GitHub-Bitwarden
/
server
mirror of https://github.com/bitwarden/server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

[DEVOPS-1517] - Update Server release to pull from Prod ACR (#3169) 

* UPDATE: Server release to pull from Prod ACR

* UPDATE: condition for DCT setup

* UPDATE: attachment Dockerfile to reference server latest

* REMOVE: push Server image to DockerHub

* FIX: lint error

* Minor changes
pull/3190/head
Opeyemi 2 years ago committed by GitHub
parent
115ead00d4
commit
0487056afb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 89 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 113
      .github/workflows/release.yml

113
.github/workflows/release.yml
Unescape View File

@ -15,6 +15,9 @@ on: @@ -15,6 +15,9 @@ on:
- Redeploy
- Dry Run
env:
_AZ_REGISTRY: 'bitwardenprod.azurecr.io'
jobs:
setup:
name: Setup
@ -53,18 +56,17 @@ jobs: @@ -53,18 +56,17 @@ jobs:
deploy:
name: Deploy
runs-on: ubuntu-22.04
needs:
- setup
needs: setup
strategy:
fail-fast: false
matrix:
include:
- name: Api
- name: Admin
- name: Api
- name: Billing
- name: Events
- name: Sso
- name: Identity
- name: Sso
steps:
- name: Setup
id: setup
@ -94,7 +96,7 @@ jobs: @@ -94,7 +96,7 @@ jobs:
branch: ${{ needs.setup.outputs.branch-name }}
artifacts: ${{ matrix.name }}.zip
- name: Download latest Release ${{ matrix.name }} asset
- name: Dry Run - Download latest Release ${{ matrix.name }} asset
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78
with:
@ -173,8 +175,7 @@ jobs: @@ -173,8 +175,7 @@ jobs:
release-docker:
name: Build Docker images
runs-on: ubuntu-22.04
needs:
- setup
needs: setup
env:
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
_BRANCH_NAME: ${{ needs.setup.outputs.branch-name }}
@ -183,40 +184,21 @@ jobs: @@ -183,40 +184,21 @@ jobs:
matrix:
include:
- project_name: Admin
origin_docker_repo: bitwarden
- project_name: Api
origin_docker_repo: bitwarden
- project_name: Attachments
origin_docker_repo: bitwarden
- project_name: Billing
- project_name: Events
prod_acr: true
origin_docker_repo: bitwarden
- project_name: EventsProcessor
prod_acr: true
origin_docker_repo: bitwardenprod.azurecr.io
- project_name: Icons
origin_docker_repo: bitwarden
prod_acr: true
- project_name: Identity
origin_docker_repo: bitwarden
- project_name: MsSql
origin_docker_repo: bitwarden
- project_name: MsSqlMigratorUtility
- project_name: Nginx
origin_docker_repo: bitwarden
- project_name: Notifications
origin_docker_repo: bitwarden
- project_name: Scim
- project_name: Server
origin_docker_repo: bitwarden
- project_name: Setup
origin_docker_repo: bitwarden
- project_name: Sso
origin_docker_repo: bitwarden
- project_name: Scim
origin_docker_repo: bitwarden
- project_name: Billing
origin_docker_repo: bitwardenprod.azurecr.io
- project_name: MsSqlMigratorUtility
origin_docker_repo: bitwardenprod.azurecr.io
steps:
- name: Print environment
env:
@ -239,51 +221,6 @@ jobs: @@ -239,51 +221,6 @@ jobs:
echo "PROJECT_NAME: $PROJECT_NAME"
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT
########## DockerHub ##########
- name: Setup DCT
id: setup-dct
if: matrix.origin_docker_repo == 'bitwarden'
uses: bitwarden/gh-actions/setup-docker-trust@f096207b7a2f31723165aee6ad03e91716686e78
with:
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
azure-keyvault-name: "bitwarden-ci"
- name: Pull latest project image
if: matrix.origin_docker_repo == 'bitwarden'
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker pull bitwarden/$PROJECT_NAME:latest
else
docker pull bitwarden/$PROJECT_NAME:$_BRANCH_NAME
fi
- name: Tag version and latest
if: matrix.origin_docker_repo == 'bitwarden'
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker tag bitwarden/$PROJECT_NAME:latest bitwarden/$PROJECT_NAME:dryrun
else
docker tag bitwarden/$PROJECT_NAME:$_BRANCH_NAME bitwarden/$PROJECT_NAME:$_RELEASE_VERSION
fi
- name: Push version and latest image
if: ${{ github.event.inputs.release_type != 'Dry Run' && matrix.origin_docker_repo == 'bitwarden' }}
env:
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: docker push bitwarden/$PROJECT_NAME:$_RELEASE_VERSION
- name: Log out of Docker and disable Docker Notary
if: matrix.origin_docker_repo == 'bitwarden'
run: |
docker logout
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
########## ACR PROD ##########
- name: Login to Azure - PROD Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
@ -291,41 +228,39 @@ jobs: @@ -291,41 +228,39 @@ jobs:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to Azure ACR
run: az acr login -n bitwardenprod
run: az acr login -n $_AZ_REGISTRY --only-show-errors
- name: Pull latest project image
if: matrix.origin_docker_repo == 'bitwardenprod.azurecr.io'
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }}
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker pull $ORIGIN_REGISTRY/$PROJECT_NAME:dev
docker pull $_AZ_REGISTRY/$PROJECT_NAME:latest
else
docker pull $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME
docker pull $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME
fi
- name: Tag version and latest
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenprod.azurecr.io
ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }}
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:dev $REGISTRY/$PROJECT_NAME:dryrun
docker tag $_AZ_REGISTRY/$PROJECT_NAME:latest $_AZ_REGISTRY/$PROJECT_NAME:dryrun
else
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:latest
docker tag $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
docker tag $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$PROJECT_NAME:latest
fi
- name: Push version and latest image
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenprod.azurecr.io
run: |
docker push $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
docker push $REGISTRY/$PROJECT_NAME:latest
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker push $_AZ_REGISTRY/$PROJECT_NAME:dryrun
else
docker push $_AZ_REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
docker push $_AZ_REGISTRY/$PROJECT_NAME:latest
fi
- name: Log out of Docker
run: docker logout
@ -350,7 +285,7 @@ jobs: @@ -350,7 +285,7 @@ jobs:
docker-stub-EU-sha256.txt,
swagger.json"
- name: Download latest Release Docker Stubs
- name: Dry Run - Download latest Release Docker Stubs
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@f096207b7a2f31723165aee6ad03e91716686e78
with:

Write Preview
Loading…
Cancel
Save