1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-01 13:43:23 +01:00
bitwarden-server/.github/workflows/prod-deploy.yml
Joseph Flinn dac3b3e893
New BTR pipeline model (#1599)
Splitting out the build artifacts and the docker containers. Making the QA deploy more streamlined with the new build pipeline. Disabling the prod workflow, but keeping it until we fully migrate our deploy processes over to the new flow.
2021-09-24 15:04:14 -07:00

478 lines
15 KiB
YAML

---
name: Prod Deploy
on:
workflow_dispatch:
inputs:
release_tag_name_input:
description: "Release Tag Name <X.X.X>"
required: true
jobs:
setup:
if: false
name: Setup
runs-on: ubuntu-20.04
outputs:
package_version: ${{ steps.create_tags.outputs.package_version }}
tag_version: ${{ steps.create_tags.outputs.tag_version }}
steps:
- name: Checkout Repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
ref: rc
- name: Create Deploy version vars
id: create_tags
run: |
if [ "${{ github.event_name }}" != "release" ]; then
case "${RELEASE_TAG_NAME_INPUT:0:1}" in
v)
echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}"
echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT"
;;
[0-9])
echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT"
echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT"
;;
*)
exit 1
;;
esac
else
TAG_VERSION=$(echo ${{ github.ref }} | cut -d "/" -f 3)
PKG_VERSION=${TAG_VERSION:1}
echo "::set-output name=package_version::$PKG_VERSION"
echo "::set-output name=tag_version::$TAG_VERSION"
fi
env:
RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
- name: Test outputs
run: |
echo "Package Version: ${{ steps.create_tags.outputs.package_version }}"
echo "Tag Version: ${{ steps.create_tags.outputs.tag_version }}"
deploy-docker:
name: Tag & push Docker
runs-on: ubuntu-20.04
needs: setup
strategy:
fail-fast: false
matrix:
service_name:
- admin
- api
- attachments
- events
- icons
- identity
- k8s-proxy
- mssql
- nginx
- notifications
- portal
- server
- setup
- sso
env:
_PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
steps:
- name: Print environment
run: |
whoami
docker --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Login to Azure
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
with:
keyvault: "bitwarden-prod-kv"
secrets: "docker-password,
docker-username,
dct-delegate-2-repo-passphrase,
dct-delegate-2-key"
- name: Log into Docker
run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
env:
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
- name: Setup Docker Trust
run: |
mkdir -p ~/.docker/trust/private
echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
env:
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Pull Docker images
run: |
docker pull bitwarden/${{ matrix.service_name }}:rc
env:
DOCKER_CONTENT_TRUST: 1
- name: Re-tag Docker images
run: |
docker tag bitwarden/${{ matrix.service_name }}:rc bitwarden/${{ matrix.service_name }}:latest
docker tag bitwarden/${{ matrix.service_name }}:rc bitwarden/${{ matrix.service_name }}:$_PACKAGE_VERSION
- name: List Docker images
run: docker images
- name: Push Docker images
run: |
docker push bitwarden/${{ matrix.service_name }}:latest
docker push bitwarden/${{ matrix.service_name }}:$_PACKAGE_VERSION
env:
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
- name: Log out of Docker
run: docker logout
build:
name: Build
runs-on: ubuntu-20.04
needs: setup
strategy:
fail-fast: false
matrix:
include:
- name: Api
base_path: .
- name: Admin
base_path: .
gulp: true
- name: Billing
base_path: .
- name: Events
base_path: .
- name: Notifications
base_path: .
- name: Sso
base_path: ./bitwarden_license
gulp: true
- name: Portal
base_path: ./bitwarden_license
gulp: true
- name: Identity
base_path: .
env:
_TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
ref: ${{ env._TAG_VERSION }}
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
with:
node-version: '14'
- name: Update NPM
run: |
npm install -g npm@7
- name: Print Environment
run: |
dotnet --info
node --version
npm --version
gulp --version
- name: Load env vars
run: |
echo "Base Path: ${BASE_PATH}"
echo "Name: ${NAME}"
env:
BASE_PATH: ${{ matrix.base_path }}
NAME: ${{ matrix.name }}
- name: Build Service
run: |
work_dir=$(pwd)
dir=$BASE_PATH/src/$SERVICE_NAME
cd $dir
echo "Restore"
dotnet restore $SERVICE_NAME.csproj
echo "Clean"
dotnet clean $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish
if [ "$GULP" == "true" ]; then
npm install
npm install gulp
gulp --gulpfile gulpfile.js build
fi
echo "Publish"
dotnet publish $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish
cd obj/build-output/publish
zip -r $SERVICE_NAME.zip .
mv $SERVICE_NAME.zip ../../../
env:
SERVICE_NAME: ${{ matrix.name }}
BASE_PATH: ${{ matrix.base_path }}
GULP: ${{ matrix.gulp }}
- name: Upload build artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
with:
name: ${{ env.SERVICE_NAME }}.zip
path: ${{ env.BASE_PATH }}/src/${{ env.SERVICE_NAME }}/${{ env.SERVICE_NAME }}.zip
env:
BASE_PATH: ${{ matrix.base_path }}
SERVICE_NAME: ${{ matrix.name }}
- name: Test build dir
run: ls $BASE_PATH/src/$SERVICE_NAME
env:
SERVICE_NAME: ${{ matrix.name }}
BASE_PATH: ${{ matrix.base_path }}
deploy-identity:
name: Deploy Identity
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
with:
name: Identity.zip
- name: Login to Azure
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
with:
keyvault: "bitwarden-prod-kv"
secrets: "appservices-identity-webapp-name,
appservices-identity-webapp-publish-profile"
- name: Deploy Identity
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
with:
app-name: ${{ steps.retrieve-secrets.outputs.appservices-identity-webapp-name }}
slot-name: "staging"
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-identity-webapp-publish-profile }}
package: ./Identity.zip
deploy-api:
name: Deploy API
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
with:
name: Api.zip
- name: Login to Azure
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
with:
keyvault: "bitwarden-prod-kv"
secrets: "appservices-api-webapp-name,
appservices-api-webapp-publish-profile"
- name: Deploy Api
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
with:
app-name: ${{ steps.retrieve-secrets.outputs.appservices-api-webapp-name }}
slot-name: "staging"
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-api-webapp-publish-profile }}
package: ./Api.zip
deploy-billing:
name: Deploy Billing
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
with:
name: Billing.zip
- name: Login to Azure
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
with:
keyvault: "bitwarden-prod-kv"
secrets: "appservices-billing-webapp-name,
appservices-billing-webapp-publish-profile"
- name: Deploy Billing
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
with:
app-name: ${{ steps.retrieve-secrets.outputs.appservices-billing-webapp-name }}
slot-name: "staging"
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-billing-webapp-publish-profile }}
package: ./Billing.zip
deploy-events:
name: Deploy Events
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
with:
name: Events.zip
- name: Login to Azure
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
with:
keyvault: "bitwarden-prod-kv"
secrets: "appservices-events-webapp-name,
appservices-events-webapp-publish-profile"
- name: Deploy Events
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
with:
app-name: ${{ steps.retrieve-secrets.outputs.appservices-events-webapp-name }}
slot-name: "staging"
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-events-webapp-publish-profile }}
package: ./Events.zip
deploy-sso:
name: Deploy SSO
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
with:
name: Sso.zip
- name: Login to Azure
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
with:
keyvault: "bitwarden-prod-kv"
secrets: "appservices-sso-webapp-name,
appservices-sso-webapp-publish-profile"
- name: Deploy SSO
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
with:
app-name: ${{ steps.retrieve-secrets.outputs.appservices-sso-webapp-name }}
slot-name: "staging"
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-sso-webapp-publish-profile }}
package: ./Sso.zip
deploy-portal:
name: Deploy Portal
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
with:
name: Portal.zip
- name: Login to Azure
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
with:
keyvault: "bitwarden-prod-kv"
secrets: "appservices-portal-webapp-name,
appservices-portal-webapp-publish-profile"
- name: Deploy Portal
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
with:
app-name: ${{ steps.retrieve-secrets.outputs.appservices-portal-webapp-name }}
slot-name: "staging"
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-portal-webapp-publish-profile }}
package: ./Portal.zip
deploy-admin:
name: Deploy Admin
runs-on: ubuntu-20.04
needs: build
steps:
- name: Download aritifacts
uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253
with:
name: Admin.zip
- name: Login to Azure
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
with:
keyvault: "bitwarden-prod-kv"
secrets: "appservices-admin-webapp-name,
appservices-admin-webapp-publish-profile"
- name: Deploy Admin
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
with:
app-name: ${{ steps.retrieve-secrets.outputs.appservices-admin-webapp-name }}
slot-name: "staging"
publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-admin-webapp-publish-profile }}
package: ./Admin.zip