1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-12-22 16:29:09 +01:00

DEVOPS-1743 Web Vault Migration workflow improvements (#7966)

* DEVOPS-1743 REFACTOR: Azure Storage Account sync process

* DEVOPS-1743 REFACTOR: deploy-web.yml to include branch or tag information on run

* DEVOPS-1743 REFACTOR: Slack channel for devops alerts

* DEVOPS-1743 DEBUG: display index.html content

* DEVOPS-1743 REFACTOR: Azure storage blob sync command in deploy-web.yml

* DEVOPS-1743 Update Azure Storage Account connection string retrieval

* DEVOPS-1743 DEGUG: azcopy version check before syncing to Azure Storage Account

* DEVOPS-1743 REFACTOR: azcopy command in deploy-web.yml

* DEVOPS-1743 REFACTOR: add recursive flag to azcopy command

* DEVOPS-1743 REFACTOR: azcopy command in deploy-web.yml

* DEVOPS-1743 FIX: azcopy sync command in deploy-web.yml

* DEVOPS-1743 FIX: URL formatting in deploy-web.yml

* DEVOPS-1743 ADD: azcopy login command to deploy-web.yml

* DEVOPS-1743 ADD: AZCOPY_AUTO_LOGIN_TYPE to AZCLI

* DEVOPS-1743 REFACTOR: azcopy sync command to include date parameter

* DEVOPS-1743 REFACTOR: deploy-web.yml script to fix sync command

* DEVOPS-1743 ADD: Azure Storage Account sync with debug logging

* DEVOPS-1743 Add debug logs for azcopy

* DEVOPS-1743 ADD: sync-utility parameters to use either az sync or azcopy in subsequent steps in deploy-web.yml

* DEVOPS-1743 FIX: conditional statements in deploy-web.yml

* DEVOPS-1743 ADD: debug logs for azcopy utility

* DEVOPS-1743 REFACTOR: sync utility to az-sync

* DEVOPS-1743 REFACTOR: azcopy logs and sync utility

* DEVOPS-1743 REFACTOR: sync-utility option to deploy-web workflow

* DEVOPS-1743 REFACTOR: AZCOPY_AUTO_LOGIN_TYPE to SPN

* DEVOPS-1743 ADD: azcopy login status command

* DEVOPS-1743 ADD: AZCOPY environment variables for SPA authentication

* DEVOPS-1743 REFACTOR: AZCOPY_SPA_APPLICATION_ID and AZCOPY_TENANT_ID environment variables

* DEVOPS-1743 FIX: azcopy sync destination URL

* DEVOPS-1743 Update AZCOPY environment variables

* DEVOPS-1743 REFACTOR: deploy-web.yml with AZCOPY environment variables

* DEVOPS-1743 FIX: sync command in deploy-web.yml

* DEVOPS-1743 ADD: retrieval of Storage Account SPN Client Secret for azcopy

* DEVOPS-1743 ADD: retrieval of Storage Account SPN Application ID and Tenant ID for azcopy

* DEVOPS-1743 REFACTOR: sync-utility to azcopy in deploy-web.yml

* DEVOPS-1743 REFACTOR: secrets retrieval IDs in deploy-web.yml

* DEVOPS-1743 DELETE: unnecessary commands in deploy-web.yml

* DEVOPS-1743 REFACTOR: secrets retrieval in deploy-web.yml

* DEVOPS-1743 ADD: debug mode to deploy-web workflow

* DEVOPS-1743 REFACTOR: deploy-web.yml to remove unnecessary conditional checks
This commit is contained in:
Alex Urbina 2024-02-27 13:48:36 -06:00 committed by GitHub
parent d3c222dc23
commit e833e93b3b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -1,6 +1,6 @@
--- ---
name: Deploy Web Vault name: Deploy Web Vault
run-name: Deploy Web Vault to ${{ inputs.environment }} run-name: Deploy Web Vault to ${{ inputs.environment }} from ${{ inputs.branch-or-tag }}
on: on:
workflow_dispatch: workflow_dispatch:
@ -19,6 +19,10 @@ on:
description: "Branch or Tag name to deploy (examples: 'main', 'feature/sm', 'web-v2023.12.0')" description: "Branch or Tag name to deploy (examples: 'main', 'feature/sm', 'web-v2023.12.0')"
type: string type: string
default: main default: main
debug:
description: "Debug mode"
type: boolean
default: false
workflow_call: workflow_call:
inputs: inputs:
@ -30,6 +34,10 @@ on:
description: "Branch or Tag name to deploy (examples: 'main', 'feature/sm', 'web-v2023.12.0')" description: "Branch or Tag name to deploy (examples: 'main', 'feature/sm', 'web-v2023.12.0')"
type: string type: string
default: main default: main
debug:
description: "Debug mode"
type: boolean
default: false
permissions: permissions:
deployments: write deployments: write
@ -45,6 +53,7 @@ jobs:
environment-artifact: ${{ steps.config.outputs.environment-artifact }} environment-artifact: ${{ steps.config.outputs.environment-artifact }}
azure-login-creds: ${{ steps.config.outputs.azure-login-creds }} azure-login-creds: ${{ steps.config.outputs.azure-login-creds }}
retrieve-secrets-keyvault: ${{ steps.config.outputs.retrieve-secrets-keyvault }} retrieve-secrets-keyvault: ${{ steps.config.outputs.retrieve-secrets-keyvault }}
sync-utility: ${{ steps.config.outputs.sync-utility }}
steps: steps:
- name: Configure - name: Configure
id: config id: config
@ -89,6 +98,8 @@ jobs:
echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT
;; ;;
esac esac
# Set the sync utility to use for deployment to the environment (az-sync or azcopy)
echo "sync-utility=azcopy" >> $GITHUB_OUTPUT
approval: approval:
name: Approval for Deployment to ${{ needs.setup.outputs.environment-name }} name: Approval for Deployment to ${{ needs.setup.outputs.environment-name }}
@ -212,13 +223,22 @@ jobs:
with: with:
creds: ${{ secrets[needs.setup.outputs.azure-login-creds] }} creds: ${{ secrets[needs.setup.outputs.azure-login-creds] }}
- name: Retrieve Storage Account connection string - name: Retrieve Storage Account connection string for az sync
id: retrieve-secrets if: ${{ needs.setup.outputs.sync-utility == 'az-sync' }}
id: retrieve-secrets-az-sync
uses: bitwarden/gh-actions/get-keyvault-secrets@main uses: bitwarden/gh-actions/get-keyvault-secrets@main
with: with:
keyvault: ${{ needs.setup.outputs.retrieve-secrets-keyvault }} keyvault: ${{ needs.setup.outputs.retrieve-secrets-keyvault }}
secrets: "sa-bitwarden-web-vault-dev-key-temp" secrets: "sa-bitwarden-web-vault-dev-key-temp"
- name: Retrieve Storage Account name and SPN credentials for azcopy
if: ${{ needs.setup.outputs.sync-utility == 'azcopy' }}
id: retrieve-secrets-azcopy
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ needs.setup.outputs.retrieve-secrets-keyvault }}
secrets: "sa-bitwarden-web-vault-name,sp-bitwarden-web-vault-password,sp-bitwarden-web-vault-appid,sp-bitwarden-web-vault-tenant"
- name: 'Download cloud asset from branch/tag: ${{ inputs.branch-or-tag }}' - name: 'Download cloud asset from branch/tag: ${{ inputs.branch-or-tag }}'
uses: bitwarden/gh-actions/download-artifacts@main uses: bitwarden/gh-actions/download-artifacts@main
with: with:
@ -232,22 +252,34 @@ jobs:
working-directory: apps/web working-directory: apps/web
run: unzip ${{ env._ENVIRONMENT_ARTIFACT }} run: unzip ${{ env._ENVIRONMENT_ARTIFACT }}
- name: Empty container in Storage Account - name: Sync to Azure Storage Account using az storage blob sync
run: | if: ${{ needs.setup.outputs.sync-utility == 'az-sync' }}
az storage blob delete-batch \
--source '$web' \
--pattern '*' \
--connection-string "${{ steps.retrieve-secrets.outputs.sa-bitwarden-web-vault-dev-key-temp }}"
- name: Deploy to Azure Storage Account
working-directory: apps/web working-directory: apps/web
run: | run: |
az storage blob upload-batch \ az storage blob sync \
--source "./build" \ --source "./build" \
--destination '$web' \ --container '$web' \
--connection-string "${{ steps.retrieve-secrets.outputs.sa-bitwarden-web-vault-dev-key-temp }}" \ --connection-string "${{ steps.retrieve-secrets-az-sync.outputs.sa-bitwarden-web-vault-dev-key-temp }}"
--overwrite \
--no-progress - name: Sync to Azure Storage Account using azcopy
if: ${{ needs.setup.outputs.sync-utility == 'azcopy' }}
working-directory: apps/web
env:
AZCOPY_AUTO_LOGIN_TYPE: SPN
AZCOPY_SPA_APPLICATION_ID: ${{ steps.retrieve-secrets-azcopy.outputs.sp-bitwarden-web-vault-appid }}
AZCOPY_SPA_CLIENT_SECRET: ${{ steps.retrieve-secrets-azcopy.outputs.sp-bitwarden-web-vault-password }}
AZCOPY_TENANT_ID: ${{ steps.retrieve-secrets-azcopy.outputs.sp-bitwarden-web-vault-tenant }}
run: |
azcopy sync ./build 'https://${{ steps.retrieve-secrets-azcopy.outputs.sa-bitwarden-web-vault-name }}.blob.core.windows.net/$web/' \
--delete-destination=true
- name: Debug sync logs
if: ${{ inputs.debug }}
run: cat /home/runner/.azcopy/*.log
- name: Debug index.html
if: ${{ inputs.debug }}
run: cat apps/web/build/index.html
- name: Update deployment status to Success - name: Update deployment status to Success
if: success() if: success()