From e8b01c2d4472737f15f7468f7721f396d11895e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Tue, 19 Aug 2025 16:19:57 +0100 Subject: [PATCH] [PM-24930] New workflow to update the SDK and test ongoing work (#5742) --- .../actions/setup-android-build/action.yml | 49 ++++++ .github/workflows/sdlc-sdk-update.yml | 163 +++++++++++++++++- .gitignore | 7 + scripts/get-repo-changelog.sh | 41 +++++ scripts/update-sdk-version.sh | 30 ++++ 5 files changed, 284 insertions(+), 6 deletions(-) create mode 100644 .github/actions/setup-android-build/action.yml create mode 100755 scripts/get-repo-changelog.sh create mode 100755 scripts/update-sdk-version.sh diff --git a/.github/actions/setup-android-build/action.yml b/.github/actions/setup-android-build/action.yml new file mode 100644 index 0000000000..b01da50402 --- /dev/null +++ b/.github/actions/setup-android-build/action.yml @@ -0,0 +1,49 @@ +name: 'Setup Android Build' +description: 'Setup Android build environment with Gradle, Ruby, and Fastlane' +inputs: + java-version: + description: 'Java version to use' + required: false + default: '17' +runs: + using: 'composite' + steps: + - name: Validate Gradle wrapper + uses: gradle/actions/wrapper-validation@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + + - name: Cache Gradle files + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + with: + path: | + ~/.gradle/caches + ~/.gradle/wrapper + key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }} + restore-keys: | + ${{ runner.os }}-gradle-v2- + + - name: Cache build output + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + with: + path: | + ${{ github.workspace }}/build-cache + key: ${{ runner.os }}-build-cache-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-build- + + - name: Configure Ruby + uses: ruby/setup-ruby@bb6434c747fa7022e12fa1cae2a0951fcffcff26 # v1.253.0 + with: + bundler-cache: true + + - name: Configure JDK + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + with: + distribution: "temurin" + java-version: ${{ inputs.java-version }} + + - name: Install Fastlane + shell: bash + run: | + gem install bundler:2.2.27 + bundle config path vendor/bundle + bundle install --jobs 4 --retry 3 diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index cda05717de..56b0a4d5ae 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -1,16 +1,167 @@ name: SDLC / SDK Update +run-name: "SDK ${{inputs.run-mode == 'Update' && format('Update - {0}', inputs.sdk-version) || format('Test #{0} - {1}', inputs.pr-id, inputs.sdk-version)}}" on: workflow_dispatch: - -permissions: - contents: read + inputs: + run-mode: + description: "Run Mode" + type: choice + options: + - Test # used for testing sdk-internal repo PRs + - Update # opens a PR in this repo updating the SDK + default: Test + sdk-package: + description: "SDK Package ID" + required: true + default: "com.bitwarden:sdk-android.dev" + sdk-version: + description: "SDK Version" + required: true + default: "1.0.0-2686-km-update-kdf-sdk" + pr-id: + description: "Pull Request ID" jobs: update: - name: Update SDK + name: Update and PR + if: ${{ inputs.run-mode == 'Update' }} runs-on: ubuntu-24.04 + permissions: + id-token: write steps: - - name: Placeholder - run: echo ":feelsgood:" >> $GITHUB_STEP_SUMMARY + - name: Log in to Azure + uses: bitwarden/gh-actions/azure-login@main + with: + subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + tenant_id: ${{ secrets.AZURE_TENANT_ID }} + client_id: ${{ secrets.AZURE_CLIENT_ID }} + + - name: Get Azure Key Vault secrets + id: get-kv-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: gh-org-bitwarden + secrets: "BW-GHAPP-ID,BW-GHAPP-KEY" + + - name: Log out from Azure + uses: bitwarden/gh-actions/azure-logout@main + + - name: Generate GH App token + uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 + id: app-token + with: + app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }} + private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }} + + - name: Check out repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + token: ${{ steps.app-token.outputs.token }} + + - name: Log inputs to job summary + uses: ./.github/actions/log-inputs + with: + inputs: ${{ toJson(inputs) }} + + - name: Switch to branch + id: switch-branch + run: | + BRANCH_NAME="sdlc/sdk-update" + echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT + git switch -c $BRANCH_NAME + + - name: Get current SDK version + id: get-current-sdk + run: | + SDK_VERSION=$(grep "bitwardenSdk =" gradle/libs.versions.toml | cut -d'"' -f2) + GIT_REF=$(echo "$SDK_VERSION" | cut -d'-' -f3-) # handles both commit hashes and branch names + echo "Current SDK version: $SDK_VERSION" + echo "Current SDK git ref: $GIT_REF" + echo "version=$SDK_VERSION" >> $GITHUB_OUTPUT + echo "git_ref=$GIT_REF" >> $GITHUB_OUTPUT + + - name: Update SDK Version + env: + _SDK_PACKAGE: ${{ inputs.sdk-package }} + _SDK_VERSION: ${{ inputs.sdk-version }} + run: | + ./scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION" + + - name: Create branch and commit + env: + _SDK_PACKAGE: ${{ inputs.sdk-package }} + _SDK_VERSION: ${{ inputs.sdk-version }} + _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }} + run: | + echo "👀 Committing SDK version update..." + + git config user.name "bw-ghapp[bot]" + git config user.email "178206702+bw-ghapp[bot]@users.noreply.github.com" + + git add gradle/libs.versions.toml + git commit -m "SDK Update - $_SDK_PACKAGE $_SDK_VERSION" + git push origin $_BRANCH_NAME + + - name: Create Pull Request + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }} + _SDK_PACKAGE: ${{ inputs.sdk-package }} + _SDK_VERSION: ${{ inputs.sdk-version }} + _OLD_SDK_VERSION: ${{ steps.get-current-sdk.outputs.version }} + _OLD_SDK_GIT_REF: ${{ steps.get-current-sdk.outputs.git_ref }} + run: | + NEW_SDK_GIT_REF=$(echo "$_SDK_VERSION" | cut -d'-' -f3-) + CHANGELOG=$(./scripts/get-repo-changelog.sh "bitwarden/sdk-internal" "$_OLD_SDK_GIT_REF" "$NEW_SDK_GIT_REF") + PR_BODY="Updates the SDK version from \`$_OLD_SDK_VERSION\` to \`$_SDK_PACKAGE $_SDK_VERSION\` + + ## What's Changed + + $CHANGELOG" + + # Use echo -e to interpret escape sequences and pipe to gh pr create + PR_URL=$(echo -e "$PR_BODY" | gh pr create \ + --title "Update SDK to $_SDK_VERSION" \ + --body-file - \ + --base main \ + --head $_BRANCH_NAME \ + --label "automated-pr" \ + --label "t:ci") + + echo "🚀 Created PR: $PR_URL" + echo "## 🚀 Created PR: $PR_URL" >> $GITHUB_STEP_SUMMARY + + test: + name: Test Update + if: ${{ inputs.run-mode == 'Test' }} + runs-on: ubuntu-24.04 + permissions: + contents: read + packages: read + + steps: + - name: Check out repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Log inputs to job summary + uses: ./.github/actions/log-inputs + with: + inputs: ${{ toJson(inputs) }} + + - name: Setup Android Build + uses: ./.github/actions/setup-android-build + + - name: Update SDK Version + env: + _SDK_PACKAGE: ${{ inputs.sdk-package }} + _SDK_VERSION: ${{ inputs.sdk-version }} + run: | + ./scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION" + + - name: Build + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Used in settings.gradle.kts to download the SDK from GitHub Maven Packages + run: | + ./gradlew assembleDebug --warn diff --git a/.gitignore b/.gitignore index 2c766f4f4a..3fc1006686 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,13 @@ fastlane/report.xml fastlane/README.md +# Ruby / Bundler +.bundle/ +vendor/ + +# Backup files +*.bak + # General .DS_Store Thumbs.db diff --git a/scripts/get-repo-changelog.sh b/scripts/get-repo-changelog.sh new file mode 100755 index 0000000000..0c69edda40 --- /dev/null +++ b/scripts/get-repo-changelog.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +# Script to get changelog from sdk-internal repo between two git refs +# Usage: ./scripts/get-sdk-changelog.sh + +set -euo pipefail + +if [ $# -lt 2 ]; then + echo "Usage: $0 " + echo "Example: $0 bitwarden/sdk-internal 9fe3aeda fix-wasm-import" + echo "Example: $0 bitwarden/sdk-internal 2450-9fe3aeda 2577-fix-wasm-import" + exit 1 +fi + +REPO="$1" +CURRENT_REF="$2" +NEW_REF="$3" + +CHANGELOG=$(gh api "repos/$REPO/compare/$CURRENT_REF...$NEW_REF" \ + --jq '.commits[] | "- \(.commit.message | split("\n")[0])"' | head -20) + +if [ -z "$CHANGELOG" ]; then + echo "No changes found between $CURRENT_REF and $NEW_REF" + exit 0 +fi + + +# GitHub renders org/repo#123 as a link to a PR, removing the commit message when a PR ID is found +# including the raw changelog in a collapsible section in case the pattern matching fails +CLEANED_CHANGELOG=$(echo "$CHANGELOG" | sed -E "s|.*\(#([0-9]+)\).*|- $REPO#\1|") + +echo "$CLEANED_CHANGELOG" +echo +echo "
+Raw changelog + +\`\`\` +$CHANGELOG +\`\`\` +
+" diff --git a/scripts/update-sdk-version.sh b/scripts/update-sdk-version.sh new file mode 100755 index 0000000000..7e89600863 --- /dev/null +++ b/scripts/update-sdk-version.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# Script to update SDK version in gradle/libs.versions.toml +# Usage: ./scripts/update-sdk-version.sh + +set -euo pipefail + +if [ $# -lt 2 ]; then + echo "Usage: $0 " + echo "Example: $0 com.bitwarden:sdk-android 1.0.0-2586-20e3dfa6" + echo "Example: $0 com.bitwarden:sdk-android.dev 1.0.0-2577-fix-wasm-import" + exit 1 +fi + +SDK_PACKAGE="$1" +SDK_VERSION="$2" +TOML_FILE="gradle/libs.versions.toml" + +echo "Updating SDK in $TOML_FILE..." +echo " Package: $SDK_PACKAGE" +echo " Version: $SDK_VERSION" + +sed -i.bak "s/bitwardenSdk = \".*\"/bitwardenSdk = \"$SDK_VERSION\"/" "$TOML_FILE" + +if [ "$SDK_PACKAGE" != "com.bitwarden:sdk-android" ]; then + sed -i.bak "s|bitwarden-sdk = { module = \".*\"|bitwarden-sdk = { module = \"$SDK_PACKAGE\", version.ref = \"bitwardenSdk\"|" "$TOML_FILE" +fi + +echo "Updated:" +grep -n "bitwardenSdk\|bitwarden-sdk" "$TOML_FILE"