--- name: Release CLI run-name: Release CLI ${{ inputs.release_type }} on: workflow_dispatch: inputs: release_type: description: 'Release Options' required: true default: 'Initial Release' type: choice options: - Initial Release - Redeploy - Dry Run snap_publish: description: 'Publish to snap store' required: true default: true type: boolean choco_publish: description: 'Publish to chocolatey store' required: true default: true type: boolean npm_publish: description: 'Publish to npm registry' required: true default: true type: boolean defaults: run: working-directory: apps/cli jobs: setup: name: Setup runs-on: ubuntu-20.04 outputs: release-version: ${{ steps.version.outputs.version }} steps: - name: Checkout repo uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Branch check if: ${{ github.event.inputs.release_type != 'Dry Run' }} run: | if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-cli" ]]; then echo "===================================" echo "[!] Can only release from the 'rc' or 'hotfix-rc-cli' branches" echo "===================================" exit 1 fi - name: Check Release Version id: version uses: bitwarden/gh-actions/release-version-check@main with: release-type: ${{ github.event.inputs.release_type }} project-type: ts file: apps/cli/package.json monorepo: true monorepo-project: cli - name: Create GitHub deployment if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5 id: deployment with: token: '${{ secrets.GITHUB_TOKEN }}' initial-status: 'in_progress' environment: 'CLI - Production' description: 'Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}' task: release - name: Download all Release artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-cli.yml path: apps/cli workflow_conclusion: success branch: ${{ github.ref_name }} - name: Dry Run - Download all artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-cli.yml path: apps/cli workflow_conclusion: success branch: main - name: Create release if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0 env: PKG_VERSION: ${{ steps.version.outputs.version }} with: artifacts: "apps/cli/bw-windows-${{ env.PKG_VERSION }}.zip, apps/cli/bw-windows-sha256-${{ env.PKG_VERSION }}.txt, apps/cli/bw-macos-${{ env.PKG_VERSION }}.zip, apps/cli/bw-macos-sha256-${{ env.PKG_VERSION }}.txt, apps/cli/bw-linux-${{ env.PKG_VERSION }}.zip, apps/cli/bw-linux-sha256-${{ env.PKG_VERSION }}.txt, apps/cli/bitwarden-cli.${{ env.PKG_VERSION }}.nupkg, apps/cli/bw_${{ env.PKG_VERSION }}_amd64.snap, apps/cli/bw-snap-sha256-${{ env.PKG_VERSION }}.txt" commit: ${{ github.sha }} tag: cli-v${{ env.PKG_VERSION }} name: CLI v${{ env.PKG_VERSION }} body: "" token: ${{ secrets.GITHUB_TOKEN }} draft: true - name: Update deployment status to Success if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'success' deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update deployment status to Failure if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'failure' deployment-id: ${{ steps.deployment.outputs.deployment_id }} snap: name: Deploy Snap runs-on: ubuntu-20.04 needs: setup if: inputs.snap_publish env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: - name: Checkout repo uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Login to Azure uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: "bitwarden-ci" secrets: "snapcraft-store-token" - name: Install Snap uses: samuelmeuli/action-snapcraft@d33c176a9b784876d966f80fb1b461808edc0641 # v2.1.1 - name: Download artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-cli.yml path: apps/cli workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: bw_${{ env._PKG_VERSION }}_amd64.snap - name: Dry Run - Download artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-cli.yml path: apps/cli workflow_conclusion: success branch: main artifacts: bw_${{ env._PKG_VERSION }}_amd64.snap - name: Publish Snap & logout if: ${{ github.event.inputs.release_type != 'Dry Run' }} env: SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} run: | snapcraft upload bw_${{ env._PKG_VERSION }}_amd64.snap --release stable snapcraft logout choco: name: Deploy Choco runs-on: windows-2019 needs: setup if: inputs.choco_publish env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: - name: Checkout repo uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Login to Azure uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: "bitwarden-ci" secrets: "cli-choco-api-key" - name: Setup Chocolatey run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ env: CHOCO_API_KEY: ${{ steps.retrieve-secrets.outputs.cli-choco-api-key }} - name: Make dist dir shell: pwsh run: New-Item -ItemType directory -Path ./dist - name: Download artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-cli.yml path: apps/cli/dist workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: bitwarden-cli.${{ env._PKG_VERSION }}.nupkg - name: Dry Run - Download artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-cli.yml path: apps/cli/dist workflow_conclusion: success branch: main artifacts: bitwarden-cli.${{ env._PKG_VERSION }}.nupkg - name: Push to Chocolatey if: ${{ github.event.inputs.release_type != 'Dry Run' }} shell: pwsh run: | cd dist choco push --source=https://push.chocolatey.org/ npm: name: Publish NPM runs-on: ubuntu-20.04 needs: setup if: inputs.npm_publish env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: - name: Checkout repo uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Login to Azure uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: "bitwarden-ci" secrets: "npm-api-key" - name: Download artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-cli.yml path: apps/cli/build workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: bitwarden-cli-${{ env._PKG_VERSION }}-npm-build.zip - name: Dry Run - Download artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-cli.yml path: apps/cli/build workflow_conclusion: success branch: main artifacts: bitwarden-cli-${{ env._PKG_VERSION }}-npm-build.zip - name: Setup NPM run: | echo 'registry="https://registry.npmjs.org/"' > ./.npmrc echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc env: NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} - name: Install Husky run: npm install -g husky - name: Publish NPM if: ${{ github.event.inputs.release_type != 'Dry Run' }} run: npm publish --access public --regsitry=https://registry.npmjs.org/ --userconfig=./.npmrc