vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

BRE-272 - Fix Publish Workflows and other misc workflow updates (#10676)

This commit is contained in:
Vince Grassia 2024-08-22 10:54:23 -04:00 committed by GitHub
parent ade01c9d07
commit ed703b3658
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 91 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.github/workflows/build-cli.yml vendored
View File

@ -65,15 +65,15 @@ jobs:
strategy:
matrix:
os:
[
{ base: "linux", distro: "ubuntu-22.04" },
{ base: "mac", distro: "macos-13" }
]
[
{ base: "linux", distro: "ubuntu-22.04" },
{ base: "mac", distro: "macos-13" }
]
license_type:
[
{ build_prefix: "oss", artifact_prefix: "-oss", readable: "open source license" },
{ build_prefix: "bit", artifact_prefix: "", readable: "commercial license"}
]
[
{ build_prefix: "oss", artifact_prefix: "-oss", readable: "open source license" },
{ build_prefix: "bit", artifact_prefix: "", readable: "commercial license" }
]
runs-on: ${{ matrix.os.distro }}
needs:
- setup
@ -148,10 +148,10 @@ jobs:
strategy:
matrix:
license_type:
[
{ build_prefix: "oss", artifact_prefix: "-oss", readable: "open source license" },
{ build_prefix: "bit", artifact_prefix: "", readable: "commercial license"}
]
[
{ build_prefix: "oss", artifact_prefix: "-oss", readable: "open source license" },
{ build_prefix: "bit", artifact_prefix: "", readable: "commercial license" }
]
runs-on: windows-2022
needs:
- setup
@ -241,7 +241,7 @@ jobs:
- name: Package Chocolatey
shell: pwsh
if: ${{ matrix.license_type.build_prefix }} == 'bit'
if: ${{ matrix.license_type.build_prefix == 'bit' }}
run: |
Copy-Item -Path stores/chocolatey -Destination dist/chocolatey -Recurse
Copy-Item dist/${{ matrix.license_type.build_prefix }}/windows/bw.exe -Destination dist/chocolatey/tools

3
.github/workflows/chromatic.yml vendored
View File

@ -1,3 +1,4 @@
---
name: Chromatic
on:
@ -13,7 +14,7 @@ jobs:
check-run:
name: Check PR run
uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
chromatic:
name: Chromatic
runs-on: ubuntu-22.04

1
.github/workflows/crowdin-pull.yml vendored
View File

@ -59,4 +59,3 @@ jobs:
working_directory: apps/${{ matrix.app_name }}
gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}

2
.github/workflows/deploy-web.yml vendored
View File

@ -7,7 +7,7 @@ on:
inputs:
environment:
description: 'Environment'
default: 'QA'
default: 'USQA'
type: choice
options:
- USQA

46
.github/workflows/publish-cli.yml vendored
View File

@ -35,40 +35,45 @@ on:
default: true
type: boolean
defaults:
run:
working-directory: apps/cli
jobs:
setup:
name: Setup
runs-on: ubuntu-22.04
outputs:
release-version: ${{ steps.version-output.outputs.version }}
deployment-id: ${{ steps.deployment.outputs.deployment-id }}
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
steps:
- name: Branch check
if: ${{ inputs.publish_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-cli" ]]; then
echo "==================================="
echo "[!] Can only publish from the 'rc' or 'hotfix-rc-cli' branches"
echo "==================================="
exit 1
fi
- name: Version output
id: version-output
run: |
if [[ "${{ github.event.inputs.version }}" == "latest" || "${{ github.event.inputs.version }}" == "" ]]; then
if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then
VERSION=$(curl "https://api.github.com/repos/bitwarden/clients/releases" | jq -c '.[] | select(.tag_name | contains("cli")) | .tag_name' | head -1 | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+')
echo "Latest Released Version: $VERSION"
echo "::set-output name=version::$VERSION"
echo "version=$VERSION" >> $GITHUB_OUTPUT
else
echo "Release Version: ${{ github.event.inputs.version }}"
echo "::set-output name=version::${{ github.event.inputs.version }}"
echo "Release Version: ${{ inputs.version }}"
echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
fi
- name: Create GitHub deployment
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
if: ${{ inputs.publish_type != 'Dry Run' }}
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
id: deployment
with:
token: '${{ secrets.GITHUB_TOKEN }}'
initial-status: 'in_progress'
environment: 'CLI - Production'
description: 'Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}'
description: 'Deployment ${{ steps.version-output.outputs.version }} from branch ${{ github.ref_name }}'
task: release
snap:
@ -78,6 +83,9 @@ jobs:
if: inputs.snap_publish
env:
_PKG_VERSION: ${{ needs.setup.outputs.release-version }}
defaults:
run:
working-directory: apps/cli
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@ -101,7 +109,7 @@ jobs:
run: wget https://github.com/bitwarden/clients/releases/cli-v${{ env._PKG_VERSION }}/download/bw_${{ env._PKG_VERSION }}_amd64.snap
- name: Publish Snap & logout
if: ${{ github.event.inputs.publish_type != 'Dry Run' }}
if: ${{ inputs.publish_type != 'Dry Run' }}
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }}
run: |
@ -144,7 +152,7 @@ jobs:
run: wget https://github.com/bitwarden/clients/releases/cli-v${{ env._PKG_VERSION }}/download/bitwarden-cli.${{ env._PKG_VERSION }}.nupkg
- name: Push to Chocolatey
if: ${{ github.event.inputs.publish_type != 'Dry Run' }}
if: ${{ inputs.publish_type != 'Dry Run' }}
shell: pwsh
run: |
cd dist
@ -187,7 +195,7 @@ jobs:
run: npm install -g husky
- name: Publish NPM
if: ${{ github.event.inputs.publish_type != 'Dry Run' }}
if: ${{ inputs.publish_type != 'Dry Run' }}
run: npm publish --access public --regsitry=https://registry.npmjs.org/ --userconfig=./.npmrc
update-deployment:
@ -198,14 +206,14 @@ jobs:
- npm
- snap
- choco
if: ${{ always() && github.event.inputs.publish_type != 'Dry Run' }}
if: ${{ always() && inputs.publish_type != 'Dry Run' }}
steps:
- name: Check if any job failed
if: contains(needs.*.result, 'failure')
run: exit 1
- name: Update deployment status to Success
if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }}
if: ${{ inputs.publish_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: '${{ secrets.GITHUB_TOKEN }}'
@ -213,9 +221,9 @@ jobs:
deployment-id: ${{ needs.setup.outputs.deployment-id }}
- name: Update deployment status to Failure
if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }}
if: ${{ inputs.publish_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: '${{ secrets.GITHUB_TOKEN }}'
state: 'failure'
deployment-id: ${{ needs.setup.outputs.deployment-id }}
deployment-id: ${{ needs.setup.outputs.deployment-id }}

55
.github/workflows/publish-desktop.yml vendored
View File

@ -49,25 +49,35 @@ jobs:
tag-name: ${{ steps.version.outputs.tag_name }}
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
steps:
- name: Branch check
if: ${{ inputs.publish_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-desktop" ]]; then
echo "==================================="
echo "[!] Can only publish from the 'rc' or 'hotfix-rc-desktop' branches"
echo "==================================="
exit 1
fi
- name: Check Publish Version
id: version
run: |
if [[ "${{ github.event.inputs.version }}" == "latest" || "${{ github.event.inputs.version }}" == "" ]]; then
if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then
TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/clients/releases" | jq -c '.[] | select(.tag_name | contains("desktop")) | .tag_name' | head -1 | cut -d '"' -f 2)
VERSION=$(echo $TAG_NAME | sed "s/desktop-v//")
echo "Latest Released Version: $VERSION"
echo "::set-output name=version::$VERSION"
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "Tag name: $TAG_NAME"
echo "::set-output name=tag_name::$TAG_NAME"
echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT
else
echo "Release Version: ${{ github.event.inputs.version }}"
echo "::set-output name=version::${{ github.event.inputs.version }}"
echo "Release Version: ${{ inputs.version }}"
echo "version=${{ inputs.version }}"
$TAG_NAME="desktop-v${{ github.event.inputs.version }}"
$TAG_NAME="desktop-v${{ inputs.version }}"
echo "Tag name: $TAG_NAME"
echo "::set-output name=tag_name::$TAG_NAME"
echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT
fi
- name: Get Version Channel
@ -88,7 +98,7 @@ jobs:
esac
- name: Create GitHub deployment
if: ${{ github.event.inputs.publish_type != 'Dry Run' }}
if: ${{ inputs.publish_type != 'Dry Run' }}
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
id: deployment
with:
@ -101,6 +111,7 @@ jobs:
electron-blob:
name: Electron blob publish
runs-on: ubuntu-22.04
needs: setup
env:
_PKG_VERSION: ${{ needs.setup.outputs.release-version }}
_RELEASE_TAG: ${{ needs.setup.outputs.tag-name }}
@ -120,7 +131,7 @@ jobs:
aws-electron-bucket-name"
- name: Download all artifacts
if: ${{ github.event.inputs.publish_type != 'Dry Run' }}
if: ${{ inputs.publish_type != 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-desktop.yml
@ -134,7 +145,7 @@ jobs:
- name: Set staged rollout percentage
env:
RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }}
RELEASE_CHANNEL: ${{ needs.setup.outputs.release-channel }}
ROLLOUT_PCT: ${{ inputs.rollout_percentage }}
run: |
echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}.yml
@ -142,7 +153,7 @@ jobs:
echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-mac.yml
- name: Publish artifacts to S3
if: ${{ github.event.inputs.publish_type != 'Dry Run' }}
if: ${{ inputs.publish_type != 'Dry Run' }}
env:
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }}
@ -156,26 +167,26 @@ jobs:
--quiet
- name: Update deployment status to Success
if: ${{ github.event.inputs.publish_type != 'Dry Run' && success() }}
if: ${{ inputs.publish_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: '${{ secrets.GITHUB_TOKEN }}'
state: 'success'
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
deployment-id: ${{ needs.setup.outputs.deployment-id }}
- name: Update deployment status to Failure
if: ${{ github.event.inputs.publish_type != 'Dry Run' && failure() }}
if: ${{ inputs.publish_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: '${{ secrets.GITHUB_TOKEN }}'
state: 'failure'
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
deployment-id: ${{ needs.setup.outputs.deployment-id }}
snap:
name: Deploy Snap
runs-on: ubuntu-22.04
needs: setup
if: ${{ github.event.inputs.snap_publish == 'true' }}
if: ${{ inputs.snap_publish == 'true' }}
env:
_PKG_VERSION: ${{ needs.setup.outputs.release-version }}
_RELEASE_TAG: ${{ needs.setup.outputs.tag-name }}
@ -207,7 +218,7 @@ jobs:
run: wget https://github.com/bitwarden/clients/releases/${{ env._RELEASE_TAG }}/download/bitwarden_${{ env._PKG_VERSION }}_amd64.snap
- name: Deploy to Snap Store
if: ${{ github.event.inputs.publish_type != 'Dry Run' }}
if: ${{ inputs.publish_type != 'Dry Run' }}
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }}
run: |
@ -219,7 +230,7 @@ jobs:
name: Deploy Choco
runs-on: windows-2022
needs: setup
if: ${{ github.event.inputs.choco_publish == 'true' }}
if: ${{ inputs.choco_publish == 'true' }}
env:
_PKG_VERSION: ${{ needs.setup.outputs.release-version }}
_RELEASE_TAG: ${{ needs.setup.outputs.tag-name }}
@ -260,7 +271,7 @@ jobs:
run: wget https://github.com/bitwarden/clients/releases/${{ env._RELEASE_TAG }}/download/bitwarden.${{ env._PKG_VERSION }}.nupkg
- name: Push to Chocolatey
if: ${{ github.event.inputs.publish_type != 'Dry Run' }}
if: ${{ inputs.publish_type != 'Dry Run' }}
shell: pwsh
run: choco push --source=https://push.chocolatey.org/
working-directory: apps/desktop/dist
@ -273,14 +284,14 @@ jobs:
- electron-blob
- snap
- choco
if: ${{ always() && github.event.inputs.publish_type != 'Dry Run' }}
if: ${{ always() && inputs.publish_type != 'Dry Run' }}
steps:
- name: Check if any job failed
if: contains(needs.*.result, 'failure')
run: exit 1
- name: Update deployment status to Success
if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }}
if: ${{ inputs.publish_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: '${{ secrets.GITHUB_TOKEN }}'
@ -288,7 +299,7 @@ jobs:
deployment-id: ${{ needs.setup.outputs.deployment-id }}
- name: Update deployment status to Failure
if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }}
if: ${{ inputs.publish_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: '${{ secrets.GITHUB_TOKEN }}'

20
.github/workflows/publish-web.yml vendored
View File

@ -30,11 +30,11 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Branch check
if: ${{ github.event.inputs.publish_type != 'Dry Run' }}
if: ${{ inputs.publish_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-web" ]]; then
echo "==================================="
echo "[!] Can only release from the 'rc' or 'hotfix-rc-web' branches"
echo "[!] Can only publish from the 'rc' or 'hotfix-rc-web' branches"
echo "==================================="
exit 1
fi
@ -43,7 +43,7 @@ jobs:
id: version
uses: bitwarden/gh-actions/release-version-check@main
with:
release-type: ${{ github.event.inputs.publish_type }}
release-type: ${{ inputs.publish_type }}
project-type: ts
file: apps/web/package.json
monorepo: true
@ -56,7 +56,7 @@ jobs:
env:
_BRANCH_NAME: ${{ github.ref_name }}
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
_RELEASE_OPTION: ${{ github.event.inputs.publish_type }}
_RELEASE_OPTION: ${{ inputs.publish_type }}
steps:
- name: Print environment
run: |
@ -79,7 +79,7 @@ jobs:
run: az acr login -n bitwardenprod
- name: Create GitHub deployment
if: ${{ github.event.inputs.publish_type != 'Dry Run' }}
if: ${{ inputs.publish_type != 'Dry Run' }}
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
id: deployment
with:
@ -92,7 +92,7 @@ jobs:
- name: Pull branch image
run: |
if [[ "${{ github.event.inputs.publish_type }}" == "Dry Run" ]]; then
if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then
docker pull $_AZ_REGISTRY/web:latest
else
docker pull $_AZ_REGISTRY/web:$_BRANCH_NAME
@ -100,7 +100,7 @@ jobs:
- name: Tag version
run: |
if [[ "${{ github.event.inputs.publish_type }}" == "Dry Run" ]]; then
if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then
docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web:dryrun
docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web-sh:dryrun
else
@ -112,7 +112,7 @@ jobs:
- name: Push version
run: |
if [[ "${{ github.event.inputs.publish_type }}" == "Dry Run" ]]; then
if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then
docker push $_AZ_REGISTRY/web:dryrun
docker push $_AZ_REGISTRY/web-sh:dryrun
else
@ -123,7 +123,7 @@ jobs:
fi
- name: Update deployment status to Success
if: ${{ github.event.inputs.publish_type != 'Dry Run' && success() }}
if: ${{ inputs.publish_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: '${{ secrets.GITHUB_TOKEN }}'
@ -132,7 +132,7 @@ jobs:
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
- name: Update deployment status to Failure
if: ${{ github.event.inputs.publish_type != 'Dry Run' && failure() }}
if: ${{ inputs.publish_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: '${{ secrets.GITHUB_TOKEN }}'

2
.github/workflows/release-desktop.yml vendored
View File

@ -98,7 +98,7 @@ jobs:
- name: Create Release
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
if: ${{ steps.release-channel.outputs.channel == 'latest' && github.event.inputs.release_type != 'Dry Run' && github.event.inputs.github_release == 'true' }}
if: ${{ steps.release-channel.outputs.channel == 'latest' && github.event.inputs.release_type != 'Dry Run' }}
env:
PKG_VERSION: ${{ steps.version.outputs.version }}
RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }}

3
.github/workflows/scan.yml vendored
View File

@ -1,3 +1,4 @@
---
name: Scan
on:
@ -31,7 +32,7 @@ jobs:
ref: ${{ github.event.pull_request.head.sha }}
- name: Scan with Checkmarx
uses: checkmarx/ast-github-action@749fec53e0db0f6404a97e2e0807c3e80e3583a7 #2.0.23
uses: checkmarx/ast-github-action@749fec53e0db0f6404a97e2e0807c3e80e3583a7 # v2.0.23
env:
INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
with:

3
.github/workflows/test.yml vendored
View File

@ -1,3 +1,4 @@
---
name: Testing
on:
@ -37,7 +38,7 @@ jobs:
checks: write
contents: read
pull-requests: write
steps:
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1