mirror of
https://github.com/bitwarden/mobile
synced 2024-12-22 22:48:10 +01:00
253 lines
9.4 KiB
YAML
253 lines
9.4 KiB
YAML
name: Release
|
|
run-name: Release ${{ inputs.release_type }}
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
release_type:
|
|
description: 'Release Options'
|
|
required: true
|
|
default: 'Initial Release'
|
|
type: choice
|
|
options:
|
|
- Initial Release
|
|
- Redeploy
|
|
- Dry Run
|
|
fdroid_publish:
|
|
description: 'Publish to f-droid store'
|
|
required: true
|
|
default: true
|
|
type: boolean
|
|
|
|
jobs:
|
|
release:
|
|
name: Create Release
|
|
runs-on: ubuntu-22.04
|
|
outputs:
|
|
branch-name: ${{ steps.branch.outputs.branch-name }}
|
|
steps:
|
|
- name: Branch check
|
|
if: inputs.release_type != 'Dry Run'
|
|
run: |
|
|
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
|
|
echo "==================================="
|
|
echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
|
|
echo "==================================="
|
|
exit 1
|
|
fi
|
|
|
|
- name: Checkout repo
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Check Release Version
|
|
id: version
|
|
uses: bitwarden/gh-actions/release-version-check@main
|
|
with:
|
|
release-type: ${{ inputs.release_type }}
|
|
project-type: xamarin
|
|
file: src/App/Platforms/Android/AndroidManifest.xml
|
|
|
|
- name: Get branch name
|
|
id: branch
|
|
run: |
|
|
BRANCH_NAME=$(basename ${{ github.ref }})
|
|
echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT
|
|
|
|
- name: Create GitHub deployment
|
|
if: ${{ inputs.release_type != 'Dry Run' }}
|
|
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
|
|
id: deployment
|
|
with:
|
|
token: '${{ secrets.GITHUB_TOKEN }}'
|
|
initial-status: 'in_progress'
|
|
environment: 'production'
|
|
description: 'Deployment ${{ steps.version.outputs.version }} from branch ${{ steps.branch.outputs.branch-name }}'
|
|
task: release
|
|
|
|
- name: Download all artifacts
|
|
if: ${{ inputs.release_type != 'Dry Run' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
workflow: build.yml
|
|
workflow_conclusion: success
|
|
branch: ${{ steps.branch.outputs.branch-name }}
|
|
skip_unpack: true
|
|
|
|
- name: Dry Run - Download all artifacts
|
|
if: ${{ inputs.release_type == 'Dry Run' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
workflow: build.yml
|
|
workflow_conclusion: success
|
|
branch: main
|
|
skip_unpack: true
|
|
|
|
- name: Unzip release assets
|
|
run: |
|
|
unzip bw-android-apk-sha256.txt.zip -d bw-android-apk-sha256.txt
|
|
unzip bw-fdroid-apk-sha256.txt.zip -d bw-fdroid-apk-sha256.txt
|
|
unzip com.x8bit.bitwarden-fdroid.apk.zip -d com.x8bit.bitwarden-fdroid.apk
|
|
unzip com.x8bit.bitwarden.aab.zip -d com.x8bit.bitwarden.aab
|
|
unzip com.x8bit.bitwarden.apk.zip -d com.x8bit.bitwarden.apk
|
|
|
|
- name: Create release
|
|
if: ${{ inputs.release_type != 'Dry Run' }}
|
|
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
|
|
with:
|
|
artifacts: "./com.x8bit.bitwarden.aab/com.x8bit.bitwarden.aab,
|
|
./com.x8bit.bitwarden.apk/com.x8bit.bitwarden.apk,
|
|
./com.x8bit.bitwarden-fdroid.apk/com.x8bit.bitwarden-fdroid.apk,
|
|
./Bitwarden iOS.zip,
|
|
./bw-android-apk-sha256.txt/bw-android-apk-sha256.txt,
|
|
./bw-fdroid-apk-sha256.txt/bw-fdroid-apk-sha256.txt"
|
|
commit: ${{ github.sha }}
|
|
tag: v${{ steps.version.outputs.version }}
|
|
name: Version ${{ steps.version.outputs.version }}
|
|
body: "<insert release notes here>"
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
draft: true
|
|
|
|
- name: Update deployment status to Success
|
|
if: ${{ inputs.release_type != 'Dry Run' && success() }}
|
|
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
|
|
with:
|
|
token: '${{ secrets.GITHUB_TOKEN }}'
|
|
state: 'success'
|
|
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
|
|
|
|
- name: Update deployment status to Failure
|
|
if: ${{ inputs.release_type != 'Dry Run' && failure() }}
|
|
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
|
|
with:
|
|
token: '${{ secrets.GITHUB_TOKEN }}'
|
|
state: 'failure'
|
|
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
|
|
|
|
|
|
f-droid:
|
|
name: F-Droid Release
|
|
runs-on: ubuntu-22.04
|
|
needs: release
|
|
if: inputs.fdroid_publish
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Download F-Droid .apk artifact
|
|
if: ${{ inputs.release_type != 'Dry Run' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
workflow: build.yml
|
|
workflow_conclusion: success
|
|
branch: ${{ needs.release.outputs.branch-name }}
|
|
|
|
- name: Dry Run - Download F-Droid .apk artifact
|
|
if: ${{ inputs.release_type == 'Dry Run' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
workflow: build.yml
|
|
workflow_conclusion: success
|
|
branch: main
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
|
|
with:
|
|
node-version: '16.x'
|
|
|
|
- name: Set up F-Droid server
|
|
run: pip install git+https://gitlab.com/fdroid/fdroidserver.git
|
|
|
|
- name: Set up Git credentials
|
|
env:
|
|
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
|
|
run: |
|
|
git config --global credential.helper store
|
|
echo "https://${ACCESS_TOKEN}:x-oauth-basic@github.com" >> ~/.git-credentials
|
|
git config --global user.email "ci@bitwarden.com"
|
|
git config --global user.name "Bitwarden CI"
|
|
|
|
- name: Print environment
|
|
run: |
|
|
echo "Node Version: $(node --version)"
|
|
echo "NPM Version: $(npm --version)"
|
|
echo "Git Version: $(git --version)"
|
|
echo "F-Droid Server Version: $(fdroid --version)"
|
|
echo "GitHub ref: $GITHUB_REF"
|
|
echo "GitHub event: $GITHUB_EVENT"
|
|
|
|
- name: Install Node dependencies
|
|
run: npm install
|
|
|
|
- name: Login to Azure - CI Subscription
|
|
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
|
|
with:
|
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: "bitwarden-ci"
|
|
secrets: "github-gpg-private-key,
|
|
github-gpg-private-key-passphrase,
|
|
github-pat-bitwarden-devops-bot-mobile-fdroid"
|
|
|
|
- name: Import GPG key
|
|
uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
|
|
with:
|
|
gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
|
|
passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
|
|
git_user_signingkey: true
|
|
git_commit_gpgsign: true
|
|
|
|
- name: Setup git
|
|
run: |
|
|
git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
|
|
git config --local user.name "bitwarden-devops-bot"
|
|
|
|
- name: Download secrets
|
|
env:
|
|
ACCOUNT_NAME: bitwardenci
|
|
CONTAINER_NAME: mobile
|
|
run: |
|
|
mkdir -p $HOME/secrets
|
|
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
|
|
--name store_fdroid-keystore.jks --file ./store/fdroid/keystore.jks --output none
|
|
|
|
- name: Compile for F-Droid Store
|
|
env:
|
|
FDROID_STORE_KEYSTORE_PASSWORD: ${{ secrets.FDROID_STORE_KEYSTORE_PASSWORD }}
|
|
run: |
|
|
# Create required directories.
|
|
mkdir dist
|
|
mkdir -p store/temp/fdroid
|
|
mkdir -p store/fdroid/repo
|
|
|
|
# Configure F-Droid server.
|
|
cp CNAME dist/
|
|
chmod 600 store/fdroid/config.yml store/fdroid/keystore.jks
|
|
TEMP_DIR="$GITHUB_WORKSPACE/store/temp/fdroid"
|
|
echo "keypass: $FDROID_STORE_KEYSTORE_PASSWORD" >> store/fdroid/config.yml
|
|
echo "keystorepass: $FDROID_STORE_KEYSTORE_PASSWORD" >> store/fdroid/config.yml
|
|
echo "local_copy_dir: $TEMP_DIR" >> store/fdroid/config.yml
|
|
mv $GITHUB_WORKSPACE/com.x8bit.bitwarden-fdroid.apk store/fdroid/repo/
|
|
|
|
# Run update and deploy.
|
|
cd store/fdroid
|
|
fdroid update
|
|
fdroid deploy
|
|
cd ../..
|
|
|
|
# Move files for distribution.
|
|
rm -rf store/temp/fdroid/archive
|
|
mv -v store/temp/fdroid dist
|
|
cp store/fdroid/index.html store/fdroid/btn.png store/fdroid/qr.png dist/fdroid
|
|
|
|
- name: Deploy to gh-pages
|
|
if: ${{ inputs.release_type != 'Dry Run' }}
|
|
env:
|
|
TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-mobile-fdroid }}
|
|
run: |
|
|
git remote set-url origin https://git:${TOKEN}@github.com/${GITHUB_REPOSITORY}.git
|
|
npm run deploy -- -u "bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>"
|