GitHub-Bitwarden
/
self-host
mirror of https://github.com/bitwarden/self-host.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Clean up workflow files from Zizmor output (#414)

pull/319/head
Matt Andreko 2 months ago committed by GitHub
parent
6d2ce1e696
commit
10a9a9d9fd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 109 additions and 81 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 52
      .github/workflows/build-unified.yml
  2. 6
      .github/workflows/release-digital-ocean.yml
  3. 113
      .github/workflows/release.yml
  4. 19
      .github/workflows/update-versions.yml

52
.github/workflows/build-unified.yml
Unescape View File

@ -41,6 +41,8 @@ jobs: @@ -41,6 +41,8 @@ jobs:
steps:
- name: Checkout Repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Get server branch to checkout
id: server-branch-name
@ -51,14 +53,14 @@ jobs: @@ -51,14 +53,14 @@ jobs:
# Extract coreVersion from versions.json
CORE_VERSION=$(jq -r '.versions.coreVersion' versions.json)
echo "Server version from versions.json: $CORE_VERSION"
echo "server_ref=refs/tags/v$CORE_VERSION" >> $GITHUB_OUTPUT
echo "ref_type=tag" >> $GITHUB_OUTPUT
echo "server_ref=refs/tags/v$CORE_VERSION" >> "$GITHUB_OUTPUT"
echo "ref_type=tag" >> "$GITHUB_OUTPUT"
elif [[ -z "${SERVER_BRANCH}" ]]; then
echo "server_ref=main" >> $GITHUB_OUTPUT
echo "ref_type=branch" >> $GITHUB_OUTPUT
echo "server_ref=main" >> "$GITHUB_OUTPUT"
echo "ref_type=branch" >> "$GITHUB_OUTPUT"
else
echo "server_ref=${SERVER_BRANCH#refs/heads/}" >> $GITHUB_OUTPUT
echo "ref_type=branch" >> $GITHUB_OUTPUT
echo "server_ref=${SERVER_BRANCH#refs/heads/}" >> "$GITHUB_OUTPUT"
echo "ref_type=branch" >> "$GITHUB_OUTPUT"
fi
- name: Check Branch to Publish
@ -70,15 +72,15 @@ jobs: @@ -70,15 +72,15 @@ jobs:
run: |
REF=${GITHUB_REF#refs/heads/}
IFS="," read -a publish_branches <<< $PUBLISH_BRANCHES
IFS="," read -a publish_branches <<< "$PUBLISH_BRANCHES"
if [[ "${REF_TYPE}" == "tag" ]]; then
# If the build is triggered by a tag, always publish
echo "is_publish_branch=true" >> $GITHUB_ENV
echo "is_publish_branch=true" >> "$GITHUB_ENV"
elif [[ "${publish_branches[*]}" =~ "${REF}" && "${publish_branches[*]}" =~ "${SERVER_BRANCH}" ]]; then
echo "is_publish_branch=true" >> $GITHUB_ENV
echo "is_publish_branch=true" >> "$GITHUB_ENV"
else
echo "is_publish_branch=false" >> $GITHUB_ENV
echo "is_publish_branch=false" >> "$GITHUB_ENV"
fi
########## Set up Docker ##########
@ -127,7 +129,7 @@ jobs: @@ -127,7 +129,7 @@ jobs:
fi
fi
echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
echo "image_tag=${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
- name: Generate tag list
id: tag-list
@ -136,9 +138,9 @@ jobs: @@ -136,9 +138,9 @@ jobs:
IS_PUBLISH_BRANCH: ${{ env.is_publish_branch }}
run: |
if [[ ("${IMAGE_TAG}" == "dev" || "${IMAGE_TAG}" == "beta") && "${IS_PUBLISH_BRANCH}" == "true" ]]; then
echo "tags=$_AZ_REGISTRY/self-host:${IMAGE_TAG},ghcr.io/bitwarden/self-host:${IMAGE_TAG}" >> $GITHUB_OUTPUT
echo "tags=$_AZ_REGISTRY/self-host:${IMAGE_TAG},ghcr.io/bitwarden/self-host:${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
else
echo "tags=$_AZ_REGISTRY/self-host:${IMAGE_TAG}" >> $GITHUB_OUTPUT
echo "tags=$_AZ_REGISTRY/self-host:${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
fi
- name: Get Azure Key Vault secrets
@ -162,6 +164,7 @@ jobs: @@ -162,6 +164,7 @@ jobs:
token: ${{ steps.app-token.outputs.token }}
ref: ${{ steps.server-branch-name.outputs.server_ref }}
path: "server"
persist-credentials: false
- name: Download web client branch artifacts for dev builds
if: steps.tag.outputs.image_tag == 'dev'
@ -180,7 +183,7 @@ jobs: @@ -180,7 +183,7 @@ jobs:
run: |
WEB_ARTIFACT=$(find . -name "web-*-selfhosted-DEV.zip" | head -1)
if [[ -n "${WEB_ARTIFACT}" ]]; then
echo "WEB_ARTIFACT_PATH=${WEB_ARTIFACT}" >> $GITHUB_ENV
echo "WEB_ARTIFACT_PATH=${WEB_ARTIFACT}" >> "$GITHUB_ENV"
fi
- name: Build and push Docker image
@ -209,21 +212,24 @@ jobs: @@ -209,21 +212,24 @@ jobs:
DIGEST: ${{ steps.build-docker.outputs.digest }}
TAGS: ${{ steps.tag-list.outputs.tags }}
run: |
IFS="," read -a tags <<< "${TAGS}"
images=""
for tag in "${tags[@]}"; do
images+="${tag}@${DIGEST} "
IFS=',' read -r -a tags_array <<< "${TAGS}"
images=()
for tag in "${tags_array[@]}"; do
images+=("${tag}@${DIGEST}")
done
cosign sign --yes ${images}
echo "images=${images}" >> $GITHUB_OUTPUT
cosign sign --yes "${images[@]}"
echo "images=${images[*]}" >> "$GITHUB_OUTPUT"
- name: Verify the signed image(s) with Cosign
if: env.is_publish_branch == 'true'
env:
IMAGES: ${{ steps.sign.outputs.images }}
run: |
read -r -a images_array <<< "${COSIGN_IMAGES}"
cosign verify \
--certificate-identity "${{ github.server_url }}/${{ github.workflow_ref }}" \
--certificate-identity "${GITHUB_SERVER_URL}/${GITHUB_WORKFLOW_REF}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
${{ steps.sign.outputs.images }}
"${images_array[@]}"
- name: Scan Docker image
id: container-scan
@ -244,7 +250,7 @@ jobs: @@ -244,7 +250,7 @@ jobs:
if: env.is_publish_branch == 'true'
run: |
docker logout ghcr.io
docker logout $_AZ_REGISTRY
docker logout "$_AZ_REGISTRY"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main

6
.github/workflows/release-digital-ocean.yml
Unescape View File

@ -23,6 +23,8 @@ jobs: @@ -23,6 +23,8 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main
@ -47,7 +49,7 @@ jobs: @@ -47,7 +49,7 @@ jobs:
VERSION=$(grep '^ *"coreVersion":' version.json \
| awk -F\: '{ print $2 }' \
| sed -e 's/,$//' -e 's/^"//' -e 's/"$//')
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Set up Hashicorp Packer
uses: hashicorp/setup-packer@1aa358be5cf73883762b302a3a03abd66e75b232 # v3.1.0
@ -76,4 +78,4 @@ jobs: @@ -76,4 +78,4 @@ jobs:
DO_ARTIFACT=$(jq -r '.builds[-1].artifact_id' manifest.json | cut -d ":" -f2)
# Force remove the snapshot
doctl compute image delete $DO_ARTIFACT -f
doctl compute image delete "$DO_ARTIFACT" -f

113
.github/workflows/release.yml
Unescape View File

@ -46,6 +46,8 @@ jobs: @@ -46,6 +46,8 @@ jobs:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Get Latest Self-Host Version
id: get-self-host
@ -70,9 +72,11 @@ jobs: @@ -70,9 +72,11 @@ jobs:
CORE=$(jq -r '.versions.coreVersion' < version.json)
KEY_CONNECTOR=$(jq -r '.versions.keyConnectorVersion' < version.json)
echo "WEB_RELEASE_TAG=$WEB" >> $GITHUB_OUTPUT
echo "CORE_RELEASE_TAG=$CORE" >> $GITHUB_OUTPUT
echo "KEY_CONNECTOR_RELEASE_TAG=$KEY_CONNECTOR" >> $GITHUB_OUTPUT
{
echo "WEB_RELEASE_TAG=$WEB"
echo "CORE_RELEASE_TAG=$CORE"
echo "KEY_CONNECTOR_RELEASE_TAG=$KEY_CONNECTOR"
} >> "$GITHUB_OUTPUT"
release:
name: Create GitHub Release
@ -85,54 +89,63 @@ jobs: @@ -85,54 +89,63 @@ jobs:
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
persist-credentials: false
- name: Get projects that changed versions
id: changed-projects
env:
_LATEST_SELF_HOST_VERSION: ${{ needs.setup.outputs._LATEST_SELF_HOST_VERSION }}
run: |
git diff --unified=0 $_LATEST_SELF_HOST_VERSION $GITHUB_REF_NAME -- version.json >> diff.txt
git diff --unified=0 "$_LATEST_SELF_HOST_VERSION" "$GITHUB_REF_NAME" -- version.json >> diff.txt
if grep -q "webVersion" diff.txt; then
echo "WEB_VERSION_CHANGED=true" >> $GITHUB_OUTPUT
echo "WEB_VERSION_CHANGED=true" >> "$GITHUB_OUTPUT"
fi
if grep -q "coreVersion" diff.txt; then
echo "CORE_VERSION_CHANGED=true" >> $GITHUB_OUTPUT
echo "CORE_VERSION_CHANGED=true" >> "$GITHUB_OUTPUT"
fi
if grep -q "keyConnectorVersion" diff.txt; then
echo "KEY_CONNECTOR_VERSION_CHANGED=true" >> $GITHUB_OUTPUT
echo "KEY_CONNECTOR_VERSION_CHANGED=true" >> "$GITHUB_OUTPUT"
fi
- name: Prepare release notes
id: prepare-release-notes
env:
CORE_VERSION_CHANGED: ${{ steps.changed-projects.outputs.CORE_VERSION_CHANGED }}
CORE_RELEASE_TAG: ${{ needs.setup.outputs._CORE_RELEASE_TAG }}
WEB_VERSION_CHANGED: ${{ steps.changed-projects.outputs.WEB_VERSION_CHANGED }}
WEB_RELEASE_TAG: ${{ needs.setup.outputs._WEB_RELEASE_TAG }}
KEY_CONNECTOR_VERSION_CHANGED: ${{ steps.changed-projects.outputs.KEY_CONNECTOR_VERSION_CHANGED }}
KEY_CONNECTOR_RELEASE_TAG: ${{ needs.setup.outputs._KEY_CONNECTOR_RELEASE_TAG }}
run: |
RELEASE_NOTES=""
if [ -n "${{ steps.changed-projects.outputs.CORE_VERSION_CHANGED }}" ]; then
RELEASE_NOTES+="Update Core version to [v${{ needs.setup.outputs._CORE_RELEASE_TAG }}](https://github.com/bitwarden/server/releases/tag/v${{ needs.setup.outputs._CORE_RELEASE_TAG }})"
if [ -n "${CORE_VERSION_CHANGED}" ]; then
RELEASE_NOTES+="Update Core version to [v${CORE_RELEASE_TAG}](https://github.com/bitwarden/server/releases/tag/v${CORE_RELEASE_TAG})"
fi
if [ -n "${{ steps.changed-projects.outputs.WEB_VERSION_CHANGED }}" ]; then
if [ -n "${WEB_VERSION_CHANGED}" ]; then
if [ -n "$RELEASE_NOTES" ]; then
RELEASE_NOTES+=$'\n'
fi
RELEASE_NOTES+="Update Web version to [v${{ needs.setup.outputs._WEB_RELEASE_TAG }}](https://github.com/bitwarden/clients/releases/tag/web-v${{ needs.setup.outputs._WEB_RELEASE_TAG }})"
RELEASE_NOTES+="Update Web version to [v${WEB_RELEASE_TAG}](https://github.com/bitwarden/clients/releases/tag/web-v${WEB_RELEASE_TAG})"
fi
if [ -n "${{ steps.changed-projects.outputs.KEY_CONNECTOR_VERSION_CHANGED }}" ]; then
if [ -n "${KEY_CONNECTOR_VERSION_CHANGED}" ]; then
if [ -n "$RELEASE_NOTES" ]; then
RELEASE_NOTES+=$'\n'
fi
RELEASE_NOTES+="Update Key Connector version to [v${{ needs.setup.outputs._KEY_CONNECTOR_RELEASE_TAG }}](https://github.com/bitwarden/key-connector/releases/tag/v${{ needs.setup.outputs._KEY_CONNECTOR_RELEASE_TAG }})"
RELEASE_NOTES+="Update Key Connector version to [v${KEY_CONNECTOR_RELEASE_TAG}](https://github.com/bitwarden/key-connector/releases/tag/v${KEY_CONNECTOR_RELEASE_TAG})"
fi
(
echo 'RELEASE_NOTES<<EOF'
echo "$RELEASE_NOTES"
echo EOF
) >> $GITHUB_OUTPUT
) >> "$GITHUB_OUTPUT"
- name: Create release
if: ${{ inputs.release_type != 'Dry Run' }}
@ -165,6 +178,7 @@ jobs: @@ -165,6 +178,7 @@ jobs:
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: main
persist-credentials: false
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main
@ -193,7 +207,7 @@ jobs: @@ -193,7 +207,7 @@ jobs:
AWS_DEFAULT_REGION: 'us-east-1'
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-bucket-name }}
run: |
aws s3 cp version.json $AWS_S3_BUCKET_NAME \
aws s3 cp version.json "$AWS_S3_BUCKET_NAME" \
--acl "public-read" \
--quiet
@ -235,6 +249,7 @@ jobs: @@ -235,6 +249,7 @@ jobs:
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: main
persist-credentials: false
- name: Install Cosign
uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
@ -248,17 +263,19 @@ jobs: @@ -248,17 +263,19 @@ jobs:
- name: Setup project name and release tag
id: setup
env:
MATRIX_RELEASE_TAG: ${{ matrix.release_tag }}
run: |
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}')
echo "Matrix name: ${{ matrix.project_name }}"
echo "PROJECT_NAME: $PROJECT_NAME"
echo "_PROJECT_NAME=$PROJECT_NAME" >> $GITHUB_ENV
echo "_PROJECT_NAME=$PROJECT_NAME" >> "$GITHUB_ENV"
if [ -z "${{ matrix.release_tag }}" ]; then
if [ -z "${MATRIX_RELEASE_TAG}" ]; then
# Use core release tag by default.
echo "_RELEASE_TAG=$_CORE_RELEASE_TAG" >> $GITHUB_ENV
echo "_RELEASE_TAG=$_CORE_RELEASE_TAG" >> "$GITHUB_ENV"
else
echo "_RELEASE_TAG=${{ matrix.release_tag }}" >> $GITHUB_ENV
echo "_RELEASE_TAG=${MATRIX_RELEASE_TAG}" >> "$GITHUB_ENV"
fi
### ghcr.io section
@ -273,31 +290,31 @@ jobs: @@ -273,31 +290,31 @@ jobs:
if: ${{ inputs.release_type != 'Dry Run' }}
run: |
skopeo --version
skopeo login $_AZ_REGISTRY -u 00000000-0000-0000-0000-000000000000 -p $(az acr login --expose-token --name ${_AZ_REGISTRY%.azurecr.io} | jq -r .accessToken)
skopeo copy --all docker://$_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG docker://ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
skopeo copy --all docker://$_AZ_REGISTRY/$_PROJECT_NAME:latest docker://ghcr.io/bitwarden/$_PROJECT_NAME:latest
skopeo login "$_AZ_REGISTRY" -u 00000000-0000-0000-0000-000000000000 -p "$(az acr login --expose-token --name "${_AZ_REGISTRY%.azurecr.io}" | jq -r .accessToken)"
skopeo copy --all "docker://$_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG" "docker://ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG"
skopeo copy --all "docker://$_AZ_REGISTRY/$_PROJECT_NAME:latest" "docker://ghcr.io/bitwarden/$_PROJECT_NAME:latest"
- name: Sign image with Cosign
run: |
cosign sign --yes ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
cosign sign --yes ghcr.io/bitwarden/$_PROJECT_NAME:latest
cosign sign --yes "ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG"
cosign sign --yes "ghcr.io/bitwarden/$_PROJECT_NAME:latest"
- name: Verify the signed image with Cosign
run: |
cosign verify \
--certificate-identity "${{ github.server_url }}/${{ github.workflow_ref }}" \
--certificate-identity "${GITHUB_SERVER_URL}/${GITHUB_WORKFLOW_REF}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
"ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG"
cosign verify \
--certificate-identity "${{ github.server_url }}/${{ github.workflow_ref }}" \
--certificate-identity "${GITHUB_SERVER_URL}/${GITHUB_WORKFLOW_REF}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/bitwarden/$_PROJECT_NAME:latest
"ghcr.io/bitwarden/$_PROJECT_NAME:latest"
- name: Log out of Docker
run: |
docker logout ghcr.io
docker logout $_AZ_REGISTRY
docker logout "$_AZ_REGISTRY"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
@ -336,27 +353,27 @@ jobs: @@ -336,27 +353,27 @@ jobs:
if: ${{ inputs.release_type != 'Dry Run' }}
run: |
skopeo --version
skopeo login $_AZ_REGISTRY -u 00000000-0000-0000-0000-000000000000 -p $(az acr login --expose-token --name ${_AZ_REGISTRY%.azurecr.io} | jq -r .accessToken)
skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://ghcr.io/bitwarden/self-host:$_RELEASE_VERSION
skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://ghcr.io/bitwarden/self-host:beta # TODO: Delete after GA
# skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://ghcr.io/bitwarden/self-host:latest # TODO: uncomment after GA
skopeo login "$_AZ_REGISTRY" -u 00000000-0000-0000-0000-000000000000 -p "$(az acr login --expose-token --name "${_AZ_REGISTRY%.azurecr.io}" | jq -r .accessToken)"
skopeo copy --all "docker://$_AZ_REGISTRY/self-host:beta" "docker://ghcr.io/bitwarden/self-host:$_RELEASE_VERSION"
skopeo copy --all "docker://$_AZ_REGISTRY/self-host:beta" "docker://ghcr.io/bitwarden/self-host:beta" # TODO: Delete after GA
# skopeo copy --all "docker://$_AZ_REGISTRY/self-host:beta" "docker://ghcr.io/bitwarden/self-host:latest" # TODO: uncomment after GA
- name: Sign image with Cosign
run: |
cosign sign --yes ghcr.io/bitwarden/self-host:$_RELEASE_VERSION
cosign sign --yes ghcr.io/bitwarden/self-host:latest
cosign sign --yes "ghcr.io/bitwarden/self-host:$_RELEASE_VERSION"
cosign sign --yes "ghcr.io/bitwarden/self-host:latest"
- name: Verify the signed image with Cosign
run: |
cosign verify \
--certificate-identity "${{ github.server_url }}/${{ github.workflow_ref }}" \
--certificate-identity "${GITHUB_SERVER_URL}/${GITHUB_WORKFLOW_REF}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/bitwarden/self-host:$_RELEASE_VERSION
"ghcr.io/bitwarden/self-host:$_RELEASE_VERSION"
cosign verify \
--certificate-identity "${{ github.server_url }}/${{ github.workflow_ref }}" \
--certificate-identity "${GITHUB_SERVER_URL}/${GITHUB_WORKFLOW_REF}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/bitwarden/self-host:latest
"ghcr.io/bitwarden/self-host:latest"
- name: Log out of skopeo and ghcr.io
run: |
@ -365,33 +382,33 @@ jobs: @@ -365,33 +382,33 @@ jobs:
########## ACR PROD ##########
- name: Login to Azure ACR
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}
run: az acr login -n "${_AZ_REGISTRY%.azurecr.io}"
- name: Pull latest project image
run: |
if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then
docker pull $_AZ_REGISTRY/self-host:dev
docker pull "$_AZ_REGISTRY/self-host:dev"
else
docker pull $_AZ_REGISTRY/self-host:beta
docker pull "$_AZ_REGISTRY/self-host:beta"
fi
- name: Tag version and latest
run: |
if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then
docker tag $_AZ_REGISTRY/self-host:dev $_AZ_REGISTRY/self-host:dryrun
docker tag "$_AZ_REGISTRY/self-host:dev" "$_AZ_REGISTRY/self-host:dryrun"
else
docker tag $_AZ_REGISTRY/self-host:beta $_AZ_REGISTRY/self-host:$_RELEASE_VERSION
docker tag $_AZ_REGISTRY/self-host:beta $_AZ_REGISTRY/self-host:latest
docker tag "$_AZ_REGISTRY/self-host:beta" "$_AZ_REGISTRY/self-host:$_RELEASE_VERSION"
docker tag "$_AZ_REGISTRY/self-host:beta" "$_AZ_REGISTRY/self-host:latest"
fi
- name: Push version and latest image
if: ${{ inputs.release_type != 'Dry Run' }}
run: |
docker push $_AZ_REGISTRY/self-host:$_RELEASE_VERSION
docker push $_AZ_REGISTRY/self-host:latest
docker push "$_AZ_REGISTRY/self-host:$_RELEASE_VERSION"
docker push "$_AZ_REGISTRY/self-host:latest"
- name: Log out of Docker
run: docker logout $_AZ_REGISTRY
run: docker logout "$_AZ_REGISTRY"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main

19
.github/workflows/update-versions.yml
Unescape View File

@ -20,6 +20,8 @@ jobs: @@ -20,6 +20,8 @@ jobs:
steps:
- name: Checkout Branch
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Get Latest Core Version
id: get-core
@ -38,9 +40,9 @@ jobs: @@ -38,9 +40,9 @@ jobs:
echo "Latest Core Version: $LATEST_CORE_VERSION"
if [ "$CORE_VERSION" != "$LATEST_CORE_VERSION" ]; then
echo "Needs Core update!"
echo "update=1" >> $GITHUB_OUTPUT
echo "update=1" >> "$GITHUB_OUTPUT"
else
echo "update=0" >> $GITHUB_OUTPUT
echo "update=0" >> "$GITHUB_OUTPUT"
fi
- name: Get Latest Web Version
@ -62,9 +64,9 @@ jobs: @@ -62,9 +64,9 @@ jobs:
echo "Latest Web Version: $LATEST_WEB_VERSION"
if [ "$WEB_VERSION" != "$LATEST_WEB_VERSION" ]; then
echo "Needs Web update!"
echo "update=1" >> $GITHUB_OUTPUT
echo "update=1" >> "$GITHUB_OUTPUT"
else
echo "update=0" >> $GITHUB_OUTPUT
echo "update=0" >> "$GITHUB_OUTPUT"
fi
- name: Get Latest Key Connector Version
@ -84,9 +86,9 @@ jobs: @@ -84,9 +86,9 @@ jobs:
echo "Latest Key Connector Version: $LATEST_KEY_CONNECTOR_VERSION"
if [ "$KEY_CONNECTOR_VERSION" != "$LATEST_KEY_CONNECTOR_VERSION" ]; then
echo "Needs Key Connector update!"
echo "update=1" >> $GITHUB_OUTPUT
echo "update=1" >> "$GITHUB_OUTPUT"
else
echo "update=0" >> $GITHUB_OUTPUT
echo "update=0" >> "$GITHUB_OUTPUT"
fi
@ -131,6 +133,7 @@ jobs: @@ -131,6 +133,7 @@ jobs:
with:
ref: main
token: ${{ steps.app-token.outputs.token }}
persist-credentials: true
- name: Configure Git
run: |
@ -165,9 +168,9 @@ jobs: @@ -165,9 +168,9 @@ jobs:
id: version-changed
run: |
if [ -n "$(git status --porcelain)" ]; then
echo "changes_to_commit=TRUE" >> $GITHUB_OUTPUT
echo "changes_to_commit=TRUE" >> "$GITHUB_OUTPUT"
else
echo "changes_to_commit=FALSE" >> $GITHUB_OUTPUT
echo "changes_to_commit=FALSE" >> "$GITHUB_OUTPUT"
echo "No changes to commit!";
fi

Write Preview
Loading…
Cancel
Save