Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-22 12:15:36 +01:00
Code Issues Projects Releases Wiki Activity

[DEVOPS-1517] - Update Server release to pull from Prod ACR (#3169)

Browse Source 
* UPDATE: Server release to pull from Prod ACR

* UPDATE: condition for DCT setup

* UPDATE: attachment Dockerfile to reference server latest

* REMOVE: push Server image to DockerHub

* FIX: lint error

* Minor changes
This commit is contained in:
Opeyemi 2023-08-14 15:56:54 +01:00 committed by GitHub
parent 115ead00d4
commit 0487056afb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
.github/workflows/release.yml vendored
View File

@ -15,6 +15,9 @@ on:
- Redeploy
- Dry Run
env:
_AZ_REGISTRY: 'bitwardenprod.azurecr.io'
jobs:
setup:
name: Setup
@ -53,18 +56,17 @@ jobs:
deploy:
name: Deploy
runs-on: ubuntu-22.04
needs:
- setup
needs: setup
strategy:
fail-fast: false
matrix:
include:
- name: Api
- name: Admin
- name: Api
- name: Billing
- name: Events
- name: Sso
- name: Identity
- name: Sso
steps:
- name: Setup
id: setup
@ -94,7 +96,7 @@ jobs:
branch: ${{ needs.setup.outputs.branch-name }}
artifacts: ${{ matrix.name }}.zip
- name: Download latest Release ${{ matrix.name }} asset
- name: Dry Run - Download latest Release ${{ matrix.name }} asset
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78
with:
@ -173,8 +175,7 @@ jobs:
release-docker:
name: Build Docker images
runs-on: ubuntu-22.04
needs:
- setup
needs: setup
env:
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
_BRANCH_NAME: ${{ needs.setup.outputs.branch-name }}
@ -183,40 +184,21 @@ jobs:
matrix:
include:
- project_name: Admin
origin_docker_repo: bitwarden
- project_name: Api
origin_docker_repo: bitwarden
- project_name: Attachments
origin_docker_repo: bitwarden
- project_name: Events
prod_acr: true
origin_docker_repo: bitwarden
- project_name: EventsProcessor
prod_acr: true
origin_docker_repo: bitwardenprod.azurecr.io
- project_name: Icons
origin_docker_repo: bitwarden
prod_acr: true
- project_name: Identity
origin_docker_repo: bitwarden
- project_name: MsSql
origin_docker_repo: bitwarden
- project_name: Nginx
origin_docker_repo: bitwarden
- project_name: Notifications
origin_docker_repo: bitwarden
- project_name: Server
origin_docker_repo: bitwarden
- project_name: Setup
origin_docker_repo: bitwarden
- project_name: Sso
origin_docker_repo: bitwarden
- project_name: Scim
origin_docker_repo: bitwarden
- project_name: Billing
origin_docker_repo: bitwardenprod.azurecr.io
- project_name: Events
- project_name: EventsProcessor
- project_name: Icons
- project_name: Identity
- project_name: MsSql
- project_name: MsSqlMigratorUtility
origin_docker_repo: bitwardenprod.azurecr.io
- project_name: Nginx
- project_name: Notifications
- project_name: Scim
- project_name: Server
- project_name: Setup
- project_name: Sso
steps:
- name: Print environment
env:
@ -239,51 +221,6 @@ jobs:
echo "PROJECT_NAME: $PROJECT_NAME"
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT
########## DockerHub ##########
- name: Setup DCT
id: setup-dct
if: matrix.origin_docker_repo == 'bitwarden'
uses: bitwarden/gh-actions/setup-docker-trust@f096207b7a2f31723165aee6ad03e91716686e78
with:
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
azure-keyvault-name: "bitwarden-ci"
- name: Pull latest project image
if: matrix.origin_docker_repo == 'bitwarden'
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker pull bitwarden/$PROJECT_NAME:latest
else
docker pull bitwarden/$PROJECT_NAME:$_BRANCH_NAME
fi
- name: Tag version and latest
if: matrix.origin_docker_repo == 'bitwarden'
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker tag bitwarden/$PROJECT_NAME:latest bitwarden/$PROJECT_NAME:dryrun
else
docker tag bitwarden/$PROJECT_NAME:$_BRANCH_NAME bitwarden/$PROJECT_NAME:$_RELEASE_VERSION
fi
- name: Push version and latest image
if: ${{ github.event.inputs.release_type != 'Dry Run' && matrix.origin_docker_repo == 'bitwarden' }}
env:
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: docker push bitwarden/$PROJECT_NAME:$_RELEASE_VERSION
- name: Log out of Docker and disable Docker Notary
if: matrix.origin_docker_repo == 'bitwarden'
run: |
docker logout
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
########## ACR PROD ##########
- name: Login to Azure - PROD Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
@ -291,41 +228,39 @@ jobs:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to Azure ACR
run: az acr login -n bitwardenprod
run: az acr login -n $_AZ_REGISTRY --only-show-errors
- name: Pull latest project image
if: matrix.origin_docker_repo == 'bitwardenprod.azurecr.io'
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }}
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker pull $ORIGIN_REGISTRY/$PROJECT_NAME:dev
docker pull $_AZ_REGISTRY/$PROJECT_NAME:latest
else
docker pull $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME
docker pull $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME
fi
- name: Tag version and latest
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenprod.azurecr.io
ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }}
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:dev $REGISTRY/$PROJECT_NAME:dryrun
docker tag $_AZ_REGISTRY/$PROJECT_NAME:latest $_AZ_REGISTRY/$PROJECT_NAME:dryrun
else
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:latest
docker tag $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
docker tag $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$PROJECT_NAME:latest
fi
- name: Push version and latest image
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenprod.azurecr.io
run: |
docker push $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
docker push $REGISTRY/$PROJECT_NAME:latest
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker push $_AZ_REGISTRY/$PROJECT_NAME:dryrun
else
docker push $_AZ_REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
docker push $_AZ_REGISTRY/$PROJECT_NAME:latest
fi
- name: Log out of Docker
run: docker logout
@ -350,7 +285,7 @@ jobs:
docker-stub-EU-sha256.txt,
swagger.json"
- name: Download latest Release Docker Stubs
- name: Dry Run - Download latest Release Docker Stubs
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78
with: