From dac3b3e8939504959d94c2e2fd13789723ab2d57 Mon Sep 17 00:00:00 2001 From: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com> Date: Fri, 24 Sep 2021 15:04:14 -0700 Subject: [PATCH] New BTR pipeline model (#1599) Splitting out the build artifacts and the docker containers. Making the QA deploy more streamlined with the new build pipeline. Disabling the prod workflow, but keeping it until we fully migrate our deploy processes over to the new flow. --- .github/workflows/build.yml | 210 +++++++++++++++++++----------- .github/workflows/linter.yml | 2 +- .github/workflows/prod-deploy.yml | 24 ++-- .github/workflows/qa-deploy.yml | 124 +++--------------- .github/workflows/release.yml | 190 ++++++++++++++------------- 5 files changed, 259 insertions(+), 291 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7895c69f86..c0af705f57 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,7 @@ on: jobs: cloc: name: CLOC - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f @@ -28,7 +28,7 @@ jobs: testing: name: Testing - runs-on: windows-latest + runs-on: windows-2019 steps: - name: Set up NuGet uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1 @@ -73,10 +73,110 @@ jobs: shell: pwsh - build: - name: Build - runs-on: ubuntu-latest + build-artifacts: + name: Build artifacts + runs-on: ubuntu-20.04 needs: testing + strategy: + fail-fast: false + matrix: + include: + - service_name: Admin + base_path: ./src + gulp: true + - service_name: Api + base_path: ./src + - service_name: Billing + base_path: ./src + - service_name: Events + base_path: ./src + - service_name: EventsProcessor + base_path: ./src + - service_name: Icons + base_path: ./src + - service_name: Identity + base_path: ./src + - service_name: Notifications + base_path: ./src + - service_name: Portal + base_path: ./bitwarden_license/src + gulp: true + - service_name: Server + base_path: ./util + - service_name: Setup + base_path: ./util + - service_name: Sso + base_path: ./bitwarden_license/src + gulp: true + steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + + - name: Set up Node + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + with: + node-version: '14' + + - name: Update NPM + run: | + npm install -g npm@7 + + - name: Print environment + run: | + whoami + dotnet --info + node --version + npm --version + gulp --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Set up Gulp + if: ${{ matrix.gulp }} + working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} + run: | + npm install -g gulp + + - name: Restore/Clean service + working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} + run: | + echo "Restore" + dotnet restore + echo "Clean" + dotnet clean -c "Release" -o obj/build-output/publish + + - name: Execute Gulp + if: ${{ matrix.gulp }} + working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} + run: | + npm install + gulp --gulpfile gulpfile.js build + + - name: Publish service + working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} + run: | + echo "Publish" + dotnet publish -c "Release" -o obj/build-output/publish + + cd obj/build-output/publish + zip -r ${{ matrix.service_name }}.zip . + mv ${{ matrix.service_name }}.zip ../../../ + + pwd + ls -atlh ../../../ + + - name: Upload service artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + with: + name: ${{ matrix.service_name }}.zip + path: ${{ matrix.base_path }}/${{ matrix.service_name }}/obj/build-output/publish + if-no-files-found: error + + + build-docker: + name: Build Docker images + runs-on: ubuntu-20.04 + needs: build-artifacts strategy: fail-fast: false matrix: @@ -85,11 +185,14 @@ jobs: base_path: ./src docker_repo: bitwarden dotnet: true - gulp: true - service_name: Api base_path: ./src docker_repo: bitwarden dotnet: true + - service_name: Billing + base_path: ./src + docker_repo: bitwardenqa.azurecr.io + dotnet: true - service_name: Attachments base_path: ./util docker_repo: bitwarden @@ -126,7 +229,6 @@ jobs: base_path: ./bitwarden_license/src docker_repo: bitwarden dotnet: true - gulp: true - service_name: Server base_path: ./util docker_repo: bitwarden @@ -139,31 +241,10 @@ jobs: base_path: ./bitwarden_license/src docker_repo: bitwarden dotnet: true - gulp: true steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea - with: - node-version: '14' - - - name: Update NPM - run: | - npm install -g npm@7 - - - name: Print environment - run: | - whoami - dotnet --info - node --version - npm --version - gulp --version - docker --version - echo "GitHub ref: $GITHUB_REF" - echo "GitHub event: $GITHUB_EVENT" - - name: Login to Azure - Prod Subscription uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: @@ -187,25 +268,25 @@ jobs: - name: Log into Docker if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' + env: + DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} + DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} run: | if [[ "${{ matrix.docker_repo }}" == "bitwardenqa.azurecr.io" ]]; then az acr login -n bitwardenqa else echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin fi - env: - DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} - DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} - name: Setup Docker Trust if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' + env: + DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" + DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} run: | mkdir -p ~/.docker/trust/private echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key - env: - DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" - DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} - name: Setup service name id: setup @@ -215,68 +296,45 @@ jobs: echo "SERVICE_NAME: $SERVICE_NAME" echo "::set-output name=service_name::$SERVICE_NAME" - - name: Set up Gulp - if: ${{ matrix.gulp }} - working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} - run: | - npm install -g gulp - - - name: Restore/Clean service + - name: Get build artifact if: ${{ matrix.dotnet }} - working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} - run: | - echo "Restore" - dotnet restore - echo "Clean" - dotnet clean -c "Release" -o obj/build-output/publish - - - name: Execute Gulp - if: ${{ matrix.gulp }} - working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} - run: | - npm install - gulp --gulpfile gulpfile.js build - - - name: Publish service - if: ${{ matrix.dotnet }} - working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }} - run: | - echo "Publish" - dotnet publish -c "Release" -o obj/build-output/publish - - cd obj/build-output/publish - zip -r ${{ matrix.service_name }}.zip . - mv ${{ matrix.service_name }}.zip ../../../ + uses: actions/download-artifact@3be87be14a055c47b01d3bd88f8fe02320a9bb60 # v2.0.10 + with: + name: ${{ matrix.service_name }}.zip + path: ${{ matrix.base_path }}/${{ matrix.service_name }} - name: Build Docker images if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: | - if [ "${{ steps.setup.outputs.service_name }}" = "k8s-proxy" ]; then - docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx + if [ "${{ matrix.service_name }}" = "K8s-Proxy" ]; then + docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s \ + -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx else - docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/${{ matrix.service_name }} + docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \ + ${{ matrix.base_path }}/${{ matrix.service_name }} fi - name: Tag rc if: github.ref == 'refs/heads/rc' run: | - docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc + docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \ + ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc - name: Tag dev if: github.ref == 'refs/heads/master' run: | - docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev + docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \ + ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev - name: List Docker images if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: docker images - name: Docker Trust setup + if: matrix.docker_repo == 'bitwarden' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc') run: | - if [[ "${{ matrix.docker_repo }}" == "bitwarden" ]]; then - echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV - echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}" >> $GITHUB_ENV - fi + echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV + echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}" >> $GITHUB_ENV - name: Push rc images if: github.ref == 'refs/heads/rc' @@ -295,8 +353,8 @@ jobs: upload: name: Upload - runs-on: ubuntu-latest - needs: build + runs-on: ubuntu-20.04 + needs: build-docker steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 1b9c748941..cb77591230 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -13,7 +13,7 @@ on: jobs: cloc: name: CLOC - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index c17f4ab398..ddb6de0b30 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -7,14 +7,12 @@ on: release_tag_name_input: description: "Release Tag Name " required: true - release: - types: - - published jobs: setup: + if: false name: Setup - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 outputs: package_version: ${{ steps.create_tags.outputs.package_version }} tag_version: ${{ steps.create_tags.outputs.tag_version }} @@ -63,7 +61,7 @@ jobs: deploy-docker: name: Tag & push Docker - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: setup strategy: fail-fast: false @@ -154,7 +152,7 @@ jobs: build: name: Build - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: setup strategy: fail-fast: false @@ -257,7 +255,7 @@ jobs: deploy-identity: name: Deploy Identity - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts @@ -289,7 +287,7 @@ jobs: deploy-api: name: Deploy API - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts @@ -321,7 +319,7 @@ jobs: deploy-billing: name: Deploy Billing - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts @@ -353,7 +351,7 @@ jobs: deploy-events: name: Deploy Events - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts @@ -385,7 +383,7 @@ jobs: deploy-sso: name: Deploy SSO - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts @@ -417,7 +415,7 @@ jobs: deploy-portal: name: Deploy Portal - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts @@ -449,7 +447,7 @@ jobs: deploy-admin: name: Deploy Admin - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: build steps: - name: Download aritifacts diff --git a/.github/workflows/qa-deploy.yml b/.github/workflows/qa-deploy.yml index e2832b6586..907119a2d4 100644 --- a/.github/workflows/qa-deploy.yml +++ b/.github/workflows/qa-deploy.yml @@ -12,109 +12,10 @@ on: default: "false" jobs: - build: - name: Build - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: - - name: Api - base_path: . - - name: Admin - base_path: . - gulp: true - - name: Billing - base_path: . - - name: Events - base_path: . - - name: Notifications - base_path: . - - name: Sso - base_path: ./bitwarden_license - gulp: true - - name: Portal - base_path: ./bitwarden_license - gulp: true - - name: Identity - base_path: . - steps: - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea - with: - node-version: '14' - - - name: Update NPM - run: | - npm install -g npm@7 - - - name: Print Environment - run: | - dotnet --info - node --version - npm --version - gulp --version - - - name: Load env vars - run: | - echo "Base Path: ${BASE_PATH}" - echo "Name: ${NAME}" - env: - BASE_PATH: ${{ matrix.base_path }} - NAME: ${{ matrix.name }} - - - name: Build Service - run: | - work_dir=$(pwd) - dir=$BASE_PATH/src/$SERVICE_NAME - - cd $dir - echo "Restore" - dotnet restore $SERVICE_NAME.csproj - echo "Clean" - dotnet clean $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish - - if [ "$GULP" == "true" ]; then - npm install - npm install gulp - gulp --gulpfile gulpfile.js build - fi - - echo "Publish" - dotnet publish $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish - - cd obj/build-output/publish - zip -r $SERVICE_NAME.zip . - mv $SERVICE_NAME.zip ../../../ - env: - SERVICE_NAME: ${{ matrix.name }} - BASE_PATH: ${{ matrix.base_path }} - GULP: ${{ matrix.gulp }} - - - name: Upload build artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 - with: - name: ${{ env.SERVICE_NAME }}.zip - path: ${{ env.BASE_PATH }}/src/${{ env.SERVICE_NAME }}/${{ env.SERVICE_NAME }}.zip - env: - BASE_PATH: ${{ matrix.base_path }} - SERVICE_NAME: ${{ matrix.name }} - - - name: Test build dir - run: ls $BASE_PATH/src/$SERVICE_NAME - env: - SERVICE_NAME: ${{ matrix.name }} - BASE_PATH: ${{ matrix.base_path }} - - reset-db: name: Reset Database if: ${{ github.event.inputs.resetDb == 'true' }} - runs-on: ubuntu-latest - needs: build + runs-on: ubuntu-20.04 steps: - name: Reset Test Data - Stub run: | @@ -125,8 +26,7 @@ jobs: update-db: name: Update Database if: ${{ github.event.inputs.migrateDb == 'true' }} - runs-on: ubuntu-latest - needs: build + runs-on: ubuntu-20.04 steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f @@ -161,7 +61,7 @@ jobs: deploy: name: Deploy - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 if: always() needs: - reset-db @@ -186,9 +86,15 @@ jobs: echo "NAME_LOWER: $NAME_LOWER" echo "::set-output name=name_lower::$NAME_LOWER" - - name: Download aritifacts - uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 + BRANCH_NAME=$(echo "{{ github.ref }}" | awk '{split($0, a, "/"); print a[3]}') + echo "::set-output name=branch_name::$BRANCH_NAME" + + - name: Download latest ${{ matrix.name }} asset from ${{ env.branch_name }} + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 with: + workflow: build.yml + workflow_conclusion: success + branch: ${{ env.branch_name }} name: ${{ matrix.name }}.zip - name: Login to Azure @@ -201,12 +107,15 @@ jobs: env: VAULT_NAME: "bitwarden-qa-kv" run: | - webapp_name=$(az keyvault secret show --vault-name $VAULT_NAME --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name --query value --output tsv) + webapp_name=$( + az keyvault secret show --vault-name $VAULT_NAME \ + --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \ + --query value --output tsv + ) echo "::add-mask::$webapp_name" echo "::set-output name=webapp-name::$webapp_name" - name: Stop App Service - if: false env: AZURE_RESOURCE_GROUP: "bw-qa-env" run: az webapp stop --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP @@ -218,7 +127,6 @@ jobs: package: ./${{ matrix.name }}.zip - name: Start App Service - if: false env: AZURE_RESOURCE_GROUP: "bw-qa-env" run: az webapp start --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 31b95b56ba..3229a9e776 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,18 +3,15 @@ name: Release on: workflow_dispatch: - inputs: - release_tag_name_input: - description: "Release Tag Name " - required: true + inputs: {} jobs: setup: name: Setup - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 outputs: - release_upload_url: ${{ steps.create_release.outputs.upload_url }} - tag_version: ${{ steps.create_tags.outputs.tag_version }} + release_version: ${{ steps.version.outputs.package }} + tag_version: ${{ steps.version.outputs.tag }} steps: - name: Branch check run: | @@ -27,102 +24,109 @@ jobs: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - - name: Create Release Vars - id: create_tags - run: | - case "${RELEASE_TAG_NAME_INPUT:0:1}" in - v) - echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV - echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}" - echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT" - ;; - [0-9]) - echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT" - echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT" - ;; - *) - exit 1 - ;; - esac - env: - RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }} - - - name: Create Draft Release - id: create_release - uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - tag_name: ${{ env.RELEASE_TAG_NAME }} - release_name: Version ${{ env.RELEASE_NAME }} - draft: true - prerelease: false + ref: rc + + - name: Check Release Version + id: version + run: | + version=$( grep -o ".*" Directory.Build.props | grep -o "[0-9]*\.[0-9]*\.[0-9]*") + previous_release_tag_version=$( + curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name" + ) + + if [ "v$version" == "$previous_release_tag_version" ]; then + echo "[!] Already released v$version. Please bump version to continue" + exit 1 + fi + + echo "::set-output name=package::$version" + echo "::set-output name=tag::v$version" - upload: - name: Upload - runs-on: ubuntu-latest + deploy: + name: Deploy + runs-on: ubuntu-20.04 needs: - setup - env: - _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} + strategy: + fail-fast: false + matrix: + include: + - name: Api + - name: Admin + - name: Billing + - name: Events + - name: Sso + - name: Portal + - name: Identity steps: - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - - name: Restore - run: dotnet tool restore - - - name: Make Docker stub + - name: Setup + id: setup run: | - STUB_OUTPUT=$(pwd)/docker-stub - docker run -i --rm --name setup -v $STUB_OUTPUT:/bitwarden bitwarden/setup:dev \ - dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin - sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT - rm -rf $STUB_OUTPUT/letsencrypt - rm $STUB_OUTPUT/env/uid.env $STUB_OUTPUT/config.yml - touch $STUB_OUTPUT/env/uid.env - cd docker-stub; zip -r ../docker-stub.zip *; cd .. + NAME_LOWER=$(echo "${{ matrix.name }}" | awk '{print tolower($0)}') + echo "Matrix name: ${{ matrix.name }}" + echo "NAME_LOWER: $NAME_LOWER" + echo "::set-output name=name_lower::$NAME_LOWER" - - name: Upload Docker stub artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + - name: Download latest RC ${{ matrix.name }} asset + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 with: - name: docker-stub.zip - path: ./docker-stub.zip + workflow: build.yml + workflow_conclusion: success + branch: rc + name: ${{ matrix.name }}.zip - - name: Build Swagger - run: | - cd ./src/Api - echo "Restore" - dotnet restore - echo "Clean" - dotnet clean -c "Release" -o obj/build-output/publish - echo "Publish" - dotnet publish -c "Release" -o obj/build-output/publish - - dotnet swagger tofile --output ../../swagger.json --host https://api.bitwarden.com \ - ./obj/build-output/publish/Api.dll public - cd ../.. - env: - ASPNETCORE_ENVIRONMENT: Production - swaggerGen: 'True' - - - name: Upload Swagger artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + - name: Login to Azure + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: - name: swagger.json - path: ./swagger.json + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - name: Upload release assets - run: | - hub release edit \ - -a ./swagger.json \ - -a ./docker-stub.zip \ - -m "" \ - $_TAG_VERSION + - name: Retrieve secrets + id: retrieve-secrets env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + VAULT_NAME: "bitwarden-prod-kv" + run: | + webapp_name=$( + az keyvault secret show --vault-name $VAULT_NAME \ + --name appservices-${{ steps.setup.outputs.name_lower }}-webapp-name \ + --query value --output tsv + ) + echo "::add-mask::$webapp_name" + echo "::set-output name=webapp-name::$webapp_name" + + - name: Deploy App + uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 + with: + app-name: ${{ steps.retrieve-secrets.outputs.webapp-name }} + package: ./${{ matrix.name }}.zip + slot: "staging" + + + release: + name: Create GitHub Release + runs-on: ubuntu-20.04 + needs: + - setup + - deploy + steps: + - name: Download latest RC docker-stub + uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783 + with: + workflow: build.yml + workflow_conclusion: success + branch: rc + artifacts: "docker-stub.zip, + swagger.json" + + - name: Create release + uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09 + with: + artifacts: 'docker-stub.zip, + swagger.json' + commit: ${{ github.sha }} + tag: "${{ needs.setup.outputs.tag_version }}" + name: "Version ${{ needs.setup.outputs.release_version }}" + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true