--- name: Release on: workflow_dispatch: inputs: {} jobs: setup: name: Setup runs-on: ubuntu-20.04 outputs: release_version: ${{ steps.version.outputs.package }} tag_version: ${{ steps.version.outputs.tag }} steps: - name: Branch check run: | if [[ "$GITHUB_REF" != "refs/heads/release" ]]; then echo "===================================" echo "[!] Can only release from the 'release' branch" echo "===================================" exit 1 fi - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # 2.3.4 - name: Check Release Version id: version run: | version=$( jq -r ".version" package.json) previous_release_tag_version=$( curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name" ) if [ "v$version" == "$previous_release_tag_version" ]; then echo "[!] Already released v$version. Please bump version to continue" exit 1 fi echo "::set-output name=package::$version" echo "::set-output name=tag::v$version" self-host: name: Release self-host docker runs-on: ubuntu-20.04 needs: setup env: _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} steps: - name: Print environment run: | whoami docker --version echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" - name: Setup DCT id: setup-dct uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff with: azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} azure-keyvault-name: "bitwarden-prod-kv" - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - name: Pull latest selfhost Release image run: docker pull bitwarden/web:latest - name: Tag version run: | docker tag bitwarden/web:latest bitwarden/web:$_RELEASE_VERSION - name: List Docker images run: docker images - name: Push images run: | docker push bitwarden/web:$_RELEASE_VERSION env: DOCKER_CONTENT_TRUST: 1 DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} - name: Log out of Docker run: docker logout ghpages-deploy: name: Deploy Web Vault runs-on: ubuntu-20.04 needs: - setup - self-host env: _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} steps: - name: Checkout Repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 with: ref: gh-pages - name: Create deploy branch run: | git switch -c deploy-$_TAG_VERSION git push -u origin deploy-$_TAG_VERSION - name: Checkout Repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 with: ref: release - name: Setup git config run: | git config user.name = "GitHub Action Bot" git config user.email = "<>" git config --global url."https://github.com/".insteadOf ssh://git@github.com/ git config --global url."https://".insteadOf ssh:// - name: Download latest cloud asset uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 with: workflow: build.yml workflow_conclusion: success branch: release artifacts: web-*-cloud-COMMERCIAL.zip # This should result in a build directory in the current working directory - name: Unzip build asset run: unzip web-*-cloud-COMMERCIAL.zip - name: Deploy GitHub Pages uses: crazy-max/ghaction-github-pages@db4476a01402e1a7ce05f41832040eef16d14925 # v2.5.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: target_branch: deploy-${{ needs.setup.outputs.tag_version }} build_dir: build keep_history: true commit_message: "Staging deploy ${{ needs.setup.outputs.release_version }}" - name: Create Deploy PR env: PR_BRANCH: deploy-${{ env._TAG_VERSION }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh pr create --title "Deploy $_RELEASE_VERSION" \ --body "Deploying $_RELEASE_VERSION" \ --base gh-pages \ --head "$PR_BRANCH" release: name: Create GitHub Release runs-on: ubuntu-20.04 needs: - setup - self-host - ghpages-deploy steps: - name: Download latest build artifacts uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 with: workflow: build.yml workflow_conclusion: success branch: release artifacts: "web-*-selfhosted-COMMERCIAL.zip, web-*-selfhosted-open-source.zip" - name: Rename assets run: | mv web-*-selfhosted-COMMERCIAL.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip mv web-*-selfhosted-open-source.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip - name: Create release uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09 with: name: "Version ${{ needs.setup.outputs.release_version }}" commit: ${{ github.sha }} tag: "${{ needs.setup.outputs.tag_version }}" body: "" artifacts: "web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip, web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip" token: ${{ secrets.GITHUB_TOKEN }} draft: true