nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

[DEVOPS-1211] Push docker only to bitwardenprod ACR (#2695)

Browse Source 
* Push docker only to prod ACR

* Remove matrix in container registry purge
This commit is contained in:
Michał Chęciński 2023-02-15 11:45:46 +01:00 committed by GitHub
parent 8138db396b
commit b44ff27d3a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 31 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/build-self-host.yml vendored
View File

@ -45,7 +45,7 @@ jobs:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
- name: Login to Azure ACR
run: az acr login -n bitwardenqa
run: az acr login -n bitwardenprod
- name: Login to Azure - Prod Subscription
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
@ -108,9 +108,9 @@ jobs:
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
run: |
if [ "$IMAGE_TAG" = "dev" ] || [ "$IMAGE_TAG" = "beta" ]; then
echo "tags=bitwardenqa.azurecr.io/self-host:${IMAGE_TAG},bitwarden/self-host:${IMAGE_TAG}" >> $GITHUB_OUTPUT
echo "tags=bitwardenprod.azurecr.io/self-host:${IMAGE_TAG},bitwarden/self-host:${IMAGE_TAG}" >> $GITHUB_OUTPUT
else
echo "tags=bitwardenqa.azurecr.io/self-host:${IMAGE_TAG}" >> $GITHUB_OUTPUT
echo "tags=bitwardenprod.azurecr.io/self-host:${IMAGE_TAG}" >> $GITHUB_OUTPUT
fi
- name: Build Docker image

53
.github/workflows/build.yml vendored
View File

@ -191,65 +191,65 @@ jobs:
include:
- project_name: Admin
base_path: ./src
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
dotnet: true
- project_name: Api
base_path: ./src
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
dotnet: true
- project_name: Attachments
base_path: ./util
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
- project_name: Events
base_path: ./src
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
dotnet: true
- project_name: EventsProcessor
base_path: ./src
docker_repos: [bitwardenqa.azurecr.io]
docker_repos: [bitwardenprod.azurecr.io]
dotnet: true
- project_name: Icons
base_path: ./src
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
dotnet: true
- project_name: Identity
base_path: ./src
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
dotnet: true
- project_name: MsSql
base_path: ./util
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
- project_name: Nginx
base_path: ./util
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
- project_name: Notifications
base_path: ./src
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
dotnet: true
- project_name: Server
base_path: ./util
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
dotnet: true
- project_name: Setup
base_path: ./util
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
dotnet: true
- project_name: Sso
base_path: ./bitwarden_license/src
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
dotnet: true
- project_name: Scim
base_path: ./bitwarden_license/src
docker_repos: [bitwarden, bitwardenqa.azurecr.io]
docker_repos: [bitwarden, bitwardenprod.azurecr.io]
dotnet: true
- project_name: Billing
base_path: ./src
docker_repos: [bitwardenqa.azurecr.io]
docker_repos: [bitwardenprod.azurecr.io]
dotnet: true
steps:
- name: Checkout repo
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
- name: Set up image tag
run: |
IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name
@ -285,27 +285,6 @@ jobs:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
run: docker build -t $PROJECT_NAME ${{ matrix.base_path }}/${{ matrix.project_name }}
########## QA ACR ##########
- name: Login to Azure - QA Subscription
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
with:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
- name: Login to QA ACR
run: az acr login -n bitwardenqa
- name: Tag and push image to QA ACR
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenqa.azurecr.io
run: |
docker tag $PROJECT_NAME \
$REGISTRY/$PROJECT_NAME:${{ env.IMAGE_TAG }}
docker push $REGISTRY/$PROJECT_NAME:${{ env.IMAGE_TAG }}
- name: Log out of Docker
run: docker logout
########## PROD ACR ##########
- name: Login to Azure - PROD Subscription
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf

8
.github/workflows/cleanup-after-pr.yml vendored
View File

@ -14,18 +14,18 @@ jobs:
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
########## ACR ##########
- name: Login to Azure - QA Subscription
- name: Login to Azure - PROD Subscription
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to Azure ACR
run: az acr login -n bitwardenqa
run: az acr login -n bitwardenprod
########## Remove Docker images ##########
- name: Remove the docker image from ACR
env:
REGISTRY_NAME: bitwardenqa
REGISTRY_NAME: bitwardenprod
SERVICES: |
services:
- Admin

15
.github/workflows/container-registry-purge.yml vendored
View File

@ -11,28 +11,15 @@ jobs:
purge:
name: Purge old images
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
include:
- name: bitwardenqa
- name: bitwardenprod
steps:
- name: Login to Azure
if: matrix.name == 'bitwardenprod'
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to Azure
if: matrix.name == 'bitwardenqa'
uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
with:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
- name: Purge images
env:
REGISTRY: ${{ matrix.name }}
REGISTRY: bitwardenprod
AGO_DUR_VER: "180d"
AGO_DUR: "30d"
run: |

64
.github/workflows/release.yml vendored
View File

@ -188,7 +188,7 @@ jobs:
origin_docker_repo: bitwarden
- project_name: EventsProcessor
prod_acr: true
origin_docker_repo: bitwardenqa.azurecr.io
origin_docker_repo: bitwardenprod.azurecr.io
- project_name: Icons
origin_docker_repo: bitwarden
prod_acr: true
@ -209,7 +209,7 @@ jobs:
- project_name: Scim
origin_docker_repo: bitwarden
- project_name: Billing
origin_docker_repo: bitwardenqa.azurecr.io
origin_docker_repo: bitwardenprod.azurecr.io
steps:
- name: Print environment
env:
@ -277,31 +277,19 @@ jobs:
docker logout
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
########## ACR QA ##########
- name: Login to Azure - QA Subscription
########## ACR PROD ##########
- name: Login to Azure - PROD Subscription
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to Azure ACR
run: az acr login -n bitwardenqa
- name: Pull latest project image
if: matrix.origin_docker_repo == 'bitwardenqa.azurecr.io'
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenqa.azurecr.io
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker pull $REGISTRY/$PROJECT_NAME:latest
else
docker pull $REGISTRY/$PROJECT_NAME:$_BRANCH_NAME
fi
run: az acr login -n bitwardenprod
- name: Tag version and latest
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenqa.azurecr.io
REGISTRY: bitwardenprod.azurecr.io
ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }}
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
@ -313,43 +301,6 @@ jobs:
- name: Push version and latest image
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenqa.azurecr.io
run: |
docker push $REGISTRY/$PROJECT_NAME:latest
docker push $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
- name: Log out of Docker
run: docker logout
########## ACR PROD ##########
- name: Login to Azure - PROD Subscription
if: matrix.prod_acr == true
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to Azure ACR
if: matrix.prod_acr == true
run: az acr login -n bitwardenprod
- name: Tag version and latest
if: matrix.prod_acr == true
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenprod.azurecr.io
ORIGIN_REGISTRY: ${{ matrix.origin_docker_repo }}
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:latest $REGISTRY/$PROJECT_NAME:dryrun
else
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:$_RELEASE_VERSION
docker tag $ORIGIN_REGISTRY/$PROJECT_NAME:$_BRANCH_NAME $REGISTRY/$PROJECT_NAME:latest
fi
- name: Push version and latest image
if: ${{ github.event.inputs.release_type != 'Dry Run' && matrix.prod_acr == true }}
env:
PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
REGISTRY: bitwardenprod.azurecr.io
@ -358,7 +309,6 @@ jobs:
docker push $REGISTRY/$PROJECT_NAME:latest
- name: Log out of Docker
if: matrix.prod_acr == true
run: docker logout
release: