From c9956960943662da6f9f1071fd2671fabd30d530 Mon Sep 17 00:00:00 2001 From: Micaiah Martin Date: Thu, 5 May 2022 09:37:07 -0600 Subject: [PATCH] Added release workflows - Additional formatting - Updates to some actions - Refined build workflows --- .github/workflows/build-cli.yml | 39 ++- .github/workflows/build-web.yml | 18 +- .github/workflows/release-cli.yml | 211 ++++++++++++++++ .github/workflows/release-qa-web.yml | 69 ++++++ .github/workflows/release-web.yml | 350 +++++++++++++++++++++++++++ 5 files changed, 664 insertions(+), 23 deletions(-) create mode 100644 .github/workflows/release-cli.yml create mode 100644 .github/workflows/release-qa-web.yml create mode 100644 .github/workflows/release-web.yml diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml index 34fbd735..db81152b 100644 --- a/.github/workflows/build-cli.yml +++ b/.github/workflows/build-cli.yml @@ -25,6 +25,7 @@ jobs: run: | sudo apt update sudo apt -y install cloc + - name: Print lines of code run: cloc --include-lang TypeScript,JavaScript --vcs git @@ -62,11 +63,12 @@ jobs: run: | choco install checksum --no-progress choco install reshack --no-progress + - name: Set up Node uses: actions/setup-node@56337c425554a6be30cdef71bf441f15be286854 # v3.1.1 with: cache: 'npm' - cache-dependency-path: 'apps/cli/package-lock.json' + cache-dependency-path: 'apps/cli/**/package-lock.json' node-version: '16' - name: Get pkg-fetch @@ -78,6 +80,7 @@ jobs: New-Item -ItemType directory -Path .\.pkg-cache\v$env:_WIN_PKG_VERSION Invoke-RestMethod -Uri $fetchedUrl ` -OutFile ".\.pkg-cache\v$env:_WIN_PKG_VERSION\fetched-v$env:_WIN_PKG_FETCH_VERSION-win-x64" + - name: Setup Version Info shell: pwsh run: | @@ -111,6 +114,7 @@ jobs: "@ $versionInfo | Out-File ./version-info.rc # https://github.com/vercel/pkg-fetch/issues/188 + - name: Resource Hacker shell: cmd run: | @@ -121,6 +125,7 @@ jobs: ResourceHacker -open %WIN_PKG_BUILT% -save %WIN_PKG_BUILT% -action delete -mask ICONGROUP,1, ResourceHacker -open version-info.rc -save version-info.res -action compile ResourceHacker -open %WIN_PKG_BUILT% -save %WIN_PKG_BUILT% -action addoverwrite -resource version-info.res + - name: Setup sub-module run: npm run sub:init @@ -140,12 +145,14 @@ jobs: Copy-Item dist/windows/bw.exe -Destination dist/chocolatey/tools Copy-Item LICENSE.txt -Destination dist/chocolatey/tools choco pack dist/chocolatey/bitwarden-cli.nuspec --version ${{ env._PACKAGE_VERSION }} --out dist/chocolatey + - name: Zip shell: cmd run: | 7z a ./dist/bw-windows-%_PACKAGE_VERSION%.zip ./dist/windows/bw.exe 7z a ./dist/bw-macos-%_PACKAGE_VERSION%.zip ./dist/macos/bw 7z a ./dist/bw-linux-%_PACKAGE_VERSION%.zip ./dist/linux/bw + - name: Version Test run: | dir ./dist/ @@ -156,6 +163,7 @@ jobs: if($testVersion -ne $env:_PACKAGE_VERSION) { Throw "Version test failed." } + - name: Create checksums run: | checksum -f="./dist/bw-windows-${env:_PACKAGE_VERSION}.zip" ` @@ -164,60 +172,61 @@ jobs: -t sha256 | Out-File -Encoding ASCII ./dist/bw-macos-sha256-${env:_PACKAGE_VERSION}.txt checksum -f="./dist/bw-linux-${env:_PACKAGE_VERSION}.zip" ` -t sha256 | Out-File -Encoding ASCII ./dist/bw-linux-sha256-${env:_PACKAGE_VERSION}.txt + - name: Upload windows zip asset uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bw-windows-${{ env._PACKAGE_VERSION }}.zip - path: ./dist/bw-windows-${{ env._PACKAGE_VERSION }}.zip + path: apps/cli/dist/bw-windows-${{ env._PACKAGE_VERSION }}.zip if-no-files-found: error - name: Upload windows checksum asset uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bw-windows-sha256-${{ env._PACKAGE_VERSION }}.txt - path: ./dist/bw-windows-sha256-${{ env._PACKAGE_VERSION }}.txt + path: apps/cli/dist/bw-windows-sha256-${{ env._PACKAGE_VERSION }}.txt if-no-files-found: error - name: Upload macos zip asset uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bw-macos-${{ env._PACKAGE_VERSION }}.zip - path: ./dist/bw-macos-${{ env._PACKAGE_VERSION }}.zip + path: apps/cli/dist/bw-macos-${{ env._PACKAGE_VERSION }}.zip if-no-files-found: error - name: Upload macos checksum asset uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bw-macos-sha256-${{ env._PACKAGE_VERSION }}.txt - path: ./dist/bw-macos-sha256-${{ env._PACKAGE_VERSION }}.txt + path: apps/cli/dist/bw-macos-sha256-${{ env._PACKAGE_VERSION }}.txt if-no-files-found: error - name: Upload linux zip asset uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bw-linux-${{ env._PACKAGE_VERSION }}.zip - path: ./dist/bw-linux-${{ env._PACKAGE_VERSION }}.zip + path: apps/cli/dist/bw-linux-${{ env._PACKAGE_VERSION }}.zip if-no-files-found: error - name: Upload linux checksum asset uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bw-linux-sha256-${{ env._PACKAGE_VERSION }}.txt - path: ./dist/bw-linux-sha256-${{ env._PACKAGE_VERSION }}.txt + path: apps/cli/dist/bw-linux-sha256-${{ env._PACKAGE_VERSION }}.txt if-no-files-found: error - name: Upload Chocolatey asset uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bitwarden-cli.${{ env._PACKAGE_VERSION }}.nupkg - path: ./dist/chocolatey/bitwarden-cli.${{ env._PACKAGE_VERSION }}.nupkg + path: apps/cli/dist/chocolatey/bitwarden-cli.${{ env._PACKAGE_VERSION }}.nupkg if-no-files-found: error - name: Upload NPM Build Directory asset uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bitwarden-cli-${{ env._PACKAGE_VERSION }}-npm-build.zip - path: ./build + path: apps/cli/build if-no-files-found: error snap: @@ -236,11 +245,12 @@ jobs: echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" echo "BW Package Version: $_PACKAGE_VERSION" + - name: Get bw linux cli uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 with: name: bw-linux-${{ env._PACKAGE_VERSION }}.zip - path: ./dist/snap + path: apps/cli/dist/snap - name: Setup Snap Package run: | @@ -248,10 +258,11 @@ jobs: sed -i s/__version__/${{ env._PACKAGE_VERSION }}/g dist/snap/snapcraft.yaml cd dist/snap ls -alth + - name: Build snap uses: snapcore/action-build@ea14cdeb353272f75977040488ca191880509a8c # v1.1.0 with: - path: dist/snap + path: apps/cli/dist/snap - name: Create checksum run: | @@ -259,6 +270,7 @@ jobs: ls -alth sha256sum bw_${{ env._PACKAGE_VERSION }}_amd64.snap \ | awk '{split($0, a); print a[1]}' > bw-snap-sha256-${{ env._PACKAGE_VERSION }}.txt + - name: Install Snap run: sudo snap install dist/snap/bw*.snap --dangerous @@ -280,14 +292,14 @@ jobs: uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bw_${{ env._PACKAGE_VERSION }}_amd64.snap - path: ./dist/snap/bw_${{ env._PACKAGE_VERSION }}_amd64.snap + path: apps/cli/dist/snap/bw_${{ env._PACKAGE_VERSION }}_amd64.snap if-no-files-found: error - name: Upload snap checksum asset uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: bw-snap-sha256-${{ env._PACKAGE_VERSION }}.txt - path: ./dist/snap/bw-snap-sha256-${{ env._PACKAGE_VERSION }}.txt + path: apps/cli/dist/snap/bw-snap-sha256-${{ env._PACKAGE_VERSION }}.txt if-no-files-found: error @@ -318,6 +330,7 @@ jobs: elif [ "$SNAP_STATUS" = "failure" ]; then exit 1 fi + - name: Login to Azure - Prod Subscription uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010 # v1.1 if: failure() diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml index cee44773..aed36d8d 100644 --- a/.github/workflows/build-web.yml +++ b/.github/workflows/build-web.yml @@ -13,10 +13,8 @@ on: custom_tag_extension: description: "Custom image tag extension" required: false - defaults: run: - shell: bash working-directory: apps/web jobs: @@ -65,7 +63,7 @@ jobs: uses: actions/setup-node@56337c425554a6be30cdef71bf441f15be286854 # v3.1.1 with: cache: 'npm' - cache-dependency-path: 'apps/web/package-lock.json' + cache-dependency-path: 'apps/web/**/package-lock.json' node-version: "16" - name: Print environment @@ -90,7 +88,7 @@ jobs: uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: web-${{ env._VERSION }}-selfhosted-open-source.zip - path: ./web-${{ env._VERSION }}-selfhosted-open-source.zip + path: apps/web/web-${{ env._VERSION }}-selfhosted-open-source.zip if-no-files-found: error @@ -109,7 +107,7 @@ jobs: uses: actions/setup-node@56337c425554a6be30cdef71bf441f15be286854 # v3.1.1 with: cache: 'npm' - cache-dependency-path: 'apps/web/package-lock.json' + cache-dependency-path: 'apps/web/**/package-lock.json' node-version: "16" - name: Print environment @@ -134,7 +132,7 @@ jobs: uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: web-${{ env._VERSION }}-cloud-COMMERCIAL.zip - path: ./web-${{ env._VERSION }}-cloud-COMMERCIAL.zip + path: apps/web/web-${{ env._VERSION }}-cloud-COMMERCIAL.zip if-no-files-found: error @@ -153,7 +151,7 @@ jobs: uses: actions/setup-node@56337c425554a6be30cdef71bf441f15be286854 # v3.1.1 with: cache: 'npm' - cache-dependency-path: 'apps/web/package-lock.json' + cache-dependency-path: 'apps/web/**/package-lock.json' node-version: "16" - name: Print environment @@ -190,7 +188,7 @@ jobs: uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 with: name: web-${{ env._VERSION }}-selfhosted-COMMERCIAL.zip - path: ./web-${{ env._VERSION }}-selfhosted-COMMERCIAL.zip + path: apps/web/web-${{ env._VERSION }}-selfhosted-COMMERCIAL.zip if-no-files-found: error - name: Build Docker image @@ -279,7 +277,7 @@ jobs: uses: actions/setup-node@56337c425554a6be30cdef71bf441f15be286854 # v3.1.1 with: cache: 'npm' - cache-dependency-path: 'apps/web/package-lock.json' + cache-dependency-path: 'apps/web/**/package-lock.json' node-version: "16" - name: Print environment @@ -372,7 +370,7 @@ jobs: uses: actions/setup-node@56337c425554a6be30cdef71bf441f15be286854 # v3.1.1 with: cache: 'npm' - cache-dependency-path: 'apps/web/package-lock.json' + cache-dependency-path: 'apps/web/**/package-lock.json' node-version: "16" - name: Print environment diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml new file mode 100644 index 00000000..8c0e121d --- /dev/null +++ b/.github/workflows/release-cli.yml @@ -0,0 +1,211 @@ +--- +name: Release CLI + +on: + workflow_dispatch: + inputs: + release_type: + description: 'Release Options' + required: true + default: 'Initial Release' + type: choice + options: + - Initial Release + - Redeploy + - Dry Run + +defaults: + run: + working-directory: apps/cli + +jobs: + setup: + name: Setup + runs-on: ubuntu-20.04 + outputs: + package_version: ${{ steps.retrieve-version.outputs.package_version }} + branch-name: ${{ steps.branch.outputs.branch-name }} + steps: + - name: Branch check + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc/*" ]]; then + echo "===================================" + echo "[!] Can only release from the 'rc' or 'hotfix-rc/*' branches" + echo "===================================" + exit 1 + fi + + - name: Checkout repo + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + + - name: Retrieve CLI release version + id: retrieve-version + run: | + PKG_VERSION=$(jq -r .version package.json) + echo "::set-output name=package_version::$PKG_VERSION" + + - name: Check to make sure CLI release version has been bumped + if: ${{ github.event.inputs.release_type == 'Initial Release' }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + latest_ver=$( + curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases | jq -r 'first(.[] | select(.tag_name | startswith("cli"))).tag_name' + ) + latest_ver=${latest_ver:1} + echo "Latest version: $latest_ver" + ver=${{ steps.retrieve-version.outputs.package_version }} + echo "Version: $ver" + if [ "$latest_ver" = "$ver" ]; then + echo "Version has not been bumped!" + exit 1 + fi + shell: bash + + - name: Get branch name + id: branch + run: | + BRANCH_NAME=$(basename ${{ github.ref }}) + echo "::set-output name=branch-name::$BRANCH_NAME" + + - name: Download all artifacts + uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8 + with: + workflow: build-ci.yml + path: apps/cli + workflow_conclusion: success + branch: ${{ steps.branch.outputs.branch-name }} + + - name: Create release + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37 # v1.10.0 + env: + PKG_VERSION: ${{ steps.retrieve-version.outputs.package_version }} + with: + artifacts: "bw-windows-${{ env.PKG_VERSION }}.zip, + bw-windows-sha256-${{ env.PKG_VERSION }}.txt, + bw-macos-${{ env.PKG_VERSION }}.zip, + bw-macos-sha256-${{ env.PKG_VERSION }}.txt, + bw-linux-${{ env.PKG_VERSION }}.zip, + bw-linux-sha256-${{ env.PKG_VERSION }}.txt, + bitwarden-cli.${{ env.PKG_VERSION }}.nupkg, + bw_${{ env.PKG_VERSION }}_amd64.snap, + bw-snap-sha256-${{ env.PKG_VERSION }}.txt" + commit: ${{ github.sha }} + tag: v${{ env.PKG_VERSION }} + name: Version ${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + + + snap: + name: Deploy Snap + runs-on: ubuntu-20.04 + needs: setup + env: + _PKG_VERSION: ${{ needs.setup.outputs.package_version }} + steps: + - name: Checkout repo + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + + - name: Login to Azure + uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010 # v1.1 + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f + with: + keyvault: "bitwarden-prod-kv" + secrets: "snapcraft-store-token" + + - name: Install Snap + uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d # v1.2.0 + with: + snapcraft_token: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} + + - name: Download artifacts + uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8 + with: + workflow: build-cli.yml + path: apps/cli + workflow_conclusion: success + branch: ${{ needs.setup.outputs.branch-name }} + artifacts: bw_${{ env._PKG_VERSION }}_amd64.snap + + - name: Publish Snap & logout + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: | + snapcraft push bw_${{ env._PKG_VERSION }}_amd64.snap --release stable + snapcraft logout + + + choco: + name: Deploy Choco + runs-on: windows-2019 + needs: setup + env: + _PKG_VERSION: ${{ needs.setup.outputs.package_version }} + steps: + - name: Checkout repo + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + + - name: Setup Chocolatey + run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ + env: + CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }} + + - name: Make dist dir + shell: pwsh + run: New-Item -ItemType directory -Path ./dist + + - name: Download artifacts + uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8 + with: + workflow: build-cli.yml + path: apps/cli + workflow_conclusion: success + branch: ${{ needs.setup.outputs.branch-name }} + artifacts: bitwarden-cli.${{ env._PKG_VERSION }}.nupkg + + - name: Push to Chocolatey + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + shell: pwsh + run: | + cd dist + choco push + + + npm: + name: Publish NPM + runs-on: ubuntu-20.04 + needs: setup + env: + _PKG_VERSION: ${{ needs.setup.outputs.package_version }} + steps: + - name: Checkout repo + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + + - name: Download artifacts + uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8 + with: + workflow: build-cli.yml + path: apps/cli + workflow_conclusion: success + branch: ${{ needs.setup.outputs.branch-name }} + artifacts: bitwarden-cli-${{ env._PKG_VERSION }}-npm-build.zip + + - name: Setup NPM + run: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > .npmrc + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + + - name: Install Husky + run: npm install -g husky + + - name: Publish NPM + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: npm publish --access public diff --git a/.github/workflows/release-qa-web.yml b/.github/workflows/release-qa-web.yml new file mode 100644 index 00000000..fa798127 --- /dev/null +++ b/.github/workflows/release-qa-web.yml @@ -0,0 +1,69 @@ +--- +name: Web QA Release + +on: + workflow_dispatch: + inputs: + image_extension: + description: "Image tag extension" + required: false + +env: + _QA_CLUSTER_RESOURCE_GROUP: "bw-env-qa" + _QA_CLUSTER_NAME: "bw-aks-qa" + _QA_K8S_NAMESPACE: "bw-qa" + _QA_K8S_APP_NAME: "bw-web" + +jobs: + deploy: + name: Deploy QA Web + runs-on: ubuntu-20.04 + steps: + - name: Checkout Repo + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + + - name: Setup + run: export PATH=$PATH:~/work/web/web + + - name: Login to Azure + uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010 # v1.1 + with: + creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f # v1 + with: + keyvault: "bitwarden-qa-kv" + secrets: "qa-aks-kubectl-credentials" + + - name: Login with qa-aks-kubectl-credentials SP + uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010 # v1.1 + with: + creds: ${{ env.qa-aks-kubectl-credentials }} + + - name: Setup AKS access + run: | + echo "---az install---" + az aks install-cli --install-location ./kubectl --kubelogin-install-location ./kubelogin + echo "---az get-creds---" + az aks get-credentials -n $_QA_CLUSTER_NAME -g $_QA_CLUSTER_RESOURCE_GROUP + + - name: Get image tag + id: image_tag + run: | + IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") + TAG_EXTENSION=${{ github.event.inputs.image_extension }} + + if [[ $TAG_EXTENSION ]]; then + IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION + fi + echo "::set-output name=value::$IMAGE_TAG" + + - name: Deploy Web image + env: + IMAGE_TAG: ${{ steps.image_tag.outputs.value }} + run: | + kubectl set image -n $_QA_K8S_NAMESPACE deployment/web web=bitwardenqa.azurecr.io/web:$IMAGE_TAG --record + kubectl rollout restart -n $_QA_K8S_NAMESPACE deployment/web + kubectl rollout status deployment/web -n $_QA_K8S_NAMESPACE diff --git a/.github/workflows/release-web.yml b/.github/workflows/release-web.yml new file mode 100644 index 00000000..fbfc9edb --- /dev/null +++ b/.github/workflows/release-web.yml @@ -0,0 +1,350 @@ +--- +name: Release Web + +on: + workflow_dispatch: + inputs: + release_type: + description: 'Release Options' + required: true + default: 'Initial Release' + type: choice + options: + - Initial Release + - Redeploy + - Dry Run + +defaults: + run: + working-directory: apps/web + +jobs: + setup: + name: Setup + runs-on: ubuntu-20.04 + outputs: + release_version: ${{ steps.version.outputs.package }} + tag_version: ${{ steps.version.outputs.tag }} + branch_name: ${{ steps.branch.outputs.branch_name }} + steps: + - name: Branch check + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc/*" ]]; then + echo "===================================" + echo "[!] Can only release from the 'rc' or 'hotfix-rc/*' branches" + echo "===================================" + exit 1 + fi + + - name: Checkout repo + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + + - name: Check Release Version + id: version + run: | + version=$( jq -r ".version" package.json) + previous_release_tag_version=$( + curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name" + ) + + if [ "v$version" == "$previous_release_tag_version" ] && \ + [ "${{ github.event.inputs.release_type }}" == "Initial Release" ]; then + echo "[!] Already released v$version. Please bump version to continue" + exit 1 + fi + + echo "::set-output name=package::$version" + echo "::set-output name=tag::v$version" + + - name: Get branch name + id: branch + run: | + BRANCH_NAME=$(basename ${{ github.ref }}) + echo "::set-output name=branch_name::$BRANCH_NAME" + + + self-host: + name: Release self-host docker + runs-on: ubuntu-20.04 + needs: setup + env: + _BRANCH_NAME: ${{ needs.setup.outputs.branch_name }} + _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} + _RELEASE_OPTION: ${{ github.event.inputs.release_type }} + steps: + - name: Print environment + run: | + whoami + docker --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + echo "Github Release Option: $_RELEASE_OPTION" + + - name: Checkout repo + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + + ########## DockerHub ########## + - name: Setup DCT + id: setup-dct + uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff + with: + azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + azure-keyvault-name: "bitwarden-prod-kv" + + - name: Pull latest selfhost image + run: | + if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then + docker pull bitwarden/web:latest + else + docker pull bitwarden/web:$_BRANCH_NAME + fi + + - name: Tag version and latest + run: | + if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then + docker tag bitwarden/web:latest bitwarden/web:dryrun + else + docker tag bitwarden/web:$_BRANCH_NAME bitwarden/web:$_RELEASE_VERSION + docker tag bitwarden/web:$_BRANCH_NAME bitwarden/web:latest + fi + + - name: Push version and latest image + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + env: + DOCKER_CONTENT_TRUST: 1 + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} + run: | + docker push bitwarden/web:$_RELEASE_VERSION + docker push bitwarden/web:latest + + - name: Log out of Docker and disable Docker Notary + run: | + docker logout + echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV + + ########## ACR ########## + - name: Login to Azure - QA Subscription + uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010 # v1.1 + with: + creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} + + - name: Login to Azure ACR + run: az acr login -n bitwardenqa + + - name: Tag version and latest + env: + REGISTRY: bitwardenqa.azurecr.io + run: | + if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then + docker tag bitwarden/web:latest $REGISTRY/web:dryrun + else + docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web:$_RELEASE_VERSION + docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web:latest + + docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web-sh:$_RELEASE_VERSION + docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web-sh:latest + fi + + - name: Push version and latest image + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + env: + REGISTRY: bitwardenqa.azurecr.io + run: | + docker push $REGISTRY/web:$_RELEASE_VERSION + docker push $REGISTRY/web:latest + + docker push $REGISTRY/web-sh:$_RELEASE_VERSION + docker push $REGISTRY/web-sh:latest + + - name: Log out of Docker + run: docker logout + + + ghpages-deploy: + name: Deploy Web Vault to GitHub Pages + runs-on: ubuntu-20.04 + needs: + - setup + - self-host + env: + _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} + _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} + steps: + - name: Checkout Repo + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 # v2.4.0 + with: + ref: gh-pages + + - name: Create gh-pages-deploy branch + run: | + git switch -c gh-pages-deploy-$_TAG_VERSION + git push -u origin gh-pages-deploy-$_TAG_VERSION + + - name: Checkout Repo + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 # v2.4.0 + + - name: Setup git config + run: | + git config user.name = "GitHub Action Bot" + git config user.email = "<>" + git config --global url."https://github.com/".insteadOf ssh://git@github.com/ + git config --global url."https://".insteadOf ssh:// + + - name: Download latest cloud asset + uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8 + with: + workflow: build-web.yml + path: apps/web + workflow_conclusion: success + branch: ${{ needs.setup.outputs.branch_name }} + artifacts: web-*-cloud-COMMERCIAL.zip + + # This should result in a build directory in the current working directory + - name: Unzip build asset + run: unzip web-*-cloud-COMMERCIAL.zip + + - name: Deploy GitHub Pages + uses: crazy-max/ghaction-github-pages@a117e4aa1fb4854d021546d2abdfac95be568a3a # v2.6.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + target_branch: gh-pages-deploy-${{ needs.setup.outputs.tag_version }} + build_dir: build + keep_history: true + commit_message: "Staging deploy ${{ needs.setup.outputs.release_version }}" + dry_run: ${{ github.event.inputs.release_type == 'Dry Run' }} + + - name: Create GitHub Pages Deploy PR + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + env: + PR_BRANCH: gh-pages-deploy-${{ env._TAG_VERSION }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh pr create --title "Deploy $_RELEASE_VERSION to GitHub Pages" \ + --body "Deploying $_RELEASE_VERSION" \ + --base gh-pages \ + --head "$PR_BRANCH" + + + cfpages-deploy: + name: Deploy Web Vault to CloudFlare Pages branch + runs-on: ubuntu-20.04 + needs: + - setup + - self-host + env: + _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} + _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} + steps: + - name: Checkout Repo + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 # v2.4.0 + + - name: Download latest cloud asset + uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8 + with: + workflow: build-web.yml + path: apps/web + workflow_conclusion: success + branch: ${{ needs.setup.outputs.branch_name }} + artifacts: web-*-cloud-COMMERCIAL.zip + + # This should result in a build directory in the current working directory + - name: Unzip build asset + run: unzip web-*-cloud-COMMERCIAL.zip + + - name: Checkout Repo + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 # v2.4.0 + with: + ref: deploy + path: deployment + + - name: Setup git config + run: | + git config --global user.name = "GitHub Action Bot" + git config --global user.email = "<>" + git config --global url."https://github.com/".insteadOf ssh://git@github.com/ + git config --global url."https://".insteadOf ssh:// + + - name: Deploy CloudFlare Pages + run: | + rm -rf ./* + cp -R ../build/* . + working-directory: deployment + + - name: Create cf-pages-deploy branch + run: | + git switch -c cf-pages-deploy-$_TAG_VERSION + git add . + git commit -m "Staging deploy ${{ needs.setup.outputs.release_version }}" + git push -u origin cf-pages-deploy-$_TAG_VERSION + working-directory: deployment + + - name: Create CloudFlare Pages Deploy PR + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + env: + PR_BRANCH: cf-pages-deploy-${{ env._TAG_VERSION }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh pr create --title "Deploy $_RELEASE_VERSION to CloudFlare Pages" \ + --body "Deploying $_RELEASE_VERSION" \ + --base deploy \ + --head "$PR_BRANCH" + + + release: + name: Create GitHub Release + runs-on: ubuntu-20.04 + needs: + - setup + - self-host + - ghpages-deploy + - cfpages-deploy + steps: + - name: Download latest build artifacts + uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8 + with: + workflow: build-web.yml + path: apps/web + workflow_conclusion: success + branch: ${{ needs.setup.outputs.branch_name }} + artifacts: "web-*-selfhosted-COMMERCIAL.zip, + web-*-selfhosted-open-source.zip" + + - name: Rename assets + run: | + mv web-*-selfhosted-COMMERCIAL.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip + mv web-*-selfhosted-open-source.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip + + - name: Create release + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37 # v1.10.0 + with: + name: "Version ${{ needs.setup.outputs.release_version }}" + commit: ${{ github.sha }} + tag: "${{ needs.setup.outputs.tag_version }}" + body: "" + artifacts: "web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip, + web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + + + dry-run: + name: Dry Run Cleanup + runs-on: ubuntu-20.04 + if: ${{ github.event.inputs.release_type == 'Dry Run' }} + env: + _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} + needs: + - setup + - release + steps: + - name: Checkout repo + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + + - name: Remove gh-pages-deploy branch + run: git push origin --delete gh-pages-deploy-$_TAG_VERSION + + - name: Remove cf-pages-deploy branch + run: git push origin --delete cf-pages-deploy-$_TAG_VERSION