From d86c918e7161df3cfa27f179394a3f6ad7f2373b Mon Sep 17 00:00:00 2001
From: Andy Pixley <3723676+pixman20@users.noreply.github.com>
Date: Wed, 19 Nov 2025 16:11:51 -0500
Subject: [PATCH] [BRE-1303] Providing method for pinning Chrome extension ID
 for dev (#17432)

---
 .github/workflows/build-browser.yml         | 17 +++++++++++
 apps/browser/package.json                   |  7 ++++-
 apps/browser/scripts/update-manifest-dev.sh | 34 +++++++++++++++++++++
 3 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100755 apps/browser/scripts/update-manifest-dev.sh

diff --git a/.github/workflows/build-browser.yml b/.github/workflows/build-browser.yml
index dc71d33d605..772cb25d98d 100644
--- a/.github/workflows/build-browser.yml
+++ b/.github/workflows/build-browser.yml
@@ -218,6 +218,7 @@ jobs:
             source_archive_name_prefix: ""
             archive_name_prefix: ""
             npm_command_prefix: "dist:"
+            npm_package_dev_prefix: "package:dev:"
             readable: "open source license"
             type: "oss"
           - build_prefix: "bit-"
@@ -225,6 +226,7 @@ jobs:
             source_archive_name_prefix: "bit-"
             archive_name_prefix: "bit-"
             npm_command_prefix: "dist:bit:"
+            npm_package_dev_prefix: "package:bit:dev:"
             readable: "commercial license"
             type: "commercial"
         browser:
@@ -232,6 +234,8 @@ jobs:
             npm_command_suffix: "chrome"
             archive_name: "dist-chrome.zip"
             artifact_name: "dist-chrome-MV3"
+            artifact_name_dev: "dev-chrome-MV3"
+            archive_name_dev: "dev-chrome.zip"
           - name: "edge"
             npm_command_suffix: "edge"
             archive_name: "dist-edge.zip"
@@ -338,6 +342,19 @@ jobs:
           path: browser-source/apps/browser/dist/${{matrix.license_type.archive_name_prefix}}${{ matrix.browser.archive_name }}
           if-no-files-found: error
 
+      - name: Package dev extension
+        if: ${{ matrix.browser.archive_name_dev != '' }}
+        run: npm run ${{ matrix.license_type.npm_package_dev_prefix }}${{ matrix.browser.npm_command_suffix }}
+        working-directory: browser-source/apps/browser
+
+      - name: Upload dev extension artifact
+        if: ${{ matrix.browser.archive_name_dev != '' }}
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: ${{ matrix.license_type.artifact_prefix }}${{ matrix.browser.artifact_name_dev }}-${{ env._BUILD_NUMBER }}.zip
+          path: browser-source/apps/browser/dist/${{matrix.license_type.archive_name_prefix}}${{ matrix.browser.archive_name_dev }}
+          if-no-files-found: error
+
 
   build-safari:
     name: Build Safari - ${{ matrix.license_type.readable }}
diff --git a/apps/browser/package.json b/apps/browser/package.json
index 72e112e62f7..a6a88b53db0 100644
--- a/apps/browser/package.json
+++ b/apps/browser/package.json
@@ -6,6 +6,8 @@
     "build:bit": "npm run build:bit:chrome",
     "build:chrome": "cross-env BROWSER=chrome MANIFEST_VERSION=3 NODE_OPTIONS=\"--max-old-space-size=8192\" webpack",
     "build:bit:chrome": "cross-env BROWSER=chrome MANIFEST_VERSION=3 NODE_OPTIONS=\"--max-old-space-size=8192\" webpack -c ../../bitwarden_license/bit-browser/webpack.config.js",
+    "build:dev:chrome": "npm run build:chrome && npm run update:dev:chrome",
+    "build:bit:dev:chrome": "npm run build:bit:chrome && npm run update:dev:chrome",
     "build:edge": "cross-env BROWSER=edge MANIFEST_VERSION=3 NODE_OPTIONS=\"--max-old-space-size=8192\" webpack",
     "build:bit:edge": "cross-env BROWSER=edge MANIFEST_VERSION=3 NODE_OPTIONS=\"--max-old-space-size=8192\" webpack -c ../../bitwarden_license/bit-browser/webpack.config.js",
     "build:firefox": "cross-env BROWSER=firefox NODE_OPTIONS=\"--max-old-space-size=8192\" webpack",
@@ -55,9 +57,12 @@
     "dist:bit:opera:mv3": "cross-env MANIFEST_VERSION=3 npm run dist:bit:opera",
     "dist:safari:mv3": "cross-env MANIFEST_VERSION=3 npm run dist:safari",
     "dist:bit:safari:mv3": "cross-env MANIFEST_VERSION=3 npm run dist:bit:safari",
+    "package:dev:chrome": "npm run update:dev:chrome && ./scripts/compress.sh dev-chrome.zip",
+    "package:bit:dev:chrome": "npm run update:dev:chrome && ./scripts/compress.sh bit-dev-chrome.zip",
     "test": "jest",
     "test:watch": "jest --watch",
     "test:watch:all": "jest --watchAll",
-    "test:clearCache": "jest --clear-cache"
+    "test:clearCache": "jest --clear-cache",
+    "update:dev:chrome": "./scripts/update-manifest-dev.sh"
   }
 }
diff --git a/apps/browser/scripts/update-manifest-dev.sh b/apps/browser/scripts/update-manifest-dev.sh
new file mode 100755
index 00000000000..2823d4cb510
--- /dev/null
+++ b/apps/browser/scripts/update-manifest-dev.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+####
+# Update the manifest key in the build directory.
+####
+
+set -e
+set -u
+set -x
+set -o pipefail
+
+SCRIPT_ROOT="$(dirname "$0")"
+BUILD_DIR="$SCRIPT_ROOT/../build"
+
+# Check if build directory exists
+if [ -d "$BUILD_DIR" ]; then
+  cd "$BUILD_DIR"
+
+  # Update manifest with dev public key
+  MANIFEST_PATH="./manifest.json"
+
+  # Generated arbitrary public key from Chrome Dev Console to pin side-loaded extension IDs during development
+  DEV_PUBLIC_KEY='MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIvjtsAVWZM0i5jFhSZcrmwgaf3KWcxM5F16LNDNeivC1EqJ+H5xNZ5R9UN5ueHA2xyyYAOlxY07OcY6CKTGJRJyefbUhszb66sdx26SV5gVkCois99fKBlsbSbd6und/BJYmoFUWvFCNNVH+OxLMqMQWjMMhM2ItLqTYi7dxRE5qd+7LwQpnGG2vTkm/O7nu8U3CtkfcIAGLsiTd7/iuytcMDnC0qFM5tJyY/5I+9QOhpUJ7Ybj3C18BDWDORhqxutWv+MSw//SgUn2/lPQrnrKq7FIVQL7FxxEPqkv4QwFvaixps1cBbMdJ1Ygit1z5JldoSyNxzCa5vVcJLecMQIDAQAB'
+
+  MANIFEST_PATH_TMP="${MANIFEST_PATH}.tmp"
+  if jq --arg key "$DEV_PUBLIC_KEY" '.key = $key' "$MANIFEST_PATH" > "$MANIFEST_PATH_TMP"; then
+    mv "$MANIFEST_PATH_TMP" "$MANIFEST_PATH"
+    echo "Updated manifest key in $MANIFEST_PATH"
+  else
+    echo "ERROR: Failed to update manifest with jq"
+    rm -f "$MANIFEST_PATH_TMP"
+    exit 1
+  fi
+fi