You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
355 lines
13 KiB
355 lines
13 KiB
--- |
|
name: Release |
|
run-name: Release ${{ inputs.release_type }} |
|
|
|
on: |
|
workflow_dispatch: |
|
inputs: |
|
release_type: |
|
description: "Release Options" |
|
required: true |
|
default: "Initial Release" |
|
type: choice |
|
options: |
|
- Initial Release |
|
- Redeploy |
|
- Dry Run |
|
|
|
jobs: |
|
setup: |
|
name: Setup |
|
runs-on: ubuntu-22.04 |
|
outputs: |
|
release_version: ${{ steps.version.outputs.version }} |
|
branch-name: ${{ steps.branch.outputs.branch-name }} |
|
steps: |
|
- name: Branch check |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
run: | |
|
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then |
|
echo "===================================" |
|
echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" |
|
echo "===================================" |
|
exit 1 |
|
fi |
|
|
|
- name: Checkout repo |
|
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 |
|
|
|
- name: Check Release Version |
|
id: version |
|
uses: bitwarden/gh-actions/release-version-check@4cf17a5ff15a995a2daf2b60ba371e5c9907c068 |
|
with: |
|
release-type: ${{ github.event.inputs.release_type }} |
|
project-type: dotnet |
|
file: Directory.Build.props |
|
|
|
- name: Get branch name |
|
id: branch |
|
run: | |
|
BRANCH_NAME=$(basename ${{ github.ref }}) |
|
echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT |
|
|
|
deploy: |
|
name: Deploy |
|
runs-on: ubuntu-22.04 |
|
needs: |
|
- setup |
|
strategy: |
|
fail-fast: false |
|
matrix: |
|
include: |
|
- name: Api |
|
- name: Admin |
|
- name: Billing |
|
- name: Events |
|
- name: Sso |
|
- name: Identity |
|
steps: |
|
- name: Setup |
|
id: setup |
|
run: | |
|
NAME_LOWER=$(echo "${{ matrix.name }}" | awk '{print tolower($0)}') |
|
echo "Matrix name: ${{ matrix.name }}" |
|
echo "NAME_LOWER: $NAME_LOWER" |
|
echo "name_lower=$NAME_LOWER" >> $GITHUB_OUTPUT |
|
|
|
- name: Create GitHub deployment for ${{ matrix.name }} |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
uses: chrnorm/deployment-action@1b599fe41a0ef1f95191e7f2eec4743f2d7dfc48 |
|
id: deployment |
|
with: |
|
token: "${{ secrets.GITHUB_TOKEN }}" |
|
initial-status: "in_progress" |
|
environment: "Production Cloud" |
|
task: "deploy" |
|
description: "Deploy from ${{ needs.setup.outputs.branch-name }} branch" |
|
|
|
- name: Download latest Release ${{ matrix.name }} asset |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a |
|
with: |
|
workflow: build.yml |
|
workflow_conclusion: success |
|
branch: ${{ needs.setup.outputs.branch-name }} |
|
artifacts: ${{ matrix.name }}.zip |
|
|
|
- name: Download latest Release ${{ matrix.name }} asset |
|
if: ${{ github.event.inputs.release_type == 'Dry Run' }} |
|
uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a |
|
with: |
|
workflow: build.yml |
|
workflow_conclusion: success |
|
branch: master |
|
artifacts: ${{ matrix.name }}.zip |
|
|
|
- name: Login to Azure |
|
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf |
|
with: |
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} |
|
|
|
- name: Retrieve secrets |
|
id: retrieve-secrets |
|
env: |
|
VAULT_NAME: "bitwarden-prod-kv" |
|
run: | |
|
webapp_name=$( |
|
az keyvault secret show --vault-name $VAULT_NAME \ |
|
--name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \ |
|
--query value --output tsv |
|
) |
|
publish_profile=$( |
|
az keyvault secret show --vault-name $VAULT_NAME \ |
|
--name appservices-${{ steps.setup.outputs.name_lower }}-webapp-publish-profile \ |
|
--query value --output tsv |
|
) |
|
echo "::add-mask::$webapp_name" |
|
echo "webapp-name=$webapp_name" >> $GITHUB_OUTPUT |
|
echo "::add-mask::$publish_profile" |
|
echo "publish-profile=$publish_profile" >> $GITHUB_OUTPUT |
|
|
|
- name: Deploy App |
|
uses: azure/webapps-deploy@0b651ed7546ecfc75024011f76944cb9b381ef1e |
|
with: |
|
app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }} |
|
publish-profile: ${{ steps.retrieve-secrets.outputs.publish-profile }} |
|
package: ./${{ matrix.name }}.zip |
|
slot-name: "staging" |
|
|
|
- name: Start staging slot |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
env: |
|
SERVICE: ${{ matrix.name }} |
|
WEBAPP_NAME: ${{ steps.retrieve-secrets.outputs.webapp-name }} |
|
run: | |
|
if [[ "$SERVICE" = "Api" ]] || [[ "$SERVICE" = "Identity" ]]; then |
|
RESOURCE_GROUP=bitwardenappservices |
|
else |
|
RESOURCE_GROUP=bitwarden |
|
fi |
|
az webapp start -n $WEBAPP_NAME -g $RESOURCE_GROUP -s staging |
|
|
|
- name: Update ${{ matrix.name }} deployment status to Success |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} |
|
uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86 |
|
with: |
|
token: "${{ secrets.GITHUB_TOKEN }}" |
|
state: "success" |
|
deployment-id: ${{ steps.deployment.outputs.deployment_id }} |
|
|
|
- name: Update ${{ matrix.name }} deployment status to Failure |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} |
|
uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86 |
|
with: |
|
token: "${{ secrets.GITHUB_TOKEN }}" |
|
state: "failure" |
|
deployment-id: ${{ steps.deployment.outputs.deployment_id }} |
|
|
|
release-docker: |
|
name: Build Docker images |
|
runs-on: ubuntu-22.04 |
|
needs: |
|
- setup |
|
env: |
|
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} |
|
_BRANCH_NAME: ${{ needs.setup.outputs.branch-name }} |
|
strategy: |
|
fail-fast: false |
|
matrix: |
|
include: |
|
- project_name: Admin |
|
origin_docker_repo: bitwarden |
|
- project_name: Api |
|
origin_docker_repo: bitwarden |
|
- project_name: Attachments |
|
origin_docker_repo: bitwarden |
|
- project_name: Events |
|
prod_acr: true |
|
origin_docker_repo: bitwarden |
|
- project_name: EventsProcessor |
|
prod_acr: true |
|
origin_docker_repo: bitwardenprod.azurecr.io |
|
- project_name: Icons |
|
origin_docker_repo: bitwarden |
|
prod_acr: true |
|
- project_name: Identity |
|
origin_docker_repo: bitwarden |
|
- project_name: MsSql |
|
origin_docker_repo: bitwarden |
|
- project_name: Nginx |
|
origin_docker_repo: bitwarden |
|
- project_name: Notifications |
|
origin_docker_repo: bitwarden |
|
- project_name: Server |
|
origin_docker_repo: bitwarden |
|
- project_name: Setup |
|
origin_docker_repo: bitwarden |
|
- project_name: Sso |
|
origin_docker_repo: bitwarden |
|
- project_name: Scim |
|
origin_docker_repo: bitwarden |
|
- project_name: Billing |
|
origin_docker_repo: bitwardenprod.azurecr.io |
|
steps: |
|
- name: Print environment |
|
env: |
|
RELEASE_OPTION: ${{ github.event.inputs.release_type }} |
|
run: | |
|
whoami |
|
docker --version |
|
echo "GitHub ref: $GITHUB_REF" |
|
echo "GitHub event: $GITHUB_EVENT" |
|
echo "Github Release Option: $RELEASE_OPTION" |
|
|
|
- name: Checkout repo |
|
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 |
|
|
|
- name: Setup project name |
|
id: setup |
|
run: | |
|
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}') |
|
echo "Matrix name: ${{ matrix.project_name }}" |
|
echo "PROJECT_NAME: $PROJECT_NAME" |
|
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT |
|
|
|
########## DockerHub ########## |
|
- name: Setup DCT |
|
id: setup-dct |
|
if: matrix.origin_docker_repo == 'bitwarden' |
|
uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff |
|
with: |
|
azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} |
|
azure-keyvault-name: "bitwarden-prod-kv" |
|
|
|
- name: Pull latest project image |
|
if: matrix.origin_docker_repo == 'bitwarden' |
|
env: |
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
run: | |
|
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then |
|
docker pull bitwarden/$PROJECT_NAME:latest |
|
else |
|
docker pull bitwarden/$PROJECT_NAME:$_BRANCH_NAME |
|
fi |
|
|
|
- name: Tag version and latest |
|
if: matrix.origin_docker_repo == 'bitwarden' |
|
env: |
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
run: | |
|
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then |
|
docker tag bitwarden/$PROJECT_NAME:latest bitwarden/$PROJECT_NAME:dryrun |
|
else |
|
docker tag bitwarden/$PROJECT_NAME:$_BRANCH_NAME bitwarden/$PROJECT_NAME:$_RELEASE_VERSION |
|
fi |
|
|
|
- name: Push version and latest image |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' && matrix.origin_docker_repo == 'bitwarden' }} |
|
env: |
|
DOCKER_CONTENT_TRUST: 1 |
|
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} |
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
run: docker push bitwarden/$PROJECT_NAME:$_RELEASE_VERSION |
|
|
|
- name: Log out of Docker and disable Docker Notary |
|
if: matrix.origin_docker_repo == 'bitwarden' |
|
run: | |
|
docker logout |
|
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV |
|
|
|
########## ACR PROD ########## |
|
- name: Login to Azure - PROD Subscription |
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a |
|
with: |
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} |
|
|
|
- name: Login to Azure ACR |
|
run: az acr login -n bitwardenprod |
|
|
|
- name: Tag version and latest |
|
env: |
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
REGISTRY: bitwardenprod.azurecr.io |
|
ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }} |
|
run: | |
|
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then |
|
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:latest $REGISTRY/$PROJECT_NAME:dryrun |
|
else |
|
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION |
|
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:latest |
|
fi |
|
|
|
- name: Push version and latest image |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
env: |
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
REGISTRY: bitwardenprod.azurecr.io |
|
run: | |
|
docker push $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION |
|
docker push $REGISTRY/$PROJECT_NAME:latest |
|
|
|
- name: Log out of Docker |
|
run: docker logout |
|
|
|
release: |
|
name: Create GitHub Release |
|
runs-on: ubuntu-22.04 |
|
needs: |
|
- setup |
|
- deploy |
|
steps: |
|
- name: Download latest Release docker-stub |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a |
|
with: |
|
workflow: build.yml |
|
workflow_conclusion: success |
|
branch: ${{ needs.setup.outputs.branch-name }} |
|
artifacts: "docker-stub.zip, |
|
docker-stub-sha256.txt, |
|
swagger.json" |
|
|
|
- name: Download latest Release docker-stub |
|
if: ${{ github.event.inputs.release_type == 'Dry Run' }} |
|
uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a |
|
with: |
|
workflow: build.yml |
|
workflow_conclusion: success |
|
branch: master |
|
artifacts: "docker-stub.zip, |
|
docker-stub-sha256.txt, |
|
swagger.json" |
|
|
|
- name: Create release |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
uses: ncipollo/release-action@40bb172bd05f266cf9ba4ff965cb61e9ee5f6d01 |
|
with: |
|
artifacts: "docker-stub.zip, |
|
docker-stub-sha256.txt, |
|
swagger.json" |
|
commit: ${{ github.sha }} |
|
tag: "v${{ needs.setup.outputs.release_version }}" |
|
name: "Version ${{ needs.setup.outputs.release_version }}" |
|
body: "<insert release notes here>" |
|
token: ${{ secrets.GITHUB_TOKEN }} |
|
draft: true
|
|
|