From 6d45212dae09c99ab8ac79e20a1bf2182afaacb0 Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Mon, 15 Apr 2024 14:10:08 +0200 Subject: [PATCH 1/6] Set login_method when registering for tde (#711) We should set login_method when registering TDE keys --- .../bitwarden-crypto/src/keys/master_key.rs | 21 +++++++++++++++++++ crates/bitwarden-crypto/src/keys/mod.rs | 5 ++++- crates/bitwarden-uniffi/src/auth/mod.rs | 13 ++++++------ .../api/response/identity_success_response.rs | 6 ++++-- crates/bitwarden/src/auth/client_auth.rs | 3 ++- .../bitwarden/src/auth/login/auth_request.rs | 6 +----- crates/bitwarden/src/auth/login/mod.rs | 3 +-- crates/bitwarden/src/auth/register.rs | 8 +++---- crates/bitwarden/src/auth/tde.rs | 10 ++++++++- crates/bitwarden/src/util.rs | 18 ---------------- 10 files changed, 51 insertions(+), 42 deletions(-) diff --git a/crates/bitwarden-crypto/src/keys/master_key.rs b/crates/bitwarden-crypto/src/keys/master_key.rs index b6921fc6b..1fd678452 100644 --- a/crates/bitwarden-crypto/src/keys/master_key.rs +++ b/crates/bitwarden-crypto/src/keys/master_key.rs @@ -21,6 +21,27 @@ pub enum Kdf { }, } +impl Default for Kdf { + fn default() -> Self { + Kdf::PBKDF2 { + iterations: default_pbkdf2_iterations(), + } + } +} + +pub fn default_pbkdf2_iterations() -> NonZeroU32 { + NonZeroU32::new(600_000).expect("Non-zero number") +} +pub fn default_argon2_iterations() -> NonZeroU32 { + NonZeroU32::new(3).expect("Non-zero number") +} +pub fn default_argon2_memory() -> NonZeroU32 { + NonZeroU32::new(64).expect("Non-zero number") +} +pub fn default_argon2_parallelism() -> NonZeroU32 { + NonZeroU32::new(4).expect("Non-zero number") +} + #[derive(Copy, Clone, JsonSchema)] #[cfg_attr(feature = "mobile", derive(uniffi::Enum))] pub enum HashPurpose { diff --git a/crates/bitwarden-crypto/src/keys/mod.rs b/crates/bitwarden-crypto/src/keys/mod.rs index 435f1011b..62b378808 100644 --- a/crates/bitwarden-crypto/src/keys/mod.rs +++ b/crates/bitwarden-crypto/src/keys/mod.rs @@ -1,7 +1,10 @@ mod key_encryptable; pub use key_encryptable::{CryptoKey, KeyDecryptable, KeyEncryptable}; mod master_key; -pub use master_key::{HashPurpose, Kdf, MasterKey}; +pub use master_key::{ + default_argon2_iterations, default_argon2_memory, default_argon2_parallelism, + default_pbkdf2_iterations, HashPurpose, Kdf, MasterKey, +}; mod shareable_key; pub use shareable_key::derive_shareable_key; mod symmetric_crypto_key; diff --git a/crates/bitwarden-uniffi/src/auth/mod.rs b/crates/bitwarden-uniffi/src/auth/mod.rs index 62b709045..c6aed44eb 100644 --- a/crates/bitwarden-uniffi/src/auth/mod.rs +++ b/crates/bitwarden-uniffi/src/auth/mod.rs @@ -82,16 +82,15 @@ impl ClientAuth { /// Generate keys needed for TDE process pub async fn make_register_tde_keys( &self, + email: String, org_public_key: String, remember_device: bool, ) -> Result { - Ok(self - .0 - .0 - .write() - .await - .auth() - .make_register_tde_keys(org_public_key, remember_device)?) + Ok(self.0 .0.write().await.auth().make_register_tde_keys( + email, + org_public_key, + remember_device, + )?) } /// Validate the user password diff --git a/crates/bitwarden/src/auth/api/response/identity_success_response.rs b/crates/bitwarden/src/auth/api/response/identity_success_response.rs index fb59c1caa..94ebe9445 100644 --- a/crates/bitwarden/src/auth/api/response/identity_success_response.rs +++ b/crates/bitwarden/src/auth/api/response/identity_success_response.rs @@ -22,7 +22,7 @@ pub struct IdentityTokenSuccessResponse { #[serde( rename = "kdfIterations", alias = "KdfIterations", - default = "crate::util::default_pbkdf2_iterations" + default = "bitwarden_crypto::default_pbkdf2_iterations" )] kdf_iterations: NonZeroU32, @@ -41,6 +41,8 @@ pub struct IdentityTokenSuccessResponse { #[cfg(test)] mod test { + use bitwarden_crypto::default_pbkdf2_iterations; + use super::*; impl Default for IdentityTokenSuccessResponse { @@ -54,7 +56,7 @@ mod test { key: Default::default(), two_factor_token: Default::default(), kdf: KdfType::default(), - kdf_iterations: crate::util::default_pbkdf2_iterations(), + kdf_iterations: default_pbkdf2_iterations(), reset_master_password: Default::default(), force_password_reset: Default::default(), api_use_key_connector: Default::default(), diff --git a/crates/bitwarden/src/auth/client_auth.rs b/crates/bitwarden/src/auth/client_auth.rs index 5029d389b..b3afe133a 100644 --- a/crates/bitwarden/src/auth/client_auth.rs +++ b/crates/bitwarden/src/auth/client_auth.rs @@ -76,10 +76,11 @@ impl<'a> ClientAuth<'a> { pub fn make_register_tde_keys( &mut self, + email: String, org_public_key: String, remember_device: bool, ) -> Result { - make_register_tde_keys(self.client, org_public_key, remember_device) + make_register_tde_keys(self.client, email, org_public_key, remember_device) } pub async fn register(&mut self, input: &RegisterRequest) -> Result<()> { diff --git a/crates/bitwarden/src/auth/login/auth_request.rs b/crates/bitwarden/src/auth/login/auth_request.rs index 0e9cb6795..fb449e5d4 100644 --- a/crates/bitwarden/src/auth/login/auth_request.rs +++ b/crates/bitwarden/src/auth/login/auth_request.rs @@ -1,5 +1,3 @@ -use std::num::NonZeroU32; - use bitwarden_api_api::{ apis::auth_requests_api::{auth_requests_id_response_get, auth_requests_post}, models::{AuthRequestCreateRequestModel, AuthRequestType}, @@ -86,9 +84,7 @@ pub(crate) async fn complete_auth_request( .await?; if let IdentityTokenResponse::Authenticated(r) = response { - let kdf = Kdf::PBKDF2 { - iterations: NonZeroU32::new(600_000).expect("Non-zero number"), - }; + let kdf = Kdf::default(); client.set_tokens( r.access_token.clone(), diff --git a/crates/bitwarden/src/auth/login/mod.rs b/crates/bitwarden/src/auth/login/mod.rs index 53ea712cc..745e0b78c 100644 --- a/crates/bitwarden/src/auth/login/mod.rs +++ b/crates/bitwarden/src/auth/login/mod.rs @@ -58,8 +58,7 @@ pub(crate) fn parse_prelogin(response: PreloginResponseModel) -> Result { use std::num::NonZeroU32; use bitwarden_api_identity::models::KdfType; - - use crate::util::{ + use bitwarden_crypto::{ default_argon2_iterations, default_argon2_memory, default_argon2_parallelism, default_pbkdf2_iterations, }; diff --git a/crates/bitwarden/src/auth/register.rs b/crates/bitwarden/src/auth/register.rs index 31b69c515..5cedd9c53 100644 --- a/crates/bitwarden/src/auth/register.rs +++ b/crates/bitwarden/src/auth/register.rs @@ -2,11 +2,11 @@ use bitwarden_api_identity::{ apis::accounts_api::accounts_register_post, models::{KeysRequestModel, RegisterRequestModel}, }; -use bitwarden_crypto::{HashPurpose, MasterKey, RsaKeyPair}; +use bitwarden_crypto::{default_pbkdf2_iterations, HashPurpose, MasterKey, RsaKeyPair}; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; -use crate::{client::Kdf, error::Result, util::default_pbkdf2_iterations, Client}; +use crate::{client::Kdf, error::Result, Client}; #[derive(Serialize, Deserialize, Debug, JsonSchema)] #[serde(rename_all = "camelCase", deny_unknown_fields)] @@ -21,9 +21,7 @@ pub struct RegisterRequest { pub(super) async fn register(client: &mut Client, req: &RegisterRequest) -> Result<()> { let config = client.get_api_configurations().await; - let kdf = Kdf::PBKDF2 { - iterations: default_pbkdf2_iterations(), - }; + let kdf = Kdf::default(); let keys = make_register_keys(req.email.to_owned(), req.password.to_owned(), kdf)?; diff --git a/crates/bitwarden/src/auth/tde.rs b/crates/bitwarden/src/auth/tde.rs index 0bbbb904a..420448f16 100644 --- a/crates/bitwarden/src/auth/tde.rs +++ b/crates/bitwarden/src/auth/tde.rs @@ -1,6 +1,6 @@ use base64::{engine::general_purpose::STANDARD, Engine}; use bitwarden_crypto::{ - AsymmetricEncString, AsymmetricPublicCryptoKey, DeviceKey, EncString, SymmetricCryptoKey, + AsymmetricEncString, AsymmetricPublicCryptoKey, DeviceKey, EncString, Kdf, SymmetricCryptoKey, TrustDeviceResponse, UserKey, }; @@ -11,6 +11,7 @@ use crate::{error::Result, Client}; /// password reset. If remember_device is true, it also generates a device key. pub(super) fn make_register_tde_keys( client: &mut Client, + email: String, org_public_key: String, remember_device: bool, ) -> Result { @@ -30,6 +31,13 @@ pub(super) fn make_register_tde_keys( None }; + client.set_login_method(crate::client::LoginMethod::User( + crate::client::UserLoginMethod::Username { + client_id: "".to_owned(), + email, + kdf: Kdf::default(), + }, + )); client.initialize_user_crypto_decrypted_key(user_key.0, key_pair.private.clone())?; Ok(RegisterTdeKeyResponse { diff --git a/crates/bitwarden/src/util.rs b/crates/bitwarden/src/util.rs index 5611b4077..aaf47a1a6 100644 --- a/crates/bitwarden/src/util.rs +++ b/crates/bitwarden/src/util.rs @@ -1,26 +1,8 @@ -use std::num::NonZeroU32; - use base64::{ alphabet, engine::{DecodePaddingMode, GeneralPurpose, GeneralPurposeConfig}, }; -pub fn default_pbkdf2_iterations() -> NonZeroU32 { - NonZeroU32::new(600_000).expect("Non-zero number") -} -#[cfg(feature = "internal")] -pub fn default_argon2_iterations() -> NonZeroU32 { - NonZeroU32::new(3).expect("Non-zero number") -} -#[cfg(feature = "internal")] -pub fn default_argon2_memory() -> NonZeroU32 { - NonZeroU32::new(64).expect("Non-zero number") -} -#[cfg(feature = "internal")] -pub fn default_argon2_parallelism() -> NonZeroU32 { - NonZeroU32::new(4).expect("Non-zero number") -} - const INDIFFERENT: GeneralPurposeConfig = GeneralPurposeConfig::new().with_decode_padding_mode(DecodePaddingMode::Indifferent); From 0be54d1820f053056f6ba530633400579928f1ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Mon, 15 Apr 2024 14:58:31 +0200 Subject: [PATCH 2/6] Publish WASM package to enable argon2 support on CLI (#691) ## Type of change ``` - [ ] Bug fix - [x] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [x] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective Continuation of #680 I've created workflows to publish the WASM builds to NPM, so that it can be used from the CLI client. The publishing step is based on the NAPI builds, and I've tested it against the Github NPM registry. We'll need to get a build going and published on the NPM registry to be able to use it on the CLI. --------- Co-authored-by: Hinton --- .github/workflows/build-wasm.yml | 58 ++++++++++++ .github/workflows/release-wasm.yml | 132 ++++++++++++++++++++++++++++ Cargo.lock | 1 + crates/bitwarden-wasm/Cargo.toml | 4 + crates/bitwarden-wasm/src/client.rs | 25 ++++++ languages/js/wasm/package.json | 5 +- 6 files changed, 224 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/build-wasm.yml create mode 100644 .github/workflows/release-wasm.yml diff --git a/.github/workflows/build-wasm.yml b/.github/workflows/build-wasm.yml new file mode 100644 index 000000000..0bc29b4e0 --- /dev/null +++ b/.github/workflows/build-wasm.yml @@ -0,0 +1,58 @@ +--- +name: Build @bitwarden/sdk-wasm + +on: + pull_request: + push: + branches: + - "main" + - "rc" + - "hotfix-rc" + workflow_dispatch: + +defaults: + run: + shell: bash + working-directory: crates/bitwarden-wasm + +jobs: + build: + name: Building @bitwarden/sdk-wasm + runs-on: ubuntu-22.04 + + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Setup Node + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + with: + node-version: 18 + cache: "npm" + + - name: Install dependencies + run: npm i -g binaryen + + - name: Install rust + uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # stable + with: + toolchain: stable + targets: wasm32-unknown-unknown + + - name: Cache cargo registry + uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 + with: + key: wasm-cargo-cache + + - name: Install wasm-bindgen-cli + run: cargo install wasm-bindgen-cli + + - name: Build + run: ./build.sh -r + + - name: Upload artifact + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + with: + name: sdk-bitwarden-wasm + path: ${{ github.workspace }}/languages/js/wasm/* + if-no-files-found: error diff --git a/.github/workflows/release-wasm.yml b/.github/workflows/release-wasm.yml new file mode 100644 index 000000000..c4946a0e1 --- /dev/null +++ b/.github/workflows/release-wasm.yml @@ -0,0 +1,132 @@ +--- +name: Release @bitwarden/sdk-wasm +run-name: Release @bitwarden/sdk-wasm ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + npm_publish: + description: "Publish to NPM registry" + required: true + default: true + type: boolean + +defaults: + run: + shell: bash + working-directory: languages/js/wasm + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Branch check + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + echo "===================================" + echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "===================================" + exit 1 + fi + + - name: Check Release Version + id: version + uses: bitwarden/gh-actions/release-version-check@main + with: + release-type: ${{ github.event.inputs.release_type }} + project-type: ts + file: languages/js/wasm/package.json + monorepo: false + + - name: Create GitHub deployment + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment + with: + token: "${{ secrets.GITHUB_TOKEN }}" + initial-status: "in_progress" + environment: "Bitwarden SDK WASM - Production" + description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" + task: release + + - name: Update deployment status to Success + if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "success" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + - name: Update deployment status to Failure + if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "failure" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + npm: + name: Publish NPM + runs-on: ubuntu-22.04 + needs: setup + if: inputs.npm_publish + env: + _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Setup Node + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + with: + node-version: 18 + cache: "npm" + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "npm-api-key" + + - name: Download artifacts + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-wasm.yml + path: ${{ github.workspace }}/languages/js/wasm + workflow_conclusion: success + branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + + - name: Setup NPM + run: | + echo 'registry="https://registry.npmjs.org/"' > ./.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc + + echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + env: + NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} + + - name: Publish NPM + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc diff --git a/Cargo.lock b/Cargo.lock index a00d91bd8..bda3a9c4a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -522,6 +522,7 @@ dependencies = [ name = "bitwarden-wasm" version = "0.1.0" dependencies = [ + "argon2", "bitwarden-json", "console_error_panic_hook", "console_log", diff --git a/crates/bitwarden-wasm/Cargo.toml b/crates/bitwarden-wasm/Cargo.toml index ff4cf13c3..a4ba8b6ae 100644 --- a/crates/bitwarden-wasm/Cargo.toml +++ b/crates/bitwarden-wasm/Cargo.toml @@ -15,6 +15,10 @@ keywords.workspace = true crate-type = ["cdylib"] [dependencies] +argon2 = { version = ">=0.5.0, <0.6", features = [ + "alloc", + "zeroize", +], default-features = false } bitwarden-json = { path = "../bitwarden-json", features = [ "secrets", "internal", diff --git a/crates/bitwarden-wasm/src/client.rs b/crates/bitwarden-wasm/src/client.rs index 542759731..bca8c2383 100644 --- a/crates/bitwarden-wasm/src/client.rs +++ b/crates/bitwarden-wasm/src/client.rs @@ -1,6 +1,7 @@ extern crate console_error_panic_hook; use std::rc::Rc; +use argon2::{Algorithm, Argon2, Params, Version}; use bitwarden_json::client::Client as JsonClient; use js_sys::Promise; use log::Level; @@ -54,3 +55,27 @@ impl BitwardenClient { }) } } + +#[wasm_bindgen] +pub fn argon2( + password: &[u8], + salt: &[u8], + iterations: u32, + memory: u32, + parallelism: u32, +) -> Result, JsError> { + let argon = Argon2::new( + Algorithm::Argon2id, + Version::V0x13, + Params::new( + memory * 1024, // Convert MiB to KiB + iterations, + parallelism, + Some(32), + )?, + ); + + let mut hash = [0u8; 32]; + argon.hash_password_into(password, salt, &mut hash)?; + Ok(hash.to_vec()) +} diff --git a/languages/js/wasm/package.json b/languages/js/wasm/package.json index 26379c9a6..eadbb5fb3 100644 --- a/languages/js/wasm/package.json +++ b/languages/js/wasm/package.json @@ -4,17 +4,20 @@ "files": [ "bitwarden_wasm_bg.js", "bitwarden_wasm_bg.wasm", + "bitwarden_wasm_bg.wasm.d.ts", + "bitwarden_wasm_bg.wasm.js", "bitwarden_wasm.d.ts", "bitwarden_wasm.js", "index.js", - "node/bitwarden_wasm_bg.wasm.d.ts", "node/bitwarden_wasm_bg.wasm", + "node/bitwarden_wasm_bg.wasm.d.ts", "node/bitwarden_wasm.d.ts", "node/bitwarden_wasm.js" ], "main": "node/bitwarden_wasm.js", "module": "index.js", "types": "bitwarden_wasm.d.ts", + "scripts": {}, "sideEffects": [ "./bitwarden_wasm.js", "./snippets/*" From 38b4d25dd7e2b0c64aa7acca5b92d29f8f639fae Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 10:57:14 -0400 Subject: [PATCH 3/6] [deps]: Update dtolnay/rust-toolchain digest to bb45937 (#713) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build-android.yml | 4 ++-- .github/workflows/build-cli.yml | 8 ++++---- .github/workflows/build-napi.yml | 2 +- .github/workflows/build-python-wheels.yml | 2 +- .github/workflows/build-rust-crates.yml | 4 ++-- .github/workflows/build-rust-cross-platform.yml | 2 +- .github/workflows/build-wasm.yml | 2 +- .github/workflows/direct-minimal-versions.yml | 2 +- .github/workflows/generate_schemas.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/memory-testing.yml | 2 +- .github/workflows/minimum-rust-version.yml | 2 +- .github/workflows/publish-rust-crates.yml | 2 +- .github/workflows/release-cli.yml | 2 +- .github/workflows/rust-test.yml | 6 +++--- .github/workflows/version-bump.yml | 2 +- 16 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/build-android.yml b/.github/workflows/build-android.yml index 8bff66f33..c6b2ae5c5 100644 --- a/.github/workflows/build-android.yml +++ b/.github/workflows/build-android.yml @@ -28,7 +28,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable @@ -70,7 +70,7 @@ jobs: fetch-depth: 0 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml index ad3386ddf..37f5c15c8 100644 --- a/.github/workflows/build-cli.yml +++ b/.github/workflows/build-cli.yml @@ -61,7 +61,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} @@ -151,7 +151,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} @@ -260,7 +260,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} @@ -411,7 +411,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/build-napi.yml b/.github/workflows/build-napi.yml index 3737d3767..3bf8f2add 100644 --- a/.github/workflows/build-napi.yml +++ b/.github/workflows/build-napi.yml @@ -61,7 +61,7 @@ jobs: cache-dependency-path: crates/bitwarden-napi/package-lock.json - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} diff --git a/.github/workflows/build-python-wheels.yml b/.github/workflows/build-python-wheels.yml index 1c0459dd6..9578a42d6 100644 --- a/.github/workflows/build-python-wheels.yml +++ b/.github/workflows/build-python-wheels.yml @@ -71,7 +71,7 @@ jobs: node-version: 18 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} diff --git a/.github/workflows/build-rust-crates.yml b/.github/workflows/build-rust-crates.yml index dc6db5c91..09952a126 100644 --- a/.github/workflows/build-rust-crates.yml +++ b/.github/workflows/build-rust-crates.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} @@ -69,7 +69,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} diff --git a/.github/workflows/build-rust-cross-platform.yml b/.github/workflows/build-rust-cross-platform.yml index cacacf0e0..ae745cbde 100644 --- a/.github/workflows/build-rust-cross-platform.yml +++ b/.github/workflows/build-rust-cross-platform.yml @@ -32,7 +32,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/build-wasm.yml b/.github/workflows/build-wasm.yml index 0bc29b4e0..7b5de8435 100644 --- a/.github/workflows/build-wasm.yml +++ b/.github/workflows/build-wasm.yml @@ -34,7 +34,7 @@ jobs: run: npm i -g binaryen - name: Install rust - uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: wasm32-unknown-unknown diff --git a/.github/workflows/direct-minimal-versions.yml b/.github/workflows/direct-minimal-versions.yml index 084ed3cff..3340cd767 100644 --- a/.github/workflows/direct-minimal-versions.yml +++ b/.github/workflows/direct-minimal-versions.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: nightly targets: ${{ matrix.settings.target }} diff --git a/.github/workflows/generate_schemas.yml b/.github/workflows/generate_schemas.yml index 5c62cee01..6513ee998 100644 --- a/.github/workflows/generate_schemas.yml +++ b/.github/workflows/generate_schemas.yml @@ -22,7 +22,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8767cba89..cb35c99c1 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/memory-testing.yml b/.github/workflows/memory-testing.yml index 1723644f2..d8b6db002 100644 --- a/.github/workflows/memory-testing.yml +++ b/.github/workflows/memory-testing.yml @@ -30,7 +30,7 @@ jobs: sudo apt -y install gdb - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/minimum-rust-version.yml b/.github/workflows/minimum-rust-version.yml index 6213fed32..e371d4026 100644 --- a/.github/workflows/minimum-rust-version.yml +++ b/.github/workflows/minimum-rust-version.yml @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: # Important: When updating this, make sure to update the Readme file # and also the `rust-version` field in all the `Cargo.toml`. diff --git a/.github/workflows/publish-rust-crates.yml b/.github/workflows/publish-rust-crates.yml index d470b5194..705624d7e 100644 --- a/.github/workflows/publish-rust-crates.yml +++ b/.github/workflows/publish-rust-crates.yml @@ -159,7 +159,7 @@ jobs: secrets: "cratesio-api-token" - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index 3b42c3238..a9bc9e3fe 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -142,7 +142,7 @@ jobs: secrets: "cratesio-api-token" - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/rust-test.yml b/.github/workflows/rust-test.yml index 06904ee3b..2ea84b6aa 100644 --- a/.github/workflows/rust-test.yml +++ b/.github/workflows/rust-test.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable @@ -58,7 +58,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable components: llvm-tools @@ -87,7 +87,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: wasm32-unknown-unknown diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 8b4c33ee3..b2809518b 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable From 9c7a1a0f4d96f841416fb3acf8cc683cd0f7707c Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Mon, 15 Apr 2024 16:17:53 -0400 Subject: [PATCH 4/6] DEVOPS-1939 - Pin actions to main (#717) --- .github/workflows/publish-php.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-php.yml b/.github/workflows/publish-php.yml index 2b716c893..dca601213 100644 --- a/.github/workflows/publish-php.yml +++ b/.github/workflows/publish-php.yml @@ -86,7 +86,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@2e9a183f0543d25868fbb784dfe205fea6ff09a5 + uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: ${{ env._KEY_VAULT }} secrets: "github-pat-bitwarden-devops-bot-repo-scope" @@ -167,7 +167,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@2e9a183f0543d25868fbb784dfe205fea6ff09a5 + uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: ${{ env._KEY_VAULT }} secrets: "github-pat-bitwarden-devops-bot-repo-scope" @@ -247,7 +247,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@2e9a183f0543d25868fbb784dfe205fea6ff09a5 + uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: ${{ env._KEY_VAULT }} secrets: "github-pat-bitwarden-devops-bot-repo-scope, From 0e7bc70a2f91a99f64eea2703f064463907cf1bf Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Tue, 16 Apr 2024 13:45:17 +0200 Subject: [PATCH 5/6] [PM-7447] Publish prerelease to GitHub packages (#716) We have a desire to publish every build of the wasm to gh package for faster use in the clients repository. --- .github/workflows/build-wasm.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/build-wasm.yml b/.github/workflows/build-wasm.yml index 7b5de8435..9f1752a06 100644 --- a/.github/workflows/build-wasm.yml +++ b/.github/workflows/build-wasm.yml @@ -28,6 +28,7 @@ jobs: uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 18 + registry-url: "https://npm.pkg.github.com" cache: "npm" - name: Install dependencies @@ -56,3 +57,20 @@ jobs: name: sdk-bitwarden-wasm path: ${{ github.workspace }}/languages/js/wasm/* if-no-files-found: error + + - name: Set version + if: ${{ github.ref == 'refs/head/main' }} + # Fetches current version from registry and uses prerelease to bump it + run: | + npm version --no-git-tag-version $(npm view @bitwarden/sdk-wasm@latest version) + npm version --no-git-tag-version prerelease + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + working-directory: languages/js/wasm + + - name: Publish NPM + if: ${{ github.ref == 'refs/head/main' }} + run: npm publish --access public + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + working-directory: languages/js/wasm From 21ad6b2387f9a971d2bab5fec8ddc04338589958 Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Tue, 16 Apr 2024 15:12:39 +0200 Subject: [PATCH 6/6] Fix if condition on wasm workflow (#718) Should be `refs/heads/main` not `refs/head/main`. --- .github/workflows/build-wasm.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-wasm.yml b/.github/workflows/build-wasm.yml index 9f1752a06..87e14d2e2 100644 --- a/.github/workflows/build-wasm.yml +++ b/.github/workflows/build-wasm.yml @@ -59,7 +59,7 @@ jobs: if-no-files-found: error - name: Set version - if: ${{ github.ref == 'refs/head/main' }} + if: ${{ github.ref == 'refs/heads/main' }} # Fetches current version from registry and uses prerelease to bump it run: | npm version --no-git-tag-version $(npm view @bitwarden/sdk-wasm@latest version) @@ -69,7 +69,7 @@ jobs: working-directory: languages/js/wasm - name: Publish NPM - if: ${{ github.ref == 'refs/head/main' }} + if: ${{ github.ref == 'refs/heads/main' }} run: npm publish --access public env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}