Build - 3b3a9dab-e07a-4de0-b673-8aced7d94776 #7
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Build | |
run-name: ${{ inputs.id != 0 && format('Build - {0}', inputs.id) || 'Build' }} | |
on: | |
workflow_dispatch: | |
inputs: | |
id: | |
description: "AUTOMATION ONLY - Do not fill out" | |
required: false | |
push: | |
branches: | |
- "main" | |
- "rc" | |
- "hotfix-rc" | |
pull_request: | |
env: | |
_AZ_REGISTRY: "bitwardenprod.azurecr.io" | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up .NET | |
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 | |
- name: Verify format | |
run: dotnet format --verify-no-changes | |
build-artifacts: | |
name: Build artifacts | |
runs-on: ubuntu-22.04 | |
needs: | |
- lint | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- project_name: Admin | |
base_path: ./src | |
node: true | |
- project_name: Api | |
base_path: ./src | |
- project_name: Billing | |
base_path: ./src | |
- project_name: Events | |
base_path: ./src | |
- project_name: EventsProcessor | |
base_path: ./src | |
- project_name: Icons | |
base_path: ./src | |
- project_name: Identity | |
base_path: ./src | |
- project_name: MsSqlMigratorUtility | |
base_path: ./util | |
dotnet: true | |
- project_name: Notifications | |
base_path: ./src | |
- project_name: Scim | |
base_path: ./bitwarden_license/src | |
dotnet: true | |
- project_name: Server | |
base_path: ./util | |
- project_name: Setup | |
base_path: ./util | |
- project_name: Sso | |
base_path: ./bitwarden_license/src | |
node: true | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up .NET | |
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 | |
- name: Set up Node | |
uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 | |
with: | |
cache: "npm" | |
cache-dependency-path: "**/package-lock.json" | |
node-version: "16" | |
- name: Print environment | |
run: | | |
whoami | |
dotnet --info | |
node --version | |
npm --version | |
echo "GitHub ref: $GITHUB_REF" | |
echo "GitHub event: $GITHUB_EVENT" | |
- name: Build node | |
if: ${{ matrix.node }} | |
working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }} | |
run: | | |
npm ci | |
npm run build | |
- name: Publish project | |
working-directory: ${{ matrix.base_path }}/${{ matrix.project_name }} | |
run: | | |
echo "Publish" | |
dotnet publish -c "Release" -o obj/build-output/publish | |
cd obj/build-output/publish | |
zip -r ${{ matrix.project_name }}.zip . | |
mv ${{ matrix.project_name }}.zip ../../../ | |
pwd | |
ls -atlh ../../../ | |
- name: Upload project artifact | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: ${{ matrix.project_name }}.zip | |
path: ${{ matrix.base_path }}/${{ matrix.project_name }}/${{ matrix.project_name }}.zip | |
if-no-files-found: error | |
upload: | |
name: Upload | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up .NET | |
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 | |
- name: Log in to Azure - production subscription | |
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
with: | |
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} | |
- name: Log in to ACR - production subscription | |
run: az acr login -n $_AZ_REGISTRY --only-show-errors | |
- name: Make Docker stubs | |
if: github.ref == 'refs/heads/main' || | |
github.ref == 'refs/heads/rc' || | |
github.ref == 'refs/heads/hotfix-rc' | |
run: | | |
# Set proper setup image based on branch | |
case "${{ github.ref }}" in | |
"refs/heads/main") | |
SETUP_IMAGE="$_AZ_REGISTRY/setup:dev" | |
;; | |
"refs/heads/rc") | |
SETUP_IMAGE="$_AZ_REGISTRY/setup:rc" | |
;; | |
"refs/heads/hotfix-rc") | |
SETUP_IMAGE="$_AZ_REGISTRY/setup:hotfix-rc" | |
;; | |
esac | |
STUB_OUTPUT=$(pwd)/docker-stub | |
# Run setup | |
docker run -i --rm --name setup -v $STUB_OUTPUT/US:/bitwarden $SETUP_IMAGE \ | |
dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin -cloud-region US | |
docker run -i --rm --name setup -v $STUB_OUTPUT/EU:/bitwarden $SETUP_IMAGE \ | |
dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin -cloud-region EU | |
sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT | |
# Remove extra directories and files | |
rm -rf $STUB_OUTPUT/US/letsencrypt | |
rm -rf $STUB_OUTPUT/EU/letsencrypt | |
rm $STUB_OUTPUT/US/env/uid.env $STUB_OUTPUT/US/config.yml | |
rm $STUB_OUTPUT/EU/env/uid.env $STUB_OUTPUT/EU/config.yml | |
# Create uid environment files | |
touch $STUB_OUTPUT/US/env/uid.env | |
touch $STUB_OUTPUT/EU/env/uid.env | |
# Zip up the Docker stub files | |
cd docker-stub/US; zip -r ../../docker-stub-US.zip *; cd ../.. | |
cd docker-stub/EU; zip -r ../../docker-stub-EU.zip *; cd ../.. | |
- name: Make Docker stub checksums | |
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc' | |
run: | | |
sha256sum docker-stub-US.zip > docker-stub-US-sha256.txt | |
sha256sum docker-stub-EU.zip > docker-stub-EU-sha256.txt | |
- name: Upload Docker stub US artifact | |
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc' | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: docker-stub-US.zip | |
path: docker-stub-US.zip | |
if-no-files-found: error | |
- name: Upload Docker stub EU artifact | |
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc' | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: docker-stub-EU.zip | |
path: docker-stub-EU.zip | |
if-no-files-found: error | |
- name: Upload Docker stub US checksum artifact | |
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc' | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: docker-stub-US-sha256.txt | |
path: docker-stub-US-sha256.txt | |
if-no-files-found: error | |
- name: Upload Docker stub EU checksum artifact | |
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc' | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: docker-stub-EU-sha256.txt | |
path: docker-stub-EU-sha256.txt | |
if-no-files-found: error | |
- name: Build Swagger | |
run: | | |
cd ./src/Api | |
echo "Restore tools" | |
dotnet tool restore | |
echo "Publish" | |
dotnet publish -c "Release" -o obj/build-output/publish | |
dotnet swagger tofile --output ../../swagger.json --host https://api.bitwarden.com \ | |
./obj/build-output/publish/Api.dll public | |
cd ../.. | |
env: | |
ASPNETCORE_ENVIRONMENT: Production | |
swaggerGen: "True" | |
DOTNET_ROLL_FORWARD_ON_NO_CANDIDATE_FX: 2 | |
GLOBALSETTINGS__SQLSERVER__CONNECTIONSTRING: "placeholder" | |
- name: Upload Swagger artifact | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: swagger.json | |
path: swagger.json | |
if-no-files-found: error | |
build-mssqlmigratorutility: | |
name: Build MSSQL migrator utility | |
runs-on: ubuntu-22.04 | |
needs: lint | |
defaults: | |
run: | |
shell: bash | |
working-directory: "util/MsSqlMigratorUtility" | |
strategy: | |
fail-fast: false | |
matrix: | |
target: | |
- osx-x64 | |
- linux-x64 | |
- win-x64 | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up .NET | |
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0 | |
- name: Print environment | |
run: | | |
whoami | |
dotnet --info | |
echo "GitHub ref: $GITHUB_REF" | |
echo "GitHub event: $GITHUB_EVENT" | |
- name: Publish project | |
run: | | |
dotnet publish -c "Release" -o obj/build-output/publish -r ${{ matrix.target }} -p:PublishSingleFile=true \ | |
-p:IncludeNativeLibrariesForSelfExtract=true --self-contained true | |
- name: Upload project artifact for Windows | |
if: ${{ contains(matrix.target, 'win') == true }} | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: MsSqlMigratorUtility-${{ matrix.target }} | |
path: util/MsSqlMigratorUtility/obj/build-output/publish/MsSqlMigratorUtility.exe | |
if-no-files-found: error | |
- name: Upload project artifact | |
if: ${{ contains(matrix.target, 'win') == false }} | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: MsSqlMigratorUtility-${{ matrix.target }} | |
path: util/MsSqlMigratorUtility/obj/build-output/publish/MsSqlMigratorUtility | |
if-no-files-found: error | |
self-host-build: | |
name: Trigger self-host build | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Log in to Azure - CI subscription | |
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
with: | |
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
- name: Retrieve GitHub PAT secrets | |
id: retrieve-secret-pat | |
uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
with: | |
keyvault: "bitwarden-ci" | |
secrets: "github-pat-bitwarden-devops-bot-repo-scope" | |
- name: Trigger self-host build | |
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 | |
with: | |
github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }} | |
script: | | |
await github.rest.actions.createWorkflowDispatch({ | |
owner: 'bitwarden', | |
repo: 'self-host', | |
workflow_id: 'build-unified.yml', | |
ref: 'main', | |
inputs: { | |
server_branch: '${{ github.ref }}' | |
} | |
}) | |
check-failures: | |
name: Check for failures | |
if: always() | |
runs-on: ubuntu-22.04 | |
needs: | |
- lint | |
- build-artifacts | |
- upload | |
- build-mssqlmigratorutility | |
- self-host-build | |
steps: | |
- name: Check if any job failed | |
if: | | |
(github.ref == 'refs/heads/main' | |
|| github.ref == 'refs/heads/rc' | |
|| github.ref == 'refs/heads/hotfix-rc') | |
&& contains(needs.*.result, 'failure') | |
run: exit 1 | |
- name: Log in to Azure - CI subscription | |
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
if: failure() | |
with: | |
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
- name: Retrieve secrets | |
id: retrieve-secrets | |
uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
if: failure() | |
with: | |
keyvault: "bitwarden-ci" | |
secrets: "devops-alerts-slack-webhook-url" | |
- name: Notify Slack on failure | |
uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 | |
if: failure() | |
env: | |
SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} | |
with: | |
status: ${{ job.status }} |