--- name: Release Desktop run-name: Release Desktop ${{ inputs.release_type }} on: workflow_dispatch: inputs: release_type: description: 'Release Options' required: true default: 'Initial Release' type: choice options: - Initial Release - Redeploy - Dry Run rollout_percentage: description: 'Staged Rollout Percentage' required: true default: '10' type: string snap_publish: description: 'Publish to Snap store' required: true default: true type: boolean choco_publish: description: 'Publish to Chocolatey store' required: true default: true type: boolean electron_publish: description: 'Publish electron to S3 bucket' required: true default: true type: boolean github_release: description: 'Publish github release' required: true default: true type: boolean defaults: run: shell: bash jobs: setup: name: Setup runs-on: ubuntu-20.04 outputs: release-version: ${{ steps.version.outputs.version }} release-channel: ${{ steps.release-channel.outputs.channel }} steps: - name: Checkout repo uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Branch check if: ${{ github.event.inputs.release_type != 'Dry Run' }} run: | if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-desktop" ]]; then echo "===================================" echo "[!] Can only release from the 'rc' or 'hotfix-rc-desktop' branches" echo "===================================" exit 1 fi - name: Check Release Version id: version uses: bitwarden/gh-actions/release-version-check@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b with: release-type: ${{ github.event.inputs.release_type }} project-type: ts file: apps/desktop/src/package.json monorepo: true monorepo-project: desktop - name: Get Version Channel id: release-channel run: | case "${{ steps.version.outputs.version }}" in *"alpha"*) echo "channel=alpha" >> $GITHUB_OUTPUT echo "[!] We do not yet support 'alpha'" exit 1 ;; *"beta"*) echo "channel=beta" >> $GITHUB_OUTPUT ;; *) echo "channel=latest" >> $GITHUB_OUTPUT ;; esac - name: Create GitHub deployment if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5 id: deployment with: token: '${{ secrets.GITHUB_TOKEN }}' initial-status: 'in_progress' environment: 'Desktop - Production' description: 'Deployment ${{ steps.version.outputs.version }} to channel ${{ steps.release-channel.outputs.channel }} from branch ${{ github.ref_name }}' task: release - name: Login to Azure uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b with: keyvault: "bitwarden-ci" secrets: "aws-electron-access-id, aws-electron-access-key, aws-electron-bucket-name, r2-electron-access-id, r2-electron-access-key, r2-electron-bucket-name, cf-prod-account" - name: Download all artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b with: workflow: build-desktop.yml workflow_conclusion: success branch: ${{ github.ref_name }} path: apps/desktop/artifacts - name: Dry Run - Download all artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b with: workflow: build-desktop.yml workflow_conclusion: success branch: master path: apps/desktop/artifacts - name: Rename .pkg to .pkg.archive env: PKG_VERSION: ${{ steps.version.outputs.version }} working-directory: apps/desktop/artifacts run: mv Bitwarden-${{ env.PKG_VERSION }}-universal.pkg Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive - name: Set staged rollout percentage if: ${{ github.event.inputs.electron_publish }} env: RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }} ROLLOUT_PCT: ${{ github.event.inputs.rollout_percentage }} run: | echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}.yml echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-linux.yml echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-mac.yml - name: Publish artifacts to S3 if: ${{ github.event.inputs.release_type != 'Dry Run' && github.event.inputs.electron_publish }} env: AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }} AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }} AWS_DEFAULT_REGION: 'us-west-2' AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.aws-electron-bucket-name }} working-directory: apps/desktop/artifacts run: | aws s3 cp ./ $AWS_S3_BUCKET_NAME/desktop/ \ --acl "public-read" \ --recursive \ --quiet - name: Publish artifacts to R2 if: ${{ github.event.inputs.release_type != 'Dry Run' && github.event.inputs.electron_publish }} env: AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.r2-electron-access-id }} AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.r2-electron-access-key }} AWS_DEFAULT_REGION: 'us-east-1' AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.r2-electron-bucket-name }} CF_ACCOUNT: ${{ steps.retrieve-secrets.outputs.cf-prod-account }} working-directory: apps/desktop/artifacts run: | aws s3 cp ./ $AWS_S3_BUCKET_NAME/desktop/ \ --recursive \ --quiet \ --endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com - name: Get checksum files uses: bitwarden/gh-actions/get-checksum@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b with: packages_dir: "apps/desktop/artifacts" file_path: "apps/desktop/artifacts/sha256-checksums.txt" - name: Create Release uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0 if: ${{ steps.release-channel.outputs.channel == 'latest' && github.event.inputs.release_type != 'Dry Run' && github.event.inputs.github_release }} env: PKG_VERSION: ${{ steps.version.outputs.version }} RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }} with: artifacts: "apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-amd64.deb, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x86_64.rpm, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64.freebsd, apps/desktop/artifacts/bitwarden_${{ env.PKG_VERSION }}_amd64.snap, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x86_64.AppImage, apps/desktop/artifacts/Bitwarden-Portable-${{ env.PKG_VERSION }}.exe, apps/desktop/artifacts/Bitwarden-Installer-${{ env.PKG_VERSION }}.exe, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-ia32-store.appx, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-ia32.appx, apps/desktop/artifacts/bitwarden-${{ env.PKG_VERSION }}-ia32.nsis.7z, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64-store.appx, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64.appx, apps/desktop/artifacts/bitwarden-${{ env.PKG_VERSION }}-x64.nsis.7z, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-arm64-store.appx, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-arm64.appx, apps/desktop/artifacts/bitwarden-${{ env.PKG_VERSION }}-arm64.nsis.7z, apps/desktop/artifacts/bitwarden.${{ env.PKG_VERSION }}.nupkg, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal-mac.zip, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.dmg, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.dmg.blockmap, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive, apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}.yml, apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}-linux.yml, apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}-mac.yml, apps/desktop/artifacts/sha256-checksums.txt" commit: ${{ github.sha }} tag: desktop-v${{ env.PKG_VERSION }} name: Desktop v${{ env.PKG_VERSION }} body: "" token: ${{ secrets.GITHUB_TOKEN }} draft: true - name: Update deployment status to Success if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'success' deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update deployment status to Failure if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'failure' deployment-id: ${{ steps.deployment.outputs.deployment_id }} snap: name: Deploy Snap runs-on: ubuntu-20.04 needs: setup if: inputs.snap_publish env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: - name: Checkout Repo uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Login to Azure uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b with: keyvault: "bitwarden-ci" secrets: "snapcraft-store-token" - name: Install Snap uses: samuelmeuli/action-snapcraft@d33c176a9b784876d966f80fb1b461808edc0641 # v2.1.1 with: snapcraft_token: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} - name: Setup run: mkdir dist working-directory: apps/desktop - name: Download Snap artifact if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b with: workflow: build-desktop.yml workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap path: apps/desktop/dist - name: Dry Run - Download Snap artifact if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b with: workflow: build-desktop.yml workflow_conclusion: success branch: master artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap path: apps/desktop/dist - name: Deploy to Snap Store if: ${{ github.event.inputs.release_type != 'Dry Run' }} run: | snapcraft upload bitwarden_${{ env._PKG_VERSION }}_amd64.snap --release stable snapcraft logout working-directory: apps/desktop/dist choco: name: Deploy Choco runs-on: windows-2019 needs: setup if: inputs.choco_publish env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: - name: Checkout Repo uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Print Environment run: | dotnet --version dotnet nuget --version - name: Login to Azure uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b with: keyvault: "bitwarden-ci" secrets: "cli-choco-api-key" - name: Setup Chocolatey shell: pwsh run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ env: CHOCO_API_KEY: ${{ steps.retrieve-secrets.outputs.cli-choco-api-key }} - name: Make dist dir shell: pwsh run: New-Item -ItemType directory -Path ./dist working-directory: apps/desktop - name: Download choco artifact if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b with: workflow: build-desktop.yml workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: bitwarden.${{ env._PKG_VERSION }}.nupkg path: apps/desktop/dist - name: Dry Run - Download choco artifact if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b with: workflow: build-desktop.yml workflow_conclusion: success branch: master artifacts: bitwarden.${{ env._PKG_VERSION }}.nupkg path: apps/desktop/dist - name: Push to Chocolatey if: ${{ github.event.inputs.release_type != 'Dry Run' }} shell: pwsh run: choco push working-directory: apps/desktop/dist