[DEVOPS-1528] - Update clients to point build and release to Prod ACR (#6026)
* update clients to point build and release to Prod ACR * FIX: typo * FIX: run block * UPDATE: add suggestions * UPDATE: workflow runners and job needs * UPDATE: registry env in build * UPDATE: suggestion
This commit is contained in:
parent
e016ed001e
commit
d2bff7eb8b
|
@ -31,6 +31,9 @@ on:
|
|||
description: "Custom image tag extension"
|
||||
required: false
|
||||
|
||||
env:
|
||||
_AZ_REGISTRY: bitwardenprod.azurecr.io
|
||||
|
||||
jobs:
|
||||
cloc:
|
||||
name: CLOC
|
||||
|
@ -65,8 +68,7 @@ jobs:
|
|||
build-artifacts:
|
||||
name: Build artifacts
|
||||
runs-on: ubuntu-22.04
|
||||
needs:
|
||||
- setup
|
||||
needs: setup
|
||||
env:
|
||||
_VERSION: ${{ needs.setup.outputs.version }}
|
||||
strategy:
|
||||
|
@ -146,13 +148,10 @@ jobs:
|
|||
matrix:
|
||||
include:
|
||||
- artifact_name: cloud-QA
|
||||
registries: [bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
|
||||
image_name: web-qa-cloud
|
||||
- artifact_name: ee
|
||||
registries: [bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
|
||||
image_name: web-ee
|
||||
- artifact_name: selfhosted-COMMERCIAL
|
||||
registries: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
|
||||
image_name: web
|
||||
env:
|
||||
_VERSION: ${{ needs.setup.outputs.version }}
|
||||
|
@ -174,15 +173,7 @@ jobs:
|
|||
fi
|
||||
|
||||
########## ACRs ##########
|
||||
- name: Login to Azure - QA
|
||||
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
||||
with:
|
||||
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
|
||||
|
||||
- name: Log into QA container registry
|
||||
run: az acr login -n bitwardenqa
|
||||
|
||||
- name: Login to Azure - Prod
|
||||
- name: Login to Prod Azure
|
||||
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
||||
with:
|
||||
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
||||
|
@ -190,6 +181,18 @@ jobs:
|
|||
- name: Log into Prod container registry
|
||||
run: az acr login -n bitwardenprod
|
||||
|
||||
- name: Login to Azure - CI Subscription
|
||||
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
||||
with:
|
||||
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||
|
||||
- name: Retrieve github PAT secrets
|
||||
id: retrieve-secret-pat
|
||||
uses: bitwarden/gh-actions/get-keyvault-secrets@f096207b7a2f31723165aee6ad03e91716686e78
|
||||
with:
|
||||
keyvault: "bitwarden-ci"
|
||||
secrets: "github-pat-bitwarden-devops-bot-repo-scope"
|
||||
|
||||
- name: Download ${{ matrix.artifact_name }} artifact
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
|
@ -218,37 +221,17 @@ jobs:
|
|||
|
||||
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Generate tag list
|
||||
id: tag-list
|
||||
env:
|
||||
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
|
||||
PROJECT_NAME: ${{ matrix.image_name }}
|
||||
run: echo "tags=bitwardenqa.azurecr.io/${PROJECT_NAME}:${IMAGE_TAG},bitwardenprod.azurecr.io/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
|
||||
|
||||
########## Build Image ##########
|
||||
- name: Extract artifact
|
||||
working-directory: apps/web
|
||||
run: unzip web-${{ env._VERSION }}-${{ matrix.artifact_name }}.zip
|
||||
|
||||
- name: Login to Azure
|
||||
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
||||
with:
|
||||
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||
|
||||
- name: Retrieve github PAT secrets
|
||||
id: retrieve-secret-pat
|
||||
uses: bitwarden/gh-actions/get-keyvault-secrets@a30e9c3d658dc97c4c2e61ec749fdab64b83386c
|
||||
with:
|
||||
keyvault: "bitwarden-ci"
|
||||
secrets: "github-pat-bitwarden-devops-bot-repo-scope"
|
||||
|
||||
- name: Setup DCT
|
||||
if: ${{ env.is_publish_branch == 'true' }}
|
||||
id: setup-dct
|
||||
uses: bitwarden/gh-actions/setup-docker-trust@a30e9c3d658dc97c4c2e61ec749fdab64b83386c
|
||||
with:
|
||||
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||
azure-keyvault-name: "bitwarden-ci"
|
||||
- name: Generate image full name
|
||||
id: image-name
|
||||
env:
|
||||
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
|
||||
PROJECT_NAME: ${{ matrix.image_name }}
|
||||
run: echo "name=$_AZ_REGISTRY/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Build Docker image
|
||||
uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
|
||||
|
@ -257,21 +240,10 @@ jobs:
|
|||
file: apps/web/Dockerfile
|
||||
platforms: linux/amd64
|
||||
push: true
|
||||
tags: ${{ steps.tag-list.outputs.tags }}
|
||||
tags: ${{ steps.image-name.outputs.name }}
|
||||
secrets: |
|
||||
"GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}"
|
||||
|
||||
- name: Push to DockerHub
|
||||
if: contains(matrix.registries, 'bitwarden') && env.is_publish_branch == 'true'
|
||||
env:
|
||||
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
|
||||
PROJECT_NAME: ${{ matrix.image_name }}
|
||||
DOCKER_CONTENT_TRUST: 1
|
||||
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
|
||||
run: |
|
||||
docker tag bitwardenprod.azurecr.io/$PROJECT_NAME:$IMAGE_TAG bitwarden/$PROJECT_NAME:$IMAGE_TAG
|
||||
docker push bitwarden/$PROJECT_NAME:$IMAGE_TAG
|
||||
|
||||
- name: Log out of Docker
|
||||
run: docker logout
|
||||
|
||||
|
@ -279,8 +251,7 @@ jobs:
|
|||
crowdin-push:
|
||||
name: Crowdin Push
|
||||
if: github.ref == 'refs/heads/master'
|
||||
needs:
|
||||
- build-artifacts
|
||||
needs: build-artifacts
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
|
|
|
@ -15,6 +15,9 @@ on:
|
|||
- Redeploy
|
||||
- Dry Run
|
||||
|
||||
env:
|
||||
_AZ_REGISTRY: bitwardenprod.azurecr.io
|
||||
|
||||
jobs:
|
||||
setup:
|
||||
name: Setup
|
||||
|
@ -46,7 +49,6 @@ jobs:
|
|||
monorepo: true
|
||||
monorepo-project: web
|
||||
|
||||
|
||||
self-host:
|
||||
name: Release self-host docker
|
||||
runs-on: ubuntu-22.04
|
||||
|
@ -67,42 +69,6 @@ jobs:
|
|||
- name: Checkout repo
|
||||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
||||
|
||||
########## DockerHub ##########
|
||||
- name: Setup DCT
|
||||
id: setup-dct
|
||||
uses: bitwarden/gh-actions/setup-docker-trust@a30e9c3d658dc97c4c2e61ec749fdab64b83386c
|
||||
with:
|
||||
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
|
||||
azure-keyvault-name: "bitwarden-ci"
|
||||
|
||||
- name: Pull branch image
|
||||
run: |
|
||||
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
|
||||
docker pull bitwarden/web:latest
|
||||
else
|
||||
docker pull bitwarden/web:$_BRANCH_NAME
|
||||
fi
|
||||
|
||||
- name: Docker Tag version
|
||||
run: |
|
||||
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
|
||||
docker tag bitwarden/web:latest bitwarden/web:$_RELEASE_VERSION
|
||||
else
|
||||
docker tag bitwarden/web:$_BRANCH_NAME bitwarden/web:$_RELEASE_VERSION
|
||||
fi
|
||||
|
||||
- name: Docker Push version
|
||||
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
||||
env:
|
||||
DOCKER_CONTENT_TRUST: 1
|
||||
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
|
||||
run: docker push bitwarden/web:$_RELEASE_VERSION
|
||||
|
||||
- name: Log out of Docker and disable Docker Notary
|
||||
run: |
|
||||
docker logout
|
||||
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
|
||||
|
||||
########## ACR ##########
|
||||
- name: Login to Azure - PROD Subscription
|
||||
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
||||
|
@ -112,28 +78,37 @@ jobs:
|
|||
- name: Login to Azure ACR
|
||||
run: az acr login -n bitwardenprod
|
||||
|
||||
- name: Tag version
|
||||
env:
|
||||
REGISTRY: bitwardenprod.azurecr.io
|
||||
- name: Pull branch image
|
||||
run: |
|
||||
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
|
||||
docker tag bitwarden/web:latest $REGISTRY/web:$_RELEASE_VERSION
|
||||
|
||||
docker tag bitwarden/web:latest $REGISTRY/web-sh:$_RELEASE_VERSION
|
||||
docker pull $_AZ_REGISTRY/web:latest
|
||||
else
|
||||
docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web:$_RELEASE_VERSION
|
||||
docker pull $_AZ_REGISTRY/web:$_BRANCH_NAME
|
||||
fi
|
||||
|
||||
docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web-sh:$_RELEASE_VERSION
|
||||
- name: Tag version
|
||||
run: |
|
||||
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
|
||||
docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web:dryrun
|
||||
docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web-sh:dryrun
|
||||
else
|
||||
docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web:$_RELEASE_VERSION
|
||||
docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web-sh:$_RELEASE_VERSION
|
||||
docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web:latest
|
||||
docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web-sh:latest
|
||||
fi
|
||||
|
||||
- name: Push version
|
||||
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
||||
env:
|
||||
REGISTRY: bitwardenprod.azurecr.io
|
||||
run: |
|
||||
docker push $REGISTRY/web:$_RELEASE_VERSION
|
||||
|
||||
docker push $REGISTRY/web-sh:$_RELEASE_VERSION
|
||||
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
|
||||
docker push $_AZ_REGISTRY/web:dryrun
|
||||
docker push $_AZ_REGISTRY/web-sh:dryrun
|
||||
else
|
||||
docker push $_AZ_REGISTRY/web:$_RELEASE_VERSION
|
||||
docker push $_AZ_REGISTRY/web-sh:$_RELEASE_VERSION
|
||||
docker push $_AZ_REGISTRY/web:latest
|
||||
docker push $_AZ_REGISTRY/web-sh:latest
|
||||
fi
|
||||
|
||||
- name: Log out of Docker
|
||||
run: docker logout
|
||||
|
|
Loading…
Reference in New Issue