diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bdfa12591d..faac75146f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -34,101 +34,10 @@ jobs: - name: Verify format run: dotnet format --verify-no-changes - build-artifacts: - name: Build artifacts - runs-on: ubuntu-22.04 - needs: lint - strategy: - fail-fast: false - matrix: - include: - - project_name: Admin - base_path: ./src - node: true - - project_name: Api - base_path: ./src - - project_name: Billing - base_path: ./src - - project_name: Events - base_path: ./src - - project_name: EventsProcessor - base_path: ./src - - project_name: Icons - base_path: ./src - - project_name: Identity - base_path: ./src - - project_name: MsSqlMigratorUtility - base_path: ./util - dotnet: true - - project_name: Notifications - base_path: ./src - - project_name: Scim - base_path: ./bitwarden_license/src - dotnet: true - - project_name: Server - base_path: ./util - - project_name: Setup - base_path: ./util - - project_name: Sso - base_path: ./bitwarden_license/src - node: true - steps: - - name: Check out repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: Set up .NET - uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 - - - name: Set up Node - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 - with: - cache: "npm" - cache-dependency-path: "**/package-lock.json" - node-version: "16" - - - name: Print environment - run: | - whoami - dotnet --info - node --version - npm --version - echo "GitHub ref: $GITHUB_REF" - echo "GitHub event: $GITHUB_EVENT" - - - name: Build node - if: ${{ matrix.node }} - working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }} - run: | - npm ci - npm run build - - - name: Publish project - working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }} - run: | - echo "Publish" - dotnet publish -c "Release" -o obj/build-output/publish - - cd obj/build-output/publish - zip -r ${{ matrix.project_name }}.zip . - mv ${{ matrix.project_name }}.zip ../../../ - - pwd - ls -atlh ../../../ - - - name: Upload project artifact - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - with: - name: ${{ matrix.project_name }}.zip - path: ${{ matrix.base_path }}/${{ matrix.project_name }}/${{ matrix.project_name }}.zip - if-no-files-found: error - build-docker: name: Build Docker images runs-on: ubuntu-22.04 - needs: - - build-artifacts + needs: lint permissions: id-token: write security-events: write @@ -197,6 +106,13 @@ jobs: echo "is_publish_branch=false" >> $GITHUB_ENV fi + ########## Set up Docker ########## + - name: Set up QEMU emulators + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + ########## ACRs ########## - name: Log in to Azure - production subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 @@ -206,25 +122,6 @@ jobs: - name: Log in to ACR - production subscription run: az acr login -n bitwardenprod - - name: Log in to Azure - CI subscription - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve GitHub PAT secrets - id: retrieve-secret-pat - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "github-pat-bitwarden-devops-bot-repo-scope" - - ########## Set up Docker ########## - - name: Set up QEMU emulators - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - ########## Generate image tag and build Docker image ########## - name: Generate Docker image tag id: tag @@ -235,6 +132,13 @@ jobs: IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") fi + if [[ "$IMAGE_TAG" == "main" ]]; then + IMAGE_TAG=dev + fi + + echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT + echo "### :mega: Docker Image Tag: $IMAGE_TAG" >> $GITHUB_STEP_SUMMARY + - name: Set up project name id: setup run: | @@ -258,25 +162,18 @@ jobs: fi echo "tags=$TAGS" >> $GITHUB_OUTPUT - - name: Get build artifact - if: ${{ matrix.dotnet }} - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: ${{ matrix.project_name }}.zip - - - name: Set up build artifact - if: ${{ matrix.dotnet }} - run: | - mkdir -p ${{ matrix.base_path}}/${{ matrix.project_name }}/obj/build-output/publish - unzip ${{ matrix.project_name }}.zip \ - -d ${{ matrix.base_path }}/${{ matrix.project_name }}/obj/build-output/publish + - name: Generate image full name + id: cache-name + env: + PROJECT_NAME: ${{ steps.setup.outputs.project_name }} + run: echo "name=${_AZ_REGISTRY}/${PROJECT_NAME}:buildcache" >> $GITHUB_OUTPUT - name: Build Docker image id: build-docker uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: - # cache-from: type=registry,ref=${{ steps.cache-name.outputs.name }} - # cache-to: type=registry,ref=${{ steps.cache-name.outputs.name}},mode=max + cache-from: type=registry,ref=${{ steps.cache-name.outputs.name }} + cache-to: type=registry,ref=${{ steps.cache-name.outputs.name}},mode=max context: . file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile platforms: | @@ -560,8 +457,7 @@ jobs: github.event_name != 'pull_request_target' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc') runs-on: ubuntu-22.04 - needs: - - build-docker + needs: build-docker steps: - name: Log in to Azure - CI subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 @@ -594,8 +490,7 @@ jobs: name: Trigger k8s deploy if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main' runs-on: ubuntu-22.04 - needs: - - build-docker + needs: build-docker steps: - name: Log in to Azure - CI subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 @@ -631,8 +526,7 @@ jobs: github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'ephemeral-environment') runs-on: ubuntu-24.04 - needs: - - build-docker + needs: build-docker steps: - name: Log in to Azure - CI subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 @@ -683,9 +577,12 @@ jobs: needs: - lint - build-docker + - build-stub-swagger - build-mssqlmigratorutility - self-host-build - trigger-k8s-deploy + - trigger-ee-updates + - trigger-ephemeral-environment-sync steps: - name: Check if any job failed if: | diff --git a/justfile b/justfile deleted file mode 100644 index d523d41482..0000000000 --- a/justfile +++ /dev/null @@ -1,30 +0,0 @@ -default: - @just --list - -all: lint test build upload - -lint: - dotnet format --verify-no-changes - -test: - echo "Testing..." - -build: - # Login to ACR - az acr login -n bitwardenprod.azurecr.io - if `grep "pull"` <<< "${GITHUB_REF}"; then - IMAGE_TAG := `echo "${GITHUB_HEAD_REF}" | sed "s#/#-#g"` - else - IMAGE_TAG := `echo "${GITHUB_REF:11}" | sed "s#/#-#g"` - fi - - if "${IMAGE_TAG}" == "main"; then - IMAGE_TAG := dev - fi - - echo ${PROJECT_NAME} - PROJECT_NAME := `echo "$PROJECT_NAME" | awk '{print tolower($0)}'` - echo ${PROJECT_NAME} - -upload: - echo "Uploading..."