From dfc6559df792f2e63b3e396b8a6d752c15211282 Mon Sep 17 00:00:00 2001 From: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com> Date: Tue, 19 Oct 2021 16:52:06 -0700 Subject: [PATCH] renabling the prod-deploy workflow (#1650) --- .github/workflows/prod-deploy.yml | 467 ++++++++++++++++++++++++++++++ 1 file changed, 467 insertions(+) create mode 100644 .github/workflows/prod-deploy.yml diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml new file mode 100644 index 0000000000..677c63899a --- /dev/null +++ b/.github/workflows/prod-deploy.yml @@ -0,0 +1,467 @@ +--- +name: Prod Deploy + +on: + workflow_dispatch: + inputs: + release_tag_name_input: + description: "Release Tag Name " + required: true + release: + types: + - published + +jobs: + setup: + name: Setup + runs-on: ubuntu-latest + outputs: + package_version: ${{ steps.create_tags.outputs.package_version }} + tag_version: ${{ steps.create_tags.outputs.tag_version }} + steps: + - name: Checkout Repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + with: + ref: rc + + - name: Create Deploy version vars + id: create_tags + run: | + if [ "${{ github.event_name }}" != "release" ]; then + case "${RELEASE_TAG_NAME_INPUT:0:1}" in + v) + echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV + echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV + echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}" + echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT" + ;; + [0-9]) + echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV + echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV + echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT" + echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT" + ;; + *) + exit 1 + ;; + esac + else + TAG_VERSION=$(echo ${{ github.ref }} | cut -d "/" -f 3) + PKG_VERSION=${TAG_VERSION:1} + echo "::set-output name=package_version::$PKG_VERSION" + echo "::set-output name=tag_version::$TAG_VERSION" + fi + env: + RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }} + + - name: Test outputs + run: | + echo "Package Version: ${{ steps.create_tags.outputs.package_version }}" + echo "Tag Version: ${{ steps.create_tags.outputs.tag_version }}" + deploy-docker: + name: Tag & push Docker + runs-on: ubuntu-latest + needs: setup + strategy: + fail-fast: false + matrix: + service_name: + - admin + - api + - attachments + - events + - icons + - identity + - k8s-proxy + - mssql + - nginx + - notifications + - portal + - server + - setup + - sso + env: + _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} + steps: + - name: Print environment + run: | + whoami + docker --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + - name: Login to Azure + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-prod-kv" + secrets: "docker-password, + docker-username, + dct-delegate-2-repo-passphrase, + dct-delegate-2-key" + + - name: Log into Docker + run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + env: + DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} + DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} + + - name: Setup Docker Trust + run: | + mkdir -p ~/.docker/trust/private + echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key + env: + DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" + DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} + + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + + - name: Pull Docker images + run: | + docker pull bitwarden/${{ matrix.service_name }}:rc + env: + DOCKER_CONTENT_TRUST: 1 + + - name: Re-tag Docker images + run: | + docker tag bitwarden/${{ matrix.service_name }}:rc bitwarden/${{ matrix.service_name }}:latest + docker tag bitwarden/${{ matrix.service_name }}:rc bitwarden/${{ matrix.service_name }}:$_PACKAGE_VERSION + - name: List Docker images + run: docker images + + - name: Push Docker images + run: | + docker push bitwarden/${{ matrix.service_name }}:latest + docker push bitwarden/${{ matrix.service_name }}:$_PACKAGE_VERSION + env: + DOCKER_CONTENT_TRUST: 1 + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} + + - name: Log out of Docker + run: docker logout + + + build: + name: Build + runs-on: ubuntu-latest + needs: setup + strategy: + fail-fast: false + matrix: + include: + - name: Api + base_path: . + - name: Admin + base_path: . + gulp: true + - name: Billing + base_path: . + - name: Events + base_path: . + - name: Notifications + base_path: . + - name: Sso + base_path: ./bitwarden_license + gulp: true + - name: Portal + base_path: ./bitwarden_license + gulp: true + - name: Identity + base_path: . + env: + _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} + steps: + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + with: + ref: ${{ env._TAG_VERSION }} + + - name: Set up Node + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + with: + node-version: '14' + + - name: Update NPM + run: | + npm install -g npm@7 + - name: Print Environment + run: | + dotnet --info + node --version + npm --version + gulp --version + - name: Load env vars + run: | + echo "Base Path: ${BASE_PATH}" + echo "Name: ${NAME}" + env: + BASE_PATH: ${{ matrix.base_path }} + NAME: ${{ matrix.name }} + + - name: Build Service + run: | + work_dir=$(pwd) + dir=$BASE_PATH/src/$SERVICE_NAME + cd $dir + echo "Restore" + dotnet restore $SERVICE_NAME.csproj + echo "Clean" + dotnet clean $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish + if [ "$GULP" == "true" ]; then + npm install + npm install gulp + gulp --gulpfile gulpfile.js build + fi + echo "Publish" + dotnet publish $SERVICE_NAME.csproj -c "Release" -o obj/build-output/publish + cd obj/build-output/publish + zip -r $SERVICE_NAME.zip . + mv $SERVICE_NAME.zip ../../../ + env: + SERVICE_NAME: ${{ matrix.name }} + BASE_PATH: ${{ matrix.base_path }} + GULP: ${{ matrix.gulp }} + + - name: Upload build artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 + with: + name: ${{ env.SERVICE_NAME }}.zip + path: ${{ env.BASE_PATH }}/src/${{ env.SERVICE_NAME }}/${{ env.SERVICE_NAME }}.zip + env: + BASE_PATH: ${{ matrix.base_path }} + SERVICE_NAME: ${{ matrix.name }} + + - name: Test build dir + run: ls $BASE_PATH/src/$SERVICE_NAME + env: + SERVICE_NAME: ${{ matrix.name }} + BASE_PATH: ${{ matrix.base_path }} + + + deploy-identity: + name: Deploy Identity + runs-on: ubuntu-latest + needs: build + steps: + - name: Download aritifacts + uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 + with: + name: Identity.zip + + - name: Login to Azure + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-prod-kv" + secrets: "appservices-identity-webapp-name, + appservices-identity-webapp-publish-profile" + + - name: Deploy Identity + uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 + with: + app-name: ${{ steps.retrieve-secrets.outputs.appservices-identity-webapp-name }} + slot-name: "staging" + publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-identity-webapp-publish-profile }} + package: ./Identity.zip + + + deploy-api: + name: Deploy API + runs-on: ubuntu-latest + needs: build + steps: + - name: Download aritifacts + uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 + with: + name: Api.zip + + - name: Login to Azure + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-prod-kv" + secrets: "appservices-api-webapp-name, + appservices-api-webapp-publish-profile" + + - name: Deploy Api + uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 + with: + app-name: ${{ steps.retrieve-secrets.outputs.appservices-api-webapp-name }} + slot-name: "staging" + publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-api-webapp-publish-profile }} + package: ./Api.zip + + + deploy-billing: + name: Deploy Billing + runs-on: ubuntu-latest + needs: build + steps: + - name: Download aritifacts + uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 + with: + name: Billing.zip + + - name: Login to Azure + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-prod-kv" + secrets: "appservices-billing-webapp-name, + appservices-billing-webapp-publish-profile" + + - name: Deploy Billing + uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 + with: + app-name: ${{ steps.retrieve-secrets.outputs.appservices-billing-webapp-name }} + slot-name: "staging" + publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-billing-webapp-publish-profile }} + package: ./Billing.zip + + + deploy-events: + name: Deploy Events + runs-on: ubuntu-latest + needs: build + steps: + - name: Download aritifacts + uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 + with: + name: Events.zip + + - name: Login to Azure + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-prod-kv" + secrets: "appservices-events-webapp-name, + appservices-events-webapp-publish-profile" + + - name: Deploy Events + uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 + with: + app-name: ${{ steps.retrieve-secrets.outputs.appservices-events-webapp-name }} + slot-name: "staging" + publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-events-webapp-publish-profile }} + package: ./Events.zip + + + deploy-sso: + name: Deploy SSO + runs-on: ubuntu-latest + needs: build + steps: + - name: Download aritifacts + uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 + with: + name: Sso.zip + + - name: Login to Azure + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-prod-kv" + secrets: "appservices-sso-webapp-name, + appservices-sso-webapp-publish-profile" + + - name: Deploy SSO + uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 + with: + app-name: ${{ steps.retrieve-secrets.outputs.appservices-sso-webapp-name }} + slot-name: "staging" + publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-sso-webapp-publish-profile }} + package: ./Sso.zip + + + deploy-portal: + name: Deploy Portal + runs-on: ubuntu-latest + needs: build + steps: + - name: Download aritifacts + uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 + with: + name: Portal.zip + + - name: Login to Azure + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-prod-kv" + secrets: "appservices-portal-webapp-name, + appservices-portal-webapp-publish-profile" + + - name: Deploy Portal + uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 + with: + app-name: ${{ steps.retrieve-secrets.outputs.appservices-portal-webapp-name }} + slot-name: "staging" + publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-portal-webapp-publish-profile }} + package: ./Portal.zip + + + deploy-admin: + name: Deploy Admin + runs-on: ubuntu-latest + needs: build + steps: + - name: Download aritifacts + uses: actions/download-artifact@158ca71f7c614ae705e79f25522ef4658df18253 + with: + name: Admin.zip + + - name: Login to Azure + uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-prod-kv" + secrets: "appservices-admin-webapp-name, + appservices-admin-webapp-publish-profile" + + - name: Deploy Admin + uses: azure/webapps-deploy@798e43877120eda6a2a690a4f212c545e586ae31 + with: + app-name: ${{ steps.retrieve-secrets.outputs.appservices-admin-webapp-name }} + slot-name: "staging" + publish-profile: ${{ steps.retrieve-secrets.outputs.appservices-admin-webapp-publish-profile }} + package: ./Admin.zip