codecov[bot]
commented
3 months ago Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 29.30%. Comparing base (
9ec0142) to head (abec50f). Report is 1 commits behind head on main.
Additional details and impacted files
```diff @@ Coverage Diff @@ ## main #9827 +/- ## ======================================= Coverage 29.30% 29.30% ======================================= Files 2532 2532 Lines 73845 73845 Branches 13790 13790 ======================================= Hits 21639 21639 Misses 50584 50584 Partials 1622 1622 ```:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
github-actions[bot]
Checkmarx One â Scan Summary & Details â
đī¸ Tracking
https://bitwarden.atlassian.net/browse/AC-2811
đ Objective
Due to recent enhancements to the CLI being backed by the Bitwarden License Agreement we need to update storefronts so that they point to the correct licenses and artifacts.
Important Notes For Release
The Snap store update in this work may be problematic and will need to be monitored on release. The GUI setting indicating the use of a GPL license may override the newly added configuration setting in snapcraft.yaml that indicates the project uses a proprietary license. We should monitor the snap store upon release and manually update the license to "Proprietary" in the Snap Store website if it doesn't take from the changed configuration file. This will require admin access to the Bitwarden snap package.
Implementation Details
There are two major steps to this: updating the build job to bundle the correct artifacts for store consumption, and updating store configuration to indicate a change in licensing.
1. Publish Bitwarden licensed artifacts to 3rd party storefronts
Currently the build job bundles GPL licensed artifacts to later be released on storefronts. This needs to be updated to publish Bitwarden licensed artifacts. This can be done by changing a few simple conditionals in the build job. The release job just grabs whatever is in these prepared folders from the build job, and so it does not need to be updated. Likewise we don't need to change any asset names expected by stores, because they have not changed.
2. Update the license applied to 3rd party storefronts
3rd party storefronts need to be updated to reflect the new license we are publishing the CLI under. The Bitwarden CLI is published on Chocolatey, NPM, and Snap. Each storefront has a slightly different means for being updated.
2a. Update the license applied in Chocolatey
The license posted to Chocolatey is sent alongside the build artifact itself. It actually already uses the correct license!. We do not need to make any changes to licensing in Chocolatey.
2b. Update the license applied in NPM
The license the NPM store uses is declared in package.json. See these docs from npm for details. We need to update the license key in the CLI's package.json to indicate that the package is published under a special license.
2c. Update the license applied in Snap
We might be able to update the snap package license via configuration in snapcraft.yaml. There is a key for it documented here.
However, we don't currently have the license configured this way and it appears the snap store license is set from the GUI.
The potential fields for the snap store are listed here. We, unfortunately, need to use the "Proprietary" option even though our license is mixed and mostly GPL.
We should try and specify the value in the configuration, but we will need BRE to monitor the Snap store upon release to make sure the new value takes. If it does not appear to take BRE will need to update the value manually in the Snap store website. This will require admin access to the Bitwarden package on snap.
â° Reminders before review
đĻŽ Reviewer guidelines
:+1:) or similar for great changes:memo:) or âšī¸ (:information_source:) for notes or general info:question:) for questions:thinking:) or đ (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:) for suggestions / improvements:x:) or â ī¸ (:warning:) for more significant problems or concerns needing attention:seedling:) or âģī¸ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes