passkey provider
* Throw error if no activeUserId was found
* removed comment
* Fixed lint
* removed unsued service
* reset entitlement formatting
* Update entitlements.mas.plist
* Fix build issues
* Fix import issues
* Update route names to use `fido2`
* Fix being unable to select a passkey
* Fix linting issues
* Added support for handling a locked vault
* Followup to fix merge issues and other comments
* Update `userHandle` value
* Add error handling for missing session or other errors
* Remove unused route
* Fix linting issues
* Simplify updateCredential method
* Add master password reprompt on passkey create
* Followup to remove comments and timeouts and handle errors
* Address lint issue by using `takeUntilDestroyed`
* Add MP prompt to cipher selection
* Change how timeout is handled
* Include `of` from rxjs
* Hide blue header for passkey popouts (#14095)
* Hide blue header for passkey popouts
* Fix issue with test
* Fix ngOnDestroy complaint
* Import OnDestroy correctly
* Only require master password if item requires it
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Anders Åberg <github@andersaberg.com>
Co-authored-by: Anders Åberg <anders@andersaberg.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Evan Bassler <evanbassler@Mac.attlocal.net>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Change modal size to 600x600
* Improve MacOS Syncing
This changes the behaviour to react to logoff, but not to account locks. It also adds better error handling on the native side.
* Improved modalPosition by allowing multiple calls to applyModalStyles
* moved imports to please lint
* Make passkey header stick for select and create (#14357)
* Added local build command
* Exclude credentials using kvc to avoid comilation error in cicd (#14568)
* Fix syntax error
* Don't use kvc
* Enables the autofill extension in mac and mas builds (#14373)
* Enables autofill extension building
* Try use macos-14
* add --break-system-packages for macos14
* revert using build-native
* try add rustup target add x86_64-apple-darwin
* add more rustup target add x86_64-apple-darwin
* try to force sdk version
* Show SDK versions
* USE KVC for excludedCredentials
* added xcodebuild deugging
* Revert "try to force sdk version"
This reverts commit d94f2550ad.
* Use macos-15
* undo merge
* remove macos-15 from cli
* remove macos-15 from browser
---------
Co-authored-by: Anders Åberg <anders@andersaberg.com>
* Improve Autofill IPC reliability (#14358)
* Delay IPC server start
* Better ipc handling
* Rename ready() to listenerReady()
---------
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* feat: add test and check for too long buffers (#14775)
* Autofill/PM-19511: Overwrite and reprompt (#14288)
* Show items for url that don't have passkey
* Show existing login items in the UI
* Filter available cipher results (#14399)
* Filter available cipher results
* Fix linting issues
* Update logic for eligible ciphers
* Remove unused method to check matching username
* PM-20608 update styling for excludedCredentials (#14444)
* PM-20608 update styling for excludedCredentials
* Have flow correctly move to creation for excluded cipher
* Remove duplicate confirmNeCredential call
* Revert fido2-authenticator changes and move the excluded check
* Create a separate component for excluded cipher view
* Display traffic light MacOS buttons when the vault is locked (#14673)
* Remove unneccessary filter for excludedCiphers
* Remove dead code from the excluded ciphers work
* Remove excludedCipher checks from fido2 create and vault
* Remove excludedCipher remnants from vault and simplify create cipher logic
* Move cipherHasNoOtherPasskeys to shared fido2-utils
* Remove all containsExcludedCipher references
* Use `bufferToString` to convert `userHandle`
---------
Co-authored-by: Jeffrey Holland <jholland@livefront.com>
Co-authored-by: Jeffrey Holland <124393578+jholland-livefront@users.noreply.github.com>
* Move modal files to `autofill` and rename dir to `credentials` (#14757)
* Show existing login items in the UI
* Filter available cipher results (#14399)
* Filter available cipher results
* Fix linting issues
* Update logic for eligible ciphers
* Remove unused method to check matching username
* PM-20608 update styling for excludedCredentials (#14444)
* PM-20608 update styling for excludedCredentials
* Have flow correctly move to creation for excluded cipher
* Remove duplicate confirmNeCredential call
* Revert fido2-authenticator changes and move the excluded check
* Create a separate component for excluded cipher view
* Display traffic light MacOS buttons when the vault is locked (#14673)
* Remove unneccessary filter for excludedCiphers
* Remove dead code from the excluded ciphers work
* Remove excludedCipher checks from fido2 create and vault
* Move modal files to `autofill` and rename dir to `credentials`
* Update merge issues
* Add tests for `cipherHasNoOtherPasskeys` (#14829)
* Adjust spacing to place new login button below other items (#14877)
* Adjust spacing to place new login button below other items
* Add correct design when no credentials available (#14879)
* Autofill/pm 21903 use translations everywhere for passkeys (#14908)
* Adjust spacing to place new login button below other items
* Add correct design when no credentials available
* Add correct design when no credentials available (#14879)
* Remove hardcoded strings and use translations in passkey flow
* Remove duplicate `select` translation
* Autofill/pm 21864 center unlock vault modal (#14867)
* Center the Locked Vault modal when using passkeys
* Revert swift changes and handle offscreen modals
* Remove comments
* Add rustup for cicd to work (#15055)
* Hide credentials that are in the bin (#15034)
* Add tests for passkey components (#15185)
* Add tests for passkey components
* Reuse cipher in chooseCipher tests and simplify mock creation
* Autofill/pm 22821 center vault modal (#15243)
* Center the vault modal for passkeys
* Add comments and fix electron-builder.json
* Set values to Int32 in the ternaries
* Refactor Fido2 Components (#15105)
* Refactor Fido2 Components
* Address error message and missing session
* Address remaining missing session
* Reset modals so subsequent creates work (#15145)
* Fix broken test
* Rename relevantCiphers to displayedCiphers
* Clean up heading settings, errors, and other concerns
* Address missing comments and throw error in try block
* fix type issue for SimpleDialogType
* fix type issue for SimpleDialogType
* Revert new type
* try using as null to satisfy type issue
* Remove use of firstValueFrom in create component
* PM-22476: Show config UI while enabling Bitwarden (#15149)
* Show config ui while enabling Bitwarden
* locals
* Added Localizable strings
* Changed the linebreakmode
* Removed swedish locals
* Add provisioning profile values to electron build (#15412)
* Address BitwardenShield icon issue
* Fix fido2-vault component
* Display the vault modal when selecting Bitwarden... (#15257)
* Passkeys filtering breaks on SSH keys (#15448)
* Display the blue header on the locked vault passkey flow (#15655)
* PM-23848: Use the MacOS UI-friendly API instead (#15650)
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Fix action text and close vault modal (#15634)
* Fix action text and close vault modal
* Fix broken tests
* Update SVG to support dark mode (#15805)
* When a locked vault is unlocked displays correctly (#15612)
* When a locked vault is unlocked displays correctly
* Keep old behavior while checking for recently unlocked vault
* Revert the electron-builder
* Simplify by using a simple redirect when vault unlocked
* Remove single use of `userSelectedCipher`
* Add a guard clause to unlock
* Revert to original spacing
* Add reactive guard to unlock vault
* Fix for passkey picker closing prematurely
* Remove unneeded root navigation in ensureUnlockedVault
* Fix vault not unlocking
* Update broken tests for lock component
* Add missing brace to preload.ts
* Run lint
* Added explainer
* Moved the explainer
* Tidying up readme
* Add feature flag to short-circuit the passkey provider (#16003)
* Add feature flag to short-circuit the passkey provider
* Check FF in renderer instead
* Lint fixes
* PM-22175: Improve launch of app + window positioning (#15658)
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Fix launch of app + window pos
* Wait for animation to complete and use proper position
* Wait for animation to complete and use proper position
* Added commentary
* Remove console.log
* Remove call to removed function
---------
Co-authored-by: Jeffrey Holland <jholland@livefront.com>
Co-authored-by: Jeffrey Holland <124393578+jholland-livefront@users.noreply.github.com>
* Update fido2-vault and fido2-service implementations
* Use tailwind-alike classes for new styles
* Add label to biticons in passkey modals
* Fix broken vault test
* Revert to original `isDev` function
* Add comment to lock component describing `disable-redirect` param
* Use tailwind classes instead of custom sticky header class
* Use standard `tw-z-10` for z-index
* Change log service levels
* Mock svg icons for CI
* Add back provisioning profiles
* Remove `--break-system-packages` and simplify commands
* Revert `cipherId` param for `confirmNewCredential`
* Remove placeholder UI
* Small improvements to the readme
* Remove optional userId and deprecated method
* Autofill should own the macos_provider (#16271)
* Autofill should own the macos_provider
* Autofill should own the macos_provider
* Remove unnecessary logs, no magic numbers, revert `cipherId?`
* Fixes for broken build
* Update test issues
* [BEEEP] Use tracing in macOS provider
* Update comments and add null check for ciphers
* Update status comments and readme
* Remove electron modal mode link
* Clarify modal mode use
* Add comment about usernames
* Add comment that we don't support extensions yet
* Added comment about base64 format
* Use NO_CALLBACK_INDICATOR
* cb -> callback
* Update apps/desktop/desktop_native/napi/src/lib.rs
Co-authored-by: neuronull <9162534+neuronull@users.noreply.github.com>
* Clean up Fido2Create subscriptions and update comments
* added comment to clarify silent exception
* Add comments
* clean up unwrap()
* set log level filter to INFO
* Address modal popup issue
* plutil on Info.plist
* Adhere to style guides
* Fix broken lock ui component tests
* Fix broken lock ui component tests
* Added codeowners entry
* logservice.warning -> debug
* Uint8Array -> ArrayBuffer
* Remove autofill entitlement
* Fix linting issues
* Fix arm build issue
* Adjust build command
* Add missing entitlement
* revert missing entitlement change
* Add proper autofill entitlements
* Remove autofill extension from mas builds
* Run rust formatter
---------
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
Co-authored-by: Jeffrey Holland <124393578+jholland-livefront@users.noreply.github.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Evan Bassler <evanbassler@Mac.attlocal.net>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Nathan Ansel <nathan@livefront.com>
Co-authored-by: Jeffrey Holland <jholland@livefront.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
Co-authored-by: neuronull <9162534+neuronull@users.noreply.github.com>
1942 lines
76 KiB
YAML
1942 lines
76 KiB
YAML
# This workflow will run in the context of the source of the PR.
|
|
# On a PR from a fork, the workflow will not have access to secrets, and so any parts of the build that require secrets will not run.
|
|
# If additional artifacts are needed, the failed "build-desktop-target.yml" workflow held up by the check-run should be re-run.
|
|
|
|
name: Build Desktop
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize]
|
|
branches-ignore:
|
|
- 'l10n_master'
|
|
- 'cf-pages'
|
|
paths:
|
|
- 'apps/desktop/**'
|
|
- 'libs/**'
|
|
- '*'
|
|
- '!*.md'
|
|
- '!*.txt'
|
|
- '.github/workflows/build-desktop.yml'
|
|
push:
|
|
branches:
|
|
- 'main'
|
|
- 'rc'
|
|
- 'hotfix-rc-desktop'
|
|
paths:
|
|
- 'apps/desktop/**'
|
|
- 'libs/**'
|
|
- '*'
|
|
- '!*.md'
|
|
- '!*.txt'
|
|
- '.github/workflows/build-desktop.yml'
|
|
workflow_call:
|
|
inputs: {}
|
|
workflow_dispatch:
|
|
inputs:
|
|
sdk_branch:
|
|
description: "Custom SDK branch"
|
|
required: false
|
|
type: string
|
|
testflight_distribute:
|
|
description: "Force distribute to TestFlight regardless of branch (useful for QA testing on feature branches)"
|
|
type: boolean
|
|
default: true
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
electron-verify:
|
|
name: Verify Electron Version
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Check out repo
|
|
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
- name: Verify
|
|
run: |
|
|
PACKAGE_VERSION=$(jq -r .devDependencies.electron package.json)
|
|
ELECTRON_BUILDER_VERSION=$(jq -r .electronVersion ./apps/desktop/electron-builder.json)
|
|
|
|
if [[ "$PACKAGE_VERSION" == "$ELECTRON_BUILDER_VERSION" ]]; then
|
|
echo "Versions matches"
|
|
else
|
|
echo "Version missmatch, package.json: $PACKAGE_VERSION, electron-builder.json: $ELECTRON_BUILDER_VERSION"
|
|
exit 1
|
|
fi
|
|
|
|
setup:
|
|
name: Setup
|
|
runs-on: ubuntu-22.04
|
|
outputs:
|
|
package_version: ${{ steps.retrieve-version.outputs.package_version }}
|
|
release_channel: ${{ steps.release-channel.outputs.channel }}
|
|
build_number: ${{ steps.increment-version.outputs.build_number }}
|
|
rc_branch_exists: ${{ steps.branch-check.outputs.rc_branch_exists }}
|
|
hotfix_branch_exists: ${{ steps.branch-check.outputs.hotfix_branch_exists }}
|
|
node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
|
|
has_secrets: ${{ steps.check-secrets.outputs.has_secrets }}
|
|
defaults:
|
|
run:
|
|
working-directory: apps/desktop
|
|
steps:
|
|
- name: Check out repo
|
|
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: true
|
|
|
|
- name: Get Package Version
|
|
id: retrieve-version
|
|
run: |
|
|
PKG_VERSION=$(jq -r .version src/package.json)
|
|
echo "Setting version number to $PKG_VERSION"
|
|
echo "package_version=$PKG_VERSION" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Increment Version
|
|
id: increment-version
|
|
run: |
|
|
BUILD_NUMBER=$((3000 + GITHUB_RUN_NUMBER))
|
|
echo "Setting build number to $BUILD_NUMBER"
|
|
echo "build_number=$BUILD_NUMBER" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Get Version Channel
|
|
id: release-channel
|
|
env:
|
|
_PACKAGE_VERSION: ${{ steps.retrieve-version.outputs.package_version }}
|
|
run: |
|
|
case "$_PACKAGE_VERSION" in
|
|
*"alpha"*)
|
|
echo "channel=alpha" >> "$GITHUB_OUTPUT"
|
|
echo "[!] We do not yet support 'alpha'"
|
|
exit 1
|
|
;;
|
|
*"beta"*)
|
|
echo "channel=beta" >> "$GITHUB_OUTPUT"
|
|
;;
|
|
*)
|
|
echo "channel=latest" >> "$GITHUB_OUTPUT"
|
|
;;
|
|
esac
|
|
|
|
- name: Check if special branches exist
|
|
id: branch-check
|
|
run: |
|
|
if [[ $(git ls-remote --heads origin rc) ]]; then
|
|
echo "rc_branch_exists=1" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "rc_branch_exists=0" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
if [[ $(git ls-remote --heads origin hotfix-rc-desktop) ]]; then
|
|
echo "hotfix_branch_exists=1" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "hotfix_branch_exists=0" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Get Node Version
|
|
id: retrieve-node-version
|
|
working-directory: ./
|
|
run: |
|
|
NODE_NVMRC=$(cat .nvmrc)
|
|
NODE_VERSION=${NODE_NVMRC/v/''}
|
|
echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Check secrets
|
|
id: check-secrets
|
|
run: |
|
|
has_secrets=${{ secrets.AZURE_CLIENT_ID != '' }}
|
|
echo "has_secrets=$has_secrets" >> "$GITHUB_OUTPUT"
|
|
|
|
linux:
|
|
name: Linux Build
|
|
# Note, before updating the ubuntu version of the workflow, ensure the snap base image
|
|
# is equal or greater than the new version. Otherwise there might be GLIBC version issues.
|
|
# The snap base for desktop is defined in `apps/desktop/electron-builder.json`
|
|
# We intentionally keep this runner on the oldest supported OS in GitHub Actions
|
|
# for maximum compatibility across GLIBC versions
|
|
runs-on: ubuntu-22.04
|
|
needs: setup
|
|
env:
|
|
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
|
|
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
|
|
NODE_OPTIONS: --max_old_space_size=4096
|
|
defaults:
|
|
run:
|
|
working-directory: apps/desktop
|
|
steps:
|
|
- name: Check out repo
|
|
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
|
|
with:
|
|
fetch-depth: 1
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
- name: Free disk space for build
|
|
run: |
|
|
sudo rm -rf /usr/share/dotnet
|
|
sudo rm -rf /usr/share/swift
|
|
sudo rm -rf /usr/local/.ghcup
|
|
sudo rm -rf /usr/share/miniconda
|
|
sudo rm -rf /usr/share/az_*
|
|
sudo rm -rf /usr/local/julia*
|
|
sudo rm -rf /usr/lib/mono
|
|
sudo rm -rf /usr/lib/heroku
|
|
sudo rm -rf /usr/local/aws-cli
|
|
sudo rm -rf /usr/local/aws-sam-cli
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
|
with:
|
|
cache: 'npm'
|
|
cache-dependency-path: '**/package-lock.json'
|
|
node-version: ${{ env._NODE_VERSION }}
|
|
|
|
- name: Cache Rust dependencies
|
|
uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
|
|
with:
|
|
workspaces: |
|
|
apps/desktop/desktop_native -> target
|
|
cache-targets: "true"
|
|
|
|
- name: Set up environment
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get -y install pkg-config libxss-dev rpm musl-dev musl-tools flatpak flatpak-builder
|
|
|
|
- name: Set up Snap
|
|
run: sudo snap install snapcraft --classic
|
|
|
|
- name: Print environment
|
|
run: |
|
|
node --version
|
|
npm --version
|
|
snap --version
|
|
snapcraft --version || echo 'snapcraft unavailable'
|
|
|
|
- name: Install Node dependencies
|
|
run: npm ci
|
|
working-directory: ./
|
|
|
|
- name: Download SDK Artifacts
|
|
if: ${{ inputs.sdk_branch != '' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
workflow: build-wasm-internal.yml
|
|
workflow_conclusion: success
|
|
branch: ${{ inputs.sdk_branch }}
|
|
artifacts: sdk-internal
|
|
repo: bitwarden/sdk-internal
|
|
path: ../sdk-internal
|
|
if_no_artifact_found: fail
|
|
|
|
- name: Override SDK
|
|
if: ${{ inputs.sdk_branch != '' }}
|
|
working-directory: ./
|
|
run: |
|
|
ls -l ../
|
|
npm link ../sdk-internal
|
|
|
|
- name: Cache Native Module
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
id: cache
|
|
with:
|
|
path: |
|
|
apps/desktop/desktop_native/napi/*.node
|
|
apps/desktop/desktop_native/dist/*
|
|
${{ env.RUNNER_TEMP }}/.cargo/registry
|
|
${{ env.RUNNER_TEMP }}/.cargo/git
|
|
key: rust-${{ runner.os }}-${{ hashFiles('apps/desktop/desktop_native/**/*') }}
|
|
|
|
- name: Build Native Module
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
|
working-directory: apps/desktop/desktop_native
|
|
env:
|
|
PKG_CONFIG_ALLOW_CROSS: true
|
|
PKG_CONFIG_ALL_STATIC: true
|
|
TARGET: musl
|
|
# Note: It is important that we use the release build because some compute heavy
|
|
# operations such as key derivation for oo7 on linux are too slow in debug mode
|
|
run: |
|
|
rustup target add x86_64-unknown-linux-musl
|
|
node build.js --target=x86_64-unknown-linux-musl --release
|
|
|
|
- name: Build application
|
|
run: npm run dist:lin
|
|
|
|
- name: Upload tar.gz artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: bitwarden_${{ env._PACKAGE_VERSION }}_x64.tar.gz
|
|
path: apps/desktop/dist/bitwarden_desktop_x64.tar.gz
|
|
if-no-files-found: error
|
|
|
|
- name: Upload .deb artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-amd64.deb
|
|
path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-amd64.deb
|
|
if-no-files-found: error
|
|
|
|
- name: Upload .rpm artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.rpm
|
|
path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.rpm
|
|
if-no-files-found: error
|
|
|
|
- name: Upload .snap artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: bitwarden_${{ env._PACKAGE_VERSION }}_amd64.snap
|
|
path: apps/desktop/dist/bitwarden_${{ env._PACKAGE_VERSION }}_amd64.snap
|
|
if-no-files-found: error
|
|
|
|
- name: Upload .AppImage artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
|
|
path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
|
|
if-no-files-found: error
|
|
|
|
- name: Upload auto-update artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: ${{ needs.setup.outputs.release_channel }}-linux.yml
|
|
path: apps/desktop/dist/${{ needs.setup.outputs.release_channel }}-linux.yml
|
|
if-no-files-found: error
|
|
|
|
- name: Build flatpak
|
|
working-directory: apps/desktop
|
|
run: |
|
|
sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
|
|
sudo npm run pack:lin:flatpak
|
|
|
|
- name: Upload flatpak artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: com.bitwarden.desktop.flatpak
|
|
path: apps/desktop/dist/com.bitwarden.desktop.flatpak
|
|
if-no-files-found: error
|
|
|
|
linux-arm64:
|
|
name: Linux ARM64 Build
|
|
# Note, before updating the ubuntu version of the workflow, ensure the snap base image
|
|
# is equal or greater than the new version. Otherwise there might be GLIBC version issues.
|
|
# The snap base for desktop is defined in `apps/desktop/electron-builder.json`
|
|
# We intentionally keep this runner on the oldest supported OS in GitHub Actions
|
|
# for maximum compatibility across GLIBC versions
|
|
runs-on: ubuntu-22.04-arm
|
|
needs: setup
|
|
env:
|
|
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
|
|
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
|
|
NODE_OPTIONS: --max_old_space_size=4096
|
|
defaults:
|
|
run:
|
|
working-directory: apps/desktop
|
|
steps:
|
|
- name: Check out repo
|
|
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
|
with:
|
|
cache: 'npm'
|
|
cache-dependency-path: '**/package-lock.json'
|
|
node-version: ${{ env._NODE_VERSION }}
|
|
|
|
- name: Cache Rust dependencies
|
|
uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
|
|
with:
|
|
workspaces: |
|
|
apps/desktop/desktop_native -> target
|
|
cache-targets: "true"
|
|
|
|
- name: Set up environment
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get -y install pkg-config libxss-dev rpm musl-dev musl-tools flatpak flatpak-builder squashfs-tools ruby ruby-dev rubygems build-essential
|
|
sudo gem install --no-document fpm
|
|
|
|
- name: Set up Snap
|
|
run: sudo snap install snapcraft --classic
|
|
|
|
- name: Install snaps required by snapcraft in destructive mode
|
|
run: |
|
|
sudo snap install core22
|
|
sudo snap install gtk-common-themes
|
|
sudo snap install gnome-3-28-1804
|
|
|
|
- name: Print environment
|
|
run: |
|
|
node --version
|
|
npm --version
|
|
snap --version
|
|
snapcraft --version
|
|
|
|
- name: Install Node dependencies
|
|
run: npm ci
|
|
working-directory: ./
|
|
|
|
- name: Download SDK Artifacts
|
|
if: ${{ inputs.sdk_branch != '' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
workflow: build-wasm-internal.yml
|
|
workflow_conclusion: success
|
|
branch: ${{ inputs.sdk_branch }}
|
|
artifacts: sdk-internal
|
|
repo: bitwarden/sdk-internal
|
|
path: ../sdk-internal
|
|
if_no_artifact_found: fail
|
|
|
|
- name: Override SDK
|
|
if: ${{ inputs.sdk_branch != '' }}
|
|
working-directory: ./
|
|
run: |
|
|
ls -l ../
|
|
npm link ../sdk-internal
|
|
|
|
- name: Cache Native Module
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
id: cache
|
|
with:
|
|
path: |
|
|
apps/desktop/desktop_native/napi/*.node
|
|
apps/desktop/desktop_native/dist/*
|
|
${{ env.RUNNER_TEMP }}/.cargo/registry
|
|
${{ env.RUNNER_TEMP }}/.cargo/git
|
|
key: rust-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('apps/desktop/desktop_native/**/*') }}
|
|
|
|
- name: Build Native Module
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
|
working-directory: apps/desktop/desktop_native
|
|
env:
|
|
PKG_CONFIG_ALLOW_CROSS: true
|
|
PKG_CONFIG_ALL_STATIC: true
|
|
TARGET: musl
|
|
# Note: It is important that we use the release build because some compute heavy
|
|
# operations such as key derivation for oo7 on linux are too slow in debug mode
|
|
run: |
|
|
rustup target add aarch64-unknown-linux-musl
|
|
node build.js --target=aarch64-unknown-linux-musl --release
|
|
|
|
- name: Check index.d.ts generated
|
|
if: github.event_name == 'pull_request' && steps.cache.outputs.cache-hit != 'true'
|
|
working-directory: apps/desktop/desktop_native
|
|
run: |
|
|
if ! git diff --quiet --name-only -- napi/index.d.ts; then
|
|
echo "NAPI index.d.ts doesn't match, make sure to regenerate it and commit it"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Build application
|
|
env:
|
|
# Snapcraft environment variables to bypass LXD requirement on ARM64
|
|
SNAPCRAFT_BUILD_ENVIRONMENT: host
|
|
USE_SYSTEM_FPM: true
|
|
run: npm run dist:lin:arm64
|
|
|
|
- name: Upload .snap artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: bitwarden_${{ env._PACKAGE_VERSION }}_arm64.snap
|
|
path: apps/desktop/dist/bitwarden_${{ env._PACKAGE_VERSION }}_arm64.snap
|
|
if-no-files-found: error
|
|
|
|
- name: Upload tar.gz artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: bitwarden_${{ env._PACKAGE_VERSION }}_arm64.tar.gz
|
|
path: apps/desktop/dist/bitwarden_desktop_arm64.tar.gz
|
|
if-no-files-found: error
|
|
|
|
- name: Build flatpak
|
|
working-directory: apps/desktop
|
|
run: |
|
|
sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
|
|
sudo npm run pack:lin:flatpak
|
|
|
|
- name: Upload flatpak artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: com.bitwarden.desktop-arm64.flatpak
|
|
path: apps/desktop/dist/com.bitwarden.desktop.flatpak
|
|
if-no-files-found: error
|
|
|
|
windows:
|
|
name: Windows Build
|
|
runs-on: windows-2022
|
|
needs:
|
|
- setup
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
defaults:
|
|
run:
|
|
shell: pwsh
|
|
working-directory: apps/desktop
|
|
env:
|
|
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
|
|
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
|
|
NODE_OPTIONS: --max_old_space_size=4096
|
|
steps:
|
|
- name: Check out repo
|
|
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
|
with:
|
|
cache: 'npm'
|
|
cache-dependency-path: '**/package-lock.json'
|
|
node-version: ${{ env._NODE_VERSION }}
|
|
|
|
- name: Cache Rust dependencies
|
|
uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
|
|
with:
|
|
workspaces: |
|
|
apps/desktop/desktop_native -> target
|
|
cache-targets: "true"
|
|
|
|
- name: Install AST
|
|
run: dotnet tool install --global AzureSignTool --version 4.0.1
|
|
|
|
- name: Set up environment
|
|
run: choco install checksum --no-progress
|
|
|
|
- name: Print environment
|
|
run: |
|
|
node --version
|
|
npm --version
|
|
choco --version
|
|
rustup show
|
|
|
|
- name: Log in to Azure
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: bitwarden/gh-actions/azure-login@main
|
|
with:
|
|
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
|
|
client_id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: "bitwarden-ci"
|
|
secrets: "code-signing-vault-url,
|
|
code-signing-client-id,
|
|
code-signing-tenant-id,
|
|
code-signing-client-secret,
|
|
code-signing-cert-name"
|
|
|
|
- name: Log out from Azure
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: bitwarden/gh-actions/azure-logout@main
|
|
|
|
- name: Install Node dependencies
|
|
run: npm ci
|
|
working-directory: ./
|
|
|
|
- name: Download SDK Artifacts
|
|
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
workflow: build-wasm-internal.yml
|
|
workflow_conclusion: success
|
|
branch: ${{ inputs.sdk_branch }}
|
|
artifacts: sdk-internal
|
|
repo: bitwarden/sdk-internal
|
|
path: ../sdk-internal
|
|
if_no_artifact_found: fail
|
|
|
|
- name: Override SDK
|
|
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
|
working-directory: ./
|
|
run: |
|
|
ls -l ../
|
|
npm link ../sdk-internal
|
|
|
|
- name: Cache Native Module
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
id: cache
|
|
with:
|
|
path: |
|
|
apps/desktop/desktop_native/napi/*.node
|
|
apps/desktop/desktop_native/dist/*
|
|
key: rust-${{ runner.os }}-${{ hashFiles('apps/desktop/desktop_native/**/*') }}
|
|
|
|
- name: Build Native Module
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
|
working-directory: apps/desktop/desktop_native
|
|
run: node build.js cross-platform
|
|
|
|
- name: Build
|
|
run: npm run build
|
|
|
|
- name: Pack
|
|
if: ${{ needs.setup.outputs.has_secrets == 'false' }}
|
|
run: |
|
|
npm run pack:win
|
|
|
|
- name: Pack & Sign
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
env:
|
|
ELECTRON_BUILDER_SIGN: 1
|
|
SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }}
|
|
SIGNING_CLIENT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-client-id }}
|
|
SIGNING_TENANT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-tenant-id }}
|
|
SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }}
|
|
SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }}
|
|
run: |
|
|
npm run pack:win
|
|
|
|
- name: Rename appx files for store
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
run: |
|
|
Copy-Item "./dist/Bitwarden-$env:_PACKAGE_VERSION-ia32.appx" `
|
|
-Destination "./dist/Bitwarden-$env:_PACKAGE_VERSION-ia32-store.appx"
|
|
Copy-Item "./dist/Bitwarden-$env:_PACKAGE_VERSION-x64.appx" `
|
|
-Destination "./dist/Bitwarden-$env:_PACKAGE_VERSION-x64-store.appx"
|
|
Copy-Item "./dist/Bitwarden-$env:_PACKAGE_VERSION-arm64.appx" `
|
|
-Destination "./dist/Bitwarden-$env:_PACKAGE_VERSION-arm64-store.appx"
|
|
|
|
- name: Package for Chocolatey
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
run: |
|
|
Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse
|
|
Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-$env:_PACKAGE_VERSION.exe `
|
|
-Destination ./dist/chocolatey
|
|
|
|
$checksum = checksum -t sha256 ./dist/chocolatey/Bitwarden-Installer-$env:_PACKAGE_VERSION.exe
|
|
$chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1"
|
|
(Get-Content $chocoInstall).replace('__version__', "$env:_PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall
|
|
choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:_PACKAGE_VERSION" --out ./dist/chocolatey
|
|
|
|
- name: Fix NSIS artifact names for auto-updater
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
run: |
|
|
Rename-Item -Path .\dist\nsis-web\Bitwarden-$env:_PACKAGE_VERSION-ia32.nsis.7z `
|
|
-NewName bitwarden-$env:_PACKAGE_VERSION-ia32.nsis.7z
|
|
Rename-Item -Path .\dist\nsis-web\Bitwarden-$env:_PACKAGE_VERSION-x64.nsis.7z `
|
|
-NewName bitwarden-$env:_PACKAGE_VERSION-x64.nsis.7z
|
|
Rename-Item -Path .\dist\nsis-web\Bitwarden-$env:_PACKAGE_VERSION-arm64.nsis.7z `
|
|
-NewName bitwarden-$env:_PACKAGE_VERSION-arm64.nsis.7z
|
|
|
|
- name: Upload portable exe artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-Portable-${{ env._PACKAGE_VERSION }}.exe
|
|
path: apps/desktop/dist/Bitwarden-Portable-${{ env._PACKAGE_VERSION }}.exe
|
|
if-no-files-found: error
|
|
|
|
- name: Upload installer exe artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe
|
|
path: apps/desktop/dist/nsis-web/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe
|
|
if-no-files-found: error
|
|
|
|
- name: Upload appx ia32 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx
|
|
path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx
|
|
if-no-files-found: error
|
|
|
|
- name: Upload store appx ia32 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx
|
|
path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx
|
|
if-no-files-found: error
|
|
|
|
- name: Upload NSIS ia32 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
|
|
path: apps/desktop/dist/nsis-web/bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
|
|
if-no-files-found: error
|
|
|
|
- name: Upload appx x64 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx
|
|
path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx
|
|
if-no-files-found: error
|
|
|
|
- name: Upload store appx x64 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx
|
|
path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx
|
|
if-no-files-found: error
|
|
|
|
- name: Upload NSIS x64 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z
|
|
path: apps/desktop/dist/nsis-web/bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z
|
|
if-no-files-found: error
|
|
|
|
- name: Upload appx ARM64 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx
|
|
path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx
|
|
if-no-files-found: error
|
|
|
|
- name: Upload store appx ARM64 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx
|
|
path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx
|
|
if-no-files-found: error
|
|
|
|
- name: Upload NSIS ARM64 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
|
|
path: apps/desktop/dist/nsis-web/bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
|
|
if-no-files-found: error
|
|
|
|
- name: Upload nupkg artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: bitwarden.${{ env._PACKAGE_VERSION }}.nupkg
|
|
path: apps/desktop/dist/chocolatey/bitwarden.${{ env._PACKAGE_VERSION }}.nupkg
|
|
if-no-files-found: error
|
|
|
|
- name: Upload auto-update artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: ${{ needs.setup.outputs.release_channel }}.yml
|
|
path: apps/desktop/dist/nsis-web/${{ needs.setup.outputs.release_channel }}.yml
|
|
if-no-files-found: error
|
|
|
|
windows-beta:
|
|
name: Windows Beta Build
|
|
runs-on: windows-2022
|
|
needs: setup
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
defaults:
|
|
run:
|
|
shell: pwsh
|
|
working-directory: apps/desktop
|
|
env:
|
|
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
|
|
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
|
|
NODE_OPTIONS: --max_old_space_size=4096
|
|
steps:
|
|
- name: Check out repo
|
|
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
|
with:
|
|
cache: 'npm'
|
|
cache-dependency-path: '**/package-lock.json'
|
|
node-version: ${{ env._NODE_VERSION }}
|
|
|
|
- name: Cache Rust dependencies
|
|
uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
|
|
with:
|
|
workspaces: |
|
|
apps/desktop/desktop_native -> target
|
|
cache-targets: "true"
|
|
|
|
- name: Install AST
|
|
run: dotnet tool install --global AzureSignTool --version 4.0.1
|
|
|
|
- name: Print environment
|
|
run: |
|
|
node --version
|
|
npm --version
|
|
choco --version
|
|
rustup show
|
|
|
|
- name: Log in to Azure
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: bitwarden/gh-actions/azure-login@main
|
|
with:
|
|
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
|
|
client_id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: "bitwarden-ci"
|
|
secrets: "code-signing-vault-url,
|
|
code-signing-client-id,
|
|
code-signing-tenant-id,
|
|
code-signing-client-secret,
|
|
code-signing-cert-name"
|
|
|
|
- name: Log out from Azure
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: bitwarden/gh-actions/azure-logout@main
|
|
|
|
- name: Install Node dependencies
|
|
run: npm ci
|
|
working-directory: ./
|
|
|
|
- name: Download SDK Artifacts
|
|
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
workflow: build-wasm-internal.yml
|
|
workflow_conclusion: success
|
|
branch: ${{ inputs.sdk_branch }}
|
|
artifacts: sdk-internal
|
|
repo: bitwarden/sdk-internal
|
|
path: ../sdk-internal
|
|
if_no_artifact_found: fail
|
|
|
|
- name: Override SDK
|
|
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
|
working-directory: ./
|
|
run: |
|
|
ls -l ../
|
|
npm link ../sdk-internal
|
|
|
|
- name: Cache Native Module
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
id: cache
|
|
with:
|
|
path: |
|
|
apps/desktop/desktop_native/napi/*.node
|
|
apps/desktop/desktop_native/dist/*
|
|
key: rust-${{ runner.os }}-${{ hashFiles('apps/desktop/desktop_native/**/*') }}
|
|
|
|
- name: Build Native Module
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
|
working-directory: apps/desktop/desktop_native
|
|
run: node build.js cross-platform
|
|
|
|
- name: Build
|
|
run: npm run build
|
|
|
|
- name: Pack
|
|
if: ${{ needs.setup.outputs.has_secrets == 'false' }}
|
|
run: npm run pack:win:beta
|
|
|
|
- name: Pack & Sign
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
env:
|
|
ELECTRON_BUILDER_SIGN: 1
|
|
SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }}
|
|
SIGNING_CLIENT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-client-id }}
|
|
SIGNING_TENANT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-tenant-id }}
|
|
SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }}
|
|
SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }}
|
|
run: npm run pack:win:beta
|
|
|
|
- name: Rename appx files for store
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
run: |
|
|
Copy-Item "./dist/Bitwarden-Beta-$env:_PACKAGE_VERSION-ia32.appx" `
|
|
-Destination "./dist/Bitwarden-Beta-$env:_PACKAGE_VERSION-ia32-store.appx"
|
|
Copy-Item "./dist/Bitwarden-Beta-$env:_PACKAGE_VERSION-x64.appx" `
|
|
-Destination "./dist/Bitwarden-Beta-$env:_PACKAGE_VERSION-x64-store.appx"
|
|
Copy-Item "./dist/Bitwarden-Beta-$env:_PACKAGE_VERSION-arm64.appx" `
|
|
-Destination "./dist/Bitwarden-Beta-$env:_PACKAGE_VERSION-arm64-store.appx"
|
|
|
|
- name: Fix NSIS artifact names for auto-updater
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
run: |
|
|
Rename-Item -Path .\dist\nsis-web\Bitwarden-Beta-$env:_PACKAGE_VERSION-ia32.nsis.7z `
|
|
-NewName bitwarden-beta-$env:_PACKAGE_VERSION-ia32.nsis.7z
|
|
Rename-Item -Path .\dist\nsis-web\Bitwarden-Beta-$env:_PACKAGE_VERSION-x64.nsis.7z `
|
|
-NewName bitwarden-beta-$env:_PACKAGE_VERSION-x64.nsis.7z
|
|
Rename-Item -Path .\dist\nsis-web\Bitwarden-Beta-$env:_PACKAGE_VERSION-arm64.nsis.7z `
|
|
-NewName bitwarden-beta-$env:_PACKAGE_VERSION-arm64.nsis.7z
|
|
Rename-Item -Path .\dist\nsis-web\latest.yml `
|
|
-NewName latest-beta.yml
|
|
|
|
- name: Upload portable exe artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-Beta-Portable-${{ env._PACKAGE_VERSION }}.exe
|
|
path: apps/desktop/dist/Bitwarden-Beta-Portable-${{ env._PACKAGE_VERSION }}.exe
|
|
if-no-files-found: error
|
|
|
|
- name: Upload installer exe artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-Beta-Installer-${{ env._PACKAGE_VERSION }}.exe
|
|
path: apps/desktop/dist/nsis-web/Bitwarden-Beta-Installer-${{ env._PACKAGE_VERSION }}.exe
|
|
if-no-files-found: error
|
|
|
|
- name: Upload appx ia32 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-Beta-${{ env._PACKAGE_VERSION }}-ia32.appx
|
|
path: apps/desktop/dist/Bitwarden-Beta-${{ env._PACKAGE_VERSION }}-ia32.appx
|
|
if-no-files-found: error
|
|
|
|
- name: Upload store appx ia32 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-Beta-${{ env._PACKAGE_VERSION }}-ia32-store.appx
|
|
path: apps/desktop/dist/Bitwarden-Beta-${{ env._PACKAGE_VERSION }}-ia32-store.appx
|
|
if-no-files-found: error
|
|
|
|
- name: Upload NSIS ia32 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: bitwarden-beta-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
|
|
path: apps/desktop/dist/nsis-web/bitwarden-beta-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
|
|
if-no-files-found: error
|
|
|
|
- name: Upload appx x64 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-Beta-${{ env._PACKAGE_VERSION }}-x64.appx
|
|
path: apps/desktop/dist/Bitwarden-Beta-${{ env._PACKAGE_VERSION }}-x64.appx
|
|
if-no-files-found: error
|
|
|
|
- name: Upload store appx x64 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-Beta-${{ env._PACKAGE_VERSION }}-x64-store.appx
|
|
path: apps/desktop/dist/Bitwarden-Beta-${{ env._PACKAGE_VERSION }}-x64-store.appx
|
|
if-no-files-found: error
|
|
|
|
- name: Upload NSIS x64 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: bitwarden-beta-${{ env._PACKAGE_VERSION }}-x64.nsis.7z
|
|
path: apps/desktop/dist/nsis-web/bitwarden-beta-${{ env._PACKAGE_VERSION }}-x64.nsis.7z
|
|
if-no-files-found: error
|
|
|
|
- name: Upload appx ARM64 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-Beta-${{ env._PACKAGE_VERSION }}-arm64.appx
|
|
path: apps/desktop/dist/Bitwarden-Beta-${{ env._PACKAGE_VERSION }}-arm64.appx
|
|
if-no-files-found: error
|
|
|
|
- name: Upload store appx ARM64 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-Beta-${{ env._PACKAGE_VERSION }}-arm64-store.appx
|
|
path: apps/desktop/dist/Bitwarden-Beta-${{ env._PACKAGE_VERSION }}-arm64-store.appx
|
|
if-no-files-found: error
|
|
|
|
- name: Upload NSIS ARM64 artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: bitwarden-beta-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
|
|
path: apps/desktop/dist/nsis-web/bitwarden-beta-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
|
|
if-no-files-found: error
|
|
|
|
- name: Upload auto-update artifact
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: latest-beta.yml
|
|
path: apps/desktop/dist/nsis-web/latest-beta.yml
|
|
if-no-files-found: error
|
|
|
|
macos-build:
|
|
name: MacOS Build
|
|
runs-on: macos-15
|
|
needs:
|
|
- setup
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
env:
|
|
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
|
|
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
|
|
NODE_OPTIONS: --max_old_space_size=4096
|
|
defaults:
|
|
run:
|
|
working-directory: apps/desktop
|
|
steps:
|
|
- name: Check out repo
|
|
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
|
with:
|
|
cache: 'npm'
|
|
cache-dependency-path: '**/package-lock.json'
|
|
node-version: ${{ env._NODE_VERSION }}
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
|
with:
|
|
python-version: '3.14'
|
|
|
|
- name: Set up Node-gyp
|
|
run: python -m pip install setuptools
|
|
|
|
- name: Cache Rust dependencies
|
|
uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
|
|
with:
|
|
workspaces: |
|
|
apps/desktop/desktop_native -> target
|
|
cache-targets: "true"
|
|
|
|
- name: Print environment
|
|
run: |
|
|
node --version
|
|
npm --version
|
|
rustup show
|
|
echo "GitHub ref: $GITHUB_REF"
|
|
echo "GitHub event: $GITHUB_EVENT"
|
|
xcodebuild -showsdks
|
|
|
|
- name: Cache Build
|
|
id: build-cache
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
with:
|
|
path: apps/desktop/build
|
|
key: ${{ runner.os }}-${{ github.run_id }}-build
|
|
|
|
- name: Cache Safari
|
|
id: safari-cache
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
with:
|
|
path: apps/browser/dist/Safari
|
|
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
|
|
|
- name: Log in to Azure
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: bitwarden/gh-actions/azure-login@main
|
|
with:
|
|
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
|
|
client_id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
|
|
- name: Get Azure Key Vault secrets
|
|
id: get-kv-secrets
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: gh-clients
|
|
secrets: "KEYCHAIN-PASSWORD"
|
|
|
|
- name: Download Provisioning Profiles secrets
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
env:
|
|
ACCOUNT_NAME: bitwardenci
|
|
CONTAINER_NAME: profiles
|
|
run: |
|
|
mkdir -p "$HOME/secrets"
|
|
|
|
az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
|
|
--name bitwarden_desktop_appstore.provisionprofile \
|
|
--file "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
|
--output none
|
|
|
|
az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
|
|
--name bitwarden_desktop_autofill_app_store_2024.provisionprofile \
|
|
--file "$HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile" \
|
|
--output none
|
|
|
|
- name: Get certificates
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
run: |
|
|
mkdir -p "$HOME/certificates"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
|
|
jq -r .value | base64 -d > "$HOME/certificates/bitwarden-desktop-key.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/appstore-app-cert.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/appstore-installer-cert.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/devid-app-cert.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/devid-installer-cert.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/macdev-cert.p12"
|
|
|
|
- name: Log out from Azure
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: bitwarden/gh-actions/azure-logout@main
|
|
|
|
- name: Set up keychain
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
env:
|
|
KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
|
|
run: |
|
|
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
|
|
security default-keychain -s build.keychain
|
|
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
|
|
security set-keychain-settings -lut 1200 build.keychain
|
|
|
|
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
|
|
|
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
|
|
|
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
|
|
|
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
|
|
|
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
|
|
|
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
|
|
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
|
|
|
|
- name: Set up provisioning profiles
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
run: |
|
|
cp "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
|
"$GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile"
|
|
|
|
mkdir -p "$HOME/Library/MobileDevice/Provisioning Profiles"
|
|
APP_UUID=$(grep UUID -A1 -a "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" | grep -io "[-A-Z0-9]\{36\}")
|
|
AUTOFILL_UUID=$(grep UUID -A1 -a "$HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile" | grep -io "[-A-Z0-9]\{36\}")
|
|
|
|
cp "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
|
"$HOME/Library/MobileDevice/Provisioning Profiles/$APP_UUID.provisionprofile"
|
|
cp "$HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile" \
|
|
"$HOME/Library/MobileDevice/Provisioning Profiles/$AUTOFILL_UUID.provisionprofile"
|
|
|
|
- name: Increment version
|
|
shell: pwsh
|
|
env:
|
|
BUILD_NUMBER: ${{ needs.setup.outputs.build_number }}
|
|
run: |
|
|
$package = Get-Content -Raw -Path electron-builder.json | ConvertFrom-Json
|
|
$package | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"
|
|
$package | ConvertTo-Json -Depth 32 | Set-Content -Path electron-builder.json
|
|
"### MacOS build number: $env:BUILD_NUMBER" | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Append
|
|
|
|
- name: Install Node dependencies
|
|
run: npm ci
|
|
working-directory: ./
|
|
|
|
- name: Download SDK Artifacts
|
|
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
workflow: build-wasm-internal.yml
|
|
workflow_conclusion: success
|
|
branch: ${{ inputs.sdk_branch }}
|
|
artifacts: sdk-internal
|
|
repo: bitwarden/sdk-internal
|
|
path: ../sdk-internal
|
|
if_no_artifact_found: fail
|
|
|
|
- name: Override SDK
|
|
if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }}
|
|
working-directory: ./
|
|
run: |
|
|
ls -l ../
|
|
npm link ../sdk-internal
|
|
|
|
- name: Cache Native Module
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
id: cache
|
|
with:
|
|
path: |
|
|
apps/desktop/desktop_native/napi/*.node
|
|
apps/desktop/desktop_native/dist/*
|
|
key: rust-${{ runner.os }}-${{ hashFiles('apps/desktop/desktop_native/**/*') }}
|
|
|
|
- name: Build Native Module
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
|
working-directory: apps/desktop/desktop_native
|
|
run: node build.js cross-platform
|
|
|
|
- name: Build application (dev)
|
|
run: npm run build
|
|
|
|
browser-build:
|
|
name: Browser Build
|
|
needs: setup
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
uses: ./.github/workflows/build-browser.yml
|
|
secrets: inherit
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
id-token: write
|
|
|
|
macos-package-github:
|
|
name: MacOS Package GitHub Release Assets
|
|
runs-on: macos-15
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
needs:
|
|
- browser-build
|
|
- macos-build
|
|
- setup
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
env:
|
|
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
|
|
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
|
|
NODE_OPTIONS: --max_old_space_size=4096
|
|
defaults:
|
|
run:
|
|
working-directory: apps/desktop
|
|
steps:
|
|
- name: Check out repo
|
|
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
|
with:
|
|
cache: 'npm'
|
|
cache-dependency-path: '**/package-lock.json'
|
|
node-version: ${{ env._NODE_VERSION }}
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
|
with:
|
|
python-version: '3.14'
|
|
|
|
- name: Set up Node-gyp
|
|
run: python -m pip install setuptools
|
|
|
|
- name: Cache Rust dependencies
|
|
uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
|
|
with:
|
|
workspaces: |
|
|
apps/desktop/desktop_native -> target
|
|
cache-targets: "true"
|
|
|
|
- name: Print environment
|
|
run: |
|
|
node --version
|
|
npm --version
|
|
rustup show
|
|
echo "GitHub ref: $GITHUB_REF"
|
|
echo "GitHub event: $GITHUB_EVENT"
|
|
xcodebuild -showsdks
|
|
|
|
- name: Get Build Cache
|
|
id: build-cache
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
with:
|
|
path: apps/desktop/build
|
|
key: ${{ runner.os }}-${{ github.run_id }}-build
|
|
|
|
- name: Setup Safari Cache
|
|
id: safari-cache
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
with:
|
|
path: apps/browser/dist/Safari
|
|
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
|
|
|
- name: Log in to Azure
|
|
uses: bitwarden/gh-actions/azure-login@main
|
|
with:
|
|
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
|
|
client_id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
|
|
- name: Get Azure Key Vault secrets
|
|
id: get-kv-secrets
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: gh-clients
|
|
secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER"
|
|
|
|
- name: Download Provisioning Profiles secrets
|
|
env:
|
|
ACCOUNT_NAME: bitwardenci
|
|
CONTAINER_NAME: profiles
|
|
run: |
|
|
mkdir -p "$HOME/secrets"
|
|
|
|
az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
|
|
--name bitwarden_desktop_developer_id.provisionprofile \
|
|
--file "$HOME/secrets/bitwarden_desktop_developer_id.provisionprofile" \
|
|
--output none
|
|
|
|
az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
|
|
--name bitwarden_desktop_autofill_developer_id.provisionprofile \
|
|
--file "$HOME/secrets/bitwarden_desktop_autofill_developer_id.provisionprofile" \
|
|
--output none
|
|
|
|
- name: Get certificates
|
|
run: |
|
|
mkdir -p "$HOME/certificates"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
|
|
jq -r .value | base64 -d > "$HOME/certificates/bitwarden-desktop-key.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/appstore-app-cert.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/appstore-installer-cert.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/devid-app-cert.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/devid-installer-cert.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/macdev-cert.p12"
|
|
|
|
- name: Log out from Azure
|
|
uses: bitwarden/gh-actions/azure-logout@main
|
|
|
|
- name: Set up keychain
|
|
env:
|
|
KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
|
|
run: |
|
|
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
|
|
security default-keychain -s build.keychain
|
|
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
|
|
security set-keychain-settings -lut 1200 build.keychain
|
|
|
|
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
|
|
|
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
|
|
|
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
|
|
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
|
|
|
|
- name: Set up provisioning profiles
|
|
run: |
|
|
cp "$HOME/secrets/bitwarden_desktop_developer_id.provisionprofile" \
|
|
"$GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_developer_id.provisionprofile"
|
|
|
|
mkdir -p "$HOME/Library/MobileDevice/Provisioning Profiles"
|
|
APP_UUID=$(grep UUID -A1 -a "$HOME/secrets/bitwarden_desktop_developer_id.provisionprofile" | grep -io "[-A-Z0-9]\{36\}")
|
|
AUTOFILL_UUID=$(grep UUID -A1 -a "$HOME/secrets/bitwarden_desktop_autofill_developer_id.provisionprofile" | grep -io "[-A-Z0-9]\{36\}")
|
|
|
|
cp "$HOME/secrets/bitwarden_desktop_developer_id.provisionprofile" \
|
|
"$HOME/Library/MobileDevice/Provisioning Profiles/$APP_UUID.provisionprofile"
|
|
cp "$HOME/secrets/bitwarden_desktop_autofill_developer_id.provisionprofile" \
|
|
"$HOME/Library/MobileDevice/Provisioning Profiles/$AUTOFILL_UUID.provisionprofile"
|
|
|
|
- name: Increment version
|
|
shell: pwsh
|
|
env:
|
|
BUILD_NUMBER: ${{ needs.setup.outputs.build_number }}
|
|
run: |
|
|
$package = Get-Content -Raw -Path electron-builder.json | ConvertFrom-Json
|
|
$package | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"
|
|
$package | ConvertTo-Json -Depth 32 | Set-Content -Path electron-builder.json
|
|
Write-Output "### MacOS GitHub build number: $env:BUILD_NUMBER"
|
|
|
|
- name: Install Node dependencies
|
|
run: npm ci
|
|
working-directory: ./
|
|
|
|
- name: Download SDK Artifacts
|
|
if: ${{ inputs.sdk_branch != '' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
workflow: build-wasm-internal.yml
|
|
workflow_conclusion: success
|
|
branch: ${{ inputs.sdk_branch }}
|
|
artifacts: sdk-internal
|
|
repo: bitwarden/sdk-internal
|
|
path: ../sdk-internal
|
|
if_no_artifact_found: fail
|
|
|
|
- name: Override SDK
|
|
if: ${{ inputs.sdk_branch != '' }}
|
|
working-directory: ./
|
|
run: |
|
|
ls -l ../
|
|
npm link ../sdk-internal
|
|
|
|
- name: Cache Native Module
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
id: cache
|
|
with:
|
|
path: |
|
|
apps/desktop/desktop_native/napi/*.node
|
|
apps/desktop/desktop_native/dist/*
|
|
key: rust-${{ runner.os }}-${{ hashFiles('apps/desktop/desktop_native/**/*') }}
|
|
|
|
- name: Build Native Module
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
|
working-directory: apps/desktop/desktop_native
|
|
run: node build.js cross-platform
|
|
|
|
- name: Build
|
|
if: steps.build-cache.outputs.cache-hit != 'true'
|
|
run: npm run build
|
|
|
|
- name: Download Browser artifact
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
|
|
with:
|
|
path: ${{ github.workspace }}/browser-build-artifacts
|
|
|
|
- name: Unzip Safari artifact
|
|
run: |
|
|
SAFARI_DIR=$(find "$GITHUB_WORKSPACE/browser-build-artifacts" -name 'dist-safari-*.zip')
|
|
echo "$SAFARI_DIR"
|
|
unzip "$SAFARI_DIR/dist-safari.zip" -d "$GITHUB_WORKSPACE/browser-build-artifacts"
|
|
|
|
- name: Load Safari extension for .dmg
|
|
run: |
|
|
mkdir PlugIns
|
|
cp -r "$GITHUB_WORKSPACE/browser-build-artifacts/Safari/dmg/build/Release/safari.appex" PlugIns/safari.appex
|
|
|
|
- name: Set up private auth key
|
|
env:
|
|
_APP_STORE_CONNECT_AUTH_KEY: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
|
|
run: |
|
|
mkdir ~/private_keys
|
|
cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8
|
|
$_APP_STORE_CONNECT_AUTH_KEY
|
|
EOF
|
|
|
|
- name: Build application (dist)
|
|
env:
|
|
APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
|
|
APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
|
|
APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8
|
|
CSC_FOR_PULL_REQUEST: true
|
|
run: npm run pack:mac
|
|
|
|
- name: Upload .zip artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal-mac.zip
|
|
path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-universal-mac.zip
|
|
if-no-files-found: error
|
|
|
|
- name: Upload .dmg artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg
|
|
path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg
|
|
if-no-files-found: error
|
|
|
|
- name: Upload .dmg blockmap artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg.blockmap
|
|
path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg.blockmap
|
|
if-no-files-found: error
|
|
|
|
- name: Upload auto-update artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: ${{ needs.setup.outputs.release_channel }}-mac.yml
|
|
path: apps/desktop/dist/${{ needs.setup.outputs.release_channel }}-mac.yml
|
|
if-no-files-found: error
|
|
|
|
macos-package-mas:
|
|
name: MacOS Package Prod Release Asset
|
|
runs-on: macos-15
|
|
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
|
needs:
|
|
- browser-build
|
|
- macos-build
|
|
- setup
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
env:
|
|
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
|
|
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
|
|
NODE_OPTIONS: --max_old_space_size=4096
|
|
defaults:
|
|
run:
|
|
working-directory: apps/desktop
|
|
steps:
|
|
- name: Check out repo
|
|
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
|
with:
|
|
cache: 'npm'
|
|
cache-dependency-path: '**/package-lock.json'
|
|
node-version: ${{ env._NODE_VERSION }}
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
|
with:
|
|
python-version: '3.14'
|
|
|
|
- name: Set up Node-gyp
|
|
run: python -m pip install setuptools
|
|
|
|
- name: Cache Rust dependencies
|
|
uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
|
|
with:
|
|
workspaces: |
|
|
apps/desktop/desktop_native -> target
|
|
cache-targets: "true"
|
|
|
|
- name: Print environment
|
|
run: |
|
|
node --version
|
|
npm --version
|
|
rustup show
|
|
echo "GitHub ref: $GITHUB_REF"
|
|
echo "GitHub event: $GITHUB_EVENT"
|
|
xcodebuild -showsdks
|
|
|
|
- name: Get Build Cache
|
|
id: build-cache
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
with:
|
|
path: apps/desktop/build
|
|
key: ${{ runner.os }}-${{ github.run_id }}-build
|
|
|
|
- name: Setup Safari Cache
|
|
id: safari-cache
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
with:
|
|
path: apps/browser/dist/Safari
|
|
key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
|
|
|
|
- name: Log in to Azure
|
|
uses: bitwarden/gh-actions/azure-login@main
|
|
with:
|
|
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
|
|
client_id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
|
|
- name: Get Azure Key Vault secrets
|
|
id: get-kv-secrets
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: gh-clients
|
|
secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER"
|
|
|
|
- name: Retrieve Slack secret
|
|
id: retrieve-slack-secret
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: bitwarden-ci
|
|
secrets: "slack-bot-token"
|
|
|
|
- name: Download Provisioning Profiles secrets
|
|
env:
|
|
ACCOUNT_NAME: bitwardenci
|
|
CONTAINER_NAME: profiles
|
|
run: |
|
|
mkdir -p "$HOME/secrets"
|
|
|
|
az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
|
|
--name bitwarden_desktop_appstore.provisionprofile \
|
|
--file "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
|
--output none
|
|
|
|
az storage blob download --account-name "$ACCOUNT_NAME" --container-name "$CONTAINER_NAME" \
|
|
--name bitwarden_desktop_autofill_app_store_2024.provisionprofile \
|
|
--file "$HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile" \
|
|
--output none
|
|
|
|
- name: Get certificates
|
|
run: |
|
|
mkdir -p "$HOME/certificates"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key |
|
|
jq -r .value | base64 -d > "$HOME/certificates/bitwarden-desktop-key.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/appstore-app-cert.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-installer-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/appstore-installer-cert.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/devid-app-cert.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/devid-installer-cert.p12"
|
|
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
|
|
jq -r .value | base64 -d > "$HOME/certificates/macdev-cert.p12"
|
|
|
|
- name: Log out from Azure
|
|
uses: bitwarden/gh-actions/azure-logout@main
|
|
|
|
- name: Set up keychain
|
|
env:
|
|
KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
|
|
run: |
|
|
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
|
|
security default-keychain -s build.keychain
|
|
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
|
|
security set-keychain-settings -lut 1200 build.keychain
|
|
|
|
security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
|
|
|
security import "$HOME/certificates/appstore-app-cert.p12" -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
|
|
|
security import "$HOME/certificates/appstore-installer-cert.p12" -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
|
|
|
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
|
|
|
|
- name: Set up provisioning profiles
|
|
run: |
|
|
cp "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
|
"$GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile"
|
|
|
|
mkdir -p "$HOME/Library/MobileDevice/Provisioning Profiles"
|
|
APP_UUID=$(grep UUID -A1 -a "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" | grep -io "[-A-Z0-9]\{36\}")
|
|
AUTOFILL_UUID=$(grep UUID -A1 -a "$HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile" | grep -io "[-A-Z0-9]\{36\}")
|
|
|
|
cp "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
|
|
"$HOME/Library/MobileDevice/Provisioning Profiles/$APP_UUID.provisionprofile"
|
|
cp "$HOME/secrets/bitwarden_desktop_autofill_app_store_2024.provisionprofile" \
|
|
"$HOME/Library/MobileDevice/Provisioning Profiles/$AUTOFILL_UUID.provisionprofile"
|
|
|
|
- name: Increment version
|
|
shell: pwsh
|
|
env:
|
|
BUILD_NUMBER: ${{ needs.setup.outputs.build_number }}
|
|
run: |
|
|
$package = Get-Content -Raw -Path electron-builder.json | ConvertFrom-Json
|
|
$package | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"
|
|
$package | ConvertTo-Json -Depth 32 | Set-Content -Path electron-builder.json
|
|
|
|
Write-Output "### MacOS App Store build number: $env:BUILD_NUMBER"
|
|
|
|
- name: Install Node dependencies
|
|
run: npm ci
|
|
working-directory: ./
|
|
|
|
- name: Download SDK Artifacts
|
|
if: ${{ inputs.sdk_branch != '' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
workflow: build-wasm-internal.yml
|
|
workflow_conclusion: success
|
|
branch: ${{ inputs.sdk_branch }}
|
|
artifacts: sdk-internal
|
|
repo: bitwarden/sdk-internal
|
|
path: ../sdk-internal
|
|
if_no_artifact_found: fail
|
|
|
|
- name: Override SDK
|
|
if: ${{ inputs.sdk_branch != '' }}
|
|
working-directory: ./
|
|
run: |
|
|
ls -l ../
|
|
npm link ../sdk-internal
|
|
|
|
- name: Cache Native Module
|
|
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
id: cache
|
|
with:
|
|
path: |
|
|
apps/desktop/desktop_native/napi/*.node
|
|
apps/desktop/desktop_native/dist/*
|
|
key: rust-${{ runner.os }}-${{ hashFiles('apps/desktop/desktop_native/**/*') }}
|
|
|
|
- name: Build Native Module
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
|
working-directory: apps/desktop/desktop_native
|
|
run: node build.js cross-platform
|
|
|
|
- name: Build
|
|
if: steps.build-cache.outputs.cache-hit != 'true'
|
|
run: npm run build
|
|
|
|
- name: Download Browser artifact
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
|
|
with:
|
|
path: ${{ github.workspace }}/browser-build-artifacts
|
|
|
|
- name: Unzip Safari artifact
|
|
run: |
|
|
SAFARI_DIR=$(find "$GITHUB_WORKSPACE/browser-build-artifacts" -name 'dist-safari-*.zip')
|
|
echo "$SAFARI_DIR"
|
|
unzip "$SAFARI_DIR/dist-safari.zip" -d "$GITHUB_WORKSPACE/browser-build-artifacts"
|
|
|
|
- name: Load Safari extension for App Store
|
|
run: |
|
|
mkdir PlugIns
|
|
cp -r "$GITHUB_WORKSPACE/browser-build-artifacts/Safari/mas/build/Release/safari.appex" "PlugIns/safari.appex"
|
|
|
|
- name: Set up private auth key
|
|
env:
|
|
_APP_STORE_CONNECT_AUTH_KEY: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
|
|
run: |
|
|
mkdir ~/private_keys
|
|
cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8
|
|
$_APP_STORE_CONNECT_AUTH_KEY
|
|
EOF
|
|
|
|
- name: Build application for App Store
|
|
env:
|
|
APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
|
|
APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
|
|
APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8
|
|
CSC_FOR_PULL_REQUEST: true
|
|
run: npm run pack:mac:mas
|
|
|
|
- name: Create MacOS App Store build number artifact
|
|
shell: pwsh
|
|
env:
|
|
BUILD_NUMBER: ${{ needs.setup.outputs.build_number }}
|
|
run: |
|
|
$buildInfo = @{
|
|
buildNumber = $env:BUILD_NUMBER
|
|
}
|
|
$buildInfo | ConvertTo-Json | Set-Content -Path dist/macos-build-number.json
|
|
|
|
- name: Upload MacOS App Store build number artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: macos-build-number.json
|
|
path: apps/desktop/dist/macos-build-number.json
|
|
if-no-files-found: error
|
|
|
|
- name: Upload .pkg artifact
|
|
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
|
|
with:
|
|
name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg
|
|
path: apps/desktop/dist/mas-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg
|
|
if-no-files-found: error
|
|
|
|
- name: Create secrets for Fastlane
|
|
if: |
|
|
github.event_name != 'pull_request_target'
|
|
&& (inputs.testflight_distribute || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop')
|
|
env:
|
|
_APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
|
|
run: |
|
|
brew install gsed
|
|
|
|
KEY_WITHOUT_NEWLINES=$(gsed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g' ~/private_keys/AuthKey_6TV9MKN3GP.p8)
|
|
|
|
cat << EOF > ~/secrets/appstoreconnect-fastlane.json
|
|
{
|
|
"issuer_id": "$_APP_STORE_CONNECT_TEAM_ISSUER",
|
|
"key_id": "6TV9MKN3GP",
|
|
"key": "$KEY_WITHOUT_NEWLINES"
|
|
}
|
|
EOF
|
|
|
|
- name: Deploy to TestFlight
|
|
id: testflight-deploy
|
|
if: |
|
|
github.event_name != 'pull_request_target'
|
|
&& (inputs.testflight_distribute || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop')
|
|
env:
|
|
APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
|
|
APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
|
|
BRANCH: ${{ github.ref }}
|
|
run: |
|
|
|
|
GIT_CHANGE="$(git show -s --format=%s)"
|
|
|
|
BRANCH=$(echo "$BRANCH" | sed 's/refs\/heads\///')
|
|
|
|
CHANGELOG="$BRANCH: $GIT_CHANGE"
|
|
|
|
fastlane pilot upload \
|
|
--app_identifier "com.bitwarden.desktop" \
|
|
--changelog "$CHANGELOG" \
|
|
--api_key_path "$HOME/secrets/appstoreconnect-fastlane.json" \
|
|
--pkg "$(find ./dist/mas-universal/Bitwarden*.pkg)"
|
|
|
|
- name: Post message to a Slack channel
|
|
id: slack-message
|
|
if: |
|
|
github.event_name != 'pull_request_target'
|
|
&& (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop')
|
|
uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
|
|
with:
|
|
channel-id: C074F5UESQ0
|
|
method: chat.postMessage
|
|
token: ${{ steps.retrieve-slack-secret.outputs.slack-bot-token }}
|
|
payload: |
|
|
{
|
|
"blocks": [
|
|
{
|
|
"type": "section",
|
|
"text": {
|
|
"type": "mrkdwn",
|
|
"text": "Desktop client v${{ env._PACKAGE_VERSION }} <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|build ${{ env.BUILD_NUMBER }}> success on *${{ github.ref_name }}*"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
env:
|
|
BUILD_NUMBER: ${{ needs.setup.outputs.build_number }}
|
|
|
|
crowdin-push:
|
|
name: Crowdin Push
|
|
if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
|
|
needs:
|
|
- linux
|
|
- windows
|
|
- macos-package-github
|
|
- macos-package-mas
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
id-token: write
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Check out repo
|
|
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: false
|
|
|
|
- name: Log in to Azure
|
|
uses: bitwarden/gh-actions/azure-login@main
|
|
with:
|
|
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
|
|
client_id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: "bitwarden-ci"
|
|
secrets: "crowdin-api-token"
|
|
|
|
- name: Log out from Azure
|
|
uses: bitwarden/gh-actions/azure-logout@main
|
|
|
|
- name: Upload Sources
|
|
uses: crowdin/github-action@08713f00a50548bfe39b37e8f44afb53e7a802d4 # v2.12.0
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
|
|
CROWDIN_PROJECT_ID: "299360"
|
|
with:
|
|
config: apps/desktop/crowdin.yml
|
|
crowdin_branch_name: main
|
|
upload_sources: true
|
|
upload_translations: false
|
|
|
|
check-failures:
|
|
name: Check for failures
|
|
if: always()
|
|
runs-on: ubuntu-22.04
|
|
needs:
|
|
- electron-verify
|
|
- browser-build
|
|
- setup
|
|
- linux
|
|
- windows
|
|
- macos-build
|
|
- macos-package-github
|
|
- macos-package-mas
|
|
- crowdin-push
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
steps:
|
|
- name: Check if any job failed
|
|
if: |
|
|
github.event_name != 'pull_request_target'
|
|
&& (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop')
|
|
&& contains(needs.*.result, 'failure')
|
|
run: exit 1
|
|
|
|
- name: Log in to Azure
|
|
if: failure()
|
|
uses: bitwarden/gh-actions/azure-login@main
|
|
with:
|
|
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
|
|
client_id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
if: failure()
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: "bitwarden-ci"
|
|
secrets: "devops-alerts-slack-webhook-url"
|
|
|
|
- name: Log out from Azure
|
|
uses: bitwarden/gh-actions/azure-logout@main
|
|
|
|
- name: Notify Slack on failure
|
|
uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
|
|
if: failure()
|
|
env:
|
|
SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
|
|
with:
|
|
status: ${{ job.status }}
|