1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00

New BTR pipeline model (#1599)

Splitting out the build artifacts and the docker containers. Making the QA deploy more streamlined with the new build pipeline. Disabling the prod workflow, but keeping it until we fully migrate our deploy processes over to the new flow.
This commit is contained in:
Joseph Flinn 2021-09-24 15:04:14 -07:00 committed by GitHub
parent bccd7eb0ba
commit dac3b3e893
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 259 additions and 291 deletions

View File

@ -12,7 +12,7 @@ on:
jobs:
cloc:
name: CLOC
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
@ -28,7 +28,7 @@ jobs:
testing:
name: Testing
runs-on: windows-latest
runs-on: windows-2019
steps:
- name: Set up NuGet
uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1
@ -73,10 +73,110 @@ jobs:
shell: pwsh
build:
name: Build
runs-on: ubuntu-latest
build-artifacts:
name: Build artifacts
runs-on: ubuntu-20.04
needs: testing
strategy:
fail-fast: false
matrix:
include:
- service_name: Admin
base_path: ./src
gulp: true
- service_name: Api
base_path: ./src
- service_name: Billing
base_path: ./src
- service_name: Events
base_path: ./src
- service_name: EventsProcessor
base_path: ./src
- service_name: Icons
base_path: ./src
- service_name: Identity
base_path: ./src
- service_name: Notifications
base_path: ./src
- service_name: Portal
base_path: ./bitwarden_license/src
gulp: true
- service_name: Server
base_path: ./util
- service_name: Setup
base_path: ./util
- service_name: Sso
base_path: ./bitwarden_license/src
gulp: true
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
with:
node-version: '14'
- name: Update NPM
run: |
npm install -g npm@7
- name: Print environment
run: |
whoami
dotnet --info
node --version
npm --version
gulp --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Set up Gulp
if: ${{ matrix.gulp }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
npm install -g gulp
- name: Restore/Clean service
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
echo "Restore"
dotnet restore
echo "Clean"
dotnet clean -c "Release" -o obj/build-output/publish
- name: Execute Gulp
if: ${{ matrix.gulp }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
npm install
gulp --gulpfile gulpfile.js build
- name: Publish service
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
echo "Publish"
dotnet publish -c "Release" -o obj/build-output/publish
cd obj/build-output/publish
zip -r ${{ matrix.service_name }}.zip .
mv ${{ matrix.service_name }}.zip ../../../
pwd
ls -atlh ../../../
- name: Upload service artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
with:
name: ${{ matrix.service_name }}.zip
path: ${{ matrix.base_path }}/${{ matrix.service_name }}/obj/build-output/publish
if-no-files-found: error
build-docker:
name: Build Docker images
runs-on: ubuntu-20.04
needs: build-artifacts
strategy:
fail-fast: false
matrix:
@ -85,11 +185,14 @@ jobs:
base_path: ./src
docker_repo: bitwarden
dotnet: true
gulp: true
- service_name: Api
base_path: ./src
docker_repo: bitwarden
dotnet: true
- service_name: Billing
base_path: ./src
docker_repo: bitwardenqa.azurecr.io
dotnet: true
- service_name: Attachments
base_path: ./util
docker_repo: bitwarden
@ -126,7 +229,6 @@ jobs:
base_path: ./bitwarden_license/src
docker_repo: bitwarden
dotnet: true
gulp: true
- service_name: Server
base_path: ./util
docker_repo: bitwarden
@ -139,31 +241,10 @@ jobs:
base_path: ./bitwarden_license/src
docker_repo: bitwarden
dotnet: true
gulp: true
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
with:
node-version: '14'
- name: Update NPM
run: |
npm install -g npm@7
- name: Print environment
run: |
whoami
dotnet --info
node --version
npm --version
gulp --version
docker --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Login to Azure - Prod Subscription
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
@ -187,25 +268,25 @@ jobs:
- name: Log into Docker
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
env:
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
run: |
if [[ "${{ matrix.docker_repo }}" == "bitwardenqa.azurecr.io" ]]; then
az acr login -n bitwardenqa
else
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
fi
env:
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
- name: Setup Docker Trust
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
env:
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
run: |
mkdir -p ~/.docker/trust/private
echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
env:
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
- name: Setup service name
id: setup
@ -215,68 +296,45 @@ jobs:
echo "SERVICE_NAME: $SERVICE_NAME"
echo "::set-output name=service_name::$SERVICE_NAME"
- name: Set up Gulp
if: ${{ matrix.gulp }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
npm install -g gulp
- name: Restore/Clean service
- name: Get build artifact
if: ${{ matrix.dotnet }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
echo "Restore"
dotnet restore
echo "Clean"
dotnet clean -c "Release" -o obj/build-output/publish
- name: Execute Gulp
if: ${{ matrix.gulp }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
npm install
gulp --gulpfile gulpfile.js build
- name: Publish service
if: ${{ matrix.dotnet }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
echo "Publish"
dotnet publish -c "Release" -o obj/build-output/publish
cd obj/build-output/publish
zip -r ${{ matrix.service_name }}.zip .
mv ${{ matrix.service_name }}.zip ../../../
uses: actions/download-artifact@3be87be14a055c47b01d3bd88f8fe02320a9bb60 # v2.0.10
with:
name: ${{ matrix.service_name }}.zip
path: ${{ matrix.base_path }}/${{ matrix.service_name }}
- name: Build Docker images
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
run: |
if [ "${{ steps.setup.outputs.service_name }}" = "k8s-proxy" ]; then
docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx
if [ "${{ matrix.service_name }}" = "K8s-Proxy" ]; then
docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s \
-t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx
else
docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/${{ matrix.service_name }}
docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
${{ matrix.base_path }}/${{ matrix.service_name }}
fi
- name: Tag rc
if: github.ref == 'refs/heads/rc'
run: |
docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc
docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc
- name: Tag dev
if: github.ref == 'refs/heads/master'
run: |
docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev
docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev
- name: List Docker images
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
run: docker images
- name: Docker Trust setup
if: matrix.docker_repo == 'bitwarden' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc')
run: |
if [[ "${{ matrix.docker_repo }}" == "bitwarden" ]]; then
echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}" >> $GITHUB_ENV
fi
- name: Push rc images
if: github.ref == 'refs/heads/rc'
@ -295,8 +353,8 @@ jobs:
upload:
name: Upload
runs-on: ubuntu-latest
needs: build
runs-on: ubuntu-20.04
needs: build-docker
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

View File

@ -13,7 +13,7 @@ on:
jobs:
cloc:
name: CLOC
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4

View File

@ -7,14 +7,12 @@ on:
release_tag_name_input:
description: "Release Tag Name <X.X.X>"
required: true
release:
types:
- published
jobs:
setup:
if: false
name: Setup
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
outputs:
package_version: ${{ steps.create_tags.outputs.package_version }}
tag_version: ${{ steps.create_tags.outputs.tag_version }}
@ -63,7 +61,7 @@ jobs:
deploy-docker:
name: Tag & push Docker
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs: setup
strategy:
fail-fast: false
@ -154,7 +152,7 @@ jobs:
build:
name: Build
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs: setup
strategy:
fail-fast: false
@ -257,7 +255,7 @@ jobs:
deploy-identity:
name: Deploy Identity
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
@ -289,7 +287,7 @@ jobs:
deploy-api:
name: Deploy API
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
@ -321,7 +319,7 @@ jobs:
deploy-billing:
name: Deploy Billing
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
@ -353,7 +351,7 @@ jobs:
deploy-events:
name: Deploy Events
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
@ -385,7 +383,7 @@ jobs:
deploy-sso:
name: Deploy SSO
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
@ -417,7 +415,7 @@ jobs:
deploy-portal:
name: Deploy Portal
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
@ -449,7 +447,7 @@ jobs:
deploy-admin:
name: Deploy Admin
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts

View File

@ -12,109 +12,10 @@ on:
default: "false"
jobs:
build:
name: Build
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: Api
base_path: .
- name: Admin
base_path: .
gulp: true
- name: Billing
base_path: .
- name: Events
base_path: .
- name: Notifications
base_path: .
- name: Sso
base_path: ./bitwarden_license
gulp: true
- name: Portal
base_path: ./bitwarden_license
gulp: true
- name: Identity
base_path: .
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
with:
node-version: '14'
- name: Update NPM
run: |
npm install -g npm@7
- name: Print Environment
run: |
dotnet --info
node --version
npm --version
gulp --version
- name: Load env vars
run: |
echo "Base Path: ${BASE_PATH}"
echo "Name: ${NAME}"
env:
BASE_PATH: ${{ matrix.base_path }}
NAME: ${{ matrix.name }}
- name: Build Service
run: |
work_dir=$(pwd)
dir=$BASE_PATH/src/$SERVICE_NAME
cd $dir
echo "Restore"
dotnet restore $SERVICE_NAME.csproj
echo "Clean"
dotnet clean $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish
if [ "$GULP" == "true" ]; then
npm install
npm install gulp
gulp --gulpfile gulpfile.js build
fi
echo "Publish"
dotnet publish $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish
cd obj/build-output/publish
zip -r $SERVICE_NAME.zip .
mv $SERVICE_NAME.zip ../../../
env:
SERVICE_NAME: ${{ matrix.name }}
BASE_PATH: ${{ matrix.base_path }}
GULP: ${{ matrix.gulp }}
- name: Upload build artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
with:
name: ${{ env.SERVICE_NAME }}.zip
path: ${{ env.BASE_PATH }}/src/${{ env.SERVICE_NAME }}/${{ env.SERVICE_NAME }}.zip
env:
BASE_PATH: ${{ matrix.base_path }}
SERVICE_NAME: ${{ matrix.name }}
- name: Test build dir
run: ls $BASE_PATH/src/$SERVICE_NAME
env:
SERVICE_NAME: ${{ matrix.name }}
BASE_PATH: ${{ matrix.base_path }}
reset-db:
name: Reset Database
if: ${{ github.event.inputs.resetDb == 'true' }}
runs-on: ubuntu-latest
needs: build
runs-on: ubuntu-20.04
steps:
- name: Reset Test Data - Stub
run: |
@ -125,8 +26,7 @@ jobs:
update-db:
name: Update Database
if: ${{ github.event.inputs.migrateDb == 'true' }}
runs-on: ubuntu-latest
needs: build
runs-on: ubuntu-20.04
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
@ -161,7 +61,7 @@ jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
if: always()
needs:
- reset-db
@ -186,9 +86,15 @@ jobs:
echo "NAME_LOWER: $NAME_LOWER"
echo "::set-output name=name_lower::$NAME_LOWER"
- name: Download aritifacts
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
BRANCH_NAME=$(echo "{{ github.ref }}" | awk '{split($0, a, "/"); print a[3]}')
echo "::set-output name=branch_name::$BRANCH_NAME"
- name: Download latest ${{ matrix.name }} asset from ${{ env.branch_name }}
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
with:
workflow: build.yml
workflow_conclusion: success
branch: ${{ env.branch_name }}
name: ${{ matrix.name }}.zip
- name: Login to Azure
@ -201,12 +107,15 @@ jobs:
env:
VAULT_NAME: "bitwarden-qa-kv"
run: |
webapp_name=$(az keyvault secret show --vault-name $VAULT_NAME --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name --query value --output tsv)
webapp_name=$(
az keyvault secret show --vault-name $VAULT_NAME \
--name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \
--query value --output tsv
)
echo "::add-mask::$webapp_name"
echo "::set-output name=webapp-name::$webapp_name"
- name: Stop App Service
if: false
env:
AZURE_RESOURCE_GROUP: "bw-qa-env"
run: az webapp stop --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP
@ -218,7 +127,6 @@ jobs:
package: ./${{ matrix.name }}.zip
- name: Start App Service
if: false
env:
AZURE_RESOURCE_GROUP: "bw-qa-env"
run: az webapp start --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP

View File

@ -3,18 +3,15 @@ name: Release
on:
workflow_dispatch:
inputs:
release_tag_name_input:
description: "Release Tag Name <X.X.X>"
required: true
inputs: {}
jobs:
setup:
name: Setup
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
outputs:
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
tag_version: ${{ steps.create_tags.outputs.tag_version }}
release_version: ${{ steps.version.outputs.package }}
tag_version: ${{ steps.version.outputs.tag }}
steps:
- name: Branch check
run: |
@ -27,102 +24,109 @@ jobs:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Create Release Vars
id: create_tags
run: |
case "${RELEASE_TAG_NAME_INPUT:0:1}" in
v)
echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}"
echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT"
;;
[0-9])
echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT"
echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT"
;;
*)
exit 1
;;
esac
env:
RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
- name: Create Draft Release
id: create_release
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ env.RELEASE_TAG_NAME }}
release_name: Version ${{ env.RELEASE_NAME }}
draft: true
prerelease: false
ref: rc
- name: Check Release Version
id: version
run: |
version=$( grep -o "<Version>.*</Version>" Directory.Build.props | grep -o "[0-9]*\.[0-9]*\.[0-9]*")
previous_release_tag_version=$(
curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name"
)
if [ "v$version" == "$previous_release_tag_version" ]; then
echo "[!] Already released v$version. Please bump version to continue"
exit 1
fi
echo "::set-output name=package::$version"
echo "::set-output name=tag::v$version"
upload:
name: Upload
runs-on: ubuntu-latest
deploy:
name: Deploy
runs-on: ubuntu-20.04
needs:
- setup
env:
_TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
strategy:
fail-fast: false
matrix:
include:
- name: Api
- name: Admin
- name: Billing
- name: Events
- name: Sso
- name: Portal
- name: Identity
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Restore
run: dotnet tool restore
- name: Make Docker stub
- name: Setup
id: setup
run: |
STUB_OUTPUT=$(pwd)/docker-stub
docker run -i --rm --name setup -v $STUB_OUTPUT:/bitwarden bitwarden/setup:dev \
dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin
sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT
rm -rf $STUB_OUTPUT/letsencrypt
rm $STUB_OUTPUT/env/uid.env $STUB_OUTPUT/config.yml
touch $STUB_OUTPUT/env/uid.env
cd docker-stub; zip -r ../docker-stub.zip *; cd ..
NAME_LOWER=$(echo "${{ matrix.name }}" | awk '{print tolower($0)}')
echo "Matrix name: ${{ matrix.name }}"
echo "NAME_LOWER: $NAME_LOWER"
echo "::set-output name=name_lower::$NAME_LOWER"
- name: Upload Docker stub artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
- name: Download latest RC ${{ matrix.name }} asset
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
with:
name: docker-stub.zip
path: ./docker-stub.zip
workflow: build.yml
workflow_conclusion: success
branch: rc
name: ${{ matrix.name }}.zip
- name: Build Swagger
run: |
cd ./src/Api
echo "Restore"
dotnet restore
echo "Clean"
dotnet clean -c "Release" -o obj/build-output/publish
echo "Publish"
dotnet publish -c "Release" -o obj/build-output/publish
dotnet swagger tofile --output ../../swagger.json --host https://api.bitwarden.com \
./obj/build-output/publish/Api.dll public
cd ../..
env:
ASPNETCORE_ENVIRONMENT: Production
swaggerGen: 'True'
- name: Upload Swagger artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
- name: Login to Azure
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
name: swagger.json
path: ./swagger.json
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Upload release assets
run: |
hub release edit \
-a ./swagger.json \
-a ./docker-stub.zip \
-m "" \
$_TAG_VERSION
- name: Retrieve secrets
id: retrieve-secrets
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VAULT_NAME: "bitwarden-prod-kv"
run: |
webapp_name=$(
az keyvault secret show --vault-name $VAULT_NAME \
--name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \
--query value --output tsv
)
echo "::add-mask::$webapp_name"
echo "::set-output name=webapp-name::$webapp_name"
- name: Deploy App
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
with:
app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }}
package: ./${{ matrix.name }}.zip
slot: "staging"
release:
name: Create GitHub Release
runs-on: ubuntu-20.04
needs:
- setup
- deploy
steps:
- name: Download latest RC docker-stub
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
with:
workflow: build.yml
workflow_conclusion: success
branch: rc
artifacts: "docker-stub.zip,
swagger.json"
- name: Create release
uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09
with:
artifacts: 'docker-stub.zip,
swagger.json'
commit: ${{ github.sha }}
tag: "${{ needs.setup.outputs.tag_version }}"
name: "Version ${{ needs.setup.outputs.release_version }}"
body: "<insert release notes here>"
token: ${{ secrets.GITHUB_TOKEN }}
draft: true