GitHub-Bitwarden
/
gh-actions
mirror of https://github.com/bitwarden/gh-actions.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

[BRE-1374] Review comments

pull/504/head
Andy Pixley 2 weeks ago
parent
cebbb7b92d
commit
3f80dfbe1a
No known key found for this signature in database
GPG Key ID: 4025C92FEDF5ED81
6 changed files with 14 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 13
      templates/docker/product/build_push_acr.yml
  2. 2
      templates/docker/product/build_push_ghcr.yml
  3. 3
      templates/docker/product/publish.yml
  4. 2
      templates/docker/product/release.yml
  5. 2
      templates/docker/service/_docker.yml
  6. 2
      templates/docker/service/cd.yml

13
templates/docker/product/build_push_acr.yml
Unescape View File

@ -10,7 +10,7 @@ on: @@ -10,7 +10,7 @@ on:
permissions: {}
env:
_AZURE_REGISTRY_NAME: bitwardenprod
_AZURE_REGISTRY: bitwardenprod.azurecr.io
_IMAGE_NAME: bitwardenprod.azurecr.io/TEMPLATE_IMAGE_NAME # UPDATE: TEMPLATE VALUE TO UPDATE WHEN COPIED
jobs:
@ -29,7 +29,6 @@ jobs: @@ -29,7 +29,6 @@ jobs:
PUBLISH_BRANCHES: "main"
PUBLISH_TAGS: "false"
PUBLISH_PR: "true"
id: publish-branch-check
run: |
BRANCH_REF=${GITHUB_REF#refs/heads/}
IFS="," read -a publish_branches <<< "$PUBLISH_BRANCHES"
@ -63,7 +62,7 @@ jobs: @@ -63,7 +62,7 @@ jobs:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
- name: Login to Azure ACR
run: az acr login -n "${_AZURE_REGISTRY_NAME}"
run: az acr login -n "${_AZURE_REGISTRY%%.*}"
########## Generate image tag and build Docker image ##########
- name: Generate Docker image tag
@ -87,11 +86,12 @@ jobs: @@ -87,11 +86,12 @@ jobs:
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
SHA: ${{ github.sha }}
run: |
TAGS="${_IMAGE_NAME}:${IMAGE_TAG}"
FULL_IMAGE_NAME="${_AZURE_REGISTRY}/${_IMAGE_NAME}"
TAGS="${FULL_IMAGE_NAME}:${IMAGE_TAG}"
echo "primary_tag=$TAGS" >> "$GITHUB_OUTPUT"
if [[ "$IMAGE_TAG" == "dev" ]]; then
SHORT_SHA="$(git rev-parse --short "${SHA}")"
TAGS="$TAGS,${_IMAGE_NAME}:${IMAGE_TAG}-${SHORT_SHA}"
TAGS="$TAGS,${FULL_IMAGE_NAME}:${IMAGE_TAG}-${SHORT_SHA}"
fi
echo "tags=$TAGS" >> "$GITHUB_OUTPUT"
@ -134,6 +134,7 @@ jobs: @@ -134,6 +134,7 @@ jobs:
output-format: sarif
- name: Upload Grype results to GitHub
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
with:
sarif_file: ${{ steps.container-scan.outputs.sarif }}
@ -142,7 +143,7 @@ jobs: @@ -142,7 +143,7 @@ jobs:
- name: Log out of Docker
run: |
docker logout "$_AZURE_REGISTRY_NAME"
docker logout "$_AZURE_REGISTRY"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main

2
templates/docker/product/build_push_ghcr.yml
Unescape View File

@ -28,7 +28,6 @@ jobs: @@ -28,7 +28,6 @@ jobs:
PUBLISH_BRANCHES: "main"
PUBLISH_TAGS: "false"
PUBLISH_PR: "true"
id: publish-branch-check
run: |
BRANCH_REF=${GITHUB_REF#refs/heads/}
IFS="," read -a publish_branches <<< "$PUBLISH_BRANCHES"
@ -130,6 +129,7 @@ jobs: @@ -130,6 +129,7 @@ jobs:
output-format: sarif
- name: Upload Grype results to GitHub
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
with:
sarif_file: ${{ steps.container-scan.outputs.sarif }}

3
templates/docker/product/publish.yml
Unescape View File

@ -45,9 +45,10 @@ jobs: @@ -45,9 +45,10 @@ jobs:
- name: Output version
id: version-output
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [[ "${_INPUT_VERSION}" == "latest" || "${_INPUT_VERSION}" == "" ]]; then
VERSION=$(curl "https://api.github.com/repos/$_REPOSITORY/releases" | jq -c '.[] | select(.tag_name | contains("v")) | .tag_name' | head -1 | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+')
VERSION=$(gh release list --limit 1 --json tagName --jq '.[0].tagName' | sed 's/^v//')
echo "Latest Released Version: $VERSION"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
else

2
templates/docker/product/release.yml
Unescape View File

@ -98,6 +98,8 @@ jobs: @@ -98,6 +98,8 @@ jobs:
needs: setup
env:
_RELEASE_TAG: ${{ needs.setup.outputs.release_version }}
permissions:
id-token: write
steps:
- name: Log in to Azure

2
templates/docker/service/_docker.yml
Unescape View File

@ -80,7 +80,7 @@ jobs: @@ -80,7 +80,7 @@ jobs:
echo "tags=$FULL_TAGS" >> $GITHUB_OUTPUT
- name: Build Docker image
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: ${{ inputs.context }}
file: ${{ inputs.file }}

2
templates/docker/service/cd.yml
Unescape View File

@ -23,7 +23,7 @@ jobs: @@ -23,7 +23,7 @@ jobs:
uses: ./.github/workflows/_docker.yml
with:
image-name: TEMPLATE_IMAGE_NAME # UPDATE THIS VALUE AFTER COPYING THE TEMPLATE
tags: # UPDATE THIS VALUE AFTER COPYING THE TEMPLATE
tags: SOME_TAG # UPDATE THIS VALUE AFTER COPYING THE TEMPLATE
push-docker-image: true
permissions:
contents: read

Write Preview
Loading…
Cancel
Save