GitHub-Bitwarden
/
self-host
mirror of https://github.com/bitwarden/self-host.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Bitwarden's self-hosted release repository
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
261 Commits
17 Branches
99 Tags
2.3 MiB
 
 
 
 
 
Tree: 4be1fe067b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4be1fe067b'
${ noResults }
self-host/.github/workflows/release.yml

133 lines
4.5 KiB
Raw Blame History

name: Release
run-name: Release Old Images - Release v${{ inputs.release_version }}
on:
workflow_dispatch:
inputs:
release_version:
description: "Release Version (example: '2025.2.1')"
required: true
env:
_AZ_REGISTRY: bitwardenprod.azurecr.io
jobs:
setup:
name: Setup
runs-on: ubuntu-24.04
outputs:
_WEB_RELEASE_TAG: ${{ steps.set-tags.outputs.WEB_RELEASE_TAG }}
_CORE_RELEASE_TAG: ${{ steps.set-tags.outputs.CORE_RELEASE_TAG }}
_KEY_CONNECTOR_RELEASE_TAG: ${{ steps.set-tags.outputs.KEY_CONNECTOR_RELEASE_TAG }}
steps:
- name: Set Release Tags
id: set-tags
env:
GH_TOKEN: ${{ github.token }}
RELEASE_VERSION: ${{ inputs.release_version }}
run: |
gh release download v${RELEASE_VERSION} --repo bitwarden/self-host --pattern version.json
cat version.json
WEB=$(jq -r '.versions.webVersion' < version.json)
CORE=$(jq -r '.versions.coreVersion' < version.json)
KEY_CONNECTOR=$(jq -r '.versions.keyConnectorVersion' < version.json)
echo "WEB_RELEASE_TAG=$WEB" >> $GITHUB_OUTPUT
echo "CORE_RELEASE_TAG=$CORE" >> $GITHUB_OUTPUT
echo "KEY_CONNECTOR_RELEASE_TAG=$KEY_CONNECTOR" >> $GITHUB_OUTPUT
tag-docker:
name: Tag ${{ matrix.project_name }} image with release version
runs-on: ubuntu-24.04
needs: setup
env:
_CORE_RELEASE_TAG: ${{ needs.setup.outputs._CORE_RELEASE_TAG }}
_BRANCH_NAME: main
permissions:
id-token: write
packages: write
strategy:
fail-fast: false
matrix:
include:
- project_name: Admin
- project_name: Api
- project_name: Attachments
- project_name: Events
- project_name: Icons
- project_name: Identity
- project_name: MsSql
- project_name: MsSqlMigratorUtility
- project_name: Nginx
- project_name: Notifications
- project_name: Scim
- project_name: Server
- project_name: Setup
- project_name: Sso
- project_name: Web
release_tag: ${{ needs.setup.outputs._WEB_RELEASE_TAG }}
steps:
- name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: main
- name: Install Cosign
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
- name: Login to Azure - Prod Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to Azure ACR
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}
- name: Setup project name and release tag
id: setup
run: |
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}')
echo "Matrix name: ${{ matrix.project_name }}"
echo "PROJECT_NAME: $PROJECT_NAME"
echo "_PROJECT_NAME=$PROJECT_NAME" >> $GITHUB_ENV
if [ -z "${{ matrix.release_tag }}" ]; then
# Use core release tag by default.
echo "_RELEASE_TAG=$_CORE_RELEASE_TAG" >> $GITHUB_ENV
else
echo "_RELEASE_TAG=${{ matrix.release_tag }}" >> $GITHUB_ENV
fi
### ghcr.io section
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull versioned image
run: docker pull $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG
- name: Tag release version image
run: docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
- name: Push release version image
run: docker push ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
- name: Sign image with Cosign
run: cosign sign --yes ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
- name: Verify the signed image with Cosign
run: |
cosign verify \
--certificate-identity "${{ github.server_url }}/${{ github.workflow_ref }}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
- name: Log out of Docker
run: |
docker logout ghcr.io
docker logout $_AZ_REGISTRY