mirror of
https://github.com/bitwarden/browser.git
synced 2024-09-27 04:03:00 +02:00
08aa04beab
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
115 lines
4.7 KiB
YAML
115 lines
4.7 KiB
YAML
---
|
||
name: Staged Rollout Desktop
|
||
|
||
on:
|
||
workflow_dispatch:
|
||
inputs:
|
||
rollout_percentage:
|
||
description: 'Staged Rollout Percentage'
|
||
required: true
|
||
default: '10'
|
||
type: string
|
||
|
||
defaults:
|
||
run:
|
||
shell: bash
|
||
|
||
jobs:
|
||
rollout:
|
||
name: Update Rollout Percentage
|
||
runs-on: ubuntu-22.04
|
||
steps:
|
||
- name: Login to Azure
|
||
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
||
with:
|
||
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||
|
||
- name: Retrieve secrets
|
||
id: retrieve-secrets
|
||
uses: bitwarden/gh-actions/get-keyvault-secrets@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b
|
||
with:
|
||
keyvault: "bitwarden-ci"
|
||
secrets: "aws-electron-access-id,
|
||
aws-electron-access-key,
|
||
aws-electron-bucket-name,
|
||
r2-electron-access-id,
|
||
r2-electron-access-key,
|
||
r2-electron-bucket-name,
|
||
cf-prod-account"
|
||
|
||
- name: Download channel update info files from R2
|
||
env:
|
||
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.r2-electron-access-id }}
|
||
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.r2-electron-access-key }}
|
||
AWS_DEFAULT_REGION: 'us-east-1'
|
||
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.r2-electron-bucket-name }}
|
||
CF_ACCOUNT: ${{ steps.retrieve-secrets.outputs.cf-prod-account }}
|
||
run: |
|
||
aws s3 cp $AWS_S3_BUCKET_NAME/desktop/latest.yml . \
|
||
--quiet \
|
||
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
|
||
aws s3 cp $AWS_S3_BUCKET_NAME/desktop/latest-linux.yml . \
|
||
--quiet \
|
||
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
|
||
aws s3 cp $AWS_S3_BUCKET_NAME/desktop/latest-mac.yml . \
|
||
--quiet \
|
||
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
|
||
|
||
- name: Check new rollout percentage
|
||
env:
|
||
NEW_PCT: ${{ github.event.inputs.rollout_percentage }}
|
||
run: |
|
||
CURRENT_PCT=$(sed -r -n "s/stagingPercentage:\s([0-9]+)/\1/p" latest.yml)
|
||
echo "Current percentage: ${CURRENT_PCT}"
|
||
echo "New percentage: ${NEW_PCT}"
|
||
echo
|
||
if [ "$NEW_PCT" -le "$CURRENT_PCT" ]; then
|
||
echo "New percentage (${NEW_PCT}) must be higher than current percentage (${CURRENT_PCT})!"
|
||
echo
|
||
echo "If you want to pull a staged release because it hasn’t gone well, you must increment the version \
|
||
number higher than your broken release. Because some of your users will be on the broken 1.0.1, \
|
||
releasing a new 1.0.1 would result in them staying on a broken version."
|
||
exit 1
|
||
fi
|
||
|
||
- name: Set staged rollout percentage
|
||
env:
|
||
ROLLOUT_PCT: ${{ github.event.inputs.rollout_percentage }}
|
||
run: |
|
||
sed -i -r "/stagingPercentage/s/[0-9]+/${ROLLOUT_PCT}/" latest.yml
|
||
sed -i -r "/stagingPercentage/s/[0-9]+/${ROLLOUT_PCT}/" latest-linux.yml
|
||
sed -i -r "/stagingPercentage/s/[0-9]+/${ROLLOUT_PCT}/" latest-mac.yml
|
||
|
||
- name: Publish channel update info files to S3
|
||
env:
|
||
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }}
|
||
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }}
|
||
AWS_DEFAULT_REGION: 'us-west-2'
|
||
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.aws-electron-bucket-name }}
|
||
run: |
|
||
aws s3 cp latest.yml $AWS_S3_BUCKET_NAME/desktop/ \
|
||
--acl "public-read"
|
||
|
||
aws s3 cp latest-linux.yml $AWS_S3_BUCKET_NAME/desktop/ \
|
||
--acl "public-read"
|
||
|
||
aws s3 cp latest-mac.yml $AWS_S3_BUCKET_NAME/desktop/ \
|
||
--acl "public-read"
|
||
|
||
- name: Publish channel update info files to R2
|
||
env:
|
||
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.r2-electron-access-id }}
|
||
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.r2-electron-access-key }}
|
||
AWS_DEFAULT_REGION: 'us-east-1'
|
||
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.r2-electron-bucket-name }}
|
||
CF_ACCOUNT: ${{ steps.retrieve-secrets.outputs.cf-prod-account }}
|
||
run: |
|
||
aws s3 cp latest.yml $AWS_S3_BUCKET_NAME/desktop/ \
|
||
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
|
||
|
||
aws s3 cp latest-linux.yml $AWS_S3_BUCKET_NAME/desktop/ \
|
||
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
|
||
|
||
aws s3 cp latest-mac.yml $AWS_S3_BUCKET_NAME/desktop/ \
|
||
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
|