Merge branch 'main' into PM-4983-Migrate-vault-timeout-input-component

.eslintrc.json

@@ -246,6 +246,28 @@
           }
         ]
       }
+    },
+    {
+      "files": ["**/*.ts"],
+      "excludedFiles": ["**/platform/**/*.ts"],
+      "rules": {
+        "no-restricted-imports": [
+          "error",
+          {
+            "patterns": [
+              "**/platform/**/internal", // General internal pattern
+              // All features that have been converted to barrel files
+              "**/platform/messaging/**"
+            ]
+          }
+        ]
+      }
+    },
+    {
+      "files": ["bitwarden_license/bit-common/src/**/*.ts"],
+      "rules": {
+        "no-restricted-imports": ["error", { "patterns": ["@bitwarden/bit-common/*", "src/**/*"] }]
+      }
     }
   ]
 }

.github/CODEOWNERS

@@ -57,6 +57,7 @@ libs/common/src/admin-console @bitwarden/team-admin-console-dev
 libs/admin-console @bitwarden/team-admin-console-dev
 
 ## Billing team files ##
+apps/browser/src/billing @bitwarden/team-billing-dev
 apps/web/src/app/billing @bitwarden/team-billing-dev
 libs/angular/src/billing @bitwarden/team-billing-dev
 libs/common/src/billing @bitwarden/team-billing-dev
@@ -86,6 +87,10 @@ apps/web/src/translation-constants.ts @bitwarden/team-platform-dev
 apps/browser/src/autofill @bitwarden/team-autofill-dev
 apps/desktop/src/autofill @bitwarden/team-autofill-dev
 libs/common/src/autofill @bitwarden/team-autofill-dev
+# DuckDuckGo integration
+apps/desktop/native-messaging-test-runner @bitwarden/team-autofill-dev
+apps/desktop/src/services/native-message-handler.service.ts @bitwarden/team-autofill-dev
+apps/desktop/src/services/native-messaging.service.ts @bitwarden/team-autofill-dev
 
 ## Component Library ##
 .storybook @bitwarden/team-component-library

.github/workflows/build-browser.yml

@@ -160,9 +160,13 @@ jobs:
         run: npm run dist
         working-directory: browser-source/apps/browser
 
-      # - name: Build Manifest v3
-      #   run: npm run dist:mv3
-      #   working-directory: browser-source/apps/browser
+      - name: Build Manifest v3
+        run: npm run dist:mv3
+        working-directory: browser-source/apps/browser
+
+      - name: Build Chrome Manifest v3 Beta
+        run: npm run dist:chrome:beta
+        working-directory: browser-source/apps/browser
 
       - name: Gulp
         run: gulp ci
@@ -189,12 +193,19 @@ jobs:
           path: browser-source/apps/browser/dist/dist-chrome.zip
           if-no-files-found: error
 
-      # - name: Upload Chrome MV3 artifact
-      #   uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
-      #   with:
-      #     name: dist-chrome-MV3-${{ env._BUILD_NUMBER }}.zip
-      #     path: browser-source/apps/browser/dist/dist-chrome-mv3.zip
-      #     if-no-files-found: error
+      - name: Upload Chrome MV3 artifact (DO NOT USE FOR PROD)
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: DO-NOT-USE-FOR-PROD-dist-chrome-MV3-${{ env._BUILD_NUMBER }}.zip
+          path: browser-source/apps/browser/dist/dist-chrome-mv3.zip
+          if-no-files-found: error
+
+      - name: Upload Chrome MV3 Beta artifact (DO NOT USE FOR PROD)
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: DO-NOT-USE-FOR-PROD-dist-chrome-MV3-beta-${{ env._BUILD_NUMBER }}.zip
+          path: browser-source/apps/browser/dist/dist-chrome-mv3-beta.zip
+          if-no-files-found: error
 
       - name: Upload Firefox artifact
         uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1

.github/workflows/deploy-web.yml

@@ -128,58 +128,19 @@ jobs:
       - name: Success Code
         run: exit 0
 
-  get-branch-or-tag-sha:
-    name: Get Branch or Tag SHA
-    runs-on: ubuntu-22.04
-    outputs:
-      branch-or-tag-sha: ${{ steps.get-branch-or-tag-sha.outputs.sha }}
-    steps:
-      - name: Checkout Branch
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          ref: ${{ inputs.branch-or-tag }}
-          fetch-depth: 0
-
-      - name: Get Branch or Tag SHA
-        id: get-branch-or-tag-sha
-        run: |
-          echo "sha=$(git rev-parse origin/${{ inputs.branch-or-tag }})" >> $GITHUB_OUTPUT
-
-  notify-start:
-    name: Notify Slack with start message
-    needs:
-      - approval
-      - setup
-      - get-branch-or-tag-sha
-    runs-on: ubuntu-22.04
-    if: ${{ always() && contains( inputs.environment , 'QA' ) }}
-    outputs:
-      channel_id: ${{ steps.slack-message.outputs.channel_id }}
-      ts: ${{ steps.slack-message.outputs.ts }}
-    steps:
-      - uses: bitwarden/gh-actions/report-deployment-status-to-slack@main
-        id: slack-message
-        with:
-          project: Clients
-          environment: ${{ needs.setup.outputs.environment-name }}
-          tag: ${{ inputs.branch-or-tag }}
-          slack-channel: team-eng-qa-devops
-          event: 'start'
-          commit-sha: ${{ needs.get-branch-or-tag-sha.outputs.branch-or-tag-sha }}
-          url: https://github.com/bitwarden/clients/actions/runs/${{ github.run_id }}
-          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
   artifact-check:
     name: Check if Web artifact is present
     runs-on: ubuntu-22.04
     needs: setup
     env:
       _ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }}
+    outputs:
+      artifact-build-commit: ${{ steps.set-artifact-commit.outputs.commit }}
     steps:
       - name: 'Download latest cloud asset using GitHub Run ID: ${{ inputs.build-web-run-id }}'
         if: ${{ inputs.build-web-run-id }}
         uses: bitwarden/gh-actions/download-artifacts@main
-        id: download-latest-artifacts
+        id: download-latest-artifacts-run-id
         continue-on-error: true
         with:
           workflow: build-web.yml
@@ -191,7 +152,7 @@ jobs:
       - name: 'Download latest cloud asset from branch/tag: ${{ inputs.branch-or-tag }}'
         if: ${{ !inputs.build-web-run-id }}
         uses: bitwarden/gh-actions/download-artifacts@main
-        id: download-artifacts
+        id: download-latest-artifacts
         continue-on-error: true
         with:
           workflow: build-web.yml
@@ -201,22 +162,23 @@ jobs:
           artifacts: ${{ env._ENVIRONMENT_ARTIFACT }}
 
       - name: Login to Azure
-        if: ${{ steps.download-artifacts.outcome == 'failure' }}
+        if: ${{ steps.download-latest-artifacts.outcome == 'failure' }}
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         with:
           creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets for Build trigger
-        if: ${{ steps.download-artifacts.outcome == 'failure' }}
+        if: ${{ steps.download-latest-artifacts.outcome == 'failure' }}
         id: retrieve-secret
         uses: bitwarden/gh-actions/get-keyvault-secrets@main
         with:
           keyvault: "bitwarden-ci"
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
       - name: 'Trigger build web for missing branch/tag ${{ inputs.branch-or-tag }}'
-        if: ${{ steps.download-artifacts.outcome == 'failure' }}
+        if: ${{ steps.download-latest-artifacts.outcome == 'failure' }}
         uses: convictional/trigger-workflow-and-wait@f69fa9eedd3c62a599220f4d5745230e237904be # v1.6.5
+        id: trigger-build-web
         with:
           owner: bitwarden
           repo: clients
@@ -225,6 +187,60 @@ jobs:
           ref: ${{ inputs.branch-or-tag }}
           wait_interval: 100
 
+      - name: Set artifact build commit
+        id: set-artifact-commit
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          # If run-id was used, get the commit from the download-latest-artifacts-run-id step
+          if [ "${{ inputs.build-web-run-id }}" ]; then
+            echo "commit=${{ steps.download-latest-artifacts-run-id.outputs.artifact-build-commit }}" >> $GITHUB_OUTPUT
+
+          elif [ "${{ steps.download-latest-artifacts.outcome }}" == "failure" ]; then
+            # If the download-latest-artifacts step failed, query the GH API to get the commit SHA of the artifact that was just built with trigger-build-web.
+            commit=$(gh api /repos/bitwarden/clients/actions/runs/${{ steps.trigger-build-web.outputs.workflow_id }}/artifacts --jq '.artifacts[0].workflow_run.head_sha')
+            echo "commit=$commit" >> $GITHUB_OUTPUT
+
+          else
+            # Set the commit to the output of step download-latest-artifacts.
+            echo "commit=${{ steps.download-latest-artifacts.outputs.artifact-build-commit }}" >> $GITHUB_OUTPUT
+          fi
+
+  notify-start:
+    name: Notify Slack with start message
+    needs:
+      - approval
+      - setup
+      - artifact-check
+    runs-on: ubuntu-22.04
+    if: ${{ always() && contains( inputs.environment , 'QA' ) }}
+    outputs:
+      channel_id: ${{ steps.slack-message.outputs.channel_id }}
+      ts: ${{ steps.slack-message.outputs.ts }}
+    steps:
+      - uses: bitwarden/gh-actions/report-deployment-status-to-slack@main
+        id: slack-message
+        with:
+          project: Clients
+          environment: ${{ needs.setup.outputs.environment-name }}
+          tag: ${{ inputs.branch-or-tag }}
+          slack-channel: alerts-deploy-qa
+          event: 'start'
+          commit-sha: ${{ needs.artifact-check.outputs.artifact-build-commit }}
+          url: https://github.com/bitwarden/clients/actions/runs/${{ github.run_id }}
+          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+  update-summary:
+    name: Display commit
+    needs: artifact-check
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Display commit SHA
+        run: |
+          REPO_URL="https://github.com/bitwarden/clients/commit"
+          COMMIT_SHA="${{ needs.artifact-check.outputs.artifact-build-commit }}"
+          echo ":steam_locomotive: View [commit]($REPO_URL/$COMMIT_SHA)" >> $GITHUB_STEP_SUMMARY
+
   azure-deploy:
     name: Deploy Web Vault to ${{ inputs.environment }} Storage Account
     needs:
@@ -248,6 +264,7 @@ jobs:
           environment: ${{ env._ENVIRONMENT_NAME }}
           task: 'deploy'
           description: 'Deployment from branch/tag: ${{ inputs.branch-or-tag }}'
+          ref: ${{ needs.artifact-check.outputs.artifact-build-commit }}
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -349,10 +366,10 @@ jobs:
     runs-on: ubuntu-22.04
     if: ${{ always() && contains( inputs.environment , 'QA' ) }}
     needs:
+      - setup
       - notify-start
       - azure-deploy
-      - setup
-      - get-branch-or-tag-sha
+      - artifact-check
     steps:
       - uses: bitwarden/gh-actions/report-deployment-status-to-slack@main
         with:
@@ -362,6 +379,6 @@ jobs:
           slack-channel: ${{ needs.notify-start.outputs.channel_id }}
           event: ${{ needs.azure-deploy.result }}
           url: https://github.com/bitwarden/clients/actions/runs/${{ github.run_id }}
-          commit-sha: ${{ needs.get-branch-or-tag-sha.outputs.branch-or-tag-sha }}
+          commit-sha: ${{ needs.artifact-check.outputs.artifact-build-commit }}
           update-ts: ${{ needs.notify-start.outputs.ts }}
           AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

.github/workflows/release-desktop-beta.yml

@@ -955,11 +955,7 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "aws-electron-access-id,
             aws-electron-access-key,
-            aws-electron-bucket-name,
-            r2-electron-access-id,
-            r2-electron-access-key,
-            r2-electron-bucket-name,
-            cf-prod-account"
+            aws-electron-bucket-name"
 
       - name: Download all artifacts
         uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
@@ -985,20 +981,6 @@ jobs:
           --recursive \
           --quiet
 
-      - name: Publish artifacts to R2
-        env:
-          AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.r2-electron-access-id }}
-          AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.r2-electron-access-key }}
-          AWS_DEFAULT_REGION: 'us-east-1'
-          AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.r2-electron-bucket-name }}
-          CF_ACCOUNT: ${{ steps.retrieve-secrets.outputs.cf-prod-account }}
-        working-directory: apps/desktop/artifacts
-        run: |
-          aws s3 cp ./ $AWS_S3_BUCKET_NAME/desktop/ \
-          --recursive \
-          --quiet \
-          --endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
-
       - name: Update deployment status to Success
         if: ${{ success() }}
         uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3

.github/workflows/release-desktop.yml

@@ -115,11 +115,7 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "aws-electron-access-id,
             aws-electron-access-key,
-            aws-electron-bucket-name,
-            r2-electron-access-id,
-            r2-electron-access-key,
-            r2-electron-bucket-name,
-            cf-prod-account"
+            aws-electron-bucket-name"
 
       - name: Download all artifacts
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
@@ -169,21 +165,6 @@ jobs:
           --recursive \
           --quiet
 
-      - name: Publish artifacts to R2
-        if: ${{ github.event.inputs.release_type != 'Dry Run' && github.event.inputs.electron_publish == 'true' }}
-        env:
-          AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.r2-electron-access-id }}
-          AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.r2-electron-access-key }}
-          AWS_DEFAULT_REGION: 'us-east-1'
-          AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.r2-electron-bucket-name }}
-          CF_ACCOUNT: ${{ steps.retrieve-secrets.outputs.cf-prod-account }}
-        working-directory: apps/desktop/artifacts
-        run: |
-          aws s3 cp ./ $AWS_S3_BUCKET_NAME/desktop/ \
-          --recursive \
-          --quiet \
-          --endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
-
       - name: Get checksum files
         uses: bitwarden/gh-actions/get-checksum@main
         with: