--- name: Build Browser on: pull_request: branches-ignore: - 'l10n_master' - 'cf-pages' paths: - 'apps/browser/**' - 'libs/**' - '*' - '!*.md' - '!*.txt' push: branches: - 'main' - 'rc' - 'hotfix-rc-browser' paths: - 'apps/browser/**' - 'libs/**' - '*' - '!*.md' - '!*.txt' - '.github/workflows/build-browser.yml' workflow_call: inputs: {} workflow_dispatch: inputs: {} defaults: run: shell: bash jobs: cloc: name: CLOC runs-on: ubuntu-22.04 steps: - name: Checkout repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up cloc run: | sudo apt update sudo apt -y install cloc - name: Print lines of code run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git setup: name: Setup runs-on: ubuntu-22.04 outputs: repo_url: ${{ steps.gen_vars.outputs.repo_url }} adj_build_number: ${{ steps.gen_vars.outputs.adj_build_number }} node_version: ${{ steps.retrieve-node-version.outputs.node_version }} steps: - name: Checkout repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Get Package Version id: gen_vars run: | repo_url=https://github.com/$GITHUB_REPOSITORY.git adj_build_num=${GITHUB_SHA:0:7} echo "repo_url=$repo_url" >> $GITHUB_OUTPUT echo "adj_build_number=$adj_build_num" >> $GITHUB_OUTPUT - name: Get Node Version id: retrieve-node-version working-directory: ./ run: | NODE_NVMRC=$(cat .nvmrc) NODE_VERSION=${NODE_NVMRC/v/''} echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT locales-test: name: Locales Test runs-on: ubuntu-22.04 needs: - setup defaults: run: working-directory: apps/browser steps: - name: Checkout repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Testing locales - extName length run: | found_error=false echo "Locales Test" echo "============" echo "extName string must be 40 characters or less" echo for locale in $(ls src/_locales/); do string_length=$(jq '.extName.message | length' src/_locales/$locale/messages.json) if [[ $string_length -gt 40 ]]; then echo "$locale: $string_length" found_error=true fi done if $found_error; then echo echo "Please fix 'extName' for the locales listed above." exit 1 else echo "Test passed!" fi build: name: Build runs-on: ubuntu-22.04 needs: - setup - locales-test env: _BUILD_NUMBER: ${{ needs.setup.outputs.adj_build_number }} _NODE_VERSION: ${{ needs.setup.outputs.node_version }} steps: - name: Checkout repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Node uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: cache: 'npm' cache-dependency-path: '**/package-lock.json' node-version: ${{ env._NODE_VERSION }} - name: Print environment run: | node --version npm --version - name: Build sources for reviewers run: | # Include hidden files in glob copy shopt -s dotglob # Remove ".git" directory rm -r .git # Copy root level files to source directory mkdir browser-source FILES=$(find . -maxdepth 1 -type f) for FILE in $FILES; do cp "$FILE" browser-source/; done # Copy patches to the Browser source directory mkdir -p browser-source/patches cp -r patches/* browser-source/patches # Copy apps/browser to the Browser source directory mkdir -p browser-source/apps/browser cp -r apps/browser/* browser-source/apps/browser # Copy libs to Browser source directory mkdir browser-source/libs cp -r libs/* browser-source/libs zip -r browser-source.zip browser-source - name: NPM setup run: npm ci working-directory: browser-source/ - name: Build run: npm run dist working-directory: browser-source/apps/browser # - name: Build Manifest v3 # run: npm run dist:mv3 # working-directory: browser-source/apps/browser - name: Gulp run: gulp ci working-directory: browser-source/apps/browser - name: Upload Opera artifact uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: dist-opera-${{ env._BUILD_NUMBER }}.zip path: browser-source/apps/browser/dist/dist-opera.zip if-no-files-found: error # - name: Upload Opera MV3 artifact # uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 # with: # name: dist-opera-MV3-${{ env._BUILD_NUMBER }}.zip # path: browser-source/apps/browser/dist/dist-opera-mv3.zip # if-no-files-found: error - name: Upload Chrome artifact uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: dist-chrome-${{ env._BUILD_NUMBER }}.zip path: browser-source/apps/browser/dist/dist-chrome.zip if-no-files-found: error # - name: Upload Chrome MV3 artifact # uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 # with: # name: dist-chrome-MV3-${{ env._BUILD_NUMBER }}.zip # path: browser-source/apps/browser/dist/dist-chrome-mv3.zip # if-no-files-found: error - name: Upload Firefox artifact uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: dist-firefox-${{ env._BUILD_NUMBER }}.zip path: browser-source/apps/browser/dist/dist-firefox.zip if-no-files-found: error - name: Upload Edge artifact uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: dist-edge-${{ env._BUILD_NUMBER }}.zip path: browser-source/apps/browser/dist/dist-edge.zip if-no-files-found: error # - name: Upload Edge MV3 artifact # uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 # with: # name: dist-edge-MV3-${{ env._BUILD_NUMBER }}.zip # path: browser-source/apps/browser/dist/dist-edge-mv3.zip # if-no-files-found: error - name: Upload browser source uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: browser-source-${{ env._BUILD_NUMBER }}.zip path: browser-source.zip if-no-files-found: error - name: Upload coverage artifact if: false uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: coverage-${{ env._BUILD_NUMBER }}.zip path: browser-source/apps/browser/coverage/coverage-${{ env._BUILD_NUMBER }}.zip if-no-files-found: error build-safari: name: Build Safari runs-on: macos-11 needs: - setup - locales-test env: _BUILD_NUMBER: ${{ needs.setup.outputs.adj_build_number }} _NODE_VERSION: ${{ needs.setup.outputs.node_version }} steps: - name: Checkout repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Node uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: cache: 'npm' cache-dependency-path: '**/package-lock.json' node-version: ${{ env._NODE_VERSION }} - name: Print environment run: | node --version npm --version - name: Decrypt secrets env: DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} run: | mkdir -p $HOME/secrets gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/bitwarden-desktop-key.p12" \ "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/appstore-app-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/appstore-installer-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/devid-app-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/devid-installer-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/macdev-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" - name: Set up keychain env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: NPM setup run: npm ci working-directory: ./ - name: Build Safari extension run: npm run dist:safari working-directory: apps/browser - name: Zip Safari build artifact run: | cd apps/browser/dist zip dist-safari.zip ./Safari/**/build/Release/safari.appex -r pwd ls -la - name: Upload Safari artifact uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: dist-safari-${{ env._BUILD_NUMBER }}.zip path: apps/browser/dist/dist-safari.zip if-no-files-found: error crowdin-push: name: Crowdin Push if: github.ref == 'refs/heads/main' runs-on: ubuntu-22.04 needs: - build - build-safari steps: - name: Checkout repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Login to Azure uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: "bitwarden-ci" secrets: "crowdin-api-token" - name: Upload Sources uses: crowdin/github-action@198daeb2d30636c4608d6a6bb96c009dbefc02a2 # v1.18.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} CROWDIN_PROJECT_ID: "268134" with: config: apps/browser/crowdin.yml crowdin_branch_name: main upload_sources: true upload_translations: false check-failures: name: Check for failures if: always() runs-on: ubuntu-22.04 needs: - cloc - setup - locales-test - build - build-safari - crowdin-push steps: - name: Check if any job failed if: ${{ (github.ref == 'refs/heads/main') || (github.ref == 'refs/heads/rc') }} env: CLOC_STATUS: ${{ needs.cloc.result }} SETUP_STATUS: ${{ needs.setup.result }} LOCALES_TEST_STATUS: ${{ needs.locales-test.result }} BUILD_STATUS: ${{ needs.build.result }} SAFARI_BUILD_STATUS: ${{ needs.build-safari.result }} CROWDIN_PUSH_STATUS: ${{ needs.crowdin-push.result }} run: | if [ "$CLOC_STATUS" = "failure" ]; then exit 1 elif [ "$SETUP_STATUS" = "failure" ]; then exit 1 elif [ "$LOCALES_TEST_STATUS" = "failure" ]; then exit 1 elif [ "$BUILD_STATUS" = "failure" ]; then exit 1 elif [ "$SAFARI_BUILD_STATUS" = "failure" ]; then exit 1 elif [ "$CROWDIN_PUSH_STATUS" = "failure" ]; then exit 1 fi - name: Login to Azure - Prod Subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 if: failure() with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets if: failure() uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: "bitwarden-ci" secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 if: failure() env: SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} with: status: ${{ job.status }}