diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 137f64d3..06fe7888 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,9 +5,6 @@ on: branches-ignore: - 'l10n_master' - 'gh-pages' - release: - types: - - published jobs: cloc: @@ -45,18 +42,15 @@ jobs: docker --version echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" - env: - GITHUB_REF: ${{ github.ref }} - GITHUB_EVENT: ${{ github.event_name }} - name: Login to Azure - if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets - if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: @@ -66,15 +60,15 @@ jobs: dct-delegate-2-repo-passphrase, dct-delegate-2-key" - - name: Log into docker - if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' + - name: Log into Docker + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin env: DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} - name: Setup Docker Trust - if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: | mkdir -p ~/.docker/trust/private @@ -97,7 +91,7 @@ jobs: npm install npm run dist:selfhost - echo -e "\nBuilding docker image" + echo -e "\nBuilding Docker image" docker --version docker build -t bitwarden/web . @@ -106,22 +100,11 @@ jobs: run: docker tag bitwarden/web bitwarden/web:rc - name: Tag dev - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' run: docker tag bitwarden/web bitwarden/web:dev - - name: Tag beta - if: github.event_name == 'release' - run: docker tag bitwarden/web bitwarden/web:beta - - - name: Tag version - if: github.event_name == 'release' - run: docker tag bitwarden/web bitwarden/web:$($env:RELEASE_TAG_NAME.trimStart('v')) - shell: pwsh - env: - RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} - - - name: List docker images - if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' + - name: List Docker images + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: docker images - name: Push rc images @@ -132,37 +115,14 @@ jobs: DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} - name: Push dev images - if: github.ref == 'refs/heads/master' || github.event_name == 'release' + if: github.ref == 'refs/heads/master' run: docker push bitwarden/web:dev env: DOCKER_CONTENT_TRUST: 1 DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} - - name: Push beta images - if: github.event_name == 'release' - run: docker push bitwarden/web:beta - env: - DOCKER_CONTENT_TRUST: 1 - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} - - - name: Push latest images - if: github.event_name == 'release' - run: docker push bitwarden/web:latest - env: - DOCKER_CONTENT_TRUST: 1 - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} - - - name: Push version images - if: github.event_name == 'release' - run: docker push bitwarden/web:$($env:RELEASE_TAG_NAME.trimStart('v')) - shell: pwsh - env: - RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} - DOCKER_CONTENT_TRUST: 1 - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} - - - name: Log out of docker - if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' + - name: Log out of Docker + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: docker logout windows: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..6e144ade --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,159 @@ +name: Release + +on: + workflow_dispatch: + inputs: + release_tag_name_input: + description: "Release Tag Name " + required: true + +jobs: + setup: + runs-on: ubuntu-latest + outputs: + release_upload_url: ${{ steps.create_release.outputs.upload_url }} + release_version: ${{ steps.create_tags.outputs.package_version }} + tag_version: ${{ steps.create_tags.outputs.tag_version }} + steps: + - name: Branch check + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]]; then + echo "===================================" + echo "[!] Can only release from rc branch" + echo "===================================" + exit 1 + fi + + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # 2.3.4 + + - name: Create Release Vars + id: create_tags + run: | + case "${RELEASE_TAG_NAME_INPUT:0:1}" in + v) + echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV + echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV + echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}" + echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT" + ;; + [0-9]) + echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV + echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV + echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT" + echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT" + ;; + *) + exit 1 + ;; + esac + env: + RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }} + + - name: Create Draft Release + id: create_release + uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # 1.1.4 - Repo Archived + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ env.RELEASE_TAG_NAME }} + release_name: ${{ env.RELEASE_NAME }} + draft: true + prerelease: false + + ubuntu: + runs-on: ubuntu-latest + steps: + - name: Set up Node + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + with: + node-version: '14' + + - name: Update NPM + run: | + npm install -g npm@7 + + - name: Print environment + run: | + whoami + node --version + npm --version + gulp --version + docker --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Login to Azure + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-prod-kv" + secrets: "docker-password, + docker-username, + dct-delegate-2-repo-passphrase, + dct-delegate-2-key" + + - name: Log into Docker + run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + env: + DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} + DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} + + - name: Setup Docker Trust + if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' + run: | + mkdir -p ~/.docker/trust/private + + echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key + env: + DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" + DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} + + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + + - name: Restore + run: dotnet tool restore + + - name: Build + run: | + echo -e "# Building Web\n" + echo "Building app" + echo "npm version $(npm --version)" + npm install + npm run dist:selfhost + + echo -e "\nBuilding Docker image" + docker --version + docker build -t bitwarden/web . + + - name: Tag version + run: docker tag bitwarden/web bitwarden/web:$($env:RELEASE_TAG_NAME.trimStart('v')) + shell: pwsh + env: + RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} + + - name: List Docker images + run: docker images + + - name: Push latest images + run: docker push bitwarden/web:latest + env: + DOCKER_CONTENT_TRUST: 1 + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} + + - name: Push version images + run: docker push bitwarden/web:$($env:RELEASE_TAG_NAME.trimStart('v')) + shell: pwsh + env: + RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} + DOCKER_CONTENT_TRUST: 1 + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} + + - name: Log out of Docker + run: docker logout