nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-04 20:50:21 -05:00
Code
bitwarden/.github/workflows/build.yml
Joseph Flinn dac3b3e893
New BTR pipeline model (#1599) 
Splitting out the build artifacts and the docker containers. Making the QA deploy more streamlined with the new build pipeline. Disabling the prod workflow, but keeping it until we fully migrate our deploy processes over to the new flow.
2021-09-24 15:04:14 -07:00

414 lines
13 KiB
YAML
Raw Blame History

---
name: Build
on:
push:
branches-ignore:
- 'l10n_master'
- 'gh-pages'
workflow_dispatch:
inputs: {}
jobs:
cloc:
name: CLOC
runs-on: ubuntu-20.04
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Install cloc
run: |
sudo apt-get update
sudo apt-get -y install cloc
- name: Print lines of code
run: cloc --include-lang C#,SQL,Razor,"Bourne Shell",PowerShell,HTML,CSS,Sass,JavaScript,TypeScript --vcs git
testing:
name: Testing
runs-on: windows-2019
steps:
- name: Set up NuGet
uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1
with:
nuget-version: '5'
- name: Set up MSBuild
uses: microsoft/setup-msbuild@c26a08ba26249b81327e26f6ef381897b6a8754d
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
with:
node-version: '14'
- name: Update NPM
run: |
npm install -g npm@7
- name: Print environment
run: |
nuget help | grep Version
msbuild -version
dotnet --info
node --version
npm --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Restore
run: msbuild /t:restore
shell: pwsh
- name: Build solution
run: msbuild bitwarden-server.sln /p:Configuration=Debug /verbosity:minimal
shell: pwsh
- name: Test solution
run: dotnet test .\test\Core.Test\Core.Test.csproj --configuration Debug --no-build
shell: pwsh
build-artifacts:
name: Build artifacts
runs-on: ubuntu-20.04
needs: testing
strategy:
fail-fast: false
matrix:
include:
- service_name: Admin
base_path: ./src
gulp: true
- service_name: Api
base_path: ./src
- service_name: Billing
base_path: ./src
- service_name: Events
base_path: ./src
- service_name: EventsProcessor
base_path: ./src
- service_name: Icons
base_path: ./src
- service_name: Identity
base_path: ./src
- service_name: Notifications
base_path: ./src
- service_name: Portal
base_path: ./bitwarden_license/src
gulp: true
- service_name: Server
base_path: ./util
- service_name: Setup
base_path: ./util
- service_name: Sso
base_path: ./bitwarden_license/src
gulp: true
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Set up Node
uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
with:
node-version: '14'
- name: Update NPM
run: |
npm install -g npm@7
- name: Print environment
run: |
whoami
dotnet --info
node --version
npm --version
gulp --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Set up Gulp
if: ${{ matrix.gulp }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
npm install -g gulp
- name: Restore/Clean service
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
echo "Restore"
dotnet restore
echo "Clean"
dotnet clean -c "Release" -o obj/build-output/publish
- name: Execute Gulp
if: ${{ matrix.gulp }}
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
npm install
gulp --gulpfile gulpfile.js build
- name: Publish service
working-directory: ${{ matrix.base_path }}/${{ matrix.service_name }}
run: |
echo "Publish"
dotnet publish -c "Release" -o obj/build-output/publish
cd obj/build-output/publish
zip -r ${{ matrix.service_name }}.zip .
mv ${{ matrix.service_name }}.zip ../../../
pwd
ls -atlh ../../../
- name: Upload service artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
with:
name: ${{ matrix.service_name }}.zip
path: ${{ matrix.base_path }}/${{ matrix.service_name }}/obj/build-output/publish
if-no-files-found: error
build-docker:
name: Build Docker images
runs-on: ubuntu-20.04
needs: build-artifacts
strategy:
fail-fast: false
matrix:
include:
- service_name: Admin
base_path: ./src
docker_repo: bitwarden
dotnet: true
- service_name: Api
base_path: ./src
docker_repo: bitwarden
dotnet: true
- service_name: Billing
base_path: ./src
docker_repo: bitwardenqa.azurecr.io
dotnet: true
- service_name: Attachments
base_path: ./util
docker_repo: bitwarden
- service_name: Events
base_path: ./src
docker_repo: bitwarden
dotnet: true
- service_name: EventsProcessor
base_path: ./src
docker_repo: bitwardenqa.azurecr.io
dotnet: true
- service_name: Icons
base_path: ./src
docker_repo: bitwarden
dotnet: true
- service_name: Identity
base_path: ./src
docker_repo: bitwarden
dotnet: true
- service_name: K8S-Proxy
base_path: ./util
docker_repo: bitwarden
- service_name: MsSql
base_path: ./util
docker_repo: bitwarden
- service_name: Nginx
base_path: ./util
docker_repo: bitwarden
- service_name: Notifications
base_path: ./src
docker_repo: bitwarden
dotnet: true
- service_name: Portal
base_path: ./bitwarden_license/src
docker_repo: bitwarden
dotnet: true
- service_name: Server
base_path: ./util
docker_repo: bitwarden
dotnet: true
- service_name: Setup
base_path: ./util
docker_repo: bitwarden
dotnet: true
- service_name: Sso
base_path: ./bitwarden_license/src
docker_repo: bitwarden
dotnet: true
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Login to Azure - Prod Subscription
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Retrieve secrets
id: retrieve-secrets
uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
with:
keyvault: "bitwarden-prod-kv"
secrets: "docker-password,
docker-username,
dct-delegate-2-repo-passphrase,
dct-delegate-2-key"
- name: Login to Azure - QA Subscription
if: ${{ matrix.service_name }} == "EventsProcessor"
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
with:
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
- name: Log into Docker
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
env:
DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
run: |
if [[ "${{ matrix.docker_repo }}" == "bitwardenqa.azurecr.io" ]]; then
az acr login -n bitwardenqa
else
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
fi
- name: Setup Docker Trust
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
env:
DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
run: |
mkdir -p ~/.docker/trust/private
echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
- name: Setup service name
id: setup
run: |
SERVICE_NAME=$(echo "${{ matrix.service_name }}" | awk '{print tolower($0)}')
echo "Matrix name: ${{ matrix.service_name }}"
echo "SERVICE_NAME: $SERVICE_NAME"
echo "::set-output name=service_name::$SERVICE_NAME"
- name: Get build artifact
if: ${{ matrix.dotnet }}
uses: actions/download-artifact@3be87be14a055c47b01d3bd88f8fe02320a9bb60 # v2.0.10
with:
name: ${{ matrix.service_name }}.zip
path: ${{ matrix.base_path }}/${{ matrix.service_name }}
- name: Build Docker images
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
run: |
if [ "${{ matrix.service_name }}" = "K8s-Proxy" ]; then
docker build -f ${{ matrix.base_path }}/Nginx/Dockerfile-k8s \
-t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} ${{ matrix.base_path }}/Nginx
else
docker build -t ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
${{ matrix.base_path }}/${{ matrix.service_name }}
fi
- name: Tag rc
if: github.ref == 'refs/heads/rc'
run: |
docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc
- name: Tag dev
if: github.ref == 'refs/heads/master'
run: |
docker tag ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }} \
${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev
- name: List Docker images
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
run: docker images
- name: Docker Trust setup
if: matrix.docker_repo == 'bitwarden' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc')
run: |
echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}" >> $GITHUB_ENV
- name: Push rc images
if: github.ref == 'refs/heads/rc'
run: |
docker push ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:rc
- name: Push dev images
if: github.ref == 'refs/heads/master'
run: |
docker push ${{ matrix.docker_repo }}/${{ steps.setup.outputs.service_name }}:dev
- name: Log out of Docker
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
run: docker logout
upload:
name: Upload
runs-on: ubuntu-20.04
needs: build-docker
steps:
- name: Checkout repo
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
- name: Restore
run: dotnet tool restore
- name: Make Docker stub
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
run: |
if [[ "${{ github.ref }}" == "rc" ]]; then
SETUP_IMAGE="bitwarden/setup:rc"
else
SETUP_IMAGE="bitwarden/setup:dev"
fi
STUB_OUTPUT=$(pwd)/docker-stub
docker run -i --rm --name setup -v $STUB_OUTPUT:/bitwarden $SETUP_IMAGE \
dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin
sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT
rm -rf $STUB_OUTPUT/letsencrypt
rm $STUB_OUTPUT/env/uid.env $STUB_OUTPUT/config.yml
touch $STUB_OUTPUT/env/uid.env
cd docker-stub; zip -r ../docker-stub.zip *; cd ..
- name: Upload Docker stub artifact
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
with:
name: docker-stub.zip
path: ./docker-stub.zip
if-no-files-found: error
- name: Build Swagger
run: |
cd ./src/Api
echo "Restore"
dotnet restore
echo "Clean"
dotnet clean -c "Release" -o obj/build-output/publish
echo "Publish"
dotnet publish -c "Release" -o obj/build-output/publish
dotnet swagger tofile --output ../../swagger.json --host https://api.bitwarden.com \
./obj/build-output/publish/Api.dll public
cd ../..
env:
ASPNETCORE_ENVIRONMENT: Production
swaggerGen: 'True'
- name: Upload Swagger artifact
uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700
with:
name: swagger.json
path: ./swagger.json
if-no-files-found: error
View Git Blame Copy Permalink