diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml new file mode 100644 index 0000000000..3f9eb7b2e4 --- /dev/null +++ b/.github/workflows/publish-cli.yml @@ -0,0 +1,221 @@ +--- +name: Publish CLI +run-name: Publish CLI ${{ inputs.publish_type }} + +on: + workflow_dispatch: + inputs: + publish_type: + description: 'Publish Options' + required: true + default: 'Initial Publish' + type: choice + options: + - Initial Publish + - Republish + - Dry Run + version: + description: 'Version to publish (default: latest cli release)' + required: true + type: string + default: latest + snap_publish: + description: 'Publish to Snap store' + required: true + default: true + type: boolean + choco_publish: + description: 'Publish to Chocolatey store' + required: true + default: true + type: boolean + npm_publish: + description: 'Publish to npm registry' + required: true + default: true + type: boolean + + +defaults: + run: + working-directory: apps/cli + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version-output.outputs.version }} + deployment-id: ${{ steps.deployment.outputs.deployment-id }} + steps: + - name: Version output + id: version-output + run: | + if [[ "${{ github.event.inputs.version }}" == "latest" || "${{ github.event.inputs.version }}" == "" ]]; then + VERSION=$(curl "https://api.github.com/repos/bitwarden/clients/releases" | jq -c '.[] | select(.tag_name | contains("cli")) | .tag_name' | head -1 | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "::set-output name=version::$VERSION" + else + echo "Release Version: ${{ github.event.inputs.version }}" + echo "::set-output name=version::${{ github.event.inputs.version }}" + fi + + - name: Create GitHub deployment + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment + with: + token: '${{ secrets.GITHUB_TOKEN }}' + initial-status: 'in_progress' + environment: 'CLI - Production' + description: 'Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}' + task: release + + snap: + name: Deploy Snap + runs-on: ubuntu-22.04 + needs: setup + if: inputs.snap_publish + env: + _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "snapcraft-store-token" + + - name: Install Snap + uses: samuelmeuli/action-snapcraft@d33c176a9b784876d966f80fb1b461808edc0641 # v2.1.1 + + - name: Download artifacts + run: wget https://github.com/bitwarden/clients/releases/cli-v${{ env._PKG_VERSION }}/download/bw_${{ env._PKG_VERSION }}_amd64.snap + + - name: Publish Snap & logout + if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + env: + SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} + run: | + snapcraft upload bw_${{ env._PKG_VERSION }}_amd64.snap --release stable + snapcraft logout + + choco: + name: Deploy Choco + runs-on: windows-2022 + needs: setup + if: inputs.choco_publish + env: + _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "cli-choco-api-key" + + - name: Setup Chocolatey + run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ + env: + CHOCO_API_KEY: ${{ steps.retrieve-secrets.outputs.cli-choco-api-key }} + + - name: Make dist dir + shell: pwsh + run: New-Item -ItemType directory -Path ./dist + + - name: Download artifacts + run: wget https://github.com/bitwarden/clients/releases/cli-v${{ env._PKG_VERSION }}/download/bitwarden-cli.${{ env._PKG_VERSION }}.nupkg + + - name: Push to Chocolatey + if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + shell: pwsh + run: | + cd dist + choco push --source=https://push.chocolatey.org/ + + npm: + name: Publish NPM + runs-on: ubuntu-22.04 + needs: setup + if: inputs.npm_publish + env: + _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "npm-api-key" + + - name: Download artifacts + run: wget https://github.com/bitwarden/clients/releases/cli-v${{ env._PKG_VERSION }}/download/bitwarden-cli-${{ env._PKG_VERSION }}-npm-build.zip + + - name: Setup NPM + run: | + echo 'registry="https://registry.npmjs.org/"' > ./.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc + env: + NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} + + - name: Install Husky + run: npm install -g husky + + - name: Publish NPM + if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + run: npm publish --access public --regsitry=https://registry.npmjs.org/ --userconfig=./.npmrc + + update-deployment: + name: Update Deployment Status + runs-on: ubuntu-22.04 + needs: + - setup + - npm + - snap + - choco + if: ${{ always() && github.event.inputs.publish_type != 'Dry Run' }} + steps: + - name: Check if any job failed + if: contains(needs.*.result, 'failure') + run: exit 1 + + - name: Update deployment status to Success + if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: '${{ secrets.GITHUB_TOKEN }}' + state: 'success' + deployment-id: ${{ needs.setup.outputs.deployment-id }} + + - name: Update deployment status to Failure + if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: '${{ secrets.GITHUB_TOKEN }}' + state: 'failure' + deployment-id: ${{ needs.setup.outputs.deployment-id }} \ No newline at end of file diff --git a/.github/workflows/publish-desktop.yml b/.github/workflows/publish-desktop.yml new file mode 100644 index 0000000000..2c4e467bc2 --- /dev/null +++ b/.github/workflows/publish-desktop.yml @@ -0,0 +1,296 @@ +--- +name: Publish Desktop +run-name: Publish Desktop ${{ inputs.publish_type }} + +on: + workflow_dispatch: + inputs: + publish_type: + description: 'Publish Options' + required: true + default: 'Initial Publish' + type: choice + options: + - Initial Publish + - Republish + - Dry Run + version: + description: 'Version to publish (default: latest cli release)' + required: true + type: string + default: latest + rollout_percentage: + description: 'Staged Rollout Percentage' + required: true + default: '10' + type: string + snap_publish: + description: 'Publish to Snap store' + required: true + default: true + type: boolean + choco_publish: + description: 'Publish to Chocolatey store' + required: true + default: true + type: boolean + +defaults: + run: + shell: bash + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version.outputs.version }} + release-channel: ${{ steps.release-channel.outputs.channel }} + tag-name: ${{ steps.version.outputs.tag_name }} + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + steps: + - name: Check Publish Version + id: version + run: | + if [[ "${{ github.event.inputs.version }}" == "latest" || "${{ github.event.inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/clients/releases" | jq -c '.[] | select(.tag_name | contains("desktop")) | .tag_name' | head -1 | cut -d '"' -f 2) + VERSION=$(echo $TAG_NAME | sed "s/desktop-v//") + echo "Latest Released Version: $VERSION" + echo "::set-output name=version::$VERSION" + + echo "Tag name: $TAG_NAME" + echo "::set-output name=tag_name::$TAG_NAME" + else + echo "Release Version: ${{ github.event.inputs.version }}" + echo "::set-output name=version::${{ github.event.inputs.version }}" + + $TAG_NAME="desktop-v${{ github.event.inputs.version }}" + + echo "Tag name: $TAG_NAME" + echo "::set-output name=tag_name::$TAG_NAME" + fi + + - name: Get Version Channel + id: release-channel + run: | + case "${{ steps.version.outputs.version }}" in + *"alpha"*) + echo "channel=alpha" >> $GITHUB_OUTPUT + echo "[!] We do not yet support 'alpha'" + exit 1 + ;; + *"beta"*) + echo "channel=beta" >> $GITHUB_OUTPUT + ;; + *) + echo "channel=latest" >> $GITHUB_OUTPUT + ;; + esac + + - name: Create GitHub deployment + if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment + with: + token: '${{ secrets.GITHUB_TOKEN }}' + initial-status: 'in_progress' + environment: 'Desktop - Production' + description: 'Deployment ${{ steps.version.outputs.version }} to channel ${{ steps.release-channel.outputs.channel }} from branch ${{ github.ref_name }}' + task: release + + electron-blob: + name: Electron blob publish + runs-on: ubuntu-22.04 + env: + _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }} + steps: + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "aws-electron-access-id, + aws-electron-access-key, + aws-electron-bucket-name" + + - name: Download all artifacts + if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-desktop.yml + workflow_conclusion: success + branch: ${{ github.ref_name }} + path: apps/desktop/artifacts + + - name: Download artifacts + working-directory: apps/desktop/artifacts + run: gh release download ${{ env._RELEASE_TAG }} -R bitwarden/desktop + + - name: Set staged rollout percentage + env: + RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }} + ROLLOUT_PCT: ${{ inputs.rollout_percentage }} + run: | + echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}.yml + echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-linux.yml + echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-mac.yml + + - name: Publish artifacts to S3 + if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + env: + AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }} + AWS_DEFAULT_REGION: 'us-west-2' + AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.aws-electron-bucket-name }} + working-directory: apps/desktop/artifacts + run: | + aws s3 cp ./ $AWS_S3_BUCKET_NAME/desktop/ \ + --acl "public-read" \ + --recursive \ + --quiet + + - name: Update deployment status to Success + if: ${{ github.event.inputs.publish_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: '${{ secrets.GITHUB_TOKEN }}' + state: 'success' + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + - name: Update deployment status to Failure + if: ${{ github.event.inputs.publish_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: '${{ secrets.GITHUB_TOKEN }}' + state: 'failure' + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + snap: + name: Deploy Snap + runs-on: ubuntu-22.04 + needs: setup + if: ${{ github.event.inputs.snap_publish == 'true' }} + env: + _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }} + steps: + - name: Checkout Repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "snapcraft-store-token" + + - name: Install Snap + uses: samuelmeuli/action-snapcraft@d33c176a9b784876d966f80fb1b461808edc0641 # v2.1.1 + + - name: Setup + run: mkdir dist + working-directory: apps/desktop + + - name: Download artifacts + working-directory: apps/desktop/dist + run: wget https://github.com/bitwarden/clients/releases/${{ env._RELEASE_TAG }}/download/bitwarden_${{ env._PKG_VERSION }}_amd64.snap + + - name: Deploy to Snap Store + if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + env: + SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} + run: | + snapcraft upload bitwarden_${{ env._PKG_VERSION }}_amd64.snap --release stable + snapcraft logout + working-directory: apps/desktop/dist + + choco: + name: Deploy Choco + runs-on: windows-2022 + needs: setup + if: ${{ github.event.inputs.choco_publish == 'true' }} + env: + _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }} + steps: + - name: Checkout Repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Print Environment + run: | + dotnet --version + dotnet nuget --version + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "cli-choco-api-key" + + - name: Setup Chocolatey + shell: pwsh + run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ + env: + CHOCO_API_KEY: ${{ steps.retrieve-secrets.outputs.cli-choco-api-key }} + + - name: Make dist dir + shell: pwsh + run: New-Item -ItemType directory -Path ./dist + working-directory: apps/desktop + + - name: Download artifacts + working-directory: apps/desktop/dist + run: wget https://github.com/bitwarden/clients/releases/${{ env._RELEASE_TAG }}/download/bitwarden.${{ env._PKG_VERSION }}.nupkg + + - name: Push to Chocolatey + if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + shell: pwsh + run: choco push --source=https://push.chocolatey.org/ + working-directory: apps/desktop/dist + + update-deployment: + name: Update Deployment Status + runs-on: ubuntu-22.04 + needs: + - setup + - electron-blob + - snap + - choco + if: ${{ always() && github.event.inputs.publish_type != 'Dry Run' }} + steps: + - name: Check if any job failed + if: contains(needs.*.result, 'failure') + run: exit 1 + + - name: Update deployment status to Success + if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: '${{ secrets.GITHUB_TOKEN }}' + state: 'success' + deployment-id: ${{ needs.setup.outputs.deployment-id }} + + - name: Update deployment status to Failure + if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: '${{ secrets.GITHUB_TOKEN }}' + state: 'failure' + deployment-id: ${{ needs.setup.outputs.deployment-id }} diff --git a/.github/workflows/publish-web.yml b/.github/workflows/publish-web.yml new file mode 100644 index 0000000000..733e3945e5 --- /dev/null +++ b/.github/workflows/publish-web.yml @@ -0,0 +1,144 @@ +--- +name: Publish Web +run-name: Publish Web ${{ inputs.publish_type }} + +on: + workflow_dispatch: + inputs: + publish_type: + description: 'Publish Options' + required: true + default: 'Initial Publish' + type: choice + options: + - Initial Publish + - Redeploy + - Dry Run + +env: + _AZ_REGISTRY: bitwardenprod.azurecr.io + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release_version: ${{ steps.version.outputs.version }} + tag_version: ${{ steps.version.outputs.tag }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Branch check + if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-web" ]]; then + echo "===================================" + echo "[!] Can only release from the 'rc' or 'hotfix-rc-web' branches" + echo "===================================" + exit 1 + fi + + - name: Check Release Version + id: version + uses: bitwarden/gh-actions/release-version-check@main + with: + release-type: ${{ github.event.inputs.publish_type }} + project-type: ts + file: apps/web/package.json + monorepo: true + monorepo-project: web + + self-host: + name: Release self-host docker + runs-on: ubuntu-22.04 + needs: setup + env: + _BRANCH_NAME: ${{ github.ref_name }} + _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} + _RELEASE_OPTION: ${{ github.event.inputs.publish_type }} + steps: + - name: Print environment + run: | + whoami + docker --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + echo "Github Release Option: $_RELEASE_OPTION" + + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + ########## ACR ########## + - name: Login to Azure - PROD Subscription + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Login to Azure ACR + run: az acr login -n bitwardenprod + + - name: Create GitHub deployment + if: ${{ github.event.inputs.publish_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment + with: + token: '${{ secrets.GITHUB_TOKEN }}' + initial-status: 'in_progress' + environment-url: http://vault.bitwarden.com + environment: 'Web Vault - US Production Cloud' + description: 'Deployment ${{ needs.setup.outputs.release_version }} from branch ${{ github.ref_name }}' + task: release + + - name: Pull branch image + run: | + if [[ "${{ github.event.inputs.publish_type }}" == "Dry Run" ]]; then + docker pull $_AZ_REGISTRY/web:latest + else + docker pull $_AZ_REGISTRY/web:$_BRANCH_NAME + fi + + - name: Tag version + run: | + if [[ "${{ github.event.inputs.publish_type }}" == "Dry Run" ]]; then + docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web:dryrun + docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web-sh:dryrun + else + docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web:$_RELEASE_VERSION + docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web-sh:$_RELEASE_VERSION + docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web:latest + docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web-sh:latest + fi + + - name: Push version + run: | + if [[ "${{ github.event.inputs.publish_type }}" == "Dry Run" ]]; then + docker push $_AZ_REGISTRY/web:dryrun + docker push $_AZ_REGISTRY/web-sh:dryrun + else + docker push $_AZ_REGISTRY/web:$_RELEASE_VERSION + docker push $_AZ_REGISTRY/web-sh:$_RELEASE_VERSION + docker push $_AZ_REGISTRY/web:latest + docker push $_AZ_REGISTRY/web-sh:latest + fi + + - name: Update deployment status to Success + if: ${{ github.event.inputs.publish_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: '${{ secrets.GITHUB_TOKEN }}' + environment-url: http://vault.bitwarden.com + state: 'success' + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + - name: Update deployment status to Failure + if: ${{ github.event.inputs.publish_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: '${{ secrets.GITHUB_TOKEN }}' + environment-url: http://vault.bitwarden.com + state: 'failure' + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + - name: Log out of Docker + run: docker logout diff --git a/.github/workflows/release-browser.yml b/.github/workflows/release-browser.yml index 68c33ca358..3feaff8ced 100644 --- a/.github/workflows/release-browser.yml +++ b/.github/workflows/release-browser.yml @@ -91,16 +91,6 @@ jobs: - setup - locales-test steps: - - name: Create GitHub deployment - uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 - id: deployment - with: - token: '${{ secrets.GITHUB_TOKEN }}' - initial-status: 'in_progress' - environment: 'Browser - Production' - description: 'Deployment ${{ needs.setup.outputs.release-version }} from branch ${{ github.ref_name }}' - task: release - - name: Download latest Release build artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main @@ -152,19 +142,3 @@ jobs: body: "" token: ${{ secrets.GITHUB_TOKEN }} draft: true - - - name: Update deployment status to Success - if: ${{ success() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: '${{ secrets.GITHUB_TOKEN }}' - state: 'success' - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - - name: Update deployment status to Failure - if: ${{ failure() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: '${{ secrets.GITHUB_TOKEN }}' - state: 'failure' - deployment-id: ${{ steps.deployment.outputs.deployment_id }} diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index 6d56c3be83..fe402e7a8f 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -14,22 +14,6 @@ on: - Initial Release - Redeploy - Dry Run - snap_publish: - description: 'Publish to Snap store' - required: true - default: true - type: boolean - choco_publish: - description: 'Publish to Chocolatey store' - required: true - default: true - type: boolean - npm_publish: - description: 'Publish to npm registry' - required: true - default: true - type: boolean - defaults: run: @@ -65,17 +49,11 @@ jobs: monorepo: true monorepo-project: cli - - name: Create GitHub deployment - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 - id: deployment - with: - token: '${{ secrets.GITHUB_TOKEN }}' - initial-status: 'in_progress' - environment: 'CLI - Production' - description: 'Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}' - task: release - + release: + name: Release + runs-on: ubuntu-22.04 + needs: setup + steps: - name: Download all Release artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main @@ -121,189 +99,3 @@ jobs: body: "" token: ${{ secrets.GITHUB_TOKEN }} draft: true - - - name: Update deployment status to Success - if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: '${{ secrets.GITHUB_TOKEN }}' - state: 'success' - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - - name: Update deployment status to Failure - if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: '${{ secrets.GITHUB_TOKEN }}' - state: 'failure' - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - snap: - name: Deploy Snap - runs-on: ubuntu-22.04 - needs: setup - if: inputs.snap_publish - env: - _PKG_VERSION: ${{ needs.setup.outputs.release-version }} - steps: - - name: Checkout repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Login to Azure - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "snapcraft-store-token" - - - name: Install Snap - uses: samuelmeuli/action-snapcraft@d33c176a9b784876d966f80fb1b461808edc0641 # v2.1.1 - - - name: Download artifacts - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-cli.yml - path: apps/cli - workflow_conclusion: success - branch: ${{ github.ref_name }} - artifacts: bw_${{ env._PKG_VERSION }}_amd64.snap - - - name: Dry Run - Download artifacts - if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-cli.yml - path: apps/cli - workflow_conclusion: success - branch: main - artifacts: bw_${{ env._PKG_VERSION }}_amd64.snap - - - name: Publish Snap & logout - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - env: - SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} - run: | - snapcraft upload bw_${{ env._PKG_VERSION }}_amd64.snap --release stable - snapcraft logout - - choco: - name: Deploy Choco - runs-on: windows-2022 - needs: setup - if: inputs.choco_publish - env: - _PKG_VERSION: ${{ needs.setup.outputs.release-version }} - steps: - - name: Checkout repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Login to Azure - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "cli-choco-api-key" - - - name: Setup Chocolatey - run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ - env: - CHOCO_API_KEY: ${{ steps.retrieve-secrets.outputs.cli-choco-api-key }} - - - name: Make dist dir - shell: pwsh - run: New-Item -ItemType directory -Path ./dist - - - name: Download artifacts - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-cli.yml - path: apps/cli/dist - workflow_conclusion: success - branch: ${{ github.ref_name }} - artifacts: bitwarden-cli.${{ env._PKG_VERSION }}.nupkg - - - name: Dry Run - Download artifacts - if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-cli.yml - path: apps/cli/dist - workflow_conclusion: success - branch: main - artifacts: bitwarden-cli.${{ env._PKG_VERSION }}.nupkg - - - name: Push to Chocolatey - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - shell: pwsh - run: | - cd dist - choco push --source=https://push.chocolatey.org/ - - npm: - name: Publish NPM - runs-on: ubuntu-22.04 - needs: setup - if: inputs.npm_publish - env: - _PKG_VERSION: ${{ needs.setup.outputs.release-version }} - steps: - - name: Checkout repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Login to Azure - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "npm-api-key" - - - name: Download artifacts - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-cli.yml - path: apps/cli/build - workflow_conclusion: success - branch: ${{ github.ref_name }} - artifacts: bitwarden-cli-${{ env._PKG_VERSION }}-npm-build.zip - - - name: Dry Run - Download artifacts - if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-cli.yml - path: apps/cli/build - workflow_conclusion: success - branch: main - artifacts: bitwarden-cli-${{ env._PKG_VERSION }}-npm-build.zip - - - name: Setup NPM - run: | - echo 'registry="https://registry.npmjs.org/"' > ./.npmrc - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc - env: - NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} - - - name: Install Husky - run: npm install -g husky - - - name: Publish NPM - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - run: npm publish --access public --regsitry=https://registry.npmjs.org/ --userconfig=./.npmrc diff --git a/.github/workflows/release-desktop.yml b/.github/workflows/release-desktop.yml index eb63a53f2e..c9e1df9402 100644 --- a/.github/workflows/release-desktop.yml +++ b/.github/workflows/release-desktop.yml @@ -6,34 +6,13 @@ on: workflow_dispatch: inputs: release_type: - description: 'Release Options' + description: 'Release Type' required: true - default: 'Initial Release' + default: 'Release' type: choice options: - - Initial Release - - Redeploy + - Release - Dry Run - rollout_percentage: - description: 'Staged Rollout Percentage' - required: true - default: '10' - type: string - snap_publish: - description: 'Publish to Snap store' - required: true - default: true - type: boolean - choco_publish: - description: 'Publish to Chocolatey store' - required: true - default: true - type: boolean - github_release: - description: 'Publish GitHub release' - required: true - default: true - type: boolean defaults: run: @@ -87,31 +66,6 @@ jobs: ;; esac - - name: Create GitHub deployment - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 - id: deployment - with: - token: '${{ secrets.GITHUB_TOKEN }}' - initial-status: 'in_progress' - environment: 'Desktop - Production' - description: 'Deployment ${{ steps.version.outputs.version }} to channel ${{ steps.release-channel.outputs.channel }} from branch ${{ github.ref_name }}' - task: release - - - name: Login to Azure - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "aws-electron-access-id, - aws-electron-access-key, - aws-electron-bucket-name" - - name: Download all artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main @@ -136,29 +90,6 @@ jobs: working-directory: apps/desktop/artifacts run: mv Bitwarden-${{ env.PKG_VERSION }}-universal.pkg Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive - - name: Set staged rollout percentage - env: - RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }} - ROLLOUT_PCT: ${{ inputs.rollout_percentage }} - run: | - echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}.yml - echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-linux.yml - echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-mac.yml - - - name: Publish artifacts to S3 - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - env: - AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }} - AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }} - AWS_DEFAULT_REGION: 'us-west-2' - AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.aws-electron-bucket-name }} - working-directory: apps/desktop/artifacts - run: | - aws s3 cp ./ $AWS_S3_BUCKET_NAME/desktop/ \ - --acl "public-read" \ - --recursive \ - --quiet - - name: Get checksum files uses: bitwarden/gh-actions/get-checksum@main with: @@ -203,143 +134,3 @@ jobs: body: "" token: ${{ secrets.GITHUB_TOKEN }} draft: true - - - name: Update deployment status to Success - if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: '${{ secrets.GITHUB_TOKEN }}' - state: 'success' - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - - name: Update deployment status to Failure - if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: '${{ secrets.GITHUB_TOKEN }}' - state: 'failure' - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - snap: - name: Deploy Snap - runs-on: ubuntu-22.04 - needs: setup - if: ${{ github.event.inputs.snap_publish == 'true' }} - env: - _PKG_VERSION: ${{ needs.setup.outputs.release-version }} - steps: - - name: Checkout Repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Login to Azure - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "snapcraft-store-token" - - - name: Install Snap - uses: samuelmeuli/action-snapcraft@d33c176a9b784876d966f80fb1b461808edc0641 # v2.1.1 - - - name: Setup - run: mkdir dist - working-directory: apps/desktop - - - name: Download Snap artifact - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-desktop.yml - workflow_conclusion: success - branch: ${{ github.ref_name }} - artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap - path: apps/desktop/dist - - - name: Dry Run - Download Snap artifact - if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-desktop.yml - workflow_conclusion: success - branch: main - artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap - path: apps/desktop/dist - - - name: Deploy to Snap Store - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - env: - SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} - run: | - snapcraft upload bitwarden_${{ env._PKG_VERSION }}_amd64.snap --release stable - snapcraft logout - working-directory: apps/desktop/dist - - choco: - name: Deploy Choco - runs-on: windows-2022 - needs: setup - if: ${{ github.event.inputs.choco_publish == 'true' }} - env: - _PKG_VERSION: ${{ needs.setup.outputs.release-version }} - steps: - - name: Checkout Repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Print Environment - run: | - dotnet --version - dotnet nuget --version - - - name: Login to Azure - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "cli-choco-api-key" - - - name: Setup Chocolatey - shell: pwsh - run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ - env: - CHOCO_API_KEY: ${{ steps.retrieve-secrets.outputs.cli-choco-api-key }} - - - name: Make dist dir - shell: pwsh - run: New-Item -ItemType directory -Path ./dist - working-directory: apps/desktop - - - name: Download choco artifact - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-desktop.yml - workflow_conclusion: success - branch: ${{ github.ref_name }} - artifacts: bitwarden.${{ env._PKG_VERSION }}.nupkg - path: apps/desktop/dist - - - name: Dry Run - Download choco artifact - if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-desktop.yml - workflow_conclusion: success - branch: main - artifacts: bitwarden.${{ env._PKG_VERSION }}.nupkg - path: apps/desktop/dist - - - name: Push to Chocolatey - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - shell: pwsh - run: choco push --source=https://push.chocolatey.org/ - working-directory: apps/desktop/dist diff --git a/.github/workflows/release-web.yml b/.github/workflows/release-web.yml index 2da6daaa19..596341459c 100644 --- a/.github/workflows/release-web.yml +++ b/.github/workflows/release-web.yml @@ -15,9 +15,6 @@ on: - Redeploy - Dry Run -env: - _AZ_REGISTRY: bitwardenprod.azurecr.io - jobs: setup: name: Setup @@ -49,89 +46,12 @@ jobs: monorepo: true monorepo-project: web - self-host: - name: Release self-host docker - runs-on: ubuntu-22.04 - needs: setup - env: - _BRANCH_NAME: ${{ github.ref_name }} - _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} - _RELEASE_OPTION: ${{ github.event.inputs.release_type }} - steps: - - name: Print environment - run: | - whoami - docker --version - echo "GitHub ref: $GITHUB_REF" - echo "GitHub event: $GITHUB_EVENT" - echo "Github Release Option: $_RELEASE_OPTION" - - - name: Checkout repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - ########## ACR ########## - - name: Login to Azure - PROD Subscription - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - - name: Login to Azure ACR - run: az acr login -n bitwardenprod - - - name: Pull branch image - run: | - if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then - docker pull $_AZ_REGISTRY/web:latest - else - docker pull $_AZ_REGISTRY/web:$_BRANCH_NAME - fi - - - name: Tag version - run: | - if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then - docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web:dryrun - docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web-sh:dryrun - else - docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web:$_RELEASE_VERSION - docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web-sh:$_RELEASE_VERSION - docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web:latest - docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web-sh:latest - fi - - - name: Push version - run: | - if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then - docker push $_AZ_REGISTRY/web:dryrun - docker push $_AZ_REGISTRY/web-sh:dryrun - else - docker push $_AZ_REGISTRY/web:$_RELEASE_VERSION - docker push $_AZ_REGISTRY/web-sh:$_RELEASE_VERSION - docker push $_AZ_REGISTRY/web:latest - docker push $_AZ_REGISTRY/web-sh:latest - fi - - - name: Log out of Docker - run: docker logout - release: name: Create GitHub Release runs-on: ubuntu-22.04 needs: - setup - - self-host steps: - - name: Create GitHub deployment - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 - id: deployment - with: - token: '${{ secrets.GITHUB_TOKEN }}' - initial-status: 'in_progress' - environment-url: http://vault.bitwarden.com - environment: 'Web Vault - US Production Cloud' - description: 'Deployment ${{ needs.setup.outputs.release_version }} from branch ${{ github.ref_name }}' - task: release - - name: Download latest build artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main @@ -172,21 +92,3 @@ jobs: apps/web/artifacts/web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip" token: ${{ secrets.GITHUB_TOKEN }} draft: true - - - name: Update deployment status to Success - if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: '${{ secrets.GITHUB_TOKEN }}' - environment-url: http://vault.bitwarden.com - state: 'success' - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - - name: Update deployment status to Failure - if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: '${{ secrets.GITHUB_TOKEN }}' - environment-url: http://vault.bitwarden.com - state: 'failure' - deployment-id: ${{ steps.deployment.outputs.deployment_id }}