mirror of
https://github.com/bitwarden/server.git
synced 2024-12-01 13:43:23 +01:00
dac3b3e893
Splitting out the build artifacts and the docker containers. Making the QA deploy more streamlined with the new build pipeline. Disabling the prod workflow, but keeping it until we fully migrate our deploy processes over to the new flow.
478 lines
15 KiB
YAML
478 lines
15 KiB
YAML
---
|
|
name: Prod Deploy
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
release_tag_name_input:
|
|
description: "Release Tag Name <X.X.X>"
|
|
required: true
|
|
|
|
jobs:
|
|
setup:
|
|
if: false
|
|
name: Setup
|
|
runs-on: ubuntu-20.04
|
|
outputs:
|
|
package_version: ${{ steps.create_tags.outputs.package_version }}
|
|
tag_version: ${{ steps.create_tags.outputs.tag_version }}
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
|
with:
|
|
ref: rc
|
|
|
|
- name: Create Deploy version vars
|
|
id: create_tags
|
|
run: |
|
|
if [ "${{ github.event_name }}" != "release" ]; then
|
|
case "${RELEASE_TAG_NAME_INPUT:0:1}" in
|
|
v)
|
|
echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
|
|
echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
|
echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}"
|
|
echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT"
|
|
;;
|
|
[0-9])
|
|
echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
|
echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
|
echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT"
|
|
echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT"
|
|
;;
|
|
*)
|
|
exit 1
|
|
;;
|
|
esac
|
|
else
|
|
TAG_VERSION=$(echo ${{ github.ref }} | cut -d "/" -f 3)
|
|
PKG_VERSION=${TAG_VERSION:1}
|
|
|
|
echo "::set-output name=package_version::$PKG_VERSION"
|
|
echo "::set-output name=tag_version::$TAG_VERSION"
|
|
fi
|
|
env:
|
|
RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
|
|
|
|
- name: Test outputs
|
|
run: |
|
|
echo "Package Version: ${{ steps.create_tags.outputs.package_version }}"
|
|
echo "Tag Version: ${{ steps.create_tags.outputs.tag_version }}"
|
|
|
|
|
|
deploy-docker:
|
|
name: Tag & push Docker
|
|
runs-on: ubuntu-20.04
|
|
needs: setup
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
service_name:
|
|
- admin
|
|
- api
|
|
- attachments
|
|
- events
|
|
- icons
|
|
- identity
|
|
- k8s-proxy
|
|
- mssql
|
|
- nginx
|
|
- notifications
|
|
- portal
|
|
- server
|
|
- setup
|
|
- sso
|
|
env:
|
|
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
|
|
steps:
|
|
- name: Print environment
|
|
run: |
|
|
whoami
|
|
docker --version
|
|
echo "GitHub ref: $GITHUB_REF"
|
|
echo "GitHub event: $GITHUB_EVENT"
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
|
|
with:
|
|
keyvault: "bitwarden-prod-kv"
|
|
secrets: "docker-password,
|
|
docker-username,
|
|
dct-delegate-2-repo-passphrase,
|
|
dct-delegate-2-key"
|
|
|
|
- name: Log into Docker
|
|
run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
|
|
env:
|
|
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
|
|
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
|
|
|
|
- name: Setup Docker Trust
|
|
run: |
|
|
mkdir -p ~/.docker/trust/private
|
|
|
|
echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
|
|
env:
|
|
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
|
|
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
|
|
|
|
- name: Checkout repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
|
|
|
- name: Pull Docker images
|
|
run: |
|
|
docker pull bitwarden/${{ matrix.service_name }}:rc
|
|
env:
|
|
DOCKER_CONTENT_TRUST: 1
|
|
|
|
- name: Re-tag Docker images
|
|
run: |
|
|
docker tag bitwarden/${{ matrix.service_name }}:rc bitwarden/${{ matrix.service_name }}:latest
|
|
docker tag bitwarden/${{ matrix.service_name }}:rc bitwarden/${{ matrix.service_name }}:$_PACKAGE_VERSION
|
|
|
|
- name: List Docker images
|
|
run: docker images
|
|
|
|
- name: Push Docker images
|
|
run: |
|
|
docker push bitwarden/${{ matrix.service_name }}:latest
|
|
docker push bitwarden/${{ matrix.service_name }}:$_PACKAGE_VERSION
|
|
env:
|
|
DOCKER_CONTENT_TRUST: 1
|
|
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
|
|
|
|
- name: Log out of Docker
|
|
run: docker logout
|
|
|
|
|
|
build:
|
|
name: Build
|
|
runs-on: ubuntu-20.04
|
|
needs: setup
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- name: Api
|
|
base_path: .
|
|
- name: Admin
|
|
base_path: .
|
|
gulp: true
|
|
- name: Billing
|
|
base_path: .
|
|
- name: Events
|
|
base_path: .
|
|
- name: Notifications
|
|
base_path: .
|
|
- name: Sso
|
|
base_path: ./bitwarden_license
|
|
gulp: true
|
|
- name: Portal
|
|
base_path: ./bitwarden_license
|
|
gulp: true
|
|
- name: Identity
|
|
base_path: .
|
|
env:
|
|
_TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
|
with:
|
|
ref: ${{ env._TAG_VERSION }}
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
|
|
with:
|
|
node-version: '14'
|
|
|
|
- name: Update NPM
|
|
run: |
|
|
npm install -g npm@7
|
|
|
|
- name: Print Environment
|
|
run: |
|
|
dotnet --info
|
|
node --version
|
|
npm --version
|
|
gulp --version
|
|
|
|
- name: Load env vars
|
|
run: |
|
|
echo "Base Path: ${BASE_PATH}"
|
|
echo "Name: ${NAME}"
|
|
env:
|
|
BASE_PATH: ${{ matrix.base_path }}
|
|
NAME: ${{ matrix.name }}
|
|
|
|
- name: Build Service
|
|
run: |
|
|
work_dir=$(pwd)
|
|
dir=$BASE_PATH/src/$SERVICE_NAME
|
|
|
|
cd $dir
|
|
echo "Restore"
|
|
dotnet restore $SERVICE_NAME.csproj
|
|
echo "Clean"
|
|
dotnet clean $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish
|
|
|
|
if [ "$GULP" == "true" ]; then
|
|
npm install
|
|
npm install gulp
|
|
gulp --gulpfile gulpfile.js build
|
|
fi
|
|
|
|
echo "Publish"
|
|
dotnet publish $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish
|
|
|
|
cd obj/build-output/publish
|
|
zip -r $SERVICE_NAME.zip .
|
|
mv $SERVICE_NAME.zip ../../../
|
|
env:
|
|
SERVICE_NAME: ${{ matrix.name }}
|
|
BASE_PATH: ${{ matrix.base_path }}
|
|
GULP: ${{ matrix.gulp }}
|
|
|
|
- name: Upload build artifact
|
|
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
|
|
with:
|
|
name: ${{ env.SERVICE_NAME }}.zip
|
|
path: ${{ env.BASE_PATH }}/src/${{ env.SERVICE_NAME }}/${{ env.SERVICE_NAME }}.zip
|
|
env:
|
|
BASE_PATH: ${{ matrix.base_path }}
|
|
SERVICE_NAME: ${{ matrix.name }}
|
|
|
|
- name: Test build dir
|
|
run: ls $BASE_PATH/src/$SERVICE_NAME
|
|
env:
|
|
SERVICE_NAME: ${{ matrix.name }}
|
|
BASE_PATH: ${{ matrix.base_path }}
|
|
|
|
|
|
deploy-identity:
|
|
name: Deploy Identity
|
|
runs-on: ubuntu-20.04
|
|
needs: build
|
|
steps:
|
|
- name: Download aritifacts
|
|
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
|
|
with:
|
|
name: Identity.zip
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
|
|
with:
|
|
keyvault: "bitwarden-prod-kv"
|
|
secrets: "appservices-identity-webapp-name,
|
|
appservices-identity-webapp-publish-profile"
|
|
|
|
- name: Deploy Identity
|
|
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
|
|
with:
|
|
app-name: ${{ steps.retrieve-secrets.outputs.appservices-identity-webapp-name }}
|
|
slot-name: "staging"
|
|
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-identity-webapp-publish-profile }}
|
|
package: ./Identity.zip
|
|
|
|
|
|
deploy-api:
|
|
name: Deploy API
|
|
runs-on: ubuntu-20.04
|
|
needs: build
|
|
steps:
|
|
- name: Download aritifacts
|
|
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
|
|
with:
|
|
name: Api.zip
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
|
|
with:
|
|
keyvault: "bitwarden-prod-kv"
|
|
secrets: "appservices-api-webapp-name,
|
|
appservices-api-webapp-publish-profile"
|
|
|
|
- name: Deploy Api
|
|
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
|
|
with:
|
|
app-name: ${{ steps.retrieve-secrets.outputs.appservices-api-webapp-name }}
|
|
slot-name: "staging"
|
|
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-api-webapp-publish-profile }}
|
|
package: ./Api.zip
|
|
|
|
|
|
deploy-billing:
|
|
name: Deploy Billing
|
|
runs-on: ubuntu-20.04
|
|
needs: build
|
|
steps:
|
|
- name: Download aritifacts
|
|
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
|
|
with:
|
|
name: Billing.zip
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
|
|
with:
|
|
keyvault: "bitwarden-prod-kv"
|
|
secrets: "appservices-billing-webapp-name,
|
|
appservices-billing-webapp-publish-profile"
|
|
|
|
- name: Deploy Billing
|
|
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
|
|
with:
|
|
app-name: ${{ steps.retrieve-secrets.outputs.appservices-billing-webapp-name }}
|
|
slot-name: "staging"
|
|
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-billing-webapp-publish-profile }}
|
|
package: ./Billing.zip
|
|
|
|
|
|
deploy-events:
|
|
name: Deploy Events
|
|
runs-on: ubuntu-20.04
|
|
needs: build
|
|
steps:
|
|
- name: Download aritifacts
|
|
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
|
|
with:
|
|
name: Events.zip
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
|
|
with:
|
|
keyvault: "bitwarden-prod-kv"
|
|
secrets: "appservices-events-webapp-name,
|
|
appservices-events-webapp-publish-profile"
|
|
|
|
- name: Deploy Events
|
|
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
|
|
with:
|
|
app-name: ${{ steps.retrieve-secrets.outputs.appservices-events-webapp-name }}
|
|
slot-name: "staging"
|
|
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-events-webapp-publish-profile }}
|
|
package: ./Events.zip
|
|
|
|
|
|
deploy-sso:
|
|
name: Deploy SSO
|
|
runs-on: ubuntu-20.04
|
|
needs: build
|
|
steps:
|
|
- name: Download aritifacts
|
|
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
|
|
with:
|
|
name: Sso.zip
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
|
|
with:
|
|
keyvault: "bitwarden-prod-kv"
|
|
secrets: "appservices-sso-webapp-name,
|
|
appservices-sso-webapp-publish-profile"
|
|
|
|
- name: Deploy SSO
|
|
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
|
|
with:
|
|
app-name: ${{ steps.retrieve-secrets.outputs.appservices-sso-webapp-name }}
|
|
slot-name: "staging"
|
|
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-sso-webapp-publish-profile }}
|
|
package: ./Sso.zip
|
|
|
|
|
|
deploy-portal:
|
|
name: Deploy Portal
|
|
runs-on: ubuntu-20.04
|
|
needs: build
|
|
steps:
|
|
- name: Download aritifacts
|
|
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
|
|
with:
|
|
name: Portal.zip
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
|
|
with:
|
|
keyvault: "bitwarden-prod-kv"
|
|
secrets: "appservices-portal-webapp-name,
|
|
appservices-portal-webapp-publish-profile"
|
|
|
|
- name: Deploy Portal
|
|
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
|
|
with:
|
|
app-name: ${{ steps.retrieve-secrets.outputs.appservices-portal-webapp-name }}
|
|
slot-name: "staging"
|
|
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-portal-webapp-publish-profile }}
|
|
package: ./Portal.zip
|
|
|
|
|
|
deploy-admin:
|
|
name: Deploy Admin
|
|
runs-on: ubuntu-20.04
|
|
needs: build
|
|
steps:
|
|
- name: Download aritifacts
|
|
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
|
|
with:
|
|
name: Admin.zip
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
|
|
with:
|
|
keyvault: "bitwarden-prod-kv"
|
|
secrets: "appservices-admin-webapp-name,
|
|
appservices-admin-webapp-publish-profile"
|
|
|
|
- name: Deploy Admin
|
|
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
|
|
with:
|
|
app-name: ${{ steps.retrieve-secrets.outputs.appservices-admin-webapp-name }}
|
|
slot-name: "staging"
|
|
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-admin-webapp-publish-profile }}
|
|
package: ./Admin.zip
|