From d920dafc84828e6e789828288e64b181f613ef3d Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Fri, 23 Feb 2024 16:23:51 +0100 Subject: [PATCH 1/8] Use rubygem api key to publish --- .github/workflows/publish-ruby.yml | 54 +++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index 931981667..9012cce4d 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -107,26 +107,50 @@ jobs: cp "temp/${platforms[$i]}/${files[$i]}" "languages/ruby/bitwarden_sdk_secrets/lib/${platforms[$i]}/${files[$i]}" done + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "rubygem-api-key" + - name: bundle install run: bundle install working-directory: languages/ruby/bitwarden_sdk_secrets - - name: Set remote URL + - name: Push gem to Rubygems run: | - # Attribute commits to the last committer on HEAD - git config --global user.email "106330231+bitwarden-devops-bot@users.noreply.github.com" - git config --global user.name "bitwarden-devops-bot" - git remote set-url origin "https://x-access-token:${{ github.token }}@github.com/$GITHUB_REPOSITORY" + mkdir -p $HOME/.gem + touch $HOME/.gem/credentials + chmod 0600 $HOME/.gem/credentials + printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials + gem push *.gem + env: + GEM_HOST_API_KEY: ${{ steps.retrieve-secrets.outputs.rubygem-api-key }} + working-directory: languages/ruby/bitwarden_sdk_secrets - - name: Configure trusted publishing credentials - uses: rubygems/configure-rubygems-credentials@bc6dd217f8a4f919d6835fcfefd470ef821f5c44 # v1.0.0 + # - name: Set remote URL + # run: | + # # Attribute commits to the last committer on HEAD + # git config --global user.email "106330231+bitwarden-devops-bot@users.noreply.github.com" + # git config --global user.name "bitwarden-devops-bot" + # git remote set-url origin "https://x-access-token:${{ github.token }}@github.com/$GITHUB_REPOSITORY" - - name: Run release rake task - if: ${{ inputs.release_type == 'Release' }} - run: bundle exec rake release - working-directory: languages/ruby/bitwarden_sdk_secrets + # - name: Configure trusted publishing credentials + # uses: rubygems/configure-rubygems-credentials@bc6dd217f8a4f919d6835fcfefd470ef821f5c44 # v1.0.0 + + # - name: Run release rake task + # if: ${{ inputs.release_type == 'Release' }} + # run: bundle exec rake release + # working-directory: languages/ruby/bitwarden_sdk_secrets + + # - name: Wait for release to propagate + # if: ${{ inputs.release_type == 'Release' }} + # run: gem exec rubygems-await pkg/*.gem + # working-directory: languages/ruby/bitwarden_sdk_secrets - - name: Wait for release to propagate - if: ${{ inputs.release_type == 'Release' }} - run: gem exec rubygems-await pkg/*.gem - working-directory: languages/ruby/bitwarden_sdk_secrets From 5c2d4be01e3c4c7900bf76cf2b3b1be6a32e131b Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Fri, 23 Feb 2024 16:24:16 +0100 Subject: [PATCH 2/8] Comment out for testing --- .github/workflows/publish-ruby.yml | 36 +++++++++++++++--------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index 9012cce4d..e306c33d8 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -17,28 +17,28 @@ permissions: contents: read id-token: write -jobs: - setup: - name: Setup - runs-on: ubuntu-22.04 - steps: - - name: Checkout repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Branch check - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then - echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" - echo "===================================" - exit 1 - fi +# jobs: +# setup: +# name: Setup +# runs-on: ubuntu-22.04 +# steps: +# - name: Checkout repo +# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + +# - name: Branch check +# if: ${{ github.event.inputs.release_type != 'Dry Run' }} +# run: | +# if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then +# echo "===================================" +# echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" +# echo "===================================" +# exit 1 +# fi publish_ruby: name: Publish Ruby runs-on: ubuntu-22.04 - needs: setup + # needs: setup steps: - name: Checkout Repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 From ef1d3eae136a84347eeceef02effdbd2c8c1048d Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Fri, 23 Feb 2024 16:32:02 +0100 Subject: [PATCH 3/8] Fix --- .github/workflows/publish-ruby.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index e306c33d8..ec0ec1e62 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -17,7 +17,7 @@ permissions: contents: read id-token: write -# jobs: +jobs: # setup: # name: Setup # runs-on: ubuntu-22.04 From 4c26ca759ace314a4a71e22e8ebe30b6cc6d2e4d Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Fri, 23 Feb 2024 16:33:33 +0100 Subject: [PATCH 4/8] Get artifacts from rc --- .github/workflows/publish-ruby.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index ec0ec1e62..9fbf1d1a3 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -54,7 +54,7 @@ jobs: workflow: generate_schemas.yml path: languages/ruby/bitwarden_sdk_secrets/lib workflow_conclusion: success - branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: rc # ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: schemas.rb - name: Download x86_64-apple-darwin artifact @@ -63,7 +63,7 @@ jobs: workflow: build-rust-cross-platform.yml path: temp/macos-x64 workflow_conclusion: success - branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: rc # ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: libbitwarden_c_files-x86_64-apple-darwin - name: Download aarch64-apple-darwin artifact @@ -71,7 +71,7 @@ jobs: with: workflow: build-rust-cross-platform.yml workflow_conclusion: success - branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: rc # ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: libbitwarden_c_files-aarch64-apple-darwin path: temp/macos-arm64 @@ -80,7 +80,7 @@ jobs: with: workflow: build-rust-cross-platform.yml workflow_conclusion: success - branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: rc # ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu path: temp/linux-x64 @@ -89,7 +89,7 @@ jobs: with: workflow: build-rust-cross-platform.yml workflow_conclusion: success - branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: rc # ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc path: temp/windows-x64 From bba8c17764ab9f65c2d7458d371a46cde5174608 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Fri, 23 Feb 2024 16:35:31 +0100 Subject: [PATCH 5/8] try to fix --- .github/workflows/publish-ruby.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index 9fbf1d1a3..4c60c5395 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -129,7 +129,7 @@ jobs: touch $HOME/.gem/credentials chmod 0600 $HOME/.gem/credentials printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials - gem push *.gem + gem push pkg/*.gem env: GEM_HOST_API_KEY: ${{ steps.retrieve-secrets.outputs.rubygem-api-key }} working-directory: languages/ruby/bitwarden_sdk_secrets From 9b97744621f3567147f43d02e616f806ef37f867 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Fri, 23 Feb 2024 16:38:32 +0100 Subject: [PATCH 6/8] Build gem --- .github/workflows/publish-ruby.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index 4c60c5395..31aa84080 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -123,13 +123,17 @@ jobs: run: bundle install working-directory: languages/ruby/bitwarden_sdk_secrets + - name: Build gem + run: gem build bitwarden-sdk.gemspec + working-directory: languages/ruby/bitwarden_sdk_secrets + - name: Push gem to Rubygems run: | mkdir -p $HOME/.gem touch $HOME/.gem/credentials chmod 0600 $HOME/.gem/credentials printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials - gem push pkg/*.gem + gem push *.gem env: GEM_HOST_API_KEY: ${{ steps.retrieve-secrets.outputs.rubygem-api-key }} working-directory: languages/ruby/bitwarden_sdk_secrets From 2a6a87eb8910187d7745bfda0b5373e7cee87714 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Fri, 23 Feb 2024 16:40:17 +0100 Subject: [PATCH 7/8] Fix --- .github/workflows/publish-ruby.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index 31aa84080..38ccb9940 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -124,7 +124,7 @@ jobs: working-directory: languages/ruby/bitwarden_sdk_secrets - name: Build gem - run: gem build bitwarden-sdk.gemspec + run: gem build bitwarden-sdk-secrets.gemspec working-directory: languages/ruby/bitwarden_sdk_secrets - name: Push gem to Rubygems From 3004838f38ddd8023a5b697365db722fe18ad4bb Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Fri, 23 Feb 2024 16:42:50 +0100 Subject: [PATCH 8/8] Uncomment testing --- .github/workflows/publish-ruby.yml | 65 ++++++++++-------------------- 1 file changed, 22 insertions(+), 43 deletions(-) diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index 38ccb9940..b97a7b730 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -18,27 +18,27 @@ permissions: id-token: write jobs: -# setup: -# name: Setup -# runs-on: ubuntu-22.04 -# steps: -# - name: Checkout repo -# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - -# - name: Branch check -# if: ${{ github.event.inputs.release_type != 'Dry Run' }} -# run: | -# if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then -# echo "===================================" -# echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" -# echo "===================================" -# exit 1 -# fi + setup: + name: Setup + runs-on: ubuntu-22.04 + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Branch check + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + echo "===================================" + echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "===================================" + exit 1 + fi publish_ruby: name: Publish Ruby runs-on: ubuntu-22.04 - # needs: setup + needs: setup steps: - name: Checkout Repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -54,7 +54,7 @@ jobs: workflow: generate_schemas.yml path: languages/ruby/bitwarden_sdk_secrets/lib workflow_conclusion: success - branch: rc # ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: schemas.rb - name: Download x86_64-apple-darwin artifact @@ -63,7 +63,7 @@ jobs: workflow: build-rust-cross-platform.yml path: temp/macos-x64 workflow_conclusion: success - branch: rc # ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: libbitwarden_c_files-x86_64-apple-darwin - name: Download aarch64-apple-darwin artifact @@ -71,7 +71,7 @@ jobs: with: workflow: build-rust-cross-platform.yml workflow_conclusion: success - branch: rc # ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: libbitwarden_c_files-aarch64-apple-darwin path: temp/macos-arm64 @@ -80,7 +80,7 @@ jobs: with: workflow: build-rust-cross-platform.yml workflow_conclusion: success - branch: rc # ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu path: temp/linux-x64 @@ -89,7 +89,7 @@ jobs: with: workflow: build-rust-cross-platform.yml workflow_conclusion: success - branch: rc # ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc path: temp/windows-x64 @@ -137,24 +137,3 @@ jobs: env: GEM_HOST_API_KEY: ${{ steps.retrieve-secrets.outputs.rubygem-api-key }} working-directory: languages/ruby/bitwarden_sdk_secrets - - # - name: Set remote URL - # run: | - # # Attribute commits to the last committer on HEAD - # git config --global user.email "106330231+bitwarden-devops-bot@users.noreply.github.com" - # git config --global user.name "bitwarden-devops-bot" - # git remote set-url origin "https://x-access-token:${{ github.token }}@github.com/$GITHUB_REPOSITORY" - - # - name: Configure trusted publishing credentials - # uses: rubygems/configure-rubygems-credentials@bc6dd217f8a4f919d6835fcfefd470ef821f5c44 # v1.0.0 - - # - name: Run release rake task - # if: ${{ inputs.release_type == 'Release' }} - # run: bundle exec rake release - # working-directory: languages/ruby/bitwarden_sdk_secrets - - # - name: Wait for release to propagate - # if: ${{ inputs.release_type == 'Release' }} - # run: gem exec rubygems-await pkg/*.gem - # working-directory: languages/ruby/bitwarden_sdk_secrets -