DEVOPS-1581 Update deploy-non-prod-web workflow to deploy web (#6897)
* DEVOPS-1581 ADD: azure-deploy job to non-prod-web workflow * DEVOPS-1581 REFACTOR: Azure deployment workflow to use environment-specific artifact * DEVOPS-1581 REFACTOR: Azure login and retrieve secrets in deploy-non-prod-web.yml * DEVOPS-1581 REFACTOR: Storage Account to Web Vault deployment name * DEVOPS-1581 REFACTOR: Azure credentials for non-prod web in azure-deploy deployment * DEVOPS-1581 REFACTOR: deploy-non-prod-web workflow to add EUQA option and make it env dynamic * DEVOPS-1581 FIX: environment names in deploy script * DEVOPS-1581 REFACTOR: Environment artifact names * DEVOPS-1581 REFACTOR: Deployment workflow to remove CloudFlare Pages deployment * DEVOPS-1581 REFACTOR: Deployment workflow to use Azure instead of Cloudflare * DEVOPS-1581 REFACTOR: Deploy script to use azcopy for syncing files to Azure Storage Account * DEVOPS-1581 REFACTOR: Azure Storage Account sync command * Revert "DEVOPS-1581 REFACTOR: Deploy script to use azcopy for syncing files to Azure Storage Account" This reverts commit2b7c3ae1a7
. * DEVOPS-1581 ADD: USPROD environment configuration * Revert "DEVOPS-1581 REFACTOR: Deployment workflow to remove CloudFlare Pages deployment" This reverts commitc650cdadeb
. * devops-1581 REFACTOR: Deployment workflow to include cfpages-deploy job
This commit is contained in:
parent
162c669177
commit
97dbcbb815
|
@ -11,6 +11,8 @@ on:
|
|||
type: choice
|
||||
options:
|
||||
- QA
|
||||
- EUQA
|
||||
- USPROD
|
||||
|
||||
workflow_call:
|
||||
inputs:
|
||||
|
@ -29,6 +31,8 @@ jobs:
|
|||
environment-name: ${{ steps.config.outputs.environment-name }}
|
||||
environment-branch: ${{ steps.config.outputs.environment-branch }}
|
||||
environment-artifact: ${{ steps.config.outputs.environment-artifact }}
|
||||
azure-login-creds: ${{ steps.config.outputs.azure-login-creds }}
|
||||
retrieve-secrets-keyvault: ${{ steps.config.outputs.retrieve-secrets-keyvault }}
|
||||
steps:
|
||||
- name: Configure
|
||||
id: config
|
||||
|
@ -39,7 +43,19 @@ jobs:
|
|||
echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT
|
||||
echo "environment-name=Web Vault - ${{ inputs.environment }}" >> $GITHUB_OUTPUT
|
||||
echo "environment-branch=cf-pages-$ENV_NAME_LOWER" >> $GITHUB_OUTPUT
|
||||
echo "environment-artifact=web-*-cloud-${{ inputs.environment }}.zip" >> $GITHUB_OUTPUT
|
||||
if [ ${{ inputs.environment }} == "QA" ]; then
|
||||
echo "azure-login-creds=AZURE_KV_US_QA_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
|
||||
echo "retrieve-secrets-keyvault=bw-webvault-rlktusqa-kv" >> $GITHUB_OUTPUT
|
||||
echo "environment-artifact=web-*-cloud-QA.zip" >> $GITHUB_OUTPUT
|
||||
elif [ ${{ inputs.environment }} == "EUQA" ]; then
|
||||
echo "azure-login-creds=AZURE_KV_EU_QA_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
|
||||
echo "retrieve-secrets-keyvault=webvaulteu-westeurope-qa" >> $GITHUB_OUTPUT
|
||||
echo "environment-artifact=web-*-cloud-euqa.zip" >> $GITHUB_OUTPUT
|
||||
elif [ ${{ inputs.environment }} == "USPROD" ]; then
|
||||
echo "azure-login-creds=AZURE_KV_US_PROD_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
|
||||
echo "retrieve-secrets-keyvault=bw-webvault-klrt-kv" >> $GITHUB_OUTPUT
|
||||
echo "environment-artifact=web-*-cloud-COMMERCIAL.zip" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
artifact-check:
|
||||
name: Check if Web artifact is present
|
||||
|
@ -86,6 +102,7 @@ jobs:
|
|||
|
||||
cfpages-deploy:
|
||||
name: Deploy Web Vault to ${{ inputs.environment }} CloudFlare Pages branch
|
||||
if : ${{ inputs.environment == 'QA' }}
|
||||
needs:
|
||||
- setup
|
||||
- artifact-check
|
||||
|
@ -171,6 +188,57 @@ jobs:
|
|||
state: 'failure'
|
||||
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
|
||||
|
||||
azure-deploy:
|
||||
name: Deploy Web Vault to ${{ inputs.environment }} Storage Account
|
||||
needs:
|
||||
- setup
|
||||
- artifact-check
|
||||
runs-on: ubuntu-22.04
|
||||
env:
|
||||
_ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }}
|
||||
steps:
|
||||
- name: Login to Azure
|
||||
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
||||
with:
|
||||
creds: ${{ secrets[needs.setup.outputs.azure-login-creds] }}
|
||||
|
||||
- name: Retrieve Storage Account connection string
|
||||
id: retrieve-secrets
|
||||
uses: bitwarden/gh-actions/get-keyvault-secrets@main
|
||||
with:
|
||||
keyvault: ${{ needs.setup.outputs.retrieve-secrets-keyvault }}
|
||||
secrets: "sa-bitwarden-web-vault-dev-key-temp"
|
||||
|
||||
- name: Download latest cloud asset
|
||||
uses: bitwarden/gh-actions/download-artifacts@main
|
||||
with:
|
||||
workflow: build-web.yml
|
||||
path: apps/web
|
||||
workflow_conclusion: success
|
||||
branch: ${{ github.event.inputs.tag }}
|
||||
artifacts: ${{ env._ENVIRONMENT_ARTIFACT }}
|
||||
|
||||
- name: Unzip build asset
|
||||
working-directory: apps/web
|
||||
run: unzip ${{ env._ENVIRONMENT_ARTIFACT }}
|
||||
|
||||
- name: Empty container in Storage Account
|
||||
run: |
|
||||
az storage blob delete-batch \
|
||||
--source '$web' \
|
||||
--pattern '*' \
|
||||
--connection-string "${{ steps.retrieve-secrets.outputs.sa-bitwarden-web-vault-dev-key-temp }}"
|
||||
|
||||
- name: Deploy to Azure Storage Account
|
||||
working-directory: apps/web
|
||||
run: |
|
||||
az storage blob upload-batch \
|
||||
--source "./build" \
|
||||
--destination '$web' \
|
||||
--connection-string "${{ steps.retrieve-secrets.outputs.sa-bitwarden-web-vault-dev-key-temp }}" \
|
||||
--overwrite \
|
||||
--no-progress
|
||||
|
||||
notify:
|
||||
name: Notify Slack with result
|
||||
runs-on: ubuntu-22.04
|
||||
|
|
Loading…
Reference in New Issue