From a6fd484c31aead9f8bbdc0576cc2be3a069c9891 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Mon, 30 Sep 2024 15:12:34 +0200 Subject: [PATCH] [BRE-224] Create a GitHub release workflows for sdk (#1078) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## 🎟ī¸ Tracking https://bitwarden.atlassian.net/browse/BRE-224 ## 📔 Objective Create and/or split workflow to create a GitHub Release for SDK parts. ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## đŸĻŽ Reviewer guidelines - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹī¸ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠ī¸ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or â™ģī¸ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes --------- Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/build-ruby.yml | 95 +++++++++++ .../{release-cli.yml => publish-bws.yml} | 116 +++++++------ .github/workflows/publish-dotnet.yml | 69 ++++++-- .github/workflows/publish-java.yml | 27 ++- .github/workflows/publish-napi.yml | 155 ++++++++++++++++++ .github/workflows/publish-python.yml | 55 +++++-- .github/workflows/publish-ruby.yml | 130 +++++++-------- .github/workflows/publish-rust-crates.yml | 38 ++++- .github/workflows/publish-wasm.yml | 138 ++++++++++++++++ .github/workflows/release-bws.yml | 77 +++++++++ .github/workflows/release-cpp.yml | 8 +- .github/workflows/release-dotnet.yml | 76 +++++++++ .github/workflows/release-java.yml | 61 +++++++ .github/workflows/release-napi.yml | 142 ++++------------ .github/workflows/release-python.yml | 74 +++++++++ .github/workflows/release-ruby.yml | 71 ++++++++ .github/workflows/release-rust-crates.yml | 53 ++++++ .github/workflows/release-wasm.yml | 96 +++-------- 18 files changed, 1128 insertions(+), 353 deletions(-) create mode 100644 .github/workflows/build-ruby.yml rename .github/workflows/{release-cli.yml => publish-bws.yml} (72%) create mode 100644 .github/workflows/publish-napi.yml create mode 100644 .github/workflows/publish-wasm.yml create mode 100644 .github/workflows/release-bws.yml create mode 100644 .github/workflows/release-dotnet.yml create mode 100644 .github/workflows/release-java.yml create mode 100644 .github/workflows/release-python.yml create mode 100644 .github/workflows/release-ruby.yml create mode 100644 .github/workflows/release-rust-crates.yml diff --git a/.github/workflows/build-ruby.yml b/.github/workflows/build-ruby.yml new file mode 100644 index 000000000..5a3f1a016 --- /dev/null +++ b/.github/workflows/build-ruby.yml @@ -0,0 +1,95 @@ +--- +name: Build Ruby + +on: + pull_request: + push: + branches: + - "main" + workflow_dispatch: + +jobs: + build: + name: Build Ruby + runs-on: ubuntu-22.04 + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Set up Ruby + uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0 + with: + ruby-version: 3.2 + + - name: Download artifacts + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: generate_schemas.yml + path: languages/ruby/bitwarden_sdk_secrets/lib + workflow_conclusion: success + branch: ${{ github.ref_name }} + artifacts: schemas.rb + + - name: Download x86_64-apple-darwin artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-rust-cross-platform.yml + path: temp/macos-x64 + workflow_conclusion: success + branch: ${{ github.ref_name }} + artifacts: libbitwarden_c_files-x86_64-apple-darwin + + - name: Download aarch64-apple-darwin artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: ${{ github.ref_name }} + artifacts: libbitwarden_c_files-aarch64-apple-darwin + path: temp/macos-arm64 + + - name: Download x86_64-unknown-linux-gnu artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: ${{ github.ref_name }} + artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu + path: temp/linux-x64 + + - name: Download x86_64-pc-windows-msvc artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: ${{ github.ref_name }} + artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc + path: temp/windows-x64 + + - name: Copy lib files + run: | + mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/macos-arm64 + mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/linux-x64 + mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/macos-x64 + mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/windows-x64 + + platforms=("macos-arm64" "linux-x64" "macos-x64" "windows-x64") + files=("libbitwarden_c.dylib" "libbitwarden_c.so" "libbitwarden_c.dylib" "bitwarden_c.dll") + + for ((i=0; i<${#platforms[@]}; i++)); do + cp "temp/${platforms[$i]}/${files[$i]}" "languages/ruby/bitwarden_sdk_secrets/lib/${platforms[$i]}/${files[$i]}" + done + + - name: bundle install + run: bundle install + working-directory: languages/ruby/bitwarden_sdk_secrets + + - name: Build gem + run: gem build bitwarden-sdk-secrets.gemspec + working-directory: languages/ruby/bitwarden_sdk_secrets + + - name: Upload artifact + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + with: + path: bitwarden-sdk-secrets-*.gem + name: bitwarden-sdk-secrets diff --git a/.github/workflows/release-cli.yml b/.github/workflows/publish-bws.yml similarity index 72% rename from .github/workflows/release-cli.yml rename to .github/workflows/publish-bws.yml index 30f0dfd93..506427faa 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/publish-bws.yml @@ -1,6 +1,6 @@ --- -name: Release CLI -run-name: Release CLI ${{ inputs.release_type }} +name: Publish bws CLI +run-name: Publish bws CLI ${{ inputs.release_type }} on: workflow_dispatch: @@ -13,6 +13,11 @@ on: options: - Release - Dry Run + version: + description: 'Version to publish (default: latest bws cli release)' + required: true + type: string + default: latest env: _AZ_REGISTRY: bitwardenprod.azurecr.io @@ -22,7 +27,9 @@ jobs: name: Setup runs-on: ubuntu-22.04 outputs: - release-version: ${{ steps.version.outputs.version }} + release-version: ${{ steps.version-output.outputs.version }} + release-tag: ${{ steps.version-output.outputs.tag_name }} + deployment-id: ${{ steps.deployment.outputs.deployment_id }} steps: - name: Checkout repo uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 @@ -37,11 +44,21 @@ jobs: exit 1 fi - - name: Check Release Version - id: version + - name: Version output + id: version-output run: | - VERSION=$(grep -o '^version = ".*"' crates/bws/Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") - echo "version=$VERSION" >> $GITHUB_OUTPUT + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("bws")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi - name: Create GitHub deployment if: ${{ inputs.release_type != 'Dry Run' }} @@ -50,66 +67,18 @@ jobs: with: token: "${{ secrets.GITHUB_TOKEN }}" initial-status: "in_progress" - environment: "CLI - Production" - description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" + environment: "bws CLI - Production" + description: "Deployment ${{ steps.version-output.outputs.version }} from branch ${{ github.ref_name }}" task: release - - name: Download all Release artifacts - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-cli.yml - path: packages - workflow_conclusion: success - branch: ${{ github.ref_name }} - - - name: Get checksum files - uses: bitwarden/gh-actions/get-checksum@main - with: - packages_dir: "packages" - file_path: "packages/bws-sha256-checksums-${{ steps.version.outputs.version }}.txt" - - - name: Create release - if: ${{ inputs.release_type != 'Dry Run' }} - uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 - env: - PKG_VERSION: ${{ steps.version.outputs.version }} - with: - artifacts: "packages/bws-x86_64-apple-darwin-${{ env.PKG_VERSION }}.zip, - packages/bws-aarch64-apple-darwin-${{ env.PKG_VERSION }}.zip, - packages/bws-macos-universal-${{ env.PKG_VERSION }}.zip, - packages/bws-x86_64-pc-windows-msvc-${{ env.PKG_VERSION }}.zip, - packages/bws-aarch64-pc-windows-msvc-${{ env.PKG_VERSION }}.zip, - packages/bws-x86_64-unknown-linux-gnu-${{ env.PKG_VERSION }}.zip, - packages/bws-aarch64-unknown-linux-gnu-${{ env.PKG_VERSION }}.zip, - packages/THIRDPARTY.html, - packages/bws-sha256-checksums-${{ env.PKG_VERSION }}.txt" - commit: ${{ github.sha }} - tag: bws-v${{ env.PKG_VERSION }} - name: bws CLI v${{ env.PKG_VERSION }} - body: "" - token: ${{ secrets.GITHUB_TOKEN }} - draft: true - - - name: Update deployment status to Success - if: ${{ inputs.release_type != 'Dry Run' && success() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: "${{ secrets.GITHUB_TOKEN }}" - state: "success" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - - name: Update deployment status to Failure - if: ${{ inputs.release_type != 'Dry Run' && failure() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: "${{ secrets.GITHUB_TOKEN }}" - state: "failure" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} publish: name: Publish bws to crates.io runs-on: ubuntu-22.04 needs: setup + env: + _VERSION: ${{ needs.setup.outputs.release-version }} + _TAG_NAME: ${{ needs.setup.outputs.release-tag }} steps: - name: Checkout uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 @@ -118,6 +87,7 @@ jobs: uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + ref: ${{ env._TAG_NAME }} - name: Retrieve secrets id: retrieve-secrets @@ -151,6 +121,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + with: + ref: ${{ env._TAG_NAME }} - name: Generate tag list id: tag-list @@ -218,3 +190,27 @@ jobs: run: | docker logout echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV + + update_release_status: + name: Update GitHub deployment status + runs-on: ubuntu-22.04 + needs: setup + if: ${{ inputs.release_type != 'Dry Run' }} + env: + _DEPLOYMENT_ID: ${{ needs.setup.outputs.deployment-id }} + steps: + - name: Update deployment status to Success + if: ${{ inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "success" + deployment-id: ${{ env._DEPLOYMENT_ID }} + + - name: Update deployment status to Failure + if: ${{ inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "failure" + deployment-id: ${{ env._DEPLOYMENT_ID }} diff --git a/.github/workflows/publish-dotnet.yml b/.github/workflows/publish-dotnet.yml index 28a57e683..baafcc522 100644 --- a/.github/workflows/publish-dotnet.yml +++ b/.github/workflows/publish-dotnet.yml @@ -12,6 +12,10 @@ on: options: - Release - Dry Run + version: + description: "Release Version" + required: false + default: "latest" env: _KEY_VAULT: "bitwarden-ci" @@ -21,7 +25,7 @@ jobs: name: Setup runs-on: ubuntu-22.04 outputs: - version: ${{ steps.version.outputs.version }} + version: ${{ steps.version-output.outputs.version }} steps: - name: Checkout repo uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 @@ -29,35 +33,50 @@ jobs: - name: Branch check if: ${{ inputs.release_type != 'Dry Run' }} run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "[!] Can only release from the 'main' branch" echo "===================================" exit 1 fi - - name: Install xmllint - run: sudo apt-get install -y libxml2-utils - - - name: Get version - id: version + - name: Version output + id: version-output run: | - VERSION=$(xmllint --xpath 'string(/Project/PropertyGroup/Version)' languages/csharp/Bitwarden.Sdk/Bitwarden.Sdk.csproj) - echo "version=$VERSION" >> $GITHUB_OUTPUT + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("dotnet")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi deploy: name: Deploy runs-on: ubuntu-22.04 needs: validate steps: - - name: Download NuGet package - uses: bitwarden/gh-actions/download-artifacts@main + - name: Create GitHub deployment + if: ${{ inputs.release_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment with: - workflow: build-dotnet.yml - workflow_conclusion: success - branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} - artifacts: Bitwarden.Sdk.${{ needs.validate.outputs.version }}.nupkg - path: ./nuget-output + token: '${{ secrets.GITHUB_TOKEN }}' + initial-status: 'in_progress' + environment: 'dotnet - Production' + description: 'Deployment ${{ needs.validate.outputs.version }} from branch ${{ github.ref_name }}' + task: release + + - name: Download artifact + run: | + mkdir -p nuget-output + cd nuget-output + wget https://github.com/bitwarden/sdk/releases/download/dotnet-v${{ needs.validate.outputs.version }}/Bitwarden.Sdk.${{ needs.validate.outputs.version }}.nupkg - name: Login to Azure - Prod Subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 @@ -76,3 +95,19 @@ jobs: env: NUGET_API_KEY: ${{ steps.retrieve-secrets.outputs.nuget-api-key }} run: dotnet nuget push ./nuget-output/*.nupkg -k ${{ env.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json + + - name: Update deployment status to Success + if: ${{ inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: '${{ secrets.GITHUB_TOKEN }}' + state: 'success' + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + - name: Update deployment status to Failure + if: ${{ inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: '${{ secrets.GITHUB_TOKEN }}' + state: 'failure' + deployment-id: ${{ steps.deployment.outputs.deployment_id }} diff --git a/.github/workflows/publish-java.yml b/.github/workflows/publish-java.yml index 98f6fadd2..002a61ee4 100644 --- a/.github/workflows/publish-java.yml +++ b/.github/workflows/publish-java.yml @@ -13,6 +13,10 @@ on: options: - Release - Dry Run + version: + description: "Release Version" + required: false + default: "latest" defaults: run: @@ -27,7 +31,8 @@ jobs: name: Setup runs-on: ubuntu-22.04 outputs: - version: ${{ steps.version.outputs.version }} + version: ${{ steps.version-output.outputs.version }} + tag_name: ${{ steps.version-output.outputs.tag_name }} steps: - name: Checkout repo uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 @@ -42,11 +47,21 @@ jobs: exit 1 fi - - name: Get version - id: version + - name: Version output + id: version-output run: | - VERSION=$(cat build.gradle | grep -Eo 'version = "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') - echo "version=$VERSION" >> $GITHUB_OUTPUT + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("java")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi publish: name: Publish @@ -55,6 +70,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + with: + ref: ${{ needs.validate.outputs.tag_name }} - name: Azure login uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 diff --git a/.github/workflows/publish-napi.yml b/.github/workflows/publish-napi.yml new file mode 100644 index 000000000..6a284d4a4 --- /dev/null +++ b/.github/workflows/publish-napi.yml @@ -0,0 +1,155 @@ +--- +name: Publish @bitwarden/sdk-napi +run-name: Publish @bitwarden/sdk-napi ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + version: + description: "Release Version" + required: false + default: "latest" + +defaults: + run: + working-directory: crates/bitwarden-napi + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version-output.outputs.version }} + tag-name: ${{ steps.version-output.outputs.tag_name }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Version output + id: version-output + run: | + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("napi")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi + + npm: + name: Publish NPM + runs-on: ubuntu-22.04 + needs: setup + env: + _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + _TAG_NAME: ${{ needs.setup.outputs.tag-name }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ env._TAG_NAME }} + + - name: Create GitHub deployment + if: ${{ inputs.release_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment + with: + token: "${{ secrets.GITHUB_TOKEN }}" + initial-status: "in_progress" + environment: "Bitwarden SDK NAPI - Production" + description: "Deployment ${{ env._PKG_VERSION }} from branch ${{ github.ref_name }}" + task: release + + - name: Setup Node + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + with: + node-version: 18 + cache: "npm" + cache-dependency-path: crates/bitwarden-napi/package-lock.json + + - name: Download schemas.ts artifact + run: | + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ env._PKG_VERSION }}/schemas.ts + mv schemas.ts ${{ github.workspace }}/crates/bitwarden-napi/src-ts/bitwarden_client/schemas.ts + + - name: Install dependencies + run: npm ci + + - name: Run tsc + run: npm run tsc + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "npm-api-key" + + - name: Download sdk-napi artifacts + run: | + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ env._PKG_VERSION }}/sdk-napi.darwin-arm64.node + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ env._PKG_VERSION }}/sdk-napi.darwin-x64.node + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ env._PKG_VERSION }}/sdk-napi.win32-x64-msvc.node + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ env._PKG_VERSION }}/sdk-napi.linux-x64-gnu.node + mv sdk-napi.*.node ${{ github.workspace }}/crates/bitwarden-napi/artifacts + + - name: Move artifacts + run: npm run artifacts + + - name: Setup NPM + run: | + echo 'registry="https://registry.npmjs.org/"' > ./.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc + + echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + env: + NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} + + - name: Publish NPM + if: ${{ inputs.release_type != 'Dry Run' }} + run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc + + - name: Update deployment status to Success + if: ${{ inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "success" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + - name: Update deployment status to Failure + if: ${{ inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "failure" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} diff --git a/.github/workflows/publish-python.yml b/.github/workflows/publish-python.yml index dcbfee22f..7e3395093 100644 --- a/.github/workflows/publish-python.yml +++ b/.github/workflows/publish-python.yml @@ -13,6 +13,10 @@ on: options: - Release - Dry Run + version: + description: "Release Version" + required: false + default: "latest" defaults: run: @@ -22,6 +26,9 @@ jobs: setup: name: Setup runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version-output.outputs.version }} + tag_name: ${{ steps.version-output.outputs.tag_name }} steps: - name: Checkout repo uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 @@ -29,18 +36,39 @@ jobs: - name: Branch check if: ${{ inputs.release_type != 'Dry Run' }} run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "[!] Can only release from the 'main' branch" echo "===================================" exit 1 fi + - name: Version output + id: version-output + run: | + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("python")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi + publish: name: Publish runs-on: ubuntu-22.04 needs: setup steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ needs.setup.outputs.tag_name }} + - name: Install Python uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: @@ -49,15 +77,20 @@ jobs: - name: Install twine run: pip install twine - - name: Download artifacts - uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 - with: - workflow: build-python-wheels.yml - path: ${{ github.workspace }}/target/wheels/dist - workflow_conclusion: success - branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} - name: bitwarden_sdk(.*) - name_is_regexp: true + - name: Get release assets + working-directory: ${{ github.workspace }}/target/wheels/dist + run: | + ARTIFACT_URLS=$(curl -sSL https://api.github.com/repos/bitwarden/sdk/releases/tags/${{ needs.setup.outputs.tag_name }} | jq -r '.assets[].browser_download_url') + for url in $ARTIFACT_URLS; do + wget $url + done + + - name: Unpack release assets + working-directory: ${{ github.workspace }}/target/wheels/dist + run: | + for file in *.zip; do + unzip $file + done - name: Move files working-directory: ${{ github.workspace }}/target/wheels/dist diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index 6184586a1..875def064 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -12,15 +12,22 @@ on: options: - Release - Dry Run + version: + description: "Release Version" + required: false + default: "latest" permissions: contents: read id-token: write jobs: - publish_ruby: - name: Publish Ruby + setup: + name: Setup runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version-output.outputs.version }} + tag-name: ${{ steps.version-output.outputs.tag_name }} steps: - name: Checkout Repository uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 @@ -35,69 +42,45 @@ jobs: exit 1 fi - - name: Set up Ruby - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0 - with: - ruby-version: 3.2 - - - name: Download artifacts - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: generate_schemas.yml - path: languages/ruby/bitwarden_sdk_secrets/lib - workflow_conclusion: success - branch: main - artifacts: schemas.rb - - - name: Download x86_64-apple-darwin artifact - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-rust-cross-platform.yml - path: temp/macos-x64 - workflow_conclusion: success - branch: main - artifacts: libbitwarden_c_files-x86_64-apple-darwin - - - name: Download aarch64-apple-darwin artifact - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-rust-cross-platform.yml - workflow_conclusion: success - branch: main - artifacts: libbitwarden_c_files-aarch64-apple-darwin - path: temp/macos-arm64 + - name: Version output + id: version-output + run: | + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("ruby")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi - - name: Download x86_64-unknown-linux-gnu artifact - uses: bitwarden/gh-actions/download-artifacts@main + publish: + name: Publish + runs-on: ubuntu-22.04 + needs: setup + env: + _VERSION: ${{ needs.setup.outputs.release-version }} + _TAG_NAME: ${{ needs.setup.outputs.tag-name }} + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: - workflow: build-rust-cross-platform.yml - workflow_conclusion: success - branch: main - artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu - path: temp/linux-x64 + ref: ${{ env._TAG_NAME }} - - name: Download x86_64-pc-windows-msvc artifact - uses: bitwarden/gh-actions/download-artifacts@main + - name: Create GitHub deployment + if: ${{ inputs.release_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment with: - workflow: build-rust-cross-platform.yml - workflow_conclusion: success - branch: main - artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc - path: temp/windows-x64 - - - name: Copy lib files - run: | - mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/macos-arm64 - mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/linux-x64 - mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/macos-x64 - mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/windows-x64 - - platforms=("macos-arm64" "linux-x64" "macos-x64" "windows-x64") - files=("libbitwarden_c.dylib" "libbitwarden_c.so" "libbitwarden_c.dylib" "bitwarden_c.dll") - - for ((i=0; i<${#platforms[@]}; i++)); do - cp "temp/${platforms[$i]}/${files[$i]}" "languages/ruby/bitwarden_sdk_secrets/lib/${platforms[$i]}/${files[$i]}" - done + token: "${{ secrets.GITHUB_TOKEN }}" + initial-status: "in_progress" + environment: "Bitwarden Ruby SDK - Production" + description: "Deployment ${{ env._VERSION }} from branch ${{ github.ref_name }}" + task: release - name: Login to Azure uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 @@ -111,13 +94,8 @@ jobs: keyvault: "bitwarden-ci" secrets: "rubygem-api-key" - - name: bundle install - run: bundle install - working-directory: languages/ruby/bitwarden_sdk_secrets - - - name: Build gem - run: gem build bitwarden-sdk-secrets.gemspec - working-directory: languages/ruby/bitwarden_sdk_secrets + - name: Download ruby artifact + run: wget https://github.com/bitwarden/sdk/releases/download/ruby-v${{ env._VERSION }}/bitwarden-sdk-secrets-${{ env._VERSION }}.gem - name: Push gem to Rubygems if: ${{ inputs.release_type != 'Dry Run' }} @@ -130,3 +108,19 @@ jobs: env: GEM_HOST_API_KEY: ${{ steps.retrieve-secrets.outputs.rubygem-api-key }} working-directory: languages/ruby/bitwarden_sdk_secrets + + - name: Update deployment status to Success + if: ${{ inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "success" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + - name: Update deployment status to Failure + if: ${{ inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "failure" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} diff --git a/.github/workflows/publish-rust-crates.yml b/.github/workflows/publish-rust-crates.yml index a614608f9..43f19323a 100644 --- a/.github/workflows/publish-rust-crates.yml +++ b/.github/workflows/publish-rust-crates.yml @@ -14,11 +14,19 @@ on: - Initial Release - Redeploy - Dry Run + version: + description: 'Version to publish (default: latest rust crates release)' + required: true + type: string + default: latest jobs: - publish: - name: Publish + setup: + name: setup runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version-output.outputs.version }} + release-tag: ${{ steps.version-output.outputs.tag_name }} steps: - name: Checkout uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 @@ -33,6 +41,32 @@ jobs: exit 1 fi + - name: Version output + id: version-output + run: | + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("rust")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi + + publish: + name: Publish + runs-on: ubuntu-22.04 + needs: setup + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ needs.setup.outputs.release-tag }} + - name: Login to Azure uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: diff --git a/.github/workflows/publish-wasm.yml b/.github/workflows/publish-wasm.yml new file mode 100644 index 000000000..95a86a0c4 --- /dev/null +++ b/.github/workflows/publish-wasm.yml @@ -0,0 +1,138 @@ +--- +name: Publish @bitwarden/sdk-wasm +run-name: Publish @bitwarden/sdk-wasm ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + version: + description: "Release Version" + required: false + default: "latest" + +defaults: + run: + working-directory: languages/js/wasm + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version-output.outputs.version }} + tag_name: ${{ steps.version-output.outputs.tag_name }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Version output + id: version-output + run: | + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("napi")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi + + npm: + name: Publish NPM + runs-on: ubuntu-22.04 + needs: setup + env: + _VERSION: ${{ needs.setup.outputs.release-version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ needs.setup.outputs.tag_name }} + + - name: Setup Node + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + with: + node-version: 18 + cache: "npm" + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "npm-api-key" + + - name: Download artifact + run: | + cd ${{ github.workspace }}/languages/js/wasm + wget https://github.com/bitwarden/sdk/releases/download/wasm-v${{ env._VERSION }}/sdk-bitwarden-wasm.zip + unzip sdk-bitwarden-wasm.zip + rm sdk-bitwarden-wasm.zip + + - name: Create GitHub deployment + if: ${{ inputs.release_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment + with: + token: "${{ secrets.GITHUB_TOKEN }}" + initial-status: "in_progress" + environment: "Bitwarden SDK WASM - Production" + description: "Deployment ${{ env._VERSION }} from branch ${{ github.ref_name }}" + task: release + + - name: Setup NPM + run: | + echo 'registry="https://registry.npmjs.org/"' > ./.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc + + echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + env: + NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} + + - name: Publish NPM + if: ${{ inputs.release_type != 'Dry Run' }} + run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc + + - name: Update deployment status to Success + if: ${{ inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "success" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + - name: Update deployment status to Failure + if: ${{ inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "failure" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} diff --git a/.github/workflows/release-bws.yml b/.github/workflows/release-bws.yml new file mode 100644 index 000000000..92a8544b8 --- /dev/null +++ b/.github/workflows/release-bws.yml @@ -0,0 +1,77 @@ +--- +name: Release bws CLI +run-name: Release bws CLI ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Check Release Version + id: version + run: | + VERSION=$(grep -o '^version = ".*"' crates/bws/Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Download all Release artifacts + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-cli.yml + path: packages + workflow_conclusion: success + branch: ${{ github.ref_name }} + + - name: Get checksum files + uses: bitwarden/gh-actions/get-checksum@main + with: + packages_dir: "packages" + file_path: "packages/bws-sha256-checksums-${{ steps.version.outputs.version }}.txt" + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + env: + PKG_VERSION: ${{ steps.version.outputs.version }} + with: + artifacts: "packages/bws-x86_64-apple-darwin-${{ env.PKG_VERSION }}.zip, + packages/bws-aarch64-apple-darwin-${{ env.PKG_VERSION }}.zip, + packages/bws-macos-universal-${{ env.PKG_VERSION }}.zip, + packages/bws-x86_64-pc-windows-msvc-${{ env.PKG_VERSION }}.zip, + packages/bws-aarch64-pc-windows-msvc-${{ env.PKG_VERSION }}.zip, + packages/bws-x86_64-unknown-linux-gnu-${{ env.PKG_VERSION }}.zip, + packages/bws-aarch64-unknown-linux-gnu-${{ env.PKG_VERSION }}.zip, + packages/THIRDPARTY.html, + packages/bws-sha256-checksums-${{ env.PKG_VERSION }}.txt" + commit: ${{ github.sha }} + tag: bws-v${{ env.PKG_VERSION }} + name: bws CLI v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true diff --git a/.github/workflows/release-cpp.yml b/.github/workflows/release-cpp.yml index aa4d37f62..47199a99f 100644 --- a/.github/workflows/release-cpp.yml +++ b/.github/workflows/release-cpp.yml @@ -29,9 +29,9 @@ jobs: - name: Branch check if: ${{ inputs.release_type != 'Dry Run' }} run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + if [[ "$GITHUB_REF" != "refs/heads/main" ]] ; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "[!] Can only release from the 'main' branches" echo "===================================" exit 1 fi @@ -45,9 +45,7 @@ jobs: github-release: name: GitHub Release runs-on: ubuntu-22.04 - needs: - - repo-sync - - validate + needs: validate env: _PKG_VERSION: ${{ needs.validate.outputs.version }} steps: diff --git a/.github/workflows/release-dotnet.yml b/.github/workflows/release-dotnet.yml new file mode 100644 index 000000000..2e08e8a76 --- /dev/null +++ b/.github/workflows/release-dotnet.yml @@ -0,0 +1,76 @@ +name: Release .NET NuGet +run-name: Release .NET NuGet Package ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Install xmllint + run: sudo apt-get install -y libxml2-utils + + - name: Get version + id: version + run: | + VERSION=$(xmllint --xpath 'string(/Project/PropertyGroup/Version)' languages/csharp/Bitwarden.Sdk/Bitwarden.Sdk.csproj) + echo "version=$VERSION" >> $GITHUB_OUTPUT + + release: + name: Create GitHub release + runs-on: ubuntu-22.04 + needs: setup + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Download NuGet package + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-dotnet.yml + workflow_conclusion: success + branch: main + artifacts: Bitwarden.Sdk.${{ needs.setup.outputs.version }}.nupkg + path: ./nuget-output + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + env: + PKG_VERSION: ${{ needs.setup.outputs.version }} + with: + commit: ${{ github.sha }} + tag: dotnet-v${{ env.PKG_VERSION }} + name: .NET NuGet v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + artifacts: | + ./nuget-output/Bitwarden.Sdk.${{ needs.setup.outputs.version }}.nupkg diff --git a/.github/workflows/release-java.yml b/.github/workflows/release-java.yml new file mode 100644 index 000000000..6898932d5 --- /dev/null +++ b/.github/workflows/release-java.yml @@ -0,0 +1,61 @@ +name: Release Java SDK +run-name: Release Java SDK ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Get version + id: version + run: | + VERSION=$(cat languages/java/build.gradle | grep -Eo 'version = "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + release: + name: Release + runs-on: ubuntu-22.04 + needs: setup + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + env: + PKG_VERSION: ${{ needs.setup.outputs.version }} + with: + commit: ${{ github.sha }} + tag: java-v${{ env.PKG_VERSION }} + name: Java SDK v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true diff --git a/.github/workflows/release-napi.yml b/.github/workflows/release-napi.yml index fb99cc1cf..e8be69f99 100644 --- a/.github/workflows/release-napi.yml +++ b/.github/workflows/release-napi.yml @@ -30,17 +30,17 @@ jobs: name: Setup runs-on: ubuntu-22.04 outputs: - release-version: ${{ steps.version.outputs.version }} + version: ${{ steps.version.outputs.version }} steps: - name: Checkout repo uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Branch check - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + if: ${{ inputs.release_type != 'Dry Run' }} run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "[!] Can only release from the 'main' branch" echo "===================================" exit 1 fi @@ -49,125 +49,47 @@ jobs: id: version uses: bitwarden/gh-actions/release-version-check@main with: - release-type: ${{ github.event.inputs.release_type }} + release-type: ${{ inputs.release_type }} project-type: ts file: crates/bitwarden-napi/package.json monorepo: false - - name: Create GitHub deployment - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 - id: deployment - with: - token: "${{ secrets.GITHUB_TOKEN }}" - initial-status: "in_progress" - environment: "Bitwarden SDK NAPI - Production" - description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" - task: release - - - name: Update deployment status to Success - if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: "${{ secrets.GITHUB_TOKEN }}" - state: "success" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - - name: Update deployment status to Failure - if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: "${{ secrets.GITHUB_TOKEN }}" - state: "failure" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - npm: - name: Publish NPM + release: + name: Create GitHub release runs-on: ubuntu-22.04 needs: setup - if: inputs.npm_publish - env: - _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: - - name: Checkout repo + - name: Checkout Repository uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - - name: Setup Node - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 - with: - node-version: 18 - cache: "npm" - cache-dependency-path: crates/bitwarden-napi/package-lock.json - - - name: Download schemas - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-napi.yml - artifacts: schemas.ts - path: ${{ github.workspace }}/crates/bitwarden-napi/src-ts/bitwarden_client/ - workflow_conclusion: success - branch: ${{ github.ref_name }} - - - name: Dry Run - Download schemas - if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-napi.yml - artifacts: schemas.ts - path: ${{ github.workspace }}/crates/bitwarden-napi/src-ts/bitwarden_client/ - workflow_conclusion: success - branch: main - - - name: Install dependencies - run: npm ci - - - name: Run tsc - run: npm run tsc - - - name: Login to Azure - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "npm-api-key" - - name: Download artifacts - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-napi.yml - path: ${{ github.workspace }}/crates/bitwarden-napi/artifacts - workflow_conclusion: success - branch: ${{ github.ref_name }} - - - name: Dry Run - Download artifacts - if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-napi.yml - path: ${{ github.workspace }}/crates/bitwarden-napi/artifacts workflow_conclusion: success branch: main - - - name: Move artifacts - run: npm run artifacts - - - name: Setup NPM - run: | - echo 'registry="https://registry.npmjs.org/"' > ./.npmrc - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc - - echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + artifacts: | + sdk-bitwarden-napi-aarch64-apple-darwin + sdk-bitwarden-napi-x86_64-apple-darwin + sdk-bitwarden-napi-x86_64-pc-windows-msvc + sdk-bitwarden-napi-x86_64-unknown-linux-gnu + schemas.ts + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 env: - NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} - - - name: Publish NPM - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc + _VERSION: ${{ needs.setup.outputs.version }} + with: + commit: ${{ github.sha }} + tag: napi-v${{ env._VERSION }} + name: napi v${{ env._VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + artifacts: | + sdk-napi.darwin-arm64.node + sdk-napi.darwin-x64.node + sdk-napi.win32-x64-msvc.node + sdk-napi.linux-x64-gnu.node + schemas.ts diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml new file mode 100644 index 000000000..10b451fc5 --- /dev/null +++ b/.github/workflows/release-python.yml @@ -0,0 +1,74 @@ +--- +name: Release Python SDK +run-name: Release Python SDK ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Get version + id: version + run: | + VERSION=$(cat languages/python/pyproject.toml | grep -Eo 'version = "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') + echo "version=$VERSION" >> $GITHUB_ENV + + release: + name: Release + runs-on: ubuntu-22.04 + needs: setup + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Download artifacts + uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 + with: + workflow: build-python-wheels.yml + path: ${{ github.workspace }}/target/wheels/dist + workflow_conclusion: success + branch: main + name: bitwarden_sdk(.*) + name_is_regexp: true + + - name: Create GitHub release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + env: + PKG_VERSION: ${{ needs.setup.outputs.version }} + with: + commit: ${{ github.sha }} + tag: python-v${{ env.PKG_VERSION }} + name: Python v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + artifacts: | + ${{ github.workspace }}/target/wheels/dist/bitwarden_sdk-*.whl diff --git a/.github/workflows/release-ruby.yml b/.github/workflows/release-ruby.yml new file mode 100644 index 000000000..9c3e82b77 --- /dev/null +++ b/.github/workflows/release-ruby.yml @@ -0,0 +1,71 @@ +name: Release Ruby SDK +run-name: Release Ruby SDK ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Get version + id: version + run: | + VERSION=$(cat languages/ruby/lib/version.rb | grep -Eo 'VERSION = "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + release: + name: Create GitHub release + runs-on: ubuntu-22.04 + needs: setup + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Download ruby artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-ruby.yml + workflow_conclusion: success + branch: main + artifacts: bitwarden-sdk-secrets + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + env: + PKG_VERSION: ${{ needs.setup.outputs.version }} + with: + commit: ${{ github.sha }} + tag: ruby-v${{ env.PKG_VERSION }} + name: Ruby v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + artifacts: | + bitwarden-sdk-secrets-${{ env.PKG_VERSION }}.gem diff --git a/.github/workflows/release-rust-crates.yml b/.github/workflows/release-rust-crates.yml new file mode 100644 index 000000000..54845e148 --- /dev/null +++ b/.github/workflows/release-rust-crates.yml @@ -0,0 +1,53 @@ +name: Release Rust crates +run-name: Release Rust crates ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Get version + id: version + run: | + VERSION=$(grep -o '^version = ".*"' Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + env: + PKG_VERSION: ${{ steps.version.outputs.version }} + with: + commit: ${{ github.sha }} + tag: rust-v${{ env.PKG_VERSION }} + name: Rust crates v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true diff --git a/.github/workflows/release-wasm.yml b/.github/workflows/release-wasm.yml index b6476e833..97b2c34dd 100644 --- a/.github/workflows/release-wasm.yml +++ b/.github/workflows/release-wasm.yml @@ -13,15 +13,9 @@ on: options: - Release - Dry Run - npm_publish: - description: "Publish to NPM registry" - required: true - default: true - type: boolean defaults: run: - shell: bash working-directory: languages/js/wasm jobs: @@ -35,11 +29,11 @@ jobs: uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Branch check - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + if: ${{ inputs.release_type != 'Dry Run' }} run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "[!] Can only release from the 'main' branch" echo "===================================" exit 1 fi @@ -48,85 +42,37 @@ jobs: id: version uses: bitwarden/gh-actions/release-version-check@main with: - release-type: ${{ github.event.inputs.release_type }} + release-type: ${{ inputs.release_type }} project-type: ts file: languages/js/wasm/package.json monorepo: false - - name: Create GitHub deployment - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 - id: deployment - with: - token: "${{ secrets.GITHUB_TOKEN }}" - initial-status: "in_progress" - environment: "Bitwarden SDK WASM - Production" - description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" - task: release - - - name: Update deployment status to Success - if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: "${{ secrets.GITHUB_TOKEN }}" - state: "success" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - - name: Update deployment status to Failure - if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: "${{ secrets.GITHUB_TOKEN }}" - state: "failure" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - npm: - name: Publish NPM + release: + name: Release runs-on: ubuntu-22.04 needs: setup - if: inputs.npm_publish - env: - _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: - name: Checkout repo uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - - name: Setup Node - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 - with: - node-version: 18 - cache: "npm" - - - name: Login to Azure - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "npm-api-key" - - name: Download artifacts - uses: bitwarden/gh-actions/download-artifacts@main + uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 with: workflow: build-wasm.yml - path: ${{ github.workspace }}/languages/js/wasm + skip_unpack: true workflow_conclusion: success - branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: main - - name: Setup NPM - run: | - echo 'registry="https://registry.npmjs.org/"' > ./.npmrc - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc - - echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + - name: Create GitHub release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 env: - NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} - - - name: Publish NPM - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc + PKG_VERSION: ${{ needs.setup.outputs.release-version }} + with: + commit: ${{ github.sha }} + tag: wasm-v${{ env.PKG_VERSION }} + name: WASM v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + artifacts: sdk-bitwarden-wasm.zip