diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5008b25d54..13aa6f588a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,48 +32,63 @@ jobs: - name: Verify format run: dotnet format --verify-no-changes - build-artifacts: - name: Build artifacts + build-docker: + name: Build Docker images runs-on: ubuntu-22.04 needs: - lint outputs: has_secrets: ${{ steps.check-secrets.outputs.has_secrets }} + permissions: + security-events: write + id-token: write strategy: fail-fast: false matrix: include: - project_name: Admin base_path: ./src + dotnet: true node: true - project_name: Api base_path: ./src + dotnet: true - project_name: Attachments base_path: ./util - project_name: Billing base_path: ./src + dotnet: true - project_name: Events base_path: ./src + dotnet: true - project_name: EventsProcessor base_path: ./src + dotnet: true - project_name: Icons base_path: ./src + dotnet: true - project_name: Identity base_path: ./src + dotnet: true - project_name: MsSql base_path: ./util - project_name: MsSqlMigratorUtility base_path: ./util + dotnet: true - project_name: Nginx base_path: ./util - project_name: Notifications base_path: ./src + dotnet: true - project_name: Scim base_path: ./bitwarden_license/src + dotnet: true - project_name: Setup base_path: ./util + dotnet: true - project_name: Sso base_path: ./bitwarden_license/src + dotnet: true steps: - name: Check secrets id: check-secrets @@ -134,82 +149,12 @@ jobs: path: ${{ matrix.base_path }}/${{ matrix.project_name }}/${{ matrix.project_name }}.zip if-no-files-found: error - build-docker: - name: Build Docker images - runs-on: ubuntu-22.04 - permissions: - security-events: write - id-token: write - needs: - - build-artifacts - if: ${{ needs.build-artifacts.outputs.has_secrets == 'true' }} - strategy: - fail-fast: false - matrix: - include: - - project_name: Admin - base_path: ./src - dotnet: true - - project_name: Api - base_path: ./src - dotnet: true - - project_name: Attachments - base_path: ./util - - project_name: Billing - base_path: ./src - dotnet: true - - project_name: Events - base_path: ./src - dotnet: true - - project_name: EventsProcessor - base_path: ./src - dotnet: true - - project_name: Icons - base_path: ./src - dotnet: true - - project_name: Identity - base_path: ./src - dotnet: true - - project_name: MsSql - base_path: ./util - - project_name: MsSqlMigratorUtility - base_path: ./util - dotnet: true - - project_name: Nginx - base_path: ./util - - project_name: Notifications - base_path: ./src - dotnet: true - - project_name: Scim - base_path: ./bitwarden_license/src - dotnet: true - - project_name: Server - base_path: ./util - dotnet: true - - project_name: Setup - base_path: ./util - dotnet: true - - project_name: Sso - base_path: ./bitwarden_license/src - dotnet: true - steps: - - name: Check out repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.event.pull_request.head.sha }} + ########## Set up Docker ########## + - name: Set up QEMU emulators + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - name: Check branch to publish - env: - PUBLISH_BRANCHES: "main,rc,hotfix-rc" - id: publish-branch-check - run: | - IFS="," read -a publish_branches <<< $PUBLISH_BRANCHES - - if [[ " ${publish_branches[*]} " =~ " ${GITHUB_REF:11} " ]]; then - echo "is_publish_branch=true" >> $GITHUB_ENV - else - echo "is_publish_branch=false" >> $GITHUB_ENV - fi + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 ########## ACRs ########## - name: Log in to Azure - production subscription @@ -278,18 +223,11 @@ jobs: fi echo "tags=$TAGS" >> $GITHUB_OUTPUT - - name: Get build artifact - if: ${{ matrix.dotnet }} - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: ${{ matrix.project_name }}.zip - - - name: Set up build artifact - if: ${{ matrix.dotnet }} - run: | - mkdir -p ${{ matrix.base_path}}/${{ matrix.project_name }}/obj/build-output/publish - unzip ${{ matrix.project_name }}.zip \ - -d ${{ matrix.base_path }}/${{ matrix.project_name }}/obj/build-output/publish + - name: Generate image full name + id: cache-name + env: + PROJECT_NAME: ${{ steps.setup.outputs.project_name }} + run: echo "name=${_AZ_REGISTRY}/${PROJECT_NAME}:buildcache" >> $GITHUB_OUTPUT - name: Build Docker image id: build-docker @@ -643,10 +581,9 @@ jobs: setup-ephemeral-environment: name: Setup Ephemeral Environment needs: - - build-artifacts - build-docker if: | - needs.build-artifacts.outputs.has_secrets == 'true' + needs.build-docker.outputs.has_secrets == 'true' && github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'ephemeral-environment') uses: bitwarden/gh-actions/.github/workflows/_ephemeral_environment_manager.yml@main @@ -661,7 +598,6 @@ jobs: runs-on: ubuntu-22.04 needs: - lint - - build-artifacts - build-docker - upload - build-mssqlmigratorutility