From 9a35608fc3b151a35dcdc3d7d66561b95e130775 Mon Sep 17 00:00:00 2001 From: Opeyemi Date: Tue, 11 Jun 2024 15:31:37 +0100 Subject: [PATCH] Revert "restrict deployment to USDEV and protect environment (#9571)" (#9583) This reverts commit f9faeeba4c9a928cf00936951484c6673786cf9d. --- .github/workflows/deploy-web.yml | 62 +------------------------------- 1 file changed, 1 insertion(+), 61 deletions(-) diff --git a/.github/workflows/deploy-web.yml b/.github/workflows/deploy-web.yml index 52230a12bc..1ff6767141 100644 --- a/.github/workflows/deploy-web.yml +++ b/.github/workflows/deploy-web.yml @@ -112,48 +112,13 @@ jobs: echo "azure-login-creds=AZURE_KV_US_DEV_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT echo "retrieve-secrets-keyvault=webvault-eastus-dev" >> $GITHUB_OUTPUT echo "environment-artifact=web-*-cloud-usdev.zip" >> $GITHUB_OUTPUT - echo "environment-name=Web Vault - US DEV Cloud" >> $GITHUB_OUTPUT + echo "environment-name=Web Vault - US Development Cloud" >> $GITHUB_OUTPUT echo "environment-url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT ;; esac # Set the sync utility to use for deployment to the environment (az-sync or azcopy) echo "sync-utility=azcopy" >> $GITHUB_OUTPUT - - name: Environment Protection - env: - TAG: ${{ steps.project_tag.outputs.tag }} - run: | - BRANCH_OR_TAG_LOWER=$(echo ${{ inputs.branch-or-tag }} | awk '{print tolower($0)}') - - PROD_ENV_PATTERN='USPROD|EUPROD' - PROD_ALLOWED_TAGS_PATTERN='web-v[0-9]+\.[0-9]+\.[0-9]+' - - QA_ENV_PATTERN='USQA|EUQA' - QA_ALLOWED_TAGS_PATTERN='.*' - - DEV_ENV_PATTERN='USDEV' - DEV_ALLOWED_TAGS_PATTERN='.*' - - if [[ \ - ${{ inputs.environment }} =~ \.*($PROD_ENV_PATTERN)\.* && \ - ! "$BRANCH_OR_TAG_LOWER" =~ ^($PROD_ALLOWED_TAGS_PATTERN).* \ - ]] || [[ \ - ${{ inputs.environment }} =~ \.*($QA_ENV_PATTERN)\.* && \ - ! "$BRANCH_OR_TAG_LOWER" =~ ^($QA_ALLOWED_TAGS_PATTERN).* \ - ]] || [[ \ - =~ \.*($DEV_ENV_PATTERN)\.* && \ - ! "$BRANCH_OR_TAG_LOWER" =~ ^($DEV_ALLOWED_TAGS_PATTERN).* \ - ]]; then - echo "!Deployment blocked!" - echo "Attempting to deploy a tag that is not allowed in ${{ inputs.environment }} environment" - echo - echo "Environment: ${{ inputs.environment }} - echo "Tag: ${{ inputs.branch-or-tag }} - exit 1 - else - echo "${{ inputs.branch-or-tag }} is allowed to deployed on to ${{ inputs.environment }} environment" - fi - approval: name: Approval for Deployment to ${{ needs.setup.outputs.environment-name }} needs: setup @@ -241,31 +206,6 @@ jobs: echo "commit=${{ steps.download-latest-artifacts.outputs.artifact-build-commit }}" >> $GITHUB_OUTPUT fi - - name: Ensure artifact is from main branch for USDEV environment - if: ${{ 'inputs.environment' == 'USDEV'}} - run: | - # If run-id was used - if [ "${{ inputs.build-web-run-id }}" ]; then - if [ "${{ steps.download-latest-artifacts.outputs.artifact-build-branch }}" != "main" ]; then - echo "Artifact is not from main branch" - exit 1 - fi - - # If artifact download failed - elif [ "${{ steps.download-latest-artifacts.outcome }}" == "failure" ]; then - branch=$(gh api /repos/bitwarden/clients/actions/runs/${{ steps.trigger-build-web.outputs.workflow_id }}/artifacts --jq '.artifacts[0].workflow_run.head_branch') - if [ "$branch" != "main" ]; then - echo "Artifact is not from main branch" - exit 1 - fi - - else - if [ "${{ steps.download-latest-artifacts.outputs.artifact-build-branch }}" != "main" ]; then - echo "Artifact is not from main branch" - exit 1 - fi - fi - notify-start: name: Notify Slack with start message needs: