From e3ad0e48959c9e8a0b0a59d79a25c771924daa8c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 10:05:53 -0400 Subject: [PATCH 1/6] [deps]: Update bitwarden/gh-actions digest to 116cb2f (#664) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/release-go.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-go.yml b/.github/workflows/release-go.yml index c7a198056..5625570c9 100644 --- a/.github/workflows/release-go.yml +++ b/.github/workflows/release-go.yml @@ -74,7 +74,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c + uses: bitwarden/gh-actions/get-keyvault-secrets@116cb2f33ef6e9250c4525b2205ef3a2e761e796 with: keyvault: ${{ env._KEY_VAULT }} secrets: "github-pat-bitwarden-devops-bot-repo-scope" @@ -151,7 +151,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c + uses: bitwarden/gh-actions/get-keyvault-secrets@116cb2f33ef6e9250c4525b2205ef3a2e761e796 with: keyvault: ${{ env._KEY_VAULT }} secrets: "github-pat-bitwarden-devops-bot-repo-scope" From e51db84b828530f9414a9110f60f67e7e324ec73 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Mon, 18 Mar 2024 14:34:56 +0000 Subject: [PATCH 2/6] Update bitwarden actions to main (#669) --- .github/workflows/release-go.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-go.yml b/.github/workflows/release-go.yml index 5625570c9..a434dce4e 100644 --- a/.github/workflows/release-go.yml +++ b/.github/workflows/release-go.yml @@ -74,7 +74,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@116cb2f33ef6e9250c4525b2205ef3a2e761e796 + uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: ${{ env._KEY_VAULT }} secrets: "github-pat-bitwarden-devops-bot-repo-scope" @@ -151,7 +151,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@116cb2f33ef6e9250c4525b2205ef3a2e761e796 + uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: ${{ env._KEY_VAULT }} secrets: "github-pat-bitwarden-devops-bot-repo-scope" From 8522822583a85cf5c8cc4183bc8a209725cf18c6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 16:43:53 +0100 Subject: [PATCH 3/6] [deps]: Update Rust crate chrono to 0.4.35 (#667) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [chrono](https://togithub.com/chronotope/chrono) | dependencies | patch | `0.4.34` -> `0.4.35` | --- ### Release Notes
chronotope/chrono (chrono) ### [`v0.4.35`](https://togithub.com/chronotope/chrono/releases/tag/v0.4.35) [Compare Source](https://togithub.com/chronotope/chrono/compare/v0.4.34...v0.4.35) Most of our efforts have shifted to improving the API for a 0.5 release, for which cleanups and refactorings are landing on the 0.4.x branch. The most significant changes in this release are two sets of deprecations. - We deprecated all timestamp-related methods on `NaiveDateTime`. The reason is that a timestamp is defined to be in UTC. The `NaiveDateTime` type doesn't know the offset from UTC, so it was technically wrong to have these methods. The alternative is to use the similar methods on the `DateTime` type, or from the `TimeZone` trait. Converting from `NaiveDateTime` to `DateTime` is simple with `.and_utc()`, and in the other direction with `.naive_utc()`. - The panicking constructors of `TimeDelta` (the new name of the `Duration` type) are deprecated. This was the last part of chrono that defaulted to panicking on error, dating from before rust 1.0. - A nice change is that `NaiveDate` now includes a niche. So now `Option`, `Option` and `Option>` are the same size as their base types. - `format::Numeric` and `format::Fixed` are marked as `non_exhaustive`. This will allow us to improve our formatting and parsing support, and we have reason to believe this breaking change will have little to no impact on users. ### Additions - Add `DateTime::{from_timestamp_micros, from_timestamp_nanos}` ([#​1234](https://togithub.com/chronotope/chrono/issues/1234)) - Add getters to `Parsed` ([#​1465](https://togithub.com/chronotope/chrono/issues/1465)) ### Deprecations - Deprecate timestamp methods on `NaiveDateTime` ([#​1473](https://togithub.com/chronotope/chrono/issues/1473)) - Deprecate panicking constructors of `TimeDelta` ([#​1450](https://togithub.com/chronotope/chrono/issues/1450)) ### Changes/fixes - Use `NonZeroI32` inside `NaiveDate` ([#​1207](https://togithub.com/chronotope/chrono/issues/1207)) - Mark `format::Numeric` and `format::Fixed` as `non_exhaustive` ([#​1430](https://togithub.com/chronotope/chrono/issues/1430)) - `Parsed` fixes to error values ([#​1439](https://togithub.com/chronotope/chrono/issues/1439)) - Use `overflowing_naive_local` in `DateTime::checked_add*` ([#​1333](https://togithub.com/chronotope/chrono/issues/1333)) - Do complete range checks in `Parsed::set_*` ([#​1465](https://togithub.com/chronotope/chrono/issues/1465)) ### Documentation - Rustfmt doctests ([#​1452](https://togithub.com/chronotope/chrono/issues/1452)) - Improve docs for crate features ([#​1455](https://togithub.com/chronotope/chrono/issues/1455), thanks [@​edmorley](https://togithub.com/edmorley)) - Add more documentation and examples to `Parsed` ([#​1439](https://togithub.com/chronotope/chrono/issues/1439)) ### Internal - Refactor `internals` module ([#​1428](https://togithub.com/chronotope/chrono/issues/1428), [#​1429](https://togithub.com/chronotope/chrono/issues/1429), [#​1431](https://togithub.com/chronotope/chrono/issues/1431), [#​1432](https://togithub.com/chronotope/chrono/issues/1432), [#​1433](https://togithub.com/chronotope/chrono/issues/1433), [#​1438](https://togithub.com/chronotope/chrono/issues/1438)) - CI: test cross-compiling to `x86_64-unknown-illumos` instead of Solaris ([#​1437](https://togithub.com/chronotope/chrono/issues/1437)) - CI: lint Windows target, fix clippy warning ([#​1441](https://togithub.com/chronotope/chrono/issues/1441)) - CI: only run `cargo hack check` on Linux ([#​1442](https://togithub.com/chronotope/chrono/issues/1442)) - Update windows-bindgen to 0.54 ([#​1462](https://togithub.com/chronotope/chrono/issues/1462), [#​1483](https://togithub.com/chronotope/chrono/issues/1483)) - Simplify error value of `parse_internal` ([#​1459](https://togithub.com/chronotope/chrono/issues/1459)) - Simplify `SerdeError` ([#​1458](https://togithub.com/chronotope/chrono/issues/1458)) - Simplify `NaiveDate::from_isoywd` a bit ([#​1464](https://togithub.com/chronotope/chrono/issues/1464)) Thanks to all contributors on behalf of the chrono team, [@​djc](https://togithub.com/djc) and [@​pitdicker](https://togithub.com/pitdicker)!
--- ### Configuration 📅 **Schedule**: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/bitwarden/sdk). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Cargo.lock | 4 ++-- crates/bws/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b9f383413..a27fe8821 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -704,9 +704,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chrono" -version = "0.4.34" +version = "0.4.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5bc015644b92d5890fab7489e49d21f879d5c990186827d42ec511919404f38b" +checksum = "8eaf5903dcbc0a39312feb77df2ff4c76387d591b9fc7b04a238dcf8bb62639a" dependencies = [ "android-tzdata", "iana-time-zone", diff --git a/crates/bws/Cargo.toml b/crates/bws/Cargo.toml index f85744656..ccf143c47 100644 --- a/crates/bws/Cargo.toml +++ b/crates/bws/Cargo.toml @@ -18,7 +18,7 @@ license-file.workspace = true bat = { version = "0.24.0", features = [ "regex-onig", ], default-features = false } -chrono = { version = "0.4.34", features = [ +chrono = { version = "0.4.35", features = [ "clock", "std", ], default-features = false } From 240c4345aeb6caafc93dcb998487c718a31d6ea0 Mon Sep 17 00:00:00 2001 From: Matt Bishop Date: Mon, 18 Mar 2024 12:46:42 -0400 Subject: [PATCH 4/6] Scanning (#630) ## Objective Introduces a new GitHub Actions workflow named `Scan` in the `.github/workflows/scan.yml` file. The workflow is triggered on manual dispatch, push to the `main`, `rc`, and `hotfix-rc` branches, and when a pull request is opened or synchronized. The workflow includes two jobs: `sast` and `quality`. The `sast` job runs a Static Application Security Testing (SAST) scan using Checkmarx and uploads the results to GitHub. The `quality` job runs a quality scan using SonarCloud. * [`.github/workflows/scan.yml`](diffhunk://#diff-246cd0c2f7db532638dd80a92ac011f49b3d26038983a4c0169ea8f8a5c39280R1-R71): Added a new GitHub Actions workflow named `Scan`. This workflow is triggered on manual dispatch, push to the `main`, `rc`, and `hotfix-rc` branches, and when a pull request is opened or synchronized. The workflow includes two jobs: `sast` and `quality`. The `sast` job runs a Static Application Security Testing (SAST) scan using Checkmarx and uploads the results to GitHub. The `quality` job runs a quality scan using SonarCloud. ## Before you submit - Please add **unit tests** where it makes sense to do so --- .github/workflows/scan.yml | 71 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 .github/workflows/scan.yml diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml new file mode 100644 index 000000000..45763089c --- /dev/null +++ b/.github/workflows/scan.yml @@ -0,0 +1,71 @@ +name: Scan + +on: + workflow_dispatch: + push: + branches: + - "main" + - "rc" + - "hotfix-rc" + pull_request_target: + types: [opened, synchronize] + +permissions: read-all + +jobs: + check-run: + name: Check PR run + uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main + + sast: + name: SAST scan + runs-on: ubuntu-22.04 + needs: check-run + permissions: + security-events: write + + steps: + - name: Check out repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Scan with Checkmarx + uses: checkmarx/ast-github-action@749fec53e0db0f6404a97e2e0807c3e80e3583a7 #2.0.23 + env: + INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}" + with: + project_name: ${{ github.repository }} + cx_tenant: ${{ secrets.CHECKMARX_TENANT }} + base_uri: https://ast.checkmarx.net/ + cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }} + cx_client_secret: ${{ secrets.CHECKMARX_SECRET }} + additional_params: --report-format sarif --output-path . ${{ env.INCREMENTAL }} + + - name: Upload Checkmarx results to GitHub + uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + with: + sarif_file: cx_result.sarif + + quality: + name: Quality scan + runs-on: ubuntu-22.04 + needs: check-run + + steps: + - name: Check out repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + + - name: Scan with SonarCloud + uses: sonarsource/sonarcloud-github-action@49e6cd3b187936a73b8280d59ffd9da69df63ec9 # v2.1.1 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + args: > + -Dsonar.organization=${{ github.repository_owner }} + -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }} + -Dsonar.exclusions=languages/** From b6d36ead37bbcfc8daaa8a35d7292cdccfd9db58 Mon Sep 17 00:00:00 2001 From: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com> Date: Mon, 18 Mar 2024 10:04:37 -0700 Subject: [PATCH 5/6] Update CHANGELOG.md (#658) ## Type of change - [ ] Bug fix - [ ] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [x] Other ## Objective Update changelog to mention the `bws` Docker image --------- Co-authored-by: Oscar Hinton --- crates/bws/CHANGELOG.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/crates/bws/CHANGELOG.md b/crates/bws/CHANGELOG.md index 2bb431485..642266c70 100644 --- a/crates/bws/CHANGELOG.md +++ b/crates/bws/CHANGELOG.md @@ -7,10 +7,20 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] -### Changed +### Added -- Switched TLS backend to `rustls`, removing the dependency on `OpenSSL`. - Add a `BWS_CONFIG_FILE` environment variable to specify the location of the config file (#571) +- The `bws` CLI is now available as a Docker image (`docker run -it bitwarden/bws --help`) (#305) +- The `bws` CLI releases are now code signed on Windows and Mac (#534, #535) + +### Fixed + +- Re-add output options to the help menu after they were accidentally removed (#477) + +### Changed + +- Switched TLS backend to `rusttls`, removing the dependency on `OpenSSL` (#374) +- Updated MSRV for `bws` to `1.71.0` (#589) ## [0.4.0] - 2023-12-21 From a5185511a77ae5c644b84fdfbbf379799a941baf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Tue, 19 Mar 2024 16:07:23 +0100 Subject: [PATCH 6/6] [DEVOPS-1786] Update release pipeline for PHP SDK (#659) ## Type of change ``` - [ ] Bug fix - [ ] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [x] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective Update release pipeline for PHP SDK. ## Code changes - **file.ext:** Description of what was changed and why ## Before you submit - Please add **unit tests** where it makes sense to do so --- .github/workflows/publish-php.yml | 267 +++++++++++++++++++++++++---- .github/workflows/version-bump.yml | 7 + languages/php/composer.json | 3 +- 3 files changed, 239 insertions(+), 38 deletions(-) diff --git a/.github/workflows/publish-php.yml b/.github/workflows/publish-php.yml index 00b34c23f..aefeae60a 100644 --- a/.github/workflows/publish-php.yml +++ b/.github/workflows/publish-php.yml @@ -1,20 +1,50 @@ name: Publish PHP SDK +run-name: Publish PHP SDK ${{ inputs.release_type }} on: - push: - branches: - - main + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +env: + _KEY_VAULT: "bitwarden-ci" jobs: - build_rust: - uses: ./.github/workflows/build-rust-cross-platform.yml + validate: + name: Setup + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - setup_php: + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + echo "===================================" + echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "===================================" + exit 1 + fi + + - name: Get version + id: version + run: | + VERSION=$(cat languages/php/composer.json | grep -Eo '"version": "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + setup-php: name: Setup PHP runs-on: ubuntu-22.04 - needs: - - build_rust - steps: - name: Checkout Repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -32,44 +62,207 @@ jobs: composer validate working-directory: languages/php/ - - name: Download x86_64-apple-darwin files - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + repo-sync: + name: Push changed files to SDK PHP repo + runs-on: ubuntu-22.04 + needs: + - validate + - setup-php + env: + _BOT_EMAIL: 106330231+bitwarden-devops-bot@users.noreply.github.com + _BOT_NAME: bitwarden-devops-bot + _PKG_VERSION: ${{ needs.validate.outputs.version }} + steps: + - name: Checkout SDK repo + uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0 with: - name: libbitwarden_c_files-x86_64-apple-darwin - path: temp/macos-x64 + path: sdk - - name: Download aarch64-apple-darwin files - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + - name: Login to Azure - Prod Subscription + uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: - name: libbitwarden_c_files-aarch64-apple-darwin - path: temp/macos-arm64 + creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }} - - name: Download x86_64-unknown-linux-gnu files - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c with: - name: libbitwarden_c_files-x86_64-unknown-linux-gnu - path: temp/linux-x64 + keyvault: ${{ env._KEY_VAULT }} + secrets: "github-pat-bitwarden-devops-bot-repo-scope" - - name: Download x86_64-pc-windows-msvc files - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + - name: Checkout SDK-PHP repo + uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0 with: - name: libbitwarden_c_files-x86_64-pc-windows-msvc - path: temp/windows-x64 + repository: bitwarden/sm-sdk-php + path: sm-sdk-php + ref: main + token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} - - name: Copy lib files + - name: Setup Git + working-directory: sm-sdk-php run: | - mkdir -p languages/php/src/lib/macos-arm64 - mkdir -p languages/php/src/lib/linux-x64 - mkdir -p languages/php/src/lib/macos-x64 - mkdir -p languages/php/src/lib/windows-x64 + git config --local user.email "${{ env._BOT_EMAIL }}" + git config --local user.name "${{ env._BOT_NAME }}" - platforms=("macos-arm64" "linux-x64" "macos-x64" "windows-x64") - files=("libbitwarden_c.dylib" "libbitwarden_c.so" "libbitwarden_c.dylib" "bitwarden_c.dll") + - name: Update files + run: | + # Copy files to local sm-sdk-php repo path + cp --verbose -rf sdk/languages/php/. sm-sdk-php + + - name: Replace repo name + working-directory: sm-sdk-php + run: | + find . -name '*' -exec \ + sed -i -e 's/github.com\/bitwarden\/sdk\/languages\/php/github.com\/bitwarden\/sm-sdk-php/g' {} \; - for ((i=0; i<${#platforms[@]}; i++)); do - cp "temp/${platforms[$i]}/${files[$i]}" "languages/php/src/lib/${platforms[$i]}/${files[$i]}" - done + find . -name '*' -exec \ + sed -i -e 's/github.com\/bitwarden\/sdk/github.com\/bitwarden\/sm-sdk-php/g' {} \; + + - name: Push changes + working-directory: sm-sdk-php + run: | + git add . + git commit -m "Update Go SDK to ${{ github.sha }}" + + if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then + echo "===================================" + echo "[!] Dry Run - Skipping push" + echo "===================================" + git ls-files -m + exit 0 + else + git push origin main + fi + + - name: Create release tag on SDK Go repo + if: ${{ inputs.release_type != 'Dry Run' }} + working-directory: sm-sdk-php + run: | + # Check if tag exists, set output then exit 0 if true. + if git log v${{ env._PKG_VERSION }} >/dev/null 2>&1; then + echo "===================================" + echo "[!] Tag v${{ env._PKG_VERSION }} already exists" + echo "===================================" + exit 1 + fi + + git tag v${{ env._PKG_VERSION }} + git push origin v${{ env._PKG_VERSION }} + + github-release: + name: GitHub Release + runs-on: ubuntu-22.04 + needs: + - setup-php + - repo-sync + - validate + env: + _PKG_VERSION: ${{ needs.validate.outputs.version }} + steps: + - name: Login to Azure - Prod Subscription + uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 + with: + creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c + with: + keyvault: ${{ env._KEY_VAULT }} + secrets: "github-pat-bitwarden-devops-bot-repo-scope" + + - name: Download x86_64-apple-darwin artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + artifacts: libbitwarden_c_files-x86_64-apple-darwin + skip_unpack: true + + - name: Download aarch64-apple-darwin artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + artifacts: libbitwarden_c_files-aarch64-apple-darwin + skip_unpack: true + + - name: Download x86_64-unknown-linux-gnu artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu + skip_unpack: true + + - name: Download x86_64-pc-windows-msvc artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc + skip_unpack: true + + - name: Rename build artifacts + run: | + mv libbitwarden_c_files-x86_64-apple-darwin.zip libbitwarden_c_files-x86_64-apple-darwin-$_PKG_VERSION.zip + mv libbitwarden_c_files-aarch64-apple-darwin.zip libbitwarden_c_files-aarch64-apple-darwin-$_PKG_VERSION.zip + mv libbitwarden_c_files-x86_64-unknown-linux-gnu.zip libbitwarden_c_files-x86_64-unknown-linux-gnu-$_PKG_VERSION.zip + mv libbitwarden_c_files-x86_64-pc-windows-msvc.zip libbitwarden_c_files-x86_64-pc-windows-msvc-$_PKG_VERSION.zip + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0 + with: + tag: v${{ env._PKG_VERSION }} + name: v${{ env._PKG_VERSION }} + body: "" + token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} + draft: true + repo: sm-sdk-php + owner: bitwarden + artifacts: "libbitwarden_c_files-x86_64-apple-darwin-${{ env._PKG_VERSION }}.zip, + libbitwarden_c_files-aarch64-apple-darwin-${{ env._PKG_VERSION }}.zip, + libbitwarden_c_files-x86_64-unknown-linux-gnu-${{ env._PKG_VERSION }}.zip, + libbitwarden_c_files-x86_64-pc-windows-msvc-${{ env._PKG_VERSION }}.zip" + + packagist-publish: + name: Publish to Packagist + runs-on: ubuntu-22.04 + needs: + - validate + - setup-php + - repo-sync + - github-release + steps: + - name: Login to Azure - Prod Subscription + uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 + with: + creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c + with: + keyvault: ${{ env._KEY_VAULT }} + secrets: "github-pat-bitwarden-devops-bot-repo-scope, + packagist-key" + + - name: Checkout SDK-PHP repo + uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0 + with: + repository: bitwarden/sm-sdk-php + path: sm-sdk-php + ref: main + token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} - name: Publish version - run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=malirobot&apiToken=${{secrets.PACKAGIST_KEY}}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/sdk"}}' - working-directory: languages/php/ + if: ${{ inputs.release_type != 'Dry Run' }} + env: + PACKAGIST_KEY: ${{ steps.retrieve-secrets.outputs.packagist-key }} + run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=bitwarden&apiToken=${{ env.PACKAGIST_KEY }}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/sdk-secrets"}}' + working-directory: sm-sdk-php diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 8298781fc..b4f41b5ef 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -21,6 +21,7 @@ on: - python-sdk - ruby-sdk - go-sdk + - php-sdk version_number: description: "New version (example: '2024.1.0')" required: true @@ -162,6 +163,12 @@ jobs: if: ${{ inputs.project == 'go-sdk' }} run: sed -i 's/[0-9]\.[0-9]\.[0-9]/${{ inputs.version_number }}/' ./languages/go/.version + ### php sdk + - name: Bump php-sdk Version + if: ${{ inputs.project == 'php-sdk' }} + run: | + sed -i 's/"version": "[0-9]\.[0-9]\.[0-9]"/"version": "${{ inputs.version_number }}"/' ./languages/php/composer.json + ############################ # VERSION BUMP SECTION END # ############################ diff --git a/languages/php/composer.json b/languages/php/composer.json index 18b333eac..85447e72a 100644 --- a/languages/php/composer.json +++ b/languages/php/composer.json @@ -1,9 +1,10 @@ { - "name": "bitwarden/sdk", + "name": "bitwarden/sdk-secrets", "description": "PHP bindings for interacting with the Bitwarden Secrets Manager. This is a beta release and might be missing some functionality.", "type": "library", "keywords": ["bitwarden","sdk","password-manager"], "homepage": "https://github.com/bitwarden/sdk", + "version": "0.1.0", "require": { "php": "^8.0", "swaggest/json-schema": "^0.12.42",