New BTR pipeline model (#1599)

Splitting out the build artifacts and the docker containers. Making the QA deploy more streamlined with the new build pipeline. Disabling the prod workflow, but keeping it until we fully migrate our deploy processes over to the new flow.
2024-11-22 12:15:36 +01:00 · 2021-09-24 15:04:14 -07:00 · 2021-09-24 15:04:14 -07:00 · dac3b3e893
commit dac3b3e893
parent bccd7eb0ba
5 changed files with 259 additions and 291 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -12,7 +12,7 @@ on:
 jobs:
  cloc:
    name: CLOC
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    steps:
      - name: Checkout repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
@ -28,7 +28,7 @@ jobs:

  testing:
    name: Testing
-    runs-on: windows-latest
+    runs-on: windows-2019
    steps:
      - name: Set up NuGet
        uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1
@ -73,10 +73,110 @@ jobs:
        shell: pwsh


-  build:
-    name: Build
-    runs-on: ubuntu-latest
+  build-artifacts:
+    name: Build artifacts
+    runs-on: ubuntu-20.04
    needs: testing
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - service_name: Admin
+            base_path: ./src
+            gulp: true
+          - service_name: Api
+            base_path: ./src
+          - service_name: Billing
+            base_path: ./src
+          - service_name: Events
+            base_path: ./src
+          - service_name: EventsProcessor
+            base_path: ./src
+          - service_name: Icons
+            base_path: ./src
+          - service_name: Identity
+            base_path: ./src
+          - service_name: Notifications
+            base_path: ./src
+          - service_name: Portal
+            base_path: ./bitwarden_license/src
+            gulp: true
+          - service_name: Server
+            base_path: ./util
+          - service_name: Setup
+            base_path: ./util
+          - service_name: Sso
+            base_path: ./bitwarden_license/src
+            gulp: true
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Set up Node
+        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+        with:
+          node-version: '14'
+
+      - name: Update NPM
+        run: |
+          npm install -g npm@7
+
+      - name: Print environment
+        run: |
+          whoami
+          dotnet --info
+          node --version
+          npm --version
+          gulp --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Set up Gulp
+        if: ${{ matrix.gulp }}
+        working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
+        run: |
+          npm install -g gulp
+
+      - name: Restore/Clean service
+        working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
+        run: |
+          echo "Restore"
+          dotnet restore
+          echo "Clean"
+          dotnet clean -c "Release" -o obj/build-output/publish
+
+      - name: Execute Gulp
+        if: ${{ matrix.gulp }}
+        working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
+        run: |
+          npm install
+          gulp --gulpfile gulpfile.js build
+
+      - name: Publish service
+        working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
+        run: |
+          echo "Publish"
+          dotnet publish -c "Release" -o obj/build-output/publish
+
+          cd obj/build-output/publish
+          zip -r ${{ matrix.service_name }}.zip .
+          mv ${{ matrix.service_name }}.zip ../../../
+
+          pwd
+          ls -atlh ../../../
+
+      - name: Upload service artifact
+        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
+        with:
+          name: ${{ matrix.service_name }}.zip
+          path: ${{ matrix.base_path }}/${{ matrix.service_name }}/obj/build-output/publish
+          if-no-files-found: error
+
+
+  build-docker:
+    name: Build Docker images
+    runs-on: ubuntu-20.04
+    needs: build-artifacts
    strategy:
      fail-fast: false
      matrix:
@ -85,11 +185,14 @@ jobs:
            base_path: ./src
            docker_repo: bitwarden
            dotnet: true
-            gulp: true
          - service_name: Api
            base_path: ./src
            docker_repo: bitwarden
            dotnet: true
+          - service_name: Billing
+            base_path: ./src
+            docker_repo: bitwardenqa.azurecr.io
+            dotnet: true
          - service_name: Attachments
            base_path: ./util
            docker_repo: bitwarden
@ -126,7 +229,6 @@ jobs:
            base_path: ./bitwarden_license/src
            docker_repo: bitwarden
            dotnet: true
-            gulp: true
          - service_name: Server
            base_path: ./util
            docker_repo: bitwarden
@ -139,31 +241,10 @@ jobs:
            base_path: ./bitwarden_license/src
            docker_repo: bitwarden
            dotnet: true
-            gulp: true
    steps:
      - name: Checkout repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

-      - name: Set up Node
-        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
-        with:
-          node-version: '14'
-
-      - name: Update NPM
-        run: |
-          npm install -g npm@7
-
-      - name: Print environment
-        run: |
-          whoami
-          dotnet --info
-          node --version
-          npm --version
-          gulp --version
-          docker --version
-          echo "GitHub ref: $GITHUB_REF"
-          echo "GitHub event: $GITHUB_EVENT"
-
      - name: Login to Azure - Prod Subscription
        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
        with:
@ -187,25 +268,25 @@ jobs:

      - name: Log into Docker
        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
+        env:
+          DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
+          DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
        run: |
          if [[ "${{ matrix.docker_repo }}" == "bitwardenqa.azurecr.io" ]]; then
            az acr login -n bitwardenqa
          else
            echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
          fi
-        env:
-          DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
-          DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}

      - name: Setup Docker Trust
        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
+        env:
+          DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
+          DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
        run: |
          mkdir -p ~/.docker/trust/private

          echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
-        env:
-          DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
-          DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}

      - name: Setup service name
        id: setup
@ -215,68 +296,45 @@ jobs:
          echo "SERVICE_NAME: $SERVICE_NAME"
          echo "::set-output name=service_name::$SERVICE_NAME"

-      - name: Set up Gulp
-        if: ${{ matrix.gulp }}
-        working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
-        run: |
-          npm install -g gulp
-
-      - name: Restore/Clean service
+      - name: Get build artifact
        if: ${{ matrix.dotnet }}
-        working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
-        run: |
-          echo "Restore"
-          dotnet restore
-          echo "Clean"
-          dotnet clean -c "Release" -o obj/build-output/publish
-
-      - name: Execute Gulp
-        if: ${{ matrix.gulp }}
-        working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
-        run: |
-          npm install
-          gulp --gulpfile gulpfile.js build
-
-      - name: Publish service
-        if: ${{ matrix.dotnet }}
-        working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
-        run: |
-          echo "Publish"
-          dotnet publish -c "Release" -o obj/build-output/publish
-
-          cd obj/build-output/publish
-          zip -r ${{ matrix.service_name }}.zip .
-          mv ${{ matrix.service_name }}.zip ../../../
+        uses: actions/download-artifact@3be87be14a055c47b01d3bd88f8fe02320a9bb60  # v2.0.10
+        with:
+          name: ${{ matrix.service_name }}.zip
+          path: ${{ matrix.base_path }}/${{ matrix.service_name }}

      - name: Build Docker images
        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
        run: |
-          if [ "${{ steps.setup.outputs.service_name }}" = "k8s-proxy" ]; then
-            docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx
+          if [ "${{ matrix.service_name }}" = "K8s-Proxy" ]; then
+            docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s \
+              -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx
          else
-            docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/${{ matrix.service_name }}
+            docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
+              ${{ matrix.base_path }}/${{ matrix.service_name }}
          fi

      - name: Tag rc
        if: github.ref == 'refs/heads/rc'
        run: |
-          docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc
+          docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
+            ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc

      - name: Tag dev
        if: github.ref == 'refs/heads/master'
        run: |
-          docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev
+          docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
+            ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev

      - name: List Docker images
        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
        run: docker images

      - name: Docker Trust setup
+        if: matrix.docker_repo == 'bitwarden' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc')
        run: |
-          if [[ "${{ matrix.docker_repo }}" == "bitwarden" ]]; then
          echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
          echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}" >> $GITHUB_ENV
-          fi

      - name: Push rc images
        if: github.ref == 'refs/heads/rc'
@ -295,8 +353,8 @@ jobs:

  upload:
    name: Upload
-    runs-on: ubuntu-latest
-    needs: build
+    runs-on: ubuntu-20.04
+    needs: build-docker
    steps:
      - name: Checkout repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@ -13,7 +13,7 @@ on:
 jobs:
  cloc:
    name: CLOC
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    steps:
      - name: Checkout repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
--- a/.github/workflows/prod-deploy.yml
+++ b/.github/workflows/prod-deploy.yml
@ -7,14 +7,12 @@ on:
      release_tag_name_input:
        description: "Release Tag Name <X.X.X>"
        required: true
-  release:
-    types:
-      - published

 jobs:
  setup:
+    if: false
    name: Setup
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    outputs:
      package_version: ${{ steps.create_tags.outputs.package_version }}
      tag_version: ${{ steps.create_tags.outputs.tag_version }}
@ -63,7 +61,7 @@ jobs:

  deploy-docker:
    name: Tag & push Docker
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    needs: setup
    strategy:
      fail-fast: false
@ -154,7 +152,7 @@ jobs:

  build:
    name: Build
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    needs: setup
    strategy:
      fail-fast: false
@ -257,7 +255,7 @@ jobs:

  deploy-identity:
    name: Deploy Identity
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    needs: build
    steps:
      - name: Download aritifacts
@ -289,7 +287,7 @@ jobs:

  deploy-api:
    name: Deploy API
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    needs: build
    steps:
      - name: Download aritifacts
@ -321,7 +319,7 @@ jobs:

  deploy-billing:
    name: Deploy Billing
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    needs: build
    steps:
      - name: Download aritifacts
@ -353,7 +351,7 @@ jobs:

  deploy-events:
    name: Deploy Events
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    needs: build
    steps:
      - name: Download aritifacts
@ -385,7 +383,7 @@ jobs:

  deploy-sso:
    name: Deploy SSO
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    needs: build
    steps:
      - name: Download aritifacts
@ -417,7 +415,7 @@ jobs:

  deploy-portal:
    name: Deploy Portal
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    needs: build
    steps:
      - name: Download aritifacts
@ -449,7 +447,7 @@ jobs:

  deploy-admin:
    name: Deploy Admin
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    needs: build
    steps:
      - name: Download aritifacts
--- a/.github/workflows/qa-deploy.yml
+++ b/.github/workflows/qa-deploy.yml
@ -12,109 +12,10 @@ on:
        default: "false"

 jobs:
-  build:
-    name: Build
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - name: Api
-            base_path: .
-          - name: Admin
-            base_path: .
-            gulp: true
-          - name: Billing
-            base_path: .
-          - name: Events
-            base_path: .
-          - name: Notifications
-            base_path: .
-          - name: Sso
-            base_path: ./bitwarden_license
-            gulp: true
-          - name: Portal
-            base_path: ./bitwarden_license
-            gulp: true
-          - name: Identity
-            base_path: .
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-
-      - name: Set up Node
-        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
-        with:
-          node-version: '14'
-
-      - name: Update NPM
-        run: |
-          npm install -g npm@7
-
-      - name: Print Environment
-        run: |
-          dotnet --info
-          node --version
-          npm --version
-          gulp --version
-
-      - name: Load env vars
-        run: |
-          echo "Base Path: ${BASE_PATH}"
-          echo "Name: ${NAME}"
-        env:
-          BASE_PATH: ${{ matrix.base_path }}
-          NAME: ${{ matrix.name }}
-
-      - name: Build Service
-        run: |
-          work_dir=$(pwd)
-          dir=$BASE_PATH/src/$SERVICE_NAME
-
-          cd $dir
-          echo "Restore"
-          dotnet restore $SERVICE_NAME.csproj
-          echo "Clean"
-          dotnet clean $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish
-
-          if [ "$GULP" == "true" ]; then
-            npm install
-            npm install gulp
-            gulp --gulpfile gulpfile.js build
-          fi
-
-          echo "Publish"
-          dotnet publish $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish
-
-          cd obj/build-output/publish
-          zip -r $SERVICE_NAME.zip .
-          mv $SERVICE_NAME.zip ../../../
-        env:
-          SERVICE_NAME: ${{ matrix.name }}
-          BASE_PATH: ${{ matrix.base_path }}
-          GULP: ${{ matrix.gulp }}
-
-      - name: Upload build artifact
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
-        with:
-          name: ${{ env.SERVICE_NAME }}.zip
-          path: ${{ env.BASE_PATH }}/src/${{ env.SERVICE_NAME }}/${{ env.SERVICE_NAME }}.zip
-        env:
-          BASE_PATH: ${{ matrix.base_path }}
-          SERVICE_NAME: ${{ matrix.name }}
-
-      - name: Test build dir
-        run: ls $BASE_PATH/src/$SERVICE_NAME
-        env:
-          SERVICE_NAME: ${{ matrix.name }}
-          BASE_PATH: ${{ matrix.base_path }}
-
-
  reset-db:
    name: Reset Database
    if: ${{ github.event.inputs.resetDb == 'true' }}
-    runs-on: ubuntu-latest
-    needs: build
+    runs-on: ubuntu-20.04
    steps:
      - name: Reset Test Data - Stub
        run: |
@ -125,8 +26,7 @@ jobs:
  update-db:
    name: Update Database
    if: ${{ github.event.inputs.migrateDb == 'true' }}
-    runs-on: ubuntu-latest
-    needs: build
+    runs-on: ubuntu-20.04
    steps:
      - name: Checkout repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
@ -161,7 +61,7 @@ jobs:

  deploy:
    name: Deploy
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    if: always()
    needs:
      - reset-db
@ -186,9 +86,15 @@ jobs:
          echo "NAME_LOWER: $NAME_LOWER"
          echo "::set-output name=name_lower::$NAME_LOWER"

-      - name: Download aritifacts
-        uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
+          BRANCH_NAME=$(echo "{{ github.ref }}" | awk '{split($0, a, "/"); print a[3]}')
+          echo "::set-output name=branch_name::$BRANCH_NAME"
+
+      - name: Download latest ${{ matrix.name }} asset from ${{ env.branch_name }}
+        uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
        with:
+          workflow: build.yml
+          workflow_conclusion: success
+          branch: ${{ env.branch_name }}
          name: ${{ matrix.name }}.zip

      - name: Login to Azure
@ -201,12 +107,15 @@ jobs:
        env:
          VAULT_NAME: "bitwarden-qa-kv"
        run: |
-          webapp_name=$(az keyvault secret show --vault-name $VAULT_NAME --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name --query value --output tsv)
+          webapp_name=$(
+            az keyvault secret show --vault-name $VAULT_NAME \
+              --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \
+              --query value --output tsv
+          )
          echo "::add-mask::$webapp_name"
          echo "::set-output name=webapp-name::$webapp_name"

      - name: Stop App Service
-        if: false
        env:
          AZURE_RESOURCE_GROUP: "bw-qa-env"
        run: az webapp stop --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP
@ -218,7 +127,6 @@ jobs:
          package: ./${{ matrix.name }}.zip

      - name: Start App Service
-        if: false
        env:
          AZURE_RESOURCE_GROUP: "bw-qa-env"
        run: az webapp start --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -3,18 +3,15 @@ name: Release

 on:
  workflow_dispatch:
-    inputs:
-      release_tag_name_input:
-        description: "Release Tag Name <X.X.X>"
-        required: true
+    inputs: {}

 jobs:
  setup:
    name: Setup
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    outputs:
-      release_upload_url: ${{ steps.create_release.outputs.upload_url }}
-      tag_version: ${{ steps.create_tags.outputs.tag_version }}
+      release_version: ${{ steps.version.outputs.package }}
+      tag_version: ${{ steps.version.outputs.tag }}
    steps:
      - name: Branch check
        run: |
@ -27,102 +24,109 @@ jobs:

      - name: Checkout repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-
-      - name: Create Release Vars
-        id: create_tags
-        run: |
-          case "${RELEASE_TAG_NAME_INPUT:0:1}" in
-            v)
-              echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
-              echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
-              echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}"
-              echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT"
-              ;;
-            [0-9])
-              echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
-              echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
-              echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT"
-              echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT"
-              ;;
-            *)
-              exit 1
-              ;;
-          esac
-        env:
-          RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
-
-      - name: Create Draft Release
-        id: create_release
-        uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
-          tag_name: ${{ env.RELEASE_TAG_NAME }}
-          release_name: Version ${{ env.RELEASE_NAME }}
-          draft: true
-          prerelease: false
+          ref: rc
+
+      - name: Check Release Version
+        id: version
+        run: |
+          version=$( grep -o "<Version>.*</Version>" Directory.Build.props | grep -o "[0-9]*\.[0-9]*\.[0-9]*")
+          previous_release_tag_version=$(
+            curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name"
+          )
+
+          if [ "v$version" == "$previous_release_tag_version" ]; then
+            echo "[!] Already released v$version. Please bump version to continue"
+            exit 1
+          fi
+
+          echo "::set-output name=package::$version"
+          echo "::set-output name=tag::v$version"


-  upload:
-    name: Upload
-    runs-on: ubuntu-latest
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-20.04
    needs:
      - setup
-    env:
-      _TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: Api
+          - name: Admin
+          - name: Billing
+          - name: Events
+          - name: Sso
+          - name: Portal
+          - name: Identity
    steps:
-      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-
-      - name: Restore
-        run: dotnet tool restore
-
-      - name: Make Docker stub
+      - name: Setup
+        id: setup
        run: |
-          STUB_OUTPUT=$(pwd)/docker-stub
-          docker run -i --rm --name setup -v $STUB_OUTPUT:/bitwarden bitwarden/setup:dev \
-            dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin
-          sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT
-          rm -rf $STUB_OUTPUT/letsencrypt
-          rm $STUB_OUTPUT/env/uid.env $STUB_OUTPUT/config.yml
-          touch $STUB_OUTPUT/env/uid.env
-          cd docker-stub; zip -r ../docker-stub.zip *; cd ..
+          NAME_LOWER=$(echo "${{ matrix.name }}" | awk '{print tolower($0)}')
+          echo "Matrix name: ${{ matrix.name }}"
+          echo "NAME_LOWER: $NAME_LOWER"
+          echo "::set-output name=name_lower::$NAME_LOWER"

-      - name: Upload Docker stub artifact
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
+      - name: Download latest RC ${{ matrix.name }} asset
+        uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
        with:
-          name: docker-stub.zip
-          path: ./docker-stub.zip
+          workflow: build.yml
+          workflow_conclusion: success
+          branch: rc
+          name: ${{ matrix.name }}.zip

-      - name: Build Swagger
-        run: |
-          cd ./src/Api
-          echo "Restore"
-          dotnet restore
-          echo "Clean"
-          dotnet clean -c "Release" -o obj/build-output/publish
-          echo "Publish"
-          dotnet publish -c "Release" -o obj/build-output/publish
-
-          dotnet swagger tofile --output ../../swagger.json --host https://api.bitwarden.com \
-            ./obj/build-output/publish/Api.dll public
-          cd ../..
-        env:
-          ASPNETCORE_ENVIRONMENT: Production
-          swaggerGen: 'True'
-
-      - name: Upload Swagger artifact
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
+      - name: Login to Azure
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
        with:
-          name: swagger.json
-          path: ./swagger.json
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

-      - name: Upload release assets
-        run: |
-          hub release edit \
-            -a ./swagger.json \
-            -a ./docker-stub.zip \
-            -m "" \
-            $_TAG_VERSION
+      - name: Retrieve secrets
+        id: retrieve-secrets
        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VAULT_NAME: "bitwarden-prod-kv"
+        run: |
+          webapp_name=$(
+            az keyvault secret show --vault-name $VAULT_NAME \
+              --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \
+              --query value --output tsv
+          )
+          echo "::add-mask::$webapp_name"
+          echo "::set-output name=webapp-name::$webapp_name"
+
+      - name: Deploy App
+        uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
+        with:
+          app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }}
+          package: ./${{ matrix.name }}.zip
+          slot: "staging"
+
+
+  release:
+    name: Create GitHub Release
+    runs-on: ubuntu-20.04
+    needs:
+      - setup
+      - deploy
+    steps:
+      - name: Download latest RC docker-stub
+        uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
+        with:
+          workflow: build.yml
+          workflow_conclusion: success
+          branch: rc
+          artifacts: "docker-stub.zip,
+                      swagger.json"
+
+      - name: Create release
+        uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09
+        with:
+          artifacts: 'docker-stub.zip,
+                      swagger.json'
+          commit: ${{ github.sha }}
+          tag: "${{ needs.setup.outputs.tag_version }}"
+          name: "Version ${{ needs.setup.outputs.release_version }}"
+          body: "<insert release notes here>"
+          token: ${{ secrets.GITHUB_TOKEN }}
+          draft: true