From e639f3c40c8646c7f866f1d9ec2d76202f4aa2d2 Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Tue, 3 May 2022 20:01:37 +0200 Subject: [PATCH] [EC-183] Mono Repository - Browser pipelines (#2533) Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .../{build.yml => build-browser.yml} | 40 +- .github/workflows/build-desktop.yml | 1156 +++++++++++++++++ .github/workflows/crowdin-pull.yml | 2 +- .github/workflows/enforce-labels.yml | 2 +- .../{release.yml => release-browser.yml} | 16 +- .github/workflows/release-desktop.yml | 202 +++ .github/workflows/version-bump.yml | 94 +- 7 files changed, 1475 insertions(+), 37 deletions(-) rename .github/workflows/{build.yml => build-browser.yml} (94%) create mode 100644 .github/workflows/build-desktop.yml rename .github/workflows/{release.yml => release-browser.yml} (91%) create mode 100644 .github/workflows/release-desktop.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build-browser.yml similarity index 94% rename from .github/workflows/build.yml rename to .github/workflows/build-browser.yml index 71050ad1f9..6f3e392292 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build-browser.yml @@ -1,15 +1,20 @@ --- -name: Build +name: Build Browser on: push: branches-ignore: - 'l10n_master' - paths-ignore: - - '.github/workflows/**' + - 'gh-pages' + paths: + - 'apps/browser' workflow_dispatch: inputs: {} +defaults: + run: + shell: bash + working-directory: apps/browser jobs: cloc: @@ -17,12 +22,13 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - name: Set up cloc run: | sudo apt update sudo apt -y install cloc + - name: Print lines of code run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git @@ -32,7 +38,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - name: Set up Node uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 @@ -55,7 +61,7 @@ jobs: adj_build_number: ${{ steps.gen_vars.outputs.adj_build_number }} steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - name: Get Package Version id: gen_vars @@ -75,7 +81,7 @@ jobs: - lint steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - name: Testing locales - extName length run: | @@ -112,7 +118,7 @@ jobs: _BUILD_NUMBER: ${{ needs.setup.outputs.adj_build_number }} steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - name: Set up Node uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 @@ -148,35 +154,35 @@ jobs: call 7z a browser-source.zip "Source\*" - name: Upload Opera artifact - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: dist-opera-${{ env._BUILD_NUMBER }}.zip path: dist/dist-opera.zip if-no-files-found: error - name: Upload Chrome artifact - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: dist-chrome-${{ env._BUILD_NUMBER }}.zip path: dist/dist-chrome.zip if-no-files-found: error - name: Upload Firefox artifact - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: dist-firefox-${{ env._BUILD_NUMBER }}.zip path: dist/dist-firefox.zip if-no-files-found: error - name: Upload Edge artifact - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: dist-edge-${{ env._BUILD_NUMBER }}.zip path: dist/dist-edge.zip if-no-files-found: error - name: Upload browser source - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: browser-source-${{ env._BUILD_NUMBER }}.zip path: dist/browser-source.zip @@ -184,7 +190,7 @@ jobs: - name: Upload coverage artifact if: false - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: coverage-${{ env._BUILD_NUMBER }}.zip path: coverage/coverage-${{ env._BUILD_NUMBER }}.zip @@ -201,7 +207,7 @@ jobs: _CROWDIN_PROJECT_ID: "268134" steps: - name: Checkout repo - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - name: Login to Azure uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf @@ -216,7 +222,7 @@ jobs: secrets: "crowdin-api-token" - name: Upload Sources - uses: crowdin/github-action@9237b4cb361788dfce63feb2e2f15c09e2fe7415 + uses: crowdin/github-action@9237b4cb361788dfce63feb2e2f15c09e2fe7415 # v1.4.7 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} @@ -278,7 +284,7 @@ jobs: secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure - uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 + uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 # v1.5.0 if: failure() env: SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml new file mode 100644 index 0000000000..80bed45b05 --- /dev/null +++ b/.github/workflows/build-desktop.yml @@ -0,0 +1,1156 @@ +--- +name: Build Desktop + +on: + push: + branches-ignore: + - 'l10n_master' + - 'gh-pages' + paths: + - 'apps/desktop' + workflow_dispatch: + inputs: {} + +defaults: + run: + shell: bash + working-directory: apps/desktop + +jobs: + cloc: + name: CLOC + runs-on: ubuntu-20.04 + steps: + - name: Checkout repo + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + + - name: Set up cloc + run: | + sudo apt-get update + sudo apt-get -y install cloc + + - name: Print lines of code + run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git + + + lint: + name: Lint + runs-on: ubuntu-20.04 + steps: + - name: Checkout repo + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + + - name: Set up Node + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + with: + cache: 'npm' + cache-dependency-path: '**/package-lock.json' + node-version: '16' + + - name: Run linter + run: | + npm ci + npm run lint + + + setup: + name: Setup + runs-on: ubuntu-20.04 + outputs: + package_version: ${{ steps.retrieve-version.outputs.package_version }} + build_number: ${{ steps.increment-version.outputs.build_number }} + safari_ref: ${{ steps.safari-ref.outputs.safari_ref }} + rc_branch_exists: ${{ steps.branch-check.outputs.rc_branch_exists }} + hotfix_branch_exists: ${{ steps.branch-check.outputs.hotfix_branch_exists }} + steps: + - name: Checkout repo + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + + - name: Get Package Version + id: retrieve-version + run: | + PKG_VERSION=$(jq -r .version src/package.json) + echo "::set-output name=package_version::$PKG_VERSION" + + - name: Increment Version + id: increment-version + run: | + BUILD_NUMBER=$(expr 500 + $GITHUB_RUN_NUMBER) + echo "Setting build number to $BUILD_NUMBER" + echo "::set-output name=build_number::$BUILD_NUMBER" + + - name: Get Safari Branch Ref + id: safari-ref + run: | + SAFARI_REF=master + + if [[ "$GITHUB_REF" == "refs/heads/hotfix-rc" ]]; then + SAFARI_REF=hotfix-rc + elif [[ "$GITHUB_REF" == "refs/heads/rc" ]]; then + SAFARI_REF=rc + fi + + echo "Setting Safari Extension ref to $SAFARI_REF" + echo "::set-output name=safari_ref::$SAFARI_REF" + + - name: Check if special branches exist + id: branch-check + run: | + if [[ $(git ls-remote --heads origin rc) ]]; then + echo "::set-output name=rc_branch_exists::1" + else + echo "::set-output name=rc_branch_exists::0" + fi + + if [[ $(git ls-remote --heads origin hotfix-rc) ]]; then + echo "::set-output name=hotfix_branch_exists::1" + else + echo "::set-output name=hotfix_branch_exists::0" + fi + + + linux: + name: Linux Build + runs-on: ubuntu-20.04 + needs: setup + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} + steps: + - name: Checkout repo + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + + - name: Set up Node + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + with: + cache: 'npm' + cache-dependency-path: '**/package-lock.json' + node-version: '16' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + + - name: Install node-gyp + run: | + npm install -g node-gyp + node-gyp install $(node -v) + + - name: Set up environment + run: | + sudo apt-get update + sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm + + - name: Set up Snap + run: sudo snap install snapcraft --classic + + - name: Print environment + run: | + node --version + npm --version + snap --version + snapcraft --version || echo 'snapcraft unavailable' + + - name: Install Node dependencies + run: npm ci + + - name: Build application + run: npm run dist:lin + + - name: Upload .deb artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-amd64.deb + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-amd64.deb + if-no-files-found: error + + - name: Upload .rpm artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.rpm + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.rpm + if-no-files-found: error + + - name: Upload .freebsd artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.freebsd + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.freebsd + if-no-files-found: error + + - name: Upload .snap artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: bitwarden_${{ env._PACKAGE_VERSION }}_amd64.snap + path: ./dist/bitwarden_${{ env._PACKAGE_VERSION }}_amd64.snap + if-no-files-found: error + + - name: Upload .AppImage artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.AppImage + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.AppImage + if-no-files-found: error + + - name: Upload latest auto-update artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: latest-linux.yml + path: ./dist/latest-linux.yml + if-no-files-found: error + + + windows: + name: Windows Build + runs-on: windows-2019 + needs: setup + defaults: + run: + shell: pwsh + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} + steps: + - name: Checkout repo + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + + - name: Set up Node + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + with: + cache: 'npm' + cache-dependency-path: '**/package-lock.json' + node-version: '16' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + + - name: Install node-gyp + run: | + npm install -g node-gyp + node-gyp install $(node -v) + + - name: Install AST + uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac + + - name: Set up environment + run: choco install checksum --no-progress + + - name: Print environment + run: | + node --version + npm --version + choco --version + + - name: Login to Azure + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f + with: + keyvault: "bitwarden-prod-kv" + secrets: "code-signing-vault-url, + code-signing-client-id, + code-signing-tenant-id, + code-signing-client-secret, + code-signing-cert-name" + + - name: Install Node dependencies + run: npm ci + + - name: Build & Sign (dev) + env: + ELECTRON_BUILDER_SIGN: 1 + SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }} + SIGNING_CLIENT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-client-id }} + SIGNING_TENANT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-tenant-id }} + SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }} + SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }} + run: | + npm run build + npm run pack:win + + - name: Rename appx files for store + run: | + Copy-Item "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx" ` + -Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx" + Copy-Item "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx" ` + -Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx" + Copy-Item "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx" ` + -Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx" + + - name: Package for Chocolatey + run: | + Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse + Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe ` + -Destination ./dist/chocolatey + + $checksum = checksum -t sha256 ./dist/chocolatey/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe + $chocoInstall = "./dist/chocolatey/tools/chocolateyinstall.ps1" + (Get-Content $chocoInstall).replace('__version__', "$env:_PACKAGE_VERSION").replace('__checksum__', $checksum) | Set-Content $chocoInstall + choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:_PACKAGE_VERSION" --out ./dist/chocolatey + + - name: Upload portable exe artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-Portable-${{ env._PACKAGE_VERSION }}.exe + path: ./dist/Bitwarden-Portable-${{ env._PACKAGE_VERSION }}.exe + if-no-files-found: error + + - name: Upload installer exe artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe + path: ./dist/nsis-web/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe + if-no-files-found: error + + - name: Upload appx ia32 artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx + if-no-files-found: error + + - name: Upload store appx ia32 artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx + if-no-files-found: error + + - name: Upload NSIS ia32 artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z + path: ./dist/nsis-web/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z + if-no-files-found: error + + - name: Upload appx x64 artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx + if-no-files-found: error + + - name: Upload store appx x64 artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx + if-no-files-found: error + + - name: Upload NSIS x64 artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z + path: ./dist/nsis-web/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z + if-no-files-found: error + + - name: Upload appx ARM64 artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx + if-no-files-found: error + + - name: Upload store appx ARM64 artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx + if-no-files-found: error + + - name: Upload NSIS ARM64 artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z + path: ./dist/nsis-web/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z + if-no-files-found: error + + - name: Upload nupkg artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: bitwarden.${{ env._PACKAGE_VERSION }}.nupkg + path: ./dist/chocolatey/bitwarden.${{ env._PACKAGE_VERSION }}.nupkg + if-no-files-found: error + + - name: Upload latest auto-update artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: latest.yml + path: ./dist/nsis-web/latest.yml + if-no-files-found: error + + + macos-build: + name: MacOS Build + runs-on: macos-11 + needs: setup + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} + steps: + - name: Checkout repo + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + + - name: Set up Node + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + with: + cache: 'npm' + cache-dependency-path: '**/package-lock.json' + node-version: '16' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + + - name: Install node-gyp + run: | + npm install -g node-gyp + node-gyp install $(node -v) + + - name: Print environment + run: | + node --version + npm --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Cache Build + id: build-cache + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed + with: + path: build + key: ${{ runner.os }}-${{ github.run_id }}-build + + - name: Cache Safari + id: safari-cache + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed + with: + path: dist-safari + key: ${{ runner.os }}-${{ github.run_id }}-safari-extension + + - name: Decrypt secrets + env: + DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + run: | + mkdir -p $HOME/secrets + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden-desktop-key.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/macdev-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" + + - name: Set up keychain + env: + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} + DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} + APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} + MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain + security set-keychain-settings -lut 1200 build.keychain + security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain + + - name: Set up provisioning profiles + run: | + cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + $GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile + + - name: Increment version + shell: pwsh + env: + BUILD_NUMBER: ${{ needs.setup.outputs.build_number }} + run: | + $package = Get-Content -Raw -Path $env:GITHUB_WORKSPACE\package.json | ConvertFrom-Json; + $package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"; + $package | ConvertTo-Json -Depth 32 | Set-Content $env:GITHUB_WORKSPACE\package.json; + + - name: Install Node dependencies + run: npm ci + + - name: Build application (dev) + run: npm run build + + - name: Create Safari directory + shell: pwsh + run: New-Item ./dist-safari -ItemType Directory -ea 0 + + - name: Checkout browser extension + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + with: + repository: 'bitwarden/browser' + path: 'dist-safari/browser' + ref: ${{ needs.setup.outputs.safari_ref }} + + - name: Build Safari extension + run: | + npm install + npm run dist:safari + working-directory: dist-safari/browser + + + macos-package-github: + name: MacOS Package GitHub Release Assets + runs-on: macos-11 + needs: + - setup + - macos-build + - lint + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} + steps: + - name: Checkout repo + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + + - name: Set up Node + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + with: + cache: 'npm' + cache-dependency-path: '**/package-lock.json' + node-version: '16' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + + - name: Install node-gyp + run: | + npm install -g node-gyp + node-gyp install $(node -v) + + - name: Print environment + run: | + node --version + npm --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Get Build Cache + id: build-cache + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed + with: + path: build + key: ${{ runner.os }}-${{ github.run_id }}-build + + - name: Setup Safari Cache + id: safari-cache + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed + with: + path: dist-safari + key: ${{ runner.os }}-${{ github.run_id }}-safari-extension + + - name: Decrypt secrets + env: + DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + run: | + mkdir -p $HOME/secrets + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden-desktop-key.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/macdev-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" + + - name: Set up keychain + env: + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} + DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} + APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} + MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain + security set-keychain-settings -lut 1200 build.keychain + security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain + + - name: Set up provisioning profiles + run: | + cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + $GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile + + - name: Increment version + shell: pwsh + env: + BUILD_NUMBER: ${{ needs.setup.outputs.build_number }} + run: | + $package = Get-Content -Raw -Path $env:GITHUB_WORKSPACE\package.json | ConvertFrom-Json; + $package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"; + $package | ConvertTo-Json -Depth 32 | Set-Content $env:GITHUB_WORKSPACE\package.json; + + - name: NPM install + run: npm ci + + - name: Build + if: steps.build-cache.outputs.cache-hit != 'true' + run: npm run build + + - name: Create Safari directory + if: steps.safari-cache.outputs.cache-hit != 'true' + shell: pwsh + run: New-Item ./dist-safari -ItemType Directory -ea 0 + + - name: Checkout browser extension + if: steps.safari-cache.outputs.cache-hit != 'true' + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + with: + repository: 'bitwarden/browser' + path: 'dist-safari/browser' + ref: ${{ needs.setup.outputs.safari_ref }} + + - name: Build Safari extension + if: steps.safari-cache.outputs.cache-hit != 'true' + run: | + npm install + npm run dist:safari + working-directory: dist-safari/browser + + - name: Load Safari extension for .dmg + run: | + mkdir PlugIns + cp -r dist-safari/browser/dist/Safari/dmg/build/Release/safari.appex PlugIns/safari.appex + + - name: Build application (dist) + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + run: npm run pack:mac + + - name: Upload .zip artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal-mac.zip + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-universal-mac.zip + if-no-files-found: error + + - name: Upload .dmg artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg + if-no-files-found: error + + - name: Upload .dmg blockmap artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg.blockmap + path: ./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg.blockmap + if-no-files-found: error + + - name: Upload latest auto-update artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: latest-mac.yml + path: ./dist/latest-mac.yml + if-no-files-found: error + + + macos-package-mas: + name: MacOS Package Prod Release Asset + runs-on: macos-11 + needs: + - setup + - macos-build + - lint + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} + steps: + - name: Checkout repo + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + + - name: Set up Node + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + with: + cache: 'npm' + cache-dependency-path: '**/package-lock.json' + node-version: '16' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + + - name: Install node-gyp + run: | + npm install -g node-gyp + node-gyp install $(node -v) + + - name: Print environment + run: | + node --version + npm --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Get Build Cache + id: build-cache + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed + with: + path: build + key: ${{ runner.os }}-${{ github.run_id }}-build + + - name: Setup Safari Cache + id: safari-cache + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed + with: + path: dist-safari + key: ${{ runner.os }}-${{ github.run_id }}-safari-extension + + - name: Decrypt secrets + env: + DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + run: | + mkdir -p $HOME/secrets + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden-desktop-key.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/macdev-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" + + - name: Set up keychain + env: + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} + DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} + APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} + MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain + security set-keychain-settings -lut 1200 build.keychain + security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain + + - name: Set up provisioning profiles + run: | + cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + $GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile + + - name: Increment version + shell: pwsh + env: + BUILD_NUMBER: ${{ needs.setup.outputs.build_number }} + run: | + $package = Get-Content -Raw -Path $env:GITHUB_WORKSPACE\package.json | ConvertFrom-Json; + $package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"; + $package | ConvertTo-Json -Depth 32 | Set-Content $env:GITHUB_WORKSPACE\package.json; + + - name: NPM install + run: npm ci + + - name: Build + if: steps.build-cache.outputs.cache-hit != 'true' + run: npm run build + + - name: Create Safari directory + if: steps.safari-cache.outputs.cache-hit != 'true' + shell: pwsh + run: New-Item ./dist-safari -ItemType Directory -ea 0 + + - name: Checkout browser extension + if: steps.safari-cache.outputs.cache-hit != 'true' + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + with: + repository: 'bitwarden/browser' + path: 'dist-safari/browser' + ref: ${{ needs.setup.outputs.safari_ref }} + + - name: Build Safari extension + if: steps.safari-cache.outputs.cache-hit != 'true' + run: | + npm install + npm run dist:safari + working-directory: dist-safari/browser + + - name: Load Safari extension for App Store + run: | + mkdir PlugIns + cp -r dist-safari/browser/dist/Safari/mas/build/Release/safari.appex PlugIns/safari.appex + + - name: Build application for App Store + run: npm run pack:mac:mas + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Upload .pkg artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg + path: ./dist/mas-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg + if-no-files-found: error + + - name: Deploy to TestFlight + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + if: | + (github.ref == 'refs/heads/master' + && needs.setup.outputs.rc_branch_exists == 0 + && needs.setup.outputs.hotfix_branch_exists == 0) + || (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0) + || github.ref == 'refs/heads/hotfix-rc' + run: npm run upload:mas + + + macos-package-dev: + name: MacOS Package Dev Release Asset + if: false # We need to look into how code signing works for dev + runs-on: macos-11 + needs: + - setup + - macos-build + - lint + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} + steps: + - name: Checkout repo + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + + - name: Set up Node + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + with: + cache: 'npm' + cache-dependency-path: '**/package-lock.json' + node-version: '16' + + - name: Set Node options + run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV + + - name: Install node-gyp + run: | + npm install -g node-gyp + node-gyp install $(node -v) + + - name: Print environment + run: | + node --version + npm --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Get Build Cache + id: build-cache + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed + with: + path: build + key: ${{ runner.os }}-${{ github.run_id }}-build + + - name: Setup Safari Cache + id: safari-cache + uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed + with: + path: dist-safari + key: ${{ runner.os }}-${{ github.run_id }}-safari-extension + + - name: Decrypt secrets + env: + DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} + run: | + mkdir -p $HOME/secrets + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden-desktop-key.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden-desktop-key.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/appstore-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/appstore-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-app-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/devid-installer-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/macdev-cert.p12" \ + "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" + gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ + --output "$HOME/secrets/bitwarden_desktop_appstore.provisionprofile" \ + "$GITHUB_WORKSPACE/.github/secrets/bitwarden_desktop_appstore.provisionprofile.gpg" + + - name: Set up keychain + env: + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + DESKTOP_KEY_PASSWORD: ${{ secrets.DESKTOP_KEY_PASSWORD }} + DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} + APPSTORE_CERT_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} + MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain + security set-keychain-settings -lut 1200 build.keychain + security import "$HOME/secrets/bitwarden-desktop-key.p12" -k build.keychain -P $DESKTOP_KEY_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-app-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/appstore-installer-cert.p12" -k build.keychain -P $APPSTORE_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ + -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain + + - name: Set up provisioning profiles + run: | + cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ + $GITHUB_WORKSPACE/bitwarden_desktop_appstore.provisionprofile + + - name: Increment version + shell: pwsh + env: + BUILD_NUMBER: ${{ needs.setup.outputs.build_number }} + run: | + $package = Get-Content -Raw -Path $env:GITHUB_WORKSPACE\package.json | ConvertFrom-Json; + $package.build | Add-Member -MemberType NoteProperty -Name buildVersion -Value "$env:BUILD_NUMBER"; + $package | ConvertTo-Json -Depth 32 | Set-Content $env:GITHUB_WORKSPACE\package.json; + + - name: NPM install + run: npm ci + + - name: Build + if: steps.build-cache.outputs.cache-hit != 'true' + run: npm run build + + - name: Create Safari directory + if: steps.safari-cache.outputs.cache-hit != 'true' + shell: pwsh + run: New-Item ./dist-safari -ItemType Directory -ea 0 + + - name: Checkout browser extension + if: steps.safari-cache.outputs.cache-hit != 'true' + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + with: + repository: 'bitwarden/browser' + path: 'dist-safari/browser' + ref: ${{ needs.setup.outputs.safari_ref }} + + - name: Build Safari extension + if: steps.safari-cache.outputs.cache-hit != 'true' + run: | + npm install + npm run dist:safari + working-directory: dist-safari/browser + + - name: Load Safari extension for App Store + run: | + mkdir PlugIns + cp -r dist-safari/browser/dist/Safari/masdev/build/Release/safari.appex PlugIns/safari.appex + + - name: Build dev application for App Store + run: npm run pack:mac:masdev + env: + APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + + - name: Zip masdev asset + working-directory: ./dist/mas-dev-universal + run: zip -r Bitwarden-${{ env.PACKAGE_VERSION }}-masdev-universal.zip Bitwarden.app + + - name: Upload masdev artifact + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 + with: + name: Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip + path: ./dist/mas-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip + if-no-files-found: error + + + crowdin-push: + name: Crowdin Push + if: github.ref == 'refs/heads/master' + needs: + - linux + - windows + - macos-package-github + - macos-package-mas + runs-on: ubuntu-20.04 + env: + _CROWDIN_PROJECT_ID: "299360" + steps: + - name: Checkout repo + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 + + - name: Login to Azure + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f + with: + keyvault: "bitwarden-prod-kv" + secrets: "crowdin-api-token" + + - name: Upload Sources + uses: crowdin/github-action@9237b4cb361788dfce63feb2e2f15c09e2fe7415 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} + with: + config: crowdin.yml + crowdin_branch_name: master + upload_sources: true + upload_translations: false + + + check-failures: + name: Check for failures + if: always() + runs-on: ubuntu-20.04 + needs: + - cloc + - setup + - lint + - linux + - windows + - macos-build + - macos-package-github + - macos-package-mas + - crowdin-push + steps: + - name: Check if any job failed + if: ${{ (github.ref == 'refs/heads/master') || (github.ref == 'refs/heads/rc') }} + env: + CLOC_STATUS: ${{ needs.cloc.result }} + SETUP_STATUS: ${{ needs.setup.result }} + LINT_STATUS: ${{ needs.lint.result }} + LINUX_STATUS: ${{ needs.linux.result }} + WINDOWS_STATUS: ${{ needs.windows.result }} + MACOS_BUILD_STATUS: ${{ needs.macos-build.result }} + MACOS_PKG_GITHUB_STATUS: ${{ needs.macos-package-github.result }} + MACOS_PKG_MAS_STATUS: ${{ needs.macos-package-mas.result }} + CROWDIN_PUSH_STATUS: ${{ needs.crowdin-push.result }} + run: | + if [ "$CLOC_STATUS" = "failure" ]; then + exit 1 + elif [ "$SETUP_STATUS" = "failure" ]; then + exit 1 + elif [ "$LINT_STATUS" = "failure" ]; then + exit 1 + elif [ "$LINUX_STATUS" = "failure" ]; then + exit 1 + elif [ "$WINDOWS_STATUS" = "failure" ]; then + exit 1 + elif [ "$MACOS_BUILD_STATUS" = "failure" ]; then + exit 1 + elif [ "$MACOS_PKG_GITHUB_STATUS" = "failure" ]; then + exit 1 + elif [ "$MACOS_PKG_MAS_STATUS" = "failure" ]; then + exit 1 + elif [ "$CROWDIN_PUSH_STATUS" = "failure" ]; then + exit 1 + fi + + - name: Login to Azure - Prod Subscription + uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf + if: failure() + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f + if: failure() + with: + keyvault: "bitwarden-prod-kv" + secrets: "devops-alerts-slack-webhook-url" + + - name: Notify Slack on failure + uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 + if: failure() + env: + SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} + with: + status: ${{ job.status }} diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml index e534e20379..d7de207d56 100644 --- a/.github/workflows/crowdin-pull.yml +++ b/.github/workflows/crowdin-pull.yml @@ -30,7 +30,7 @@ jobs: secrets: "crowdin-api-token" - name: Download translations - uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea + uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea # v1.3.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} diff --git a/.github/workflows/enforce-labels.yml b/.github/workflows/enforce-labels.yml index 0a63c70e4a..bf8517cc25 100644 --- a/.github/workflows/enforce-labels.yml +++ b/.github/workflows/enforce-labels.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Enforce Label - uses: yogevbd/enforce-label-action@8d1e1709b1011e6d90400a0e6cf7c0b77aa5efeb + uses: yogevbd/enforce-label-action@8d1e1709b1011e6d90400a0e6cf7c0b77aa5efeb # v2.1.0 with: BANNED_LABELS: "hold" BANNED_LABELS_DESCRIPTION: "PRs on hold cannot be merged" diff --git a/.github/workflows/release.yml b/.github/workflows/release-browser.yml similarity index 91% rename from .github/workflows/release.yml rename to .github/workflows/release-browser.yml index 26c25ab81c..da1530e889 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release-browser.yml @@ -1,5 +1,5 @@ --- -name: Release +name: Release Browser on: workflow_dispatch: @@ -14,6 +14,10 @@ on: - Redeploy - Dry Run +defaults: + run: + shell: bash + working-directory: apps/browser jobs: setup: @@ -26,9 +30,9 @@ jobs: - name: Branch check if: ${{ github.event.inputs.release_type != 'Dry Run' }} run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ $GITHUB_REF != refs/heads/hotfix-rc/* ]]; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "[!] Can only release from the 'rc' or 'hotfix-rc/*' branches" echo "===================================" exit 1 fi @@ -41,7 +45,7 @@ jobs: run: | version=$( jq -r ".version" src/manifest.json) previous_release_tag_version=$( - curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name" + curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases | jq -r 'first(.[] | select(.tag_name | startswith("browser"))).tag_name' ) if [ "v$version" == "$previous_release_tag_version" ] && \ @@ -102,7 +106,7 @@ jobs: - name: Download latest RC build artifacts uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8 with: - workflow: build.yml + workflow: build-browser.yml workflow_conclusion: success branch: ${{ needs.setup.outputs.branch-name }} artifacts: 'browser-source-*.zip, @@ -131,7 +135,7 @@ jobs: dist-firefox-${{ needs.setup.outputs.release-version }}.zip, dist-edge-${{ needs.setup.outputs.release-version }}.zip' commit: ${{ github.sha }} - tag: "v${{ needs.setup.outputs.release-version }}" + tag: "browser-v${{ needs.setup.outputs.release-version }}" name: "Version ${{ needs.setup.outputs.release-version }}" body: "" token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-desktop.yml b/.github/workflows/release-desktop.yml new file mode 100644 index 0000000000..f7dd3d4b35 --- /dev/null +++ b/.github/workflows/release-desktop.yml @@ -0,0 +1,202 @@ +--- +name: Release Desktop + +on: + workflow_dispatch: + inputs: + release_type: + description: 'Release Options' + required: true + default: 'Initial Release' + type: choice + options: + - Initial Release + - Redeploy + - Dry Run + +defaults: + run: + shell: bash + working-directory: apps/desktop + +jobs: + setup: + name: Setup + runs-on: ubuntu-20.04 + outputs: + package_version: ${{ steps.retrieve-version.outputs.package_version }} + branch-name: ${{ steps.branch.outputs.branch-name }} + steps: + - name: Branch check + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ $GITHUB_REF != refs/heads/hotfix-rc/* ]]; then + echo "===================================" + echo "[!] Can only release from the 'rc' or 'hotfix-rc/*' branches" + echo "===================================" + exit 1 + fi + + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + + - name: Get Package Version + id: retrieve-version + run: | + PKG_VERSION=$(jq -r .version src/package.json) + echo "::set-output name=package_version::$PKG_VERSION" + + - name: Check to make sure Desktop release version has been bumped + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + latest_ver=$( + curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases | jq -r 'first(.[] | select(.tag_name | startswith("desktop"))).tag_name' + ) + latest_ver=${latest_ver:1} + echo "Latest version: $latest_ver" + ver=${{ steps.retrieve-version.outputs.package_version }} + echo "Version: $ver" + if [ "$latest_ver" = "$ver" ] && \ + [ "${{ github.event.inputs.release_type }}" == "Initial Release" ]; then + echo "Version has not been bumped!" + exit 1 + fi + + - name: Get branch name + id: branch + run: | + BRANCH_NAME=$(basename ${{ github.ref }}) + echo "::set-output name=branch-name::$BRANCH_NAME" + + - name: Download all artifacts + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 + with: + workflow: build.yml + workflow_conclusion: success + branch: ${{ steps.branch.outputs.branch-name }} + + - name: Rename .pkg to .pkg.archive + env: + PKG_VERSION: ${{ steps.retrieve-version.outputs.package_version }} + run: mv Bitwarden-${{ env.PKG_VERSION }}-universal.pkg Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive + + - name: Create release + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09 # v2.8.5 + env: + PKG_VERSION: ${{ steps.retrieve-version.outputs.package_version }} + with: + artifacts: "Bitwarden-${{ env.PKG_VERSION }}-amd64.deb, + Bitwarden-${{ env.PKG_VERSION }}-x86_64.rpm, + Bitwarden-${{ env.PKG_VERSION }}-x64.freebsd, + bitwarden_${{ env.PKG_VERSION }}_amd64.snap, + Bitwarden-${{ env.PKG_VERSION }}-x86_64.AppImage, + latest-linux.yml, + Bitwarden-Portable-${{ env.PKG_VERSION }}.exe, + Bitwarden-Installer-${{ env.PKG_VERSION }}.exe, + Bitwarden-${{ env.PKG_VERSION }}-ia32-store.appx, + Bitwarden-${{ env.PKG_VERSION }}-ia32.appx, + Bitwarden-${{ env.PKG_VERSION }}-ia32.nsis.7z, + Bitwarden-${{ env.PKG_VERSION }}-x64-store.appx, + Bitwarden-${{ env.PKG_VERSION }}-x64.appx, + Bitwarden-${{ env.PKG_VERSION }}-x64.nsis.7z, + Bitwarden-${{ env.PKG_VERSION }}-arm64-store.appx, + Bitwarden-${{ env.PKG_VERSION }}-arm64.appx, + Bitwarden-${{ env.PKG_VERSION }}-arm64.nsis.7z, + bitwarden.${{ env.PKG_VERSION }}.nupkg, + latest.yml, + Bitwarden-${{ env.PKG_VERSION }}-universal-mac.zip, + Bitwarden-${{ env.PKG_VERSION }}-universal.dmg, + Bitwarden-${{ env.PKG_VERSION }}-universal.dmg.blockmap, + latest-mac.yml, + Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive" + commit: ${{ github.sha }} + tag: desktop-v${{ env.PKG_VERSION }} + name: Version ${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + + snap: + name: Deploy Snap + runs-on: ubuntu-20.04 + needs: setup + env: + _PKG_VERSION: ${{ needs.setup.outputs.package_version }} + steps: + - name: Checkout Repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + + - name: Login to Azure + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-prod-kv" + secrets: "snapcraft-store-token" + + - name: Install Snap + uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d # v1.2.0 + with: + snapcraft_token: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} + + - name: Setup + run: mkdir dist + + - name: Download Snap artifact + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 + with: + workflow: build.yml + workflow_conclusion: success + branch: ${{ needs.setup.outputs.branch-name }} + artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap + path: ./dist + + - name: Test + run: ls -alht dist + + - name: Deploy to Snap Store + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: | + snapcraft upload dist/bitwarden_${{ env._PKG_VERSION }}_amd64.snap --release stable + snapcraft logout + + choco: + name: Deploy Choco + runs-on: windows-2019 + needs: setup + env: + _PKG_VERSION: ${{ needs.setup.outputs.package_version }} + steps: + - name: Checkout Repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + + - name: Setup Chocolatey + run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ + env: + CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }} + + - name: Make dist dir + shell: pwsh + run: New-Item -ItemType directory -Path ./dist + + - name: Download choco artifact + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 + with: + workflow: build.yml + workflow_conclusion: success + branch: ${{ needs.setup.outputs.branch-name }} + artifacts: bitwarden.${{ env._PKG_VERSION }}.nupkg + path: ./dist + + - name: Push to Chocolatey + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + shell: pwsh + run: | + cd dist + choco push diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 033622e7e7..7afb606890 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -4,54 +4,124 @@ name: Version Bump on: workflow_dispatch: inputs: + client: + description: "Client Project" + required: true + type: choice + options: + - Browser + - CLI + - Desktop + - Web version_number: description: "New Version" required: true +defaults: + run: + shell: bash + jobs: bump_version: - name: "Create version_bump_${{ github.event.inputs.version_number }} branch" + name: "Bump ${{ github.event.inputs.client }} Version" runs-on: ubuntu-20.04 steps: - name: Checkout Branch uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 - name: Create Version Branch + env: + CLIENT_NAME: ${{ github.event.inputs.client }} run: | - git switch -c version_bump_${{ github.event.inputs.version_number }} - git push -u origin version_bump_${{ github.event.inputs.version_number }} + echo "CLIENT=${CLIENT_NAME,,}" >> ${GITHUB_ENV} + git switch -c $CLIENT_version_bump_${{ github.event.inputs.version_number }} + git push -u origin $CLIENT_version_bump_${{ github.event.inputs.version_number }} - name: Checkout Version Branch uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 with: - ref: version_bump_${{ github.event.inputs.version_number }} + ref: ${{ env.CLIENT }}_version_bump_${{ github.event.inputs.version_number }} - - name: Bump Version - Manifest + ######################## + # VERSION BUMP SECTION # + ######################## + + ### Browser + - name: Bump Browser Version - Manifest + if: ${{ github.event.inputs.client == "Browser" }} uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945 with: version: ${{ github.event.inputs.version_number }} file_path: "./src/manifest.json" + working-directory: apps/browser - - name: Run Prettier after Version Bump + - name: Run Prettier after Browser Version Bump + if: ${{ github.event.inputs.client == "Browser" }} run: | npm install -g prettier prettier --write ./src/manifest.json + working-directory: apps/browser + + ### CLI + - name: Bump CLI Version - Package + if: ${{ github.event.inputs.client == "CLI" }} + uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945 + with: + version: ${{ github.event.inputs.version_number }} + file_path: "./package.json" + working-directory: apps/cli + + - name: Bump CLI Version - Package-lock + if: ${{ github.event.inputs.client == "CLI" }} + uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945 + with: + version: ${{ github.event.inputs.version_number }} + file_path: "./package-lock.json" + working-directory: apps/cli + + ### Desktop + - name: Bump Desktop Version - Package + if: ${{ github.event.inputs.client == "Desktop" }} + uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945 + with: + version: ${{ github.event.inputs.version_number }} + file_path: "./src/package.json" + working-directory: apps/desktop + + ### Web + - name: Bump Web Version - package.json + if: ${{ github.event.inputs.client == "Web" }} + uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945 + with: + version: ${{ github.event.inputs.version_number }} + file_path: "./package.json" + working-directory: apps/web + + - name: Bump Web Version - package-lock.json + if: ${{ github.event.inputs.client == "Web" }} + uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945 + with: + version: ${{ github.event.inputs.version_number }} + file_path: "./package-lock.json" + working-directory: apps/web + + ######################## - name: Commit files run: | git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" - git commit -m "Bumped version to ${{ github.event.inputs.version_number }}" -a + git commit -m "Bumped $CLIENT version to ${{ github.event.inputs.version_number }}" -a - name: Push changes - run: git push -u origin version_bump_${{ github.event.inputs.version_number }} + run: git push -u origin $CLIENT_version_bump_${{ github.event.inputs.version_number }} - - name: Create Version PR + - name: Create Bump Version PR env: - PR_BRANCH: "version_bump_${{ github.event.inputs.version_number }}" + PR_BRANCH: "${{ env.CLIENT }}_version_bump_${{ github.event.inputs.version_number }}" GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" BASE_BRANCH: master - TITLE: "Bump version to ${{ github.event.inputs.version_number }}" + TITLE: "Bump ${{ github.event.inputs.client }} version to ${{ github.event.inputs.version_number }}" run: | gh pr create --title "$TITLE" \ --base "$BASE" \ @@ -67,4 +137,4 @@ jobs: - [X] Other ## Objective - Automated version bump to ${{ github.event.inputs.version_number }}" + Automated ${{ github.event.inputs.client }} version bump to ${{ github.event.inputs.version_number }}"