From 97dbcbb815665cd64a7a6ea2c3ae7b2e8219a2f2 Mon Sep 17 00:00:00 2001 From: Alex Urbina <42731074+urbinaalex17@users.noreply.github.com> Date: Mon, 27 Nov 2023 10:49:16 -0600 Subject: [PATCH] DEVOPS-1581 Update deploy-non-prod-web workflow to deploy web (#6897) * DEVOPS-1581 ADD: azure-deploy job to non-prod-web workflow * DEVOPS-1581 REFACTOR: Azure deployment workflow to use environment-specific artifact * DEVOPS-1581 REFACTOR: Azure login and retrieve secrets in deploy-non-prod-web.yml * DEVOPS-1581 REFACTOR: Storage Account to Web Vault deployment name * DEVOPS-1581 REFACTOR: Azure credentials for non-prod web in azure-deploy deployment * DEVOPS-1581 REFACTOR: deploy-non-prod-web workflow to add EUQA option and make it env dynamic * DEVOPS-1581 FIX: environment names in deploy script * DEVOPS-1581 REFACTOR: Environment artifact names * DEVOPS-1581 REFACTOR: Deployment workflow to remove CloudFlare Pages deployment * DEVOPS-1581 REFACTOR: Deployment workflow to use Azure instead of Cloudflare * DEVOPS-1581 REFACTOR: Deploy script to use azcopy for syncing files to Azure Storage Account * DEVOPS-1581 REFACTOR: Azure Storage Account sync command * Revert "DEVOPS-1581 REFACTOR: Deploy script to use azcopy for syncing files to Azure Storage Account" This reverts commit 2b7c3ae1a7194b0a946f179e3b09247a84da6574. * DEVOPS-1581 ADD: USPROD environment configuration * Revert "DEVOPS-1581 REFACTOR: Deployment workflow to remove CloudFlare Pages deployment" This reverts commit c650cdadeb772ea39d490198d33528171a484367. * devops-1581 REFACTOR: Deployment workflow to include cfpages-deploy job --- .github/workflows/deploy-non-prod-web.yml | 70 ++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-non-prod-web.yml b/.github/workflows/deploy-non-prod-web.yml index b1df20b189..296a77e581 100644 --- a/.github/workflows/deploy-non-prod-web.yml +++ b/.github/workflows/deploy-non-prod-web.yml @@ -11,6 +11,8 @@ on: type: choice options: - QA + - EUQA + - USPROD workflow_call: inputs: @@ -29,6 +31,8 @@ jobs: environment-name: ${{ steps.config.outputs.environment-name }} environment-branch: ${{ steps.config.outputs.environment-branch }} environment-artifact: ${{ steps.config.outputs.environment-artifact }} + azure-login-creds: ${{ steps.config.outputs.azure-login-creds }} + retrieve-secrets-keyvault: ${{ steps.config.outputs.retrieve-secrets-keyvault }} steps: - name: Configure id: config @@ -39,7 +43,19 @@ jobs: echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT echo "environment-name=Web Vault - ${{ inputs.environment }}" >> $GITHUB_OUTPUT echo "environment-branch=cf-pages-$ENV_NAME_LOWER" >> $GITHUB_OUTPUT - echo "environment-artifact=web-*-cloud-${{ inputs.environment }}.zip" >> $GITHUB_OUTPUT + if [ ${{ inputs.environment }} == "QA" ]; then + echo "azure-login-creds=AZURE_KV_US_QA_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT + echo "retrieve-secrets-keyvault=bw-webvault-rlktusqa-kv" >> $GITHUB_OUTPUT + echo "environment-artifact=web-*-cloud-QA.zip" >> $GITHUB_OUTPUT + elif [ ${{ inputs.environment }} == "EUQA" ]; then + echo "azure-login-creds=AZURE_KV_EU_QA_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT + echo "retrieve-secrets-keyvault=webvaulteu-westeurope-qa" >> $GITHUB_OUTPUT + echo "environment-artifact=web-*-cloud-euqa.zip" >> $GITHUB_OUTPUT + elif [ ${{ inputs.environment }} == "USPROD" ]; then + echo "azure-login-creds=AZURE_KV_US_PROD_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT + echo "retrieve-secrets-keyvault=bw-webvault-klrt-kv" >> $GITHUB_OUTPUT + echo "environment-artifact=web-*-cloud-COMMERCIAL.zip" >> $GITHUB_OUTPUT + fi artifact-check: name: Check if Web artifact is present @@ -86,6 +102,7 @@ jobs: cfpages-deploy: name: Deploy Web Vault to ${{ inputs.environment }} CloudFlare Pages branch + if : ${{ inputs.environment == 'QA' }} needs: - setup - artifact-check @@ -171,6 +188,57 @@ jobs: state: 'failure' deployment-id: ${{ steps.deployment.outputs.deployment_id }} + azure-deploy: + name: Deploy Web Vault to ${{ inputs.environment }} Storage Account + needs: + - setup + - artifact-check + runs-on: ubuntu-22.04 + env: + _ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }} + steps: + - name: Login to Azure + uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 + with: + creds: ${{ secrets[needs.setup.outputs.azure-login-creds] }} + + - name: Retrieve Storage Account connection string + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: ${{ needs.setup.outputs.retrieve-secrets-keyvault }} + secrets: "sa-bitwarden-web-vault-dev-key-temp" + + - name: Download latest cloud asset + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-web.yml + path: apps/web + workflow_conclusion: success + branch: ${{ github.event.inputs.tag }} + artifacts: ${{ env._ENVIRONMENT_ARTIFACT }} + + - name: Unzip build asset + working-directory: apps/web + run: unzip ${{ env._ENVIRONMENT_ARTIFACT }} + + - name: Empty container in Storage Account + run: | + az storage blob delete-batch \ + --source '$web' \ + --pattern '*' \ + --connection-string "${{ steps.retrieve-secrets.outputs.sa-bitwarden-web-vault-dev-key-temp }}" + + - name: Deploy to Azure Storage Account + working-directory: apps/web + run: | + az storage blob upload-batch \ + --source "./build" \ + --destination '$web' \ + --connection-string "${{ steps.retrieve-secrets.outputs.sa-bitwarden-web-vault-dev-key-temp }}" \ + --overwrite \ + --no-progress + notify: name: Notify Slack with result runs-on: ubuntu-22.04