vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

[DEVOPS-810] Move Safari build to browser workflow (#2683) 

* Add safari build to browser

* Add safari build stage

* Run safari build on macos

* Publish safari artifact

* Add keychain setup

* Change way of uploading safari artifact

* Change way of ziping safari

* Fix upload artifact path

* Print directory

* Change to absolute path

* Fix browser package upload

* Add desktop download safari extension artifact

* Change branch name in artifact download

* Add ls for packages

* Change path to extract artifacts

* Added list dir

* Change dir to save artifacts

* Path testing

* Fix path

* ls all subdirs

* Unzip safari artifact

* Fix print for echo

* Fix path for unzip

* Remove ls

* Add unzipping Safari as separate job

* Fix paths to unzip

* Remove commented options

* Fix comments

* Fix comment on stsus reporting

* Fix unnecessary newlines
This commit is contained in:
Michał Chęciński 2022-05-18 16:31:02 +02:00 committed by GitHub
parent c4fe38d493
commit 83ccbf2c90
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 171 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
.github/workflows/build-browser.yml vendored
View File

@ -177,6 +177,103 @@ jobs:
path: apps/browser/coverage/coverage-${{ env._BUILD_NUMBER }}.zip
if-no-files-found: error
build-safari:
name: Build Safari
runs-on: macos-11
needs:
- setup
- locales-test
env:
_BUILD_NUMBER: ${{ needs.setup.outputs.adj_build_number }}
steps:
- name: Checkout repo
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0
- name: Set up Node
uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0
with:
cache: 'npm'
cache-dependency-path: 'apps/browser/**/package-lock.json'
node-version: '16'
- name: Print environment
run: |
node --version
npm --version
- name: Decrypt secrets
env:
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
run: |
mkdir -p $HOME/secrets
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/bitwarden-desktop-key.p12" \
"$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/appstore-app-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/appstore-installer-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/devid-app-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/devid-installer-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/macdev-cert.p12" \
"$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
--output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \
"$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg"
- name: Set up keychain
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }}
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
run: |
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
security set-keychain-settings -lut 1200 build.keychain
security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
- name: Build Safari extension
run: |
npm ci
npm run dist:safari
working-directory: apps/browser
- name: Zip Safari build artifact
run: |
cd apps/browser/dist
zip dist-safari.zip ./Safari/**/build/Release/safari.appex -r
pwd
ls -la
- name: Upload Safari artifact
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
with:
name: dist-safari-${{ env._BUILD_NUMBER }}.zip
path: apps/browser/dist/dist-safari.zip
if-no-files-found: error
crowdin-push:
name: Crowdin Push
@ -184,6 +281,7 @@ jobs:
runs-on: ubuntu-20.04
needs:
- build
- build-safari
steps:
- name: Checkout repo
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0
@ -222,6 +320,7 @@ jobs:
- setup
- locales-test
- build
- build-safari
- crowdin-push
steps:
- name: Check if any job failed
@ -231,6 +330,7 @@ jobs:
SETUP_STATUS: ${{ needs.setup.result }}
LOCALES_TEST_STATUS: ${{ needs.locales-test.result }}
BUILD_STATUS: ${{ needs.build.result }}
SAFARI_BUILD_STATUS: ${{ needs.build-safari.result }}
CROWDIN_PUSH_STATUS: ${{ needs.crowdin-push.result }}
run: |
if [ "$CLOC_STATUS" = "failure" ]; then
@ -241,6 +341,8 @@ jobs:
exit 1
elif [ "$BUILD_STATUS" = "failure" ]; then
exit 1
elif [ "$SAFARI_BUILD_STATUS" = "failure" ]; then
exit 1
elif [ "$CROWDIN_PUSH_STATUS" = "failure" ]; then
exit 1
fi

93
.github/workflows/build-desktop.yml vendored
View File

@ -475,12 +475,6 @@ jobs:
- name: Build application (dev)
run: npm run build
- name: Build Safari extension
run: |
npm install
npm run dist:safari
working-directory: apps/browser
macos-package-github:
name: MacOS Package GitHub Release Assets
@ -608,17 +602,34 @@ jobs:
if: steps.build-cache.outputs.cache-hit != 'true'
run: npm run build
- name: Build Safari extension
if: steps.safari-cache.outputs.cache-hit != 'true'
- name: Download artifact from rc
if: github.ref == 'refs/heads/rc'
uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0
with:
workflow: build-browser.yml
workflow_conclusion: success
branch: rc
path: ${{ github.workspace }}/browser-build-artifacts
- name: Download artifact from master
if: github.ref != 'refs/heads/rc'
uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0
with:
workflow: build-browser.yml
workflow_conclusion: success
branch: master
path: ${{ github.workspace }}/browser-build-artifacts
- name: Unzip Safari artifact
run: |
npm install
npm run dist:safari
working-directory: apps/browser
SAFARI_DIR=$(find $GITHUB_WORKSPACE/browser-build-artifacts -name 'dist-safari-*.zip')
echo $SAFARI_DIR
unzip $SAFARI_DIR/dist-safari.zip -d $GITHUB_WORKSPACE/browser-build-artifacts
- name: Load Safari extension for .dmg
run: |
mkdir PlugIns
cp -r $GITHUB_WORKSPACE/apps/browser/dist/Safari/dmg/build/Release/safari.appex PlugIns/safari.appex
cp -r $GITHUB_WORKSPACE/browser-build-artifacts/Safari/dmg/build/Release/safari.appex PlugIns/safari.appex
- name: Build application (dist)
env:
@ -781,17 +792,34 @@ jobs:
if: steps.build-cache.outputs.cache-hit != 'true'
run: npm run build
- name: Build Safari extension
if: steps.safari-cache.outputs.cache-hit != 'true'
- name: Download artifact from rc
if: github.ref == 'refs/heads/rc'
uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0
with:
workflow: build-browser.yml
workflow_conclusion: success
branch: rc
path: ${{ github.workspace }}/browser-build-artifacts
- name: Download artifact from master
if: github.ref != 'refs/heads/rc'
uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0
with:
workflow: build-browser.yml
workflow_conclusion: success
branch: master
path: ${{ github.workspace }}/browser-build-artifacts
- name: Unzip Safari artifact
run: |
npm install
npm run dist:safari
working-directory: apps/browser
SAFARI_DIR=$(find $GITHUB_WORKSPACE/browser-build-artifacts -name 'dist-safari-*.zip')
echo $SAFARI_DIR
unzip $SAFARI_DIR/dist-safari.zip -d $GITHUB_WORKSPACE/browser-build-artifacts
- name: Load Safari extension for App Store
run: |
mkdir PlugIns
cp -r $GITHUB_WORKSPACE/apps/browser/dist/Safari/mas/build/Release/safari.appex PlugIns/safari.appex
cp -r $GITHUB_WORKSPACE/browser-build-artifacts/Safari/mas/build/Release/safari.appex PlugIns/safari.appex
- name: Build application for App Store
run: npm run pack:mac:mas
@ -946,17 +974,34 @@ jobs:
if: steps.build-cache.outputs.cache-hit != 'true'
run: npm run build
- name: Build Safari extension
if: steps.safari-cache.outputs.cache-hit != 'true'
- name: Download artifact from rc
if: github.ref == 'refs/heads/rc'
uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0
with:
workflow: build-browser.yml
workflow_conclusion: success
branch: rc
path: ${{ github.workspace }}/browser-build-artifacts
- name: Download artifact from master
if: github.ref != 'refs/heads/rc'
uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0
with:
workflow: build-browser.yml
workflow_conclusion: success
branch: master
path: ${{ github.workspace }}/browser-build-artifacts
- name: Unzip Safari artifact
run: |
npm install
npm run dist:safari
working-directory: apps/browser
SAFARI_DIR=$(find $GITHUB_WORKSPACE/browser-build-artifacts -name 'dist-safari-*.zip')
echo $SAFARI_DIR
unzip $SAFARI_DIR/dist-safari.zip -d $GITHUB_WORKSPACE/browser-build-artifacts
- name: Load Safari extension for App Store
run: |
mkdir PlugIns
cp -r $GITHUB_WORKSPACE/apps/browser/dist/Safari/masdev/build/Release/safari.appex PlugIns/safari.appex
cp -r $GITHUB_WORKSPACE/browser-build-artifacts/Safari/masdev/build/Release/safari.appex PlugIns/safari.appex
- name: Build dev application for App Store
run: npm run pack:mac:masdev