mirror of
https://github.com/bitwarden/android.git
synced 2024-12-26 19:08:32 +03:00
fa6bac3b43
* [EC-426] Add watchOS PoC app (#2054) * EC-426 Added watchOS app, configured iOS.csproj to bundle the output of XCode build into the Xamarin iOS app and added some custom logic to use WCSession to communicate between the iOS and the watchOS apps * EC-426 Removed Info.plist from iOS.Core project given that it's not needed * [EC-426] Added new encrypted watch app profiles * EC-426 added configuration for building watchApp and bundle it up on the iOS one * EC-426 Fix build for watchOS * EC-426 Fix build for watchOS applied shell bash * EC-426 Fix build for watchOS echo * EC-426 Fix build for watchOS simplify * EC-426 Fix build for watchOS added workspace path * EC-426 Changed code sign identity of watchOS project to Apple Distribution * EC-426 added manual code sign style and specified the provisioning profile for the targets on the watch xcode project * EC-426 updated path to watchOS on release on iOS.csproj and disabled android and f-.droid * EC-426 fix build * EC-426 fix path and check listing of directory of watchOS output just in case * EC-426 Fix Apple Watch build to list the folder recursively just in case we need to change the path for the watch bundle * EC-426 TEMP Change texts on input on login and lock to show that the app is for the Watch PoC testing * EC-426 Fix WatchApp build path * EC-426 Added WatchOS AppIcons * EC-426 added gitignore for XCode project removed files supposed to be ignored * EC-426 Cleaned the code a bit to avoid misbehavior * EC-426 Code cleanup Co-authored-by: Joseph Flinn <joseph.s.flinn@gmail.com> * [EC-585] Added data, encryption and some helpers and structure to the Watch app (#2164) * [EC-585] Added foundation classes on the watch to handle CoreData and some fixes on the communication of the ciphers, also some helper classes to store in keychain and encrypt data * EC-585 Added keychain helper, encryption helpers and added data storage using CoreData configuring it appropiately. View and ViewModel are here only to test that the fetching/saving works but it's not the actual UI of the watch app. Also removed all the places where the automatic file signature was added by XCode * EC-585 Fixed CipherServiceMock to implement protocol * EC-585 Fixed DeviceActionService duplicated services * [EC-614] Apple Watch MVP Cipher list UI (#2175) * [EC-585] Added foundation classes on the watch to handle CoreData and some fixes on the communication of the ciphers, also some helper classes to store in keychain and encrypt data * EC-585 Added keychain helper, encryption helpers and added data storage using CoreData configuring it appropiately. View and ViewModel are here only to test that the fetching/saving works but it's not the actual UI of the watch app. Also removed all the places where the automatic file signature was added by XCode * EC-585 Fixed CipherServiceMock to implement protocol * EC-585 Fixed DeviceActionService duplicated services * EC-614 Implemented watch ciphers list UI * [EC-615] Apple Watch MVP Cipher details UI (#2192) * [EC-585] Added foundation classes on the watch to handle CoreData and some fixes on the communication of the ciphers, also some helper classes to store in keychain and encrypt data * EC-585 Added keychain helper, encryption helpers and added data storage using CoreData configuring it appropiately. View and ViewModel are here only to test that the fetching/saving works but it's not the actual UI of the watch app. Also removed all the places where the automatic file signature was added by XCode * EC-585 Fixed CipherServiceMock to implement protocol * EC-585 Fixed DeviceActionService duplicated services * EC-614 Implemented watch ciphers list UI * EC-615 Added cipher details UI to watch and also implemented logic and helpers to generate the TOTPs * EC-615 Added value transformer to login uris on the cipher entity * EC-617 Added state view on watch app and some state helpers and wired it on the CipherListView. Also added some images (#2195) * [EC-581] Implement Apple Watch MVP Sync (#2206) * EC-581 Implemented sync iPhone -> watchOS, fix some issues with the watch database and sync flows for login/locks/multiple accounts * EC-581 Added watch sync on unlocking and need setup state when no user is synced and the session is not active * EC-581 Removed unused method * EC-581 Fix format * EC-759 Added avatar row on cipher list header to display avatar icon and email (#2213) * [EC-786] Apple Watch MVP Sync fixes (#2214) * EC-786 Commented things that are not going to be included on the MVP and fixed issue on the dictionary sent on the applicationContext to have a changing key based on time * EC-786 Commented need unlock state * EC-579 Added logic for Connect To Watch on iOS settings and moved it to the correct place. Also improved the synchronization and watch session activation logic (#2218) * EC-616 Added search header for ciphers and polished the code (#2226) Co-authored-by: Federico Maccaroni <fedemkr@gmail.com> Co-authored-by: Joseph Flinn <joseph.s.flinn@gmail.com>
791 lines
32 KiB
YAML
791 lines
32 KiB
YAML
---
|
|
name: Build
|
|
|
|
on:
|
|
push:
|
|
branches-ignore:
|
|
- 'l10n_master'
|
|
- 'gh-pages'
|
|
paths-ignore:
|
|
- '.github/workflows/**'
|
|
workflow_dispatch:
|
|
inputs: {}
|
|
|
|
jobs:
|
|
cloc:
|
|
name: CLOC
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
|
|
|
|
- name: Set up CLOC
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get -y install cloc
|
|
|
|
- name: Print lines of code
|
|
run: cloc --vcs git --exclude-dir Resources,store,test,Properties --include-lang C#,XAML
|
|
|
|
|
|
setup:
|
|
name: Setup
|
|
runs-on: ubuntu-20.04
|
|
outputs:
|
|
rc_branch_exists: ${{ steps.branch-check.outputs.rc_branch_exists }}
|
|
hotfix_branch_exists: ${{ steps.branch-check.outputs.hotfix_branch_exists }}
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
|
|
|
|
- name: Check if special branches exist
|
|
id: branch-check
|
|
run: |
|
|
if [[ $(git ls-remote --heads origin rc) ]]; then
|
|
echo "rc_branch_exists=1" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "rc_branch_exists=0" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
if [[ $(git ls-remote --heads origin hotfix-rc) ]]; then
|
|
echo "hotfix_branch_exists=1" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "hotfix_branch_exists=0" >> $GITHUB_OUTPUT
|
|
fi
|
|
shell: bash
|
|
|
|
|
|
android:
|
|
name: Android
|
|
runs-on: windows-2022
|
|
if: github.repository == 'putting here a false condition so that this doesnt run while testing iOS CI'
|
|
needs: setup
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
variant: ['prod', 'qa']
|
|
steps:
|
|
- name: Setup NuGet
|
|
uses: nuget/setup-nuget@b2bc17b761a1d88cab755a776c7922eb26eefbfa # v1.0.6
|
|
with:
|
|
nuget-version: 5.9.0
|
|
|
|
- name: Set up MSBuild
|
|
uses: microsoft/setup-msbuild@ab534842b4bdf384b8aaf93765dc6f721d9f5fab
|
|
|
|
- name: Work Around for broken Windows 2022 Runner Image
|
|
run: |
|
|
Set-Location "C:\Program Files (x86)\Microsoft Visual Studio\Installer\"
|
|
$InstallPath = "C:\Program Files\Microsoft Visual Studio\2022\Enterprise"
|
|
$componentsToAdd = @(
|
|
"Component.Xamarin"
|
|
)
|
|
[string]$workloadArgs = $componentsToAdd | ForEach-Object {" --add " + $_}
|
|
$Arguments = ('/c', "vs_installer.exe", 'modify', '--installPath', "`"$InstallPath`"",$workloadArgs, '--quiet', '--norestart', '--nocache')
|
|
$process = Start-Process -FilePath cmd.exe -ArgumentList $Arguments -Wait -PassThru -WindowStyle Hidden
|
|
if ($process.ExitCode -eq 0)
|
|
{
|
|
Write-Host "components have been successfully added"
|
|
}
|
|
else
|
|
{
|
|
Write-Host "components were not installed"
|
|
exit 1
|
|
}
|
|
- name: Print environment
|
|
run: |
|
|
nuget help | grep Version
|
|
msbuild -version
|
|
dotnet --info
|
|
echo "GitHub ref: $GITHUB_REF"
|
|
echo "GitHub event: $GITHUB_EVENT"
|
|
|
|
- name: Checkout repo
|
|
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Decrypt secrets
|
|
env:
|
|
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
|
run: |
|
|
mkdir -p ~/secrets
|
|
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output ./src/Android/app_play-keystore.jks ./.github/secrets/app_play-keystore.jks.gpg
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output ./src/Android/app_upload-keystore.jks ./.github/secrets/app_upload-keystore.jks.gpg
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output $HOME/secrets/play_creds.json ./.github/secrets/play_creds.json.gpg
|
|
shell: bash
|
|
- name: Decrypt secrets - Google Services
|
|
if: ${{ matrix.variant == 'prod' }}
|
|
env:
|
|
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
|
run: |
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output ./src/Android/google-services.json ./.github/secrets/google-services.json.gpg
|
|
shell: bash
|
|
- name: Increment version
|
|
run: |
|
|
BUILD_NUMBER=$((3000 + $GITHUB_RUN_NUMBER))
|
|
|
|
echo "########################################"
|
|
echo "##### Setting Version Code $BUILD_NUMBER"
|
|
echo "########################################"
|
|
|
|
sed -i "s/android:versionCode=\"1\"/android:versionCode=\"$BUILD_NUMBER\"/" \
|
|
./src/Android/Properties/AndroidManifest.xml
|
|
shell: bash
|
|
|
|
- name: Restore packages
|
|
run: nuget restore
|
|
|
|
- name: Restore tools
|
|
run: dotnet tool restore
|
|
shell: pwsh
|
|
|
|
- name: Verify Format
|
|
run: dotnet tool run dotnet-format --check
|
|
shell: pwsh
|
|
|
|
- name: Run Core tests
|
|
run: dotnet test test/Core.Test/Core.Test.csproj
|
|
|
|
- name: Build Play Store publisher
|
|
if: ${{ matrix.variant == 'prod' }}
|
|
run: dotnet build ./store/google/Publisher/Publisher.csproj -p:Configuration=Release
|
|
|
|
- name: Setup Android build (${{ matrix.variant }})
|
|
run: dotnet cake build.cake --target Android --variant ${{ matrix.variant }}
|
|
|
|
- name: Build Android
|
|
run: |
|
|
$configuration = "Release";
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Build $configuration Configuration"
|
|
Write-Output "########################################"
|
|
msbuild "$($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj")" "/p:Configuration=$configuration"
|
|
|
|
shell: pwsh
|
|
|
|
- name: Sign Android Build
|
|
env:
|
|
PLAY_KEYSTORE_PASSWORD: ${{ secrets.PLAY_KEYSTORE_PASSWORD }}
|
|
UPLOAD_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_KEYSTORE_PASSWORD }}
|
|
run: |
|
|
$androidPath = $($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj");
|
|
$packageName = "com.x8bit.bitwarden";
|
|
|
|
if ("${{ matrix.variant }}" -ne "prod")
|
|
{
|
|
$packageName = "com.x8bit.bitwarden.${{ matrix.variant }}";
|
|
}
|
|
Write-Output "########################################"
|
|
Write-Output "##### Sign Google Play Bundle Release Configuration"
|
|
Write-Output "########################################"
|
|
|
|
msbuild "$($androidPath)" "/t:SignAndroidPackage" "/p:Configuration=Release" "/p:AndroidKeyStore=true" `
|
|
"/p:AndroidSigningKeyAlias=upload" "/p:AndroidSigningKeyPass=$($env:UPLOAD_KEYSTORE_PASSWORD)" `
|
|
"/p:AndroidSigningKeyStore=$("app_upload-keystore.jks")" `
|
|
"/p:AndroidSigningStorePass=$($env:UPLOAD_KEYSTORE_PASSWORD)" "/p:AndroidPackageFormat=aab" "/v:quiet"
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Copy Google Play Bundle to project root"
|
|
Write-Output "########################################"
|
|
|
|
$signedAabPath = $($env:GITHUB_WORKSPACE + "/src/Android/bin/Release/$($packageName)-Signed.aab");
|
|
$signedAabDestPath = $($env:GITHUB_WORKSPACE + "/$($packageName).aab");
|
|
Copy-Item $signedAabPath $signedAabDestPath
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Sign APK Release Configuration"
|
|
Write-Output "########################################"
|
|
|
|
msbuild "$($androidPath)" "/t:SignAndroidPackage" "/p:Configuration=Release" "/p:AndroidKeyStore=true" `
|
|
"/p:AndroidSigningKeyAlias=bitwarden" "/p:AndroidSigningKeyPass=$($env:PLAY_KEYSTORE_PASSWORD)" `
|
|
"/p:AndroidSigningKeyStore=$("app_play-keystore.jks")" `
|
|
"/p:AndroidSigningStorePass=$($env:PLAY_KEYSTORE_PASSWORD)" "/v:quiet"
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Copy Release APK to project root"
|
|
Write-Output "########################################"
|
|
|
|
$signedApkPath = $($env:GITHUB_WORKSPACE + "/src/Android/bin/Release/$($packageName)-Signed.apk");
|
|
$signedApkDestPath = $($env:GITHUB_WORKSPACE + "/$($packageName).apk");
|
|
|
|
Copy-Item $signedApkPath $signedApkDestPath
|
|
shell: pwsh
|
|
- name: Upload Prod .aab artifact
|
|
if: ${{ matrix.variant == 'prod' }}
|
|
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
|
|
with:
|
|
name: com.x8bit.bitwarden.aab
|
|
path: ./com.x8bit.bitwarden.aab
|
|
if-no-files-found: error
|
|
|
|
- name: Upload Prod .apk artifact
|
|
if: ${{ matrix.variant == 'prod' }}
|
|
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
|
|
with:
|
|
name: com.x8bit.bitwarden.apk
|
|
path: ./com.x8bit.bitwarden.apk
|
|
if-no-files-found: error
|
|
|
|
- name: Upload Other .apk artifact
|
|
if: ${{ matrix.variant != 'prod' }}
|
|
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
|
|
with:
|
|
name: com.x8bit.bitwarden.${{ matrix.variant }}.apk
|
|
path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk
|
|
if-no-files-found: error
|
|
|
|
- name: Deploy to Play Store
|
|
if: ${{ matrix.variant == 'prod' && (( github.ref == 'refs/heads/master'
|
|
&& needs.setup.outputs.rc_branch_exists == 0
|
|
&& needs.setup.outputs.hotfix_branch_exists == 0)
|
|
|| (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0)
|
|
|| github.ref == 'refs/heads/hotfix-rc' ) }}
|
|
run: |
|
|
PUBLISHER_PATH="$GITHUB_WORKSPACE/store/google/Publisher/bin/Release/netcoreapp3.1/Publisher.dll"
|
|
CREDS_PATH="$HOME/secrets/play_creds.json"
|
|
AAB_PATH="$GITHUB_WORKSPACE/com.x8bit.bitwarden.aab"
|
|
TRACK="internal"
|
|
|
|
dotnet $PUBLISHER_PATH $CREDS_PATH $AAB_PATH $TRACK
|
|
shell: bash
|
|
|
|
|
|
f-droid:
|
|
name: F-Droid Build
|
|
runs-on: windows-2022
|
|
if: github.repository == 'putting here a false condition so that this doesnt run while testing iOS CI'
|
|
steps:
|
|
- name: Setup NuGet
|
|
uses: nuget/setup-nuget@b2bc17b761a1d88cab755a776c7922eb26eefbfa # v1.0.6
|
|
with:
|
|
nuget-version: 5.9.0
|
|
|
|
- name: Set up MSBuild
|
|
uses: microsoft/setup-msbuild@ab534842b4bdf384b8aaf93765dc6f721d9f5fab
|
|
|
|
- name: Work Around for broken Windows 2022 Runner Image
|
|
run: |
|
|
Set-Location "C:\Program Files (x86)\Microsoft Visual Studio\Installer\"
|
|
$InstallPath = "C:\Program Files\Microsoft Visual Studio\2022\Enterprise"
|
|
$componentsToAdd = @(
|
|
"Component.Xamarin"
|
|
)
|
|
[string]$workloadArgs = $componentsToAdd | ForEach-Object {" --add " + $_}
|
|
$Arguments = ('/c', "vs_installer.exe", 'modify', '--installPath', "`"$InstallPath`"",$workloadArgs, '--quiet', '--norestart', '--nocache')
|
|
$process = Start-Process -FilePath cmd.exe -ArgumentList $Arguments -Wait -PassThru -WindowStyle Hidden
|
|
if ($process.ExitCode -eq 0)
|
|
{
|
|
Write-Host "components have been successfully added"
|
|
}
|
|
else
|
|
{
|
|
Write-Host "components were not installed"
|
|
exit 1
|
|
}
|
|
|
|
- name: Print environment
|
|
run: |
|
|
nuget help | grep Version
|
|
msbuild -version
|
|
dotnet --info
|
|
echo "GitHub ref: $GITHUB_REF"
|
|
echo "GitHub event: $GITHUB_EVENT"
|
|
|
|
- name: Checkout repo
|
|
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
|
|
|
|
- name: Decrypt secrets
|
|
env:
|
|
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
|
run: |
|
|
mkdir -p ~/secrets
|
|
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output ./src/Android/app_fdroid-keystore.jks ./.github/secrets/app_fdroid-keystore.jks.gpg
|
|
shell: bash
|
|
|
|
- name: Increment version
|
|
run: |
|
|
BUILD_NUMBER=$((3000 + $GITHUB_RUN_NUMBER))
|
|
|
|
echo "########################################"
|
|
echo "##### Setting Version Code $BUILD_NUMBER"
|
|
echo "########################################"
|
|
|
|
sed -i "s/android:versionCode=\"1\"/android:versionCode=\"$BUILD_NUMBER\"/" \
|
|
./src/Android/Properties/AndroidManifest.xml
|
|
shell: bash
|
|
|
|
- name: Clean for F-Droid
|
|
run: |
|
|
$androidPath = $($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj");
|
|
$appPath = $($env:GITHUB_WORKSPACE + "/src/App/App.csproj");
|
|
$corePath = $($env:GITHUB_WORKSPACE + "/src/Core/Core.csproj");
|
|
|
|
$androidManifest = $($env:GITHUB_WORKSPACE + "/src/Android/Properties/AndroidManifest.xml");
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Clean Android and App"
|
|
Write-Output "########################################"
|
|
|
|
msbuild "$($androidPath)" "/t:Clean" "/p:Configuration=FDroid"
|
|
msbuild "$($appPath)" "/t:Clean" "/p:Configuration=FDroid"
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Backup project files"
|
|
Write-Output "########################################"
|
|
|
|
Copy-Item $androidManifest $($androidManifest + ".original");
|
|
Copy-Item $androidPath $($androidPath + ".original");
|
|
Copy-Item $appPath $($appPath + ".original");
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Cleanup Android Manifest"
|
|
Write-Output "########################################"
|
|
|
|
$xml=New-Object XML;
|
|
$xml.Load($androidManifest);
|
|
|
|
$nsAndroid=New-Object System.Xml.XmlNamespaceManager($xml.NameTable);
|
|
$nsAndroid.AddNamespace("android", "http://schemas.android.com/apk/res/android");
|
|
|
|
$xml.Save($androidManifest);
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Uninstall from Android.csproj"
|
|
Write-Output "########################################"
|
|
|
|
$xml=New-Object XML;
|
|
$xml.Load($androidPath);
|
|
|
|
$ns=New-Object System.Xml.XmlNamespaceManager($xml.NameTable);
|
|
$ns.AddNamespace("ns", $xml.DocumentElement.NamespaceURI);
|
|
|
|
$firebaseNode=$xml.SelectSingleNode(`
|
|
"/ns:Project/ns:ItemGroup/ns:PackageReference[@Include='Xamarin.Firebase.Messaging']", $ns);
|
|
$firebaseNode.ParentNode.RemoveChild($firebaseNode);
|
|
|
|
$daggerNode=$xml.SelectSingleNode(`
|
|
"/ns:Project/ns:ItemGroup/ns:PackageReference[@Include='Xamarin.Google.Dagger']", $ns);
|
|
$daggerNode.ParentNode.RemoveChild($daggerNode);
|
|
|
|
$safetyNetNode=$xml.SelectSingleNode(`
|
|
"/ns:Project/ns:ItemGroup/ns:PackageReference[@Include='Xamarin.GooglePlayServices.SafetyNet']", $ns);
|
|
$safetyNetNode.ParentNode.RemoveChild($safetyNetNode);
|
|
|
|
$xml.Save($androidPath);
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Uninstall from Core.csproj"
|
|
Write-Output "########################################"
|
|
|
|
$xml=New-Object XML;
|
|
$xml.Load($corePath);
|
|
|
|
$appCenterNode=$xml.SelectSingleNode("/Project/ItemGroup/PackageReference[@Include='Microsoft.AppCenter.Crashes']");
|
|
$appCenterNode.ParentNode.RemoveChild($appCenterNode);
|
|
|
|
$xml.Save($corePath);
|
|
shell: pwsh
|
|
|
|
- name: Restore packages
|
|
run: nuget restore
|
|
|
|
- name: Build for F-Droid
|
|
run: |
|
|
$configuration = "FDroid";
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Build $configuration Configuration"
|
|
Write-Output "########################################"
|
|
|
|
msbuild "$($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj")" "/p:Configuration=$configuration"
|
|
shell: pwsh
|
|
|
|
- name: Sign for F-Droid
|
|
env:
|
|
FDROID_KEYSTORE_PASSWORD: ${{ secrets.FDROID_KEYSTORE_PASSWORD }}
|
|
run: |
|
|
Write-Output "########################################"
|
|
Write-Output "##### Sign FDroid Configuration"
|
|
Write-Output "########################################"
|
|
|
|
msbuild "$($env:GITHUB_WORKSPACE + "/src/Android/Android.csproj")" `
|
|
"/t:SignAndroidPackage" "/p:Configuration=FDroid" "/p:AndroidKeyStore=true" `
|
|
"/p:AndroidSigningKeyAlias=bitwarden" "/p:AndroidSigningKeyPass=$($env:FDROID_KEYSTORE_PASSWORD)" `
|
|
"/p:AndroidSigningKeyStore=$("app_fdroid-keystore.jks")" `
|
|
"/p:AndroidSigningStorePass=$($env:FDROID_KEYSTORE_PASSWORD)" "/v:quiet"
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Copy FDroid apk to project root"
|
|
Write-Output "########################################"
|
|
|
|
$signedApkPath = $($env:GITHUB_WORKSPACE + "/src/Android/bin/FDroid/com.x8bit.bitwarden-Signed.apk");
|
|
$signedApkDestPath = $($env:GITHUB_WORKSPACE + "/com.x8bit.bitwarden-fdroid.apk");
|
|
|
|
Copy-Item $signedApkPath $signedApkDestPath
|
|
shell: pwsh
|
|
|
|
- name: Upload F-Droid .apk artifact
|
|
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
|
|
with:
|
|
name: com.x8bit.bitwarden-fdroid.apk
|
|
path: ./com.x8bit.bitwarden-fdroid.apk
|
|
if-no-files-found: error
|
|
|
|
|
|
ios:
|
|
name: Apple iOS
|
|
runs-on: macos-11
|
|
needs: setup
|
|
steps:
|
|
- name: Setup NuGet
|
|
uses: nuget/setup-nuget@b2bc17b761a1d88cab755a776c7922eb26eefbfa # v1.0.6
|
|
with:
|
|
nuget-version: 5.9.0
|
|
|
|
- name: Print environment
|
|
run: |
|
|
nuget help | grep Version
|
|
msbuild -version
|
|
dotnet --info
|
|
echo "GitHub ref: $GITHUB_REF"
|
|
echo "GitHub event: $GITHUB_EVENT"
|
|
|
|
- name: Checkout repo
|
|
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
|
|
|
|
- name: Login to Azure - Prod Subscription
|
|
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
env:
|
|
KEYVAULT: bitwarden-prod-kv
|
|
SECRETS: |
|
|
appcenter-ios-token
|
|
run: |
|
|
for i in ${SECRETS//,/ }
|
|
do
|
|
VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
|
|
echo "::add-mask::$VALUE"
|
|
echo "$i=$VALUE" >> $GITHUB_OUTPUT
|
|
done
|
|
|
|
- name: Decrypt secrets
|
|
env:
|
|
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
|
|
run: |
|
|
mkdir -p ~/secrets
|
|
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output $HOME/secrets/bitwarden-mobile-key.p12 ./.github/secrets/bitwarden-mobile-key.p12.gpg
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output $HOME/secrets/iphone-distribution-cert.p12 ./.github/secrets/iphone-distribution-cert.p12.gpg
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output $HOME/secrets/dist_autofill.mobileprovision ./.github/secrets/dist_autofill.mobileprovision.gpg
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output $HOME/secrets/dist_bitwarden.mobileprovision ./.github/secrets/dist_bitwarden.mobileprovision.gpg
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output $HOME/secrets/dist_extension.mobileprovision ./.github/secrets/dist_extension.mobileprovision.gpg
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output $HOME/secrets/dist_share_extension.mobileprovision \
|
|
./.github/secrets/dist_share_extension.mobileprovision.gpg
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output $HOME/secrets/dist_watch_app.mobileprovision \
|
|
./.github/secrets/dist_watch_app.mobileprovision.gpg
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
|
|
--output $HOME/secrets/dist_watch_app_extension.mobileprovision \
|
|
./.github/secrets/dist_watch_app_extension.mobileprovision.gpg
|
|
shell: bash
|
|
|
|
- name: Increment version
|
|
run: |
|
|
BUILD_NUMBER=$((100 + $GITHUB_RUN_NUMBER))
|
|
|
|
echo "########################################"
|
|
echo "##### Setting CFBundleVersion $BUILD_NUMBER"
|
|
echo "########################################"
|
|
|
|
perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS/Info.plist
|
|
perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Extension/Info.plist
|
|
perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Autofill/Info.plist
|
|
perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.ShareExtension/Info.plist
|
|
cd src/watchOS/bitwarden
|
|
agvtool new-version -all $BUILD_NUMBER
|
|
cd ../../..
|
|
shell: bash
|
|
|
|
- name: Update Entitlements
|
|
run: |
|
|
echo "########################################"
|
|
echo "##### Updating Entitlements"
|
|
echo "########################################"
|
|
|
|
perl -0777 -pi.bak -e 's/<key>aps-environment<\/key>\s*<string>development<\/string>/<key>aps-environment<\/key>\n\t<string>production<\/string>/' ./src/iOS/Entitlements.plist
|
|
shell: bash
|
|
|
|
- name: Set up Keychain
|
|
env:
|
|
KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }}
|
|
MOBILE_KEY_PASSWORD: ${{ secrets.IOS_KEY_PASSWORD }}
|
|
DIST_CERT_PASSWORD: ${{ secrets.IOS_DIST_CERT_PASSWORD }}
|
|
run: |
|
|
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
|
security default-keychain -s build.keychain
|
|
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
|
|
security set-keychain-settings -lut 1200 build.keychain
|
|
security import ~/secrets/bitwarden-mobile-key.p12 -k build.keychain -P $MOBILE_KEY_PASSWORD \
|
|
-T /usr/bin/codesign -T /usr/bin/security
|
|
security import ~/secrets/iphone-distribution-cert.p12 -k build.keychain -P $DIST_CERT_PASSWORD \
|
|
-T /usr/bin/codesign -T /usr/bin/security
|
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
|
|
shell: bash
|
|
|
|
- name: Set up provisioning profiles
|
|
run: |
|
|
AUTOFILL_PROFILE_PATH=$HOME/secrets/dist_autofill.mobileprovision
|
|
BITWARDEN_PROFILE_PATH=$HOME/secrets/dist_bitwarden.mobileprovision
|
|
EXTENSION_PROFILE_PATH=$HOME/secrets/dist_extension.mobileprovision
|
|
SHARE_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_share_extension.mobileprovision
|
|
WATCH_APP_PROFILE_PATH=$HOME/secrets/dist_watch_app.mobileprovision
|
|
WATCH_APP_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_watch_app_extension.mobileprovision
|
|
PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles
|
|
|
|
mkdir -p "$PROFILES_DIR_PATH"
|
|
|
|
AUTOFILL_UUID=$(grep UUID -A1 -a $AUTOFILL_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
|
|
cp $AUTOFILL_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTOFILL_UUID.mobileprovision"
|
|
|
|
BITWARDEN_UUID=$(grep UUID -A1 -a $BITWARDEN_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
|
|
cp $BITWARDEN_PROFILE_PATH "$PROFILES_DIR_PATH/$BITWARDEN_UUID.mobileprovision"
|
|
|
|
EXTENSION_UUID=$(grep UUID -A1 -a $EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
|
|
cp $EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$EXTENSION_UUID.mobileprovision"
|
|
|
|
SHARE_EXTENSION_UUID=$(grep UUID -A1 -a $SHARE_EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
|
|
cp $SHARE_EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$SHARE_EXTENSION_UUID.mobileprovision"
|
|
|
|
WATCH_APP_UUID=$(grep UUID -A1 -a $WATCH_APP_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
|
|
cp $WATCH_APP_PROFILE_PATH "$PROFILES_DIR_PATH/$WATCH_APP_UUID.mobileprovision"
|
|
|
|
WATCH_APP_EXTENSION_UUID=$(grep UUID -A1 -a $WATCH_APP_EXTENSION_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
|
|
cp $WATCH_APP_EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$WATCH_APP_EXTENSION_UUID.mobileprovision"
|
|
shell: bash
|
|
|
|
- name: Bulid WatchApp
|
|
run: |
|
|
echo "########################################"
|
|
echo "##### Build WatchApp with Release Configuration"
|
|
echo "########################################"
|
|
|
|
xcodebuild archive -workspace ./src/watchOS/bitwarden/bitwarden.xcodeproj/project.xcworkspace -configuration Release -scheme bitwarden\ WatchKit\ App -archivePath ./src/watchOS/bitwarden
|
|
|
|
echo "########################################"
|
|
echo "##### Done"
|
|
echo "########################################"
|
|
cd src/watchOS
|
|
ls -R
|
|
cd ../..
|
|
shell: bash
|
|
|
|
- name: Restore packages
|
|
run: nuget restore
|
|
|
|
- name: Archive Build for App Store
|
|
run: |
|
|
$configuration = "AppStore";
|
|
$platform = "iPhone";
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Archive $configuration Configuration for $platform Platform"
|
|
Write-Output "########################################"
|
|
msbuild "$($env:GITHUB_WORKSPACE + "/src/iOS/iOS.csproj")" "/p:Platform=$platform" `
|
|
"/p:Configuration=$configuration" "/p:ArchiveOnBuild=true" "/t:`"Build`""
|
|
|
|
Write-Output "########################################"
|
|
Write-Output "##### Done"
|
|
Write-Output "########################################"
|
|
ls ~/Library/Developer/Xcode/Archives
|
|
shell: pwsh
|
|
|
|
- name: Export .ipa for App Store
|
|
run: |
|
|
EXPORT_OPTIONS_PATH="./.github/resources/export-options-app-store.plist"
|
|
ARCHIVE_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive"
|
|
EXPORT_PATH="./bitwarden-export"
|
|
|
|
xcodebuild -exportArchive -archivePath $ARCHIVE_PATH -exportPath $EXPORT_PATH \
|
|
-exportOptionsPlist $EXPORT_OPTIONS_PATH
|
|
shell: bash
|
|
|
|
- name: Copy all dSYMs files to upload
|
|
run: |
|
|
ARCHIVE_DSYMS_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive/dSYMs"
|
|
EXPORT_PATH="./bitwarden-export"
|
|
|
|
cp -r $ARCHIVE_DSYMS_PATH $EXPORT_PATH
|
|
shell: bash
|
|
|
|
- name: Upload App Store .ipa & dSYMs artifacts
|
|
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
|
|
with:
|
|
name: Bitwarden iOS
|
|
path: |
|
|
./bitwarden-export/Bitwarden.ipa
|
|
./bitwarden-export/dSYMs/*.*
|
|
if-no-files-found: error
|
|
|
|
- name: Install AppCenter CLI
|
|
if: |
|
|
(github.ref == 'refs/heads/master'
|
|
&& needs.setup.outputs.rc_branch_exists == 0
|
|
&& needs.setup.outputs.hotfix_branch_exists == 0)
|
|
|| (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0)
|
|
|| github.ref == 'refs/heads/hotfix-rc'
|
|
run: npm install -g appcenter-cli
|
|
|
|
- name: Upload dSYMs to App Center
|
|
if: |
|
|
(github.ref == 'refs/heads/master'
|
|
&& needs.setup.outputs.rc_branch_exists == 0
|
|
&& needs.setup.outputs.hotfix_branch_exists == 0)
|
|
|| (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0)
|
|
|| github.ref == 'refs/heads/hotfix-rc'
|
|
env:
|
|
APPCENTER_IOS_TOKEN: ${{ steps.retrieve-secrets.outputs.appcenter-ios-token }}
|
|
run: appcenter crashes upload-symbols -a bitwarden/bitwarden -s "./bitwarden-export/dSYMs" --token $APPCENTER_IOS_TOKEN
|
|
shell: bash
|
|
|
|
- name: Deploy to App Store
|
|
if: |
|
|
(github.ref == 'refs/heads/master'
|
|
&& needs.setup.outputs.rc_branch_exists == 0
|
|
&& needs.setup.outputs.hotfix_branch_exists == 0)
|
|
|| (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0)
|
|
|| github.ref == 'refs/heads/hotfix-rc'
|
|
env:
|
|
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
|
|
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
|
|
run: |
|
|
xcrun altool --upload-app --type ios --file "./bitwarden-export/Bitwarden.ipa" \
|
|
--username "$APPLE_ID_USERNAME" --password "$APPLE_ID_PASSWORD"
|
|
shell: bash
|
|
|
|
|
|
crowdin-push:
|
|
name: Crowdin Push
|
|
if: github.ref == 'refs/heads/master'
|
|
needs:
|
|
- android
|
|
- f-droid
|
|
- ios
|
|
runs-on: ubuntu-20.04
|
|
env:
|
|
_CROWDIN_PROJECT_ID: "269690"
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
env:
|
|
KEYVAULT: bitwarden-prod-kv
|
|
SECRETS: |
|
|
crowdin-api-token
|
|
run: |
|
|
for i in ${SECRETS//,/ }
|
|
do
|
|
VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
|
|
echo "::add-mask::$VALUE"
|
|
echo "$i=$VALUE" >> $GITHUB_OUTPUT
|
|
done
|
|
|
|
- name: Upload Sources
|
|
uses: crowdin/github-action@9237b4cb361788dfce63feb2e2f15c09e2fe7415
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
|
|
with:
|
|
config: crowdin.yml
|
|
crowdin_branch_name: master
|
|
upload_sources: true
|
|
upload_translations: false
|
|
|
|
|
|
check-failures:
|
|
name: Check for failures
|
|
if: always()
|
|
runs-on: ubuntu-20.04
|
|
needs:
|
|
- cloc
|
|
- android
|
|
- f-droid
|
|
- ios
|
|
- crowdin-push
|
|
steps:
|
|
- name: Check if any job failed
|
|
if: |
|
|
(github.ref == 'refs/heads/master')
|
|
|| (github.ref == 'refs/heads/rc')
|
|
|| (github.ref == 'refs/heads/hotfix-rc')
|
|
env:
|
|
CLOC_STATUS: ${{ needs.cloc.result }}
|
|
ANDROID_STATUS: ${{ needs.android.result }}
|
|
F_DROID_STATUS: ${{ needs.f-droid.result }}
|
|
IOS_STATUS: ${{ needs.ios.result }}
|
|
CROWDIN_PUSH_STATUS: ${{ needs.crowdin-push.result }}
|
|
run: |
|
|
if [ "$CLOC_STATUS" = "failure" ]; then
|
|
exit 1
|
|
elif [ "$ANDROID_STATUS" = "failure" ]; then
|
|
exit 1
|
|
elif [ "$F_DROID_STATUS" = "failure" ]; then
|
|
exit 1
|
|
elif [ "$IOS_STATUS" = "failure" ]; then
|
|
exit 1
|
|
elif [ "$CROWDIN_PUSH_STATUS" = "failure" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
- name: Login to Azure - Prod Subscription
|
|
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
|
|
if: failure()
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
if: failure()
|
|
env:
|
|
KEYVAULT: bitwarden-prod-kv
|
|
SECRETS: |
|
|
devops-alerts-slack-webhook-url
|
|
run: |
|
|
for i in ${SECRETS//,/ }
|
|
do
|
|
VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
|
|
echo "::add-mask::$VALUE"
|
|
echo "$i=$VALUE" >> $GITHUB_OUTPUT
|
|
done
|
|
|
|
- name: Notify Slack on failure
|
|
uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33
|
|
if: failure()
|
|
env:
|
|
SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
|
|
with:
|
|
status: ${{ job.status }}
|