1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00

[DEVOPS-1517] - Update Server release to pull from Prod ACR (#3169)

* UPDATE: Server release to pull from Prod ACR

* UPDATE: condition for DCT setup

* UPDATE: attachment Dockerfile to reference server latest

* REMOVE: push Server image to DockerHub

* FIX: lint error

* Minor changes
This commit is contained in:
Opeyemi 2023-08-14 15:56:54 +01:00 committed by GitHub
parent 115ead00d4
commit 0487056afb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -15,6 +15,9 @@ on:
- Redeploy - Redeploy
- Dry Run - Dry Run
env:
_AZ_REGISTRY: 'bitwardenprod.azurecr.io'
jobs: jobs:
setup: setup:
name: Setup name: Setup
@ -53,18 +56,17 @@ jobs:
deploy: deploy:
name: Deploy name: Deploy
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: needs: setup
- setup
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
include: include:
- name: Api
- name: Admin - name: Admin
- name: Api
- name: Billing - name: Billing
- name: Events - name: Events
- name: Sso
- name: Identity - name: Identity
- name: Sso
steps: steps:
- name: Setup - name: Setup
id: setup id: setup
@ -94,7 +96,7 @@ jobs:
branch: ${{ needs.setup.outputs.branch-name }} branch: ${{ needs.setup.outputs.branch-name }}
artifacts: ${{ matrix.name }}.zip artifacts: ${{ matrix.name }}.zip
- name: Download latest Release ${{ matrix.name }} asset - name: Dry Run - Download latest Release ${{ matrix.name }} asset
if: ${{ github.event.inputs.release_type == 'Dry Run' }} if: ${{ github.event.inputs.release_type == 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78 uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78
with: with:
@ -173,8 +175,7 @@ jobs:
release-docker: release-docker:
name: Build Docker images name: Build Docker images
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: needs: setup
- setup
env: env:
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
_BRANCH_NAME: ${{ needs.setup.outputs.branch-name }} _BRANCH_NAME: ${{ needs.setup.outputs.branch-name }}
@ -183,40 +184,21 @@ jobs:
matrix: matrix:
include: include:
- project_name: Admin - project_name: Admin
origin_docker_repo: bitwarden
- project_name: Api - project_name: Api
origin_docker_repo: bitwarden
- project_name: Attachments - project_name: Attachments
origin_docker_repo: bitwarden
- project_name: Events
prod_acr: true
origin_docker_repo: bitwarden
- project_name: EventsProcessor
prod_acr: true
origin_docker_repo: bitwardenprod.azurecr.io
- project_name: Icons
origin_docker_repo: bitwarden
prod_acr: true
- project_name: Identity
origin_docker_repo: bitwarden
- project_name: MsSql
origin_docker_repo: bitwarden
- project_name: Nginx
origin_docker_repo: bitwarden
- project_name: Notifications
origin_docker_repo: bitwarden
- project_name: Server
origin_docker_repo: bitwarden
- project_name: Setup
origin_docker_repo: bitwarden
- project_name: Sso
origin_docker_repo: bitwarden
- project_name: Scim
origin_docker_repo: bitwarden
- project_name: Billing - project_name: Billing
origin_docker_repo: bitwardenprod.azurecr.io - project_name: Events
- project_name: EventsProcessor
- project_name: Icons
- project_name: Identity
- project_name: MsSql
- project_name: MsSqlMigratorUtility - project_name: MsSqlMigratorUtility
origin_docker_repo: bitwardenprod.azurecr.io - project_name: Nginx
- project_name: Notifications
- project_name: Scim
- project_name: Server
- project_name: Setup
- project_name: Sso
steps: steps:
- name: Print environment - name: Print environment
env: env:
@ -239,51 +221,6 @@ jobs:
echo "PROJECT_NAME: $PROJECT_NAME" echo "PROJECT_NAME: $PROJECT_NAME"
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT
########## DockerHub ##########
- name: Setup DCT
id: setup-dct
if: matrix.origin_docker_repo == 'bitwarden'
uses: bitwarden/gh-actions/setup-docker-trust@f096207b7a2f31723165aee6ad03e91716686e78
with:
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
azure-keyvault-name: "bitwarden-ci"
- name: Pull latest project image
if: matrix.origin_docker_repo == 'bitwarden'
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker pull bitwarden/$PROJECT_NAME:latest
else
docker pull bitwarden/$PROJECT_NAME:$_BRANCH_NAME
fi
- name: Tag version and latest
if: matrix.origin_docker_repo == 'bitwarden'
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker tag bitwarden/$PROJECT_NAME:latest bitwarden/$PROJECT_NAME:dryrun
else
docker tag bitwarden/$PROJECT_NAME:$_BRANCH_NAME bitwarden/$PROJECT_NAME:$_RELEASE_VERSION
fi
- name: Push version and latest image
if: ${{ github.event.inputs.release_type != 'Dry Run' && matrix.origin_docker_repo == 'bitwarden' }}
env:
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: docker push bitwarden/$PROJECT_NAME:$_RELEASE_VERSION
- name: Log out of Docker and disable Docker Notary
if: matrix.origin_docker_repo == 'bitwarden'
run: |
docker logout
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
########## ACR PROD ########## ########## ACR PROD ##########
- name: Login to Azure - PROD Subscription - name: Login to Azure - PROD Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
@ -291,41 +228,39 @@ jobs:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to Azure ACR - name: Login to Azure ACR
run: az acr login -n bitwardenprod run: az acr login -n $_AZ_REGISTRY --only-show-errors
- name: Pull latest project image - name: Pull latest project image
if: matrix.origin_docker_repo == 'bitwardenprod.azurecr.io'
env: env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }}
run: | run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker pull $ORIGIN_REGISTRY/$PROJECT_NAME:dev docker pull $_AZ_REGISTRY/$PROJECT_NAME:latest
else else
docker pull $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME docker pull $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME
fi fi
- name: Tag version and latest - name: Tag version and latest
env: env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenprod.azurecr.io
ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }}
run: | run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:dev $REGISTRY/$PROJECT_NAME:dryrun docker tag $_AZ_REGISTRY/$PROJECT_NAME:latest $_AZ_REGISTRY/$PROJECT_NAME:dryrun
else else
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION docker tag $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:latest docker tag $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$PROJECT_NAME:latest
fi fi
- name: Push version and latest image - name: Push version and latest image
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
env: env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenprod.azurecr.io
run: | run: |
docker push $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker push $REGISTRY/$PROJECT_NAME:latest docker push $_AZ_REGISTRY/$PROJECT_NAME:dryrun
else
docker push $_AZ_REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
docker push $_AZ_REGISTRY/$PROJECT_NAME:latest
fi
- name: Log out of Docker - name: Log out of Docker
run: docker logout run: docker logout
@ -350,7 +285,7 @@ jobs:
docker-stub-EU-sha256.txt, docker-stub-EU-sha256.txt,
swagger.json" swagger.json"
- name: Download latest Release Docker Stubs - name: Dry Run - Download latest Release Docker Stubs
if: ${{ github.event.inputs.release_type == 'Dry Run' }} if: ${{ github.event.inputs.release_type == 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78 uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78
with: with: