diff --git a/.github/workflows/build-and-sign.yml b/.github/workflows/build-and-sign.yml index 0fb892b1bc..fc29cf2670 100644 --- a/.github/workflows/build-and-sign.yml +++ b/.github/workflows/build-and-sign.yml @@ -6,6 +6,7 @@ on: jobs: windows: runs-on: windows-latest + environment: test_ast steps: - name: Set up dotnet uses: actions/setup-dotnet@v1 @@ -43,15 +44,17 @@ jobs: Write-Host "PACKAGE VERSION TO BUILD - $latest_version" Write-Host "--------" + dotnet restore + dotnet pack --output ./nupkg + dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool + cd $HOME - name: Checkout repo uses: actions/checkout@v2 - name: Load package version - run: | - ./.github/scripts/load-version.ps1 - exit 1 + run: ./.github/scripts/load-version.ps1 shell: pwsh - name: Install Node dependencies @@ -61,67 +64,63 @@ jobs: run: npm run lint - name: Build application - shell: pwsh - run: npm run dist:win:ci + run: npm run build - - name: Rename appx files for store - shell: pwsh + - name: Build & Sign run: | - Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx" ` - -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx" - Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx" ` - -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx" + npm run build + npm run pack:win + env: + CSC_LINK: ${{ secrets.EB_SIGNING_CERT_IDENTIFIER_URL }} + CSC_KEY_PASSWORD: ${{ secrets.EB_SIGNING_CERT_KEY }} + SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }} + SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }} + SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }} + SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }} + SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }} + SECRET_TEST: ${{ secrets.SECRET_TEST }} - - name: Upload portable exe artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + - name: List Dist + run: dir ./dist + + - name: Upload signed portable exe artifact + #if: github.ref == 'refs/heads/master' || github.event_name == 'release' uses: actions/upload-artifact@v2 with: - name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe + name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}-signed.exe path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe - - name: Upload installer exe artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + - name: Upload signed installer exe artifact + #if: github.ref == 'refs/heads/master' || github.event_name == 'release' uses: actions/upload-artifact@v2 with: - name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe + name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}-signed.exe path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe - - name: Upload store appx ia32 artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + - name: Upload signed appx ia32 artifact + #if: github.ref == 'refs/heads/master' || github.event_name == 'release' uses: actions/upload-artifact@v2 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx + name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx + path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx - - name: Upload store appx x64 artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + - name: Upload signed appx x64 artifact + #if: github.ref == 'refs/heads/master' || github.event_name == 'release' uses: actions/upload-artifact@v2 with: - name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx - path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx + name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx + path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx - - name: Deploy to Chocolatey - if: github.event_name == 'release' - run: ./scripts/choco-update.ps1 -version $env:PACKAGE_VERSION - shell: pwsh - - - name: Upload Chocolatey nupkg artifact - if: github.event_name == 'release' - uses: actions/upload-artifact@v2 - with: - name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg - path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg - - - name: Upload release assets - if: github.event_name == 'release' - run: | - hub release edit ` - -a ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg ` - -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx ` - -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx ` - -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` - $env:RELEASE_TAG_NAME - shell: pwsh - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} +#- name: Upload release assets +# if: github.event_name == 'release' +# run: | +# hub release edit ` +# -a ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg ` +# -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx ` +# -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx ` +# -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` +# $env:RELEASE_TAG_NAME +# shell: pwsh +# env: +# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8d8d61aa24..78e85b11bc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,13 +1,16 @@ name: Build -on: - push: - branches-ignore: - - 'l10n_master' - - 'gh-pages' - release: - types: - - published +on: + workflow_dispatch: + +# on: +# push: +# branches-ignore: +# - 'l10n_master' +# - 'gh-pages' +# release: +# types: +# - published jobs: @@ -170,28 +173,28 @@ jobs: -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx" - name: Upload portable exe artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + #if: github.ref == 'refs/heads/master' || github.event_name == 'release' uses: actions/upload-artifact@v2 with: name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe - name: Upload installer exe artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + #if: github.ref == 'refs/heads/master' || github.event_name == 'release' uses: actions/upload-artifact@v2 with: name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe - name: Upload store appx ia32 artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + #if: github.ref == 'refs/heads/master' || github.event_name == 'release' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx - name: Upload store appx x64 artifact - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + #if: github.ref == 'refs/heads/master' || github.event_name == 'release' uses: actions/upload-artifact@v2 with: name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx @@ -209,18 +212,18 @@ jobs: # name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg # path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg - - name: Upload release assets - if: github.event_name == 'release' - run: | - hub release edit ` - -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx ` - -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx ` - -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` - $env:RELEASE_TAG_NAME - shell: pwsh - env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} + #- name: Upload release assets + # if: github.event_name == 'release' + # run: | + # hub release edit ` + # -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx ` + # -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx ` + # -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` + # $env:RELEASE_TAG_NAME + # shell: pwsh + # env: + # GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + # RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} macos: runs-on: macos-latest diff --git a/package.json b/package.json index e1870315cb..4a1b2ce33c 100644 --- a/package.json +++ b/package.json @@ -197,7 +197,7 @@ "applicationId": "bitwardendesktop", "identityName": "8bitSolutionsLLC.bitwardendesktop", "publisher": "CN=14D52771-DE3C-4886-B8BF-825BA7690418", - "publisherDisplayName": "8bit Solutions LLC", + "publisherDisplayName": "Bitwarden Inc", "languages": [ "en-US" ] diff --git a/sign.js b/sign.js index 0a61edf3b7..e7a6df8909 100644 --- a/sign.js +++ b/sign.js @@ -1,10 +1,15 @@ exports.default = async function(configuration) { - //console.log(`config:\n${JSON.stringify(configuration, null, 4)}`) - console.log(`env test - secret test ${process.env.SECRET_TEST}`) - console.log(`env test - shouldn't work ${process.env.secretTest}`) - require("child_process").execSync( - `azuresigntool sign -kvu ${process.env.SIGNING_VAULT_URL} -kvi ${process.env.SIGNING_CLIENT_ID} -kvt ${process.env.SIGNING_TENANT_ID} -kvs ${process.env.SIGNING_CLIENT_SECRET} -kvc ${process.env.SIGNING_CERT_NAME} -fd ${configuration.hash} -du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`, + `azuresigntool sign ` + + `-kvu ${process.env.SIGNING_VAULT_URL} ` + + `-kvi ${process.env.SIGNING_CLIENT_ID} ` + + `-kvt ${process.env.SIGNING_TENANT_ID} ` + + `-kvs ${process.env.SIGNING_CLIENT_SECRET} ` + + `-kvc ${process.env.SIGNING_CERT_NAME} ` + + `-fd ${configuration.hash} ` + + `-du ${configuration.site} ` + + `-tr http://timestamp.digicert.com ` + + `${configuration.path}`, { stdio: "inherit" }