mirror of
https://github.com/bitwarden/server.git
synced 2024-11-22 12:15:36 +01:00
10e85e0181
* fix release asset upload * adding Version to release name * restricting QA deploys to only manual trigger * constraining all releases to the rc branch * removing the release message update
227 lines
7.5 KiB
YAML
227 lines
7.5 KiB
YAML
name: Release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
release_tag_name_input:
|
|
description: "Release Tag Name <X.X.X>"
|
|
required: true
|
|
|
|
jobs:
|
|
setup:
|
|
name: Setup
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
|
|
release_version: ${{ steps.create_tags.outputs.package_version }}
|
|
tag_version: ${{ steps.create_tags.outputs.tag_version }}
|
|
steps:
|
|
- name: Branch check
|
|
run: |
|
|
if [[ "$GITHUB_REF" != "refs/heads/rc" ]]; then
|
|
echo "==================================="
|
|
echo "[!] Can only release from rc branch"
|
|
echo "==================================="
|
|
exit 1
|
|
fi
|
|
|
|
- name: Checkout repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
|
|
|
- name: Create Release Vars
|
|
id: create_tags
|
|
run: |
|
|
case "${RELEASE_TAG_NAME_INPUT:0:1}" in
|
|
v)
|
|
echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
|
|
echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
|
echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}"
|
|
echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT"
|
|
;;
|
|
[0-9])
|
|
echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
|
echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
|
echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT"
|
|
echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT"
|
|
;;
|
|
*)
|
|
exit 1
|
|
;;
|
|
esac
|
|
env:
|
|
RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
|
|
|
|
- name: Create Draft Release
|
|
id: create_release
|
|
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tag_name: ${{ env.RELEASE_TAG_NAME }}
|
|
release_name: Version ${{ env.RELEASE_NAME }}
|
|
draft: true
|
|
prerelease: false
|
|
|
|
release:
|
|
name: Release
|
|
runs-on: ubuntu-latest
|
|
needs: setup
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
service_name:
|
|
- admin
|
|
- api
|
|
- attachments
|
|
- events
|
|
- icons
|
|
- identity
|
|
- k8s-proxy
|
|
- mssql
|
|
- nginx
|
|
- notifications
|
|
- portal
|
|
- server
|
|
- setup
|
|
- sso
|
|
env:
|
|
RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
|
|
TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
|
|
steps:
|
|
- name: Print environment
|
|
run: |
|
|
whoami
|
|
docker --version
|
|
echo "GitHub ref: $GITHUB_REF"
|
|
echo "GitHub event: $GITHUB_EVENT"
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
|
|
with:
|
|
keyvault: "bitwarden-prod-kv"
|
|
secrets: "docker-password,
|
|
docker-username,
|
|
dct-delegate-2-repo-passphrase,
|
|
dct-delegate-2-key"
|
|
|
|
- name: Log into Docker
|
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
|
run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
|
|
env:
|
|
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
|
|
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
|
|
|
|
- name: Setup Docker Trust
|
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
|
run: |
|
|
mkdir -p ~/.docker/trust/private
|
|
|
|
echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
|
|
env:
|
|
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
|
|
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
|
|
|
|
- name: Checkout repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
|
|
|
- name: Pull Docker images
|
|
run: |
|
|
docker pull bitwarden/${{ matrix.service_name }}:rc
|
|
env:
|
|
DOCKER_CONTENT_TRUST: 1
|
|
|
|
- name: Re-tag Docker images
|
|
run: |
|
|
docker tag bitwarden/${{ matrix.service_name }}:rc bitwarden/${{ matrix.service_name }}:latest
|
|
docker tag bitwarden/${{ matrix.service_name }}:rc bitwarden/${{ matrix.service_name }}:$RELEASE_VERSION
|
|
|
|
- name: List Docker images
|
|
run: docker images
|
|
|
|
- name: Push Docker images
|
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
|
run: |
|
|
docker push bitwarden/${{ matrix.service_name }}:latest
|
|
docker push bitwarden/${{ matrix.service_name }}:$RELEASE_VERSION
|
|
env:
|
|
DOCKER_CONTENT_TRUST: 1
|
|
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
|
|
|
|
- name: Log out of Docker
|
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
|
run: docker logout
|
|
|
|
|
|
upload:
|
|
name: Upload
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- setup
|
|
- release
|
|
env:
|
|
RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
|
|
TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
|
|
|
- name: Restore
|
|
run: dotnet tool restore
|
|
|
|
- name: Make Docker stub
|
|
run: |
|
|
STUB_OUTPUT=$(pwd)/docker-stub
|
|
docker run -i --rm --name setup -v $STUB_OUTPUT:/bitwarden bitwarden/setup:dev \
|
|
dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin
|
|
sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT
|
|
rm -rf $STUB_OUTPUT/letsencrypt
|
|
rm $STUB_OUTPUT/env/uid.env $STUB_OUTPUT/config.yml
|
|
touch $STUB_OUTPUT/env/uid.env
|
|
cd docker-stub; zip -r ../docker-stub.zip *; cd ..
|
|
|
|
- name: Upload Docker stub artifact
|
|
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
|
|
with:
|
|
name: docker-stub.zip
|
|
path: ./docker-stub.zip
|
|
|
|
- name: Build Swagger
|
|
run: |
|
|
cd ./src/Api
|
|
echo "Restore"
|
|
dotnet restore
|
|
echo "Clean"
|
|
dotnet clean -c "Release" -o obj/build-output/publish
|
|
echo "Publish"
|
|
dotnet publish -c "Release" -o obj/build-output/publish
|
|
|
|
dotnet swagger tofile --output ../../swagger.json --host https://api.bitwarden.com \
|
|
./obj/build-output/publish/Api.dll public
|
|
cd ../..
|
|
env:
|
|
ASPNETCORE_ENVIRONMENT: Production
|
|
swaggerGen: 'True'
|
|
|
|
- name: Upload Swagger artifact
|
|
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
|
|
with:
|
|
name: swagger.json
|
|
path: ./swagger.json
|
|
|
|
- name: Upload release assets
|
|
if: github.event_name == 'release'
|
|
run: |
|
|
hub release edit \
|
|
-a ./swagger.json \
|
|
-a ./docker-stub.zip \
|
|
-m "" \
|
|
$TAG_VERSION
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|