Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-22 12:15:36 +01:00
Code Issues Projects Releases Wiki Activity

New BTR pipeline model (#1599)

Browse Source 
Splitting out the build artifacts and the docker containers. Making the QA deploy more streamlined with the new build pipeline. Disabling the prod workflow, but keeping it until we fully migrate our deploy processes over to the new flow.
This commit is contained in:
Joseph Flinn 2021-09-24 15:04:14 -07:00 committed by GitHub
parent bccd7eb0ba
commit dac3b3e893
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 259 additions and 291 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

206
.github/workflows/build.yml vendored
View File

@ -12,7 +12,7 @@ on:
jobs: jobs:
cloc: cloc:
name: CLOC name: CLOC
runs-on: ubuntu-latest runs-on: ubuntu-20.04
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
@ -28,7 +28,7 @@ jobs:
testing: testing:
name: Testing name: Testing
runs-on: windows-latest runs-on: windows-2019
steps: steps:
- name: Set up NuGet - name: Set up NuGet
uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1 uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1
@ -73,10 +73,110 @@ jobs:
shell: pwsh shell: pwsh
build: build-artifacts:
name: Build name: Build artifacts
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: testing needs: testing
strategy:
fail-fast: false
matrix:
include:
- service_name: Admin
base_path: ./src
gulp: true
- service_name: Api
base_path: ./src
- service_name: Billing
base_path: ./src
- service_name: Events
base_path: ./src
- service_name: EventsProcessor
base_path: ./src
- service_name: Icons
base_path: ./src
- service_name: Identity
base_path: ./src
- service_name: Notifications
base_path: ./src
- service_name: Portal
base_path: ./bitwarden_license/src
gulp: true
- service_name: Server
base_path: ./util
- service_name: Setup
base_path: ./util
- service_name: Sso
base_path: ./bitwarden_license/src
gulp: true
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
with:
node-version: '14'
- name: Update NPM
run: |
npm install -g npm@7
- name: Print environment
run: |
whoami
dotnet --info
node --version
npm --version
gulp --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Set up Gulp
if: ${{ matrix.gulp }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
npm install -g gulp
- name: Restore/Clean service
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
echo "Restore"
dotnet restore
echo "Clean"
dotnet clean -c "Release" -o obj/build-output/publish
- name: Execute Gulp
if: ${{ matrix.gulp }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
npm install
gulp --gulpfile gulpfile.js build
- name: Publish service
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
echo "Publish"
dotnet publish -c "Release" -o obj/build-output/publish
cd obj/build-output/publish
zip -r ${{ matrix.service_name }}.zip .
mv ${{ matrix.service_name }}.zip ../../../
pwd
ls -atlh ../../../
- name: Upload service artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
with:
name: ${{ matrix.service_name }}.zip
path: ${{ matrix.base_path }}/${{ matrix.service_name }}/obj/build-output/publish
if-no-files-found: error
build-docker:
name: Build Docker images
runs-on: ubuntu-20.04
needs: build-artifacts
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@ -85,11 +185,14 @@ jobs:
base_path: ./src base_path: ./src
docker_repo: bitwarden docker_repo: bitwarden
dotnet: true dotnet: true
gulp: true
- service_name: Api - service_name: Api
base_path: ./src base_path: ./src
docker_repo: bitwarden docker_repo: bitwarden
dotnet: true dotnet: true
- service_name: Billing
base_path: ./src
docker_repo: bitwardenqa.azurecr.io
dotnet: true
- service_name: Attachments - service_name: Attachments
base_path: ./util base_path: ./util
docker_repo: bitwarden docker_repo: bitwarden
@ -126,7 +229,6 @@ jobs:
base_path: ./bitwarden_license/src base_path: ./bitwarden_license/src
docker_repo: bitwarden docker_repo: bitwarden
dotnet: true dotnet: true
gulp: true
- service_name: Server - service_name: Server
base_path: ./util base_path: ./util
docker_repo: bitwarden docker_repo: bitwarden
@ -139,31 +241,10 @@ jobs:
base_path: ./bitwarden_license/src base_path: ./bitwarden_license/src
docker_repo: bitwarden docker_repo: bitwarden
dotnet: true dotnet: true
gulp: true
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
with:
node-version: '14'
- name: Update NPM
run: |
npm install -g npm@7
- name: Print environment
run: |
whoami
dotnet --info
node --version
npm --version
gulp --version
docker --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Login to Azure - Prod Subscription - name: Login to Azure - Prod Subscription
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with: with:
@ -187,25 +268,25 @@ jobs:
- name: Log into Docker - name: Log into Docker
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
env:
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
run: | run: |
if [[ "${{ matrix.docker_repo }}" == "bitwardenqa.azurecr.io" ]]; then if [[ "${{ matrix.docker_repo }}" == "bitwardenqa.azurecr.io" ]]; then
az acr login -n bitwardenqa az acr login -n bitwardenqa
else else
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
fi fi
env:
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
- name: Setup Docker Trust - name: Setup Docker Trust
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
env:
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
run: | run: |
mkdir -p ~/.docker/trust/private mkdir -p ~/.docker/trust/private
echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
env:
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
- name: Setup service name - name: Setup service name
id: setup id: setup
@ -215,68 +296,45 @@ jobs:
echo "SERVICE_NAME: $SERVICE_NAME" echo "SERVICE_NAME: $SERVICE_NAME"
echo "::set-output name=service_name::$SERVICE_NAME" echo "::set-output name=service_name::$SERVICE_NAME"
- name: Set up Gulp - name: Get build artifact
if: ${{ matrix.gulp }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
npm install -g gulp
- name: Restore/Clean service
if: ${{ matrix.dotnet }} if: ${{ matrix.dotnet }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} uses: actions/download-artifact@3be87be14a055c47b01d3bd88f8fe02320a9bb60 # v2.0.10
run: | with:
echo "Restore" name: ${{ matrix.service_name }}.zip
dotnet restore path: ${{ matrix.base_path }}/${{ matrix.service_name }}
echo "Clean"
dotnet clean -c "Release" -o obj/build-output/publish
- name: Execute Gulp
if: ${{ matrix.gulp }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
npm install
gulp --gulpfile gulpfile.js build
- name: Publish service
if: ${{ matrix.dotnet }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
echo "Publish"
dotnet publish -c "Release" -o obj/build-output/publish
cd obj/build-output/publish
zip -r ${{ matrix.service_name }}.zip .
mv ${{ matrix.service_name }}.zip ../../../
- name: Build Docker images - name: Build Docker images
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
run: | run: |
if [ "${{ steps.setup.outputs.service_name }}" = "k8s-proxy" ]; then if [ "${{ matrix.service_name }}" = "K8s-Proxy" ]; then
docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s \
-t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx
else else
docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/${{ matrix.service_name }} docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
${{ matrix.base_path }}/${{ matrix.service_name }}
fi fi
- name: Tag rc - name: Tag rc
if: github.ref == 'refs/heads/rc' if: github.ref == 'refs/heads/rc'
run: | run: |
docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc
- name: Tag dev - name: Tag dev
if: github.ref == 'refs/heads/master' if: github.ref == 'refs/heads/master'
run: | run: |
docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev
- name: List Docker images - name: List Docker images
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
run: docker images run: docker images
- name: Docker Trust setup - name: Docker Trust setup
if: matrix.docker_repo == 'bitwarden' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc')
run: | run: |
if [[ "${{ matrix.docker_repo }}" == "bitwarden" ]]; then
echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}" >> $GITHUB_ENV echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}" >> $GITHUB_ENV
fi
- name: Push rc images - name: Push rc images
if: github.ref == 'refs/heads/rc' if: github.ref == 'refs/heads/rc'
@ -295,8 +353,8 @@ jobs:
upload: upload:
name: Upload name: Upload
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: build needs: build-docker
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

2
.github/workflows/linter.yml vendored
View File

@ -13,7 +13,7 @@ on:
jobs: jobs:
cloc: cloc:
name: CLOC name: CLOC
runs-on: ubuntu-latest runs-on: ubuntu-20.04
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4

24
.github/workflows/prod-deploy.yml vendored
View File

@ -7,14 +7,12 @@ on:
release_tag_name_input: release_tag_name_input:
description: "Release Tag Name <X.X.X>" description: "Release Tag Name <X.X.X>"
required: true required: true
release:
types:
- published
jobs: jobs:
setup: setup:
if: false
name: Setup name: Setup
runs-on: ubuntu-latest runs-on: ubuntu-20.04
outputs: outputs:
package_version: ${{ steps.create_tags.outputs.package_version }} package_version: ${{ steps.create_tags.outputs.package_version }}
tag_version: ${{ steps.create_tags.outputs.tag_version }} tag_version: ${{ steps.create_tags.outputs.tag_version }}
@ -63,7 +61,7 @@ jobs:
deploy-docker: deploy-docker:
name: Tag & push Docker name: Tag & push Docker
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: setup needs: setup
strategy: strategy:
fail-fast: false fail-fast: false
@ -154,7 +152,7 @@ jobs:
build: build:
name: Build name: Build
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: setup needs: setup
strategy: strategy:
fail-fast: false fail-fast: false
@ -257,7 +255,7 @@ jobs:
deploy-identity: deploy-identity:
name: Deploy Identity name: Deploy Identity
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: build needs: build
steps: steps:
- name: Download aritifacts - name: Download aritifacts
@ -289,7 +287,7 @@ jobs:
deploy-api: deploy-api:
name: Deploy API name: Deploy API
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: build needs: build
steps: steps:
- name: Download aritifacts - name: Download aritifacts
@ -321,7 +319,7 @@ jobs:
deploy-billing: deploy-billing:
name: Deploy Billing name: Deploy Billing
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: build needs: build
steps: steps:
- name: Download aritifacts - name: Download aritifacts
@ -353,7 +351,7 @@ jobs:
deploy-events: deploy-events:
name: Deploy Events name: Deploy Events
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: build needs: build
steps: steps:
- name: Download aritifacts - name: Download aritifacts
@ -385,7 +383,7 @@ jobs:
deploy-sso: deploy-sso:
name: Deploy SSO name: Deploy SSO
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: build needs: build
steps: steps:
- name: Download aritifacts - name: Download aritifacts
@ -417,7 +415,7 @@ jobs:
deploy-portal: deploy-portal:
name: Deploy Portal name: Deploy Portal
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: build needs: build
steps: steps:
- name: Download aritifacts - name: Download aritifacts
@ -449,7 +447,7 @@ jobs:
deploy-admin: deploy-admin:
name: Deploy Admin name: Deploy Admin
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: build needs: build
steps: steps:
- name: Download aritifacts - name: Download aritifacts

124
.github/workflows/qa-deploy.yml vendored
View File

@ -12,109 +12,10 @@ on:
default: "false" default: "false"
jobs: jobs:
build:
name: Build
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: Api
base_path: .
- name: Admin
base_path: .
gulp: true
- name: Billing
base_path: .
- name: Events
base_path: .
- name: Notifications
base_path: .
- name: Sso
base_path: ./bitwarden_license
gulp: true
- name: Portal
base_path: ./bitwarden_license
gulp: true
- name: Identity
base_path: .
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
with:
node-version: '14'
- name: Update NPM
run: |
npm install -g npm@7
- name: Print Environment
run: |
dotnet --info
node --version
npm --version
gulp --version
- name: Load env vars
run: |
echo "Base Path: ${BASE_PATH}"
echo "Name: ${NAME}"
env:
BASE_PATH: ${{ matrix.base_path }}
NAME: ${{ matrix.name }}
- name: Build Service
run: |
work_dir=$(pwd)
dir=$BASE_PATH/src/$SERVICE_NAME
cd $dir
echo "Restore"
dotnet restore $SERVICE_NAME.csproj
echo "Clean"
dotnet clean $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish
if [ "$GULP" == "true" ]; then
npm install
npm install gulp
gulp --gulpfile gulpfile.js build
fi
echo "Publish"
dotnet publish $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish
cd obj/build-output/publish
zip -r $SERVICE_NAME.zip .
mv $SERVICE_NAME.zip ../../../
env:
SERVICE_NAME: ${{ matrix.name }}
BASE_PATH: ${{ matrix.base_path }}
GULP: ${{ matrix.gulp }}
- name: Upload build artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
with:
name: ${{ env.SERVICE_NAME }}.zip
path: ${{ env.BASE_PATH }}/src/${{ env.SERVICE_NAME }}/${{ env.SERVICE_NAME }}.zip
env:
BASE_PATH: ${{ matrix.base_path }}
SERVICE_NAME: ${{ matrix.name }}
- name: Test build dir
run: ls $BASE_PATH/src/$SERVICE_NAME
env:
SERVICE_NAME: ${{ matrix.name }}
BASE_PATH: ${{ matrix.base_path }}
reset-db: reset-db:
name: Reset Database name: Reset Database
if: ${{ github.event.inputs.resetDb == 'true' }} if: ${{ github.event.inputs.resetDb == 'true' }}
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: build
steps: steps:
- name: Reset Test Data - Stub - name: Reset Test Data - Stub
run: | run: |
@ -125,8 +26,7 @@ jobs:
update-db: update-db:
name: Update Database name: Update Database
if: ${{ github.event.inputs.migrateDb == 'true' }} if: ${{ github.event.inputs.migrateDb == 'true' }}
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: build
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
@ -161,7 +61,7 @@ jobs:
deploy: deploy:
name: Deploy name: Deploy
runs-on: ubuntu-latest runs-on: ubuntu-20.04
if: always() if: always()
needs: needs:
- reset-db - reset-db
@ -186,9 +86,15 @@ jobs:
echo "NAME_LOWER: $NAME_LOWER" echo "NAME_LOWER: $NAME_LOWER"
echo "::set-output name=name_lower::$NAME_LOWER" echo "::set-output name=name_lower::$NAME_LOWER"
- name: Download aritifacts BRANCH_NAME=$(echo "{{ github.ref }}" | awk '{split($0, a, "/"); print a[3]}')
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 echo "::set-output name=branch_name::$BRANCH_NAME"
- name: Download latest ${{ matrix.name }} asset from ${{ env.branch_name }}
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
with: with:
workflow: build.yml
workflow_conclusion: success
branch: ${{ env.branch_name }}
name: ${{ matrix.name }}.zip name: ${{ matrix.name }}.zip
- name: Login to Azure - name: Login to Azure
@ -201,12 +107,15 @@ jobs:
env: env:
VAULT_NAME: "bitwarden-qa-kv" VAULT_NAME: "bitwarden-qa-kv"
run: | run: |
webapp_name=$(az keyvault secret show --vault-name $VAULT_NAME --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name --query value --output tsv) webapp_name=$(
az keyvault secret show --vault-name $VAULT_NAME \
--name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \
--query value --output tsv
)
echo "::add-mask::$webapp_name" echo "::add-mask::$webapp_name"
echo "::set-output name=webapp-name::$webapp_name" echo "::set-output name=webapp-name::$webapp_name"
- name: Stop App Service - name: Stop App Service
if: false
env: env:
AZURE_RESOURCE_GROUP: "bw-qa-env" AZURE_RESOURCE_GROUP: "bw-qa-env"
run: az webapp stop --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP run: az webapp stop --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP
@ -218,7 +127,6 @@ jobs:
package: ./${{ matrix.name }}.zip package: ./${{ matrix.name }}.zip
- name: Start App Service - name: Start App Service
if: false
env: env:
AZURE_RESOURCE_GROUP: "bw-qa-env" AZURE_RESOURCE_GROUP: "bw-qa-env"
run: az webapp start --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP run: az webapp start --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP

190
.github/workflows/release.yml vendored
View File

@ -3,18 +3,15 @@ name: Release
on: on:
workflow_dispatch: workflow_dispatch:
inputs: inputs: {}
release_tag_name_input:
description: "Release Tag Name <X.X.X>"
required: true
jobs: jobs:
setup: setup:
name: Setup name: Setup
runs-on: ubuntu-latest runs-on: ubuntu-20.04
outputs: outputs:
release_upload_url: ${{ steps.create_release.outputs.upload_url }} release_version: ${{ steps.version.outputs.package }}
tag_version: ${{ steps.create_tags.outputs.tag_version }} tag_version: ${{ steps.version.outputs.tag }}
steps: steps:
- name: Branch check - name: Branch check
run: | run: |
@ -27,102 +24,109 @@ jobs:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Create Release Vars
id: create_tags
run: |
case "${RELEASE_TAG_NAME_INPUT:0:1}" in
v)
echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}"
echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT"
;;
[0-9])
echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT"
echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT"
;;
*)
exit 1
;;
esac
env:
RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
- name: Create Draft Release
id: create_release
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with: with:
tag_name: ${{ env.RELEASE_TAG_NAME }} ref: rc
release_name: Version ${{ env.RELEASE_NAME }}
draft: true - name: Check Release Version
prerelease: false id: version
run: |
version=$( grep -o "<Version>.*</Version>" Directory.Build.props | grep -o "[0-9]*\.[0-9]*\.[0-9]*")
previous_release_tag_version=$(
curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name"
)
if [ "v$version" == "$previous_release_tag_version" ]; then
echo "[!] Already released v$version. Please bump version to continue"
exit 1
fi
echo "::set-output name=package::$version"
echo "::set-output name=tag::v$version"
upload: deploy:
name: Upload name: Deploy
runs-on: ubuntu-latest runs-on: ubuntu-20.04
needs: needs:
- setup - setup
env: strategy:
_TAG_VERSION: ${{ needs.setup.outputs.tag_version }} fail-fast: false
matrix:
include:
- name: Api
- name: Admin
- name: Billing
- name: Events
- name: Sso
- name: Portal
- name: Identity
steps: steps:
- name: Checkout repo - name: Setup
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f id: setup
- name: Restore
run: dotnet tool restore
- name: Make Docker stub
run: | run: |
STUB_OUTPUT=$(pwd)/docker-stub NAME_LOWER=$(echo "${{ matrix.name }}" | awk '{print tolower($0)}')
docker run -i --rm --name setup -v $STUB_OUTPUT:/bitwarden bitwarden/setup:dev \ echo "Matrix name: ${{ matrix.name }}"
dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin echo "NAME_LOWER: $NAME_LOWER"
sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT echo "::set-output name=name_lower::$NAME_LOWER"
rm -rf $STUB_OUTPUT/letsencrypt
rm $STUB_OUTPUT/env/uid.env $STUB_OUTPUT/config.yml
touch $STUB_OUTPUT/env/uid.env
cd docker-stub; zip -r ../docker-stub.zip *; cd ..
- name: Upload Docker stub artifact - name: Download latest RC ${{ matrix.name }} asset
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
with: with:
name: docker-stub.zip workflow: build.yml
path: ./docker-stub.zip workflow_conclusion: success
branch: rc
name: ${{ matrix.name }}.zip
- name: Build Swagger - name: Login to Azure
run: | uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
cd ./src/Api
echo "Restore"
dotnet restore
echo "Clean"
dotnet clean -c "Release" -o obj/build-output/publish
echo "Publish"
dotnet publish -c "Release" -o obj/build-output/publish
dotnet swagger tofile --output ../../swagger.json --host https://api.bitwarden.com \
./obj/build-output/publish/Api.dll public
cd ../..
env:
ASPNETCORE_ENVIRONMENT: Production
swaggerGen: 'True'
- name: Upload Swagger artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
with: with:
name: swagger.json creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
path: ./swagger.json
- name: Upload release assets - name: Retrieve secrets
run: | id: retrieve-secrets
hub release edit \
-a ./swagger.json \
-a ./docker-stub.zip \
-m "" \
$_TAG_VERSION
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} VAULT_NAME: "bitwarden-prod-kv"
run: |
webapp_name=$(
az keyvault secret show --vault-name $VAULT_NAME \
--name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \
--query value --output tsv
)
echo "::add-mask::$webapp_name"
echo "::set-output name=webapp-name::$webapp_name"
- name: Deploy App
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
with:
app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }}
package: ./${{ matrix.name }}.zip
slot: "staging"
release:
name: Create GitHub Release
runs-on: ubuntu-20.04
needs:
- setup
- deploy
steps:
- name: Download latest RC docker-stub
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
with:
workflow: build.yml
workflow_conclusion: success
branch: rc
artifacts: "docker-stub.zip,
swagger.json"
- name: Create release
uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09
with:
artifacts: 'docker-stub.zip,
swagger.json'
commit: ${{ github.sha }}
tag: "${{ needs.setup.outputs.tag_version }}"
name: "Version ${{ needs.setup.outputs.release_version }}"
body: "<insert release notes here>"
token: ${{ secrets.GITHUB_TOKEN }}
draft: true