Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Publish WASM package to enable argon2 support on CLI #691

Merged
merged 16 commits into from
Apr 15, 2024
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions .github/workflows/build-wasm.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
---
name: Build @bitwarden/sdk-wasm

on:
pull_request:
push:
branches:
- "main"
- "rc"
- "hotfix-rc"
workflow_dispatch:

defaults:
run:
shell: bash
working-directory: crates/bitwarden-wasm

jobs:
build:
name: Building @bitwarden/sdk-wasm
runs-on: ubuntu-22.04

steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 18
cache: "npm"

- name: Install dependencies
run: npm i -g binaryen

- name: Install rust
uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # stable
with:
toolchain: stable
targets: wasm32-unknown-unknown

- name: Cache cargo registry
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
with:
key: wasm-cargo-cache

- name: Install wasm-bindgen-cli
run: cargo install wasm-bindgen-cli

- name: Build
run: ./build.sh -r

- name: Upload artifact
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: sdk-bitwarden-wasm
path: ${{ github.workspace }}/languages/js/wasm/*
if-no-files-found: error
143 changes: 143 additions & 0 deletions .github/workflows/release-wasm.yml
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can get rid of the SETUP NPM by using the actions/setup-node action with registry-url per https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages#publishing-packages-to-the-npm-registry. You can also omit writing the token to disk and just pass it in as an env during the publish command.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm hesitant to change this here as all our other NPM publishing workflows in sdk and clients are doing it this way, so I wouldn't want a single workflow being different than the rest.

I definitely think this is a good improvement over manually creating the file, and we definitely want to switch to it, but I think it would be better for a separate PR to update all workflows at once.

Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
---
name: Release @bitwarden/sdk-wasm
run-name: Release @bitwarden/sdk-wasm ${{ inputs.release_type }}

on:
workflow_dispatch:
inputs:
release_type:
description: "Release Options"
required: true
default: "Initial Release"
michalchecinski marked this conversation as resolved.
Show resolved Hide resolved
type: choice
options:
- Initial Release
- Redeploy
michalchecinski marked this conversation as resolved.
Show resolved Hide resolved
- Dry Run
npm_publish:
description: "Publish to NPM registry"
required: true
default: true
type: boolean

defaults:
run:
shell: bash
working-directory: languages/js/wasm

jobs:
setup:
name: Setup
runs-on: ubuntu-22.04
outputs:
release-version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Branch check
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
echo "==================================="
echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
echo "==================================="
exit 1
fi

- name: Check Release Version
id: version
uses: bitwarden/gh-actions/release-version-check@main
with:
release-type: ${{ github.event.inputs.release_type }}
project-type: ts
file: languages/js/wasm/package.json
monorepo: false

- name: Create GitHub deployment
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
id: deployment
with:
token: "${{ secrets.GITHUB_TOKEN }}"
initial-status: "in_progress"
environment: "Bitwarden SDK WASM - Production"
description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}"
task: release

- name: Update deployment status to Success
if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
with:
token: "${{ secrets.GITHUB_TOKEN }}"
state: "success"
deployment-id: ${{ steps.deployment.outputs.deployment_id }}

- name: Update deployment status to Failure
if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
with:
token: "${{ secrets.GITHUB_TOKEN }}"
state: "failure"
deployment-id: ${{ steps.deployment.outputs.deployment_id }}

npm:
name: Publish NPM
runs-on: ubuntu-22.04
needs: setup
if: inputs.npm_publish
env:
_PKG_VERSION: ${{ needs.setup.outputs.release-version }}
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 18
cache: "npm"

- name: Login to Azure
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "npm-api-key"

- name: Download artifacts
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
michalchecinski marked this conversation as resolved.
Show resolved Hide resolved
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-wasm.yml
path: ${{ github.workspace }}/languages/js/wasm
workflow_conclusion: success
branch: ${{ github.ref_name }}
michalchecinski marked this conversation as resolved.
Show resolved Hide resolved

- name: Dry Run - Download artifacts
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-wasm.yml
path: ${{ github.workspace }}/languages/js/wasm
workflow_conclusion: success
branch: main
michalchecinski marked this conversation as resolved.
Show resolved Hide resolved

- name: Setup NPM
run: |
echo 'registry="https://registry.npmjs.org/"' > ./.npmrc
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc

echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
env:
NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }}

- name: Publish NPM
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc
2 changes: 2 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 9 additions & 5 deletions crates/bitwarden-wasm/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,15 @@ keywords.workspace = true
crate-type = ["cdylib"]

[dependencies]
argon2 = { version = ">=0.5.0, <0.6", features = [
"alloc",
"zeroize",
], default-features = false }
base64 = ">=0.21.2, <0.22"
dani-garcia marked this conversation as resolved.
Show resolved Hide resolved
bitwarden-json = { path = "../bitwarden-json", features = [
"secrets",
"internal",
] }
console_error_panic_hook = "0.1.7"
console_log = { version = "1.0.0", features = ["color"] }
js-sys = "0.3.68"
Expand All @@ -23,10 +32,5 @@ serde = { version = "1.0.196", features = ["derive"] }
wasm-bindgen = { version = "0.2.91", features = ["serde-serialize"] }
wasm-bindgen-futures = "0.4.41"

bitwarden-json = { path = "../bitwarden-json", features = [
"secrets",
"internal",
] }

[dev-dependencies]
wasm-bindgen-test = "0.3.41"
26 changes: 26 additions & 0 deletions crates/bitwarden-wasm/src/client.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
extern crate console_error_panic_hook;
use std::rc::Rc;

use argon2::{Algorithm, Argon2, Params, Version};
use bitwarden_json::client::Client as JsonClient;
use js_sys::Promise;
use log::Level;
Expand Down Expand Up @@ -54,3 +55,28 @@
})
}
}

#[wasm_bindgen]
pub fn argon2(
password: &[u8],
salt: &[u8],
iterations: u32,
memory: u32,
parallelism: u32,
) -> Vec<u8> {
let argon = Argon2::new(
Algorithm::Argon2id,
Version::V0x13,
Params::new(
memory * 1024, // Convert MiB to KiB
iterations,
parallelism,
Some(32),
)
.unwrap(),
Fixed Show fixed Hide fixed
);

let mut hash = [0u8; 32];
argon.hash_password_into(password, salt, &mut hash).unwrap();
Fixed Show fixed Hide fixed
hash.to_vec()
dani-garcia marked this conversation as resolved.
Show resolved Hide resolved
}

Check warning on line 82 in crates/bitwarden-wasm/src/client.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-wasm/src/client.rs#L59-L82

Added lines #L59 - L82 were not covered by tests
1 change: 1 addition & 0 deletions languages/js/wasm/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
"main": "node/bitwarden_wasm.js",
"module": "index.js",
"types": "bitwarden_wasm.d.ts",
"scripts": {},
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't technically required, but npm would output a confusing warning if it wasn't there, so I decided to add it.

"sideEffects": [
"./bitwarden_wasm.js",
"./snippets/*"
Expand Down
Loading