Skip to content

Release Dry Run

Release Dry Run #126

Workflow file for this run

---
name: Release
run-name: Release ${{ github.event.inputs.release_type }}
on:
workflow_dispatch:
inputs:
release_type:
description: "Release Options"
required: true
default: "Release"
type: choice
options:
- Release
- Dry Run
env:
_AZ_REGISTRY: bitwardenprod.azurecr.io
jobs:
setup:
name: Setup
runs-on: ubuntu-22.04
outputs:
_WEB_RELEASE_TAG: ${{ steps.set-tags.outputs.WEB_RELEASE_TAG }}
_CORE_RELEASE_TAG: ${{ steps.set-tags.outputs.CORE_RELEASE_TAG }}
_VERSION: ${{ steps.get-next-version.outputs.version }}
steps:
- name: Branch check
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then
echo "==================================="
echo "[!] Can only release from the 'main' branch"
echo "==================================="
exit 1
fi
- name: Checkout repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get Latest Self-Host Version
id: get-self-host
uses: bitwarden/gh-actions/get-release-version@main
with:
repository: bitwarden/self-host
- name: Strip version
env:
VERSION: ${{ steps.get-self-host.outputs.version }}
run: echo "VERSION=${VERSION:1}" >> $GITHUB_ENV
- name: Get Next Release Version
id: get-next-version
uses: bitwarden/gh-actions/version-next@main
with:
version: $VERSION
- name: Set Release Tags
id: set-tags
run: |
WEB=$(jq -r '.versions.webVersion' < version.json)
CORE=$(jq -r '.versions.coreVersion' < version.json)
echo "WEB_RELEASE_TAG=$WEB" >> $GITHUB_OUTPUT
echo "CORE_RELEASE_TAG=$CORE" >> $GITHUB_OUTPUT
release:
name: Create GitHub Release
runs-on: ubuntu-22.04
needs: setup
steps:
- name: Checkout repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: main
- name: Create release
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
with:
artifacts: 'bitwarden.sh,
run.sh,
bitwarden.ps1,
run.ps1,
version.json'
commit: ${{ github.sha }}
tag: "v${{ needs.setup.outputs._VERSION }}"
name: "Version ${{ needs.setup.outputs._VERSION }}"
body: "<insert release notes here>"
token: ${{ secrets.GITHUB_TOKEN }}
draft: true
release-version:
name: Upload version.json
runs-on: ubuntu-22.04
needs:
- setup
- release
steps:
- name: Checkout repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: main
- name: Login to Azure - CI Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "aws-selfhost-version-access-id,
aws-selfhost-version-access-key,
aws-selfhost-version-bucket-name"
- name: Upload version.json to S3 bucket
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
env:
AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-key }}
AWS_DEFAULT_REGION: 'us-east-1'
AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-bucket-name }}
run: |
aws s3 cp version.json $AWS_S3_BUCKET_NAME \
--acl "public-read" \
--quiet
tag-docker-latest:
name: Tag Docker Hub images with release version and latest
runs-on: ubuntu-22.04
needs:
- setup
- release
env:
_CORE_RELEASE_TAG: ${{ needs.setup.outputs._CORE_RELEASE_TAG }}
_BRANCH_NAME: main
strategy:
fail-fast: false
matrix:
include:
- project_name: Admin
- project_name: Api
- project_name: Attachments
- project_name: Events
- project_name: Icons
- project_name: Identity
- project_name: MsSql
- project_name: MsSqlMigratorUtility
- project_name: Nginx
- project_name: Notifications
- project_name: Scim
- project_name: Server
- project_name: Setup
- project_name: Sso
- project_name: Web
release_tag: ${{ needs.setup.outputs._WEB_RELEASE_TAG }}
steps:
- name: Print environment
run: |
whoami
docker --version
echo "GitHub ref: $GITHUB_REF"
echo "GitHub event: $GITHUB_EVENT"
- name: Checkout repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: main
- name: Login to Azure - Prod Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Login to Azure ACR
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}
- name: Setup project name and release tag
id: setup
run: |
PROJECT_NAME=$(echo "${{ matrix.project_name }}" | awk '{print tolower($0)}')
echo "Matrix name: ${{ matrix.project_name }}"
echo "PROJECT_NAME: $PROJECT_NAME"
echo "_PROJECT_NAME=$PROJECT_NAME" >> $GITHUB_ENV
if [ -z "${{ matrix.release_tag }}" ]; then
# Use core release tag by default.
echo "_RELEASE_TAG=$_CORE_RELEASE_TAG" >> $GITHUB_ENV
else
echo "_RELEASE_TAG=${{ matrix.release_tag }}" >> $GITHUB_ENV
fi
########## DockerHub ##########
- name: Setup DCT
id: setup-dct
uses: bitwarden/gh-actions/setup-docker-trust@main
with:
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
azure-keyvault-name: "bitwarden-ci"
- name: Pull versioned image
run: docker pull $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG
- name: Tag release version and latest image
run: |
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG bitwarden/$_PROJECT_NAME:latest
- name: Push release version and latest image
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
env:
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
run: |
docker push bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
docker push bitwarden/$_PROJECT_NAME:latest
- name: Log out of Docker and disable Docker Notary
run: |
docker logout
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
release-unified:
name: Release Self-host unified
runs-on: ubuntu-22.04
needs:
- setup
- release
env:
_RELEASE_VERSION: ${{ needs.setup.outputs._VERSION }}-beta # TODO: remove `-beta` after GA
steps:
########## DockerHub ##########
- name: Setup DCT
id: setup-dct
uses: bitwarden/gh-actions/setup-docker-trust@main
with:
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
azure-keyvault-name: "bitwarden-ci"
- name: Install Skopeo
run: |
wget https://github.com/lework/skopeo-binary/releases/download/v1.13.3/skopeo-linux-amd64
mv skopeo-linux-amd64 skopeo
chmod +x skopeo
- name: Login to Azure - PROD Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Push version and latest image
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
env:
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
run: |
./skopeo --version
./skopeo login $_AZ_REGISTRY -u 00000000-0000-0000-0000-000000000000 -p $(az acr login --expose-token --name ${_AZ_REGISTRY%.azurecr.io} | jq -r .accessToken)
./skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://docker.io/bitwarden/self-host:$_RELEASE_VERSION
./skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://docker.io/bitwarden/self-host:beta # TODO: Delete after GA
# ./skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://docker.io/bitwarden/self-host:latest # TODO: uncomment after GA
- name: Log out of Docker, skopeo and disable Docker Notary
run: |
docker logout
./skopeo logout --all
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
########## ACR PROD ##########
- name: Login to Azure ACR
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}
- name: Pull latest project image
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker pull $_AZ_REGISTRY/self-host:dev
else
docker pull $_AZ_REGISTRY/self-host:beta
fi
- name: Tag version and latest
run: |
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
docker tag $_AZ_REGISTRY/self-host:dev $_AZ_REGISTRY/self-host:dryrun
else
docker tag $_AZ_REGISTRY/self-host:beta $_AZ_REGISTRY/self-host:$_RELEASE_VERSION
docker tag $_AZ_REGISTRY/self-host:beta $_AZ_REGISTRY/self-host:latest
fi
- name: Push version and latest image
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
run: |
docker push $_AZ_REGISTRY/self-host:$_RELEASE_VERSION
docker push $_AZ_REGISTRY/self-host:latest
- name: Log out of Docker
run: docker logout