Build #78

Workflow file for this run

	---
	name: Build

	on:
	workflow_dispatch:
	inputs:
	build-variant:
	description: 'Which variant of the app to build'
	required: true
	type: choice
	options:
	- Production
	- Beta
	build-version:
	description: 'Optional. Version string to use, in X.Y.Z format. Overrides default in the project.'
	required: false
	type: string
	build-number:
	description: 'Optional. Build number to use. Overrides default of GitHub run number.'
	required: false
	type: number

	env:
	build-variant: ${{ inputs.build-variant \|\| 'Production' }}

	jobs:
	build:
	name: Build iOS app
	runs-on: macos-13
	env:
	MINT_PATH: .mint/lib
	MINT_LINK_PATH: .mint/bin
	steps:
	- name: Print Environment
	run: \|
	echo "GitHub ref: $GITHUB_REF"
	echo "GitHub event: $GITHUB_EVENT"

	- name: Check out repository
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	submodules: 'true'

	- name: Set Up Ruby
	uses: ruby/setup-ruby@b203567269b5bbc256dbc1c84f7495913f977353 # v1.167.0
	with:
	bundler-cache: true
	ruby-version: 3.2.2

	- name: Cache Mint Packages
	id: mint-cache
	uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
	with:
	path: .mint
	key: ${{ runner.os }}-mint-${{ hashFiles('**/Mintfile') }}
	restore-keys: \|
	${{ runner.os }}-mint-

	- name: Cache SPM Packages
	uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
	with:
	path: build/DerivedData/SourcePackages
	key: ${{ runner.os }}-spm-${{ hashFiles('**/Package.resolved') }}
	restore-keys: \|
	${{ runner.os }}-spm-

	- name: Install yeetd
	run: \|
	wget https://github.com/biscuitehh/yeetd/releases/download/1.0/yeetd-normal.pkg
	sudo installer -pkg yeetd-normal.pkg -target /
	yeetd &

	- name: Log In to Azure - CI Subscription
	uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
	with:
	creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

	- name: Retrieve secrets
	id: retrieve-secrets
	uses: bitwarden/gh-actions/get-keyvault-secrets@main
	with:
	keyvault: "bitwarden-ci"
	secrets: "appcenter-ios-token"

	- name: Download production provisioning profiles
	if: env.build-variant == 'Production'
	env:
	ACCOUNT_NAME: bitwardenci
	CONTAINER_NAME: profiles
	run: \|
	mkdir -p $HOME/secrets
	profiles=(
	"dist_autofill.mobileprovision"
	"dist_bitwarden.mobileprovision"
	"dist_extension.mobileprovision"
	"dist_share_extension.mobileprovision"
	"dist_bitwarden_watch_app.mobileprovision"
	"dist_bitwarden_watch_app_extension.mobileprovision"
	)

	for FILE in "${profiles[@]}"
	do
	az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
	--file $HOME/secrets/$FILE --output none
	done

	- name: Download beta provisioning Pprofiles
	if: env.build-variant == 'Beta'
	env:
	ACCOUNT_NAME: bitwardenci
	CONTAINER_NAME: profiles
	run: \|
	mkdir -p $HOME/secrets
	profiles=(
	"dist_beta_autofill.mobileprovision"
	"dist_beta_bitwarden.mobileprovision"
	"dist_beta_extension.mobileprovision"
	"dist_beta_share_extension.mobileprovision"
	"dist_beta_bitwarden_watch_app.mobileprovision"
	"dist_beta_bitwarden_watch_app_extension.mobileprovision"
	)

	for FILE in "${profiles[@]}"
	do
	az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
	--file $HOME/secrets/$FILE --output none
	done

	- name: Download Google Services secret
	env:
	ACCOUNT_NAME: bitwardenci
	CONTAINER_NAME: mobile
	FILE: GoogleService-Info.plist
	run: \|
	mkdir -p $HOME/secrets
	az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
	--file Bitwarden/Application/Support/$FILE --output none

	- name: Get certificates
	run: \|
	mkdir -p $HOME/certificates
	az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/ios-distribution \|
	jq -r .value \| base64 -d > $HOME/certificates/ios-distribution.p12

	- name: Set up Keychain
	env:
	KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }}
	run: \|
	security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
	security default-keychain -s build.keychain
	security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
	security set-keychain-settings -lut 1200 build.keychain

	security import $HOME/certificates/ios-distribution.p12 -k build.keychain -P "" -T /usr/bin/codesign \
	-T /usr/bin/security
	security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain

	- name: Set up production provisioning profiles
	if: env.build-variant == 'Production'
	run: \|
	AUTOFILL_PROFILE_PATH=$HOME/secrets/dist_autofill.mobileprovision
	BITWARDEN_PROFILE_PATH=$HOME/secrets/dist_bitwarden.mobileprovision
	EXTENSION_PROFILE_PATH=$HOME/secrets/dist_extension.mobileprovision
	SHARE_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_share_extension.mobileprovision
	WATCH_APP_PROFILE_PATH=$HOME/secrets/dist_bitwarden_watch_app.mobileprovision
	WATCH_APP_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_bitwarden_watch_app_extension.mobileprovision
	PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles

	mkdir -p "$PROFILES_DIR_PATH"

	AUTOFILL_UUID=$(grep UUID -A1 -a $AUTOFILL_PROFILE_PATH \| grep -io "[-A-F0-9]\{36\}")
	cp $AUTOFILL_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTOFILL_UUID.mobileprovision"

	BITWARDEN_UUID=$(grep UUID -A1 -a $BITWARDEN_PROFILE_PATH \| grep -io "[-A-F0-9]\{36\}")
	cp $BITWARDEN_PROFILE_PATH "$PROFILES_DIR_PATH/$BITWARDEN_UUID.mobileprovision"

	EXTENSION_UUID=$(grep UUID -A1 -a $EXTENSION_PROFILE_PATH \| grep -io "[-A-F0-9]\{36\}")
	cp $EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$EXTENSION_UUID.mobileprovision"

	SHARE_EXTENSION_UUID=$(grep UUID -A1 -a $SHARE_EXTENSION_PROFILE_PATH \| grep -io "[-A-F0-9]\{36\}")
	cp $SHARE_EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$SHARE_EXTENSION_UUID.mobileprovision"

	WATCH_APP_UUID=$(grep UUID -A1 -a $WATCH_APP_PROFILE_PATH \| grep -io "[-A-F0-9]\{36\}")
	cp $WATCH_APP_PROFILE_PATH "$PROFILES_DIR_PATH/$WATCH_APP_UUID.mobileprovision"

	WATCH_APP_EXTENSION_UUID=$(grep UUID -A1 -a $WATCH_APP_EXTENSION_PROFILE_PATH \| grep -io "[-A-F0-9]\{36\}")
	cp $WATCH_APP_EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$WATCH_APP_EXTENSION_UUID.mobileprovision"

	- name: Set up beta provisioning profiles
	if: env.build-variant == 'Beta'
	run: \|
	AUTOFILL_PROFILE_PATH=$HOME/secrets/dist_beta_autofill.mobileprovision
	BITWARDEN_PROFILE_PATH=$HOME/secrets/dist_beta_bitwarden.mobileprovision
	EXTENSION_PROFILE_PATH=$HOME/secrets/dist_beta_extension.mobileprovision
	SHARE_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_beta_share_extension.mobileprovision
	WATCH_APP_PROFILE_PATH=$HOME/secrets/dist_beta_bitwarden_watch_app.mobileprovision
	WATCH_APP_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_beta_bitwarden_watch_app_extension.mobileprovision
	PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles

	mkdir -p "$PROFILES_DIR_PATH"

	AUTOFILL_UUID=$(grep UUID -A1 -a $AUTOFILL_PROFILE_PATH \| grep -io "[-A-F0-9]\{36\}")
	cp $AUTOFILL_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTOFILL_UUID.mobileprovision"

	BITWARDEN_UUID=$(grep UUID -A1 -a $BITWARDEN_PROFILE_PATH \| grep -io "[-A-F0-9]\{36\}")
	cp $BITWARDEN_PROFILE_PATH "$PROFILES_DIR_PATH/$BITWARDEN_UUID.mobileprovision"

	EXTENSION_UUID=$(grep UUID -A1 -a $EXTENSION_PROFILE_PATH \| grep -io "[-A-F0-9]\{36\}")
	cp $EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$EXTENSION_UUID.mobileprovision"

	SHARE_EXTENSION_UUID=$(grep UUID -A1 -a $SHARE_EXTENSION_PROFILE_PATH \| grep -io "[-A-F0-9]\{36\}")
	cp $SHARE_EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$SHARE_EXTENSION_UUID.mobileprovision"

	WATCH_APP_UUID=$(grep UUID -A1 -a $WATCH_APP_PROFILE_PATH \| grep -io "[-A-F0-9]\{36\}")
	cp $WATCH_APP_PROFILE_PATH "$PROFILES_DIR_PATH/$WATCH_APP_UUID.mobileprovision"

	WATCH_APP_EXTENSION_UUID=$(grep UUID -A1 -a $WATCH_APP_EXTENSION_PROFILE_PATH \| grep -io "[-A-F0-9]\{36\}")
	cp $WATCH_APP_EXTENSION_PROFILE_PATH "$PROFILES_DIR_PATH/$WATCH_APP_EXTENSION_UUID.mobileprovision"

	- name: Remove export compliance key
	run: \|
	plutil -remove ITSAppUsesNonExemptEncryption Bitwarden/Application/Support/Info.plist
	plutil -remove ITSEncryptionExportComplianceCode Bitwarden/Application/Support/Info.plist

	- name: Install Mint, xcbeautify, and yq
	run: \|
	brew install mint xcbeautify yq

	- name: Install Mint packages
	if: steps.mint-cache.outputs.cache-hit != 'true'
	run: \|
	mint bootstrap

	- name: Select variant
	run: \|
	./Scripts/select_variant.sh ${{ env.build-variant }}

	- name: Update build version
	if: ${{ inputs.build-version }}
	run: \|
	yq -i '.settings.MARKETING_VERSION = "${{ inputs.build-version }}"' 'project.yml'

	- name: Update build number
	run: \|
	BUILD_NUMBER=$(($GITHUB_RUN_NUMBER + 1000))
	yq -i ".settings.CURRENT_PROJECT_VERSION = ${{ inputs.build-number \|\| '$BUILD_NUMBER' }}" 'project.yml'

	- name: Build iOS app
	run: \|
	BUILD_NUMBER=$(($GITHUB_RUN_NUMBER))
	./Scripts/build.sh . ${{ inputs.build-number \|\| '$BUILD_NUMBER' }}

	- name: Upload IPA
	uses: actions/upload-artifact@v4
	with:
	name: Bitwarden.ipa
	path: build/Bitwarden/Bitwarden.ipa
	retention-days: 5

	- name: Validate app
	env:
	APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
	APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
	run: \|
	xcrun altool --validate-app \
	--type ios \
	--file "build/Bitwarden/Bitwarden.ipa" \
	--username "$APPLE_ID_USERNAME" \
	--password @env:APPLE_ID_PASSWORD

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build #78

Workflow file

Build #78

Jobs

Run details

Workflow file for this run