GitHub-Bitwarden
/
key-connector
mirror of https://github.com/bitwarden/key-connector.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
An agent that stores and provides cryptographic keys to Bitwarden clients.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
150 Commits
18 Branches
12 Tags
6.4 MiB
 
 
 
 
Tree: 81df82b4a3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '81df82b4a3'
${ noResults }
key-connector/.github/workflows/release.yml

180 lines
6.0 KiB
Raw Blame History

---
name: Release
run-name: Release - ${{ github.event.inputs.release_type }}
on:
workflow_dispatch:
inputs:
release_type:
description: 'Release Options'
default: 'Initial Release'
type: choice
options:
- Initial Release
- Redeploy
- Dry Run
jobs:
setup:
name: Setup
runs-on: ubuntu-22.04
outputs:
release_version: ${{ steps.version.outputs.version }}
branch-name: ${{ steps.branch.outputs.branch-name }}
steps:
- name: Branch check
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
echo "==================================="
echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
echo "==================================="
exit 1
fi
- name: Checkout repo
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Check Release Version
id: version
uses: bitwarden/gh-actions/release-version-check@main
with:
release-type: ${{ github.event.inputs.release_type }}
project-type: dotnet
file: src/KeyConnector/KeyConnector.csproj
- name: Get branch name
id: branch
run: |
BRANCH_NAME=$(basename ${{ github.ref }})
echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT
release-github:
name: Create GitHub Release
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
runs-on: ubuntu-22.04
needs: setup
steps:
- name: Create release
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
with:
commit: ${{ github.sha }}
tag: "v${{ needs.setup.outputs.release_version }}"
name: "Version ${{ needs.setup.outputs.release_version }}"
body: "<insert release notes here>"
token: ${{ secrets.GITHUB_TOKEN }}
draft: true
release-docker:
name: Build Docker images
runs-on: ubuntu-22.04
needs:
- setup
- release-github
env:
_AZ_REGISTRY: bitwardenprod.azurecr.io
_PROJECT_NAME: key-connector
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
_BRANCH_NAME: ${{ needs.setup.outputs.branch-name }}
_RELEASE_OPTION: ${{ github.event.inputs.release_type }}
steps:
- name: Print environment
run: |
whoami
docker --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
echo "Github Release Option: $_RELEASE_OPTION"
- name: Login to Azure - Prod Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to Azure ACR
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}
- name: Setup DCT
id: setup-dct
uses: bitwarden/gh-actions/setup-docker-trust@main
with:
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
azure-keyvault-name: "bitwarden-ci"
- name: Pull image
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker pull $_AZ_REGISTRY/$_PROJECT_NAME:dev
else
docker pull $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME
fi
- name: Tag version and latest
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:dryrun
else
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$_PROJECT_NAME:latest
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME bitwarden/$_PROJECT_NAME:latest
fi
- name: Push release version and latest image to ACR
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
run: |
docker push $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION
docker push $_AZ_REGISTRY/$_PROJECT_NAME:latest
- name: Push release version and latest image to Docker Hub
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
env:
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
run: |
docker push bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION
docker push bitwarden/$_PROJECT_NAME:latest
- name: Log out of Docker
run: docker logout
check-failures:
name: Check for failures
if: always()
runs-on: ubuntu-22.04
needs:
- release-docker
- release-github
- setup
steps:
- name: Check if any job failed
if: |
(github.ref == 'refs/heads/main'
|| github.ref == 'refs/heads/rc'
|| github.ref == 'refs/heads/hotfix')
&& contains(needs.*.result, 'failure')
run: exit 1
- name: Login to Azure - CI subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
if: failure()
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
if: failure()
with:
keyvault: "bitwarden-ci"
secrets: "devops-alerts-slack-webhook-url"
- name: Notify Slack on failure
uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
if: failure()
env:
SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
with:
status: ${{ job.status }}