From e9634e10573b6838e40a2f8e20dce403c38d3e00 Mon Sep 17 00:00:00 2001 From: "mr. m" <91018726+mr-cheffy@users.noreply.github.com> Date: Sun, 19 Apr 2026 01:11:44 +0200 Subject: [PATCH] no-bug: Move API keys to release script (gh-13309) --- .github/workflows/linux-release-build.yml | 12 +++--------- .github/workflows/macos-release-build.yml | 12 +++--------- .github/workflows/src/release-build.sh | 8 ++++++++ .github/workflows/windows-release-build.yml | 12 +++--------- configs/common/mozconfig | 10 +++++++++- 5 files changed, 26 insertions(+), 28 deletions(-) diff --git a/.github/workflows/linux-release-build.yml b/.github/workflows/linux-release-build.yml index 06250bec2..b92181af2 100644 --- a/.github/workflows/linux-release-build.yml +++ b/.github/workflows/linux-release-build.yml @@ -120,15 +120,13 @@ jobs: ./mach --no-interactive bootstrap --application-choice browser cd .. - - name: Insert API Keys - run: | - mkdir -p ~/.zen-keys - echo "${{ secrets.ZEN_SAFEBROWSING_API_KEY }}" > ~/.zen-keys/safebrowsing.dat - - name: Build env: SURFER_COMPAT: ${{ matrix.arch }} ZEN_RELEASE_BRANCH: ${{ inputs.release-branch }} + ZEN_SAFEBROWSING_API_KEY: ${{ secrets.ZEN_SAFEBROWSING_API_KEY }} + ZEN_MOZILLA_API_KEY: ${{ secrets.ZEN_MOZILLA_API_KEY }} + ZEN_GOOGLE_LOCATION_SERVICE_API_KEY: ${{ secrets.ZEN_GOOGLE_LOCATION_SERVICE_API_KEY }} continue-on-error: true run: | export SURFER_PLATFORM="linux" @@ -146,10 +144,6 @@ jobs: export ZEN_RELEASE=1 npm run package - - name: Remove API Keys - run: | - rm -rf ~/.zen-keys - - name: Rename artifacts run: | mv dist/zen-*.tar.xz "zen.linux-${{ matrix.arch }}.tar.xz" diff --git a/.github/workflows/macos-release-build.yml b/.github/workflows/macos-release-build.yml index cd256497c..a14aac90c 100644 --- a/.github/workflows/macos-release-build.yml +++ b/.github/workflows/macos-release-build.yml @@ -134,15 +134,13 @@ jobs: - name: Build language packs run: sh scripts/download-language-packs.sh - - name: Insert API Keys - run: | - mkdir -p ~/.zen-keys - echo "${{ secrets.ZEN_SAFEBROWSING_API_KEY }}" > ~/.zen-keys/safebrowsing.dat - - name: Build Zen env: SURFER_COMPAT: ${{ matrix.arch }} ZEN_RELEASE_BRANCH: ${{ inputs.release-branch }} + ZEN_SAFEBROWSING_API_KEY: ${{ secrets.ZEN_SAFEBROWSING_API_KEY }} + ZEN_MOZILLA_API_KEY: ${{ secrets.ZEN_MOZILLA_API_KEY }} + ZEN_GOOGLE_LOCATION_SERVICE_API_KEY: ${{ secrets.ZEN_GOOGLE_LOCATION_SERVICE_API_KEY }} run: | export SURFER_PLATFORM="darwin" if [[ -n ${{ inputs.MOZ_BUILD_DATE }} ]];then @@ -159,10 +157,6 @@ jobs: export ZEN_RELEASE=1 npm run package - - name: Remove API Keys - run: | - rm -rf ~/.zen-keys - - name: Rename artifacts run: | echo "Tarballing DMG" diff --git a/.github/workflows/src/release-build.sh b/.github/workflows/src/release-build.sh index 7b2a5b034..fbccedce2 100644 --- a/.github/workflows/src/release-build.sh +++ b/.github/workflows/src/release-build.sh @@ -8,6 +8,11 @@ if command -v apt-get &> /dev/null; then sudo apt-get install -y xvfb libnvidia-egl-wayland1 mesa-utils libgl1-mesa-dri fi +mkdir -p ~/.zen-keys +echo "$ZEN_SAFEBROWSING_API_KEY" > ~/.zen-keys/safebrowsing.dat +echo "$ZEN_MOZILLA_API_KEY" > ~/.zen-keys/mozilla.dat +echo "$ZEN_GOOGLE_LOCATION_SERVICE_API_KEY" > ~/.zen-keys/google_location_service.dat + . $HOME/.cargo/env bash ./scripts/mar_sign.sh -i @@ -30,3 +35,6 @@ else export ZEN_RELEASE=1 npm run build fi + +echo "Build complete, removing API keys" +rm -rf ~/.zen-keys diff --git a/.github/workflows/windows-release-build.yml b/.github/workflows/windows-release-build.yml index 2207d35aa..dc054aef3 100644 --- a/.github/workflows/windows-release-build.yml +++ b/.github/workflows/windows-release-build.yml @@ -228,16 +228,14 @@ jobs: chmod +x ~/artifact/en-US.log chmod +x ~/artifact/merged.profdata - - name: Insert API Keys - run: | - mkdir -p ~/.zen-keys - echo "${{ secrets.ZEN_SAFEBROWSING_API_KEY }}" > ~/.zen-keys/safebrowsing.dat - - name: Build if: ${{ !(inputs.generate-gpo && matrix.arch == 'aarch64') }} env: SURFER_COMPAT: ${{ matrix.arch }} ZEN_RELEASE_BRANCH: ${{ inputs.release-branch }} + ZEN_SAFEBROWSING_API_KEY: ${{ secrets.ZEN_SAFEBROWSING_API_KEY }} + ZEN_MOZILLA_API_KEY: ${{ secrets.ZEN_MOZILLA_API_KEY }} + ZEN_GOOGLE_LOCATION_SERVICE_API_KEY: ${{ secrets.ZEN_GOOGLE_LOCATION_SERVICE_API_KEY }} run: | set -x dos2unix configs/windows/mozconfig @@ -266,10 +264,6 @@ jobs: ls ./dist ls . - - name: Remove API Keys - run: | - rm -rf ~/.zen-keys - - name: Move package for PGO upload if: ${{ inputs.generate-gpo && matrix.arch == 'x86_64' }} run: | diff --git a/configs/common/mozconfig b/configs/common/mozconfig index a93df9072..ddb795b86 100644 --- a/configs/common/mozconfig +++ b/configs/common/mozconfig @@ -35,11 +35,19 @@ if ! test "$SCCACHE_GHA_ENABLED" = "false"; then fi fi -# add safe browsing key if it exists on a file +# add API keys if it exists on a file if test -f "$HOME/.zen-keys/safebrowsing.dat"; then ac_add_options --with-google-safebrowsing-api-keyfile="$HOME/.zen-keys/safebrowsing.dat" fi +if test -f "$HOME/.zen-keys/mozilla.dat"; then + ac_add_options --with-mozilla-api-keyfile="$HOME/.zen-keys/mozilla.dat" +fi + +if test -f "$HOME/.zen-keys/google_location_service.dat"; then + ac_add_options --with-google-location-service-api-keyfile="$HOME/.zen-keys/google_location_service.dat" +fi + if test "$ZEN_RELEASE"; then # TODO: Make this successful in builds