From 0487056afbbc5d2066de09c3c18ad7ff0bf3cca8 Mon Sep 17 00:00:00 2001 From: Opeyemi Date: Mon, 14 Aug 2023 15:56:54 +0100 Subject: [PATCH] [DEVOPS-1517] - Update Server release to pull from Prod ACR (#3169) * UPDATE: Server release to pull from Prod ACR * UPDATE: condition for DCT setup * UPDATE: attachment Dockerfile to reference server latest * REMOVE: push Server image to DockerHub * FIX: lint error * Minor changes --- .github/workflows/release.yml | 129 +++++++++------------------------- 1 file changed, 32 insertions(+), 97 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 843eab9ba..e2ce751bc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,6 +15,9 @@ on: - Redeploy - Dry Run +env: + _AZ_REGISTRY: 'bitwardenprod.azurecr.io' + jobs: setup: name: Setup @@ -53,18 +56,17 @@ jobs: deploy: name: Deploy runs-on: ubuntu-22.04 - needs: - - setup + needs: setup strategy: fail-fast: false matrix: include: - - name: Api - name: Admin + - name: Api - name: Billing - name: Events - - name: Sso - name: Identity + - name: Sso steps: - name: Setup id: setup @@ -94,7 +96,7 @@ jobs: branch: ${{ needs.setup.outputs.branch-name }} artifacts: ${{ matrix.name }}.zip - - name: Download latest Release ${{ matrix.name }} asset + - name: Dry Run - Download latest Release ${{ matrix.name }} asset if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78 with: @@ -173,8 +175,7 @@ jobs: release-docker: name: Build Docker images runs-on: ubuntu-22.04 - needs: - - setup + needs: setup env: _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} _BRANCH_NAME: ${{ needs.setup.outputs.branch-name }} @@ -183,40 +184,21 @@ jobs: matrix: include: - project_name: Admin - origin_docker_repo: bitwarden - project_name: Api - origin_docker_repo: bitwarden - project_name: Attachments - origin_docker_repo: bitwarden - - project_name: Events - prod_acr: true - origin_docker_repo: bitwarden - - project_name: EventsProcessor - prod_acr: true - origin_docker_repo: bitwardenprod.azurecr.io - - project_name: Icons - origin_docker_repo: bitwarden - prod_acr: true - - project_name: Identity - origin_docker_repo: bitwarden - - project_name: MsSql - origin_docker_repo: bitwarden - - project_name: Nginx - origin_docker_repo: bitwarden - - project_name: Notifications - origin_docker_repo: bitwarden - - project_name: Server - origin_docker_repo: bitwarden - - project_name: Setup - origin_docker_repo: bitwarden - - project_name: Sso - origin_docker_repo: bitwarden - - project_name: Scim - origin_docker_repo: bitwarden - project_name: Billing - origin_docker_repo: bitwardenprod.azurecr.io + - project_name: Events + - project_name: EventsProcessor + - project_name: Icons + - project_name: Identity + - project_name: MsSql - project_name: MsSqlMigratorUtility - origin_docker_repo: bitwardenprod.azurecr.io + - project_name: Nginx + - project_name: Notifications + - project_name: Scim + - project_name: Server + - project_name: Setup + - project_name: Sso steps: - name: Print environment env: @@ -239,51 +221,6 @@ jobs: echo "PROJECT_NAME: $PROJECT_NAME" echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT - ########## DockerHub ########## - - name: Setup DCT - id: setup-dct - if: matrix.origin_docker_repo == 'bitwarden' - uses: bitwarden/gh-actions/setup-docker-trust@f096207b7a2f31723165aee6ad03e91716686e78 - with: - azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - azure-keyvault-name: "bitwarden-ci" - - - name: Pull latest project image - if: matrix.origin_docker_repo == 'bitwarden' - env: - PROJECT_NAME: ${{ steps.setup.outputs.project_name }} - run: | - if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then - docker pull bitwarden/$PROJECT_NAME:latest - else - docker pull bitwarden/$PROJECT_NAME:$_BRANCH_NAME - fi - - - name: Tag version and latest - if: matrix.origin_docker_repo == 'bitwarden' - env: - PROJECT_NAME: ${{ steps.setup.outputs.project_name }} - run: | - if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then - docker tag bitwarden/$PROJECT_NAME:latest bitwarden/$PROJECT_NAME:dryrun - else - docker tag bitwarden/$PROJECT_NAME:$_BRANCH_NAME bitwarden/$PROJECT_NAME:$_RELEASE_VERSION - fi - - - name: Push version and latest image - if: ${{ github.event.inputs.release_type != 'Dry Run' && matrix.origin_docker_repo == 'bitwarden' }} - env: - DOCKER_CONTENT_TRUST: 1 - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} - PROJECT_NAME: ${{ steps.setup.outputs.project_name }} - run: docker push bitwarden/$PROJECT_NAME:$_RELEASE_VERSION - - - name: Log out of Docker and disable Docker Notary - if: matrix.origin_docker_repo == 'bitwarden' - run: | - docker logout - echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV - ########## ACR PROD ########## - name: Login to Azure - PROD Subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 @@ -291,41 +228,39 @@ jobs: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Login to Azure ACR - run: az acr login -n bitwardenprod + run: az acr login -n $_AZ_REGISTRY --only-show-errors - name: Pull latest project image - if: matrix.origin_docker_repo == 'bitwardenprod.azurecr.io' env: PROJECT_NAME: ${{ steps.setup.outputs.project_name }} - ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }} run: | if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then - docker pull $ORIGIN_REGISTRY/$PROJECT_NAME:dev + docker pull $_AZ_REGISTRY/$PROJECT_NAME:latest else - docker pull $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME + docker pull $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME fi - name: Tag version and latest env: PROJECT_NAME: ${{ steps.setup.outputs.project_name }} - REGISTRY: bitwardenprod.azurecr.io - ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }} run: | if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then - docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:dev $REGISTRY/$PROJECT_NAME:dryrun + docker tag $_AZ_REGISTRY/$PROJECT_NAME:latest $_AZ_REGISTRY/$PROJECT_NAME:dryrun else - docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION - docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:latest + docker tag $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION + docker tag $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$PROJECT_NAME:latest fi - name: Push version and latest image - if: ${{ github.event.inputs.release_type != 'Dry Run' }} env: PROJECT_NAME: ${{ steps.setup.outputs.project_name }} - REGISTRY: bitwardenprod.azurecr.io run: | - docker push $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION - docker push $REGISTRY/$PROJECT_NAME:latest + if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then + docker push $_AZ_REGISTRY/$PROJECT_NAME:dryrun + else + docker push $_AZ_REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION + docker push $_AZ_REGISTRY/$PROJECT_NAME:latest + fi - name: Log out of Docker run: docker logout @@ -350,7 +285,7 @@ jobs: docker-stub-EU-sha256.txt, swagger.json" - - name: Download latest Release Docker Stubs + - name: Dry Run - Download latest Release Docker Stubs if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78 with: