--- name: Deploy Web - Non-Prod run-name: Deploy Web ${{ inputs.environment }} on: workflow_dispatch: inputs: environment: description: 'Environment' default: 'QA' type: choice options: - QA - EUQA - USPROD workflow_call: inputs: environment: description: 'Environment' default: 'QA' type: string jobs: setup: name: Setup runs-on: ubuntu-20.04 outputs: environment: ${{ steps.config.outputs.environment }} environment-url: ${{ steps.config.outputs.environment-url }} environment-name: ${{ steps.config.outputs.environment-name }} environment-branch: ${{ steps.config.outputs.environment-branch }} environment-artifact: ${{ steps.config.outputs.environment-artifact }} azure-login-creds: ${{ steps.config.outputs.azure-login-creds }} retrieve-secrets-keyvault: ${{ steps.config.outputs.retrieve-secrets-keyvault }} steps: - name: Configure id: config run: | ENV_NAME_LOWER=$(echo "${{ inputs.environment }}" | awk '{print tolower($0)}') echo "configuring the Web deploy for ${{ inputs.environment }}" echo "environment=${{ inputs.environment }}" >> $GITHUB_OUTPUT echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT echo "environment-name=Web Vault - ${{ inputs.environment }}" >> $GITHUB_OUTPUT echo "environment-branch=cf-pages-$ENV_NAME_LOWER" >> $GITHUB_OUTPUT if [ ${{ inputs.environment }} == "QA" ]; then echo "azure-login-creds=AZURE_KV_US_QA_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT echo "retrieve-secrets-keyvault=bw-webvault-rlktusqa-kv" >> $GITHUB_OUTPUT echo "environment-artifact=web-*-cloud-QA.zip" >> $GITHUB_OUTPUT elif [ ${{ inputs.environment }} == "EUQA" ]; then echo "azure-login-creds=AZURE_KV_EU_QA_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT echo "retrieve-secrets-keyvault=webvaulteu-westeurope-qa" >> $GITHUB_OUTPUT echo "environment-artifact=web-*-cloud-euqa.zip" >> $GITHUB_OUTPUT elif [ ${{ inputs.environment }} == "USPROD" ]; then echo "azure-login-creds=AZURE_KV_US_PROD_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT echo "retrieve-secrets-keyvault=bw-webvault-klrt-kv" >> $GITHUB_OUTPUT echo "environment-artifact=web-*-cloud-COMMERCIAL.zip" >> $GITHUB_OUTPUT fi notify-start: name: Notify Slack with start message runs-on: ubuntu-22.04 if: always() steps: - uses: bitwarden/gh-actions/report-deployment-status-to-slack@main with: project: Web environment: US ${{ inputs.environment }} Cloud tag: ${{ github.ref_name }} slack-channel: team-eng-qa-devops event: 'start' url: https://github.com/bitwarden/clients/actions/runs/${{ github.run_id }} AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} artifact-check: name: Check if Web artifact is present runs-on: ubuntu-22.04 needs: setup env: _ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }} steps: - name: Download latest cloud asset uses: bitwarden/gh-actions/download-artifacts@main id: download-artifacts continue-on-error: true with: workflow: build-web.yml path: apps/web workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: ${{ env._ENVIRONMENT_ARTIFACT }} - name: Login to Azure if: ${{ steps.download-artifacts.outcome == 'failure' }} uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets for Build trigger if: ${{ steps.download-artifacts.outcome == 'failure' }} id: retrieve-secret uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: "bitwarden-ci" secrets: "github-pat-bitwarden-devops-bot-repo-scope" - name: Build server missing branch if: ${{ steps.download-artifacts.outcome == 'failure' }} uses: convictional/trigger-workflow-and-wait@f69fa9eedd3c62a599220f4d5745230e237904be # v1.6.5 with: owner: bitwarden repo: clients github_token: ${{ steps.retrieve-secret.outputs.github-pat-bitwarden-devops-bot-repo-scope }} workflow_file_name: build-web.yml ref: ${{ github.ref_name }} wait_interval: 100 cfpages-deploy: name: Deploy Web Vault to ${{ inputs.environment }} CloudFlare Pages branch if : ${{ inputs.environment == 'QA' }} needs: - setup - artifact-check runs-on: ubuntu-22.04 env: _ENVIRONMENT: ${{ needs.setup.outputs.environment }} _ENVIRONMENT_URL: ${{ needs.setup.outputs.environment-url }} _ENVIRONMENT_NAME: ${{ needs.setup.outputs.environment-name }} _ENVIRONMENT_BRANCH: ${{ needs.setup.outputs.environment-branch }} _ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }} steps: - name: Create GitHub deployment uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5 id: deployment with: token: '${{ secrets.GITHUB_TOKEN }}' initial-status: 'in_progress' environment-url: ${{ env._ENVIRONMENT_URL }} environment: ${{ env._ENVIRONMENT_NAME }} description: 'Deployment from branch ${{ github.ref_name }}' - name: Checkout Repo uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Download latest cloud asset uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-web.yml path: apps/web workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: ${{ env._ENVIRONMENT_ARTIFACT }} - name: Unzip cloud asset working-directory: apps/web run: unzip ${{ env._ENVIRONMENT_ARTIFACT }} - name: Checkout Repo uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: ref: ${{ env._ENVIRONMENT_BRANCH }} path: deployment - name: Setup git config run: | git config --global user.name "GitHub Action Bot" git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --global url."https://github.com/".insteadOf ssh://git@github.com/ git config --global url."https://".insteadOf ssh:// - name: Deploy CloudFlare Pages run: | rm -rf ./* cp -R ../apps/web/build/* . working-directory: deployment - name: Push new ver to ${{ env._ENVIRONMENT_BRANCH }} run: | if [ -n "$(git status --porcelain)" ]; then git add . git commit -m "Deploy ${{ github.ref_name }} to ${{ env._ENVIRONMENT }} Cloudflare pages" git push -u origin ${{ env._ENVIRONMENT_BRANCH }} else echo "No changes to commit!"; fi working-directory: deployment - name: Update deployment status to Success if: ${{ success() }} uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: token: '${{ secrets.GITHUB_TOKEN }}' environment-url: ${{ env._ENVIRONMENT_URL }} state: 'success' deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update deployment status to Failure if: ${{ failure() }} uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: token: '${{ secrets.GITHUB_TOKEN }}' environment-url: ${{ env._ENVIRONMENT_URL }} state: 'failure' deployment-id: ${{ steps.deployment.outputs.deployment_id }} azure-deploy: name: Deploy Web Vault to ${{ inputs.environment }} Storage Account needs: - setup - artifact-check runs-on: ubuntu-22.04 env: _ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }} steps: - name: Login to Azure uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets[needs.setup.outputs.azure-login-creds] }} - name: Retrieve Storage Account connection string id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: ${{ needs.setup.outputs.retrieve-secrets-keyvault }} secrets: "sa-bitwarden-web-vault-dev-key-temp" - name: Download latest cloud asset uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-web.yml path: apps/web workflow_conclusion: success branch: ${{ github.event.inputs.tag }} artifacts: ${{ env._ENVIRONMENT_ARTIFACT }} - name: Unzip build asset working-directory: apps/web run: unzip ${{ env._ENVIRONMENT_ARTIFACT }} - name: Empty container in Storage Account run: | az storage blob delete-batch \ --source '$web' \ --pattern '*' \ --connection-string "${{ steps.retrieve-secrets.outputs.sa-bitwarden-web-vault-dev-key-temp }}" - name: Deploy to Azure Storage Account working-directory: apps/web run: | az storage blob upload-batch \ --source "./build" \ --destination '$web' \ --connection-string "${{ steps.retrieve-secrets.outputs.sa-bitwarden-web-vault-dev-key-temp }}" \ --overwrite \ --no-progress notify: name: Notify Slack with result runs-on: ubuntu-22.04 if: always() needs: - cfpages-deploy - setup steps: - uses: bitwarden/gh-actions/report-deployment-status-to-slack@main with: project: Web environment: US ${{ inputs.environment }} Cloud tag: ${{ github.ref_name }} slack-channel: team-eng-qa-devops event: ${{ needs.cfpages-deploy.result }} url: https://github.com/bitwarden/clients/actions/runs/${{ github.run_id }} AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}