Merge branch 'main' into km/pm-11924/ssh-key-item-type

.github/CODEOWNERS

@@ -11,3 +11,8 @@
 # Secrets Manager team
 crates/bitwarden-sm @bitwarden/team-secrets-manager-dev
 crates/bws @bitwarden/team-secrets-manager-dev
+
+# BRE Automations
+crates/bws/Cargo.toml
+crates/bws/scripts/install.ps1
+crates/bws/scripts/install.sh

.github/PULL_REQUEST_TEMPLATE.md

@@ -6,10 +6,6 @@
 
 <!-- Describe what the purpose of this PR is, for example what bug you're fixing or new feature you're adding. -->
 
-## 📸 Screenshots
-
-<!-- Required for any UI changes; delete if not applicable. Use fixed width images for better display. -->
-
 ## ⏰ Reminders before review
 
 - Contributor guidelines followed

.github/workflows/build-cli-docker.yml

@@ -5,8 +5,6 @@ on:
   push:
     branches:
       - "main"
-      - "rc"
-      - "hotfix-rc"
   workflow_dispatch:
   pull_request:
 
@@ -22,15 +20,9 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Check Branch to Publish
-        env:
-          PUBLISH_BRANCHES: "master,rc,hotfix-rc"
         id: publish-branch-check
         run: |
-          REF=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
-
-          IFS="," read -a publish_branches <<< $PUBLISH_BRANCHES
-
-          if [[ "${publish_branches[*]}" =~ "${REF}" ]]; then
+          if [[ "$GITHUB_REF" == "refs/heads/main" ]]; then
             echo "is_publish_branch=true" >> $GITHUB_ENV
           else
             echo "is_publish_branch=false" >> $GITHUB_ENV
@@ -77,10 +69,8 @@ jobs:
         run: |
           REF=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
           IMAGE_TAG=$(echo "${REF}" | sed "s#/#-#g")  # slash safe branch name
-          if [[ "${IMAGE_TAG}" == "master" ]]; then
+          if [[ "${IMAGE_TAG}" == "main" ]]; then
             IMAGE_TAG=dev
-          elif [[ ("${IMAGE_TAG}" == "rc") || ("${IMAGE_TAG}" == "hotfix-rc") ]]; then
-            IMAGE_TAG=rc
           fi
 
           echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
@@ -89,9 +79,8 @@ jobs:
         id: tag-list
         env:
           IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
-          IS_PUBLISH_BRANCH: ${{ env.is_publish_branch }}
         run: |
-          if [[ ("${IMAGE_TAG}" == "dev" || "${IMAGE_TAG}" == "rc") && "${IS_PUBLISH_BRANCH}" == "true" ]]; then
+          if [[ "${IMAGE_TAG}" == "dev" ]]; then
             echo "tags=$_AZ_REGISTRY/bws:${IMAGE_TAG},bitwarden/bws:${IMAGE_TAG}" >> $GITHUB_OUTPUT
           else
             echo "tags=$_AZ_REGISTRY/bws:${IMAGE_TAG}" >> $GITHUB_OUTPUT
@@ -123,10 +112,7 @@ jobs:
     needs: build-docker
     steps:
       - name: Check if any job failed
-        if: |
-          github.ref == 'refs/heads/master'
-          || github.ref == 'refs/heads/rc'
-          || github.ref == 'refs/heads/hotfix-rc'
+        if: github.ref == 'refs/heads/main'
         env:
           BUILD_DOCKER_STATUS: ${{ needs.build-docker.result }}
         run: |

.github/workflows/build-cli.yml

@@ -6,8 +6,6 @@ on:
   push:
     branches:
       - "main"
-      - "rc"
-      - "hotfix-rc"
   workflow_dispatch:
 
 defaults:
@@ -74,7 +72,7 @@ jobs:
       - name: Build
         env:
           TARGET: ${{ matrix.settings.target }}
-        run: cargo build ${{ matrix.features }} -p bws --release --target=${{ matrix.settings.target }}
+        run: cargo build -p bws --release --target=${{ matrix.settings.target }}
 
       - name: Login to Azure
         if: ${{ needs.setup.outputs.sign == 'true' }}
@@ -132,8 +130,7 @@ jobs:
   build-macos:
     name: Building CLI for - ${{ matrix.settings.os }} - ${{ matrix.settings.target }}
     runs-on: ${{ matrix.settings.os || 'ubuntu-latest' }}
-    needs:
-      - setup
+    needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
     strategy:
@@ -164,7 +161,7 @@ jobs:
       - name: Build
         env:
           TARGET: ${{ matrix.settings.target }}
-        run: cargo build ${{ matrix.features }} -p bws --release --target=${{ matrix.settings.target }}
+        run: cargo build -p bws --release --target=${{ matrix.settings.target }}
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -242,8 +239,7 @@ jobs:
   build-linux:
     name: Building CLI for - ${{ matrix.settings.os }} - ${{ matrix.settings.target }}
     runs-on: ${{ matrix.settings.os || 'ubuntu-latest' }}
-    needs:
-      - setup
+    needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
     strategy:
@@ -271,7 +267,8 @@ jobs:
           toolchain: stable
           targets: ${{ matrix.settings.target }}
 
-      - uses: goto-bus-stop/setup-zig@7ab2955eb728f5440978d5824358023be3a2802d # v2.2.0
+      - name: Set up Zig
+        uses: goto-bus-stop/setup-zig@7ab2955eb728f5440978d5824358023be3a2802d # v2.2.0
         with:
           version: 0.12.0
 
@@ -286,7 +283,7 @@ jobs:
       - name: Build
         env:
           TARGET: ${{ matrix.settings.target }}
-        run: cargo zigbuild ${{ matrix.features }} -p bws --release --target=${{ matrix.settings.target }}
+        run: cargo zigbuild -p bws --release --target=${{ matrix.settings.target }}
 
       - name: Zip linux
         run: zip -j ./bws-${{ matrix.settings.target }}-${{ env._PACKAGE_VERSION }}.zip ./target/${{ matrix.settings.target }}/release/bws
@@ -325,7 +322,7 @@ jobs:
           unzip bws-x86_64-apple-darwin-${{ env._PACKAGE_VERSION }}.zip -d ./bws-x86_64-apple-darwin
           unzip bws-aarch64-apple-darwin-${{ env._PACKAGE_VERSION }}.zip -d ./bws-aarch64-apple-darwin
 
-      - name: lipo create universal package
+      - name: Create universal package with lipo
         run: |
           mkdir ./bws-macos-universal
 
@@ -375,7 +372,7 @@ jobs:
       - name: Sign binary
         env:
           MACOS_CERTIFICATE_NAME: ${{ steps.retrieve-secrets-macos.outputs.macos-bws-certificate-name }}
-        run: codesign --sign "$MACOS_CERTIFICATE_NAME" --verbose=3 --force --options=runtime --timestamp  ./bws-aarch64-apple-darwin/bws
+        run: codesign --sign "$MACOS_CERTIFICATE_NAME" --verbose=3 --force --options=runtime --timestamp ./bws-macos-universal/bws
 
       - name: Notarize app
         env:
@@ -389,7 +386,7 @@ jobs:
           xcrun notarytool store-credentials "notarytool-profile" --apple-id "$MACOS_NOTARIZATION_APPLE_ID" --team-id "$MACOS_NOTARIZATION_TEAM_ID" --password "$MACOS_NOTARIZATION_PWD"
 
           echo "Creating notarization archive"
-          zip -j ./bws-macos-universal-${{ env._PACKAGE_VERSION }}.zip ./bws-aarch64-apple-darwin/bws
+          zip -j ./bws-macos-universal-${{ env._PACKAGE_VERSION }}.zip ./bws-macos-universal/bws
 
           codesign --sign "$MACOS_CERTIFICATE_NAME" --verbose=3 --force --options=runtime --timestamp  ./bws-macos-universal-${{ env._PACKAGE_VERSION }}.zip
 
@@ -441,8 +438,7 @@ jobs:
   manpages:
     name: Generate manpages
     runs-on: ubuntu-22.04
-    needs:
-      - setup
+    needs: setup
     steps:
       - name: Checkout repo
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

.github/workflows/build-cpp.yml

@@ -30,8 +30,11 @@ jobs:
           - os: macos-13
             target: x86_64-apple-darwin
 
-          # - os: windows-2022
-          #   target: x86_64-pc-windows-msvc
+          - os: macos-13
+            target: aarch64-apple-darwin
+
+          - os: windows-2022
+            target: x86_64-pc-windows-msvc
 
           - os: ubuntu-22.04
             target: x86_64-unknown-linux-gnu
@@ -52,16 +55,6 @@ jobs:
           brew install nlohmann-json
           brew install boost
 
-      - name: Cache vcpkg
-        if: runner.os == 'Windows'
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
-        with:
-          path: C:/vcpkg/
-          key: vcpkg-${{ runner.os }}-${{ matrix.settings.target }}
-          restore-keys: |
-            vcpkg-${{ runner.os }}-
-            vcpkg-
-
       - name: Export GitHub Actions cache environment variables
         if: runner.os == 'Windows'
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
@@ -70,22 +63,6 @@ jobs:
             core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
             core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');
 
-      - name: Install libraries for Windows
-        if: runner.os == 'Windows' && steps.cache.outputs.cache-hit != 'true'
-        env:
-          VCPKG_BINARY_SOURCES: "clear;x-gha,readwrite"
-        run: |
-          vcpkg install boost --binarysource="clear;x-gha,readwrite"
-          vcpkg install nlohmann-json --binarysource="clear;x-gha,readwrite"
-        shell: pwsh
-
-      - name: Save cache
-        if: runner.os == 'Windows'
-        uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
-        with:
-          path: C:/vcpkg/
-          key: vcpkg-${{ runner.os }}-${{ matrix.settings.target }}
-
       - name: Download schemas
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
@@ -114,6 +91,20 @@ jobs:
 
           Get-Acl languages/cpp/include/* | Format-List
 
+      - name: Ensure bitwarden-c is in include folder
+        working-directory: languages/cpp
+        shell: bash
+        run: |
+          mv include/release/* include/
+          if [[ '${{ runner.os }}' == 'macOS' || '${{ runner.os }}' == 'Linux' ]]; then
+            ls include/libbitwarden_c.* || { echo "Missing libbitwarden_c.*"; exit 1; }
+          fi
+          if [[ '${{ runner.os }}' == 'Windows' ]]; then
+            ls include/bitwarden_c.dll || { echo "Missing bitwarden_c.dll"; exit 1; }
+            ls include/bitwarden_c.dll.lib || { echo "Missing bitwarden_c.dll.lib"; exit 1; }
+          fi
+          rmdir include/release
+
       - name: Build unix
         working-directory: languages/cpp
         if: runner.os == 'macOS' || runner.os == 'Linux'
@@ -139,24 +130,28 @@ jobs:
         if: runner.os == 'Windows'
         working-directory: languages/cpp
         env:
-          BOOST_INCLUDE_DIR: C:\vcpkg\installed\x64-windows\include\boost
-          NLOHMANN_JSON_INCLUDE_DIR: C:\vcpkg\installed\x64-windows\include\nlohmann-json
+          VCPKG_BINARY_SOURCES: "clear;x-gha,readwrite"
         run: |
           mkdir build
           cd build
-          $DNLOHMANN_PATH="C:\vcpkg\installed\x64-windows\include\nlohmann-json"
-          $DBOOST_PATH="C:\vcpkg\installed\x64-windows\include\boost"
-          $DTARGET="include/libbitwarden_c.dll"
-          cmake .. -DNLOHMANN=$DNLOHMANN_PATH -DBOOST=$DBOOST_PATH -DTARGET="include/libbitwarden_c.dll" -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/languages/cpp/ -DBUILD_TESTING=OFF
-          cmake --build .
+          $env:DTARGET="include\bitwarden_c.dll.lib"
+          cmake .. -DTARGET="$env:DTARGET" -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake"
+          cmake --build . --config Release
         shell: pwsh
 
       - name: Copy artifacts
         working-directory: languages/cpp/build
+        shell: bash
         run: |
           mkdir artifacts
-          cp libbitwarden_c.* artifacts
-          cp libBitwardenClient.* artifacts
+          if [[ '${{ runner.os }}' == 'macOS' || '${{ runner.os }}' == 'Linux' ]]; then
+            cp libbitwarden_c.* artifacts
+            cp libBitwardenClient.* artifacts
+          fi
+          if [[ '${{ runner.os }}' == 'Windows' ]]; then
+            cp */BitwardenClient.* artifacts
+            cp ../include/bitwarden_c.{lib,dll.lib,dll} artifacts
+          fi
 
       - name: Upload C++ package for ${{ matrix.settings.target }}
         uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0

.github/workflows/build-rust-crates.yml

@@ -7,8 +7,6 @@ on:
   push:
     branches:
       - "main"
-      - "rc"
-      - "hotfix-rc"
 
 env:
   CARGO_TERM_COLOR: always
@@ -17,7 +15,7 @@ jobs:
   build:
     name: Building ${{matrix.package}} for - ${{ matrix.os }}
 
-    runs-on: ${{ matrix.settings.os || 'ubuntu-latest' }}
+    runs-on: ${{ matrix.os || 'ubuntu-latest' }}
 
     strategy:
       fail-fast: false
@@ -42,7 +40,6 @@ jobs:
         uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a # stable
         with:
           toolchain: stable
-          targets: ${{ matrix.settings.target }}
 
       - name: Cache cargo registry
         uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
@@ -61,9 +58,8 @@ jobs:
   release-dry-run:
     name: Release dry-run
     runs-on: ubuntu-latest
-    if: ${{ github.ref == 'refs/head/main' || github.ref == 'refs/head/rc' || github.ref == 'refs/head/hotfix-rc' }}
-    needs:
-      - build
+    if: ${{ github.ref == 'refs/head/main' }}
+    needs: build
     steps:
       - name: Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@@ -72,7 +68,6 @@ jobs:
         uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a # stable
         with:
           toolchain: stable
-          targets: ${{ matrix.settings.target }}
 
       - name: Cache cargo registry
         uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3

.github/workflows/build-rust-cross-platform.yml

@@ -26,6 +26,9 @@ jobs:
             target: x86_64-pc-windows-msvc
           - os: windows-2022
             target: x86_64-pc-windows-gnu
+          # caution: updating the linux runner OS version for GNU
+          #   targets will likely break libbitwarden_c for older OS versions.
+          #   prefer using oldest supported runner for for these targets
           - os: ubuntu-22.04
             target: x86_64-unknown-linux-gnu
           - os: ubuntu-22.04
@@ -57,16 +60,26 @@ jobs:
       - name: Add build architecture
         run: rustup target add ${{ matrix.settings.target }}
 
+      # Build Rust for musl
       - name: Build Rust for - ${{ matrix.settings.target }}
         if: ${{ contains(matrix.settings.target, 'musl') }}
         env:
           RUSTFLAGS: "-D warnings"
         run: cargo zigbuild -p bitwarden-c --target ${{ matrix.settings.target }} --release
 
+      # Build Rust for windows-gnu
       - name: Build Rust for - ${{ matrix.settings.target }}
-        if: ${{ !contains(matrix.settings.target, 'musl') }}
+        if: ${{ matrix.settings.target == 'x86_64-pc-windows-gnu' }}
         env:
           RUSTFLAGS: "-D warnings"
+        run: cargo build -p bitwarden-c --target ${{ matrix.settings.target }} --profile=release-windows
+
+      # Build Rust for !musl && !windows-gnu
+      - name: Build Rust for - ${{ matrix.settings.target }}
+        if: ${{ !contains(matrix.settings.target, 'musl') && matrix.settings.target != 'x86_64-pc-windows-gnu' }}
+        env:
+          RUSTFLAGS: "-D warnings"
+          MACOSX_DEPLOYMENT_TARGET: "10.14" # allows using new macos runner versions while still supporting older systems
         run: cargo build -p bitwarden-c --target ${{ matrix.settings.target }} --release
 
       - name: Upload Artifact
@@ -75,3 +88,4 @@ jobs:
           name: libbitwarden_c_files-${{ matrix.settings.target }}
           path: |
             target/${{ matrix.settings.target }}/release/*bitwarden_c*
+            target/${{ matrix.settings.target }}/release-windows/*bitwarden_c*