|
|
|
@ -11,9 +11,7 @@ on: |
|
|
|
jobs: |
|
|
|
jobs: |
|
|
|
setup: |
|
|
|
setup: |
|
|
|
name: Setup |
|
|
|
name: Setup |
|
|
|
runs-on: ubuntu-20.04 |
|
|
|
runs-on: ubuntu-22.04 |
|
|
|
outputs: |
|
|
|
|
|
|
|
branch-name: ${{ steps.branch.outputs.branch-name }} |
|
|
|
|
|
|
|
steps: |
|
|
|
steps: |
|
|
|
- name: Branch check |
|
|
|
- name: Branch check |
|
|
|
run: | |
|
|
|
run: | |
|
|
|
@ -43,22 +41,16 @@ jobs: |
|
|
|
exit 1 |
|
|
|
exit 1 |
|
|
|
fi |
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
- name: Get branch name |
|
|
|
|
|
|
|
id: branch |
|
|
|
|
|
|
|
run: | |
|
|
|
|
|
|
|
BRANCH_NAME=$(basename ${{ github.ref }}) |
|
|
|
|
|
|
|
echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
release: |
|
|
|
release: |
|
|
|
name: Create GitHub Release |
|
|
|
name: Create GitHub Release |
|
|
|
runs-on: ubuntu-20.04 |
|
|
|
runs-on: ubuntu-22.04 |
|
|
|
needs: setup |
|
|
|
needs: setup |
|
|
|
steps: |
|
|
|
steps: |
|
|
|
- name: Checkout repo |
|
|
|
- name: Checkout repo |
|
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f |
|
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f |
|
|
|
with: |
|
|
|
with: |
|
|
|
ref: ${{ needs.setup.outputs.branch-name }} |
|
|
|
ref: master |
|
|
|
|
|
|
|
|
|
|
|
- name: Create release |
|
|
|
- name: Create release |
|
|
|
uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09 |
|
|
|
uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09 |
|
|
|
@ -77,15 +69,15 @@ jobs: |
|
|
|
|
|
|
|
|
|
|
|
release-version: |
|
|
|
release-version: |
|
|
|
name: Upload version.json |
|
|
|
name: Upload version.json |
|
|
|
runs-on: ubuntu-20.04 |
|
|
|
runs-on: ubuntu-22.04 |
|
|
|
needs: |
|
|
|
needs: |
|
|
|
- setup |
|
|
|
- setup |
|
|
|
- release |
|
|
|
- release |
|
|
|
steps: |
|
|
|
steps: |
|
|
|
- name: Checkout repo |
|
|
|
- name: Checkout repo |
|
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f |
|
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f |
|
|
|
with: |
|
|
|
with: |
|
|
|
ref: ${{ needs.setup.outputs.branch-name }} |
|
|
|
ref: master |
|
|
|
|
|
|
|
|
|
|
|
- name: Login to Azure |
|
|
|
- name: Login to Azure |
|
|
|
uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010 |
|
|
|
uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010 |
|
|
|
@ -94,22 +86,15 @@ jobs: |
|
|
|
|
|
|
|
|
|
|
|
- name: Retrieve secrets |
|
|
|
- name: Retrieve secrets |
|
|
|
id: retrieve-secrets |
|
|
|
id: retrieve-secrets |
|
|
|
env: |
|
|
|
uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af |
|
|
|
KEYVAULT: bitwarden-prod-kv |
|
|
|
with: |
|
|
|
SECRETS: | |
|
|
|
keyvault: "bitwarden-prod-kv" |
|
|
|
aws-selfhost-version-access-id, |
|
|
|
secrets: "aws-selfhost-version-access-id, |
|
|
|
aws-selfhost-version-access-key, |
|
|
|
aws-selfhost-version-access-key, |
|
|
|
r2-electron-access-id, |
|
|
|
r2-electron-access-id, |
|
|
|
r2-electron-access-key, |
|
|
|
r2-electron-access-key, |
|
|
|
r2-bitwarden-selfhost-version-bucket-name, |
|
|
|
r2-bitwarden-selfhost-version-bucket-name, |
|
|
|
cf-prod-account |
|
|
|
cf-prod-account" |
|
|
|
run: | |
|
|
|
|
|
|
|
for i in ${SECRETS//,/ } |
|
|
|
|
|
|
|
do |
|
|
|
|
|
|
|
VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) |
|
|
|
|
|
|
|
echo "::add-mask::$VALUE" |
|
|
|
|
|
|
|
echo "$i=$VALUE" >> $GITHUB_OUTPUT |
|
|
|
|
|
|
|
done |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Upload version.json to S3 bucket |
|
|
|
- name: Upload version.json to S3 bucket |
|
|
|
env: |
|
|
|
env: |
|
|
|
@ -135,33 +120,32 @@ jobs: |
|
|
|
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com |
|
|
|
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com |
|
|
|
|
|
|
|
|
|
|
|
tag-docker-latest: |
|
|
|
tag-docker-latest: |
|
|
|
name: Tag Docker image latest |
|
|
|
name: Tag Docker images latest |
|
|
|
runs-on: ubuntu-20.04 |
|
|
|
runs-on: ubuntu-22.04 |
|
|
|
needs: |
|
|
|
needs: |
|
|
|
- setup |
|
|
|
- setup |
|
|
|
- release |
|
|
|
- release |
|
|
|
env: |
|
|
|
env: |
|
|
|
_RELEASE_VERSION: ${{ github.event.inputs.release_version }} |
|
|
|
_RELEASE_VERSION: ${{ github.event.inputs.release_version }} |
|
|
|
_BRANCH_NAME: ${{ needs.setup.outputs.branch-name }} |
|
|
|
_BRANCH_NAME: master |
|
|
|
strategy: |
|
|
|
strategy: |
|
|
|
fail-fast: false |
|
|
|
fail-fast: false |
|
|
|
matrix: |
|
|
|
matrix: |
|
|
|
include: |
|
|
|
include: |
|
|
|
- service_name: Admin |
|
|
|
- project_name: Admin |
|
|
|
- service_name: Api |
|
|
|
- project_name: Api |
|
|
|
- service_name: Attachments |
|
|
|
- project_name: Attachments |
|
|
|
- service_name: Events |
|
|
|
- project_name: Events |
|
|
|
- service_name: Icons |
|
|
|
- project_name: Icons |
|
|
|
- service_name: Identity |
|
|
|
- project_name: Identity |
|
|
|
- service_name: K8S-Proxy |
|
|
|
- project_name: MsSql |
|
|
|
- service_name: MsSql |
|
|
|
- project_name: Nginx |
|
|
|
- service_name: Nginx |
|
|
|
- project_name: Notifications |
|
|
|
- service_name: Notifications |
|
|
|
- project_name: Server |
|
|
|
- service_name: Server |
|
|
|
- project_name: Setup |
|
|
|
- service_name: Setup |
|
|
|
- project_name: Sso |
|
|
|
- service_name: Sso |
|
|
|
- project_name: Web |
|
|
|
- service_name: Web |
|
|
|
- project_name: Scim |
|
|
|
- service_name: Scim |
|
|
|
|
|
|
|
steps: |
|
|
|
steps: |
|
|
|
- name: Print environment |
|
|
|
- name: Print environment |
|
|
|
run: | |
|
|
|
run: | |
|
|
|
@ -173,15 +157,15 @@ jobs: |
|
|
|
- name: Checkout repo |
|
|
|
- name: Checkout repo |
|
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f |
|
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f |
|
|
|
with: |
|
|
|
with: |
|
|
|
ref: ${{ needs.setup.outputs.branch-name }} |
|
|
|
ref: master |
|
|
|
|
|
|
|
|
|
|
|
- name: Setup service name |
|
|
|
- name: Setup project name |
|
|
|
id: setup |
|
|
|
id: setup |
|
|
|
run: | |
|
|
|
run: | |
|
|
|
SERVICE_NAME=$(echo "${{ matrix.service_name }}" | awk '{print tolower($0)}') |
|
|
|
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}') |
|
|
|
echo "Matrix name: ${{ matrix.service_name }}" |
|
|
|
echo "Matrix name: ${{ matrix.project_name }}" |
|
|
|
echo "SERVICE_NAME: $SERVICE_NAME" |
|
|
|
echo "PROJECT_NAME: $PROJECT_NAME" |
|
|
|
echo "service_name=$SERVICE_NAME" >> $GITHUB_OUTPUT |
|
|
|
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT |
|
|
|
|
|
|
|
|
|
|
|
########## DockerHub ########## |
|
|
|
########## DockerHub ########## |
|
|
|
- name: Setup DCT |
|
|
|
- name: Setup DCT |
|
|
|
@ -193,24 +177,24 @@ jobs: |
|
|
|
|
|
|
|
|
|
|
|
- name: Pull versioned image |
|
|
|
- name: Pull versioned image |
|
|
|
env: |
|
|
|
env: |
|
|
|
SERVICE_NAME: ${{ steps.setup.outputs.service_name }} |
|
|
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
|
|
run: docker pull bitwarden/$SERVICE_NAME:$_RELEASE_VERSION |
|
|
|
run: docker pull bitwarden/$PROJECT_NAME:$_RELEASE_VERSION |
|
|
|
|
|
|
|
|
|
|
|
- name: Tag latest |
|
|
|
- name: Tag latest |
|
|
|
env: |
|
|
|
env: |
|
|
|
SERVICE_NAME: ${{ steps.setup.outputs.service_name }} |
|
|
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
|
|
run: docker tag bitwarden/$SERVICE_NAME:$_RELEASE_VERSION bitwarden/$SERVICE_NAME:latest |
|
|
|
run: docker tag bitwarden/$PROJECT_NAME:$_RELEASE_VERSION bitwarden/$PROJECT_NAME:latest |
|
|
|
|
|
|
|
|
|
|
|
- name: Push latest image |
|
|
|
- name: Push latest image |
|
|
|
env: |
|
|
|
env: |
|
|
|
DOCKER_CONTENT_TRUST: 1 |
|
|
|
DOCKER_CONTENT_TRUST: 1 |
|
|
|
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} |
|
|
|
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} |
|
|
|
SERVICE_NAME: ${{ steps.setup.outputs.service_name }} |
|
|
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
|
|
run: | |
|
|
|
run: | |
|
|
|
if [ "$SERVICE_NAME" == "scim" ]; then |
|
|
|
if [ "$PROJECT_NAME" == "scim" ]; then |
|
|
|
export DOCKER_CONTENT_TRUST=0 |
|
|
|
export DOCKER_CONTENT_TRUST=0 |
|
|
|
fi |
|
|
|
fi |
|
|
|
docker push bitwarden/$SERVICE_NAME:latest |
|
|
|
docker push bitwarden/$PROJECT_NAME:latest |
|
|
|
|
|
|
|
|
|
|
|
- name: Log out of Docker and disable Docker Notary |
|
|
|
- name: Log out of Docker and disable Docker Notary |
|
|
|
run: | |
|
|
|
run: | |
|
|
|
@ -228,22 +212,22 @@ jobs: |
|
|
|
|
|
|
|
|
|
|
|
- name: Tag latest |
|
|
|
- name: Tag latest |
|
|
|
env: |
|
|
|
env: |
|
|
|
SERVICE_NAME: ${{ steps.setup.outputs.service_name }} |
|
|
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
|
|
REGISTRY: bitwardenqa.azurecr.io |
|
|
|
REGISTRY: bitwardenqa.azurecr.io |
|
|
|
run: docker tag bitwarden/$SERVICE_NAME:$_RELEASE_VERSION $REGISTRY/$SERVICE_NAME:latest |
|
|
|
run: docker tag bitwarden/$PROJECT_NAME:$_RELEASE_VERSION $REGISTRY/$PROJECT_NAME:latest |
|
|
|
|
|
|
|
|
|
|
|
- name: Push version and latest image |
|
|
|
- name: Push version and latest image |
|
|
|
env: |
|
|
|
env: |
|
|
|
SERVICE_NAME: ${{ steps.setup.outputs.service_name }} |
|
|
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
|
|
REGISTRY: bitwardenqa.azurecr.io |
|
|
|
REGISTRY: bitwardenqa.azurecr.io |
|
|
|
run: docker push $REGISTRY/$SERVICE_NAME:latest |
|
|
|
run: docker push $REGISTRY/$PROJECT_NAME:latest |
|
|
|
|
|
|
|
|
|
|
|
- name: Log out of Docker |
|
|
|
- name: Log out of Docker |
|
|
|
run: docker logout |
|
|
|
run: docker logout |
|
|
|
|
|
|
|
|
|
|
|
tag-docker-bitwardenqa-latest: |
|
|
|
tag-docker-web-latest: |
|
|
|
name: Tag Docker images from bitwardenqa latest |
|
|
|
name: Tag Web Docker images from bitwardenqa latest |
|
|
|
runs-on: ubuntu-20.04 |
|
|
|
runs-on: ubuntu-22.04 |
|
|
|
needs: |
|
|
|
needs: |
|
|
|
- setup |
|
|
|
- setup |
|
|
|
- release |
|
|
|
- release |
|
|
|
@ -251,11 +235,11 @@ jobs: |
|
|
|
fail-fast: false |
|
|
|
fail-fast: false |
|
|
|
matrix: |
|
|
|
matrix: |
|
|
|
include: |
|
|
|
include: |
|
|
|
- service_name: web-sh |
|
|
|
- project_name: web-sh |
|
|
|
- service_name: web-ee |
|
|
|
# - project_name: web-ee # Needs to be fixed in Web client release workflow. |
|
|
|
env: |
|
|
|
env: |
|
|
|
_RELEASE_VERSION: ${{ github.event.inputs.release_version }} |
|
|
|
_RELEASE_VERSION: ${{ github.event.inputs.release_version }} |
|
|
|
_BRANCH_NAME: ${{ needs.setup.outputs.branch-name }} |
|
|
|
_BRANCH_NAME: master |
|
|
|
steps: |
|
|
|
steps: |
|
|
|
- name: Print environment |
|
|
|
- name: Print environment |
|
|
|
run: | |
|
|
|
run: | |
|
|
|
@ -267,15 +251,15 @@ jobs: |
|
|
|
- name: Checkout repo |
|
|
|
- name: Checkout repo |
|
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f |
|
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f |
|
|
|
with: |
|
|
|
with: |
|
|
|
ref: ${{ needs.setup.outputs.branch-name }} |
|
|
|
ref: master |
|
|
|
|
|
|
|
|
|
|
|
- name: Setup service name |
|
|
|
- name: Setup project name |
|
|
|
id: setup |
|
|
|
id: setup |
|
|
|
run: | |
|
|
|
run: | |
|
|
|
SERVICE_NAME=$(echo "${{ matrix.service_name }}" | awk '{print tolower($0)}') |
|
|
|
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}') |
|
|
|
echo "Matrix name: ${{ matrix.service_name }}" |
|
|
|
echo "Matrix name: ${{ matrix.project_name }}" |
|
|
|
echo "SERVICE_NAME: $SERVICE_NAME" |
|
|
|
echo "PROJECT_NAME: $PROJECT_NAME" |
|
|
|
echo "service_name=$SERVICE_NAME" >> $GITHUB_OUTPUT |
|
|
|
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT |
|
|
|
|
|
|
|
|
|
|
|
########## ACR ########## |
|
|
|
########## ACR ########## |
|
|
|
- name: Login to Azure - QA Subscription |
|
|
|
- name: Login to Azure - QA Subscription |
|
|
|
@ -288,21 +272,21 @@ jobs: |
|
|
|
|
|
|
|
|
|
|
|
- name: Pull versioned image |
|
|
|
- name: Pull versioned image |
|
|
|
env: |
|
|
|
env: |
|
|
|
SERVICE_NAME: ${{ steps.setup.outputs.service_name }} |
|
|
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
|
|
REGISTRY: bitwardenqa.azurecr.io |
|
|
|
REGISTRY: bitwardenqa.azurecr.io |
|
|
|
run: docker pull $REGISTRY/$SERVICE_NAME:$_RELEASE_VERSION |
|
|
|
run: docker pull $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION |
|
|
|
|
|
|
|
|
|
|
|
- name: Tag latest |
|
|
|
- name: Tag latest |
|
|
|
env: |
|
|
|
env: |
|
|
|
SERVICE_NAME: ${{ steps.setup.outputs.service_name }} |
|
|
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
|
|
REGISTRY: bitwardenqa.azurecr.io |
|
|
|
REGISTRY: bitwardenqa.azurecr.io |
|
|
|
run: docker tag $REGISTRY/$SERVICE_NAME:$_RELEASE_VERSION $REGISTRY/$SERVICE_NAME:latest |
|
|
|
run: docker tag $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION $REGISTRY/$PROJECT_NAME:latest |
|
|
|
|
|
|
|
|
|
|
|
- name: Push version and latest image |
|
|
|
- name: Push version and latest image |
|
|
|
env: |
|
|
|
env: |
|
|
|
SERVICE_NAME: ${{ steps.setup.outputs.service_name }} |
|
|
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
|
|
REGISTRY: bitwardenqa.azurecr.io |
|
|
|
REGISTRY: bitwardenqa.azurecr.io |
|
|
|
run: docker push $REGISTRY/$SERVICE_NAME:latest |
|
|
|
run: docker push $REGISTRY/$PROJECT_NAME:latest |
|
|
|
|
|
|
|
|
|
|
|
- name: Log out of Docker |
|
|
|
- name: Log out of Docker |
|
|
|
run: docker logout |
|
|
|
run: docker logout |
|
|
|
|
Vince Grassia
3 years ago
committed by
GitHub