bitwarden · vvolkgang · Sep 3, 2025 · Aug 22, 2025 · Aug 22, 2025 · Aug 22, 2025
@@ -0,0 +1,165 @@
+name: SDLC / SDK Update
+run-name: "SDK ${{inputs.run-mode == 'Update' && format('Update - {0}', inputs.sdk-version) || format('Test #{0} - {1}', inputs.pr-id, inputs.sdk-version)}}"
+
+on:
+  workflow_dispatch:
+    inputs:
+      run-mode:
+        description: "Run Mode"
+        type: choice
+        options:
+          - Test # used for testing sdk-internal repo PRs
+          - Update # opens a PR in this repo updating the SDK
+        default: Test
+      #
+      sdk-package:
+        description: "SDK Package ID"
+        required: true
+        default: "BitwardenSdk"
+      sdk-version:
+        description: "SDK Version"
+        required: true
+        default: "2a6609428275c758fcda5383bfb6b3166ec29eda"
+      pr-id:
+        description: "Pull Request ID"
+
+jobs:
+  update:
+    name: Update and PR
+    if: ${{ inputs.run-mode == 'Update' }}
+    runs-on: ubuntu-24.04
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        id: app-token
+        with:
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+
+      - name: Check out repo
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+
+      - name: Log inputs to job summary
+        uses: ./.github/actions/log-inputs
+        with:
+          inputs: ${{ toJson(inputs) }}
+
+      - name: Switch to branch
+        id: switch-branch
+        run: |
+          BRANCH_NAME="sdlc/sdk-update"
+          echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
+          git switch -c $BRANCH_NAME
+
+      - name: Get current SDK version
+        id: get-current-sdk
+        run: |
+          SDK_VERSION=$(awk '/BitwardenSdk:/,/^ [A-Za-z]/ { if ($1 == "revision:") print $2 }' project-bwa.yml)
+          GIT_REF=$(echo "$SDK_VERSION" | cut -d'-' -f3-) # handles both commit hashes and branch names
+          echo "Current SDK version: $SDK_VERSION"
+          echo "Current SDK git ref: $GIT_REF"
+          echo "version=$SDK_VERSION" >> $GITHUB_OUTPUT
+          echo "git_ref=$GIT_REF" >> $GITHUB_OUTPUT
+
+      - name: Update SDK Version
+        env:
+          _SDK_PACKAGE: ${{ inputs.sdk-package }}
+          _SDK_VERSION: ${{ inputs.sdk-version }}
+        run: |
+          ./Scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION"
+
+      - name: Create branch and commit
+        env:
+          _SDK_PACKAGE: ${{ inputs.sdk-package }}
+          _SDK_VERSION: ${{ inputs.sdk-version }}
+          _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }}
+        run: |
+          echo "👀 Committing SDK version update..."
+
+          git config user.name "bw-ghapp[bot]"
+          git config user.email "178206702+bw-ghapp[bot]@users.noreply.github.com"
+
+          git add project-bwa.yml project-bwk.yml project-pm.yml
+          git commit -m "SDK Update - $_SDK_PACKAGE $_SDK_VERSION"
+          git push origin $_BRANCH_NAME
+
+      - name: Create Pull Request
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          _BRANCH_NAME: ${{ steps.switch-branch.outputs.branch_name }}
+          _SDK_PACKAGE: ${{ inputs.sdk-package }}
+          _SDK_VERSION: ${{ inputs.sdk-version }}
+          _OLD_SDK_VERSION: ${{ steps.get-current-sdk.outputs.version }}
+          _OLD_SDK_GIT_REF: ${{ steps.get-current-sdk.outputs.git_ref }}
+        run: |
+          NEW_SDK_GIT_REF=$(echo "$_SDK_VERSION" | cut -d'-' -f3-)
+          PR_BODY="Updates the SDK version from \`$_OLD_SDK_VERSION\` to \`$_SDK_PACKAGE $_SDK_VERSION\`
+
+          ## What's Changed"
+
+          # Use echo -e to interpret escape sequences and pipe to gh pr create
+          PR_URL=$(echo -e "$PR_BODY" | gh pr create \
+            --title "Update SDK to $_SDK_VERSION" \
+            --body-file - \
+            --base main \
+            --head $_BRANCH_NAME \
+            --label "automated-pr" \
+            --label "t:ci")
+
+          echo "🚀 Created PR: $PR_URL"
+          echo "## 🚀 Created PR: $PR_URL" >> $GITHUB_STEP_SUMMARY
+
+#  test:
+#    name: Test Update
+#    if: ${{ inputs.run-mode == 'Test' }}
+#    runs-on: ubuntu-24.04
+#    permissions:
+#      contents: read
+#      packages: read
+#
+#    steps:
+#      - name: Check out repo
+#        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+#
+#      - name: Log inputs to job summary
+#        uses: ./.github/actions/log-inputs
+#        with:
+#          inputs: ${{ toJson(inputs) }}
+#
+#      - name: Setup Android Build
+#        uses: ./.github/actions/setup-android-build
+#
+#      - name: Update SDK Version
+#        env:
+#          _SDK_PACKAGE: ${{ inputs.sdk-package }}
+#          _SDK_VERSION: ${{ inputs.sdk-version }}
+#        run: |
+#          ./scripts/update-sdk-version.sh "$_SDK_PACKAGE" "$_SDK_VERSION"0
+#
+#      - name: Build
+#        env:
+#          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Used in settings.gradle.kts to download the SDK from GitHub Maven Packages
+#        run: |
+#          ./gradlew assembleDebug --warn
@@ -80,3 +80,6 @@ Configs/export_options.plist
 # LicensePlist
 Bitwarden/Application/Support/Settings.bundle/Acknowledgements.latest_result.txt
 Authenticator/Application/Support/Settings.bundle/Acknowledgements.latest_result.txt
+
+# Backup files
+*.bak
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Script to update SDK version in project-bwa.yml, project-bwk.yml and project-pm.yml
+# Usage: ./Scripts/update-sdk-version.sh <sdk-package> <sdk-version>
+# ./Scripts/update-sdk-version.sh BitwardenSdk 2a6609428275c758fcda5383bfb6b3166ec29eda
+
+set -euo pipefail
+
+if [ $# -lt 2 ]; then
+    echo "Usage: $0 <sdk-package> <sdk-version>"
+    echo "Example: $0 BitwardenSdk 2a6609428275c758fcda5383bfb6b3166ec29eda"
+    exit 1
+fi
+
+SDK_PACKAGE="$1"
+SDK_VERSION="$2"
+FILES=(
+  "project-bwa.yml"
+  "project-bwk.yml"
+  "project-pm.yml"
+)
+
+for file in "${FILES[@]}"; do
+    if [[ -f "$file" ]]; then
+        echo "🔧 Updating revision in $file..."
+        yq -i ".packages[\"$SDK_PACKAGE\"].revision = \"$SDK_VERSION\"" "$file"
+        echo "✅ Updated revision line:"
+        grep "revision:" "$file"
+    else
+        echo "⚠️  Skipping missing file: $file"
+    fi
+done