Update release to update Docker Compose image tag (#433)

2026-06-27 22:05:45 +00:00 · 2025-12-03 12:53:19 -05:00
parent 9715612c59
commit 91c4dba13d
1 changed files with 62 additions and 0 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -411,9 +411,42 @@ jobs:
    env:
      _CORE_VERSION: ${{ needs.update-versions.outputs.core_release_tag }}
    permissions:
+      contents: write
      id-token: write
      packages: write
    steps:
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0
+        id: app-token
+        with:
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+          permission-contents: write
+
+      - name: Checkout repo
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          ref: main
+          token: ${{ steps.app-token.outputs.token }}
+          persist-credentials: true
+
      - name: Login to GitHub Container Registry
        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
        with:
@@ -435,6 +468,35 @@ jobs:
      - name: Log out of ghcr.io
        run: docker logout ghcr.io

+      - name: Update docker-compose.yml with new version
+        run: |
+          sed -i -e "s|lite:\${TAG:-[^}]*}|lite:\${TAG:-$_CORE_VERSION}|" bitwarden-lite/docker-compose.yml
+          echo ":pencil: Updated docker-compose.yml TAG to $_CORE_VERSION" >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Check if version changed
+        id: version-changed
+        run: |
+          if [ -n "$(git status --porcelain)" ]; then
+            echo "changes_to_commit=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "changes_to_commit=false" >> "$GITHUB_OUTPUT"
+            echo "No changes to commit"
+          fi
+
+      - name: Configure Git
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'true' }}
+        run: |
+          git config --local user.email "178206702+bw-ghapp[bot]@users.noreply.github.com"
+          git config --local user.name "bw-ghapp[bot]"
+
+      - name: Commit files
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'true' }}
+        run: git commit -m "Update Bitwarden lite docker-compose.yml to $_CORE_VERSION" -a
+
+      - name: Push changes
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'true' }}
+        run: git push
+

  trigger-workflows:
    name: Trigger workflows