From ab0ce71db8bd90f15471ec8e5bb905e0ca36c951 Mon Sep 17 00:00:00 2001
From: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com>
Date: Tue, 21 Sep 2021 09:37:17 -0700
Subject: [PATCH] Updating to new CI model (#1196)
* starting the new pipeline model update
* updating the deploy portion of the pipeline
* adding a stub for the release notes
* removing the redundant deploy workflow
* fixing the cloud job. Adding a npm pre-cache
* updating the hashFile for the caches
* removing the cache-hit check since the logic doesn't work for node_modules
* checking out the repo in the precache
* removing the pre-cache step. Seems to slow down the pipeline overall
* ghpage-deploy with the correct input for the versions
* testing a custom action for the DCT setup
* fixing a typo
* fixing the shell issue in the custom action
* removing a conditional to run a test
* testing redaction
* fixing the weird colon inline with run issue
* commenting out the DCT for testing
* test passed. Updating the release pipeline with the new Setup DCT action
* updating the DCT setup action hash
* updating the release workflow with the linter suggestions
---
.github/workflows/build.yml | 285 ++++++++++++++++++--------------
.github/workflows/deploy.yml | 73 --------
.github/workflows/qa-deploy.yml | 2 +-
.github/workflows/release.yml | 230 ++++++++++++++------------
4 files changed, 286 insertions(+), 304 deletions(-)
delete mode 100644 .github/workflows/deploy.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 66664eeb98..2e57e114e6 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -15,7 +15,7 @@ on:
jobs:
cloc:
name: CLOC
- runs-on: ubuntu-latest
+ runs-on: ubuntu-20.04
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
@@ -29,124 +29,9 @@ jobs:
run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
- build-selfhost:
- name: Build SelfHost Docker image
- runs-on: ubuntu-latest
- steps:
- - name: Set up Node
- uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
- with:
- node-version: '14'
-
- - name: Update NPM
- run: |
- npm install -g npm@7
-
- - name: Cache npm
- id: npm-cache
- uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
- with:
- path: '~/.npm'
- key: ${{ runner.os }}-${{ github.run_id }}-npm-${{ hashFiles('**/package-lock.json') }}
-
- - name: Print environment
- run: |
- whoami
- node --version
- npm --version
- gulp --version
- docker --version
- echo "GitHub ref: $GITHUB_REF"
- echo "GitHub event: $GITHUB_EVENT"
-
- - name: Login to Azure
- if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
- uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
- with:
- creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
-
- - name: Retrieve secrets
- if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
- id: retrieve-secrets
- uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
- with:
- keyvault: "bitwarden-prod-kv"
- secrets: "docker-password,
- docker-username,
- dct-delegate-2-repo-passphrase,
- dct-delegate-2-key"
-
- - name: Log into Docker
- if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
- run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
- env:
- DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
- DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
-
- - name: Setup Docker Trust
- if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
- run: |
- mkdir -p ~/.docker/trust/private
-
- echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
- env:
- DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
- DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
-
- - name: Checkout repo
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-
- - name: Restore
- run: dotnet tool restore
-
- - name: Install dependencies
- run: npm install
-
- - name: Build
- run: |
- echo -e "# Building Web\n"
- echo "Building app"
- echo "npm version $(npm --version)"
- npm run dist:bit:selfhost
-
- echo -e "\nBuilding Docker image"
- docker --version
- docker build -t bitwarden/web .
-
- - name: Tag rc branch
- if: github.ref == 'refs/heads/rc'
- run: docker tag bitwarden/web bitwarden/web:rc
-
- - name: Tag dev
- if: github.ref == 'refs/heads/master'
- run: docker tag bitwarden/web bitwarden/web:dev
-
- - name: List Docker images
- if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
- run: docker images
-
- - name: Push rc images
- if: github.ref == 'refs/heads/rc'
- run: docker push bitwarden/web:rc
- env:
- DOCKER_CONTENT_TRUST: 1
- DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
-
- - name: Push dev images
- if: github.ref == 'refs/heads/master'
- run: docker push bitwarden/web:dev
- env:
- DOCKER_CONTENT_TRUST: 1
- DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
-
- - name: Log out of Docker
- if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
- run: docker logout
-
-
build-qa:
- name: Build QA Docker image
- runs-on: ubuntu-latest
+ name: Build Docker images for testing
+ runs-on: ubuntu-20.04
steps:
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
@@ -162,7 +47,7 @@ jobs:
uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
with:
path: '~/.npm'
- key: ${{ runner.os }}-${{ github.run_id }}-npm-${{ hashFiles('**/package-lock.json') }}
+ key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
- name: Print environment
run: |
@@ -209,7 +94,7 @@ jobs:
docker build -t bitwardenqa.azurecr.io/web .
- name: Get image tag
- id: image_tag
+ id: image-tag
run: |
IMAGE_TAG=$(echo "$GITHUB_REF" | awk '{split($0, a, "/"); print a[3];}')
TAG_EXTENSION=${{ github.events.inputs.custom_tag_extension }}
@@ -221,7 +106,7 @@ jobs:
- name: Tag image
env:
- IMAGE_TAG: ${{ steps.image_tag.outputs.value }}
+ IMAGE_TAG: ${{ steps.image-tag.outputs.value }}
run: docker tag bitwardenqa.azurecr.io/web "bitwardenqa.azurecr.io/web:$IMAGE_TAG"
- name: Tag dev
@@ -233,7 +118,7 @@ jobs:
- name: Push image
env:
- IMAGE_TAG: ${{ steps.image_tag.outputs.value }}
+ IMAGE_TAG: ${{ steps.image-tag.outputs.value }}
run: docker push "bitwardenqa.azurecr.io/web:$IMAGE_TAG"
- name: Push dev images
@@ -244,9 +129,152 @@ jobs:
run: docker logout
+ build-cloud:
+ name: Build Cloud zip
+ runs-on: ubuntu-20.04
+ steps:
+ - name: Set up Node
+ uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+ with:
+ node-version: '14'
+
+ - name: Update NPM
+ run: |
+ npm install -g npm@7
+
+ - name: Cache npm
+ id: npm-cache
+ uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
+ with:
+ path: '~/.npm'
+ key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+
+ - name: Print environment
+ run: |
+ whoami
+ node --version
+ npm --version
+ gulp --version
+ docker --version
+ echo "GitHub ref: $GITHUB_REF"
+ echo "GitHub event: $GITHUB_EVENT"
+ - name: Checkout repo
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+ - name: Install dependencies
+ run: npm ci
+
+ - name: Build Cloud
+ run: |
+ npm run dist:bit:cloud
+ zip -r prod-build-artifact.zip build
+
+ - name: Upload build artifact
+ uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
+ with:
+ name: prod-build-artifact.zip
+ path: ./prod-build-artifact.zip
+ if-no-files-found: error
+
+
+ build-selfhost:
+ name: Build SelfHost Docker image
+ runs-on: ubuntu-20.04
+ steps:
+ - name: Set up Node
+ uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+ with:
+ node-version: '14'
+
+ - name: Update NPM
+ run: |
+ npm install -g npm@7
+
+ - name: Cache npm
+ id: npm-cache
+ uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
+ with:
+ path: '~/.npm'
+ key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+
+ - name: Print environment
+ run: |
+ whoami
+ node --version
+ npm --version
+ gulp --version
+ docker --version
+ echo "GitHub ref: $GITHUB_REF"
+ echo "GitHub event: $GITHUB_EVENT"
+
+ - name: Setup DCT
+ if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
+ id: setup-dct
+ uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
+ with:
+ azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+ azure-keyvault-name: "bitwarden-prod-kv"
+
+ - name: Checkout repo
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+ - name: Restore
+ run: dotnet tool restore
+
+ - name: Install dependencies
+ run: npm ci
+
+ - name: Build
+ run: |
+ echo -e "# Building Web\n"
+ echo "Building app"
+ echo "npm version $(npm --version)"
+ VERSION=$( jq -r ".version" package.json)
+ jq --arg version "$VERSION - ${GITHUB_SHA:0:7}" '.version = $version' package.json > package.json.tmp
+ mv package.json.tmp package.json
+
+ npm run dist:bit:selfhost
+
+ echo "{\"commit_hash\": \"$GITHUB_SHA\", \"ref\": \"$GITHUB_REF\"}" | jq . > build/info.json
+
+ echo -e "\nBuilding Docker image"
+ docker --version
+ docker build -t bitwarden/web .
+
+ - name: Tag rc branch
+ if: github.ref == 'refs/heads/rc'
+ run: docker tag bitwarden/web bitwarden/web:rc
+
+ - name: Tag dev
+ if: github.ref == 'refs/heads/master'
+ run: docker tag bitwarden/web bitwarden/web:dev
+
+ - name: List Docker images
+ if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
+ run: docker images
+
+ - name: Push rc images
+ if: github.ref == 'refs/heads/rc'
+ run: docker push bitwarden/web:rc
+ env:
+ DOCKER_CONTENT_TRUST: 1
+ DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
+
+ - name: Push dev images
+ if: github.ref == 'refs/heads/master'
+ run: docker push bitwarden/web:dev
+ env:
+ DOCKER_CONTENT_TRUST: 1
+ DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
+
+ - name: Log out of Docker
+ if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
+ run: docker logout
+
+
windows:
name: Test code on Windows
- runs-on: windows-latest
+ runs-on: windows-2019
steps:
- name: Set up NuGet
uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1
@@ -256,6 +284,13 @@ jobs:
- name: Set up MSBuild
uses: microsoft/setup-msbuild@c26a08ba26249b81327e26f6ef381897b6a8754d
+ - name: Cache npm
+ id: npm-cache
+ uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
+ with:
+ path: '~/.npm'
+ key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
with:
@@ -281,8 +316,10 @@ jobs:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+ - name: Install dependencies
+ run: npm ci
- name: NPM install
- run: npm install
+ run: npm ci
- name: NPM build
run: npm run build:bit:cloud
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
deleted file mode 100644
index 7496eed1a3..0000000000
--- a/.github/workflows/deploy.yml
+++ /dev/null
@@ -1,73 +0,0 @@
----
-name: Deploy
-
-on:
- workflow_dispatch:
- inputs:
- release_version:
- description: "Release Tag Version <vX.X.X>"
- required: true
- release:
- types:
- - published
-
-
-jobs:
- deploy:
- name: Deploy Web Vault
- runs-on: ubuntu-latest
- steps:
- - name: Checkout Repo
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- with:
- ref: gh-pages
-
- - name: Get release version
- id: release-version
- run: |
- if [[ "${{ github.event_name }}" == "release" ]]; then
- echo "::set-output name=version::${{ github.event.release.tag_name }}"
- else
- echo "::set-output name=version::${{ github.event.inputs.release_version }}"
- fi
-
- - name: Create deploy branch
- run: |
- git switch -c deploy-${{ steps.release-version.outputs.version }}
- git push -u origin deploy-${{ steps.release-version.outputs.version }}
-
- - name: Checkout Repo
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- with:
- ref: rc
-
- - name: Setup git config
- run: |
- git config user.name = "GitHub Action Bot"
- git config user.email = "<>"
- git config --global url."https://github.com/".insteadOf ssh://git@github.com/
- git config --global url."https://".insteadOf ssh://
-
- - name: Install and Build
- run: |
- npm run sub:init
- npm ci
- npm run dist:bit:cloud
-
- - name: Deploy GitHub Pages
- uses: crazy-max/ghaction-github-pages@db4476a01402e1a7ce05f41832040eef16d14925 # v2.5.0
- with:
- target_branch: deploy-${{ steps.release-version.outputs.version }}
- build_dir: build
- keep_history: true
- commit_message: "Staging deploy ${{ steps.release-version.outputs.version }}"
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Create Deploy PR
- run: |
- gh pr create --title "Deploy $VERSION" --body "Deploying $VERSION" --base gh-pages --head "$PR_BRANCH"
- env:
- VERSION: ${{ steps.release-version.outputs.version }}
- PR_BRANCH: deploy-${{ steps.release-version.outputs.version }}
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/qa-deploy.yml b/.github/workflows/qa-deploy.yml
index 48a8f2ac92..b3aadb893f 100644
--- a/.github/workflows/qa-deploy.yml
+++ b/.github/workflows/qa-deploy.yml
@@ -17,7 +17,7 @@ env:
jobs:
deploy:
name: Deploy QA Web
- runs-on: ubuntu-latest
+ runs-on: ubuntu-20.04
steps:
- name: Checkout Repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 30693e8eb3..a0960cb767 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,19 +3,16 @@ name: Release
on:
workflow_dispatch:
- inputs:
- release_tag_name_input:
- description: "Release Tag Name <X.X.X>"
- required: true
+ inputs: {}
jobs:
setup:
name: Setup
- runs-on: ubuntu-latest
+ runs-on: ubuntu-20.04
outputs:
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
- release_version: ${{ steps.create_tags.outputs.package_version }}
- tag_version: ${{ steps.create_tags.outputs.tag_version }}
+ release_version: ${{ steps.create_tags.outputs.package }}
+ tag_version: ${{ steps.create_tags.outputs.tag }}
steps:
- name: Branch check
run: |
@@ -29,132 +26,153 @@ jobs:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # 2.3.4
- - name: Create Release Vars
- id: create_tags
+ - name: Check Release Version
+ id: version
run: |
- case "${RELEASE_TAG_NAME_INPUT:0:1}" in
- v)
- echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
- echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
- echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}"
- echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT"
- ;;
- [0-9])
- echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
- echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
- echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT"
- echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT"
- ;;
- *)
- exit 1
- ;;
- esac
- env:
- RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
+ version=$( jq -r ".version" package.json)
+ previous_release_tag_version=$(
+ curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name"
+ )
- - name: Create Draft Release
- id: create_release
- uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # 1.1.4 - Repo Archived
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- tag_name: ${{ env.RELEASE_TAG_NAME }}
- release_name: Version ${{ env.RELEASE_NAME }}
- draft: true
- prerelease: false
+ if [ "v$version" == "$previous_release_tag_version" ]; then
+ echo "[!] Already released v$version. Please bump version to continue"
+ exit 1
+ fi
- ubuntu:
- name: Ubuntu
- runs-on: ubuntu-latest
+ echo "::set-output name=package::$version"
+ echo "::set-output name=tag::v$version"
+
+
+ self-host:
+ name: Build self-host docker
+ runs-on: ubuntu-20.04
needs: setup
env:
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
steps:
- - name: Set up Node
- uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
- with:
- node-version: '14'
-
- - name: Update NPM
- run: |
- npm install -g npm@7
-
- name: Print environment
run: |
whoami
- node --version
- npm --version
- gulp --version
docker --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- - name: Login to Azure
- uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+ - name: Setup DCT
+ id: setup-dct
+ uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
with:
- creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
-
- - name: Retrieve secrets
- id: retrieve-secrets
- uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
- with:
- keyvault: "bitwarden-prod-kv"
- secrets: "docker-password,
- docker-username,
- dct-delegate-2-repo-passphrase,
- dct-delegate-2-key"
-
- - name: Log into Docker
- run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
- env:
- DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
- DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
-
- - name: Setup Docker Trust
- if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
- run: |
- mkdir -p ~/.docker/trust/private
-
- echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
- env:
- DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
- DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
+ azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+ azure-keyvault-name: "bitwarden-prod-kv"
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- - name: Restore
- run: dotnet tool restore
-
- - name: Build
- run: |
- echo -e "# Building Web\n"
- echo "Building app"
- echo "npm version $(npm --version)"
- npm install
- npm run dist:bit:selfhost
-
- echo -e "\nBuilding Docker image"
- docker --version
- docker build -t bitwarden/web .
+ - name: Pull latest selfhost rc image
+ run: docker pull bitwarden/web:rc
- name: Tag version
- run: docker tag bitwarden/web bitwarden/web:$_RELEASE_VERSION
+ run: |
+ docker tag bitwarden/web:rc bitwarden/web:latest
+ docker tag bitwarden/web:rc bitwarden/web:$_RELEASE_VERSION
- name: List Docker images
run: docker images
- - name: Push latest images
- run: docker push bitwarden/web:latest
+ - name: Push images
+ run: |
+ docker push bitwarden/web:latest
+ docker push bitwarden/web:$_RELEASE_VERSION
env:
DOCKER_CONTENT_TRUST: 1
- DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
-
- - name: Push version images
- run: docker push bitwarden/web:$_RELEASE_VERSION
- env:
- DOCKER_CONTENT_TRUST: 1
- DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
+ DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
- name: Log out of Docker
run: docker logout
+
+
+ ghpages-deploy:
+ name: Deploy Web Vault
+ runs-on: ubuntu-20.04
+ needs:
+ - setup
+ - self-host
+ env:
+ _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
+ _TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
+ steps:
+ - name: Checkout Repo
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
+ with:
+ ref: gh-pages
+
+ - name: Create deploy branch
+ run: |
+ git switch -c deploy-$_TAG_VERSION
+ git push -u origin deploy-$_TAG_VERSION
+ git switch rc
+
+ - name: Setup git config
+ run: |
+ git config user.name = "GitHub Action Bot"
+ git config user.email = "<>"
+ git config --global url."https://github.com/".insteadOf ssh://git@github.com/
+ git config --global url."https://".insteadOf ssh://
+
+ - name: Download latest RC Production build
+ uses: dawidd6/action-download-artifact@b9571484721e8187f1fd08147b497129f8972c74 # v2.14.0
+ with:
+ workflow: build.yml
+ workflow_conclusion: success
+ branch: rc
+ name: prod-build-artifact.zip
+
+ # This should result in a build directory in the current working directory
+ - name: Unzip build asset
+ run: unzip prod-build-artifact.zip
+
+ - name: Deploy GitHub Pages
+ uses: crazy-max/ghaction-github-pages@db4476a01402e1a7ce05f41832040eef16d14925 # v2.5.0
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ target_branch: deploy-${{ needs.setup.outputs.tag_version }}
+ build_dir: build
+ keep_history: true
+ commit_message: "Staging deploy ${{ needs.setup.outputs.release_version }}"
+
+ - name: Create Deploy PR
+ env:
+ PR_BRANCH: deploy-${{ env._TAG_VERSION }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ gh pr create --title "Deploy $_RELEASE_VERSION" \
+ --body "Deploying $_RELEASE_VERSION" \
+ --base gh-pages \
+ --head "$PR_BRANCH"
+
+
+ release:
+ name: Create GitHub Release
+ runs-on: ubuntu-20.04
+ needs:
+ - setup
+ - self-host
+ - ghpages-deploy
+ steps:
+ - name: Download latest RC Production build
+ uses: dawidd6/action-download-artifact@b9571484721e8187f1fd08147b497129f8972c74 # v2.14.0
+ with:
+ workflow: build.yml
+ workflow_conclusion: success
+ branch: rc
+ name: prod-build-artifact.zip
+
+ - name: Create release
+ uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09
+ with:
+ artifacts: prod-build-artifact.zip
+ commit: ${{ github.sha }}
+ tag: "${{ needs.version.outputs.tag_version }}"
+ name: "Version ${{ needs.version.outputs.release_version }}"
+ body: "<insert release notes here>"
+ token: ${{ secrets.GITHUB_TOKEN }}