--- name: Release Web on: workflow_dispatch: inputs: release_type: description: 'Release Options' required: true default: 'Initial Release' type: choice options: - Initial Release - Redeploy - Dry Run jobs: setup: name: Setup runs-on: ubuntu-20.04 outputs: release_version: ${{ steps.version.outputs.version }} tag_version: ${{ steps.version.outputs.tag }} steps: - name: Checkout repo uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 - name: Branch check if: ${{ github.event.inputs.release_type != 'Dry Run' }} run: | if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ $GITHUB_REF != "refs/heads/hotfix-rc-web" ]]; then echo "===================================" echo "[!] Can only release from the 'rc' or 'hotfix-rc-web' branches" echo "===================================" exit 1 fi - name: Check Release Version id: version uses: bitwarden/gh-actions/release-version-check@8f055ef543c7433c967a1b9b04a0f230923233bb with: release-type: ${{ github.event.inputs.release_type }} project-type: ts file: apps/web/package.json monorepo: true monorepo-project: web self-host: name: Release self-host docker runs-on: ubuntu-20.04 needs: setup env: _BRANCH_NAME: ${{ github.ref_name }} _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} _RELEASE_OPTION: ${{ github.event.inputs.release_type }} steps: - name: Print environment run: | whoami docker --version echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" echo "Github Release Option: $_RELEASE_OPTION" - name: Checkout repo uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 ########## DockerHub ########## - name: Setup DCT id: setup-dct uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff with: azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} azure-keyvault-name: "bitwarden-prod-kv" - name: Pull branch image run: | if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then docker pull bitwarden/web:latest else docker pull bitwarden/web:$_BRANCH_NAME fi - name: Docker Tag version run: | if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then docker tag bitwarden/web:latest bitwarden/web:$_RELEASE_VERSION else docker tag bitwarden/web:$_BRANCH_NAME bitwarden/web:$_RELEASE_VERSION fi - name: Docker Push version if: ${{ github.event.inputs.release_type != 'Dry Run' }} env: DOCKER_CONTENT_TRUST: 1 DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} run: | docker push bitwarden/web:$_RELEASE_VERSION - name: Log out of Docker and disable Docker Notary run: | docker logout echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV ########## ACR ########## - name: Login to Azure - QA Subscription uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010 # v1.1 with: creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} - name: Login to Azure ACR run: az acr login -n bitwardenqa - name: Tag version env: REGISTRY: bitwardenqa.azurecr.io run: | if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then docker tag bitwarden/web:latest $REGISTRY/web:$_RELEASE_VERSION docker tag bitwarden/web:latest $REGISTRY/web-sh:$_RELEASE_VERSION else docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web:$_RELEASE_VERSION docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web-sh:$_RELEASE_VERSION fi - name: Push version if: ${{ github.event.inputs.release_type != 'Dry Run' }} env: REGISTRY: bitwardenqa.azurecr.io run: | docker push $REGISTRY/web:$_RELEASE_VERSION docker push $REGISTRY/web-sh:$_RELEASE_VERSION - name: Log out of Docker run: docker logout cfpages-deploy: name: Deploy Web Vault to CloudFlare Pages branch runs-on: ubuntu-20.04 needs: - setup - self-host env: _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} _TAG_VERSION: ${{ needs.setup.outputs.release_version }} steps: - name: Checkout Repo uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 - name: Download latest cloud asset if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a with: workflow: build-web.yml path: apps/web/build workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: web-*-cloud-COMMERCIAL.zip - name: Download latest cloud asset (Dry Run) if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a with: workflow: build-web.yml path: apps/web/build workflow_conclusion: success branch: master artifacts: web-*-cloud-COMMERCIAL.zip - name: Unzip build asset working-directory: apps/web run: unzip web-*-cloud-COMMERCIAL.zip - name: Checkout Repo uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 with: ref: cf-pages path: deployment - name: Setup git config run: | git config --global user.name = "GitHub Action Bot" git config --global user.email = "<>" git config --global url."https://github.com/".insteadOf ssh://git@github.com/ git config --global url."https://".insteadOf ssh:// - name: Deploy CloudFlare Pages run: | rm -rf ./* cp -R ../apps/web/build/* . working-directory: deployment - name: Create cf-pages-deploy branch run: | git switch -c cf-pages-deploy-$_TAG_VERSION git add . git commit -m "Staging deploy ${{ needs.setup.outputs.release_version }}" if [[ "${{ github.event.inputs.release_type }}" != "Dry Run" ]]; then git push -u origin cf-pages-deploy-$_TAG_VERSION fi working-directory: deployment - name: Create CloudFlare Pages Deploy PR if: ${{ github.event.inputs.release_type != 'Dry Run' }} env: PR_BRANCH: cf-pages-deploy-${{ env._TAG_VERSION }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh pr create --title "Deploy $_RELEASE_VERSION to CloudFlare Pages" \ --body "Deploying $_RELEASE_VERSION" \ --base cf-pages \ --head "$PR_BRANCH" release: name: Create GitHub Release runs-on: ubuntu-20.04 needs: - setup - self-host - cfpages-deploy steps: - name: Create GitHub deployment uses: chrnorm/deployment-action@1b599fe41a0ef1f95191e7f2eec4743f2d7dfc48 id: deployment with: token: '${{ secrets.GITHUB_TOKEN }}' initial-status: 'in_progress' environment-url: http://vault.bitwarden.com environment: 'Web Vault - Production' description: 'Deployment ${{ needs.setup.outputs.release_version }} from branch ${{ github.ref_name }}' task: release - name: Download latest build artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a with: workflow: build-web.yml path: apps/web/artifacts workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: "web-*-selfhosted-COMMERCIAL.zip, web-*-selfhosted-open-source.zip" - name: Download latest build artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a with: workflow: build-web.yml path: apps/web/artifacts workflow_conclusion: success branch: master artifacts: "web-*-selfhosted-COMMERCIAL.zip, web-*-selfhosted-open-source.zip" - name: Rename assets working-directory: apps/web/artifacts run: | mv web-*-selfhosted-COMMERCIAL.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip mv web-*-selfhosted-open-source.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip - name: Create release if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37 # v1.10.0 with: name: "Web v${{ needs.setup.outputs.release_version }}" commit: ${{ github.sha }} tag: web-v${{ needs.setup.outputs.release_version }} body: "" artifacts: "apps/web/artifacts/web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip, apps/web/artifacts/web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip" token: ${{ secrets.GITHUB_TOKEN }} draft: true - name: Update deployment status to Success if: ${{ success() }} uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86 with: token: '${{ secrets.GITHUB_TOKEN }}' environment-url: http://vault.bitwarden.com state: 'success' deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update deployment status to Failure if: ${{ failure() }} uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86 with: token: '${{ secrets.GITHUB_TOKEN }}' environment-url: http://vault.bitwarden.com state: 'failure' deployment-id: ${{ steps.deployment.outputs.deployment_id }}