diff --git a/.github/workflows/build-run.yaml b/.github/workflows/build-run.yaml
new file mode 100644
index 000000000..a8664aee3
--- /dev/null
+++ b/.github/workflows/build-run.yaml
@@ -0,0 +1,602 @@
+# #
+# @type github workflow
+# @author Aetherinox
+# @project KeeWeb
+# @repo https://github.com/keeweb/keeweb
+# @usage Build keeweb releases for win32,linux,darwin,web
+#
+# @secrets secrets.VIRUS_TOTAL Virus Total API Key (https://virustotal.com/gui/my-apikey)
+# secrets.PRIVATE_KEY keys/private-key.pem
+# secrets.KEEWEB_SIGN keys/keeweb-sign.json
+# secrets.CODESIGN keys/codesign.json
+# secrets.MS_CODESIGN_PRIVATE_KEY_CLIENT Codesign Private key (client)
+# secrets.MS_CODESIGN_PUBLIC_KEY_CLIENT Codesign public key (client)
+# secrets.MS_CODESIGN_PUBLIC_KEY_SERVER Codesign public key (server)
+# secrets.APPLE_DEPLOY_PASSWORD Apple deployment password
+# secrets.APPLE_ID_USERNAME Apple username
+# secrets.APPLE_PROVISIONING_PROFILE App Store provisioning profile
+# secrets.APPLE_CERTIFICATE p12 base64 encoded cert
+# secrets.APPLE_CERTIFICATE_PASSWORD p12 cert password
+# secrets.GCP_SA_KEY Google Cloud Platform service account key
+# secrets.DOCKERHUB_USERNAME hub.docker.com username
+# secrets.DOCKERHUB_ACCESS_TOKEN hub.docker.com access token
+# secrets.GITHUB_TOKEN Gthub token
+# secrets.CF_TOKEN Cloudflare account token (on cf dashboard)
+#
+# @changelog [ 12-17-24 ] updated actions/setup-node@v2 › actions/setup-node@v4
+# updated actions/download-artifact@v1 › actions/download-artifact@v4
+# updated actions/upload-artifact@v1 › actions/upload-artifact@v4
+# updated node-version: '16' › node-version: '18'
+# #
+
+name: '🔨 Build › Run'
+run-name: '🔨 Deploy › Run'
+
+# #
+# Triggers
+# #
+
+on:
+
+ # #
+ # Trigger › Push
+ # #
+
+ push:
+ tags: [ '*' ]
+
+# #
+# Environment Vars
+# #
+
+env:
+ BOT_NAME_1: EuropaServ
+ BOT_NAME_DEPENDABOT: dependabot[bot]
+
+# #
+# Jobs
+# #
+
+jobs:
+
+ # #
+ # Job › Build › Web
+ # #
+
+ web:
+ runs-on: ubuntu-latest
+ steps:
+
+ - name: 'Get current git tag'
+ id: get_tag
+ uses: keeweb/get-git-tag@v3.0.2
+ with:
+ tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$"
+ tagRegexGroup: 1
+
+ - name: 'Checkout'
+ uses: actions/checkout@v4
+ with:
+ repository: keeweb/keeweb
+ ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }}
+
+ - name: 'Upgrade Node.js'
+ uses: actions/setup-node@v4
+ with:
+ node-version: '18'
+ registry-url: 'https://registry.npmjs.org'
+
+ - name: 'Install npm modules'
+ run: |
+ npm ci
+
+ - name: 'Test'
+ run: |
+ npm test
+
+ - name: 'Grunt'
+ run: |
+ grunt
+
+ - name: 'Upload artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html
+ path: dist
+
+ - name: 'Write secrets'
+ env:
+ VIRUS_TOTAL: ${{ secrets.VIRUS_TOTAL }}
+ run: |
+ mkdir keys
+ echo "$VIRUS_TOTAL" > keys/virus-total.json
+
+ - name: 'Check on VirusTotal'
+ if: ${{ github.repository == 'keeweb/keeweb' }}
+ run: |
+ grunt virustotal
+
+ # #
+ # Job › Build › Linux
+ # #
+
+ linux:
+ runs-on: ubuntu-latest
+ needs:
+ - web
+ steps:
+
+ - name: 'Get current git tag'
+ id: get_tag
+ uses: keeweb/get-git-tag@v3.0.2
+ with:
+ tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$"
+ tagRegexGroup: 1
+
+ - name: 'Checkout'
+ uses: actions/checkout@v4
+ with:
+ repository: keeweb/keeweb
+ ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }}
+
+ - name: 'Download artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html
+ path: dist
+
+ - name: 'Write secrets'
+ env:
+ PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
+ KEEWEB_SIGN: ${{ secrets.KEEWEB_SIGN }}
+ run: |
+ mkdir keys
+ echo "$PRIVATE_KEY" > keys/private-key.pem
+ echo "$KEEWEB_SIGN" > keys/keeweb-sign.json
+
+ - name: 'Build in Docker'
+ uses: ./.github/actions/linux-build
+
+ - name: 'Upload AppImage artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.AppImage
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.AppImage
+
+ - name: 'Upload snap artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.snap
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.snap
+
+ - name: 'Upload deb artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.deb
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.deb
+
+ - name: 'Upload zip artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.zip
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.zip
+
+ - name: 'Upload rpm artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x86_64.rpm
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x86_64.rpm
+
+ # #
+ # Job › Build › Darwin (macOS)
+ # #
+
+ darwin:
+ runs-on: macos-latest
+ needs:
+ - web
+ steps:
+
+ - name: 'Get current git tag'
+ id: get_tag
+ uses: keeweb/get-git-tag@v3.0.2
+ with:
+ tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$"
+ tagRegexGroup: 1
+
+ - name: 'Checkout'
+ uses: actions/checkout@v4
+ with:
+ repository: keeweb/keeweb
+ ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }}
+
+ - name: 'Download artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html
+ path: dist
+
+ - name: 'Upgrade Node.js'
+ uses: actions/setup-node@v4
+ with:
+ node-version: '18'
+ registry-url: 'https://registry.npmjs.org'
+
+ - name: 'Install npm modules'
+ run: |
+ npm ci
+
+ - name: 'Install grunt'
+ run: |
+ sudo npm i -g grunt-cli
+
+ - name: 'Write secrets'
+ env:
+ CODESIGN: ${{ secrets.CODESIGN }}
+ APPLE_DEPLOY_PASSWORD: ${{ secrets.APPLE_DEPLOY_PASSWORD }}
+ APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
+ APPLE_PROVISIONING_PROFILE: ${{ secrets.APPLE_PROVISIONING_PROFILE }}
+ run: |
+ mkdir keys
+ echo "$CODESIGN" > keys/codesign.json
+ xcrun altool --store-password-in-keychain-item "AC_PASSWORD" -u "$APPLE_ID_USERNAME" -p "$APPLE_DEPLOY_PASSWORD"
+ echo "$APPLE_PROVISIONING_PROFILE" | base64 -d > keys/keeweb.provisionprofile
+
+ - name: 'Import certificates'
+ uses: keeweb/import-codesign-certs@v1
+ with:
+ p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
+ p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+
+ - name: 'Grunt'
+ run: |
+ grunt --max-old-space-size=4096 desktop-darwin ${{ github.repository != 'keeweb/keeweb' && '--skip-sign' || '' }}
+
+ - name: 'Upload x64 dmg artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.x64.dmg
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.x64.dmg
+
+ - name: 'Upload arm64 dmg artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.arm64.dmg
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.arm64.dmg
+
+ # #
+ # Job › Build › Win32
+ # #
+
+ win32:
+ runs-on: windows-latest
+ needs:
+ - web
+ steps:
+
+ - name: 'Get current git tag'
+ id: get_tag
+ uses: keeweb/get-git-tag@v3.0.2
+ with:
+ tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$"
+ tagRegexGroup: 1
+
+ - name: 'Checkout'
+ uses: actions/checkout@v4
+ with:
+ repository: keeweb/keeweb
+ ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }}
+
+ - name: 'Download artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html
+ path: dist
+
+ - name: 'Upgrade Node.js'
+ uses: actions/setup-node@v4
+ with:
+ node-version: '18'
+ registry-url: 'https://registry.npmjs.org'
+
+ - name: 'Install npm modules'
+ run: |
+ npm ci
+
+ - name: 'Install grunt'
+ run: |
+ npm i -g grunt-cli
+
+ - name: 'Write secrets'
+ env:
+ CODESIGN: ${{ secrets.CODESIGN }}
+ MS_CODESIGN_PRIVATE_KEY_CLIENT: ${{ secrets.MS_CODESIGN_PRIVATE_KEY_CLIENT }}
+ MS_CODESIGN_PUBLIC_KEY_CLIENT: ${{ secrets.MS_CODESIGN_PUBLIC_KEY_CLIENT }}
+ MS_CODESIGN_PUBLIC_KEY_SERVER: ${{ secrets.MS_CODESIGN_PUBLIC_KEY_SERVER }}
+ run: |
+ mkdir keys
+ echo $Env:CODESIGN > keys/codesign.json
+ mkdir keys/code-signing
+ echo $Env:MS_CODESIGN_PRIVATE_KEY_CLIENT > keys/code-signing/private-key-client.pem
+ echo $Env:MS_CODESIGN_PUBLIC_KEY_CLIENT > keys/code-signing/public-key-client.pem
+ echo $Env:MS_CODESIGN_PUBLIC_KEY_SERVER > keys/code-signing/public-key-server.pem
+
+ - name: 'Grunt'
+ run: |
+ grunt desktop-win32 ${{ github.repository != 'keeweb/keeweb' && '--skip-sign' || '' }}
+
+ - name: 'Upload ia32 exe artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.exe
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.exe
+
+ - name: 'Upload ia32 zip artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.zip
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.zip
+
+ - name: 'Upload x64 exe artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.exe
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.exe
+
+ - name: 'Upload x64 zip artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.zip
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.zip
+
+ - name: 'Upload arm64 exe artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.exe
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.exe
+
+ - name: 'Upload arm64 zip artifact'
+ uses: actions/upload-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.zip
+ path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.zip
+
+ # #
+ # Job › Publish
+ # #
+
+ publish:
+ runs-on: ubuntu-latest
+ needs:
+ - linux
+ - darwin
+ - win32
+ steps:
+ - name: 'Get current git tag'
+ id: get_tag
+ uses: keeweb/get-git-tag@v3.0.2
+ with:
+ tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$"
+ tagRegexGroup: 1
+
+ - name: 'Setup GCloud'
+ uses: google-github-actions/setup-gcloud@v0.7.0
+ with:
+ version: '285.0.0'
+ service_account_key: ${{ secrets.GCP_SA_KEY }}
+ export_default_credentials: true
+
+ - name: 'Checkout'
+ uses: actions/checkout@v4
+ with:
+ repository: keeweb/keeweb
+ path: keeweb
+ ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }}
+
+ - name: 'Upgrade Node.js'
+ uses: actions/setup-node@v4
+ with:
+ node-version: '18'
+ registry-url: 'https://registry.npmjs.org'
+
+ - name: 'Install npm modules'
+ working-directory: keeweb
+ run: |
+ npm ci
+
+ - name: 'Download html artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html
+ path: html
+
+ - name: 'Download linux.AppImage artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.AppImage
+ path: assets
+
+ - name: 'Download linux.snap artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.snap
+ path: assets
+
+ - name: 'Download linux.deb artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.deb
+ path: assets
+
+ - name: 'Download linux.zip artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.zip
+ path: assets
+
+ - name: 'Download linux.rpm artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x86_64.rpm
+ path: assets
+
+ - name: 'Download darwin.x64.dmg artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.x64.dmg
+ path: assets
+
+ - name: 'Download darwin.arm64.dmg artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.arm64.dmg
+ path: assets
+
+ - name: 'Download win32.ia32.exe artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.exe
+ path: assets
+
+ - name: 'Download win32.ia32.zip artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.zip
+ path: assets
+
+ - name: 'Download win32.x64.exe artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.exe
+ path: assets
+
+ - name: 'Download win32.x64.zip artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.zip
+ path: assets
+
+ - name: 'Download win32.arm64.exe artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.exe
+ path: assets
+
+ - name: 'Download win32.arm64.zip artifact'
+ uses: actions/download-artifact@v4
+ with:
+ name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.zip
+ path: assets
+
+ - name: 'Zip html'
+ working-directory: html
+ run: |
+ zip -vr ../assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.html.zip .
+
+ - name: 'Copy assets to dist'
+ run: mkdir -p keeweb/dist/desktop && cp assets/* keeweb/dist/desktop
+
+ - name: 'Write secrets'
+ env:
+ PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
+ KEEWEB_SIGN: ${{ secrets.KEEWEB_SIGN }}
+ working-directory: keeweb
+ run: |
+ mkdir keys
+ echo "$PRIVATE_KEY" > keys/private-key.pem
+ echo "$KEEWEB_SIGN" > keys/keeweb-sign.json
+
+ - name: 'Grunt'
+ working-directory: keeweb
+ run: |
+ grunt finish-release
+
+ - name: 'Copy signatures to assets'
+ run: |
+ cp keeweb/dist/desktop/Verify.sign.sha256 assets
+
+ - name: 'Copy checksums to assets'
+ run: |
+ cp keeweb/dist/desktop/Verify.sha256 assets
+
+ - name: 'Login to DockerHub Registry'
+ env:
+ DOCKERHUB_ACCESS_TOKEN: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
+ DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+ run: |
+ echo $DOCKERHUB_ACCESS_TOKEN | docker login -u $DOCKERHUB_USERNAME --password-stdin
+
+ - name: 'Copy dist to the Docker context'
+ run: |
+ cp -r html keeweb/package/docker/dist
+
+ - name: 'Build the Docker image'
+ working-directory: keeweb
+ run: |
+ docker build -t antelle/keeweb:latest -t antelle/keeweb:${{ steps.get_tag.outputs.tag }} package/docker
+
+ - name: 'Push the Docker image to dockerhub'
+ if: ${{ github.repository == 'keeweb/keeweb' }}
+ run: |
+ docker push --all-tags antelle/keeweb
+
+ - name: 'Extract release notes'
+ run: node util/extract-release-notes.js --version=${{ steps.get_tag.outputs.tag }} --output=tmp/release-body.md
+ working-directory: keeweb
+
+ - name: 'Publish GitHub release'
+ uses: softprops/action-gh-release@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ tag_name: v${{ steps.get_tag.outputs.tag }}
+ name: Desktop apps v${{ steps.get_tag.outputs.tag }}
+ files: assets/*
+ body_path: keeweb/tmp/release-body.md
+
+ - name: 'Checkout gh-pages'
+ uses: actions/checkout@v4
+ with:
+ ref: gh-pages
+ path: gh-pages
+ fetch-depth: 0
+
+ - name: 'Commit dist to gh-pages'
+ working-directory: gh-pages
+ run: |
+ git rm -r '*'
+ cp -r ../html/* .
+ mkdir -p .github/workflows
+ echo $GITHUB_SHA > build.txt
+ date >> build.txt
+ git add .
+ git config --local user.email "action@github.com"
+ git config --local user.name "GitHub Action"
+ git commit -am v${{ steps.get_tag.outputs.tag }}
+
+ - name: 'Push gh-pages'
+ uses: keeweb/github-push-action@master
+ with:
+ github_token: ${{ secrets.GITHUB_TOKEN }}
+ branch: gh-pages
+ directory: gh-pages
+
+ - name: 'Restore git mtime'
+ working-directory: gh-pages
+ run: |
+ python3 ../keeweb/.github/actions/scripts/git-restore-mtime.py
+
+ - name: 'Sync the website'
+ if: ${{ github.repository == 'keeweb/keeweb' }}
+ run: |
+ gsutil -m rsync -r -d -x "^\." gh-pages gs://app.keeweb.info/
+
+ - name: 'Purge CloudFlare cache'
+ if: ${{ github.repository == 'keeweb/keeweb' }}
+ env:
+ CF_TOKEN: ${{ secrets.CF_TOKEN }}
+ run: |
+ curl -sS -X POST "https://api.cloudflare.com/client/v4/zones/dbda8e7e454d23edb08d4bc3b3f6f872/purge_cache" \
+ -H "Authorization: Bearer $CF_TOKEN" \
+ -H "Content-Type: application/json" \
+ --data '{"purge_everything":true}'
diff --git a/.github/workflows/deploy-tests.yml b/.github/workflows/build-tests.yml
similarity index 96%
rename from .github/workflows/deploy-tests.yml
rename to .github/workflows/build-tests.yml
index da1128683..d4d75d4ee 100644
--- a/.github/workflows/deploy-tests.yml
+++ b/.github/workflows/build-tests.yml
@@ -6,8 +6,8 @@
# @repo https://github.com/keeweb/keeweb
# #
-name: '📦 Deploy › Tests'
-run-name: '📦 Deploy › Tests'
+name: '🔨 Build › Tests'
+run-name: '🔨 Deploy › Tests'
# #
# Triggers
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
deleted file mode 100644
index a2ee6ec57..000000000
--- a/.github/workflows/build.yaml
+++ /dev/null
@@ -1,426 +0,0 @@
-name: Build
-on:
- push:
- tags: [ '*' ]
-jobs:
-
- web:
- runs-on: ubuntu-latest
- steps:
- - name: Get current git tag
- id: get_tag
- uses: keeweb/get-git-tag@v3.0.2
- with:
- tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$"
- tagRegexGroup: 1
- - name: Checkout
- uses: actions/checkout@v2
- with:
- repository: keeweb/keeweb
- ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }}
- - name: Upgrade Node.js
- uses: actions/setup-node@v2
- with:
- node-version: '16'
- registry-url: 'https://registry.npmjs.org'
- - name: Install npm modules
- run: npm ci
- - name: Test
- run: npm test
- - name: Grunt
- run: grunt
- - name: Upload artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html
- path: dist
- - name: Write secrets
- env:
- VIRUS_TOTAL: ${{ secrets.VIRUS_TOTAL }}
- run: |
- mkdir keys
- echo "$VIRUS_TOTAL" > keys/virus-total.json
- - name: Check on VirusTotal
- run: grunt virustotal
- if: ${{ github.repository == 'keeweb/keeweb' }}
-
- linux:
- runs-on: ubuntu-latest
- needs:
- - web
- steps:
- - name: Get current git tag
- id: get_tag
- uses: keeweb/get-git-tag@v3.0.2
- with:
- tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$"
- tagRegexGroup: 1
- - name: Checkout
- uses: actions/checkout@v2
- with:
- repository: keeweb/keeweb
- ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }}
- - name: Download artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html
- path: dist
- - name: Write secrets
- env:
- PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
- KEEWEB_SIGN: ${{ secrets.KEEWEB_SIGN }}
- run: |
- mkdir keys
- echo "$PRIVATE_KEY" > keys/private-key.pem
- echo "$KEEWEB_SIGN" > keys/keeweb-sign.json
- - name: Build in Docker
- uses: ./.github/actions/linux-build
- - name: Upload AppImage artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.AppImage
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.AppImage
- - name: Upload snap artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.snap
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.snap
- - name: Upload deb artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.deb
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.deb
- - name: Upload zip artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.zip
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.zip
- - name: Upload rpm artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x86_64.rpm
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x86_64.rpm
-
- darwin:
- runs-on: macos-latest
- needs:
- - web
- steps:
- - name: Get current git tag
- id: get_tag
- uses: keeweb/get-git-tag@v3.0.2
- with:
- tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$"
- tagRegexGroup: 1
- - name: Checkout
- uses: actions/checkout@v2
- with:
- repository: keeweb/keeweb
- ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }}
- - name: Download artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html
- path: dist
- - name: Upgrade Node.js
- uses: actions/setup-node@v2
- with:
- node-version: '16'
- registry-url: 'https://registry.npmjs.org'
- - name: Install npm modules
- run: npm ci
- - name: Install grunt
- run: sudo npm i -g grunt-cli
- - name: Write secrets
- env:
- CODESIGN: ${{ secrets.CODESIGN }}
- APPLE_DEPLOY_PASSWORD: ${{ secrets.APPLE_DEPLOY_PASSWORD }}
- APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
- APPLE_PROVISIONING_PROFILE: ${{ secrets.APPLE_PROVISIONING_PROFILE }}
- run: |
- mkdir keys
- echo "$CODESIGN" > keys/codesign.json
- xcrun altool --store-password-in-keychain-item "AC_PASSWORD" -u "$APPLE_ID_USERNAME" -p "$APPLE_DEPLOY_PASSWORD"
- echo "$APPLE_PROVISIONING_PROFILE" | base64 -d > keys/keeweb.provisionprofile
- - name: Import certificates
- uses: keeweb/import-codesign-certs@v1
- with:
- p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
- p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
- - name: Grunt
- run: grunt --max-old-space-size=4096 desktop-darwin ${{ github.repository != 'keeweb/keeweb' && '--skip-sign' || '' }}
- - name: Upload x64 dmg artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.x64.dmg
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.x64.dmg
- - name: Upload arm64 dmg artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.arm64.dmg
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.arm64.dmg
-
- win32:
- runs-on: windows-latest
- needs:
- - web
- steps:
- - name: Get current git tag
- id: get_tag
- uses: keeweb/get-git-tag@v3.0.2
- with:
- tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$"
- tagRegexGroup: 1
- - name: Checkout
- uses: actions/checkout@v2
- with:
- repository: keeweb/keeweb
- ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }}
- - name: Download artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html
- path: dist
- - name: Upgrade Node.js
- uses: actions/setup-node@v2
- with:
- node-version: '16'
- registry-url: 'https://registry.npmjs.org'
- - name: Install npm modules
- run: npm ci
- - name: Install grunt
- run: npm i -g grunt-cli
- - name: Write secrets
- env:
- CODESIGN: ${{ secrets.CODESIGN }}
- MS_CODESIGN_PRIVATE_KEY_CLIENT: ${{ secrets.MS_CODESIGN_PRIVATE_KEY_CLIENT }}
- MS_CODESIGN_PUBLIC_KEY_CLIENT: ${{ secrets.MS_CODESIGN_PUBLIC_KEY_CLIENT }}
- MS_CODESIGN_PUBLIC_KEY_SERVER: ${{ secrets.MS_CODESIGN_PUBLIC_KEY_SERVER }}
- run: |
- mkdir keys
- echo $Env:CODESIGN > keys/codesign.json
- mkdir keys/code-signing
- echo $Env:MS_CODESIGN_PRIVATE_KEY_CLIENT > keys/code-signing/private-key-client.pem
- echo $Env:MS_CODESIGN_PUBLIC_KEY_CLIENT > keys/code-signing/public-key-client.pem
- echo $Env:MS_CODESIGN_PUBLIC_KEY_SERVER > keys/code-signing/public-key-server.pem
- - name: Grunt
- run: grunt desktop-win32 ${{ github.repository != 'keeweb/keeweb' && '--skip-sign' || '' }}
- - name: Upload ia32 exe artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.exe
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.exe
- - name: Upload ia32 zip artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.zip
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.zip
- - name: Upload x64 exe artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.exe
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.exe
- - name: Upload x64 zip artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.zip
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.zip
- - name: Upload arm64 exe artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.exe
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.exe
- - name: Upload arm64 zip artifact
- uses: actions/upload-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.zip
- path: dist/desktop/KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.zip
-
- publish:
- runs-on: ubuntu-latest
- needs:
- - linux
- - darwin
- - win32
- steps:
- - name: Get current git tag
- id: get_tag
- uses: keeweb/get-git-tag@v3.0.2
- with:
- tagRegex: "^v(\\d+\\.\\d+\\.\\d+)$"
- tagRegexGroup: 1
- - name: Setup GCloud
- uses: google-github-actions/setup-gcloud@v0.7.0
- with:
- version: '285.0.0'
- service_account_key: ${{ secrets.GCP_SA_KEY }}
- export_default_credentials: true
- - name: Checkout
- uses: actions/checkout@v2
- with:
- repository: keeweb/keeweb
- path: keeweb
- ref: ${{ github.repository == 'keeweb/keeweb' && github.sha || 'develop' }}
- - name: Upgrade Node.js
- uses: actions/setup-node@v2
- with:
- node-version: '16'
- registry-url: 'https://registry.npmjs.org'
- - name: Install npm modules
- working-directory: keeweb
- run: npm ci
- - name: Download html artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.html
- path: html
- - name: Download linux.AppImage artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.AppImage
- path: assets
- - name: Download linux.snap artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.snap
- path: assets
- - name: Download linux.deb artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.deb
- path: assets
- - name: Download linux.zip artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x64.zip
- path: assets
- - name: Download linux.rpm artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.linux.x86_64.rpm
- path: assets
- - name: Download darwin.x64.dmg artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.x64.dmg
- path: assets
- - name: Download darwin.arm64.dmg artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.mac.arm64.dmg
- path: assets
- - name: Download win32.ia32.exe artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.exe
- path: assets
- - name: Download win32.ia32.zip artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.ia32.zip
- path: assets
- - name: Download win32.x64.exe artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.exe
- path: assets
- - name: Download win32.x64.zip artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.x64.zip
- path: assets
- - name: Download win32.arm64.exe artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.exe
- path: assets
- - name: Download win32.arm64.zip artifact
- uses: actions/download-artifact@v1
- with:
- name: KeeWeb-${{ steps.get_tag.outputs.tag }}.win.arm64.zip
- path: assets
- - name: Zip html
- working-directory: html
- run: zip -vr ../assets/KeeWeb-${{ steps.get_tag.outputs.tag }}.html.zip .
- - name: Copy assets to dist
- run: mkdir -p keeweb/dist/desktop && cp assets/* keeweb/dist/desktop
- - name: Write secrets
- env:
- PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
- KEEWEB_SIGN: ${{ secrets.KEEWEB_SIGN }}
- working-directory: keeweb
- run: |
- mkdir keys
- echo "$PRIVATE_KEY" > keys/private-key.pem
- echo "$KEEWEB_SIGN" > keys/keeweb-sign.json
- - name: Grunt
- working-directory: keeweb
- run: grunt finish-release
- - name: Copy signatures to assets
- run: cp keeweb/dist/desktop/Verify.sign.sha256 assets
- - name: Copy checksums to assets
- run: cp keeweb/dist/desktop/Verify.sha256 assets
- - name: Login to DockerHub Registry
- env:
- DOCKERHUB_ACCESS_TOKEN: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
- DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
- run: echo $DOCKERHUB_ACCESS_TOKEN | docker login -u $DOCKERHUB_USERNAME --password-stdin
- - name: Copy dist to the Docker context
- run: cp -r html keeweb/package/docker/dist
- - name: Build the Docker image
- working-directory: keeweb
- run: docker build -t antelle/keeweb:latest -t antelle/keeweb:${{ steps.get_tag.outputs.tag }} package/docker
- - name: Push the Docker image to dockerhub
- if: ${{ github.repository == 'keeweb/keeweb' }}
- run: docker push --all-tags antelle/keeweb
- - name: Extract release notes
- run: node util/extract-release-notes.js --version=${{ steps.get_tag.outputs.tag }} --output=tmp/release-body.md
- working-directory: keeweb
- - name: Publish GitHub release
- uses: softprops/action-gh-release@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- tag_name: v${{ steps.get_tag.outputs.tag }}
- name: Desktop apps v${{ steps.get_tag.outputs.tag }}
- files: assets/*
- body_path: keeweb/tmp/release-body.md
- - name: Checkout gh-pages
- uses: actions/checkout@v2
- with:
- ref: gh-pages
- path: gh-pages
- fetch-depth: 0
- - name: Commit dist to gh-pages
- working-directory: gh-pages
- run: |
- git rm -r '*'
- cp -r ../html/* .
- mkdir -p .github/workflows
- echo $GITHUB_SHA > build.txt
- date >> build.txt
- git add .
- git config --local user.email "action@github.com"
- git config --local user.name "GitHub Action"
- git commit -am v${{ steps.get_tag.outputs.tag }}
- - name: Push gh-pages
- uses: keeweb/github-push-action@master
- with:
- github_token: ${{ secrets.GITHUB_TOKEN }}
- branch: gh-pages
- directory: gh-pages
- - name: Restore git mtime
- working-directory: gh-pages
- run: python3 ../keeweb/.github/actions/scripts/git-restore-mtime.py
- - name: Sync the website
- if: ${{ github.repository == 'keeweb/keeweb' }}
- run: gsutil -m rsync -r -d -x "^\." gh-pages gs://app.keeweb.info/
- - name: Purge CloudFlare cache
- if: ${{ github.repository == 'keeweb/keeweb' }}
- env:
- CF_TOKEN: ${{ secrets.CF_TOKEN }}
- run: |
- curl -sS -X POST "https://api.cloudflare.com/client/v4/zones/dbda8e7e454d23edb08d4bc3b3f6f872/purge_cache" \
- -H "Authorization: Bearer $CF_TOKEN" \
- -H "Content-Type: application/json" \
- --data '{"purge_everything":true}'
diff --git a/.github/workflows/deploy-clean.yml b/.github/workflows/deploy-clean.yml
new file mode 100644
index 000000000..7b7c2c6fe
--- /dev/null
+++ b/.github/workflows/deploy-clean.yml
@@ -0,0 +1,108 @@
+# #
+# @type github workflow
+# @author Aetherinox
+# @url https://github.com/Aetherinox
+# @usage clears all history in your deployments.
+# edit the 'environment:' to determine which deployment to keep clean
+# - can be ran manually
+#
+# @secrets secrets.SELF_TOKEN_CL Github Access Token (Classic)
+# #
+
+name: "⚙️ Deploy › Clean"
+run-name: "⚙️ Deploy › Clean"
+
+# #
+# triggers
+# #
+
+on:
+ workflow_dispatch:
+
+# #
+# environment variables
+# #
+
+env:
+ BOT_NAME_1: EuropaServ
+ BOT_NAME_DEPENDABOT: dependabot[bot]
+ LABELS_JSON: |
+ [
+ { "name": "AC › Changes Made", "color": "8F1784", "description": "Requested changes have been made and are pending a re-scan" },
+ { "name": "AC › Changes Required", "color": "8F1784", "description": "Requires changes to be made to the package before being accepted" },
+ { "name": "AC › Failed", "color": "a61f2d", "description": "Autocheck failed to run through a complete cycle, requires investigation" },
+ { "name": "AC › Needs Rebase", "color": "8F1784", "description": "Due to the permissions on the requesting repo, this pull request must be rebased by the author" },
+ { "name": "AC › Passed", "color": "146b4a", "description": "Ready to be reviewed" },
+ { "name": "AC › Review Required", "color": "8F1784", "description": "PR needs to be reviewed by another person, after the requested changes have been made" },
+ { "name": "AC › Security Warning", "color": "761620", "description": "Does not conform to developer policies, or includes potentially dangerous code" },
+ { "name": "AC › Skipped Scan", "color": "8F1784", "description": "Author has skipped code scan" },
+ { "name": "Status 𐄂 Duplicate", "color": "75536b", "description": "Issue or pull request already exists" },
+ { "name": "Status 𐄂 Accepted", "color": "2e7539", "description": "This pull request has been accepted" },
+ { "name": "Status 𐄂 Autoclosed", "color": "3E0915", "description": "Originally stale and was autoclosed for no activity" },
+ { "name": "Status 𐄂 Denied", "color": "ba4058", "description": "Pull request has been denied" },
+ { "name": "Status 𐄂 Locked", "color": "550F45", "description": "Automatically locked by AdminServ for a prolonged period of inactivity" },
+ { "name": "Status 𐄂 Need Info", "color": "2E3C4C", "description": "Not enough information to resolve" },
+ { "name": "Status 𐄂 No Action", "color": "030406", "description": "Closed without any action being taken" },
+ { "name": "Status 𐄂 Pending", "color": "984b12", "description": "Pending pull request" },
+ { "name": "Status 𐄂 Released", "color": "1b6626", "description": "Issues or PR has been implemented and is now live" },
+ { "name": "Status 𐄂 Reopened", "color": "8a6f14", "description": "A previously closed PR which has been re-opened" },
+ { "name": "Status 𐄂 Review", "color": "9e1451", "description": "Currently pending review" },
+ { "name": "Status 𐄂 Stale", "color": "928282", "description": "Has not had any activity in over 30 days" },
+ { "name": "Type ◦ Bug", "color": "9a2c2c", "description": "Something isn't working" },
+ { "name": "Type ◦ Dependency", "color": "243759", "description": "Item is associated to dependency" },
+ { "name": "Type ◦ Docs", "color": "0e588d", "description": "Improvements or modifications to docs" },
+ { "name": "Type ◦ Feature", "color": "3c4e93", "description": "Feature request" },
+ { "name": "Type ◦ Git Action", "color": "030406", "description": "GitHub Action / workflow" },
+ { "name": "Type ◦ Pull Request", "color": "8F1784", "description": "Normal pull request" },
+ { "name": "Type ◦ Roadmap", "color": "8F1784", "description": "Feature or bug currently planned for implementation" },
+ { "name": "Type ◦ Internal", "color": "A51994", "description": "Assigned items are for internal developer use" },
+ { "name": "Build ◦ Desktop", "color": "c7ca4a", "description": "Specific to desktop" },
+ { "name": "Build ◦ Linux", "color": "c7ca4a", "description": "Specific to Linux" },
+ { "name": "Build ◦ MacOS", "color": "c7ca4a", "description": "Specific to MacOS" },
+ { "name": "Build ◦ Mobile", "color": "c7ca4a", "description": "Specific to mobile" },
+ { "name": "Build ◦ Web", "color": "c7ca4a", "description": "Specific to web" },
+ { "name": "Build ◦ Windows", "color": "c7ca4a", "description": "Specific to Windows" },
+ { "name": "› API", "color": "F99B50", "description": "Plugin API, CLI, browser JS API" },
+ { "name": "› Auto-type", "color": "9141E0", "description": "Auto-type functionality in desktop apps" },
+ { "name": "› Browser", "color": "9141E0", "description": "Browser plugins and passing data to <=> from app" },
+ { "name": "› Customization", "color": "E3F0FC", "description": "Customizations: plugins, themes, configs" },
+ { "name": "› Design", "color": "FA70DE", "description": "Design related queries" },
+ { "name": "› Dist", "color": "FA70DE", "description": "Installers and other forms of software distribution" },
+ { "name": "› Enterprise", "color": "11447a", "description": "Issues about collaboration, administration, and so on" },
+ { "name": "› Hardware", "color": "5a7503", "description": "YubiKey, other tokens, biometrics" },
+ { "name": "› Import/Export", "color": "F5FFCC", "description": "Import from and export to different file formats" },
+ { "name": "› Improvement", "color": "185c98", "description": "Enhance an existing feature" },
+ { "name": "› Performance", "color": "006b75", "description": "Web and desktop performance issues" },
+ { "name": "› Plugin Request", "color": "FCE9CA", "description": "Requested changes should be implemented as a plugin" },
+ { "name": "› Security", "color": "F75D39", "description": "Security issues" },
+ { "name": "› Self-Hosting", "color": "fad8c7", "description": "Self-hosting installations and configs" },
+ { "name": "› Storage", "color": "5319e7", "description": "Storage providers: Dropbox, Google, WebDAV, etc." },
+ { "name": "› Updater", "color": "1BADDE", "description": "Auto-updater issues" },
+ { "name": "› UX", "color": "1BADDE", "description": "UX and usability" },
+ { "name": "› Website", "color": "fef2c0", "description": "Website related issues" },
+ { "name": "⚠ Urgent", "color": "a8740e", "description": "Requires urgent attention" },
+ { "name": "⚠ Announcement", "color": "DB4712", "description": "Announcements" },
+ { "name": "📰 Progress Report", "color": "392297", "description": "Development updates" },
+ { "name": "📦 Release", "color": "277542", "description": "Release announcements" },
+ { "name": "✔️ Poll", "color": "972255", "description": "Community polls" },
+ { "name": "❔ Question", "color": "FFFFFF", "description": "All questions" }
+ ]
+
+# #
+# jobs
+# #
+
+jobs:
+ cleanup:
+ runs-on: ubuntu-latest
+ permissions: write-all
+
+ steps:
+ - name: >-
+ ⚙️ Deployments › Clean
+ uses: Aetherinox/delete-deploy-env-action@v3
+ with:
+ token: ${{ secrets.SELF_TOKEN_CL }}
+ environment: orion
+ onlyRemoveDeployments: true
+ delay: "1000"
\ No newline at end of file
diff --git a/.github/workflows/deploy-docker-dockerhub.yml b/.github/workflows/deploy-docker-dockerhub.yml
index d5a9698bf..807eba9ab 100644
--- a/.github/workflows/deploy-docker-dockerhub.yml
+++ b/.github/workflows/deploy-docker-dockerhub.yml
@@ -1,12 +1,15 @@
# #
# @type github workflow
-# @desc deploys docker container to Dockerhub
# @author Aetherinox
# @url https://github.com/Aetherinox
+# @usage deploys docker container to Dockerhub
+# @secrets secrets.ADMINSERV_GPG_KEY_ASC gpg private key (armored) | BEGIN PGP PRIVATE KEY BLOCK
+# secrets.ADMINSERV_GPG_PASSPHRASE gpg private key passphrase
+# secrets.IMAGE_DOCKERHUB_TOKEN hub.docker.com access token
# #
-name: "⚙️ Deploy › Dockerhub"
-run-name: "⚙️ Deploy › Dockerhub"
+name: "📦 Deploy › Docker › Dockerhub"
+run-name: "📦 Deploy › Docker › Dockerhub"
# #
# Triggers
@@ -89,8 +92,8 @@ on:
# DISABLE: release version will be marked as stable / normal release
# #
- BETA_RELEASE:
- description: "🧪 Beta (Pre-release)"
+ DEV_RELEASE:
+ description: "🧪 Development Release"
required: true
default: false
type: boolean
@@ -256,10 +259,10 @@ jobs:
type=raw,value=latest,enable=false
# dispatch add x1.x.x-arm64
- type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.BETA_RELEASE == false }},priority=300,prefix=,suffix=-arm64,value=${{ env.IMAGE_VERSION }}
+ type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == false }},priority=300,prefix=,suffix=-arm64,value=${{ env.IMAGE_VERSION }}
# dispatch add arm64-development
- type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.BETA_RELEASE == true }},priority=300,prefix=,suffix=-development,value=arm64
+ type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == true }},priority=300,prefix=,suffix=-development,value=arm64
# tag add tag-arm64
type=ref,enable=${{ github.event_name == 'pull_request' || github.event_name == 'push' }},priority=600,prefix=,suffix=-arm64,event=tag
@@ -375,21 +378,21 @@ jobs:
${{ env.IMAGE_AUTHOR }}/${{ env.IMAGE_NAME }}
tags: |
# latest yes
- type=raw,value=latest,enable=${{ !inputs.BETA_RELEASE }}
+ type=raw,value=latest,enable=${{ !inputs.DEV_RELEASE }}
# dispatch add x1.x.x-amd64
- type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.BETA_RELEASE == false }},priority=300,prefix=,suffix=-amd64,value=${{ env.IMAGE_VERSION }}
+ type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == false }},priority=300,prefix=,suffix=-amd64,value=${{ env.IMAGE_VERSION }}
# dispatch add amd64-development
- type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.BETA_RELEASE == true }},priority=300,prefix=,suffix=-development,value=amd64
+ type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == true }},priority=300,prefix=,suffix=-development,value=amd64
# tag add tag-arm64
type=ref,enable=${{ github.event_name == 'pull_request' || github.event_name == 'push'}},priority=600,prefix=,suffix=-amd64,event=tag
# add development tag
- type=raw,enable=${{ inputs.BETA_RELEASE }},priority=400,prefix=,suffix=,value=development
+ type=raw,enable=${{ inputs.DEV_RELEASE }},priority=400,prefix=,suffix=,value=development
flavor: |
- latest=${{ !inputs.BETA_RELEASE }}
+ latest=${{ !inputs.DEV_RELEASE }}
# #
# Release › Dockerhub › Debug › Amd64
diff --git a/.github/workflows/deploy-docker-github.yml b/.github/workflows/deploy-docker-github.yml
index c88fe18ce..537cdcb70 100644
--- a/.github/workflows/deploy-docker-github.yml
+++ b/.github/workflows/deploy-docker-github.yml
@@ -1,12 +1,15 @@
# #
# @type github workflow
-# @desc deploys docker container to github
# @author Aetherinox
# @url https://github.com/Aetherinox
+# @usage deploys docker container to github
+# @secrets secrets.ADMINSERV_GPG_KEY_ASC gpg private key (armored) | BEGIN PGP PRIVATE KEY BLOCK
+# secrets.ADMINSERV_GPG_PASSPHRASE gpg private key passphrase
+# secrets.IMAGE_GHCR_TOKEN github personal access token (classic) with package:write permission
# #
-name: "⚙️ Deploy › Github"
-run-name: "⚙️ Deploy › Github"
+name: "📦 Deploy › Docker › Github"
+run-name: "📦 Deploy › Docker › Github"
# #
# Triggers
@@ -84,6 +87,17 @@ on:
default: false
type: boolean
+ # #
+ # ENABLE: released version will be marked as beta and receive beta tag for docker
+ # DISABLE: release version will be marked as stable / normal release
+ # #
+
+ DEV_RELEASE:
+ description: "🧪 Development Release"
+ required: true
+ default: false
+ type: boolean
+
# #
# Trigger › Push
# #
@@ -241,8 +255,13 @@ jobs:
images: |
ghcr.io/${{ env.IMAGE_AUTHOR }}/${{ env.IMAGE_NAME }}
tags: |
+ # latest no
type=raw,value=latest,enable=false
- type=raw,enable=${{ github.event_name == 'workflow_dispatch' }},priority=300,prefix=,suffix=-arm64,value=${{ env.IMAGE_VERSION }}
+ # dispatch add x1.x.x-arm64
+ type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == false }},priority=300,prefix=,suffix=-arm64,value=${{ env.IMAGE_VERSION }}
+ # dispatch add arm64-development
+ type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == true }},priority=300,prefix=,suffix=-development,value=arm64
+ # tag add tag-arm64
type=ref,enable=${{ github.event_name == 'pull_request' || github.event_name == 'push' }},priority=600,prefix=,suffix=-arm64,event=tag
flavor: |
latest=false
@@ -356,11 +375,18 @@ jobs:
images: |
ghcr.io/${{ env.IMAGE_AUTHOR }}/${{ env.IMAGE_NAME }}
tags: |
- type=raw,value=latest,enable=${{ endsWith(github.ref, 'main') }}
- type=raw,enable=${{ github.event_name == 'workflow_dispatch' }},priority=300,prefix=,suffix=-amd64,value=${{ env.IMAGE_VERSION }}
+ # latest yes
+ type=raw,value=latest,enable=${{ !inputs.DEV_RELEASE }}
+ # dispatch add x1.x.x-amd64
+ type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == false }},priority=300,prefix=,suffix=-amd64,value=${{ env.IMAGE_VERSION }}
+ # dispatch add amd64-development
+ type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == true }},priority=300,prefix=,suffix=-development,value=amd64
+ # tag add tag-arm64
type=ref,enable=${{ github.event_name == 'pull_request' || github.event_name == 'push'}},priority=600,prefix=,suffix=-amd64,event=tag
+ # add development tag
+ type=raw,enable=${{ inputs.DEV_RELEASE }},priority=400,prefix=,suffix=,value=development
flavor: |
- latest=true
+ latest=${{ !inputs.DEV_RELEASE }}
# #
# Release › Github › Debug › Amd64
diff --git a/README.md b/README.md
index 297cefbcd..8614490b6 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,7 @@ KeeWeb is a browser and desktop password manager which is capable of opening up
[![Size][github-size-img]][github-size-img]
[![Last Commit][github-commit-img]][github-commit-img]
[![Contributors][contribs-all-img]](#contributors-)
+
@@ -39,12 +40,13 @@ KeeWeb is a browser and desktop password manager which is capable of opening up
- [Docker:](#docker)
- [Run](#run)
- [Compose](#compose)
- - [Traefik](#traefik)
+ - [Traefik Integration](#traefik-integration)
- [Dynamic.yml](#dynamicyml)
- [Static.yml](#staticyml)
- [certificatesResolvers](#certificatesresolvers)
- [entryPoints (Normal)](#entrypoints-normal)
- [entryPoints (Cloudflare)](#entrypoints-cloudflare)
+ - [Authentik Integration](#authentik-integration)
- [Env \& Volumes](#env--volumes)
- [Env Variables](#env-variables)
- [Volumes](#volumes)
@@ -59,7 +61,6 @@ KeeWeb is a browser and desktop password manager which is capable of opening up
- [Platform: MacOS](#platform-macos)
- [Using Grunt](#using-grunt-2)
- [Using NPM](#using-npm-2)
-- [Thank you](#thank-you)
- [Donations](#donations)
- [Contributors ✨](#contributors-)
@@ -149,7 +150,7 @@ services:
-#### Traefik
+#### Traefik Integration
You can put this container behind Traefik if you want to use a reverse proxy and let Traefik handle the SSL certificate.
@@ -346,6 +347,98 @@ Save the files and then give Traefik and your Keeweb containers a restart.
+
+
+#### Authentik Integration
+
+If you are adding [Authentik](https://goauthentik.io/) as middleware in the steps above; the last thing you must do is log in to your Authentik admin panel and add a new **Provider** so that we can access Keeweb via your domain.
+
+
+
+Sign into the Authentik admin panel, go to the left-side navigation, select **Applications** -> **Providers**. Then at the top of the new page, click **Create**.
+
+
+
+
+
+
+
+
+
+For the **provider**, select `Proxy Provider`.
+
+
+
+
+
+
+
+Add the following provider values:
+- **Name**: `Keeweb ForwardAuth`
+- **Authentication Flow**: `default-source-authentication (Welcome to authentik!)`
+- **Authorization Flow**: `default-provider-authorization-implicit-consent (Authorize Application)`
+
+
+
+Select **Forward Auth (single application)**:
+- **External Host**: `https://keeweb.domain.com`
+
+
+
+
+
+
+
+Once finished, click **Create**. Then on the left-side menu, select **Applications** -> **Applications**. Then at the top of the new page, click **Create**.
+
+
+
+
+
+
+
+
+
+Add the following parameters:
+- **Name**: `Keeweb (Password Manager)`
+- **Slug**: `keeweb`
+- **Group**: `Security`
+- **Provider**: `Keeweb ForwardAuth`
+- **Backchannel Providers**: `None`
+- **Policy Engine Mode**: `any`
+
+
+
+
+
+
+
+Save, and then on the left-side menu, select **Applications** -> **Outposts**:
+
+
+
+
+
+
+
+Find your **Outpost** and edit it.
+
+
+
+
+
+Move `Keeweb (Password Manager)` to the right side **Selected Applications** box.
+
+
+
+
+
+
+
+You should be able to access `keeweb.domain.com` and be prompted now to authenticate with Authentik.
+
+
+
---
@@ -429,6 +522,8 @@ You may build KeeWeb for `Windows` by executing ONE of the following two command
grunt dev-desktop-win32 --skip-sign
```
+
+
#### Using NPM
```shell
@@ -449,6 +544,8 @@ You may build KeeWeb for `Linux` by executing ONE of the following two commands
grunt dev-desktop-linux --skip-sign
```
+
+
#### Using NPM
```shell
@@ -462,8 +559,6 @@ npm run dev-desktop-linux
You may build KeeWeb for `MacOS` by executing ONE of the following two commands provided:
-
-
#### Using Grunt
```shell
@@ -484,6 +579,8 @@ Once the build is complete, all (html files will be in `dist/` folder. To build
To run the desktop (electron) app without building an installer, build the app with `grunt` and then launch KeeWeb with one of the following commands:
+
+
```bash
npm run dev
npm run electron
@@ -506,21 +603,6 @@ Once built, the output files will be generated in `tmp`:
-## Thank you
-
-Notable contributions to KeeWeb:
-
-- Florian Reuschel ([@Loilo](https://github.com/Loilo)): [German translation](https://keeweb.oneskyapp.com/collaboration/translate/project/project/173183/language/550)
-- Dennis Ploeger ([@dploeger](https://github.com/dploeger)): [auto-type improvements](https://github.com/keeweb/keeweb/pulls?q=is%3Apr+is%3Aclosed+author%3Adploeger)
-- Hackmanit ([hackmanit.de](https://www.hackmanit.de)): [penetration test](https://www.hackmanit.de/en/blog-en/104-pro-bono-penetration-test-keeweb)
-- Peter Bittner ([@bittner](https://github.com/bittner)): [Wikipedia article](https://en.wikipedia.org/wiki/KeeWeb)
-
-
-
----
-
-
-
## Donations
KeeWeb is not free to develop. It takes time, requires paid code signing certificates and domains.
@@ -650,8 +732,8 @@ Want to help but can't write code?
[github-build-pypi-uri]: https://github.com/keeweb/keeweb/actions/workflows/release-pypi.yml
- [github-tests-img]: https://img.shields.io/github/actions/workflow/status/keeweb/keeweb/tests.yml?logo=github&label=Tests&color=2c6488
- [github-tests-uri]: https://github.com/keeweb/keeweb/actions/workflows/tests.yml
+ [github-tests-img]: https://img.shields.io/github/actions/workflow/status/keeweb/keeweb/build-tests.yml?logo=github&label=Tests&color=2c6488
+ [github-tests-uri]: https://github.com/keeweb/keeweb/actions/workflows/build-tests.yml
[github-commit-img]: https://img.shields.io/github/last-commit/keeweb/keeweb?logo=conventionalcommits&logoColor=FFFFFF&label=Last%20Commit&color=313131
diff --git a/docs/img/authentik/01.png b/docs/img/authentik/01.png
new file mode 100644
index 000000000..6bf75c3b8
Binary files /dev/null and b/docs/img/authentik/01.png differ
diff --git a/docs/img/authentik/02.png b/docs/img/authentik/02.png
new file mode 100644
index 000000000..c8d925f47
Binary files /dev/null and b/docs/img/authentik/02.png differ
diff --git a/docs/img/authentik/03.png b/docs/img/authentik/03.png
new file mode 100644
index 000000000..247bdd171
Binary files /dev/null and b/docs/img/authentik/03.png differ
diff --git a/docs/img/authentik/04.gif b/docs/img/authentik/04.gif
new file mode 100644
index 000000000..c46db287c
Binary files /dev/null and b/docs/img/authentik/04.gif differ
diff --git a/docs/img/authentik/05.png b/docs/img/authentik/05.png
new file mode 100644
index 000000000..53d61347d
Binary files /dev/null and b/docs/img/authentik/05.png differ
diff --git a/docs/img/authentik/06.png b/docs/img/authentik/06.png
new file mode 100644
index 000000000..843e2b045
Binary files /dev/null and b/docs/img/authentik/06.png differ
diff --git a/docs/img/authentik/07.png b/docs/img/authentik/07.png
new file mode 100644
index 000000000..2efabe6c6
Binary files /dev/null and b/docs/img/authentik/07.png differ
diff --git a/docs/img/authentik/08.png b/docs/img/authentik/08.png
new file mode 100644
index 000000000..add480444
Binary files /dev/null and b/docs/img/authentik/08.png differ
diff --git a/docs/img/authentik/09.png b/docs/img/authentik/09.png
new file mode 100644
index 000000000..f446364b9
Binary files /dev/null and b/docs/img/authentik/09.png differ