Switch from AWS ECR to Azure ACR in our workflows (#1747)

.github/workflows/build.yml

@@ -44,8 +44,7 @@ jobs:
           node-version: '14'
 
       - name: Update NPM
-        run: |
+        run: npm install -g npm@7
-          npm install -g npm@7
 
       - name: Print environment
         run: |
@@ -119,8 +118,7 @@ jobs:
           node-version: '14'
 
       - name: Update NPM
-        run: |
+        run: npm install -g npm@7
-          npm install -g npm@7
 
       - name: Print environment
         run: |
@@ -135,8 +133,7 @@ jobs:
       - name: Set up Gulp
         if: ${{ matrix.gulp }}
         working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
-        run: |
+        run: npm install -g gulp
-          npm install -g gulp
 
       - name: Restore/Clean service
         working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
@@ -248,19 +245,11 @@ jobs:
         uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
         with:
           keyvault: "bitwarden-prod-kv"
-          secrets: "aws-ecr-access-key-id,
+          secrets: "docker-password,
-                    aws-ecr-secret-access-key,
-                    docker-password,
                     docker-username,
                     dct-delegate-2-repo-passphrase,
                     dct-delegate-2-key"
 
-      - name: Login to Azure - QA Subscription
-        if: ${{ matrix.service_name }} == "EventsProcessor"
-        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
-        with:
-          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
-
       - name: Log into Docker
         if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix'
         env:
@@ -321,24 +310,24 @@ jobs:
           DCT_REPO_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
         run: |
           echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
-          echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$DCT_REPO_PASSPHRASE" >> $GITHUB_ENV  
+          echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$DCT_REPO_PASSPHRASE" >> $GITHUB_ENV
 
       - name: Tag and Push RC to Docker Hub
-        if: github.ref == 'refs/heads/rc'
+        if: (github.ref == 'refs/heads/rc' && matrix.docker_repo == 'bitwarden')
         run: |
           docker tag ${{ steps.setup.outputs.service_name }} \
             ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc
           docker push ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc
 
       - name: Tag and Push Hotfix to Docker Hub
-        if: github.ref == 'refs/heads/hotfix'
+        if: (github.ref == 'refs/heads/hotfix' && matrix.docker_repo == 'bitwarden')
         run: |
           docker tag ${{ steps.setup.outputs.service_name }} \
             ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:hotfix
           docker push ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:hotfix
 
       - name: Tag and Push Dev to Docker Hub
-        if: github.ref == 'refs/heads/master'
+        if: (github.ref == 'refs/heads/master' && matrix.docker_repo == 'bitwarden')
         run: |
           docker tag ${{ steps.setup.outputs.service_name }} \
             ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev
@@ -350,46 +339,43 @@ jobs:
           docker logout
           echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
 
-      - name: Configure AWS credentials
+      - name: Login to Azure - QA Subscription
-        uses: aws-actions/configure-aws-credentials@0d9a5be0dceea74e09396820e1e522ba4a110d2f  # v1
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
         with:
-          aws-access-key-id: ${{ steps.retrieve-secrets.outputs.aws-ecr-access-key-id }}
+          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
-          aws-secret-access-key: ${{ steps.retrieve-secrets.outputs.aws-ecr-secret-access-key }}
-          aws-region: us-east-1
 
-      - name: Login to Amazon ECR
+      - name: Login to Azure ACR
-        id: login-ecr
+        run: az acr login -n bitwardenqa
-        uses: aws-actions/amazon-ecr-login@aaf69d68aa3fb14c1d5a6be9ac61fe15b48453a2  # v1
 
-      - name: Tag and Push RC to AWS ECR nonprod registry
+      - name: Tag and Push RC to Azure ACR QA registry
         if: github.ref == 'refs/heads/rc'
         env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REGISTRY: bitwardenqa.azurecr.io
           IMAGE_TAG: ${{ github.sha }}
         run: |
           docker tag ${{ steps.setup.outputs.service_name }} \
-            $ECR_REGISTRY/nonprod/${{ steps.setup.outputs.service_name }}:rc-${IMAGE_TAG:(-8)}
+            $REGISTRY/${{ steps.setup.outputs.service_name }}:rc-${IMAGE_TAG:(-8)}
-          docker push $ECR_REGISTRY/nonprod/${{ steps.setup.outputs.service_name }}:rc-${IMAGE_TAG:(-8)}
+          docker push $REGISTRY/${{ steps.setup.outputs.service_name }}:rc-${IMAGE_TAG:(-8)}
 
-      - name: Tag and Push Hotfix to AWS ECR nonprod registry
+      - name: Tag and Push Hotfix to Azure ACR QA registry
         if: github.ref == 'refs/heads/hotfix'
         env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REGISTRY: bitwardenqa.azurecr.io
           IMAGE_TAG: ${{ github.sha }}
         run: |
           docker tag ${{ steps.setup.outputs.service_name }} \
-            $ECR_REGISTRY/nonprod/${{ steps.setup.outputs.service_name }}:hotfix-${IMAGE_TAG:(-8)}
+            $REGISTRY/${{ steps.setup.outputs.service_name }}:hotfix-${IMAGE_TAG:(-8)}
-          docker push $ECR_REGISTRY/nonprod/${{ steps.setup.outputs.service_name }}:hotfix-${IMAGE_TAG:(-8)}
+          docker push $REGISTRY/${{ steps.setup.outputs.service_name }}:hotfix-${IMAGE_TAG:(-8)}
 
-      - name: Tag and Push Dev to AWS ECR nonprod registry
+      - name: Tag and Push Dev to Azure ACR QA registry
         if: github.ref == 'refs/heads/master'
         env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REGISTRY: bitwardenqa.azurecr.io
           IMAGE_TAG: ${{ github.sha }}
         run: |
           docker tag ${{ steps.setup.outputs.service_name }} \
-            $ECR_REGISTRY/nonprod/${{ steps.setup.outputs.service_name }}:dev-${IMAGE_TAG:(-8)}
+            $REGISTRY/${{ steps.setup.outputs.service_name }}:dev-${IMAGE_TAG:(-8)}
-          docker push $ECR_REGISTRY/nonprod/${{ steps.setup.outputs.service_name }}:dev-${IMAGE_TAG:(-8)}
+          docker push $REGISTRY/${{ steps.setup.outputs.service_name }}:dev-${IMAGE_TAG:(-8)}
 
 
   upload:

.github/workflows/qa-deploy.yml

@@ -123,7 +123,9 @@ jobs:
       - name: Stop App Service
         env:
           AZURE_RESOURCE_GROUP: "bw-qa-env"
-        run: az webapp stop --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP
+        run: |
+          az webapp stop --name ${{ steps.retrieve-secrets.outputs.webapp-name }} \
+            --resource-group $AZURE_RESOURCE_GROUP
 
       - name: Deploy App
         uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31
@@ -134,4 +136,6 @@ jobs:
       - name: Start App Service
         env:
           AZURE_RESOURCE_GROUP: "bw-qa-env"
-        run: az webapp start --name ${{ steps.retrieve-secrets.outputs.webapp-name }} --resource-group $AZURE_RESOURCE_GROUP
+        run: |
+          az webapp start --name ${{ steps.retrieve-secrets.outputs.webapp-name }} \
+            --resource-group $AZURE_RESOURCE_GROUP

.github/workflows/version-bump.yml

@@ -60,6 +60,6 @@ jobs:
               - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
               - [ ] Build/deploy pipeline (DevOps)
               - [X] Other
-              
+
               ## Objective
               Automated version bump to ${{ github.event.inputs.version_number }}"