Release Release v2024.1.0 #102
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Release | |
run-name: Release ${{ github.event.inputs.release_type }} v${{ github.event.inputs.release_version }} | |
on: | |
workflow_dispatch: | |
inputs: | |
release_version: | |
description: "Release Version" | |
required: true | |
release_type: | |
description: "Release Options" | |
required: true | |
default: "Release" | |
type: choice | |
options: | |
- Release | |
- Dry Run | |
env: | |
_AZ_REGISTRY: bitwardenprod.azurecr.io | |
jobs: | |
setup: | |
name: Setup | |
runs-on: ubuntu-22.04 | |
outputs: | |
_WEB_RELEASE_TAG: ${{ steps.set-tags.outputs.WEB_RELEASE_TAG }} | |
_CORE_RELEASE_TAG: ${{ steps.set-tags.outputs.CORE_RELEASE_TAG }} | |
steps: | |
- name: Branch check | |
if: ${{ github.event.inputs.release_type != 'Dry Run' }} | |
run: | | |
if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then | |
echo "===================================" | |
echo "[!] Can only release from the 'main' branch" | |
echo "===================================" | |
exit 1 | |
fi | |
- name: Checkout repo | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Get Latest Self-Host Version | |
id: get-self-host | |
uses: bitwarden/gh-actions/get-release-version@main | |
with: | |
repository: bitwarden/self-host | |
- name: Check Release Version | |
env: | |
RELEASE_VERSION: ${{ github.event.inputs.release_version }} | |
PREVIOUS_RELEASE_VERSION: ${{ steps.get-self-host.outputs.version }} | |
run: | | |
if [ "$RELEASE_VERSION" == "$PREVIOUS_RELEASE_VERSION" ]; then | |
echo "[!] Already released v$RELEASE_VERSION. Please bump version to continue" | |
exit 1 | |
fi | |
- name: Set Release Tags | |
id: set-tags | |
run: | | |
WEB=$(jq -r '.versions.webVersion' < version.json) | |
CORE=$(jq -r '.versions.coreVersion' < version.json) | |
echo "WEB_RELEASE_TAG=$WEB" >> $GITHUB_OUTPUT | |
echo "CORE_RELEASE_TAG=$CORE" >> $GITHUB_OUTPUT | |
release: | |
name: Create GitHub Release | |
runs-on: ubuntu-22.04 | |
needs: setup | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: main | |
- name: Create release | |
if: ${{ github.event.inputs.release_type != 'Dry Run' }} | |
uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0 | |
with: | |
artifacts: 'bitwarden.sh, | |
run.sh, | |
bitwarden.ps1, | |
run.ps1, | |
version.json' | |
commit: ${{ github.sha }} | |
tag: "v${{ github.event.inputs.release_version }}" | |
name: "Version ${{ github.event.inputs.release_version }}" | |
body: "<insert release notes here>" | |
token: ${{ secrets.GITHUB_TOKEN }} | |
draft: true | |
release-version: | |
name: Upload version.json | |
runs-on: ubuntu-22.04 | |
needs: | |
- setup | |
- release | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: main | |
- name: Login to Azure - CI Subscription | |
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
with: | |
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
- name: Retrieve secrets | |
id: retrieve-secrets | |
uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
with: | |
keyvault: "bitwarden-ci" | |
secrets: "aws-selfhost-version-access-id, | |
aws-selfhost-version-access-key, | |
aws-selfhost-version-bucket-name, | |
r2-electron-access-id, | |
r2-electron-access-key, | |
r2-bitwarden-selfhost-version-bucket-name, | |
cf-prod-account" | |
- name: Upload version.json to S3 bucket | |
if: ${{ github.event.inputs.release_type != 'Dry Run' }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-id }} | |
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-key }} | |
AWS_DEFAULT_REGION: 'us-east-1' | |
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-bucket-name }} | |
run: | | |
aws s3 cp version.json $AWS_S3_BUCKET_NAME \ | |
--acl "public-read" \ | |
--quiet | |
- name: Upload version.json to R2 bucket | |
if: ${{ github.event.inputs.release_type != 'Dry Run' }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.r2-electron-access-id }} | |
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.r2-electron-access-key }} | |
AWS_DEFAULT_REGION: 'us-east-1' | |
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.r2-bitwarden-selfhost-version-bucket-name }} | |
CF_ACCOUNT: ${{ steps.retrieve-secrets.outputs.cf-prod-account }} | |
run: | | |
aws s3 cp version.json $AWS_S3_BUCKET_NAME \ | |
--quiet \ | |
--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com | |
tag-docker-latest: | |
name: Tag Docker Hub images with release version and latest | |
runs-on: ubuntu-22.04 | |
needs: | |
- setup | |
- release | |
env: | |
_CORE_RELEASE_TAG: ${{ needs.setup.outputs._CORE_RELEASE_TAG }} | |
_BRANCH_NAME: main | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- project_name: Admin | |
- project_name: Api | |
- project_name: Attachments | |
- project_name: Events | |
- project_name: Icons | |
- project_name: Identity | |
- project_name: MsSql | |
- project_name: MsSqlMigratorUtility | |
- project_name: Nginx | |
- project_name: Notifications | |
- project_name: Scim | |
- project_name: Server | |
- project_name: Setup | |
- project_name: Sso | |
- project_name: Web | |
release_tag: ${{ needs.setup.outputs._WEB_RELEASE_TAG }} | |
steps: | |
- name: Print environment | |
run: | | |
whoami | |
docker --version | |
echo "GitHub ref: $GITHUB_REF" | |
echo "GitHub event: $GITHUB_EVENT" | |
- name: Checkout repo | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: main | |
- name: Login to Azure - Prod Subscription | |
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
with: | |
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} | |
- name: Login to Azure ACR | |
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} | |
- name: Setup project name and release tag | |
id: setup | |
run: | | |
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}') | |
echo "Matrix name: ${{ matrix.project_name }}" | |
echo "PROJECT_NAME: $PROJECT_NAME" | |
echo "_PROJECT_NAME=$PROJECT_NAME" >> $GITHUB_ENV | |
if [ -z "${{ matrix.release_tag }}" ]; then | |
# Use core release tag by default. | |
echo "_RELEASE_TAG=$_CORE_RELEASE_TAG" >> $GITHUB_ENV | |
else | |
echo "_RELEASE_TAG=${{ matrix.release_tag }}" >> $GITHUB_ENV | |
fi | |
########## DockerHub ########## | |
- name: Setup DCT | |
id: setup-dct | |
uses: bitwarden/gh-actions/setup-docker-trust@main | |
with: | |
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
azure-keyvault-name: "bitwarden-ci" | |
- name: Pull versioned image | |
run: docker pull $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG | |
- name: Tag release version and latest image | |
run: | | |
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG bitwarden/$_PROJECT_NAME:$_RELEASE_TAG | |
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG bitwarden/$_PROJECT_NAME:latest | |
- name: Push release version and latest image | |
if: ${{ github.event.inputs.release_type != 'Dry Run' }} | |
env: | |
DOCKER_CONTENT_TRUST: 1 | |
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} | |
run: | | |
docker push bitwarden/$_PROJECT_NAME:$_RELEASE_TAG | |
docker push bitwarden/$_PROJECT_NAME:latest | |
- name: Log out of Docker and disable Docker Notary | |
run: | | |
docker logout | |
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV | |
release-unified: | |
name: Release Self-host unified | |
runs-on: ubuntu-22.04 | |
needs: | |
- setup | |
- release | |
env: | |
_RELEASE_VERSION: ${{ github.event.inputs.release_version }}-beta # TODO: remove `-beta` after GA | |
steps: | |
########## DockerHub ########## | |
- name: Setup DCT | |
id: setup-dct | |
uses: bitwarden/gh-actions/setup-docker-trust@main | |
with: | |
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
azure-keyvault-name: "bitwarden-ci" | |
- name: Install Skopeo | |
run: | | |
wget https://github.com/lework/skopeo-binary/releases/download/v1.13.3/skopeo-linux-amd64 | |
mv skopeo-linux-amd64 skopeo | |
chmod +x skopeo | |
- name: Login to Azure - PROD Subscription | |
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
with: | |
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} | |
- name: Push version and latest image | |
if: ${{ github.event.inputs.release_type != 'Dry Run' }} | |
env: | |
DOCKER_CONTENT_TRUST: 1 | |
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} | |
run: | | |
./skopeo --version | |
./skopeo login $_AZ_REGISTRY -u 00000000-0000-0000-0000-000000000000 -p $(az acr login --expose-token --name ${_AZ_REGISTRY%.azurecr.io} | jq -r .accessToken) | |
./skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://docker.io/bitwarden/self-host:$_RELEASE_VERSION | |
./skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://docker.io/bitwarden/self-host:beta # TODO: Delete after GA | |
# ./skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://docker.io/bitwarden/self-host:latest # TODO: uncomment after GA | |
- name: Log out of Docker, skopeo and disable Docker Notary | |
run: | | |
docker logout | |
./skopeo logout --all | |
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV | |
########## ACR PROD ########## | |
- name: Login to Azure ACR | |
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io} | |
- name: Pull latest project image | |
run: | | |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then | |
docker pull $_AZ_REGISTRY/self-host:dev | |
else | |
docker pull $_AZ_REGISTRY/self-host:beta | |
fi | |
- name: Tag version and latest | |
run: | | |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then | |
docker tag $_AZ_REGISTRY/self-host:dev $_AZ_REGISTRY/self-host:dryrun | |
else | |
docker tag $_AZ_REGISTRY/self-host:beta $_AZ_REGISTRY/self-host:$_RELEASE_VERSION | |
docker tag $_AZ_REGISTRY/self-host:beta $_AZ_REGISTRY/self-host:latest | |
fi | |
- name: Push version and latest image | |
if: ${{ github.event.inputs.release_type != 'Dry Run' }} | |
run: | | |
docker push $_AZ_REGISTRY/self-host:$_RELEASE_VERSION | |
docker push $_AZ_REGISTRY/self-host:latest | |
- name: Log out of Docker | |
run: docker logout |