mirror of
https://github.com/bitwarden/server.git
synced 2024-11-21 12:05:42 +01:00
New BTR pipeline model (#1599)
Splitting out the build artifacts and the docker containers. Making the QA deploy more streamlined with the new build pipeline. Disabling the prod workflow, but keeping it until we fully migrate our deploy processes over to the new flow.
This commit is contained in:
parent
bccd7eb0ba
commit
dac3b3e893
210
.github/workflows/build.yml
vendored
210
.github/workflows/build.yml
vendored
@ -12,7 +12,7 @@ on:
|
||||
jobs:
|
||||
cloc:
|
||||
name: CLOC
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
||||
@ -28,7 +28,7 @@ jobs:
|
||||
|
||||
testing:
|
||||
name: Testing
|
||||
runs-on: windows-latest
|
||||
runs-on: windows-2019
|
||||
steps:
|
||||
- name: Set up NuGet
|
||||
uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1
|
||||
@ -73,10 +73,110 @@ jobs:
|
||||
shell: pwsh
|
||||
|
||||
|
||||
build:
|
||||
name: Build
|
||||
runs-on: ubuntu-latest
|
||||
build-artifacts:
|
||||
name: Build artifacts
|
||||
runs-on: ubuntu-20.04
|
||||
needs: testing
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- service_name: Admin
|
||||
base_path: ./src
|
||||
gulp: true
|
||||
- service_name: Api
|
||||
base_path: ./src
|
||||
- service_name: Billing
|
||||
base_path: ./src
|
||||
- service_name: Events
|
||||
base_path: ./src
|
||||
- service_name: EventsProcessor
|
||||
base_path: ./src
|
||||
- service_name: Icons
|
||||
base_path: ./src
|
||||
- service_name: Identity
|
||||
base_path: ./src
|
||||
- service_name: Notifications
|
||||
base_path: ./src
|
||||
- service_name: Portal
|
||||
base_path: ./bitwarden_license/src
|
||||
gulp: true
|
||||
- service_name: Server
|
||||
base_path: ./util
|
||||
- service_name: Setup
|
||||
base_path: ./util
|
||||
- service_name: Sso
|
||||
base_path: ./bitwarden_license/src
|
||||
gulp: true
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
||||
|
||||
- name: Set up Node
|
||||
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
|
||||
with:
|
||||
node-version: '14'
|
||||
|
||||
- name: Update NPM
|
||||
run: |
|
||||
npm install -g npm@7
|
||||
|
||||
- name: Print environment
|
||||
run: |
|
||||
whoami
|
||||
dotnet --info
|
||||
node --version
|
||||
npm --version
|
||||
gulp --version
|
||||
echo "GitHub ref: $GITHUB_REF"
|
||||
echo "GitHub event: $GITHUB_EVENT"
|
||||
|
||||
- name: Set up Gulp
|
||||
if: ${{ matrix.gulp }}
|
||||
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
|
||||
run: |
|
||||
npm install -g gulp
|
||||
|
||||
- name: Restore/Clean service
|
||||
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
|
||||
run: |
|
||||
echo "Restore"
|
||||
dotnet restore
|
||||
echo "Clean"
|
||||
dotnet clean -c "Release" -o obj/build-output/publish
|
||||
|
||||
- name: Execute Gulp
|
||||
if: ${{ matrix.gulp }}
|
||||
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
|
||||
run: |
|
||||
npm install
|
||||
gulp --gulpfile gulpfile.js build
|
||||
|
||||
- name: Publish service
|
||||
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
|
||||
run: |
|
||||
echo "Publish"
|
||||
dotnet publish -c "Release" -o obj/build-output/publish
|
||||
|
||||
cd obj/build-output/publish
|
||||
zip -r ${{ matrix.service_name }}.zip .
|
||||
mv ${{ matrix.service_name }}.zip ../../../
|
||||
|
||||
pwd
|
||||
ls -atlh ../../../
|
||||
|
||||
- name: Upload service artifact
|
||||
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
|
||||
with:
|
||||
name: ${{ matrix.service_name }}.zip
|
||||
path: ${{ matrix.base_path }}/${{ matrix.service_name }}/obj/build-output/publish
|
||||
if-no-files-found: error
|
||||
|
||||
|
||||
build-docker:
|
||||
name: Build Docker images
|
||||
runs-on: ubuntu-20.04
|
||||
needs: build-artifacts
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
@ -85,11 +185,14 @@ jobs:
|
||||
base_path: ./src
|
||||
docker_repo: bitwarden
|
||||
dotnet: true
|
||||
gulp: true
|
||||
- service_name: Api
|
||||
base_path: ./src
|
||||
docker_repo: bitwarden
|
||||
dotnet: true
|
||||
- service_name: Billing
|
||||
base_path: ./src
|
||||
docker_repo: bitwardenqa.azurecr.io
|
||||
dotnet: true
|
||||
- service_name: Attachments
|
||||
base_path: ./util
|
||||
docker_repo: bitwarden
|
||||
@ -126,7 +229,6 @@ jobs:
|
||||
base_path: ./bitwarden_license/src
|
||||
docker_repo: bitwarden
|
||||
dotnet: true
|
||||
gulp: true
|
||||
- service_name: Server
|
||||
base_path: ./util
|
||||
docker_repo: bitwarden
|
||||
@ -139,31 +241,10 @@ jobs:
|
||||
base_path: ./bitwarden_license/src
|
||||
docker_repo: bitwarden
|
||||
dotnet: true
|
||||
gulp: true
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
||||
|
||||
- name: Set up Node
|
||||
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
|
||||
with:
|
||||
node-version: '14'
|
||||
|
||||
- name: Update NPM
|
||||
run: |
|
||||
npm install -g npm@7
|
||||
|
||||
- name: Print environment
|
||||
run: |
|
||||
whoami
|
||||
dotnet --info
|
||||
node --version
|
||||
npm --version
|
||||
gulp --version
|
||||
docker --version
|
||||
echo "GitHub ref: $GITHUB_REF"
|
||||
echo "GitHub event: $GITHUB_EVENT"
|
||||
|
||||
- name: Login to Azure - Prod Subscription
|
||||
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
||||
with:
|
||||
@ -187,25 +268,25 @@ jobs:
|
||||
|
||||
- name: Log into Docker
|
||||
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||
env:
|
||||
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
|
||||
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
|
||||
run: |
|
||||
if [[ "${{ matrix.docker_repo }}" == "bitwardenqa.azurecr.io" ]]; then
|
||||
az acr login -n bitwardenqa
|
||||
else
|
||||
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
|
||||
fi
|
||||
env:
|
||||
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
|
||||
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
|
||||
|
||||
- name: Setup Docker Trust
|
||||
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||
env:
|
||||
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
|
||||
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
|
||||
run: |
|
||||
mkdir -p ~/.docker/trust/private
|
||||
|
||||
echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
|
||||
env:
|
||||
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
|
||||
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
|
||||
|
||||
- name: Setup service name
|
||||
id: setup
|
||||
@ -215,68 +296,45 @@ jobs:
|
||||
echo "SERVICE_NAME: $SERVICE_NAME"
|
||||
echo "::set-output name=service_name::$SERVICE_NAME"
|
||||
|
||||
- name: Set up Gulp
|
||||
if: ${{ matrix.gulp }}
|
||||
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
|
||||
run: |
|
||||
npm install -g gulp
|
||||
|
||||
- name: Restore/Clean service
|
||||
- name: Get build artifact
|
||||
if: ${{ matrix.dotnet }}
|
||||
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
|
||||
run: |
|
||||
echo "Restore"
|
||||
dotnet restore
|
||||
echo "Clean"
|
||||
dotnet clean -c "Release" -o obj/build-output/publish
|
||||
|
||||
- name: Execute Gulp
|
||||
if: ${{ matrix.gulp }}
|
||||
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
|
||||
run: |
|
||||
npm install
|
||||
gulp --gulpfile gulpfile.js build
|
||||
|
||||
- name: Publish service
|
||||
if: ${{ matrix.dotnet }}
|
||||
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
|
||||
run: |
|
||||
echo "Publish"
|
||||
dotnet publish -c "Release" -o obj/build-output/publish
|
||||
|
||||
cd obj/build-output/publish
|
||||
zip -r ${{ matrix.service_name }}.zip .
|
||||
mv ${{ matrix.service_name }}.zip ../../../
|
||||
uses: actions/download-artifact@3be87be14a055c47b01d3bd88f8fe02320a9bb60 # v2.0.10
|
||||
with:
|
||||
name: ${{ matrix.service_name }}.zip
|
||||
path: ${{ matrix.base_path }}/${{ matrix.service_name }}
|
||||
|
||||
- name: Build Docker images
|
||||
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||
run: |
|
||||
if [ "${{ steps.setup.outputs.service_name }}" = "k8s-proxy" ]; then
|
||||
docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx
|
||||
if [ "${{ matrix.service_name }}" = "K8s-Proxy" ]; then
|
||||
docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s \
|
||||
-t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx
|
||||
else
|
||||
docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/${{ matrix.service_name }}
|
||||
docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
|
||||
${{ matrix.base_path }}/${{ matrix.service_name }}
|
||||
fi
|
||||
|
||||
- name: Tag rc
|
||||
if: github.ref == 'refs/heads/rc'
|
||||
run: |
|
||||
docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc
|
||||
docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
|
||||
${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc
|
||||
|
||||
- name: Tag dev
|
||||
if: github.ref == 'refs/heads/master'
|
||||
run: |
|
||||
docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev
|
||||
docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
|
||||
${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev
|
||||
|
||||
- name: List Docker images
|
||||
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||
run: docker images
|
||||
|
||||
- name: Docker Trust setup
|
||||
if: matrix.docker_repo == 'bitwarden' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc')
|
||||
run: |
|
||||
if [[ "${{ matrix.docker_repo }}" == "bitwarden" ]]; then
|
||||
echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
|
||||
echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}" >> $GITHUB_ENV
|
||||
fi
|
||||
echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
|
||||
echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}" >> $GITHUB_ENV
|
||||
|
||||
- name: Push rc images
|
||||
if: github.ref == 'refs/heads/rc'
|
||||
@ -295,8 +353,8 @@ jobs:
|
||||
|
||||
upload:
|
||||
name: Upload
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
runs-on: ubuntu-20.04
|
||||
needs: build-docker
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
||||
|
2
.github/workflows/linter.yml
vendored
2
.github/workflows/linter.yml
vendored
@ -13,7 +13,7 @@ on:
|
||||
jobs:
|
||||
cloc:
|
||||
name: CLOC
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
||||
|
24
.github/workflows/prod-deploy.yml
vendored
24
.github/workflows/prod-deploy.yml
vendored
@ -7,14 +7,12 @@ on:
|
||||
release_tag_name_input:
|
||||
description: "Release Tag Name <X.X.X>"
|
||||
required: true
|
||||
release:
|
||||
types:
|
||||
- published
|
||||
|
||||
jobs:
|
||||
setup:
|
||||
if: false
|
||||
name: Setup
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
outputs:
|
||||
package_version: ${{ steps.create_tags.outputs.package_version }}
|
||||
tag_version: ${{ steps.create_tags.outputs.tag_version }}
|
||||
@ -63,7 +61,7 @@ jobs:
|
||||
|
||||
deploy-docker:
|
||||
name: Tag & push Docker
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs: setup
|
||||
strategy:
|
||||
fail-fast: false
|
||||
@ -154,7 +152,7 @@ jobs:
|
||||
|
||||
build:
|
||||
name: Build
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs: setup
|
||||
strategy:
|
||||
fail-fast: false
|
||||
@ -257,7 +255,7 @@ jobs:
|
||||
|
||||
deploy-identity:
|
||||
name: Deploy Identity
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs: build
|
||||
steps:
|
||||
- name: Download aritifacts
|
||||
@ -289,7 +287,7 @@ jobs:
|
||||
|
||||
deploy-api:
|
||||
name: Deploy API
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs: build
|
||||
steps:
|
||||
- name: Download aritifacts
|
||||
@ -321,7 +319,7 @@ jobs:
|
||||
|
||||
deploy-billing:
|
||||
name: Deploy Billing
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs: build
|
||||
steps:
|
||||
- name: Download aritifacts
|
||||
@ -353,7 +351,7 @@ jobs:
|
||||
|
||||
deploy-events:
|
||||
name: Deploy Events
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs: build
|
||||
steps:
|
||||
- name: Download aritifacts
|
||||
@ -385,7 +383,7 @@ jobs:
|
||||
|
||||
deploy-sso:
|
||||
name: Deploy SSO
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs: build
|
||||
steps:
|
||||
- name: Download aritifacts
|
||||
@ -417,7 +415,7 @@ jobs:
|
||||
|
||||
deploy-portal:
|
||||
name: Deploy Portal
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs: build
|
||||
steps:
|
||||
- name: Download aritifacts
|
||||
@ -449,7 +447,7 @@ jobs:
|
||||
|
||||
deploy-admin:
|
||||
name: Deploy Admin
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
needs: build
|
||||
steps:
|
||||
- name: Download aritifacts
|
||||
|
124
.github/workflows/qa-deploy.yml
vendored
124
.github/workflows/qa-deploy.yml
vendored
@ -12,109 +12,10 @@ on:
|
||||
default: "false"
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Build
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- name: Api
|
||||
base_path: .
|
||||
- name: Admin
|
||||
base_path: .
|
||||
gulp: true
|
||||
- name: Billing
|
||||
base_path: .
|
||||
- name: Events
|
||||
base_path: .
|
||||
- name: Notifications
|
||||
base_path: .
|
||||
- name: Sso
|
||||
base_path: ./bitwarden_license
|
||||
gulp: true
|
||||
- name: Portal
|
||||
base_path: ./bitwarden_license
|
||||
gulp: true
|
||||
- name: Identity
|
||||
base_path: .
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
||||
|
||||
- name: Set up Node
|
||||
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
|
||||
with:
|
||||
node-version: '14'
|
||||
|
||||
- name: Update NPM
|
||||
run: |
|
||||
npm install -g npm@7
|
||||
|
||||
- name: Print Environment
|
||||
run: |
|
||||
dotnet --info
|
||||
node --version
|
||||
npm --version
|
||||
gulp --version
|
||||
|
||||
- name: Load env vars
|
||||
run: |
|
||||
echo "Base Path: ${BASE_PATH}"
|
||||
echo "Name: ${NAME}"
|
||||
env:
|
||||
BASE_PATH: ${{ matrix.base_path }}
|
||||
NAME: ${{ matrix.name }}
|
||||
|
||||
- name: Build Service
|
||||
run: |
|
||||
work_dir=$(pwd)
|
||||
dir=$BASE_PATH/src/$SERVICE_NAME
|
||||
|
||||
cd $dir
|
||||
echo "Restore"
|
||||
dotnet restore $SERVICE_NAME.csproj
|
||||
echo "Clean"
|
||||
dotnet clean $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish
|
||||
|
||||
if [ "$GULP" == "true" ]; then
|
||||
npm install
|
||||
npm install gulp
|
||||
gulp --gulpfile gulpfile.js build
|
||||
fi
|
||||
|
||||
echo "Publish"
|
||||
dotnet publish $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish
|
||||
|
||||
cd obj/build-output/publish
|
||||
zip -r $SERVICE_NAME.zip .
|
||||
mv $SERVICE_NAME.zip ../../../
|
||||
env:
|
||||
SERVICE_NAME: ${{ matrix.name }}
|
||||
BASE_PATH: ${{ matrix.base_path }}
|
||||
GULP: ${{ matrix.gulp }}
|
||||
|
||||
- name: Upload build artifact
|
||||
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
|
||||
with:
|
||||
name: ${{ env.SERVICE_NAME }}.zip
|
||||
path: ${{ env.BASE_PATH }}/src/${{ env.SERVICE_NAME }}/${{ env.SERVICE_NAME }}.zip
|
||||
env:
|
||||
BASE_PATH: ${{ matrix.base_path }}
|
||||
SERVICE_NAME: ${{ matrix.name }}
|
||||
|
||||
- name: Test build dir
|
||||
run: ls $BASE_PATH/src/$SERVICE_NAME
|
||||
env:
|
||||
SERVICE_NAME: ${{ matrix.name }}
|
||||
BASE_PATH: ${{ matrix.base_path }}
|
||||
|
||||
|
||||
reset-db:
|
||||
name: Reset Database
|
||||
if: ${{ github.event.inputs.resetDb == 'true' }}
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
- name: Reset Test Data - Stub
|
||||
run: |
|
||||
@ -125,8 +26,7 @@ jobs:
|
||||
update-db:
|
||||
name: Update Database
|
||||
if: ${{ github.event.inputs.migrateDb == 'true' }}
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
||||
@ -161,7 +61,7 @@ jobs:
|
||||
|
||||
deploy:
|
||||
name: Deploy
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
if: always()
|
||||
needs:
|
||||
- reset-db
|
||||
@ -186,9 +86,15 @@ jobs:
|
||||
echo "NAME_LOWER: $NAME_LOWER"
|
||||
echo "::set-output name=name_lower::$NAME_LOWER"
|
||||
|
||||
- name: Download aritifacts
|
||||
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
|
||||
BRANCH_NAME=$(echo "{{ github.ref }}" | awk '{split($0, a, "/"); print a[3]}')
|
||||
echo "::set-output name=branch_name::$BRANCH_NAME"
|
||||
|
||||
- name: Download latest ${{ matrix.name }} asset from ${{ env.branch_name }}
|
||||
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
|
||||
with:
|
||||
workflow: build.yml
|
||||
workflow_conclusion: success
|
||||
branch: ${{ env.branch_name }}
|
||||
name: ${{ matrix.name }}.zip
|
||||
|
||||
- name: Login to Azure
|
||||
@ -201,12 +107,15 @@ jobs:
|
||||
env:
|
||||
VAULT_NAME: "bitwarden-qa-kv"
|
||||
run: |
|
||||
webapp_name=$(az keyvault secret show --vault-name $VAULT_NAME --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name --query value --output tsv)
|
||||
webapp_name=$(
|
||||
az keyvault secret show --vault-name $VAULT_NAME \
|
||||
--name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \
|
||||
--query value --output tsv
|
||||
)
|
||||
echo "::add-mask::$webapp_name"
|
||||
echo "::set-output name=webapp-name::$webapp_name"
|
||||
|
||||
- name: Stop App Service
|
||||
if: false
|
||||
env:
|
||||
AZURE_RESOURCE_GROUP: "bw-qa-env"
|
||||
run: az webapp stop --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP
|
||||
@ -218,7 +127,6 @@ jobs:
|
||||
package: ./${{ matrix.name }}.zip
|
||||
|
||||
- name: Start App Service
|
||||
if: false
|
||||
env:
|
||||
AZURE_RESOURCE_GROUP: "bw-qa-env"
|
||||
run: az webapp start --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP
|
||||
|
190
.github/workflows/release.yml
vendored
190
.github/workflows/release.yml
vendored
@ -3,18 +3,15 @@ name: Release
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
release_tag_name_input:
|
||||
description: "Release Tag Name <X.X.X>"
|
||||
required: true
|
||||
inputs: {}
|
||||
|
||||
jobs:
|
||||
setup:
|
||||
name: Setup
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
outputs:
|
||||
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||
tag_version: ${{ steps.create_tags.outputs.tag_version }}
|
||||
release_version: ${{ steps.version.outputs.package }}
|
||||
tag_version: ${{ steps.version.outputs.tag }}
|
||||
steps:
|
||||
- name: Branch check
|
||||
run: |
|
||||
@ -27,102 +24,109 @@ jobs:
|
||||
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
||||
|
||||
- name: Create Release Vars
|
||||
id: create_tags
|
||||
run: |
|
||||
case "${RELEASE_TAG_NAME_INPUT:0:1}" in
|
||||
v)
|
||||
echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
|
||||
echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
||||
echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}"
|
||||
echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT"
|
||||
;;
|
||||
[0-9])
|
||||
echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
||||
echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
||||
echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT"
|
||||
echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT"
|
||||
;;
|
||||
*)
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
env:
|
||||
RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
|
||||
|
||||
- name: Create Draft Release
|
||||
id: create_release
|
||||
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
tag_name: ${{ env.RELEASE_TAG_NAME }}
|
||||
release_name: Version ${{ env.RELEASE_NAME }}
|
||||
draft: true
|
||||
prerelease: false
|
||||
ref: rc
|
||||
|
||||
- name: Check Release Version
|
||||
id: version
|
||||
run: |
|
||||
version=$( grep -o "<Version>.*</Version>" Directory.Build.props | grep -o "[0-9]*\.[0-9]*\.[0-9]*")
|
||||
previous_release_tag_version=$(
|
||||
curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name"
|
||||
)
|
||||
|
||||
if [ "v$version" == "$previous_release_tag_version" ]; then
|
||||
echo "[!] Already released v$version. Please bump version to continue"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "::set-output name=package::$version"
|
||||
echo "::set-output name=tag::v$version"
|
||||
|
||||
|
||||
upload:
|
||||
name: Upload
|
||||
runs-on: ubuntu-latest
|
||||
deploy:
|
||||
name: Deploy
|
||||
runs-on: ubuntu-20.04
|
||||
needs:
|
||||
- setup
|
||||
env:
|
||||
_TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- name: Api
|
||||
- name: Admin
|
||||
- name: Billing
|
||||
- name: Events
|
||||
- name: Sso
|
||||
- name: Portal
|
||||
- name: Identity
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
||||
|
||||
- name: Restore
|
||||
run: dotnet tool restore
|
||||
|
||||
- name: Make Docker stub
|
||||
- name: Setup
|
||||
id: setup
|
||||
run: |
|
||||
STUB_OUTPUT=$(pwd)/docker-stub
|
||||
docker run -i --rm --name setup -v $STUB_OUTPUT:/bitwarden bitwarden/setup:dev \
|
||||
dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin
|
||||
sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT
|
||||
rm -rf $STUB_OUTPUT/letsencrypt
|
||||
rm $STUB_OUTPUT/env/uid.env $STUB_OUTPUT/config.yml
|
||||
touch $STUB_OUTPUT/env/uid.env
|
||||
cd docker-stub; zip -r ../docker-stub.zip *; cd ..
|
||||
NAME_LOWER=$(echo "${{ matrix.name }}" | awk '{print tolower($0)}')
|
||||
echo "Matrix name: ${{ matrix.name }}"
|
||||
echo "NAME_LOWER: $NAME_LOWER"
|
||||
echo "::set-output name=name_lower::$NAME_LOWER"
|
||||
|
||||
- name: Upload Docker stub artifact
|
||||
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
|
||||
- name: Download latest RC ${{ matrix.name }} asset
|
||||
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
|
||||
with:
|
||||
name: docker-stub.zip
|
||||
path: ./docker-stub.zip
|
||||
workflow: build.yml
|
||||
workflow_conclusion: success
|
||||
branch: rc
|
||||
name: ${{ matrix.name }}.zip
|
||||
|
||||
- name: Build Swagger
|
||||
run: |
|
||||
cd ./src/Api
|
||||
echo "Restore"
|
||||
dotnet restore
|
||||
echo "Clean"
|
||||
dotnet clean -c "Release" -o obj/build-output/publish
|
||||
echo "Publish"
|
||||
dotnet publish -c "Release" -o obj/build-output/publish
|
||||
|
||||
dotnet swagger tofile --output ../../swagger.json --host https://api.bitwarden.com \
|
||||
./obj/build-output/publish/Api.dll public
|
||||
cd ../..
|
||||
env:
|
||||
ASPNETCORE_ENVIRONMENT: Production
|
||||
swaggerGen: 'True'
|
||||
|
||||
- name: Upload Swagger artifact
|
||||
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
|
||||
- name: Login to Azure
|
||||
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
||||
with:
|
||||
name: swagger.json
|
||||
path: ./swagger.json
|
||||
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
||||
|
||||
- name: Upload release assets
|
||||
run: |
|
||||
hub release edit \
|
||||
-a ./swagger.json \
|
||||
-a ./docker-stub.zip \
|
||||
-m "" \
|
||||
$_TAG_VERSION
|
||||
- name: Retrieve secrets
|
||||
id: retrieve-secrets
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
VAULT_NAME: "bitwarden-prod-kv"
|
||||
run: |
|
||||
webapp_name=$(
|
||||
az keyvault secret show --vault-name $VAULT_NAME \
|
||||
--name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \
|
||||
--query value --output tsv
|
||||
)
|
||||
echo "::add-mask::$webapp_name"
|
||||
echo "::set-output name=webapp-name::$webapp_name"
|
||||
|
||||
- name: Deploy App
|
||||
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
|
||||
with:
|
||||
app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }}
|
||||
package: ./${{ matrix.name }}.zip
|
||||
slot: "staging"
|
||||
|
||||
|
||||
release:
|
||||
name: Create GitHub Release
|
||||
runs-on: ubuntu-20.04
|
||||
needs:
|
||||
- setup
|
||||
- deploy
|
||||
steps:
|
||||
- name: Download latest RC docker-stub
|
||||
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
|
||||
with:
|
||||
workflow: build.yml
|
||||
workflow_conclusion: success
|
||||
branch: rc
|
||||
artifacts: "docker-stub.zip,
|
||||
swagger.json"
|
||||
|
||||
- name: Create release
|
||||
uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09
|
||||
with:
|
||||
artifacts: 'docker-stub.zip,
|
||||
swagger.json'
|
||||
commit: ${{ github.sha }}
|
||||
tag: "${{ needs.setup.outputs.tag_version }}"
|
||||
name: "Version ${{ needs.setup.outputs.release_version }}"
|
||||
body: "<insert release notes here>"
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
draft: true
|
||||
|
Loading…
Reference in New Issue
Block a user