From 9811c3867738c4170dfdf475de8818f58f224d58 Mon Sep 17 00:00:00 2001 From: Alex Urbina <42731074+urbinaalex17@users.noreply.github.com> Date: Thu, 5 Sep 2024 08:27:42 -0600 Subject: [PATCH] BRE-141 Refactor Release workflow to split deploy/publish steps (#174) * BRE-141 REFACTOR: Release workflow to split deploy/publish steps * Update .github/workflows/publish.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Update .github/workflows/publish.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Update .github/workflows/publish.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Update .github/workflows/publish.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Update .github/workflows/publish.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Update .github/workflows/publish.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Update .github/workflows/publish.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Update .github/workflows/publish.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Update .github/workflows/publish.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Update .github/workflows/publish.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Update .github/workflows/publish.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --------- Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/publish.yml | 97 +++++++++++++++++++++++++++++++++++ .github/workflows/release.yml | 63 ----------------------- 2 files changed, 97 insertions(+), 63 deletions(-) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..b068971 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,97 @@ +--- +name: Publish +run-name: Publish ${{ inputs.publish_type }} + +on: + workflow_dispatch: + inputs: + publish_type: + description: "Publish Options" + default: "Initial Publish" + type: choice + options: + - Initial Publish + - Redeploy + - Dry Run + version: + description: 'Version to publish (default: latest release)' + required: true + type: string + default: latest + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version-output.outputs.version }} + steps: + - name: Version output + id: version-output + run: | + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + VERSION=$(curl "https://api.github.com/repos/bitwarden/directory-connector/releases" | jq -c '.[] | select(.tag_name) | .tag_name' | head -1 | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi + + publish-docker: + name: Publish Docker images + runs-on: ubuntu-22.04 + needs: setup + env: + _AZ_REGISTRY: bitwardenprod.azurecr.io + _PROJECT_NAME: key-connector + _RELEASE_VERSION: ${{ needs.setup.outputs.release-version }} + + steps: + - name: Log in to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + + - name: Log in to ACR + run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} + + - name: Set up DCT + id: setup-dct + uses: bitwarden/gh-actions/setup-docker-trust@main + with: + azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + azure-keyvault-name: "bitwarden-ci" + + - name: Pull image + run: docker pull $_AZ_REGISTRY/$_PROJECT_NAME:dev + + - name: Tag version and latest + run: | + if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then + docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:dryrun + else + docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION + docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev $_AZ_REGISTRY/$_PROJECT_NAME:latest + + docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION + docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:latest + fi + + - name: Push release version and latest image to ACR + if: ${{ inputs.publish_type != 'Dry Run' }} + run: | + docker push $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION + docker push $_AZ_REGISTRY/$_PROJECT_NAME:latest + + - name: Push release version and latest image to Docker Hub + if: ${{ inputs.publish_type != 'Dry Run' }} + env: + DOCKER_CONTENT_TRUST: 1 + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} + run: | + docker push bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION + docker push bitwarden/$_PROJECT_NAME:latest + + - name: Log out of Docker + run: docker logout diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 72f6065..29d98a2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -66,74 +66,11 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} draft: true - release-docker: - name: Build Docker images - runs-on: ubuntu-22.04 - needs: - - setup - - release-github - env: - _AZ_REGISTRY: bitwardenprod.azurecr.io - _PROJECT_NAME: key-connector - _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} - _BRANCH_NAME: ${{ needs.setup.outputs.branch-name }} - _RELEASE_OPTION: ${{ inputs.release_type }} - - steps: - - name: Log in to Azure - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - - name: Log in to ACR - run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} - - - name: Set up DCT - id: setup-dct - uses: bitwarden/gh-actions/setup-docker-trust@main - with: - azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - azure-keyvault-name: "bitwarden-ci" - - - name: Pull image - run: docker pull $_AZ_REGISTRY/$_PROJECT_NAME:dev - - - name: Tag version and latest - run: | - if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then - docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:dryrun - else - docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION - docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev $_AZ_REGISTRY/$_PROJECT_NAME:latest - - docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION - docker tag $_AZ_REGISTRY/$_PROJECT_NAME:dev bitwarden/$_PROJECT_NAME:latest - fi - - - name: Push release version and latest image to ACR - if: ${{ inputs.release_type != 'Dry Run' }} - run: | - docker push $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_VERSION - docker push $_AZ_REGISTRY/$_PROJECT_NAME:latest - - - name: Push release version and latest image to Docker Hub - if: ${{ inputs.release_type != 'Dry Run' }} - env: - DOCKER_CONTENT_TRUST: 1 - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} - run: | - docker push bitwarden/$_PROJECT_NAME:$_RELEASE_VERSION - docker push bitwarden/$_PROJECT_NAME:latest - - - name: Log out of Docker - run: docker logout - check-failures: name: Check for failures if: always() runs-on: ubuntu-22.04 needs: - - release-docker - release-github - setup steps: