From d998843f4c5274ae8a0d2dfedb305ef1babd7335 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Fri, 2 Feb 2024 13:43:48 +0100 Subject: [PATCH 1/5] Add docker publish to release-cli workflow --- .github/workflows/build-cli-docker.yml | 7 +-- .github/workflows/release-cli.yml | 68 ++++++++++++++++++++++++-- 2 files changed, 66 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-cli-docker.yml b/.github/workflows/build-cli-docker.yml index c0aa62664..5cee3899b 100644 --- a/.github/workflows/build-cli-docker.yml +++ b/.github/workflows/build-cli-docker.yml @@ -6,11 +6,6 @@ on: paths: - "crates/bws/**" workflow_dispatch: - inputs: - sdk_branch: - description: "Server branch name to deploy (examples: 'master', 'rc', 'feature/sm')" - type: string - default: master pull_request: paths: - ".github/workflows/build-cli-docker.yml" @@ -111,7 +106,7 @@ jobs: platforms: | linux/amd64, linux/arm64/v8 - push: true + push: ${{ env.is_publish_branch }} tags: ${{ steps.tag-list.outputs.tags }} secrets: | "GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}" diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index a6059a1d5..447b50859 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -8,17 +8,19 @@ on: release_type: description: "Release Options" required: true - default: "Initial Release" + default: "Release" type: choice options: - - Initial Release - - Redeploy + - Release - Dry Run defaults: run: shell: bash +env: + _AZ_REGISTRY: bitwardenprod.azurecr.io + jobs: setup: name: Setup @@ -156,3 +158,63 @@ jobs: PUBLISH_GRACE_SLEEP: 10 CARGO_REGISTRY_TOKEN: ${{ steps.retrieve-secrets.outputs.cratesio-api-token }} run: cargo-release release publish -p bws --execute --no-confirm + + publish-docker: + name: Publish docker versioned and latest image + runs-on: ubuntu-latest + needs: + - setup + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Generate tag list + id: tag-list + env: + VERSION: ${{ needs.setup.outputs.release-version }} + DRY_RUN: ${{ github.event.inputs.release_type == 'Dry Run' }} + run: | + if [[ "${DRY_RUN}" == "true" ]]; then + REF=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} + IMAGE_TAG=$(echo "${REF}" | sed "s#/#-#g") # slash safe branch name + echo "tags=$_AZ_REGISTRY/bws:${IMAGE_TAG},bitwarden/bws:${IMAGE_TAG}" >> $GITHUB_OUTPUT + else + echo "tags=$_AZ_REGISTRY/bws:${VERSION},bitwarden/bws:${VERSION},$_AZ_REGISTRY/bws:latest,bitwarden/bws:latest" >> $GITHUB_OUTPUT + fi + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve github PAT secrets + id: retrieve-secret-pat + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "github-pat-bitwarden-devops-bot-repo-scope" + + - name: Setup Docker Trust + uses: bitwarden/gh-actions/setup-docker-trust@main + with: + azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + azure-keyvault-name: "bitwarden-ci" + + - name: Build and push Docker image + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + with: + context: . + file: crates/bws/Dockerfile + platforms: | + linux/amd64, + linux/arm64/v8 + push: ${{ github.event.inputs.release_type != 'Dry Run' }} + tags: ${{ steps.tag-list.outputs.tags }} + secrets: | + "GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}" + + - name: Log out of Docker and disable Docker Notary + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: | + docker logout + echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV From 106dca80797ab790ce6018668b1a931512517638 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Fri, 2 Feb 2024 14:28:06 +0100 Subject: [PATCH 2/5] Fix --- .github/workflows/release-cli.yml | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index 447b50859..eeb674330 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -122,7 +122,7 @@ jobs: publish: name: Publish bws to crates.io - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: - setup steps: @@ -161,7 +161,7 @@ jobs: publish-docker: name: Publish docker versioned and latest image - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: - setup steps: @@ -182,7 +182,23 @@ jobs: echo "tags=$_AZ_REGISTRY/bws:${VERSION},bitwarden/bws:${VERSION},$_AZ_REGISTRY/bws:latest,bitwarden/bws:latest" >> $GITHUB_OUTPUT fi - - name: Login to Azure + ########## Set up Docker ########## + - name: Set up QEMU emulators + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + ########## Login to Docker registries ########## + - name: Login to Azure - Prod Subscription + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Login to Azure ACR + run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} + + - name: Login to Azure - CI Subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} From 7b0a3972f58fff15556617f62026e495bacc7bb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Mon, 5 Feb 2024 16:45:15 +0100 Subject: [PATCH 3/5] Update .github/workflows/release-cli.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/release-cli.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index eeb674330..6e96a2847 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -162,8 +162,7 @@ jobs: publish-docker: name: Publish docker versioned and latest image runs-on: ubuntu-22.04 - needs: - - setup + needs: setup steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 From 73ec38433c1b590d5bace8de3fbe4c385db1ecf5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Mon, 5 Feb 2024 16:45:21 +0100 Subject: [PATCH 4/5] Update .github/workflows/release-cli.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/release-cli.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index 6e96a2847..de6010651 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -171,7 +171,7 @@ jobs: id: tag-list env: VERSION: ${{ needs.setup.outputs.release-version }} - DRY_RUN: ${{ github.event.inputs.release_type == 'Dry Run' }} + DRY_RUN: ${{ inputs.release_type == 'Dry Run' }} run: | if [[ "${DRY_RUN}" == "true" ]]; then REF=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} From 7b9ff125764d71edea26fc63e72db1360b1d56aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Mon, 5 Feb 2024 16:45:25 +0100 Subject: [PATCH 5/5] Update .github/workflows/release-cli.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/release-cli.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index de6010651..fa1ffc346 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -223,7 +223,7 @@ jobs: platforms: | linux/amd64, linux/arm64/v8 - push: ${{ github.event.inputs.release_type != 'Dry Run' }} + push: ${{ inputs.release_type != 'Dry Run' }} tags: ${{ steps.tag-list.outputs.tags }} secrets: | "GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}"