Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00
Code Issues Projects Releases Wiki Activity

[DEVOPS-1259]Update pipeline to CI only KV (#2854)

Browse Source 
* Update pipeline to CI only KV
This commit is contained in:
Opeyemi 2023-04-17 14:06:57 +01:00 committed by GitHub
parent 09c1b2e07e
commit 972a500745
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 22 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/build-self-host.yml vendored
View File

@ -61,12 +61,16 @@ jobs:
- name: Login to Azure ACR - name: Login to Azure ACR
run: az acr login -n bitwardenprod run: az acr login -n bitwardenprod
- name: Login to Azure - CI Subscription
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
with:
creds: ${{ secrets. AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve github PAT secrets - name: Retrieve github PAT secrets
id: retrieve-secret-pat id: retrieve-secret-pat
uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
with: with:
keyvault: "bitwarden-prod-kv" keyvault: "bitwarden-ci"
secrets: "github-pat-bitwarden-devops-bot-repo-scope" secrets: "github-pat-bitwarden-devops-bot-repo-scope"
- name: Retrieve secrets - name: Retrieve secrets
@ -74,7 +78,7 @@ jobs:
id: retrieve-secrets id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
with: with:
keyvault: "bitwarden-prod-kv" keyvault: "bitwarden-ci"
secrets: "docker-password, secrets: "docker-password,
docker-username, docker-username,
dct-delegate-2-repo-passphrase, dct-delegate-2-repo-passphrase,
@ -161,18 +165,18 @@ jobs:
exit 1 exit 1
fi fi
- name: Login to Azure - Prod Subscription - name: Login to Azure - CI subscription
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
if: failure() if: failure()
with: with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} creds: ${{ secrets. AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve secrets - name: Retrieve secrets
id: retrieve-secrets id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
if: failure() if: failure()
with: with:
keyvault: "bitwarden-prod-kv" keyvault: "bitwarden-ci"
secrets: "devops-alerts-slack-webhook-url" secrets: "devops-alerts-slack-webhook-url"
- name: Notify Slack on failure - name: Notify Slack on failure

11
.github/workflows/build.yml vendored
View File

@ -280,11 +280,16 @@ jobs:
- name: Login to PROD ACR - name: Login to PROD ACR
run: az acr login -n bitwardenprod run: az acr login -n bitwardenprod
- name: Login to Azure - CI Subscription
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
with:
creds: ${{ secrets. AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve github PAT secrets - name: Retrieve github PAT secrets
id: retrieve-secret-pat id: retrieve-secret-pat
uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
with: with:
keyvault: "bitwarden-prod-kv" keyvault: "bitwarden-ci"
secrets: "github-pat-bitwarden-devops-bot-repo-scope" secrets: "github-pat-bitwarden-devops-bot-repo-scope"
- name: Retrieve secrets - name: Retrieve secrets
@ -292,7 +297,7 @@ jobs:
id: retrieve-secrets id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
with: with:
keyvault: "bitwarden-prod-kv" keyvault: "bitwarden-ci"
secrets: "docker-password, secrets: "docker-password,
docker-username, docker-username,
dct-delegate-2-repo-passphrase, dct-delegate-2-repo-passphrase,
@ -570,7 +575,7 @@ jobs:
uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
if: failure() if: failure()
with: with:
keyvault: "bitwarden-prod-kv" keyvault: "bitwarden-ci"
secrets: "devops-alerts-slack-webhook-url" secrets: "devops-alerts-slack-webhook-url"
- name: Notify Slack on failure - name: Notify Slack on failure

3
.github/workflows/container-registry-purge.yml vendored
View File

@ -65,7 +65,6 @@ jobs:
done done
check-failures: check-failures:
name: Check for failures name: Check for failures
if: always() if: always()
@ -96,7 +95,7 @@ jobs:
uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
if: failure() if: failure()
with: with:
keyvault: "bitwarden-prod-kv" keyvault: "bitwarden-ci"
secrets: "devops-alerts-slack-webhook-url" secrets: "devops-alerts-slack-webhook-url"
- name: Notify Slack on failure - name: Notify Slack on failure

4
.github/workflows/release.yml vendored
View File

@ -111,7 +111,7 @@ jobs:
- name: Retrieve secrets - name: Retrieve secrets
id: retrieve-secrets id: retrieve-secrets
env: env:
VAULT_NAME: "bitwarden-prod-kv" VAULT_NAME: "bitwarden-ci"
run: | run: |
webapp_name=$( webapp_name=$(
az keyvault secret show --vault-name $VAULT_NAME \ az keyvault secret show --vault-name $VAULT_NAME \
@ -239,7 +239,7 @@ jobs:
uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
with: with:
azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
azure-keyvault-name: "bitwarden-prod-kv" azure-keyvault-name: "bitwarden-ci"
- name: Pull latest project image - name: Pull latest project image
if: matrix.origin_docker_repo == 'bitwarden' if: matrix.origin_docker_repo == 'bitwarden'

3
.github/workflows/stop-staging-slots.yml vendored
View File

@ -5,7 +5,6 @@ on:
workflow_dispatch: workflow_dispatch:
inputs: {} inputs: {}
jobs: jobs:
stop-slots: stop-slots:
name: Stop Slots name: Stop Slots
@ -37,7 +36,7 @@ jobs:
- name: Retrieve secrets - name: Retrieve secrets
id: retrieve-secrets id: retrieve-secrets
env: env:
VAULT_NAME: "bitwarden-prod-kv" VAULT_NAME: "bitwarden-ci"
run: | run: |
webapp_name=$( webapp_name=$(
az keyvault secret show --vault-name $VAULT_NAME \ az keyvault secret show --vault-name $VAULT_NAME \

2
.github/workflows/version-bump.yml vendored
View File

@ -25,7 +25,7 @@ jobs:
id: retrieve-secrets id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
with: with:
keyvault: "bitwarden-prod-kv" keyvault: "bitwarden-ci"
secrets: "github-gpg-private-key, github-gpg-private-key-passphrase" secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"
- name: Import GPG key - name: Import GPG key