You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
602 lines
20 KiB
602 lines
20 KiB
--- |
|
name: Build |
|
|
|
on: |
|
push: |
|
branches-ignore: |
|
- "l10n_master" |
|
- "gh-pages" |
|
paths-ignore: |
|
- ".github/workflows/**" |
|
workflow_dispatch: |
|
|
|
env: |
|
_AZ_REGISTRY: "bitwardenprod.azurecr.io" |
|
|
|
jobs: |
|
cloc: |
|
name: CLOC |
|
runs-on: ubuntu-22.04 |
|
steps: |
|
- name: Checkout repo |
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 |
|
|
|
- name: Install cloc |
|
run: | |
|
sudo apt-get update |
|
sudo apt-get -y install cloc |
|
|
|
- name: Print lines of code |
|
run: cloc --include-lang C#,SQL,Razor,"Bourne Shell",PowerShell,HTML,CSS,Sass,JavaScript,TypeScript --vcs git |
|
|
|
lint: |
|
name: Lint |
|
runs-on: ubuntu-22.04 |
|
steps: |
|
- name: Set up dotnet |
|
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 |
|
with: |
|
dotnet-version: "6.0.x" |
|
|
|
- name: Checkout repo |
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 |
|
|
|
- name: Verify Format |
|
run: dotnet format --verify-no-changes |
|
|
|
testing: |
|
name: Testing |
|
runs-on: ubuntu-22.04 |
|
env: |
|
NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages |
|
steps: |
|
- name: Set up dotnet |
|
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 |
|
with: |
|
dotnet-version: "6.0.x" |
|
|
|
- name: Print environment |
|
run: | |
|
dotnet --info |
|
nuget help | grep Version |
|
echo "GitHub ref: $GITHUB_REF" |
|
echo "GitHub event: $GITHUB_EVENT" |
|
|
|
- name: Checkout repo |
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 |
|
|
|
- name: Restore |
|
run: dotnet restore --locked-mode |
|
shell: pwsh |
|
|
|
- name: Remove SQL proj |
|
run: dotnet sln bitwarden-server.sln remove src/Sql/Sql.sqlproj |
|
|
|
- name: Build OSS solution |
|
run: dotnet build bitwarden-server.sln -p:Configuration=Debug -p:DefineConstants="OSS" --verbosity minimal |
|
shell: pwsh |
|
|
|
- name: Build solution |
|
run: dotnet build bitwarden-server.sln -p:Configuration=Debug --verbosity minimal |
|
shell: pwsh |
|
|
|
- name: Test OSS solution |
|
run: dotnet test ./test --configuration Debug --no-build --logger "trx;LogFileName=oss-test-results.trx" |
|
shell: pwsh |
|
|
|
- name: Test Bitwarden solution |
|
run: dotnet test ./bitwarden_license/test --configuration Debug --no-build --logger "trx;LogFileName=bw-test-results.trx" |
|
shell: pwsh |
|
|
|
- name: Report test results |
|
uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0 |
|
if: always() |
|
with: |
|
name: Test Results |
|
path: "**/*-test-results.trx" |
|
reporter: dotnet-trx |
|
fail-on-error: true |
|
|
|
build-artifacts: |
|
name: Build artifacts |
|
runs-on: ubuntu-22.04 |
|
needs: |
|
- testing |
|
- lint |
|
strategy: |
|
fail-fast: false |
|
matrix: |
|
include: |
|
- project_name: Admin |
|
base_path: ./src |
|
node: true |
|
- project_name: Api |
|
base_path: ./src |
|
- project_name: Billing |
|
base_path: ./src |
|
- project_name: Events |
|
base_path: ./src |
|
- project_name: EventsProcessor |
|
base_path: ./src |
|
- project_name: Icons |
|
base_path: ./src |
|
- project_name: Identity |
|
base_path: ./src |
|
- project_name: MsSqlMigratorUtility |
|
base_path: ./util |
|
dotnet: true |
|
- project_name: Notifications |
|
base_path: ./src |
|
- project_name: Scim |
|
base_path: ./bitwarden_license/src |
|
dotnet: true |
|
- project_name: Server |
|
base_path: ./util |
|
- project_name: Setup |
|
base_path: ./util |
|
- project_name: Sso |
|
base_path: ./bitwarden_license/src |
|
node: true |
|
steps: |
|
- name: Set up dotnet |
|
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 |
|
with: |
|
dotnet-version: "6.0.x" |
|
|
|
- name: Checkout repo |
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 |
|
|
|
- name: Set up Node |
|
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 |
|
with: |
|
cache: "npm" |
|
cache-dependency-path: "**/package-lock.json" |
|
node-version: "16" |
|
|
|
- name: Print environment |
|
run: | |
|
whoami |
|
dotnet --info |
|
node --version |
|
npm --version |
|
echo "GitHub ref: $GITHUB_REF" |
|
echo "GitHub event: $GITHUB_EVENT" |
|
|
|
- name: Restore/Clean project |
|
working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }} |
|
run: | |
|
echo "Restore" |
|
dotnet restore |
|
echo "Clean" |
|
dotnet clean -c "Release" -o obj/build-output/publish |
|
|
|
- name: Build node |
|
if: ${{ matrix.node }} |
|
working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }} |
|
run: | |
|
npm ci |
|
npm run build |
|
|
|
- name: Publish project |
|
working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }} |
|
run: | |
|
echo "Publish" |
|
dotnet publish -c "Release" -o obj/build-output/publish |
|
|
|
cd obj/build-output/publish |
|
zip -r ${{ matrix.project_name }}.zip . |
|
mv ${{ matrix.project_name }}.zip ../../../ |
|
|
|
pwd |
|
ls -atlh ../../../ |
|
|
|
- name: Upload project artifact |
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 |
|
with: |
|
name: ${{ matrix.project_name }}.zip |
|
path: ${{ matrix.base_path }}/${{ matrix.project_name }}/${{ matrix.project_name }}.zip |
|
if-no-files-found: error |
|
|
|
build-docker: |
|
name: Build Docker images |
|
runs-on: ubuntu-22.04 |
|
needs: build-artifacts |
|
strategy: |
|
fail-fast: false |
|
matrix: |
|
include: |
|
- project_name: Admin |
|
base_path: ./src |
|
dotnet: true |
|
- project_name: Api |
|
base_path: ./src |
|
dotnet: true |
|
- project_name: Attachments |
|
base_path: ./util |
|
- project_name: Billing |
|
base_path: ./src |
|
dotnet: true |
|
- project_name: Events |
|
base_path: ./src |
|
dotnet: true |
|
- project_name: EventsProcessor |
|
base_path: ./src |
|
dotnet: true |
|
- project_name: Icons |
|
base_path: ./src |
|
dotnet: true |
|
- project_name: Identity |
|
base_path: ./src |
|
dotnet: true |
|
- project_name: MsSql |
|
base_path: ./util |
|
- project_name: MsSqlMigratorUtility |
|
base_path: ./util |
|
dotnet: true |
|
- project_name: Nginx |
|
base_path: ./util |
|
- project_name: Notifications |
|
base_path: ./src |
|
dotnet: true |
|
- project_name: Scim |
|
base_path: ./bitwarden_license/src |
|
dotnet: true |
|
- project_name: Server |
|
base_path: ./util |
|
dotnet: true |
|
- project_name: Setup |
|
base_path: ./util |
|
dotnet: true |
|
- project_name: Sso |
|
base_path: ./bitwarden_license/src |
|
dotnet: true |
|
steps: |
|
- name: Checkout repo |
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 |
|
|
|
- name: Check Branch to Publish |
|
env: |
|
PUBLISH_BRANCHES: "master,rc,hotfix-rc" |
|
id: publish-branch-check |
|
run: | |
|
IFS="," read -a publish_branches <<< $PUBLISH_BRANCHES |
|
|
|
if [[ " ${publish_branches[*]} " =~ " ${GITHUB_REF:11} " ]]; then |
|
echo "is_publish_branch=true" >> $GITHUB_ENV |
|
else |
|
echo "is_publish_branch=false" >> $GITHUB_ENV |
|
fi |
|
|
|
########## ACRs ########## |
|
- name: Login to Azure - PROD Subscription |
|
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 |
|
with: |
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} |
|
|
|
- name: Login to PROD ACR |
|
run: az acr login -n bitwardenprod |
|
|
|
- name: Login to Azure - CI Subscription |
|
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 |
|
with: |
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} |
|
|
|
- name: Retrieve github PAT secrets |
|
id: retrieve-secret-pat |
|
uses: bitwarden/gh-actions/get-keyvault-secrets@f096207b7a2f31723165aee6ad03e91716686e78 |
|
with: |
|
keyvault: "bitwarden-ci" |
|
secrets: "github-pat-bitwarden-devops-bot-repo-scope" |
|
|
|
########## Generate image tag and build Docker image ########## |
|
- name: Generate Docker image tag |
|
id: tag |
|
run: | |
|
IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name |
|
if [[ "$IMAGE_TAG" == "master" ]]; then |
|
IMAGE_TAG=dev |
|
fi |
|
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT |
|
|
|
- name: Setup project name |
|
id: setup |
|
run: | |
|
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}') |
|
echo "Matrix name: ${{ matrix.project_name }}" |
|
echo "PROJECT_NAME: $PROJECT_NAME" |
|
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT |
|
|
|
- name: Generate image full name |
|
id: image-name |
|
env: |
|
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }} |
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
run: echo "name=${_AZ_REGISTRY}/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT |
|
|
|
- name: Get build artifact |
|
if: ${{ matrix.dotnet }} |
|
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 |
|
with: |
|
name: ${{ matrix.project_name }}.zip |
|
|
|
- name: Setup build artifact |
|
if: ${{ matrix.dotnet }} |
|
run: | |
|
mkdir -p ${{ matrix.base_path}}/${{ matrix.project_name }}/obj/build-output/publish |
|
unzip ${{ matrix.project_name }}.zip \ |
|
-d ${{ matrix.base_path }}/${{ matrix.project_name }}/obj/build-output/publish |
|
|
|
- name: Build Docker image |
|
uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3.3.1 |
|
with: |
|
context: ${{ matrix.base_path }}/${{ matrix.project_name }} |
|
file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile |
|
platforms: linux/amd64 |
|
push: true |
|
tags: ${{ steps.image-name.outputs.name }} |
|
secrets: | |
|
"GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}" |
|
|
|
upload: |
|
name: Upload |
|
runs-on: ubuntu-22.04 |
|
needs: build-docker |
|
steps: |
|
- name: Login to Azure - PROD Subscription |
|
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 |
|
with: |
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} |
|
|
|
- name: Login to PROD ACR |
|
run: az acr login -n $_AZ_REGISTRY --only-show-errors |
|
|
|
- name: Set up dotnet |
|
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 |
|
with: |
|
dotnet-version: "6.0.x" |
|
|
|
- name: Checkout repo |
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 |
|
|
|
- name: Restore |
|
run: dotnet tool restore |
|
|
|
- name: Make Docker stubs |
|
if: github.ref == 'refs/heads/master' || |
|
github.ref == 'refs/heads/rc' || |
|
github.ref == 'refs/heads/hotfix-rc' |
|
run: | |
|
# Set proper setup image based on branch |
|
case "${{ github.ref }}" in |
|
"refs/heads/master") |
|
SETUP_IMAGE="$_AZ_REGISTRY/setup:dev" |
|
;; |
|
"refs/heads/rc") |
|
SETUP_IMAGE="$_AZ_REGISTRY/setup:rc" |
|
;; |
|
"refs/heads/hotfix-rc") |
|
SETUP_IMAGE="$_AZ_REGISTRY/setup:hotfix-rc" |
|
;; |
|
esac |
|
|
|
STUB_OUTPUT=$(pwd)/docker-stub |
|
|
|
# Run setup |
|
docker run -i --rm --name setup -v $STUB_OUTPUT/US:/bitwarden $SETUP_IMAGE \ |
|
dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin -cloud-region US |
|
docker run -i --rm --name setup -v $STUB_OUTPUT/EU:/bitwarden $SETUP_IMAGE \ |
|
dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin -cloud-region EU |
|
|
|
sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT |
|
|
|
# Remove extra directories and files |
|
rm -rf $STUB_OUTPUT/US/letsencrypt |
|
rm -rf $STUB_OUTPUT/EU/letsencrypt |
|
rm $STUB_OUTPUT/US/env/uid.env $STUB_OUTPUT/US/config.yml |
|
rm $STUB_OUTPUT/EU/env/uid.env $STUB_OUTPUT/EU/config.yml |
|
|
|
# Create uid environment files |
|
touch $STUB_OUTPUT/US/env/uid.env |
|
touch $STUB_OUTPUT/EU/env/uid.env |
|
|
|
# Zip up the Docker stub files |
|
cd docker-stub/US; zip -r ../../docker-stub-US.zip *; cd ../.. |
|
cd docker-stub/EU; zip -r ../../docker-stub-EU.zip *; cd ../.. |
|
|
|
- name: Make Docker stub checksums |
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc' |
|
run: | |
|
sha256sum docker-stub-US.zip > docker-stub-US-sha256.txt |
|
sha256sum docker-stub-EU.zip > docker-stub-EU-sha256.txt |
|
|
|
- name: Upload Docker stub US artifact |
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc' |
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 |
|
with: |
|
name: docker-stub-US.zip |
|
path: docker-stub-US.zip |
|
if-no-files-found: error |
|
|
|
- name: Upload Docker stub EU artifact |
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc' |
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 |
|
with: |
|
name: docker-stub-EU.zip |
|
path: docker-stub-EU.zip |
|
if-no-files-found: error |
|
|
|
- name: Upload Docker stub US checksum artifact |
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc' |
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 |
|
with: |
|
name: docker-stub-US-sha256.txt |
|
path: docker-stub-US-sha256.txt |
|
if-no-files-found: error |
|
|
|
- name: Upload Docker stub EU checksum artifact |
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc' |
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 |
|
with: |
|
name: docker-stub-EU-sha256.txt |
|
path: docker-stub-EU-sha256.txt |
|
if-no-files-found: error |
|
|
|
- name: Build Swagger |
|
run: | |
|
cd ./src/Api |
|
echo "Restore" |
|
dotnet restore |
|
echo "Clean" |
|
dotnet clean -c "Release" -o obj/build-output/publish |
|
echo "Publish" |
|
dotnet publish -c "Release" -o obj/build-output/publish |
|
|
|
dotnet swagger tofile --output ../../swagger.json --host https://api.bitwarden.com \ |
|
./obj/build-output/publish/Api.dll public |
|
cd ../.. |
|
env: |
|
ASPNETCORE_ENVIRONMENT: Production |
|
swaggerGen: "True" |
|
DOTNET_ROLL_FORWARD_ON_NO_CANDIDATE_FX: 2 |
|
GLOBALSETTINGS__SQLSERVER__CONNECTIONSTRING: "placeholder" |
|
|
|
- name: Upload Swagger artifact |
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 |
|
with: |
|
name: swagger.json |
|
path: swagger.json |
|
if-no-files-found: error |
|
|
|
build-mssqlmigratorutility: |
|
name: Build MsSqlMigratorUtility |
|
runs-on: ubuntu-22.04 |
|
needs: lint |
|
defaults: |
|
run: |
|
shell: bash |
|
working-directory: "util/MsSqlMigratorUtility" |
|
strategy: |
|
fail-fast: false |
|
matrix: |
|
target: |
|
- osx-x64 |
|
- linux-x64 |
|
- win-x64 |
|
steps: |
|
- name: Set up dotnet |
|
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 |
|
with: |
|
dotnet-version: "6.0.x" |
|
|
|
- name: Checkout repo |
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 |
|
|
|
- name: Print environment |
|
run: | |
|
whoami |
|
dotnet --info |
|
echo "GitHub ref: $GITHUB_REF" |
|
echo "GitHub event: $GITHUB_EVENT" |
|
|
|
- name: Restore project |
|
run: | |
|
echo "Restore" |
|
dotnet restore |
|
|
|
- name: Publish project |
|
run: | |
|
dotnet publish -c "Release" -o obj/build-output/publish -r ${{ matrix.target }} -p:PublishSingleFile=true \ |
|
-p:IncludeNativeLibrariesForSelfExtract=true --self-contained true |
|
|
|
- name: Upload project artifact Windows |
|
if: ${{ contains(matrix.target, 'win') == true }} |
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 |
|
with: |
|
name: MsSqlMigratorUtility-${{ matrix.target }} |
|
path: util/MsSqlMigratorUtility/obj/build-output/publish/MsSqlMigratorUtility.exe |
|
if-no-files-found: error |
|
|
|
- name: Upload project artifact |
|
if: ${{ contains(matrix.target, 'win') == false }} |
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 |
|
with: |
|
name: MsSqlMigratorUtility-${{ matrix.target }} |
|
path: util/MsSqlMigratorUtility/obj/build-output/publish/MsSqlMigratorUtility |
|
if-no-files-found: error |
|
|
|
self-host-build: |
|
name: Self-host build |
|
needs: build-docker |
|
uses: bitwarden/self-host/.github/workflows/build-unified.yml@master |
|
with: |
|
server_branch: ${{ github.ref_name }} |
|
secrets: inherit |
|
|
|
check-failures: |
|
name: Check for failures |
|
if: always() |
|
runs-on: ubuntu-22.04 |
|
needs: |
|
- cloc |
|
- lint |
|
- testing |
|
- build-artifacts |
|
- build-docker |
|
- upload |
|
- build-mssqlmigratorutility |
|
- self-host-build |
|
steps: |
|
- name: Check if any job failed |
|
if: | |
|
github.ref == 'refs/heads/master' |
|
|| github.ref == 'refs/heads/rc' |
|
|| github.ref == 'refs/heads/hotfix-rc' |
|
env: |
|
CLOC_STATUS: ${{ needs.cloc.result }} |
|
LINT_STATUS: ${{ needs.lint.result }} |
|
TESTING_STATUS: ${{ needs.testing.result }} |
|
BUILD_ARTIFACTS_STATUS: ${{ needs.build-artifacts.result }} |
|
BUILD_DOCKER_STATUS: ${{ needs.build-docker.result }} |
|
UPLOAD_STATUS: ${{ needs.upload.result }} |
|
BUILD_MSSQLMIGRATORUTILITY_STATUS: ${{ needs.build-mssqlmigratorutility.result }} |
|
TRIGGER_SELF_HOST_BUILD_STATUS: ${{ needs.self-host-build.result }} |
|
run: | |
|
if [ "$CLOC_STATUS" = "failure" ]; then |
|
exit 1 |
|
elif [ "$LINT_STATUS" = "failure" ]; then |
|
exit 1 |
|
elif [ "$TESTING_STATUS" = "failure" ]; then |
|
exit 1 |
|
elif [ "$BUILD_ARTIFACTS_STATUS" = "failure" ]; then |
|
exit 1 |
|
elif [ "$BUILD_DOCKER_STATUS" = "failure" ]; then |
|
exit 1 |
|
elif [ "$UPLOAD_STATUS" = "failure" ]; then |
|
exit 1 |
|
elif [ "$BUILD_MSSQLMIGRATORUTILITY_STATUS" = "failure" ]; then |
|
exit 1 |
|
elif [ "$TRIGGER_SELF_HOST_BUILD_STATUS" = "failure" ]; then |
|
exit 1 |
|
fi |
|
|
|
- name: Login to Azure - CI subscription |
|
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 |
|
if: failure() |
|
with: |
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} |
|
|
|
- name: Retrieve secrets |
|
id: retrieve-secrets |
|
uses: bitwarden/gh-actions/get-keyvault-secrets@f096207b7a2f31723165aee6ad03e91716686e78 |
|
if: failure() |
|
with: |
|
keyvault: "bitwarden-ci" |
|
secrets: "devops-alerts-slack-webhook-url" |
|
|
|
- name: Notify Slack on failure |
|
uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 |
|
if: failure() |
|
env: |
|
SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} |
|
with: |
|
status: ${{ job.status }}
|
|
|