Simon/self-host
1
0
Fork 0
mirror of https://github.com/bitwarden/self-host.git synced 2026-06-28 06:15:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clean up workflow files from Zizmor output (#414)

Browse Source
This commit is contained in:
Matt Andreko
2025-10-07 15:44:40 -04:00
committed by GitHub
parent 6d2ce1e696
commit 10a9a9d9fd
4 changed files with 109 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
.github/workflows/build-unified.yml vendored
View File

@@ -41,6 +41,8 @@ jobs:
steps:
- name: Checkout Repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Get server branch to checkout
id: server-branch-name
@@ -51,14 +53,14 @@ jobs:
# Extract coreVersion from versions.json
CORE_VERSION=$(jq -r '.versions.coreVersion' versions.json)
echo "Server version from versions.json: $CORE_VERSION"
echo "server_ref=refs/tags/v$CORE_VERSION" >> $GITHUB_OUTPUT
echo "ref_type=tag" >> $GITHUB_OUTPUT
echo "server_ref=refs/tags/v$CORE_VERSION" >> "$GITHUB_OUTPUT"
echo "ref_type=tag" >> "$GITHUB_OUTPUT"
elif [[ -z "${SERVER_BRANCH}" ]]; then
echo "server_ref=main" >> $GITHUB_OUTPUT
echo "ref_type=branch" >> $GITHUB_OUTPUT
echo "server_ref=main" >> "$GITHUB_OUTPUT"
echo "ref_type=branch" >> "$GITHUB_OUTPUT"
else
echo "server_ref=${SERVER_BRANCH#refs/heads/}" >> $GITHUB_OUTPUT
echo "ref_type=branch" >> $GITHUB_OUTPUT
echo "server_ref=${SERVER_BRANCH#refs/heads/}" >> "$GITHUB_OUTPUT"
echo "ref_type=branch" >> "$GITHUB_OUTPUT"
fi
- name: Check Branch to Publish
@@ -70,15 +72,15 @@ jobs:
run: |
REF=${GITHUB_REF#refs/heads/}
IFS="," read -a publish_branches <<< $PUBLISH_BRANCHES
IFS="," read -a publish_branches <<< "$PUBLISH_BRANCHES"
if [[ "${REF_TYPE}" == "tag" ]]; then
# If the build is triggered by a tag, always publish
echo "is_publish_branch=true" >> $GITHUB_ENV
echo "is_publish_branch=true" >> "$GITHUB_ENV"
elif [[ "${publish_branches[*]}" =~ "${REF}" && "${publish_branches[*]}" =~ "${SERVER_BRANCH}" ]]; then
echo "is_publish_branch=true" >> $GITHUB_ENV
echo "is_publish_branch=true" >> "$GITHUB_ENV"
else
echo "is_publish_branch=false" >> $GITHUB_ENV
echo "is_publish_branch=false" >> "$GITHUB_ENV"
fi
########## Set up Docker ##########
@@ -127,7 +129,7 @@ jobs:
fi
fi
echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
echo "image_tag=${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
- name: Generate tag list
id: tag-list
@@ -136,9 +138,9 @@ jobs:
IS_PUBLISH_BRANCH: ${{ env.is_publish_branch }}
run: |
if [[ ("${IMAGE_TAG}" == "dev" || "${IMAGE_TAG}" == "beta") && "${IS_PUBLISH_BRANCH}" == "true" ]]; then
echo "tags=$_AZ_REGISTRY/self-host:${IMAGE_TAG},ghcr.io/bitwarden/self-host:${IMAGE_TAG}" >> $GITHUB_OUTPUT
echo "tags=$_AZ_REGISTRY/self-host:${IMAGE_TAG},ghcr.io/bitwarden/self-host:${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
else
echo "tags=$_AZ_REGISTRY/self-host:${IMAGE_TAG}" >> $GITHUB_OUTPUT
echo "tags=$_AZ_REGISTRY/self-host:${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
fi
- name: Get Azure Key Vault secrets
@@ -162,6 +164,7 @@ jobs:
token: ${{ steps.app-token.outputs.token }}
ref: ${{ steps.server-branch-name.outputs.server_ref }}
path: "server"
persist-credentials: false
- name: Download web client branch artifacts for dev builds
if: steps.tag.outputs.image_tag == 'dev'
@@ -180,7 +183,7 @@ jobs:
run: |
WEB_ARTIFACT=$(find . -name "web-*-selfhosted-DEV.zip" | head -1)
if [[ -n "${WEB_ARTIFACT}" ]]; then
echo "WEB_ARTIFACT_PATH=${WEB_ARTIFACT}" >> $GITHUB_ENV
echo "WEB_ARTIFACT_PATH=${WEB_ARTIFACT}" >> "$GITHUB_ENV"
fi
- name: Build and push Docker image
@@ -209,21 +212,24 @@ jobs:
DIGEST: ${{ steps.build-docker.outputs.digest }}
TAGS: ${{ steps.tag-list.outputs.tags }}
run: |
IFS="," read -a tags <<< "${TAGS}"
images=""
for tag in "${tags[@]}"; do
images+="${tag}@${DIGEST} "
IFS=',' read -r -a tags_array <<< "${TAGS}"
images=()
for tag in "${tags_array[@]}"; do
images+=("${tag}@${DIGEST}")
done
cosign sign --yes ${images}
echo "images=${images}" >> $GITHUB_OUTPUT
cosign sign --yes "${images[@]}"
echo "images=${images[*]}" >> "$GITHUB_OUTPUT"
- name: Verify the signed image(s) with Cosign
if: env.is_publish_branch == 'true'
env:
IMAGES: ${{ steps.sign.outputs.images }}
run: |
read -r -a images_array <<< "${COSIGN_IMAGES}"
cosign verify \
--certificate-identity "${{ github.server_url }}/${{ github.workflow_ref }}" \
--certificate-identity "${GITHUB_SERVER_URL}/${GITHUB_WORKFLOW_REF}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
${{ steps.sign.outputs.images }}
"${images_array[@]}"
- name: Scan Docker image
id: container-scan
@@ -244,7 +250,7 @@ jobs:
if: env.is_publish_branch == 'true'
run: |
docker logout ghcr.io
docker logout $_AZ_REGISTRY
docker logout "$_AZ_REGISTRY"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main

6
.github/workflows/release-digital-ocean.yml vendored
View File

@@ -23,6 +23,8 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main
@@ -47,7 +49,7 @@ jobs:
VERSION=$(grep '^ *"coreVersion":' version.json \
| awk -F\: '{ print $2 }' \
| sed -e 's/,$//' -e 's/^"//' -e 's/"$//')
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Set up Hashicorp Packer
uses: hashicorp/setup-packer@1aa358be5cf73883762b302a3a03abd66e75b232 # v3.1.0
@@ -76,4 +78,4 @@ jobs:
DO_ARTIFACT=$(jq -r '.builds[-1].artifact_id' manifest.json | cut -d ":" -f2)
# Force remove the snapshot
doctl compute image delete $DO_ARTIFACT -f
doctl compute image delete "$DO_ARTIFACT" -f

113
.github/workflows/release.yml vendored
View File

@@ -46,6 +46,8 @@ jobs:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Get Latest Self-Host Version
id: get-self-host
@@ -70,9 +72,11 @@ jobs:
CORE=$(jq -r '.versions.coreVersion' < version.json)
KEY_CONNECTOR=$(jq -r '.versions.keyConnectorVersion' < version.json)
echo "WEB_RELEASE_TAG=$WEB" >> $GITHUB_OUTPUT
echo "CORE_RELEASE_TAG=$CORE" >> $GITHUB_OUTPUT
echo "KEY_CONNECTOR_RELEASE_TAG=$KEY_CONNECTOR" >> $GITHUB_OUTPUT
{
echo "WEB_RELEASE_TAG=$WEB"
echo "CORE_RELEASE_TAG=$CORE"
echo "KEY_CONNECTOR_RELEASE_TAG=$KEY_CONNECTOR"
} >> "$GITHUB_OUTPUT"
release:
name: Create GitHub Release
@@ -85,54 +89,63 @@ jobs:
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
persist-credentials: false
- name: Get projects that changed versions
id: changed-projects
env:
_LATEST_SELF_HOST_VERSION: ${{ needs.setup.outputs._LATEST_SELF_HOST_VERSION }}
run: |
git diff --unified=0 $_LATEST_SELF_HOST_VERSION $GITHUB_REF_NAME -- version.json >> diff.txt
git diff --unified=0 "$_LATEST_SELF_HOST_VERSION" "$GITHUB_REF_NAME" -- version.json >> diff.txt
if grep -q "webVersion" diff.txt; then
echo "WEB_VERSION_CHANGED=true" >> $GITHUB_OUTPUT
echo "WEB_VERSION_CHANGED=true" >> "$GITHUB_OUTPUT"
fi
if grep -q "coreVersion" diff.txt; then
echo "CORE_VERSION_CHANGED=true" >> $GITHUB_OUTPUT
echo "CORE_VERSION_CHANGED=true" >> "$GITHUB_OUTPUT"
fi
if grep -q "keyConnectorVersion" diff.txt; then
echo "KEY_CONNECTOR_VERSION_CHANGED=true" >> $GITHUB_OUTPUT
echo "KEY_CONNECTOR_VERSION_CHANGED=true" >> "$GITHUB_OUTPUT"
fi
- name: Prepare release notes
id: prepare-release-notes
env:
CORE_VERSION_CHANGED: ${{ steps.changed-projects.outputs.CORE_VERSION_CHANGED }}
CORE_RELEASE_TAG: ${{ needs.setup.outputs._CORE_RELEASE_TAG }}
WEB_VERSION_CHANGED: ${{ steps.changed-projects.outputs.WEB_VERSION_CHANGED }}
WEB_RELEASE_TAG: ${{ needs.setup.outputs._WEB_RELEASE_TAG }}
KEY_CONNECTOR_VERSION_CHANGED: ${{ steps.changed-projects.outputs.KEY_CONNECTOR_VERSION_CHANGED }}
KEY_CONNECTOR_RELEASE_TAG: ${{ needs.setup.outputs._KEY_CONNECTOR_RELEASE_TAG }}
run: |
RELEASE_NOTES=""
if [ -n "${{ steps.changed-projects.outputs.CORE_VERSION_CHANGED }}" ]; then
RELEASE_NOTES+="Update Core version to [v${{ needs.setup.outputs._CORE_RELEASE_TAG }}](https://github.com/bitwarden/server/releases/tag/v${{ needs.setup.outputs._CORE_RELEASE_TAG }})"
if [ -n "${CORE_VERSION_CHANGED}" ]; then
RELEASE_NOTES+="Update Core version to [v${CORE_RELEASE_TAG}](https://github.com/bitwarden/server/releases/tag/v${CORE_RELEASE_TAG})"
fi
if [ -n "${{ steps.changed-projects.outputs.WEB_VERSION_CHANGED }}" ]; then
if [ -n "${WEB_VERSION_CHANGED}" ]; then
if [ -n "$RELEASE_NOTES" ]; then
RELEASE_NOTES+=$'\n'
fi
RELEASE_NOTES+="Update Web version to [v${{ needs.setup.outputs._WEB_RELEASE_TAG }}](https://github.com/bitwarden/clients/releases/tag/web-v${{ needs.setup.outputs._WEB_RELEASE_TAG }})"
RELEASE_NOTES+="Update Web version to [v${WEB_RELEASE_TAG}](https://github.com/bitwarden/clients/releases/tag/web-v${WEB_RELEASE_TAG})"
fi
if [ -n "${{ steps.changed-projects.outputs.KEY_CONNECTOR_VERSION_CHANGED }}" ]; then
if [ -n "${KEY_CONNECTOR_VERSION_CHANGED}" ]; then
if [ -n "$RELEASE_NOTES" ]; then
RELEASE_NOTES+=$'\n'
fi
RELEASE_NOTES+="Update Key Connector version to [v${{ needs.setup.outputs._KEY_CONNECTOR_RELEASE_TAG }}](https://github.com/bitwarden/key-connector/releases/tag/v${{ needs.setup.outputs._KEY_CONNECTOR_RELEASE_TAG }})"
RELEASE_NOTES+="Update Key Connector version to [v${KEY_CONNECTOR_RELEASE_TAG}](https://github.com/bitwarden/key-connector/releases/tag/v${KEY_CONNECTOR_RELEASE_TAG})"
fi
(
echo 'RELEASE_NOTES<<EOF'
echo "$RELEASE_NOTES"
echo EOF
) >> $GITHUB_OUTPUT
) >> "$GITHUB_OUTPUT"
- name: Create release
if: ${{ inputs.release_type != 'Dry Run' }}
@@ -165,6 +178,7 @@ jobs:
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: main
persist-credentials: false
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main
@@ -193,7 +207,7 @@ jobs:
AWS_DEFAULT_REGION: 'us-east-1'
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-bucket-name }}
run: |
aws s3 cp version.json $AWS_S3_BUCKET_NAME \
aws s3 cp version.json "$AWS_S3_BUCKET_NAME" \
--acl "public-read" \
--quiet
@@ -235,6 +249,7 @@ jobs:
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: main
persist-credentials: false
- name: Install Cosign
uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
@@ -248,17 +263,19 @@ jobs:
- name: Setup project name and release tag
id: setup
env:
MATRIX_RELEASE_TAG: ${{ matrix.release_tag }}
run: |
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}')
echo "Matrix name: ${{ matrix.project_name }}"
echo "PROJECT_NAME: $PROJECT_NAME"
echo "_PROJECT_NAME=$PROJECT_NAME" >> $GITHUB_ENV
echo "_PROJECT_NAME=$PROJECT_NAME" >> "$GITHUB_ENV"
if [ -z "${{ matrix.release_tag }}" ]; then
if [ -z "${MATRIX_RELEASE_TAG}" ]; then
# Use core release tag by default.
echo "_RELEASE_TAG=$_CORE_RELEASE_TAG" >> $GITHUB_ENV
echo "_RELEASE_TAG=$_CORE_RELEASE_TAG" >> "$GITHUB_ENV"
else
echo "_RELEASE_TAG=${{ matrix.release_tag }}" >> $GITHUB_ENV
echo "_RELEASE_TAG=${MATRIX_RELEASE_TAG}" >> "$GITHUB_ENV"
fi
### ghcr.io section
@@ -273,31 +290,31 @@ jobs:
if: ${{ inputs.release_type != 'Dry Run' }}
run: |
skopeo --version
skopeo login $_AZ_REGISTRY -u 00000000-0000-0000-0000-000000000000 -p $(az acr login --expose-token --name ${_AZ_REGISTRY%.azurecr.io} | jq -r .accessToken)
skopeo copy --all docker://$_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG docker://ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
skopeo copy --all docker://$_AZ_REGISTRY/$_PROJECT_NAME:latest docker://ghcr.io/bitwarden/$_PROJECT_NAME:latest
skopeo login "$_AZ_REGISTRY" -u 00000000-0000-0000-0000-000000000000 -p "$(az acr login --expose-token --name "${_AZ_REGISTRY%.azurecr.io}" | jq -r .accessToken)"
skopeo copy --all "docker://$_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG" "docker://ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG"
skopeo copy --all "docker://$_AZ_REGISTRY/$_PROJECT_NAME:latest" "docker://ghcr.io/bitwarden/$_PROJECT_NAME:latest"
- name: Sign image with Cosign
run: |
cosign sign --yes ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
cosign sign --yes ghcr.io/bitwarden/$_PROJECT_NAME:latest
cosign sign --yes "ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG"
cosign sign --yes "ghcr.io/bitwarden/$_PROJECT_NAME:latest"
- name: Verify the signed image with Cosign
run: |
cosign verify \
--certificate-identity "${{ github.server_url }}/${{ github.workflow_ref }}" \
--certificate-identity "${GITHUB_SERVER_URL}/${GITHUB_WORKFLOW_REF}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
"ghcr.io/bitwarden/$_PROJECT_NAME:$_RELEASE_TAG"
cosign verify \
--certificate-identity "${{ github.server_url }}/${{ github.workflow_ref }}" \
--certificate-identity "${GITHUB_SERVER_URL}/${GITHUB_WORKFLOW_REF}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/bitwarden/$_PROJECT_NAME:latest
"ghcr.io/bitwarden/$_PROJECT_NAME:latest"
- name: Log out of Docker
run: |
docker logout ghcr.io
docker logout $_AZ_REGISTRY
docker logout "$_AZ_REGISTRY"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
@@ -336,27 +353,27 @@ jobs:
if: ${{ inputs.release_type != 'Dry Run' }}
run: |
skopeo --version
skopeo login $_AZ_REGISTRY -u 00000000-0000-0000-0000-000000000000 -p $(az acr login --expose-token --name ${_AZ_REGISTRY%.azurecr.io} | jq -r .accessToken)
skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://ghcr.io/bitwarden/self-host:$_RELEASE_VERSION
skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://ghcr.io/bitwarden/self-host:beta # TODO: Delete after GA
# skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://ghcr.io/bitwarden/self-host:latest # TODO: uncomment after GA
skopeo login "$_AZ_REGISTRY" -u 00000000-0000-0000-0000-000000000000 -p "$(az acr login --expose-token --name "${_AZ_REGISTRY%.azurecr.io}" | jq -r .accessToken)"
skopeo copy --all "docker://$_AZ_REGISTRY/self-host:beta" "docker://ghcr.io/bitwarden/self-host:$_RELEASE_VERSION"
skopeo copy --all "docker://$_AZ_REGISTRY/self-host:beta" "docker://ghcr.io/bitwarden/self-host:beta" # TODO: Delete after GA
# skopeo copy --all "docker://$_AZ_REGISTRY/self-host:beta" "docker://ghcr.io/bitwarden/self-host:latest" # TODO: uncomment after GA
- name: Sign image with Cosign
run: |
cosign sign --yes ghcr.io/bitwarden/self-host:$_RELEASE_VERSION
cosign sign --yes ghcr.io/bitwarden/self-host:latest
cosign sign --yes "ghcr.io/bitwarden/self-host:$_RELEASE_VERSION"
cosign sign --yes "ghcr.io/bitwarden/self-host:latest"
- name: Verify the signed image with Cosign
run: |
cosign verify \
--certificate-identity "${{ github.server_url }}/${{ github.workflow_ref }}" \
--certificate-identity "${GITHUB_SERVER_URL}/${GITHUB_WORKFLOW_REF}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/bitwarden/self-host:$_RELEASE_VERSION
"ghcr.io/bitwarden/self-host:$_RELEASE_VERSION"
cosign verify \
--certificate-identity "${{ github.server_url }}/${{ github.workflow_ref }}" \
--certificate-identity "${GITHUB_SERVER_URL}/${GITHUB_WORKFLOW_REF}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/bitwarden/self-host:latest
"ghcr.io/bitwarden/self-host:latest"
- name: Log out of skopeo and ghcr.io
run: |
@@ -365,33 +382,33 @@ jobs:
########## ACR PROD ##########
- name: Login to Azure ACR
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}
run: az acr login -n "${_AZ_REGISTRY%.azurecr.io}"
- name: Pull latest project image
run: |
if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then
docker pull $_AZ_REGISTRY/self-host:dev
docker pull "$_AZ_REGISTRY/self-host:dev"
else
docker pull $_AZ_REGISTRY/self-host:beta
docker pull "$_AZ_REGISTRY/self-host:beta"
fi
- name: Tag version and latest
run: |
if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then
docker tag $_AZ_REGISTRY/self-host:dev $_AZ_REGISTRY/self-host:dryrun
docker tag "$_AZ_REGISTRY/self-host:dev" "$_AZ_REGISTRY/self-host:dryrun"
else
docker tag $_AZ_REGISTRY/self-host:beta $_AZ_REGISTRY/self-host:$_RELEASE_VERSION
docker tag $_AZ_REGISTRY/self-host:beta $_AZ_REGISTRY/self-host:latest
docker tag "$_AZ_REGISTRY/self-host:beta" "$_AZ_REGISTRY/self-host:$_RELEASE_VERSION"
docker tag "$_AZ_REGISTRY/self-host:beta" "$_AZ_REGISTRY/self-host:latest"
fi
- name: Push version and latest image
if: ${{ inputs.release_type != 'Dry Run' }}
run: |
docker push $_AZ_REGISTRY/self-host:$_RELEASE_VERSION
docker push $_AZ_REGISTRY/self-host:latest
docker push "$_AZ_REGISTRY/self-host:$_RELEASE_VERSION"
docker push "$_AZ_REGISTRY/self-host:latest"
- name: Log out of Docker
run: docker logout $_AZ_REGISTRY
run: docker logout "$_AZ_REGISTRY"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main

19
.github/workflows/update-versions.yml vendored
View File

@@ -20,6 +20,8 @@ jobs:
steps:
- name: Checkout Branch
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Get Latest Core Version
id: get-core
@@ -38,9 +40,9 @@ jobs:
echo "Latest Core Version: $LATEST_CORE_VERSION"
if [ "$CORE_VERSION" != "$LATEST_CORE_VERSION" ]; then
echo "Needs Core update!"
echo "update=1" >> $GITHUB_OUTPUT
echo "update=1" >> "$GITHUB_OUTPUT"
else
echo "update=0" >> $GITHUB_OUTPUT
echo "update=0" >> "$GITHUB_OUTPUT"
fi
- name: Get Latest Web Version
@@ -62,9 +64,9 @@ jobs:
echo "Latest Web Version: $LATEST_WEB_VERSION"
if [ "$WEB_VERSION" != "$LATEST_WEB_VERSION" ]; then
echo "Needs Web update!"
echo "update=1" >> $GITHUB_OUTPUT
echo "update=1" >> "$GITHUB_OUTPUT"
else
echo "update=0" >> $GITHUB_OUTPUT
echo "update=0" >> "$GITHUB_OUTPUT"
fi
- name: Get Latest Key Connector Version
@@ -84,9 +86,9 @@ jobs:
echo "Latest Key Connector Version: $LATEST_KEY_CONNECTOR_VERSION"
if [ "$KEY_CONNECTOR_VERSION" != "$LATEST_KEY_CONNECTOR_VERSION" ]; then
echo "Needs Key Connector update!"
echo "update=1" >> $GITHUB_OUTPUT
echo "update=1" >> "$GITHUB_OUTPUT"
else
echo "update=0" >> $GITHUB_OUTPUT
echo "update=0" >> "$GITHUB_OUTPUT"
fi
@@ -131,6 +133,7 @@ jobs:
with:
ref: main
token: ${{ steps.app-token.outputs.token }}
persist-credentials: true
- name: Configure Git
run: |
@@ -165,9 +168,9 @@ jobs:
id: version-changed
run: |
if [ -n "$(git status --porcelain)" ]; then
echo "changes_to_commit=TRUE" >> $GITHUB_OUTPUT
echo "changes_to_commit=TRUE" >> "$GITHUB_OUTPUT"
else
echo "changes_to_commit=FALSE" >> $GITHUB_OUTPUT
echo "changes_to_commit=FALSE" >> "$GITHUB_OUTPUT"
echo "No changes to commit!";
fi