Release Initial Release #20
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Release | |
| run-name: Release ${{ inputs.release_type }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release_type: | |
| description: "Release Options" | |
| default: "Initial Release" | |
| type: choice | |
| options: | |
| - Initial Release | |
| - Redeploy | |
| - Dry Run | |
| jobs: | |
| setup: | |
| name: Setup | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| release_version: ${{ steps.version.outputs.version }} | |
| branch-name: ${{ steps.branch.outputs.branch-name }} | |
| steps: | |
| - name: Check out repo | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Check release version | |
| id: version | |
| uses: bitwarden/gh-actions/release-version-check@main | |
| with: | |
| release-type: ${{ inputs.release_type }} | |
| project-type: dotnet | |
| file: Directory.Build.props | |
| - name: Get branch name | |
| id: branch | |
| run: | | |
| BRANCH_NAME=$(basename ${{ github.ref }}) | |
| echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT | |
| release-github: | |
| name: Create GitHub Release | |
| if: ${{ inputs.release_type != 'Dry Run' }} | |
| runs-on: ubuntu-22.04 | |
| needs: setup | |
| steps: | |
| - name: Create release | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
| with: | |
| commit: ${{ github.sha }} | |
| tag: "v${{ needs.setup.outputs.release_version }}" | |
| name: "Version ${{ needs.setup.outputs.release_version }}" | |
| body: "<insert release notes here>" | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| draft: true | |
| release-docker: | |
| name: Build Docker images | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - setup | |
| - release-github | |
| env: | |
| _AZ_REGISTRY: bitwardenprod.azurecr.io | |
| _PROJECT_NAME: key-connector | |
| _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} | |
| _BRANCH_NAME: ${{ needs.setup.outputs.branch-name }} | |
| _RELEASE_OPTION: ${{ inputs.release_type }} | |
| steps: | |
| - name: Log in to Azure | |
| uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
| with: | |
| creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} | |
| - name: Log in to ACR | |
| run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} | |
| - name: Set up DCT | |
| id: setup-dct | |
| uses: bitwarden/gh-actions/setup-docker-trust@main | |
| with: | |
| azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| azure-keyvault-name: "bitwarden-ci" | |
| - name: Pull image | |
| run: docker pull $_AZ_REGISTRY/$_PROJECT_NAME:dev | |
| - name: Tag version and latest | |
| run: | | |
| if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then | |
| docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:dryrun | |
| else | |
| docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION | |
| docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev $_AZ_REGISTRY/$_PROJECT_NAME:latest | |
| docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION | |
| docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:latest | |
| fi | |
| - name: Push release version and latest image to ACR | |
| if: ${{ inputs.release_type != 'Dry Run' }} | |
| run: | | |
| docker push $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION | |
| docker push $_AZ_REGISTRY/$_PROJECT_NAME:latest | |
| - name: Push release version and latest image to Docker Hub | |
| if: ${{ inputs.release_type != 'Dry Run' }} | |
| env: | |
| DOCKER_CONTENT_TRUST: 1 | |
| DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} | |
| run: | | |
| docker push bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION | |
| docker push bitwarden/$_PROJECT_NAME:latest | |
| - name: Log out of Docker | |
| run: docker logout | |
| check-failures: | |
| name: Check for failures | |
| if: always() | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - release-docker | |
| - release-github | |
| - setup | |
| steps: | |
| - name: Check if any job failed | |
| if: github.ref == 'refs/heads/main' && contains(needs.*.result, 'failure') | |
| run: exit 1 | |
| - name: Log in to Azure | |
| uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
| if: failure() | |
| with: | |
| creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| - name: Retrieve secrets | |
| id: retrieve-secrets | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| if: failure() | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "devops-alerts-slack-webhook-url" | |
| - name: Notify Slack on failure | |
| uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 | |
| if: failure() | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} | |
| with: | |
| status: ${{ job.status }} |