[deps]: Lock file maintenance #2631
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Build | |
on: | |
pull_request: {} | |
push: | |
branches: | |
- "main" | |
workflow_dispatch: {} | |
jobs: | |
cloc: | |
name: CLOC | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up CLOC | |
run: | | |
sudo apt update | |
sudo apt -y install cloc | |
- name: Print lines of code | |
run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git | |
setup: | |
name: Setup | |
runs-on: ubuntu-22.04 | |
outputs: | |
package_version: ${{ steps.retrieve-version.outputs.package_version }} | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Get Package Version | |
id: retrieve-version | |
run: | | |
PKG_VERSION=$(jq -r .version package.json) | |
echo "package_version=$PKG_VERSION" >> $GITHUB_OUTPUT | |
linux-cli: | |
name: Build Linux CLI | |
runs-on: ubuntu-22.04 | |
needs: setup | |
env: | |
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} | |
_PKG_FETCH_NODE_VERSION: 18.5.0 | |
_PKG_FETCH_VERSION: 3.4 | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up Node | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
cache: 'npm' | |
cache-dependency-path: '**/package-lock.json' | |
node-version: '18' | |
- name: Update NPM | |
run: | | |
npm install -g node-gyp | |
node-gyp install $(node -v) | |
- name: Get pkg-fetch | |
run: | | |
cd $HOME | |
fetchedUrl="https://github.com/vercel/pkg-fetch/releases/download/v$_PKG_FETCH_VERSION/node-v$_PKG_FETCH_NODE_VERSION-linux-x64" | |
mkdir -p .pkg-cache/v$_PKG_FETCH_VERSION | |
wget $fetchedUrl -O "./.pkg-cache/v$_PKG_FETCH_VERSION/fetched-v$_PKG_FETCH_NODE_VERSION-linux-x64" | |
- name: Keytar | |
run: | | |
keytarVersion=$(cat package.json | jq -r '.dependencies.keytar') | |
keytarTar="keytar-v$keytarVersion-napi-v3-linux-x64.tar" | |
keytarTarGz="$keytarTar.gz" | |
keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz" | |
mkdir -p ./keytar/linux | |
wget $keytarUrl -O ./keytar/linux/$keytarTarGz | |
tar -xvf ./keytar/linux/$keytarTarGz -C ./keytar/linux | |
- name: Install | |
run: npm install | |
- name: Package CLI | |
run: npm run dist:cli:lin | |
- name: Zip | |
run: zip -j dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip dist-cli/linux/bwdc keytar/linux/build/Release/keytar.node | |
- name: Create checksums | |
run: | | |
shasum -a 256 dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip | \ | |
cut -d " " -f 1 > dist-cli/bwdc-linux-sha256-$_PACKAGE_VERSION.txt | |
- name: Version Test | |
run: | | |
sudo apt-get update | |
sudo apt install libsecret-1-0 dbus-x11 gnome-keyring | |
eval $(dbus-launch --sh-syntax) | |
eval $(echo -n "" | /usr/bin/gnome-keyring-daemon --login) | |
eval $(/usr/bin/gnome-keyring-daemon --components=secrets --start) | |
mkdir -p test/linux | |
unzip ./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip -d ./test/linux | |
testVersion=$(./test/linux/bwdc -v) | |
echo "version: $_PACKAGE_VERSION" | |
echo "testVersion: $testVersion" | |
if [ "$testVersion" != "$_PACKAGE_VERSION" ]; then | |
echo "Version test failed." | |
exit 1 | |
fi | |
- name: Upload Linux Zip to GitHub | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: bwdc-linux-${{ env._PACKAGE_VERSION }}.zip | |
path: ./dist-cli/bwdc-linux-${{ env._PACKAGE_VERSION }}.zip | |
if-no-files-found: error | |
- name: Upload Linux checksum to GitHub | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt | |
path: ./dist-cli/bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt | |
if-no-files-found: error | |
macos-cli: | |
name: Build Mac CLI | |
runs-on: macos-13 | |
needs: setup | |
env: | |
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} | |
_PKG_FETCH_NODE_VERSION: 18.5.0 | |
_PKG_FETCH_VERSION: 3.4 | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up Node | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
cache: 'npm' | |
cache-dependency-path: '**/package-lock.json' | |
node-version: '18' | |
- name: Update NPM | |
run: | | |
npm install -g node-gyp | |
node-gyp install $(node -v) | |
- name: Get pkg-fetch | |
run: | | |
cd $HOME | |
fetchedUrl="https://github.com/vercel/pkg-fetch/releases/download/v$_PKG_FETCH_VERSION/node-v$_PKG_FETCH_NODE_VERSION-macos-x64" | |
mkdir -p .pkg-cache/v$_PKG_FETCH_VERSION | |
wget $fetchedUrl -O "./.pkg-cache/v$_PKG_FETCH_VERSION/fetched-v$_PKG_FETCH_NODE_VERSION-macos-x64" | |
- name: Keytar | |
run: | | |
keytarVersion=$(cat package.json | jq -r '.dependencies.keytar') | |
keytarTar="keytar-v$keytarVersion-napi-v3-darwin-x64.tar" | |
keytarTarGz="$keytarTar.gz" | |
keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz" | |
mkdir -p ./keytar/macos | |
wget $keytarUrl -O ./keytar/macos/$keytarTarGz | |
tar -xvf ./keytar/macos/$keytarTarGz -C ./keytar/macos | |
- name: Install | |
run: npm install | |
- name: Package CLI | |
run: npm run dist:cli:mac | |
- name: Zip | |
run: zip -j dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip dist-cli/macos/bwdc keytar/macos/build/Release/keytar.node | |
- name: Create checksums | |
run: | | |
shasum -a 256 dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip | \ | |
cut -d " " -f 1 > dist-cli/bwdc-macos-sha256-$_PACKAGE_VERSION.txt | |
- name: Version Test | |
run: | | |
mkdir -p test/macos | |
unzip ./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip -d ./test/macos | |
testVersion=$(./test/macos/bwdc -v) | |
echo "version: $_PACKAGE_VERSION" | |
echo "testVersion: $testVersion" | |
if [ "$testVersion" != "$_PACKAGE_VERSION" ]; then | |
echo "Version test failed." | |
exit 1 | |
fi | |
- name: Upload Mac Zip to GitHub | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: bwdc-macos-${{ env._PACKAGE_VERSION }}.zip | |
path: ./dist-cli/bwdc-macos-${{ env._PACKAGE_VERSION }}.zip | |
if-no-files-found: error | |
- name: Upload Mac checksum to GitHub | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt | |
path: ./dist-cli/bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt | |
if-no-files-found: error | |
windows-cli: | |
name: Build Windows CLI | |
runs-on: windows-2022 | |
needs: setup | |
env: | |
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} | |
_WIN_PKG_FETCH_VERSION: 18.5.0 | |
_WIN_PKG_VERSION: 3.4 | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Setup Windows builder | |
run: | | |
choco install checksum --no-progress | |
choco install reshack --no-progress | |
- name: Set up Node | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
cache: 'npm' | |
cache-dependency-path: '**/package-lock.json' | |
node-version: '18' | |
- name: Update NPM | |
run: | | |
npm install -g node-gyp | |
node-gyp install $(node -v) | |
- name: Get pkg-fetch | |
shell: pwsh | |
run: | | |
cd $HOME | |
$fetchedUrl = "https://github.com/vercel/pkg-fetch/releases/download/v$env:_WIN_PKG_VERSION/node-v$env:_WIN_PKG_FETCH_VERSION-win-x64" | |
New-Item -ItemType directory -Path ./.pkg-cache | |
New-Item -ItemType directory -Path ./.pkg-cache/v$env:_WIN_PKG_VERSION | |
Invoke-RestMethod -Uri $fetchedUrl ` | |
-OutFile "./.pkg-cache/v$env:_WIN_PKG_VERSION/fetched-v$env:_WIN_PKG_FETCH_VERSION-win-x64" | |
- name: Keytar | |
shell: pwsh | |
run: | | |
$keytarVersion = (Get-Content -Raw -Path ./package.json | ConvertFrom-Json).dependencies.keytar | |
$keytarTar = "keytar-v${keytarVersion}-napi-v3-{0}-x64.tar" | |
$keytarTarGz = "${keytarTar}.gz" | |
$keytarUrl = "https://github.com/atom/node-keytar/releases/download/v${keytarVersion}/${keytarTarGz}" | |
New-Item -ItemType directory -Path ./keytar/windows | Out-Null | |
Invoke-RestMethod -Uri $($keytarUrl -f "win32") -OutFile "./keytar/windows/$($keytarTarGz -f "win32")" | |
7z e "./keytar/windows/$($keytarTarGz -f "win32")" -o"./keytar/windows" | |
7z e "./keytar/windows/$($keytarTar -f "win32")" -o"./keytar/windows" | |
- name: Setup Version Info | |
shell: pwsh | |
run: | | |
$major, $minor, $patch = $env:_PACKAGE_VERSION.split('.') | |
$versionInfo = @" | |
1 VERSIONINFO | |
FILEVERSION $major,$minor,$patch,0 | |
PRODUCTVERSION $major,$minor,$patch,0 | |
FILEOS 0x40004 | |
FILETYPE 0x1 | |
{ | |
BLOCK "StringFileInfo" | |
{ | |
BLOCK "040904b0" | |
{ | |
VALUE "CompanyName", "Bitwarden Inc." | |
VALUE "ProductName", "Bitwarden" | |
VALUE "FileDescription", "Bitwarden Directory Connector CLI" | |
VALUE "FileVersion", "$env:_PACKAGE_VERSION" | |
VALUE "ProductVersion", "$env:_PACKAGE_VERSION" | |
VALUE "OriginalFilename", "bwdc.exe" | |
VALUE "InternalName", "bwdc" | |
VALUE "LegalCopyright", "Copyright Bitwarden Inc." | |
} | |
} | |
BLOCK "VarFileInfo" | |
{ | |
VALUE "Translation", 0x0409 0x04B0 | |
} | |
} | |
"@ | |
$versionInfo | Out-File ./version-info.rc | |
- name: Resource Hacker | |
shell: cmd | |
run: | | |
set PATH=%PATH%;C:\Program Files (x86)\Resource Hacker | |
set WIN_PKG=C:\Users\runneradmin\.pkg-cache\v%_WIN_PKG_VERSION%\fetched-v%_WIN_PKG_FETCH_VERSION%-win-x64 | |
set WIN_PKG_BUILT=C:\Users\runneradmin\.pkg-cache\v%_WIN_PKG_VERSION%\built-v%_WIN_PKG_FETCH_VERSION%-win-x64 | |
ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action delete -mask ICONGROUP,1, | |
ResourceHacker -open version-info.rc -save version-info.res -action compile | |
ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action addoverwrite -resource version-info.res | |
- name: Install | |
run: npm install | |
- name: Package CLI | |
run: npm run dist:cli:win | |
- name: Zip | |
shell: cmd | |
run: 7z a .\dist-cli\bwdc-windows-%_PACKAGE_VERSION%.zip .\dist-cli\windows\bwdc.exe .\keytar\windows\keytar.node | |
- name: Version Test | |
shell: pwsh | |
run: | | |
Expand-Archive -Path "dist-cli\bwdc-windows-${{ env._PACKAGE_VERSION }}.zip" -DestinationPath "test\windows" | |
$testVersion = Invoke-Expression '& .\test\windows\bwdc.exe -v' | |
echo "version: ${env:_PACKAGE_VERSION}" | |
echo "testVersion: $testVersion" | |
if ($testVersion -ne ${env:_PACKAGE_VERSION}) { | |
Throw "Version test failed." | |
} | |
- name: Create checksums | |
run: | | |
checksum -f="./dist-cli/bwdc-windows-${env:_PACKAGE_VERSION}.zip" ` | |
-t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:_PACKAGE_VERSION}.txt | |
- name: Upload Windows Zip to GitHub | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: bwdc-windows-${{ env._PACKAGE_VERSION }}.zip | |
path: ./dist-cli/bwdc-windows-${{ env._PACKAGE_VERSION }}.zip | |
if-no-files-found: error | |
- name: Upload Windows checksum to GitHub | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt | |
path: ./dist-cli/bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt | |
if-no-files-found: error | |
windows-gui: | |
name: Build Windows GUI | |
runs-on: windows-2022 | |
needs: setup | |
env: | |
NODE_OPTIONS: --max_old_space_size=4096 | |
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} | |
HUSKY: 0 | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up Node | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
cache: 'npm' | |
cache-dependency-path: '**/package-lock.json' | |
node-version: '18' | |
- name: Update NPM | |
run: | | |
npm install -g node-gyp | |
node-gyp install $(node -v) | |
- name: Print environment | |
run: | | |
node --version | |
npm --version | |
- name: Install AST | |
run: dotnet tool install --global AzureSignTool --version 4.0.1 | |
- name: Install Node dependencies | |
run: npm install | |
- name: Build & Sign | |
run: npm run dist:win | |
env: | |
ELECTRON_BUILDER_SIGN: 1 | |
SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }} | |
SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }} | |
SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }} | |
SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }} | |
SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }} | |
- name: Upload Portable Executable to GitHub | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe | |
path: ./dist/Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe | |
if-no-files-found: error | |
- name: Upload Installer Executable to GitHub | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe | |
path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe | |
if-no-files-found: error | |
- name: Upload Installer Executable Blockmap to GitHub | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap | |
path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap | |
if-no-files-found: error | |
- name: Upload latest auto-update artifact | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: latest.yml | |
path: ./dist/latest.yml | |
if-no-files-found: error | |
linux-gui: | |
name: Build Linux GUI | |
runs-on: ubuntu-22.04 | |
needs: setup | |
env: | |
NODE_OPTIONS: --max_old_space_size=4096 | |
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} | |
HUSKY: 0 | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up Node | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
cache: 'npm' | |
cache-dependency-path: '**/package-lock.json' | |
node-version: '18' | |
- name: Update NPM | |
run: | | |
npm install -g node-gyp | |
node-gyp install $(node -v) | |
- name: Set up environment | |
run: | | |
sudo apt-get update | |
sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev | |
sudo apt-get -y install rpm | |
- name: NPM Install | |
run: npm install | |
- name: NPM Rebuild | |
run: npm run rebuild | |
- name: NPM Package | |
run: npm run dist:lin | |
- name: Upload AppImage | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage | |
path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage | |
if-no-files-found: error | |
- name: Upload latest auto-update artifact | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: latest-linux.yml | |
path: ./dist/latest-linux.yml | |
if-no-files-found: error | |
macos-gui: | |
name: Build MacOS GUI | |
runs-on: macos-13 | |
needs: setup | |
env: | |
NODE_OPTIONS: --max_old_space_size=4096 | |
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} | |
HUSKY: 0 | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up Node | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
cache: 'npm' | |
cache-dependency-path: '**/package-lock.json' | |
node-version: '18' | |
- name: Update NPM | |
run: | | |
npm install -g node-gyp | |
node-gyp install $(node -v) | |
- name: Print environment | |
run: | | |
node --version | |
npm --version | |
echo "GitHub ref: $GITHUB_REF" | |
echo "GitHub event: $GITHUB_EVENT" | |
- name: Login to Azure | |
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
with: | |
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
- name: Get certificates | |
run: | | |
mkdir -p $HOME/certificates | |
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert | | |
jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12 | |
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | | |
jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12 | |
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | | |
jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12 | |
- name: Set up keychain | |
env: | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain | |
security set-keychain-settings -lut 1200 build.keychain | |
security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ | |
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild | |
security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \ | |
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild | |
security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \ | |
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain | |
- name: Load package version | |
run: | | |
$rootPath = $env:GITHUB_WORKSPACE; | |
$packageVersion = (Get-Content -Raw -Path $rootPath\package.json | ConvertFrom-Json).version; | |
Write-Output "Setting package version to $packageVersion"; | |
Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append; | |
shell: pwsh | |
- name: Install Node dependencies | |
run: npm install | |
- name: Set up private auth key | |
run: | | |
mkdir ~/private_keys | |
cat << EOF > ~/private_keys/AuthKey_UFD296548T.p8 | |
${{ secrets.APP_STORE_CONNECT_AUTH_KEY }} | |
EOF | |
- name: Build application | |
run: npm run dist:mac | |
env: | |
APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }} | |
APP_STORE_CONNECT_AUTH_KEY: UFD296548T | |
APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_UFD296548T.p8 | |
CSC_FOR_PULL_REQUEST: true | |
- name: Upload .zip artifact | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip | |
path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip | |
if-no-files-found: error | |
- name: Upload .dmg artifact | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg | |
path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg | |
if-no-files-found: error | |
- name: Upload .dmg Blockmap artifact | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap | |
path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap | |
if-no-files-found: error | |
- name: Upload latest auto-update artifact | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: latest-mac.yml | |
path: ./dist/latest-mac.yml | |
if-no-files-found: error | |
check-failures: | |
name: Check for failures | |
runs-on: ubuntu-22.04 | |
needs: | |
- cloc | |
- setup | |
- linux-cli | |
- macos-cli | |
- windows-cli | |
- windows-gui | |
- linux-gui | |
- macos-gui | |
steps: | |
- name: Check if any job failed | |
if: github.ref == 'refs/heads/main' && contains(needs.*.result, 'failure') | |
run: exit 1 | |
- name: Login to Azure - CI subscription | |
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
if: failure() | |
with: | |
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
- name: Retrieve secrets | |
id: retrieve-secrets | |
uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
if: failure() | |
with: | |
keyvault: "bitwarden-ci" | |
secrets: "devops-alerts-slack-webhook-url" | |
- name: Notify Slack on failure | |
uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 | |
if: failure() | |
env: | |
SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} | |
with: | |
status: ${{ job.status }} |