name: Build GUI on: pull_request: {} push: branches: - "main" - "rc" - "hotfix-rc" workflow_dispatch: {} permissions: contents: read jobs: cloc: name: CLOC runs-on: ubuntu-24.04 steps: - name: Checkout repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up CLOC run: | sudo apt update sudo apt -y install cloc - name: Print lines of code run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git setup: name: Setup runs-on: ubuntu-24.04 outputs: package_version: ${{ steps.retrieve-version.outputs.package_version }} steps: - name: Checkout repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get Package Version id: retrieve-version run: | PKG_VERSION=$(jq -r .version package.json) echo "package_version=$PKG_VERSION" >> $GITHUB_OUTPUT windows-gui: name: Build Windows GUI runs-on: windows-2022 needs: setup env: NODE_OPTIONS: --max_old_space_size=4096 _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} HUSKY: 0 steps: - name: Checkout repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Node uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: cache: 'npm' cache-dependency-path: '**/package-lock.json' node-version: '18' - name: Update NPM run: | npm install -g node-gyp node-gyp install $(node -v) - name: Print environment run: | node --version npm --version - name: Install AST run: dotnet tool install --global AzureSignTool --version 4.0.1 - name: Install Node dependencies run: npm install - name: Login to Azure uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: "bitwarden-ci" secrets: "code-signing-vault-url, code-signing-client-id, code-signing-tenant-id, code-signing-client-secret, code-signing-cert-name" - name: Build & Sign run: npm run dist:win env: ELECTRON_BUILDER_SIGN: 1 SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }} SIGNING_CLIENT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-client-id }} SIGNING_TENANT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-tenant-id }} SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }} SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }} - name: Upload Portable Executable to GitHub uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe path: ./dist/Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe if-no-files-found: error - name: Upload Installer Executable to GitHub uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe if-no-files-found: error - name: Upload Installer Executable Blockmap to GitHub uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap if-no-files-found: error - name: Upload latest auto-update artifact uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: latest.yml path: ./dist/latest.yml if-no-files-found: error linux-gui: name: Build Linux GUI runs-on: ubuntu-24.04 needs: setup env: NODE_OPTIONS: --max_old_space_size=4096 _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} HUSKY: 0 steps: - name: Checkout repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Node uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: cache: 'npm' cache-dependency-path: '**/package-lock.json' node-version: '18' - name: Update NPM run: | npm install -g node-gyp node-gyp install $(node -v) - name: Set up environment run: | sudo apt-get update sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev sudo apt-get -y install rpm - name: NPM Install run: npm install - name: NPM Rebuild run: npm run rebuild - name: NPM Package run: npm run dist:lin - name: Upload AppImage uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage if-no-files-found: error - name: Upload latest auto-update artifact uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: latest-linux.yml path: ./dist/latest-linux.yml if-no-files-found: error macos-gui: name: Build MacOS GUI runs-on: macos-13 needs: setup env: NODE_OPTIONS: --max_old_space_size=4096 _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} HUSKY: 0 steps: - name: Checkout repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Node uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: cache: 'npm' cache-dependency-path: '**/package-lock.json' node-version: '18' - name: Update NPM run: | npm install -g node-gyp node-gyp install $(node -v) - name: Print environment run: | node --version npm --version echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" - name: Login to Azure uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Get certificates run: | mkdir -p $HOME/certificates az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert | jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12 az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12 az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12 - name: Set up keychain env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Load package version run: | $rootPath = $env:GITHUB_WORKSPACE; $packageVersion = (Get-Content -Raw -Path $rootPath\package.json | ConvertFrom-Json).version; Write-Output "Setting package version to $packageVersion"; Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append; shell: pwsh - name: Install Node dependencies run: npm install - name: Set up private auth key run: | mkdir ~/private_keys cat << EOF > ~/private_keys/AuthKey_UFD296548T.p8 ${{ secrets.APP_STORE_CONNECT_AUTH_KEY }} EOF - name: Build application run: npm run dist:mac env: APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }} APP_STORE_CONNECT_AUTH_KEY: UFD296548T APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_UFD296548T.p8 CSC_FOR_PULL_REQUEST: true - name: Upload .zip artifact uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip if-no-files-found: error - name: Upload .dmg artifact uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg if-no-files-found: error - name: Upload .dmg Blockmap artifact uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap if-no-files-found: error - name: Upload latest auto-update artifact uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: latest-mac.yml path: ./dist/latest-mac.yml if-no-files-found: error check-failures: name: Check for failures runs-on: ubuntu-24.04 needs: - cloc - setup - windows-gui - linux-gui - macos-gui steps: - name: Check if any job failed if: | (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc') && contains(needs.*.result, 'failure') run: exit 1 - name: Login to Azure - CI subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 if: failure() with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main if: failure() with: keyvault: "bitwarden-ci" secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 if: failure() env: SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} with: status: ${{ job.status }}