Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-07-11 13:06:03 +02:00
Code Issues Projects Releases Wiki Activity
680e91b254
bitwarden-browser/.github/workflows/staged-rollout-desktop.yml

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

138 lines
5.5 KiB
YAML
Raw Normal View History

Add staged rollout desktop workflow (#3702)
2022-10-06 15:54:37 +02:00
---
name: Staged Rollout Desktop
on:
workflow_dispatch:
DEVOPS-915 - Automate Staged Rollouts for Desktop (#3704)
2022-10-11 16:46:36 +02:00
inputs:
rollout_percentage:
description: 'Staged Rollout Percentage'
required: true
default: '10'
type: string
Add staged rollout desktop workflow (#3702)
2022-10-06 15:54:37 +02:00
defaults:
run:
shell: bash
jobs:
Add branch check for Staged Rollout Desktop workflow (#4062)
2022-11-16 16:48:49 +01:00
setup:
name: Setup
runs-on: ubuntu-22.04
steps:
- name: Checkout repo
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Branch check
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-desktop" ]]; then
echo "==================================="
echo "[!] Can only increase rollout from the 'rc' or 'hotfix-rc-desktop' branches"
echo "==================================="
exit 1
fi
DEVOPS-915 - Automate Staged Rollouts for Desktop (#3704)
2022-10-11 16:46:36 +02:00
rollout:
name: Update Rollout Percentage
Add staged rollout desktop workflow (#3702)
2022-10-06 15:54:37 +02:00
runs-on: ubuntu-22.04
Add branch check for Staged Rollout Desktop workflow (#4062)
2022-11-16 16:48:49 +01:00
needs: setup
Add staged rollout desktop workflow (#3702)
2022-10-06 15:54:37 +02:00
steps:
DEVOPS-915 - Automate Staged Rollouts for Desktop (#3704)
2022-10-11 16:46:36 +02:00
- name: Login to Azure
uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
with:
keyvault: "bitwarden-prod-kv"
secrets: "aws-electron-access-id,
aws-electron-access-key,
aws-electron-bucket-name,
r2-electron-access-id,
r2-electron-access-key,
r2-electron-bucket-name,
cf-prod-account"
- name: Download channel update info files from S3
env:
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }}
AWS_DEFAULT_REGION: 'us-west-2'
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.aws-electron-bucket-name }}
run: |
aws s3 cp $AWS_S3_BUCKET_NAME/desktop/latest.yml . \
--quiet
aws s3 cp $AWS_S3_BUCKET_NAME/desktop/latest-linux.yml . \
--quiet
aws s3 cp $AWS_S3_BUCKET_NAME/desktop/latest-mac.yml . \
--quiet
- name: Download channel update info files from R2
env:
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.r2-electron-access-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.r2-electron-access-key }}
AWS_DEFAULT_REGION: 'us-east-1'
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.r2-electron-bucket-name }}
CF_ACCOUNT: ${{ steps.retrieve-secrets.outputs.cf-prod-account }}
run: |
aws s3 cp $AWS_S3_BUCKET_NAME/desktop/latest.yml . \
--quiet \
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
aws s3 cp $AWS_S3_BUCKET_NAME/desktop/latest-linux.yml . \
--quiet \
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
aws s3 cp $AWS_S3_BUCKET_NAME/desktop/latest-mac.yml . \
--quiet \
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
- name: Check new rollout percentage
env:
NEW_PCT: ${{ github.event.inputs.rollout_percentage }}
run: |
CURRENT_PCT=$(sed -r -n "s/stagingPercentage:\s([0-9]+)/\1/p" latest.yml)
echo "Current percentage: ${CURRENT_PCT}"
echo "New percentage: ${NEW_PCT}"
echo
if [ "$NEW_PCT" -le "$CURRENT_PCT" ]; then
echo "New percentage (${NEW_PCT}) must be higher than current percentage (${CURRENT_PCT})!"
echo
echo "If you want to pull a staged release because it hasnt gone well, you must increment the version \
number higher than your broken release. Because some of your users will be on the broken 1.0.1, \
releasing a new 1.0.1 would result in them staying on a broken version.”
exit 1
fi
- name: Set staged rollout percentage
env:
ROLLOUT_PCT: ${{ github.event.inputs.rollout_percentage }}
run: |
sed -i -r "/stagingPercentage/s/[0-9]+/${ROLLOUT_PCT}/" latest.yml
sed -i -r "/stagingPercentage/s/[0-9]+/${ROLLOUT_PCT}/" latest-linux.yml
sed -i -r "/stagingPercentage/s/[0-9]+/${ROLLOUT_PCT}/" latest-mac.yml
- name: Publish channel update info files to S3
env:
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }}
AWS_DEFAULT_REGION: 'us-west-2'
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.aws-electron-bucket-name }}
run: |
aws s3 cp ./ $AWS_S3_BUCKET_NAME/desktop/ \
--include "latest*.yml" \
--acl "public-read" \
--quiet
- name: Publish channel update info files to R2
env:
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.r2-electron-access-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.r2-electron-access-key }}
AWS_DEFAULT_REGION: 'us-east-1'
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.r2-electron-bucket-name }}
CF_ACCOUNT: ${{ steps.retrieve-secrets.outputs.cf-prod-account }}
run: |
aws s3 cp ./ $AWS_S3_BUCKET_NAME/desktop/ \
--include "latest*.yml" \
--quiet \
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
Reference in New Issue Copy Permalink