diff --git a/.github/secrets/GoogleService-Info.plist.gpg b/.github/secrets/GoogleService-Info.plist.gpg deleted file mode 100644 index 6f04d0929..000000000 Binary files a/.github/secrets/GoogleService-Info.plist.gpg and /dev/null differ diff --git a/.github/secrets/app_fdroid-keystore.jks.gpg b/.github/secrets/app_fdroid-keystore.jks.gpg deleted file mode 100644 index 3c1db4912..000000000 Binary files a/.github/secrets/app_fdroid-keystore.jks.gpg and /dev/null differ diff --git a/.github/secrets/app_play-keystore.jks.gpg b/.github/secrets/app_play-keystore.jks.gpg deleted file mode 100644 index 32d9aa720..000000000 Binary files a/.github/secrets/app_play-keystore.jks.gpg and /dev/null differ diff --git a/.github/secrets/app_upload-keystore.jks.gpg b/.github/secrets/app_upload-keystore.jks.gpg deleted file mode 100644 index b723c00a0..000000000 Binary files a/.github/secrets/app_upload-keystore.jks.gpg and /dev/null differ diff --git a/.github/secrets/bitwarden-mobile-key.p12.gpg b/.github/secrets/bitwarden-mobile-key.p12.gpg deleted file mode 100644 index 85949be8c..000000000 Binary files a/.github/secrets/bitwarden-mobile-key.p12.gpg and /dev/null differ diff --git a/.github/secrets/dist_autofill.mobileprovision.gpg b/.github/secrets/dist_autofill.mobileprovision.gpg deleted file mode 100644 index de955c7b3..000000000 Binary files a/.github/secrets/dist_autofill.mobileprovision.gpg and /dev/null differ diff --git a/.github/secrets/dist_bitwarden.mobileprovision.gpg b/.github/secrets/dist_bitwarden.mobileprovision.gpg deleted file mode 100644 index 02433fe19..000000000 Binary files a/.github/secrets/dist_bitwarden.mobileprovision.gpg and /dev/null differ diff --git a/.github/secrets/dist_extension.mobileprovision.gpg b/.github/secrets/dist_extension.mobileprovision.gpg deleted file mode 100644 index fe25aafd8..000000000 Binary files a/.github/secrets/dist_extension.mobileprovision.gpg and /dev/null differ diff --git a/.github/secrets/dist_share_extension.mobileprovision.gpg b/.github/secrets/dist_share_extension.mobileprovision.gpg deleted file mode 100644 index aca9437c2..000000000 Binary files a/.github/secrets/dist_share_extension.mobileprovision.gpg and /dev/null differ diff --git a/.github/secrets/dist_watch_app.mobileprovision.gpg b/.github/secrets/dist_watch_app.mobileprovision.gpg deleted file mode 100644 index b7f4d4901..000000000 Binary files a/.github/secrets/dist_watch_app.mobileprovision.gpg and /dev/null differ diff --git a/.github/secrets/dist_watch_app_extension.mobileprovision.gpg b/.github/secrets/dist_watch_app_extension.mobileprovision.gpg deleted file mode 100644 index cc843f27a..000000000 Binary files a/.github/secrets/dist_watch_app_extension.mobileprovision.gpg and /dev/null differ diff --git a/.github/secrets/google-services.json.gpg b/.github/secrets/google-services.json.gpg deleted file mode 100644 index a999db757..000000000 --- a/.github/secrets/google-services.json.gpg +++ /dev/null @@ -1,3 +0,0 @@ -  KY#(EI֐߄T?)l"=|'em/~' F>lb[+RiL"~V:paڵel%8t튖y> $GITHUB_OUTPUT fi + android: name: Android runs-on: windows-2022 @@ -111,32 +113,34 @@ jobs: with: fetch-depth: 0 - - name: Decrypt secrets + - name: Login to Azure - CI Subscription + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Download secrets env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: mobile run: | mkdir -p $HOME/secrets - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output ${{ env.android_folder_path_bash }}/app_play-keystore.jks \ - .github/secrets/app_play-keystore.jks.gpg - - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output ${{ env.android_folder_path_bash }}/app_upload-keystore.jks \ - .github/secrets/app_upload-keystore.jks.gpg - - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output $HOME/secrets/play_creds.json \ - .github/secrets/play_creds.json.gpg + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name app_play-keystore.jks --file ./${{ env.android_folder_path_bash }}/app_play-keystore.jks --output none + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name app_upload-keystore.jks --file ./${{ env.android_folder_path_bash }}/app_upload-keystore.jks --output none + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name play_creds.json --file $HOME/secrets/play_creds.json --output none shell: bash - - name: Decrypt secrets - Google Services + - name: Download secrets - Google Services if: ${{ matrix.variant == 'prod' }} env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: mobile run: | - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output ${{ env.android_folder_path_bash }}/google-services.json .github/secrets/google-services.json.gpg + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name google-services.json --file ./${{ env.android_folder_path_bash }}/google-services.json --output none shell: bash - name: Increment version @@ -190,9 +194,7 @@ jobs: { $packageName = "com.x8bit.bitwarden.${{ matrix.variant }}"; } - Write-Output "########################################" Write-Output "##### Sign Google Play Bundle Release Configuration" - Write-Output "########################################" $signingUploadKeyStore = "$($env:GITHUB_WORKSPACE)\${{ env.android_folder_path }}\app_upload-keystore.jks" dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android ` @@ -203,17 +205,13 @@ jobs: /p:AndroidSigningKeyPass="$($env:UPLOAD_KEYSTORE_PASSWORD)" ` /p:AndroidSigningStorePass="$($env:UPLOAD_KEYSTORE_PASSWORD)" --no-restore - Write-Output "########################################" Write-Output "##### Copy Google Play Bundle to project root" - Write-Output "########################################" $signedAabPath = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_folder_path }}\bin\Release\${{ env.target-net-version }}-android\publish\$($packageName)-Signed.aab"; $signedAabDestPath = "$($env:GITHUB_WORKSPACE)\$($packageName).aab"; Copy-Item $signedAabPath $signedAabDestPath - Write-Output "########################################" Write-Output "##### Sign APK Release Configuration" - Write-Output "########################################" $signingPlayKeyStore = "$($env:GITHUB_WORKSPACE)\${{ env.android_folder_path }}\app_play-keystore.jks" dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android ` @@ -223,9 +221,7 @@ jobs: /p:AndroidSigningKeyPass="$($env:PLAY_KEYSTORE_PASSWORD)" ` /p:AndroidSigningStorePass="$($env:PLAY_KEYSTORE_PASSWORD)" --no-restore - Write-Output "########################################" Write-Output "##### Copy Release APK to project root" - Write-Output "########################################" $signedApkPath = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_folder_path }}\bin\Release\${{ env.target-net-version }}-android\publish\$($packageName)-Signed.apk"; $signedApkDestPath = "$($env:GITHUB_WORKSPACE)\$($packageName).apk"; @@ -343,23 +339,26 @@ jobs: - name: Checkout repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Decrypt secrets - env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} - run: | - mkdir -p ~/secrets + - name: Login to Azure - CI Subscription + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output ./${{ env.main_app_folder_path }}/app_fdroid-keystore.jks ./.github/secrets/app_fdroid-keystore.jks.gpg + - name: Download secrets + env: + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: mobile + FILE: app_fdroid-keystore.jks + run: | + mkdir -p $HOME/secrets + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \ + --file $HOME/secrets/$FILE --output none shell: bash - name: Increment version run: | BUILD_NUMBER=$((3000 + $GITHUB_RUN_NUMBER)) - - echo "########################################" echo "##### Setting Version Code $BUILD_NUMBER" - echo "########################################" sed -i "s/android:versionCode=\"1\"/android:versionCode=\"$BUILD_NUMBER\"/" \ ./${{ env.android_manifest_path }} @@ -372,16 +371,12 @@ jobs: $androidManifest = $($env:GITHUB_WORKSPACE + "/${{ env.android_manifest_path }}"); - Write-Output "########################################" - Write-Output "##### Backup project files" - Write-Output "########################################" + Write-Output "##### Back up project files" Copy-Item $androidManifest $($androidManifest + ".original"); Copy-Item $appPath $($appPath + ".original"); - Write-Output "########################################" Write-Output "##### Cleanup Android Manifest" - Write-Output "########################################" $xml=New-Object XML; $xml.Load($androidManifest); @@ -399,9 +394,7 @@ jobs: $configuration = "Release"; $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}"); - Write-Output "########################################" - Write-Output "##### Build $configuration FDROID - Write-Output "########################################" + Write-Output "##### Build $configuration FDROID" dotnet build $projToBuild -c $configuration -f ${{ env.target-net-version }}-android /p:CustomConstants="FDROID" @@ -412,15 +405,11 @@ jobs: $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}"); $packageName = "com.x8bit.bitwarden"; - Write-Output "########################################" Write-Output "##### Sign FDroid" - Write-Output "########################################" dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android /p:AndroidKeyStore=true /p:AndroidSigningKeyStore=$("app_fdroid-keystore.jks") /p:AndroidSigningKeyAlias=bitwarden /p:AndroidSigningKeyPass="$($env:FDROID_KEYSTORE_PASSWORD)" /p:AndroidSigningStorePass="$($env:FDROID_KEYSTORE_PASSWORD)" /p:CustomConstants="FDROID" --no-restore - Write-Output "########################################" Write-Output "##### Copy FDroid apk to project root" - Write-Output "########################################" $signedApkPath = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_folder_path }}/bin/Release/${{ env.target-net-version }}-android/publish/$($packageName)-Signed.apk"); $signedApkDestPath = $($env:GITHUB_WORKSPACE + "/com.x8bit.bitwarden-fdroid.apk"); @@ -500,42 +489,42 @@ jobs: keyvault: "bitwarden-ci" secrets: "appcenter-ios-token" - - name: Decrypt secrets + - name: Download Provisioning Profiles secrets env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: profiles run: | - mkdir -p ~/secrets + mkdir -p $HOME/secrets + profiles=( + "dist_autofill.mobileprovision" + "dist_bitwarden.mobileprovision" + "dist_extension.mobileprovision" + "dist_share_extension.mobileprovision" + "dist_bitwarden_watch_app.mobileprovision" + "dist_bitwarden_watch_app_extension.mobileprovision" + ) - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output $HOME/secrets/bitwarden-mobile-key.p12 ./.github/secrets/bitwarden-mobile-key.p12.gpg - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output $HOME/secrets/iphone-distribution-cert.p12 ./.github/secrets/iphone-distribution-cert.p12.gpg - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output $HOME/secrets/dist_autofill.mobileprovision ./.github/secrets/dist_autofill.mobileprovision.gpg - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output $HOME/secrets/dist_bitwarden.mobileprovision ./.github/secrets/dist_bitwarden.mobileprovision.gpg - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output $HOME/secrets/dist_extension.mobileprovision ./.github/secrets/dist_extension.mobileprovision.gpg - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output $HOME/secrets/dist_share_extension.mobileprovision \ - ./.github/secrets/dist_share_extension.mobileprovision.gpg - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output $HOME/secrets/dist_watch_app.mobileprovision \ - ./.github/secrets/dist_watch_app.mobileprovision.gpg - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output $HOME/secrets/dist_watch_app_extension.mobileprovision \ - ./.github/secrets/dist_watch_app_extension.mobileprovision.gpg - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output ./src/watchOS/bitwarden/GoogleService-Info.plist ./.github/secrets/GoogleService-Info.plist.gpg + for FILE in "${profiles[@]}" + do + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \ + --file $HOME/secrets/$FILE --output none + done + + - name: Download Google Services secret + env: + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: mobile + FILE: GoogleService-Info.plist + run: | + mkdir -p $HOME/secrets + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \ + --file $HOME/secrets/$FILE --output none - name: Increment version run: | BUILD_NUMBER=$((100 + $GITHUB_RUN_NUMBER)) - echo "########################################" echo "##### Setting CFBundleVersion $BUILD_NUMBER" - echo "########################################" - echo "### CFBundleVersion $BUILD_NUMBER" >> $GITHUB_STEP_SUMMARY perl -0777 -pi.bak -e 's/CFBundleVersion<\/key>\s*1<\/string>/CFBundleVersion<\/key>\n\t'"$BUILD_NUMBER"'<\/string>/' ./${{ env.ios_folder_path }}/Info.plist @@ -543,30 +532,30 @@ jobs: perl -0777 -pi.bak -e 's/CFBundleVersion<\/key>\s*1<\/string>/CFBundleVersion<\/key>\n\t'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Autofill/Info.plist perl -0777 -pi.bak -e 's/CFBundleVersion<\/key>\s*1<\/string>/CFBundleVersion<\/key>\n\t'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.ShareExtension/Info.plist cd src/watchOS/bitwarden - agvtool new-version -all $BUILD_NUMBER + agvtool new-version -all $BUILD_NUMBER - name: Update Entitlements run: | - echo "########################################" echo "##### Updating Entitlements" - echo "########################################" - perl -0777 -pi.bak -e 's/aps-environment<\/key>\s*development<\/string>/aps-environment<\/key>\n\tproduction<\/string>/' ./${{ env.ios_folder_path }}/Entitlements.plist + + - name: Get certificates + run: | + mkdir -p $HOME/certificates + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/ios-distribution | + jq -r .value | base64 -d > $HOME/certificates/ios-distribution.p12 - name: Set up Keychain env: KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }} - MOBILE_KEY_PASSWORD: ${{ secrets.IOS_KEY_PASSWORD }} - DIST_CERT_PASSWORD: ${{ secrets.IOS_DIST_CERT_PASSWORD }} run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain - security import ~/secrets/bitwarden-mobile-key.p12 -k build.keychain -P $MOBILE_KEY_PASSWORD \ - -T /usr/bin/codesign -T /usr/bin/security - security import ~/secrets/iphone-distribution-cert.p12 -k build.keychain -P $DIST_CERT_PASSWORD \ - -T /usr/bin/codesign -T /usr/bin/security + + security import $HOME/certificates/ios-distribution.p12 -k build.keychain -P "" -T /usr/bin/codesign \ + -T /usr/bin/security security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles @@ -575,8 +564,8 @@ jobs: BITWARDEN_PROFILE_PATH=$HOME/secrets/dist_bitwarden.mobileprovision EXTENSION_PROFILE_PATH=$HOME/secrets/dist_extension.mobileprovision SHARE_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_share_extension.mobileprovision - WATCH_APP_PROFILE_PATH=$HOME/secrets/dist_watch_app.mobileprovision - WATCH_APP_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_watch_app_extension.mobileprovision + WATCH_APP_PROFILE_PATH=$HOME/secrets/dist_bitwarden_watch_app.mobileprovision + WATCH_APP_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_bitwarden_watch_app_extension.mobileprovision PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles mkdir -p "$PROFILES_DIR_PATH" @@ -604,68 +593,44 @@ jobs: - name: Bulid WatchApp run: | - echo "########################################" echo "##### Build WatchApp with Release Configuration" - echo "########################################" - xcodebuild archive -workspace ./src/watchOS/bitwarden/bitwarden.xcodeproj/project.xcworkspace -configuration Release -scheme bitwarden\ WatchKit\ App -archivePath ./src/watchOS/bitwarden - echo "########################################" - echo "##### Done" - echo "########################################" - - name: Archive Build for App Store run: | - Write-Output "########################################" - Write-Output "##### Archive for Release ios-arm64 - Write-Output "########################################" - + echo "##### Archive for Release ios-arm64" dotnet publish ${{ env.main_app_project_path }} -c Release -f ${{ env.target-net-version }}-ios /p:RuntimeIdentifier=ios-arm64 /p:ArchiveOnBuild=true /p:MtouchUseLlvm=false - Write-Output "########################################" - Write-Output "##### Done" - Write-Output "########################################" - shell: pwsh - - name: Archive Build for Mobile Automation run: | - Write-Output "########################################" - Write-Output "##### Archive Debug for iossimulator-x64 - Write-Output "########################################" - + echo "##### Archive Debug for iossimulator-x64" dotnet build ${{ env.main_app_project_path }} -c Debug -f ${{ env.target-net-version }}-ios /p:RuntimeIdentifier=iossimulator-x64 /p:ArchiveOnBuild=true /p:MtouchUseLlvm=false - - Write-Output "########################################" - Write-Output "##### Done" - Write-Output "########################################" - ls ~/Library/Developer/Xcode/Archives - shell: pwsh + ls $HOME/Library/Developer/Xcode/Archives - name: Export .ipa for App Store + env: + EXPORT_OPTIONS_PATH: ./.github/resources/export-options-app-store.plist + EXPORT_PATH: ./bitwarden-export run: | - EXPORT_OPTIONS_PATH="./.github/resources/export-options-app-store.plist" ARCHIVE_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive" - EXPORT_PATH="./bitwarden-export" - xcodebuild -exportArchive -archivePath $ARCHIVE_PATH -exportPath $EXPORT_PATH \ -exportOptionsPlist $EXPORT_OPTIONS_PATH - name: Export .app for Automation CI + env: + ARCHIVE_PATH: ./${{ env.main_app_folder_path }}/bin/Debug/${{ env.target-net-version }}-ios/iossimulator-x64 + EXPORT_PATH: ./bitwarden-export run: | - ARCHIVE_PATH="./${{ env.main_app_folder_path }}/bin/Debug/${{ env.target-net-version }}-ios/iossimulator-x64" - EXPORT_PATH="./bitwarden-export" - zip -r -q ${{ env.app_ci_output_filename }}.app.zip $ARCHIVE_PATH mv ${{ env.app_ci_output_filename }}.app.zip $EXPORT_PATH - name: Copy all dSYMs files to upload + env: + EXPORT_PATH: ./bitwarden-export + WATCH_ARCHIVE_DSYMS_PATH: ./src/watchOS/bitwarden.xcarchive/dSYMs/ + WATCH_DSYMS_EXPORT_PATH: ./bitwarden-export/Watch_dSYMs run: | ARCHIVE_DSYMS_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive/dSYMs" - EXPORT_PATH="./bitwarden-export" - - WATCH_ARCHIVE_DSYMS_PATH="./src/watchOS/bitwarden.xcarchive/dSYMs/" - WATCH_DSYMS_EXPORT_PATH="$EXPORT_PATH/Watch_dSYMs" - cp -r -v $ARCHIVE_DSYMS_PATH $EXPORT_PATH mkdir $WATCH_DSYMS_EXPORT_PATH cp -r -v $WATCH_ARCHIVE_DSYMS_PATH $WATCH_DSYMS_EXPORT_PATH @@ -714,10 +679,7 @@ jobs: || (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0) || github.ref == 'refs/heads/hotfix-rc' run: | - echo "########################################" echo "##### Uploading Watch dSYMs to Firebase" - echo "########################################" - find "$HOME/Library/Developer/XCode/DerivedData" -name "upload-symbols" -exec chmod +x {} \; -exec {} -gsp "./src/watchOS/bitwarden/GoogleService-Info.plist" -p ios "./bitwarden-export/Watch_dSYMs" \; - name: Validate app in App Store @@ -733,7 +695,6 @@ jobs: run: | xcrun altool --validate-app --type ios --file "./bitwarden-export/Bitwarden.ipa" \ --username "$APPLE_ID_USERNAME" --password "$APPLE_ID_PASSWORD" - shell: bash - name: Deploy to App Store if: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5da27b909..b469a7268 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -176,13 +176,14 @@ jobs: - name: Install Node dependencies run: npm install - - name: Decrypt secrets + - name: Download secrets env: - DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: mobile run: | - mkdir -p ~/secrets - gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ - --output ./store/fdroid/keystore.jks ./.github/secrets/store_fdroid-keystore.jks.gpg + mkdir -p $HOME/secrets + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \ + --name store_fdroid-keystore.jks --file ./store/fdroid/keystore.jks --output none - name: Compile for F-Droid Store env: