Merge pull request #643 from joseph-flinn/master

Adding Windows Code Signing to GitHub Actions
This commit is contained in:
Joseph Flinn 2021-01-22 09:38:23 -08:00 committed by GitHub
commit 03343bfd91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 442 additions and 82 deletions

View File

@ -5,9 +5,6 @@ on:
branches-ignore: branches-ignore:
- 'l10n_master' - 'l10n_master'
- 'gh-pages' - 'gh-pages'
release:
types:
- published
jobs: jobs:
@ -44,12 +41,8 @@ jobs:
sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm
- name: Set up snap - name: Set up snap
if: github.event_name == 'release'
run: | run: |
sudo snap install snapcraft --classic sudo snap install snapcraft --classic
echo "$SNAP_TOKEN" | snapcraft login --with -
env:
SNAP_TOKEN: ${{ secrets.SNAP_TOKEN }}
- name: Print environment - name: Print environment
run: | run: |
@ -75,51 +68,49 @@ jobs:
run: npm run dist:lin run: npm run dist:lin
- name: Upload .deb artifact - name: Upload .deb artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-amd64.deb name: Bitwarden-${{ env.PACKAGE_VERSION }}-amd64.deb
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-amd64.deb path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-amd64.deb
- name: Upload .rpm artifact - name: Upload .rpm artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.rpm name: Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.rpm
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.rpm path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.rpm
- name: Upload .freebsd artifact - name: Upload .freebsd artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64.freebsd name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64.freebsd
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.freebsd path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.freebsd
- name: Upload .snap artifact - name: Upload .snap artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: bitwarden_${{ env.PACKAGE_VERSION }}_amd64.snap name: bitwarden_${{ env.PACKAGE_VERSION }}_amd64.snap
path: ./dist/bitwarden_${{ env.PACKAGE_VERSION }}_amd64.snap path: ./dist/bitwarden_${{ env.PACKAGE_VERSION }}_amd64.snap
- name: Upload .AppImage artifact - name: Upload .AppImage artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage name: Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x86_64.AppImage
- name: Deploy to Snap Store
if: github.event_name == 'release'
run: |
./scripts/snap-update.ps1 -version $env:PACKAGE_VERSION
snapcraft logout
shell: pwsh
windows: windows:
runs-on: windows-latest runs-on: windows-latest
steps: steps:
- name: Set up dotnet
uses: actions/setup-dotnet@v1
with:
dotnet-version: "3.1.x"
- name: Set up Node - name: Set up Node
uses: actions/setup-node@v1 uses: actions/setup-node@v1
with: with:
@ -129,14 +120,30 @@ jobs:
run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh shell: pwsh
- name: Install AST
shell: pwsh
run: |
cd $HOME
git clone https://github.com/vcsjones/AzureSignTool.git
cd AzureSignTool
$latest_head = $(git rev-parse HEAD)[0..9] -join ""
$latest_version = "0.0.0-g$latest_head"
Write-Host "--------"
Write-Host "git commit - $(git rev-parse HEAD)"
Write-Host "latest_head - $latest_head"
Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
Write-Host "--------"
dotnet restore
dotnet pack --output ./nupkg
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
- name: Set up environment - name: Set up environment
if: github.event_name == 'release'
shell: pwsh shell: pwsh
run: | run: |
choco install checksum --no-progress choco install checksum --no-progress
choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
env:
CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }}
- name: Print environment - name: Print environment
run: | run: |
@ -157,9 +164,17 @@ jobs:
- name: Run linter - name: Run linter
run: npm run lint run: npm run lint
- name: Build application - name: Build & Sign (dev)
shell: pwsh run: |
run: npm run dist:win:ci npm run build
npm run pack:win
env:
ELECTRON_BUILDER_SIGN: 1
SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
- name: Rename appx files for store - name: Rename appx files for store
shell: pwsh shell: pwsh
@ -169,63 +184,54 @@ jobs:
Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx" ` Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx" `
-Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx" -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx"
- name: Deploy to Chocolatey
shell: pwsh
run: |
Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse
Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe -Destination ./dist/chocolatey
$checksum = checksum -t sha256 ./dist/chocoloatey/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe
$chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1"
(Get-Content $chocoInstall).replace('__version__', "$env:PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall
choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:PACKAGE_VERSION" --out ./dist/chocolatey
- name: Upload portable exe artifact - name: Upload portable exe artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe
path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe
- name: Upload installer exe artifact - name: Upload installer exe artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe
path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe
- name: Upload store appx ia32 artifact - name: Upload store appx ia32 artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx
- name: Upload store appx x64 artifact - name: Upload store appx x64 artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx
- name: Deploy to Chocolatey - name: Upload nupkg artifact
if: github.event_name == 'release' if: github.ref == 'refs/heads/master'
run: ./scripts/choco-update.ps1 -version $env:PACKAGE_VERSION
shell: pwsh
- name: Upload Chocolatey nupkg artifact
if: github.event_name == 'release'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
- name: Upload release assets
if: github.event_name == 'release'
run: |
hub release edit `
-a ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg `
-a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx `
-a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx `
-m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" `
$env:RELEASE_TAG_NAME
shell: pwsh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
macos: macos:
runs-on: macos-latest runs-on: macos-latest
steps: steps:
- name: Set up Node - name: Set up Node
uses: actions/setup-node@v1 uses: actions/setup-node@v1
@ -285,86 +291,67 @@ jobs:
run: npm run lint run: npm run lint
- name: Create Safari directory - name: Create Safari directory
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
shell: pwsh shell: pwsh
run: New-Item ./dist-safari -ItemType Directory -ea 0 run: New-Item ./dist-safari -ItemType Directory -ea 0
- name: Checkout browser extension - name: Checkout browser extension
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
repository: 'bitwarden/browser' repository: 'bitwarden/browser'
path: 'dist-safari/browser' path: 'dist-safari/browser'
- name: Build Safari extension - name: Build Safari extension
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
shell: pwsh shell: pwsh
run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy
- name: Load Safari extension for .dmg - name: Load Safari extension for .dmg
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
shell: pwsh shell: pwsh
run: ./scripts/safari-build.ps1 -copyonly run: ./scripts/safari-build.ps1 -copyonly
- name: Build application (dev) - name: Build application (dev)
if: github.ref != 'refs/heads/master' && github.event_name != 'release' if: github.ref != 'refs/heads/master'
run: npm run build run: npm run build
- name: Build application (dist) - name: Build application (dist)
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
run: npm run dist:mac run: npm run dist:mac
env: env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
- name: Upload .zip artifact - name: Upload .zip artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip name: Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip
- name: Upload .dmg artifact - name: Upload .dmg artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}.dmg name: Bitwarden-${{ env.PACKAGE_VERSION }}.dmg
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}.dmg path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}.dmg
- name: Load Safari extension for App Store - name: Load Safari extension for App Store
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
shell: pwsh shell: pwsh
run: ./scripts/safari-build.ps1 -mas -copyonly run: ./scripts/safari-build.ps1 -mas -copyonly
- name: Build application for App Store - name: Build application for App Store
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
run: npm run dist:mac:mas run: npm run dist:mac:mas
env: env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
- name: Upload .pkg artifact - name: Upload .pkg artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}.pkg name: Bitwarden-${{ env.PACKAGE_VERSION }}.pkg
path: ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg path: ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg
- name: Deploy to App Store
if: github.event_name == 'release'
run: npm run upload:mas
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
- name: Upload release assets
if: github.event_name == 'release'
run: |
hub release edit `
-a ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg `
-m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" `
$env:RELEASE_TAG_NAME
shell: pwsh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}

348
.github/workflows/release.yml vendored Normal file
View File

@ -0,0 +1,348 @@
name: Release
on:
workflow_dispatch:
inputs:
release_tag_name:
description: 'Release Tag Name (vX.X.X)'
required: true
jobs:
cloc:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Set up cloc
run: |
sudo apt-get update
sudo apt-get -y install cloc
- name: Print lines of code
run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
setup:
runs-on: ubuntu-latest
outputs:
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Create Release Name
run: |
echo "RELEASE_NAME=${RELEASE_TAG_NAME:1}" >> $GITHUB_ENV
env:
RELEASE_TAG_NAME: ${{ github.event.inputs.release_tag_name }}
- name: Create Draft Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.event.inputs.release_tag_name }}
release_name: ${{ env.RELEASE_NAME }}
draft: true
prerelease: false
linux:
runs-on: ubuntu-latest
needs: setup
steps:
- name: Set up Node
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
- name: Set up environment
run: |
sudo apt-get update
sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm
- name: Set up snap
run: |
sudo snap install snapcraft --classic
echo "$SNAP_TOKEN" | snapcraft login --with -
env:
SNAP_TOKEN: ${{ secrets.SNAP_TOKEN }}
- name: Print environment
run: |
node --version
npm --version
snap --version
snapcraft --version || echo 'snapcraft unavailable'
- name: Checkout repo
uses: actions/checkout@v2
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
run: npm install
- name: Run linter
run: npm run lint
- name: Build & Publish
run: npm run publish:lin
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Deploy to Snap Store
run: |
./scripts/snap-update.ps1 -version $env:PACKAGE_VERSION
snapcraft logout
shell: pwsh
windows:
runs-on: windows-latest
needs: setup
steps:
- name: Set up dotnet
uses: actions/setup-dotnet@v1
with:
dotnet-version: "3.1.x"
- name: Set up Node
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh
- name: Install AST
shell: pwsh
run: |
cd $HOME
git clone https://github.com/vcsjones/AzureSignTool.git
cd AzureSignTool
$latest_head = $(git rev-parse HEAD)[0..9] -join ""
$latest_version = "0.0.0-g$latest_head"
Write-Host "--------"
Write-Host "git commit - $(git rev-parse HEAD)"
Write-Host "latest_head - $latest_head"
Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
Write-Host "--------"
dotnet restore
dotnet pack --output ./nupkg
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
- name: Set up environment
shell: pwsh
run: |
choco install checksum --no-progress
choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
env:
CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }}
- name: Print environment
run: |
node --version
npm --version
choco --version
- name: Checkout repo
uses: actions/checkout@v2
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
run: npm install
- name: Run linter
run: npm run lint
- name: Build, Sign & Release
run: npm run publish:win
env:
ELECTRON_BUILDER_SIGN: 1
SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Rename appx files for store
shell: pwsh
run: |
Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx" `
-Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx"
Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx" `
-Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx"
- name: Deploy to Chocolatey
shell: pwsh
run: |
Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse
Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe -Destination ./dist/chocolatey
$checksum = checksum -t sha256 ./dist/chocoloatey/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe
$chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1"
(Get-Content $chocoInstall).replace('__version__', "$env:PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall
choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:PACKAGE_VERSION" --out ./dist/chocolatey
cd ./dist/chocolatey
choco push
- name: Upload Chocolatey nupkg release asset
id: upload-macos-checksum
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
asset_path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
asset_content_type: application
macos:
runs-on: macos-latest
needs: setup
steps:
- name: Set up Node
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
- name: Print environment
run: |
node --version
npm --version
Write-Output "GitHub ref: $env:GITHUB_REF"
Write-Output "GitHub event: $env:GITHUB_EVENT"
shell: pwsh
env:
GITHUB_REF: ${{ github.ref }}
GITHUB_EVENT: ${{ github.event_name }}
- name: Checkout repo
uses: actions/checkout@v2
- name: Decrypt secrets
run: ./.github/scripts/macos/decrypt-secrets.ps1
shell: pwsh
env:
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
- name: Set up keychain
run: ./.github/scripts/macos/setup-keychain.ps1
shell: pwsh
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
- name: Set up provisioning profiles
run: ./.github/scripts/macos/setup-profiles.ps1
shell: pwsh
- name: Increment version
run: ./.github/scripts/macos/increment-version.ps1
shell: pwsh
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
run: npm install
- name: Run linter
run: npm run lint
- name: Create Safari directory
shell: pwsh
run: New-Item ./dist-safari -ItemType Directory -ea 0
- name: Checkout browser extension
uses: actions/checkout@v2
with:
repository: 'bitwarden/browser'
path: 'dist-safari/browser'
- name: Build Safari extension
shell: pwsh
run: ./scripts/safari-build.ps1 -skipcheckout -skipoutcopy
- name: Load Safari extension for .dmg
shell: pwsh
run: ./scripts/safari-build.ps1 -copyonly
- name: Build application (dist)
run: npm run dist:mac
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
- name: Load Safari extension for App Store
shell: pwsh
run: ./scripts/safari-build.ps1 -mas -copyonly
- name: Build application for App Store
run: npm run dist:mac:mas
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
- name: Deploy to App Store
run: npm run upload:mas
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
- name: Upload .pkg release asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}.pkg
asset_path: ./dist/mas/Bitwarden-${{ env.PACKAGE_VERSION }}.pkg
asset_content_type: application/vnd.apple.installer+xml
- name: Upload zip release asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip
asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-mac.zip
asset_content_type: application/zip
- name: Upload .dmg release asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_name: Bitwarden-${{ env.PACKAGE_VERSION }}.dmg
asset_path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}.dmg
asset_content_type: application/x-apple-diskimage

View File

@ -121,6 +121,7 @@
"nsis-web", "nsis-web",
"appx" "appx"
], ],
"sign": "./sign.js",
"extraResources": [ "extraResources": [
{ {
"from": "node_modules/regedit/vbs", "from": "node_modules/regedit/vbs",

24
sign.js Normal file
View File

@ -0,0 +1,24 @@
exports.default = async function(configuration) {
if (
parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1 &&
configuration.path.slice(-4) == ".exe" &&
!(configuration.path.includes('win-unpacked') || configuration.path.includes('win-ia32-unpacked'))
) {
console.log(`[*] Signing file: ${configuration.path}`)
require("child_process").execSync(
`azuresigntool sign ` +
`-kvu ${process.env.SIGNING_VAULT_URL} ` +
`-kvi ${process.env.SIGNING_CLIENT_ID} ` +
`-kvt ${process.env.SIGNING_TENANT_ID} ` +
`-kvs ${process.env.SIGNING_CLIENT_SECRET} ` +
`-kvc ${process.env.SIGNING_CERT_NAME} ` +
`-fd ${configuration.hash} ` +
`-du ${configuration.site} ` +
`-tr http://timestamp.digicert.com ` +
`${configuration.path}`,
{
stdio: "inherit"
}
);
}
};