Sign main branch Unified container builds with cosign and perform security scanning #1438
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build C++ SDK | |
on: | |
push: | |
branches: | |
- main | |
- rc | |
- hotfix-rc | |
pull_request: | |
workflow_dispatch: | |
jobs: | |
generate-schemas: | |
uses: ./.github/workflows/generate_schemas.yml | |
build_rust: | |
uses: ./.github/workflows/build-rust-cross-platform.yml | |
build: | |
name: Build for ${{ matrix.settings.os }} ${{ matrix.settings.target }} | |
needs: | |
- generate-schemas | |
- build_rust | |
runs-on: ${{ matrix.settings.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
settings: | |
- os: macos-13 | |
target: x86_64-apple-darwin | |
- os: macos-13 | |
target: aarch64-apple-darwin | |
- os: windows-2022 | |
target: x86_64-pc-windows-msvc | |
- os: ubuntu-22.04 | |
target: x86_64-unknown-linux-gnu | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: install dependencies linux | |
if: runner.os == 'Linux' | |
run: | | |
sudo apt-get install -y nlohmann-json3-dev | |
sudo apt-get install -y libboost-all-dev | |
- name: install dependencies macos | |
if: runner.os == 'macOS' | |
run: | | |
brew install nlohmann-json | |
brew install boost | |
- name: Export GitHub Actions cache environment variables | |
if: runner.os == 'Windows' | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
script: | | |
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || ''); | |
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || ''); | |
- name: Download schemas | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: sdk-schemas-cpp | |
path: languages/cpp/include | |
- name: Download ${{ matrix.settings.target }} files | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: libbitwarden_c_files-${{ matrix.settings.target }} | |
path: languages/cpp/include | |
- name: Set permissions to include folder | |
if: runner.os == 'Windows' | |
shell: pwsh | |
run: | | |
Get-Acl languages/cpp/include/* | Format-List | |
$path = "./languages/cpp/include" | |
$name = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name | |
$acl = Get-Acl languages/cpp/include | |
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($name,"FullControl","Allow") | |
$acl.SetAccessRule($accessRule) | |
$acl | Set-Acl languages/cpp/include | |
Get-ChildItem -Path "$path" -Recurse -Force | Set-Acl -aclObject $acl -Verbose | |
Get-Acl languages/cpp/include/* | Format-List | |
- name: Ensure bitwarden-c is in include folder | |
working-directory: languages/cpp | |
shell: bash | |
run: | | |
if [[ '${{ runner.os }}' == 'macOS' || '${{ runner.os }}' == 'Linux' ]]; then | |
ls include/libbitwarden_c.* || { echo "Missing libbitwarden_c.*"; exit 1; } | |
fi | |
if [[ '${{ runner.os }}' == 'Windows' ]]; then | |
ls include/bitwarden_c.dll || { echo "Missing bitwarden_c.dll"; exit 1; } | |
ls include/bitwarden_c.dll.lib || { echo "Missing bitwarden_c.dll.lib"; exit 1; } | |
fi | |
- name: Build unix | |
working-directory: languages/cpp | |
if: runner.os == 'macOS' || runner.os == 'Linux' | |
run: | | |
if [[ '${{ runner.os }}' == 'macOS' ]]; then | |
export DNLOHMANN_PATH=/usr/local/opt/nlohmann-json | |
export DBOOST_PATH=/usr/local/opt/boost | |
export DTARGET=include/libbitwarden_c.dylib | |
fi | |
if [[ '${{ runner.os }}' == 'Linux' ]]; then | |
export DNLOHMANN_PATH=/usr/share/doc/nlohmann-json3-dev | |
export DBOOST_PATH=/usr/share/doc/libboost-all-dev | |
export DTARGET=include/libbitwarden_c.so | |
fi | |
mkdir build | |
cd build | |
cmake .. -DNLOHMANN=$DNLOHMANN_PATH -DBOOST=$DBOOST_PATH -DTARGET=$DTARGET | |
cmake --build . | |
- name: Build windows | |
if: runner.os == 'Windows' | |
working-directory: languages/cpp | |
env: | |
VCPKG_BINARY_SOURCES: "clear;x-gha,readwrite" | |
run: | | |
mkdir build | |
cd build | |
$env:DTARGET="include\bitwarden_c.dll.lib" | |
cmake .. -DTARGET="$env:DTARGET" -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" | |
cmake --build . --config Release | |
shell: pwsh | |
- name: Copy artifacts | |
working-directory: languages/cpp/build | |
shell: bash | |
run: | | |
mkdir artifacts | |
if [[ '${{ runner.os }}' == 'macOS' || '${{ runner.os }}' == 'Linux' ]]; then | |
cp libbitwarden_c.* artifacts | |
cp libBitwardenClient.* artifacts | |
fi | |
if [[ '${{ runner.os }}' == 'Windows' ]]; then | |
cp */BitwardenClient.* artifacts | |
cp ../include/bitwarden_c.{lib,dll.lib,dll} artifacts | |
fi | |
- name: Upload C++ package for ${{ matrix.settings.target }} | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: libbitwarden_cpp-${{ matrix.settings.target }} | |
path: languages/cpp/build/artifacts | |
if-no-files-found: error |