1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-22 12:15:36 +01:00
bitwarden-server/.github/workflows/qa-deploy.yml

150 lines
4.5 KiB
YAML

---
name: QA Deploy
on:
workflow_dispatch:
inputs:
migrateDb:
required: true
default: "true"
resetDb:
required: true
default: "false"
jobs:
reset-db:
name: Reset Database
if: ${{ github.event.inputs.resetDb == 'true' }}
runs-on: ubuntu-20.04
steps:
- name: Reset Test Data - Stub
run: |
echo "placeholder for cleaning DB"
echo "placeholder for loading test dataset"
update-db:
name: Update Database
if: ${{ github.event.inputs.migrateDb == 'true' }}
runs-on: ubuntu-20.04
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Login to Azure
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
with:
keyvault: "bitwarden-qa-kv"
secrets: "mssql-server-host,
mssql-admin-login,
mssql-admin-login-password"
- name: Migrate database
env:
MSSQL_HOST: ${{ steps.retrieve-secrets.outputs.mssql-server-host }}
MSSQL_USER: ${{ steps.retrieve-secrets.outputs.mssql-admin-login }}
MSSQL_PASS: ${{ steps.retrieve-secrets.outputs.mssql-admin-login-password }}
working-directory: ./util/Migrator/DbScripts
run: |
echo "Running database migrations..."
for f in `ls -v ./*.sql`; do
echo "Executing file: ${f}..."
sqlcmd -S $MSSQL_HOST -d vault -U $MSSQL_USER -P $MSSQL_PASS -I -i $f
done;
deploy:
name: Deploy
runs-on: ubuntu-20.04
if: always()
needs:
- reset-db
- update-db
strategy:
fail-fast: false
matrix:
include:
- name: Api
- name: Admin
- name: Billing
- name: Events
- name: Sso
- name: Portal
- name: Identity
steps:
- name: Setup
id: setup
run: |
NAME_LOWER=$(echo "${{ matrix.name }}" | awk '{print tolower($0)}')
echo "Matrix name: ${{ matrix.name }}"
echo "NAME_LOWER: $NAME_LOWER"
echo "::set-output name=name_lower::$NAME_LOWER"
BRANCH_NAME=$(echo "$GITHUB_REF" | awk '{split($0, a, "/"); print a[3]}')
echo "GITHUB_REF: $GITHUB_REF"
echo "BRANCH_NAME: $BRANCH_NAME"
echo "::set-output name=branch_name::$BRANCH_NAME"
mkdir publish
- name: Download latest ${{ matrix.name }} asset from ${{ env.branch_name }}
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
env:
branch_name: ${{ steps.setup.outputs.branch_name }}
with:
workflow: build.yml
workflow_conclusion: success
branch: ${{ env.branch_name }}
artifacts: ${{ matrix.name }}.zip
path: publish
- name: Zip extracted artifact
run: |
cd publish
zip -r ${{ matrix.name }}.zip .
mv ${{ matrix.name }}.zip ../
cd ..
pwd
ls -atlh
- name: Login to Azure
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
env:
VAULT_NAME: "bitwarden-qa-kv"
run: |
webapp_name=$(
az keyvault secret show --vault-name $VAULT_NAME \
--name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \
--query value --output tsv
)
echo "::add-mask::$webapp_name"
echo "::set-output name=webapp-name::$webapp_name"
- name: Stop App Service
env:
AZURE_RESOURCE_GROUP: "bw-qa-env"
run: az webapp stop --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP
- name: Deploy App
uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
with:
app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }}
package: ./${{ matrix.name }}.zip
- name: Start App Service
env:
AZURE_RESOURCE_GROUP: "bw-qa-env"
run: az webapp start --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP