nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

Workflow linting and test separation (#3684)

Browse Source 
* Workflow linting and test separation

* Name linting step

* Few more renames

* Database testing consolidation

* Few more renames and tweaks
This commit is contained in:
Matt Bishop 2024-01-23 13:24:52 -05:00 committed by GitHub
parent aeca1722fc
commit c63db733e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 356 additions and 370 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.github/workflows/_move_finalization_db_scripts.yml vendored
View File

@ -1,7 +1,6 @@
--- ---
name: _move_finalization_db_scripts name: _move_finalization_db_scripts
run-name: Move finalization db scripts run-name: Move finalization database scripts
on: on:
workflow_call: workflow_call:
@ -11,7 +10,6 @@ permissions:
contents: write contents: write
jobs: jobs:
setup: setup:
name: Setup name: Setup
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
@ -19,7 +17,7 @@ jobs:
migration_filename_prefix: ${{ steps.prefix.outputs.prefix }} migration_filename_prefix: ${{ steps.prefix.outputs.prefix }}
copy_finalization_scripts: ${{ steps.check-finalization-scripts-existence.outputs.copy_finalization_scripts }} copy_finalization_scripts: ${{ steps.check-finalization-scripts-existence.outputs.copy_finalization_scripts }}
steps: steps:
- name: Login to Azure - name: Log in to Azure
uses: Azure/login@de95379fe4dadc2defb305917eaa7e5dde727294 # v1.5.1 uses: Azure/login@de95379fe4dadc2defb305917eaa7e5dde727294 # v1.5.1
with: with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
@ -31,7 +29,7 @@ jobs:
keyvault: "bitwarden-ci" keyvault: "bitwarden-ci"
secrets: "github-pat-bitwarden-devops-bot-repo-scope" secrets: "github-pat-bitwarden-devops-bot-repo-scope"
- name: Checkout Branch - name: Check out branch
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
@ -40,7 +38,7 @@ jobs:
id: prefix id: prefix
run: echo "prefix=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT run: echo "prefix=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
- name: Check if any files in db finalization - name: Check if any files in DB finalization directory
id: check-finalization-scripts-existence id: check-finalization-scripts-existence
run: | run: |
if [ -f util/Migrator/DbScripts_finalization/* ]; then if [ -f util/Migrator/DbScripts_finalization/* ]; then
@ -50,7 +48,7 @@ jobs:
fi fi
move-finalization-db-scripts: move-finalization-db-scripts:
name: Move finalization db scripts name: Move finalization database scripts
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: setup needs: setup
if: ${{ needs.setup.outputs.copy_finalization_scripts == 'true' }} if: ${{ needs.setup.outputs.copy_finalization_scripts == 'true' }}
@ -95,12 +93,12 @@ jobs:
done done
echo "moved_files=$moved_files" >> $GITHUB_OUTPUT echo "moved_files=$moved_files" >> $GITHUB_OUTPUT
- name: Login to Azure - Prod Subscription - name: Log in to Azure - production subscription
uses: Azure/login@de95379fe4dadc2defb305917eaa7e5dde727294 # v1.5.1 uses: Azure/login@de95379fe4dadc2defb305917eaa7e5dde727294 # v1.5.1
with: with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve Secrets - name: Retrieve secrets
id: retrieve-secrets id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main uses: bitwarden/gh-actions/get-keyvault-secrets@main
with: with:
@ -140,7 +138,7 @@ jobs:
BRANCH: ${{ steps.branch_name.outputs.branch_name }} BRANCH: ${{ steps.branch_name.outputs.branch_name }}
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
MOVED_FILES: ${{ steps.move-files.outputs.moved_files }} MOVED_FILES: ${{ steps.move-files.outputs.moved_files }}
TITLE: "Move finalization db scripts" TITLE: "Move finalization database scripts"
run: | run: |
PR_URL=$(gh pr create --title "$TITLE" \ PR_URL=$(gh pr create --title "$TITLE" \
--base "main" \ --base "main" \

6
.github/workflows/automatic-issue-responses.yml vendored
View File

@ -6,8 +6,8 @@ on:
- labeled - labeled
jobs: jobs:
close-issue: close-issue:
name: 'Close issue with automatic response' name: Close issue with automatic response
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
permissions: permissions:
issues: write issues: write
steps: steps:
@ -24,7 +24,7 @@ jobs:
This issue will now be closed. Thanks! This issue will now be closed. Thanks!
# Intended behavior # Intended behavior
- if: github.event.label.name == 'intended-behavior' - if: github.event.label.name == 'intended-behavior'
name: Intended behaviour name: Intended behavior
uses: peter-evans/close-issue@1373cadf1f0c96c1420bc000cfba2273ea307fd1 # v2.2.0 uses: peter-evans/close-issue@1373cadf1f0c96c1420bc000cfba2273ea307fd1 # v2.2.0
with: with:
comment: | comment: |

100
.github/workflows/build.yml vendored
View File

@ -2,23 +2,23 @@
name: Build name: Build
on: on:
push:
branches-ignore:
- "l10n_master"
- "gh-pages"
paths-ignore:
- ".github/workflows/**"
workflow_dispatch: workflow_dispatch:
push:
branches:
- "main"
- "rc"
- "hotfix-rc"
pull_request:
env: env:
_AZ_REGISTRY: "bitwardenprod.azurecr.io" _AZ_REGISTRY: "bitwardenprod.azurecr.io"
jobs: jobs:
cloc: cloc:
name: CLOC name: Count lines of code
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- name: Checkout repo - name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install cloc - name: Install cloc
@ -33,62 +33,19 @@ jobs:
name: Lint name: Lint
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- name: Checkout repo - name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Set up dotnet - name: Set up .NET
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
- name: Verify Format - name: Verify format
run: dotnet format --verify-no-changes run: dotnet format --verify-no-changes
testing:
name: Testing
runs-on: ubuntu-22.04
env:
NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
steps:
- name: Checkout repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Set up dotnet
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
- name: Print environment
run: |
dotnet --info
nuget help | grep Version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Remove SQL proj
run: dotnet sln bitwarden-server.sln remove src/Sql/Sql.sqlproj
- name: Test OSS solution
run: dotnet test ./test --configuration Release --logger "trx;LogFileName=oss-test-results.trx" /p:CoverletOutputFormatter="cobertura" --collect:"XPlat Code Coverage"
- name: Test Bitwarden solution
run: dotnet test ./bitwarden_license/test --configuration Release --logger "trx;LogFileName=bw-test-results.trx" /p:CoverletOutputFormatter="cobertura" --collect:"XPlat Code Coverage"
- name: Report test results
uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0
if: always()
with:
name: Test Results
path: "**/*-test-results.trx"
reporter: dotnet-trx
fail-on-error: true
- name: Upload to codecov.io
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
build-artifacts: build-artifacts:
name: Build artifacts name: Build artifacts
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: needs:
- testing
- lint - lint
strategy: strategy:
fail-fast: false fail-fast: false
@ -125,10 +82,10 @@ jobs:
base_path: ./bitwarden_license/src base_path: ./bitwarden_license/src
node: true node: true
steps: steps:
- name: Checkout repo - name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Set up dotnet - name: Set up .NET
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
- name: Set up Node - name: Set up Node
@ -228,7 +185,7 @@ jobs:
base_path: ./bitwarden_license/src base_path: ./bitwarden_license/src
dotnet: true dotnet: true
steps: steps:
- name: Checkout repo - name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Check Branch to Publish - name: Check Branch to Publish
@ -245,7 +202,7 @@ jobs:
fi fi
########## ACRs ########## ########## ACRs ##########
- name: Login to Azure - PROD Subscription - name: Log in to Azure - production subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
@ -253,7 +210,7 @@ jobs:
- name: Login to PROD ACR - name: Login to PROD ACR
run: az acr login -n bitwardenprod run: az acr login -n bitwardenprod
- name: Login to Azure - CI Subscription - name: Log in to Azure - CI subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
@ -275,7 +232,7 @@ jobs:
fi fi
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Setup project name - name: Set up project name
id: setup id: setup
run: | run: |
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}') PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}')
@ -303,7 +260,7 @@ jobs:
with: with:
name: ${{ matrix.project_name }}.zip name: ${{ matrix.project_name }}.zip
- name: Setup build artifact - name: Set up build artifact
if: ${{ matrix.dotnet }} if: ${{ matrix.dotnet }}
run: | run: |
mkdir -p ${{ matrix.base_path}}/${{ matrix.project_name }}/obj/build-output/publish mkdir -p ${{ matrix.base_path}}/${{ matrix.project_name }}/obj/build-output/publish
@ -326,13 +283,13 @@ jobs:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: build-docker needs: build-docker
steps: steps:
- name: Checkout repo - name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Set up dotnet - name: Set up .NET
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
- name: Login to Azure - PROD Subscription - name: Log in to Azure - production subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
@ -445,7 +402,7 @@ jobs:
if-no-files-found: error if-no-files-found: error
build-mssqlmigratorutility: build-mssqlmigratorutility:
name: Build MsSqlMigratorUtility name: Build MSSQL migrator utility
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: lint needs: lint
defaults: defaults:
@ -460,10 +417,10 @@ jobs:
- linux-x64 - linux-x64
- win-x64 - win-x64
steps: steps:
- name: Checkout repo - name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Set up dotnet - name: Set up .NET
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
- name: Print environment - name: Print environment
@ -478,7 +435,7 @@ jobs:
dotnet publish -c "Release" -o obj/build-output/publish -r ${{ matrix.target }} -p:PublishSingleFile=true \ dotnet publish -c "Release" -o obj/build-output/publish -r ${{ matrix.target }} -p:PublishSingleFile=true \
-p:IncludeNativeLibrariesForSelfExtract=true --self-contained true -p:IncludeNativeLibrariesForSelfExtract=true --self-contained true
- name: Upload project artifact Windows - name: Upload project artifact for Windows
if: ${{ contains(matrix.target, 'win') == true }} if: ${{ contains(matrix.target, 'win') == true }}
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with: with:
@ -499,7 +456,7 @@ jobs:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: build-docker needs: build-docker
steps: steps:
- name: Login to Azure - CI Subscription - name: Log in to Azure - CI subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
@ -532,7 +489,7 @@ jobs:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: build-docker needs: build-docker
steps: steps:
- name: Login to Azure - CI Subscription - name: Log in to Azure - CI subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
@ -567,7 +524,6 @@ jobs:
needs: needs:
- cloc - cloc
- lint - lint
- testing
- build-artifacts - build-artifacts
- build-docker - build-docker
- upload - upload
@ -611,7 +567,7 @@ jobs:
exit 1 exit 1
fi fi
- name: Login to Azure - CI subscription - name: Log in to Azure - CI subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
if: failure() if: failure()
with: with:

18
.github/workflows/cleanup-after-pr.yml vendored
View File

@ -1,5 +1,5 @@
--- ---
name: Clean After PR name: Container registry cleanup
on: on:
pull_request: pull_request:
@ -7,31 +7,31 @@ on:
jobs: jobs:
build-docker: build-docker:
name: Remove feature branch docker images name: Remove branch-specific Docker images
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
steps: steps:
- name: Checkout repo - name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
########## ACR ########## ########## ACR ##########
- name: Login to Azure - QA Subscription - name: Log in to Azure - QA Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
- name: Login to Azure ACR - name: Log in to Azure ACR
run: az acr login -n bitwardenqa run: az acr login -n bitwardenqa
- name: Login to Azure - PROD Subscription - name: Log in to Azure - production subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to Azure ACR - name: Log in to Azure ACR
run: az acr login -n bitwardenprod run: az acr login -n bitwardenprod
########## Remove Docker images ########## ########## Remove Docker images ##########
- name: Remove the docker image from ACR - name: Remove the Docker image from ACR
env: env:
REGISTRIES: | REGISTRIES: |
registries: registries:

12
.github/workflows/container-registry-purge.yml vendored
View File

@ -1,18 +1,18 @@
--- ---
name: Container Registry Purge name: Container registry purge
on: on:
schedule: schedule:
- cron: '0 0 * * SUN' - cron: "0 0 * * SUN"
workflow_dispatch: workflow_dispatch:
inputs: {} inputs: {}
jobs: jobs:
purge: purge:
name: Purge old images name: Purge old images
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
steps: steps:
- name: Login to Azure - name: Log in to Azure
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
@ -68,7 +68,7 @@ jobs:
check-failures: check-failures:
name: Check for failures name: Check for failures
if: always() if: always()
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
needs: needs:
- purge - purge
steps: steps:
@ -84,7 +84,7 @@ jobs:
exit 1 exit 1
fi fi
- name: Login to Azure - CI subscription - name: Log in to Azure - CI subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
if: failure() if: failure()
with: with:

95
.github/workflows/database.yml vendored
View File

@ -1,95 +0,0 @@
---
name: Validate Database
on:
pull_request:
branches-ignore:
- 'l10n_master'
- 'gh-pages'
paths:
- 'src/Sql/**'
- 'util/Migrator/**'
push:
branches:
- 'main'
- 'rc'
paths:
- 'src/Sql/**'
- 'util/Migrator/**'
workflow_dispatch:
inputs: {}
jobs:
validate:
name: Validate
runs-on: ubuntu-22.04
steps:
- name: Checkout repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Set up dotnet
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
with:
dotnet-version: '6.0.x'
- name: Print environment
run: |
dotnet --info
nuget help | grep Version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Build DACPAC
run: dotnet build src/Sql --configuration Release --verbosity minimal --output .
shell: pwsh
- name: Upload DACPAC
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: sql.dacpac
path: Sql.dacpac
- name: Docker Compose up
working-directory: "dev"
run: |
cp .env.example .env
docker compose --profile mssql up -d
shell: pwsh
- name: Migrate
working-directory: "dev"
run: "pwsh ./migrate.ps1"
shell: pwsh
- name: Diff sqlproj to migrations
run: /usr/local/sqlpackage/sqlpackage /action:DeployReport /SourceFile:"Sql.dacpac" /TargetConnectionString:"Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True;" /OutputPath:"report.xml" /p:IgnoreColumnOrder=True /p:IgnoreComments=True
shell: pwsh
- name: Generate SQL file
run: /usr/local/sqlpackage/sqlpackage /action:Script /SourceFile:"Sql.dacpac" /TargetConnectionString:"Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True;" /OutputPath:"diff.sql" /p:IgnoreColumnOrder=True /p:IgnoreComments=True
shell: pwsh
- name: Upload Report
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: report.xml
path: |
report.xml
diff.sql
- name: Validate XML
run: |
if grep -q "<Operations>" "report.xml"; then
echo
echo "Migrations are out of sync with sqlproj!"
exit 1
else
echo "Report looks good"
fi
shell: bash
- name: Docker compose down
if: ${{ always() }}
working-directory: "dev"
run: docker compose down
shell: pwsh

19
.github/workflows/enforce-labels.yml vendored
View File

@ -2,15 +2,18 @@
name: Enforce PR labels name: Enforce PR labels
on: on:
workflow_call:
pull_request: pull_request:
types: [labeled, unlabeled, opened, edited, synchronize] types: [labeled, unlabeled, opened, reopened, synchronize]
jobs: jobs:
enforce-label: enforce-label:
name: EnforceLabel if: ${{ contains(github.event.*.labels.*.name, 'hold') || contains(github.event.*.labels.*.name, 'needs-qa') || contains(github.event.*.labels.*.name, 'DB-migrations-changed') }}
runs-on: ubuntu-20.04 name: Enforce label
runs-on: ubuntu-22.04
steps: steps:
- name: Enforce Label - name: Check for label
uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024 # 2.2.2 run: |
with: echo "PRs with the hold or needs-qa labels cannot be merged"
BANNED_LABELS: "hold,DB-migrations-changed,needs-qa" echo "### :x: PRs with the hold or needs-qa labels cannot be merged" >> $GITHUB_STEP_SUMMARY
exit 1

117
.github/workflows/infrastructure-tests.yml vendored
View File

@ -1,117 +0,0 @@
---
name: Run Database Infrastructure Tests
on:
pull_request:
branches-ignore:
- 'l10n_master'
- 'gh-pages'
paths:
- '.github/workflows/infrastructure-tests.yml' # This file
- 'src/Sql/**' # SQL Server Database Changes
- 'util/Migrator/**' # New SQL Server Migrations
- 'util/MySqlMigrations/**' # Changes to MySQL
- 'util/PostgresMigrations/**' # Changes to Postgres
- 'util/SqliteMigrations/**' # Changes to Sqlite
- 'src/Infrastructure.Dapper/**' # Changes to SQL Server Dapper Repository Layer
- 'src/Infrastructure.EntityFramework/**' # Changes to Entity Framework Repository Layer
- 'test/Infrastructure.IntegrationTest/**' # Any changes to the tests
push:
branches:
- 'main'
- 'rc'
paths:
- '.github/workflows/infrastructure-tests.yml' # This file
- 'src/Sql/**' # SQL Server Database Changes
- 'util/Migrator/**' # New SQL Server Migrations
- 'util/MySqlMigrations/**' # Changes to MySQL
- 'util/PostgresMigrations/**' # Changes to Postgres
- 'util/SqliteMigrations/**' # Changes to Sqlite
- 'src/Infrastructure.Dapper/**' # Changes to SQL Server Dapper Repository Layer
- 'src/Infrastructure.EntityFramework/**' # Changes to Entity Framework Repository Layer
- 'test/Infrastructure.IntegrationTest/**' # Any changes to the tests
workflow_dispatch:
inputs: {}
jobs:
test:
name: 'Run Infrastructure.IntegrationTest'
runs-on: ubuntu-22.04
steps:
- name: Checkout repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Set up dotnet
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
with:
dotnet-version: '6.0.x'
- name: Restore Tools
run: dotnet tool restore
- name: Compose Databases
working-directory: 'dev'
# We could think about not using profiles and pulling images directly to cover multiple versions
run: |
cp .env.example .env
docker compose --profile mssql --profile postgres --profile mysql up -d
shell: pwsh
# I've seen the SQL Server container not be ready for commands right after starting up and just needing a bit longer to be ready
- name: Sleep
run: sleep 15s
- name: Migrate SQL Server
working-directory: 'dev'
run: "pwsh ./migrate.ps1"
shell: pwsh
- name: Migrate MySQL
working-directory: 'util/MySqlMigrations'
run: 'dotnet ef database update --connection "$CONN_STR" -- --GlobalSettings:MySql:ConnectionString="$CONN_STR"'
env:
CONN_STR: "server=localhost;uid=root;pwd=SET_A_PASSWORD_HERE_123;database=vault_dev;Allow User Variables=true"
- name: Migrate Postgres
working-directory: 'util/PostgresMigrations'
run: 'dotnet ef database update --connection "$CONN_STR" -- --GlobalSettings:PostgreSql:ConnectionString="$CONN_STR"'
env:
CONN_STR: "Host=localhost;Username=postgres;Password=SET_A_PASSWORD_HERE_123;Database=vault_dev"
- name: Migrate Sqlite
working-directory: 'util/SqliteMigrations'
run: 'dotnet ef database update --connection "$CONN_STR" -- --GlobalSettings:Sqlite:ConnectionString="$CONN_STR"'
env:
CONN_STR: "Data Source=${{ runner.temp }}/test.db"
- name: Run Tests
working-directory: 'test/Infrastructure.IntegrationTest'
env:
# Default Postgres:
BW_TEST_DATABASES__0__TYPE: "Postgres"
BW_TEST_DATABASES__0__CONNECTIONSTRING: "Host=localhost;Username=postgres;Password=SET_A_PASSWORD_HERE_123;Database=vault_dev"
# Default MySql
BW_TEST_DATABASES__1__TYPE: "MySql"
BW_TEST_DATABASES__1__CONNECTIONSTRING: "server=localhost;uid=root;pwd=SET_A_PASSWORD_HERE_123;database=vault_dev"
# Default Dapper SqlServer
BW_TEST_DATABASES__2__TYPE: "SqlServer"
BW_TEST_DATABASES__2__CONNECTIONSTRING: "Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True;"
# Default Sqlite
BW_TEST_DATABASES__3__TYPE: "Sqlite"
BW_TEST_DATABASES__3__CONNECTIONSTRING: "Data Source=${{ runner.temp }}/test.db"
run: dotnet test --logger "trx;LogFileName=infrastructure-test-results.trx"
shell: pwsh
- name: Report test results
uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0
if: always()
with:
name: Test Results
path: "**/*-test-results.trx"
reporter: dotnet-trx
fail-on-error: true
- name: Docker compose down
if: always()
working-directory: "dev"
run: docker compose down
shell: pwsh

7
.github/workflows/protect-files.yml vendored
View File

@ -2,8 +2,7 @@
# Starts a matrix job to check for modified files, then sets output based on the results. # Starts a matrix job to check for modified files, then sets output based on the results.
# The input decides if the label job is ran, adding a label to the PR. # The input decides if the label job is ran, adding a label to the PR.
--- ---
name: Protect files
name: Protect Files
on: on:
pull_request: pull_request:
@ -17,7 +16,7 @@ on:
jobs: jobs:
changed-files: changed-files:
name: Check for file changes name: Check for file changes
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
outputs: outputs:
changes: ${{steps.check-changes.outputs.changes_detected}} changes: ${{steps.check-changes.outputs.changes_detected}}
@ -29,7 +28,7 @@ jobs:
path: util/Migrator/DbScripts path: util/Migrator/DbScripts
label: "DB-migrations-changed" label: "DB-migrations-changed"
steps: steps:
- name: Checkout repo - name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with: with:
fetch-depth: 2 fetch-depth: 2

34
.github/workflows/release.yml vendored
View File

@ -16,7 +16,7 @@ on:
- Dry Run - Dry Run
env: env:
_AZ_REGISTRY: 'bitwardenprod.azurecr.io' _AZ_REGISTRY: "bitwardenprod.azurecr.io"
jobs: jobs:
setup: setup:
@ -36,10 +36,10 @@ jobs:
exit 1 exit 1
fi fi
- name: Checkout repo - name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Check Release Version - name: Check release version
id: version id: version
uses: bitwarden/gh-actions/release-version-check@main uses: bitwarden/gh-actions/release-version-check@main
with: with:
@ -87,7 +87,7 @@ jobs:
task: "deploy" task: "deploy"
description: "Deploy from ${{ needs.setup.outputs.branch-name }} branch" description: "Deploy from ${{ needs.setup.outputs.branch-name }} branch"
- name: Download latest Release ${{ matrix.name }} asset - name: Download latest release ${{ matrix.name }} asset
if: ${{ github.event.inputs.release_type != 'Dry Run' }} if: ${{ github.event.inputs.release_type != 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@main uses: bitwarden/gh-actions/download-artifacts@main
with: with:
@ -96,7 +96,7 @@ jobs:
branch: ${{ needs.setup.outputs.branch-name }} branch: ${{ needs.setup.outputs.branch-name }}
artifacts: ${{ matrix.name }}.zip artifacts: ${{ matrix.name }}.zip
- name: Dry Run - Download latest Release ${{ matrix.name }} asset - name: Dry run - Download latest release ${{ matrix.name }} asset
if: ${{ github.event.inputs.release_type == 'Dry Run' }} if: ${{ github.event.inputs.release_type == 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@main uses: bitwarden/gh-actions/download-artifacts@main
with: with:
@ -105,7 +105,7 @@ jobs:
branch: main branch: main
artifacts: ${{ matrix.name }}.zip artifacts: ${{ matrix.name }}.zip
- name: Login to Azure - CI subscription - name: Log in to Azure - CI subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
@ -130,12 +130,12 @@ jobs:
echo "::add-mask::$publish_profile" echo "::add-mask::$publish_profile"
echo "publish-profile=$publish_profile" >> $GITHUB_OUTPUT echo "publish-profile=$publish_profile" >> $GITHUB_OUTPUT
- name: Login to Azure - name: Log in to Azure
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Deploy App - name: Deploy app
uses: azure/webapps-deploy@4bca689e4c7129e55923ea9c45401b22dc6aa96f # v2.2.11 uses: azure/webapps-deploy@4bca689e4c7129e55923ea9c45401b22dc6aa96f # v2.2.11
with: with:
app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }} app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }}
@ -156,7 +156,7 @@ jobs:
fi fi
az webapp start -n $WEBAPP_NAME -g $RESOURCE_GROUP -s staging az webapp start -n $WEBAPP_NAME -g $RESOURCE_GROUP -s staging
- name: Update ${{ matrix.name }} deployment status to Success - name: Update ${{ matrix.name }} deployment status to success
if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
with: with:
@ -164,7 +164,7 @@ jobs:
state: "success" state: "success"
deployment-id: ${{ steps.deployment.outputs.deployment_id }} deployment-id: ${{ steps.deployment.outputs.deployment_id }}
- name: Update ${{ matrix.name }} deployment status to Failure - name: Update ${{ matrix.name }} deployment status to failure
if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
with: with:
@ -210,10 +210,10 @@ jobs:
echo "GitHub event: $GITHUB_EVENT" echo "GitHub event: $GITHUB_EVENT"
echo "Github Release Option: $RELEASE_OPTION" echo "Github Release Option: $RELEASE_OPTION"
- name: Checkout repo - name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup project name - name: Set up project name
id: setup id: setup
run: | run: |
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}') PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}')
@ -222,12 +222,12 @@ jobs:
echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT
########## ACR PROD ########## ########## ACR PROD ##########
- name: Login to Azure - PROD Subscription - name: Log in to Azure - production subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to Azure ACR - name: Log in to Azure ACR
run: az acr login -n $_AZ_REGISTRY --only-show-errors run: az acr login -n $_AZ_REGISTRY --only-show-errors
- name: Pull latest project image - name: Pull latest project image
@ -266,13 +266,13 @@ jobs:
run: docker logout run: docker logout
release: release:
name: Create GitHub Release name: Create GitHub release
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: needs:
- setup - setup
- deploy - deploy
steps: steps:
- name: Download latest Release Docker Stubs - name: Download latest release Docker stubs
if: ${{ github.event.inputs.release_type != 'Dry Run' }} if: ${{ github.event.inputs.release_type != 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@main uses: bitwarden/gh-actions/download-artifacts@main
with: with:
@ -285,7 +285,7 @@ jobs:
docker-stub-EU-sha256.txt, docker-stub-EU-sha256.txt,
swagger.json" swagger.json"
- name: Dry Run - Download latest Release Docker Stubs - name: Dry Run - Download latest release Docker stubs
if: ${{ github.event.inputs.release_type == 'Dry Run' }} if: ${{ github.event.inputs.release_type == 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@main uses: bitwarden/gh-actions/download-artifacts@main
with: with:

22
.github/workflows/stale-bot.yml vendored
View File

@ -1,23 +1,23 @@
--- ---
name: 'Close stale issues and PRs' name: Staleness
on: on:
workflow_dispatch: workflow_dispatch:
schedule: # Run once a day at 5.23am (arbitrary but should avoid peak loads on the hour) schedule: # Run once a day at 5.23am (arbitrary but should avoid peak loads on the hour)
- cron: '23 5 * * *' - cron: "23 5 * * *"
jobs: jobs:
stale: stale:
name: 'Check for stale issues and PRs' name: Check for stale issues and PRs
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
steps: steps:
- name: 'Run stale action' - name: Check
uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
with: with:
stale-issue-label: 'needs-reply' stale-issue-label: "needs-reply"
stale-pr-label: 'needs-changes' stale-pr-label: "needs-changes"
days-before-stale: -1 # Do not apply the stale labels automatically, this is a manual process days-before-stale: -1 # Do not apply the stale labels automatically, this is a manual process
days-before-issue-close: 14 # Close issue if no further activity after X days days-before-issue-close: 14 # Close issue if no further activity after X days
days-before-pr-close: 21 # Close PR if no further activity after X days days-before-pr-close: 21 # Close PR if no further activity after X days
close-issue-message: | close-issue-message: |
We need more information before we can help you with your problem. As we havent heard from you recently, this issue will be closed. We need more information before we can help you with your problem. As we havent heard from you recently, this issue will be closed.

10
.github/workflows/stop-staging-slots.yml vendored
View File

@ -1,5 +1,5 @@
--- ---
name: Stop Staging Slots name: Stop staging slots
on: on:
workflow_dispatch: workflow_dispatch:
@ -7,8 +7,8 @@ on:
jobs: jobs:
stop-slots: stop-slots:
name: Stop Slots name: Stop slots
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@ -28,7 +28,7 @@ jobs:
echo "NAME_LOWER: $NAME_LOWER" echo "NAME_LOWER: $NAME_LOWER"
echo "name_lower=$NAME_LOWER" >> $GITHUB_OUTPUT echo "name_lower=$NAME_LOWER" >> $GITHUB_OUTPUT
- name: Login to Azure - CI Subscription - name: Log in to Azure - CI subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
@ -46,7 +46,7 @@ jobs:
echo "::add-mask::$webapp_name" echo "::add-mask::$webapp_name"
echo "webapp-name=$webapp_name" >> $GITHUB_OUTPUT echo "webapp-name=$webapp_name" >> $GITHUB_OUTPUT
- name: Login to Azure - name: Log in to Azure
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

185
.github/workflows/test-database.yml vendored Normal file
View File

@ -0,0 +1,185 @@
---
name: Database testing
on:
workflow_dispatch:
push:
branches:
- "main"
- "rc"
- "hotfix-rc"
paths:
- ".github/workflows/infrastructure-tests.yml" # This file
- "src/Sql/**" # SQL Server Database Changes
- "util/Migrator/**" # New SQL Server Migrations
- "util/MySqlMigrations/**" # Changes to MySQL
- "util/PostgresMigrations/**" # Changes to Postgres
- "util/SqliteMigrations/**" # Changes to Sqlite
- "src/Infrastructure.Dapper/**" # Changes to SQL Server Dapper Repository Layer
- "src/Infrastructure.EntityFramework/**" # Changes to Entity Framework Repository Layer
- "test/Infrastructure.IntegrationTest/**" # Any changes to the tests
pull_request:
paths:
- ".github/workflows/infrastructure-tests.yml" # This file
- "src/Sql/**" # SQL Server Database Changes
- "util/Migrator/**" # New SQL Server Migrations
- "util/MySqlMigrations/**" # Changes to MySQL
- "util/PostgresMigrations/**" # Changes to Postgres
- "util/SqliteMigrations/**" # Changes to Sqlite
- "src/Infrastructure.Dapper/**" # Changes to SQL Server Dapper Repository Layer
- "src/Infrastructure.EntityFramework/**" # Changes to Entity Framework Repository Layer
- "test/Infrastructure.IntegrationTest/**" # Any changes to the tests
jobs:
test:
name: Run tests
runs-on: ubuntu-22.04
steps:
- name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Set up .NET
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
- name: Restore tools
run: dotnet tool restore
- name: Docker Compose databases
working-directory: "dev"
# We could think about not using profiles and pulling images directly to cover multiple versions
run: |
cp .env.example .env
docker compose --profile mssql --profile postgres --profile mysql up -d
shell: pwsh
# I've seen the SQL Server container not be ready for commands right after starting up and just needing a bit longer to be ready
- name: Sleep
run: sleep 15s
- name: Migrate SQL Server
working-directory: "dev"
run: "./migrate.ps1"
shell: pwsh
- name: Migrate MySQL
working-directory: "util/MySqlMigrations"
run: 'dotnet ef database update --connection "$CONN_STR" -- --GlobalSettings:MySql:ConnectionString="$CONN_STR"'
env:
CONN_STR: "server=localhost;uid=root;pwd=SET_A_PASSWORD_HERE_123;database=vault_dev;Allow User Variables=true"
- name: Migrate Postgres
working-directory: "util/PostgresMigrations"
run: 'dotnet ef database update --connection "$CONN_STR" -- --GlobalSettings:PostgreSql:ConnectionString="$CONN_STR"'
env:
CONN_STR: "Host=localhost;Username=postgres;Password=SET_A_PASSWORD_HERE_123;Database=vault_dev"
- name: Migrate SQLite
working-directory: "util/SqliteMigrations"
run: 'dotnet ef database update --connection "$CONN_STR" -- --GlobalSettings:Sqlite:ConnectionString="$CONN_STR"'
env:
CONN_STR: "Data Source=${{ runner.temp }}/test.db"
- name: Run tests
working-directory: "test/Infrastructure.IntegrationTest"
env:
# Default Postgres:
BW_TEST_DATABASES__0__TYPE: "Postgres"
BW_TEST_DATABASES__0__CONNECTIONSTRING: "Host=localhost;Username=postgres;Password=SET_A_PASSWORD_HERE_123;Database=vault_dev"
# Default MySql
BW_TEST_DATABASES__1__TYPE: "MySql"
BW_TEST_DATABASES__1__CONNECTIONSTRING: "server=localhost;uid=root;pwd=SET_A_PASSWORD_HERE_123;database=vault_dev"
# Default Dapper SqlServer
BW_TEST_DATABASES__2__TYPE: "SqlServer"
BW_TEST_DATABASES__2__CONNECTIONSTRING: "Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True;"
# Default Sqlite
BW_TEST_DATABASES__3__TYPE: "Sqlite"
BW_TEST_DATABASES__3__CONNECTIONSTRING: "Data Source=${{ runner.temp }}/test.db"
run: dotnet test --logger "trx;LogFileName=infrastructure-test-results.trx"
shell: pwsh
- name: Report test results
uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0
if: always()
with:
name: Test Results
path: "**/*-test-results.trx"
reporter: dotnet-trx
fail-on-error: true
- name: Docker Compose down
if: always()
working-directory: "dev"
run: docker compose down
shell: pwsh
validate:
name: Run validation
runs-on: ubuntu-22.04
steps:
- name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Set up .NET
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
- name: Print environment
run: |
dotnet --info
nuget help | grep Version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Build DACPAC
run: dotnet build src/Sql --configuration Release --verbosity minimal --output .
shell: pwsh
- name: Upload DACPAC
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: sql.dacpac
path: Sql.dacpac
- name: Docker Compose up
working-directory: "dev"
run: |
cp .env.example .env
docker compose --profile mssql up -d
shell: pwsh
- name: Migrate
working-directory: "dev"
run: "./migrate.ps1"
shell: pwsh
- name: Diff .sqlproj to migrations
run: /usr/local/sqlpackage/sqlpackage /action:DeployReport /SourceFile:"Sql.dacpac" /TargetConnectionString:"Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True;" /OutputPath:"report.xml" /p:IgnoreColumnOrder=True /p:IgnoreComments=True
shell: pwsh
- name: Generate SQL file
run: /usr/local/sqlpackage/sqlpackage /action:Script /SourceFile:"Sql.dacpac" /TargetConnectionString:"Server=localhost;Database=vault_dev;User Id=SA;Password=SET_A_PASSWORD_HERE_123;Encrypt=True;TrustServerCertificate=True;" /OutputPath:"diff.sql" /p:IgnoreColumnOrder=True /p:IgnoreComments=True
shell: pwsh
- name: Report validation results
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: report.xml
path: |
report.xml
diff.sql
- name: Validate XML
run: |
if grep -q "<Operations>" "report.xml"; then
echo
echo "Migrations are out of sync with sqlproj!"
exit 1
else
echo "Report looks good"
fi
shell: bash
- name: Docker Compose down
if: ${{ always() }}
working-directory: "dev"
run: docker compose down
shell: pwsh

57
.github/workflows/test.yml vendored Normal file
View File

@ -0,0 +1,57 @@
---
name: Testing
on:
workflow_dispatch:
push:
branches:
- "main"
- "rc"
- "hotfix-rc"
pull_request:
env:
_AZ_REGISTRY: "bitwardenprod.azurecr.io"
jobs:
testing:
name: Run tests
runs-on: ubuntu-22.04
env:
NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
steps:
- name: Check out repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Set up .NET
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
- name: Print environment
run: |
dotnet --info
nuget help | grep Version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Remove SQL project
run: dotnet sln bitwarden-server.sln remove src/Sql/Sql.sqlproj
- name: Test OSS solution
run: dotnet test ./test --configuration Debug --logger "trx;LogFileName=oss-test-results.trx" /p:CoverletOutputFormatter="cobertura" --collect:"XPlat Code Coverage"
- name: Test Bitwarden solution
run: dotnet test ./bitwarden_license/test --configuration Debug --logger "trx;LogFileName=bw-test-results.trx" /p:CoverletOutputFormatter="cobertura" --collect:"XPlat Code Coverage"
- name: Report test results
uses: dorny/test-reporter@c9b3d0e2bd2a4e96aaf424dbaa31c46b42318226 # v1.6.0
if: always()
with:
name: Test Results
path: "**/*-test-results.trx"
reporter: dotnet-trx
fail-on-error: true
- name: Upload to codecov.io
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

23
.github/workflows/version-bump.yml vendored
View File

@ -1,6 +1,6 @@
--- ---
name: Version Bump name: Bump version
run-name: Version Bump - v${{ inputs.version_number }} run-name: Bump version to ${{ inputs.version_number }}
on: on:
workflow_dispatch: workflow_dispatch:
@ -16,10 +16,10 @@ on:
jobs: jobs:
bump_version: bump_version:
name: "Bump Version to v${{ inputs.version_number }}" name: Bump
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- name: Login to Azure - CI Subscription - name: Log in to Azure - CI subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with: with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
@ -33,7 +33,7 @@ jobs:
github-gpg-private-key-passphrase, github-gpg-private-key-passphrase,
github-pat-bitwarden-devops-bot-repo-scope" github-pat-bitwarden-devops-bot-repo-scope"
- name: Checkout Branch - name: Check out branch
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with: with:
ref: main ref: main
@ -47,7 +47,7 @@ jobs:
git_user_signingkey: true git_user_signingkey: true
git_commit_gpgsign: true git_commit_gpgsign: true
- name: Create Version Branch - name: Create version branch
id: create-branch id: create-branch
run: | run: |
NAME=version_bump_${{ github.ref_name }}_${{ inputs.version_number }} NAME=version_bump_${{ github.ref_name }}_${{ inputs.version_number }}
@ -78,13 +78,13 @@ jobs:
exit 1 exit 1
fi fi
- name: Bump Version - Props - name: Bump version props
uses: bitwarden/gh-actions/version-bump@main uses: bitwarden/gh-actions/version-bump@main
with: with:
version: ${{ inputs.version_number }} version: ${{ inputs.version_number }}
file_path: "Directory.Build.props" file_path: "Directory.Build.props"
- name: Setup git - name: Set up Git
run: | run: |
git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com" git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
git config --local user.name "bitwarden-devops-bot" git config --local user.name "bitwarden-devops-bot"
@ -109,7 +109,7 @@ jobs:
PR_BRANCH: ${{ steps.create-branch.outputs.name }} PR_BRANCH: ${{ steps.create-branch.outputs.name }}
run: git push -u origin $PR_BRANCH run: git push -u origin $PR_BRANCH
- name: Create Version PR - name: Create version PR
if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
id: create-pr id: create-pr
env: env:
@ -152,7 +152,7 @@ jobs:
if: ${{ inputs.cut_rc_branch == true }} if: ${{ inputs.cut_rc_branch == true }}
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- name: Checkout Branch - name: Check out branch
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: main ref: main
@ -171,9 +171,8 @@ jobs:
git switch --quiet --create rc git switch --quiet --create rc
git push --quiet --set-upstream origin rc git push --quiet --set-upstream origin rc
move-future-db-scripts: move-future-db-scripts:
name: Move future DB scripts name: Move finalization database scripts
needs: cut_rc needs: cut_rc
uses: ./.github/workflows/_move_finalization_db_scripts.yml uses: ./.github/workflows/_move_finalization_db_scripts.yml
secrets: inherit secrets: inherit

3
.github/workflows/workflow-linter.yml vendored
View File

@ -1,5 +1,5 @@
--- ---
name: Workflow Linter name: Workflow linter
on: on:
pull_request: pull_request:
@ -8,4 +8,5 @@ on:
jobs: jobs:
call-workflow: call-workflow:
name: Lint
uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@main uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@main