From 364e23d8a55d0f30f5cdf9fb2556f1263b6613e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?=
 <mchecinski@bitwarden.com>
Date: Wed, 3 Jan 2024 16:48:51 +0100
Subject: [PATCH] [DEVOPS-1656] Update Web build workflow to automatically
 trigger DevTest deploy (#7307)

---
 .github/workflows/build-web.yml | 37 +++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml
index 7fc9a9f7a6..7172ecb520 100644
--- a/.github/workflows/build-web.yml
+++ b/.github/workflows/build-web.yml
@@ -292,6 +292,39 @@ jobs:
           upload_sources: true
           upload_translations: false
 
+  trigger-web-vault-deploy:
+    name: Trigger web vault deploy
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-22.04
+    needs: build-artifacts
+    steps:
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve github PAT secrets
+        id: retrieve-secret-pat
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
+
+      - name: Trigger web vault deploy
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
+        with:
+          github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+          script: |
+            await github.rest.actions.createWorkflowDispatch({
+              owner: 'bitwarden',
+              repo: 'clients',
+              workflow_id: 'deploy-web.yml',
+              ref: 'main',
+              inputs: {
+                environment: 'USDEV',
+                tag: 'main'
+              }
+            })
 
   check-failures:
     name: Check for failures
@@ -303,6 +336,7 @@ jobs:
       - build-artifacts
       - build-containers
       - crowdin-push
+      - trigger-web-vault-deploy
     steps:
       - name: Check if any job failed
         if: ${{ (github.ref == 'refs/heads/main') || (github.ref == 'refs/heads/rc') }}
@@ -312,6 +346,7 @@ jobs:
           ARTIFACT_STATUS: ${{ needs.build-artifacts.result }}
           BUILD_CONTAINERS_STATUS: ${{ needs.build-containers.result }}
           CROWDIN_PUSH_STATUS: ${{ needs.crowdin-push.result }}
+          TRIGGER_WEB_VAULT_DEPLOY_STATUS: ${{ needs.trigger-web-vault-deploy.result }}
         run: |
           if [ "$CLOC_STATUS" = "failure" ]; then
               exit 1
@@ -325,6 +360,8 @@ jobs:
               exit 1
           elif [ "$CROWDIN_PUSH_STATUS" = "failure" ]; then
               exit 1
+          elif [ "$TRIGGER_WEB_VAULT_DEPLOY_STATUS" = "failure" ]; then
+              exit 1
           fi
 
       - name: Login to Azure - Prod Subscription