bitwarden
Version mismatch + F-Droid
Workaround for issues being disabled
đī¸ Tracking
n/a
đ Objective
I was going to open an issue, but they are disabled. So a PR it is :shrug:
Two questions:
1. Bad release (version mismatch)
There is something wrong with the tagged 2024.05.0 release: https://github.com/bitwarden/authenticator-android/releases/tag/v2024.5.0). The attached APK has version name 2024.04.20 and version code 22.
2. F-Droid Inclusion
Are you open to including Bitwarden Authenticator in F-Droid?
There is a Request for Packaging here: https://gitlab.com/fdroid/rfp/-/issues/2738
If you want to official support it, it would be nice if you could add a "libre" flavour that has Firebase removed. Then we could aim at Reproducible Builds and ship a Bitwarden-signed APK.
Otherwise, F-Droid can strip Firebase (and any other non-free things that may appear) in its build script, and have F-Droid sign the APK.
It would be nice if you could add app metadata and screenshots in the Fastlane format, see https://f-droid.org/en/docs/All_About_Descriptions_Graphics_and_Screenshots/
Finally, it would be awesome if you could hardcode the version name and version code, instead of auto-generating it. For example, this would make it easier to track down mismatches/wrong tagging like the one you produced above (currently it is very hard to tell for an outsider from which commit that 2024.04.20 APK was built). And you are not the first ones with this. Hardcoding is just clearer. It will also play nicer with F-Droid's autoupdate infrastructure.
đ¸ Screenshots
n/a
â° Reminders before review
- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Protected functional changes with optionality (feature flags)
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
đĻŽ Reviewer guidelines
- đ (
:+1:) or similar for great changes - đ (
:memo:) or âšī¸ (:information_source:) for notes or general info - â (
:question:) for questions - đ¤ (
:thinking:) or đ (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - đ¨ (
:art:) for suggestions / improvements - â (
:x:) or â ī¸ (:warning:) for more significant problems or concerns needing attention - đą (
:seedling:) or âģī¸ (:recycle:) for future improvements or indications of technical debt - â (
:pick:) for minor or nitpick changes
Both Proton Drive (the link) and this are instances of the APK being distributed having another version code+name than what the tagged source produces and what the tag says. And both are instances of dynamically generating the version name + code.
@thgoebel
I am not sure why you can't see Issues here on GitHub. It should be enabled.
- Yes, we had to cowboy the release a little this first time around. Seems we screwed some things up. We are working on automating it all for future releases.
- We also plan to submit to F-Droid in time.
I opened a merge request for this: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/15251
The biggest issue I spot is the private maven repo: https://github.com/bitwarden/authenticator-android/blob/be96f1b9d42207f6261002ab93a83eb91bb36d1a/settings.gradle.kts#L35C1-L35C68
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
