|
|
|
|
@ -23,8 +23,6 @@ jobs:
@@ -23,8 +23,6 @@ jobs:
|
|
|
|
|
name: Check Self-Host Version Input |
|
|
|
|
if: github.ref_name == 'main' |
|
|
|
|
runs-on: ubuntu-24.04 |
|
|
|
|
outputs: |
|
|
|
|
latest_version: ${{ steps.get-self-host.outputs.version }} |
|
|
|
|
steps: |
|
|
|
|
- name: Checkout repo |
|
|
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 |
|
|
|
|
@ -62,6 +60,7 @@ jobs:
@@ -62,6 +60,7 @@ jobs:
|
|
|
|
|
web_version_changed: ${{ steps.update-web-version.outputs.changed }} |
|
|
|
|
key_connector_release_tag: ${{ steps.update-key-connector-version.outputs.tag }} |
|
|
|
|
key_connector_version_changed: ${{ steps.update-key-connector-version.outputs.changed }} |
|
|
|
|
updated_version_commit_hash: ${{ steps.push-changes.outputs.commit_hash }} |
|
|
|
|
steps: |
|
|
|
|
- name: Log in to Azure |
|
|
|
|
uses: bitwarden/gh-actions/azure-login@main |
|
|
|
|
@ -87,7 +86,7 @@ jobs:
@@ -87,7 +86,7 @@ jobs:
|
|
|
|
|
app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }} |
|
|
|
|
private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }} |
|
|
|
|
permission-contents: write # for pushing commits |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Checkout Branch |
|
|
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 |
|
|
|
|
with: |
|
|
|
|
@ -102,13 +101,13 @@ jobs:
@@ -102,13 +101,13 @@ jobs:
|
|
|
|
|
repository: bitwarden/server |
|
|
|
|
trim: true |
|
|
|
|
|
|
|
|
|
- name: Update Core version |
|
|
|
|
- name: Update Core version |
|
|
|
|
id: update-core-version |
|
|
|
|
env: |
|
|
|
|
NEW_VERSION: ${{ steps.get-core.outputs.version }} |
|
|
|
|
run: | |
|
|
|
|
OLD_VERSION=$(jq -r '.versions.coreVersion' version.json) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sed -i -e "/^\s*COREVERSION\s*=\s*/s/[0-9]\+.[0-9]\+.[0-9]\+/$NEW_VERSION/" bitwarden.sh |
|
|
|
|
sed -i -e "/^\s*\$coreVersion\s*=\s*/s/[0-9]\+.[0-9]\+.[0-9]\+/$NEW_VERSION/" bitwarden.ps1 |
|
|
|
|
sed -i -e '/"coreVersion":/ s/"coreVersion":[^,]*/"coreVersion":"'$NEW_VERSION'"/' version.json |
|
|
|
|
@ -172,6 +171,13 @@ jobs:
@@ -172,6 +171,13 @@ jobs:
|
|
|
|
|
|
|
|
|
|
echo "tag=$NEW_VERSION" >> "$GITHUB_OUTPUT" |
|
|
|
|
|
|
|
|
|
- name: Update docker-compose.yml with new version |
|
|
|
|
env: |
|
|
|
|
CORE_VERSION: ${{ steps.update-core-version.outputs.tag }} |
|
|
|
|
run: | |
|
|
|
|
sed -i -e "s|lite:\${TAG:-[^}]*}|lite:\${TAG:-$CORE_VERSION}|" bitwarden-lite/docker-compose.yml |
|
|
|
|
echo ":pencil: Updated docker-compose.yml TAG to $CORE_VERSION" >> "$GITHUB_STEP_SUMMARY" |
|
|
|
|
|
|
|
|
|
- name: Check if version changed |
|
|
|
|
id: version-changed |
|
|
|
|
run: | |
|
|
|
|
@ -193,9 +199,11 @@ jobs:
@@ -193,9 +199,11 @@ jobs:
|
|
|
|
|
run: git commit -m "Updated core, web, and key-connector versions" -a |
|
|
|
|
|
|
|
|
|
- name: Push changes |
|
|
|
|
id: push-changes |
|
|
|
|
if: ${{ steps.version-changed.outputs.changes_to_commit == 'true' }} |
|
|
|
|
run: git push |
|
|
|
|
|
|
|
|
|
run: | |
|
|
|
|
git push |
|
|
|
|
echo "commit_hash=$(git log -1 --format='%H')" >> "$GITHUB_OUTPUT" |
|
|
|
|
|
|
|
|
|
release-github: |
|
|
|
|
name: Create GitHub Release |
|
|
|
|
@ -211,7 +219,7 @@ jobs:
@@ -211,7 +219,7 @@ jobs:
|
|
|
|
|
with: |
|
|
|
|
fetch-depth: 0 |
|
|
|
|
persist-credentials: false |
|
|
|
|
ref: main |
|
|
|
|
ref: ${{ needs.update-versions.outputs.updated_version_commit_hash }} |
|
|
|
|
|
|
|
|
|
- name: Prepare release notes |
|
|
|
|
id: prepare-release-notes |
|
|
|
|
@ -261,13 +269,16 @@ jobs:
@@ -261,13 +269,16 @@ jobs:
|
|
|
|
|
name: "Version ${{ inputs.release_version }}" |
|
|
|
|
body: ${{ steps.prepare-release-notes.outputs.RELEASE_NOTES }} |
|
|
|
|
token: ${{ secrets.GITHUB_TOKEN }} |
|
|
|
|
commit: ${{ needs.update-versions.outputs.updated_version_commit_hash }} |
|
|
|
|
draft: false |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
release-s3: |
|
|
|
|
name: Upload version.json |
|
|
|
|
runs-on: ubuntu-24.04 |
|
|
|
|
needs: release-github |
|
|
|
|
needs: |
|
|
|
|
- update-versions |
|
|
|
|
- release-github |
|
|
|
|
permissions: |
|
|
|
|
contents: read |
|
|
|
|
id-token: write |
|
|
|
|
@ -276,7 +287,7 @@ jobs:
@@ -276,7 +287,7 @@ jobs:
|
|
|
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 |
|
|
|
|
with: |
|
|
|
|
persist-credentials: false |
|
|
|
|
ref: main |
|
|
|
|
ref: ${{ needs.update-versions.outputs.updated_version_commit_hash }} |
|
|
|
|
|
|
|
|
|
- name: Log in to Azure |
|
|
|
|
uses: bitwarden/gh-actions/azure-login@main |
|
|
|
|
@ -424,6 +435,7 @@ jobs:
@@ -424,6 +435,7 @@ jobs:
|
|
|
|
|
packages: write |
|
|
|
|
security-events: write |
|
|
|
|
with: |
|
|
|
|
self_host_repo_ref: ${{ needs.update-versions.outputs.updated_version_commit_hash }} |
|
|
|
|
use_latest_core_version: true |
|
|
|
|
use_latest_web_version: true |
|
|
|
|
secrets: inherit |
|
|
|
|
@ -439,42 +451,9 @@ jobs:
@@ -439,42 +451,9 @@ jobs:
|
|
|
|
|
env: |
|
|
|
|
_CORE_VERSION: ${{ needs.update-versions.outputs.core_release_tag }} |
|
|
|
|
permissions: |
|
|
|
|
contents: write |
|
|
|
|
id-token: write |
|
|
|
|
packages: write |
|
|
|
|
steps: |
|
|
|
|
- name: Log in to Azure |
|
|
|
|
uses: bitwarden/gh-actions/azure-login@main |
|
|
|
|
with: |
|
|
|
|
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
|
|
|
|
tenant_id: ${{ secrets.AZURE_TENANT_ID }} |
|
|
|
|
client_id: ${{ secrets.AZURE_CLIENT_ID }} |
|
|
|
|
|
|
|
|
|
- name: Get Azure Key Vault secrets |
|
|
|
|
id: get-kv-secrets |
|
|
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main |
|
|
|
|
with: |
|
|
|
|
keyvault: gh-org-bitwarden |
|
|
|
|
secrets: "BW-GHAPP-ID,BW-GHAPP-KEY" |
|
|
|
|
|
|
|
|
|
- name: Log out from Azure |
|
|
|
|
uses: bitwarden/gh-actions/azure-logout@main |
|
|
|
|
|
|
|
|
|
- name: Generate GH App token |
|
|
|
|
uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 |
|
|
|
|
id: app-token |
|
|
|
|
with: |
|
|
|
|
app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }} |
|
|
|
|
private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }} |
|
|
|
|
permission-contents: write |
|
|
|
|
|
|
|
|
|
- name: Checkout repo |
|
|
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 |
|
|
|
|
with: |
|
|
|
|
ref: main |
|
|
|
|
token: ${{ steps.app-token.outputs.token }} |
|
|
|
|
persist-credentials: true |
|
|
|
|
|
|
|
|
|
- name: Login to GitHub Container Registry |
|
|
|
|
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 |
|
|
|
|
with: |
|
|
|
|
@ -503,36 +482,6 @@ jobs:
@@ -503,36 +482,6 @@ jobs:
|
|
|
|
|
- name: Log out of ghcr.io |
|
|
|
|
run: docker logout ghcr.io |
|
|
|
|
|
|
|
|
|
- name: Update docker-compose.yml with new version |
|
|
|
|
run: | |
|
|
|
|
sed -i -e "s|lite:\${TAG:-[^}]*}|lite:\${TAG:-$_CORE_VERSION}|" bitwarden-lite/docker-compose.yml |
|
|
|
|
echo ":pencil: Updated docker-compose.yml TAG to $_CORE_VERSION" >> "$GITHUB_STEP_SUMMARY" |
|
|
|
|
|
|
|
|
|
- name: Check if version changed |
|
|
|
|
id: version-changed |
|
|
|
|
run: | |
|
|
|
|
if [ -n "$(git status --porcelain)" ]; then |
|
|
|
|
echo "changes_to_commit=true" >> "$GITHUB_OUTPUT" |
|
|
|
|
else |
|
|
|
|
echo "changes_to_commit=false" >> "$GITHUB_OUTPUT" |
|
|
|
|
echo "No changes to commit" |
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
- name: Configure Git |
|
|
|
|
if: ${{ steps.version-changed.outputs.changes_to_commit == 'true' }} |
|
|
|
|
run: | |
|
|
|
|
git config --local user.email "178206702+bw-ghapp[bot]@users.noreply.github.com" |
|
|
|
|
git config --local user.name "bw-ghapp[bot]" |
|
|
|
|
|
|
|
|
|
- name: Commit files |
|
|
|
|
if: ${{ steps.version-changed.outputs.changes_to_commit == 'true' }} |
|
|
|
|
run: git commit -m "Update Bitwarden lite docker-compose.yml to $_CORE_VERSION" -a |
|
|
|
|
|
|
|
|
|
- name: Push changes |
|
|
|
|
if: ${{ steps.version-changed.outputs.changes_to_commit == 'true' }} |
|
|
|
|
run: git push |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trigger-workflows: |
|
|
|
|
name: Trigger workflows |
|
|
|
|
runs-on: ubuntu-24.04 |
|
|
|
|
@ -569,6 +518,8 @@ jobs:
@@ -569,6 +518,8 @@ jobs:
|
|
|
|
|
|
|
|
|
|
- name: Trigger release-digital-ocean workflow |
|
|
|
|
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 |
|
|
|
|
env: |
|
|
|
|
RELEASE_TAG: v${{ inputs.release_version }} |
|
|
|
|
with: |
|
|
|
|
github-token: ${{ steps.app-token.outputs.token }} |
|
|
|
|
script: | |
|
|
|
|
@ -576,6 +527,6 @@ jobs:
@@ -576,6 +527,6 @@ jobs:
|
|
|
|
|
owner: 'bitwarden', |
|
|
|
|
repo: 'self-host', |
|
|
|
|
workflow_id: 'release-digital-ocean.yml', |
|
|
|
|
ref: 'main', |
|
|
|
|
ref: process.env.RELEASE_TAG, |
|
|
|
|
inputs: {} |
|
|
|
|
}); |
|
|
|
|
|
Andy Pixley
16 hours ago
committed by
GitHub