1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-12-22 16:29:09 +01:00

Revert "restrict deployment to USDEV and protect environment (#9571)" (#9583)

This reverts commit f9faeeba4c.
This commit is contained in:
Opeyemi 2024-06-11 15:31:37 +01:00 committed by GitHub
parent f9faeeba4c
commit 9a35608fc3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -112,48 +112,13 @@ jobs:
echo "azure-login-creds=AZURE_KV_US_DEV_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT echo "azure-login-creds=AZURE_KV_US_DEV_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
echo "retrieve-secrets-keyvault=webvault-eastus-dev" >> $GITHUB_OUTPUT echo "retrieve-secrets-keyvault=webvault-eastus-dev" >> $GITHUB_OUTPUT
echo "environment-artifact=web-*-cloud-usdev.zip" >> $GITHUB_OUTPUT echo "environment-artifact=web-*-cloud-usdev.zip" >> $GITHUB_OUTPUT
echo "environment-name=Web Vault - US DEV Cloud" >> $GITHUB_OUTPUT echo "environment-name=Web Vault - US Development Cloud" >> $GITHUB_OUTPUT
echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT
;; ;;
esac esac
# Set the sync utility to use for deployment to the environment (az-sync or azcopy) # Set the sync utility to use for deployment to the environment (az-sync or azcopy)
echo "sync-utility=azcopy" >> $GITHUB_OUTPUT echo "sync-utility=azcopy" >> $GITHUB_OUTPUT
- name: Environment Protection
env:
TAG: ${{ steps.project_tag.outputs.tag }}
run: |
BRANCH_OR_TAG_LOWER=$(echo ${{ inputs.branch-or-tag }} | awk '{print tolower($0)}')
PROD_ENV_PATTERN='USPROD|EUPROD'
PROD_ALLOWED_TAGS_PATTERN='web-v[0-9]+\.[0-9]+\.[0-9]+'
QA_ENV_PATTERN='USQA|EUQA'
QA_ALLOWED_TAGS_PATTERN='.*'
DEV_ENV_PATTERN='USDEV'
DEV_ALLOWED_TAGS_PATTERN='.*'
if [[ \
${{ inputs.environment }} =~ \.*($PROD_ENV_PATTERN)\.* && \
! "$BRANCH_OR_TAG_LOWER" =~ ^($PROD_ALLOWED_TAGS_PATTERN).* \
]] || [[ \
${{ inputs.environment }} =~ \.*($QA_ENV_PATTERN)\.* && \
! "$BRANCH_OR_TAG_LOWER" =~ ^($QA_ALLOWED_TAGS_PATTERN).* \
]] || [[ \
=~ \.*($DEV_ENV_PATTERN)\.* && \
! "$BRANCH_OR_TAG_LOWER" =~ ^($DEV_ALLOWED_TAGS_PATTERN).* \
]]; then
echo "!Deployment blocked!"
echo "Attempting to deploy a tag that is not allowed in ${{ inputs.environment }} environment"
echo
echo "Environment: ${{ inputs.environment }}
echo "Tag: ${{ inputs.branch-or-tag }}
exit 1
else
echo "${{ inputs.branch-or-tag }} is allowed to deployed on to ${{ inputs.environment }} environment"
fi
approval: approval:
name: Approval for Deployment to ${{ needs.setup.outputs.environment-name }} name: Approval for Deployment to ${{ needs.setup.outputs.environment-name }}
needs: setup needs: setup
@ -241,31 +206,6 @@ jobs:
echo "commit=${{ steps.download-latest-artifacts.outputs.artifact-build-commit }}" >> $GITHUB_OUTPUT echo "commit=${{ steps.download-latest-artifacts.outputs.artifact-build-commit }}" >> $GITHUB_OUTPUT
fi fi
- name: Ensure artifact is from main branch for USDEV environment
if: ${{ 'inputs.environment' == 'USDEV'}}
run: |
# If run-id was used
if [ "${{ inputs.build-web-run-id }}" ]; then
if [ "${{ steps.download-latest-artifacts.outputs.artifact-build-branch }}" != "main" ]; then
echo "Artifact is not from main branch"
exit 1
fi
# If artifact download failed
elif [ "${{ steps.download-latest-artifacts.outcome }}" == "failure" ]; then
branch=$(gh api /repos/bitwarden/clients/actions/runs/${{ steps.trigger-build-web.outputs.workflow_id }}/artifacts --jq '.artifacts[0].workflow_run.head_branch')
if [ "$branch" != "main" ]; then
echo "Artifact is not from main branch"
exit 1
fi
else
if [ "${{ steps.download-latest-artifacts.outputs.artifact-build-branch }}" != "main" ]; then
echo "Artifact is not from main branch"
exit 1
fi
fi
notify-start: notify-start:
name: Notify Slack with start message name: Notify Slack with start message
needs: needs: