[deps]: Update github-action minor #29430
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - "main" | |
| - "rc" | |
| - "hotfix-rc" | |
| pull_request: | |
| types: [opened, synchronize] | |
| workflow_call: | |
| inputs: {} | |
| permissions: | |
| contents: read | |
| env: | |
| _AZ_REGISTRY: "bitwardenprod.azurecr.io" | |
| _GITHUB_PR_REPO_NAME: ${{ github.event.pull_request.head.repo.full_name }} | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Check out repo | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up .NET | |
| uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 | |
| - name: Verify format | |
| run: dotnet format --verify-no-changes | |
| build-artifacts: | |
| name: Build Docker images | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - lint | |
| outputs: | |
| has_secrets: ${{ steps.check-secrets.outputs.has_secrets }} | |
| permissions: | |
| security-events: write | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - project_name: Admin | |
| base_path: ./src | |
| dotnet: true | |
| node: true | |
| - project_name: Api | |
| base_path: ./src | |
| dotnet: true | |
| - project_name: Attachments | |
| base_path: ./util | |
| - project_name: Billing | |
| base_path: ./src | |
| dotnet: true | |
| - project_name: Events | |
| base_path: ./src | |
| dotnet: true | |
| - project_name: EventsProcessor | |
| base_path: ./src | |
| dotnet: true | |
| - project_name: Icons | |
| base_path: ./src | |
| dotnet: true | |
| - project_name: Identity | |
| base_path: ./src | |
| dotnet: true | |
| - project_name: MsSql | |
| base_path: ./util | |
| - project_name: MsSqlMigratorUtility | |
| base_path: ./util | |
| dotnet: true | |
| - project_name: Nginx | |
| base_path: ./util | |
| - project_name: Notifications | |
| base_path: ./src | |
| dotnet: true | |
| - project_name: Scim | |
| base_path: ./bitwarden_license/src | |
| dotnet: true | |
| - project_name: Setup | |
| base_path: ./util | |
| dotnet: true | |
| - project_name: Sso | |
| base_path: ./bitwarden_license/src | |
| dotnet: true | |
| steps: | |
| - name: Check secrets | |
| id: check-secrets | |
| run: | | |
| has_secrets=${{ secrets.AZURE_CLIENT_ID != '' }} | |
| echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT | |
| - name: Check out repo | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Check branch to publish | |
| env: | |
| PUBLISH_BRANCHES: "main,rc,hotfix-rc" | |
| id: publish-branch-check | |
| run: | | |
| IFS="," read -a publish_branches <<< $PUBLISH_BRANCHES | |
| if [[ " ${publish_branches[*]} " =~ " ${GITHUB_REF:11} " ]]; then | |
| echo "is_publish_branch=true" >> $GITHUB_ENV | |
| else | |
| echo "is_publish_branch=false" >> $GITHUB_ENV | |
| fi | |
| - name: Set up .NET | |
| uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 | |
| - name: Set up Node | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| cache: "npm" | |
| cache-dependency-path: "**/package-lock.json" | |
| node-version: "16" | |
| - name: Print environment | |
| run: | | |
| whoami | |
| dotnet --info | |
| node --version | |
| npm --version | |
| echo "GitHub ref: $GITHUB_REF" | |
| echo "GitHub event: $GITHUB_EVENT" | |
| - name: Build node | |
| if: ${{ matrix.node }} | |
| working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }} | |
| run: | | |
| npm ci | |
| npm run build | |
| - name: Publish project | |
| working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }} | |
| if: ${{ matrix.dotnet }} | |
| run: | | |
| echo "Publish" | |
| dotnet publish -c "Release" -o obj/build-output/publish | |
| cd obj/build-output/publish | |
| zip -r ${{ matrix.project_name }}.zip . | |
| mv ${{ matrix.project_name }}.zip ../../../ | |
| pwd | |
| ls -atlh ../../../ | |
| - name: Upload project artifact | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
| if: ${{ matrix.dotnet }} | |
| with: | |
| name: ${{ matrix.project_name }}.zip | |
| path: ${{ matrix.base_path }}/${{ matrix.project_name }}/${{ matrix.project_name }}.zip | |
| if-no-files-found: error | |
| ########## Set up Docker ########## | |
| - name: Set up QEMU emulators | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| ########## ACRs ########## | |
| - name: Log in to Azure | |
| uses: bitwarden/gh-actions/azure-login@main | |
| with: | |
| subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| tenant_id: ${{ secrets.AZURE_TENANT_ID }} | |
| client_id: ${{ secrets.AZURE_CLIENT_ID }} | |
| - name: Log in to ACR - production subscription | |
| run: az acr login -n bitwardenprod | |
| - name: Retrieve GitHub PAT secrets | |
| id: retrieve-secret-pat | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "github-pat-bitwarden-devops-bot-repo-scope" | |
| ########## Generate image tag and build Docker image ########## | |
| - name: Generate Docker image tag | |
| id: tag | |
| run: | | |
| if [[ "${GITHUB_EVENT_NAME}" == "pull_request" || "${GITHUB_EVENT_NAME}" == "pull_request_target" ]]; then | |
| IMAGE_TAG=$(echo "${GITHUB_HEAD_REF}" | sed "s/[^a-zA-Z0-9]/-/g") # Sanitize branch name to alphanumeric only | |
| else | |
| IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") | |
| fi | |
| if [[ "${{ github.event.pull_request.head.repo.fork }}" == "true" ]]; then | |
| SANITIZED_REPO_NAME=$(echo "$_GITHUB_PR_REPO_NAME" | sed "s/[^a-zA-Z0-9]/-/g") # Sanitize repo name to alphanumeric only | |
| IMAGE_TAG=$SANITIZED_REPO_NAME-$IMAGE_TAG # Add repo name to the tag | |
| IMAGE_TAG=${IMAGE_TAG:0:128} # Limit to 128 characters, as that's the max length for Docker image tags | |
| fi | |
| if [[ "$IMAGE_TAG" == "main" ]]; then | |
| IMAGE_TAG=dev | |
| fi | |
| echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| echo "### :mega: Docker Image Tag: $IMAGE_TAG" >> $GITHUB_STEP_SUMMARY | |
| - name: Set up project name | |
| id: setup | |
| run: | | |
| PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}') | |
| echo "Matrix name: ${{ matrix.project_name }}" | |
| echo "PROJECT_NAME: $PROJECT_NAME" | |
| echo "project_name=$PROJECT_NAME" >> $GITHUB_OUTPUT | |
| - name: Generate image tags(s) | |
| id: image-tags | |
| env: | |
| IMAGE_TAG: ${{ steps.tag.outputs.image_tag }} | |
| PROJECT_NAME: ${{ steps.setup.outputs.project_name }} | |
| SHA: ${{ github.sha }} | |
| run: | | |
| TAGS="${_AZ_REGISTRY}/${PROJECT_NAME}:${IMAGE_TAG}" | |
| echo "primary_tag=$TAGS" >> $GITHUB_OUTPUT | |
| if [[ "${IMAGE_TAG}" == "dev" ]]; then | |
| SHORT_SHA=$(git rev-parse --short ${SHA}) | |
| TAGS=$TAGS",${_AZ_REGISTRY}/${PROJECT_NAME}:dev-${SHORT_SHA}" | |
| fi | |
| echo "tags=$TAGS" >> $GITHUB_OUTPUT | |
| - name: Build Docker image | |
| id: build-artifacts | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile | |
| platforms: | | |
| linux/amd64, | |
| linux/arm/v7, | |
| linux/arm64 | |
| push: true | |
| tags: ${{ steps.image-tags.outputs.tags }} | |
| secrets: | | |
| "GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}" | |
| - name: Install Cosign | |
| if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main' | |
| uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 | |
| - name: Sign image with Cosign | |
| if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main' | |
| env: | |
| DIGEST: ${{ steps.build-artifacts.outputs.digest }} | |
| TAGS: ${{ steps.image-tags.outputs.tags }} | |
| run: | | |
| IFS="," read -a tags <<< "${TAGS}" | |
| images="" | |
| for tag in "${tags[@]}"; do | |
| images+="${tag}@${DIGEST} " | |
| done | |
| cosign sign --yes ${images} | |
| - name: Scan Docker image | |
| id: container-scan | |
| uses: anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1 | |
| with: | |
| image: ${{ steps.image-tags.outputs.primary_tag }} | |
| fail-build: false | |
| output-format: sarif | |
| - name: Upload Grype results to GitHub | |
| uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 | |
| with: | |
| sarif_file: ${{ steps.container-scan.outputs.sarif }} | |
| sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }} | |
| ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }} | |
| - name: Log out from Azure | |
| uses: bitwarden/gh-actions/azure-logout@main | |
| upload: | |
| name: Upload | |
| runs-on: ubuntu-24.04 | |
| needs: build-artifacts | |
| permissions: | |
| id-token: write | |
| actions: read | |
| steps: | |
| - name: Check out repo | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up .NET | |
| uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 | |
| - name: Log in to Azure | |
| uses: bitwarden/gh-actions/azure-login@main | |
| with: | |
| subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| tenant_id: ${{ secrets.AZURE_TENANT_ID }} | |
| client_id: ${{ secrets.AZURE_CLIENT_ID }} | |
| - name: Log in to ACR - production subscription | |
| run: az acr login -n $_AZ_REGISTRY --only-show-errors | |
| - name: Make Docker stubs | |
| if: | | |
| github.event_name != 'pull_request' | |
| && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc') | |
| run: | | |
| # Set proper setup image based on branch | |
| case "$GITHUB_REF" in | |
| "refs/heads/main") | |
| SETUP_IMAGE="$_AZ_REGISTRY/setup:dev" | |
| ;; | |
| "refs/heads/rc") | |
| SETUP_IMAGE="$_AZ_REGISTRY/setup:rc" | |
| ;; | |
| "refs/heads/hotfix-rc") | |
| SETUP_IMAGE="$_AZ_REGISTRY/setup:hotfix-rc" | |
| ;; | |
| esac | |
| STUB_OUTPUT=$(pwd)/docker-stub | |
| # Run setup | |
| docker run -i --rm --name setup -v $STUB_OUTPUT/US:/bitwarden $SETUP_IMAGE \ | |
| /app/Setup -stub 1 -install 1 -domain bitwarden.example.com -os lin -cloud-region US | |
| docker run -i --rm --name setup -v $STUB_OUTPUT/EU:/bitwarden $SETUP_IMAGE \ | |
| /app/Setup -stub 1 -install 1 -domain bitwarden.example.com -os lin -cloud-region EU | |
| sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT | |
| # Remove extra directories and files | |
| rm -rf $STUB_OUTPUT/US/letsencrypt | |
| rm -rf $STUB_OUTPUT/EU/letsencrypt | |
| rm $STUB_OUTPUT/US/env/uid.env $STUB_OUTPUT/US/config.yml | |
| rm $STUB_OUTPUT/EU/env/uid.env $STUB_OUTPUT/EU/config.yml | |
| # Create uid environment files | |
| touch $STUB_OUTPUT/US/env/uid.env | |
| touch $STUB_OUTPUT/EU/env/uid.env | |
| # Zip up the Docker stub files | |
| cd docker-stub/US; zip -r ../../docker-stub-US.zip *; cd ../.. | |
| cd docker-stub/EU; zip -r ../../docker-stub-EU.zip *; cd ../.. | |
| - name: Log out from Azure | |
| uses: bitwarden/gh-actions/azure-logout@main | |
| - name: Upload Docker stub US artifact | |
| if: | | |
| github.event_name != 'pull_request' | |
| && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc') | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
| with: | |
| name: docker-stub-US.zip | |
| path: docker-stub-US.zip | |
| if-no-files-found: error | |
| - name: Upload Docker stub EU artifact | |
| if: | | |
| github.event_name != 'pull_request' | |
| && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc') | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
| with: | |
| name: docker-stub-EU.zip | |
| path: docker-stub-EU.zip | |
| if-no-files-found: error | |
| - name: Build Swagger files | |
| run: | | |
| cd ./dev | |
| pwsh ./generate_openapi_files.ps1 | |
| - name: Upload Public API Swagger artifact | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
| with: | |
| name: swagger.json | |
| path: api.public.json | |
| if-no-files-found: error | |
| - name: Upload Internal API Swagger artifact | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
| with: | |
| name: internal.json | |
| path: api.json | |
| if-no-files-found: error | |
| - name: Upload Identity Swagger artifact | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
| with: | |
| name: identity.json | |
| path: identity.json | |
| if-no-files-found: error | |
| build-mssqlmigratorutility: | |
| name: Build MSSQL migrator utility | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - lint | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: "util/MsSqlMigratorUtility" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - osx-x64 | |
| - linux-x64 | |
| - win-x64 | |
| steps: | |
| - name: Check out repo | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up .NET | |
| uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 | |
| - name: Print environment | |
| run: | | |
| whoami | |
| dotnet --info | |
| echo "GitHub ref: $GITHUB_REF" | |
| echo "GitHub event: $GITHUB_EVENT" | |
| - name: Publish project | |
| run: | | |
| dotnet publish -c "Release" -o obj/build-output/publish -r ${{ matrix.target }} -p:PublishSingleFile=true \ | |
| -p:IncludeNativeLibrariesForSelfExtract=true --self-contained true | |
| - name: Upload project artifact for Windows | |
| if: ${{ contains(matrix.target, 'win') == true }} | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
| with: | |
| name: MsSqlMigratorUtility-${{ matrix.target }} | |
| path: util/MsSqlMigratorUtility/obj/build-output/publish/MsSqlMigratorUtility.exe | |
| if-no-files-found: error | |
| - name: Upload project artifact | |
| if: ${{ contains(matrix.target, 'win') == false }} | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
| with: | |
| name: MsSqlMigratorUtility-${{ matrix.target }} | |
| path: util/MsSqlMigratorUtility/obj/build-output/publish/MsSqlMigratorUtility | |
| if-no-files-found: error | |
| self-host-build: | |
| name: Trigger self-host build | |
| if: | | |
| github.event_name != 'pull_request' | |
| && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc') | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - build-artifacts | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Log in to Azure | |
| uses: bitwarden/gh-actions/azure-login@main | |
| with: | |
| subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| tenant_id: ${{ secrets.AZURE_TENANT_ID }} | |
| client_id: ${{ secrets.AZURE_CLIENT_ID }} | |
| - name: Retrieve GitHub PAT secrets | |
| id: retrieve-secret-pat | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "github-pat-bitwarden-devops-bot-repo-scope" | |
| - name: Log out from Azure | |
| uses: bitwarden/gh-actions/azure-logout@main | |
| - name: Trigger self-host build | |
| uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 | |
| with: | |
| github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: 'bitwarden', | |
| repo: 'self-host', | |
| workflow_id: 'build-unified.yml', | |
| ref: 'main', | |
| inputs: { | |
| server_branch: process.env.GITHUB_REF | |
| } | |
| }); | |
| trigger-k8s-deploy: | |
| name: Trigger k8s deploy | |
| if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - build-artifacts | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Log in to Azure | |
| uses: bitwarden/gh-actions/azure-login@main | |
| with: | |
| subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| tenant_id: ${{ secrets.AZURE_TENANT_ID }} | |
| client_id: ${{ secrets.AZURE_CLIENT_ID }} | |
| - name: Retrieve GitHub PAT secrets | |
| id: retrieve-secret-pat | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "github-pat-bitwarden-devops-bot-repo-scope" | |
| - name: Log out from Azure | |
| uses: bitwarden/gh-actions/azure-logout@main | |
| - name: Trigger k8s deploy | |
| uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 | |
| with: | |
| github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: 'bitwarden', | |
| repo: 'devops', | |
| workflow_id: 'deploy-k8s.yml', | |
| ref: 'main', | |
| inputs: { | |
| environment: 'US-DEV Cloud', | |
| tag: 'main' | |
| } | |
| }) | |
| setup-ephemeral-environment: | |
| name: Setup Ephemeral Environment | |
| needs: | |
| - build-artifacts | |
| if: | | |
| needs.build-artifacts.outputs.has_secrets == 'true' | |
| && github.event_name == 'pull_request' | |
| && contains(github.event.pull_request.labels.*.name, 'ephemeral-environment') | |
| uses: bitwarden/gh-actions/.github/workflows/_ephemeral_environment_manager.yml@main | |
| with: | |
| project: server | |
| pull_request_number: ${{ github.event.number || 0 }} | |
| secrets: inherit | |
| permissions: | |
| contents: read | |
| id-token: write | |
| check-failures: | |
| name: Check for failures | |
| if: always() | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - lint | |
| - build-artifacts | |
| - upload | |
| - build-mssqlmigratorutility | |
| - self-host-build | |
| - trigger-k8s-deploy | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Check if any job failed | |
| if: | | |
| github.event_name != 'pull_request' | |
| && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc') | |
| && contains(needs.*.result, 'failure') | |
| run: exit 1 | |
| - name: Log in to Azure | |
| uses: bitwarden/gh-actions/azure-login@main | |
| with: | |
| subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| tenant_id: ${{ secrets.AZURE_TENANT_ID }} | |
| client_id: ${{ secrets.AZURE_CLIENT_ID }} | |
| - name: Retrieve secrets | |
| id: retrieve-secrets | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| if: failure() | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "devops-alerts-slack-webhook-url" | |
| - name: Log out from Azure | |
| uses: bitwarden/gh-actions/azure-logout@main | |
| - name: Notify Slack on failure | |
| uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 | |
| if: failure() | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} | |
| with: | |
| status: ${{ job.status }} |