From a446fcb3c298adc3ded795742dd8ff42974cfd64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?=
 <michal.checinski@outlook.com>
Date: Tue, 31 May 2022 16:36:06 +0200
Subject: [PATCH] DEVOPS-772 Build CDN endpoint for selfhost version.json (#24)

* Add version file release stage

* Add gitignore for act

* Change way of uploading version file to s3

* Comment tasks to test workflow

* Delete slash at the end

* FIx s3 uri

* Remove recursive mode

* Remove comments

* Add using the keyvault secrets instead of github

* Add login to Azure step

* Add comments for testing

* Remove comments
---
 .github/workflows/release.yml | 35 +++++++++++++++++++++++++++++++++++
 .gitignore                    |  2 ++
 2 files changed, 37 insertions(+)
 create mode 100644 .gitignore

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 077fafa..703bb85 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -74,3 +74,38 @@ jobs:
           body: "<insert release notes here>"
           token: ${{ secrets.GITHUB_TOKEN }}
           draft: true
+
+  release-version:
+    name: Upload version.json
+    runs-on: ubuntu-20.04
+    needs:
+     - setup
+     - release
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+        with:
+          ref: ${{ needs.setup.outputs.branch-name }}
+
+      - name: Login to Azure
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "aws-selfhost-version-access-id, aws-selfhost-version-access-key"
+
+      - name: Upload version.json to S3 bucket
+        env:
+          AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-id }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-key }}
+          AWS_DEFAULT_REGION: 'us-west-2'
+          AWS_S3_BUCKET_NAME: 's3://public-s3-bitwarden-selfhost-version-artifact'
+        run: |
+          aws s3 cp version.json $AWS_S3_BUCKET_NAME \
+          --acl "public-read" \
+          --quiet
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..05f4ccb
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+# Secrets file for act (gh actions local run tool)
+.secrets
\ No newline at end of file