From 06efbbfec4d64266fb6fbe46ac47c75c65c52b26 Mon Sep 17 00:00:00 2001 From: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com> Date: Thu, 13 Mar 2025 07:21:02 -0700 Subject: [PATCH] ci: update workflow to work with new Dockerfiles Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/build.yml | 210 ++++++++++-------------------------- 1 file changed, 56 insertions(+), 154 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3b96eeb468..faac75146f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -21,8 +21,7 @@ jobs: lint: name: Lint runs-on: ubuntu-22.04 - needs: - - check-run + needs: check-run steps: - name: Check out repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -35,105 +34,13 @@ jobs: - name: Verify format run: dotnet format --verify-no-changes - build-artifacts: - name: Build artifacts - runs-on: ubuntu-22.04 - needs: - - lint - strategy: - fail-fast: false - matrix: - include: - - project_name: Admin - base_path: ./src - node: true - - project_name: Api - base_path: ./src - - project_name: Billing - base_path: ./src - - project_name: Events - base_path: ./src - - project_name: EventsProcessor - base_path: ./src - - project_name: Icons - base_path: ./src - - project_name: Identity - base_path: ./src - - project_name: MsSqlMigratorUtility - base_path: ./util - dotnet: true - - project_name: Notifications - base_path: ./src - - project_name: Scim - base_path: ./bitwarden_license/src - dotnet: true - - project_name: Server - base_path: ./util - - project_name: Setup - base_path: ./util - - project_name: Sso - base_path: ./bitwarden_license/src - node: true - steps: - - name: Check out repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: Set up .NET - uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 - - - name: Set up Node - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 - with: - cache: "npm" - cache-dependency-path: "**/package-lock.json" - node-version: "16" - - - name: Print environment - run: | - whoami - dotnet --info - node --version - npm --version - echo "GitHub ref: $GITHUB_REF" - echo "GitHub event: $GITHUB_EVENT" - - - name: Build node - if: ${{ matrix.node }} - working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }} - run: | - npm ci - npm run build - - - name: Publish project - working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }} - run: | - echo "Publish" - dotnet publish -c "Release" -o obj/build-output/publish - - cd obj/build-output/publish - zip -r ${{ matrix.project_name }}.zip . - mv ${{ matrix.project_name }}.zip ../../../ - - pwd - ls -atlh ../../../ - - - name: Upload project artifact - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - with: - name: ${{ matrix.project_name }}.zip - path: ${{ matrix.base_path }}/${{ matrix.project_name }}/${{ matrix.project_name }}.zip - if-no-files-found: error - build-docker: name: Build Docker images runs-on: ubuntu-22.04 + needs: lint permissions: - security-events: write id-token: write - needs: - - build-artifacts + security-events: write strategy: fail-fast: false matrix: @@ -148,41 +55,38 @@ jobs: base_path: ./util - project_name: Billing base_path: ./src - dotnet: true + upload_artifact: true - project_name: Events base_path: ./src - dotnet: true + upload_artifact: true - project_name: EventsProcessor base_path: ./src - dotnet: true + upload_artifact: true - project_name: Icons base_path: ./src - dotnet: true + upload_artifact: true - project_name: Identity base_path: ./src - dotnet: true + upload_artifact: true - project_name: MsSql base_path: ./util - project_name: MsSqlMigratorUtility base_path: ./util - dotnet: true + upload_artifact: true - project_name: Nginx base_path: ./util - project_name: Notifications base_path: ./src - dotnet: true + upload_artifact: true - project_name: Scim base_path: ./bitwarden_license/src - dotnet: true - - project_name: Server - base_path: ./util - dotnet: true + upload_artifact: true - project_name: Setup base_path: ./util - dotnet: true + upload_artifact: true - project_name: Sso base_path: ./bitwarden_license/src - dotnet: true + upload_artifact: true steps: - name: Check out repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -202,6 +106,13 @@ jobs: echo "is_publish_branch=false" >> $GITHUB_ENV fi + ########## Set up Docker ########## + - name: Set up QEMU emulators + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + ########## ACRs ########## - name: Log in to Azure - production subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 @@ -211,18 +122,6 @@ jobs: - name: Log in to ACR - production subscription run: az acr login -n bitwardenprod - - name: Log in to Azure - CI subscription - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve GitHub PAT secrets - id: retrieve-secret-pat - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "github-pat-bitwarden-devops-bot-repo-scope" - ########## Generate image tag and build Docker image ########## - name: Generate Docker image tag id: tag @@ -263,30 +162,26 @@ jobs: fi echo "tags=$TAGS" >> $GITHUB_OUTPUT - - name: Get build artifact - if: ${{ matrix.dotnet }} - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: ${{ matrix.project_name }}.zip - - - name: Set up build artifact - if: ${{ matrix.dotnet }} - run: | - mkdir -p ${{ matrix.base_path}}/${{ matrix.project_name }}/obj/build-output/publish - unzip ${{ matrix.project_name }}.zip \ - -d ${{ matrix.base_path }}/${{ matrix.project_name }}/obj/build-output/publish + - name: Generate image full name + id: cache-name + env: + PROJECT_NAME: ${{ steps.setup.outputs.project_name }} + run: echo "name=${_AZ_REGISTRY}/${PROJECT_NAME}:buildcache" >> $GITHUB_OUTPUT - name: Build Docker image id: build-docker uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: - context: ${{ matrix.base_path }}/${{ matrix.project_name }} + cache-from: type=registry,ref=${{ steps.cache-name.outputs.name }} + cache-to: type=registry,ref=${{ steps.cache-name.outputs.name}},mode=max + context: . file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile - platforms: linux/amd64 + platforms: | + linux/amd64, + linux/arm/v7, + linux/arm64 push: true tags: ${{ steps.image-tags.outputs.tags }} - secrets: | - "GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}" - name: Install Cosign if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main' @@ -318,8 +213,8 @@ jobs: with: sarif_file: ${{ steps.container-scan.outputs.sarif }} - upload: - name: Upload + build-stub-swagger: + name: Build Docker-Stub/Swagger runs-on: ubuntu-22.04 needs: build-docker steps: @@ -336,8 +231,11 @@ jobs: with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - name: Log in to ACR - production subscription - run: az acr login -n $_AZ_REGISTRY --only-show-errors + - name: Login to PROD ACR + run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} + + - name: Restore + run: dotnet tool restore - name: Make Docker stubs if: | @@ -432,8 +330,10 @@ jobs: - name: Build Public API Swagger run: | cd ./src/Api - echo "Restore tools" - dotnet tool restore + echo "Restore" + dotnet restore --locked-mode + echo "Clean" + dotnet clean -c "Release" -o obj/build-output/publish echo "Publish" dotnet publish -c "Release" -o obj/build-output/publish @@ -497,8 +397,7 @@ jobs: build-mssqlmigratorutility: name: Build MSSQL migrator utility runs-on: ubuntu-22.04 - needs: - - lint + needs: lint defaults: run: shell: bash @@ -526,6 +425,11 @@ jobs: echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" + - name: Restore project + run: | + echo "Restore" + dotnet restore --locked-mode + - name: Publish project run: | dotnet publish -c "Release" -o obj/build-output/publish -r ${{ matrix.target }} -p:PublishSingleFile=true \ @@ -553,8 +457,7 @@ jobs: github.event_name != 'pull_request_target' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc') runs-on: ubuntu-22.04 - needs: - - build-docker + needs: build-docker steps: - name: Log in to Azure - CI subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 @@ -587,8 +490,7 @@ jobs: name: Trigger k8s deploy if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main' runs-on: ubuntu-22.04 - needs: - - build-docker + needs: build-docker steps: - name: Log in to Azure - CI subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 @@ -624,8 +526,7 @@ jobs: github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'ephemeral-environment') runs-on: ubuntu-24.04 - needs: - - build-docker + needs: build-docker steps: - name: Log in to Azure - CI subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 @@ -671,16 +572,17 @@ jobs: check-failures: name: Check for failures - if: always() + if: false runs-on: ubuntu-22.04 needs: - lint - - build-artifacts - build-docker - - upload + - build-stub-swagger - build-mssqlmigratorutility - self-host-build - trigger-k8s-deploy + - trigger-ee-updates + - trigger-ephemeral-environment-sync steps: - name: Check if any job failed if: |