diff --git a/.github/workflows/_move_finalization_db_scripts.yml b/.github/workflows/_move_finalization_db_scripts.yml index 5e3ea0d250..0b1d18797e 100644 --- a/.github/workflows/_move_finalization_db_scripts.yml +++ b/.github/workflows/_move_finalization_db_scripts.yml @@ -1,7 +1,6 @@ --- - name: _move_finalization_db_scripts -run-name: Move finalization db scripts +run-name: Move finalization database scripts on: workflow_call: @@ -11,7 +10,6 @@ permissions: contents: write jobs: - setup: name: Setup runs-on: ubuntu-22.04 @@ -19,7 +17,7 @@ jobs: migration_filename_prefix: ${{ steps.prefix.outputs.prefix }} copy_finalization_scripts: ${{ steps.check-finalization-scripts-existence.outputs.copy_finalization_scripts }} steps: - - name: Login to Azure + - name: Log in to Azure uses: Azure/login@de95379fe4dadc2defb305917eaa7e5dde727294 # v1.5.1 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -31,7 +29,7 @@ jobs: keyvault: "bitwarden-ci" secrets: "github-pat-bitwarden-devops-bot-repo-scope" - - name: Checkout Branch + - name: Check out branch uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} @@ -40,7 +38,7 @@ jobs: id: prefix run: echo "prefix=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT - - name: Check if any files in db finalization + - name: Check if any files in DB finalization directory id: check-finalization-scripts-existence run: | if [ -f util/Migrator/DbScripts_finalization/* ]; then @@ -50,7 +48,7 @@ jobs: fi move-finalization-db-scripts: - name: Move finalization db scripts + name: Move finalization database scripts runs-on: ubuntu-22.04 needs: setup if: ${{ needs.setup.outputs.copy_finalization_scripts == 'true' }} @@ -95,12 +93,12 @@ jobs: done echo "moved_files=$moved_files" >> $GITHUB_OUTPUT - - name: Login to Azure - Prod Subscription + - name: Log in to Azure - production subscription uses: Azure/login@de95379fe4dadc2defb305917eaa7e5dde727294 # v1.5.1 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - name: Retrieve Secrets + - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: @@ -140,7 +138,7 @@ jobs: BRANCH: ${{ steps.branch_name.outputs.branch_name }} GH_TOKEN: ${{ github.token }} MOVED_FILES: ${{ steps.move-files.outputs.moved_files }} - TITLE: "Move finalization db scripts" + TITLE: "Move finalization database scripts" run: | PR_URL=$(gh pr create --title "$TITLE" \ --base "main" \ diff --git a/.github/workflows/automatic-issue-responses.yml b/.github/workflows/automatic-issue-responses.yml index cfe999c80b..21c65e1938 100644 --- a/.github/workflows/automatic-issue-responses.yml +++ b/.github/workflows/automatic-issue-responses.yml @@ -6,8 +6,8 @@ on: - labeled jobs: close-issue: - name: 'Close issue with automatic response' - runs-on: ubuntu-20.04 + name: Close issue with automatic response + runs-on: ubuntu-22.04 permissions: issues: write steps: @@ -24,7 +24,7 @@ jobs: This issue will now be closed. Thanks! # Intended behavior - if: github.event.label.name == 'intended-behavior' - name: Intended behaviour + name: Intended behavior uses: peter-evans/close-issue@1373cadf1f0c96c1420bc000cfba2273ea307fd1 # v2.2.0 with: comment: | diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 96061b128e..5ecb3915ce 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,23 +2,23 @@ name: Build on: - push: - branches-ignore: - - "l10n_master" - - "gh-pages" - paths-ignore: - - ".github/workflows/**" workflow_dispatch: + push: + branches: + - "main" + - "rc" + - "hotfix-rc" + pull_request: env: _AZ_REGISTRY: "bitwardenprod.azurecr.io" jobs: cloc: - name: CLOC + name: Count lines of code runs-on: ubuntu-22.04 steps: - - name: Checkout repo + - name: Check out repo uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Install cloc @@ -33,62 +33,19 @@ jobs: name: Lint runs-on: ubuntu-22.04 steps: - - name: Checkout repo + - name: Check out repo uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - - name: Set up dotnet + - name: Set up .NET uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 - - name: Verify Format + - name: Verify format run: dotnet format --verify-no-changes - testing: - name: Testing - runs-on: ubuntu-22.04 - env: - NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages - steps: - - name: Checkout repo - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - - - name: Set up dotnet - uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 - - - name: Print environment - run: | - dotnet --info - nuget help | grep Version - echo "GitHub ref: $GITHUB_REF" - echo "GitHub event: $GITHUB_EVENT" - - - name: Remove SQL proj - run: dotnet sln bitwarden-server.sln remove src/Sql/Sql.sqlproj - - - name: Test OSS solution - run: dotnet test ./test --configuration Release --logger "trx;LogFileName=oss-test-results.trx" /p:CoverletOutputFormatter="cobertura" --collect:"XPlat Code Coverage" - - - name: Test Bitwarden solution - run: dotnet test ./bitwarden_license/test --configuration Release --logger "trx;LogFileName=bw-test-results.trx" /p:CoverletOutputFormatter="cobertura" --collect:"XPlat Code Coverage" - - - name: Report test results - uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0 - if: always() - with: - name: Test Results - path: "**/*-test-results.trx" - reporter: dotnet-trx - fail-on-error: true - - - name: Upload to codecov.io - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - build-artifacts: name: Build artifacts runs-on: ubuntu-22.04 needs: - - testing - lint strategy: fail-fast: false @@ -125,10 +82,10 @@ jobs: base_path: ./bitwarden_license/src node: true steps: - - name: Checkout repo + - name: Check out repo uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - - name: Set up dotnet + - name: Set up .NET uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 - name: Set up Node @@ -228,7 +185,7 @@ jobs: base_path: ./bitwarden_license/src dotnet: true steps: - - name: Checkout repo + - name: Check out repo uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Check Branch to Publish @@ -245,7 +202,7 @@ jobs: fi ########## ACRs ########## - - name: Login to Azure - PROD Subscription + - name: Log in to Azure - production subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} @@ -253,7 +210,7 @@ jobs: - name: Login to PROD ACR run: az acr login -n bitwardenprod - - name: Login to Azure - CI Subscription + - name: Log in to Azure - CI subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -275,7 +232,7 @@ jobs: fi echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT - - name: Setup project name + - name: Set up project name id: setup run: | PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}') @@ -303,7 +260,7 @@ jobs: with: name: ${{ matrix.project_name }}.zip - - name: Setup build artifact + - name: Set up build artifact if: ${{ matrix.dotnet }} run: | mkdir -p ${{ matrix.base_path}}/${{ matrix.project_name }}/obj/build-output/publish @@ -326,13 +283,13 @@ jobs: runs-on: ubuntu-22.04 needs: build-docker steps: - - name: Checkout repo + - name: Check out repo uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - - name: Set up dotnet + - name: Set up .NET uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 - - name: Login to Azure - PROD Subscription + - name: Log in to Azure - production subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} @@ -445,7 +402,7 @@ jobs: if-no-files-found: error build-mssqlmigratorutility: - name: Build MsSqlMigratorUtility + name: Build MSSQL migrator utility runs-on: ubuntu-22.04 needs: lint defaults: @@ -460,10 +417,10 @@ jobs: - linux-x64 - win-x64 steps: - - name: Checkout repo + - name: Check out repo uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - - name: Set up dotnet + - name: Set up .NET uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 - name: Print environment @@ -478,7 +435,7 @@ jobs: dotnet publish -c "Release" -o obj/build-output/publish -r ${{ matrix.target }} -p:PublishSingleFile=true \ -p:IncludeNativeLibrariesForSelfExtract=true --self-contained true - - name: Upload project artifact Windows + - name: Upload project artifact for Windows if: ${{ contains(matrix.target, 'win') == true }} uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: @@ -499,7 +456,7 @@ jobs: runs-on: ubuntu-22.04 needs: build-docker steps: - - name: Login to Azure - CI Subscription + - name: Log in to Azure - CI subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -532,7 +489,7 @@ jobs: runs-on: ubuntu-22.04 needs: build-docker steps: - - name: Login to Azure - CI Subscription + - name: Log in to Azure - CI subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -567,7 +524,6 @@ jobs: needs: - cloc - lint - - testing - build-artifacts - build-docker - upload @@ -611,7 +567,7 @@ jobs: exit 1 fi - - name: Login to Azure - CI subscription + - name: Log in to Azure - CI subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 if: failure() with: diff --git a/.github/workflows/cleanup-after-pr.yml b/.github/workflows/cleanup-after-pr.yml index ac8a1b624e..c61d509b1c 100644 --- a/.github/workflows/cleanup-after-pr.yml +++ b/.github/workflows/cleanup-after-pr.yml @@ -1,5 +1,5 @@ --- -name: Clean After PR +name: Container registry cleanup on: pull_request: @@ -7,31 +7,31 @@ on: jobs: build-docker: - name: Remove feature branch docker images - runs-on: ubuntu-20.04 + name: Remove branch-specific Docker images + runs-on: ubuntu-22.04 steps: - - name: Checkout repo + - name: Check out repo uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 ########## ACR ########## - - name: Login to Azure - QA Subscription + - name: Log in to Azure - QA Subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} - - name: Login to Azure ACR + - name: Log in to Azure ACR run: az acr login -n bitwardenqa - - name: Login to Azure - PROD Subscription + - name: Log in to Azure - production subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - name: Login to Azure ACR + - name: Log in to Azure ACR run: az acr login -n bitwardenprod ########## Remove Docker images ########## - - name: Remove the docker image from ACR + - name: Remove the Docker image from ACR env: REGISTRIES: | registries: diff --git a/.github/workflows/container-registry-purge.yml b/.github/workflows/container-registry-purge.yml index f9999e8dc8..4b61e59125 100644 --- a/.github/workflows/container-registry-purge.yml +++ b/.github/workflows/container-registry-purge.yml @@ -1,18 +1,18 @@ --- -name: Container Registry Purge +name: Container registry purge on: schedule: - - cron: '0 0 * * SUN' + - cron: "0 0 * * SUN" workflow_dispatch: inputs: {} jobs: purge: name: Purge old images - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - - name: Login to Azure + - name: Log in to Azure uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} @@ -68,7 +68,7 @@ jobs: check-failures: name: Check for failures if: always() - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 needs: - purge steps: @@ -84,7 +84,7 @@ jobs: exit 1 fi - - name: Login to Azure - CI subscription + - name: Log in to Azure - CI subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 if: failure() with: diff --git a/.github/workflows/database.yml b/.github/workflows/database.yml deleted file mode 100644 index 2527440abd..0000000000 --- a/.github/workflows/database.yml +++ /dev/null @@ -1,95 +0,0 @@ ---- -name: Validate Database - -on: - pull_request: - branches-ignore: - - 'l10n_master' - - 'gh-pages' - paths: - - 'src/Sql/**' - - 'util/Migrator/**' - push: - branches: - - 'main' - - 'rc' - paths: - - 'src/Sql/**' - - 'util/Migrator/**' - workflow_dispatch: - inputs: {} - -jobs: - validate: - name: Validate - runs-on: ubuntu-22.04 - steps: - - name: Checkout repo - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - - - name: Set up dotnet - uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 - with: - dotnet-version: '6.0.x' - - - name: Print environment - run: | - dotnet --info - nuget help | grep Version - echo "GitHub ref: $GITHUB_REF" - echo "GitHub event: $GITHUB_EVENT" - - - name: Build DACPAC - run: dotnet build src/Sql --configuration Release --verbosity minimal --output . - shell: pwsh - - - name: Upload DACPAC - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - name: sql.dacpac - path: Sql.dacpac - - - name: Docker Compose up - working-directory: "dev" - run: | - cp .env.example .env - docker compose --profile mssql up -d - shell: pwsh - - - name: Migrate - working-directory: "dev" - run: "pwsh ./migrate.ps1" - shell: pwsh - - - name: Diff sqlproj to migrations - run: /usr/local/sqlpackage/sqlpackage /action:DeployReport /SourceFile:"Sql.dacpac" /TargetConnectionString:"Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True;" /OutputPath:"report.xml" /p:IgnoreColumnOrder=True /p:IgnoreComments=True - shell: pwsh - - - name: Generate SQL file - run: /usr/local/sqlpackage/sqlpackage /action:Script /SourceFile:"Sql.dacpac" /TargetConnectionString:"Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True;" /OutputPath:"diff.sql" /p:IgnoreColumnOrder=True /p:IgnoreComments=True - shell: pwsh - - - name: Upload Report - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - name: report.xml - path: | - report.xml - diff.sql - - - name: Validate XML - run: | - if grep -q "" "report.xml"; then - echo - echo "Migrations are out of sync with sqlproj!" - exit 1 - else - echo "Report looks good" - fi - shell: bash - - - name: Docker compose down - if: ${{ always() }} - working-directory: "dev" - run: docker compose down - shell: pwsh diff --git a/.github/workflows/enforce-labels.yml b/.github/workflows/enforce-labels.yml index eff371fbb3..160ee15b96 100644 --- a/.github/workflows/enforce-labels.yml +++ b/.github/workflows/enforce-labels.yml @@ -2,15 +2,18 @@ name: Enforce PR labels on: + workflow_call: pull_request: - types: [labeled, unlabeled, opened, edited, synchronize] - + types: [labeled, unlabeled, opened, reopened, synchronize] jobs: enforce-label: - name: EnforceLabel - runs-on: ubuntu-20.04 + if: ${{ contains(github.event.*.labels.*.name, 'hold') || contains(github.event.*.labels.*.name, 'needs-qa') || contains(github.event.*.labels.*.name, 'DB-migrations-changed') }} + name: Enforce label + runs-on: ubuntu-22.04 + steps: - - name: Enforce Label - uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024 # 2.2.2 - with: - BANNED_LABELS: "hold,DB-migrations-changed,needs-qa" + - name: Check for label + run: | + echo "PRs with the hold or needs-qa labels cannot be merged" + echo "### :x: PRs with the hold or needs-qa labels cannot be merged" >> $GITHUB_STEP_SUMMARY + exit 1 diff --git a/.github/workflows/infrastructure-tests.yml b/.github/workflows/infrastructure-tests.yml deleted file mode 100644 index 1e17203bf9..0000000000 --- a/.github/workflows/infrastructure-tests.yml +++ /dev/null @@ -1,117 +0,0 @@ ---- -name: Run Database Infrastructure Tests -on: - pull_request: - branches-ignore: - - 'l10n_master' - - 'gh-pages' - paths: - - '.github/workflows/infrastructure-tests.yml' # This file - - 'src/Sql/**' # SQL Server Database Changes - - 'util/Migrator/**' # New SQL Server Migrations - - 'util/MySqlMigrations/**' # Changes to MySQL - - 'util/PostgresMigrations/**' # Changes to Postgres - - 'util/SqliteMigrations/**' # Changes to Sqlite - - 'src/Infrastructure.Dapper/**' # Changes to SQL Server Dapper Repository Layer - - 'src/Infrastructure.EntityFramework/**' # Changes to Entity Framework Repository Layer - - 'test/Infrastructure.IntegrationTest/**' # Any changes to the tests - push: - branches: - - 'main' - - 'rc' - paths: - - '.github/workflows/infrastructure-tests.yml' # This file - - 'src/Sql/**' # SQL Server Database Changes - - 'util/Migrator/**' # New SQL Server Migrations - - 'util/MySqlMigrations/**' # Changes to MySQL - - 'util/PostgresMigrations/**' # Changes to Postgres - - 'util/SqliteMigrations/**' # Changes to Sqlite - - 'src/Infrastructure.Dapper/**' # Changes to SQL Server Dapper Repository Layer - - 'src/Infrastructure.EntityFramework/**' # Changes to Entity Framework Repository Layer - - 'test/Infrastructure.IntegrationTest/**' # Any changes to the tests - workflow_dispatch: - inputs: {} - -jobs: - test: - name: 'Run Infrastructure.IntegrationTest' - runs-on: ubuntu-22.04 - steps: - - name: Checkout repo - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - - - name: Set up dotnet - uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 - with: - dotnet-version: '6.0.x' - - - name: Restore Tools - run: dotnet tool restore - - - name: Compose Databases - working-directory: 'dev' - # We could think about not using profiles and pulling images directly to cover multiple versions - run: | - cp .env.example .env - docker compose --profile mssql --profile postgres --profile mysql up -d - shell: pwsh - - # I've seen the SQL Server container not be ready for commands right after starting up and just needing a bit longer to be ready - - name: Sleep - run: sleep 15s - - - name: Migrate SQL Server - working-directory: 'dev' - run: "pwsh ./migrate.ps1" - shell: pwsh - - - name: Migrate MySQL - working-directory: 'util/MySqlMigrations' - run: 'dotnet ef database update --connection "$CONN_STR" -- --GlobalSettings:MySql:ConnectionString="$CONN_STR"' - env: - CONN_STR: "server=localhost;uid=root;pwd=SET_A_PASSWORD_HERE_123;database=vault_dev;Allow User Variables=true" - - - name: Migrate Postgres - working-directory: 'util/PostgresMigrations' - run: 'dotnet ef database update --connection "$CONN_STR" -- --GlobalSettings:PostgreSql:ConnectionString="$CONN_STR"' - env: - CONN_STR: "Host=localhost;Username=postgres;Password=SET_A_PASSWORD_HERE_123;Database=vault_dev" - - - name: Migrate Sqlite - working-directory: 'util/SqliteMigrations' - run: 'dotnet ef database update --connection "$CONN_STR" -- --GlobalSettings:Sqlite:ConnectionString="$CONN_STR"' - env: - CONN_STR: "Data Source=${{ runner.temp }}/test.db" - - - name: Run Tests - working-directory: 'test/Infrastructure.IntegrationTest' - env: - # Default Postgres: - BW_TEST_DATABASES__0__TYPE: "Postgres" - BW_TEST_DATABASES__0__CONNECTIONSTRING: "Host=localhost;Username=postgres;Password=SET_A_PASSWORD_HERE_123;Database=vault_dev" - # Default MySql - BW_TEST_DATABASES__1__TYPE: "MySql" - BW_TEST_DATABASES__1__CONNECTIONSTRING: "server=localhost;uid=root;pwd=SET_A_PASSWORD_HERE_123;database=vault_dev" - # Default Dapper SqlServer - BW_TEST_DATABASES__2__TYPE: "SqlServer" - BW_TEST_DATABASES__2__CONNECTIONSTRING: "Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True;" - # Default Sqlite - BW_TEST_DATABASES__3__TYPE: "Sqlite" - BW_TEST_DATABASES__3__CONNECTIONSTRING: "Data Source=${{ runner.temp }}/test.db" - run: dotnet test --logger "trx;LogFileName=infrastructure-test-results.trx" - shell: pwsh - - - name: Report test results - uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0 - if: always() - with: - name: Test Results - path: "**/*-test-results.trx" - reporter: dotnet-trx - fail-on-error: true - - - name: Docker compose down - if: always() - working-directory: "dev" - run: docker compose down - shell: pwsh diff --git a/.github/workflows/protect-files.yml b/.github/workflows/protect-files.yml index df595e900c..dea02dd917 100644 --- a/.github/workflows/protect-files.yml +++ b/.github/workflows/protect-files.yml @@ -2,8 +2,7 @@ # Starts a matrix job to check for modified files, then sets output based on the results. # The input decides if the label job is ran, adding a label to the PR. --- - -name: Protect Files +name: Protect files on: pull_request: @@ -17,7 +16,7 @@ on: jobs: changed-files: name: Check for file changes - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 outputs: changes: ${{steps.check-changes.outputs.changes_detected}} @@ -29,7 +28,7 @@ jobs: path: util/Migrator/DbScripts label: "DB-migrations-changed" steps: - - name: Checkout repo + - name: Check out repo uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: fetch-depth: 2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9839641d26..e4c238755a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ on: - Dry Run env: - _AZ_REGISTRY: 'bitwardenprod.azurecr.io' + _AZ_REGISTRY: "bitwardenprod.azurecr.io" jobs: setup: @@ -36,10 +36,10 @@ jobs: exit 1 fi - - name: Checkout repo + - name: Check out repo uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - - name: Check Release Version + - name: Check release version id: version uses: bitwarden/gh-actions/release-version-check@main with: @@ -87,7 +87,7 @@ jobs: task: "deploy" description: "Deploy from ${{ needs.setup.outputs.branch-name }} branch" - - name: Download latest Release ${{ matrix.name }} asset + - name: Download latest release ${{ matrix.name }} asset if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: @@ -96,7 +96,7 @@ jobs: branch: ${{ needs.setup.outputs.branch-name }} artifacts: ${{ matrix.name }}.zip - - name: Dry Run - Download latest Release ${{ matrix.name }} asset + - name: Dry run - Download latest release ${{ matrix.name }} asset if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: @@ -105,7 +105,7 @@ jobs: branch: main artifacts: ${{ matrix.name }}.zip - - name: Login to Azure - CI subscription + - name: Log in to Azure - CI subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -130,12 +130,12 @@ jobs: echo "::add-mask::$publish_profile" echo "publish-profile=$publish_profile" >> $GITHUB_OUTPUT - - name: Login to Azure + - name: Log in to Azure uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - name: Deploy App + - name: Deploy app uses: azure/webapps-deploy@4bca689e4c7129e55923ea9c45401b22dc6aa96f # v2.2.11 with: app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }} @@ -156,7 +156,7 @@ jobs: fi az webapp start -n $WEBAPP_NAME -g $RESOURCE_GROUP -s staging - - name: Update ${{ matrix.name }} deployment status to Success + - name: Update ${{ matrix.name }} deployment status to success if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: @@ -164,7 +164,7 @@ jobs: state: "success" deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - name: Update ${{ matrix.name }} deployment status to Failure + - name: Update ${{ matrix.name }} deployment status to failure if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: @@ -210,10 +210,10 @@ jobs: echo "GitHub event: $GITHUB_EVENT" echo "Github Release Option: $RELEASE_OPTION" - - name: Checkout repo + - name: Check out repo uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - - name: Setup project name + - name: Set up project name id: setup run: | PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}') @@ -222,12 +222,12 @@ jobs: echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT ########## ACR PROD ########## - - name: Login to Azure - PROD Subscription + - name: Log in to Azure - production subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - name: Login to Azure ACR + - name: Log in to Azure ACR run: az acr login -n $_AZ_REGISTRY --only-show-errors - name: Pull latest project image @@ -266,13 +266,13 @@ jobs: run: docker logout release: - name: Create GitHub Release + name: Create GitHub release runs-on: ubuntu-22.04 needs: - setup - deploy steps: - - name: Download latest Release Docker Stubs + - name: Download latest release Docker stubs if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: @@ -285,7 +285,7 @@ jobs: docker-stub-EU-sha256.txt, swagger.json" - - name: Dry Run - Download latest Release Docker Stubs + - name: Dry Run - Download latest release Docker stubs if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: diff --git a/.github/workflows/stale-bot.yml b/.github/workflows/stale-bot.yml index 1bd058b94b..721fee4ae7 100644 --- a/.github/workflows/stale-bot.yml +++ b/.github/workflows/stale-bot.yml @@ -1,23 +1,23 @@ --- -name: 'Close stale issues and PRs' +name: Staleness on: workflow_dispatch: - schedule: # Run once a day at 5.23am (arbitrary but should avoid peak loads on the hour) - - cron: '23 5 * * *' + schedule: # Run once a day at 5.23am (arbitrary but should avoid peak loads on the hour) + - cron: "23 5 * * *" jobs: stale: - name: 'Check for stale issues and PRs' - runs-on: ubuntu-20.04 + name: Check for stale issues and PRs + runs-on: ubuntu-22.04 steps: - - name: 'Run stale action' + - name: Check uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 with: - stale-issue-label: 'needs-reply' - stale-pr-label: 'needs-changes' - days-before-stale: -1 # Do not apply the stale labels automatically, this is a manual process - days-before-issue-close: 14 # Close issue if no further activity after X days - days-before-pr-close: 21 # Close PR if no further activity after X days + stale-issue-label: "needs-reply" + stale-pr-label: "needs-changes" + days-before-stale: -1 # Do not apply the stale labels automatically, this is a manual process + days-before-issue-close: 14 # Close issue if no further activity after X days + days-before-pr-close: 21 # Close PR if no further activity after X days close-issue-message: | We need more information before we can help you with your problem. As we haven’t heard from you recently, this issue will be closed. diff --git a/.github/workflows/stop-staging-slots.yml b/.github/workflows/stop-staging-slots.yml index ca28a4db6b..0ffe94ecdf 100644 --- a/.github/workflows/stop-staging-slots.yml +++ b/.github/workflows/stop-staging-slots.yml @@ -1,5 +1,5 @@ --- -name: Stop Staging Slots +name: Stop staging slots on: workflow_dispatch: @@ -7,8 +7,8 @@ on: jobs: stop-slots: - name: Stop Slots - runs-on: ubuntu-20.04 + name: Stop slots + runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: @@ -28,7 +28,7 @@ jobs: echo "NAME_LOWER: $NAME_LOWER" echo "name_lower=$NAME_LOWER" >> $GITHUB_OUTPUT - - name: Login to Azure - CI Subscription + - name: Log in to Azure - CI subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -46,7 +46,7 @@ jobs: echo "::add-mask::$webapp_name" echo "webapp-name=$webapp_name" >> $GITHUB_OUTPUT - - name: Login to Azure + - name: Log in to Azure uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} diff --git a/.github/workflows/test-database.yml b/.github/workflows/test-database.yml new file mode 100644 index 0000000000..cf62a1f431 --- /dev/null +++ b/.github/workflows/test-database.yml @@ -0,0 +1,185 @@ +--- +name: Database testing + +on: + workflow_dispatch: + push: + branches: + - "main" + - "rc" + - "hotfix-rc" + paths: + - ".github/workflows/infrastructure-tests.yml" # This file + - "src/Sql/**" # SQL Server Database Changes + - "util/Migrator/**" # New SQL Server Migrations + - "util/MySqlMigrations/**" # Changes to MySQL + - "util/PostgresMigrations/**" # Changes to Postgres + - "util/SqliteMigrations/**" # Changes to Sqlite + - "src/Infrastructure.Dapper/**" # Changes to SQL Server Dapper Repository Layer + - "src/Infrastructure.EntityFramework/**" # Changes to Entity Framework Repository Layer + - "test/Infrastructure.IntegrationTest/**" # Any changes to the tests + pull_request: + paths: + - ".github/workflows/infrastructure-tests.yml" # This file + - "src/Sql/**" # SQL Server Database Changes + - "util/Migrator/**" # New SQL Server Migrations + - "util/MySqlMigrations/**" # Changes to MySQL + - "util/PostgresMigrations/**" # Changes to Postgres + - "util/SqliteMigrations/**" # Changes to Sqlite + - "src/Infrastructure.Dapper/**" # Changes to SQL Server Dapper Repository Layer + - "src/Infrastructure.EntityFramework/**" # Changes to Entity Framework Repository Layer + - "test/Infrastructure.IntegrationTest/**" # Any changes to the tests + +jobs: + test: + name: Run tests + runs-on: ubuntu-22.04 + steps: + - name: Check out repo + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + + - name: Set up .NET + uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 + + - name: Restore tools + run: dotnet tool restore + + - name: Docker Compose databases + working-directory: "dev" + # We could think about not using profiles and pulling images directly to cover multiple versions + run: | + cp .env.example .env + docker compose --profile mssql --profile postgres --profile mysql up -d + shell: pwsh + + # I've seen the SQL Server container not be ready for commands right after starting up and just needing a bit longer to be ready + - name: Sleep + run: sleep 15s + + - name: Migrate SQL Server + working-directory: "dev" + run: "./migrate.ps1" + shell: pwsh + + - name: Migrate MySQL + working-directory: "util/MySqlMigrations" + run: 'dotnet ef database update --connection "$CONN_STR" -- --GlobalSettings:MySql:ConnectionString="$CONN_STR"' + env: + CONN_STR: "server=localhost;uid=root;pwd=SET_A_PASSWORD_HERE_123;database=vault_dev;Allow User Variables=true" + + - name: Migrate Postgres + working-directory: "util/PostgresMigrations" + run: 'dotnet ef database update --connection "$CONN_STR" -- --GlobalSettings:PostgreSql:ConnectionString="$CONN_STR"' + env: + CONN_STR: "Host=localhost;Username=postgres;Password=SET_A_PASSWORD_HERE_123;Database=vault_dev" + + - name: Migrate SQLite + working-directory: "util/SqliteMigrations" + run: 'dotnet ef database update --connection "$CONN_STR" -- --GlobalSettings:Sqlite:ConnectionString="$CONN_STR"' + env: + CONN_STR: "Data Source=${{ runner.temp }}/test.db" + + - name: Run tests + working-directory: "test/Infrastructure.IntegrationTest" + env: + # Default Postgres: + BW_TEST_DATABASES__0__TYPE: "Postgres" + BW_TEST_DATABASES__0__CONNECTIONSTRING: "Host=localhost;Username=postgres;Password=SET_A_PASSWORD_HERE_123;Database=vault_dev" + # Default MySql + BW_TEST_DATABASES__1__TYPE: "MySql" + BW_TEST_DATABASES__1__CONNECTIONSTRING: "server=localhost;uid=root;pwd=SET_A_PASSWORD_HERE_123;database=vault_dev" + # Default Dapper SqlServer + BW_TEST_DATABASES__2__TYPE: "SqlServer" + BW_TEST_DATABASES__2__CONNECTIONSTRING: "Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True;" + # Default Sqlite + BW_TEST_DATABASES__3__TYPE: "Sqlite" + BW_TEST_DATABASES__3__CONNECTIONSTRING: "Data Source=${{ runner.temp }}/test.db" + run: dotnet test --logger "trx;LogFileName=infrastructure-test-results.trx" + shell: pwsh + + - name: Report test results + uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0 + if: always() + with: + name: Test Results + path: "**/*-test-results.trx" + reporter: dotnet-trx + fail-on-error: true + + - name: Docker Compose down + if: always() + working-directory: "dev" + run: docker compose down + shell: pwsh + + validate: + name: Run validation + runs-on: ubuntu-22.04 + steps: + - name: Check out repo + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + + - name: Set up .NET + uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 + + - name: Print environment + run: | + dotnet --info + nuget help | grep Version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Build DACPAC + run: dotnet build src/Sql --configuration Release --verbosity minimal --output . + shell: pwsh + + - name: Upload DACPAC + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: sql.dacpac + path: Sql.dacpac + + - name: Docker Compose up + working-directory: "dev" + run: | + cp .env.example .env + docker compose --profile mssql up -d + shell: pwsh + + - name: Migrate + working-directory: "dev" + run: "./migrate.ps1" + shell: pwsh + + - name: Diff .sqlproj to migrations + run: /usr/local/sqlpackage/sqlpackage /action:DeployReport /SourceFile:"Sql.dacpac" /TargetConnectionString:"Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True;" /OutputPath:"report.xml" /p:IgnoreColumnOrder=True /p:IgnoreComments=True + shell: pwsh + + - name: Generate SQL file + run: /usr/local/sqlpackage/sqlpackage /action:Script /SourceFile:"Sql.dacpac" /TargetConnectionString:"Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True;" /OutputPath:"diff.sql" /p:IgnoreColumnOrder=True /p:IgnoreComments=True + shell: pwsh + + - name: Report validation results + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: report.xml + path: | + report.xml + diff.sql + + - name: Validate XML + run: | + if grep -q "" "report.xml"; then + echo + echo "Migrations are out of sync with sqlproj!" + exit 1 + else + echo "Report looks good" + fi + shell: bash + + - name: Docker Compose down + if: ${{ always() }} + working-directory: "dev" + run: docker compose down + shell: pwsh diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000000..8712b0cdf9 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,57 @@ +--- +name: Testing + +on: + workflow_dispatch: + push: + branches: + - "main" + - "rc" + - "hotfix-rc" + pull_request: + +env: + _AZ_REGISTRY: "bitwardenprod.azurecr.io" + +jobs: + testing: + name: Run tests + runs-on: ubuntu-22.04 + env: + NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages + steps: + - name: Check out repo + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + + - name: Set up .NET + uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 + + - name: Print environment + run: | + dotnet --info + nuget help | grep Version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Remove SQL project + run: dotnet sln bitwarden-server.sln remove src/Sql/Sql.sqlproj + + - name: Test OSS solution + run: dotnet test ./test --configuration Debug --logger "trx;LogFileName=oss-test-results.trx" /p:CoverletOutputFormatter="cobertura" --collect:"XPlat Code Coverage" + + - name: Test Bitwarden solution + run: dotnet test ./bitwarden_license/test --configuration Debug --logger "trx;LogFileName=bw-test-results.trx" /p:CoverletOutputFormatter="cobertura" --collect:"XPlat Code Coverage" + + - name: Report test results + uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0 + if: always() + with: + name: Test Results + path: "**/*-test-results.trx" + reporter: dotnet-trx + fail-on-error: true + + - name: Upload to codecov.io + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index ea6af8136e..4eacb4b38e 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -1,6 +1,6 @@ --- -name: Version Bump -run-name: Version Bump - v${{ inputs.version_number }} +name: Bump version +run-name: Bump version to ${{ inputs.version_number }} on: workflow_dispatch: @@ -16,10 +16,10 @@ on: jobs: bump_version: - name: "Bump Version to v${{ inputs.version_number }}" + name: Bump runs-on: ubuntu-22.04 steps: - - name: Login to Azure - CI Subscription + - name: Log in to Azure - CI subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} @@ -33,7 +33,7 @@ jobs: github-gpg-private-key-passphrase, github-pat-bitwarden-devops-bot-repo-scope" - - name: Checkout Branch + - name: Check out branch uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: ref: main @@ -47,7 +47,7 @@ jobs: git_user_signingkey: true git_commit_gpgsign: true - - name: Create Version Branch + - name: Create version branch id: create-branch run: | NAME=version_bump_${{ github.ref_name }}_${{ inputs.version_number }} @@ -78,13 +78,13 @@ jobs: exit 1 fi - - name: Bump Version - Props + - name: Bump version props uses: bitwarden/gh-actions/version-bump@main with: version: ${{ inputs.version_number }} file_path: "Directory.Build.props" - - name: Setup git + - name: Set up Git run: | git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com" git config --local user.name "bitwarden-devops-bot" @@ -109,7 +109,7 @@ jobs: PR_BRANCH: ${{ steps.create-branch.outputs.name }} run: git push -u origin $PR_BRANCH - - name: Create Version PR + - name: Create version PR if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} id: create-pr env: @@ -152,7 +152,7 @@ jobs: if: ${{ inputs.cut_rc_branch == true }} runs-on: ubuntu-22.04 steps: - - name: Checkout Branch + - name: Check out branch uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: main @@ -171,9 +171,8 @@ jobs: git switch --quiet --create rc git push --quiet --set-upstream origin rc - move-future-db-scripts: - name: Move future DB scripts + name: Move finalization database scripts needs: cut_rc uses: ./.github/workflows/_move_finalization_db_scripts.yml secrets: inherit diff --git a/.github/workflows/workflow-linter.yml b/.github/workflows/workflow-linter.yml index fc1db4d390..24f10f1e46 100644 --- a/.github/workflows/workflow-linter.yml +++ b/.github/workflows/workflow-linter.yml @@ -1,5 +1,5 @@ --- -name: Workflow Linter +name: Workflow linter on: pull_request: @@ -8,4 +8,5 @@ on: jobs: call-workflow: + name: Lint uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@main