nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-04 20:50:21 -05:00
Code

Feature/feature branch docker images (#1824)

Browse Source 
* enabling ACR images for feature branches

* fixing typo in docker tag name

* Adding a workflow that cleans up the docker images from a branch when it gets merged in.

* Updating job name

* Fixing trigger syntax issue

* adding a manual trigger

* Removing the copy + paste mistake

* Adding non-tty confirmation for the deletion of the image

* Un-paralellizing workflow

* fixing the yq options

* trying a different way to get the var data

* trying with quotes

* trying it for real

* adding in a message and testing deleting a tag that doesn't exist

* handling the case where the tag doesn't exist

* fixing a typo

* logging some vaules to try to get some answers

* trying a different way of passing the var into jq

* final cleanup and test

* fixing linting issues

* normalizing the ACR and Dockerhub pushes

* removing the manual trigger after done testing

* Update .github/workflows/build.yml

removing missed an added whitespace

Co-authored-by: Micaiah Martin <77340197+mimartin12@users.noreply.github.com>

* fixing the EventsProcessor docker repo issue

* switching repos for EventsProcessor

Co-authored-by: Micaiah Martin <77340197+mimartin12@users.noreply.github.com>
This commit is contained in:
Joseph Flinn 2022-01-24 11:12:37 -08:00 committed by GitHub
parent a9a5417350
commit 41f3e27ace
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 142 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

186
.github/workflows/build.yml vendored
View File

@ -190,91 +190,61 @@ jobs:
include:
- service_name: Admin
base_path: ./src
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
dotnet: true
- service_name: Api
base_path: ./src
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
dotnet: true
- service_name: Attachments
base_path: ./util
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
- service_name: Events
base_path: ./src
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
dotnet: true
- service_name: EventsProcessor
base_path: ./src
docker_repo: bitwardenqa.azurecr.io
docker_repos: [bitwardenqa.azurecr.io]
dotnet: true
- service_name: Icons
base_path: ./src
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
dotnet: true
- service_name: Identity
base_path: ./src
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
dotnet: true
- service_name: K8S-Proxy
base_path: ./util
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
- service_name: MsSql
base_path: ./util
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
- service_name: Nginx
base_path: ./util
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
- service_name: Notifications
base_path: ./src
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
dotnet: true
- service_name: Server
base_path: ./util
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
dotnet: true
- service_name: Setup
base_path: ./util
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
dotnet: true
- service_name: Sso
base_path: ./bitwarden_license/src
docker_repo: bitwarden
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
dotnet: true
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Login to Azure - Prod Subscription
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
with:
keyvault: "bitwarden-prod-kv"
secrets: "docker-password,
docker-username,
dct-delegate-2-repo-passphrase,
dct-delegate-2-key"
- name: Log into Docker
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix'
env:
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
- name: Setup Docker Trust
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix'
env:
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
run: |
mkdir -p ~/.docker/trust/private
echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
########## Build Docker Image ##########
- name: Setup service name
id: setup
run: |
@ -306,43 +276,7 @@ jobs:
${{ matrix.base_path }}/${{ matrix.service_name }}
fi
- name: Docker Trust setup
if: |
matrix.docker_repo == 'bitwarden'
&& (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix')
env:
DCT_REPO_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
run: |
echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$DCT_REPO_PASSPHRASE" >> $GITHUB_ENV
- name: Tag and Push RC to Docker Hub
if: (github.ref == 'refs/heads/rc' && matrix.docker_repo == 'bitwarden')
run: |
docker tag ${{ steps.setup.outputs.service_name }} \
${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc
docker push ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc
- name: Tag and Push Hotfix to Docker Hub
if: (github.ref == 'refs/heads/hotfix' && matrix.docker_repo == 'bitwarden')
run: |
docker tag ${{ steps.setup.outputs.service_name }} \
${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:hotfix
docker push ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:hotfix
- name: Tag and Push Dev to Docker Hub
if: (github.ref == 'refs/heads/master' && matrix.docker_repo == 'bitwarden')
run: |
docker tag ${{ steps.setup.outputs.service_name }} \
${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev
docker push ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev
- name: Log out of Docker and disable Docker Notary
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix'
run: |
docker logout
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
########## ACR ##########
- name: Login to Azure - QA Subscription
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
@ -352,31 +286,87 @@ jobs:
run: az acr login -n bitwardenqa
- name: Tag and Push RC to Azure ACR QA registry
if: github.ref == 'refs/heads/rc'
env:
REGISTRY: bitwardenqa.azurecr.io
run: |
docker tag ${{ steps.setup.outputs.service_name }} \
$REGISTRY/${{ steps.setup.outputs.service_name }}:rc
docker push $REGISTRY/${{ steps.setup.outputs.service_name }}:rc
IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name
if [[ "$IMAGE_TAG" == "master" ]]; then
IMAGE_TAG=dev
fi
- name: Tag and Push Hotfix to Azure ACR QA registry
if: github.ref == 'refs/heads/hotfix'
env:
REGISTRY: bitwardenqa.azurecr.io
run: |
docker tag ${{ steps.setup.outputs.service_name }} \
$REGISTRY/${{ steps.setup.outputs.service_name }}:hotfix
docker push $REGISTRY/${{ steps.setup.outputs.service_name }}:hotfix
$REGISTRY/${{ steps.setup.outputs.service_name }}:$IMAGE_TAG
docker push $REGISTRY/${{ steps.setup.outputs.service_name }}:$IMAGE_TAG
- name: Tag and Push Dev to Azure ACR QA registry
if: github.ref == 'refs/heads/master'
- name: Log out of Docker
run: docker logout
########## DockerHub ##########
- name: Login to Azure - Prod Subscription
if: |
contains(matrix.docker_repos, 'bitwarden')
&& (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix')
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
if: |
contains(matrix.docker_repos, 'bitwarden')
&& (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix')
id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
with:
keyvault: "bitwarden-prod-kv"
secrets: "docker-password,
docker-username,
dct-delegate-2-repo-passphrase,
dct-delegate-2-key"
- name: Log into Docker
if: |
contains(matrix.docker_repos, 'bitwarden')
&& (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix')
env:
REGISTRY: bitwardenqa.azurecr.io
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
- name: Setup Docker Trust
if: |
contains(matrix.docker_repos, 'bitwarden')
&& (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix')
env:
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
DCT_REPO_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
run: |
mkdir -p ~/.docker/trust/private
echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$DCT_REPO_PASSPHRASE" >> $GITHUB_ENV
- name: Tag and Push RC to Docker Hub
if: |
contains(matrix.docker_repos, 'bitwarden')
&& (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix')
run: |
IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name
if [[ "$IMAGE_TAG" == "master" ]]; then
IMAGE_TAG=dev
fi
docker tag ${{ steps.setup.outputs.service_name }} \
$REGISTRY/${{ steps.setup.outputs.service_name }}:dev
docker push $REGISTRY/${{ steps.setup.outputs.service_name }}:dev
$REGISTRY/${{ steps.setup.outputs.service_name }}:$IMAGE_TAG
docker push $REGISTRY/${{ steps.setup.outputs.service_name }}:$IMAGE_TAG
- name: Log out of Docker and disable Docker Notary
if: |
contains(matrix.docker_repos, 'bitwarden')
&& (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix')
run: |
docker logout
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
upload:

58
.github/workflows/cleanup-after-pr.yml vendored
View File

@ -4,13 +4,63 @@ name: Clean After PR
on:
pull_request:
types: [closed]
workflow_dispatch:
inputs: {}
jobs:
build-docker:
name: Remove feature branch docker images
runs-on: ubuntu-20.04
steps:
- name: Stub
run: echo "This is a workflow stub"
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
########## ACR ##########
- name: Login to Azure - QA Subscription
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
- name: Login to Azure ACR
run: az acr login -n bitwardenqa
########## Remove Docker images ##########
- name: Remove the docker image from ACR
env:
REGISTRY_NAME: bitwardenqa
SERVICES: |
services:
- Admin
- Api
- Attachments
- Events
- EventsProcessor
- Icons
- Identity
- K8S-Proxy
- MsSql
- Nginx
- Notifications
- Server
- Setup
- Sso
run: |
for SERVICE in $(echo "${{ env.SERVICES }}" | yq e ".services[]" - )
do
SERVICE_NAME=$(echo $SERVICE | awk '{print tolower($0)}')
IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name
echo "[*] Checking if remote exists: $REGISTRY_NAME.azurecr.io/$SERVICE_NAME:$IMAGE_TAG"
TAG_EXISTS=$(
az acr repository show-tags --name $REGISTRY_NAME --repository $SERVICE_NAME \
| jq --arg $TAG "$IMAGE_TAG" -e '. | any(. == "$TAG")'
)
if [[ "$TAG_EXISTS" == "true" ]]; then
echo "[*] Tag exists. Removing tag"
az acr repository delete --name $REGISTRY_NAME --image $SERVICE_NAME:$IMAGE_TAG --yes
else
echo "[*] Tag does not exist. No action needed"
fi
done
- name: Log out of Docker
run: docker logout