Simon/self-host
1
0
Fork 0
mirror of https://github.com/bitwarden/self-host.git synced 2026-06-27 13:55:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
411 Commits 20 Branches 114 Tags
main
Commit Graph

411 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
brandonbiete
1821ae8710 [BRE-2049] Add tag existence check to prevent overwriting images (#528) 
Prevents build-bitwarden-lite from overwriting existing production
container image tags by checking both GHCR and ACR registries.

Changes:
- Check both GHCR and ACR before building
- Distinguish 'not found' from 'error' to fail closed
- Only validates version tags (X.Y.Z format)
- Skips check for dev/branch tags to allow rebuilds
- Fails with clear error if tag exists or check fails

Security: Prevents silent failures from registry errors, rate limits,
auth failures, or network timeouts from allowing overwrites.

This provides defense-in-depth protection against tag overwrites
from any workflow source, regardless of how it was triggered.
 2026-06-26 12:13:06 -04:00
bre-deploy[bot]
dfcf1937ce Updated core, web, and key-connector versions v2026.6.1 2026-06-25 19:10:14 +00:00
MtnBurrit0
c360ce441b Bump to aspnet:10 (#526) 2026-06-25 10:36:05 -06:00
bre-deploy[bot]
a1e108f800 Updated core, web, and key-connector versions v2026.6.0 2026-06-11 20:13:52 +00:00
renovate[bot]
4cf50517d0 [deps]: Update gh minor (#522) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-06-09 10:36:21 +01:00
MtnBurrit0
6ebfaef7ae [SHOT-96] Apply new http2 directive (#521) 
* Apply new http2 directive

Removed 'http2' from listen directives and enabled http2 in the server block.

* typo
 2026-06-05 13:51:55 -06:00
Tyler
4772370a05 BRE-1893 fix(marketplace): guard setup wizard against non-interactive shells (#520) 2026-06-03 17:41:57 -04:00
Tyler
faeaa6cea6 BRE-1893 fix(marketplace): preserve 001_onboot on cloud-init clean (#519) 2026-06-02 10:33:45 -04:00
Tyler
48495a7b6d fix(azure-marketplace): reset cloud-init state (#518) 2026-06-01 18:07:07 -04:00
Tyler
cebb3295b5 [BRE-1964] chore(CODEOWNERS): marketplace images (#515) 2026-06-01 10:17:41 -06:00
bre-deploy[bot]
76f5ca9234 Updated core, web, and key-connector versions v2026.5.0 2026-05-29 21:07:33 +00:00
Tyler
8aa3d8adb2 [BRE-1869] chore(CODEOWNERS): cleanup (#516) 2026-05-29 08:22:37 -06:00
Tyler
61b458ac8c [BRE-1893] fix(azure-marketplace): certification failure (#514) 2026-05-28 13:19:01 -06:00
renovate[bot]
3d0409ecad [deps]: Update gh minor (#511) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-05-26 13:49:28 +01:00
renovate[bot]
955c005833 [deps]: Update docker/dockerfile Docker tag to v1.24 (#512) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-05-21 14:40:07 -06:00
MtnBurrit0
0f514b177b Add SSL certificates to the trusted CA store (#510) 2026-05-20 16:47:26 +01:00
keithhubner
49c8b9338f added lite workflow for fork PRs (#509) 
* added lite workflow for fork PRs

* sonarqube secrets fix

* specific read permissions on jobs
 2026-05-19 14:35:50 +01:00
aj-bw
57bfc4763b add in a server registry arg to support feature branch builds for QA (#507) 2026-05-12 15:54:15 -04:00
Tyler
1c345360aa BRE-1893 fix(marketplace): defer host-key removal (#506) 2026-05-12 15:47:46 -04:00
Tyler
d8d98d8827 BRE-1893 fix(azure-marketplace): correct validator and history cleanup (#505) 2026-05-12 14:46:02 -04:00
renovate[bot]
5f73b43d42 [deps]: Update gh minor (#495) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-05-12 11:24:34 -06:00
Tyler
501cd7e511 BRE-1869 Delete release workflows (#500) 2026-05-12 12:32:09 -04:00
Tyler
6a68aefd3f BRE-1893 fix(azure-marketplace): resolve certification failures (#504) 
[BRE-1893](https://bitwarden.atlassian.net/browse/BRE-1893)

Address Azure Marketplace certification failures from the 2026.4.1
release submission.
* ClientAliveInterval (200.3.3.1): write the setting to
  /etc/ssh/sshd_config.d/10-azure-marketplace.conf so it wins over
  cloud-init's drop-in. Validator reads sshd -T to match what Azure
  tests.
* No swap on OS disk (200.3.3.3): set ResourceDisk.EnableSwap=n in
  /etc/waagent.conf and drop a cloud-init swap module so swap is not
  recreated on first boot. Validator asserts the waagent.conf setting.
* Linux Agent (200.3.3.4): explicitly install walinuxagent from
  noble-updates and systemctl enable it so the agent reports to the
  Azure fabric on first boot. Validator adds an is-enabled check.
* Bash history (200.5.1): delete .bash_history in the
  final packer provisioner with HISTFILE=/dev/null so subsequent steps
  do not repopulate it. Validator checks for file absence.
 2026-05-12 12:01:20 -04:00
Tyler
9076109dd8 BRE-1886 feat(build-bitwarden-lite): add run-name (#503) 2026-05-08 17:01:27 -04:00
bre-deploy[bot]
2d12de8395 Updated core, web, and key-connector versions v2026.4.1 2026-05-07 19:41:30 +00:00
Tyler
044e721031 BRE-1869 feat(build-bitwarden-lite): repository dispatch input (#502) 2026-05-07 11:03:48 -06:00
Andy Pixley
baf1e18ae4 [BRE-1871] Adding repository dispatch listener for lite build (#501) 2026-05-05 17:02:39 -04:00
Sander Adamse
94e7f63741 [SHOT-148] fix: syntax error in BUILT_IN_MS_SQL_ENABLED conditional check (#492) 
* fix: syntax error in BUILT_IN_MS_SQL_ENABLED conditional check

* fix: use != false check for BUILT_IN_MS_SQL_ENABLED
 2026-04-27 08:54:38 +01:00
Vince Grassia
37575e1c83 Tidy up version logic (#498) 2026-04-22 15:13:59 -04:00
Vince Grassia
7c243dd7dd [BRE-1533] Fix logic for pushing to ACR / GHCR (#493) 2026-04-20 10:51:30 -06:00
Kyle Spearrin
09b8808a75 azure cert report updates (#497) 2026-04-20 11:41:19 -04:00
MtnBurrit0
67261cc892 Remove cache-from and cache-to options in workflow (#489) 2026-04-20 14:28:50 +01:00
Kyle Spearrin
35a44f8391 Merge lite and standard marketplace images (#496) 
* Merge lite and standard images

* DO changes

* fix release workflow
 2026-04-17 08:25:18 -06:00
renovate[bot]
ffb3e1e398 [deps]: Update docker/login-action action to v4 (#470) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-04-16 14:00:13 +01:00
bw-ghapp[bot]
2e72cc1b5c Updated core, web, and key-connector versions v2026.4.0 2026-04-16 12:47:39 +00:00
Vince Grassia
905f1dd8f1 Add Review Code workflow (#494) 2026-04-15 15:53:41 -06:00
Kyle Spearrin
2dd1ef7f7a Bitwarden Lite Marketplace Images (#491) 
* lite marketplace listings

* reuse ufw
 2026-04-15 19:26:22 +02:00
renovate[bot]
e469a532f5 [deps]: Update docker/dockerfile Docker tag to v1.23 (#468) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-04-10 08:53:15 -06:00
MtnBurrit0
4912d12ed8 Add build arg for web container registry, dynamically set it based on branch built (#490) 
Used web-dev container for dev,rc
 2026-04-08 15:02:26 -06:00
Kyle Spearrin
a7aadf07b8 Fix marketplace image versioning by passing release version from release pipeline (#485) 
* Fix azure release version

* fix all

* use env vars
 2026-04-02 20:26:18 -04:00
Andy Pixley
7702d193f9 Revert "Revert "[BRE-1004] Update release workflow to tag images from GHCR in…" (#484) 
This reverts commit 04d398e52c.
v2026.3.2 		2026-04-02 16:09:33 -04:00
Andy Pixley
04d398e52c Revert "[BRE-1004] Update release workflow to tag images from GHCR instead of…" (#483) 
This reverts commit 2066e607cc.
 2026-04-02 15:35:16 -04:00
bw-ghapp[bot]
35209e0b04 Updated core, web, and key-connector versions 2026-04-02 19:06:54 +00:00
Vince Grassia
2066e607cc [BRE-1004] Update release workflow to tag images from GHCR instead of ACR (#474) 2026-04-01 17:51:06 -04:00
Vince Grassia
224c5aeacf Remove release triggers from marketplace workflows (#482) 2026-04-01 11:55:45 -04:00
MtnBurrit0
08922d41f4 Refactor lite dockerfile to pull from existing compiled sources (#480) 
* Refactor BW lite dockerfile to copy from already compiled sources

* Consolidate RUN steps & add caching to GHA

* Update supervisord configs

* Improve web tag sanitization
Found while testing branches:
- 264-UI
- AC-217-Migrate-Cards-To-Banners
- Ac-1410/update_planresponsemodel_on_client

We need to lowercase and replace "/".

* Tune cache

* Update bitwarden-lite/Dockerfile

Alphabetical ordering

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>

* Update bitwarden-lite/Dockerfile

Alphabetical ordering

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>

---------

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
 2026-04-01 07:58:12 +01:00
Kyle Spearrin
36730f4e40 Update marketplace images to ubuntu 24.04 lts (#481) 
* update marketplace images to ubuntu 22.04 lts

* fix azure build script

* fix azure again
 2026-03-31 15:31:58 -04:00
Kyle Spearrin
b61b666b0b Consolidate marketplace assets (#479) 
* azure cleanup

* cleanup packer keys

* cleanup azure

* consolidate marketplace assets

* dev build versions
 2026-03-30 16:02:35 -04:00
Kyle Spearrin
e3dbc253e1 support for AWS marketplace (#477) 2026-03-27 11:26:10 -04:00
renovate[bot]
f7a22a77d5 [deps]: Update docker/setup-buildx-action action to v4 (#471) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-26 10:34:44 -06:00