DEVOPS-772 Build CDN endpoint for selfhost version.json (#24)

* Add version file release stage

* Add gitignore for act

* Change way of uploading version file to s3

* Comment tasks to test workflow

* Delete slash at the end

* FIx s3 uri

* Remove recursive mode

* Remove comments

* Add using the keyvault secrets instead of github

* Add login to Azure step

* Add comments for testing

* Remove comments

.github/workflows/release.yml

@@ -74,3 +74,38 @@ jobs:
           body: "<insert release notes here>"
           token: ${{ secrets.GITHUB_TOKEN }}
           draft: true
+
+  release-version:
+    name: Upload version.json
+    runs-on: ubuntu-20.04
+    needs:
+     - setup
+     - release
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+        with:
+          ref: ${{ needs.setup.outputs.branch-name }}
+
+      - name: Login to Azure
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "aws-selfhost-version-access-id, aws-selfhost-version-access-key"
+
+      - name: Upload version.json to S3 bucket
+        env:
+          AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-id }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-key }}
+          AWS_DEFAULT_REGION: 'us-west-2'
+          AWS_S3_BUCKET_NAME: 's3://public-s3-bitwarden-selfhost-version-artifact'
+        run: |
+          aws s3 cp version.json $AWS_S3_BUCKET_NAME \
+          --acl "public-read" \
+          --quiet

.gitignore

@@ -0,0 +1,2 @@
+# Secrets file for act (gh actions local run tool)
+.secrets