mirror of
https://github.com/bitwarden/browser
synced 2024-12-11 16:55:56 +01:00
d1243c97a4
* Update deprecated Azure Key Vault in workflows * Try without colons * Specify bash as shell runner
339 lines
13 KiB
YAML
339 lines
13 KiB
YAML
---
|
|
name: Release Desktop
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
release_type:
|
|
description: 'Release Options'
|
|
required: true
|
|
default: 'Initial Release'
|
|
type: choice
|
|
options:
|
|
- Initial Release
|
|
- Redeploy
|
|
- Dry Run
|
|
snap_publish:
|
|
description: 'Publish to snap store'
|
|
required: true
|
|
default: true
|
|
type: boolean
|
|
choco_publish:
|
|
description: 'Publish to chocolatey store'
|
|
required: true
|
|
default: true
|
|
type: boolean
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
setup:
|
|
name: Setup
|
|
runs-on: ubuntu-20.04
|
|
outputs:
|
|
release-version: ${{ steps.version.outputs.version }}
|
|
release-channel: ${{ steps.release-channel.outputs.channel }}
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
|
|
|
|
- name: Branch check
|
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
|
run: |
|
|
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ $GITHUB_REF != refs/heads/hotfix-rc-desktop ]]; then
|
|
echo "==================================="
|
|
echo "[!] Can only release from the 'rc' or 'hotfix-rc-desktop' branches"
|
|
echo "==================================="
|
|
exit 1
|
|
fi
|
|
|
|
- name: Check Release Version
|
|
id: version
|
|
uses: bitwarden/gh-actions/release-version-check@ea9fab01d76940267b4147cc1c4542431246b9f6
|
|
with:
|
|
release-type: ${{ github.event.inputs.release_type }}
|
|
project-type: ts
|
|
file: apps/desktop/src/package.json
|
|
monorepo: true
|
|
monorepo-project: desktop
|
|
|
|
- name: Get Version Channel
|
|
id: release-channel
|
|
run: |
|
|
case "${{ steps.version.outputs.version }}" in
|
|
*"alpha"*)
|
|
echo "::set-output name=channel::alpha"
|
|
echo "[!] We do not yet support 'alpha'"
|
|
exit 1
|
|
;;
|
|
*"beta"*)
|
|
echo "::set-output name=channel::beta"
|
|
;;
|
|
*)
|
|
echo "::set-output name=channel::latest"
|
|
;;
|
|
esac
|
|
|
|
- name: Create GitHub deployment
|
|
uses: chrnorm/deployment-action@1b599fe41a0ef1f95191e7f2eec4743f2d7dfc48
|
|
id: deployment
|
|
with:
|
|
token: '${{ secrets.GITHUB_TOKEN }}'
|
|
initial-status: 'in_progress'
|
|
environment: 'Desktop - Production'
|
|
description: 'Deployment ${{ steps.version.outputs.version }} to channel ${{ steps.release-channel.outputs.channel }} from branch ${{ github.ref_name }}'
|
|
task: release
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
env:
|
|
KEYVAULT: bitwarden-prod-kv
|
|
SECRETS: |
|
|
aws-electron-access-id,
|
|
aws-electron-access-key,
|
|
aws-electron-bucket-name
|
|
run: |
|
|
for i in ${SECRETS//,/ }
|
|
do
|
|
VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
|
|
echo "::add-mask::$VALUE"
|
|
echo "::set-output name=$i::$VALUE"
|
|
done
|
|
|
|
- name: Download all artifacts
|
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
|
|
with:
|
|
workflow: build-desktop.yml
|
|
workflow_conclusion: success
|
|
branch: ${{ github.ref_name }}
|
|
path: apps/desktop/artifacts
|
|
|
|
- name: Download all artifacts
|
|
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
|
|
with:
|
|
workflow: build-desktop.yml
|
|
workflow_conclusion: success
|
|
branch: master
|
|
path: apps/desktop/artifacts
|
|
|
|
- name: Rename .pkg to .pkg.archive
|
|
env:
|
|
PKG_VERSION: ${{ steps.version.outputs.version }}
|
|
working-directory: apps/desktop/artifacts
|
|
run: mv Bitwarden-${{ env.PKG_VERSION }}-universal.pkg Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive
|
|
|
|
- name: Publish artifacts to S3
|
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
|
env:
|
|
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }}
|
|
AWS_DEFAULT_REGION: 'us-west-2'
|
|
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.aws-electron-bucket-name }}
|
|
working-directory: apps/desktop/artifacts
|
|
run: |
|
|
aws s3 cp ./ $AWS_S3_BUCKET_NAME/desktop/ \
|
|
--acl "public-read" \
|
|
--recursive \
|
|
--quiet
|
|
|
|
- name: Create release
|
|
uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09 # v2.8.5
|
|
if: ${{ steps.release-channel.outputs.channel == 'latest' && github.event.inputs.release_type != 'Dry Run' }}
|
|
env:
|
|
PKG_VERSION: ${{ steps.version.outputs.version }}
|
|
RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }}
|
|
with:
|
|
artifacts: "apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-amd64.deb,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x86_64.rpm,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64.freebsd,
|
|
apps/desktop/artifacts/bitwarden_${{ env.PKG_VERSION }}_amd64.snap,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x86_64.AppImage,
|
|
apps/desktop/artifacts/Bitwarden-Portable-${{ env.PKG_VERSION }}.exe,
|
|
apps/desktop/artifacts/Bitwarden-Installer-${{ env.PKG_VERSION }}.exe,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-ia32-store.appx,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-ia32.appx,
|
|
apps/desktop/artifacts/bitwarden-${{ env.PKG_VERSION }}-ia32.nsis.7z,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64-store.appx,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64.appx,
|
|
apps/desktop/artifacts/bitwarden-${{ env.PKG_VERSION }}-x64.nsis.7z,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-arm64-store.appx,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-arm64.appx,
|
|
apps/desktop/artifacts/bitwarden-${{ env.PKG_VERSION }}-arm64.nsis.7z,
|
|
apps/desktop/artifacts/bitwarden.${{ env.PKG_VERSION }}.nupkg,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal-mac.zip,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.dmg,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.dmg.blockmap,
|
|
apps/desktop/artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive,
|
|
apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}.yml,
|
|
apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}-linux.yml,
|
|
apps/desktop/artifacts/${{ env.RELEASE_CHANNEL }}-mac.yml"
|
|
commit: ${{ github.sha }}
|
|
tag: desktop-v${{ env.PKG_VERSION }}
|
|
name: Desktop v${{ env.PKG_VERSION }}
|
|
body: "<insert release notes here>"
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
draft: true
|
|
|
|
- name: Update deployment status to Success
|
|
if: ${{ success() }}
|
|
uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86
|
|
with:
|
|
token: '${{ secrets.GITHUB_TOKEN }}'
|
|
state: 'success'
|
|
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
|
|
|
|
- name: Update deployment status to Failure
|
|
if: ${{ failure() }}
|
|
uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86
|
|
with:
|
|
token: '${{ secrets.GITHUB_TOKEN }}'
|
|
state: 'failure'
|
|
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
|
|
|
|
snap:
|
|
name: Deploy Snap
|
|
runs-on: ubuntu-20.04
|
|
needs: setup
|
|
if: inputs.snap_publish
|
|
env:
|
|
_PKG_VERSION: ${{ needs.setup.outputs.release-version }}
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
env:
|
|
KEYVAULT: bitwarden-prod-kv
|
|
SECRETS: |
|
|
snapcraft-store-token
|
|
run: |
|
|
for i in ${SECRETS//,/ }
|
|
do
|
|
VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
|
|
echo "::add-mask::$VALUE"
|
|
echo "::set-output name=$i::$VALUE"
|
|
done
|
|
|
|
- name: Install Snap
|
|
uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d # v1.2.0
|
|
with:
|
|
snapcraft_token: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }}
|
|
|
|
- name: Setup
|
|
run: mkdir dist
|
|
working-directory: apps/desktop
|
|
|
|
- name: Download Snap artifact
|
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
|
|
with:
|
|
workflow: build-desktop.yml
|
|
workflow_conclusion: success
|
|
branch: ${{ github.ref_name }}
|
|
artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap
|
|
path: apps/desktop/dist
|
|
|
|
- name: Download Snap artifact
|
|
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
|
|
with:
|
|
workflow: build-desktop.yml
|
|
workflow_conclusion: success
|
|
branch: master
|
|
artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap
|
|
path: apps/desktop/dist
|
|
|
|
- name: Deploy to Snap Store
|
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
|
run: |
|
|
snapcraft upload bitwarden_${{ env._PKG_VERSION }}_amd64.snap --release stable
|
|
snapcraft logout
|
|
working-directory: apps/desktop/dist
|
|
|
|
choco:
|
|
name: Deploy Choco
|
|
runs-on: windows-2019
|
|
needs: setup
|
|
if: inputs.choco_publish
|
|
env:
|
|
_PKG_VERSION: ${{ needs.setup.outputs.release-version }}
|
|
steps:
|
|
- name: Checkout Repo
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
|
|
|
- name: Print Environment
|
|
run: |
|
|
dotnet --version
|
|
dotnet nuget --version
|
|
|
|
- name: Login to Azure
|
|
uses: Azure/login@24848bc889cfc0a8313c2b3e378ac0d625b9bc16
|
|
with:
|
|
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
|
|
|
|
- name: Retrieve secrets
|
|
id: retrieve-secrets
|
|
env:
|
|
KEYVAULT: bitwarden-prod-kv
|
|
SECRETS: |
|
|
cli-choco-api-key
|
|
run: |
|
|
for i in ${SECRETS//,/ }
|
|
do
|
|
VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
|
|
echo "::add-mask::$VALUE"
|
|
echo "::set-output name=$i::$VALUE"
|
|
done
|
|
|
|
- name: Setup Chocolatey
|
|
shell: pwsh
|
|
run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
|
|
env:
|
|
CHOCO_API_KEY: ${{ steps.retrieve-secrets.outputs.cli-choco-api-key }}
|
|
|
|
- name: Make dist dir
|
|
shell: pwsh
|
|
run: New-Item -ItemType directory -Path ./dist
|
|
working-directory: apps/desktop
|
|
|
|
- name: Download choco artifact
|
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
|
|
with:
|
|
workflow: build-desktop.yml
|
|
workflow_conclusion: success
|
|
branch: ${{ github.ref_name }}
|
|
artifacts: bitwarden.${{ env._PKG_VERSION }}.nupkg
|
|
path: apps/desktop/dist
|
|
|
|
- name: Download choco artifact
|
|
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
|
|
uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
|
|
with:
|
|
workflow: build-desktop.yml
|
|
workflow_conclusion: success
|
|
branch: master
|
|
artifacts: bitwarden.${{ env._PKG_VERSION }}.nupkg
|
|
path: apps/desktop/dist
|
|
|
|
- name: Push to Chocolatey
|
|
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
|
|
shell: pwsh
|
|
run: choco push
|
|
working-directory: apps/desktop/dist
|