bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-11 13:53:34 +00:00
Code Issues Releases Wiki Activity

Revert "[BRE-1022] Switching to use AZ Managed Identities (#15830)" (#15831)

Browse Source 
This reverts commit 4b08e9da30.
This commit is contained in:
Andy Pixley
2025-07-29 15:38:56 -04:00
committed by GitHub
parent 4b08e9da30
commit ca48c964d2
1 changed files with 43 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
.github/workflows/deploy-web.yml vendored
View File

@@ -69,6 +69,7 @@ jobs:
azure_login_client_key_name: ${{ steps.config.outputs.azure_login_client_key_name }} azure_login_client_key_name: ${{ steps.config.outputs.azure_login_client_key_name }}
azure_login_subscription_id_key_name: ${{ steps.config.outputs.azure_login_subscription_id_key_name }} azure_login_subscription_id_key_name: ${{ steps.config.outputs.azure_login_subscription_id_key_name }}
retrieve_secrets_keyvault: ${{ steps.config.outputs.retrieve_secrets_keyvault }} retrieve_secrets_keyvault: ${{ steps.config.outputs.retrieve_secrets_keyvault }}
sync_utility: ${{ steps.config.outputs.sync_utility }}
sync_delete_destination_files: ${{ steps.config.outputs.sync_delete_destination_files }} sync_delete_destination_files: ${{ steps.config.outputs.sync_delete_destination_files }}
slack_channel_name: ${{ steps.config.outputs.slack_channel_name }} slack_channel_name: ${{ steps.config.outputs.slack_channel_name }}
steps: steps:
@@ -126,6 +127,8 @@ jobs:
echo "slack_channel_name=alerts-deploy-dev" >> $GITHUB_OUTPUT echo "slack_channel_name=alerts-deploy-dev" >> $GITHUB_OUTPUT
;; ;;
esac esac
# Set the sync utility to use for deployment to the environment (az-sync or azcopy)
echo "sync_utility=azcopy" >> $GITHUB_OUTPUT
- name: Environment Protection - name: Environment Protection
env: env:
@@ -334,6 +337,32 @@ jobs:
description: 'Deployment from branch/tag: ${{ inputs.branch-or-tag }}' description: 'Deployment from branch/tag: ${{ inputs.branch-or-tag }}'
ref: ${{ needs.artifact-check.outputs.artifact_build_commit }} ref: ${{ needs.artifact-check.outputs.artifact_build_commit }}
- name: Login to Azure
uses: bitwarden/gh-actions/azure-login@main
with:
subscription_id: ${{ secrets[needs.setup.outputs.azure_login_subscription_id_key_name] }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
client_id: ${{ secrets[needs.setup.outputs.azure_login_client_key_name] }}
- name: Retrieve Storage Account connection string for az sync
if: ${{ needs.setup.outputs.sync_utility == 'az-sync' }}
id: retrieve-secrets-az-sync
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ needs.setup.outputs.retrieve_secrets_keyvault }}
secrets: "sa-bitwarden-web-vault-dev-key-temp"
- name: Retrieve Storage Account name and SPN credentials for azcopy
if: ${{ needs.setup.outputs.sync_utility == 'azcopy' }}
id: retrieve-secrets-azcopy
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ needs.setup.outputs.retrieve_secrets_keyvault }}
secrets: "sa-bitwarden-web-vault-name,sp-bitwarden-web-vault-password,sp-bitwarden-web-vault-appid,sp-bitwarden-web-vault-tenant"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
- name: 'Download latest cloud asset using GitHub Run ID: ${{ inputs.build-web-run-id }}' - name: 'Download latest cloud asset using GitHub Run ID: ${{ inputs.build-web-run-id }}'
if: ${{ inputs.build-web-run-id }} if: ${{ inputs.build-web-run-id }}
uses: bitwarden/gh-actions/download-artifacts@main uses: bitwarden/gh-actions/download-artifacts@main
@@ -360,32 +389,28 @@ jobs:
working-directory: apps/web working-directory: apps/web
run: unzip ${{ env._ENVIRONMENT_ARTIFACT }} run: unzip ${{ env._ENVIRONMENT_ARTIFACT }}
- name: Login to Azure - name: Sync to Azure Storage Account using az storage blob sync
uses: bitwarden/gh-actions/azure-login@main if: ${{ needs.setup.outputs.sync_utility == 'az-sync' }}
with: working-directory: apps/web
subscription_id: ${{ secrets[needs.setup.outputs.azure_login_subscription_id_key_name] }} run: |
tenant_id: ${{ secrets.AZURE_TENANT_ID }} az storage blob sync \
client_id: ${{ secrets[needs.setup.outputs.azure_login_client_key_name] }} --source "./build" \
--container '$web' \
- name: Retrieve Storage Account name and SPN credentials for azcopy --connection-string "${{ steps.retrieve-secrets-az-sync.outputs.sa-bitwarden-web-vault-dev-key-temp }}" \
id: retrieve-secrets-azcopy --delete-destination=${{ inputs.force-delete-destination }}
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ needs.setup.outputs.retrieve_secrets_keyvault }}
secrets: "sa-bitwarden-web-vault-name"
- name: Sync to Azure Storage Account using azcopy - name: Sync to Azure Storage Account using azcopy
if: ${{ needs.setup.outputs.sync_utility == 'azcopy' }}
working-directory: apps/web working-directory: apps/web
env: env:
AZCOPY_AUTO_LOGIN_TYPE: AZCLI AZCOPY_AUTO_LOGIN_TYPE: SPN
AZCOPY_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} AZCOPY_SPA_APPLICATION_ID: ${{ steps.retrieve-secrets-azcopy.outputs.sp-bitwarden-web-vault-appid }}
AZCOPY_SPA_CLIENT_SECRET: ${{ steps.retrieve-secrets-azcopy.outputs.sp-bitwarden-web-vault-password }}
AZCOPY_TENANT_ID: ${{ steps.retrieve-secrets-azcopy.outputs.sp-bitwarden-web-vault-tenant }}
run: | run: |
azcopy sync ./build 'https://${{ steps.retrieve-secrets-azcopy.outputs.sa-bitwarden-web-vault-name }}.blob.core.windows.net/$web/' \ azcopy sync ./build 'https://${{ steps.retrieve-secrets-azcopy.outputs.sa-bitwarden-web-vault-name }}.blob.core.windows.net/$web/' \
--delete-destination=${{ inputs.force-delete-destination }} --compare-hash="MD5" --delete-destination=${{ inputs.force-delete-destination }} --compare-hash="MD5"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
- name: Debug sync logs - name: Debug sync logs
if: ${{ inputs.debug }} if: ${{ inputs.debug }}
run: cat /home/runner/.azcopy/*.log run: cat /home/runner/.azcopy/*.log