1
0
Fork 1
mirror of https://github.com/zen-browser/desktop.git synced 2025-07-07 21:49:58 +02:00

feat: security: Enable google safebrowsing and populate the API keys, b=no-bug, c=workflows, common, configs

This commit is contained in:
Mr. M 2025-06-09 19:11:09 +02:00
parent 35245078c9
commit d786c6927f
No known key found for this signature in database
GPG key ID: 6292C4C8F8652B18
4 changed files with 33 additions and 3 deletions

View file

@ -121,6 +121,11 @@ jobs:
./mach --no-interactive bootstrap --application-choice browser
cd ..
- name: Insert API Keys
run: |
mkdir -p ~/.zen-keys
echo "${{ secrets.ZEN_SAFEBROWSING_API_KEY }}" > ~/.zen-keys/safebrowsing.dat
- name: Build
env:
SURFER_COMPAT: ${{ matrix.arch }}
@ -142,6 +147,10 @@ jobs:
export ZEN_RELEASE=1
npm run package
- name: Remove API Keys
run: |
rm -rf ~/.zen-keys
- name: Rename artifacts
run: |
mv dist/zen-*.tar.xz "zen.linux-${{ matrix.arch }}.tar.xz"

View file

@ -132,6 +132,11 @@ jobs:
- name: Build language packs
run: sh scripts/download-language-packs.sh
- name: Insert API Keys
run: |
mkdir -p ~/.zen-keys
echo "${{ secrets.ZEN_SAFEBROWSING_API_KEY }}" > ~/.zen-keys/safebrowsing.dat
- name: Build Zen
env:
SURFER_COMPAT: ${{ matrix.arch }}
@ -152,6 +157,10 @@ jobs:
export ZEN_RELEASE=1
npm run package
- name: Remove API Keys
run: |
rm -rf ~/.zen-keys
- name: Rename artifacts
run: |
echo "Tarballing DMG"

View file

@ -226,6 +226,11 @@ jobs:
chmod +x ~/artifact/en-US.log
chmod +x ~/artifact/merged.profdata
- name: Insert API Keys
run: |
mkdir -p ~/.zen-keys
echo "${{ secrets.ZEN_SAFEBROWSING_API_KEY }}" > ~/.zen-keys/safebrowsing.dat
- name: Build
if: ${{ !(inputs.generate-gpo && matrix.arch == 'aarch64') }}
env:
@ -259,6 +264,11 @@ jobs:
ls ./dist
ls .
- name: Remove API Keys
run: |
rm -rf ~/.zen-keys
- name: Move package for PGO upload
if: ${{ inputs.generate-gpo && matrix.arch == 'x86_64' }}
run: |

View file

@ -32,6 +32,11 @@ if ! test "$SCCACHE_GHA_ENABLED" = "false"; then
fi
fi
# add safe browsing key if it exists on a file
if test -f "$HOME/.zen-keys/safebrowsing.dat"; then
ac_add_options --with-google-safebrowsing-api-keyfile="$HOME/.zen-keys/safebrowsing.dat"
fi
if test "$ZEN_RELEASE"; then
# TODO: Make this successful in builds
@ -96,10 +101,7 @@ fi
ac_add_options --enable-unverified-updates
ac_add_options --enable-raw
ac_add_options --enable-webrtc
ac_add_options --enable-jxl
ac_add_options --enable-av1
ac_add_options --with-unsigned-addon-scopes=app,system