Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BRE-141 Refactor Release workflow to split deploy/publish steps #174

Merged
merged 13 commits into from
Sep 5, 2024
Merged
108 changes: 108 additions & 0 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
---
name: Publish
run-name: Publish ${{ inputs.publish_type }}

on:
workflow_dispatch:
inputs:
publish_type:
description: "Publish Options"
default: "Initial Publish"
type: choice
options:
- Initial Publish
- Redeploy
- Dry Run
mimartin12 marked this conversation as resolved.
Show resolved Hide resolved
version:
description: 'Version to publish (default: latest release)'
required: true
type: string
default: latest

jobs:
setup:
name: Setup
runs-on: ubuntu-22.04
outputs:
release-version: ${{ steps.version-output.outputs.version }}
deployment-id: ${{ steps.deployment.outputs.deployment-id }}
urbinaalex17 marked this conversation as resolved.
Show resolved Hide resolved
steps:
- name: Version output
id: version-output
run: |
if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then
VERSION=$(curl "https://api.github.com/repos/bitwarden/directory-connector/releases" | jq -c '.[] | select(.tag_name) | .tag_name' | head -1 | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+')
echo "Latest Released Version: $VERSION"
echo "version=$VERSION" >> $GITHUB_OUTPUT
else
echo "Release Version: ${{ inputs.version }}"
echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
fi

- name: Create GitHub deployment
urbinaalex17 marked this conversation as resolved.
Show resolved Hide resolved
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
id: deployment
with:
token: '${{ secrets.GITHUB_TOKEN }}'
initial-status: 'in_progress'
environment: 'production'
description: 'Deployment ${{ steps.version-output.outputs.version }} from branch ${{ github.ref_name }}'
task: release
urbinaalex17 marked this conversation as resolved.
Show resolved Hide resolved

publish-docker:
name: Publish Docker images
runs-on: ubuntu-22.04
needs: setup
env:
_AZ_REGISTRY: bitwardenprod.azurecr.io
_PROJECT_NAME: key-connector
_RELEASE_VERSION: ${{ needs.setup.outputs.release-version }}

steps:
- name: Log in to Azure
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

- name: Log in to ACR
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}

- name: Set up DCT
id: setup-dct
uses: bitwarden/gh-actions/setup-docker-trust@main
with:
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
azure-keyvault-name: "bitwarden-ci"

- name: Pull image
run: docker pull $_AZ_REGISTRY/$_PROJECT_NAME:dev

- name: Tag version and latest
run: |
if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:dryrun
else
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev $_AZ_REGISTRY/$_PROJECT_NAME:latest

docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:latest
fi

- name: Push release version and latest image to ACR
if: ${{ inputs.publish_type != 'Dry Run' }}
run: |
docker push $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION
docker push $_AZ_REGISTRY/$_PROJECT_NAME:latest

- name: Push release version and latest image to Docker Hub
if: ${{ inputs.publish_type != 'Dry Run' }}
env:
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
run: |
docker push bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION
docker push bitwarden/$_PROJECT_NAME:latest

- name: Log out of Docker
run: docker logout
63 changes: 0 additions & 63 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,74 +66,11 @@ jobs:
token: ${{ secrets.GITHUB_TOKEN }}
draft: true

release-docker:
name: Build Docker images
runs-on: ubuntu-22.04
needs:
- setup
- release-github
env:
_AZ_REGISTRY: bitwardenprod.azurecr.io
_PROJECT_NAME: key-connector
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
_BRANCH_NAME: ${{ needs.setup.outputs.branch-name }}
_RELEASE_OPTION: ${{ inputs.release_type }}

steps:
- name: Log in to Azure
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

- name: Log in to ACR
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}

- name: Set up DCT
id: setup-dct
uses: bitwarden/gh-actions/setup-docker-trust@main
with:
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
azure-keyvault-name: "bitwarden-ci"

- name: Pull image
run: docker pull $_AZ_REGISTRY/$_PROJECT_NAME:dev

- name: Tag version and latest
run: |
if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:dryrun
else
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev $_AZ_REGISTRY/$_PROJECT_NAME:latest

docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:latest
fi

- name: Push release version and latest image to ACR
if: ${{ inputs.release_type != 'Dry Run' }}
run: |
docker push $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION
docker push $_AZ_REGISTRY/$_PROJECT_NAME:latest

- name: Push release version and latest image to Docker Hub
if: ${{ inputs.release_type != 'Dry Run' }}
env:
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
run: |
docker push bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION
docker push bitwarden/$_PROJECT_NAME:latest

- name: Log out of Docker
run: docker logout

check-failures:
name: Check for failures
if: always()
runs-on: ubuntu-22.04
needs:
- release-docker
- release-github
- setup
steps:
Expand Down
Loading