--- name: Release Desktop run-name: Release Desktop ${{ inputs.release_type }} on: workflow_dispatch: inputs: release_type: description: 'Release Options' required: true default: 'Initial Release' type: choice options: - Initial Release - Redeploy - Dry Run rollout_percentage: description: 'Staged Rollout Percentage' required: true default: '10' type: string snap_publish: description: 'Publish to Snap store' required: true default: true type: boolean choco_publish: description: 'Publish to Chocolatey store' required: true default: true type: boolean electron_publish: description: 'Publish Electron to S3 bucket' required: true default: true type: boolean github_release: description: 'Publish GitHub release' required: true default: true type: boolean defaults: run: shell: bash jobs: setup: name: Setup runs-on: ubuntu-22.04 outputs: release-version: ${{ steps.version.outputs.version }} release-channel: ${{ steps.release-channel.outputs.channel }} steps: - name: Checkout repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Branch check if: ${{ github.event.inputs.release_type != 'Dry Run' }} run: | if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-desktop" ]]; then echo "===================================" echo "[!] Can only release from the 'rc' or 'hotfix-rc-desktop' branches" echo "===================================" exit 1 fi - name: Check Release Version id: version uses: bitwarden/gh-actions/release-version-check@main with: release-type: ${{ inputs.release_type }} project-type: ts file: apps/desktop/src/package.json monorepo: true monorepo-project: desktop - name: Get Version Channel id: release-channel run: | case "${{ steps.version.outputs.version }}" in *"alpha"*) echo "channel=alpha" >> $GITHUB_OUTPUT echo "[!] We do not yet support 'alpha'" exit 1 ;; *"beta"*) echo "channel=beta" >> $GITHUB_OUTPUT ;; *) echo "channel=latest" >> $GITHUB_OUTPUT ;; esac - name: Create GitHub deployment if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 id: deployment with: token: '${{ secrets.GITHUB_TOKEN }}' initial-status: 'in_progress' environment: 'Desktop - Production' description: 'Deployment ${{ steps.version.outputs.version }} to channel ${{ steps.release-channel.outputs.channel }} from branch ${{ github.ref_name }}' task: release - name: Login to Azure uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: "bitwarden-ci" secrets: "aws-electron-access-id, aws-electron-access-key, aws-electron-bucket-name, r2-electron-access-id, r2-electron-access-key, r2-electron-bucket-name, cf-prod-account" - name: Download all artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-desktop.yml workflow_conclusion: success branch: ${{ github.ref_name }} path: apps/desktop/artifacts - name: Dry Run - Download all artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-desktop.yml workflow_conclusion: success branch: main path: apps/desktop/artifacts - name: Rename .pkg to .pkg.archive env: PKG_VERSION: ${{ steps.version.outputs.version }} working-directory: apps/desktop/artifacts run: mv Bitwarden-${{ env.PKG_VERSION }}-universal.pkg Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive - name: Set staged rollout percentage if: ${{ github.event.inputs.electron_publish == 'true' }} env: RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }} ROLLOUT_PCT: ${{ inputs.rollout_percentage }} run: | echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}.yml echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-linux.yml echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-mac.yml - name: Publish artifacts to S3 if: ${{ github.event.inputs.release_type != 'Dry Run' && github.event.inputs.electron_publish == 'true' }} env: AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }} AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }} AWS_DEFAULT_REGION: 'us-west-2' AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.aws-electron-bucket-name }} working-directory: apps/desktop/artifacts run: | aws s3 cp ./ $AWS_S3_BUCKET_NAME/desktop/ \ --acl "public-read" \ --recursive \ --quiet - name: Publish artifacts to R2 if: ${{ github.event.inputs.release_type != 'Dry Run' && github.event.inputs.electron_publish == 'true' }} env: AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.r2-electron-access-id }} AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.r2-electron-access-key }} AWS_DEFAULT_REGION: 'us-east-1' AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.r2-electron-bucket-name }} CF_ACCOUNT: ${{ steps.retrieve-secrets.outputs.cf-prod-account }} working-directory: apps/desktop/artifacts run: | aws s3 cp ./ $AWS_S3_BUCKET_NAME/desktop/ \ --recursive \ --quiet \ --endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com - name: Get checksum files uses: bitwarden/gh-actions/get-checksum@main with: packages_dir: "apps/desktop/artifacts" file_path: "apps/desktop/artifacts/sha256-checksums.txt" - name: Create Release uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 if: ${{ steps.release-channel.outputs.channel == 'latest' && github.event.inputs.release_type != 'Dry Run' && github.event.inputs.github_release == 'true' }} env: PKG_VERSION: ${{ steps.version.outputs.version }} RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }} with: artifacts: "apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-amd64.deb, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x86_64.rpm, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64.freebsd, apps/desktop/artifacts/bitwarden_${{ env.PKG_VERSION }}_amd64.snap, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x86_64.AppImage, apps/desktop/artifacts/Bitwarden-Portable-${{ env.PKG_VERSION }}.exe, apps/desktop/artifacts/Bitwarden-Installer-${{ env.PKG_VERSION }}.exe, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-ia32-store.appx, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-ia32.appx, apps/desktop/artifacts/bitwarden-${{ env.PKG_VERSION }}-ia32.nsis.7z, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64-store.appx, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64.appx, apps/desktop/artifacts/bitwarden-${{ env.PKG_VERSION }}-x64.nsis.7z, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-arm64-store.appx, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-arm64.appx, apps/desktop/artifacts/bitwarden-${{ env.PKG_VERSION }}-arm64.nsis.7z, apps/desktop/artifacts/bitwarden.${{ env.PKG_VERSION }}.nupkg, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal-mac.zip, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.dmg, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.dmg.blockmap, apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive, apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}.yml, apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}-linux.yml, apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}-mac.yml, apps/desktop/artifacts/sha256-checksums.txt" commit: ${{ github.sha }} tag: desktop-v${{ env.PKG_VERSION }} name: Desktop v${{ env.PKG_VERSION }} body: "" token: ${{ secrets.GITHUB_TOKEN }} draft: true - name: Update deployment status to Success if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'success' deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update deployment status to Failure if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'failure' deployment-id: ${{ steps.deployment.outputs.deployment_id }} snap: name: Deploy Snap runs-on: ubuntu-22.04 needs: setup if: ${{ github.event.inputs.snap_publish == 'true' }} env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: - name: Checkout Repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Login to Azure uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: "bitwarden-ci" secrets: "snapcraft-store-token" - name: Install Snap uses: samuelmeuli/action-snapcraft@d33c176a9b784876d966f80fb1b461808edc0641 # v2.1.1 - name: Setup run: mkdir dist working-directory: apps/desktop - name: Download Snap artifact if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-desktop.yml workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap path: apps/desktop/dist - name: Dry Run - Download Snap artifact if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-desktop.yml workflow_conclusion: success branch: main artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap path: apps/desktop/dist - name: Deploy to Snap Store if: ${{ github.event.inputs.release_type != 'Dry Run' }} env: SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} run: | snapcraft upload bitwarden_${{ env._PKG_VERSION }}_amd64.snap --release stable snapcraft logout working-directory: apps/desktop/dist choco: name: Deploy Choco runs-on: windows-2022 needs: setup if: ${{ github.event.inputs.choco_publish == 'true' }} env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: - name: Checkout Repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Print Environment run: | dotnet --version dotnet nuget --version - name: Login to Azure uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve secrets id: retrieve-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: "bitwarden-ci" secrets: "cli-choco-api-key" - name: Setup Chocolatey shell: pwsh run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ env: CHOCO_API_KEY: ${{ steps.retrieve-secrets.outputs.cli-choco-api-key }} - name: Make dist dir shell: pwsh run: New-Item -ItemType directory -Path ./dist working-directory: apps/desktop - name: Download choco artifact if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-desktop.yml workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: bitwarden.${{ env._PKG_VERSION }}.nupkg path: apps/desktop/dist - name: Dry Run - Download choco artifact if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-desktop.yml workflow_conclusion: success branch: main artifacts: bitwarden.${{ env._PKG_VERSION }}.nupkg path: apps/desktop/dist - name: Push to Chocolatey if: ${{ github.event.inputs.release_type != 'Dry Run' }} shell: pwsh run: choco push --source=https://push.chocolatey.org/ working-directory: apps/desktop/dist