From ed703b365855fddfe121034ea2e3dd5917c758c2 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Thu, 22 Aug 2024 10:54:23 -0400 Subject: [PATCH] BRE-272 - Fix Publish Workflows and other misc workflow updates (#10676) --- .github/workflows/build-cli.yml | 26 ++++++------- .github/workflows/chromatic.yml | 3 +- .github/workflows/crowdin-pull.yml | 1 - .github/workflows/deploy-web.yml | 2 +- .github/workflows/publish-cli.yml | 46 +++++++++++++--------- .github/workflows/publish-desktop.yml | 55 ++++++++++++++++----------- .github/workflows/publish-web.yml | 20 +++++----- .github/workflows/release-desktop.yml | 2 +- .github/workflows/scan.yml | 3 +- .github/workflows/test.yml | 3 +- 10 files changed, 91 insertions(+), 70 deletions(-) diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml index ad2ac53971..1f1b9936bf 100644 --- a/.github/workflows/build-cli.yml +++ b/.github/workflows/build-cli.yml @@ -65,15 +65,15 @@ jobs: strategy: matrix: os: - [ - { base: "linux", distro: "ubuntu-22.04" }, - { base: "mac", distro: "macos-13" } - ] + [ + { base: "linux", distro: "ubuntu-22.04" }, + { base: "mac", distro: "macos-13" } + ] license_type: - [ - { build_prefix: "oss", artifact_prefix: "-oss", readable: "open source license" }, - { build_prefix: "bit", artifact_prefix: "", readable: "commercial license"} - ] + [ + { build_prefix: "oss", artifact_prefix: "-oss", readable: "open source license" }, + { build_prefix: "bit", artifact_prefix: "", readable: "commercial license" } + ] runs-on: ${{ matrix.os.distro }} needs: - setup @@ -148,10 +148,10 @@ jobs: strategy: matrix: license_type: - [ - { build_prefix: "oss", artifact_prefix: "-oss", readable: "open source license" }, - { build_prefix: "bit", artifact_prefix: "", readable: "commercial license"} - ] + [ + { build_prefix: "oss", artifact_prefix: "-oss", readable: "open source license" }, + { build_prefix: "bit", artifact_prefix: "", readable: "commercial license" } + ] runs-on: windows-2022 needs: - setup @@ -241,7 +241,7 @@ jobs: - name: Package Chocolatey shell: pwsh - if: ${{ matrix.license_type.build_prefix }} == 'bit' + if: ${{ matrix.license_type.build_prefix == 'bit' }} run: | Copy-Item -Path stores/chocolatey -Destination dist/chocolatey -Recurse Copy-Item dist/${{ matrix.license_type.build_prefix }}/windows/bw.exe -Destination dist/chocolatey/tools diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index f422c3560e..9ae2db7244 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -1,3 +1,4 @@ +--- name: Chromatic on: @@ -13,7 +14,7 @@ jobs: check-run: name: Check PR run uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main - + chromatic: name: Chromatic runs-on: ubuntu-22.04 diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml index b6c2e27646..1f5df5a66c 100644 --- a/.github/workflows/crowdin-pull.yml +++ b/.github/workflows/crowdin-pull.yml @@ -59,4 +59,3 @@ jobs: working_directory: apps/${{ matrix.app_name }} gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }} gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }} - diff --git a/.github/workflows/deploy-web.yml b/.github/workflows/deploy-web.yml index 5aa92c4dd8..27475709b6 100644 --- a/.github/workflows/deploy-web.yml +++ b/.github/workflows/deploy-web.yml @@ -7,7 +7,7 @@ on: inputs: environment: description: 'Environment' - default: 'QA' + default: 'USQA' type: choice options: - USQA diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml index 3f9eb7b2e4..a7bb9ae8df 100644 --- a/.github/workflows/publish-cli.yml +++ b/.github/workflows/publish-cli.yml @@ -35,40 +35,45 @@ on: default: true type: boolean - -defaults: - run: - working-directory: apps/cli - jobs: setup: name: Setup runs-on: ubuntu-22.04 outputs: release-version: ${{ steps.version-output.outputs.version }} - deployment-id: ${{ steps.deployment.outputs.deployment-id }} + deployment-id: ${{ steps.deployment.outputs.deployment_id }} steps: + - name: Branch check + if: ${{ inputs.publish_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-cli" ]]; then + echo "===================================" + echo "[!] Can only publish from the 'rc' or 'hotfix-rc-cli' branches" + echo "===================================" + exit 1 + fi + - name: Version output id: version-output run: | - if [[ "${{ github.event.inputs.version }}" == "latest" || "${{ github.event.inputs.version }}" == "" ]]; then + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then VERSION=$(curl "https://api.github.com/repos/bitwarden/clients/releases" | jq -c '.[] | select(.tag_name | contains("cli")) | .tag_name' | head -1 | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') echo "Latest Released Version: $VERSION" - echo "::set-output name=version::$VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT else - echo "Release Version: ${{ github.event.inputs.version }}" - echo "::set-output name=version::${{ github.event.inputs.version }}" + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT fi - name: Create GitHub deployment - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + if: ${{ inputs.publish_type != 'Dry Run' }} uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 id: deployment with: token: '${{ secrets.GITHUB_TOKEN }}' initial-status: 'in_progress' environment: 'CLI - Production' - description: 'Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}' + description: 'Deployment ${{ steps.version-output.outputs.version }} from branch ${{ github.ref_name }}' task: release snap: @@ -78,6 +83,9 @@ jobs: if: inputs.snap_publish env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + defaults: + run: + working-directory: apps/cli steps: - name: Checkout repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -101,7 +109,7 @@ jobs: run: wget https://github.com/bitwarden/clients/releases/cli-v${{ env._PKG_VERSION }}/download/bw_${{ env._PKG_VERSION }}_amd64.snap - name: Publish Snap & logout - if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + if: ${{ inputs.publish_type != 'Dry Run' }} env: SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} run: | @@ -144,7 +152,7 @@ jobs: run: wget https://github.com/bitwarden/clients/releases/cli-v${{ env._PKG_VERSION }}/download/bitwarden-cli.${{ env._PKG_VERSION }}.nupkg - name: Push to Chocolatey - if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + if: ${{ inputs.publish_type != 'Dry Run' }} shell: pwsh run: | cd dist @@ -187,7 +195,7 @@ jobs: run: npm install -g husky - name: Publish NPM - if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + if: ${{ inputs.publish_type != 'Dry Run' }} run: npm publish --access public --regsitry=https://registry.npmjs.org/ --userconfig=./.npmrc update-deployment: @@ -198,14 +206,14 @@ jobs: - npm - snap - choco - if: ${{ always() && github.event.inputs.publish_type != 'Dry Run' }} + if: ${{ always() && inputs.publish_type != 'Dry Run' }} steps: - name: Check if any job failed if: contains(needs.*.result, 'failure') run: exit 1 - name: Update deployment status to Success - if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} + if: ${{ inputs.publish_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: '${{ secrets.GITHUB_TOKEN }}' @@ -213,9 +221,9 @@ jobs: deployment-id: ${{ needs.setup.outputs.deployment-id }} - name: Update deployment status to Failure - if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} + if: ${{ inputs.publish_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'failure' - deployment-id: ${{ needs.setup.outputs.deployment-id }} \ No newline at end of file + deployment-id: ${{ needs.setup.outputs.deployment-id }} diff --git a/.github/workflows/publish-desktop.yml b/.github/workflows/publish-desktop.yml index 2c4e467bc2..0554270645 100644 --- a/.github/workflows/publish-desktop.yml +++ b/.github/workflows/publish-desktop.yml @@ -49,25 +49,35 @@ jobs: tag-name: ${{ steps.version.outputs.tag_name }} deployment-id: ${{ steps.deployment.outputs.deployment_id }} steps: + - name: Branch check + if: ${{ inputs.publish_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-desktop" ]]; then + echo "===================================" + echo "[!] Can only publish from the 'rc' or 'hotfix-rc-desktop' branches" + echo "===================================" + exit 1 + fi + - name: Check Publish Version id: version run: | - if [[ "${{ github.event.inputs.version }}" == "latest" || "${{ github.event.inputs.version }}" == "" ]]; then + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/clients/releases" | jq -c '.[] | select(.tag_name | contains("desktop")) | .tag_name' | head -1 | cut -d '"' -f 2) VERSION=$(echo $TAG_NAME | sed "s/desktop-v//") echo "Latest Released Version: $VERSION" - echo "::set-output name=version::$VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT echo "Tag name: $TAG_NAME" - echo "::set-output name=tag_name::$TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT else - echo "Release Version: ${{ github.event.inputs.version }}" - echo "::set-output name=version::${{ github.event.inputs.version }}" + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" - $TAG_NAME="desktop-v${{ github.event.inputs.version }}" + $TAG_NAME="desktop-v${{ inputs.version }}" echo "Tag name: $TAG_NAME" - echo "::set-output name=tag_name::$TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT fi - name: Get Version Channel @@ -88,7 +98,7 @@ jobs: esac - name: Create GitHub deployment - if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + if: ${{ inputs.publish_type != 'Dry Run' }} uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 id: deployment with: @@ -101,6 +111,7 @@ jobs: electron-blob: name: Electron blob publish runs-on: ubuntu-22.04 + needs: setup env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }} @@ -120,7 +131,7 @@ jobs: aws-electron-bucket-name" - name: Download all artifacts - if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + if: ${{ inputs.publish_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-desktop.yml @@ -134,7 +145,7 @@ jobs: - name: Set staged rollout percentage env: - RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }} + RELEASE_CHANNEL: ${{ needs.setup.outputs.release-channel }} ROLLOUT_PCT: ${{ inputs.rollout_percentage }} run: | echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}.yml @@ -142,7 +153,7 @@ jobs: echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-mac.yml - name: Publish artifacts to S3 - if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + if: ${{ inputs.publish_type != 'Dry Run' }} env: AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }} AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }} @@ -156,26 +167,26 @@ jobs: --quiet - name: Update deployment status to Success - if: ${{ github.event.inputs.publish_type != 'Dry Run' && success() }} + if: ${{ inputs.publish_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'success' - deployment-id: ${{ steps.deployment.outputs.deployment_id }} + deployment-id: ${{ needs.setup.outputs.deployment-id }} - name: Update deployment status to Failure - if: ${{ github.event.inputs.publish_type != 'Dry Run' && failure() }} + if: ${{ inputs.publish_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'failure' - deployment-id: ${{ steps.deployment.outputs.deployment_id }} + deployment-id: ${{ needs.setup.outputs.deployment-id }} snap: name: Deploy Snap runs-on: ubuntu-22.04 needs: setup - if: ${{ github.event.inputs.snap_publish == 'true' }} + if: ${{ inputs.snap_publish == 'true' }} env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }} @@ -207,7 +218,7 @@ jobs: run: wget https://github.com/bitwarden/clients/releases/${{ env._RELEASE_TAG }}/download/bitwarden_${{ env._PKG_VERSION }}_amd64.snap - name: Deploy to Snap Store - if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + if: ${{ inputs.publish_type != 'Dry Run' }} env: SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} run: | @@ -219,7 +230,7 @@ jobs: name: Deploy Choco runs-on: windows-2022 needs: setup - if: ${{ github.event.inputs.choco_publish == 'true' }} + if: ${{ inputs.choco_publish == 'true' }} env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }} @@ -260,7 +271,7 @@ jobs: run: wget https://github.com/bitwarden/clients/releases/${{ env._RELEASE_TAG }}/download/bitwarden.${{ env._PKG_VERSION }}.nupkg - name: Push to Chocolatey - if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + if: ${{ inputs.publish_type != 'Dry Run' }} shell: pwsh run: choco push --source=https://push.chocolatey.org/ working-directory: apps/desktop/dist @@ -273,14 +284,14 @@ jobs: - electron-blob - snap - choco - if: ${{ always() && github.event.inputs.publish_type != 'Dry Run' }} + if: ${{ always() && inputs.publish_type != 'Dry Run' }} steps: - name: Check if any job failed if: contains(needs.*.result, 'failure') run: exit 1 - name: Update deployment status to Success - if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} + if: ${{ inputs.publish_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: '${{ secrets.GITHUB_TOKEN }}' @@ -288,7 +299,7 @@ jobs: deployment-id: ${{ needs.setup.outputs.deployment-id }} - name: Update deployment status to Failure - if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} + if: ${{ inputs.publish_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: '${{ secrets.GITHUB_TOKEN }}' diff --git a/.github/workflows/publish-web.yml b/.github/workflows/publish-web.yml index 733e3945e5..c22bcdc370 100644 --- a/.github/workflows/publish-web.yml +++ b/.github/workflows/publish-web.yml @@ -30,11 +30,11 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Branch check - if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + if: ${{ inputs.publish_type != 'Dry Run' }} run: | if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-web" ]]; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc-web' branches" + echo "[!] Can only publish from the 'rc' or 'hotfix-rc-web' branches" echo "===================================" exit 1 fi @@ -43,7 +43,7 @@ jobs: id: version uses: bitwarden/gh-actions/release-version-check@main with: - release-type: ${{ github.event.inputs.publish_type }} + release-type: ${{ inputs.publish_type }} project-type: ts file: apps/web/package.json monorepo: true @@ -56,7 +56,7 @@ jobs: env: _BRANCH_NAME: ${{ github.ref_name }} _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} - _RELEASE_OPTION: ${{ github.event.inputs.publish_type }} + _RELEASE_OPTION: ${{ inputs.publish_type }} steps: - name: Print environment run: | @@ -79,7 +79,7 @@ jobs: run: az acr login -n bitwardenprod - name: Create GitHub deployment - if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + if: ${{ inputs.publish_type != 'Dry Run' }} uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 id: deployment with: @@ -92,7 +92,7 @@ jobs: - name: Pull branch image run: | - if [[ "${{ github.event.inputs.publish_type }}" == "Dry Run" ]]; then + if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then docker pull $_AZ_REGISTRY/web:latest else docker pull $_AZ_REGISTRY/web:$_BRANCH_NAME @@ -100,7 +100,7 @@ jobs: - name: Tag version run: | - if [[ "${{ github.event.inputs.publish_type }}" == "Dry Run" ]]; then + if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web:dryrun docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web-sh:dryrun else @@ -112,7 +112,7 @@ jobs: - name: Push version run: | - if [[ "${{ github.event.inputs.publish_type }}" == "Dry Run" ]]; then + if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then docker push $_AZ_REGISTRY/web:dryrun docker push $_AZ_REGISTRY/web-sh:dryrun else @@ -123,7 +123,7 @@ jobs: fi - name: Update deployment status to Success - if: ${{ github.event.inputs.publish_type != 'Dry Run' && success() }} + if: ${{ inputs.publish_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: '${{ secrets.GITHUB_TOKEN }}' @@ -132,7 +132,7 @@ jobs: deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update deployment status to Failure - if: ${{ github.event.inputs.publish_type != 'Dry Run' && failure() }} + if: ${{ inputs.publish_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: '${{ secrets.GITHUB_TOKEN }}' diff --git a/.github/workflows/release-desktop.yml b/.github/workflows/release-desktop.yml index c9e1df9402..2fe7cb2b7a 100644 --- a/.github/workflows/release-desktop.yml +++ b/.github/workflows/release-desktop.yml @@ -98,7 +98,7 @@ jobs: - name: Create Release uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 - if: ${{ steps.release-channel.outputs.channel == 'latest' && github.event.inputs.release_type != 'Dry Run' && github.event.inputs.github_release == 'true' }} + if: ${{ steps.release-channel.outputs.channel == 'latest' && github.event.inputs.release_type != 'Dry Run' }} env: PKG_VERSION: ${{ steps.version.outputs.version }} RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }} diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index f7d2004474..212795d3a2 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -1,3 +1,4 @@ +--- name: Scan on: @@ -31,7 +32,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Scan with Checkmarx - uses: checkmarx/ast-github-action@749fec53e0db0f6404a97e2e0807c3e80e3583a7 #2.0.23 + uses: checkmarx/ast-github-action@749fec53e0db0f6404a97e2e0807c3e80e3583a7 # v2.0.23 env: INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}" with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a4aa94a2ed..52928e9a04 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,3 +1,4 @@ +--- name: Testing on: @@ -37,7 +38,7 @@ jobs: checks: write contents: read pull-requests: write - + steps: - name: Check out repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1