From c6ec346c0decf8d3ec43554d6f7de28fcdabac84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 21:27:54 +0100 Subject: [PATCH 01/36] Add new inputs: update-ios-repo; build-run-number --- .github/workflows/build-swift.yml | 4 +++- .github/workflows/release-swift.yml | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-swift.yml b/.github/workflows/build-swift.yml index cff5fb8b8..d000a0858 100644 --- a/.github/workflows/build-swift.yml +++ b/.github/workflows/build-swift.yml @@ -132,6 +132,8 @@ jobs: ref: 'main', inputs: { 'build-run-id': '${{ github.run_id }}', - 'pre-release': 'true' + 'pre-release': 'true', + 'update-ios-repo': 'true', + 'build-run-number': '${{ github.run_number }}' } }) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 4544a6b8d..8e039cbee 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -1,4 +1,5 @@ name: Release Swift Package +run-name: Release Swift Build ${{ inputs.build-run-number }} on: workflow_call: @@ -12,6 +13,13 @@ on: type: boolean required: false default: false + build-run-number: + description: "Build Run Number" + type: string + update-ios-repo: + description: "Update iOS Repo - Opens a PR updating the SDK in bitwarden/ios" + type: boolean + default: false workflow_dispatch: inputs: @@ -24,6 +32,13 @@ on: type: boolean required: false default: false + build-run-number: + description: "Build Run Number" + type: string + update-ios-repo: + description: "Update iOS Repo - Opens a PR updating the SDK in bitwarden/ios" + type: boolean + default: false env: _KEY_VAULT: "bitwarden-ci" From 4e43488ab58b5f232f4e245f433719ed7c4ed7a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 21:40:03 +0100 Subject: [PATCH 02/36] Update release name to include build run number, following Android's pattern --- .github/workflows/release-swift.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 8e039cbee..fc2350de6 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -103,12 +103,14 @@ jobs: - name: Set release name id: set-release-name + env: + _BUILD_RUN_NUMBER: ${{ inputs.build-run-number }} + _SHORT_SHA: ${{ steps.set-sha.outputs.short_sha }} + _VERSION: ${{ steps.version.outputs.version }} run: | - if [[ ${{ inputs.pre-release }} == true ]]; then - echo "release_name=${{ steps.version.outputs.version }}-unstable-${{ steps.set-sha.outputs.short_sha }}" >> $GITHUB_OUTPUT - else - echo "release_name=${{ steps.version.outputs.version }}" >> $GITHUB_OUTPUT - fi + RELEASE_NAME="$_VERSION-$_BUILD_RUN_NUMBER-$_SHORT_SHA" + echo "👀 Release name: $RELEASE_NAME" + echo "release_name=$RELEASE_NAME" >> $GITHUB_OUTPUT - name: Calculate swift file checksum id: calculate-swift-checksum From 0dd019ac6926b22decc9f2dcfb4a43276ea28d33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 22:00:26 +0100 Subject: [PATCH 03/36] Replace DevOps bot with BW Bot - removes code signing --- .github/workflows/release-swift.yml | 35 ++++++++++++++--------------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index fc2350de6..8f8d497ba 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -126,8 +126,8 @@ jobs: contents: read id-token: write env: - _BOT_EMAIL: 106330231+bitwarden-devops-bot@users.noreply.github.com - _BOT_NAME: bitwarden-devops-bot + _BOT_EMAIL: 178206702+bw-ghapp[bot]@users.noreply.github.com + _BOT_NAME: bw-ghapp[bot] _PKG_VERSION: ${{ needs.validate.outputs.version }} _PRE_RELEASE: ${{ inputs.pre-release }} _RELEASE_NAME: ${{ needs.validate.outputs.release_name }} @@ -155,34 +155,33 @@ jobs: tenant_id: ${{ secrets.AZURE_TENANT_ID }} client_id: ${{ secrets.AZURE_CLIENT_ID }} - - name: Retrieve secrets - id: retrieve-secrets + - name: Get Azure Key Vault secrets + id: get-kv-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: - keyvault: "bitwarden-ci" - secrets: "github-gpg-private-key, - github-gpg-private-key-passphrase, - github-pat-bitwarden-devops-bot-repo-scope" + keyvault: gh-org-bitwarden + secrets: "BW-GHAPP-ID,BW-GHAPP-KEY" - name: Log out from Azure uses: bitwarden/gh-actions/azure-logout@main + - name: Generate GH App token + uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.1 + id: app-token + with: + app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }} + private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }} + owner: bitwarden + repositories: sdk-swift + permission-contents: write # used to: push code; create github release + - name: Checkout SDK-Swift repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: bitwarden/sdk-swift path: sdk-swift ref: ${{ steps.get-ref.outputs.ref }} - token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} - - - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 - with: - gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }} - passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }} - git_user_signingkey: true - git_commit_gpgsign: true - workdir: sdk-swift + token: ${{ steps.app-token.outputs.token }} - name: Setup Git working-directory: sdk-swift From 8f8a1840c160056821a7e948ec26cedf2de96ff8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 22:00:43 +0100 Subject: [PATCH 04/36] remove workflow_call - unused --- .github/workflows/release-swift.yml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 8f8d497ba..6914266d4 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -2,25 +2,6 @@ name: Release Swift Package run-name: Release Swift Build ${{ inputs.build-run-number }} on: - workflow_call: - inputs: - build-run-id: - description: "Workflow Run ID to use for artifact download. If not provided the latest build from the selected branch will be used." - type: string - required: false - pre-release: - description: "Create a pre-release" - type: boolean - required: false - default: false - build-run-number: - description: "Build Run Number" - type: string - update-ios-repo: - description: "Update iOS Repo - Opens a PR updating the SDK in bitwarden/ios" - type: boolean - default: false - workflow_dispatch: inputs: build-run-id: From f70cdc0011cdfbb1ea6d51bb1925624a6a3bfa64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 22:01:40 +0100 Subject: [PATCH 05/36] Save sdk-swift new commit hash --- .github/workflows/release-swift.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 6914266d4..b6a76157b 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -210,11 +210,15 @@ jobs: cp --verbose -rf sdk/crates/bitwarden-uniffi/swift/Tests sdk-swift - name: Push changes + id: push-changes working-directory: sdk-swift run: | git add . git commit -m "Update Swift SDK to ${{ needs.validate.outputs.sha }}" git push origin ${{ steps.get-ref.outputs.ref }} + COMMIT_HASH=$(git rev-parse HEAD) + echo "👀 Commit hash: $COMMIT_HASH" + echo "commit-hash=$COMMIT_HASH" >> $GITHUB_OUTPUT - name: Create release tag on SDK Swift repo working-directory: sdk-swift From 50918e1c1ad81343d879453ee8e8dff1d322f9ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 22:04:00 +0100 Subject: [PATCH 06/36] Remove pre-release input --- .github/workflows/build-swift.yml | 1 - .github/workflows/release-swift.yml | 8 ++------ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-swift.yml b/.github/workflows/build-swift.yml index d000a0858..b5b8a15d5 100644 --- a/.github/workflows/build-swift.yml +++ b/.github/workflows/build-swift.yml @@ -132,7 +132,6 @@ jobs: ref: 'main', inputs: { 'build-run-id': '${{ github.run_id }}', - 'pre-release': 'true', 'update-ios-repo': 'true', 'build-run-number': '${{ github.run_number }}' } diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index b6a76157b..5bfa8e820 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -7,15 +7,11 @@ on: build-run-id: description: "Workflow Run ID to use for artifact download. If not provided the latest build from the selected branch will be used." type: string - required: false - pre-release: - description: "Create a pre-release" - type: boolean - required: false - default: false + required: true build-run-number: description: "Build Run Number" type: string + required: true update-ios-repo: description: "Update iOS Repo - Opens a PR updating the SDK in bitwarden/ios" type: boolean From 75c0064f3d72a471cccc4cce5220df2488716128 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 22:04:47 +0100 Subject: [PATCH 07/36] Remove github release job and replace action step with GH CLI --- .github/workflows/release-swift.yml | 62 +++++++---------------------- 1 file changed, 14 insertions(+), 48 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 5bfa8e820..888b427d5 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -17,9 +17,6 @@ on: type: boolean default: false -env: - _KEY_VAULT: "bitwarden-ci" - jobs: validate: name: Set Version and SHA @@ -222,41 +219,9 @@ jobs: git tag v${{ env._RELEASE_NAME }} git push origin v${{ env._RELEASE_NAME }} - github-release: - name: GitHub Release - runs-on: ubuntu-24.04 - needs: - - validate - - repo-sync - permissions: - actions: read - contents: write - id-token: write - env: - _PKG_VERSION: ${{ needs.validate.outputs.version }} - _RELEASE_NAME: ${{ needs.validate.outputs.release_name }} - _BUILD_RUN_ID: ${{ needs.validate.outputs.run_id }} - steps: - - name: Log in to Azure - uses: bitwarden/gh-actions/azure-login@main - with: - subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - tenant_id: ${{ secrets.AZURE_TENANT_ID }} - client_id: ${{ secrets.AZURE_CLIENT_ID }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: ${{ env._KEY_VAULT }} - secrets: "github-pat-bitwarden-devops-bot-repo-scope" - - - name: Log out from Azure - uses: bitwarden/gh-actions/azure-logout@main - - - name: Download BitwardenEFI artifact + - name: Download BitwardenFFI artifact uses: bitwarden/gh-actions/download-artifacts@main - id: download-artifact + id: download-artifact-ffi with: workflow: build-swift.yml workflow_conclusion: success @@ -265,14 +230,15 @@ jobs: skip_unpack: true - name: Create release - uses: ncipollo/release-action@cdcc88a9acf3ca41c16c37bb7d21b9ad48560d87 # v1.15.0 - with: - tag: v${{ env._RELEASE_NAME }} - name: v${{ env._RELEASE_NAME }} - body: "" - token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} - draft: false - repo: sdk-swift - owner: bitwarden - artifacts: "BitwardenFFI-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}.xcframework.zip" - prerelease: ${{ inputs.pre-release }} + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + _RELEASE_NAME: ${{ env._RELEASE_NAME }} + _PKG_VERSION: ${{ env._PKG_VERSION }} + _SHORT_SHA: ${{ needs.validate.outputs.short_sha }} + run: | + gh release create "v$_RELEASE_NAME" \ + --repo bitwarden/sdk-swift \ + --title "v$_RELEASE_NAME" \ + --notes "" \ + --prerelease \ + "BitwardenFFI-$_PKG_VERSION-$_SHORT_SHA.xcframework.zip" From 7737a94dd1a30585146079feea802bb187185f87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 22:05:21 +0100 Subject: [PATCH 08/36] Add step to trigger the sdk update in the iOS repo --- .github/workflows/release-swift.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 888b427d5..3014573f0 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -242,3 +242,12 @@ jobs: --notes "" \ --prerelease \ "BitwardenFFI-$_PKG_VERSION-$_SHORT_SHA.xcframework.zip" + + - name: Trigger SDK Update in iOS repo + if: inputs.update-ios-repo + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + _SDK_SWIFT_REF: ${{ steps.push-changes.outputs.commit-hash }} + run: | + echo "🚀 Triggering sdlc-sdk-update.yml workflow in bitwarden/ios repo..." + gh workflow run sdlc-sdk-update.yml --repo bitwarden/ios --ref main -f run-mode=Update -f sdk-version=$_RELEASE_NAME -f sdk-swift-ref=$_SDK_SWIFT_REF From afef6f4db4571ed25984bd7ae3a6f87d7b0ed1e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 22:12:17 +0100 Subject: [PATCH 09/36] Replace pre-release use with _BRANCH_NAME --- .github/workflows/release-swift.yml | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 3014573f0..6113ecf6a 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -103,25 +103,16 @@ jobs: _BOT_EMAIL: 178206702+bw-ghapp[bot]@users.noreply.github.com _BOT_NAME: bw-ghapp[bot] _PKG_VERSION: ${{ needs.validate.outputs.version }} - _PRE_RELEASE: ${{ inputs.pre-release }} _RELEASE_NAME: ${{ needs.validate.outputs.release_name }} _SWIFT_CHECKSUM: ${{ needs.validate.outputs.swift_checksum }} _BUILD_RUN_ID: ${{ needs.validate.outputs.run_id }} + _BRANCH_NAME: unstable steps: - name: Checkout SDK repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: sdk - - name: Get ref from SDK repo - id: get-ref - run: | - if [[ $_PRE_RELEASE == true ]]; then - echo "ref=unstable" >> $GITHUB_OUTPUT - else - echo "ref=main" >> $GITHUB_OUTPUT - fi - - name: Log in to Azure uses: bitwarden/gh-actions/azure-login@main with: @@ -154,7 +145,7 @@ jobs: with: repository: bitwarden/sdk-swift path: sdk-swift - ref: ${{ steps.get-ref.outputs.ref }} + ref: ${{ env._BRANCH_NAME }} token: ${{ steps.app-token.outputs.token }} - name: Setup Git @@ -208,7 +199,7 @@ jobs: run: | git add . git commit -m "Update Swift SDK to ${{ needs.validate.outputs.sha }}" - git push origin ${{ steps.get-ref.outputs.ref }} + git push origin ${{ env._BRANCH_NAME }} COMMIT_HASH=$(git rev-parse HEAD) echo "👀 Commit hash: $COMMIT_HASH" echo "commit-hash=$COMMIT_HASH" >> $GITHUB_OUTPUT From 18bf5eba31661a8d04260ef12e5ac6b2ab5a9c17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 22:50:37 +0100 Subject: [PATCH 10/36] Remove step to fetch run_id - it's received from input --- .github/workflows/release-swift.yml | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 6113ecf6a..69312c0f5 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -28,7 +28,6 @@ jobs: sha: ${{ steps.set-sha.outputs.sha }} short_sha: ${{ steps.set-sha.outputs.short_sha }} release_name: ${{ steps.set-release-name.outputs.release_name }} - run_id: ${{ steps.get-run-id.outputs.build-run-id }} swift_checksum: ${{ steps.calculate-swift-checksum.outputs.checksum }} steps: - name: Checkout repo @@ -40,26 +39,6 @@ jobs: VERSION=$(grep -o '^version = ".*"' Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") echo "version=$VERSION" >> $GITHUB_OUTPUT - - name: Get run id - id: get-run-id - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - OWNER: ${{ github.repository_owner }} - REPO: ${{ github.event.repository.name }} - run: | - if [ -z ${{ inputs.build-run-id }} ]; then - BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - RUN_ID=$(gh api \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/$OWNER/$REPO/actions/workflows/build-swift.yml/runs \ - | jq -r "[.workflow_runs[] | select(.head_branch == \"$BRANCH\").id ] | first") - else - RUN_ID=${{ inputs.build-run-id }} - fi - - echo "build-run-id=$RUN_ID" >> $GITHUB_OUTPUT - - name: Download BitwardenEFI artifact uses: bitwarden/gh-actions/download-artifacts@main id: download-artifact @@ -67,7 +46,7 @@ jobs: workflow: build-swift.yml workflow_conclusion: success skip_unpack: true - run_id: ${{ steps.get-run-id.outputs.build-run-id }} + run_id: ${{ inputs.build-run-id }} - name: Set SHA id: set-sha @@ -105,7 +84,7 @@ jobs: _PKG_VERSION: ${{ needs.validate.outputs.version }} _RELEASE_NAME: ${{ needs.validate.outputs.release_name }} _SWIFT_CHECKSUM: ${{ needs.validate.outputs.swift_checksum }} - _BUILD_RUN_ID: ${{ needs.validate.outputs.run_id }} + _BUILD_RUN_ID: ${{ inputs.build-run-id }} _BRANCH_NAME: unstable steps: - name: Checkout SDK repo From 8c6a1cfed5bb96b21ff0295eb93bbf230424a07b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 23:02:10 +0100 Subject: [PATCH 11/36] Update job name --- .github/workflows/release-swift.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 69312c0f5..5af3f02b6 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -72,7 +72,7 @@ jobs: echo "checksum=$CHECKSUM" >> $GITHUB_OUTPUT repo-sync: - name: Push changed files to SDK Swift repo + name: Push changed files to SDK Swift repo and create GitHub runs-on: ubuntu-24.04 needs: validate permissions: From 0e107734ea93861c7de462e4cd419653a82e83c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 23:02:49 +0100 Subject: [PATCH 12/36] Update branch name to test --- .github/workflows/release-swift.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 5af3f02b6..f685f8502 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -85,7 +85,7 @@ jobs: _RELEASE_NAME: ${{ needs.validate.outputs.release_name }} _SWIFT_CHECKSUM: ${{ needs.validate.outputs.swift_checksum }} _BUILD_RUN_ID: ${{ inputs.build-run-id }} - _BRANCH_NAME: unstable + _BRANCH_NAME: TEST_BRANCH # TODO: replace with unstable before merging steps: - name: Checkout SDK repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 From 23e99402371c1725e51e70dc29a1a6f674680b8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 23:03:27 +0100 Subject: [PATCH 13/36] Security - Use env vars in bash scripts instead of inline preprocessor vars. --- .github/workflows/release-swift.yml | 38 ++++++++++++++++------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index f685f8502..c5323c416 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -50,25 +50,30 @@ jobs: - name: Set SHA id: set-sha + env: + _ARTIFACT_BUILD_COMMIT: ${{ steps.download-artifact.outputs.artifact-build-commit }} run: | - echo "sha=${{ steps.download-artifact.outputs.artifact-build-commit }}" >> $GITHUB_OUTPUT - echo "short_sha=$(echo ${{ steps.download-artifact.outputs.artifact-build-commit }} | cut -c1-7)" >> $GITHUB_OUTPUT + echo "sha=$_ARTIFACT_BUILD_COMMIT" >> $GITHUB_OUTPUT + echo "short_sha=$(echo $_ARTIFACT_BUILD_COMMIT | cut -c1-7)" >> $GITHUB_OUTPUT - name: Set release name id: set-release-name env: _BUILD_RUN_NUMBER: ${{ inputs.build-run-number }} - _SHORT_SHA: ${{ steps.set-sha.outputs.short_sha }} + _SDK_INTERNAL_SHORT_REF: ${{ steps.set-sha.outputs.short_sha }} _VERSION: ${{ steps.version.outputs.version }} run: | - RELEASE_NAME="$_VERSION-$_BUILD_RUN_NUMBER-$_SHORT_SHA" + RELEASE_NAME="$_VERSION-$_BUILD_RUN_NUMBER-$_SDK_INTERNAL_SHORT_REF" echo "👀 Release name: $RELEASE_NAME" echo "release_name=$RELEASE_NAME" >> $GITHUB_OUTPUT - name: Calculate swift file checksum id: calculate-swift-checksum + env: + _VERSION: ${{ steps.version.outputs.version }} + _SDK_INTERNAL_SHORT_REF: ${{ steps.set-sha.outputs.short_sha }} run: | - CHECKSUM=$(swift package compute-checksum BitwardenFFI-${{ steps.version.outputs.version }}-${{ steps.set-sha.outputs.short_sha }}.xcframework.zip) + CHECKSUM=$(swift package compute-checksum BitwardenFFI-$_VERSION-$_SDK_INTERNAL_SHORT_REF.xcframework.zip) echo "checksum=$CHECKSUM" >> $GITHUB_OUTPUT repo-sync: @@ -86,6 +91,8 @@ jobs: _SWIFT_CHECKSUM: ${{ needs.validate.outputs.swift_checksum }} _BUILD_RUN_ID: ${{ inputs.build-run-id }} _BRANCH_NAME: TEST_BRANCH # TODO: replace with unstable before merging + _SDK_INTERNAL_SHORT_REF: ${{ needs.validate.outputs.short_sha }} + _SDK_INTERNAL_REF: ${{ needs.validate.outputs.sha }} steps: - name: Checkout SDK repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -139,7 +146,7 @@ jobs: with: workflow: build-swift.yml workflow_conclusion: success - artifacts: "BitwardenSdk-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}-sources" + artifacts: "BitwardenSdk-${{ env._PKG_VERSION }}-${{ env._SDK_INTERNAL_SHORT_REF }}-sources" run_id: ${{ env._BUILD_RUN_ID }} path: sdk/crates/bitwarden-uniffi/swift/Sources/BitwardenSdk @@ -155,8 +162,8 @@ jobs: # Update BitwardenFFI path sed -i 's|.binaryTarget(name: "BitwardenFFI", path: "BitwardenFFI.xcframework")|.binaryTarget(\ name: "BitwardenFFI",\ - url: "https://github.com/bitwarden/sdk-swift/releases/download/v${{ env._RELEASE_NAME }}/BitwardenFFI-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}.xcframework.zip",\ - checksum: "${{ env._SWIFT_CHECKSUM }}" )|' sdk/crates/bitwarden-uniffi/swift/Package.swift + url: "https://github.com/bitwarden/sdk-swift/releases/download/v$_RELEASE_NAME/BitwardenFFI-$_PKG_VERSION-$_SDK_INTERNAL_SHORT_REF.xcframework.zip",\ + checksum: "$_SWIFT_CHECKSUM" )|' sdk/crates/bitwarden-uniffi/swift/Package.swift # Run swiftformat swiftformat sdk/crates/bitwarden-uniffi/swift/Package.swift @@ -177,8 +184,8 @@ jobs: working-directory: sdk-swift run: | git add . - git commit -m "Update Swift SDK to ${{ needs.validate.outputs.sha }}" - git push origin ${{ env._BRANCH_NAME }} + git commit -m "Update Swift SDK to $_SDK_INTERNAL_REF" + git push origin $_BRANCH_NAME COMMIT_HASH=$(git rev-parse HEAD) echo "👀 Commit hash: $COMMIT_HASH" echo "commit-hash=$COMMIT_HASH" >> $GITHUB_OUTPUT @@ -186,8 +193,8 @@ jobs: - name: Create release tag on SDK Swift repo working-directory: sdk-swift run: | - git tag v${{ env._RELEASE_NAME }} - git push origin v${{ env._RELEASE_NAME }} + git tag v$_RELEASE_NAME + git push origin v$_RELEASE_NAME - name: Download BitwardenFFI artifact uses: bitwarden/gh-actions/download-artifacts@main @@ -195,23 +202,20 @@ jobs: with: workflow: build-swift.yml workflow_conclusion: success - artifacts: "BitwardenFFI-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}.xcframework" + artifacts: "BitwardenFFI-${{ env._PKG_VERSION }}-${{ env._SDK_INTERNAL_SHORT_REF }}.xcframework" run_id: ${{ env._BUILD_RUN_ID }} skip_unpack: true - name: Create release env: GH_TOKEN: ${{ steps.app-token.outputs.token }} - _RELEASE_NAME: ${{ env._RELEASE_NAME }} - _PKG_VERSION: ${{ env._PKG_VERSION }} - _SHORT_SHA: ${{ needs.validate.outputs.short_sha }} run: | gh release create "v$_RELEASE_NAME" \ --repo bitwarden/sdk-swift \ --title "v$_RELEASE_NAME" \ --notes "" \ --prerelease \ - "BitwardenFFI-$_PKG_VERSION-$_SHORT_SHA.xcframework.zip" + "BitwardenFFI-$_PKG_VERSION-$_SDK_INTERNAL_SHORT_REF.xcframework.zip" - name: Trigger SDK Update in iOS repo if: inputs.update-ios-repo From 07542e4b32f638e7e968d0f184d5c548ac69e9d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 23:07:02 +0100 Subject: [PATCH 14/36] Update test branch name --- .github/workflows/release-swift.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index c5323c416..ede845cba 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -90,7 +90,7 @@ jobs: _RELEASE_NAME: ${{ needs.validate.outputs.release_name }} _SWIFT_CHECKSUM: ${{ needs.validate.outputs.swift_checksum }} _BUILD_RUN_ID: ${{ inputs.build-run-id }} - _BRANCH_NAME: TEST_BRANCH # TODO: replace with unstable before merging + _BRANCH_NAME: WORKFLOW_TEST # TODO: replace with unstable before merging _SDK_INTERNAL_SHORT_REF: ${{ needs.validate.outputs.short_sha }} _SDK_INTERNAL_REF: ${{ needs.validate.outputs.sha }} steps: From 9e53f9a441a001e11e950a3987694e0ebd08449b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 23:23:57 +0100 Subject: [PATCH 15/36] Replace file download step with GH CLI --- .github/workflows/release-swift.yml | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index ede845cba..7e2c28cef 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -25,8 +25,8 @@ jobs: contents: read outputs: version: ${{ steps.version.outputs.version }} - sha: ${{ steps.set-sha.outputs.sha }} - short_sha: ${{ steps.set-sha.outputs.short_sha }} + sha: ${{ steps.get-sdk-internal-ref.outputs.sha }} + short_sha: ${{ steps.get-sdk-internal-ref.outputs.short_sha }} release_name: ${{ steps.set-release-name.outputs.release_name }} swift_checksum: ${{ steps.calculate-swift-checksum.outputs.checksum }} steps: @@ -39,28 +39,21 @@ jobs: VERSION=$(grep -o '^version = ".*"' Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") echo "version=$VERSION" >> $GITHUB_OUTPUT - - name: Download BitwardenEFI artifact - uses: bitwarden/gh-actions/download-artifacts@main - id: download-artifact - with: - workflow: build-swift.yml - workflow_conclusion: success - skip_unpack: true - run_id: ${{ inputs.build-run-id }} - - - name: Set SHA - id: set-sha + - name: Get workflow run commit ref + id: get-sdk-internal-ref env: - _ARTIFACT_BUILD_COMMIT: ${{ steps.download-artifact.outputs.artifact-build-commit }} + GH_TOKEN: ${{ github.token }} + _RUN_ID: ${{ inputs.build-run-id }} run: | - echo "sha=$_ARTIFACT_BUILD_COMMIT" >> $GITHUB_OUTPUT - echo "short_sha=$(echo $_ARTIFACT_BUILD_COMMIT | cut -c1-7)" >> $GITHUB_OUTPUT + COMMIT_SHA=$(gh run view $_RUN_ID --json headSha --jq '.headSha') + echo "sha=$COMMIT_SHA" >> $GITHUB_OUTPUT + echo "short_sha=$(echo $COMMIT_SHA | cut -c1-7)" >> $GITHUB_OUTPUT - name: Set release name id: set-release-name env: _BUILD_RUN_NUMBER: ${{ inputs.build-run-number }} - _SDK_INTERNAL_SHORT_REF: ${{ steps.set-sha.outputs.short_sha }} + _SDK_INTERNAL_SHORT_REF: ${{ steps.get-sdk-internal-ref.outputs.short_sha }} _VERSION: ${{ steps.version.outputs.version }} run: | RELEASE_NAME="$_VERSION-$_BUILD_RUN_NUMBER-$_SDK_INTERNAL_SHORT_REF" @@ -71,7 +64,7 @@ jobs: id: calculate-swift-checksum env: _VERSION: ${{ steps.version.outputs.version }} - _SDK_INTERNAL_SHORT_REF: ${{ steps.set-sha.outputs.short_sha }} + _SDK_INTERNAL_SHORT_REF: ${{ steps.get-sdk-internal-ref.outputs.short_sha }} run: | CHECKSUM=$(swift package compute-checksum BitwardenFFI-$_VERSION-$_SDK_INTERNAL_SHORT_REF.xcframework.zip) echo "checksum=$CHECKSUM" >> $GITHUB_OUTPUT From f86660358d56fd4b2a7ce310a1f14eb2cc363c6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 23:28:08 +0100 Subject: [PATCH 16/36] Remove tag step; comment tagging code for now --- .github/workflows/release-swift.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 7e2c28cef..8ead3e027 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -183,11 +183,9 @@ jobs: echo "👀 Commit hash: $COMMIT_HASH" echo "commit-hash=$COMMIT_HASH" >> $GITHUB_OUTPUT - - name: Create release tag on SDK Swift repo - working-directory: sdk-swift - run: | - git tag v$_RELEASE_NAME - git push origin v$_RELEASE_NAME + # git tag v$_RELEASE_NAME + # git push origin v$_RELEASE_NAME + # echo "👀 Release Tag: v$_RELEASE_NAME" - name: Download BitwardenFFI artifact uses: bitwarden/gh-actions/download-artifacts@main From 678424b1c2f901140e8877ea5acbebc163567c42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 23:43:23 +0100 Subject: [PATCH 17/36] Comment release and update trigger steps for testing --- .github/workflows/release-swift.yml | 38 ++++++++++++++--------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 8ead3e027..4e589af78 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -197,22 +197,22 @@ jobs: run_id: ${{ env._BUILD_RUN_ID }} skip_unpack: true - - name: Create release - env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} - run: | - gh release create "v$_RELEASE_NAME" \ - --repo bitwarden/sdk-swift \ - --title "v$_RELEASE_NAME" \ - --notes "" \ - --prerelease \ - "BitwardenFFI-$_PKG_VERSION-$_SDK_INTERNAL_SHORT_REF.xcframework.zip" - - - name: Trigger SDK Update in iOS repo - if: inputs.update-ios-repo - env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} - _SDK_SWIFT_REF: ${{ steps.push-changes.outputs.commit-hash }} - run: | - echo "🚀 Triggering sdlc-sdk-update.yml workflow in bitwarden/ios repo..." - gh workflow run sdlc-sdk-update.yml --repo bitwarden/ios --ref main -f run-mode=Update -f sdk-version=$_RELEASE_NAME -f sdk-swift-ref=$_SDK_SWIFT_REF + # - name: Create release + # env: + # GH_TOKEN: ${{ steps.app-token.outputs.token }} + # run: | + # gh release create "v$_RELEASE_NAME" \ + # --repo bitwarden/sdk-swift \ + # --title "v$_RELEASE_NAME" \ + # --notes "" \ + # --prerelease \ + # "BitwardenFFI-$_PKG_VERSION-$_SDK_INTERNAL_SHORT_REF.xcframework.zip" + + # - name: Trigger SDK Update in iOS repo + # if: inputs.update-ios-repo + # env: + # GH_TOKEN: ${{ steps.app-token.outputs.token }} + # _SDK_SWIFT_REF: ${{ steps.push-changes.outputs.commit-hash }} + # run: | + # echo "🚀 Triggering sdlc-sdk-update.yml workflow in bitwarden/ios repo..." + # gh workflow run sdlc-sdk-update.yml --repo bitwarden/ios --ref main -f run-mode=Update -f sdk-version=$_RELEASE_NAME -f sdk-swift-ref=$_SDK_SWIFT_REF From c4915f4ae80c357cfa18f4ea9f18de59a7b0d126 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 8 Sep 2025 23:43:34 +0100 Subject: [PATCH 18/36] Fix sed --- .github/workflows/release-swift.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 4e589af78..315168e46 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -155,8 +155,8 @@ jobs: # Update BitwardenFFI path sed -i 's|.binaryTarget(name: "BitwardenFFI", path: "BitwardenFFI.xcframework")|.binaryTarget(\ name: "BitwardenFFI",\ - url: "https://github.com/bitwarden/sdk-swift/releases/download/v$_RELEASE_NAME/BitwardenFFI-$_PKG_VERSION-$_SDK_INTERNAL_SHORT_REF.xcframework.zip",\ - checksum: "$_SWIFT_CHECKSUM" )|' sdk/crates/bitwarden-uniffi/swift/Package.swift + url: "https://github.com/bitwarden/sdk-swift/releases/download/v'$_RELEASE_NAME'/BitwardenFFI-'$_PKG_VERSION'-'$_SDK_INTERNAL_SHORT_REF'.xcframework.zip",\ + checksum: "'$_SWIFT_CHECKSUM'")|' sdk/crates/bitwarden-uniffi/swift/Package.swift # Run swiftformat swiftformat sdk/crates/bitwarden-uniffi/swift/Package.swift From 548b23a2bc6e17b408515d72896fcc0b6ec27aa1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Wed, 10 Sep 2025 21:47:10 +0100 Subject: [PATCH 19/36] Use env vars instead of github preprocessor vars --- .github/workflows/release-swift.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 315168e46..88059b2af 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -130,8 +130,8 @@ jobs: - name: Setup Git working-directory: sdk-swift run: | - git config --local user.email "${{ env._BOT_EMAIL }}" - git config --local user.name "${{ env._BOT_NAME }}" + git config --local user.email "$_BOT_EMAIL" + git config --local user.name "$_BOT_NAME" - name: Download BitwardenSdk sources artifact uses: bitwarden/gh-actions/download-artifacts@main From 78b5f31bb1a8f3a69e77404f5371db7c394ad8e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Wed, 10 Sep 2025 21:50:10 +0100 Subject: [PATCH 20/36] Add branch-name input and consolidate to a single job to reduce repeated steps. --- .github/workflows/release-swift.yml | 90 ++++++++++++++--------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 88059b2af..83feaec82 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -16,38 +16,49 @@ on: description: "Update iOS Repo - Opens a PR updating the SDK in bitwarden/ios" type: boolean default: false + branch-name: + description: "Branch Name - can be used for testing purposes" + type: string + required: true + default: "WORKFLOW_TEST" # TODO: replace with unstable before merging jobs: - validate: - name: Set Version and SHA + release: + name: Push changed files to SDK Swift repo and create GitHub runs-on: ubuntu-24.04 permissions: contents: read - outputs: - version: ${{ steps.version.outputs.version }} - sha: ${{ steps.get-sdk-internal-ref.outputs.sha }} - short_sha: ${{ steps.get-sdk-internal-ref.outputs.short_sha }} - release_name: ${{ steps.set-release-name.outputs.release_name }} - swift_checksum: ${{ steps.calculate-swift-checksum.outputs.checksum }} + id-token: write + env: + _BOT_EMAIL: 178206702+bw-ghapp[bot]@users.noreply.github.com + _BOT_NAME: bw-ghapp[bot] steps: - - name: Checkout repo + - name: Checkout SDK repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + path: sdk - name: Get version id: version + working-directory: sdk run: | VERSION=$(grep -o '^version = ".*"' Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "👀 Version: $VERSION" - name: Get workflow run commit ref id: get-sdk-internal-ref env: GH_TOKEN: ${{ github.token }} _RUN_ID: ${{ inputs.build-run-id }} + working-directory: sdk run: | COMMIT_SHA=$(gh run view $_RUN_ID --json headSha --jq '.headSha') + SHORT_SHA=$(echo $COMMIT_SHA | cut -c1-7) echo "sha=$COMMIT_SHA" >> $GITHUB_OUTPUT - echo "short_sha=$(echo $COMMIT_SHA | cut -c1-7)" >> $GITHUB_OUTPUT + echo "short_sha=$SHORT_SHA" >> $GITHUB_OUTPUT + echo "👀 Commit SHA: $COMMIT_SHA" + echo "👀 Short SHA: $SHORT_SHA" - name: Set release name id: set-release-name @@ -60,6 +71,16 @@ jobs: echo "👀 Release name: $RELEASE_NAME" echo "release_name=$RELEASE_NAME" >> $GITHUB_OUTPUT + - name: Download BitwardenFFI artifact + uses: bitwarden/gh-actions/download-artifacts@main + id: download-artifact-ffi + with: + workflow: build-swift.yml + workflow_conclusion: success + artifacts: "BitwardenFFI-${{ steps.version.outputs.version }}-${{ steps.get-sdk-internal-ref.outputs.short_sha }}.xcframework" + run_id: ${{ inputs.build-run-id }} + skip_unpack: true + - name: Calculate swift file checksum id: calculate-swift-checksum env: @@ -69,29 +90,6 @@ jobs: CHECKSUM=$(swift package compute-checksum BitwardenFFI-$_VERSION-$_SDK_INTERNAL_SHORT_REF.xcframework.zip) echo "checksum=$CHECKSUM" >> $GITHUB_OUTPUT - repo-sync: - name: Push changed files to SDK Swift repo and create GitHub - runs-on: ubuntu-24.04 - needs: validate - permissions: - contents: read - id-token: write - env: - _BOT_EMAIL: 178206702+bw-ghapp[bot]@users.noreply.github.com - _BOT_NAME: bw-ghapp[bot] - _PKG_VERSION: ${{ needs.validate.outputs.version }} - _RELEASE_NAME: ${{ needs.validate.outputs.release_name }} - _SWIFT_CHECKSUM: ${{ needs.validate.outputs.swift_checksum }} - _BUILD_RUN_ID: ${{ inputs.build-run-id }} - _BRANCH_NAME: WORKFLOW_TEST # TODO: replace with unstable before merging - _SDK_INTERNAL_SHORT_REF: ${{ needs.validate.outputs.short_sha }} - _SDK_INTERNAL_REF: ${{ needs.validate.outputs.sha }} - steps: - - name: Checkout SDK repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - path: sdk - - name: Log in to Azure uses: bitwarden/gh-actions/azure-login@main with: @@ -124,7 +122,7 @@ jobs: with: repository: bitwarden/sdk-swift path: sdk-swift - ref: ${{ env._BRANCH_NAME }} + ref: ${{ inputs.branch-name }} token: ${{ steps.app-token.outputs.token }} - name: Setup Git @@ -139,8 +137,8 @@ jobs: with: workflow: build-swift.yml workflow_conclusion: success - artifacts: "BitwardenSdk-${{ env._PKG_VERSION }}-${{ env._SDK_INTERNAL_SHORT_REF }}-sources" - run_id: ${{ env._BUILD_RUN_ID }} + artifacts: "BitwardenSdk-${{ steps.version.outputs.version }}-${{ steps.get-sdk-internal-ref.outputs.short_sha }}-sources" + run_id: ${{ inputs.build-run-id }} path: sdk/crates/bitwarden-uniffi/swift/Sources/BitwardenSdk - name: Install Swift formatter @@ -151,6 +149,11 @@ jobs: cp -f .build/release/swiftformat /usr/local/bin/swiftformat - name: Update files + env: + _RELEASE_NAME: ${{ steps.set-release-name.outputs.release_name }} + _PKG_VERSION: ${{ steps.version.outputs.version }} + _SDK_INTERNAL_SHORT_REF: ${{ steps.get-sdk-internal-ref.outputs.short_sha }} + _SWIFT_CHECKSUM: ${{ steps.calculate-swift-checksum.outputs.checksum }} run: | # Update BitwardenFFI path sed -i 's|.binaryTarget(name: "BitwardenFFI", path: "BitwardenFFI.xcframework")|.binaryTarget(\ @@ -175,6 +178,10 @@ jobs: - name: Push changes id: push-changes working-directory: sdk-swift + env: + _RELEASE_NAME: ${{ steps.set-release-name.outputs.release_name }} + _SDK_INTERNAL_REF: ${{ steps.get-sdk-internal-ref.outputs.sha }} + _BRANCH_NAME: ${{ inputs.branch-name }} run: | git add . git commit -m "Update Swift SDK to $_SDK_INTERNAL_REF" @@ -187,19 +194,11 @@ jobs: # git push origin v$_RELEASE_NAME # echo "👀 Release Tag: v$_RELEASE_NAME" - - name: Download BitwardenFFI artifact - uses: bitwarden/gh-actions/download-artifacts@main - id: download-artifact-ffi - with: - workflow: build-swift.yml - workflow_conclusion: success - artifacts: "BitwardenFFI-${{ env._PKG_VERSION }}-${{ env._SDK_INTERNAL_SHORT_REF }}.xcframework" - run_id: ${{ env._BUILD_RUN_ID }} - skip_unpack: true # - name: Create release # env: # GH_TOKEN: ${{ steps.app-token.outputs.token }} + # working-directory: sdk # run: | # gh release create "v$_RELEASE_NAME" \ # --repo bitwarden/sdk-swift \ @@ -213,6 +212,7 @@ jobs: # env: # GH_TOKEN: ${{ steps.app-token.outputs.token }} # _SDK_SWIFT_REF: ${{ steps.push-changes.outputs.commit-hash }} + # working-directory: sdk # run: | # echo "🚀 Triggering sdlc-sdk-update.yml workflow in bitwarden/ios repo..." # gh workflow run sdlc-sdk-update.yml --repo bitwarden/ios --ref main -f run-mode=Update -f sdk-version=$_RELEASE_NAME -f sdk-swift-ref=$_SDK_SWIFT_REF From 59470642fbea50b03b37f269484aef330d975c1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 15:57:54 +0100 Subject: [PATCH 21/36] Re-introduce commit signing --- .github/workflows/release-swift.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 83feaec82..2504d0f13 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -97,13 +97,20 @@ jobs: tenant_id: ${{ secrets.AZURE_TENANT_ID }} client_id: ${{ secrets.AZURE_CLIENT_ID }} - - name: Get Azure Key Vault secrets + - name: Get Azure Key Vault secrets - GH Org id: get-kv-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: gh-org-bitwarden secrets: "BW-GHAPP-ID,BW-GHAPP-KEY" + - name: Get Azure Key Vault secrets - BW CI + id: get-kv-secrets-ci + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "github-gpg-private-key,github-gpg-private-key-passphrase" + - name: Log out from Azure uses: bitwarden/gh-actions/azure-logout@main @@ -125,6 +132,15 @@ jobs: ref: ${{ inputs.branch-name }} token: ${{ steps.app-token.outputs.token }} + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 + with: + gpg_private_key: ${{ steps.get-kv-secrets-ci.outputs.github-gpg-private-key }} + passphrase: ${{ steps.get-kv-secrets-ci.outputs.github-gpg-private-key-passphrase }} + git_user_signingkey: true + git_commit_gpgsign: true + workdir: sdk-swift + - name: Setup Git working-directory: sdk-swift run: | From 81cb15730567c940ca566bc498c7f76835c6be8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 16:45:36 +0100 Subject: [PATCH 22/36] Update crazy-max/ghaction-import-gpg to v6.3.0 --- .github/workflows/release-swift.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 2504d0f13..72c7841c2 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -133,7 +133,7 @@ jobs: token: ${{ steps.app-token.outputs.token }} - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 + uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 with: gpg_private_key: ${{ steps.get-kv-secrets-ci.outputs.github-gpg-private-key }} passphrase: ${{ steps.get-kv-secrets-ci.outputs.github-gpg-private-key-passphrase }} From add7008853b5399d210c627868aa929525200dd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 16:46:54 +0100 Subject: [PATCH 23/36] Remove swiftformat build & run - reduces ~50-60% of workflow runtime. We should format this file in sdk-internal instead. --- .github/workflows/release-swift.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 72c7841c2..65092e7f7 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -157,13 +157,6 @@ jobs: run_id: ${{ inputs.build-run-id }} path: sdk/crates/bitwarden-uniffi/swift/Sources/BitwardenSdk - - name: Install Swift formatter - run: | - git clone https://github.com/nicklockwood/SwiftFormat - cd SwiftFormat - swift build -c release - cp -f .build/release/swiftformat /usr/local/bin/swiftformat - - name: Update files env: _RELEASE_NAME: ${{ steps.set-release-name.outputs.release_name }} @@ -177,9 +170,6 @@ jobs: url: "https://github.com/bitwarden/sdk-swift/releases/download/v'$_RELEASE_NAME'/BitwardenFFI-'$_PKG_VERSION'-'$_SDK_INTERNAL_SHORT_REF'.xcframework.zip",\ checksum: "'$_SWIFT_CHECKSUM'")|' sdk/crates/bitwarden-uniffi/swift/Package.swift - # Run swiftformat - swiftformat sdk/crates/bitwarden-uniffi/swift/Package.swift - find sdk/crates/bitwarden-uniffi/swift/Sources/ -name ".gitignore" -exec rm -f {} \; rm -rf sdk-swift/Sources From 3f36a1688e8a5787e11f9978fc02f95cb55ccb38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 16:51:30 +0100 Subject: [PATCH 24/36] Output branch / commit --- .github/workflows/release-swift.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 65092e7f7..23c059621 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -200,6 +200,10 @@ jobs: # git push origin v$_RELEASE_NAME # echo "👀 Release Tag: v$_RELEASE_NAME" + echo "# 🚀 Swift SDK Updated Successfully!" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "📋 **Branch:** [\`$_BRANCH_NAME\`](https://github.com/bitwarden/sdk-swift/commits/$_BRANCH_NAME)" >> $GITHUB_STEP_SUMMARY + echo "📝 **Commit:** bitwarden/sdk-swift@$COMMIT_HASH" >> $GITHUB_STEP_SUMMARY # - name: Create release # env: From c6010323ba8612c7cfc14dabd614a758bd39c5d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 17:00:43 +0100 Subject: [PATCH 25/36] Use devops-bot email / name to fix commit signature verification --- .github/workflows/release-swift.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 23c059621..f75beb6c3 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -30,8 +30,8 @@ jobs: contents: read id-token: write env: - _BOT_EMAIL: 178206702+bw-ghapp[bot]@users.noreply.github.com - _BOT_NAME: bw-ghapp[bot] + _BOT_EMAIL: 106330231+bitwarden-devops-bot@users.noreply.github.com + _BOT_NAME: bitwarden-devops-bot steps: - name: Checkout SDK repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 From 5b6f05a6e2b94e82bc1f6cd033f96f7a13e59366 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 19:31:41 +0100 Subject: [PATCH 26/36] Update commit message format --- .github/workflows/release-swift.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index f75beb6c3..eea97f6b5 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -54,11 +54,16 @@ jobs: working-directory: sdk run: | COMMIT_SHA=$(gh run view $_RUN_ID --json headSha --jq '.headSha') + COMMIT_MSG=$(gh api repos/bitwarden/sdk-internal/commits/$COMMIT_SHA --jq '.commit.message' | head -n1) + COMMIT_MSG=$(echo "$COMMIT_MSG" | sed 's/(#\([0-9]*\))/(bitwarden\/sdk-internal#\1)/') # formats the PR ID for github autolink SHORT_SHA=$(echo $COMMIT_SHA | cut -c1-7) + echo "sha=$COMMIT_SHA" >> $GITHUB_OUTPUT echo "short_sha=$SHORT_SHA" >> $GITHUB_OUTPUT + echo "commit_message=$COMMIT_MSG" >> $GITHUB_OUTPUT echo "👀 Commit SHA: $COMMIT_SHA" echo "👀 Short SHA: $SHORT_SHA" + echo "👀 Commit Message: $COMMIT_MSG" - name: Set release name id: set-release-name @@ -187,10 +192,12 @@ jobs: env: _RELEASE_NAME: ${{ steps.set-release-name.outputs.release_name }} _SDK_INTERNAL_REF: ${{ steps.get-sdk-internal-ref.outputs.sha }} + _SDK_INTERNAL_COMMIT_MSG: ${{ steps.get-sdk-internal-ref.outputs.commit_message }} _BRANCH_NAME: ${{ inputs.branch-name }} run: | + # NOTE: bitwarden/ios repo expects the full sdk-internal commit hash in sdk-swift commit message git add . - git commit -m "Update Swift SDK to $_SDK_INTERNAL_REF" + git commit -m "bitwarden/sdk-internal@$_SDK_INTERNAL_REF $_RELEASE_NAME - $_SDK_INTERNAL_COMMIT_MSG" git push origin $_BRANCH_NAME COMMIT_HASH=$(git rev-parse HEAD) echo "👀 Commit hash: $COMMIT_HASH" From c5ef33f441b01f4e5416456fd1fc7a51c6874425 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 19:50:27 +0100 Subject: [PATCH 27/36] Trigger iOS SDK Update --- .github/workflows/release-swift.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index eea97f6b5..c588862ca 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -224,12 +224,12 @@ jobs: # --prerelease \ # "BitwardenFFI-$_PKG_VERSION-$_SDK_INTERNAL_SHORT_REF.xcframework.zip" - # - name: Trigger SDK Update in iOS repo - # if: inputs.update-ios-repo - # env: - # GH_TOKEN: ${{ steps.app-token.outputs.token }} - # _SDK_SWIFT_REF: ${{ steps.push-changes.outputs.commit-hash }} - # working-directory: sdk - # run: | - # echo "🚀 Triggering sdlc-sdk-update.yml workflow in bitwarden/ios repo..." - # gh workflow run sdlc-sdk-update.yml --repo bitwarden/ios --ref main -f run-mode=Update -f sdk-version=$_RELEASE_NAME -f sdk-swift-ref=$_SDK_SWIFT_REF + - name: Trigger SDK Update in iOS repo + if: inputs.update-ios-repo + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + _SDK_SWIFT_REF: ${{ steps.push-changes.outputs.commit-hash }} + working-directory: sdk + run: | + echo "🚀 Triggering sdlc-sdk-update.yml workflow in bitwarden/ios repo..." + gh workflow run sdlc-sdk-update.yml --repo bitwarden/ios --ref main -f run-mode=Update -f sdk-version=$_RELEASE_NAME -f sdk-swift-ref=$_SDK_SWIFT_REF From 3dd7e2ef1aa1a435752dc10582c0e2229e9798a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 20:03:24 +0100 Subject: [PATCH 28/36] Fix trigger update token issue --- .github/workflows/release-swift.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index c588862ca..630feca4f 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -121,7 +121,7 @@ jobs: - name: Generate GH App token uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.1 - id: app-token + id: app-token-sdk-swift with: app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }} private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }} @@ -135,7 +135,7 @@ jobs: repository: bitwarden/sdk-swift path: sdk-swift ref: ${{ inputs.branch-name }} - token: ${{ steps.app-token.outputs.token }} + token: ${{ steps.app-token-sdk-swift.outputs.token }} - name: Import GPG key uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 @@ -214,7 +214,7 @@ jobs: # - name: Create release # env: - # GH_TOKEN: ${{ steps.app-token.outputs.token }} + # GH_TOKEN: ${{ steps.app-token-sdk-swift.outputs.token }} # working-directory: sdk # run: | # gh release create "v$_RELEASE_NAME" \ @@ -224,10 +224,20 @@ jobs: # --prerelease \ # "BitwardenFFI-$_PKG_VERSION-$_SDK_INTERNAL_SHORT_REF.xcframework.zip" + - name: Generate GH App token + uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.1 + id: app-token-ios + with: + app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }} + private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }} + owner: bitwarden + repositories: ios + permission-actions: write # used for: trigger update workflow + - name: Trigger SDK Update in iOS repo if: inputs.update-ios-repo env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} + GH_TOKEN: ${{ steps.app-token-ios.outputs.token }} _SDK_SWIFT_REF: ${{ steps.push-changes.outputs.commit-hash }} working-directory: sdk run: | From 27abadc0e3ff6cbcee899d3e0e9c35f93cec0034 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 20:03:48 +0100 Subject: [PATCH 29/36] Add quick links to action summary --- .github/workflows/release-swift.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 630feca4f..ef8163371 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -243,3 +243,10 @@ jobs: run: | echo "🚀 Triggering sdlc-sdk-update.yml workflow in bitwarden/ios repo..." gh workflow run sdlc-sdk-update.yml --repo bitwarden/ios --ref main -f run-mode=Update -f sdk-version=$_RELEASE_NAME -f sdk-swift-ref=$_SDK_SWIFT_REF + + echo "# 📱 **iOS SDK Update Triggered!**" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "🔗 **Links:**" >> $GITHUB_STEP_SUMMARY + echo "- [Workflow Runs](https://github.com/bitwarden/ios/actions/workflows/sdlc-sdk-update.yml)" >> $GITHUB_STEP_SUMMARY + echo "- [Pull Requests](https://github.com/bitwarden/ios/pulls?q=head:sdlc/sdk-update)" >> $GITHUB_STEP_SUMMARY + From 0aa36f2de50deb15a362a71f9f59e63940b7efba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 20:21:20 +0100 Subject: [PATCH 30/36] Fix trigger update inputs --- .github/workflows/release-swift.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index ef8163371..f2f7e75b7 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -239,10 +239,11 @@ jobs: env: GH_TOKEN: ${{ steps.app-token-ios.outputs.token }} _SDK_SWIFT_REF: ${{ steps.push-changes.outputs.commit-hash }} + _RELEASE_NAME: ${{ steps.set-release-name.outputs.release_name }} working-directory: sdk run: | echo "🚀 Triggering sdlc-sdk-update.yml workflow in bitwarden/ios repo..." - gh workflow run sdlc-sdk-update.yml --repo bitwarden/ios --ref main -f run-mode=Update -f sdk-version=$_RELEASE_NAME -f sdk-swift-ref=$_SDK_SWIFT_REF + gh workflow run sdlc-sdk-update.yml --repo bitwarden/ios --ref main -f run-mode="Update" -f sdk-version="$_RELEASE_NAME" -f sdk-swift-ref="$_SDK_SWIFT_REF" echo "# 📱 **iOS SDK Update Triggered!**" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY From 9512168bba71faa68d11f7011aa2b36d294c5279 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 21:25:39 +0100 Subject: [PATCH 31/36] Address zizmor feedback --- .github/workflows/release-swift.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index f2f7e75b7..9bb26f5ba 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -37,6 +37,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: sdk + persist-credentials: false - name: Get version id: version From 53a09c27730e2f6c733cd1b1984253dae7e96c83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 21:26:00 +0100 Subject: [PATCH 32/36] Uncomment github release --- .github/workflows/release-swift.yml | 31 ++++++++++++++++------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 9bb26f5ba..70d902a17 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -204,26 +204,29 @@ jobs: echo "👀 Commit hash: $COMMIT_HASH" echo "commit-hash=$COMMIT_HASH" >> $GITHUB_OUTPUT - # git tag v$_RELEASE_NAME - # git push origin v$_RELEASE_NAME - # echo "👀 Release Tag: v$_RELEASE_NAME" + git tag v$_RELEASE_NAME + git push origin v$_RELEASE_NAME + echo "👀 Release Tag: v$_RELEASE_NAME" echo "# 🚀 Swift SDK Updated Successfully!" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "📋 **Branch:** [\`$_BRANCH_NAME\`](https://github.com/bitwarden/sdk-swift/commits/$_BRANCH_NAME)" >> $GITHUB_STEP_SUMMARY echo "📝 **Commit:** bitwarden/sdk-swift@$COMMIT_HASH" >> $GITHUB_STEP_SUMMARY - # - name: Create release - # env: - # GH_TOKEN: ${{ steps.app-token-sdk-swift.outputs.token }} - # working-directory: sdk - # run: | - # gh release create "v$_RELEASE_NAME" \ - # --repo bitwarden/sdk-swift \ - # --title "v$_RELEASE_NAME" \ - # --notes "" \ - # --prerelease \ - # "BitwardenFFI-$_PKG_VERSION-$_SDK_INTERNAL_SHORT_REF.xcframework.zip" + - name: Create release + env: + GH_TOKEN: ${{ steps.app-token-sdk-swift.outputs.token }} + _RELEASE_NAME: ${{ steps.set-release-name.outputs.release_name }} + _PKG_VERSION: ${{ steps.version.outputs.version }} + _SDK_INTERNAL_SHORT_REF: ${{ steps.get-sdk-internal-ref.outputs.short_sha }} + working-directory: sdk + run: | + gh release create "v$_RELEASE_NAME" \ + --repo bitwarden/sdk-swift \ + --title "v$_RELEASE_NAME" \ + --notes "" \ + --prerelease \ + "BitwardenFFI-$_PKG_VERSION-$_SDK_INTERNAL_SHORT_REF.xcframework.zip" - name: Generate GH App token uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.1 From 1ecc5d0826d7fb6724fc0767909fd81858a20802 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 21:26:17 +0100 Subject: [PATCH 33/36] Copy cleanup --- .github/workflows/release-swift.yml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 70d902a17..221b3566d 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -5,26 +5,24 @@ on: workflow_dispatch: inputs: build-run-id: - description: "Workflow Run ID to use for artifact download. If not provided the latest build from the selected branch will be used." + description: "Build Swift Workflow Run ID" type: string required: true build-run-number: - description: "Build Run Number" + description: "Build Swift Workflow Run Number - used for workflow run-name" type: string required: true + branch-name: + description: "Branch Name - can be used for testing purposes" + type: string + required: true update-ios-repo: description: "Update iOS Repo - Opens a PR updating the SDK in bitwarden/ios" type: boolean - default: false - branch-name: - description: "Branch Name - can be used for testing purposes" - type: string - required: true - default: "WORKFLOW_TEST" # TODO: replace with unstable before merging jobs: release: - name: Push changed files to SDK Swift repo and create GitHub + name: Release to sdk-swift runs-on: ubuntu-24.04 permissions: contents: read @@ -251,7 +249,8 @@ jobs: echo "# 📱 **iOS SDK Update Triggered!**" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY - echo "🔗 **Links:**" >> $GITHUB_STEP_SUMMARY + echo "👀 **Release Name:** $_RELEASE_NAME" >> $GITHUB_STEP_SUMMARY + echo "🔗 **Quick Links:**" >> $GITHUB_STEP_SUMMARY echo "- [Workflow Runs](https://github.com/bitwarden/ios/actions/workflows/sdlc-sdk-update.yml)" >> $GITHUB_STEP_SUMMARY echo "- [Pull Requests](https://github.com/bitwarden/ios/pulls?q=head:sdlc/sdk-update)" >> $GITHUB_STEP_SUMMARY From cd5dff4297c6d2ce73a8cdbf75911d786affc47c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 21:26:36 +0100 Subject: [PATCH 34/36] Update build-swift release workflow trigger inputs --- .github/workflows/build-swift.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-swift.yml b/.github/workflows/build-swift.yml index b5b8a15d5..d99dbc132 100644 --- a/.github/workflows/build-swift.yml +++ b/.github/workflows/build-swift.yml @@ -132,7 +132,8 @@ jobs: ref: 'main', inputs: { 'build-run-id': '${{ github.run_id }}', + 'build-run-number': '${{ github.run_number }}', + 'branch-name': 'unstable', 'update-ios-repo': 'true', - 'build-run-number': '${{ github.run_number }}' } }) From ae8b640b99b9fac31660043ac2cd4d62242692d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 21:30:56 +0100 Subject: [PATCH 35/36] Copy cleanup --- .github/workflows/release-swift.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 221b3566d..45dc7316b 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -5,11 +5,11 @@ on: workflow_dispatch: inputs: build-run-id: - description: "Build Swift Workflow Run ID" + description: "Build Swift Run ID" type: string required: true build-run-number: - description: "Build Swift Workflow Run Number - used for workflow run-name" + description: "Build Swift Run Number - used for workflow run-name" type: string required: true branch-name: From 66c4b009e06aa59036faf2ce30075553c52a3b67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Thu, 11 Sep 2025 21:31:16 +0100 Subject: [PATCH 36/36] Input refactor --- .github/workflows/build-swift.yml | 2 +- .github/workflows/release-swift.yml | 13 ++++++------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build-swift.yml b/.github/workflows/build-swift.yml index d99dbc132..25f9a4023 100644 --- a/.github/workflows/build-swift.yml +++ b/.github/workflows/build-swift.yml @@ -133,7 +133,7 @@ jobs: inputs: { 'build-run-id': '${{ github.run_id }}', 'build-run-number': '${{ github.run_number }}', - 'branch-name': 'unstable', + 'sdk-swift-branch-name': 'unstable', 'update-ios-repo': 'true', } }) diff --git a/.github/workflows/release-swift.yml b/.github/workflows/release-swift.yml index 45dc7316b..294279cf9 100644 --- a/.github/workflows/release-swift.yml +++ b/.github/workflows/release-swift.yml @@ -12,10 +12,10 @@ on: description: "Build Swift Run Number - used for workflow run-name" type: string required: true - branch-name: - description: "Branch Name - can be used for testing purposes" - type: string - required: true + sdk-swift-branch-name: + description: "sdk-swift Branch Name" + type: string + required: true update-ios-repo: description: "Update iOS Repo - Opens a PR updating the SDK in bitwarden/ios" type: boolean @@ -133,7 +133,7 @@ jobs: with: repository: bitwarden/sdk-swift path: sdk-swift - ref: ${{ inputs.branch-name }} + ref: ${{ inputs.sdk-swift-branch-name }} token: ${{ steps.app-token-sdk-swift.outputs.token }} - name: Import GPG key @@ -192,7 +192,7 @@ jobs: _RELEASE_NAME: ${{ steps.set-release-name.outputs.release_name }} _SDK_INTERNAL_REF: ${{ steps.get-sdk-internal-ref.outputs.sha }} _SDK_INTERNAL_COMMIT_MSG: ${{ steps.get-sdk-internal-ref.outputs.commit_message }} - _BRANCH_NAME: ${{ inputs.branch-name }} + _BRANCH_NAME: ${{ inputs.sdk-swift-branch-name }} run: | # NOTE: bitwarden/ios repo expects the full sdk-internal commit hash in sdk-swift commit message git add . @@ -253,4 +253,3 @@ jobs: echo "🔗 **Quick Links:**" >> $GITHUB_STEP_SUMMARY echo "- [Workflow Runs](https://github.com/bitwarden/ios/actions/workflows/sdlc-sdk-update.yml)" >> $GITHUB_STEP_SUMMARY echo "- [Pull Requests](https://github.com/bitwarden/ios/pulls?q=head:sdlc/sdk-update)" >> $GITHUB_STEP_SUMMARY -