mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
[DEVOPS-1517] - Update Server release to pull from Prod ACR (#3169)
* UPDATE: Server release to pull from Prod ACR * UPDATE: condition for DCT setup * UPDATE: attachment Dockerfile to reference server latest * REMOVE: push Server image to DockerHub * FIX: lint error * Minor changes
This commit is contained in:
parent
115ead00d4
commit
0487056afb
129
.github/workflows/release.yml
vendored
129
.github/workflows/release.yml
vendored
@ -15,6 +15,9 @@ on:
|
|||||||
- Redeploy
|
- Redeploy
|
||||||
- Dry Run
|
- Dry Run
|
||||||
|
|
||||||
|
env:
|
||||||
|
_AZ_REGISTRY: 'bitwardenprod.azurecr.io'
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
setup:
|
setup:
|
||||||
name: Setup
|
name: Setup
|
||||||
@ -53,18 +56,17 @@ jobs:
|
|||||||
deploy:
|
deploy:
|
||||||
name: Deploy
|
name: Deploy
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
needs:
|
needs: setup
|
||||||
- setup
|
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
include:
|
include:
|
||||||
- name: Api
|
|
||||||
- name: Admin
|
- name: Admin
|
||||||
|
- name: Api
|
||||||
- name: Billing
|
- name: Billing
|
||||||
- name: Events
|
- name: Events
|
||||||
- name: Sso
|
|
||||||
- name: Identity
|
- name: Identity
|
||||||
|
- name: Sso
|
||||||
steps:
|
steps:
|
||||||
- name: Setup
|
- name: Setup
|
||||||
id: setup
|
id: setup
|
||||||
@ -94,7 +96,7 @@ jobs:
|
|||||||
branch: ${{ needs.setup.outputs.branch-name }}
|
branch: ${{ needs.setup.outputs.branch-name }}
|
||||||
artifacts: ${{ matrix.name }}.zip
|
artifacts: ${{ matrix.name }}.zip
|
||||||
|
|
||||||
- name: Download latest Release ${{ matrix.name }} asset
|
- name: Dry Run - Download latest Release ${{ matrix.name }} asset
|
||||||
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
|
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
|
||||||
uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78
|
uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78
|
||||||
with:
|
with:
|
||||||
@ -173,8 +175,7 @@ jobs:
|
|||||||
release-docker:
|
release-docker:
|
||||||
name: Build Docker images
|
name: Build Docker images
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
needs:
|
needs: setup
|
||||||
- setup
|
|
||||||
env:
|
env:
|
||||||
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
|
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
|
||||||
_BRANCH_NAME: ${{ needs.setup.outputs.branch-name }}
|
_BRANCH_NAME: ${{ needs.setup.outputs.branch-name }}
|
||||||
@ -183,40 +184,21 @@ jobs:
|
|||||||
matrix:
|
matrix:
|
||||||
include:
|
include:
|
||||||
- project_name: Admin
|
- project_name: Admin
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
- project_name: Api
|
- project_name: Api
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
- project_name: Attachments
|
- project_name: Attachments
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
- project_name: Events
|
|
||||||
prod_acr: true
|
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
- project_name: EventsProcessor
|
|
||||||
prod_acr: true
|
|
||||||
origin_docker_repo: bitwardenprod.azurecr.io
|
|
||||||
- project_name: Icons
|
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
prod_acr: true
|
|
||||||
- project_name: Identity
|
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
- project_name: MsSql
|
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
- project_name: Nginx
|
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
- project_name: Notifications
|
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
- project_name: Server
|
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
- project_name: Setup
|
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
- project_name: Sso
|
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
- project_name: Scim
|
|
||||||
origin_docker_repo: bitwarden
|
|
||||||
- project_name: Billing
|
- project_name: Billing
|
||||||
origin_docker_repo: bitwardenprod.azurecr.io
|
- project_name: Events
|
||||||
|
- project_name: EventsProcessor
|
||||||
|
- project_name: Icons
|
||||||
|
- project_name: Identity
|
||||||
|
- project_name: MsSql
|
||||||
- project_name: MsSqlMigratorUtility
|
- project_name: MsSqlMigratorUtility
|
||||||
origin_docker_repo: bitwardenprod.azurecr.io
|
- project_name: Nginx
|
||||||
|
- project_name: Notifications
|
||||||
|
- project_name: Scim
|
||||||
|
- project_name: Server
|
||||||
|
- project_name: Setup
|
||||||
|
- project_name: Sso
|
||||||
steps:
|
steps:
|
||||||
- name: Print environment
|
- name: Print environment
|
||||||
env:
|
env:
|
||||||
@ -239,51 +221,6 @@ jobs:
|
|||||||
echo "PROJECT_NAME: $PROJECT_NAME"
|
echo "PROJECT_NAME: $PROJECT_NAME"
|
||||||
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT
|
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
########## DockerHub ##########
|
|
||||||
- name: Setup DCT
|
|
||||||
id: setup-dct
|
|
||||||
if: matrix.origin_docker_repo == 'bitwarden'
|
|
||||||
uses: bitwarden/gh-actions/setup-docker-trust@f096207b7a2f31723165aee6ad03e91716686e78
|
|
||||||
with:
|
|
||||||
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
|
||||||
azure-keyvault-name: "bitwarden-ci"
|
|
||||||
|
|
||||||
- name: Pull latest project image
|
|
||||||
if: matrix.origin_docker_repo == 'bitwarden'
|
|
||||||
env:
|
|
||||||
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
|
|
||||||
run: |
|
|
||||||
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
|
|
||||||
docker pull bitwarden/$PROJECT_NAME:latest
|
|
||||||
else
|
|
||||||
docker pull bitwarden/$PROJECT_NAME:$_BRANCH_NAME
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Tag version and latest
|
|
||||||
if: matrix.origin_docker_repo == 'bitwarden'
|
|
||||||
env:
|
|
||||||
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
|
|
||||||
run: |
|
|
||||||
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
|
|
||||||
docker tag bitwarden/$PROJECT_NAME:latest bitwarden/$PROJECT_NAME:dryrun
|
|
||||||
else
|
|
||||||
docker tag bitwarden/$PROJECT_NAME:$_BRANCH_NAME bitwarden/$PROJECT_NAME:$_RELEASE_VERSION
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Push version and latest image
|
|
||||||
if: ${{ github.event.inputs.release_type != 'Dry Run' && matrix.origin_docker_repo == 'bitwarden' }}
|
|
||||||
env:
|
|
||||||
DOCKER_CONTENT_TRUST: 1
|
|
||||||
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
|
|
||||||
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
|
|
||||||
run: docker push bitwarden/$PROJECT_NAME:$_RELEASE_VERSION
|
|
||||||
|
|
||||||
- name: Log out of Docker and disable Docker Notary
|
|
||||||
if: matrix.origin_docker_repo == 'bitwarden'
|
|
||||||
run: |
|
|
||||||
docker logout
|
|
||||||
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
########## ACR PROD ##########
|
########## ACR PROD ##########
|
||||||
- name: Login to Azure - PROD Subscription
|
- name: Login to Azure - PROD Subscription
|
||||||
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
||||||
@ -291,41 +228,39 @@ jobs:
|
|||||||
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
||||||
|
|
||||||
- name: Login to Azure ACR
|
- name: Login to Azure ACR
|
||||||
run: az acr login -n bitwardenprod
|
run: az acr login -n $_AZ_REGISTRY --only-show-errors
|
||||||
|
|
||||||
- name: Pull latest project image
|
- name: Pull latest project image
|
||||||
if: matrix.origin_docker_repo == 'bitwardenprod.azurecr.io'
|
|
||||||
env:
|
env:
|
||||||
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
|
||||||
ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }}
|
|
||||||
run: |
|
run: |
|
||||||
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
|
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
|
||||||
docker pull $ORIGIN_REGISTRY/$PROJECT_NAME:dev
|
docker pull $_AZ_REGISTRY/$PROJECT_NAME:latest
|
||||||
else
|
else
|
||||||
docker pull $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME
|
docker pull $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- name: Tag version and latest
|
- name: Tag version and latest
|
||||||
env:
|
env:
|
||||||
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
|
||||||
REGISTRY: bitwardenprod.azurecr.io
|
|
||||||
ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }}
|
|
||||||
run: |
|
run: |
|
||||||
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
|
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
|
||||||
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:dev $REGISTRY/$PROJECT_NAME:dryrun
|
docker tag $_AZ_REGISTRY/$PROJECT_NAME:latest $_AZ_REGISTRY/$PROJECT_NAME:dryrun
|
||||||
else
|
else
|
||||||
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
|
docker tag $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
|
||||||
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:latest
|
docker tag $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$PROJECT_NAME:latest
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- name: Push version and latest image
|
- name: Push version and latest image
|
||||||
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
|
||||||
env:
|
env:
|
||||||
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
|
||||||
REGISTRY: bitwardenprod.azurecr.io
|
|
||||||
run: |
|
run: |
|
||||||
docker push $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
|
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
|
||||||
docker push $REGISTRY/$PROJECT_NAME:latest
|
docker push $_AZ_REGISTRY/$PROJECT_NAME:dryrun
|
||||||
|
else
|
||||||
|
docker push $_AZ_REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
|
||||||
|
docker push $_AZ_REGISTRY/$PROJECT_NAME:latest
|
||||||
|
fi
|
||||||
|
|
||||||
- name: Log out of Docker
|
- name: Log out of Docker
|
||||||
run: docker logout
|
run: docker logout
|
||||||
@ -350,7 +285,7 @@ jobs:
|
|||||||
docker-stub-EU-sha256.txt,
|
docker-stub-EU-sha256.txt,
|
||||||
swagger.json"
|
swagger.json"
|
||||||
|
|
||||||
- name: Download latest Release Docker Stubs
|
- name: Dry Run - Download latest Release Docker Stubs
|
||||||
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
|
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
|
||||||
uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78
|
uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78
|
||||||
with:
|
with:
|
||||||
|
Loading…
Reference in New Issue
Block a user