Skip to content

Commit

Permalink
Change release pipeline
Browse files Browse the repository at this point in the history
  • Loading branch information
michalchecinski committed Mar 14, 2024
1 parent 670eae3 commit 5a3c0ef
Show file tree
Hide file tree
Showing 2 changed files with 186 additions and 24 deletions.
208 changes: 185 additions & 23 deletions .github/workflows/publish-php.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,32 @@ env:
_KEY_VAULT: "bitwarden-ci"

jobs:
setup_php:
validate:
name: Setup
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Branch check
if: ${{ inputs.release_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
echo "==================================="
echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
echo "==================================="
exit 1
fi
- name: Get version
id: version
run: |
VERSION=$(cat languages/php/composer.json | grep -Eo '"version": "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
echo "version=$VERSION" >> $GITHUB_OUTPUT
setup-php:
name: Setup PHP
runs-on: ubuntu-22.04
steps:
Expand All @@ -37,56 +62,183 @@ jobs:
composer validate
working-directory: languages/php/

- name: Download x86_64-apple-darwin files
repo-sync:
name: Push changed files to SDK PHP repo
runs-on: ubuntu-22.04
needs:
- validate
- setup-php
env:
_BOT_EMAIL: [email protected]
_BOT_NAME: bitwarden-devops-bot
_PKG_VERSION: ${{ needs.validate.outputs.version }}
steps:
- name: Checkout SDK repo
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0
with:
path: sdk

- name: Login to Azure - Prod Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope"

- name: Checkout SDK-PHP repo
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0
with:
repository: bitwarden/sm-sdk-php
path: sm-sdk-php
ref: main
token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}

- name: Setup Git
working-directory: sm-sdk-php
run: |
git config --local user.email "${{ env._BOT_EMAIL }}"
git config --local user.name "${{ env._BOT_NAME }}"
- name: Update files
run: |
# Copy files to local sm-sdk-php repo path
cp --verbose -rf sdk/languages/php/. sm-sdk-php
- name: Replace repo name
working-directory: sm-sdk-php
run: |
find . -name '*' -exec \
sed -i -e 's/github.com\/bitwarden\/sdk\/languages\/php/github.com\/bitwarden\/sm-sdk-go/g' {} \;
find . -name '*' -exec \
sed -i -e 's/github.com\/bitwarden\/sdk/github.com\/bitwarden\/sm-sdk-php/g' {} \;
- name: Push changes
working-directory: sm-sdk-php
run: |
git add .
git commit -m "Update Go SDK to ${{ github.sha }}"
if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then
echo "==================================="
echo "[!] Dry Run - Skipping push"
echo "==================================="
git ls-files -m
exit 0
else
git push origin main
fi
- name: Create release tag on SDK Go repo
if: ${{ inputs.release_type != 'Dry Run' }}
working-directory: sm-sdk-php
run: |
# Check if tag exists, set output then exit 0 if true.
if git log v${{ env._PKG_VERSION }} >/dev/null 2>&1; then
echo "==================================="
echo "[!] Tag v${{ env._PKG_VERSION }} already exists"
echo "==================================="
exit 1
fi
git tag v${{ env._PKG_VERSION }}
git push origin v${{ env._PKG_VERSION }}
github-release:
name: GitHub Release
runs-on: ubuntu-22.04
needs:
- setup-php
- repo-sync
- validate
env:
_PKG_VERSION: ${{ needs.validate.outputs.version }}
steps:
- name: Login to Azure - Prod Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope"

- name: Download x86_64-apple-darwin artifact
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-rust-cross-platform.yml
workflow_conclusion: success
branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }}
artifacts: libbitwarden_c_files-x86_64-apple-darwin
path: temp/macos-x64
skip_unpack: true

- name: Download aarch64-apple-darwin files
- name: Download aarch64-apple-darwin artifact
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-rust-cross-platform.yml
workflow_conclusion: success
branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }}
artifacts: libbitwarden_c_files-aarch64-apple-darwin
path: temp/macos-arm64
skip_unpack: true

- name: Download x86_64-unknown-linux-gnu files
- name: Download x86_64-unknown-linux-gnu artifact
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-rust-cross-platform.yml
workflow_conclusion: success
branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }}
artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu
path: temp/linux-x64
skip_unpack: true

- name: Download x86_64-pc-windows-msvc files
- name: Download x86_64-pc-windows-msvc artifact
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-rust-cross-platform.yml
workflow_conclusion: success
branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }}
artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc
path: temp/windows-x64
skip_unpack: true

- name: Copy lib files
- name: Rename build artifacts
run: |
mkdir -p languages/php/src/lib/macos-arm64
mkdir -p languages/php/src/lib/linux-x64
mkdir -p languages/php/src/lib/macos-x64
mkdir -p languages/php/src/lib/windows-x64
mv libbitwarden_c_files-x86_64-apple-darwin.zip libbitwarden_c_files-x86_64-apple-darwin-$_PKG_VERSION.zip
mv libbitwarden_c_files-aarch64-apple-darwin.zip libbitwarden_c_files-aarch64-apple-darwin-$_PKG_VERSION.zip
mv libbitwarden_c_files-x86_64-unknown-linux-gnu.zip libbitwarden_c_files-x86_64-unknown-linux-gnu-$_PKG_VERSION.zip
mv libbitwarden_c_files-x86_64-pc-windows-msvc.zip libbitwarden_c_files-x86_64-pc-windows-msvc-$_PKG_VERSION.zip
platforms=("macos-arm64" "linux-x64" "macos-x64" "windows-x64")
files=("libbitwarden_c.dylib" "libbitwarden_c.so" "libbitwarden_c.dylib" "bitwarden_c.dll")
for ((i=0; i<${#platforms[@]}; i++)); do
cp "temp/${platforms[$i]}/${files[$i]}" "languages/php/src/lib/${platforms[$i]}/${files[$i]}"
done
- name: Create release
if: ${{ inputs.release_type != 'Dry Run' }}
uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0
with:
tag: v${{ env._PKG_VERSION }}
name: v${{ env._PKG_VERSION }}
body: "<insert release notes here>"
token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
draft: true
repo: sm-sdk-php
owner: bitwarden
artifacts: "libbitwarden_c_files-x86_64-apple-darwin-${{ env._PKG_VERSION }}.zip,
libbitwarden_c_files-aarch64-apple-darwin-${{ env._PKG_VERSION }}.zip,
libbitwarden_c_files-x86_64-unknown-linux-gnu-${{ env._PKG_VERSION }}.zip,
libbitwarden_c_files-x86_64-pc-windows-msvc-${{ env._PKG_VERSION }}.zip"

packagist-publish:
name: Publish to Packagist
runs-on: ubuntu-22.04
needs:
- validate
- setup-php
- repo-sync
- github-release
steps:
- name: Login to Azure - Prod Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
Expand All @@ -97,10 +249,20 @@ jobs:
uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "packagist-key"
secrets: "github-pat-bitwarden-devops-bot-repo-scope,
packagist-key"

- name: Checkout SDK-PHP repo
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0
with:
repository: bitwarden/sm-sdk-php
path: sm-sdk-php
ref: main
token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}

- name: Publish version
if: ${{ inputs.release_type != 'Dry Run' }}
env:
PACKAGIST_KEY: ${{ steps.retrieve-secrets.outputs.packagist-key }}
run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=malirobot&apiToken=${{ env.PACKAGIST_KEY }}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/sdk"}}'
working-directory: languages/php/
run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=bitwarden&apiToken=${{ env.PACKAGIST_KEY }}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/bitwarden-sdk-secrets"}}'
working-directory: sm-sdk-php
2 changes: 1 addition & 1 deletion languages/php/composer.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"name": "bitwarden/sdk",
"name": "bitwarden/bitwarden-sdk-secrets",
"description": "PHP bindings for interacting with the Bitwarden Secrets Manager. This is a beta release and might be missing some functionality.",
"type": "library",
"keywords": ["bitwarden","sdk","password-manager"],
Expand Down

0 comments on commit 5a3c0ef

Please sign in to comment.