mirror of
https://github.com/bitwarden/browser.git
synced 2024-12-22 16:29:09 +01:00
DEVOPS-1743 Web Vault Migration workflow improvements (#7966)
* DEVOPS-1743 REFACTOR: Azure Storage Account sync process * DEVOPS-1743 REFACTOR: deploy-web.yml to include branch or tag information on run * DEVOPS-1743 REFACTOR: Slack channel for devops alerts * DEVOPS-1743 DEBUG: display index.html content * DEVOPS-1743 REFACTOR: Azure storage blob sync command in deploy-web.yml * DEVOPS-1743 Update Azure Storage Account connection string retrieval * DEVOPS-1743 DEGUG: azcopy version check before syncing to Azure Storage Account * DEVOPS-1743 REFACTOR: azcopy command in deploy-web.yml * DEVOPS-1743 REFACTOR: add recursive flag to azcopy command * DEVOPS-1743 REFACTOR: azcopy command in deploy-web.yml * DEVOPS-1743 FIX: azcopy sync command in deploy-web.yml * DEVOPS-1743 FIX: URL formatting in deploy-web.yml * DEVOPS-1743 ADD: azcopy login command to deploy-web.yml * DEVOPS-1743 ADD: AZCOPY_AUTO_LOGIN_TYPE to AZCLI * DEVOPS-1743 REFACTOR: azcopy sync command to include date parameter * DEVOPS-1743 REFACTOR: deploy-web.yml script to fix sync command * DEVOPS-1743 ADD: Azure Storage Account sync with debug logging * DEVOPS-1743 Add debug logs for azcopy * DEVOPS-1743 ADD: sync-utility parameters to use either az sync or azcopy in subsequent steps in deploy-web.yml * DEVOPS-1743 FIX: conditional statements in deploy-web.yml * DEVOPS-1743 ADD: debug logs for azcopy utility * DEVOPS-1743 REFACTOR: sync utility to az-sync * DEVOPS-1743 REFACTOR: azcopy logs and sync utility * DEVOPS-1743 REFACTOR: sync-utility option to deploy-web workflow * DEVOPS-1743 REFACTOR: AZCOPY_AUTO_LOGIN_TYPE to SPN * DEVOPS-1743 ADD: azcopy login status command * DEVOPS-1743 ADD: AZCOPY environment variables for SPA authentication * DEVOPS-1743 REFACTOR: AZCOPY_SPA_APPLICATION_ID and AZCOPY_TENANT_ID environment variables * DEVOPS-1743 FIX: azcopy sync destination URL * DEVOPS-1743 Update AZCOPY environment variables * DEVOPS-1743 REFACTOR: deploy-web.yml with AZCOPY environment variables * DEVOPS-1743 FIX: sync command in deploy-web.yml * DEVOPS-1743 ADD: retrieval of Storage Account SPN Client Secret for azcopy * DEVOPS-1743 ADD: retrieval of Storage Account SPN Application ID and Tenant ID for azcopy * DEVOPS-1743 REFACTOR: sync-utility to azcopy in deploy-web.yml * DEVOPS-1743 REFACTOR: secrets retrieval IDs in deploy-web.yml * DEVOPS-1743 DELETE: unnecessary commands in deploy-web.yml * DEVOPS-1743 REFACTOR: secrets retrieval in deploy-web.yml * DEVOPS-1743 ADD: debug mode to deploy-web workflow * DEVOPS-1743 REFACTOR: deploy-web.yml to remove unnecessary conditional checks
This commit is contained in:
parent
d3c222dc23
commit
e833e93b3b
64
.github/workflows/deploy-web.yml
vendored
64
.github/workflows/deploy-web.yml
vendored
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
name: Deploy Web Vault
|
name: Deploy Web Vault
|
||||||
run-name: Deploy Web Vault to ${{ inputs.environment }}
|
run-name: Deploy Web Vault to ${{ inputs.environment }} from ${{ inputs.branch-or-tag }}
|
||||||
|
|
||||||
on:
|
on:
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
@ -19,6 +19,10 @@ on:
|
|||||||
description: "Branch or Tag name to deploy (examples: 'main', 'feature/sm', 'web-v2023.12.0')"
|
description: "Branch or Tag name to deploy (examples: 'main', 'feature/sm', 'web-v2023.12.0')"
|
||||||
type: string
|
type: string
|
||||||
default: main
|
default: main
|
||||||
|
debug:
|
||||||
|
description: "Debug mode"
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
workflow_call:
|
workflow_call:
|
||||||
inputs:
|
inputs:
|
||||||
@ -30,6 +34,10 @@ on:
|
|||||||
description: "Branch or Tag name to deploy (examples: 'main', 'feature/sm', 'web-v2023.12.0')"
|
description: "Branch or Tag name to deploy (examples: 'main', 'feature/sm', 'web-v2023.12.0')"
|
||||||
type: string
|
type: string
|
||||||
default: main
|
default: main
|
||||||
|
debug:
|
||||||
|
description: "Debug mode"
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
deployments: write
|
deployments: write
|
||||||
@ -45,6 +53,7 @@ jobs:
|
|||||||
environment-artifact: ${{ steps.config.outputs.environment-artifact }}
|
environment-artifact: ${{ steps.config.outputs.environment-artifact }}
|
||||||
azure-login-creds: ${{ steps.config.outputs.azure-login-creds }}
|
azure-login-creds: ${{ steps.config.outputs.azure-login-creds }}
|
||||||
retrieve-secrets-keyvault: ${{ steps.config.outputs.retrieve-secrets-keyvault }}
|
retrieve-secrets-keyvault: ${{ steps.config.outputs.retrieve-secrets-keyvault }}
|
||||||
|
sync-utility: ${{ steps.config.outputs.sync-utility }}
|
||||||
steps:
|
steps:
|
||||||
- name: Configure
|
- name: Configure
|
||||||
id: config
|
id: config
|
||||||
@ -89,6 +98,8 @@ jobs:
|
|||||||
echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT
|
echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
# Set the sync utility to use for deployment to the environment (az-sync or azcopy)
|
||||||
|
echo "sync-utility=azcopy" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
approval:
|
approval:
|
||||||
name: Approval for Deployment to ${{ needs.setup.outputs.environment-name }}
|
name: Approval for Deployment to ${{ needs.setup.outputs.environment-name }}
|
||||||
@ -212,13 +223,22 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
creds: ${{ secrets[needs.setup.outputs.azure-login-creds] }}
|
creds: ${{ secrets[needs.setup.outputs.azure-login-creds] }}
|
||||||
|
|
||||||
- name: Retrieve Storage Account connection string
|
- name: Retrieve Storage Account connection string for az sync
|
||||||
id: retrieve-secrets
|
if: ${{ needs.setup.outputs.sync-utility == 'az-sync' }}
|
||||||
|
id: retrieve-secrets-az-sync
|
||||||
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
||||||
with:
|
with:
|
||||||
keyvault: ${{ needs.setup.outputs.retrieve-secrets-keyvault }}
|
keyvault: ${{ needs.setup.outputs.retrieve-secrets-keyvault }}
|
||||||
secrets: "sa-bitwarden-web-vault-dev-key-temp"
|
secrets: "sa-bitwarden-web-vault-dev-key-temp"
|
||||||
|
|
||||||
|
- name: Retrieve Storage Account name and SPN credentials for azcopy
|
||||||
|
if: ${{ needs.setup.outputs.sync-utility == 'azcopy' }}
|
||||||
|
id: retrieve-secrets-azcopy
|
||||||
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
||||||
|
with:
|
||||||
|
keyvault: ${{ needs.setup.outputs.retrieve-secrets-keyvault }}
|
||||||
|
secrets: "sa-bitwarden-web-vault-name,sp-bitwarden-web-vault-password,sp-bitwarden-web-vault-appid,sp-bitwarden-web-vault-tenant"
|
||||||
|
|
||||||
- name: 'Download cloud asset from branch/tag: ${{ inputs.branch-or-tag }}'
|
- name: 'Download cloud asset from branch/tag: ${{ inputs.branch-or-tag }}'
|
||||||
uses: bitwarden/gh-actions/download-artifacts@main
|
uses: bitwarden/gh-actions/download-artifacts@main
|
||||||
with:
|
with:
|
||||||
@ -232,22 +252,34 @@ jobs:
|
|||||||
working-directory: apps/web
|
working-directory: apps/web
|
||||||
run: unzip ${{ env._ENVIRONMENT_ARTIFACT }}
|
run: unzip ${{ env._ENVIRONMENT_ARTIFACT }}
|
||||||
|
|
||||||
- name: Empty container in Storage Account
|
- name: Sync to Azure Storage Account using az storage blob sync
|
||||||
run: |
|
if: ${{ needs.setup.outputs.sync-utility == 'az-sync' }}
|
||||||
az storage blob delete-batch \
|
|
||||||
--source '$web' \
|
|
||||||
--pattern '*' \
|
|
||||||
--connection-string "${{ steps.retrieve-secrets.outputs.sa-bitwarden-web-vault-dev-key-temp }}"
|
|
||||||
|
|
||||||
- name: Deploy to Azure Storage Account
|
|
||||||
working-directory: apps/web
|
working-directory: apps/web
|
||||||
run: |
|
run: |
|
||||||
az storage blob upload-batch \
|
az storage blob sync \
|
||||||
--source "./build" \
|
--source "./build" \
|
||||||
--destination '$web' \
|
--container '$web' \
|
||||||
--connection-string "${{ steps.retrieve-secrets.outputs.sa-bitwarden-web-vault-dev-key-temp }}" \
|
--connection-string "${{ steps.retrieve-secrets-az-sync.outputs.sa-bitwarden-web-vault-dev-key-temp }}"
|
||||||
--overwrite \
|
|
||||||
--no-progress
|
- name: Sync to Azure Storage Account using azcopy
|
||||||
|
if: ${{ needs.setup.outputs.sync-utility == 'azcopy' }}
|
||||||
|
working-directory: apps/web
|
||||||
|
env:
|
||||||
|
AZCOPY_AUTO_LOGIN_TYPE: SPN
|
||||||
|
AZCOPY_SPA_APPLICATION_ID: ${{ steps.retrieve-secrets-azcopy.outputs.sp-bitwarden-web-vault-appid }}
|
||||||
|
AZCOPY_SPA_CLIENT_SECRET: ${{ steps.retrieve-secrets-azcopy.outputs.sp-bitwarden-web-vault-password }}
|
||||||
|
AZCOPY_TENANT_ID: ${{ steps.retrieve-secrets-azcopy.outputs.sp-bitwarden-web-vault-tenant }}
|
||||||
|
run: |
|
||||||
|
azcopy sync ./build 'https://${{ steps.retrieve-secrets-azcopy.outputs.sa-bitwarden-web-vault-name }}.blob.core.windows.net/$web/' \
|
||||||
|
--delete-destination=true
|
||||||
|
|
||||||
|
- name: Debug sync logs
|
||||||
|
if: ${{ inputs.debug }}
|
||||||
|
run: cat /home/runner/.azcopy/*.log
|
||||||
|
|
||||||
|
- name: Debug index.html
|
||||||
|
if: ${{ inputs.debug }}
|
||||||
|
run: cat apps/web/build/index.html
|
||||||
|
|
||||||
- name: Update deployment status to Success
|
- name: Update deployment status to Success
|
||||||
if: success()
|
if: success()
|
||||||
|
Loading…
Reference in New Issue
Block a user