diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e9360c73ab..99bea676bf 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -85,13 +85,9 @@ apps/web/src/app/shared @bitwarden/team-platform-dev apps/web/src/translation-constants.ts @bitwarden/team-platform-dev # Workflows .github/workflows/brew-bump-desktop.yml @bitwarden/team-platform-dev -.github/workflows/build-browser-target.yml @bitwarden/team-platform-dev .github/workflows/build-browser.yml @bitwarden/team-platform-dev -.github/workflows/build-cli-target.yml @bitwarden/team-platform-dev .github/workflows/build-cli.yml @bitwarden/team-platform-dev -.github/workflows/build-desktop-target.yml @bitwarden/team-platform-dev .github/workflows/build-desktop.yml @bitwarden/team-platform-dev -.github/workflows/build-web-target.yml @bitwarden/team-platform-dev .github/workflows/build-web.yml @bitwarden/team-platform-dev .github/workflows/chromatic.yml @bitwarden/team-platform-dev .github/workflows/lint.yml @bitwarden/team-platform-dev diff --git a/.github/workflows/build-browser-target.yml b/.github/workflows/build-browser-target.yml deleted file mode 100644 index 12a08cf50a..0000000000 --- a/.github/workflows/build-browser-target.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Build Browser on PR Target - -on: - pull_request_target: - types: [opened, synchronize] - branches-ignore: - - 'l10n_master' - - 'cf-pages' - paths: - - 'apps/browser/**' - - 'libs/**' - - '*' - - '!*.md' - - '!*.txt' - workflow_call: - inputs: {} - workflow_dispatch: - inputs: - sdk_branch: - description: "Custom SDK branch" - required: false - type: string - -defaults: - run: - shell: bash - -jobs: - check-run: - name: Check PR run - uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main - - run-workflow: - name: Run Build Browser on PR Target - needs: check-run - if: ${{ github.event.pull_request.head.repo.full_name != github.repository }} - uses: ./.github/workflows/build-browser.yml - secrets: inherit - diff --git a/.github/workflows/build-browser.yml b/.github/workflows/build-browser.yml index 56a980bf0f..7740e418e7 100644 --- a/.github/workflows/build-browser.yml +++ b/.github/workflows/build-browser.yml @@ -1,7 +1,7 @@ name: Build Browser on: - pull_request: + pull_request_target: types: [opened, synchronize] branches-ignore: - 'l10n_master' @@ -38,14 +38,19 @@ defaults: shell: bash jobs: + check-run: + name: Check PR run + uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main + setup: name: Setup runs-on: ubuntu-22.04 + needs: + - check-run outputs: repo_url: ${{ steps.gen_vars.outputs.repo_url }} adj_build_number: ${{ steps.gen_vars.outputs.adj_build_number }} node_version: ${{ steps.retrieve-node-version.outputs.node_version }} - has_secrets: ${{ steps.check-secrets.outputs.has_secrets }} steps: - name: Check out repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -69,14 +74,6 @@ jobs: NODE_VERSION=${NODE_NVMRC/v/''} echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT - - name: Check secrets - id: check-secrets - env: - AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - run: | - has_secrets=${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL != '' }} - echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT - locales-test: name: Locales Test @@ -284,7 +281,6 @@ jobs: needs: - setup - locales-test - if: ${{ needs.setup.outputs.has_secrets == 'true' }} env: _BUILD_NUMBER: ${{ needs.setup.outputs.adj_build_number }} _NODE_VERSION: ${{ needs.setup.outputs.node_version }} diff --git a/.github/workflows/build-cli-target.yml b/.github/workflows/build-cli-target.yml deleted file mode 100644 index 89f8b63b52..0000000000 --- a/.github/workflows/build-cli-target.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Build CLI on PR Target - -on: - pull_request_target: - types: [opened, synchronize] - branches-ignore: - - 'l10n_master' - - 'cf-pages' - paths: - - 'apps/cli/**' - - 'libs/**' - - '*' - - '!*.md' - - '!*.txt' - - '.github/workflows/build-cli.yml' - - 'bitwarden_license/bit-cli/**' - workflow_dispatch: - inputs: - sdk_branch: - description: "Custom SDK branch" - required: false - type: string - -defaults: - run: - shell: bash - -jobs: - check-run: - name: Check PR run - uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main - - run-workflow: - name: Run Build CLI on PR Target - needs: check-run - if: ${{ github.event.pull_request.head.repo.full_name != github.repository }} - uses: ./.github/workflows/build-cli.yml - secrets: inherit - diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml index 35970a8b30..d480879fb1 100644 --- a/.github/workflows/build-cli.yml +++ b/.github/workflows/build-cli.yml @@ -1,7 +1,7 @@ name: Build CLI on: - pull_request: + pull_request_target: types: [opened, synchronize] branches-ignore: - 'l10n_master' @@ -27,8 +27,6 @@ on: - '!*.txt' - '.github/workflows/build-cli.yml' - 'bitwarden_license/bit-cli/**' - workflow_call: - inputs: {} workflow_dispatch: inputs: sdk_branch: @@ -41,13 +39,18 @@ defaults: working-directory: apps/cli jobs: + check-run: + name: Check PR run + uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main + setup: name: Setup runs-on: ubuntu-22.04 + needs: + - check-run outputs: package_version: ${{ steps.retrieve-package-version.outputs.package_version }} node_version: ${{ steps.retrieve-node-version.outputs.node_version }} - has_secrets: ${{ steps.check-secrets.outputs.has_secrets }} steps: - name: Check out repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -68,14 +71,6 @@ jobs: NODE_VERSION=${NODE_NVMRC/v/''} echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT - - name: Check secrets - id: check-secrets - env: - AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - run: | - has_secrets=${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL != '' }} - echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT - cli: name: CLI ${{ matrix.os.base }} - ${{ matrix.license_type.readable }} strategy: @@ -122,7 +117,7 @@ jobs: working-directory: ./ - name: Download SDK Artifacts - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' }} uses: bitwarden/gh-actions/download-artifacts@main with: github_token: ${{secrets.GITHUB_TOKEN}} @@ -135,7 +130,7 @@ jobs: if_no_artifact_found: fail - name: Override SDK - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' }} working-directory: ./ run: | ls -l ../ @@ -277,7 +272,7 @@ jobs: working-directory: ./ - name: Download SDK Artifacts - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' }} uses: bitwarden/gh-actions/download-artifacts@main with: github_token: ${{secrets.GITHUB_TOKEN}} @@ -290,7 +285,7 @@ jobs: if_no_artifact_found: fail - name: Override SDK - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' }} working-directory: ./ run: | ls -l ../ diff --git a/.github/workflows/build-desktop-target.yml b/.github/workflows/build-desktop-target.yml deleted file mode 100644 index b9ea9cacb8..0000000000 --- a/.github/workflows/build-desktop-target.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Build Desktop on PR Target - -on: - pull_request_target: - types: [opened, synchronize] - branches-ignore: - - 'l10n_master' - - 'cf-pages' - paths: - - 'apps/desktop/**' - - 'libs/**' - - '*' - - '!*.md' - - '!*.txt' - - '.github/workflows/build-desktop.yml' - workflow_dispatch: - inputs: - sdk_branch: - description: "Custom SDK branch" - required: false - type: string - -defaults: - run: - shell: bash - -jobs: - check-run: - name: Check PR run - uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main - - run-workflow: - name: Run Build Desktop on PR Target - needs: check-run - if: ${{ github.event.pull_request.head.repo.full_name != github.repository }} - uses: ./.github/workflows/build-desktop.yml - secrets: inherit - diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index e35dee54e0..bc9bdec396 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -1,7 +1,7 @@ name: Build Desktop on: - pull_request: + pull_request_target: types: [opened, synchronize] branches-ignore: - 'l10n_master' @@ -25,8 +25,6 @@ on: - '!*.md' - '!*.txt' - '.github/workflows/build-desktop.yml' - workflow_call: - inputs: {} workflow_dispatch: inputs: sdk_branch: @@ -39,9 +37,15 @@ defaults: shell: bash jobs: + check-run: + name: Check PR run + uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main + electron-verify: name: Verify Electron Version runs-on: ubuntu-22.04 + needs: + - check-run steps: - name: Check out repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -63,6 +67,8 @@ jobs: setup: name: Setup runs-on: ubuntu-22.04 + needs: + - check-run outputs: package_version: ${{ steps.retrieve-version.outputs.package_version }} release_channel: ${{ steps.release-channel.outputs.channel }} @@ -70,7 +76,6 @@ jobs: rc_branch_exists: ${{ steps.branch-check.outputs.rc_branch_exists }} hotfix_branch_exists: ${{ steps.branch-check.outputs.hotfix_branch_exists }} node_version: ${{ steps.retrieve-node-version.outputs.node_version }} - has_secrets: ${{ steps.check-secrets.outputs.has_secrets }} defaults: run: working-directory: apps/desktop @@ -133,14 +138,6 @@ jobs: NODE_VERSION=${NODE_NVMRC/v/''} echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT - - name: Check secrets - id: check-secrets - env: - AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - run: | - has_secrets=${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL != '' }} - echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT - linux: name: Linux Build # Note, before updating the ubuntu version of the workflow, ensure the snap base image @@ -336,14 +333,12 @@ jobs: rustup show - name: Login to Azure - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: "bitwarden-ci" @@ -358,7 +353,7 @@ jobs: working-directory: ./ - name: Download SDK Artifacts - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' }} uses: bitwarden/gh-actions/download-artifacts@main with: github_token: ${{secrets.GITHUB_TOKEN}} @@ -371,7 +366,7 @@ jobs: if_no_artifact_found: fail - name: Override SDK - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' }} working-directory: ./ run: | ls -l ../ @@ -391,17 +386,7 @@ jobs: working-directory: apps/desktop/desktop_native run: node build.js cross-platform - - name: Build - run: | - npm run build - - - name: Pack - if: ${{ needs.setup.outputs.has_secrets == 'false' }} - run: | - npm run pack:win - - - name: Pack & Sign (dev) - if: ${{ needs.setup.outputs.has_secrets == 'true' }} + - name: Build & Sign (dev) env: ELECTRON_BUILDER_SIGN: 1 SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }} @@ -410,10 +395,10 @@ jobs: SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }} SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }} run: | + npm run build npm run pack:win - name: Rename appx files for store - if: ${{ needs.setup.outputs.has_secrets == 'true' }} run: | Copy-Item "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx" ` -Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx" @@ -423,7 +408,6 @@ jobs: -Destination "./dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx" - name: Package for Chocolatey - if: ${{ needs.setup.outputs.has_secrets == 'true' }} run: | Copy-Item -Path ./stores/chocolatey -Destination ./dist/chocolatey -Recurse Copy-Item -Path ./dist/nsis-web/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe ` @@ -435,7 +419,6 @@ jobs: choco pack ./dist/chocolatey/bitwarden.nuspec --version "$env:_PACKAGE_VERSION" --out ./dist/chocolatey - name: Fix NSIS artifact names for auto-updater - if: ${{ needs.setup.outputs.has_secrets == 'true' }} run: | Rename-Item -Path .\dist\nsis-web\Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z ` -NewName bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z @@ -452,7 +435,6 @@ jobs: if-no-files-found: error - name: Upload installer exe artifact - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe @@ -460,7 +442,6 @@ jobs: if-no-files-found: error - name: Upload appx ia32 artifact - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx @@ -468,7 +449,6 @@ jobs: if-no-files-found: error - name: Upload store appx ia32 artifact - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx @@ -476,7 +456,6 @@ jobs: if-no-files-found: error - name: Upload NSIS ia32 artifact - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z @@ -484,7 +463,6 @@ jobs: if-no-files-found: error - name: Upload appx x64 artifact - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx @@ -492,7 +470,6 @@ jobs: if-no-files-found: error - name: Upload store appx x64 artifact - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx @@ -500,7 +477,6 @@ jobs: if-no-files-found: error - name: Upload NSIS x64 artifact - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z @@ -508,7 +484,6 @@ jobs: if-no-files-found: error - name: Upload appx ARM64 artifact - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx @@ -516,7 +491,6 @@ jobs: if-no-files-found: error - name: Upload store appx ARM64 artifact - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx @@ -524,7 +498,6 @@ jobs: if-no-files-found: error - name: Upload NSIS ARM64 artifact - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z @@ -532,7 +505,6 @@ jobs: if-no-files-found: error - name: Upload nupkg artifact - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: bitwarden.${{ env._PACKAGE_VERSION }}.nupkg @@ -540,7 +512,6 @@ jobs: if-no-files-found: error - name: Upload auto-update artifact - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: ${{ needs.setup.outputs.release_channel }}.yml @@ -603,13 +574,11 @@ jobs: key: ${{ runner.os }}-${{ github.run_id }}-safari-extension - name: Login to Azure - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Download Provisioning Profiles secrets - if: ${{ needs.setup.outputs.has_secrets == 'true' }} env: ACCOUNT_NAME: bitwardenci CONTAINER_NAME: profiles @@ -622,7 +591,6 @@ jobs: --output none - name: Get certificates - if: ${{ needs.setup.outputs.has_secrets == 'true' }} run: | mkdir -p $HOME/certificates @@ -645,7 +613,6 @@ jobs: jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12 - name: Set up keychain - if: ${{ needs.setup.outputs.has_secrets == 'true' }} env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | @@ -675,7 +642,6 @@ jobs: security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Set up provisioning profiles - if: ${{ needs.setup.outputs.has_secrets == 'true' }} run: | cp $HOME/secrets/bitwarden_desktop_appstore.provisionprofile \ $GITHUB_WORKSPACE/apps/desktop/bitwarden_desktop_appstore.provisionprofile @@ -695,7 +661,7 @@ jobs: working-directory: ./ - name: Download SDK Artifacts - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' }} uses: bitwarden/gh-actions/download-artifacts@main with: github_token: ${{secrets.GITHUB_TOKEN}} @@ -708,7 +674,7 @@ jobs: if_no_artifact_found: fail - name: Override SDK - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' }} working-directory: ./ run: | ls -l ../ @@ -735,7 +701,6 @@ jobs: browser-build: name: Browser Build needs: setup - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: ./.github/workflows/build-browser.yml secrets: inherit @@ -743,7 +708,6 @@ jobs: macos-package-github: name: MacOS Package GitHub Release Assets runs-on: macos-13 - if: ${{ needs.setup.outputs.has_secrets == 'true' }} needs: - browser-build - macos-build @@ -985,7 +949,6 @@ jobs: macos-package-mas: name: MacOS Package Prod Release Asset runs-on: macos-13 - if: ${{ needs.setup.outputs.has_secrets == 'true' }} needs: - browser-build - macos-build @@ -1253,7 +1216,6 @@ jobs: macos-package-dev: name: MacOS Package Dev Release Asset runs-on: macos-13 - if: ${{ needs.setup.outputs.has_secrets == 'true' }} needs: - browser-build - macos-build diff --git a/.github/workflows/build-web-target.yml b/.github/workflows/build-web-target.yml deleted file mode 100644 index 9a9cd73543..0000000000 --- a/.github/workflows/build-web-target.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: Build Web on PR Target - -on: - pull_request_target: - types: [opened, synchronize] - branches-ignore: - - 'l10n_master' - - 'cf-pages' - paths: - - 'apps/web/**' - - 'libs/**' - - '*' - - '!*.md' - - '!*.txt' - - '.github/workflows/build-web.yml' - workflow_dispatch: - inputs: - custom_tag_extension: - description: "Custom image tag extension" - required: false - sdk_branch: - description: "Custom SDK branch" - required: false - type: string - -defaults: - run: - shell: bash - -jobs: - check-run: - name: Check PR run - uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main - - run-workflow: - name: Run Build Web on PR Target - needs: check-run - if: ${{ github.event.pull_request.head.repo.full_name != github.repository }} - uses: ./.github/workflows/build-web.yml - secrets: inherit - diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml index 2360f87682..6e5e11c336 100644 --- a/.github/workflows/build-web.yml +++ b/.github/workflows/build-web.yml @@ -1,7 +1,7 @@ name: Build Web on: - pull_request: + pull_request_target: types: [opened, synchronize] branches-ignore: - 'l10n_master' @@ -27,8 +27,6 @@ on: - '.github/workflows/build-web.yml' release: types: [published] - workflow_call: - inputs: {} workflow_dispatch: inputs: custom_tag_extension: @@ -43,13 +41,18 @@ env: _AZ_REGISTRY: bitwardenprod.azurecr.io jobs: + check-run: + name: Check PR run + uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main + setup: name: Setup runs-on: ubuntu-22.04 + needs: + - check-run outputs: version: ${{ steps.version.outputs.value }} node_version: ${{ steps.retrieve-node-version.outputs.node_version }} - has_secrets: ${{ steps.check-secrets.outputs.has_secrets }} steps: - name: Check out repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -67,14 +70,6 @@ jobs: NODE_VERSION=${NODE_NVMRC/v/''} echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT - - name: Check secrets - id: check-secrets - env: - AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - run: | - has_secrets=${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL != '' }} - echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT - build-artifacts: name: Build artifacts runs-on: ubuntu-22.04 @@ -133,7 +128,7 @@ jobs: run: npm ci - name: Download SDK Artifacts - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' }} uses: bitwarden/gh-actions/download-artifacts@main with: github_token: ${{secrets.GITHUB_TOKEN}} @@ -146,7 +141,7 @@ jobs: if_no_artifact_found: fail - name: Override SDK - if: ${{ inputs.sdk_branch != '' && needs.setup.outputs.has_secrets == 'true' }} + if: ${{ inputs.sdk_branch != '' }} working-directory: ./ run: | ls -l ../ @@ -215,23 +210,19 @@ jobs: ########## ACRs ########## - name: Login to Prod Azure - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Log into Prod container registry - if: ${{ needs.setup.outputs.has_secrets == 'true' }} run: az acr login -n bitwardenprod - name: Login to Azure - CI Subscription - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve github PAT secrets - if: ${{ needs.setup.outputs.has_secrets == 'true' }} id: retrieve-secret-pat uses: bitwarden/gh-actions/get-keyvault-secrets@main with: @@ -279,7 +270,6 @@ jobs: run: echo "name=$_AZ_REGISTRY/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT - name: Build Docker image - if: ${{ needs.setup.outputs.has_secrets == 'true' }} uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: apps/web diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 1b738bd7bc..9dc72c7fdd 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,20 +1,12 @@ name: Lint on: - pull_request: - types: [opened, synchronize] + push: branches-ignore: - 'l10n_master' - 'cf-pages' paths-ignore: - '.github/workflows/**' - push: - branches: - - 'main' - - 'rc' - - 'hotfix-rc-*' - paths-ignore: - - '.github/workflows/**' workflow_dispatch: inputs: {}