feat: security: Enable google safebrowsing and populate the API keys, b=no-bug, c=workflows, common, configs

2026-01-09 14:52:48 +00:00 · 2025-06-09 19:11:09 +02:00
parent 35245078c9
commit d786c6927f
4 changed files with 33 additions and 3 deletions
--- a/.github/workflows/linux-release-build.yml
+++ b/.github/workflows/linux-release-build.yml
@@ -121,6 +121,11 @@ jobs:
          ./mach --no-interactive bootstrap --application-choice browser
          cd ..

+      - name: Insert API Keys
+        run: |
+          mkdir -p ~/.zen-keys
+          echo "${{ secrets.ZEN_SAFEBROWSING_API_KEY }}" > ~/.zen-keys/safebrowsing.dat
+
      - name: Build
        env:
          SURFER_COMPAT: ${{ matrix.arch }}
@@ -141,6 +146,10 @@ jobs:
          export SURFER_PLATFORM="linux"
          export ZEN_RELEASE=1
          npm run package
+      
+      - name: Remove API Keys
+        run: |
+          rm -rf ~/.zen-keys

      - name: Rename artifacts
        run: |
--- a/.github/workflows/macos-release-build.yml
+++ b/.github/workflows/macos-release-build.yml
@@ -132,6 +132,11 @@ jobs:
      - name: Build language packs
        run: sh scripts/download-language-packs.sh

+      - name: Insert API Keys
+        run: |
+          mkdir -p ~/.zen-keys
+          echo "${{ secrets.ZEN_SAFEBROWSING_API_KEY }}" > ~/.zen-keys/safebrowsing.dat
+
      - name: Build Zen
        env:
          SURFER_COMPAT: ${{ matrix.arch }}
@@ -152,6 +157,10 @@ jobs:
          export ZEN_RELEASE=1
          npm run package

+      - name: Remove API Keys
+        run: |
+          rm -rf ~/.zen-keys
+
      - name: Rename artifacts
        run: |
          echo "Tarballing DMG"
--- a/.github/workflows/windows-release-build.yml
+++ b/.github/workflows/windows-release-build.yml
@@ -226,6 +226,11 @@ jobs:
          chmod +x ~/artifact/en-US.log
          chmod +x ~/artifact/merged.profdata

+      - name: Insert API Keys
+        run: |
+          mkdir -p ~/.zen-keys
+          echo "${{ secrets.ZEN_SAFEBROWSING_API_KEY }}" > ~/.zen-keys/safebrowsing.dat
+
      - name: Build
        if: ${{ !(inputs.generate-gpo && matrix.arch == 'aarch64') }}
        env:
@@ -259,6 +264,11 @@ jobs:
          ls ./dist
          ls .

+
+      - name: Remove API Keys
+        run: |
+          rm -rf ~/.zen-keys
+
      - name: Move package for PGO upload
        if: ${{ inputs.generate-gpo && matrix.arch == 'x86_64' }}
        run: |