mirror of
https://github.com/dani-garcia/bw_web_builds.git
synced 2024-10-31 06:44:47 +03:00
commit
3458b5f874
47 changed files with 326 additions and 58 deletions
|
@ -1,6 +1,7 @@
|
||||||
# Local build artifacts
|
# Local build artifacts
|
||||||
builds
|
builds
|
||||||
docker_builds
|
docker_builds
|
||||||
|
container_builds
|
||||||
web-vault
|
web-vault
|
||||||
|
|
||||||
# Documentation
|
# Documentation
|
||||||
|
@ -8,6 +9,13 @@ web-vault
|
||||||
*.txt
|
*.txt
|
||||||
|
|
||||||
# Other
|
# Other
|
||||||
|
.env
|
||||||
.github
|
.github
|
||||||
Makefile
|
Makefile
|
||||||
.vscode
|
.vscode
|
||||||
|
|
||||||
|
# Release files
|
||||||
|
*.tar.gz
|
||||||
|
*.tar.gz.asc
|
||||||
|
*.tar.gz.text
|
||||||
|
sha256sums.txt
|
||||||
|
|
15
.env.template
Normal file
15
.env.template
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# shellcheck disable=SC2034,SC2148
|
||||||
|
# ###
|
||||||
|
# Do not use quotes for these variables!
|
||||||
|
# ###
|
||||||
|
|
||||||
|
# To use either docker or podman
|
||||||
|
# The default is docker
|
||||||
|
# CONTAINER_CMD=docker
|
||||||
|
|
||||||
|
# This is only used for the gh-release command
|
||||||
|
# Which Key or User to use to signing the web-vault tar.gz file
|
||||||
|
# GPG_SIGNING_USER=user@domain.tld
|
||||||
|
# GPG_SIGNING_USER=MY_LONG_UNIQUE_GPG_KEY_IDENTIFIER
|
||||||
|
|
||||||
|
# vim: syntax=ini
|
10
.github/workflows/release.yml
vendored
10
.github/workflows/release.yml
vendored
|
@ -9,6 +9,8 @@ jobs:
|
||||||
docker-build:
|
docker-build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
env:
|
env:
|
||||||
|
# Force docker to output the progress in plain
|
||||||
|
BUILDKIT_PROGRESS: plain
|
||||||
# vars.DOCKERHUB_REPO needs to be '<user>/<repo>', for example 'vaultwarden/web-vault'
|
# vars.DOCKERHUB_REPO needs to be '<user>/<repo>', for example 'vaultwarden/web-vault'
|
||||||
# Check for Docker hub credentials in secrets
|
# Check for Docker hub credentials in secrets
|
||||||
HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
|
HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
|
||||||
|
@ -17,7 +19,7 @@ jobs:
|
||||||
HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }}
|
HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||||
|
|
||||||
# Determine Docker Tag
|
# Determine Docker Tag
|
||||||
- name: Init Variables
|
- name: Init Variables
|
||||||
|
@ -32,7 +34,7 @@ jobs:
|
||||||
|
|
||||||
# Login to Docker Hub
|
# Login to Docker Hub
|
||||||
- name: Login to Docker Hub
|
- name: Login to Docker Hub
|
||||||
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
|
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
@ -47,7 +49,7 @@ jobs:
|
||||||
|
|
||||||
# Login to GitHub Container Registry
|
# Login to GitHub Container Registry
|
||||||
- name: Login to GitHub Container Registry
|
- name: Login to GitHub Container Registry
|
||||||
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
|
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.repository_owner }}
|
username: ${{ github.repository_owner }}
|
||||||
|
@ -62,7 +64,7 @@ jobs:
|
||||||
| tee -a "${GITHUB_ENV}"
|
| tee -a "${GITHUB_ENV}"
|
||||||
|
|
||||||
- name: Build and push
|
- name: Build and push
|
||||||
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
|
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
push: true
|
push: true
|
||||||
|
|
9
.gitignore
vendored
9
.gitignore
vendored
|
@ -1,6 +1,15 @@
|
||||||
|
# Local build artifacts
|
||||||
builds/
|
builds/
|
||||||
docker_builds/
|
docker_builds/
|
||||||
|
container_builds/
|
||||||
web-vault/
|
web-vault/
|
||||||
|
|
||||||
|
# Other
|
||||||
|
.env
|
||||||
|
.vscode
|
||||||
|
|
||||||
|
# Release files
|
||||||
*.tar.gz
|
*.tar.gz
|
||||||
|
*.tar.gz.asc
|
||||||
*.tar.gz.text
|
*.tar.gz.text
|
||||||
|
sha256sums.txt
|
||||||
|
|
29
Dockerfile
29
Dockerfile
|
@ -1,21 +1,19 @@
|
||||||
# Compile the web vault using docker
|
# Compile the web vault using docker
|
||||||
# Usage:
|
# Usage:
|
||||||
# Quick and easy:
|
# Quick and easy:
|
||||||
# `make docker-extract`
|
# `make container-extract`
|
||||||
# or, if you just want to build
|
# or, if you just want to build
|
||||||
# `make docker`
|
# `make container`
|
||||||
|
# The default is to use `docker` you can also configure `podman` via a `.env` file
|
||||||
|
# See the `.env.template` file for more details
|
||||||
#
|
#
|
||||||
# docker build -t web_vault_build .
|
# docker build -t web_vault_build .
|
||||||
# image_id=$(docker create web_vault_build)
|
# docker create --name bw_web_vault_extract web_vault_build
|
||||||
# docker cp $image_id:/bw_web_vault.tar.gz .
|
# docker cp bw_web_vault_extract:/bw_web_vault.tar.gz .
|
||||||
# docker rm $image_id
|
# docker rm bw_web_vault_extract
|
||||||
#
|
#
|
||||||
# Note: you can use --build-arg to specify the version to build:
|
# Note: you can use --build-arg to specify the version to build:
|
||||||
# docker build -t web_vault_build --build-arg VAULT_VERSION=master .
|
# docker build -t web_vault_build --build-arg VAULT_VERSION=main .
|
||||||
|
|
||||||
# image_id=$(docker create bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c)
|
|
||||||
# docker cp $image_id:/bw_web_vault.tar.gz .
|
|
||||||
# docker rm $image_id
|
|
||||||
|
|
||||||
FROM node:18-bookworm as build
|
FROM node:18-bookworm as build
|
||||||
RUN node --version && npm --version
|
RUN node --version && npm --version
|
||||||
|
@ -32,10 +30,10 @@ USER node
|
||||||
ARG VAULT_VERSION=8d90085607341deab976952bce8d8937cf3eefb1
|
ARG VAULT_VERSION=8d90085607341deab976952bce8d8937cf3eefb1
|
||||||
|
|
||||||
WORKDIR /vault
|
WORKDIR /vault
|
||||||
RUN git init
|
RUN git -c init.defaultBranch=main init && \
|
||||||
RUN git remote add origin https://github.com/bitwarden/clients.git
|
git remote add origin https://github.com/bitwarden/clients.git && \
|
||||||
RUN git fetch --depth 1 origin "${VAULT_VERSION}"
|
git fetch --depth 1 origin "${VAULT_VERSION}" && \
|
||||||
RUN git -c advice.detachedHead=false checkout FETCH_HEAD
|
git -c advice.detachedHead=false checkout FETCH_HEAD
|
||||||
|
|
||||||
COPY --chown=node:node patches /patches
|
COPY --chown=node:node patches /patches
|
||||||
COPY --chown=node:node resources /resources
|
COPY --chown=node:node resources /resources
|
||||||
|
@ -62,6 +60,9 @@ RUN printf '{"version":"%s"}' \
|
||||||
RUN mv build web-vault
|
RUN mv build web-vault
|
||||||
RUN tar -czvf "bw_web_vault.tar.gz" web-vault --owner=0 --group=0
|
RUN tar -czvf "bw_web_vault.tar.gz" web-vault --owner=0 --group=0
|
||||||
|
|
||||||
|
# Output the sha256sum here so people are able to match the sha256sum from the CI with the assets and the downloaded version if needed
|
||||||
|
RUN echo "sha256sum: $(sha256sum "bw_web_vault.tar.gz")"
|
||||||
|
|
||||||
# We copy the final result as a separate empty image so there's no need to download all the intermediate steps
|
# We copy the final result as a separate empty image so there's no need to download all the intermediate steps
|
||||||
# The result is included both uncompressed and as a tar.gz, to be able to use it in the docker images and the github releases directly
|
# The result is included both uncompressed and as a tar.gz, to be able to use it in the docker images and the github releases directly
|
||||||
FROM scratch
|
FROM scratch
|
||||||
|
|
79
Makefile
79
Makefile
|
@ -5,13 +5,35 @@ SHELL := bash
|
||||||
|
|
||||||
help:
|
help:
|
||||||
@echo "Use either: clean, checkout, patch-web-vault, generate-patch, build, tar, or full"
|
@echo "Use either: clean, checkout, patch-web-vault, generate-patch, build, tar, or full"
|
||||||
@echo "Or for docker builds use: docker or docker-extract"
|
@echo "Or for container builds use: container or container-extract"
|
||||||
|
@echo
|
||||||
|
@echo "By default docker is used, you can force podman by using podman or podman-extract"
|
||||||
|
@echo "You can also define the default via a '.env' file, see the '.env.template' for details"
|
||||||
|
@echo
|
||||||
|
@echo "For releasing a new version you can use gh-prepare and gh-release"
|
||||||
|
@echo
|
||||||
.PHONY: help
|
.PHONY: help
|
||||||
|
|
||||||
|
# Load .env variables if the file exists
|
||||||
|
ifneq (,$(wildcard ./.env))
|
||||||
|
include .env
|
||||||
|
export
|
||||||
|
endif
|
||||||
|
|
||||||
|
# Force docker to output the progress in plain
|
||||||
|
BUILDKIT_PROGRESS=plain
|
||||||
|
|
||||||
|
ifndef CONTAINER_CMD
|
||||||
|
CONTAINER_CMD = docker
|
||||||
|
endif
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -rvf "./web-vault"
|
rm -rvf ./web-vault
|
||||||
rm -rvf "./builds"
|
rm -rvf ./builds
|
||||||
rm -rvf "./docker_builds"
|
rm -rvf ./docker_builds
|
||||||
|
rm -rvf ./container_builds
|
||||||
|
rm -vf ./bw_web_v*.tar.gz*
|
||||||
|
rm -vf sha256sums.txt
|
||||||
.PHONY: clean
|
.PHONY: clean
|
||||||
|
|
||||||
checkout:
|
checkout:
|
||||||
|
@ -37,16 +59,45 @@ tar:
|
||||||
full: checkout patch-web-vault build tar
|
full: checkout patch-web-vault build tar
|
||||||
.PHONY: full
|
.PHONY: full
|
||||||
|
|
||||||
docker:
|
container:
|
||||||
docker build -t bw_web_vault .
|
${CONTAINER_CMD} build -t bw_web_vault .
|
||||||
|
.PHONY: container
|
||||||
|
|
||||||
|
container-extract: container
|
||||||
|
@${CONTAINER_CMD} rm bw_web_vault_extract 2>/dev/null || true
|
||||||
|
@${CONTAINER_CMD} create --name bw_web_vault_extract bw_web_vault
|
||||||
|
@mkdir -vp container_builds
|
||||||
|
@rm -rf ./container_builds/bw_web_vault.tar.gz ./container_builds/web-vault
|
||||||
|
@${CONTAINER_CMD} cp bw_web_vault_extract:/bw_web_vault.tar.gz ./container_builds/bw_web_vault.tar.gz
|
||||||
|
@${CONTAINER_CMD} cp bw_web_vault_extract:/web-vault ./container_builds/web-vault
|
||||||
|
@${CONTAINER_CMD} rm bw_web_vault_extract || true
|
||||||
|
.PHONY: container-extract
|
||||||
|
|
||||||
|
# Alias for container forcing docker
|
||||||
|
docker: CONTAINER_CMD := docker
|
||||||
|
docker: container
|
||||||
.PHONY: docker
|
.PHONY: docker
|
||||||
|
|
||||||
docker-extract: docker
|
# Alias for container forcing docker
|
||||||
@docker rm bw_web_vault_extract || true
|
docker-extract: CONTAINER_CMD := docker
|
||||||
@docker create --name bw_web_vault_extract bw_web_vault
|
docker-extract: container-extract
|
||||||
@mkdir -vp docker_builds
|
|
||||||
@rm -rf ./docker_builds/bw_web_vault.tar.gz ./docker_builds/web-vault
|
|
||||||
@docker cp bw_web_vault_extract:/bw_web_vault.tar.gz ./docker_builds/bw_web_vault.tar.gz
|
|
||||||
@docker cp bw_web_vault_extract:/web-vault ./docker_builds/web-vault
|
|
||||||
@docker rm bw_web_vault_extract || true
|
|
||||||
.PHONY: docker-extract
|
.PHONY: docker-extract
|
||||||
|
|
||||||
|
# Alias for container forcing podman
|
||||||
|
podman: CONTAINER_CMD := podman
|
||||||
|
podman: container
|
||||||
|
.PHONY: podman
|
||||||
|
|
||||||
|
# Alias for container forcing podman
|
||||||
|
podman-extract: CONTAINER_CMD := podman
|
||||||
|
podman-extract: container-extract
|
||||||
|
.PHONY: podman-extract
|
||||||
|
|
||||||
|
# This part is used for extracing and release a new version on Github
|
||||||
|
gh-prepare:
|
||||||
|
./scripts/gh_prepare.sh
|
||||||
|
.PHONY: gh-prepare
|
||||||
|
|
||||||
|
gh-release:
|
||||||
|
./scripts/gh_release.sh
|
||||||
|
.PHONY: gh-release
|
||||||
|
|
35
README.md
35
README.md
|
@ -13,16 +13,14 @@
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
This is a repository to store the builds of the [Bitwarden web vault](https://github.com/bitwarden/clients/tree/master/apps/web) with the patches to make it work with [vaultwarden](https://github.com/dani-garcia/vaultwarden)
|
This is a repository to store the builds of the [Bitwarden web vault](https://github.com/bitwarden/clients/tree/main/apps/web) with the patches to make it work with [Vaultwarden](https://github.com/dani-garcia/vaultwarden)
|
||||||
|
|
||||||
To create a patch you need to modify the original sources from [Bitwarden web vault](https://github.com/bitwarden/clients/tree/master/apps/web) and execute:
|
To create a patch you need to modify the original sources from [Bitwarden web vault](https://github.com/bitwarden/clients/tree/main/apps/web) and execute:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
git --no-pager diff --submodule=diff --no-color --minimal
|
git --no-pager diff --submodule=diff --no-color --minimal
|
||||||
```
|
```
|
||||||
|
|
||||||
This is needed because there are patches within the jslib submodule which with a default `git diff` are not shown.
|
|
||||||
|
|
||||||
## Building the web-vault
|
## Building the web-vault
|
||||||
To build the web-vault you need either node and npm installed or use Docker.
|
To build the web-vault you need either node and npm installed or use Docker.
|
||||||
|
|
||||||
|
@ -34,13 +32,30 @@ make full
|
||||||
|
|
||||||
That will generate a `tar.gz` file within the `builds` directory which you can extract and use with the `WEB_VAULT_FOLDER` environment variable.
|
That will generate a `tar.gz` file within the `builds` directory which you can extract and use with the `WEB_VAULT_FOLDER` environment variable.
|
||||||
|
|
||||||
### Using Docker
|
### Using a container
|
||||||
Or via the usage of Docker:
|
Or via the usage of building via a container:
|
||||||
```bash
|
```bash
|
||||||
make docker-extract
|
make container-extract
|
||||||
|
```
|
||||||
|
|
||||||
|
That will extract the `tar.gz` and files generated via Docker into the `container_builds` directory.
|
||||||
|
|
||||||
|
#### Which container command to use, docker or podman
|
||||||
|
The default is to use `docker`, but `podman` works too.
|
||||||
|
|
||||||
|
You can force them by replacing `container` with either `docker` or `podman`, like:
|
||||||
|
```bash
|
||||||
|
make docker-extract
|
||||||
|
# Or
|
||||||
|
make podman-extract
|
||||||
|
```
|
||||||
|
|
||||||
|
You can configure the default via a `.env` file. See the `.env.template`.<br>
|
||||||
|
Or you can set it as a make argument with the make command:
|
||||||
|
```bash
|
||||||
|
make CONTAINER_CMD=podman container-extract
|
||||||
```
|
```
|
||||||
|
|
||||||
That will extract the `tar.gz` and files generated via Docker into the `docker_builds` directory.
|
|
||||||
|
|
||||||
### More information
|
### More information
|
||||||
For more information see: [Install the web-vault](https://github.com/dani-garcia/vaultwarden/wiki/Building-binary#install-the-web-vault)
|
For more information see: [Install the web-vault](https://github.com/dani-garcia/vaultwarden/wiki/Building-binary#install-the-web-vault)
|
||||||
|
@ -51,8 +66,8 @@ The builds are available in the [releases page](https://github.com/dani-garcia/b
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
## Get in touch
|
## Get in touch
|
||||||
To ask a question, offer suggestions or new features or to get help configuring or installing the software, please [use the forum](https://vaultwarden.discourse.group/).
|
If you spot any bugs or crashes with Vaultwarden itself, please [create an issue here](https://github.com/dani-garcia/vaultwarden/issues/). Make sure there aren't any similar issues open, though!
|
||||||
|
|
||||||
If you spot any bugs or crashes with vaultwarden itself, please [create an issue](https://github.com/dani-garcia/vaultwarden/issues/). Make sure there aren't any similar issues open, though!
|
To ask a question, offer suggestions or new features or to get help configuring or installing the software, please use either [GitHub Discussions](https://github.com/dani-garcia/vaultwarden/discussions) or [the forum](https://vaultwarden.discourse.group/).
|
||||||
|
|
||||||
If you prefer to chat, we're usually hanging around at [#vaultwarden:matrix.org](https://matrix.to/#/#vaultwarden:matrix.org) room on Matrix. Feel free to join us!
|
If you prefer to chat, we're usually hanging around at [#vaultwarden:matrix.org](https://matrix.to/#/#vaultwarden:matrix.org) room on Matrix. Feel free to join us!
|
||||||
|
|
|
@ -12,5 +12,7 @@ function get_web_vault_version {
|
||||||
if [[ -z "${VAULT_VERSION}" ]]; then
|
if [[ -z "${VAULT_VERSION}" ]]; then
|
||||||
VAULT_VERSION=$(git rev-parse HEAD)
|
VAULT_VERSION=$(git rev-parse HEAD)
|
||||||
fi
|
fi
|
||||||
echo "${VAULT_VERSION#web-}"
|
# Remove everything up to the first occurrence of "-"
|
||||||
|
# The extracted tag could start with either `web-`, `desktop-`, `cli-` or `browser-`
|
||||||
|
echo "${VAULT_VERSION#*-}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,13 +7,25 @@ if [[ -z ${PATCH_NAME} ]]; then
|
||||||
if [ -f "../patches/${VAULT_VERSION}.patch" ]; then
|
if [ -f "../patches/${VAULT_VERSION}.patch" ]; then
|
||||||
echo "Exact patch file found, using that"
|
echo "Exact patch file found, using that"
|
||||||
PATCH_NAME="${VAULT_VERSION}.patch"
|
PATCH_NAME="${VAULT_VERSION}.patch"
|
||||||
|
elif [ -f "../patches/legacy/${VAULT_VERSION}.patch" ]; then
|
||||||
|
echo "Exact legacy patch file found, using that"
|
||||||
|
echo "NOTE: This is a Legacy patch file for an older web-vault version!"
|
||||||
|
# Sleep 10 seconds so this note might be noticed a bit better
|
||||||
|
sleep 10
|
||||||
|
PATCH_NAME="legacy/${VAULT_VERSION}.patch"
|
||||||
else
|
else
|
||||||
echo "Patch file not found, using latest"
|
echo "No exact patch file not found, using latest"
|
||||||
# If not, use the latest one
|
# If not, use the latest one
|
||||||
PATCH_NAME="$(find ../patches -type f -print0 | xargs -0 basename -a | sort -V | tail -n1)"
|
PATCH_NAME="$(find ../patches -type f -print0 | xargs -0 basename -a | sort -V | tail -n1)"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Final check if the patch file exists, if not, exit
|
||||||
|
if [[ ! -f "../patches/${PATCH_NAME}" ]]; then
|
||||||
|
echo "Patch file '${PATCH_NAME}' not found in the patches directory!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Patching images"
|
echo "Patching images"
|
||||||
cp -vfR ../resources/src/* ./apps/web/src/
|
cp -vfR ../resources/src/* ./apps/web/src/
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ trap 'handle_error $LINENO $?' ERR
|
||||||
# Ask for ref if not provided
|
# Ask for ref if not provided
|
||||||
if [[ -z "$VAULT_VERSION" ]]; then
|
if [[ -z "$VAULT_VERSION" ]]; then
|
||||||
read -rp "Input a git ref (commit hash, branch name, tag name, 'main'): " input
|
read -rp "Input a git ref (commit hash, branch name, tag name, 'main'): " input
|
||||||
VAULT_VERSION="${input}"
|
VAULT_VERSION="${input:-main}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check the format of the provided vault version
|
# Check the format of the provided vault version
|
||||||
|
@ -29,27 +29,28 @@ fi
|
||||||
echo "Using: '${VAULT_VERSION}' to checkout bitwarden/client."
|
echo "Using: '${VAULT_VERSION}' to checkout bitwarden/client."
|
||||||
|
|
||||||
if [ ! -d "${VAULT_FOLDER}" ]; then
|
if [ ! -d "${VAULT_FOLDER}" ]; then
|
||||||
# If this is the first time, clone the project
|
mkdir -pv "${VAULT_FOLDER}"
|
||||||
git clone https://github.com/bitwarden/clients.git "${VAULT_FOLDER}"
|
pushd "${VAULT_FOLDER}"
|
||||||
|
# If this is the first time, init the repo and checkout the requested branch/tag/hash
|
||||||
|
git -c init.defaultBranch=main init
|
||||||
|
git remote add origin https://github.com/bitwarden/clients.git
|
||||||
|
popd
|
||||||
else
|
else
|
||||||
# If there already is a checked-out repo, lets clean it up first.
|
# If there already is a checked-out repo, lets clean it up first.
|
||||||
pushd "${VAULT_FOLDER}"
|
pushd "${VAULT_FOLDER}"
|
||||||
# Stash current changes if there are any, we don't want to lose our work if we had some
|
# Stash current changes if there are any, we don't want to lose our work if we had some
|
||||||
|
echo "Stashing all custom changes"
|
||||||
git stash --include-untracked --quiet &> /dev/null || true
|
git stash --include-untracked --quiet &> /dev/null || true
|
||||||
# Checkout the main branch first
|
|
||||||
git checkout main
|
# Reset hard to make sure no changes are left
|
||||||
git reset --hard
|
git reset --hard
|
||||||
git checkout -f
|
|
||||||
popd
|
popd
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Checkout the request
|
||||||
pushd "${VAULT_FOLDER}"
|
pushd "${VAULT_FOLDER}"
|
||||||
|
# Update branch and tag metadata
|
||||||
# Update branch and tag metadata
|
git fetch --tags --depth 1 origin "${VAULT_VERSION}"
|
||||||
git fetch --tags --all
|
# Checkout the branch we want
|
||||||
git pull origin main
|
git -c advice.detachedHead=false checkout FETCH_HEAD
|
||||||
|
|
||||||
# Checkout the branch we want
|
|
||||||
git -c advice.detachedHead=false checkout "${VAULT_VERSION}"
|
|
||||||
|
|
||||||
popd
|
popd
|
||||||
|
|
59
scripts/gh_prepare.sh
Executable file
59
scripts/gh_prepare.sh
Executable file
|
@ -0,0 +1,59 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -o pipefail -o errexit
|
||||||
|
|
||||||
|
# Error handling
|
||||||
|
handle_error() {
|
||||||
|
read -n1 -r -p "FAILED: line $1, exit code $2. Press any key to exit..." _
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
trap 'handle_error $LINENO $?' ERR
|
||||||
|
|
||||||
|
if ! command -v gh >/dev/null 2>&1; then
|
||||||
|
echo "gh command not found, unable te prepare a release."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
current_branch=$(git branch --show-current 2>/dev/null || git symbolic-ref --short HEAD 2>/dev/null)
|
||||||
|
if [[ -n "$current_branch" && "${current_branch}" != "master" ]]; then
|
||||||
|
echo "Current branch '$current_branch' is not the 'master' branch."
|
||||||
|
echo "Please checkout and pull the master branch before you continue."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ask for release tag if not provided
|
||||||
|
if [[ -z "$RELEASE_TAG" ]]; then
|
||||||
|
read -rp "Provide git release tag (example: v2023.12.0): " input
|
||||||
|
RELEASE_TAG="${input}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if the RELEASE_TAG starts with vYYYY.M.B and patch letters are allowed like vYYYY.M.Ba
|
||||||
|
if [[ ! "${RELEASE_TAG}" =~ ^v20[0-9]{2}\.[0-9]{1,2}.[0-9]{1}[a-z]?$ ]]; then
|
||||||
|
echo "The provided release tag does not meet our standards!"
|
||||||
|
echo "'${RELEASE_TAG}' does not match the vYYYY.M.B format."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Verify if the input is correct
|
||||||
|
while true; do
|
||||||
|
read -rp "Using: '${RELEASE_TAG}' as tag, continue? (y/n): " yn
|
||||||
|
case $yn in
|
||||||
|
[Yy] )
|
||||||
|
# Continue with the release
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
[Nn] )
|
||||||
|
echo "Aborting release"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
* ) echo "Please answer y or n"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
git tag -s "${RELEASE_TAG}"
|
||||||
|
git push origin "${RELEASE_TAG}"
|
||||||
|
echo "Wait a few seconds before using gh to create a draft release"
|
||||||
|
sleep 5
|
||||||
|
gh release create "${RELEASE_TAG}" --generate-notes --draft
|
||||||
|
|
||||||
|
echo "Now wait for the container to be build and pushed before running 'make gh-release'"
|
78
scripts/gh_release.sh
Executable file
78
scripts/gh_release.sh
Executable file
|
@ -0,0 +1,78 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -o pipefail -o errexit
|
||||||
|
|
||||||
|
# Error handling
|
||||||
|
handle_error() {
|
||||||
|
read -n1 -r -p "FAILED: line $1, exit code $2. Press any key to exit..." _
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
trap 'handle_error $LINENO $?' ERR
|
||||||
|
|
||||||
|
if ! command -v gh >/dev/null 2>&1; then
|
||||||
|
echo "gh command not found, unable te prepare a release."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
current_branch=$(git branch --show-current 2>/dev/null || git symbolic-ref --short HEAD 2>/dev/null)
|
||||||
|
if [[ -n "$current_branch" && "${current_branch}" != "master" ]]; then
|
||||||
|
echo "Current branch '$current_branch' is not the 'master' branch."
|
||||||
|
echo "Please checkout and pull the master branch before you continue."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -z "$GPG_SIGNING_USER" ]]; then
|
||||||
|
read -rp "Provide the GPG user or key which will sign the tar.gz file: " input
|
||||||
|
GPG_SIGNING_USER="${input}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -n "$GPG_SIGNING_USER" ]]; then
|
||||||
|
if ! gpg --list-keys "$GPG_SIGNING_USER" >/dev/null 2>&1; then
|
||||||
|
echo "GPG Key for '${GPG_SIGNING_USER}' not found."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Get the latest release tag, this should match the tag created with `gh-prepare`
|
||||||
|
LATEST_REMOTE_TAG="v$(git -c 'versionsort.suffix=-' ls-remote --tags --refs --sort='v:refname' https://github.com/dani-garcia/bw_web_builds.git 'v*' | tail -n1 | grep -Eo '[^\/v]*$')"
|
||||||
|
|
||||||
|
# Ask for release tag if not provided, or validate the `$LATEST_REMOTE_TAG`
|
||||||
|
if [[ -z "$RELEASE_TAG" ]]; then
|
||||||
|
read -rp "Provide git release tag (default: '${LATEST_REMOTE_TAG}'): " input
|
||||||
|
RELEASE_TAG="${input:-${LATEST_REMOTE_TAG}}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if the RELEASE_TAG starts with vYYYY.M.B and patch letters are allowed like vYYYY.M.Ba
|
||||||
|
if [[ ! "${RELEASE_TAG}" =~ ^v20[0-9]{2}\.[0-9]{1,2}.[0-9]{1}[a-z]?$ ]]; then
|
||||||
|
echo "The provided release tag does not meet our standards!"
|
||||||
|
echo "'${RELEASE_TAG}' does not match the vYYYY.M.B format."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
read -rp "Using: '${RELEASE_TAG}' as tag, continue? (y/n): " yn
|
||||||
|
case $yn in
|
||||||
|
[Yy] )
|
||||||
|
# Continue with the release
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
[Nn] )
|
||||||
|
echo "Aborting prepare"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
* ) echo "Please answer y or n"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "Extracting tar.gz file from GitHub Container Registry"
|
||||||
|
${CONTAINER_CMD} create --name "bw_web_${RELEASE_TAG}" "ghcr.io/dani-garcia/bw_web_builds:${RELEASE_TAG}"
|
||||||
|
${CONTAINER_CMD} cp "bw_web_${RELEASE_TAG}:/bw_web_vault.tar.gz" "bw_web_${RELEASE_TAG}.tar.gz"
|
||||||
|
${CONTAINER_CMD} rm "bw_web_${RELEASE_TAG}"
|
||||||
|
|
||||||
|
if [[ -f "bw_web_${RELEASE_TAG}.tar.gz" ]]; then
|
||||||
|
gpg --yes --detach-sign --armor --local-user "$GPG_SIGNING_USER" --output "bw_web_${RELEASE_TAG}.tar.gz.asc" "bw_web_${RELEASE_TAG}.tar.gz"
|
||||||
|
sha256sum "bw_web_${RELEASE_TAG}.tar.gz"* | tee sha256sums.txt
|
||||||
|
|
||||||
|
gh release upload "${RELEASE_TAG}" "bw_web_${RELEASE_TAG}.tar.gz" "bw_web_${RELEASE_TAG}.tar.gz.asc" sha256sums.txt
|
||||||
|
gh release edit "${RELEASE_TAG}" --draft=false
|
||||||
|
fi
|
|
@ -15,6 +15,21 @@ trap 'handle_error $LINENO $?' ERR
|
||||||
|
|
||||||
pushd "${VAULT_FOLDER}"
|
pushd "${VAULT_FOLDER}"
|
||||||
|
|
||||||
|
# Try to get the vault version if possible
|
||||||
|
if [[ -z ${VAULT_VERSION} ]]; then
|
||||||
|
VAULT_VERSION=$(get_web_vault_version)
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check the format of the provided vault version
|
||||||
|
# If this is web-vYYYY.M.B or YYYY.M.B then fix this automatically to prepend with a `v` or remove web
|
||||||
|
if [[ "${VAULT_VERSION}" =~ ^20[0-9]{2}\.[0-9]{1,2}.[0-9]{1} ]]; then
|
||||||
|
VAULT_VERSION="v${VAULT_VERSION}"
|
||||||
|
elif [[ "${VAULT_VERSION}" =~ ^web-v20[0-9]{2}\.[0-9]{1,2}.[0-9]{1} ]]; then
|
||||||
|
VAULT_VERSION="${VAULT_VERSION#web-}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
export VAULT_VERSION
|
||||||
|
|
||||||
# Apply a patch from the patches directory
|
# Apply a patch from the patches directory
|
||||||
# shellcheck source=apply_patches.sh
|
# shellcheck source=apply_patches.sh
|
||||||
. "${BASEDIR}/apply_patches.sh"
|
. "${BASEDIR}/apply_patches.sh"
|
||||||
|
|
Loading…
Reference in a new issue