Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-28 13:15:12 +01:00
Code Issues Projects Releases Wiki Activity

[DEVOPS-1516] - Update server build workflow to push images to ACR (#3157)

Browse Source 
* Update server build workflow to push images to ACR

* UPDATE: Remove docker_repos matrix variable

* FIX: make docker push command one-liner

* UODATE: revert attachment image source

* UPDATE: add suggestion and update tags in docker build

* UPDATE: docker build tags

* UPDATE: master branch tag to latest

* ADD: push server image to dockerhub

* ADD: sugesstions

* ADD: ACR var name change and usages

* Minor updates

* Fix syntax error

* UPDATE: use ACR var for image name step

---------

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
This commit is contained in:
Opeyemi 2023-08-10 18:41:56 +01:00 committed by GitHub
parent d4bcaf10ff
commit 0c76969506
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 45 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
.github/workflows/build.yml vendored
View File

@ -10,6 +10,10 @@ on:
- ".github/workflows/**" - ".github/workflows/**"
workflow_dispatch: workflow_dispatch:
env:
_AZ_REGISTRY: 'bitwardenprod.azurecr.io'
jobs: jobs:
cloc: cloc:
name: CLOC name: CLOC
@ -114,8 +118,14 @@ jobs:
base_path: ./src base_path: ./src
- project_name: Identity - project_name: Identity
base_path: ./src base_path: ./src
- project_name: MsSqlMigratorUtility
base_path: ./util
dotnet: true
- project_name: Notifications - project_name: Notifications
base_path: ./src base_path: ./src
- project_name: Scim
base_path: ./bitwarden_license/src
dotnet: true
- project_name: Server - project_name: Server
base_path: ./util base_path: ./util
- project_name: Setup - project_name: Setup
@ -123,12 +133,6 @@ jobs:
- project_name: Sso - project_name: Sso
base_path: ./bitwarden_license/src base_path: ./bitwarden_license/src
node: true node: true
- project_name: Scim
base_path: ./bitwarden_license/src
dotnet: true
- project_name: MsSqlMigratorUtility
base_path: ./util
dotnet: true
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@ -194,64 +198,48 @@ jobs:
include: include:
- project_name: Admin - project_name: Admin
base_path: ./src base_path: ./src
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
dotnet: true dotnet: true
- project_name: Api - project_name: Api
base_path: ./src base_path: ./src
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
dotnet: true dotnet: true
- project_name: Attachments - project_name: Attachments
base_path: ./util base_path: ./util
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io] - project_name: Billing
base_path: ./src
dotnet: true
- project_name: Events - project_name: Events
base_path: ./src base_path: ./src
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
dotnet: true dotnet: true
- project_name: EventsProcessor - project_name: EventsProcessor
base_path: ./src base_path: ./src
docker_repos: [bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
dotnet: true dotnet: true
- project_name: Icons - project_name: Icons
base_path: ./src base_path: ./src
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
dotnet: true dotnet: true
- project_name: Identity - project_name: Identity
base_path: ./src base_path: ./src
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
dotnet: true dotnet: true
- project_name: MsSql - project_name: MsSql
base_path: ./util base_path: ./util
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io] - project_name: MsSqlMigratorUtility
base_path: ./util
dotnet: true
- project_name: Nginx - project_name: Nginx
base_path: ./util base_path: ./util
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
- project_name: Notifications - project_name: Notifications
base_path: ./src base_path: ./src
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
dotnet: true
- project_name: Server
base_path: ./util
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
dotnet: true
- project_name: Setup
base_path: ./util
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
dotnet: true
- project_name: Sso
base_path: ./bitwarden_license/src
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
dotnet: true dotnet: true
- project_name: Scim - project_name: Scim
base_path: ./bitwarden_license/src base_path: ./bitwarden_license/src
docker_repos: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
dotnet: true dotnet: true
- project_name: Billing - project_name: Server
base_path: ./src
docker_repos: [bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
dotnet: true
- project_name: MsSqlMigratorUtility
base_path: ./util base_path: ./util
docker_repos: [bitwardenprod.azurecr.io, bitwardenqa.azurecr.io] dotnet: true
- project_name: Setup
base_path: ./util
dotnet: true
- project_name: Sso
base_path: ./bitwarden_license/src
dotnet: true dotnet: true
steps: steps:
- name: Checkout repo - name: Checkout repo
@ -271,14 +259,6 @@ jobs:
fi fi
########## ACRs ########## ########## ACRs ##########
- name: Login to Azure - QA Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
- name: Login to QA ACR
run: az acr login -n bitwardenqa
- name: Login to Azure - PROD Subscription - name: Login to Azure - PROD Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
@ -299,31 +279,6 @@ jobs:
keyvault: "bitwarden-ci" keyvault: "bitwarden-ci"
secrets: "github-pat-bitwarden-devops-bot-repo-scope" secrets: "github-pat-bitwarden-devops-bot-repo-scope"
- name: Retrieve secrets
if: ${{ env.is_publish_branch == 'true' }}
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@f096207b7a2f31723165aee6ad03e91716686e78
with:
keyvault: "bitwarden-ci"
secrets: "docker-password,
docker-username,
dct-delegate-2-repo-passphrase,
dct-delegate-2-key"
- name: Log into Docker
if: ${{ env.is_publish_branch == 'true' }}
env:
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
- name: Setup Docker Content Trust (DCT)
if: ${{ env.is_publish_branch == 'true' }}
uses: bitwarden/gh-actions/setup-docker-trust@f096207b7a2f31723165aee6ad03e91716686e78
with:
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
azure-keyvault-name: "bitwarden-ci"
########## Generate image tag and build Docker image ########## ########## Generate image tag and build Docker image ##########
- name: Generate Docker image tag - name: Generate Docker image tag
id: tag id: tag
@ -342,12 +297,12 @@ jobs:
echo "PROJECT_NAME: $PROJECT_NAME" echo "PROJECT_NAME: $PROJECT_NAME"
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT
- name: Generate tag list - name: Generate image full name
id: tag-list id: image-name
env: env:
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }} IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: echo "tags=bitwardenqa.azurecr.io/${PROJECT_NAME}:${IMAGE_TAG},bitwardenprod.azurecr.io/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT run: echo "name=${_AZ_REGISTRY}/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
- name: Get build artifact - name: Get build artifact
if: ${{ matrix.dotnet }} if: ${{ matrix.dotnet }}
@ -369,29 +324,23 @@ jobs:
file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile
platforms: linux/amd64 platforms: linux/amd64
push: true push: true
tags: ${{ steps.tag-list.outputs.tags }} tags: ${{ steps.image-name.outputs.name }}
secrets: | secrets: |
"GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}" "GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}"
- name: Push to DockerHub
if: contains(matrix.docker_repos, 'bitwarden') && env.is_publish_branch == 'true'
env:
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: |
docker tag bitwardenprod.azurecr.io/$PROJECT_NAME:$IMAGE_TAG bitwarden/$PROJECT_NAME:$IMAGE_TAG
docker push bitwarden/$PROJECT_NAME:$IMAGE_TAG
- name: Log out of Docker
run: |
docker logout
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
upload: upload:
name: Upload name: Upload
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: build-docker needs: build-docker
steps: steps:
- name: Login to Azure - PROD Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to PROD ACR
run: az acr login -n $_AZ_REGISTRY --only-show-errors
- name: Set up dotnet - name: Set up dotnet
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
with: with:
@ -409,12 +358,12 @@ jobs:
github.ref == 'refs/heads/hotfix-rc' github.ref == 'refs/heads/hotfix-rc'
run: | run: |
# Set proper image based on branch # Set proper image based on branch
if [[ "${{ github.ref }}" == "rc" ]]; then if [[ "${{ github.ref }}" == "master" ]]; then
SETUP_IMAGE="bitwarden/setup:rc" SETUP_IMAGE="$_AZ_REGISTRY/setup:dev"
elif [[ "${{ github.ref }}" == "rc" ]]; then
SETUP_IMAGE="$_AZ_REGISTRY/setup:rc"
elif [[ "${{ github.ref }}" == "hotfix-rc" ]]; then elif [[ "${{ github.ref }}" == "hotfix-rc" ]]; then
SETUP_IMAGE="bitwarden/setup:hotfix-rc" SETUP_IMAGE="$_AZ_REGISTRY/setup:hotfix-rc"
else
SETUP_IMAGE="bitwarden/setup:dev"
fi fi
STUB_OUTPUT=$(pwd)/docker-stub STUB_OUTPUT=$(pwd)/docker-stub
@ -508,8 +457,7 @@ jobs:
build-mssqlmigratorutility: build-mssqlmigratorutility:
name: Build MsSqlMigratorUtility name: Build MsSqlMigratorUtility
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: needs: lint
- lint
defaults: defaults:
run: run:
shell: bash shell: bash
@ -521,7 +469,6 @@ jobs:
- osx-x64 - osx-x64
- linux-x64 - linux-x64
- win-x64 - win-x64
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
@ -539,7 +486,9 @@ jobs:
dotnet restore dotnet restore
- name: Publish project - name: Publish project
run: dotnet publish -c "Release" -o obj/build-output/publish -r ${{ matrix.target }} -p:PublishSingleFile=true -p:IncludeNativeLibrariesForSelfExtract=true --self-contained true run: |
dotnet publish -c "Release" -o obj/build-output/publish -r ${{ matrix.target }} -p:PublishSingleFile=true \
-p:IncludeNativeLibrariesForSelfExtract=true --self-contained true
- name: Upload project artifact Windows - name: Upload project artifact Windows
if: ${{ contains(matrix.target, 'win') == true }} if: ${{ contains(matrix.target, 'win') == true }}

2
util/Attachments/Dockerfile
View File

@ -1,4 +1,4 @@
FROM bitwarden/server:dev FROM bitwardenprod.azurecr.io/server:latest
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"