Simon/self-host
1
0
Fork 0
mirror of https://github.com/bitwarden/self-host.git synced 2026-06-29 14:55:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ddcd62c1fb9736540bb7af52646bad20cd01d604
self-host/.github/workflows/release.yml
Vince Grassia ddcd62c1fb Update workflows (#71)
2022-12-15 14:02:35 -05:00

293 lines
9.5 KiB
YAML
Raw Blame History

---
name: Release
on:
workflow_dispatch:
inputs:
release_version:
description: "Release Version"
required: true
jobs:
setup:
name: Setup
runs-on: ubuntu-22.04
steps:
- name: Branch check
run: |
if [[ "$GITHUB_REF" != "refs/heads/master" ]]; then
echo "==================================="
echo "[!] Can only release from the 'master' branch"
echo "==================================="
exit 1
fi
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Get Latest Self-Host Version
id: get-self-host
uses: bitwarden/gh-actions/get-release-version@664c8899c95490c65dac0df11519d24ed8419c85
with:
repository: bitwarden/self-host
- name: Check Release Version
env:
RELEASE_VERSION: ${{ github.event.inputs.release_version }}
PREVIOUS_RELEASE_VERSION: ${{ steps.get-self-host.outputs.version }}
run: |
if [ "$RELEASE_VERSION" == "$PREVIOUS_RELEASE_VERSION" ]; then
echo "[!] Already released v$RELEASE_VERSION. Please bump version to continue"
exit 1
fi
release:
name: Create GitHub Release
runs-on: ubuntu-22.04
needs: setup
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
ref: master
- name: Create release
uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09
with:
artifacts: 'bitwarden.sh,
run.sh,
bitwarden.ps1,
run.ps1,
version.json'
commit: ${{ github.sha }}
tag: "v${{ github.event.inputs.release_version }}"
name: "Version ${{ github.event.inputs.release_version }}"
body: "<insert release notes here>"
token: ${{ secrets.GITHUB_TOKEN }}
draft: true
release-version:
name: Upload version.json
runs-on: ubuntu-22.04
needs:
- setup
- release
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
ref: master
- name: Login to Azure
uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
with:
keyvault: "bitwarden-prod-kv"
secrets: "aws-selfhost-version-access-id,
aws-selfhost-version-access-key,
r2-electron-access-id,
r2-electron-access-key,
r2-bitwarden-selfhost-version-bucket-name,
cf-prod-account"
- name: Upload version.json to S3 bucket
env:
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-key }}
AWS_DEFAULT_REGION: 'us-west-2'
AWS_S3_BUCKET_NAME: 's3://public-s3-bitwarden-selfhost-version-artifact'
run: |
aws s3 cp version.json $AWS_S3_BUCKET_NAME \
--acl "public-read" \
--quiet
- name: Upload version.json to R2 bucket
env:
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.r2-electron-access-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.r2-electron-access-key }}
AWS_DEFAULT_REGION: 'us-east-1'
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.r2-bitwarden-selfhost-version-bucket-name }}
CF_ACCOUNT: ${{ steps.retrieve-secrets.outputs.cf-prod-account }}
run: |
aws s3 cp version.json $AWS_S3_BUCKET_NAME \
--quiet \
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com
tag-docker-latest:
name: Tag Docker images latest
runs-on: ubuntu-22.04
needs:
- setup
- release
env:
_RELEASE_VERSION: ${{ github.event.inputs.release_version }}
_BRANCH_NAME: master
strategy:
fail-fast: false
matrix:
include:
- project_name: Admin
- project_name: Api
- project_name: Attachments
- project_name: Events
- project_name: Icons
- project_name: Identity
- project_name: MsSql
- project_name: Nginx
- project_name: Notifications
- project_name: Server
- project_name: Setup
- project_name: Sso
- project_name: Web
- project_name: Scim
steps:
- name: Print environment
run: |
whoami
docker --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
ref: master
- name: Setup project name
id: setup
run: |
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}')
echo "Matrix name: ${{ matrix.project_name }}"
echo "PROJECT_NAME: $PROJECT_NAME"
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT
########## DockerHub ##########
- name: Setup DCT
id: setup-dct
uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
with:
azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
azure-keyvault-name: "bitwarden-prod-kv"
- name: Pull versioned image
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: docker pull bitwarden/$PROJECT_NAME:$_RELEASE_VERSION
- name: Tag latest
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: docker tag bitwarden/$PROJECT_NAME:$_RELEASE_VERSION bitwarden/$PROJECT_NAME:latest
- name: Push latest image
env:
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: |
if [ "$PROJECT_NAME" == "scim" ]; then
export DOCKER_CONTENT_TRUST=0
fi
docker push bitwarden/$PROJECT_NAME:latest
- name: Log out of Docker and disable Docker Notary
run: |
docker logout
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
########## ACR ##########
- name: Login to Azure - QA Subscription
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
- name: Login to Azure ACR
run: az acr login -n bitwardenqa
- name: Tag latest
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenqa.azurecr.io
run: docker tag bitwarden/$PROJECT_NAME:$_RELEASE_VERSION $REGISTRY/$PROJECT_NAME:latest
- name: Push version and latest image
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenqa.azurecr.io
run: docker push $REGISTRY/$PROJECT_NAME:latest
- name: Log out of Docker
run: docker logout
tag-docker-web-latest:
name: Tag Web Docker images from bitwardenqa latest
runs-on: ubuntu-22.04
needs:
- setup
- release
strategy:
fail-fast: false
matrix:
include:
- project_name: web-sh
# - project_name: web-ee # Needs to be fixed in Web client release workflow.
env:
_RELEASE_VERSION: ${{ github.event.inputs.release_version }}
_BRANCH_NAME: master
steps:
- name: Print environment
run: |
whoami
docker --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
ref: master
- name: Setup project name
id: setup
run: |
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}')
echo "Matrix name: ${{ matrix.project_name }}"
echo "PROJECT_NAME: $PROJECT_NAME"
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT
########## ACR ##########
- name: Login to Azure - QA Subscription
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
- name: Login to Azure ACR
run: az acr login -n bitwardenqa
- name: Pull versioned image
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenqa.azurecr.io
run: docker pull $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
- name: Tag latest
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenqa.azurecr.io
run: docker tag $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION $REGISTRY/$PROJECT_NAME:latest
- name: Push version and latest image
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenqa.azurecr.io
run: docker push $REGISTRY/$PROJECT_NAME:latest
- name: Log out of Docker
run: docker logout
Reference in New Issue View Git Blame Copy Permalink