292 lines
12 KiB
YAML
292 lines
12 KiB
YAML
---
|
|
name: Build
|
|
|
|
on:
|
|
push:
|
|
branches-ignore:
|
|
- "l10n_master"
|
|
- "gh-pages"
|
|
paths-ignore:
|
|
- ".github/workflows/**"
|
|
workflow_dispatch:
|
|
inputs: {}
|
|
|
|
jobs:
|
|
ios:
|
|
name: Apple iOS
|
|
runs-on: macos-13
|
|
steps:
|
|
- name: Setup NuGet
|
|
uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0
|
|
with:
|
|
nuget-version: 5.9.0
|
|
|
|
- name: Install Xamarin
|
|
run: |
|
|
brew install --cask xamarin-ios
|
|
brew install --cask xamarin-android
|
|
|
|
- name: Print environment
|
|
run: |
|
|
nuget help | grep Version
|
|
msbuild -version
|
|
dotnet --info
|
|
echo "GitHub ref: $GITHUB_REF"
|
|
echo "GitHub event: $GITHUB_EVENT"
|
|
|
|
- name: Checkout repo
|
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
|
with:
|
|
submodules: 'true'
|
|
|
|
- name: Login to Azure - CI Subscription
|
|
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.6
|
|
with:
|
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: "bitwarden-ci"
|
|
secrets: "appcenter-ios-token"
|
|
|
|
- name: Download Provisioning Profiles secrets
|
|
env:
|
|
ACCOUNT_NAME: bitwardenci
|
|
CONTAINER_NAME: profiles
|
|
run: |
|
|
mkdir -p $HOME/secrets
|
|
profiles=(
|
|
"dist_autofill.mobileprovision"
|
|
"dist_bitwarden.mobileprovision"
|
|
"dist_extension.mobileprovision"
|
|
"dist_share_extension.mobileprovision"
|
|
"dist_bitwarden_watch_app.mobileprovision"
|
|
"dist_bitwarden_watch_app_extension.mobileprovision"
|
|
)
|
|
|
|
for FILE in "${profiles[@]}"
|
|
do
|
|
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
|
|
--file $HOME/secrets/$FILE --output none
|
|
done
|
|
|
|
cd $HOME/secrets
|
|
mv dist_bitwarden_watch_app.mobileprovision dist_watch_app.mobileprovision
|
|
mv dist_bitwarden_watch_app_extension.mobileprovision dist_watch_app_extension.mobileprovision
|
|
|
|
- name: Download Google Services secret
|
|
env:
|
|
ACCOUNT_NAME: bitwardenci
|
|
CONTAINER_NAME: mobile
|
|
FILE: GoogleService-Info.plist
|
|
run: |
|
|
mkdir -p $HOME/secrets
|
|
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
|
|
--file src/watchOS/bitwarden/$FILE --output none
|
|
|
|
- name: Increment version
|
|
run: |
|
|
BUILD_NUMBER=$((100 + $GITHUB_RUN_NUMBER))
|
|
|
|
echo "########################################"
|
|
echo "##### Setting CFBundleVersion $BUILD_NUMBER"
|
|
echo "########################################"
|
|
|
|
perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS/Info.plist
|
|
perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Extension/Info.plist
|
|
perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Autofill/Info.plist
|
|
perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.ShareExtension/Info.plist
|
|
cd src/watchOS/bitwarden
|
|
agvtool new-version -all $BUILD_NUMBER
|
|
cd ../../..
|
|
shell: bash
|
|
|
|
- name: Update Entitlements
|
|
run: |
|
|
echo "########################################"
|
|
echo "##### Updating Entitlements"
|
|
echo "########################################"
|
|
|
|
perl -0777 -pi.bak -e 's/<key>aps-environment<\/key>\s*<string>development<\/string>/<key>aps-environment<\/key>\n\t<string>production<\/string>/' ./src/iOS/Entitlements.plist
|
|
shell: bash
|
|
|
|
- name: Get certificates
|
|
run: |
|
|
mkdir -p $HOME/certificates
|
|
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/ios-distribution |
|
|
jq -r .value | base64 -d > $HOME/certificates/ios-distribution.p12
|
|
|
|
cd $HOME/certificates
|
|
mv ios-distribution.p12 $HOME/secrets/iphone-distribution-cert.p12
|
|
|
|
- name: Set up Keychain
|
|
env:
|
|
KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }}
|
|
run: |
|
|
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
|
security default-keychain -s build.keychain
|
|
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
|
security set-keychain-settings -lut 1200 build.keychain
|
|
security import ~/secrets/iphone-distribution-cert.p12 -k build.keychain -P "" \
|
|
-T /usr/bin/codesign -T /usr/bin/security
|
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
|
shell: bash
|
|
|
|
- name: Set up provisioning profiles
|
|
run: |
|
|
AUTOFILL_PROFILE_PATH=$HOME/secrets/dist_autofill.mobileprovision
|
|
BITWARDEN_PROFILE_PATH=$HOME/secrets/dist_bitwarden.mobileprovision
|
|
EXTENSION_PROFILE_PATH=$HOME/secrets/dist_extension.mobileprovision
|
|
SHARE_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_share_extension.mobileprovision
|
|
WATCH_APP_PROFILE_PATH=$HOME/secrets/dist_watch_app.mobileprovision
|
|
WATCH_APP_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_watch_app_extension.mobileprovision
|
|
PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles
|
|
|
|
mkdir -p "$PROFILES_DIR_PATH"
|
|
|
|
AUTOFILL_UUID=$(grep UUID -A1 -a $AUTOFILL_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
|
|
cp $AUTOFILL_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTOFILL_UUID.mobileprovision"
|
|
|
|
BITWARDEN_UUID=$(grep UUID -A1 -a $BITWARDEN_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
|
|
cp $BITWARDEN_PROFILE_PATH "$PROFILES_DIR_PATH/$BITWARDEN_UUID.mobileprovision"
|
|
|
|
EXTENSION_UUID=$(grep UUID -A1 -a $EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
|
|
cp $EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$EXTENSION_UUID.mobileprovision"
|
|
|
|
SHARE_EXTENSION_UUID=$(grep UUID -A1 -a $SHARE_EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
|
|
cp $SHARE_EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$SHARE_EXTENSION_UUID.mobileprovision"
|
|
|
|
WATCH_APP_UUID=$(grep UUID -A1 -a $WATCH_APP_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
|
|
cp $WATCH_APP_PROFILE_PATH "$PROFILES_DIR_PATH/$WATCH_APP_UUID.mobileprovision"
|
|
|
|
WATCH_APP_EXTENSION_UUID=$(grep UUID -A1 -a $WATCH_APP_EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
|
|
cp $WATCH_APP_EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$WATCH_APP_EXTENSION_UUID.mobileprovision"
|
|
shell: bash
|
|
|
|
- name: Bulid WatchApp
|
|
run: |
|
|
echo "########################################"
|
|
echo "##### Build WatchApp with Release Configuration"
|
|
echo "########################################"
|
|
|
|
xcodebuild archive -workspace ./src/watchOS/bitwarden/bitwarden.xcodeproj/project.xcworkspace -configuration Release -scheme bitwarden\ WatchKit\ App -archivePath ./src/watchOS/bitwarden
|
|
|
|
echo "########################################"
|
|
echo "##### Done"
|
|
echo "########################################"
|
|
shell: bash
|
|
|
|
- name: Restore packages
|
|
run: nuget restore
|
|
|
|
- name: Archive Build for App Store
|
|
run: |
|
|
$configuration = "AppStore";
|
|
$platform = "iPhone";
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Archive $configuration Configuration for $platform Platform"
|
|
Write-Output "########################################"
|
|
msbuild "$($env:GITHUB_WORKSPACE + "/src/iOS/iOS.csproj")" "/p:Platform=$platform" `
|
|
"/p:Configuration=$configuration" "/p:ArchiveOnBuild=true" "/t:`"Build`""
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Done"
|
|
Write-Output "########################################"
|
|
shell: pwsh
|
|
|
|
- name: Archive Build for Mobile Automation
|
|
run: |
|
|
$configuration = "Release";
|
|
$platform = "iPhoneSimulator";
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Archive $configuration Configuration for $platform Platform"
|
|
Write-Output "########################################"
|
|
msbuild "$($env:GITHUB_WORKSPACE + "/src/iOS/iOS.csproj")" "/p:Platform=$platform" `
|
|
"/p:Configuration=$configuration" "/p:ArchiveOnBuild=true" "/t:`"Build`""
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Done"
|
|
Write-Output "########################################"
|
|
ls ~/Library/Developer/Xcode/Archives
|
|
shell: pwsh
|
|
|
|
- name: Export .ipa for App Store
|
|
run: |
|
|
EXPORT_OPTIONS_PATH="./.github/resources/export-options-app-store.plist"
|
|
ARCHIVE_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive"
|
|
EXPORT_PATH="./bitwarden-export"
|
|
|
|
xcodebuild -exportArchive -archivePath $ARCHIVE_PATH -exportPath $EXPORT_PATH \
|
|
-exportOptionsPlist $EXPORT_OPTIONS_PATH
|
|
shell: bash
|
|
|
|
- name: Export .app for Automation CI
|
|
run: |
|
|
ARCHIVE_PATH="./src/iOS/bin/iPhoneSimulator/Release/BitwardeniOS.app"
|
|
EXPORT_PATH="./bitwarden-export"
|
|
|
|
zip -r -q BitwardeniOS.app.zip $ARCHIVE_PATH
|
|
mv BitwardeniOS.app.zip $EXPORT_PATH
|
|
shell: bash
|
|
|
|
- name: Copy all dSYMs files to upload
|
|
run: |
|
|
ARCHIVE_DSYMS_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive/dSYMs"
|
|
EXPORT_PATH="./bitwarden-export"
|
|
|
|
WATCH_ARCHIVE_DSYMS_PATH="./src/watchOS/bitwarden.xcarchive/dSYMs/"
|
|
WATCH_DSYMS_EXPORT_PATH="$EXPORT_PATH/Watch_dSYMs"
|
|
|
|
cp -r -v $ARCHIVE_DSYMS_PATH $EXPORT_PATH
|
|
mkdir $WATCH_DSYMS_EXPORT_PATH
|
|
cp -r -v $WATCH_ARCHIVE_DSYMS_PATH $WATCH_DSYMS_EXPORT_PATH
|
|
shell: bash
|
|
|
|
- name: Upload App Store .ipa & dSYMs artifacts
|
|
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
|
with:
|
|
name: Bitwarden iOS
|
|
path: |
|
|
./bitwarden-export/Bitwarden.ipa
|
|
./bitwarden-export/dSYMs/*.*
|
|
if-no-files-found: error
|
|
|
|
- name: Upload .app file for Automation CI
|
|
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
|
|
with:
|
|
name: BitwardeniOS.app.zip
|
|
path: ./bitwarden-export/BitwardeniOS.app.zip
|
|
if-no-files-found: error
|
|
|
|
- name: Install AppCenter CLI
|
|
run: npm install -g appcenter-cli
|
|
|
|
- name: Upload dSYMs to App Center
|
|
env:
|
|
APPCENTER_IOS_TOKEN: ${{ steps.retrieve-secrets.outputs.appcenter-ios-token }}
|
|
run: appcenter crashes upload-symbols -a bitwarden/bitwarden -s "./bitwarden-export/dSYMs" --token $APPCENTER_IOS_TOKEN
|
|
shell: bash
|
|
|
|
- name: Upload Watch dSYMs to Firebase Crashlytics
|
|
run: |
|
|
|
|
echo "########################################"
|
|
echo "##### Uploading Watch dSYMs to Firebase"
|
|
echo "########################################"
|
|
|
|
find "$HOME/Library/Developer/XCode/DerivedData" -name "upload-symbols" -exec chmod +x {} \; -exec {} -gsp "./src/watchOS/bitwarden/GoogleService-Info.plist" -p ios "./bitwarden-export/Watch_dSYMs" \;
|
|
shell: bash
|
|
|
|
- name: Deploy to App Store
|
|
env:
|
|
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
|
|
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
run: |
|
|
xcrun altool --upload-app --type ios --file "./bitwarden-export/Bitwarden.ipa" \
|
|
--username "$APPLE_ID_USERNAME" --password "$APPLE_ID_PASSWORD"
|
|
shell: bash
|