Release Dry Run v2023.9.1 #87

Workflow file for this run

.github/workflows/release.yml at f6fb5c6

	---
	name: Release
	run-name: Release ${{ github.event.inputs.release_type }} v${{ github.event.inputs.release_version }}

	on:
	workflow_dispatch:
	inputs:
	release_version:
	description: "Release Version"
	required: true
	release_type:
	description: "Release Options"
	required: true
	default: "Release"
	type: choice
	options:
	- Release
	- Dry Run

	env:
	_AZ_REGISTRY: bitwardenprod.azurecr.io

	jobs:
	setup:
	name: Setup
	runs-on: ubuntu-22.04
	outputs:
	_WEB_RELEASE_TAG: ${{ steps.set-tags.outputs.WEB_RELEASE_TAG }}
	_CORE_RELEASE_TAG: ${{ steps.set-tags.outputs.CORE_RELEASE_TAG }}
	steps:
	- name: Branch check
	if: ${{ github.event.inputs.release_type != 'Dry Run' }}
	run: \|
	if [[ "$GITHUB_REF" != "refs/heads/master" ]]; then
	echo "==================================="
	echo "[!] Can only release from the 'master' branch"
	echo "==================================="
	exit 1
	fi

	- name: Checkout repo
	uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2

	- name: Get Latest Self-Host Version
	id: get-self-host
	uses: bitwarden/gh-actions/get-release-version@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b
	with:
	repository: bitwarden/self-host

	- name: Check Release Version
	env:
	RELEASE_VERSION: ${{ github.event.inputs.release_version }}
	PREVIOUS_RELEASE_VERSION: ${{ steps.get-self-host.outputs.version }}
	run: \|
	if [ "$RELEASE_VERSION" == "$PREVIOUS_RELEASE_VERSION" ]; then
	echo "[!] Already released v$RELEASE_VERSION. Please bump version to continue"
	exit 1
	fi

	- name: Set Release Tags
	id: set-tags
	run: \|
	WEB=$(jq -r '.versions.webVersion' < version.json)
	CORE=$(jq -r '.versions.coreVersion' < version.json)

	echo "WEB_RELEASE_TAG=$WEB" >> $GITHUB_OUTPUT
	echo "CORE_RELEASE_TAG=$CORE" >> $GITHUB_OUTPUT

	release:
	name: Create GitHub Release
	runs-on: ubuntu-22.04
	needs: setup
	steps:
	- name: Checkout repo
	uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
	with:
	ref: master

	- name: Create release
	if: ${{ github.event.inputs.release_type != 'Dry Run' }}
	uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0
	with:
	artifacts: 'bitwarden.sh,
	run.sh,
	bitwarden.ps1,
	run.ps1,
	version.json'
	commit: ${{ github.sha }}
	tag: "v${{ github.event.inputs.release_version }}"
	name: "Version ${{ github.event.inputs.release_version }}"
	body: "<insert release notes here>"
	token: ${{ secrets.GITHUB_TOKEN }}
	draft: true

	release-version:
	name: Upload version.json
	runs-on: ubuntu-22.04
	needs:
	- setup
	- release
	steps:
	- name: Checkout repo
	uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
	with:
	ref: master

	- name: Login to Azure - CI Subscription
	uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.6
	with:
	creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

	- name: Retrieve secrets
	id: retrieve-secrets
	uses: bitwarden/gh-actions/get-keyvault-secrets@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b
	with:
	keyvault: "bitwarden-ci"
	secrets: "aws-selfhost-version-access-id,
	aws-selfhost-version-access-key,
	r2-electron-access-id,
	r2-electron-access-key,
	r2-bitwarden-selfhost-version-bucket-name,
	cf-prod-account"

	- name: Upload version.json to S3 bucket
	if: ${{ github.event.inputs.release_type != 'Dry Run' }}
	env:
	AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-id }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-key }}
	AWS_DEFAULT_REGION: 'us-west-2'
	AWS_S3_BUCKET_NAME: 's3://public-s3-bitwarden-selfhost-version-artifact'
	run: \|
	aws s3 cp version.json $AWS_S3_BUCKET_NAME \
	--acl "public-read" \
	--quiet

	- name: Upload version.json to R2 bucket
	if: ${{ github.event.inputs.release_type != 'Dry Run' }}
	env:
	AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.r2-electron-access-id }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.r2-electron-access-key }}
	AWS_DEFAULT_REGION: 'us-east-1'
	AWS_S3_BUCKET_NAME: ${{ steps.retrieve-secrets.outputs.r2-bitwarden-selfhost-version-bucket-name }}
	CF_ACCOUNT: ${{ steps.retrieve-secrets.outputs.cf-prod-account }}
	run: \|
	aws s3 cp version.json $AWS_S3_BUCKET_NAME \
	--quiet \
	--endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com

	tag-docker-latest:
	name: Tag Docker Hub images with release version and latest
	runs-on: ubuntu-22.04
	needs:
	- setup
	- release
	env:
	_CORE_RELEASE_TAG: ${{ needs.setup.outputs._CORE_RELEASE_TAG }}
	_BRANCH_NAME: master
	strategy:
	fail-fast: false
	matrix:
	include:
	- project_name: Admin
	- project_name: Api
	- project_name: Attachments
	- project_name: Events
	- project_name: Icons
	- project_name: Identity
	- project_name: MsSql
	- project_name: Nginx
	- project_name: Notifications
	- project_name: Scim
	- project_name: Server
	- project_name: Setup
	- project_name: Sso
	- project_name: Web
	release_tag: ${{ needs.setup.outputs._WEB_RELEASE_TAG }}
	steps:
	- name: Print environment
	run: \|
	whoami
	docker --version
	echo "GitHub ref: $GITHUB_REF"
	echo "GitHub event: $GITHUB_EVENT"

	- name: Checkout repo
	uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
	with:
	ref: master

	- name: Login to Azure - Prod Subscription
	uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
	with:
	creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

	- name: Login to Azure ACR
	run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}

	- name: Setup project name and release tag
	id: setup
	run: \|
	PROJECT_NAME=$(echo "${{ matrix.project_name }}" \| awk '{print tolower($0)}')
	echo "Matrix name: ${{ matrix.project_name }}"
	echo "PROJECT_NAME: $PROJECT_NAME"
	echo "_PROJECT_NAME=$PROJECT_NAME" >> $GITHUB_ENV

	if [ -z "${{ matrix.release_tag }}" ]; then
	# Use core release tag by default.
	echo "_RELEASE_TAG=$_CORE_RELEASE_TAG" >> $GITHUB_ENV
	else
	echo "_RELEASE_TAG=${{ matrix.release_tag }}" >> $GITHUB_ENV
	fi

	########## DockerHub ##########
	- name: Setup DCT
	id: setup-dct
	uses: bitwarden/gh-actions/setup-docker-trust@082f5e05ed97c3601c6f3179250b1a761c4d647f
	with:
	azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
	azure-keyvault-name: "bitwarden-ci"

	- name: Pull versioned image
	run: docker pull $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG

	- name: Tag release version and latest image
	run: \|
	docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
	docker tag $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG bitwarden/$_PROJECT_NAME:latest

	- name: Push release version and latest image
	if: ${{ github.event.inputs.release_type != 'Dry Run' }}
	env:
	DOCKER_CONTENT_TRUST: 1
	DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
	run: \|
	docker push bitwarden/$_PROJECT_NAME:$_RELEASE_TAG
	docker push bitwarden/$_PROJECT_NAME:latest

	- name: Log out of Docker and disable Docker Notary
	run: \|
	docker logout
	echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV

	release-unified:
	name: Release Self-host unified
	runs-on: ubuntu-22.04
	needs:
	- setup
	- release
	env:
	_RELEASE_VERSION: ${{ github.event.inputs.release_version }}-beta # TODO: remove `-beta` after GA
	steps:
	########## DockerHub ##########
	- name: Setup DCT
	id: setup-dct
	uses: bitwarden/gh-actions/setup-docker-trust@082f5e05ed97c3601c6f3179250b1a761c4d647f
	with:
	azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
	azure-keyvault-name: "bitwarden-ci"

	- name: Login to Azure - PROD Subscription
	uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
	with:
	creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

	# - name: Login to Azure ACR
	# run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}

	# - name: Pull self-host image
	# run: \|
	# if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
	# docker pull $_AZ_REGISTRY/self-host:dev
	# else
	# docker pull $_AZ_REGISTRY/self-host:beta
	# fi

	- name: Push version and latest image
	# if: ${{ github.event.inputs.release_type != 'Dry Run' }}
	env:
	DOCKER_CONTENT_TRUST: 1
	DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
	run: \|
	go version
	skopeo --version
	skopeo login $_AZ_REGISTRY -u 00000000-0000-0000-0000-000000000000 -p $(az acr login --expose-token --name bitwardenprod \| jq -r .accessToken)
	skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://docker.io/bitwarden/self-host:latest
	skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://docker.io/bitwarden/self-host:_RELEASE_VERSION
	# docker push bitwarden/self-host:latest # TODO: uncomment this line after GA

	- name: Log out of Docker and disable Docker Notary
	run: \|
	docker logout
	echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV

	########## ACR PROD ##########

	- name: Pull latest project image
	run: \|
	if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
	docker pull $_AZ_REGISTRY/self-host:dev
	else
	docker pull $_AZ_REGISTRY/self-host:beta
	fi

	- name: Tag version and latest
	run: \|
	if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
	docker tag $_AZ_REGISTRY/self-host:dev $_AZ_REGISTRY/self-host:dryrun
	else
	docker tag $_AZ_REGISTRY/self-host:beta $_AZ_REGISTRY/self-host:$_RELEASE_VERSION
	docker tag $_AZ_REGISTRY/self-host:beta $_AZ_REGISTRY/self-host:latest
	fi

	- name: Push version and latest image
	if: ${{ github.event.inputs.release_type != 'Dry Run' }}
	run: \|
	docker push $_AZ_REGISTRY/self-host:$_RELEASE_VERSION
	docker push $_AZ_REGISTRY/self-host:latest

	- name: Log out of Docker
	run: docker logout

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release Dry Run v2023.9.1 #87

Workflow file

Release Dry Run v2023.9.1 #87

Jobs

Run details

Workflow file for this run