name: Release on: workflow_dispatch: inputs: release_tag_name_input: description: "Release Tag Name " required: true jobs: setup: name: Setup runs-on: ubuntu-latest outputs: release_upload_url: ${{ steps.create_release.outputs.upload_url }} release_version: ${{ steps.create_tags.outputs.package_version }} tag_version: ${{ steps.create_tags.outputs.tag_version }} steps: - name: Branch check run: | if [[ "$GITHUB_REF" != "refs/heads/rc" ]]; then echo "===================================" echo "[!] Can only release from rc branch" echo "===================================" exit 1 fi - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - name: Create Release Vars id: create_tags run: | case "${RELEASE_TAG_NAME_INPUT:0:1}" in v) echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}" echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT" ;; [0-9]) echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT" echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT" ;; *) exit 1 ;; esac env: RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }} - name: Create Draft Release id: create_release uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ env.RELEASE_TAG_NAME }} release_name: Version ${{ env.RELEASE_NAME }} draft: true prerelease: false release: name: Release runs-on: ubuntu-latest needs: setup strategy: fail-fast: false matrix: service_name: - admin - api - attachments - events - icons - identity - k8s-proxy - mssql - nginx - notifications - portal - server - setup - sso env: RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} TAG_VERSION: ${{ needs.setup.outputs.tag_version }} steps: - name: Print environment run: | whoami docker --version echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-prod-kv" secrets: "docker-password, docker-username, dct-delegate-2-repo-passphrase, dct-delegate-2-key" - name: Log into Docker if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin env: DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} - name: Setup Docker Trust if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: | mkdir -p ~/.docker/trust/private echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key env: DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - name: Pull Docker images run: | docker pull bitwarden/${{ matrix.service_name }}:rc env: DOCKER_CONTENT_TRUST: 1 - name: Re-tag Docker images run: | docker tag bitwarden/${{ matrix.service_name }}:rc bitwarden/${{ matrix.service_name }}:latest docker tag bitwarden/${{ matrix.service_name }}:rc bitwarden/${{ matrix.service_name }}:$RELEASE_VERSION - name: List Docker images run: docker images - name: Push Docker images if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: | docker push bitwarden/${{ matrix.service_name }}:latest docker push bitwarden/${{ matrix.service_name }}:$RELEASE_VERSION env: DOCKER_CONTENT_TRUST: 1 DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} - name: Log out of Docker if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: docker logout upload: name: Upload runs-on: ubuntu-latest needs: - setup - release env: RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} TAG_VERSION: ${{ needs.setup.outputs.tag_version }} steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - name: Restore run: dotnet tool restore - name: Make Docker stub run: | STUB_OUTPUT=$(pwd)/docker-stub docker run -i --rm --name setup -v $STUB_OUTPUT:/bitwarden bitwarden/setup:dev \ dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT rm -rf $STUB_OUTPUT/letsencrypt rm $STUB_OUTPUT/env/uid.env $STUB_OUTPUT/config.yml touch $STUB_OUTPUT/env/uid.env cd docker-stub; zip -r ../docker-stub.zip *; cd .. - name: Upload Docker stub artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 with: name: docker-stub.zip path: ./docker-stub.zip - name: Build Swagger run: | cd ./src/Api echo "Restore" dotnet restore echo "Clean" dotnet clean -c "Release" -o obj/build-output/publish echo "Publish" dotnet publish -c "Release" -o obj/build-output/publish dotnet swagger tofile --output ../../swagger.json --host https://api.bitwarden.com \ ./obj/build-output/publish/Api.dll public cd ../.. env: ASPNETCORE_ENVIRONMENT: Production swaggerGen: 'True' - name: Upload Swagger artifact uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 with: name: swagger.json path: ./swagger.json - name: Upload release assets if: github.event_name == 'release' run: | hub release edit \ -a ./swagger.json \ -a ./docker-stub.zip \ -m "" \ $TAG_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}