From bb93c233314b889c1b53fb3b9b62a106ef68578f Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Fri, 4 Oct 2024 13:40:45 +0200 Subject: [PATCH] Switch to using npm for sdk-internal (#1113) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## 🎟️ Tracking ## 📔 Objective It's a hassle to consume an package published on GitHub Packages in GitHub Actions as you need a PAT. Proposing we switch to publishing on npm instead. ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes --- .github/workflows/publish-internal.yml | 27 ++- languages/js/sdk-internal/LICENSE | 295 +++++++++++++++++++++++++ languages/js/sdk-internal/README.md | 3 + languages/js/sdk-internal/package.json | 1 + 4 files changed, 322 insertions(+), 4 deletions(-) create mode 100644 languages/js/sdk-internal/LICENSE create mode 100644 languages/js/sdk-internal/README.md diff --git a/.github/workflows/publish-internal.yml b/.github/workflows/publish-internal.yml index 915b0bfe4..6df0b844c 100644 --- a/.github/workflows/publish-internal.yml +++ b/.github/workflows/publish-internal.yml @@ -51,7 +51,18 @@ jobs: uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 with: node-version: 20 - registry-url: "https://npm.pkg.github.com" + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "npm-api-key" - name: Download artifact uses: bitwarden/gh-actions/download-artifacts@main @@ -67,8 +78,16 @@ jobs: env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Setup NPM + run: | + echo 'registry="https://registry.npmjs.org/"' > ./.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc + + echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + env: + NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} + - name: Publish NPM if: ${{ inputs.release_type != 'Dry Run' }} - run: npm publish --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc diff --git a/languages/js/sdk-internal/LICENSE b/languages/js/sdk-internal/LICENSE new file mode 100644 index 000000000..e9d496ff7 --- /dev/null +++ b/languages/js/sdk-internal/LICENSE @@ -0,0 +1,295 @@ +BITWARDEN SOFTWARE DEVELOPMENT KIT LICENSE AGREEMENT +Version 1, 17 March 2023 + +1. Introduction + +1.1 The Bitwarden Software Development Kit (referred to in the License Agreement +as the "SDK" and available for download at the following URL +https://github.com/bitwarden/sdk) is licensed to you subject to the terms of +this License Agreement. The License Agreement forms a legally binding contract +between you and the Company in relation to your use of the SDK. + +1.2 "Bitwarden" means the Bitwarden software made available by the Company, +available for download at the following URL, as updated from time to time. + +1.3 A "Compatible Application" means any software program or service that (i) +connects to and interoperates with a current version of the Bitwarden server +products distributed by the Company; and (ii) complies with the Company’s +acceptable use policy available at the following URL: +https://bitwarden.com/terms/#acceptable_use. + +1.4 "Company" means Bitwarden Inc., organized under the laws of the State of +Delaware. + +2. Accepting this License Agreement + +2.1 In order to access or use the SDK, you must first agree to the License +Agreement. You may not access or use the SDK if you do not accept the License +Agreement. + +2.2 By clicking to accept and/or accessing or using the SDK, you hereby agree to +the terms of the License Agreement. + +2.3 You may not access or use the SDK and may not accept the License Agreement +if you are a person barred from receiving the SDK under the laws of the United +States or other countries, including the country in which you are resident or +from which you access or use the SDK. + +2.4 If you are agreeing to be bound by the License Agreement on behalf of your +employer or any other entity, you represent and warrant that you have full legal +authority to bind your employer or such other entity to the License Agreement. +If you do not have the requisite authority, you may not accept the License +Agreement or you may not access or use the SDK on behalf of your employer or +other entity. + +3. SDK License from Bitwarden + +3.1 Subject to the terms of this License Agreement, Bitwarden grants you a +limited, worldwide, royalty-free, non-assignable, non-exclusive, and +non-sublicensable license to use the SDK solely (a) to develop, test, and +demonstrate a Compatible Application; (b) to develop, test, and run a Compatible +Application for personal use by your family; or (c) to to develop, test, and run +a Compatible Application for the internal business operations of your +organization in connection with a paid license for a Bitwarden server product, +provided that in no case above may the Compatible Application be offered, +licensed, or sold to a third party. + +3.2 You agree that Bitwarden or third parties own all legal right, title and +interest in and to the SDK, including any Intellectual Property Rights that +subsist in the SDK. "Intellectual Property Rights" means any and all rights +under patent law, copyright law, trade secret law, trademark law, and any and +all other proprietary rights. Bitwarden reserves all rights not expressly +granted to you. + +3.3 You may not use this SDK to develop applications for use with software other +than Bitwarden (including non-compatible implementations of Bitwarden) or to +develop another SDK. + +3.4 You may not use the SDK for any purpose not expressly permitted by the +License Agreement. Except for contributions to Bitwarden pursuant to the +Contribution License Agreement available at this URL: +https://cla-assistant.io/bitwarden/clients, or to the extent required by +applicable third party licenses, you may not copy modify, adapt, redistribute, +decompile, reverse engineer, disassemble, or create derivative works of the SDK +or any part of the SDK. + +3.5 Use, reproduction, and distribution of a component of the SDK licensed under +an open source software license are governed solely by the terms of that open +source software license and not the License Agreement. + +3.6 You agree that the form and nature of the SDK that the Company provides may +change without prior notice to you and that future versions of the SDK may be +incompatible with applications developed on previous versions of the SDK. You +agree that the Company may stop (permanently or temporarily) providing the SDK +or any features within the SDK to you or to users generally at the Company’s +sole discretion, without prior notice to you. + +3.7 Nothing in the License Agreement gives you a right to use any of the +Company’s trade names, trademarks, service marks, logos, domain names, or other +distinctive brand features. + +3.8 You agree that you will not remove, obscure, or alter any proprietary rights +notices (including copyright and trademark notices) that may be affixed to or +contained within the SDK. + +4. Use of the SDK by You + +4.1 The Company agrees that it obtains no right, title, or interest from you (or +your licensors) under the License Agreement in or to any software applications +that you develop using the SDK, including any Intellectual Property Rights that +subsist in those applications. + +4.2 You agree to use the SDK and write applications only for purposes that are +permitted by (a) the License Agreement and (b) any applicable law, regulation or +generally accepted practices or guidelines in the relevant jurisdictions +(including any laws regarding the export of data or software to and from the +United States or other relevant countries). + +4.3 You agree that if you use the SDK to develop applications for other users, +you will protect the privacy and legal rights of those users. If the users +provide you with user names, passwords, or other login information or personal +information, you must make the users aware that the information will be +available to your application, and you must provide legally adequate privacy +notice and protection for those users. If your application stores personal or +sensitive information provided by users, it must do so securely. If the user +provides your application with Bitwarden Account information, your application +may only use that information to access the user's Bitwarden Account when, and +for the limited purposes for which, the user has given you permission to do so. + +4.4 You agree that you will not engage in any activity with the SDK, including +the development or distribution of an application, that interferes with, +disrupts, damages, or accesses in an unauthorized manner the servers, networks, +or other properties or services of any third party including, but not limited +to, the Company, or any mobile communications carrier or public cloud service. + +4.5 If you use the SDK to retrieve a user's data from Bitwarden, you acknowledge +and agree that you shall retrieve data only with the user's explicit consent and +only when, and for the limited purposes for which, the user has given you +permission to do so. + +4.6 You agree that you are solely responsible for, and that the Company has no +responsibility to you or to any third party for, any data, content, or resources +that you create, transmit or display through Bitwarden and/or applications for +Bitwarden, and for the consequences of your actions (including any loss or +damage which Bitwarden may suffer) by doing so. + +4.7 You agree that you are solely responsible for, and that the Company has no +responsibility to you or to any third party for, any breach of your obligations +under the License Agreement, any applicable third party contract or Terms of +Service, or any applicable law or regulation, and for the consequences +(including any loss or damage which the Company or any third party may suffer) +of any such breach. + +5. Third Party Applications + +5.1 If you use the SDK to integrate or run applications developed by a third +party or that access data, content or resources provided by a third party, you +agree that the Company is not responsible for those applications, data, content, +or resources. You understand that all data, content or resources which you may +access through such third party applications are the sole responsibility of the +person from which they originated and that the Company is not liable for any +loss or damage that you may experience as a result of the use or access of any +of those third party applications, data, content, or resources. + +5.2 You should be aware that the data, content, and resources presented to you +through such a third party application may be protected by intellectual property +rights which are owned by the providers (or by other persons or companies on +their behalf). You acknowledge that your use of such third party applications, +data, content, or resources may be subject to separate terms between you and the +relevant third party. In that case, the License Agreement does not affect your +legal relationship with these third parties. + +6. Use of Bitwarden Server + +You acknowledge and agree that the Bitwarden server products to which any +Compatible Application must connect is protected by intellectual property rights +which are owned by the Company and your use of the Bitwarden server products is +subject to additional terms not set forth in this License Agreement. + +7. Terminating this License Agreement + +7.1 The License Agreement will continue to apply until terminated by either you +or the Company as set out below. + +7.2 If you want to terminate the License Agreement, you may do so by ceasing +your use of the SDK and any relevant developer credentials. + +7.3 The Company may at any time, terminate the License Agreement with you if: + +(a) you have breached any provision of the License Agreement; or + +(b) the Company is required to do so by law; or + +(c) a third party with whom the Company offered certain parts of the SDK to you +has terminated its relationship with the Company or ceased to offer certain +parts of the SDK to either the Company or to you; or + +(d) the Company decides to no longer provide the SDK or certain parts of the SDK +to users in the country in which you are resident or from which you use the +service, or the provision of the SDK or certain SDK services to you by the +Company is, in the Company’'s sole discretion, no longer commercially viable or +technically practicable. + +7.4 When the License Agreement comes to an end, all of the legal rights, +obligations and liabilities that you and the Company have benefited from, been +subject to (or which have accrued over time whilst the License Agreement has +been in force) or which are expressed to continue indefinitely, shall be +unaffected by this cessation, and the provisions of paragraph 12.8 shall +continue to apply to such rights, obligations and liabilities indefinitely. + +8. NO SUPPORT + +The Company is not obligated under this License Agreement to provide you any +support services for the SDK. Any support provided is at the Company’s sole +discretion and provided on an "as is" basis and without warranty of any kind. + +9. DISCLAIMER OF WARRANTIES + +9.1 YOU EXPRESSLY UNDERSTAND AND AGREE THAT YOUR USE OF THE SDK IS AT YOUR SOLE +RISK AND THAT THE SDK IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF +ANY KIND FROM Bitwarden. + +9.2 YOUR USE OF THE SDK AND ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED +THROUGH THE USE OF THE SDK IS AT YOUR OWN DISCRETION AND RISK AND YOU ARE SOLELY +RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR OTHER DEVICE OR LOSS OF +DATA THAT RESULTS FROM SUCH USE. + +9.3 THE COMPANY FURTHER EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY +KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED +WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE +AND NON-INFRINGEMENT. + +10. LIMITATION OF LIABILITY + +YOU EXPRESSLY UNDERSTAND AND AGREE THAT THE COMPANY, ITS SUBSIDIARIES AND +AFFILIATES, AND ITS LICENSORS SHALL NOT BE LIABLE TO YOU UNDER ANY THEORY OF +LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, +STATUTORY, OR EXEMPLARY DAMAGES THAT MAY BE INCURRED BY YOU, INCLUDING ANY LOSS +OF DATA, WHETHER OR NOT THE COMPANY OR ITS REPRESENTATIVES HAVE BEEN ADVISED OF +OR SHOULD HAVE BEEN AWARE OF THE POSSIBILITY OF ANY SUCH LOSSES ARISING. + +11. Indemnification + +To the maximum extent permitted by law, you agree to defend, indemnify and hold +harmless the Company, its affiliates and their respective directors, officers, +employees and agents from and against any and all claims, actions, suits or +proceedings, as well as any and all losses, liabilities, damages, costs and +expenses (including reasonable attorneys fees) arising out of or accruing from +(a) your use of the SDK, (b) any application you develop on the SDK that +infringes any copyright, trademark, trade secret, trade dress, patent or other +intellectual property right of any person or defames any person or violates +their rights of publicity or privacy, and (c) any non-compliance by you with the +License Agreement. + +12. General Legal Terms + +12.1 The Company may make changes to the License Agreement as it distributes new +versions of the SDK. When these changes are made, the Company will make a new +version of the License Agreement available on the website where the SDK is made +available. + +12.2 The License Agreement constitutes the whole legal agreement between you and +the Company and governs your use of the SDK (excluding any services or software +which the Company may provide to you under a separate written agreement), and +completely replaces any prior agreements between you and the Company in relation +to the SDK. + +12.3 You agree that if the Company does not exercise or enforce any legal right +or remedy which is contained in the License Agreement (or which the Company has +the benefit of under any applicable law), this will not be taken to be a formal +waiver of the Company's rights and that those rights or remedies will still be +available to the Company. + +12.4 If any court of law, having the jurisdiction to decide on this matter, +rules that any provision of the License Agreement is invalid, then that +provision will be removed from the License Agreement without affecting the rest +of the License Agreement. The remaining provisions of the License Agreement will +continue to be valid and enforceable. + +12.5 You acknowledge and agree that each member of the group of companies of +which the Company is the parent shall be third party beneficiaries to the +License Agreement and that such other companies shall be entitled to directly +enforce, and rely upon, any provision of the License Agreement that confers a +benefit on them or rights in favor of them. Other than this, no other person or +company shall be third party beneficiaries to the License Agreement. + +12.6 EXPORT RESTRICTIONS. THE SDK IS SUBJECT TO UNITED STATES EXPORT LAWS AND +REGULATIONS. YOU MUST COMPLY WITH ALL DOMESTIC AND INTERNATIONAL EXPORT LAWS AND +REGULATIONS THAT APPLY TO THE SDK. THESE LAWS INCLUDE RESTRICTIONS ON +DESTINATIONS, END USERS, AND END USE. + +12.7 The rights granted in the License Agreement may not be assigned or +transferred by either you or the Company without the prior written approval of +the other party, provided that the Company may assign this License Agreement +upon notice to you in connection with an acquisition, merger, sale of assets, or +similar corporate change in control for the Company or the Intellectual Property +Rights in the SDK. + +12.8 The License Agreement, and any dispute relating to or arising out of this +License Agreement, shall be governed by the laws of the State of California +without regard to its conflict of laws provisions. You and the Company agree to +submit to the exclusive jurisdiction of the courts located within the county of +Los Angeles, California to resolve any dispute or legal matter arising from the +License Agreement. Notwithstanding this, you agree that the Company shall be +allowed to apply for injunctive remedies, or any equivalent type of urgent legal +relief, in any forum or jurisdiction. diff --git a/languages/js/sdk-internal/README.md b/languages/js/sdk-internal/README.md new file mode 100644 index 000000000..9391aa071 --- /dev/null +++ b/languages/js/sdk-internal/README.md @@ -0,0 +1,3 @@ +# @bitwarden/sdk-internal + +**Note:** This is only for internal use. Bitwarden will not provide any support for this package. diff --git a/languages/js/sdk-internal/package.json b/languages/js/sdk-internal/package.json index 4ce87a3c1..51cfa577c 100644 --- a/languages/js/sdk-internal/package.json +++ b/languages/js/sdk-internal/package.json @@ -1,6 +1,7 @@ { "name": "@bitwarden/sdk-internal", "version": "0.1.0", + "license": "SEE LICENSE IN LICENSE", "files": [ "bitwarden_wasm_internal_bg.js", "bitwarden_wasm_internal_bg.wasm",