--- name: Build Browser on: push: branches-ignore: - 'l10n_master' - 'gh-pages' paths: - 'apps/browser/**' workflow_dispatch: inputs: {} defaults: run: shell: bash jobs: cloc: name: CLOC runs-on: ubuntu-20.04 steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - name: Set up cloc run: | sudo apt update sudo apt -y install cloc - name: Print lines of code run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git setup: name: Setup runs-on: ubuntu-20.04 outputs: repo_url: ${{ steps.gen_vars.outputs.repo_url }} adj_build_number: ${{ steps.gen_vars.outputs.adj_build_number }} steps: - name: Get Package Version id: gen_vars run: | repo_url=https://github.com/$GITHUB_REPOSITORY.git adj_build_num=${GITHUB_SHA:0:7} echo "::set-output name=repo_url::$repo_url" echo "::set-output name=adj_build_number::$adj_build_num" locales-test: name: Locales Test runs-on: ubuntu-20.04 needs: - setup defaults: run: working-directory: apps/browser steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - name: Testing locales - extName length run: | found_error=false echo "Locales Test" echo "============" echo "extName string must be 40 characters or less" echo for locale in $(ls src/_locales/); do string_length=$(jq '.extName.message | length' src/_locales/$locale/messages.json) if [[ $string_length -gt 40 ]]; then echo "$locale: $string_length" found_error=true fi done if $found_error; then echo echo "Please fix 'extName' for the locales listed above." exit 1 else echo "Test passed!" fi build: name: Build runs-on: windows-2019 needs: - setup - locales-test env: _BUILD_NUMBER: ${{ needs.setup.outputs.adj_build_number }} defaults: run: working-directory: apps/browser steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - name: Set up Node uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 with: cache: 'npm' cache-dependency-path: 'apps/browser/**/package-lock.json' node-version: '16' - name: Print environment run: | node --version npm --version - name: NPM setup & test run: | npm ci npm run dist npm run test - name: Gulp run: gulp ci - name: Build sources for reviewers shell: cmd run: | mkdir dist\Source call git clone %GITHUB_SERVER_URL%/%GITHUB_REPOSITORY% dist\Source cd dist\Source call git checkout %GITHUB_SHA% call git submodule update --init --recursive cd ../ del /S/Q "Source\.git\objects\pack\*" call 7z a browser-source.zip "Source\*" - name: Upload Opera artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: dist-opera-${{ env._BUILD_NUMBER }}.zip path: apps/browser/dist/dist-opera.zip if-no-files-found: error - name: Upload Chrome artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: dist-chrome-${{ env._BUILD_NUMBER }}.zip path: apps/browser/dist/dist-chrome.zip if-no-files-found: error - name: Upload Firefox artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: dist-firefox-${{ env._BUILD_NUMBER }}.zip path: apps/browser/dist/dist-firefox.zip if-no-files-found: error - name: Upload Edge artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: dist-edge-${{ env._BUILD_NUMBER }}.zip path: apps/browser/dist/dist-edge.zip if-no-files-found: error - name: Upload browser source uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: browser-source-${{ env._BUILD_NUMBER }}.zip path: apps/browser/dist/browser-source.zip if-no-files-found: error - name: Upload coverage artifact if: false uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: coverage-${{ env._BUILD_NUMBER }}.zip path: apps/browser/coverage/coverage-${{ env._BUILD_NUMBER }}.zip if-no-files-found: error build-safari: name: Build Safari runs-on: macos-11 needs: - setup - locales-test env: _BUILD_NUMBER: ${{ needs.setup.outputs.adj_build_number }} steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - name: Set up Node uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 with: cache: 'npm' cache-dependency-path: 'apps/browser/**/package-lock.json' node-version: '16' - name: Print environment run: | node --version npm --version - name: Decrypt secrets env: DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} run: | mkdir -p $HOME/secrets gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/bitwarden-desktop-key.p12" \ "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/appstore-app-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/appstore-installer-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/devid-app-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/devid-installer-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/macdev-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" - name: Set up keychain env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Build Safari extension run: | npm ci npm run dist:safari working-directory: apps/browser - name: Zip Safari build artifact run: | cd apps/browser/dist zip dist-safari.zip ./Safari/**/build/Release/safari.appex -r pwd ls -la - name: Upload Safari artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: dist-safari-${{ env._BUILD_NUMBER }}.zip path: apps/browser/dist/dist-safari.zip if-no-files-found: error crowdin-push: name: Crowdin Push if: github.ref == 'refs/heads/master' runs-on: ubuntu-20.04 needs: - build - build-safari steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - name: Login to Azure uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f with: keyvault: "bitwarden-prod-kv" secrets: "crowdin-api-token" - name: Upload Sources uses: crowdin/github-action@ecd7eb0ef6f3cfa16293c79e9cbc4bc5b5fd9c49 # v1.4.9 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} CROWDIN_PROJECT_ID: "268134" with: config: apps/browser/crowdin.yml crowdin_branch_name: master upload_sources: true upload_translations: false check-failures: name: Check for failures if: always() runs-on: ubuntu-20.04 needs: - cloc - setup - locales-test - build - build-safari - crowdin-push steps: - name: Check if any job failed if: ${{ (github.ref == 'refs/heads/master') || (github.ref == 'refs/heads/rc') }} env: CLOC_STATUS: ${{ needs.cloc.result }} SETUP_STATUS: ${{ needs.setup.result }} LOCALES_TEST_STATUS: ${{ needs.locales-test.result }} BUILD_STATUS: ${{ needs.build.result }} SAFARI_BUILD_STATUS: ${{ needs.build-safari.result }} CROWDIN_PUSH_STATUS: ${{ needs.crowdin-push.result }} run: | if [ "$CLOC_STATUS" = "failure" ]; then exit 1 elif [ "$SETUP_STATUS" = "failure" ]; then exit 1 elif [ "$LOCALES_TEST_STATUS" = "failure" ]; then exit 1 elif [ "$BUILD_STATUS" = "failure" ]; then exit 1 elif [ "$SAFARI_BUILD_STATUS" = "failure" ]; then exit 1 elif [ "$CROWDIN_PUSH_STATUS" = "failure" ]; then exit 1 fi - name: Login to Azure - Prod Subscription uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf if: failure() with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f if: failure() with: keyvault: "bitwarden-prod-kv" secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 # v1.5.0 if: failure() env: SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} with: status: ${{ job.status }}