From c9c5c116c52f4cda01c749e3382eb8538a9e4412 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Gonc=CC=A7alves?= Date: Fri, 22 Aug 2025 15:43:22 +0100 Subject: [PATCH 01/24] Add script to update bitwarden sdk revision value --- .gitignore | 3 +++ Scripts/update-sdk-version.sh | 36 +++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100755 Scripts/update-sdk-version.sh diff --git a/.gitignore b/.gitignore index e62bc83b13..98e5f686ea 100644 --- a/.gitignore +++ b/.gitignore @@ -80,3 +80,6 @@ Configs/export_options.plist # LicensePlist Bitwarden/Application/Support/Settings.bundle/Acknowledgements.latest_result.txt Authenticator/Application/Support/Settings.bundle/Acknowledgements.latest_result.txt + +# Backup files +*.bak diff --git a/Scripts/update-sdk-version.sh b/Scripts/update-sdk-version.sh new file mode 100755 index 0000000000..caa9eb6853 --- /dev/null +++ b/Scripts/update-sdk-version.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# Script to update SDK version in project-bwa.yml, project-bwk.yml and project-pm.ym +# Usage: ./Scripts/update-sdk-version.sh +# ./Scripts/update-sdk-version.sh BitwardenSdk 2a6609428275c758fcda5383bfb6b3166ec29eda + +set -euo pipefail + +if [ $# -lt 2 ]; then + echo "Usage: $0 " + echo "Example: $0 BitwardenSdk 2a6609428275c758fcda5383bfb6b3166ec29eda" + exit 1 +fi + +SDK_PACKAGE="$1" +SDK_VERSION="$2" +FILES=( + "project-bwa.yml" + "project-bwk.yml" + "project-pm.yml" +) + +for file in "${FILES[@]}"; do + if [[ -f "$file" ]]; then + echo "🔧 Updating revision in $file..." + sed -i.bak -E "/^packages:/,/^[^[:space:]]/ { + /$SDK_PACKAGE:/,/^[[:space:]]{2}[[:alnum:]]/ { + s/^([[:space:]]{4}revision: ).*/\1$SDK_VERSION/ + } + }" "$file" + echo "✅ Updated revision line:" + grep "revision:" "$file" + else + echo "⚠️ Skipping missing file: $file" + fi +done From a0a47febfc2a69282f5704218563322a7880cb7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Gonc=CC=A7alves?= Date: Fri, 22 Aug 2025 16:45:20 +0100 Subject: [PATCH 02/24] Add workflow to update sdk version --- .github/workflows/sdlc-sdk-update.yml | 165 ++++++++++++++++++++++++++ 1 file changed, 165 insertions(+) create mode 100644 .github/workflows/sdlc-sdk-update.yml diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml new file mode 100644 index 0000000000..dc21fed341 --- /dev/null +++ b/.github/workflows/sdlc-sdk-update.yml @@ -0,0 +1,165 @@ +name: SDLC / SDK Update +run-name: "SDK ${{inputs.run-mode == 'Update' && format('Update - {0}', inputs.sdk-version) || format('Test #{0} - {1}', inputs.pr-id, inputs.sdk-version)}}" + +on: + workflow_dispatch: + inputs: + run-mode: + description: "Run Mode" + type: choice + options: + - Test # used for testing sdk-internal repo PRs + - Update # opens a PR in this repo updating the SDK + default: Test + # + sdk-package: + description: "SDK Package ID" + required: true + default: "BitwardenSdk" + sdk-version: + description: "SDK Version" + required: true + default: "2a6609428275c758fcda5383bfb6b3166ec29eda" + pr-id: + description: "Pull Request ID" + +jobs: + update: + name: Update and PR + if: ${{ inputs.run-mode == 'Update' }} + runs-on: ubuntu-24.04 + permissions: + id-token: write + + steps: + - name: Log in to Azure + uses: bitwarden/gh-actions/azure-login@main + with: + subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + tenant_id: ${{ secrets.AZURE_TENANT_ID }} + client_id: ${{ secrets.AZURE_CLIENT_ID }} + + - name: Get Azure Key Vault secrets + id: get-kv-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: gh-org-bitwarden + secrets: "BW-GHAPP-ID,BW-GHAPP-KEY" + + - name: Log out from Azure + uses: bitwarden/gh-actions/azure-logout@main + + - name: Generate GH App token + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + id: app-token + with: + app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }} + private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }} + + - name: Check out repo + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + token: ${{ steps.app-token.outputs.token }} + + - name: Log inputs to job summary + uses: ./.github/actions/log-inputs + with: + inputs: ${{ toJson(inputs) }} + + - name: Switch to branch + id: switch-branch + run: | + BRANCH_NAME="sdlc/sdk-update" + echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT + git switch -c $BRANCH_NAME + + - name: Get current SDK version + id: get-current-sdk + run: | + SDK_VERSION=$(awk '/BitwardenSdk:/,/^ [A-Za-z]/ { if ($1 == "revision:") print $2 }' project-bwa.yml) + GIT_REF=$(echo "$SDK_VERSION" | cut -d'-' -f3-) # handles both commit hashes and branch names + echo "Current SDK version: $SDK_VERSION" + echo "Current SDK git ref: $GIT_REF" + echo "version=$SDK_VERSION" >> $GITHUB_OUTPUT + echo "git_ref=$GIT_REF" >> $GITHUB_OUTPUT + + - name: Update SDK Version + env: + _SDK_PACKAGE: ${{ inputs.sdk-package }} + _SDK_VERSION: ${{ inputs.sdk-version }} + run: | + ./scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION" + + - name: Create branch and commit + env: + _SDK_PACKAGE: ${{ inputs.sdk-package }} + _SDK_VERSION: ${{ inputs.sdk-version }} + _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }} + run: | + echo "👀 Committing SDK version update..." + + git config user.name "bw-ghapp[bot]" + git config user.email "178206702+bw-ghapp[bot]@users.noreply.github.com" + + git add project-bwa.yml project-bwk.yml project-pm.yml + git commit -m "SDK Update - $_SDK_PACKAGE $_SDK_VERSION" + git push origin $_BRANCH_NAME + + - name: Create Pull Request + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }} + _SDK_PACKAGE: ${{ inputs.sdk-package }} + _SDK_VERSION: ${{ inputs.sdk-version }} + _OLD_SDK_VERSION: ${{ steps.get-current-sdk.outputs.version }} + _OLD_SDK_GIT_REF: ${{ steps.get-current-sdk.outputs.git_ref }} + run: | + NEW_SDK_GIT_REF=$(echo "$_SDK_VERSION" | cut -d'-' -f3-) + PR_BODY="Updates the SDK version from \`$_OLD_SDK_VERSION\` to \`$_SDK_PACKAGE $_SDK_VERSION\` + + ## What's Changed + + # Use echo -e to interpret escape sequences and pipe to gh pr create + PR_URL=$(echo -e "$PR_BODY" | gh pr create \ + --title "Update SDK to $_SDK_VERSION" \ + --body-file - \ + --base main \ + --head $_BRANCH_NAME \ + --label "automated-pr" \ + --label "t:ci") + + echo "🚀 Created PR: $PR_URL" + echo "## 🚀 Created PR: $PR_URL" >> $GITHUB_STEP_SUMMARY + +# test: +# name: Test Update +# if: ${{ inputs.run-mode == 'Test' }} +# runs-on: ubuntu-24.04 +# permissions: +# contents: read +# packages: read +# +# steps: +# - name: Check out repo +# uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 +# +# - name: Log inputs to job summary +# uses: ./.github/actions/log-inputs +# with: +# inputs: ${{ toJson(inputs) }} +# +# - name: Setup Android Build +# uses: ./.github/actions/setup-android-build +# +# - name: Update SDK Version +# env: +# _SDK_PACKAGE: ${{ inputs.sdk-package }} +# _SDK_VERSION: ${{ inputs.sdk-version }} +# run: | +# ./scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION"0 +# +# - name: Build +# env: +# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Used in settings.gradle.kts to download the SDK from GitHub Maven Packages +# run: | +# ./gradlew assembleDebug --warn From ee73781a606cfd46804c4c07f814c3efb4ae2165 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Gonc=CC=A7alves?= Date: Fri, 22 Aug 2025 18:29:51 +0100 Subject: [PATCH 03/24] Change folder name and replaced sed by yq --- .github/workflows/sdlc-sdk-update.yml | 4 ++-- Scripts/update-sdk-version.sh | 8 ++------ 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index dc21fed341..a879e92dfa 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -88,7 +88,7 @@ jobs: _SDK_PACKAGE: ${{ inputs.sdk-package }} _SDK_VERSION: ${{ inputs.sdk-version }} run: | - ./scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION" + ./Scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION" - name: Create branch and commit env: @@ -117,7 +117,7 @@ jobs: NEW_SDK_GIT_REF=$(echo "$_SDK_VERSION" | cut -d'-' -f3-) PR_BODY="Updates the SDK version from \`$_OLD_SDK_VERSION\` to \`$_SDK_PACKAGE $_SDK_VERSION\` - ## What's Changed + ## What's Changed" # Use echo -e to interpret escape sequences and pipe to gh pr create PR_URL=$(echo -e "$PR_BODY" | gh pr create \ diff --git a/Scripts/update-sdk-version.sh b/Scripts/update-sdk-version.sh index caa9eb6853..3f857392ae 100755 --- a/Scripts/update-sdk-version.sh +++ b/Scripts/update-sdk-version.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Script to update SDK version in project-bwa.yml, project-bwk.yml and project-pm.ym +# Script to update SDK version in project-bwa.yml, project-bwk.yml and project-pm.yml # Usage: ./Scripts/update-sdk-version.sh # ./Scripts/update-sdk-version.sh BitwardenSdk 2a6609428275c758fcda5383bfb6b3166ec29eda @@ -23,11 +23,7 @@ FILES=( for file in "${FILES[@]}"; do if [[ -f "$file" ]]; then echo "🔧 Updating revision in $file..." - sed -i.bak -E "/^packages:/,/^[^[:space:]]/ { - /$SDK_PACKAGE:/,/^[[:space:]]{2}[[:alnum:]]/ { - s/^([[:space:]]{4}revision: ).*/\1$SDK_VERSION/ - } - }" "$file" + yq -i ".packages[\"$SDK_PACKAGE\"].revision = \"$SDK_VERSION\"" "$file" echo "✅ Updated revision line:" grep "revision:" "$file" else From 252d3c2878553524b432f9feea85903b61066a65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 1 Sep 2025 15:38:38 +0100 Subject: [PATCH 04/24] Move bot name to env var --- .github/workflows/sdlc-sdk-update.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index a879e92dfa..a2a8d5105e 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -11,7 +11,6 @@ on: - Test # used for testing sdk-internal repo PRs - Update # opens a PR in this repo updating the SDK default: Test - # sdk-package: description: "SDK Package ID" required: true @@ -23,6 +22,10 @@ on: pr-id: description: "Pull Request ID" +env: + _BOT_NAME: "bw-ghapp[bot]" + _BOT_EMAIL: "178206702+bw-ghapp[bot]@users.noreply.github.com" + jobs: update: name: Update and PR @@ -98,8 +101,8 @@ jobs: run: | echo "👀 Committing SDK version update..." - git config user.name "bw-ghapp[bot]" - git config user.email "178206702+bw-ghapp[bot]@users.noreply.github.com" + git config user.name "$_BOT_NAME" + git config user.email "$_BOT_EMAIL" git add project-bwa.yml project-bwk.yml project-pm.yml git commit -m "SDK Update - $_SDK_PACKAGE $_SDK_VERSION" From fc046d95cd38c119a86e9e8bffb72163c8b85ab1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 1 Sep 2025 15:38:51 +0100 Subject: [PATCH 05/24] Set token permissions --- .github/workflows/sdlc-sdk-update.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index a2a8d5105e..314071528b 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -58,6 +58,9 @@ jobs: with: app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }} private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }} + permission-pull-requests: write + permission-actions: read + permission-contents: write - name: Check out repo uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 From 45000e420560d92d6954c28cc9db4797e8a70b0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 1 Sep 2025 15:40:20 +0100 Subject: [PATCH 06/24] Fix switch to branch step --- .github/workflows/sdlc-sdk-update.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index 314071528b..4cbd47269c 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -66,6 +66,7 @@ jobs: uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: token: ${{ steps.app-token.outputs.token }} + fetch-depth: 0 - name: Log inputs to job summary uses: ./.github/actions/log-inputs @@ -77,9 +78,16 @@ jobs: run: | BRANCH_NAME="sdlc/sdk-update" echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT - git switch -c $BRANCH_NAME - - name: Get current SDK version + if git switch $BRANCH_NAME; then + echo "✅ Switched to existing branch: $BRANCH_NAME" + echo "updating_existing_branch=true" >> $GITHUB_OUTPUT + else + echo "📝 Creating new branch: $BRANCH_NAME" + git switch -c $BRANCH_NAME + echo "updating_existing_branch=false" >> $GITHUB_OUTPUT + fi + id: get-current-sdk run: | SDK_VERSION=$(awk '/BitwardenSdk:/,/^ [A-Za-z]/ { if ($1 == "revision:") print $2 }' project-bwa.yml) From 0106366893ba2d4f18d11c15614d8de7e133ea09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 1 Sep 2025 15:53:51 +0100 Subject: [PATCH 07/24] Get current SDK version from main --- .github/workflows/sdlc-sdk-update.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index 4cbd47269c..efed52acbf 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -88,11 +88,17 @@ jobs: echo "updating_existing_branch=false" >> $GITHUB_OUTPUT fi + # Using main to retrieve the changelog on consecutive updates of the same PR. + - name: Get current SDK version from main branch id: get-current-sdk run: | - SDK_VERSION=$(awk '/BitwardenSdk:/,/^ [A-Za-z]/ { if ($1 == "revision:") print $2 }' project-bwa.yml) + SDK_VERSION=$(git show origin/main:project-pm.yml | yq '.packages.BitwardenSdk.revision') + if [ -z "$SDK_VERSION" ]; then + echo "::error::Failed to get current SDK version from main branch." + exit 1 + fi GIT_REF=$(echo "$SDK_VERSION" | cut -d'-' -f3-) # handles both commit hashes and branch names - echo "Current SDK version: $SDK_VERSION" + echo "Current SDK version (from main): $SDK_VERSION" echo "Current SDK git ref: $GIT_REF" echo "version=$SDK_VERSION" >> $GITHUB_OUTPUT echo "git_ref=$GIT_REF" >> $GITHUB_OUTPUT From 2fa3756efd57b4f65dc73efd174a107f3fb7cfb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Mon, 1 Sep 2025 15:54:40 +0100 Subject: [PATCH 08/24] Prevent updating branch when devs are fixing breaking changes --- .github/workflows/sdlc-sdk-update.yml | 29 +++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index efed52acbf..e09c4f016f 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -88,6 +88,35 @@ jobs: echo "updating_existing_branch=false" >> $GITHUB_OUTPUT fi + - name: Prevent updating the branch when the last committer isn't the bot + if: ${{ steps.switch-branch.outputs.updating_existing_branch == 'true' }} + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }} + run: | + LATEST_COMMIT_AUTHOR=$(git log -1 --format='%ae' $_BRANCH_NAME) + + echo "Latest commit author in branch ($_BRANCH_NAME): $LATEST_COMMIT_AUTHOR" + echo "Expected bot email: $_BOT_EMAIL" + + if [ "$LATEST_COMMIT_AUTHOR" != "$_BOT_EMAIL" ]; then + echo "::error::Branch $_BRANCH_NAME has a commit not made by the bot." \ + "This indicates manual changes have been made to the branch," \ + "PR has to be merged or closed before running this workflow again." + echo "👀 Fetching existing PR..." + gh pr list --head $_BRANCH_NAME --base main --state open --json number --jq '.[0].number // empty' + EXISTING_PR=$(gh pr list --head $_BRANCH_NAME --base main --state open --json number --jq '.[0].number // empty') + if [ -z "$EXISTING_PR" ]; then + echo "::error::Couldn't find an existing PR for branch $_BRANCH_NAME." + exit 1 + fi + PR_URL="https://github.com/${{ github.repository }}/pull/$EXISTING_PR" + echo "## ❌ Merge or close: $PR_URL" >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + echo "✅ Branch tip commit was made by the bot. Safe to proceed." + # Using main to retrieve the changelog on consecutive updates of the same PR. - name: Get current SDK version from main branch id: get-current-sdk From 2eff15dde5d5404b0a599a30734f5c0f04408a66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Tue, 2 Sep 2025 16:25:08 +0100 Subject: [PATCH 09/24] Add script to fetch repo changelogs --- Scripts/get-repo-changelog.sh | 40 +++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100755 Scripts/get-repo-changelog.sh diff --git a/Scripts/get-repo-changelog.sh b/Scripts/get-repo-changelog.sh new file mode 100755 index 0000000000..d4690d3d5e --- /dev/null +++ b/Scripts/get-repo-changelog.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# Script to get changelog between two git refs from a given GitHub repo. +# Usage: ./scripts/get-repo-changelog.sh + +set -euo pipefail + +if [ $# -lt 2 ]; then + echo "Usage: $0 " + echo "Example: $0 bitwarden/sdk-internal 9fe3aeda fix-wasm-import" + exit 1 +fi + +REPO="$1" +CURRENT_REF="$2" +NEW_REF="$3" + +CHANGELOG=$(gh api "repos/$REPO/compare/$CURRENT_REF...$NEW_REF" \ + --jq '.commits[] | "- \(.commit.message | split("\n")[0])"' | head -20) + +if [ -z "$CHANGELOG" ]; then + echo "No changes found between $CURRENT_REF and $NEW_REF" + exit 0 +fi + + +# GitHub renders org/repo#123 as a link to a PR, removing the commit message when a PR ID is found +# including the raw changelog in a collapsible section in case the pattern matching fails +CLEANED_CHANGELOG=$(echo "$CHANGELOG" | sed -E "s|.*\(#([0-9]+)\).*|- $REPO#\1|") + +echo "$CLEANED_CHANGELOG" +echo +echo "
+Raw changelog + +\`\`\` +$CHANGELOG +\`\`\` +
+" From 6d9331984e067667a728e2cadc58892889c14930 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Tue, 2 Sep 2025 19:17:43 +0100 Subject: [PATCH 10/24] Update project-common.yml instead of app specific files --- .github/workflows/sdlc-sdk-update.yml | 11 ++++++----- Scripts/update-sdk-version.sh | 6 ++---- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index e09c4f016f..639e8dd575 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -25,6 +25,7 @@ on: env: _BOT_NAME: "bw-ghapp[bot]" _BOT_EMAIL: "178206702+bw-ghapp[bot]@users.noreply.github.com" + _SDK_DEPENDENCY_NAME: "BitwardenSdk" jobs: update: @@ -121,7 +122,7 @@ jobs: - name: Get current SDK version from main branch id: get-current-sdk run: | - SDK_VERSION=$(git show origin/main:project-pm.yml | yq '.packages.BitwardenSdk.revision') + SDK_VERSION=$(git show origin/main:project-common.yml | yq '.packages.BitwardenSdk.revision') if [ -z "$SDK_VERSION" ]; then echo "::error::Failed to get current SDK version from main branch." exit 1 @@ -137,7 +138,7 @@ jobs: _SDK_PACKAGE: ${{ inputs.sdk-package }} _SDK_VERSION: ${{ inputs.sdk-version }} run: | - ./Scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION" + ./Scripts/update-sdk-version.sh "$_SDK_DEPENDENCY_NAME" "$_SDK_VERSION" - name: Create branch and commit env: @@ -150,8 +151,8 @@ jobs: git config user.name "$_BOT_NAME" git config user.email "$_BOT_EMAIL" - git add project-bwa.yml project-bwk.yml project-pm.yml - git commit -m "SDK Update - $_SDK_PACKAGE $_SDK_VERSION" + git add project-common.yml + git commit -m "SDK Update - $_SDK_DEPENDENCY_NAME $_SDK_VERSION" git push origin $_BRANCH_NAME - name: Create Pull Request @@ -205,7 +206,7 @@ jobs: # _SDK_PACKAGE: ${{ inputs.sdk-package }} # _SDK_VERSION: ${{ inputs.sdk-version }} # run: | -# ./scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION"0 +# ./scripts/update-sdk-version.sh "$_SDK_DEPENDENCY_NAME" "$_SDK_VERSION"0 # # - name: Build # env: diff --git a/Scripts/update-sdk-version.sh b/Scripts/update-sdk-version.sh index 3f857392ae..251db0003b 100755 --- a/Scripts/update-sdk-version.sh +++ b/Scripts/update-sdk-version.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Script to update SDK version in project-bwa.yml, project-bwk.yml and project-pm.yml +# Script to update SDK version in project-common.yml # Usage: ./Scripts/update-sdk-version.sh # ./Scripts/update-sdk-version.sh BitwardenSdk 2a6609428275c758fcda5383bfb6b3166ec29eda @@ -15,9 +15,7 @@ fi SDK_PACKAGE="$1" SDK_VERSION="$2" FILES=( - "project-bwa.yml" - "project-bwk.yml" - "project-pm.yml" + "project-common.yml" ) for file in "${FILES[@]}"; do From bef4fb5a81b1e43cc0530272de4884489eb528c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Tue, 2 Sep 2025 19:18:27 +0100 Subject: [PATCH 11/24] Remove sdk-package, not used on iOS --- .github/workflows/sdlc-sdk-update.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index 639e8dd575..c941e0a435 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -11,10 +11,6 @@ on: - Test # used for testing sdk-internal repo PRs - Update # opens a PR in this repo updating the SDK default: Test - sdk-package: - description: "SDK Package ID" - required: true - default: "BitwardenSdk" sdk-version: description: "SDK Version" required: true @@ -135,14 +131,12 @@ jobs: - name: Update SDK Version env: - _SDK_PACKAGE: ${{ inputs.sdk-package }} _SDK_VERSION: ${{ inputs.sdk-version }} run: | ./Scripts/update-sdk-version.sh "$_SDK_DEPENDENCY_NAME" "$_SDK_VERSION" - name: Create branch and commit env: - _SDK_PACKAGE: ${{ inputs.sdk-package }} _SDK_VERSION: ${{ inputs.sdk-version }} _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }} run: | @@ -159,7 +153,6 @@ jobs: env: GH_TOKEN: ${{ steps.app-token.outputs.token }} _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }} - _SDK_PACKAGE: ${{ inputs.sdk-package }} _SDK_VERSION: ${{ inputs.sdk-version }} _OLD_SDK_VERSION: ${{ steps.get-current-sdk.outputs.version }} _OLD_SDK_GIT_REF: ${{ steps.get-current-sdk.outputs.git_ref }} @@ -203,7 +196,6 @@ jobs: # # - name: Update SDK Version # env: -# _SDK_PACKAGE: ${{ inputs.sdk-package }} # _SDK_VERSION: ${{ inputs.sdk-version }} # run: | # ./scripts/update-sdk-version.sh "$_SDK_DEPENDENCY_NAME" "$_SDK_VERSION"0 From c0e0734658d88ddf5e9bbf341599c9344f71ea61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Tue, 2 Sep 2025 19:18:45 +0100 Subject: [PATCH 12/24] Add inputs for git refs --- .github/workflows/sdlc-sdk-update.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index c941e0a435..0100bc5d59 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -14,7 +14,15 @@ on: sdk-version: description: "SDK Version" required: true - default: "2a6609428275c758fcda5383bfb6b3166ec29eda" + default: "1.0.0-281-a1611ee" + sdk-internal-ref: + description: "sdk-internal repo git ref" + required: true + default: "a1611ee273e9ff6b2c03bc2e2e8175f96e300c77" + sdk-swift-ref: + description: "sdk-swift repo git ref" + required: true + default: "3a2a0988fba5da312a113ca4f59e0a5314c5093e" pr-id: description: "Pull Request ID" From d12b2a87df970d37e976987b682803a81a241069 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Tue, 2 Sep 2025 20:37:00 +0100 Subject: [PATCH 13/24] Implement get current sdk refs (both from sdk-swift and sdk-internal) --- .github/workflows/sdlc-sdk-update.yml | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index 0100bc5d59..98f6d29888 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -125,17 +125,29 @@ jobs: # Using main to retrieve the changelog on consecutive updates of the same PR. - name: Get current SDK version from main branch id: get-current-sdk + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} run: | - SDK_VERSION=$(git show origin/main:project-common.yml | yq '.packages.BitwardenSdk.revision') - if [ -z "$SDK_VERSION" ]; then + SDK_SWIFT_REF=$(git show origin/main:project-common.yml | yq '.packages.BitwardenSdk.revision') + if [ -z "$SDK_SWIFT_REF" ]; then echo "::error::Failed to get current SDK version from main branch." exit 1 fi - GIT_REF=$(echo "$SDK_VERSION" | cut -d'-' -f3-) # handles both commit hashes and branch names - echo "Current SDK version (from main): $SDK_VERSION" - echo "Current SDK git ref: $GIT_REF" - echo "version=$SDK_VERSION" >> $GITHUB_OUTPUT - echo "git_ref=$GIT_REF" >> $GITHUB_OUTPUT + + echo "👀 sdk-swift ref: $SDK_SWIFT_REF" + + COMMIT_MESSAGE=$(gh api "repos/bitwarden/sdk-swift/commits/$SDK_SWIFT_REF" --jq '.commit.message') + echo "👀 commit message: $COMMIT_MESSAGE" + SDK_INTERNAL_REF=$(echo "$COMMIT_MESSAGE" | grep -oE '[a-f0-9]{40}') + if [ -z "$SDK_INTERNAL_REF" ]; then + echo "::error::Failed to parse sdk-internal ref from commit message." + exit 1 + fi + + echo "Current sdk-swift ref (from main): $SDK_SWIFT_REF" + echo "Current sdk-internal ref (parsed from commit): $SDK_INTERNAL_REF" + echo "sdk-swift-ref=$SDK_SWIFT_REF" >> $GITHUB_OUTPUT + echo "sdk-internal-ref=$SDK_INTERNAL_REF" >> $GITHUB_OUTPUT - name: Update SDK Version env: From 184b08375ef65d0643187044e6dd5193be10e929 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Tue, 2 Sep 2025 20:37:51 +0100 Subject: [PATCH 14/24] Update commit message --- .github/workflows/sdlc-sdk-update.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index 98f6d29888..59d98933ca 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -158,6 +158,7 @@ jobs: - name: Create branch and commit env: _SDK_VERSION: ${{ inputs.sdk-version }} + _SDK_SWIFT_REF: ${{ inputs.sdk-swift-ref }} _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }} run: | echo "👀 Committing SDK version update..." @@ -166,7 +167,7 @@ jobs: git config user.email "$_BOT_EMAIL" git add project-common.yml - git commit -m "SDK Update - $_SDK_DEPENDENCY_NAME $_SDK_VERSION" + git commit -m "SDK Update - $_SDK_VERSION ($_SDK_SWIFT_REF)" git push origin $_BRANCH_NAME - name: Create Pull Request From 8171d1430083e2824881432e2cd5c26a07954c62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Tue, 2 Sep 2025 20:38:22 +0100 Subject: [PATCH 15/24] Use sdk-swift-ref on update-sdk script --- .github/workflows/sdlc-sdk-update.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index 59d98933ca..3b9afc725e 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -151,9 +151,9 @@ jobs: - name: Update SDK Version env: - _SDK_VERSION: ${{ inputs.sdk-version }} + _SDK_SWIFT_REF: ${{ inputs.sdk-swift-ref }} run: | - ./Scripts/update-sdk-version.sh "$_SDK_DEPENDENCY_NAME" "$_SDK_VERSION" + ./Scripts/update-sdk-version.sh "$_SDK_DEPENDENCY_NAME" "$_SDK_SWIFT_REF" - name: Create branch and commit env: From 30d39a6b8e077daa7806016fafcfe010bb81c796 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Tue, 2 Sep 2025 20:38:38 +0100 Subject: [PATCH 16/24] Implement create or update PR --- .github/workflows/sdlc-sdk-update.yml | 53 +++++++++++++++++---------- 1 file changed, 33 insertions(+), 20 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index 3b9afc725e..7e3231c1fd 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -170,30 +170,43 @@ jobs: git commit -m "SDK Update - $_SDK_VERSION ($_SDK_SWIFT_REF)" git push origin $_BRANCH_NAME - - name: Create Pull Request + - name: Create or Update Pull Request env: GH_TOKEN: ${{ steps.app-token.outputs.token }} _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }} - _SDK_VERSION: ${{ inputs.sdk-version }} - _OLD_SDK_VERSION: ${{ steps.get-current-sdk.outputs.version }} - _OLD_SDK_GIT_REF: ${{ steps.get-current-sdk.outputs.git_ref }} + _NEW_SDK_VERSION: ${{ inputs.sdk-version }} + _NEW_SDK_SWIFT_REF: ${{ inputs.sdk-swift-ref }} + _NEW_SDK_INTERNAL_REF: ${{ inputs.sdk-internal-ref }} + _OLD_SDK_SWIFT_REF: ${{ steps.get-current-sdk.outputs.sdk-swift-ref }} + _OLD_SDK_INTERNAL_REF: ${{ steps.get-current-sdk.outputs.sdk-internal-ref }} run: | - NEW_SDK_GIT_REF=$(echo "$_SDK_VERSION" | cut -d'-' -f3-) - PR_BODY="Updates the SDK version from \`$_OLD_SDK_VERSION\` to \`$_SDK_PACKAGE $_SDK_VERSION\` - - ## What's Changed" - - # Use echo -e to interpret escape sequences and pipe to gh pr create - PR_URL=$(echo -e "$PR_BODY" | gh pr create \ - --title "Update SDK to $_SDK_VERSION" \ - --body-file - \ - --base main \ - --head $_BRANCH_NAME \ - --label "automated-pr" \ - --label "t:ci") - - echo "🚀 Created PR: $PR_URL" - echo "## 🚀 Created PR: $PR_URL" >> $GITHUB_STEP_SUMMARY + CHANGELOG=$(./scripts/get-repo-changelog.sh "bitwarden/sdk-internal" "$_OLD_SDK_INTERNAL_REF" "$_NEW_SDK_INTERNAL_REF") + PR_BODY="Updates the SDK from \`$_OLD_SDK_SWIFT_REF\` to \`$_NEW_SDK_SWIFT_REF\` + + ## What's Changed + + $CHANGELOG" + + EXISTING_PR=$(gh pr list --head $_BRANCH_NAME --base main --state open --json number --jq '.[0].number // empty') + + if [ -n "$EXISTING_PR" ]; then + echo "🔄 Updating existing PR #$EXISTING_PR..." + echo -e "$PR_BODY" | gh pr edit $EXISTING_PR \ + --title "Update SDK to $_NEW_SDK_VERSION ($_NEW_SDK_SWIFT_REF)" \ + --body-file - + PR_URL="https://github.com/${{ github.repository }}/pull/$EXISTING_PR" + echo "## ✅ Updated PR: $PR_URL" >> $GITHUB_STEP_SUMMARY + else + echo "📝 Creating new PR..." + PR_URL=$(echo -e "$PR_BODY" | gh pr create \ + --title "Update SDK to $_NEW_SDK_VERSION ($_NEW_SDK_SWIFT_REF)" \ + --body-file - \ + --base main \ + --head $_BRANCH_NAME \ + --label "automated-pr" \ + --label "t:ci") + echo "## 🚀 Created PR: $PR_URL" >> $GITHUB_STEP_SUMMARY + fi # test: # name: Test Update From e7ef69ba08041522b76d4016e1f9b678fd6808a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Tue, 2 Sep 2025 21:19:33 +0100 Subject: [PATCH 17/24] update sdk script sets sdk version as a comment now --- .github/workflows/sdlc-sdk-update.yml | 3 ++- Scripts/update-sdk-version.sh | 31 ++++++++++----------------- 2 files changed, 13 insertions(+), 21 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index 7e3231c1fd..e4176a66ab 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -151,9 +151,10 @@ jobs: - name: Update SDK Version env: + _SDK_VERSION: ${{ inputs.sdk-version }} _SDK_SWIFT_REF: ${{ inputs.sdk-swift-ref }} run: | - ./Scripts/update-sdk-version.sh "$_SDK_DEPENDENCY_NAME" "$_SDK_SWIFT_REF" + ./Scripts/update-sdk-version.sh "$_SDK_DEPENDENCY_NAME" "$_SDK_SWIFT_REF" "$_SDK_VERSION" - name: Create branch and commit env: diff --git a/Scripts/update-sdk-version.sh b/Scripts/update-sdk-version.sh index 251db0003b..ee71230f51 100755 --- a/Scripts/update-sdk-version.sh +++ b/Scripts/update-sdk-version.sh @@ -1,30 +1,21 @@ #!/bin/bash -# Script to update SDK version in project-common.yml -# Usage: ./Scripts/update-sdk-version.sh -# ./Scripts/update-sdk-version.sh BitwardenSdk 2a6609428275c758fcda5383bfb6b3166ec29eda +# Update SDK revision in project-common.yml set -euo pipefail -if [ $# -lt 2 ]; then - echo "Usage: $0 " - echo "Example: $0 BitwardenSdk 2a6609428275c758fcda5383bfb6b3166ec29eda" +if [ $# -lt 3 ]; then + echo "Usage: $0 " + echo "Example: $0 BitwardenSdk 2a6609428275c758fcda5383bfb6b3166ec29eda 1.0.0-281-a1611ee" exit 1 fi SDK_PACKAGE="$1" -SDK_VERSION="$2" -FILES=( - "project-common.yml" -) +SDK_SWIFT_REF="$2" +SDK_VERSION="$3" +FILE="project-common.yml" -for file in "${FILES[@]}"; do - if [[ -f "$file" ]]; then - echo "🔧 Updating revision in $file..." - yq -i ".packages[\"$SDK_PACKAGE\"].revision = \"$SDK_VERSION\"" "$file" - echo "✅ Updated revision line:" - grep "revision:" "$file" - else - echo "⚠️ Skipping missing file: $file" - fi -done +echo "🔧 Updating revision in $FILE..." +yq -i ".packages[\"$SDK_PACKAGE\"].revision = \"$SDK_SWIFT_REF\" | .packages[\"$SDK_PACKAGE\"].revision line_comment = \"$SDK_VERSION\"" "$FILE" +echo "✅ Updated revision line:" +grep -A 3 "$SDK_PACKAGE:" "$FILE" From f6a693adcd08b10516d1a76fb47c447beb5e7719 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Tue, 2 Sep 2025 21:47:52 +0100 Subject: [PATCH 18/24] Refactor log messages --- .github/workflows/sdlc-sdk-update.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index e4176a66ab..62ec64632f 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -24,7 +24,7 @@ on: required: true default: "3a2a0988fba5da312a113ca4f59e0a5314c5093e" pr-id: - description: "Pull Request ID" + description: "Pull Request ID (Test mode only)" env: _BOT_NAME: "bw-ghapp[bot]" @@ -137,15 +137,16 @@ jobs: echo "👀 sdk-swift ref: $SDK_SWIFT_REF" COMMIT_MESSAGE=$(gh api "repos/bitwarden/sdk-swift/commits/$SDK_SWIFT_REF" --jq '.commit.message') - echo "👀 commit message: $COMMIT_MESSAGE" + echo "👀 sdk-swift ref commit message: \"$COMMIT_MESSAGE\"" SDK_INTERNAL_REF=$(echo "$COMMIT_MESSAGE" | grep -oE '[a-f0-9]{40}') if [ -z "$SDK_INTERNAL_REF" ]; then echo "::error::Failed to parse sdk-internal ref from commit message." exit 1 fi - echo "Current sdk-swift ref (from main): $SDK_SWIFT_REF" - echo "Current sdk-internal ref (parsed from commit): $SDK_INTERNAL_REF" + echo "" + echo "📋 Current sdk-swift ref (from main): $SDK_SWIFT_REF" + echo "📋 Current sdk-internal ref (parsed from commit): $SDK_INTERNAL_REF" echo "sdk-swift-ref=$SDK_SWIFT_REF" >> $GITHUB_OUTPUT echo "sdk-internal-ref=$SDK_INTERNAL_REF" >> $GITHUB_OUTPUT From 2cba47fa6ec62dea675dda949b5f98bd5db66878 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Tue, 2 Sep 2025 21:51:45 +0100 Subject: [PATCH 19/24] Fix script path --- .github/workflows/sdlc-sdk-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index 62ec64632f..a794c28672 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -182,7 +182,7 @@ jobs: _OLD_SDK_SWIFT_REF: ${{ steps.get-current-sdk.outputs.sdk-swift-ref }} _OLD_SDK_INTERNAL_REF: ${{ steps.get-current-sdk.outputs.sdk-internal-ref }} run: | - CHANGELOG=$(./scripts/get-repo-changelog.sh "bitwarden/sdk-internal" "$_OLD_SDK_INTERNAL_REF" "$_NEW_SDK_INTERNAL_REF") + CHANGELOG=$(./Scripts/get-repo-changelog.sh "bitwarden/sdk-internal" "$_OLD_SDK_INTERNAL_REF" "$_NEW_SDK_INTERNAL_REF") PR_BODY="Updates the SDK from \`$_OLD_SDK_SWIFT_REF\` to \`$_NEW_SDK_SWIFT_REF\` ## What's Changed From a6ee6a0163effe52b8eed9b78dd3a135d4ed1948 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Wed, 3 Sep 2025 14:16:41 +0100 Subject: [PATCH 20/24] Remove sdk-internal-ref input, fetch it from sdk-version instead --- .github/workflows/sdlc-sdk-update.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index a794c28672..73011029d4 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -15,10 +15,6 @@ on: description: "SDK Version" required: true default: "1.0.0-281-a1611ee" - sdk-internal-ref: - description: "sdk-internal repo git ref" - required: true - default: "a1611ee273e9ff6b2c03bc2e2e8175f96e300c77" sdk-swift-ref: description: "sdk-swift repo git ref" required: true @@ -178,10 +174,10 @@ jobs: _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }} _NEW_SDK_VERSION: ${{ inputs.sdk-version }} _NEW_SDK_SWIFT_REF: ${{ inputs.sdk-swift-ref }} - _NEW_SDK_INTERNAL_REF: ${{ inputs.sdk-internal-ref }} _OLD_SDK_SWIFT_REF: ${{ steps.get-current-sdk.outputs.sdk-swift-ref }} _OLD_SDK_INTERNAL_REF: ${{ steps.get-current-sdk.outputs.sdk-internal-ref }} run: | + _NEW_SDK_INTERNAL_REF=$(echo "$_NEW_SDK_VERSION" | cut -d'-' -f3-) CHANGELOG=$(./Scripts/get-repo-changelog.sh "bitwarden/sdk-internal" "$_OLD_SDK_INTERNAL_REF" "$_NEW_SDK_INTERNAL_REF") PR_BODY="Updates the SDK from \`$_OLD_SDK_SWIFT_REF\` to \`$_NEW_SDK_SWIFT_REF\` From efc63009d2292199f61bcc7ed1551500ec5b17ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Wed, 3 Sep 2025 14:17:11 +0100 Subject: [PATCH 21/24] Use short commit hash for commit message and PR title --- .github/workflows/sdlc-sdk-update.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index 73011029d4..b86cb89c85 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -160,12 +160,13 @@ jobs: _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }} run: | echo "👀 Committing SDK version update..." + _SDK_SWIFT_REF_SHORT="${_SDK_SWIFT_REF:0:7}" git config user.name "$_BOT_NAME" git config user.email "$_BOT_EMAIL" git add project-common.yml - git commit -m "SDK Update - $_SDK_VERSION ($_SDK_SWIFT_REF)" + git commit -m "SDK Update - $_SDK_SWIFT_REF_SHORT ($_SDK_VERSION)" git push origin $_BRANCH_NAME - name: Create or Update Pull Request @@ -186,18 +187,19 @@ jobs: $CHANGELOG" EXISTING_PR=$(gh pr list --head $_BRANCH_NAME --base main --state open --json number --jq '.[0].number // empty') + _NEW_SDK_SWIFT_REF_SHORT="${_NEW_SDK_SWIFT_REF:0:7}" if [ -n "$EXISTING_PR" ]; then echo "🔄 Updating existing PR #$EXISTING_PR..." echo -e "$PR_BODY" | gh pr edit $EXISTING_PR \ - --title "Update SDK to $_NEW_SDK_VERSION ($_NEW_SDK_SWIFT_REF)" \ + --title "Update SDK to $_NEW_SDK_SWIFT_REF_SHORT ($_NEW_SDK_VERSION)" \ --body-file - PR_URL="https://github.com/${{ github.repository }}/pull/$EXISTING_PR" echo "## ✅ Updated PR: $PR_URL" >> $GITHUB_STEP_SUMMARY else echo "📝 Creating new PR..." PR_URL=$(echo -e "$PR_BODY" | gh pr create \ - --title "Update SDK to $_NEW_SDK_VERSION ($_NEW_SDK_SWIFT_REF)" \ + --title "Update SDK to $_NEW_SDK_SWIFT_REF_SHORT ($_NEW_SDK_VERSION)" \ --body-file - \ --base main \ --head $_BRANCH_NAME \ From 20bd3c596153ab2ed7269fabdd8980465f367de0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Wed, 3 Sep 2025 14:45:05 +0100 Subject: [PATCH 22/24] Remove commented test job code --- .github/workflows/sdlc-sdk-update.yml | 32 --------------------------- 1 file changed, 32 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index b86cb89c85..347f287e21 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -207,35 +207,3 @@ jobs: --label "t:ci") echo "## 🚀 Created PR: $PR_URL" >> $GITHUB_STEP_SUMMARY fi - -# test: -# name: Test Update -# if: ${{ inputs.run-mode == 'Test' }} -# runs-on: ubuntu-24.04 -# permissions: -# contents: read -# packages: read -# -# steps: -# - name: Check out repo -# uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 -# -# - name: Log inputs to job summary -# uses: ./.github/actions/log-inputs -# with: -# inputs: ${{ toJson(inputs) }} -# -# - name: Setup Android Build -# uses: ./.github/actions/setup-android-build -# -# - name: Update SDK Version -# env: -# _SDK_VERSION: ${{ inputs.sdk-version }} -# run: | -# ./scripts/update-sdk-version.sh "$_SDK_DEPENDENCY_NAME" "$_SDK_VERSION"0 -# -# - name: Build -# env: -# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Used in settings.gradle.kts to download the SDK from GitHub Maven Packages -# run: | -# ./gradlew assembleDebug --warn From 854f39124648cc48e7a364abc808feb13b713801 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Wed, 3 Sep 2025 14:45:18 +0100 Subject: [PATCH 23/24] Update defaults --- .github/workflows/sdlc-sdk-update.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index 347f287e21..7325af888a 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -10,15 +10,15 @@ on: options: - Test # used for testing sdk-internal repo PRs - Update # opens a PR in this repo updating the SDK - default: Test + default: Update sdk-version: description: "SDK Version" required: true - default: "1.0.0-281-a1611ee" + default: "1.0.0-283-7b5d9db" sdk-swift-ref: description: "sdk-swift repo git ref" required: true - default: "3a2a0988fba5da312a113ca4f59e0a5314c5093e" + default: "c2817139d7da49037841215d37a2f931525bf0fc" pr-id: description: "Pull Request ID (Test mode only)" From f237082c10d009750aa2655e0cdc89ca6f220e18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lison=20Fernandes?= Date: Wed, 3 Sep 2025 14:45:42 +0100 Subject: [PATCH 24/24] Detect downgrades --- .github/workflows/sdlc-sdk-update.yml | 41 ++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/.github/workflows/sdlc-sdk-update.yml b/.github/workflows/sdlc-sdk-update.yml index 7325af888a..1ab039bd21 100644 --- a/.github/workflows/sdlc-sdk-update.yml +++ b/.github/workflows/sdlc-sdk-update.yml @@ -146,6 +146,28 @@ jobs: echo "sdk-swift-ref=$SDK_SWIFT_REF" >> $GITHUB_OUTPUT echo "sdk-internal-ref=$SDK_INTERNAL_REF" >> $GITHUB_OUTPUT + - name: Detect downgrade and prevent updating to the current version + id: detect-downgrade + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + _CURRENT_SDK_SWIFT_REF: ${{ steps.get-current-sdk.outputs.sdk-swift-ref }} + _NEW_SDK_SWIFT_REF: ${{ inputs.sdk-swift-ref }} + run: | + if [ "$_CURRENT_SDK_SWIFT_REF" = "$_NEW_SDK_SWIFT_REF" ]; then + echo "::error::Provided sdk-swift ref is the same as the current version in main." + exit 1 + fi + + COMPARE_RESULT=$(gh api "repos/bitwarden/sdk-swift/compare/$_CURRENT_SDK_SWIFT_REF...$_NEW_SDK_SWIFT_REF" --jq '.status') + + if [ "$COMPARE_RESULT" = "behind" ]; then + echo "::warning::The new SDK version ($_NEW_SDK_SWIFT_REF) is older than the current version ($_CURRENT_SDK_SWIFT_REF)" + echo "downgrading=true" >> $GITHUB_OUTPUT + else + echo "✅ New SDK version is newer - proceeding with update" + echo "downgrading=false" >> $GITHUB_OUTPUT + fi + - name: Update SDK Version env: _SDK_VERSION: ${{ inputs.sdk-version }} @@ -177,14 +199,19 @@ jobs: _NEW_SDK_SWIFT_REF: ${{ inputs.sdk-swift-ref }} _OLD_SDK_SWIFT_REF: ${{ steps.get-current-sdk.outputs.sdk-swift-ref }} _OLD_SDK_INTERNAL_REF: ${{ steps.get-current-sdk.outputs.sdk-internal-ref }} + _DOWNGRADING: ${{ steps.detect-downgrade.outputs.downgrading }} run: | _NEW_SDK_INTERNAL_REF=$(echo "$_NEW_SDK_VERSION" | cut -d'-' -f3-) - CHANGELOG=$(./Scripts/get-repo-changelog.sh "bitwarden/sdk-internal" "$_OLD_SDK_INTERNAL_REF" "$_NEW_SDK_INTERNAL_REF") - PR_BODY="Updates the SDK from \`$_OLD_SDK_SWIFT_REF\` to \`$_NEW_SDK_SWIFT_REF\` + PR_BODY="Updates the SDK from \`$_OLD_SDK_SWIFT_REF\` to \`$_NEW_SDK_SWIFT_REF\`" - ## What's Changed - - $CHANGELOG" + if [ "$_DOWNGRADING" = "true" ]; then + PR_BODY="$PR_BODY\n\n## :warning: Downgrading SDK to an older version. :warning:" + PR_TITLE_ACTION="Downgrading" + else + CHANGELOG=$(./Scripts/get-repo-changelog.sh "bitwarden/sdk-internal" "$_OLD_SDK_INTERNAL_REF" "$_NEW_SDK_INTERNAL_REF") + PR_BODY="$PR_BODY\n\n## What's Changed\n\n$CHANGELOG" + PR_TITLE_ACTION="Updating" + fi EXISTING_PR=$(gh pr list --head $_BRANCH_NAME --base main --state open --json number --jq '.[0].number // empty') _NEW_SDK_SWIFT_REF_SHORT="${_NEW_SDK_SWIFT_REF:0:7}" @@ -192,14 +219,14 @@ jobs: if [ -n "$EXISTING_PR" ]; then echo "🔄 Updating existing PR #$EXISTING_PR..." echo -e "$PR_BODY" | gh pr edit $EXISTING_PR \ - --title "Update SDK to $_NEW_SDK_SWIFT_REF_SHORT ($_NEW_SDK_VERSION)" \ + --title "$PR_TITLE_ACTION SDK to $_NEW_SDK_SWIFT_REF_SHORT ($_NEW_SDK_VERSION)" \ --body-file - PR_URL="https://github.com/${{ github.repository }}/pull/$EXISTING_PR" echo "## ✅ Updated PR: $PR_URL" >> $GITHUB_STEP_SUMMARY else echo "📝 Creating new PR..." PR_URL=$(echo -e "$PR_BODY" | gh pr create \ - --title "Update SDK to $_NEW_SDK_SWIFT_REF_SHORT ($_NEW_SDK_VERSION)" \ + --title "$PR_TITLE_ACTION SDK to $_NEW_SDK_SWIFT_REF_SHORT ($_NEW_SDK_VERSION)" \ --body-file - \ --base main \ --head $_BRANCH_NAME \