From cb2e1f3c90e6a0c6d065332d4510bc3f1856799b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Mon, 25 Mar 2024 15:07:32 +0100 Subject: [PATCH 1/6] [DEVOPS-1750] Change structure of sm-sdk-go repo (#677) ## Type of change ``` - [ ] Bug fix - [ ] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [x] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective ## Code changes - **.github/workflows/release-go.yml:** Move `schemas.go` artifact to the `sm-sdk-go` repo root and repack zip artifacts to include only needed (`libbitwarden_c.*`) files. ## Before you submit - Please add **unit tests** where it makes sense to do so --- .github/workflows/release-go.yml | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/.github/workflows/release-go.yml b/.github/workflows/release-go.yml index a434dce4e..8ea03e928 100644 --- a/.github/workflows/release-go.yml +++ b/.github/workflows/release-go.yml @@ -58,15 +58,6 @@ jobs: with: path: sdk - - name: Download artifacts - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: generate_schemas.yml - path: sdk/languages/go/bitwarden_sdk_secrets/lib - workflow_conclusion: success - branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} - artifacts: schemas.go - - name: Login to Azure - Prod Subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: @@ -98,6 +89,15 @@ jobs: # Copy files to local sm-sdk-go repo path cp --verbose -rf sdk/languages/go/. sm-sdk-go + - name: Download artifacts + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: generate_schemas.yml + path: sm-sdk-go + workflow_conclusion: success + branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + artifacts: schemas.go + - name: Replace repo name working-directory: sm-sdk-go run: | @@ -194,10 +194,16 @@ jobs: - name: Rename build artifacts run: | - mv libbitwarden_c_files-x86_64-apple-darwin.zip libbitwarden_c_files-x86_64-apple-darwin-$_PKG_VERSION.zip - mv libbitwarden_c_files-aarch64-apple-darwin.zip libbitwarden_c_files-aarch64-apple-darwin-$_PKG_VERSION.zip - mv libbitwarden_c_files-x86_64-unknown-linux-gnu.zip libbitwarden_c_files-x86_64-unknown-linux-gnu-$_PKG_VERSION.zip - mv libbitwarden_c_files-x86_64-pc-windows-msvc.zip libbitwarden_c_files-x86_64-pc-windows-msvc-$_PKG_VERSION.zip + artifacts=("x86_64-apple-darwin" "aarch64-apple-darwin" "x86_64-unknown-linux-gnu" "x86_64-pc-windows-msvc") # aarch64-unknown-linux-gnu) + for value in "${artifacts[@]}" + do + unzip libbitwarden_c_files-$value.zip -d libbitwarden_c_files-$value + cd libbitwarden_c_files-$value + zip -Rj ../libbitwarden_c_files-$value-$_PKG_VERSION.zip 'libbitwarden_c.*' + cd .. + done + + ls ./libbitwarden_c_files-x86_64-apple-darwin-$_PKG_VERSION -lRa - name: Create release if: ${{ inputs.release_type != 'Dry Run' }} From 596ce17fe9b75f4435250b531485069d1e1348f2 Mon Sep 17 00:00:00 2001 From: Colton Hurst Date: Mon, 25 Mar 2024 11:31:55 -0400 Subject: [PATCH 2/6] Nightly Toolchain Note (#675) ## Type of change ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective Add a note about the required nightly toolchain. Without this people will receive an error when attempting to run the `build-api.sh` script. For posterity, the nightly toolchain is required for certain features deemed unsafe. You can find more info here: https://github.com/bitwarden/sdk/pull/512 ## Code changes - **README.md:** Add nightly install instructions ## Before you submit - Please add **unit tests** where it makes sense to do so --- README.md | 3 +++ support/build-api.sh | 1 + 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index cdc52a7cb..a1ef88b7d 100644 --- a/README.md +++ b/README.md @@ -86,6 +86,9 @@ This project uses customized templates which lives in the `support/openapi-templ These templates resolves some outstanding issues we've experienced with the rust generator. But we strive towards modifying the templates as little as possible to ease future upgrades. +Note: If you don't have the nightly toolchain installed, the `build-api.sh` script will install it +for you. + ## Tests Many of the SDK tests are based on encrypted data provided by the other Bitwarden clients. In order diff --git a/support/build-api.sh b/support/build-api.sh index a668b5564..ea295a523 100755 --- a/support/build-api.sh +++ b/support/build-api.sh @@ -22,5 +22,6 @@ npx openapi-generator-cli generate \ -t ./support/openapi-template \ --additional-properties=packageVersion=1.0.0 +rustup toolchain install nightly cargo +nightly fmt npm run prettier From 27cf0540a437fad0e44fca99df754dc4d553a6e8 Mon Sep 17 00:00:00 2001 From: Matt Bishop Date: Wed, 27 Mar 2024 12:35:02 -0400 Subject: [PATCH 3/6] Adjust scan permissions (#683) ## Objective Adjusts the permissions for the scanning workflow per our standard template. ## Before you submit - Please add **unit tests** where it makes sense to do so --- .github/workflows/scan.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 45763089c..4bed1380f 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -10,8 +10,6 @@ on: pull_request_target: types: [opened, synchronize] -permissions: read-all - jobs: check-run: name: Check PR run @@ -22,6 +20,8 @@ jobs: runs-on: ubuntu-22.04 needs: check-run permissions: + contents: read + pull-requests: write security-events: write steps: @@ -43,7 +43,7 @@ jobs: additional_params: --report-format sarif --output-path . ${{ env.INCREMENTAL }} - name: Upload Checkmarx results to GitHub - uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 with: sarif_file: cx_result.sarif @@ -51,6 +51,9 @@ jobs: name: Quality scan runs-on: ubuntu-22.04 needs: check-run + permissions: + contents: read + pull-requests: write steps: - name: Check out repo From 51a514063be4044d1f4b648ae33b9c491c6d625b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Thu, 28 Mar 2024 12:39:47 +0100 Subject: [PATCH 4/6] [PM-7067] Remove unnecessary unwraps (#682) ## Type of change ``` - [ ] Bug fix - [ ] New feature development - [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective This PR replaces the unwraps found in the audit by proper error handling, I've also had a quick look through the rest of the code base and replaced a bunch of others as well. --- crates/bitwarden-crypto/src/keys/master_key.rs | 7 +++++-- crates/bitwarden-crypto/src/rsa.rs | 7 +++++-- crates/bitwarden/src/auth/login/api_key.rs | 10 +++++++--- crates/bitwarden/src/auth/login/auth_request.rs | 12 ++++++------ crates/bitwarden/src/auth/login/password.rs | 10 +++++++--- .../bitwarden/src/mobile/vault/client_attachments.rs | 4 ++-- crates/bitwarden/src/mobile/vault/client_sends.rs | 4 ++-- crates/bitwarden/src/vault/cipher/login.rs | 2 +- crates/bw/src/auth/login.rs | 8 ++------ 9 files changed, 37 insertions(+), 27 deletions(-) diff --git a/crates/bitwarden-crypto/src/keys/master_key.rs b/crates/bitwarden-crypto/src/keys/master_key.rs index aff403c59..8e6d2575b 100644 --- a/crates/bitwarden-crypto/src/keys/master_key.rs +++ b/crates/bitwarden-crypto/src/keys/master_key.rs @@ -5,7 +5,7 @@ use schemars::JsonSchema; use serde::{Deserialize, Serialize}; use super::utils::{derive_kdf_key, stretch_kdf_key}; -use crate::{util, EncString, KeyDecryptable, Result, SymmetricCryptoKey, UserKey}; +use crate::{util, CryptoError, EncString, KeyDecryptable, Result, SymmetricCryptoKey, UserKey}; #[derive(Serialize, Deserialize, Debug, JsonSchema, Clone)] #[serde(rename_all = "camelCase", deny_unknown_fields)] @@ -68,7 +68,10 @@ impl MasterKey { EncString::encrypt_aes256_hmac( user_key.to_vec().as_slice(), - stretched_key.mac_key.as_ref().unwrap(), + stretched_key + .mac_key + .as_ref() + .ok_or(CryptoError::InvalidMac)?, &stretched_key.key, ) } diff --git a/crates/bitwarden-crypto/src/rsa.rs b/crates/bitwarden-crypto/src/rsa.rs index 231e77aaa..98f1282cc 100644 --- a/crates/bitwarden-crypto/src/rsa.rs +++ b/crates/bitwarden-crypto/src/rsa.rs @@ -36,8 +36,11 @@ pub(crate) fn make_key_pair(key: &SymmetricCryptoKey) -> Result { .to_pkcs8_der() .map_err(|_| RsaError::CreatePrivateKey)?; - let protected = - EncString::encrypt_aes256_hmac(pkcs.as_bytes(), key.mac_key.as_ref().unwrap(), &key.key)?; + let protected = EncString::encrypt_aes256_hmac( + pkcs.as_bytes(), + key.mac_key.as_ref().ok_or(CryptoError::InvalidMac)?, + &key.key, + )?; Ok(RsaKeyPair { public: b64, diff --git a/crates/bitwarden/src/auth/login/api_key.rs b/crates/bitwarden/src/auth/login/api_key.rs index e161ececd..72d05897a 100644 --- a/crates/bitwarden/src/auth/login/api_key.rs +++ b/crates/bitwarden/src/auth/login/api_key.rs @@ -9,7 +9,7 @@ use crate::{ JWTToken, }, client::{LoginMethod, UserLoginMethod}, - error::Result, + error::{Error, Result}, Client, }; @@ -44,8 +44,12 @@ pub(crate) async fn login_api_key( kdf, })); - let user_key: EncString = r.key.as_deref().unwrap().parse().unwrap(); - let private_key: EncString = r.private_key.as_deref().unwrap().parse().unwrap(); + let user_key: EncString = r.key.as_deref().ok_or(Error::MissingFields)?.parse()?; + let private_key: EncString = r + .private_key + .as_deref() + .ok_or(Error::MissingFields)? + .parse()?; client.initialize_user_crypto(&input.password, user_key, private_key)?; } diff --git a/crates/bitwarden/src/auth/login/auth_request.rs b/crates/bitwarden/src/auth/login/auth_request.rs index 1d85c75d6..ee2aef254 100644 --- a/crates/bitwarden/src/auth/login/auth_request.rs +++ b/crates/bitwarden/src/auth/login/auth_request.rs @@ -13,7 +13,7 @@ use crate::{ auth_request::new_auth_request, }, client::{LoginMethod, UserLoginMethod}, - error::Result, + error::{Error, Result}, mobile::crypto::{AuthRequestMethod, InitUserCryptoMethod, InitUserCryptoRequest}, Client, }; @@ -50,7 +50,7 @@ pub(crate) async fn send_new_auth_request( fingerprint: auth.fingerprint, email, device_identifier, - auth_request_id: res.id.unwrap(), + auth_request_id: res.id.ok_or(Error::MissingFields)?, access_code: auth.access_code, private_key: auth.private_key, }) @@ -103,11 +103,11 @@ pub(crate) async fn complete_auth_request( let method = match res.master_password_hash { Some(_) => AuthRequestMethod::MasterKey { - protected_master_key: res.key.unwrap().parse().unwrap(), - auth_request_key: r.key.unwrap().parse().unwrap(), + protected_master_key: res.key.ok_or(Error::MissingFields)?.parse()?, + auth_request_key: r.key.ok_or(Error::MissingFields)?.parse()?, }, None => AuthRequestMethod::UserKey { - protected_user_key: res.key.unwrap().parse().unwrap(), + protected_user_key: res.key.ok_or(Error::MissingFields)?.parse()?, }, }; @@ -116,7 +116,7 @@ pub(crate) async fn complete_auth_request( .initialize_user_crypto(InitUserCryptoRequest { kdf_params: kdf, email: auth_req.email, - private_key: r.private_key.unwrap(), + private_key: r.private_key.ok_or(Error::MissingFields)?, method: InitUserCryptoMethod::AuthRequest { request_private_key: auth_req.private_key, method, diff --git a/crates/bitwarden/src/auth/login/password.rs b/crates/bitwarden/src/auth/login/password.rs index 02552b70e..9fa62a566 100644 --- a/crates/bitwarden/src/auth/login/password.rs +++ b/crates/bitwarden/src/auth/login/password.rs @@ -24,7 +24,7 @@ pub(crate) async fn login_password( ) -> Result { use bitwarden_crypto::{EncString, HashPurpose}; - use crate::{auth::determine_password_hash, client::UserLoginMethod}; + use crate::{auth::determine_password_hash, client::UserLoginMethod, error::Error}; info!("password logging in"); debug!("{:#?}, {:#?}", client, input); @@ -49,8 +49,12 @@ pub(crate) async fn login_password( kdf: input.kdf.to_owned(), })); - let user_key: EncString = r.key.as_deref().unwrap().parse().unwrap(); - let private_key: EncString = r.private_key.as_deref().unwrap().parse().unwrap(); + let user_key: EncString = r.key.as_deref().ok_or(Error::MissingFields)?.parse()?; + let private_key: EncString = r + .private_key + .as_deref() + .ok_or(Error::MissingFields)? + .parse()?; client.initialize_user_crypto(&input.password, user_key, private_key)?; } diff --git a/crates/bitwarden/src/mobile/vault/client_attachments.rs b/crates/bitwarden/src/mobile/vault/client_attachments.rs index c436f10fd..e40721b04 100644 --- a/crates/bitwarden/src/mobile/vault/client_attachments.rs +++ b/crates/bitwarden/src/mobile/vault/client_attachments.rs @@ -40,7 +40,7 @@ impl<'a> ClientAttachments<'a> { decrypted_file_path: &Path, encrypted_file_path: &Path, ) -> Result { - let data = std::fs::read(decrypted_file_path).unwrap(); + let data = std::fs::read(decrypted_file_path)?; let AttachmentEncryptResult { attachment, contents, @@ -73,7 +73,7 @@ impl<'a> ClientAttachments<'a> { encrypted_file_path: &Path, decrypted_file_path: &Path, ) -> Result<()> { - let data = std::fs::read(encrypted_file_path).unwrap(); + let data = std::fs::read(encrypted_file_path)?; let decrypted = self.decrypt_buffer(cipher, attachment, &data).await?; std::fs::write(decrypted_file_path, decrypted)?; Ok(()) diff --git a/crates/bitwarden/src/mobile/vault/client_sends.rs b/crates/bitwarden/src/mobile/vault/client_sends.rs index 45d9a7825..e03432313 100644 --- a/crates/bitwarden/src/mobile/vault/client_sends.rs +++ b/crates/bitwarden/src/mobile/vault/client_sends.rs @@ -36,7 +36,7 @@ impl<'a> ClientSends<'a> { encrypted_file_path: &Path, decrypted_file_path: &Path, ) -> Result<()> { - let data = std::fs::read(encrypted_file_path).unwrap(); + let data = std::fs::read(encrypted_file_path)?; let decrypted = self.decrypt_buffer(send, &data).await?; std::fs::write(decrypted_file_path, decrypted)?; Ok(()) @@ -65,7 +65,7 @@ impl<'a> ClientSends<'a> { decrypted_file_path: &Path, encrypted_file_path: &Path, ) -> Result<()> { - let data = std::fs::read(decrypted_file_path).unwrap(); + let data = std::fs::read(decrypted_file_path)?; let encrypted = self.encrypt_buffer(send, &data).await?; std::fs::write(encrypted_file_path, encrypted)?; Ok(()) diff --git a/crates/bitwarden/src/vault/cipher/login.rs b/crates/bitwarden/src/vault/cipher/login.rs index 26fd59001..e5731dbee 100644 --- a/crates/bitwarden/src/vault/cipher/login.rs +++ b/crates/bitwarden/src/vault/cipher/login.rs @@ -238,7 +238,7 @@ impl TryFrom for Fido2Cre .ok() .flatten(), discoverable: value.discoverable.ok_or(Error::MissingFields)?.parse()?, - creation_date: value.creation_date.parse().unwrap(), + creation_date: value.creation_date.parse()?, }) } } diff --git a/crates/bw/src/auth/login.rs b/crates/bw/src/auth/login.rs index e0195f5aa..91e740a3a 100644 --- a/crates/bw/src/auth/login.rs +++ b/crates/bw/src/auth/login.rs @@ -123,17 +123,13 @@ pub(crate) async fn login_device( let email = text_prompt_when_none("Email", email)?; let device_identifier = text_prompt_when_none("Device Identifier", device_identifier)?; - let auth = client - .auth() - .login_device(email, device_identifier) - .await - .unwrap(); + let auth = client.auth().login_device(email, device_identifier).await?; println!("Fingerprint: {}", auth.fingerprint); Text::new("Press enter once approved").prompt()?; - client.auth().login_device_complete(auth).await.unwrap(); + client.auth().login_device_complete(auth).await?; Ok(()) } From 0ae0226d4c56c36f82f4056071dec791fcc73d4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Thu, 28 Mar 2024 15:34:25 +0100 Subject: [PATCH 5/6] [PM-7051] Implement make_register_tde_keys (#685) ## Type of change ``` - [ ] Bug fix - [x] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective Add support in the SDK to create the keys necessary for the just in time user for TDE --- crates/bitwarden-uniffi/src/auth/mod.rs | 16 ++++++++ crates/bitwarden/src/auth/client_auth.rs | 9 +++++ crates/bitwarden/src/auth/mod.rs | 4 ++ crates/bitwarden/src/auth/tde.rs | 51 ++++++++++++++++++++++++ crates/bitwarden/src/client/client.rs | 2 +- 5 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 crates/bitwarden/src/auth/tde.rs diff --git a/crates/bitwarden-uniffi/src/auth/mod.rs b/crates/bitwarden-uniffi/src/auth/mod.rs index 2a451ffdf..62b709045 100644 --- a/crates/bitwarden-uniffi/src/auth/mod.rs +++ b/crates/bitwarden-uniffi/src/auth/mod.rs @@ -2,6 +2,7 @@ use std::sync::Arc; use bitwarden::auth::{ password::MasterPasswordPolicyOptions, AuthRequestResponse, RegisterKeyResponse, + RegisterTdeKeyResponse, }; use bitwarden_crypto::{AsymmetricEncString, HashPurpose, Kdf, TrustDeviceResponse}; @@ -78,6 +79,21 @@ impl ClientAuth { .make_register_keys(email, password, kdf)?) } + /// Generate keys needed for TDE process + pub async fn make_register_tde_keys( + &self, + org_public_key: String, + remember_device: bool, + ) -> Result { + Ok(self + .0 + .0 + .write() + .await + .auth() + .make_register_tde_keys(org_public_key, remember_device)?) + } + /// Validate the user password /// /// To retrieve the user's password hash, use [`ClientAuth::hash_password`] with diff --git a/crates/bitwarden/src/auth/client_auth.rs b/crates/bitwarden/src/auth/client_auth.rs index 5f2002133..5029d389b 100644 --- a/crates/bitwarden/src/auth/client_auth.rs +++ b/crates/bitwarden/src/auth/client_auth.rs @@ -20,6 +20,7 @@ use crate::{ MasterPasswordPolicyOptions, }, register::{make_register_keys, register}, + tde::{make_register_tde_keys, RegisterTdeKeyResponse}, AuthRequestResponse, RegisterKeyResponse, RegisterRequest, }, client::Kdf, @@ -73,6 +74,14 @@ impl<'a> ClientAuth<'a> { make_register_keys(email, password, kdf) } + pub fn make_register_tde_keys( + &mut self, + org_public_key: String, + remember_device: bool, + ) -> Result { + make_register_tde_keys(self.client, org_public_key, remember_device) + } + pub async fn register(&mut self, input: &RegisterRequest) -> Result<()> { register(self.client, input).await } diff --git a/crates/bitwarden/src/auth/mod.rs b/crates/bitwarden/src/auth/mod.rs index 7918694e2..b1fe2dbda 100644 --- a/crates/bitwarden/src/auth/mod.rs +++ b/crates/bitwarden/src/auth/mod.rs @@ -20,6 +20,10 @@ mod auth_request; pub use auth_request::AuthRequestResponse; #[cfg(feature = "mobile")] pub(crate) use auth_request::{auth_request_decrypt_master_key, auth_request_decrypt_user_key}; +#[cfg(feature = "internal")] +mod tde; +#[cfg(feature = "internal")] +pub use tde::RegisterTdeKeyResponse; #[cfg(feature = "internal")] use crate::{client::Kdf, error::Result}; diff --git a/crates/bitwarden/src/auth/tde.rs b/crates/bitwarden/src/auth/tde.rs new file mode 100644 index 000000000..1a3de3026 --- /dev/null +++ b/crates/bitwarden/src/auth/tde.rs @@ -0,0 +1,51 @@ +use base64::{engine::general_purpose::STANDARD, Engine}; +use bitwarden_crypto::{ + AsymmetricEncString, AsymmetricPublicCryptoKey, DeviceKey, EncString, SymmetricCryptoKey, + TrustDeviceResponse, UserKey, +}; + +use crate::{error::Result, Client}; + +/// This function generates a new user key and key pair, initializes the client's crypto with the +/// generated user key, and encrypts the user key with the organization public key for admin +/// password reset. If remember_device is true, it also generates a device key. +pub(super) fn make_register_tde_keys( + client: &mut Client, + org_public_key: String, + remember_device: bool, +) -> Result { + let public_key = AsymmetricPublicCryptoKey::from_der(&STANDARD.decode(org_public_key)?)?; + + let mut rng = rand::thread_rng(); + + let user_key = UserKey::new(SymmetricCryptoKey::generate(&mut rng)); + let key_pair = user_key.make_key_pair()?; + + let admin_reset = + AsymmetricEncString::encrypt_rsa2048_oaep_sha1(&user_key.0.to_vec(), &public_key)?; + + let device_key = if remember_device { + Some(DeviceKey::trust_device(&user_key.0)?) + } else { + None + }; + + client.initialize_user_crypto_decrypted_key(user_key.0, key_pair.private.clone())?; + + Ok(RegisterTdeKeyResponse { + private_key: key_pair.private, + public_key: key_pair.public, + + admin_reset, + device_key, + }) +} + +#[cfg_attr(feature = "mobile", derive(uniffi::Record))] +pub struct RegisterTdeKeyResponse { + pub private_key: EncString, + pub public_key: String, + + pub admin_reset: AsymmetricEncString, + pub device_key: Option, +} diff --git a/crates/bitwarden/src/client/client.rs b/crates/bitwarden/src/client/client.rs index 883720529..68442d5d3 100644 --- a/crates/bitwarden/src/client/client.rs +++ b/crates/bitwarden/src/client/client.rs @@ -265,7 +265,7 @@ impl Client { Ok(self.encryption_settings.as_ref().unwrap()) } - #[cfg(feature = "mobile")] + #[cfg(feature = "internal")] pub(crate) fn initialize_user_crypto_decrypted_key( &mut self, user_key: SymmetricCryptoKey, From 9cd9a152af3ad00e910916fa68fe103953683161 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Fri, 29 Mar 2024 12:56:02 +0100 Subject: [PATCH 6/6] Update dotnet build pipeline (#671) ## Type of change ``` - [ ] Bug fix - [ ] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [x] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective ## Code changes - **.github/workflows/build-dotnet.yml:** Trigger build on `rc` and `hotfix-rc` branches, get dotnet project version from `.csproj` while building. - **.github/workflows/publish-dotnet.yml** Use build artifact during publish ## Before you submit - Please add **unit tests** where it makes sense to do so --- .github/workflows/build-dotnet.yml | 31 +++++++++++--- .github/workflows/publish-dotnet.yml | 60 +++------------------------- 2 files changed, 31 insertions(+), 60 deletions(-) diff --git a/.github/workflows/build-dotnet.yml b/.github/workflows/build-dotnet.yml index 58bbd5dfa..b08b37160 100644 --- a/.github/workflows/build-dotnet.yml +++ b/.github/workflows/build-dotnet.yml @@ -4,6 +4,10 @@ on: push: branches: - main + - rc + - hotfix-rc + pull_request: + workflow_dispatch: jobs: generate_schemas: @@ -12,12 +16,31 @@ jobs: build_rust: uses: ./.github/workflows/build-rust-cross-platform.yml + version: + name: Get version + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Install xmllint + run: sudo apt-get install -y libxml2-utils + + - name: Get version + id: version + run: | + VERSION=$(xmllint --xpath 'string(/Project/PropertyGroup/Version)' languages/csharp/Bitwarden.Sdk/Bitwarden.Sdk.csproj) + echo "version=$VERSION" >> $GITHUB_OUTPUT + build_dotnet: name: Build .NET runs-on: ubuntu-22.04 needs: - generate_schemas - build_rust + - version steps: - name: Checkout Repository @@ -58,21 +81,19 @@ jobs: name: libbitwarden_c_files-x86_64-pc-windows-msvc path: languages/csharp/Bitwarden.Sdk/windows-x64 - - name: Build .NET 6 Project + - name: Build .NET Project working-directory: languages/csharp/Bitwarden.Sdk run: | dotnet restore dotnet build --configuration Release - name: Pack NuGet Package - env: - VERSION: 0.0.1 - run: dotnet pack --configuration Release -p:PackageID=Bitwarden.Sdk -p:Version=${VERSION} --output ./nuget-output /nologo /v:n + run: dotnet pack --configuration Release --output ./nuget-output /nologo /v:n working-directory: languages/csharp/Bitwarden.Sdk - name: Upload NuGet package uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: - name: Bitwarden.Sdk.0.0.1.nupkg + name: Bitwarden.Sdk.${{ needs.version.outputs.version }}.nupkg path: | ./languages/csharp/Bitwarden.Sdk/nuget-output/*.nupkg diff --git a/.github/workflows/publish-dotnet.yml b/.github/workflows/publish-dotnet.yml index 66d9dc712..73f930c1a 100644 --- a/.github/workflows/publish-dotnet.yml +++ b/.github/workflows/publish-dotnet.yml @@ -50,64 +50,14 @@ jobs: runs-on: ubuntu-22.04 needs: validate steps: - - name: Checkout Repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Download C# schemas artifact - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: generate_schemas.yml - workflow_conclusion: success - branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} - artifacts: schemas.cs - path: languages/csharp/Bitwarden.Sdk - - - name: Set up .NET Core - uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 - with: - global-json-file: languages/csharp/global.json - - - name: Download x86_64-apple-darwin files - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-rust-cross-platform.yml - workflow_conclusion: success - branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} - artifacts: libbitwarden_c_files-x86_64-apple-darwin - path: languages/csharp/Bitwarden.Sdk/macos-x64 - - - name: Download aarch64-apple-darwin files + - name: Download NuGet package uses: bitwarden/gh-actions/download-artifacts@main with: - workflow: build-rust-cross-platform.yml + workflow: build-dotnet.yml workflow_conclusion: success branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} - artifacts: libbitwarden_c_files-aarch64-apple-darwin - path: languages/csharp/Bitwarden.Sdk/macos-arm64 - - - name: Download x86_64-unknown-linux-gnu files - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-rust-cross-platform.yml - workflow_conclusion: success - branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} - artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu - path: languages/csharp/Bitwarden.Sdk/linux-x64 - - - name: Download x86_64-pc-windows-msvc files - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-rust-cross-platform.yml - workflow_conclusion: success - branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} - artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc - path: languages/csharp/Bitwarden.Sdk/windows-x64 - - - name: Pack NuGet Package - env: - VERSION: ${{ needs.validate.outputs.version }} - run: dotnet pack --configuration Release -p:PackageID=Bitwarden.Sdk -p:Version=${VERSION} --output ./nuget-output /nologo /v:n - working-directory: languages/csharp/Bitwarden.Sdk + artifacts: Bitwarden.Sdk.${{ needs.validate.outputs.version }}.nupkg + path: ./nuget-output - name: Login to Azure - Prod Subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 @@ -125,4 +75,4 @@ jobs: if: ${{ inputs.release_type != 'Dry Run' }} env: NUGET_API_KEY: ${{ steps.retrieve-secrets.outputs.nuget-api-key }} - run: dotnet nuget push ./languages/csharp/Bitwarden.Sdk/nuget-output/*.nupkg -k ${{ env.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json + run: dotnet nuget push ./nuget-output/*.nupkg -k ${{ env.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json