Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-26 12:25:20 +01:00
Code Issues Projects Releases Wiki Activity

BRE-272 - Fix Publish Workflows and other misc workflow updates (#10676)

Browse Source
This commit is contained in:
Vince Grassia 2024-08-22 10:54:23 -04:00 committed by GitHub
parent ade01c9d07
commit ed703b3658
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 91 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.github/workflows/build-cli.yml vendored
View File

@ -65,15 +65,15 @@ jobs:
strategy: strategy:
matrix: matrix:
os: os:
[ [
{ base: "linux", distro: "ubuntu-22.04" }, { base: "linux", distro: "ubuntu-22.04" },
{ base: "mac", distro: "macos-13" } { base: "mac", distro: "macos-13" }
] ]
license_type: license_type:
[ [
{ build_prefix: "oss", artifact_prefix: "-oss", readable: "open source license" }, { build_prefix: "oss", artifact_prefix: "-oss", readable: "open source license" },
{ build_prefix: "bit", artifact_prefix: "", readable: "commercial license"} { build_prefix: "bit", artifact_prefix: "", readable: "commercial license" }
] ]
runs-on: ${{ matrix.os.distro }} runs-on: ${{ matrix.os.distro }}
needs: needs:
- setup - setup
@ -148,10 +148,10 @@ jobs:
strategy: strategy:
matrix: matrix:
license_type: license_type:
[ [
{ build_prefix: "oss", artifact_prefix: "-oss", readable: "open source license" }, { build_prefix: "oss", artifact_prefix: "-oss", readable: "open source license" },
{ build_prefix: "bit", artifact_prefix: "", readable: "commercial license"} { build_prefix: "bit", artifact_prefix: "", readable: "commercial license" }
] ]
runs-on: windows-2022 runs-on: windows-2022
needs: needs:
- setup - setup
@ -241,7 +241,7 @@ jobs:
- name: Package Chocolatey - name: Package Chocolatey
shell: pwsh shell: pwsh
if: ${{ matrix.license_type.build_prefix }} == 'bit' if: ${{ matrix.license_type.build_prefix == 'bit' }}
run: | run: |
Copy-Item -Path stores/chocolatey -Destination dist/chocolatey -Recurse Copy-Item -Path stores/chocolatey -Destination dist/chocolatey -Recurse
Copy-Item dist/${{ matrix.license_type.build_prefix }}/windows/bw.exe -Destination dist/chocolatey/tools Copy-Item dist/${{ matrix.license_type.build_prefix }}/windows/bw.exe -Destination dist/chocolatey/tools

3
.github/workflows/chromatic.yml vendored
View File

@ -1,3 +1,4 @@
---
name: Chromatic name: Chromatic
on: on:
@ -13,7 +14,7 @@ jobs:
check-run: check-run:
name: Check PR run name: Check PR run
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
chromatic: chromatic:
name: Chromatic name: Chromatic
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04

1
.github/workflows/crowdin-pull.yml vendored
View File

@ -59,4 +59,3 @@ jobs:
working_directory: apps/${{ matrix.app_name }} working_directory: apps/${{ matrix.app_name }}
gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }} gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }} gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}

2
.github/workflows/deploy-web.yml vendored
View File

@ -7,7 +7,7 @@ on:
inputs: inputs:
environment: environment:
description: 'Environment' description: 'Environment'
default: 'QA' default: 'USQA'
type: choice type: choice
options: options:
- USQA - USQA

46
.github/workflows/publish-cli.yml vendored
View File

@ -35,40 +35,45 @@ on:
default: true default: true
type: boolean type: boolean
defaults:
run:
working-directory: apps/cli
jobs: jobs:
setup: setup:
name: Setup name: Setup
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
outputs: outputs:
release-version: ${{ steps.version-output.outputs.version }} release-version: ${{ steps.version-output.outputs.version }}
deployment-id: ${{ steps.deployment.outputs.deployment-id }} deployment-id: ${{ steps.deployment.outputs.deployment_id }}
steps: steps:
- name: Branch check
if: ${{ inputs.publish_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-cli" ]]; then
echo "==================================="
echo "[!] Can only publish from the 'rc' or 'hotfix-rc-cli' branches"
echo "==================================="
exit 1
fi
- name: Version output - name: Version output
id: version-output id: version-output
run: | run: |
if [[ "${{ github.event.inputs.version }}" == "latest" || "${{ github.event.inputs.version }}" == "" ]]; then if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then
VERSION=$(curl "https://api.github.com/repos/bitwarden/clients/releases" | jq -c '.[] | select(.tag_name | contains("cli")) | .tag_name' | head -1 | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') VERSION=$(curl "https://api.github.com/repos/bitwarden/clients/releases" | jq -c '.[] | select(.tag_name | contains("cli")) | .tag_name' | head -1 | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+')
echo "Latest Released Version: $VERSION" echo "Latest Released Version: $VERSION"
echo "::set-output name=version::$VERSION" echo "version=$VERSION" >> $GITHUB_OUTPUT
else else
echo "Release Version: ${{ github.event.inputs.version }}" echo "Release Version: ${{ inputs.version }}"
echo "::set-output name=version::${{ github.event.inputs.version }}" echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
fi fi
- name: Create GitHub deployment - name: Create GitHub deployment
if: ${{ github.event.inputs.release_type != 'Dry Run' }} if: ${{ inputs.publish_type != 'Dry Run' }}
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
id: deployment id: deployment
with: with:
token: '${{ secrets.GITHUB_TOKEN }}' token: '${{ secrets.GITHUB_TOKEN }}'
initial-status: 'in_progress' initial-status: 'in_progress'
environment: 'CLI - Production' environment: 'CLI - Production'
description: 'Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}' description: 'Deployment ${{ steps.version-output.outputs.version }} from branch ${{ github.ref_name }}'
task: release task: release
snap: snap:
@ -78,6 +83,9 @@ jobs:
if: inputs.snap_publish if: inputs.snap_publish
env: env:
_PKG_VERSION: ${{ needs.setup.outputs.release-version }} _PKG_VERSION: ${{ needs.setup.outputs.release-version }}
defaults:
run:
working-directory: apps/cli
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@ -101,7 +109,7 @@ jobs:
run: wget https://github.com/bitwarden/clients/releases/cli-v${{ env._PKG_VERSION }}/download/bw_${{ env._PKG_VERSION }}_amd64.snap run: wget https://github.com/bitwarden/clients/releases/cli-v${{ env._PKG_VERSION }}/download/bw_${{ env._PKG_VERSION }}_amd64.snap
- name: Publish Snap & logout - name: Publish Snap & logout
if: ${{ github.event.inputs.publish_type != 'Dry Run' }} if: ${{ inputs.publish_type != 'Dry Run' }}
env: env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }}
run: | run: |
@ -144,7 +152,7 @@ jobs:
run: wget https://github.com/bitwarden/clients/releases/cli-v${{ env._PKG_VERSION }}/download/bitwarden-cli.${{ env._PKG_VERSION }}.nupkg run: wget https://github.com/bitwarden/clients/releases/cli-v${{ env._PKG_VERSION }}/download/bitwarden-cli.${{ env._PKG_VERSION }}.nupkg
- name: Push to Chocolatey - name: Push to Chocolatey
if: ${{ github.event.inputs.publish_type != 'Dry Run' }} if: ${{ inputs.publish_type != 'Dry Run' }}
shell: pwsh shell: pwsh
run: | run: |
cd dist cd dist
@ -187,7 +195,7 @@ jobs:
run: npm install -g husky run: npm install -g husky
- name: Publish NPM - name: Publish NPM
if: ${{ github.event.inputs.publish_type != 'Dry Run' }} if: ${{ inputs.publish_type != 'Dry Run' }}
run: npm publish --access public --regsitry=https://registry.npmjs.org/ --userconfig=./.npmrc run: npm publish --access public --regsitry=https://registry.npmjs.org/ --userconfig=./.npmrc
update-deployment: update-deployment:
@ -198,14 +206,14 @@ jobs:
- npm - npm
- snap - snap
- choco - choco
if: ${{ always() && github.event.inputs.publish_type != 'Dry Run' }} if: ${{ always() && inputs.publish_type != 'Dry Run' }}
steps: steps:
- name: Check if any job failed - name: Check if any job failed
if: contains(needs.*.result, 'failure') if: contains(needs.*.result, 'failure')
run: exit 1 run: exit 1
- name: Update deployment status to Success - name: Update deployment status to Success
if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} if: ${{ inputs.publish_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with: with:
token: '${{ secrets.GITHUB_TOKEN }}' token: '${{ secrets.GITHUB_TOKEN }}'
@ -213,9 +221,9 @@ jobs:
deployment-id: ${{ needs.setup.outputs.deployment-id }} deployment-id: ${{ needs.setup.outputs.deployment-id }}
- name: Update deployment status to Failure - name: Update deployment status to Failure
if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} if: ${{ inputs.publish_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with: with:
token: '${{ secrets.GITHUB_TOKEN }}' token: '${{ secrets.GITHUB_TOKEN }}'
state: 'failure' state: 'failure'
deployment-id: ${{ needs.setup.outputs.deployment-id }} deployment-id: ${{ needs.setup.outputs.deployment-id }}

55
.github/workflows/publish-desktop.yml vendored
View File

@ -49,25 +49,35 @@ jobs:
tag-name: ${{ steps.version.outputs.tag_name }} tag-name: ${{ steps.version.outputs.tag_name }}
deployment-id: ${{ steps.deployment.outputs.deployment_id }} deployment-id: ${{ steps.deployment.outputs.deployment_id }}
steps: steps:
- name: Branch check
if: ${{ inputs.publish_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-desktop" ]]; then
echo "==================================="
echo "[!] Can only publish from the 'rc' or 'hotfix-rc-desktop' branches"
echo "==================================="
exit 1
fi
- name: Check Publish Version - name: Check Publish Version
id: version id: version
run: | run: |
if [[ "${{ github.event.inputs.version }}" == "latest" || "${{ github.event.inputs.version }}" == "" ]]; then if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then
TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/clients/releases" | jq -c '.[] | select(.tag_name | contains("desktop")) | .tag_name' | head -1 | cut -d '"' -f 2) TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/clients/releases" | jq -c '.[] | select(.tag_name | contains("desktop")) | .tag_name' | head -1 | cut -d '"' -f 2)
VERSION=$(echo $TAG_NAME | sed "s/desktop-v//") VERSION=$(echo $TAG_NAME | sed "s/desktop-v//")
echo "Latest Released Version: $VERSION" echo "Latest Released Version: $VERSION"
echo "::set-output name=version::$VERSION" echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "Tag name: $TAG_NAME" echo "Tag name: $TAG_NAME"
echo "::set-output name=tag_name::$TAG_NAME" echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT
else else
echo "Release Version: ${{ github.event.inputs.version }}" echo "Release Version: ${{ inputs.version }}"
echo "::set-output name=version::${{ github.event.inputs.version }}" echo "version=${{ inputs.version }}"
$TAG_NAME="desktop-v${{ github.event.inputs.version }}" $TAG_NAME="desktop-v${{ inputs.version }}"
echo "Tag name: $TAG_NAME" echo "Tag name: $TAG_NAME"
echo "::set-output name=tag_name::$TAG_NAME" echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT
fi fi
- name: Get Version Channel - name: Get Version Channel
@ -88,7 +98,7 @@ jobs:
esac esac
- name: Create GitHub deployment - name: Create GitHub deployment
if: ${{ github.event.inputs.publish_type != 'Dry Run' }} if: ${{ inputs.publish_type != 'Dry Run' }}
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
id: deployment id: deployment
with: with:
@ -101,6 +111,7 @@ jobs:
electron-blob: electron-blob:
name: Electron blob publish name: Electron blob publish
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: setup
env: env:
_PKG_VERSION: ${{ needs.setup.outputs.release-version }} _PKG_VERSION: ${{ needs.setup.outputs.release-version }}
_RELEASE_TAG: ${{ needs.setup.outputs.tag-name }} _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }}
@ -120,7 +131,7 @@ jobs:
aws-electron-bucket-name" aws-electron-bucket-name"
- name: Download all artifacts - name: Download all artifacts
if: ${{ github.event.inputs.publish_type != 'Dry Run' }} if: ${{ inputs.publish_type != 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@main uses: bitwarden/gh-actions/download-artifacts@main
with: with:
workflow: build-desktop.yml workflow: build-desktop.yml
@ -134,7 +145,7 @@ jobs:
- name: Set staged rollout percentage - name: Set staged rollout percentage
env: env:
RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }} RELEASE_CHANNEL: ${{ needs.setup.outputs.release-channel }}
ROLLOUT_PCT: ${{ inputs.rollout_percentage }} ROLLOUT_PCT: ${{ inputs.rollout_percentage }}
run: | run: |
echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}.yml echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}.yml
@ -142,7 +153,7 @@ jobs:
echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-mac.yml echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-mac.yml
- name: Publish artifacts to S3 - name: Publish artifacts to S3
if: ${{ github.event.inputs.publish_type != 'Dry Run' }} if: ${{ inputs.publish_type != 'Dry Run' }}
env: env:
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }} AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }} AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }}
@ -156,26 +167,26 @@ jobs:
--quiet --quiet
- name: Update deployment status to Success - name: Update deployment status to Success
if: ${{ github.event.inputs.publish_type != 'Dry Run' && success() }} if: ${{ inputs.publish_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with: with:
token: '${{ secrets.GITHUB_TOKEN }}' token: '${{ secrets.GITHUB_TOKEN }}'
state: 'success' state: 'success'
deployment-id: ${{ steps.deployment.outputs.deployment_id }} deployment-id: ${{ needs.setup.outputs.deployment-id }}
- name: Update deployment status to Failure - name: Update deployment status to Failure
if: ${{ github.event.inputs.publish_type != 'Dry Run' && failure() }} if: ${{ inputs.publish_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with: with:
token: '${{ secrets.GITHUB_TOKEN }}' token: '${{ secrets.GITHUB_TOKEN }}'
state: 'failure' state: 'failure'
deployment-id: ${{ steps.deployment.outputs.deployment_id }} deployment-id: ${{ needs.setup.outputs.deployment-id }}
snap: snap:
name: Deploy Snap name: Deploy Snap
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: setup needs: setup
if: ${{ github.event.inputs.snap_publish == 'true' }} if: ${{ inputs.snap_publish == 'true' }}
env: env:
_PKG_VERSION: ${{ needs.setup.outputs.release-version }} _PKG_VERSION: ${{ needs.setup.outputs.release-version }}
_RELEASE_TAG: ${{ needs.setup.outputs.tag-name }} _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }}
@ -207,7 +218,7 @@ jobs:
run: wget https://github.com/bitwarden/clients/releases/${{ env._RELEASE_TAG }}/download/bitwarden_${{ env._PKG_VERSION }}_amd64.snap run: wget https://github.com/bitwarden/clients/releases/${{ env._RELEASE_TAG }}/download/bitwarden_${{ env._PKG_VERSION }}_amd64.snap
- name: Deploy to Snap Store - name: Deploy to Snap Store
if: ${{ github.event.inputs.publish_type != 'Dry Run' }} if: ${{ inputs.publish_type != 'Dry Run' }}
env: env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }}
run: | run: |
@ -219,7 +230,7 @@ jobs:
name: Deploy Choco name: Deploy Choco
runs-on: windows-2022 runs-on: windows-2022
needs: setup needs: setup
if: ${{ github.event.inputs.choco_publish == 'true' }} if: ${{ inputs.choco_publish == 'true' }}
env: env:
_PKG_VERSION: ${{ needs.setup.outputs.release-version }} _PKG_VERSION: ${{ needs.setup.outputs.release-version }}
_RELEASE_TAG: ${{ needs.setup.outputs.tag-name }} _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }}
@ -260,7 +271,7 @@ jobs:
run: wget https://github.com/bitwarden/clients/releases/${{ env._RELEASE_TAG }}/download/bitwarden.${{ env._PKG_VERSION }}.nupkg run: wget https://github.com/bitwarden/clients/releases/${{ env._RELEASE_TAG }}/download/bitwarden.${{ env._PKG_VERSION }}.nupkg
- name: Push to Chocolatey - name: Push to Chocolatey
if: ${{ github.event.inputs.publish_type != 'Dry Run' }} if: ${{ inputs.publish_type != 'Dry Run' }}
shell: pwsh shell: pwsh
run: choco push --source=https://push.chocolatey.org/ run: choco push --source=https://push.chocolatey.org/
working-directory: apps/desktop/dist working-directory: apps/desktop/dist
@ -273,14 +284,14 @@ jobs:
- electron-blob - electron-blob
- snap - snap
- choco - choco
if: ${{ always() && github.event.inputs.publish_type != 'Dry Run' }} if: ${{ always() && inputs.publish_type != 'Dry Run' }}
steps: steps:
- name: Check if any job failed - name: Check if any job failed
if: contains(needs.*.result, 'failure') if: contains(needs.*.result, 'failure')
run: exit 1 run: exit 1
- name: Update deployment status to Success - name: Update deployment status to Success
if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} if: ${{ inputs.publish_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with: with:
token: '${{ secrets.GITHUB_TOKEN }}' token: '${{ secrets.GITHUB_TOKEN }}'
@ -288,7 +299,7 @@ jobs:
deployment-id: ${{ needs.setup.outputs.deployment-id }} deployment-id: ${{ needs.setup.outputs.deployment-id }}
- name: Update deployment status to Failure - name: Update deployment status to Failure
if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} if: ${{ inputs.publish_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with: with:
token: '${{ secrets.GITHUB_TOKEN }}' token: '${{ secrets.GITHUB_TOKEN }}'

20
.github/workflows/publish-web.yml vendored
View File

@ -30,11 +30,11 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Branch check - name: Branch check
if: ${{ github.event.inputs.publish_type != 'Dry Run' }} if: ${{ inputs.publish_type != 'Dry Run' }}
run: | run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-web" ]]; then if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-web" ]]; then
echo "===================================" echo "==================================="
echo "[!] Can only release from the 'rc' or 'hotfix-rc-web' branches" echo "[!] Can only publish from the 'rc' or 'hotfix-rc-web' branches"
echo "===================================" echo "==================================="
exit 1 exit 1
fi fi
@ -43,7 +43,7 @@ jobs:
id: version id: version
uses: bitwarden/gh-actions/release-version-check@main uses: bitwarden/gh-actions/release-version-check@main
with: with:
release-type: ${{ github.event.inputs.publish_type }} release-type: ${{ inputs.publish_type }}
project-type: ts project-type: ts
file: apps/web/package.json file: apps/web/package.json
monorepo: true monorepo: true
@ -56,7 +56,7 @@ jobs:
env: env:
_BRANCH_NAME: ${{ github.ref_name }} _BRANCH_NAME: ${{ github.ref_name }}
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
_RELEASE_OPTION: ${{ github.event.inputs.publish_type }} _RELEASE_OPTION: ${{ inputs.publish_type }}
steps: steps:
- name: Print environment - name: Print environment
run: | run: |
@ -79,7 +79,7 @@ jobs:
run: az acr login -n bitwardenprod run: az acr login -n bitwardenprod
- name: Create GitHub deployment - name: Create GitHub deployment
if: ${{ github.event.inputs.publish_type != 'Dry Run' }} if: ${{ inputs.publish_type != 'Dry Run' }}
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
id: deployment id: deployment
with: with:
@ -92,7 +92,7 @@ jobs:
- name: Pull branch image - name: Pull branch image
run: | run: |
if [[ "${{ github.event.inputs.publish_type }}" == "Dry Run" ]]; then if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then
docker pull $_AZ_REGISTRY/web:latest docker pull $_AZ_REGISTRY/web:latest
else else
docker pull $_AZ_REGISTRY/web:$_BRANCH_NAME docker pull $_AZ_REGISTRY/web:$_BRANCH_NAME
@ -100,7 +100,7 @@ jobs:
- name: Tag version - name: Tag version
run: | run: |
if [[ "${{ github.event.inputs.publish_type }}" == "Dry Run" ]]; then if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then
docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web:dryrun docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web:dryrun
docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web-sh:dryrun docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web-sh:dryrun
else else
@ -112,7 +112,7 @@ jobs:
- name: Push version - name: Push version
run: | run: |
if [[ "${{ github.event.inputs.publish_type }}" == "Dry Run" ]]; then if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then
docker push $_AZ_REGISTRY/web:dryrun docker push $_AZ_REGISTRY/web:dryrun
docker push $_AZ_REGISTRY/web-sh:dryrun docker push $_AZ_REGISTRY/web-sh:dryrun
else else
@ -123,7 +123,7 @@ jobs:
fi fi
- name: Update deployment status to Success - name: Update deployment status to Success
if: ${{ github.event.inputs.publish_type != 'Dry Run' && success() }} if: ${{ inputs.publish_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with: with:
token: '${{ secrets.GITHUB_TOKEN }}' token: '${{ secrets.GITHUB_TOKEN }}'
@ -132,7 +132,7 @@ jobs:
deployment-id: ${{ steps.deployment.outputs.deployment_id }} deployment-id: ${{ steps.deployment.outputs.deployment_id }}
- name: Update deployment status to Failure - name: Update deployment status to Failure
if: ${{ github.event.inputs.publish_type != 'Dry Run' && failure() }} if: ${{ inputs.publish_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with: with:
token: '${{ secrets.GITHUB_TOKEN }}' token: '${{ secrets.GITHUB_TOKEN }}'

2
.github/workflows/release-desktop.yml vendored
View File

@ -98,7 +98,7 @@ jobs:
- name: Create Release - name: Create Release
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
if: ${{ steps.release-channel.outputs.channel == 'latest' && github.event.inputs.release_type != 'Dry Run' && github.event.inputs.github_release == 'true' }} if: ${{ steps.release-channel.outputs.channel == 'latest' && github.event.inputs.release_type != 'Dry Run' }}
env: env:
PKG_VERSION: ${{ steps.version.outputs.version }} PKG_VERSION: ${{ steps.version.outputs.version }}
RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }} RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }}

3
.github/workflows/scan.yml vendored
View File

@ -1,3 +1,4 @@
---
name: Scan name: Scan
on: on:
@ -31,7 +32,7 @@ jobs:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
- name: Scan with Checkmarx - name: Scan with Checkmarx
uses: checkmarx/ast-github-action@749fec53e0db0f6404a97e2e0807c3e80e3583a7 #2.0.23 uses: checkmarx/ast-github-action@749fec53e0db0f6404a97e2e0807c3e80e3583a7 # v2.0.23
env: env:
INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}" INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
with: with:

3
.github/workflows/test.yml vendored
View File

@ -1,3 +1,4 @@
---
name: Testing name: Testing
on: on:
@ -37,7 +38,7 @@ jobs:
checks: write checks: write
contents: read contents: read
pull-requests: write pull-requests: write
steps: steps:
- name: Check out repo - name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1