vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

Merge pull request #6 from joseph-flinn/add-signing-gh 

Add signing gh
This commit is contained in:
Joseph Flinn 2021-01-06 09:28:14 -08:00 committed by GitHub
parent 47b335be4b e1d2aa4b4a
commit fc28a65e18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 87 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
.github/workflows/build-and-sign.yml vendored
View File

@ -6,6 +6,7 @@ on:
jobs: jobs:
windows: windows:
runs-on: windows-latest runs-on: windows-latest
environment: test_ast
steps: steps:
- name: Set up dotnet - name: Set up dotnet
uses: actions/setup-dotnet@v1 uses: actions/setup-dotnet@v1
@ -43,15 +44,17 @@ jobs:
Write-Host "PACKAGE VERSION TO BUILD - $latest_version" Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
Write-Host "--------" Write-Host "--------"
dotnet restore
dotnet pack --output ./nupkg
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
cd $HOME cd $HOME
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Load package version - name: Load package version
run: | run: ./.github/scripts/load-version.ps1
./.github/scripts/load-version.ps1
exit 1
shell: pwsh shell: pwsh
- name: Install Node dependencies - name: Install Node dependencies
@ -61,67 +64,63 @@ jobs:
run: npm run lint run: npm run lint
- name: Build application - name: Build application
shell: pwsh run: npm run build
run: npm run dist:win:ci
- name: Rename appx files for store - name: Build & Sign
shell: pwsh
run: | run: |
Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx" ` npm run build
-Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx" npm run pack:win
Copy-Item "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx" ` env:
-Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx" CSC_LINK: ${{ secrets.EB_SIGNING_CERT_IDENTIFIER_URL }}
CSC_KEY_PASSWORD: ${{ secrets.EB_SIGNING_CERT_KEY }}
SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
SECRET_TEST: ${{ secrets.SECRET_TEST }}
- name: Upload portable exe artifact - name: List Dist
if: github.ref == 'refs/heads/master' || github.event_name == 'release' run: dir ./dist
- name: Upload signed portable exe artifact
#if: github.ref == 'refs/heads/master' || github.event_name == 'release'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}-signed.exe
path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe
- name: Upload installer exe artifact - name: Upload signed installer exe artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' #if: github.ref == 'refs/heads/master' || github.event_name == 'release'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}-signed.exe
path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe
- name: Upload store appx ia32 artifact - name: Upload signed appx ia32 artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' #if: github.ref == 'refs/heads/master' || github.event_name == 'release'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32.appx
- name: Upload store appx x64 artifact - name: Upload signed appx x64 artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' #if: github.ref == 'refs/heads/master' || github.event_name == 'release'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64.appx
- name: Deploy to Chocolatey #- name: Upload release assets
if: github.event_name == 'release' # if: github.event_name == 'release'
run: ./scripts/choco-update.ps1 -version $env:PACKAGE_VERSION # run: |
shell: pwsh # hub release edit `
# -a ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg `
- name: Upload Chocolatey nupkg artifact # -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx `
if: github.event_name == 'release' # -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx `
uses: actions/upload-artifact@v2 # -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" `
with: # $env:RELEASE_TAG_NAME
name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg # shell: pwsh
path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg # env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload release assets # RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
if: github.event_name == 'release'
run: |
hub release edit `
-a ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg `
-a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx `
-a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx `
-m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" `
$env:RELEASE_TAG_NAME
shell: pwsh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}

49
.github/workflows/build.yml vendored
View File

@ -1,13 +1,16 @@
name: Build name: Build
on: on:
push: workflow_dispatch:
branches-ignore:
- 'l10n_master' # on:
- 'gh-pages' # push:
release: # branches-ignore:
types: # - 'l10n_master'
- published # - 'gh-pages'
# release:
# types:
# - published
jobs: jobs:
@ -170,28 +173,28 @@ jobs:
-Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx" -Destination "./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx"
- name: Upload portable exe artifact - name: Upload portable exe artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' #if: github.ref == 'refs/heads/master' || github.event_name == 'release'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe name: Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe
path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe path: ./dist/Bitwarden-Portable-${{ env.PACKAGE_VERSION }}.exe
- name: Upload installer exe artifact - name: Upload installer exe artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' #if: github.ref == 'refs/heads/master' || github.event_name == 'release'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe name: Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe
path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe path: ./dist/nsis-web/Bitwarden-Installer-${{ env.PACKAGE_VERSION }}.exe
- name: Upload store appx ia32 artifact - name: Upload store appx ia32 artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' #if: github.ref == 'refs/heads/master' || github.event_name == 'release'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx name: Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx
path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx path: ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx
- name: Upload store appx x64 artifact - name: Upload store appx x64 artifact
if: github.ref == 'refs/heads/master' || github.event_name == 'release' #if: github.ref == 'refs/heads/master' || github.event_name == 'release'
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx name: Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx
@ -209,18 +212,18 @@ jobs:
# name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg # name: bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
# path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg # path: ./dist/chocolatey/bitwarden.${{ env.PACKAGE_VERSION }}.nupkg
- name: Upload release assets #- name: Upload release assets
if: github.event_name == 'release' # if: github.event_name == 'release'
run: | # run: |
hub release edit ` # hub release edit `
-a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx ` # -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-ia32-store.appx `
-a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx ` # -a ./dist/Bitwarden-${{ env.PACKAGE_VERSION }}-x64-store.appx `
-m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" ` # -m "$($env:RELEASE_TAG_NAME.TrimStart('v'))" `
$env:RELEASE_TAG_NAME # $env:RELEASE_TAG_NAME
shell: pwsh # shell: pwsh
env: # env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} # GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} # RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
macos: macos:
runs-on: macos-latest runs-on: macos-latest

2
package.json
View File

@ -197,7 +197,7 @@
"applicationId": "bitwardendesktop", "applicationId": "bitwardendesktop",
"identityName": "8bitSolutionsLLC.bitwardendesktop", "identityName": "8bitSolutionsLLC.bitwardendesktop",
"publisher": "CN=14D52771-DE3C-4886-B8BF-825BA7690418", "publisher": "CN=14D52771-DE3C-4886-B8BF-825BA7690418",
"publisherDisplayName": "8bit Solutions LLC", "publisherDisplayName": "Bitwarden Inc",
"languages": [ "languages": [
"en-US" "en-US"
] ]

15
sign.js
View File

@ -1,10 +1,15 @@
exports.default = async function(configuration) { exports.default = async function(configuration) {
//console.log(`config:\n${JSON.stringify(configuration, null, 4)}`)
console.log(`env test - secret test ${process.env.SECRET_TEST}`)
console.log(`env test - shouldn't work ${process.env.secretTest}`)
require("child_process").execSync( require("child_process").execSync(
`azuresigntool sign -kvu ${process.env.SIGNING_VAULT_URL} -kvi ${process.env.SIGNING_CLIENT_ID} -kvt ${process.env.SIGNING_TENANT_ID} -kvs ${process.env.SIGNING_CLIENT_SECRET} -kvc ${process.env.SIGNING_CERT_NAME} -fd ${configuration.hash} -du ${configuration.site} -tr http://timestamp.digicert.com ${configuration.path}`, `azuresigntool sign ` +
`-kvu ${process.env.SIGNING_VAULT_URL} ` +
`-kvi ${process.env.SIGNING_CLIENT_ID} ` +
`-kvt ${process.env.SIGNING_TENANT_ID} ` +
`-kvs ${process.env.SIGNING_CLIENT_SECRET} ` +
`-kvc ${process.env.SIGNING_CERT_NAME} ` +
`-fd ${configuration.hash} ` +
`-du ${configuration.site} ` +
`-tr http://timestamp.digicert.com ` +
`${configuration.path}`,
{ {
stdio: "inherit" stdio: "inherit"
} }