--- name: Release Web run-name: Release Web ${{ inputs.release_type }} on: workflow_dispatch: inputs: release_type: description: 'Release Options' required: true default: 'Initial Release' type: choice options: - Initial Release - Redeploy - Dry Run env: _AZ_REGISTRY: bitwardenprod.azurecr.io jobs: setup: name: Setup runs-on: ubuntu-22.04 outputs: release_version: ${{ steps.version.outputs.version }} tag_version: ${{ steps.version.outputs.tag }} steps: - name: Checkout repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Branch check if: ${{ github.event.inputs.release_type != 'Dry Run' }} run: | if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-web" ]]; then echo "===================================" echo "[!] Can only release from the 'rc' or 'hotfix-rc-web' branches" echo "===================================" exit 1 fi - name: Check Release Version id: version uses: bitwarden/gh-actions/release-version-check@main with: release-type: ${{ github.event.inputs.release_type }} project-type: ts file: apps/web/package.json monorepo: true monorepo-project: web self-host: name: Release self-host docker runs-on: ubuntu-22.04 needs: setup env: _BRANCH_NAME: ${{ github.ref_name }} _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} _RELEASE_OPTION: ${{ github.event.inputs.release_type }} steps: - name: Print environment run: | whoami docker --version echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" echo "Github Release Option: $_RELEASE_OPTION" - name: Checkout repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 ########## ACR ########## - name: Login to Azure - PROD Subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Login to Azure ACR run: az acr login -n bitwardenprod - name: Pull branch image run: | if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then docker pull $_AZ_REGISTRY/web:latest else docker pull $_AZ_REGISTRY/web:$_BRANCH_NAME fi - name: Tag version run: | if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web:dryrun docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web-sh:dryrun else docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web:$_RELEASE_VERSION docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web-sh:$_RELEASE_VERSION docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web:latest docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web-sh:latest fi - name: Push version run: | if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then docker push $_AZ_REGISTRY/web:dryrun docker push $_AZ_REGISTRY/web-sh:dryrun else docker push $_AZ_REGISTRY/web:$_RELEASE_VERSION docker push $_AZ_REGISTRY/web-sh:$_RELEASE_VERSION docker push $_AZ_REGISTRY/web:latest docker push $_AZ_REGISTRY/web-sh:latest fi - name: Log out of Docker run: docker logout ghpages-deploy: name: Create Deploy PR for GitHub Pages runs-on: ubuntu-22.04 needs: setup env: _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} _BRANCH: "v${{ needs.setup.outputs.release_version }}-deploy" steps: - name: Login to Azure - CI Subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - name: Retrieve bot secrets id: retrieve-bot-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: bitwarden-ci secrets: "github-pat-bitwarden-devops-bot-repo-scope" - name: Checkout GH pages repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: repository: bitwarden/web-vault-pages path: ghpages-deployment token: ${{ steps.retrieve-bot-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} - name: Download latest cloud asset if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-web.yml path: assets workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: web-*-cloud-COMMERCIAL.zip - name: Dry Run - Download latest cloud asset if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-web.yml path: assets workflow_conclusion: success branch: main artifacts: web-*-cloud-COMMERCIAL.zip - name: Unzip build asset working-directory: assets run: unzip web-*-cloud-COMMERCIAL.zip - name: Create new branch run: | cd ${{ github.workspace }}/ghpages-deployment git config user.name = "GitHub Action Bot" git config user.email = "<>" git config --global url."https://github.com/".insteadOf ssh://git@github.com/ git config --global url."https://".insteadOf ssh:// git checkout -b ${_BRANCH} - name: Copy build files run: | rm -rf ${{ github.workspace }}/ghpages-deployment/* cp -Rf ${{ github.workspace }}/assets/build/* ghpages-deployment/ - name: Commit and push changes working-directory: ghpages-deployment run: | git add . git commit -m "Deploy Web v${_RELEASE_VERSION} to GitHub Pages" git push --set-upstream origin ${_BRANCH} --force - name: Create GitHub Pages Deploy PR working-directory: ghpages-deployment env: GITHUB_TOKEN: ${{ steps.retrieve-bot-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} run: | if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then gh pr create --title "Deploy v${_RELEASE_VERSION} to GitHub Pages" \ --draft \ --body "Deploying v${_RELEASE_VERSION}" \ --base main \ --head "${_BRANCH}" else gh pr create --title "Deploy v${_RELEASE_VERSION} to GitHub Pages" \ --body "Deploying v${_RELEASE_VERSION}" \ --base main \ --head "${_BRANCH}" fi release: name: Create GitHub Release runs-on: ubuntu-22.04 needs: - setup - self-host - ghpages-deploy steps: - name: Create GitHub deployment if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 id: deployment with: token: '${{ secrets.GITHUB_TOKEN }}' initial-status: 'in_progress' environment-url: http://vault.bitwarden.com environment: 'Web Vault - US Production Cloud' description: 'Deployment ${{ needs.setup.outputs.release_version }} from branch ${{ github.ref_name }}' task: release - name: Download latest build artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-web.yml path: apps/web/artifacts workflow_conclusion: success branch: ${{ github.ref_name }} artifacts: "web-*-selfhosted-COMMERCIAL.zip, web-*-selfhosted-open-source.zip" - name: Dry Run - Download latest build artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-web.yml path: apps/web/artifacts workflow_conclusion: success branch: main artifacts: "web-*-selfhosted-COMMERCIAL.zip, web-*-selfhosted-open-source.zip" - name: Rename assets working-directory: apps/web/artifacts run: | mv web-*-selfhosted-COMMERCIAL.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip mv web-*-selfhosted-open-source.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip - name: Create release if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 with: name: "Web v${{ needs.setup.outputs.release_version }}" commit: ${{ github.sha }} tag: web-v${{ needs.setup.outputs.release_version }} body: "" artifacts: "apps/web/artifacts/web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip, apps/web/artifacts/web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip" token: ${{ secrets.GITHUB_TOKEN }} draft: true - name: Update deployment status to Success if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: '${{ secrets.GITHUB_TOKEN }}' environment-url: http://vault.bitwarden.com state: 'success' deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update deployment status to Failure if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: '${{ secrets.GITHUB_TOKEN }}' environment-url: http://vault.bitwarden.com state: 'failure' deployment-id: ${{ steps.deployment.outputs.deployment_id }}