mirror of
https://github.com/bitwarden/web
synced 2025-12-15 07:43:16 +00:00
Release Workflow (#1007)
* spilting out the build workflow into build and release workflows. Solves the problem of the incorrect self-hosted version being released * pinning action versions * release workflow fixes * removing unneeded env vars * normalizing the naming conventions * one more Docker
This commit is contained in:
Joseph Flinn
GitHub
64
.github/workflows/build.yml
vendored
64
.github/workflows/build.yml
vendored
@@ -5,9 +5,6 @@ on:
|
|||||||
branches-ignore:
|
branches-ignore:
|
||||||
- 'l10n_master'
|
- 'l10n_master'
|
||||||
- 'gh-pages'
|
- 'gh-pages'
|
||||||
release:
|
|
||||||
types:
|
|
||||||
- published
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
cloc:
|
cloc:
|
||||||
@@ -45,18 +42,15 @@ jobs:
|
|||||||
docker --version
|
docker --version
|
||||||
echo "GitHub ref: $GITHUB_REF"
|
echo "GitHub ref: $GITHUB_REF"
|
||||||
echo "GitHub event: $GITHUB_EVENT"
|
echo "GitHub event: $GITHUB_EVENT"
|
||||||
env:
|
|
||||||
GITHUB_REF: ${{ github.ref }}
|
|
||||||
GITHUB_EVENT: ${{ github.event_name }}
|
|
||||||
|
|
||||||
- name: Login to Azure
|
- name: Login to Azure
|
||||||
if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||||
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
||||||
with:
|
with:
|
||||||
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
||||||
|
|
||||||
- name: Retrieve secrets
|
- name: Retrieve secrets
|
||||||
if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||||
id: retrieve-secrets
|
id: retrieve-secrets
|
||||||
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
|
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
|
||||||
with:
|
with:
|
||||||
@@ -66,15 +60,15 @@ jobs:
|
|||||||
dct-delegate-2-repo-passphrase,
|
dct-delegate-2-repo-passphrase,
|
||||||
dct-delegate-2-key"
|
dct-delegate-2-key"
|
||||||
|
|
||||||
- name: Log into docker
|
- name: Log into Docker
|
||||||
if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||||
run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
|
run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
|
||||||
env:
|
env:
|
||||||
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
|
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
|
||||||
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
|
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
|
||||||
|
|
||||||
- name: Setup Docker Trust
|
- name: Setup Docker Trust
|
||||||
if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||||
run: |
|
run: |
|
||||||
mkdir -p ~/.docker/trust/private
|
mkdir -p ~/.docker/trust/private
|
||||||
|
|
||||||
@@ -97,7 +91,7 @@ jobs:
|
|||||||
npm install
|
npm install
|
||||||
npm run dist:selfhost
|
npm run dist:selfhost
|
||||||
|
|
||||||
echo -e "\nBuilding docker image"
|
echo -e "\nBuilding Docker image"
|
||||||
docker --version
|
docker --version
|
||||||
docker build -t bitwarden/web .
|
docker build -t bitwarden/web .
|
||||||
|
|
||||||
@@ -106,22 +100,11 @@ jobs:
|
|||||||
run: docker tag bitwarden/web bitwarden/web:rc
|
run: docker tag bitwarden/web bitwarden/web:rc
|
||||||
|
|
||||||
- name: Tag dev
|
- name: Tag dev
|
||||||
if: github.ref == 'refs/heads/master' || github.event_name == 'release'
|
if: github.ref == 'refs/heads/master'
|
||||||
run: docker tag bitwarden/web bitwarden/web:dev
|
run: docker tag bitwarden/web bitwarden/web:dev
|
||||||
|
|
||||||
- name: Tag beta
|
- name: List Docker images
|
||||||
if: github.event_name == 'release'
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||||
run: docker tag bitwarden/web bitwarden/web:beta
|
|
||||||
|
|
||||||
- name: Tag version
|
|
||||||
if: github.event_name == 'release'
|
|
||||||
run: docker tag bitwarden/web bitwarden/web:$($env:RELEASE_TAG_NAME.trimStart('v'))
|
|
||||||
shell: pwsh
|
|
||||||
env:
|
|
||||||
RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
|
|
||||||
|
|
||||||
- name: List docker images
|
|
||||||
if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
|
|
||||||
run: docker images
|
run: docker images
|
||||||
|
|
||||||
- name: Push rc images
|
- name: Push rc images
|
||||||
@@ -132,37 +115,14 @@ jobs:
|
|||||||
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
|
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
|
||||||
|
|
||||||
- name: Push dev images
|
- name: Push dev images
|
||||||
if: github.ref == 'refs/heads/master' || github.event_name == 'release'
|
if: github.ref == 'refs/heads/master'
|
||||||
run: docker push bitwarden/web:dev
|
run: docker push bitwarden/web:dev
|
||||||
env:
|
env:
|
||||||
DOCKER_CONTENT_TRUST: 1
|
DOCKER_CONTENT_TRUST: 1
|
||||||
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
|
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
|
||||||
|
|
||||||
- name: Push beta images
|
- name: Log out of Docker
|
||||||
if: github.event_name == 'release'
|
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
|
||||||
run: docker push bitwarden/web:beta
|
|
||||||
env:
|
|
||||||
DOCKER_CONTENT_TRUST: 1
|
|
||||||
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
|
|
||||||
|
|
||||||
- name: Push latest images
|
|
||||||
if: github.event_name == 'release'
|
|
||||||
run: docker push bitwarden/web:latest
|
|
||||||
env:
|
|
||||||
DOCKER_CONTENT_TRUST: 1
|
|
||||||
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
|
|
||||||
|
|
||||||
- name: Push version images
|
|
||||||
if: github.event_name == 'release'
|
|
||||||
run: docker push bitwarden/web:$($env:RELEASE_TAG_NAME.trimStart('v'))
|
|
||||||
shell: pwsh
|
|
||||||
env:
|
|
||||||
RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
|
|
||||||
DOCKER_CONTENT_TRUST: 1
|
|
||||||
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
|
|
||||||
|
|
||||||
- name: Log out of docker
|
|
||||||
if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
|
|
||||||
run: docker logout
|
run: docker logout
|
||||||
|
|
||||||
windows:
|
windows:
|
||||||
|
|||||||
159
.github/workflows/release.yml
vendored
Normal file
159
.github/workflows/release.yml
vendored
Normal file
@@ -0,0 +1,159 @@
|
|||||||
|
name: Release
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
inputs:
|
||||||
|
release_tag_name_input:
|
||||||
|
description: "Release Tag Name <X.X.X>"
|
||||||
|
required: true
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
setup:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
outputs:
|
||||||
|
release_upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||||
|
release_version: ${{ steps.create_tags.outputs.package_version }}
|
||||||
|
tag_version: ${{ steps.create_tags.outputs.tag_version }}
|
||||||
|
steps:
|
||||||
|
- name: Branch check
|
||||||
|
run: |
|
||||||
|
if [[ "$GITHUB_REF" != "refs/heads/rc" ]]; then
|
||||||
|
echo "==================================="
|
||||||
|
echo "[!] Can only release from rc branch"
|
||||||
|
echo "==================================="
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Checkout repo
|
||||||
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # 2.3.4
|
||||||
|
|
||||||
|
- name: Create Release Vars
|
||||||
|
id: create_tags
|
||||||
|
run: |
|
||||||
|
case "${RELEASE_TAG_NAME_INPUT:0:1}" in
|
||||||
|
v)
|
||||||
|
echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
|
||||||
|
echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
||||||
|
echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}"
|
||||||
|
echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT"
|
||||||
|
;;
|
||||||
|
[0-9])
|
||||||
|
echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
||||||
|
echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
|
||||||
|
echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT"
|
||||||
|
echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
env:
|
||||||
|
RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
|
||||||
|
|
||||||
|
- name: Create Draft Release
|
||||||
|
id: create_release
|
||||||
|
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # 1.1.4 - Repo Archived
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
with:
|
||||||
|
tag_name: ${{ env.RELEASE_TAG_NAME }}
|
||||||
|
release_name: ${{ env.RELEASE_NAME }}
|
||||||
|
draft: true
|
||||||
|
prerelease: false
|
||||||
|
|
||||||
|
ubuntu:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Set up Node
|
||||||
|
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
|
||||||
|
with:
|
||||||
|
node-version: '14'
|
||||||
|
|
||||||
|
- name: Update NPM
|
||||||
|
run: |
|
||||||
|
npm install -g npm@7
|
||||||
|
|
||||||
|
- name: Print environment
|
||||||
|
run: |
|
||||||
|
whoami
|
||||||
|
node --version
|
||||||
|
npm --version
|
||||||
|
gulp --version
|
||||||
|
docker --version
|
||||||
|
echo "GitHub ref: $GITHUB_REF"
|
||||||
|
echo "GitHub event: $GITHUB_EVENT"
|
||||||
|
|
||||||
|
- name: Login to Azure
|
||||||
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
||||||
|
with:
|
||||||
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
||||||
|
|
||||||
|
- name: Retrieve secrets
|
||||||
|
id: retrieve-secrets
|
||||||
|
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
|
||||||
|
with:
|
||||||
|
keyvault: "bitwarden-prod-kv"
|
||||||
|
secrets: "docker-password,
|
||||||
|
docker-username,
|
||||||
|
dct-delegate-2-repo-passphrase,
|
||||||
|
dct-delegate-2-key"
|
||||||
|
|
||||||
|
- name: Log into Docker
|
||||||
|
run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
|
||||||
|
env:
|
||||||
|
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
|
||||||
|
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
|
||||||
|
|
||||||
|
- name: Setup Docker Trust
|
||||||
|
if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
|
||||||
|
run: |
|
||||||
|
mkdir -p ~/.docker/trust/private
|
||||||
|
|
||||||
|
echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
|
||||||
|
env:
|
||||||
|
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
|
||||||
|
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
|
||||||
|
|
||||||
|
- name: Checkout repo
|
||||||
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
|
||||||
|
|
||||||
|
- name: Restore
|
||||||
|
run: dotnet tool restore
|
||||||
|
|
||||||
|
- name: Build
|
||||||
|
run: |
|
||||||
|
echo -e "# Building Web\n"
|
||||||
|
echo "Building app"
|
||||||
|
echo "npm version $(npm --version)"
|
||||||
|
npm install
|
||||||
|
npm run dist:selfhost
|
||||||
|
|
||||||
|
echo -e "\nBuilding Docker image"
|
||||||
|
docker --version
|
||||||
|
docker build -t bitwarden/web .
|
||||||
|
|
||||||
|
- name: Tag version
|
||||||
|
run: docker tag bitwarden/web bitwarden/web:$($env:RELEASE_TAG_NAME.trimStart('v'))
|
||||||
|
shell: pwsh
|
||||||
|
env:
|
||||||
|
RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
|
||||||
|
|
||||||
|
- name: List Docker images
|
||||||
|
run: docker images
|
||||||
|
|
||||||
|
- name: Push latest images
|
||||||
|
run: docker push bitwarden/web:latest
|
||||||
|
env:
|
||||||
|
DOCKER_CONTENT_TRUST: 1
|
||||||
|
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
|
||||||
|
|
||||||
|
- name: Push version images
|
||||||
|
run: docker push bitwarden/web:$($env:RELEASE_TAG_NAME.trimStart('v'))
|
||||||
|
shell: pwsh
|
||||||
|
env:
|
||||||
|
RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
|
||||||
|
DOCKER_CONTENT_TRUST: 1
|
||||||
|
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
|
||||||
|
|
||||||
|
- name: Log out of Docker
|
||||||
|
run: docker logout
|
||||||
Reference in New Issue
Block a user