nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 05:28:15 -05:00
Code

ci: update workflow to work with new Dockerfiles

Browse Source 
Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
This commit is contained in:
tangowithfoxtrot 2025-03-13 07:21:02 -07:00
parent 9c9d739f65
commit 06efbbfec4
No known key found for this signature in database
1 changed files with 56 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
.github/workflows/build.yml vendored
View File

@ -21,8 +21,7 @@ jobs:
lint:
name: Lint
runs-on: ubuntu-22.04
needs:
- check-run
needs: check-run
steps:
- name: Check out repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@ -35,105 +34,13 @@ jobs:
- name: Verify format
run: dotnet format --verify-no-changes
build-artifacts:
name: Build artifacts
runs-on: ubuntu-22.04
needs:
- lint
strategy:
fail-fast: false
matrix:
include:
- project_name: Admin
base_path: ./src
node: true
- project_name: Api
base_path: ./src
- project_name: Billing
base_path: ./src
- project_name: Events
base_path: ./src
- project_name: EventsProcessor
base_path: ./src
- project_name: Icons
base_path: ./src
- project_name: Identity
base_path: ./src
- project_name: MsSqlMigratorUtility
base_path: ./util
dotnet: true
- project_name: Notifications
base_path: ./src
- project_name: Scim
base_path: ./bitwarden_license/src
dotnet: true
- project_name: Server
base_path: ./util
- project_name: Setup
base_path: ./util
- project_name: Sso
base_path: ./bitwarden_license/src
node: true
steps:
- name: Check out repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up .NET
uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0
- name: Set up Node
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: "npm"
cache-dependency-path: "**/package-lock.json"
node-version: "16"
- name: Print environment
run: |
whoami
dotnet --info
node --version
npm --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Build node
if: ${{ matrix.node }}
working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }}
run: |
npm ci
npm run build
- name: Publish project
working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }}
run: |
echo "Publish"
dotnet publish -c "Release" -o obj/build-output/publish
cd obj/build-output/publish
zip -r ${{ matrix.project_name }}.zip .
mv ${{ matrix.project_name }}.zip ../../../
pwd
ls -atlh ../../../
- name: Upload project artifact
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: ${{ matrix.project_name }}.zip
path: ${{ matrix.base_path }}/${{ matrix.project_name }}/${{ matrix.project_name }}.zip
if-no-files-found: error
build-docker:
name: Build Docker images
runs-on: ubuntu-22.04
needs: lint
permissions:
security-events: write
id-token: write
needs:
- build-artifacts
security-events: write
strategy:
fail-fast: false
matrix:
@ -148,41 +55,38 @@ jobs:
base_path: ./util
- project_name: Billing
base_path: ./src
dotnet: true
upload_artifact: true
- project_name: Events
base_path: ./src
dotnet: true
upload_artifact: true
- project_name: EventsProcessor
base_path: ./src
dotnet: true
upload_artifact: true
- project_name: Icons
base_path: ./src
dotnet: true
upload_artifact: true
- project_name: Identity
base_path: ./src
dotnet: true
upload_artifact: true
- project_name: MsSql
base_path: ./util
- project_name: MsSqlMigratorUtility
base_path: ./util
dotnet: true
upload_artifact: true
- project_name: Nginx
base_path: ./util
- project_name: Notifications
base_path: ./src
dotnet: true
upload_artifact: true
- project_name: Scim
base_path: ./bitwarden_license/src
dotnet: true
- project_name: Server
base_path: ./util
dotnet: true
upload_artifact: true
- project_name: Setup
base_path: ./util
dotnet: true
upload_artifact: true
- project_name: Sso
base_path: ./bitwarden_license/src
dotnet: true
upload_artifact: true
steps:
- name: Check out repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@ -202,6 +106,13 @@ jobs:
echo "is_publish_branch=false" >> $GITHUB_ENV
fi
########## Set up Docker ##########
- name: Set up QEMU emulators
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
########## ACRs ##########
- name: Log in to Azure - production subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@ -211,18 +122,6 @@ jobs:
- name: Log in to ACR - production subscription
run: az acr login -n bitwardenprod
- name: Log in to Azure - CI subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve GitHub PAT secrets
id: retrieve-secret-pat
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "github-pat-bitwarden-devops-bot-repo-scope"
########## Generate image tag and build Docker image ##########
- name: Generate Docker image tag
id: tag
@ -263,30 +162,26 @@ jobs:
fi
echo "tags=$TAGS" >> $GITHUB_OUTPUT
- name: Get build artifact
if: ${{ matrix.dotnet }}
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: ${{ matrix.project_name }}.zip
- name: Set up build artifact
if: ${{ matrix.dotnet }}
run: |
mkdir -p ${{ matrix.base_path}}/${{ matrix.project_name }}/obj/build-output/publish
unzip ${{ matrix.project_name }}.zip \
-d ${{ matrix.base_path }}/${{ matrix.project_name }}/obj/build-output/publish
- name: Generate image full name
id: cache-name
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: echo "name=${_AZ_REGISTRY}/${PROJECT_NAME}:buildcache" >> $GITHUB_OUTPUT
- name: Build Docker image
id: build-docker
uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
with:
context: ${{ matrix.base_path }}/${{ matrix.project_name }}
cache-from: type=registry,ref=${{ steps.cache-name.outputs.name }}
cache-to: type=registry,ref=${{ steps.cache-name.outputs.name}},mode=max
context: .
file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile
platforms: linux/amd64
platforms: |
linux/amd64,
linux/arm/v7,
linux/arm64
push: true
tags: ${{ steps.image-tags.outputs.tags }}
secrets: |
"GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}"
- name: Install Cosign
if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
@ -318,8 +213,8 @@ jobs:
with:
sarif_file: ${{ steps.container-scan.outputs.sarif }}
upload:
name: Upload
build-stub-swagger:
name: Build Docker-Stub/Swagger
runs-on: ubuntu-22.04
needs: build-docker
steps:
@ -336,8 +231,11 @@ jobs:
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Log in to ACR - production subscription
run: az acr login -n $_AZ_REGISTRY --only-show-errors
- name: Login to PROD ACR
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}
- name: Restore
run: dotnet tool restore
- name: Make Docker stubs
if: |
@ -432,8 +330,10 @@ jobs:
- name: Build Public API Swagger
run: |
cd ./src/Api
echo "Restore tools"
dotnet tool restore
echo "Restore"
dotnet restore --locked-mode
echo "Clean"
dotnet clean -c "Release" -o obj/build-output/publish
echo "Publish"
dotnet publish -c "Release" -o obj/build-output/publish
@ -497,8 +397,7 @@ jobs:
build-mssqlmigratorutility:
name: Build MSSQL migrator utility
runs-on: ubuntu-22.04
needs:
- lint
needs: lint
defaults:
run:
shell: bash
@ -526,6 +425,11 @@ jobs:
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Restore project
run: |
echo "Restore"
dotnet restore --locked-mode
- name: Publish project
run: |
dotnet publish -c "Release" -o obj/build-output/publish -r ${{ matrix.target }} -p:PublishSingleFile=true \
@ -553,8 +457,7 @@ jobs:
github.event_name != 'pull_request_target'
&& (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc')
runs-on: ubuntu-22.04
needs:
- build-docker
needs: build-docker
steps:
- name: Log in to Azure - CI subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@ -587,8 +490,7 @@ jobs:
name: Trigger k8s deploy
if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
runs-on: ubuntu-22.04
needs:
- build-docker
needs: build-docker
steps:
- name: Log in to Azure - CI subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@ -624,8 +526,7 @@ jobs:
github.event_name == 'pull_request_target'
&& contains(github.event.pull_request.labels.*.name, 'ephemeral-environment')
runs-on: ubuntu-24.04
needs:
- build-docker
needs: build-docker
steps:
- name: Log in to Azure - CI subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@ -671,16 +572,17 @@ jobs:
check-failures:
name: Check for failures
if: always()
if: false
runs-on: ubuntu-22.04
needs:
- lint
- build-artifacts
- build-docker
- upload
- build-stub-swagger
- build-mssqlmigratorutility
- self-host-build
- trigger-k8s-deploy
- trigger-ee-updates
- trigger-ephemeral-environment-sync
steps:
- name: Check if any job failed
if: |