From fc52e4e496e92fde8065bb887b7b65eef8ba5b30 Mon Sep 17 00:00:00 2001 From: Andy Pixley <3723676+pixman20@users.noreply.github.com> Date: Tue, 28 Apr 2026 13:52:00 -0400 Subject: [PATCH] [BRE-1845] Removing unused code for Apple signing (#20412) (cherry picked from commit af278fdebc05592de7059dd9505ade1eacfb2a77) --- .github/workflows/build-browser.yml | 17 ++-------- .github/workflows/build-cli.yml | 6 ++-- .github/workflows/build-desktop.yml | 42 +++++-------------------- apps/browser/scripts/package-safari.ps1 | 12 +------ apps/desktop/scripts/after-pack.js | 5 +-- 5 files changed, 15 insertions(+), 67 deletions(-) diff --git a/.github/workflows/build-browser.yml b/.github/workflows/build-browser.yml index c769d9125a8..91d39a08197 100644 --- a/.github/workflows/build-browser.yml +++ b/.github/workflows/build-browser.yml @@ -428,13 +428,6 @@ jobs: tenant_id: ${{ secrets.AZURE_TENANT_ID }} client_id: ${{ secrets.AZURE_CLIENT_ID }} - - name: Get Azure Key Vault secrets - id: get-kv-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: gh-clients - secrets: "KEYCHAIN-PASSWORD" - - name: Download Provisioning Profiles secrets env: ACCOUNT_NAME: bitwardenci @@ -451,9 +444,6 @@ jobs: run: | mkdir -p "$HOME/certificates" - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key | - jq -r .value | base64 -d > "$HOME/certificates/bitwarden-desktop-key.p12" - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert | jq -r .value | base64 -d > "$HOME/certificates/appstore-app-cert.p12" @@ -473,17 +463,14 @@ jobs: uses: bitwarden/gh-actions/azure-logout@main - name: Set up keychain - env: - KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }} run: | + KEYCHAIN_PASSWORD=$(openssl rand -hex 32) + echo "::add-mask::$KEYCHAIN_PASSWORD" security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security default-keychain -s build.keychain security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security set-keychain-settings -lut 1200 build.keychain - security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml index 23c4ead5251..f6cc961ce5e 100644 --- a/.github/workflows/build-cli.yml +++ b/.github/workflows/build-cli.yml @@ -211,16 +211,16 @@ jobs: uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: gh-clients - secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER" + secrets: "APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-AUTH-ID,APP-STORE-CONNECT-TEAM-ISSUER" - name: Log out from Azure uses: bitwarden/gh-actions/azure-logout@main - name: Set up keychain if: ${{ matrix.os.base == 'mac' && needs.setup.outputs.has_secrets == 'true' }} - env: - KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }} run: | + KEYCHAIN_PASSWORD=$(openssl rand -hex 32) + echo "::add-mask::$KEYCHAIN_PASSWORD" security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security default-keychain -s build.keychain security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index 0397da8c664..ee2926f104d 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -1060,14 +1060,6 @@ jobs: tenant_id: ${{ secrets.AZURE_TENANT_ID }} client_id: ${{ secrets.AZURE_CLIENT_ID }} - - name: Get Azure Key Vault secrets - id: get-kv-secrets - if: ${{ needs.setup.outputs.has_secrets == 'true' }} - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: gh-clients - secrets: "KEYCHAIN-PASSWORD" - - name: Download Provisioning Profiles secrets if: ${{ needs.setup.outputs.has_secrets == 'true' }} env: @@ -1091,9 +1083,6 @@ jobs: run: | mkdir -p "$HOME/certificates" - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key | - jq -r .value | base64 -d > "$HOME/certificates/bitwarden-desktop-key.p12" - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert | jq -r .value | base64 -d > "$HOME/certificates/appstore-app-cert.p12" @@ -1115,17 +1104,14 @@ jobs: - name: Set up keychain if: ${{ needs.setup.outputs.has_secrets == 'true' }} - env: - KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }} run: | + KEYCHAIN_PASSWORD=$(openssl rand -hex 32) + echo "::add-mask::$KEYCHAIN_PASSWORD" security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security default-keychain -s build.keychain security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security set-keychain-settings -lut 1200 build.keychain - security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild @@ -1304,7 +1290,7 @@ jobs: uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: gh-clients - secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER" + secrets: "APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-AUTH-ID,APP-STORE-CONNECT-TEAM-ISSUER" - name: Download Provisioning Profiles secrets env: @@ -1327,9 +1313,6 @@ jobs: run: | mkdir -p "$HOME/certificates" - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/bitwarden-desktop-key | - jq -r .value | base64 -d > "$HOME/certificates/bitwarden-desktop-key.p12" - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/appstore-app-cert | jq -r .value | base64 -d > "$HOME/certificates/appstore-app-cert.p12" @@ -1342,24 +1325,18 @@ jobs: az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | jq -r .value | base64 -d > "$HOME/certificates/devid-installer-cert.p12" - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | - jq -r .value | base64 -d > "$HOME/certificates/macdev-cert.p12" - - name: Log out from Azure uses: bitwarden/gh-actions/azure-logout@main - name: Set up keychain - env: - KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }} run: | + KEYCHAIN_PASSWORD=$(openssl rand -hex 32) + echo "::add-mask::$KEYCHAIN_PASSWORD" security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security default-keychain -s build.keychain security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security set-keychain-settings -lut 1200 build.keychain - security import "$HOME/certificates/bitwarden-desktop-key.p12" -k build.keychain -P "" \ - -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild - security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild @@ -1579,7 +1556,7 @@ jobs: uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: gh-clients - secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER" + secrets: "APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-AUTH-ID,APP-STORE-CONNECT-TEAM-ISSUER" - name: Retrieve Slack secret id: retrieve-slack-secret @@ -1624,16 +1601,13 @@ jobs: az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert | jq -r .value | base64 -d > "$HOME/certificates/devid-installer-cert.p12" - az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert | - jq -r .value | base64 -d > "$HOME/certificates/macdev-cert.p12" - - name: Log out from Azure uses: bitwarden/gh-actions/azure-logout@main - name: Set up keychain - env: - KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }} run: | + KEYCHAIN_PASSWORD=$(openssl rand -hex 32) + echo "::add-mask::$KEYCHAIN_PASSWORD" security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security default-keychain -s build.keychain security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain diff --git a/apps/browser/scripts/package-safari.ps1 b/apps/browser/scripts/package-safari.ps1 index 8fa97cbfbdd..a91433486a6 100755 --- a/apps/browser/scripts/package-safari.ps1 +++ b/apps/browser/scripts/package-safari.ps1 @@ -19,7 +19,7 @@ if (-not (Test-Path $distDir)) { New-Item -ItemType Directory -Path $distDir } -$subBuildPaths = @("mas", "masdev", "dmg") +$subBuildPaths = @("mas", "dmg") $safariSrc = Join-Path $PSScriptRoot "../src/safari" $safariDistPath = Join-Path -Path $distDir -ChildPath "Safari" @@ -47,16 +47,6 @@ foreach ($subBuildPath in $subBuildPaths) { $entitlementsPath ) } - "masdev" { - $codesignArgs = @( - "--verbose", - "--force", - "--sign", - "A579B6AE496B360642D05B8AB1B650C1B143B770", - "--entitlements", - $entitlementsPath - ) - } "dmg" { $codesignArgs = @( "--verbose", diff --git a/apps/desktop/scripts/after-pack.js b/apps/desktop/scripts/after-pack.js index 146e3f4ff4a..2174da84e24 100644 --- a/apps/desktop/scripts/after-pack.js +++ b/apps/desktop/scripts/after-pack.js @@ -37,16 +37,13 @@ async function run(context) { if (["darwin", "mas"].includes(context.electronPlatformName)) { const is_mas = context.electronPlatformName === "mas"; - const is_mas_dev = context.targets.some((e) => e.name === "mas-dev"); let id; // Only use the Bitwarden Identities on CI if (process.env.GITHUB_ACTIONS === "true") { if (is_mas) { - id = is_mas_dev - ? "A579B6AE496B360642D05B8AB1B650C1B143B770" - : "3rd Party Mac Developer Application: Bitwarden Inc"; + id = "3rd Party Mac Developer Application: Bitwarden Inc"; } else { id = "Developer ID Application: Bitwarden Inc"; }