name: Prod Deploy on: workflow_dispatch: inputs: release_tag_name_input: description: "Release Tag Name " required: true release: types: - published jobs: setup: runs-on: ubuntu-latest outputs: package_version: ${{ steps.create_tags.outputs.package_version }} tag_version: ${{ steps.create_tags.outputs.tag_version }} steps: - name: Branch check run: | if [[ "$GITHUB_REF" != "refs/heads/rc" ]]; then echo "===================================" echo "[!] Can only deploy from rc branch" echo "===================================" exit 1 fi - name: Checkout Repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - name: Create Deploy version vars id: create_tags run: | if [ "${{ github.event_name }}" != "release" ]; then case "${RELEASE_TAG_NAME_INPUT:0:1}" in v) echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}" echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT" ;; [0-9]) echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT" echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT" ;; *) exit 1 ;; esac else TAG_VERSION=$(echo ${{ github.ref }} | cut -d "/" -f 3) PKG_VERSION=${TAG_VERSION:1} echo "::set-output name=package_version::$PKG_VERSION" echo "::set-output name=tag_version::$TAG_VERSION" fi env: RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }} - name: test outputs run: | echo "Package Version: ${{ steps.create_tags.outputs.package_version }}" echo "Tag Version: ${{ steps.create_tags.outputs.tag_version }}" deploy-docker: name: Tag & push Docker runs-on: ubuntu-latest needs: setup strategy: fail-fast: false matrix: service_name: - admin - api - attachments - events - icons - identity - k8s-proxy - mssql - nginx - notifications - portal - server - setup - sso env: PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} TAG_VERSION: ${{ needs.setup.outputs.tag_version }} steps: - name: Print environment run: | whoami docker --version echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-prod-kv" secrets: "docker-password, docker-username, dct-delegate-2-repo-passphrase, dct-delegate-2-key" - name: Log into Docker run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin env: DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} - name: Setup Docker Trust run: | mkdir -p ~/.docker/trust/private echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key env: DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - name: Pull Docker images run: | docker pull bitwarden/${{ matrix.service_name }}:rc env: DOCKER_CONTENT_TRUST: 1 - name: Re-tag Docker images run: | docker tag bitwarden/${{ matrix.service_name }}:rc bitwarden/${{ matrix.service_name }}:latest docker tag bitwarden/${{ matrix.service_name }}:rc bitwarden/${{ matrix.service_name }}:$PACKAGE_VERSION - name: List Docker images run: docker images - name: Push Docker images run: | docker push bitwarden/${{ matrix.service_name }}:latest docker push bitwarden/${{ matrix.service_name }}:$PACKAGE_VERSION env: DOCKER_CONTENT_TRUST: 1 DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} - name: Log out of Docker run: docker logout build: runs-on: ubuntu-latest needs: setup strategy: fail-fast: false matrix: include: - name: Api base_path: . - name: Admin base_path: . gulp: true - name: Billing base_path: . - name: Events base_path: . - name: Notifications base_path: . - name: Sso base_path: ./bitwarden_license gulp: true - name: Portal base_path: ./bitwarden_license gulp: true - name: Identity base_path: . env: PKG_VERSION: ${{ needs.setup.outputs.package_version }} TAG_VERSION: ${{ needs.setup.outputs.tag_version }} steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f with: ref: ${{ env.TAG_VERSION }} - name: Set up Node uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea with: node-version: '14' - name: Print Environment run: | dotnet --info node --version npm --version gulp --version - name: load env vars run: | echo "Base Path: ${BASE_PATH}" echo "Name: ${NAME}" env: BASE_PATH: ${{ matrix.base_path }} NAME: ${{ matrix.name }} - name: Build Service run: | work_dir=$(pwd) dir=$BASE_PATH/src/$SERVICE_NAME cd $dir echo "Restore" dotnet restore $SERVICE_NAME.csproj echo "Clean" dotnet clean $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish if [ "$GULP" == "true" ]; then npm install npm install gulp gulp --gulpfile gulpfile.js build fi echo "Publish" dotnet publish $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish cd obj/build-output/publish zip -r $SERVICE_NAME.zip . mv $SERVICE_NAME.zip ../../../ env: SERVICE_NAME: ${{ matrix.name }} BASE_PATH: ${{ matrix.base_path }} GULP: ${{ matrix.gulp }} - name: Upload build artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 with: name: ${{ env.SERVICE_NAME }}.zip path: ${{ env.BASE_PATH }}/src/${{ env.SERVICE_NAME }}/${{ env.SERVICE_NAME }}.zip env: BASE_PATH: ${{ matrix.base_path }} SERVICE_NAME: ${{ matrix.name }} - name: Test build dir run: ls $BASE_PATH/src/$SERVICE_NAME env: SERVICE_NAME: ${{ matrix.name }} BASE_PATH: ${{ matrix.base_path }} deploy-identity: runs-on: ubuntu-latest needs: build steps: - name: Download aritifacts uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 with: name: Identity.zip - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-prod-kv" secrets: "appservices-identity-webapp-name, appservices-identity-webapp-publish-profile" - name: Deploy Identity uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 with: app-name: ${{ steps.retrieve-secrets.outputs.appservices-identity-webapp-name }} slot-name: "staging" publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-identity-webapp-publish-profile }} package: ./Identity.zip deploy-api: runs-on: ubuntu-latest needs: build steps: - name: Download aritifacts uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 with: name: Api.zip - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-prod-kv" secrets: "appservices-api-webapp-name, appservices-api-webapp-publish-profile" - name: Deploy Api uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 with: app-name: ${{ steps.retrieve-secrets.outputs.appservices-api-webapp-name }} slot-name: "staging" publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-api-webapp-publish-profile }} package: ./Api.zip deploy-billing: runs-on: ubuntu-latest needs: build steps: - name: Download aritifacts uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 with: name: Billing.zip - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-prod-kv" secrets: "appservices-billing-webapp-name, appservices-billing-webapp-publish-profile" - name: Deploy Billing uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 with: app-name: ${{ steps.retrieve-secrets.outputs.appservices-billing-webapp-name }} slot-name: "staging" publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-billing-webapp-publish-profile }} package: ./Billing.zip deploy-events: runs-on: ubuntu-latest needs: build steps: - name: Download aritifacts uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 with: name: Events.zip - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-prod-kv" secrets: "appservices-events-webapp-name, appservices-events-webapp-publish-profile" - name: Deploy Events uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 with: app-name: ${{ steps.retrieve-secrets.outputs.appservices-events-webapp-name }} slot-name: "staging" publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-events-webapp-publish-profile }} package: ./Events.zip deploy-sso: runs-on: ubuntu-latest needs: build steps: - name: Download aritifacts uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 with: name: Sso.zip - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-prod-kv" secrets: "appservices-sso-webapp-name, appservices-sso-webapp-publish-profile" - name: Deploy SSO uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 with: app-name: ${{ steps.retrieve-secrets.outputs.appservices-sso-webapp-name }} slot-name: "staging" publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-sso-webapp-publish-profile }} package: ./Sso.zip deploy-portal: runs-on: ubuntu-latest needs: build steps: - name: Download aritifacts uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 with: name: Portal.zip - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-prod-kv" secrets: "appservices-portal-webapp-name, appservices-portal-webapp-publish-profile" - name: Deploy Portal uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 with: app-name: ${{ steps.retrieve-secrets.outputs.appservices-portal-webapp-name }} slot-name: "staging" publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-portal-webapp-publish-profile }} package: ./Portal.zip deploy-admin: runs-on: ubuntu-latest needs: build steps: - name: Download aritifacts uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 with: name: Admin.zip - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-prod-kv" secrets: "appservices-admin-webapp-name, appservices-admin-webapp-publish-profile" - name: Deploy Admin uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 with: app-name: ${{ steps.retrieve-secrets.outputs.appservices-admin-webapp-name }} slot-name: "staging" publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-admin-webapp-publish-profile }} package: ./Admin.zip