Skip to content

Release Swift Package #103

Release Swift Package

Release Swift Package #103

Workflow file for this run

---
name: Release Swift Package
on:
workflow_call:
inputs:
build-run-id:
description: "Workflow Run ID to use for artifact download. If not provided the latest build from the selected branch will be used."
type: string
required: false
pre-release:
description: "Create a pre-release"
type: boolean
required: false
default: false
workflow_dispatch:
inputs:
build-run-id:
description: "Workflow Run ID to use for artifact download. If not provided the latest build from the selected branch will be used."
type: string
required: false
pre-release:
description: "Create a pre-release"
type: boolean
required: false
default: false
env:
_KEY_VAULT: "bitwarden-ci"
jobs:
validate:
name: Set Version and SHA
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.version.outputs.version }}
sha: ${{ steps.set-sha.outputs.sha }}
short_sha: ${{ steps.set-sha.outputs.short_sha }}
release_name: ${{ steps.set-release-name.outputs.release_name }}
run_id: ${{ steps.get-run-id.outputs.build-run-id }}
swift_checksum: ${{ steps.calculate-swift-checksum.outputs.checksum }}
steps:
- name: Checkout repo
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Get version
id: version
run: |
VERSION=$(grep -o '^version = ".*"' Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Get run id
id: get-run-id
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OWNER: ${{ github.repository_owner }}
REPO: ${{ github.event.repository.name }}
run: |
if [ -z ${{ inputs.build-run-id }} ]; then
BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
RUN_ID=$(gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/$OWNER/$REPO/actions/workflows/build-swift.yml/runs \
| jq -r "[.workflow_runs[] | select(.head_branch == \"$BRANCH\").id ] | first")
else
RUN_ID=${{ inputs.build-run-id }}
fi
echo "build-run-id=$RUN_ID" >> $GITHUB_OUTPUT
- name: Download BitwardenEFI artifact
uses: bitwarden/gh-actions/download-artifacts@main
id: download-artifact
with:
workflow: build-swift.yml
workflow_conclusion: success
skip_unpack: true
run_id: ${{ steps.get-run-id.outputs.build-run-id }}
- name: Set SHA
id: set-sha
run: |
echo "sha=${{ steps.download-artifact.outputs.artifact-build-commit }}" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ steps.download-artifact.outputs.artifact-build-commit }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: Set release name
id: set-release-name
run: |
if [[ ${{ inputs.pre-release }} == true ]]; then
echo "release_name=${{ steps.version.outputs.version }}-unstable-${{ steps.set-sha.outputs.short_sha }}" >> $GITHUB_OUTPUT
else
echo "release_name=${{ steps.version.outputs.version }}" >> $GITHUB_OUTPUT
fi
- name: Calculate swift file checksum
id: calculate-swift-checksum
run: |
CHECKSUM=$(swift package compute-checksum BitwardenFFI-${{ steps.version.outputs.version }}-${{ steps.set-sha.outputs.short_sha }}.xcframework.zip)
echo "checksum=$CHECKSUM" >> $GITHUB_OUTPUT
repo-sync:
name: Push changed files to SDK Swift repo
runs-on: ubuntu-22.04
needs: validate
env:
_BOT_EMAIL: [email protected]
_BOT_NAME: bitwarden-devops-bot
_PKG_VERSION: ${{ needs.validate.outputs.version }}
_PRE_RELEASE: ${{ inputs.pre-release }}
_RELEASE_NAME: ${{ needs.validate.outputs.release_name }}
_SWIFT_CHECKSUM: ${{ needs.validate.outputs.swift_checksum }}
_BUILD_RUN_ID: ${{ needs.validate.outputs.run_id }}
steps:
- name: Checkout SDK repo
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
path: sdk
- name: Get ref from SDK repo
id: get-ref
run: |
if [[ $_PRE_RELEASE == true ]]; then
echo "ref=unstable" >> $GITHUB_OUTPUT
else
echo "ref=main" >> $GITHUB_OUTPUT
fi
- name: Login to Azure - Prod Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "github-gpg-private-key,
github-gpg-private-key-passphrase,
github-pat-bitwarden-devops-bot-repo-scope"
- name: Checkout SDK-Swift repo
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
repository: bitwarden/sdk-swift
path: sdk-swift
ref: ${{ steps.get-ref.outputs.ref }}
token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
git_user_signingkey: true
git_commit_gpgsign: true
workdir: sdk-swift
- name: Setup Git
working-directory: sdk-swift
run: |
git config --local user.email "${{ env._BOT_EMAIL }}"
git config --local user.name "${{ env._BOT_NAME }}"
- name: Download BitwardenSdk sources artifact
uses: bitwarden/gh-actions/download-artifacts@main
id: download-artifact
with:
workflow: build-swift.yml
workflow_conclusion: success
artifacts: "BitwardenSdk-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}-sources"
run_id: ${{ env._BUILD_RUN_ID }}
path: sdk/languages/swift/Sources/BitwardenSdk
- name: Install Swift formatter
run: |
git clone https://github.com/nicklockwood/SwiftFormat
cd SwiftFormat
swift build -c release
cp -f .build/release/swiftformat /usr/local/bin/swiftformat
- name: Update files
run: |
# Update BitwardenFFI path
sed -i 's|.binaryTarget(name: "BitwardenFFI", path: "BitwardenFFI.xcframework")|.binaryTarget(\
name: "BitwardenFFI",\
url: "https://github.com/bitwarden/sdk-swift/releases/download/v${{ env._RELEASE_NAME }}/BitwardenFFI-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}.xcframework.zip",\
checksum: "${{ env._SWIFT_CHECKSUM }}" )|' sdk/languages/swift/Package.swift
# Run swiftformat
swiftformat sdk/languages/swift/Package.swift
find sdk/languages/swift/Sources/ -name ".gitignore" -exec rm -f {} \;
rm -rf sdk-swift/Sources
rm -rf sdk-swift/Tests
# Copy files to local sdk-swift repo path
cp --verbose -rf sdk/languages/swift/README.md sdk-swift/README.md
cp --verbose -rf sdk/languages/swift/Package.swift sdk-swift/Package.swift
cp --verbose -rf sdk/languages/swift/Sources sdk-swift
cp --verbose -rf sdk/languages/swift/Tests sdk-swift
- name: Push changes
working-directory: sdk-swift
run: |
git add .
git commit -m "Update Swift SDK to ${{ needs.validate.outputs.sha }}"
git push origin ${{ steps.get-ref.outputs.ref }}
- name: Create release tag on SDK Swift repo
working-directory: sdk-swift
run: |
git tag v${{ env._RELEASE_NAME }}
git push origin v${{ env._RELEASE_NAME }}
github-release:
name: GitHub Release
runs-on: ubuntu-22.04
needs:
- validate
- repo-sync
env:
_PKG_VERSION: ${{ needs.validate.outputs.version }}
_RELEASE_NAME: ${{ needs.validate.outputs.release_name }}
_BUILD_RUN_ID: ${{ needs.validate.outputs.run_id }}
steps:
- name: Login to Azure - Prod Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope"
- name: Download BitwardenEFI artifact
uses: bitwarden/gh-actions/download-artifacts@main
id: download-artifact
with:
workflow: build-swift.yml
workflow_conclusion: success
artifacts: "BitwardenFFI-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}.xcframework"
run_id: ${{ env._BUILD_RUN_ID }}
skip_unpack: true
- name: Create release
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
with:
tag: v${{ env._RELEASE_NAME }}
name: v${{ env._RELEASE_NAME }}
body: ""
token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
draft: false
repo: sdk-swift
owner: bitwarden
artifacts: "BitwardenFFI-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}.xcframework.zip"
prerelease: ${{ inputs.pre-release }}