mirror of
https://github.com/bitwarden/browser.git
synced 2024-09-13 01:58:44 +02:00
274 lines
10 KiB
YAML
274 lines
10 KiB
YAML
---
|
|
name: Deploy Web - Non-Prod
|
|
run-name: Deploy Web ${{ inputs.environment }}
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
environment:
|
|
description: 'Environment'
|
|
default: 'QA'
|
|
type: choice
|
|
options:
|
|
- QA
|
|
- EUQA
|
|
- USPROD
|
|
|
|
workflow_call:
|
|
inputs:
|
|
environment:
|
|
description: 'Environment'
|
|
default: 'QA'
|
|
type: string
|
|
|
|
jobs:
|
|
setup:
|
|
name: Setup
|
|
runs-on: ubuntu-20.04
|
|
outputs:
|
|
environment: ${{ steps.config.outputs.environment }}
|
|
environment-url: ${{ steps.config.outputs.environment-url }}
|
|
environment-name: ${{ steps.config.outputs.environment-name }}
|
|
environment-branch: ${{ steps.config.outputs.environment-branch }}
|
|
environment-artifact: ${{ steps.config.outputs.environment-artifact }}
|
|
azure-login-creds: ${{ steps.config.outputs.azure-login-creds }}
|
|
retrieve-secrets-keyvault: ${{ steps.config.outputs.retrieve-secrets-keyvault }}
|
|
steps:
|
|
- name: Configure
|
|
id: config
|
|
run: |
|
|
ENV_NAME_LOWER=$(echo "${{ inputs.environment }}" | awk '{print tolower($0)}')
|
|
echo "configuring the Web deploy for ${{ inputs.environment }}"
|
|
echo "environment=${{ inputs.environment }}" >> $GITHUB_OUTPUT
|
|
echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT
|
|
echo "environment-name=Web Vault - ${{ inputs.environment }}" >> $GITHUB_OUTPUT
|
|
echo "environment-branch=cf-pages-$ENV_NAME_LOWER" >> $GITHUB_OUTPUT
|
|
if [ ${{ inputs.environment }} == "QA" ]; then
|
|
echo "azure-login-creds=AZURE_KV_US_QA_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
|
|
echo "retrieve-secrets-keyvault=bw-webvault-rlktusqa-kv" >> $GITHUB_OUTPUT
|
|
echo "environment-artifact=web-*-cloud-QA.zip" >> $GITHUB_OUTPUT
|
|
elif [ ${{ inputs.environment }} == "EUQA" ]; then
|
|
echo "azure-login-creds=AZURE_KV_EU_QA_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
|
|
echo "retrieve-secrets-keyvault=webvaulteu-westeurope-qa" >> $GITHUB_OUTPUT
|
|
echo "environment-artifact=web-*-cloud-euqa.zip" >> $GITHUB_OUTPUT
|
|
elif [ ${{ inputs.environment }} == "USPROD" ]; then
|
|
echo "azure-login-creds=AZURE_KV_US_PROD_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
|
|
echo "retrieve-secrets-keyvault=bw-webvault-klrt-kv" >> $GITHUB_OUTPUT
|
|
echo "environment-artifact=web-*-cloud-COMMERCIAL.zip" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
notify-start:
|
|
name: Notify Slack with start message
|
|
runs-on: ubuntu-22.04
|
|
if: always()
|
|
steps:
|
|
- uses: bitwarden/gh-actions/report-deployment-status-to-slack@main
|
|
with:
|
|
project: Web
|
|
environment: US ${{ inputs.environment }} Cloud
|
|
tag: ${{ github.ref_name }}
|
|
slack-channel: team-eng-qa-devops
|
|
event: 'start'
|
|
url: https://github.com/bitwarden/clients/actions/runs/${{ github.run_id }}
|
|
AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
|
|
|
artifact-check:
|
|
name: Check if Web artifact is present
|
|
runs-on: ubuntu-22.04
|
|
needs: setup
|
|
env:
|
|
_ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }}
|
|
steps:
|
|
- name: Download latest cloud asset
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
id: download-artifacts
|
|
continue-on-error: true
|
|
with:
|
|
workflow: build-web.yml
|
|
path: apps/web
|
|
workflow_conclusion: success
|
|
branch: ${{ github.ref_name }}
|
|
artifacts: ${{ env._ENVIRONMENT_ARTIFACT }}
|
|
|
|
- name: Login to Azure
|
|
if: ${{ steps.download-artifacts.outcome == 'failure' }}
|
|
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
|
with:
|
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
|
|
|
- name: Retrieve secrets for Build trigger
|
|
if: ${{ steps.download-artifacts.outcome == 'failure' }}
|
|
id: retrieve-secret
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: "bitwarden-ci"
|
|
secrets: "github-pat-bitwarden-devops-bot-repo-scope"
|
|
|
|
- name: Build server missing branch
|
|
if: ${{ steps.download-artifacts.outcome == 'failure' }}
|
|
uses: convictional/trigger-workflow-and-wait@f69fa9eedd3c62a599220f4d5745230e237904be # v1.6.5
|
|
with:
|
|
owner: bitwarden
|
|
repo: clients
|
|
github_token: ${{ steps.retrieve-secret.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
|
|
workflow_file_name: build-web.yml
|
|
ref: ${{ github.ref_name }}
|
|
wait_interval: 100
|
|
|
|
cfpages-deploy:
|
|
name: Deploy Web Vault to ${{ inputs.environment }} CloudFlare Pages branch
|
|
if : ${{ inputs.environment == 'QA' }}
|
|
needs:
|
|
- setup
|
|
- artifact-check
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
_ENVIRONMENT: ${{ needs.setup.outputs.environment }}
|
|
_ENVIRONMENT_URL: ${{ needs.setup.outputs.environment-url }}
|
|
_ENVIRONMENT_NAME: ${{ needs.setup.outputs.environment-name }}
|
|
_ENVIRONMENT_BRANCH: ${{ needs.setup.outputs.environment-branch }}
|
|
_ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }}
|
|
steps:
|
|
- name: Create GitHub deployment
|
|
uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5
|
|
id: deployment
|
|
with:
|
|
token: '${{ secrets.GITHUB_TOKEN }}'
|
|
initial-status: 'in_progress'
|
|
environment-url: ${{ env._ENVIRONMENT_URL }}
|
|
environment: ${{ env._ENVIRONMENT_NAME }}
|
|
description: 'Deployment from branch ${{ github.ref_name }}'
|
|
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
|
|
- name: Download latest cloud asset
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
workflow: build-web.yml
|
|
path: apps/web
|
|
workflow_conclusion: success
|
|
branch: ${{ github.ref_name }}
|
|
artifacts: ${{ env._ENVIRONMENT_ARTIFACT }}
|
|
|
|
- name: Unzip cloud asset
|
|
working-directory: apps/web
|
|
run: unzip ${{ env._ENVIRONMENT_ARTIFACT }}
|
|
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
ref: ${{ env._ENVIRONMENT_BRANCH }}
|
|
path: deployment
|
|
|
|
- name: Setup git config
|
|
run: |
|
|
git config --global user.name "GitHub Action Bot"
|
|
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
git config --global url."https://github.com/".insteadOf ssh://git@github.com/
|
|
git config --global url."https://".insteadOf ssh://
|
|
|
|
- name: Deploy CloudFlare Pages
|
|
run: |
|
|
rm -rf ./*
|
|
cp -R ../apps/web/build/* .
|
|
working-directory: deployment
|
|
|
|
- name: Push new ver to ${{ env._ENVIRONMENT_BRANCH }}
|
|
run: |
|
|
if [ -n "$(git status --porcelain)" ]; then
|
|
git add .
|
|
git commit -m "Deploy ${{ github.ref_name }} to ${{ env._ENVIRONMENT }} Cloudflare pages"
|
|
git push -u origin ${{ env._ENVIRONMENT_BRANCH }}
|
|
else
|
|
echo "No changes to commit!";
|
|
fi
|
|
working-directory: deployment
|
|
|
|
- name: Update deployment status to Success
|
|
if: ${{ success() }}
|
|
uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
|
|
with:
|
|
token: '${{ secrets.GITHUB_TOKEN }}'
|
|
environment-url: ${{ env._ENVIRONMENT_URL }}
|
|
state: 'success'
|
|
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
|
|
|
|
- name: Update deployment status to Failure
|
|
if: ${{ failure() }}
|
|
uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
|
|
with:
|
|
token: '${{ secrets.GITHUB_TOKEN }}'
|
|
environment-url: ${{ env._ENVIRONMENT_URL }}
|
|
state: 'failure'
|
|
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
|
|
|
|
azure-deploy:
|
|
name: Deploy Web Vault to ${{ inputs.environment }} Storage Account
|
|
needs:
|
|
- setup
|
|
- artifact-check
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
_ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }}
|
|
steps:
|
|
- name: Login to Azure
|
|
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
|
with:
|
|
creds: ${{ secrets[needs.setup.outputs.azure-login-creds] }}
|
|
|
|
- name: Retrieve Storage Account connection string
|
|
id: retrieve-secrets
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
|
with:
|
|
keyvault: ${{ needs.setup.outputs.retrieve-secrets-keyvault }}
|
|
secrets: "sa-bitwarden-web-vault-dev-key-temp"
|
|
|
|
- name: Download latest cloud asset
|
|
uses: bitwarden/gh-actions/download-artifacts@main
|
|
with:
|
|
workflow: build-web.yml
|
|
path: apps/web
|
|
workflow_conclusion: success
|
|
branch: ${{ github.event.inputs.tag }}
|
|
artifacts: ${{ env._ENVIRONMENT_ARTIFACT }}
|
|
|
|
- name: Unzip build asset
|
|
working-directory: apps/web
|
|
run: unzip ${{ env._ENVIRONMENT_ARTIFACT }}
|
|
|
|
- name: Empty container in Storage Account
|
|
run: |
|
|
az storage blob delete-batch \
|
|
--source '$web' \
|
|
--pattern '*' \
|
|
--connection-string "${{ steps.retrieve-secrets.outputs.sa-bitwarden-web-vault-dev-key-temp }}"
|
|
|
|
- name: Deploy to Azure Storage Account
|
|
working-directory: apps/web
|
|
run: |
|
|
az storage blob upload-batch \
|
|
--source "./build" \
|
|
--destination '$web' \
|
|
--connection-string "${{ steps.retrieve-secrets.outputs.sa-bitwarden-web-vault-dev-key-temp }}" \
|
|
--overwrite \
|
|
--no-progress
|
|
|
|
notify:
|
|
name: Notify Slack with result
|
|
runs-on: ubuntu-22.04
|
|
if: always()
|
|
needs:
|
|
- cfpages-deploy
|
|
- setup
|
|
steps:
|
|
- uses: bitwarden/gh-actions/report-deployment-status-to-slack@main
|
|
with:
|
|
project: Web
|
|
environment: US ${{ inputs.environment }} Cloud
|
|
tag: ${{ github.ref_name }}
|
|
slack-channel: team-eng-qa-devops
|
|
event: ${{ needs.cfpages-deploy.result }}
|
|
url: https://github.com/bitwarden/clients/actions/runs/${{ github.run_id }}
|
|
AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|