name: Release on: workflow_dispatch: inputs: release_tag_name_input: description: "Release Tag Name " required: true jobs: setup: runs-on: ubuntu-latest outputs: release_upload_url: ${{ steps.create_release.outputs.upload_url }} release_version: ${{ steps.create_tags.outputs.package_version }} tag_version: ${{ steps.create_tags.outputs.tag_version }} steps: - name: Branch check run: | if [[ "$GITHUB_REF" != "refs/heads/rc" ]]; then echo "===================================" echo "[!] Can only release from rc branch" echo "===================================" exit 1 fi - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # 2.3.4 - name: Create Release Vars id: create_tags run: | case "${RELEASE_TAG_NAME_INPUT:0:1}" in v) echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}" echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT" ;; [0-9]) echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT" echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT" ;; *) exit 1 ;; esac env: RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }} - name: Create Draft Release id: create_release uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # 1.1.4 - Repo Archived env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ env.RELEASE_TAG_NAME }} release_name: ${{ env.RELEASE_NAME }} draft: true prerelease: false ubuntu: runs-on: ubuntu-latest steps: - name: Set up Node uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea with: node-version: '14' - name: Update NPM run: | npm install -g npm@7 - name: Print environment run: | whoami node --version npm --version gulp --version docker --version echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-prod-kv" secrets: "docker-password, docker-username, dct-delegate-2-repo-passphrase, dct-delegate-2-key" - name: Log into Docker run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin env: DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} - name: Setup Docker Trust if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' run: | mkdir -p ~/.docker/trust/private echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key env: DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - name: Restore run: dotnet tool restore - name: Build run: | echo -e "# Building Web\n" echo "Building app" echo "npm version $(npm --version)" npm install npm run dist:selfhost echo -e "\nBuilding Docker image" docker --version docker build -t bitwarden/web . - name: Tag version run: docker tag bitwarden/web bitwarden/web:$($env:RELEASE_TAG_NAME.trimStart('v')) shell: pwsh env: RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} - name: List Docker images run: docker images - name: Push latest images run: docker push bitwarden/web:latest env: DOCKER_CONTENT_TRUST: 1 DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} - name: Push version images run: docker push bitwarden/web:$($env:RELEASE_TAG_NAME.trimStart('v')) shell: pwsh env: RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} DOCKER_CONTENT_TRUST: 1 DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} - name: Log out of Docker run: docker logout