You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
315 lines
11 KiB
315 lines
11 KiB
--- |
|
name: Release |
|
run-name: Release ${{ inputs.release_type }} |
|
|
|
on: |
|
workflow_dispatch: |
|
inputs: |
|
release_type: |
|
description: "Release Options" |
|
required: true |
|
default: "Initial Release" |
|
type: choice |
|
options: |
|
- Initial Release |
|
- Redeploy |
|
- Dry Run |
|
|
|
env: |
|
_AZ_REGISTRY: "bitwardenprod.azurecr.io" |
|
|
|
jobs: |
|
setup: |
|
name: Setup |
|
runs-on: ubuntu-22.04 |
|
outputs: |
|
release_version: ${{ steps.version.outputs.version }} |
|
branch-name: ${{ steps.branch.outputs.branch-name }} |
|
steps: |
|
- name: Branch check |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
run: | |
|
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then |
|
echo "===================================" |
|
echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" |
|
echo "===================================" |
|
exit 1 |
|
fi |
|
|
|
- name: Check out repo |
|
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 |
|
|
|
- name: Check release version |
|
id: version |
|
uses: bitwarden/gh-actions/release-version-check@main |
|
with: |
|
release-type: ${{ github.event.inputs.release_type }} |
|
project-type: dotnet |
|
file: Directory.Build.props |
|
|
|
- name: Get branch name |
|
id: branch |
|
run: | |
|
BRANCH_NAME=$(basename ${{ github.ref }}) |
|
echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT |
|
|
|
deploy: |
|
name: Deploy |
|
runs-on: ubuntu-22.04 |
|
needs: setup |
|
strategy: |
|
fail-fast: false |
|
matrix: |
|
include: |
|
- name: Admin |
|
- name: Api |
|
- name: Billing |
|
- name: Events |
|
- name: Identity |
|
- name: Sso |
|
steps: |
|
- name: Setup |
|
id: setup |
|
run: | |
|
NAME_LOWER=$(echo "${{ matrix.name }}" | awk '{print tolower($0)}') |
|
echo "Matrix name: ${{ matrix.name }}" |
|
echo "NAME_LOWER: $NAME_LOWER" |
|
echo "name_lower=$NAME_LOWER" >> $GITHUB_OUTPUT |
|
|
|
- name: Create GitHub deployment for ${{ matrix.name }} |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5 |
|
id: deployment |
|
with: |
|
token: "${{ secrets.GITHUB_TOKEN }}" |
|
initial-status: "in_progress" |
|
environment: "Production Cloud" |
|
task: "deploy" |
|
description: "Deploy from ${{ needs.setup.outputs.branch-name }} branch" |
|
|
|
- name: Download latest release ${{ matrix.name }} asset |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
uses: bitwarden/gh-actions/download-artifacts@main |
|
with: |
|
workflow: build.yml |
|
workflow_conclusion: success |
|
branch: ${{ needs.setup.outputs.branch-name }} |
|
artifacts: ${{ matrix.name }}.zip |
|
|
|
- name: Dry run - Download latest release ${{ matrix.name }} asset |
|
if: ${{ github.event.inputs.release_type == 'Dry Run' }} |
|
uses: bitwarden/gh-actions/download-artifacts@main |
|
with: |
|
workflow: build.yml |
|
workflow_conclusion: success |
|
branch: main |
|
artifacts: ${{ matrix.name }}.zip |
|
|
|
- name: Log in to Azure - CI subscription |
|
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 |
|
with: |
|
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} |
|
|
|
- name: Retrieve secrets |
|
id: retrieve-secrets |
|
env: |
|
VAULT_NAME: "bitwarden-ci" |
|
run: | |
|
webapp_name=$( |
|
az keyvault secret show --vault-name $VAULT_NAME \ |
|
--name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \ |
|
--query value --output tsv |
|
) |
|
publish_profile=$( |
|
az keyvault secret show --vault-name $VAULT_NAME \ |
|
--name appservices-${{ steps.setup.outputs.name_lower }}-webapp-publish-profile \ |
|
--query value --output tsv |
|
) |
|
echo "::add-mask::$webapp_name" |
|
echo "webapp-name=$webapp_name" >> $GITHUB_OUTPUT |
|
echo "::add-mask::$publish_profile" |
|
echo "publish-profile=$publish_profile" >> $GITHUB_OUTPUT |
|
|
|
- name: Log in to Azure |
|
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 |
|
with: |
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} |
|
|
|
- name: Deploy app |
|
uses: azure/webapps-deploy@4bca689e4c7129e55923ea9c45401b22dc6aa96f # v2.2.11 |
|
with: |
|
app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }} |
|
publish-profile: ${{ steps.retrieve-secrets.outputs.publish-profile }} |
|
package: ./${{ matrix.name }}.zip |
|
slot-name: "staging" |
|
|
|
- name: Start staging slot |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
env: |
|
SERVICE: ${{ matrix.name }} |
|
WEBAPP_NAME: ${{ steps.retrieve-secrets.outputs.webapp-name }} |
|
run: | |
|
if [[ "$SERVICE" = "Api" ]] || [[ "$SERVICE" = "Identity" ]]; then |
|
RESOURCE_GROUP=bitwardenappservices |
|
else |
|
RESOURCE_GROUP=bitwarden |
|
fi |
|
az webapp start -n $WEBAPP_NAME -g $RESOURCE_GROUP -s staging |
|
|
|
- name: Update ${{ matrix.name }} deployment status to success |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} |
|
uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 |
|
with: |
|
token: "${{ secrets.GITHUB_TOKEN }}" |
|
state: "success" |
|
deployment-id: ${{ steps.deployment.outputs.deployment_id }} |
|
|
|
- name: Update ${{ matrix.name }} deployment status to failure |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} |
|
uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 |
|
with: |
|
token: "${{ secrets.GITHUB_TOKEN }}" |
|
state: "failure" |
|
deployment-id: ${{ steps.deployment.outputs.deployment_id }} |
|
|
|
release-docker: |
|
name: Build Docker images |
|
runs-on: ubuntu-22.04 |
|
needs: setup |
|
env: |
|
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} |
|
_BRANCH_NAME: ${{ needs.setup.outputs.branch-name }} |
|
strategy: |
|
fail-fast: false |
|
matrix: |
|
include: |
|
- project_name: Admin |
|
- project_name: Api |
|
- project_name: Attachments |
|
- project_name: Billing |
|
- project_name: Events |
|
- project_name: EventsProcessor |
|
- project_name: Icons |
|
- project_name: Identity |
|
- project_name: MsSql |
|
- project_name: MsSqlMigratorUtility |
|
- project_name: Nginx |
|
- project_name: Notifications |
|
- project_name: Scim |
|
- project_name: Server |
|
- project_name: Setup |
|
- project_name: Sso |
|
steps: |
|
- name: Print environment |
|
env: |
|
RELEASE_OPTION: ${{ github.event.inputs.release_type }} |
|
run: | |
|
whoami |
|
docker --version |
|
echo "GitHub ref: $GITHUB_REF" |
|
echo "GitHub event: $GITHUB_EVENT" |
|
echo "Github Release Option: $RELEASE_OPTION" |
|
|
|
- name: Check out repo |
|
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 |
|
|
|
- name: Set up project name |
|
id: setup |
|
run: | |
|
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}') |
|
echo "Matrix name: ${{ matrix.project_name }}" |
|
echo "PROJECT_NAME: $PROJECT_NAME" |
|
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT |
|
|
|
########## ACR PROD ########## |
|
- name: Log in to Azure - production subscription |
|
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 |
|
with: |
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} |
|
|
|
- name: Log in to Azure ACR |
|
run: az acr login -n $_AZ_REGISTRY --only-show-errors |
|
|
|
- name: Pull latest project image |
|
env: |
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
run: | |
|
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then |
|
docker pull $_AZ_REGISTRY/$PROJECT_NAME:latest |
|
else |
|
docker pull $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME |
|
fi |
|
|
|
- name: Tag version and latest |
|
env: |
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
run: | |
|
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then |
|
docker tag $_AZ_REGISTRY/$PROJECT_NAME:latest $_AZ_REGISTRY/$PROJECT_NAME:dryrun |
|
else |
|
docker tag $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION |
|
docker tag $_AZ_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$PROJECT_NAME:latest |
|
fi |
|
|
|
- name: Push version and latest image |
|
env: |
|
PROJECT_NAME: ${{ steps.setup.outputs.project_name }} |
|
run: | |
|
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then |
|
docker push $_AZ_REGISTRY/$PROJECT_NAME:dryrun |
|
else |
|
docker push $_AZ_REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION |
|
docker push $_AZ_REGISTRY/$PROJECT_NAME:latest |
|
fi |
|
|
|
- name: Log out of Docker |
|
run: docker logout |
|
|
|
release: |
|
name: Create GitHub release |
|
runs-on: ubuntu-22.04 |
|
needs: |
|
- setup |
|
- deploy |
|
steps: |
|
- name: Download latest release Docker stubs |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
uses: bitwarden/gh-actions/download-artifacts@main |
|
with: |
|
workflow: build.yml |
|
workflow_conclusion: success |
|
branch: ${{ needs.setup.outputs.branch-name }} |
|
artifacts: "docker-stub-US.zip, |
|
docker-stub-US-sha256.txt, |
|
docker-stub-EU.zip, |
|
docker-stub-EU-sha256.txt, |
|
swagger.json" |
|
|
|
- name: Dry Run - Download latest release Docker stubs |
|
if: ${{ github.event.inputs.release_type == 'Dry Run' }} |
|
uses: bitwarden/gh-actions/download-artifacts@main |
|
with: |
|
workflow: build.yml |
|
workflow_conclusion: success |
|
branch: main |
|
artifacts: "docker-stub-US.zip, |
|
docker-stub-US-sha256.txt, |
|
docker-stub-EU.zip, |
|
docker-stub-EU-sha256.txt, |
|
swagger.json" |
|
|
|
- name: Create release |
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }} |
|
uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0 |
|
with: |
|
artifacts: "docker-stub-US.zip, |
|
docker-stub-US-sha256.txt, |
|
docker-stub-EU.zip, |
|
docker-stub-EU-sha256.txt, |
|
swagger.json" |
|
commit: ${{ github.sha }} |
|
tag: "v${{ needs.setup.outputs.release_version }}" |
|
name: "Version ${{ needs.setup.outputs.release_version }}" |
|
body: "<insert release notes here>" |
|
token: ${{ secrets.GITHUB_TOKEN }} |
|
draft: true
|
|
|