bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-06 00:13:28 +00:00
Code Issues Releases Wiki Activity
Files
9ee4fd0e44420376411e1ebb70882a8cc6984ff3
browser/.github/workflows/publish-cli.yml
Matt Andreko 9ee4fd0e44 Workflow corrections (#17392) 
Co-authored-by: Amy Galles <9685081+AmyLGalles@users.noreply.github.com>
2025-11-19 14:15:12 -05:00

272 lines
8.7 KiB
YAML
Raw Blame History

name: Publish CLI
run-name: Publish CLI ${{ inputs.publish_type }}
on:
workflow_dispatch:
inputs:
publish_type:
description: 'Publish Options'
required: true
default: 'Initial Publish'
type: choice
options:
- Initial Publish
- Republish
- Dry Run
version:
description: 'Version to publish (default: latest cli release)'
required: true
type: string
default: latest
snap_publish:
description: 'Publish to Snap store'
required: true
default: true
type: boolean
choco_publish:
description: 'Publish to Chocolatey store'
required: true
default: true
type: boolean
npm_publish:
description: 'Publish to npm registry'
required: true
default: true
type: boolean
defaults:
run:
working-directory: apps/cli
jobs:
setup:
name: Setup
runs-on: ubuntu-22.04
outputs:
release_version: ${{ steps.version-output.outputs.version }}
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
defaults:
run:
working-directory: .
permissions:
contents: read
deployments: write
steps:
- name: Branch check
if: ${{ inputs.publish_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-cli" ]]; then
echo "==================================="
echo "[!] Can only publish from the 'rc' or 'hotfix-rc-cli' branches"
echo "==================================="
exit 1
fi
- name: Version output
id: version-output
env:
INPUT_VERSION: ${{ inputs.version }}
run: |
if [[ "$INPUT_VERSION" == "latest" || "$INPUT_VERSION" == "" ]]; then
TAG_NAME=$(curl -s "https://api.github.com/repos/bitwarden/clients/releases" \
| jq -r '.[] | select(.tag_name | contains("cli")) | .tag_name' | head -1)
VERSION="${TAG_NAME#cli-v}"
echo "Latest Released Version: $VERSION"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
else
echo "Release Version: $INPUT_VERSION"
echo "version=$INPUT_VERSION" >> "$GITHUB_OUTPUT"
fi
- name: Create GitHub deployment
if: ${{ inputs.publish_type != 'Dry Run' }}
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
id: deployment
with:
token: '${{ secrets.GITHUB_TOKEN }}'
initial-status: 'in_progress'
environment: 'CLI - Production'
description: 'Deployment ${{ steps.version-output.outputs.version }} from branch ${{ github.ref_name }}'
task: release
snap:
name: Deploy Snap
runs-on: ubuntu-22.04
needs: setup
permissions:
contents: read
packages: read
id-token: write
if: inputs.snap_publish
env:
_PKG_VERSION: ${{ needs.setup.outputs.release_version }}
steps:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main
with:
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "snapcraft-store-token"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
- name: Install Snap
uses: samuelmeuli/action-snapcraft@fceeb3c308e76f3487e72ef608618de625fb7fe8 # v3.0.1
- name: Download artifacts
run: wget "https://github.com/bitwarden/clients/releases/download/cli-v${_PKG_VERSION}/bw_${_PKG_VERSION}_amd64.snap"
- name: Publish Snap & logout
if: ${{ inputs.publish_type != 'Dry Run' }}
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }}
run: |
snapcraft upload "bw_${_PKG_VERSION}_amd64.snap" --release stable
snapcraft logout
choco:
name: Deploy Choco
runs-on: windows-2022
needs: setup
permissions:
contents: read
packages: read
id-token: write
if: inputs.choco_publish
env:
_PKG_VERSION: ${{ needs.setup.outputs.release_version }}
steps:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main
with:
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "cli-choco-api-key"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
- name: Setup Chocolatey
run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
env:
CHOCO_API_KEY: ${{ steps.retrieve-secrets.outputs.cli-choco-api-key }}
- name: Make dist dir
run: New-Item -ItemType directory -Path ./dist
- name: Download artifacts
run: Invoke-WebRequest -Uri "https://github.com/bitwarden/clients/releases/download/cli-v$($env:_PKG_VERSION)/bitwarden-cli.$($env:_PKG_VERSION).nupkg" -OutFile bitwarden-cli.$($env:_PKG_VERSION).nupkg
working-directory: apps/cli/dist
- name: Push to Chocolatey
if: ${{ inputs.publish_type != 'Dry Run' }}
run: choco push --source=https://push.chocolatey.org/
working-directory: apps/cli/dist
npm:
name: Publish NPM
environment: CLI - NPM
runs-on: ubuntu-22.04
needs: setup
permissions:
contents: read
packages: read
id-token: write
if: inputs.npm_publish
env:
_PKG_VERSION: ${{ needs.setup.outputs.release_version }}
steps:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Get Node version
id: retrieve-node-version
working-directory: ./
run: |
NODE_NVMRC=$(cat .nvmrc)
NODE_VERSION=${NODE_NVMRC/v/''}
echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
- name: Set up Node
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
with:
node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
registry-url: "https://registry.npmjs.org/"
- name: Install NPM
run: |
npm install -g npm@latest # npm 11.5.1 or later is required to publish w/ OIDC
npm --version
- name: Download and set up artifact
run: |
mkdir -p build
wget "https://github.com/bitwarden/clients/releases/download/cli-v${_PKG_VERSION}/bitwarden-cli-${_PKG_VERSION}-npm-build.zip"
unzip "bitwarden-cli-${_PKG_VERSION}-npm-build.zip" -d build
- name: Publish NPM
if: ${{ inputs.publish_type != 'Dry Run' }}
run: npm publish --access public
update-deployment:
name: Update Deployment Status
runs-on: ubuntu-22.04
needs:
- setup
- npm
- snap
- choco
permissions:
contents: read
deployments: write
if: ${{ always() && inputs.publish_type != 'Dry Run' }}
steps:
- name: Check if any job failed
if: contains(needs.*.result, 'failure')
run: exit 1
- name: Update deployment status to Success
if: ${{ inputs.publish_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: '${{ secrets.GITHUB_TOKEN }}'
state: 'success'
deployment-id: ${{ needs.setup.outputs.deployment_id }}
- name: Update deployment status to Failure
if: ${{ inputs.publish_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: '${{ secrets.GITHUB_TOKEN }}'
state: 'failure'
deployment-id: ${{ needs.setup.outputs.deployment_id }}
Reference in New Issue View Git Blame Copy Permalink