--- name: Build on: push: branches-ignore: - 'l10n_master' paths-ignore: - '.github/workflows/**' workflow_dispatch: {} jobs: cloc: name: CLOC runs-on: ubuntu-20.04 steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Set up CLOC run: | sudo apt update sudo apt -y install cloc - name: Print lines of code run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git setup: name: Setup runs-on: ubuntu-20.04 outputs: package_version: ${{ steps.retrieve-version.outputs.package_version }} steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Get Package Version id: retrieve-version run: | PKG_VERSION=$(jq -r .version src/package.json) echo "::set-output name=package_version::$PKG_VERSION" linux-cli: name: Build Linux CLI runs-on: ubuntu-20.04 needs: setup env: _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} _PKG_FETCH_NODE_VERSION: 16.13.0 _PKG_FETCH_VERSION: 3.2 steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Set up Node uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 with: cache: 'npm' cache-dependency-path: '**/package-lock.json' node-version: '16' - name: Update NPM run: | npm install -g node-gyp node-gyp install $(node -v) - name: Get pkg-fetch run: | cd $HOME fetchedUrl="https://github.com/vercel/pkg-fetch/releases/download/v$_PKG_FETCH_VERSION/node-v$_PKG_FETCH_NODE_VERSION-linux-x64" mkdir -p .pkg-cache/v$_PKG_FETCH_VERSION wget $fetchedUrl -O "./.pkg-cache/v$_PKG_FETCH_VERSION/fetched-v$_PKG_FETCH_NODE_VERSION-linux-x64" - name: Keytar run: | keytarVersion=$(cat src/package.json | jq -r '.dependencies.keytar') keytarTar="keytar-v$keytarVersion-napi-v3-linux-x64.tar" keytarTarGz="$keytarTar.gz" keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz" mkdir -p ./keytar/linux wget $keytarUrl -O ./keytar/linux/$keytarTarGz tar -xvf ./keytar/linux/$keytarTarGz -C ./keytar/linux - name: Install run: npm install - name: Package CLI run: npm run dist:cli:lin - name: Zip run: zip -j ./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip ./dist-cli/linux/bwdc ./keytar/linux/build/Release/keytar.node - name: Create checksums run: sha256sum ./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip | cut -d " " -f 1 > ./dist-cli/bwdc-linux-sha256-$_PACKAGE_VERSION.txt - name: Version Test run: | sudo apt-get update sudo apt install libsecret-1-0 dbus-x11 gnome-keyring eval $(dbus-launch --sh-syntax) eval $(echo -n "" | /usr/bin/gnome-keyring-daemon --login) eval $(/usr/bin/gnome-keyring-daemon --components=secrets --start) mkdir -p test/linux unzip ./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip -d ./test/linux testVersion=$(./test/linux/bwdc -v) echo "version: $_PACKAGE_VERSION" echo "testVersion: $testVersion" if [ "$testVersion" != "$_PACKAGE_VERSION" ]; then echo "Version test failed." exit 1 fi - name: Upload Linux Zip to GitHub uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bwdc-linux-${{ env._PACKAGE_VERSION }}.zip path: ./dist-cli/bwdc-linux-${{ env._PACKAGE_VERSION }}.zip if-no-files-found: error - name: Upload Linux checksum to GitHub uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt path: ./dist-cli/bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt if-no-files-found: error macos-cli: name: Build Mac CLI runs-on: macos-11 needs: setup env: _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} _PKG_FETCH_NODE_VERSION: 16.13.0 _PKG_FETCH_VERSION: 3.2 steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Set up Node uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 with: cache: 'npm' cache-dependency-path: '**/package-lock.json' node-version: '16' - name: Update NPM run: | npm install -g node-gyp node-gyp install $(node -v) - name: Get pkg-fetch run: | cd $HOME fetchedUrl="https://github.com/vercel/pkg-fetch/releases/download/v$_PKG_FETCH_VERSION/node-v$_PKG_FETCH_NODE_VERSION-macos-x64" mkdir -p .pkg-cache/v$_PKG_FETCH_VERSION wget $fetchedUrl -O "./.pkg-cache/v$_PKG_FETCH_VERSION/fetched-v$_PKG_FETCH_NODE_VERSION-macos-x64" - name: Keytar run: | keytarVersion=$(cat src/package.json | jq -r '.dependencies.keytar') keytarTar="keytar-v$keytarVersion-napi-v3-darwin-x64.tar" keytarTarGz="$keytarTar.gz" keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz" mkdir -p ./keytar/macos wget $keytarUrl -O ./keytar/macos/$keytarTarGz tar -xvf ./keytar/macos/$keytarTarGz -C ./keytar/macos - name: Install run: npm install - name: Package CLI run: npm run dist:cli:mac - name: Zip run: zip -j ./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip ./dist-cli/macos/bwdc ./keytar/macos/build/Release/keytar.node - name: Create checksums run: sha256sum ./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip | cut -d " " -f 1 > ./dist-cli/bwdc-macos-sha256-$_PACKAGE_VERSION.txt - name: Version Test run: | mkdir -p test/macos unzip ./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip -d ./test/macos testVersion=$(./test/macos/bwdc -v) echo "version: $_PACKAGE_VERSION" echo "testVersion: $testVersion" if [ "$testVersion" != "$_PACKAGE_VERSION" ]; then echo "Version test failed." exit 1 fi - name: Upload Mac Zip to GitHub uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bwdc-macos-${{ env._PACKAGE_VERSION }}.zip path: ./dist-cli/bwdc-macos-${{ env._PACKAGE_VERSION }}.zip if-no-files-found: error - name: Upload Mac checksum to GitHub uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt path: ./dist-cli/bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt if-no-files-found: error windows-cli: name: Build Windows CLI runs-on: windows-2019 needs: setup env: _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} _WIN_PKG_FETCH_VERSION: 16.13.0 _WIN_PKG_VERSION: 3.2 steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Setup Windows builder run: | choco install checksum --no-progress choco install reshack --no-progress - name: Set up Node uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 with: cache: 'npm' cache-dependency-path: '**/package-lock.json' node-version: '16' - name: Update NPM run: | npm install -g node-gyp node-gyp install $(node -v) - name: Get pkg-fetch shell: pwsh run: | cd $HOME $fetchedUrl = "https://github.com/vercel/pkg-fetch/releases/download/v$env:_WIN_PKG_VERSION/node-v$env:_WIN_PKG_FETCH_VERSION-win-x64" New-Item -ItemType directory -Path ./.pkg-cache New-Item -ItemType directory -Path ./.pkg-cache/v$env:_WIN_PKG_VERSION Invoke-RestMethod -Uri $fetchedUrl ` -OutFile "./.pkg-cache/v$env:_WIN_PKG_VERSION/fetched-v$env:_WIN_PKG_FETCH_VERSION-win-x64" - name: Keytar shell: pwsh run: | $keytarVersion = (Get-Content -Raw -Path ./src/package.json | ConvertFrom-Json).dependencies.keytar $keytarTar = "keytar-v${keytarVersion}-napi-v3-{0}-x64.tar" $keytarTarGz = "${keytarTar}.gz" $keytarUrl = "https://github.com/atom/node-keytar/releases/download/v${keytarVersion}/${keytarTarGz}" New-Item -ItemType directory -Path ./keytar/windows | Out-Null Invoke-RestMethod -Uri $($keytarUrl -f "win32") -OutFile "./keytar/windows/$($keytarTarGz -f "win32")" 7z e "./keytar/windows/$($keytarTarGz -f "win32")" -o"./keytar/windows" 7z e "./keytar/windows/$($keytarTar -f "win32")" -o"./keytar/windows" - name: Setup Version Info shell: pwsh run: | $major, $minor, $patch = $env:_PACKAGE_VERSION.split('.') $versionInfo = @" 1 VERSIONINFO FILEVERSION $major,$minor,$patch,0 PRODUCTVERSION $major,$minor,$patch,0 FILEOS 0x40004 FILETYPE 0x1 { BLOCK "StringFileInfo" { BLOCK "040904b0" { VALUE "CompanyName", "Bitwarden Inc." VALUE "ProductName", "Bitwarden" VALUE "FileDescription", "Bitwarden Directory Connector CLI" VALUE "FileVersion", "$env:_PACKAGE_VERSION" VALUE "ProductVersion", "$env:_PACKAGE_VERSION" VALUE "OriginalFilename", "bwdc.exe" VALUE "InternalName", "bwdc" VALUE "LegalCopyright", "Copyright Bitwarden Inc." } } BLOCK "VarFileInfo" { VALUE "Translation", 0x0409 0x04B0 } } "@ $versionInfo | Out-File ./version-info.rc - name: Resource Hacker shell: cmd run: | set PATH=%PATH%;C:\Program Files (x86)\Resource Hacker set WIN_PKG=C:\Users\runneradmin\.pkg-cache\v%_WIN_PKG_VERSION%\fetched-v%_WIN_PKG_FETCH_VERSION%-win-x64 set WIN_PKG_BUILT=C:\Users\runneradmin\.pkg-cache\v%_WIN_PKG_VERSION%\built-v%_WIN_PKG_FETCH_VERSION%-win-x64 ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action delete -mask ICONGROUP,1, ResourceHacker -open version-info.rc -save version-info.res -action compile ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action addoverwrite -resource version-info.res - name: Install run: npm install - name: Package CLI run: npm run dist:cli:win - name: Zip shell: cmd run: 7z a ./dist-cli/bwdc-windows-%_PACKAGE_VERSION%.zip ./dist-cli/windows/bwdc.exe ./keytar/windows/keytar.node - name: Version Test run: | Expand-Archive -Path "./dist-cli/bwdc-windows-${env:_PACKAGE_VERSION}.zip" -DestinationPath "./test/windows" $testVersion = Invoke-Expression '& ./test/windows/bwdc.exe -v' echo "version: $env:_PACKAGE_VERSION" echo "testVersion: $testVersion" if($testVersion -ne $env:_PACKAGE_VERSION) { Throw "Version test failed." } - name: Create checksums run: | checksum -f="./dist-cli/bwdc-windows-${env:_PACKAGE_VERSION}.zip" ` -t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:_PACKAGE_VERSION}.txt - name: Upload Windows Zip to GitHub uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bwdc-windows-${{ env._PACKAGE_VERSION }}.zip path: ./dist-cli/bwdc-windows-${{ env._PACKAGE_VERSION }}.zip if-no-files-found: error - name: Upload Windows checksum to GitHub uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt path: ./dist-cli/bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt if-no-files-found: error windows-gui: name: Build Windows GUI runs-on: windows-2019 needs: setup env: _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Set up .NET uses: actions/setup-dotnet@9211491ffb35dd6a6657ca4f45d43dfe6e97c829 with: dotnet-version: "3.1.x" - name: Set up Node uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 with: cache: 'npm' cache-dependency-path: '**/package-lock.json' node-version: '16' - name: Update NPM run: | npm install -g node-gyp node-gyp install $(node -v) - name: Set Node options run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append shell: pwsh - name: Print environment run: | node --version npm --version dotnet --version - name: Install AST uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac - name: Install Node dependencies run: npm install # - name: Run linter # run: npm run lint - name: Build & Sign run: npm run dist:win env: ELECTRON_BUILDER_SIGN: 1 SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }} SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }} SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }} SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }} SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }} - name: Upload Portable Executable to GitHub uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe path: ./dist/Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe if-no-files-found: error - name: Upload Installer Executable to GitHub uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe if-no-files-found: error - name: Upload Installer Executable Blockmap to GitHub uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap if-no-files-found: error - name: Upload latest auto-update artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: latest.yml path: ./dist/latest.yml if-no-files-found: error linux-gui: name: Build Linux GUI runs-on: ubuntu-20.04 needs: setup env: _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Set up Node uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 with: cache: 'npm' cache-dependency-path: '**/package-lock.json' node-version: '16' - name: Update NPM run: | npm install -g node-gyp node-gyp install $(node -v) - name: Set Node options run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV - name: Set up environment run: | sudo apt-get update sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev sudo apt-get -y install rpm - name: NPM Install run: npm install - name: NPM Rebuild run: npm run rebuild - name: NPM Package run: npm run dist:lin - name: Upload AppImage uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage if-no-files-found: error - name: Upload latest auto-update artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: latest-linux.yml path: ./dist/latest-linux.yml if-no-files-found: error macos-gui: name: Build MacOS GUI runs-on: macos-11 needs: setup env: _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} steps: - name: Checkout repo uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Set up Node uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 with: cache: 'npm' cache-dependency-path: '**/package-lock.json' node-version: '16' - name: Update NPM run: | npm install -g node-gyp node-gyp install $(node -v) - name: Set Node options run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV - name: Print environment run: | node --version npm --version echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" shell: bash - name: Decrypt secrets env: DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }} shell: bash run: | mkdir -p $HOME/secrets gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/devid-app-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/devid-installer-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg" gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \ --output "$HOME/secrets/macdev-cert.p12" \ "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg" - name: Set up keychain env: KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }} MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }} shell: bash run: | security create-keychain -p $KEYCHAIN_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain security set-keychain-settings -lut 1200 build.keychain security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \ -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - name: Load package version run: | $rootPath = $env:GITHUB_WORKSPACE; $packageVersion = (Get-Content -Raw -Path $rootPath\src\package.json | ConvertFrom-Json).version; Write-Output "Setting package version to $packageVersion"; Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append; shell: pwsh - name: Install Node dependencies run: npm install # - name: Run linter # run: npm run lint - name: Build application run: npm run dist:mac env: APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - name: Upload .zip artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip if-no-files-found: error - name: Upload .dmg artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg if-no-files-found: error - name: Upload .dmg Blockmap artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap if-no-files-found: error - name: Upload latest auto-update artifact uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: latest-mac.yml path: ./dist/latest-mac.yml if-no-files-found: error check-failures: name: Check for failures runs-on: ubuntu-20.04 needs: - cloc - setup - linux-cli - macos-cli - windows-cli - windows-gui - linux-gui - macos-gui steps: - name: Check if any job failed if: ${{ (github.ref == 'refs/heads/master') || (github.ref == 'refs/heads/rc') }} env: CLOC_STATUS: ${{ needs.cloc.result }} SETUP_STATUS: ${{ needs.setup.result }} LINUX_CLI_STATUS: ${{ needs.linux-cli.result }} MACOS_CLI_STATUS: ${{ needs.macos-cli.result }} WINDOWS_CLI_STATUS: ${{ needs.windows-cli.result }} WINDOWS_GUI_STATUS: ${{ needs.windows-gui.result }} LINUX_GUI_STATUS: ${{ needs.linux-gui.result }} MACOS_GUI_STATUS: ${{ needs.macos-gui.result }} run: | if [ "$CLOC_STATUS" = "failure" ]; then exit 1 elif [ "$SETUP_STATUS" = "failure" ]; then exit 1 elif [ "$LINUX_CLI_STATUS" = "failure" ]; then exit 1 elif [ "$MACOS_CLI_STATUS" = "failure" ]; then exit 1 elif [ "$WINDOWS_CLI_STATUS" = "failure" ]; then exit 1 elif [ "$WINDOWS_GUI_STATUS" = "failure" ]; then exit 1 elif [ "$LINUX_GUI_STATUS" = "failure" ]; then exit 1 elif [ "$MACOS_GUI_STATUS" = "failure" ]; then exit 1 fi - name: Login to Azure - Prod Subscription uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf if: failure() with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets if: failure() env: KEYVAULT: bitwarden-ci SECRETS: | devops-alerts-slack-webhook-url run: | for i in ${SECRETS//,/ } do VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) echo "::add-mask::$VALUE" echo "::set-output name=$i::$VALUE" done - name: Notify Slack on failure uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 if: failure() env: SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} with: status: ${{ job.status }}