Release Initial Release #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| run-name: Release ${{ github.event.inputs.release_type }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release_type: | |
| description: "Release Options" | |
| default: "Initial Release" | |
| type: choice | |
| options: | |
| - Initial Release | |
| - Redeploy | |
| - Dry Run | |
| jobs: | |
| setup: | |
| name: Setup | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| release_version: ${{ steps.version.outputs.version }} | |
| branch-name: ${{ steps.branch.outputs.branch-name }} | |
| steps: | |
| - name: Check branch | |
| if: ${{ github.event.inputs.release_type != 'Dry Run' }} | |
| run: | | |
| if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then | |
| echo "===================================" | |
| echo "[!] Can only release from the 'main' branch" | |
| echo "===================================" | |
| exit 1 | |
| fi | |
| - name: Check out repo | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Check release version | |
| id: version | |
| uses: bitwarden/gh-actions/release-version-check@main | |
| with: | |
| release-type: ${{ github.event.inputs.release_type }} | |
| project-type: dotnet | |
| file: Directory.Build.props | |
| - name: Get branch name | |
| id: branch | |
| run: | | |
| BRANCH_NAME=$(basename ${{ github.ref }}) | |
| echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT | |
| release-github: | |
| name: Create GitHub Release | |
| if: ${{ github.event.inputs.release_type != 'Dry Run' }} | |
| runs-on: ubuntu-22.04 | |
| needs: setup | |
| steps: | |
| - name: Create release | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
| with: | |
| commit: ${{ github.sha }} | |
| tag: "v${{ needs.setup.outputs.release_version }}" | |
| name: "Version ${{ needs.setup.outputs.release_version }}" | |
| body: "<insert release notes here>" | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| draft: true | |
| release-docker: | |
| name: Build Docker images | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - setup | |
| - release-github | |
| env: | |
| _AZ_REGISTRY: bitwardenprod.azurecr.io | |
| _PROJECT_NAME: key-connector | |
| _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} | |
| _BRANCH_NAME: ${{ needs.setup.outputs.branch-name }} | |
| _RELEASE_OPTION: ${{ github.event.inputs.release_type }} | |
| steps: | |
| - name: Log in to Azure | |
| uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
| with: | |
| creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} | |
| - name: Log in to ACR | |
| run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} | |
| - name: Set up DCT | |
| id: setup-dct | |
| uses: bitwarden/gh-actions/setup-docker-trust@main | |
| with: | |
| azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| azure-keyvault-name: "bitwarden-ci" | |
| - name: Pull image | |
| run: | | |
| if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then | |
| docker pull $_AZ_REGISTRY/$_PROJECT_NAME:dev | |
| else | |
| docker pull $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME | |
| fi | |
| - name: Tag version and latest | |
| run: | | |
| if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then | |
| docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:dryrun | |
| else | |
| docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION | |
| docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME $_AZ_REGISTRY/$_PROJECT_NAME:latest | |
| docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION | |
| docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_BRANCH_NAME bitwarden/$_PROJECT_NAME:latest | |
| fi | |
| - name: Push release version and latest image to ACR | |
| if: ${{ github.event.inputs.release_type != 'Dry Run' }} | |
| run: | | |
| docker push $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION | |
| docker push $_AZ_REGISTRY/$_PROJECT_NAME:latest | |
| - name: Push release version and latest image to Docker Hub | |
| if: ${{ github.event.inputs.release_type != 'Dry Run' }} | |
| env: | |
| DOCKER_CONTENT_TRUST: 1 | |
| DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} | |
| run: | | |
| docker push bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION | |
| docker push bitwarden/$_PROJECT_NAME:latest | |
| - name: Log out of Docker | |
| run: docker logout | |
| check-failures: | |
| name: Check for failures | |
| if: always() | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - release-docker | |
| - release-github | |
| - setup | |
| steps: | |
| - name: Check if any job failed | |
| if: github.ref == 'refs/heads/main' && contains(needs.*.result, 'failure') | |
| run: exit 1 | |
| - name: Log in to Azure | |
| uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
| if: failure() | |
| with: | |
| creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| - name: Retrieve secrets | |
| id: retrieve-secrets | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| if: failure() | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "devops-alerts-slack-webhook-url" | |
| - name: Notify Slack on failure | |
| uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 | |
| if: failure() | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} | |
| with: | |
| status: ${{ job.status }} |