Repo tuneup (#103)

.github/renovate.json

@@ -1,21 +1,13 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "config:base",
-    "github>bitwarden/renovate-config:pin-actions",
-    ":combinePatchMinorReleases",
-    ":dependencyDashboard",
-    ":maintainLockFilesWeekly",
-    ":pinAllExceptPeerDependencies",
-    ":prConcurrentLimit10",
-    ":rebaseStalePrs",
-    "schedule:weekends",
-    ":separateMajorReleases"
-  ],
-  "enabledManagers": ["github-actions", "mint", "swift"],
-  "commitMessagePrefix": "[deps]:",
-  "commitMessageTopic": "{{depName}}",
+  "extends": ["github>bitwarden/renovate-config"],
+  "enabledManagers": ["bundler", "github-actions", "mint", "swift"],
   "packageRules": [
+    {
+      "groupName": "bundler minor",
+      "matchUpdateTypes": ["minor", "patch"],
+      "matchManagers": ["bundler"]
+    },
     {
       "groupName": "gh minor",
       "matchManagers": ["github-actions"],

.github/workflows/build.yml

@@ -5,17 +5,17 @@ on:
   workflow_dispatch:
     inputs:
       build-variant:
-        description: 'Which variant of the app to build'
+        description: "Which variant of the app to build"
         required: true
         type: choice
         options:
           - Production
       build-version:
-        description: 'Optional. Version string to use, in X.Y.Z format. Overrides default in the project.'
+        description: "Optional. Version string to use, in X.Y.Z format. Overrides default in the project."
         required: false
         type: string
       build-number:
-        description: 'Optional. Build number to use. Overrides default of GitHub run number.'
+        description: "Optional. Build number to use. Overrides default of GitHub run number."
         required: false
         type: number
 
@@ -24,29 +24,17 @@ env:
 
 jobs:
   build:
-    name: Build iOS app
+    name: Build
     runs-on: macos-14
     env:
       MINT_PATH: .mint/lib
       MINT_LINK_PATH: .mint/bin
-    steps:
-      - name: Print Environment
-        run: |
-          echo "GitHub ref: $GITHUB_REF"
-          echo "GitHub event: $GITHUB_EVENT"
 
-      - name: Check out repository
+    steps:
+      - name: Check out repo
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
-        with:
-          submodules: 'true'
-
-      - name: Set Up Ruby
-        uses: ruby/setup-ruby@943103cae7d3f1bb1e4951d5fcc7928b40e4b742 # v1.177.1
-        with:
-          bundler-cache: true
-          ruby-version: 3.2.2
 
-      - name: Cache Mint Packages
+      - name: Cache Mint packages
         id: mint-cache
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
@@ -61,19 +49,18 @@ jobs:
           sudo installer -pkg yeetd-normal.pkg -target /
           yeetd &
 
-      - name: Log In to Azure - CI Subscription
+      - name: Log in to Azure
         uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
         with:
           creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
-        id: retrieve-secrets
         uses: bitwarden/gh-actions/get-keyvault-secrets@main
         with:
           keyvault: "bitwarden-ci"
           secrets: "appcenter-ios-token"
 
-      - name: Download production provisioning profiles
+      - name: Retrieve production provisioning profiles
         if: env.build-variant == 'Production'
         env:
           ACCOUNT_NAME: bitwardenci
@@ -90,7 +77,7 @@ jobs:
               --file $HOME/secrets/$FILE --output none
           done
 
-      - name: Download Google Services secret
+      - name: Retrieve Google Services secret
         env:
           ACCOUNT_NAME: bitwardenci
           CONTAINER_NAME: mobile
@@ -100,13 +87,13 @@ jobs:
           az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
             --file Authenticator/Application/Support/$FILE --output none
 
-      - name: Get certificates
+      - name: Retrieve certificates
         run: |
           mkdir -p $HOME/certificates
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/ios-distribution |
             jq -r .value | base64 -d > $HOME/certificates/ios-distribution.p12
 
-      - name: Set up Keychain
+      - name: Configure Keychain Access
         env:
           KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }}
         run: |
@@ -119,7 +106,7 @@ jobs:
             -T /usr/bin/security
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
 
-      - name: Set up production provisioning profiles
+      - name: Configure production provisioning profiles
         if: env.build-variant == 'Production'
         run: |
           AUTHENTICATOR_PROFILE_PATH=$HOME/secrets/dist_authenticator.mobileprovision
@@ -130,6 +117,11 @@ jobs:
           AUTHENTICATOR_UUID=$(grep UUID -A1 -a $AUTHENTICATOR_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
           cp $AUTHENTICATOR_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTHENTICATOR_UUID.mobileprovision"
 
+      - name: Configure Ruby
+        uses: ruby/setup-ruby@943103cae7d3f1bb1e4951d5fcc7928b40e4b742 # v1.177.1
+        with:
+          bundler-cache: true
+
       - name: Install Mint, protobuf, xcbeautify, and yq
         run: |
           brew install mint swift-protobuf xcbeautify yq

.github/workflows/cache-dependencies.yml

@@ -1,10 +1,9 @@
----
-name: Cache Dependencies
+name: Cache
 
 on:
   push:
     branches:
-      - main
+      - "main"
 
 env:
   DEVELOPER_DIR: /Applications/Xcode_15.0.1.app/Contents/Developer
@@ -13,31 +12,34 @@ env:
 
 jobs:
   cache-dependencies:
-    name: Cache Dependencies
+    name: Cache dependencies
     runs-on: macos-14
     steps:
-      - name: Checkout
+      - name: Check out repo
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
-      - name: Setup Ruby
-        uses: ruby/setup-ruby@943103cae7d3f1bb1e4951d5fcc7928b40e4b742 # v1.177.1
+      - name: Configure Ruby
+        uses: ruby/setup-ruby@0cde4689ba33c09f1b890c1725572ad96751a3fc # v1.178.0
         with:
           bundler-cache: true
-          ruby-version: 3.2.2
 
-      - name: Cache Mint Packages
+      - name: Cache Mint packages
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
           path: .mint
           key: ${{ runner.os }}-mint-${{ hashFiles('**/Mintfile') }}
           restore-keys: |
             ${{ runner.os }}-mint-
 
+      - name: Cache SPM packages
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        with:
+          path: build/DerivedData/SourcePackages
+          key: ${{ runner.os }}-spm-${{ hashFiles('**/Package.resolved') }}
+          restore-keys: |
+            ${{ runner.os }}-spm-
+
       - name: Install Mint
         run: |
           brew install mint
-
-      - name: Install Mint packages
-        if: steps.mint-cache.outputs.cache-hit != 'true'
-        run: |
-          mint bootstrap
+          ./Scripts/bootstrap.sh

.github/workflows/test.yml

@@ -1,8 +1,13 @@
----
 name: Test
 
 on:
-  pull_request:
+  push:
+    branches:
+      - "main"
+      - "rc"
+      - "hotfix-rc"
+  pull_request_target:
+    types: [opened, synchronize]
 
 env:
   DEVELOPER_DIR: /Applications/Xcode_15.0.1.app/Contents/Developer
@@ -11,28 +16,36 @@ env:
   SIMULATOR_DESTINATION: platform=iOS Simulator,name=iPhone 15 Pro,OS=17.0.1
 
 jobs:
+  check-run:
+    name: Check PR run
+    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+
   test:
     name: Test
     runs-on: macos-14-xlarge
+    needs: check-run
+    permissions:
+      contents: read
+      pull-requests: write
+
     steps:
-      - name: Checkout
+      - name: Check out repo
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
-      - name: Setup Ruby
+      - name: Configure Ruby
         uses: ruby/setup-ruby@943103cae7d3f1bb1e4951d5fcc7928b40e4b742 # v1.177.1
         with:
           bundler-cache: true
-          ruby-version: 3.2.2
 
-      - name: Cache Mint Packages
+      - name: Cache Mint packages
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
           path: .mint
           key: ${{ runner.os }}-mint-${{ hashFiles('**/Mintfile') }}
           restore-keys: |
             ${{ runner.os }}-mint-
 
-      - name: Cache SPM Packages
+      - name: Cache SPM packages
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
           path: build/DerivedData/SourcePackages
@@ -46,12 +59,12 @@ jobs:
           sudo installer -pkg yeetd-normal.pkg -target /
           yeetd &
 
-      - name: Setup
+      - name: Install Mint, protobuf, xcbeautify, and yq
         run: |
           brew install mint swift-protobuf xcbeautify
           ./Scripts/bootstrap.sh
 
-      - name: Build and Test
+      - name: Build and test
         run: |
           set -o pipefail && \
             xcodebuild test \
@@ -61,4 +74,10 @@ jobs:
             -destination "${{ env.SIMULATOR_DESTINATION }}" \
             -resultBundlePath build/AuthenticatorTests.xcresult \
             -derivedDataPath build/DerivedData \
+            -enableCodeCoverage YES \
             | xcbeautify --renderer github-actions
+
+      - name: Upload to codecov.io
+        uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.ruby-version

@@ -0,0 +1 @@
+3.2.2