evergreen
evergreen copied to clipboard
aaronparker
Update Bitwarden repository url
This fixes #365
However note unfortunately the new combined Bitwarden client repository doesn't always tag the latest releases for reach client as "latest" so the full releases feed is used. This has the unfortunate side-effect of returning not just the current release but all releases and assets that match the filters in the manifest.
One of the "correct" solutions to this would be refactoring Get-GitHubRepoRelease to accept a filter for VersionTag and filter on the "desktop-" prefix and stop returning output when the version changes.
I haven't done this as:
- From a quick search OpenJDK is also "broken" in this way returning multiple versions
- There are many ways to refactor
Get-GitHubRepoReleaseand didn't want to start making decisions about this unilaterally without discussion
I don't want to make changes to Get-GitHubRepoRelease for one app. It does currently expect that the repo has the available binaries on the latest release.
This URL is available which might be able to be used to grab the latest version and installer: https://vault.bitwarden.com/download/?app=desktop&platform=windows.
This resolves to a pretty messy URL though - https://objects.githubusercontent.com/github-production-release-asset-2e65be/53538899/7d83e8b2-55d7-451b-90ad-b173c46c245a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220807%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220807T141735Z&X-Amz-Expires=300&X-Amz-Signature=eb01a30df174dd1ffb60bbf57b1af12b0c6d08db5bbf3eb98fd58bdb1f940e4e&X-Amz-SignedHeaders=host&actor_id=8227455&key_id=0&repo_id=53538899&response-content-disposition=attachment%3B%20filename%3DBitwarden-Installer-2022.6.2.exe&response-content-type=application%2Foctet-stream
Another approach might be to see what the app does and how it determines available updates.
Completely understand about Get-GitHubRepoRelease which is why I didn't even get started. Though even with it expecting binaries on the latest release it still "works" in the current form with the new repository and the the /releases rather than /releases/latest it just returns additional older versions assets as well like the OpenJDK package...
That all said a bit of digging has revealed: https://artifacts.bitwarden.com/desktop/latest.yml
The download URLs appear to relative e.g https://artifacts.bitwarden.com/desktop/Bitwarden-Installer-2022.6.2.exe seems to work. The only downside to this appears to be the loss of the "portable" version that was in the GitHub assets. Though I suppose you could get the latest version from https://artifacts.bitwarden.com/desktop/latest.yml and then feed that into the GitHub api as a release tag e.g https://api.github.com/repos/bitwarden/clients/releases/tags/desktop-v2022.6.2
For simplicities sake I have update this PR with the less convoluted option though if you think we should go for the above two stage approach using both the latest.yml and GitHub happy to change things further.
Also apologies for the horrifically hacky "parsing" of the YAML given I was only after the version number it seemed inappropriate to load a whole YAML parsing package to do something a RegEx could (but perhaps shouldn't :D) do
As an FYI the UserAgent seems to be required else there is a 403 forbidden error.
🤦♂️ Seems Bitwarden look up their own repo to find the latest version: https://github.com/bitwarden/clients/blob/bc639688e84c1a997019194312e9c4a8a826479d/libs/node/src/cli/commands/update.command.ts
For the non CLI clients they appear to use electron-updater and this config lead to the latest.yml:
https://github.com/bitwarden/clients/blob/master/apps/desktop/electron-builder.json#L26