GitHub-Bitwarden
/
directory-connector
mirror of https://github.com/bitwarden/directory-connector.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Migrate to gh actions (#89) 

* intial go at building the windows pipeline in GH

* fixing whitespace issue

* moving version info script

* changing the electron-builder commands to the npm scripts

* fixing the PACKAGE_VERSION var

* adding debugging statements

* changing list command

* fixing PACKAGE_VERSION var

* adding linux job and disabling windows job

* debugging linux installs

* retrying the rpm

* re-enabling the windows build

* re-enabling publishing of the exe

* debugging pkg fetched

* debugging this more

* testing install of pkg-fetch with npm

* moving pkg-fetch installation

* trying to manually add the fetched package

* I was wrong. This wasn't linux. Switching to pwsh

* fixing the pwsh var syntax

* removing debugging tasks and re-enabling the other build tasks

* adding build_and_signing. Removing the non-cli executables from the build pipeline and disabling it for testing.

* removing some whitespace

* switching how we get package version

* adding custom signing script

* removing deubbing code and getting ready for PR

* adding in another release gate

* chaning file name to fit previous standards

* removing appveyor pipeline file

* moving all of the build tasks to the same build file

* changing GITHUB_TOKEN because GITHUB_* is probably reserved

* adding release pipeline and moving all realease tasks to that pipeline

* updating the package.json's to contain the releases to my repo

* fixing the RELEASE_TAG_NAME and switching the electron builder from pack to publish

* fixing the npm run publish command

* adding GH_TOKEN to the build and sign task

* fixing upload path

* removing the release asset upload since I think they are already published?

* removing testing code

* testing tweak to github release

* making sure I've got the right repo set

* removing whitespace

* adding in clone task to setup

* removing the stop-gap

* adding GH_TOKEN to the linux publish task

* fixing string

* switching to manual publishing. There seems to be a bug in the electron-builder publishing? or our setup

* switching back to electron-builder publishing but manually creating and pushing the tag

* I don't know why electron-builder isn't picking up the release. Adding some debugging code

* adding in GH token for release checking

* adding another GH token for release checking

* commenting out the tagging portion. This should just happen automatically...

* trying the release without the manual uploads?

* adding -d flag to release edit

* disabling the gui build to see if the cli changes the tag

* trying out a fix

* testing the upload release asset action

* fixing typo

* trying RELEASE_NAME

* fixing bash error

* trying something else for the release name

* changing all of the release asset uploads to a provided action

* Removing some debugging code

* re-enabling the windows and linux jobs

* changing the content type of the checksum files

* fixing typo

* removing the PKG_INFO flag

* installing RH with choco

* testing the reshack

* reenabling the correct job

* resetting release workflow and adding exp workflow

* trying ResourceHacker.exe

* switching to pwsh to see if that works

* switching back and specifying cmd shell

* finding the bin to add to the path

* wrestling with cmd

* debugging path

* giving up on nice printing

* changing to different path debugging

* adding RH to the path

* trying something else

* trying something else

* maybe the path resets?

* updating exp workflow to try to get reshack to work

* trying to add to the path without the quotes

* fixing the RH test

* debugging path

* setting path forever

* not playing around with perfect environment paths with windows....

* preivous test was inconclusive

* testing RH

* changing the npm command and removing unnecssary GITHUB_TOKEN

* removing the exp workflow

* quoting the signing file

* debugging VER_INFO

* debugging the pkg-fetch

* disabling non-cli jobs

* changing value of WIN_PKG

* testing more pkg-fetch

* changing the paths to the home directory

* renaming exp workflow

* trying a string

* trying it from the home directory

* removing the stop gap

* updating the version to something that RH supports

* initial release test

* fixing GITHUB_TOKEN

* changing the version to a real version

* debugging tag names

* changing the trigger on the exp workflow

* moving the disabled job to the correct workflow

* trying wet spaghetti

* updating case statement

* adding in the findings from the experiment

* removing testing code. Leaving unfinished macos build disabled

* removing the prod environment secrets

* setting up the mac build job

* renaming the key name

* moving the signing file

* working on the mac packaging

* removing desktop mac certs

* disabling the non-mac jobs

* setting up the build workflow for first run

* adding manual trigger to the build workflow

* disabling the push trigger

* removing the non-existant setup function

* removing the unneeded certs

* removing increment version since we are not submitting to the Apple Store.

* re-enabling the APPLE_ID vars

* updating how the package version is retrieved in build. staging release workflow for testing

* fixing the asset upload updating the repo in package.json

* adding debugging to dist

* adding in missing directory for debugging

* renaming that file

* updating the build/release workflows

* fixing the setup output

* updating file name and changing dist to publish

* adding in the missing token

* changing the zip name

* add debuggin

* fixing debugging step

* removing debugging task. Not needed

* reworking the content type of the mac release assets

* removing the rename task and adding in some debugging

* flipping the order of the dmg and the mac.zip upload to see if it is a problem with the release asset upload

* adding the renaming back in

* switching the upload name back to dashes

* commenting out the manual release asset upload. Looks like publish is doing that?

* removing all debugging code

* updating README with the GitHub Actions Badge

* changing all of the slashes to match

* removing unneeded package version setting

* removing unneeded package version setup

* adding WIN_PKG task back in. accidentally removed it
pull/93/head
Joseph Flinn 5 years ago committed by GitHub
parent
bdfda6775d
commit
d3049164a9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 864 additions and 164 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 29
      .github/scripts/decrypt-secret.ps1
  2. 5
      .github/scripts/load-version.ps1
  3. 7
      .github/scripts/macos/decrypt-secrets.ps1
  4. 15
      .github/scripts/macos/setup-keychain.ps1
  5. 390
      .github/workflows/build.yml
  6. 392
      .github/workflows/release.yml
  7. 2
      README.md
  8. 162
      appveyor.yml
  9. 3
      package.json
  10. 0
      scripts/make-versioninfo.ps1
  11. 23
      scripts/sign.js

29
.github/scripts/decrypt-secret.ps1
Unescape View File

@ -0,0 +1,29 @@
param (
[Parameter(Mandatory=$true)]
[string] $filename,
[string] $output
)
$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path
$rootPath = $env:GITHUB_WORKSPACE
$secretInputPath = $rootPath + "/.github/secrets"
$input = $secretInputPath + "/" + $filename
$passphrase = $env:DECRYPT_FILE_PASSWORD
$secretOutputPath = $homePath + "/secrets"
if ([string]::IsNullOrEmpty($output)) {
if ($filename.EndsWith(".gpg")) {
$output = $secretOutputPath + "/" + $filename.TrimEnd(".gpg")
} else {
$output = $secretOutputPath + "/" + $filename + ".plaintext"
}
}
if (!(Test-Path -Path $secretOutputPath))
{
New-Item -ItemType Directory -Path $secretOutputPath
}
gpg --quiet --batch --yes --decrypt --passphrase="$passphrase" --output $output $input

5
.github/scripts/load-version.ps1
Unescape View File

@ -0,0 +1,5 @@
$rootPath = $env:GITHUB_WORKSPACE;
$packageVersion = (Get-Content -Raw -Path $rootPath\src\package.json | ConvertFrom-Json).version;
Write-Output "Setting package version to $packageVersion";
Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append;

7
.github/scripts/macos/decrypt-secrets.ps1
Unescape View File

@ -0,0 +1,7 @@
$rootPath = $env:GITHUB_WORKSPACE;
$decryptSecretPath = $($rootPath + "/.github/scripts/decrypt-secret.ps1");
Invoke-Expression "& `"$decryptSecretPath`" -filename devid-app-cert.p12.gpg"
Invoke-Expression "& `"$decryptSecretPath`" -filename devid-installer-cert.p12.gpg"
Invoke-Expression "& `"$decryptSecretPath`" -filename macdev-cert.p12.gpg"

15
.github/scripts/macos/setup-keychain.ps1
Unescape View File

@ -0,0 +1,15 @@
$homePath = Resolve-Path "~" | Select-Object -ExpandProperty Path;
$secretsPath = $homePath + "/secrets"
$devidAppCertPath = $($secretsPath + "/devid-app-cert.p12");
$devidInstallerCertPath = $($secretsPath + "/devid-installer-cert.p12");
$macdevCertPath = $($secretsPath + "/macdev-cert.p12");
security create-keychain -p $env:KEYCHAIN_PASSWORD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $env:KEYCHAIN_PASSWORD build.keychain
security set-keychain-settings -lut 1200 build.keychain
security import $devidAppCertPath -k build.keychain -P $env:DEVID_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import $devidInstallerCertPath -k build.keychain -P $env:DEVID_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security import $macdevCertPath -k build.keychain -P $env:MACDEV_CERT_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $env:KEYCHAIN_PASSWORD build.keychain

390
.github/workflows/build.yml
Unescape View File

@ -0,0 +1,390 @@
name: Build
on:
push:
branches-ignore:
- 'l10n_master'
workflow_dispatch:
inputs:
jobs:
cloc:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Set up cloc
run: |
sudo apt update
sudo apt -y install cloc
- name: Print lines of code
run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
setup:
runs-on: ubuntu-latest
outputs:
package_version: ${{ steps.get_version.outputs.package_version }}
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Get Package Version
id: get_version
shell: pwsh
run: |
$env:pkgVersion = (Get-Content -Raw -Path ./src/package.json | ConvertFrom-Json).version
echo "::set-output name=PACKAGE_VERSION::$env:pkgVersion"
cli:
runs-on: windows-latest
needs: setup
env:
PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Setup Windows builder
run: |
choco install checksum --no-progress
choco install reshack --no-progress
- name: Set up Node
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: Setting WIN_PKG
run: |
echo "WIN_PKG=$env:WIN_PKG" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
echo "version: $env:pkgVersion"
env:
WIN_PKG: C:\Users\runneradmin\.pkg-cache\v2.5\fetched-v10.4.1-win-x64
- name: get pkg-fetch
shell: pwsh
run: |
cd $HOME
$fetchedUrl = "https://github.com/vercel/pkg-fetch/releases/download/v2.5/uploaded-v2.5-node-v10.4.1-win-x64"
New-Item -ItemType directory -Path ./.pkg-cache
New-Item -ItemType directory -Path ./.pkg-cache/v2.5
Invoke-RestMethod -Uri $fetchedUrl -OutFile "./.pkg-cache/v2.5/fetched-v10.4.1-win-x64"
env:
WIN_PKG: C:\Users\runneradmin\.pkg-cache\v2.5\fetched-v10.4.1-win-x64
- name: Keytar
shell: pwsh
run: |
$keytarVersion = (Get-Content -Raw -Path ./src/package.json | ConvertFrom-Json).dependencies.keytar
$nodeModVersion = node -e "console.log(process.config.variables.node_module_version)"
$keytarTar = "keytar-v${keytarVersion}-node-v${nodeModVersion}-{0}-x64.tar"
$keytarTarGz = "${keytarTar}.gz"
$keytarUrl = "https://github.com/atom/node-keytar/releases/download/v${keytarVersion}/${keytarTarGz}"
New-Item -ItemType directory -Path ./keytar/macos | Out-Null
New-Item -ItemType directory -Path ./keytar/linux | Out-Null
New-Item -ItemType directory -Path ./keytar/windows | Out-Null
Invoke-RestMethod -Uri $($keytarUrl -f "darwin") -OutFile "./keytar/macos/$($keytarTarGz -f "darwin")"
Invoke-RestMethod -Uri $($keytarUrl -f "linux") -OutFile "./keytar/linux/$($keytarTarGz -f "linux")"
Invoke-RestMethod -Uri $($keytarUrl -f "win32") -OutFile "./keytar/windows/$($keytarTarGz -f "win32")"
7z e "./keytar/macos/$($keytarTarGz -f "darwin")" -o"./keytar/macos"
7z e "./keytar/linux/$($keytarTarGz -f "linux")" -o"./keytar/linux"
7z e "./keytar/windows/$($keytarTarGz -f "win32")" -o"./keytar/windows"
7z e "./keytar/macos/$($keytarTar -f "darwin")" -o"./keytar/macos"
7z e "./keytar/linux/$($keytarTar -f "linux")" -o"./keytar/linux"
7z e "./keytar/windows/$($keytarTar -f "win32")" -o"./keytar/windows"
- name: Setup Version Info
shell: pwsh
run: ./scripts/make-versioninfo.ps1
- name: Resource Hacker
shell: cmd
run: |
set PATH=%PATH%;C:\Program Files (x86)\Resource Hacker
ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action delete -mask ICONGROUP,1,
ResourceHacker -open version-info.rc -save version-info.res -action compile
ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action addoverwrite -resource version-info.res
- name: Install
run: npm install
- name: Package CLI
run: npm run dist:cli
- name: Zip
shell: cmd
run: |
7z a ./dist-cli/bwdc-windows-%PACKAGE_VERSION%.zip ./dist-cli/windows/bwdc.exe ./keytar/windows/keytar.node
7z a ./dist-cli/bwdc-macos-%PACKAGE_VERSION%.zip ./dist-cli/macos/bwdc ./keytar/macos/keytar.node
7z a ./dist-cli/bwdc-linux-%PACKAGE_VERSION%.zip ./dist-cli/linux/bwdc ./keytar/linux/keytar.node
- name: Version Test
run: |
Expand-Archive -Path "./dist-cli/bwdc-windows-${env:PACKAGE_VERSION}.zip" -DestinationPath "./test/windows"
$testVersion = Invoke-Expression '& ./test/windows/bwdc.exe -v'
echo "version: $env:PACKAGE_VERSION"
echo "testVersion: $testVersion"
if($testVersion -ne $env:PACKAGE_VERSION) {
Throw "Version test failed."
}
- name: Create checksums
run: |
checksum -f="./dist-cli/bwdc-windows-${env:PACKAGE_VERSION}.zip" `
-t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:PACKAGE_VERSION}.txt
checksum -f="./dist-cli/bwdc-macos-${env:PACKAGE_VERSION}.zip" `
-t sha256 | Out-File ./dist-cli/bwdc-macos-sha256-${env:PACKAGE_VERSION}.txt
checksum -f="./dist-cli/bwdc-linux-${env:PACKAGE_VERSION}.zip" `
-t sha256 | Out-File ./dist-cli/bwdc-linux-sha256-${env:PACKAGE_VERSION}.txt
- name: Upload windows zip to GitHub
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2
with:
name: bwdc-windows-${{ env.PACKAGE_VERSION }}.zip
path: ./dist-cli/bwdc-windows-${{ env.PACKAGE_VERSION }}.zip
- name: Upload mac zip to GitHub
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2
with:
name: bwdc-macos-${{ env.PACKAGE_VERSION }}.zip
path: ./dist-cli/bwdc-macos-${{ env.PACKAGE_VERSION }}.zip
- name: Upload linux zip to GitHub
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2
with:
name: bwdc-linux-${{ env.PACKAGE_VERSION }}.zip
path: ./dist-cli/bwdc-linux-${{ env.PACKAGE_VERSION }}.zip
- name: Upload windows checksum to GitHub
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2
with:
name: bwdc-windows-sha256-${{ env.PACKAGE_VERSION }}.txt
path: ./dist-cli/bwdc-windows-sha256-${{ env.PACKAGE_VERSION }}.txt
- name: Upload mac checksum to GitHub
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2
with:
name: bwdc-macos-sha256-${{ env.PACKAGE_VERSION }}.txt
path: ./dist-cli/bwdc-macos-sha256-${{ env.PACKAGE_VERSION }}.txt
- name: Upload linux checksum to GitHub
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2
with:
name: bwdc-linux-sha256-${{ env.PACKAGE_VERSION }}.txt
path: ./dist-cli/bwdc-linux-sha256-${{ env.PACKAGE_VERSION }}.txt
windows_gui:
runs-on: windows-latest
needs: setup
env:
PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps:
- name: Set up dotnet
uses: actions/setup-dotnet@v1
with:
dotnet-version: "3.1.x"
- name: Set up Node
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh
- name: Print environment
run: |
node --version
npm --version
dotnet --version
- name: Install AST
shell: pwsh
run: |
cd $HOME
git clone https://github.com/vcsjones/AzureSignTool.git
cd AzureSignTool
$latest_head = $(git rev-parse HEAD)[0..9] -join ""
$latest_version = "0.0.0-g$latest_head"
Write-Host "--------"
Write-Host "git commit - $(git rev-parse HEAD)"
Write-Host "latest_head - $latest_head"
Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
Write-Host "--------"
dotnet restore
dotnet pack --output ./nupkg
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
- name: Checkout repo
uses: actions/checkout@v2
- name: Install Node dependencies
run: npm install
- name: Run linter
run: npm run lint
- name: Build & Sign
run: npm run dist:win
env:
ELECTRON_BUILDER_SIGN: 1
SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
- name: List Dist
run: dir ./dist
- name: Publish Portable Exe to GitHub
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2
with:
name: Bitwarden-Connector-Portable-${{ env.PACKAGE_VERSION }}.exe
path: ./dist/Bitwarden-Connector-Portable-${{ env.PACKAGE_VERSION }}.exe
- name: Publish Installer Exe to GitHub
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2
with:
name: Bitwarden-Connector-Installer-${{ env.PACKAGE_VERSION }}.exe
path: ./dist/Bitwarden-Connector-Installer-${{ env.PACKAGE_VERSION }}.exe
linux:
runs-on: ubuntu-latest
needs: setup
env:
PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps:
- name: Set up Node
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
- name: Set up environment
run: |
sudo apt-get update
sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev
sudo apt-get -y install rpm
- name: Checkout repo
uses: actions/checkout@v2
- name: npm install
run: npm install
- name: npm rebuild
run: npm run rebuild
- name: npm package
run: npm run dist:lin
- name: Publish AppImage
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2
with:
name: Bitwarden-Connector-${{ env.PACKAGE_VERSION }}-x86_64.AppImage
path: ./dist/Bitwarden-Connector-${{ env.PACKAGE_VERSION }}-x86_64.AppImage
macos:
runs-on: macos-latest
needs: setup
env:
PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps:
- name: Set up Node
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
- name: Print environment
run: |
node --version
npm --version
Write-Output "GitHub ref: $env:GITHUB_REF"
Write-Output "GitHub event: $env:GITHUB_EVENT"
shell: pwsh
env:
GITHUB_REF: ${{ github.ref }}
GITHUB_EVENT: ${{ github.event_name }}
- name: Checkout repo
uses: actions/checkout@v2
- name: Decrypt secrets
run: ./.github/scripts/macos/decrypt-secrets.ps1
shell: pwsh
env:
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
- name: Set up keychain
run: ./.github/scripts/macos/setup-keychain.ps1
shell: pwsh
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
run: npm install
- name: Run linter
run: npm run lint
- name: Build application (dev)
if: github.ref != 'refs/heads/master'
run: npm run build
- name: Build application (dist)
if: github.ref == 'refs/heads/master'
run: npm run dist:mac
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
- name: Upload .zip artifact
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2
with:
name: Bitwarden-Connector-${{ env.PACKAGE_VERSION }}-mac.zip
path: ./dist/Bitwarden-Connector-${{ env.PACKAGE_VERSION }}-mac.zip
- name: Upload .dmg artifact
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v2
with:
name: Bitwarden-Connector-${{ env.PACKAGE_VERSION }}.dmg
path: ./dist/Bitwarden-Connector-${{ env.PACKAGE_VERSION }}.dmg

392
.github/workflows/release.yml
Unescape View File

@ -0,0 +1,392 @@
name: Release
on:
workflow_dispatch:
inputs:
release_tag_name_input:
description: "Release Tag Name <X.X.X>"
required: true
jobs:
setup:
runs-on: ubuntu-latest
outputs:
package_version: ${{ steps.create_tags.outputs.package_version }}
tag_version: ${{ steps.create_tags.outputs.tag_version }}
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Create Release Vars
id: create_tags
run: |
case "${RELEASE_TAG_NAME_INPUT:0:1}" in
v)
echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}"
echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT"
;;
[0-9])
echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT"
echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT"
;;
*)
exit 1
;;
esac
env:
RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
- name: Create Draft Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ env.RELEASE_TAG_NAME }}
release_name: ${{ env.RELEASE_NAME }}
draft: true
prerelease: false
cli:
runs-on: windows-latest
needs: setup
env:
PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Setup Windows builder
run: |
choco install checksum --no-progress
choco install reshack --no-progress
- name: Set up Node
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: Set VER_INFO
run: |
echo "WIN_PKG=$env:WIN_PKG" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
env:
WIN_PKG: C:\Users\runneradmin\.pkg-cache\v2.5\fetched-v10.4.1-win-x64
- name: get pkg-fetch
shell: pwsh
run: |
cd $HOME
$fetchedUrl = "https://github.com/vercel/pkg-fetch/releases/download/v2.5/uploaded-v2.5-node-v10.4.1-win-x64"
New-Item -ItemType directory -Path ./.pkg-cache
New-Item -ItemType directory -Path ./.pkg-cache/v2.5
Invoke-RestMethod -Uri $fetchedUrl -OutFile "./.pkg-cache/v2.5/fetched-v10.4.1-win-x64"
env:
WIN_PKG: C:\Users\runneradmin\.pkg-cache\v2.5\fetched-v10.4.1-win-x64
- name: Keytar
shell: pwsh
run: |
$keytarVersion = (Get-Content -Raw -Path ./src/package.json | ConvertFrom-Json).dependencies.keytar
$nodeModVersion = node -e "console.log(process.config.variables.node_module_version)"
$keytarTar = "keytar-v${keytarVersion}-node-v${nodeModVersion}-{0}-x64.tar"
$keytarTarGz = "${keytarTar}.gz"
$keytarUrl = "https://github.com/atom/node-keytar/releases/download/v${keytarVersion}/${keytarTarGz}"
New-Item -ItemType directory -Path ./keytar/macos | Out-Null
New-Item -ItemType directory -Path ./keytar/linux | Out-Null
New-Item -ItemType directory -Path ./keytar/windows | Out-Null
Invoke-RestMethod -Uri $($keytarUrl -f "darwin") -OutFile "./keytar/macos/$($keytarTarGz -f "darwin")"
Invoke-RestMethod -Uri $($keytarUrl -f "linux") -OutFile "./keytar/linux/$($keytarTarGz -f "linux")"
Invoke-RestMethod -Uri $($keytarUrl -f "win32") -OutFile "./keytar/windows/$($keytarTarGz -f "win32")"
7z e "./keytar/macos/$($keytarTarGz -f "darwin")" -o"./keytar/macos"
7z e "./keytar/linux/$($keytarTarGz -f "linux")" -o"./keytar/linux"
7z e "./keytar/windows/$($keytarTarGz -f "win32")" -o"./keytar/windows"
7z e "./keytar/macos/$($keytarTar -f "darwin")" -o"./keytar/macos"
7z e "./keytar/linux/$($keytarTar -f "linux")" -o"./keytar/linux"
7z e "./keytar/windows/$($keytarTar -f "win32")" -o"./keytar/windows"
- name: Setup Version Info
shell: pwsh
run: ./scripts/make-versioninfo.ps1
- name: Resource Hacker
shell: cmd
run: |
set PATH=%PATH%;C:\Program Files (x86)\Resource Hacker
ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action delete -mask ICONGROUP,1,
ResourceHacker -open version-info.rc -save version-info.res -action compile
ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action addoverwrite -resource version-info.res
- name: Install
run: npm install
- name: Package CLI
run: npm run dist:cli
- name: Zip
shell: cmd
run: |
7z a ./dist-cli/bwdc-windows-%PACKAGE_VERSION%.zip ./dist-cli/windows/bwdc.exe ./keytar/windows/keytar.node
7z a ./dist-cli/bwdc-macos-%PACKAGE_VERSION%.zip ./dist-cli/macos/bwdc ./keytar/macos/keytar.node
7z a ./dist-cli/bwdc-linux-%PACKAGE_VERSION%.zip ./dist-cli/linux/bwdc ./keytar/linux/keytar.node
- name: Version Test
run: |
Expand-Archive -Path "./dist-cli/bwdc-windows-${env:PACKAGE_VERSION}.zip" -DestinationPath "./test/windows"
$testVersion = Invoke-Expression '& ./test/windows/bwdc.exe -v'
echo "version: $env:PACKAGE_VERSION"
echo "testVersion: $testVersion"
if($testVersion -ne $env:PACKAGE_VERSION) {
Throw "Version test failed."
}
- name: Create checksums
run: |
checksum -f="./dist-cli/bwdc-windows-${env:PACKAGE_VERSION}.zip" `
-t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:PACKAGE_VERSION}.txt
checksum -f="./dist-cli/bwdc-macos-${env:PACKAGE_VERSION}.zip" `
-t sha256 | Out-File ./dist-cli/bwdc-macos-sha256-${env:PACKAGE_VERSION}.txt
checksum -f="./dist-cli/bwdc-linux-${env:PACKAGE_VERSION}.zip" `
-t sha256 | Out-File ./dist-cli/bwdc-linux-sha256-${env:PACKAGE_VERSION}.txt
- name: upload windows zip release asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_path: ./dist-cli/bwdc-windows-${{ env.PACKAGE_VERSION }}.zip
asset_name: bwdc-windows-${{ env.PACKAGE_VERSION }}.zip
asset_content_type: application/zip
- name: upload macos zip release asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_path: ./dist-cli/bwdc-macos-${{ env.PACKAGE_VERSION }}.zip
asset_name: bwdc-macos-${{ env.PACKAGE_VERSION }}.zip
asset_content_type: application/zip
- name: upload linux zip release asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_path: ./dist-cli/bwdc-linux-${{ env.PACKAGE_VERSION }}.zip
asset_name: bwdc-linux-${{ env.PACKAGE_VERSION }}.zip
asset_content_type: application/zip
- name: upload windows checksum release asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_path: ./dist-cli/bwdc-windows-sha256-${{ env.PACKAGE_VERSION }}.txt
asset_name: bwdc-windows-sha256-${{ env.PACKAGE_VERSION }}.txt
asset_content_type: text/plain
- name: upload macos checksum release asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_path: ./dist-cli/bwdc-macos-sha256-${{ env.PACKAGE_VERSION }}.txt
asset_name: bwdc-macos-sha256-${{ env.PACKAGE_VERSION }}.txt
asset_content_type: text/plain
- name: upload linux checksum release asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup.outputs.release_upload_url }}
asset_path: ./dist-cli/bwdc-linux-sha256-${{ env.PACKAGE_VERSION }}.txt
asset_name: bwdc-linux-sha256-${{ env.PACKAGE_VERSION }}.txt
asset_content_type: text/plain
windows-gui:
runs-on: windows-latest
needs: setup
env:
PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps:
- name: Set up dotnet
uses: actions/setup-dotnet@v1
with:
dotnet-version: "3.1.x"
- name: Set up Node
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
shell: pwsh
- name: Print environment
run: |
node --version
npm --version
dotnet --version
- name: Install AST
shell: pwsh
run: |
cd $HOME
git clone https://github.com/vcsjones/AzureSignTool.git
cd AzureSignTool
$latest_head = $(git rev-parse HEAD)[0..9] -join ""
$latest_version = "0.0.0-g$latest_head"
Write-Host "--------"
Write-Host "git commit - $(git rev-parse HEAD)"
Write-Host "latest_head - $latest_head"
Write-Host "PACKAGE VERSION TO BUILD - $latest_version"
Write-Host "--------"
dotnet restore
dotnet pack --output ./nupkg
dotnet tool install --global --ignore-failed-sources --add-source ./nupkg --version $latest_version azuresigntool
cd $HOME
- name: Checkout repo
uses: actions/checkout@v2
- name: Install Node dependencies
run: npm install
- name: Run linter
run: npm run lint
- name: npm rebuild
run: npm run rebuild
- name: Build & Sign
run: |
npm run publish:win
env:
ELECTRON_BUILDER_SIGN: 1
SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
linux:
runs-on: ubuntu-latest
needs: setup
env:
PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps:
- name: Set up Node
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
- name: Set up environment
run: |
sudo apt-get update
sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev
sudo apt-get -y install rpm
- name: Checkout repo
uses: actions/checkout@v2
- name: Set PACKAGE_VERSION
shell: pwsh
run: |
$env:pkgVersion = (Get-Content -Raw -Path ./src/package.json | ConvertFrom-Json).version
echo "PACKAGE_VERSION=$env:pkgVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
echo "version: $env:pkgVersion"
- name: npm install
run: npm install
- name: npm rebuild
run: npm run rebuild
- name: npm package
run: npm run publish:lin
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
macos:
runs-on: macos-latest
needs: setup
env:
PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps:
- name: Set up Node
uses: actions/setup-node@v1
with:
node-version: '10.x'
- name: Set Node options
run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
- name: Print environment
run: |
node --version
npm --version
Write-Output "GitHub ref: $env:GITHUB_REF"
Write-Output "GitHub event: $env:GITHUB_EVENT"
shell: pwsh
env:
GITHUB_REF: ${{ github.ref }}
GITHUB_EVENT: ${{ github.event_name }}
- name: Checkout repo
uses: actions/checkout@v2
- name: Decrypt secrets
run: ./.github/scripts/macos/decrypt-secrets.ps1
shell: pwsh
env:
DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
- name: Set up keychain
run: ./.github/scripts/macos/setup-keychain.ps1
shell: pwsh
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
- name: Load package version
run: ./.github/scripts/load-version.ps1
shell: pwsh
- name: Install Node dependencies
run: npm install
- name: Run linter
run: npm run lint
- name: Build application (dist)
run: npm run publish:mac
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

2
README.md
Unescape View File

@ -1,4 +1,4 @@
[![appveyor build](https://ci.appveyor.com/api/projects/status/github/bitwarden/directory-connector?branch=master&svg=true)](https://ci.appveyor.com/project/bitwarden/directory-connector) [![Build](https://github.com/bitwarden/directory-connector/workflows/Build/badge.svg)
[![Join the chat at https://gitter.im/bitwarden/Lobby](https://badges.gitter.im/bitwarden/Lobby.svg)](https://gitter.im/bitwarden/Lobby) [![Join the chat at https://gitter.im/bitwarden/Lobby](https://badges.gitter.im/bitwarden/Lobby.svg)](https://gitter.im/bitwarden/Lobby)
# Bitwarden Directory Connector # Bitwarden Directory Connector

162
appveyor.yml
Unescape View File

@ -1,162 +0,0 @@
image:
- Visual Studio 2017
- Ubuntu1804
branches:
except:
- l10n_master
environment:
WIN_PKG: C:\Users\appveyor\.pkg-cache\v2.5\fetched-v10.4.1-win-x64
stack: node 10
init:
- ps: |
if($isWindows -and $env:DEBUG_RDP -eq "true") {
iex ((new-object net.webclient).DownloadString(`
'https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
}
- sh: sudo apt-get update
- sh: sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev rpm
- ps: |
if($isWindows) {
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-Product node 10
$env:PATH = "C:\Program Files (x86)\Resource Hacker;${env:PATH}"
}
if($env:APPVEYOR_REPO_TAG -eq "true") {
$env:RELEASE_NAME = $env:APPVEYOR_REPO_TAG_NAME.TrimStart("v")
}
install:
- ps: |
$env:PACKAGE_VERSION = (Get-Content -Raw -Path .\src\package.json | ConvertFrom-Json).version
$env:PROD_DEPLOY = "false"
if($env:APPVEYOR_REPO_TAG -eq "true" -and $env:APPVEYOR_RE_BUILD -eq "True") {
$env:PROD_DEPLOY = "true"
echo "This is a production deployment."
}
if($isWindows) {
if(Test-Path -Path $env:WIN_PKG) {
$env:VER_INFO = "true"
}
choco install reshack --no-progress
choco install cloc --no-progress
choco install checksum --no-progress
cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
.\make-versioninfo.ps1
}
- ps: |
if($isWindows) {
$keytarVersion = (Get-Content -Raw -Path .\src\package.json | ConvertFrom-Json).dependencies.keytar
$nodeModVersion = node -e "console.log(process.config.variables.node_module_version)"
$keytarTar = "keytar-v${keytarVersion}-node-v${nodeModVersion}-{0}-x64.tar"
$keytarTarGz = "${keytarTar}.gz"
$keytarUrl = "https://github.com/atom/node-keytar/releases/download/v${keytarVersion}/${keytarTarGz}"
New-Item -ItemType directory -Path .\keytar\macos | Out-Null
New-Item -ItemType directory -Path .\keytar\linux | Out-Null
New-Item -ItemType directory -Path .\keytar\windows | Out-Null
Invoke-RestMethod -Uri $($keytarUrl -f "darwin") -OutFile ".\keytar\macos\$($keytarTarGz -f "darwin")"
Invoke-RestMethod -Uri $($keytarUrl -f "linux") -OutFile ".\keytar\linux\$($keytarTarGz -f "linux")"
Invoke-RestMethod -Uri $($keytarUrl -f "win32") -OutFile ".\keytar\windows\$($keytarTarGz -f "win32")"
7z e ".\keytar\macos\$($keytarTarGz -f "darwin")" -o".\keytar\macos"
7z e ".\keytar\linux\$($keytarTarGz -f "linux")" -o".\keytar\linux"
7z e ".\keytar\windows\$($keytarTarGz -f "win32")" -o".\keytar\windows"
7z e ".\keytar\macos\$($keytarTar -f "darwin")" -o".\keytar\macos"
7z e ".\keytar\linux\$($keytarTar -f "linux")" -o".\keytar\linux"
7z e ".\keytar\windows\$($keytarTar -f "win32")" -o".\keytar\windows"
}
before_build:
- node --version
- npm --version
build_script:
- cmd: |
if defined VER_INFO ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action delete -mask ICONGROUP,1,
if defined VER_INFO ResourceHacker -open version-info.rc -save version-info.res -action compile
if defined VER_INFO ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action addoverwrite -resource version-info.res
- sh: npm install
- sh: npm run rebuild
- sh: npm run dist:lin
- cmd: npm install
- cmd: npm run rebuild
- cmd: npm run dist:win:ci
- cmd: npm run reset
- cmd: npm run dist:cli
- cmd: 7z a ./dist-cli/bwdc-windows-%PACKAGE_VERSION%.zip ./dist-cli/windows/bwdc.exe ./keytar/windows/keytar.node
- cmd: 7z a ./dist-cli/bwdc-macos-%PACKAGE_VERSION%.zip ./dist-cli/macos/bwdc ./keytar/macos/keytar.node
- cmd: 7z a ./dist-cli/bwdc-linux-%PACKAGE_VERSION%.zip ./dist-cli/linux/bwdc ./keytar/linux/keytar.node
- ps: |
if($isWindows) {
Expand-Archive -Path "./dist-cli/bwdc-windows-${env:PACKAGE_VERSION}.zip" -DestinationPath "./test/windows"
$testVersion = Invoke-Expression '& ./test/windows/bwdc.exe -v'
if($testVersion -ne $env:PACKAGE_VERSION) {
Throw "Version test failed."
}
}
- ps: |
if($isWindows) {
checksum -f="./dist-cli/bwdc-windows-${env:PACKAGE_VERSION}.zip" `
-t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:PACKAGE_VERSION}.txt
checksum -f="./dist-cli/bwdc-macos-${env:PACKAGE_VERSION}.zip" `
-t sha256 | Out-File ./dist-cli/bwdc-macos-sha256-${env:PACKAGE_VERSION}.txt
checksum -f="./dist-cli/bwdc-linux-${env:PACKAGE_VERSION}.zip" `
-t sha256 | Out-File ./dist-cli/bwdc-linux-sha256-${env:PACKAGE_VERSION}.txt
}
- ps: |
if($isLinux) {
Push-AppveyorArtifact ./dist/Bitwarden-Connector-${env:PACKAGE_VERSION}-x86_64.AppImage
}
else {
Push-AppveyorArtifact .\dist\Bitwarden-Connector-Portable-${env:PACKAGE_VERSION}.exe
Push-AppveyorArtifact .\dist\Bitwarden-Connector-Installer-${env:PACKAGE_VERSION}.exe
Push-AppveyorArtifact .\dist-cli\bwdc-windows-${env:PACKAGE_VERSION}.zip
Push-AppveyorArtifact .\dist-cli\bwdc-macos-${env:PACKAGE_VERSION}.zip
Push-AppveyorArtifact .\dist-cli\bwdc-linux-${env:PACKAGE_VERSION}.zip
Push-AppveyorArtifact .\dist-cli\bwdc-windows-sha256-${env:PACKAGE_VERSION}.txt
Push-AppveyorArtifact .\dist-cli\bwdc-macos-sha256-${env:PACKAGE_VERSION}.txt
Push-AppveyorArtifact .\dist-cli\bwdc-linux-sha256-${env:PACKAGE_VERSION}.txt
}
on_finish:
- ps: |
if($isWindows -and $env:DEBUG_RDP -eq "true") {
$blockRdp = $true
iex ((new-object net.webclient).DownloadString(`
'https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
}
for:
-
matrix:
only:
- image: Visual Studio 2017
cache:
- '%LOCALAPPDATA%\electron'
- '%LOCALAPPDATA%\electron-builder'
- 'C:\Users\appveyor\.pkg-cache\'
-
matrix:
only:
- image: Ubuntu1804
cache:
- '/home/appveyor/.cache/electron'
- '/home/appveyor/.cache/electron-builder'
deploy:
tag: $(APPVEYOR_REPO_TAG_NAME)
release: $(RELEASE_NAME)
provider: GitHub
auth_token: $(GH_TOKEN)
artifact: /.*\.(zip|txt)/,
force_update: true
on:
branch: master
APPVEYOR_REPO_TAG: true

3
package.json
Unescape View File

@ -85,7 +85,8 @@
"target": [ "target": [
"portable", "portable",
"nsis" "nsis"
] ],
"sign": "scripts/sign.js"
}, },
"linux": { "linux": {
"category": "Utility", "category": "Utility",

0
make-versioninfo.ps1 → scripts/make-versioninfo.ps1
Unescape View File

23
scripts/sign.js
Unescape View File

@ -0,0 +1,23 @@
exports.default = async function(configuration) {
if (
parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1 &&
configuration.path.slice(-4) == ".exe"
) {
console.log(`[*] Signing file: ${configuration.path}`)
require("child_process").execSync(
`azuresigntool sign ` +
`-kvu ${process.env.SIGNING_VAULT_URL} ` +
`-kvi ${process.env.SIGNING_CLIENT_ID} ` +
`-kvt ${process.env.SIGNING_TENANT_ID} ` +
`-kvs ${process.env.SIGNING_CLIENT_SECRET} ` +
`-kvc ${process.env.SIGNING_CERT_NAME} ` +
`-fd ${configuration.hash} ` +
`-du ${configuration.site} ` +
`-tr http://timestamp.digicert.com ` +
`"${configuration.path}"`,
{
stdio: "inherit"
}
);
}
};
Write Preview
Loading…
Cancel
Save