diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7895c69f86..c0af705f57 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,7 @@ on: jobs: cloc: name: CLOC - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f @@ -28,7 +28,7 @@ jobs: testing: name: Testing - runs-on: windows-latest + runs-on: windows-2019 steps: - name: Set up NuGet uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1 @@ -73,10 +73,110 @@ jobs: shell: pwsh - build: - name: Build - runs-on: ubuntu-latest + build-artifacts: + name: Build artifacts + runs-on: ubuntu-20.04 needs: testing + strategy: + fail-fast: false + matrix: + include: + - service_name: Admin + base_path: ./src + gulp: true + - service_name: Api + base_path: ./src + - service_name: Billing + base_path: ./src + - service_name: Events + base_path: ./src + - service_name: EventsProcessor + base_path: ./src + - service_name: Icons + base_path: ./src + - service_name: Identity + base_path: ./src + - service_name: Notifications + base_path: ./src + - service_name: Portal + base_path: ./bitwarden_license/src + gulp: true + - service_name: Server + base_path: ./util + - service_name: Setup + base_path: ./util + - service_name: Sso + base_path: ./bitwarden_license/src + gulp: true + steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + + - name: Set up Node + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + with: + node-version: '14' + + - name: Update NPM + run: | + npm install -g npm@7 + + - name: Print environment + run: | + whoami + dotnet --info + node --version + npm --version + gulp --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Set up Gulp + if: ${{ matrix.gulp }} + working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} + run: | + npm install -g gulp + + - name: Restore/Clean service + working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} + run: | + echo "Restore" + dotnet restore + echo "Clean" + dotnet clean -c "Release" -o obj/build-output/publish + + - name: Execute Gulp + if: ${{ matrix.gulp }} + working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} + run: | + npm install + gulp --gulpfile gulpfile.js build + + - name: Publish service + working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} + run: | + echo "Publish" + dotnet publish -c "Release" -o obj/build-output/publish + + cd obj/build-output/publish + zip -r ${{ matrix.service_name }}.zip . + mv ${{ matrix.service_name }}.zip ../../../ + + pwd + ls -atlh ../../../ + + - name: Upload service artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + with: + name: ${{ matrix.service_name }}.zip + path: ${{ matrix.base_path }}/${{ matrix.service_name }}/obj/build-output/publish + if-no-files-found: error + + + build-docker: + name: Build Docker images + runs-on: ubuntu-20.04 + needs: build-artifacts strategy: fail-fast: false matrix: @@ -85,11 +185,14 @@ jobs: base_path: ./src docker_repo: bitwarden dotnet: true - gulp: true - service_name: Api base_path: ./src docker_repo: bitwarden dotnet: true + - service_name: Billing + base_path: ./src + docker_repo: bitwardenqa.azurecr.io + dotnet: true - service_name: Attachments base_path: ./util docker_repo: bitwarden @@ -126,7 +229,6 @@ jobs: base_path: ./bitwarden_license/src docker_repo: bitwarden dotnet: true - gulp: true - service_name: Server base_path: ./util docker_repo: bitwarden @@ -139,31 +241,10 @@ jobs: base_path: ./bitwarden_license/src docker_repo: bitwarden dotnet: true - gulp: true steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea - with: - node-version: '14' - - - name: Update NPM - run: | - npm install -g npm@7 - - - name: Print environment - run: | - whoami - dotnet --info - node --version - npm --version - gulp --version - docker --version - echo "GitHub ref: $GITHUB_REF" - echo "GitHub event: $GITHUB_EVENT" - - name: Login to Azure - Prod Subscription uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: @@ -187,25 +268,25 @@ jobs: - name: Log into Docker if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' + env: + DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} + DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} run: | if [[ "${{ matrix.docker_repo }}" == "bitwardenqa.azurecr.io" ]]; then az acr login -n bitwardenqa else echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin fi - env: - DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} - DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} - name: Setup Docker Trust if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' + env: + DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" + DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} run: | mkdir -p ~/.docker/trust/private echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key - env: - DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" - DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} - name: Setup service name id: setup @@ -215,68 +296,45 @@ jobs: echo "SERVICE_NAME: $SERVICE_NAME" echo "::set-output name=service_name::$SERVICE_NAME" - - name: Set up Gulp - if: ${{ matrix.gulp }} - working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} - run: | - npm install -g gulp - - - name: Restore/Clean service + - name: Get build artifact if: ${{ matrix.dotnet }} - working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} - run: | - echo "Restore" - dotnet restore - echo "Clean" - dotnet clean -c "Release" -o obj/build-output/publish - - - name: Execute Gulp - if: ${{ matrix.gulp }} - working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} - run: | - npm install - gulp --gulpfile gulpfile.js build - - - name: Publish service - if: ${{ matrix.dotnet }} - working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} - run: | - echo "Publish" - dotnet publish -c "Release" -o obj/build-output/publish - - cd obj/build-output/publish - zip -r ${{ matrix.service_name }}.zip . - mv ${{ matrix.service_name }}.zip ../../../ + uses: actions/download-artifact@3be87be14a055c47b01d3bd88f8fe02320a9bb60 # v2.0.10 + with: + name: ${{ matrix.service_name }}.zip + path: ${{ matrix.base_path }}/${{ matrix.service_name }} - name: Build Docker images if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: | - if [ "${{ steps.setup.outputs.service_name }}" = "k8s-proxy" ]; then - docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx + if [ "${{ matrix.service_name }}" = "K8s-Proxy" ]; then + docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s \ + -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx else - docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/${{ matrix.service_name }} + docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \ + ${{ matrix.base_path }}/${{ matrix.service_name }} fi - name: Tag rc if: github.ref == 'refs/heads/rc' run: | - docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc + docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \ + ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc - name: Tag dev if: github.ref == 'refs/heads/master' run: | - docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev + docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \ + ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev - name: List Docker images if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: docker images - name: Docker Trust setup + if: matrix.docker_repo == 'bitwarden' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc') run: | - if [[ "${{ matrix.docker_repo }}" == "bitwarden" ]]; then - echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV - echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}" >> $GITHUB_ENV - fi + echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV + echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}" >> $GITHUB_ENV - name: Push rc images if: github.ref == 'refs/heads/rc' @@ -295,8 +353,8 @@ jobs: upload: name: Upload - runs-on: ubuntu-latest - needs: build + runs-on: ubuntu-20.04 + needs: build-docker steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 1b9c748941..cb77591230 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -13,7 +13,7 @@ on: jobs: cloc: name: CLOC - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index c17f4ab398..ddb6de0b30 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -7,14 +7,12 @@ on: release_tag_name_input: description: "Release Tag Name " required: true - release: - types: - - published jobs: setup: + if: false name: Setup - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 outputs: package_version: ${{ steps.create_tags.outputs.package_version }} tag_version: ${{ steps.create_tags.outputs.tag_version }} @@ -63,7 +61,7 @@ jobs: deploy-docker: name: Tag & push Docker - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: setup strategy: fail-fast: false @@ -154,7 +152,7 @@ jobs: build: name: Build - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: setup strategy: fail-fast: false @@ -257,7 +255,7 @@ jobs: deploy-identity: name: Deploy Identity - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts @@ -289,7 +287,7 @@ jobs: deploy-api: name: Deploy API - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts @@ -321,7 +319,7 @@ jobs: deploy-billing: name: Deploy Billing - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts @@ -353,7 +351,7 @@ jobs: deploy-events: name: Deploy Events - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts @@ -385,7 +383,7 @@ jobs: deploy-sso: name: Deploy SSO - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts @@ -417,7 +415,7 @@ jobs: deploy-portal: name: Deploy Portal - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts @@ -449,7 +447,7 @@ jobs: deploy-admin: name: Deploy Admin - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts diff --git a/.github/workflows/qa-deploy.yml b/.github/workflows/qa-deploy.yml index e2832b6586..907119a2d4 100644 --- a/.github/workflows/qa-deploy.yml +++ b/.github/workflows/qa-deploy.yml @@ -12,109 +12,10 @@ on: default: "false" jobs: - build: - name: Build - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: - - name: Api - base_path: . - - name: Admin - base_path: . - gulp: true - - name: Billing - base_path: . - - name: Events - base_path: . - - name: Notifications - base_path: . - - name: Sso - base_path: ./bitwarden_license - gulp: true - - name: Portal - base_path: ./bitwarden_license - gulp: true - - name: Identity - base_path: . - steps: - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea - with: - node-version: '14' - - - name: Update NPM - run: | - npm install -g npm@7 - - - name: Print Environment - run: | - dotnet --info - node --version - npm --version - gulp --version - - - name: Load env vars - run: | - echo "Base Path: ${BASE_PATH}" - echo "Name: ${NAME}" - env: - BASE_PATH: ${{ matrix.base_path }} - NAME: ${{ matrix.name }} - - - name: Build Service - run: | - work_dir=$(pwd) - dir=$BASE_PATH/src/$SERVICE_NAME - - cd $dir - echo "Restore" - dotnet restore $SERVICE_NAME.csproj - echo "Clean" - dotnet clean $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish - - if [ "$GULP" == "true" ]; then - npm install - npm install gulp - gulp --gulpfile gulpfile.js build - fi - - echo "Publish" - dotnet publish $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish - - cd obj/build-output/publish - zip -r $SERVICE_NAME.zip . - mv $SERVICE_NAME.zip ../../../ - env: - SERVICE_NAME: ${{ matrix.name }} - BASE_PATH: ${{ matrix.base_path }} - GULP: ${{ matrix.gulp }} - - - name: Upload build artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 - with: - name: ${{ env.SERVICE_NAME }}.zip - path: ${{ env.BASE_PATH }}/src/${{ env.SERVICE_NAME }}/${{ env.SERVICE_NAME }}.zip - env: - BASE_PATH: ${{ matrix.base_path }} - SERVICE_NAME: ${{ matrix.name }} - - - name: Test build dir - run: ls $BASE_PATH/src/$SERVICE_NAME - env: - SERVICE_NAME: ${{ matrix.name }} - BASE_PATH: ${{ matrix.base_path }} - - reset-db: name: Reset Database if: ${{ github.event.inputs.resetDb == 'true' }} - runs-on: ubuntu-latest - needs: build + runs-on: ubuntu-20.04 steps: - name: Reset Test Data - Stub run: | @@ -125,8 +26,7 @@ jobs: update-db: name: Update Database if: ${{ github.event.inputs.migrateDb == 'true' }} - runs-on: ubuntu-latest - needs: build + runs-on: ubuntu-20.04 steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f @@ -161,7 +61,7 @@ jobs: deploy: name: Deploy - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 if: always() needs: - reset-db @@ -186,9 +86,15 @@ jobs: echo "NAME_LOWER: $NAME_LOWER" echo "::set-output name=name_lower::$NAME_LOWER" - - name: Download aritifacts - uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 + BRANCH_NAME=$(echo "{{ github.ref }}" | awk '{split($0, a, "/"); print a[3]}') + echo "::set-output name=branch_name::$BRANCH_NAME" + + - name: Download latest ${{ matrix.name }} asset from ${{ env.branch_name }} + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 with: + workflow: build.yml + workflow_conclusion: success + branch: ${{ env.branch_name }} name: ${{ matrix.name }}.zip - name: Login to Azure @@ -201,12 +107,15 @@ jobs: env: VAULT_NAME: "bitwarden-qa-kv" run: | - webapp_name=$(az keyvault secret show --vault-name $VAULT_NAME --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name --query value --output tsv) + webapp_name=$( + az keyvault secret show --vault-name $VAULT_NAME \ + --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \ + --query value --output tsv + ) echo "::add-mask::$webapp_name" echo "::set-output name=webapp-name::$webapp_name" - name: Stop App Service - if: false env: AZURE_RESOURCE_GROUP: "bw-qa-env" run: az webapp stop --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP @@ -218,7 +127,6 @@ jobs: package: ./${{ matrix.name }}.zip - name: Start App Service - if: false env: AZURE_RESOURCE_GROUP: "bw-qa-env" run: az webapp start --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 31b95b56ba..3229a9e776 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,18 +3,15 @@ name: Release on: workflow_dispatch: - inputs: - release_tag_name_input: - description: "Release Tag Name " - required: true + inputs: {} jobs: setup: name: Setup - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 outputs: - release_upload_url: ${{ steps.create_release.outputs.upload_url }} - tag_version: ${{ steps.create_tags.outputs.tag_version }} + release_version: ${{ steps.version.outputs.package }} + tag_version: ${{ steps.version.outputs.tag }} steps: - name: Branch check run: | @@ -27,102 +24,109 @@ jobs: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - - name: Create Release Vars - id: create_tags - run: | - case "${RELEASE_TAG_NAME_INPUT:0:1}" in - v) - echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV - echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}" - echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT" - ;; - [0-9]) - echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT" - echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT" - ;; - *) - exit 1 - ;; - esac - env: - RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }} - - - name: Create Draft Release - id: create_release - uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - tag_name: ${{ env.RELEASE_TAG_NAME }} - release_name: Version ${{ env.RELEASE_NAME }} - draft: true - prerelease: false + ref: rc + + - name: Check Release Version + id: version + run: | + version=$( grep -o ".*" Directory.Build.props | grep -o "[0-9]*\.[0-9]*\.[0-9]*") + previous_release_tag_version=$( + curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name" + ) + + if [ "v$version" == "$previous_release_tag_version" ]; then + echo "[!] Already released v$version. Please bump version to continue" + exit 1 + fi + + echo "::set-output name=package::$version" + echo "::set-output name=tag::v$version" - upload: - name: Upload - runs-on: ubuntu-latest + deploy: + name: Deploy + runs-on: ubuntu-20.04 needs: - setup - env: - _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} + strategy: + fail-fast: false + matrix: + include: + - name: Api + - name: Admin + - name: Billing + - name: Events + - name: Sso + - name: Portal + - name: Identity steps: - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - - name: Restore - run: dotnet tool restore - - - name: Make Docker stub + - name: Setup + id: setup run: | - STUB_OUTPUT=$(pwd)/docker-stub - docker run -i --rm --name setup -v $STUB_OUTPUT:/bitwarden bitwarden/setup:dev \ - dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin - sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT - rm -rf $STUB_OUTPUT/letsencrypt - rm $STUB_OUTPUT/env/uid.env $STUB_OUTPUT/config.yml - touch $STUB_OUTPUT/env/uid.env - cd docker-stub; zip -r ../docker-stub.zip *; cd .. + NAME_LOWER=$(echo "${{ matrix.name }}" | awk '{print tolower($0)}') + echo "Matrix name: ${{ matrix.name }}" + echo "NAME_LOWER: $NAME_LOWER" + echo "::set-output name=name_lower::$NAME_LOWER" - - name: Upload Docker stub artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + - name: Download latest RC ${{ matrix.name }} asset + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 with: - name: docker-stub.zip - path: ./docker-stub.zip + workflow: build.yml + workflow_conclusion: success + branch: rc + name: ${{ matrix.name }}.zip - - name: Build Swagger - run: | - cd ./src/Api - echo "Restore" - dotnet restore - echo "Clean" - dotnet clean -c "Release" -o obj/build-output/publish - echo "Publish" - dotnet publish -c "Release" -o obj/build-output/publish - - dotnet swagger tofile --output ../../swagger.json --host https://api.bitwarden.com \ - ./obj/build-output/publish/Api.dll public - cd ../.. - env: - ASPNETCORE_ENVIRONMENT: Production - swaggerGen: 'True' - - - name: Upload Swagger artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + - name: Login to Azure + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: - name: swagger.json - path: ./swagger.json + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - name: Upload release assets - run: | - hub release edit \ - -a ./swagger.json \ - -a ./docker-stub.zip \ - -m "" \ - $_TAG_VERSION + - name: Retrieve secrets + id: retrieve-secrets env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + VAULT_NAME: "bitwarden-prod-kv" + run: | + webapp_name=$( + az keyvault secret show --vault-name $VAULT_NAME \ + --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \ + --query value --output tsv + ) + echo "::add-mask::$webapp_name" + echo "::set-output name=webapp-name::$webapp_name" + + - name: Deploy App + uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 + with: + app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }} + package: ./${{ matrix.name }}.zip + slot: "staging" + + + release: + name: Create GitHub Release + runs-on: ubuntu-20.04 + needs: + - setup + - deploy + steps: + - name: Download latest RC docker-stub + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 + with: + workflow: build.yml + workflow_conclusion: success + branch: rc + artifacts: "docker-stub.zip, + swagger.json" + + - name: Create release + uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09 + with: + artifacts: 'docker-stub.zip, + swagger.json' + commit: ${{ github.sha }} + tag: "${{ needs.setup.outputs.tag_version }}" + name: "Version ${{ needs.setup.outputs.release_version }}" + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true