|
|
|
|
@ -411,9 +411,42 @@ jobs:
@@ -411,9 +411,42 @@ jobs:
|
|
|
|
|
env: |
|
|
|
|
_CORE_VERSION: ${{ needs.update-versions.outputs.core_release_tag }} |
|
|
|
|
permissions: |
|
|
|
|
contents: write |
|
|
|
|
id-token: write |
|
|
|
|
packages: write |
|
|
|
|
steps: |
|
|
|
|
- name: Log in to Azure |
|
|
|
|
uses: bitwarden/gh-actions/azure-login@main |
|
|
|
|
with: |
|
|
|
|
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
|
|
|
|
tenant_id: ${{ secrets.AZURE_TENANT_ID }} |
|
|
|
|
client_id: ${{ secrets.AZURE_CLIENT_ID }} |
|
|
|
|
|
|
|
|
|
- name: Get Azure Key Vault secrets |
|
|
|
|
id: get-kv-secrets |
|
|
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@main |
|
|
|
|
with: |
|
|
|
|
keyvault: gh-org-bitwarden |
|
|
|
|
secrets: "BW-GHAPP-ID,BW-GHAPP-KEY" |
|
|
|
|
|
|
|
|
|
- name: Log out from Azure |
|
|
|
|
uses: bitwarden/gh-actions/azure-logout@main |
|
|
|
|
|
|
|
|
|
- name: Generate GH App token |
|
|
|
|
uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0 |
|
|
|
|
id: app-token |
|
|
|
|
with: |
|
|
|
|
app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }} |
|
|
|
|
private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }} |
|
|
|
|
permission-contents: write |
|
|
|
|
|
|
|
|
|
- name: Checkout repo |
|
|
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 |
|
|
|
|
with: |
|
|
|
|
ref: main |
|
|
|
|
token: ${{ steps.app-token.outputs.token }} |
|
|
|
|
persist-credentials: true |
|
|
|
|
|
|
|
|
|
- name: Login to GitHub Container Registry |
|
|
|
|
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 |
|
|
|
|
with: |
|
|
|
|
@ -435,6 +468,35 @@ jobs:
@@ -435,6 +468,35 @@ jobs:
|
|
|
|
|
- name: Log out of ghcr.io |
|
|
|
|
run: docker logout ghcr.io |
|
|
|
|
|
|
|
|
|
- name: Update docker-compose.yml with new version |
|
|
|
|
run: | |
|
|
|
|
sed -i -e "s|lite:\${TAG:-[^}]*}|lite:\${TAG:-$_CORE_VERSION}|" bitwarden-lite/docker-compose.yml |
|
|
|
|
echo ":pencil: Updated docker-compose.yml TAG to $_CORE_VERSION" >> "$GITHUB_STEP_SUMMARY" |
|
|
|
|
|
|
|
|
|
- name: Check if version changed |
|
|
|
|
id: version-changed |
|
|
|
|
run: | |
|
|
|
|
if [ -n "$(git status --porcelain)" ]; then |
|
|
|
|
echo "changes_to_commit=true" >> "$GITHUB_OUTPUT" |
|
|
|
|
else |
|
|
|
|
echo "changes_to_commit=false" >> "$GITHUB_OUTPUT" |
|
|
|
|
echo "No changes to commit" |
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
- name: Configure Git |
|
|
|
|
if: ${{ steps.version-changed.outputs.changes_to_commit == 'true' }} |
|
|
|
|
run: | |
|
|
|
|
git config --local user.email "178206702+bw-ghapp[bot]@users.noreply.github.com" |
|
|
|
|
git config --local user.name "bw-ghapp[bot]" |
|
|
|
|
|
|
|
|
|
- name: Commit files |
|
|
|
|
if: ${{ steps.version-changed.outputs.changes_to_commit == 'true' }} |
|
|
|
|
run: git commit -m "Update Bitwarden lite docker-compose.yml to $_CORE_VERSION" -a |
|
|
|
|
|
|
|
|
|
- name: Push changes |
|
|
|
|
if: ${{ steps.version-changed.outputs.changes_to_commit == 'true' }} |
|
|
|
|
run: git push |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trigger-workflows: |
|
|
|
|
name: Trigger workflows |
|
|
|
|
|
Vince Grassia
2 weeks ago