Skip to content

Commit

Permalink
[BRE-224] Create a GitHub release workflows for sdk (#1078)
Browse files Browse the repository at this point in the history 
## 🎟️ Tracking

<!-- Paste the link to the Jira or GitHub issue or otherwise describe /
point to where this change is coming from. -->

https://bitwarden.atlassian.net/browse/BRE-224

## 📔 Objective

<!-- Describe what the purpose of this PR is, for example what bug
you're fixing or new feature you're adding. -->

Create and/or split workflow to create a GitHub Release for SDK parts.

## ⏰ Reminders before review

- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Protected functional changes with optionality (feature flags)
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or
informed the documentation
  team

## 🦮 Reviewer guidelines

<!-- Suggested interactions but feel free to use (or not) as you desire!
-->

- 👍 (`:+1:`) or similar for great changes
- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
- ❓ (`:question:`) for questions
- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry
that's not quite a confirmed
  issue and could potentially benefit from discussion
- 🎨 (`:art:`) for suggestions / improvements
- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or
concerns needing attention
- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or
indications of technical debt
- ⛏ (`:pick:`) for minor or nitpick changes

---------

Co-authored-by: Vince Grassia <[email protected]>
  • Loading branch information
@michalchecinski @vgrassia
michalchecinski and vgrassia authored Sep 30, 2024
1 parent 2868f26 commit a6fd484
Show file tree
Hide file tree
Showing 18 changed files with 1,128 additions and 353 deletions.
95 changes: 95 additions & 0 deletions .github/workflows/build-ruby.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
---
name: Build Ruby

on:
pull_request:
push:
branches:
- "main"
workflow_dispatch:

jobs:
build:
name: Build Ruby
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Set up Ruby
uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0
with:
ruby-version: 3.2

- name: Download artifacts
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: generate_schemas.yml
path: languages/ruby/bitwarden_sdk_secrets/lib
workflow_conclusion: success
branch: ${{ github.ref_name }}
artifacts: schemas.rb

- name: Download x86_64-apple-darwin artifact
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-rust-cross-platform.yml
path: temp/macos-x64
workflow_conclusion: success
branch: ${{ github.ref_name }}
artifacts: libbitwarden_c_files-x86_64-apple-darwin

- name: Download aarch64-apple-darwin artifact
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-rust-cross-platform.yml
workflow_conclusion: success
branch: ${{ github.ref_name }}
artifacts: libbitwarden_c_files-aarch64-apple-darwin
path: temp/macos-arm64

- name: Download x86_64-unknown-linux-gnu artifact
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-rust-cross-platform.yml
workflow_conclusion: success
branch: ${{ github.ref_name }}
artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu
path: temp/linux-x64

- name: Download x86_64-pc-windows-msvc artifact
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-rust-cross-platform.yml
workflow_conclusion: success
branch: ${{ github.ref_name }}
artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc
path: temp/windows-x64

- name: Copy lib files
run: |
mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/macos-arm64
mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/linux-x64
mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/macos-x64
mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/windows-x64
platforms=("macos-arm64" "linux-x64" "macos-x64" "windows-x64")
files=("libbitwarden_c.dylib" "libbitwarden_c.so" "libbitwarden_c.dylib" "bitwarden_c.dll")
for ((i=0; i<${#platforms[@]}; i++)); do
cp "temp/${platforms[$i]}/${files[$i]}" "languages/ruby/bitwarden_sdk_secrets/lib/${platforms[$i]}/${files[$i]}"
done
- name: bundle install
run: bundle install
working-directory: languages/ruby/bitwarden_sdk_secrets

- name: Build gem
run: gem build bitwarden-sdk-secrets.gemspec
working-directory: languages/ruby/bitwarden_sdk_secrets

- name: Upload artifact
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
path: bitwarden-sdk-secrets-*.gem
name: bitwarden-sdk-secrets
116 changes: 56 additions & 60 deletions .github/workflows/release-cli.yml → .github/workflows/publish-bws.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: Release CLI
run-name: Release CLI ${{ inputs.release_type }}
name: Publish bws CLI
run-name: Publish bws CLI ${{ inputs.release_type }}

on:
workflow_dispatch:
Expand All @@ -13,6 +13,11 @@ on:
options:
- Release
- Dry Run
version:
description: 'Version to publish (default: latest bws cli release)'
required: true
type: string
default: latest

env:
_AZ_REGISTRY: bitwardenprod.azurecr.io
Expand All @@ -22,7 +27,9 @@ jobs:
name: Setup
runs-on: ubuntu-22.04
outputs:
release-version: ${{ steps.version.outputs.version }}
release-version: ${{ steps.version-output.outputs.version }}
release-tag: ${{ steps.version-output.outputs.tag_name }}
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
steps:
- name: Checkout repo
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
Expand All @@ -37,11 +44,21 @@ jobs:
exit 1
fi
- name: Check Release Version
id: version
- name: Version output
id: version-output
run: |
VERSION=$(grep -o '^version = ".*"' crates/bws/Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")
echo "version=$VERSION" >> $GITHUB_OUTPUT
if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then
TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("bws")) | .tag_name' | head -1)
VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+')
echo "Latest Released Version: $VERSION"
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "Latest Released Tag name: $TAG_NAME"
echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT
else
echo "Release Version: ${{ inputs.version }}"
echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
fi
- name: Create GitHub deployment
if: ${{ inputs.release_type != 'Dry Run' }}
Expand All @@ -50,66 +67,18 @@ jobs:
with:
token: "${{ secrets.GITHUB_TOKEN }}"
initial-status: "in_progress"
environment: "CLI - Production"
description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}"
environment: "bws CLI - Production"
description: "Deployment ${{ steps.version-output.outputs.version }} from branch ${{ github.ref_name }}"
task: release

- name: Download all Release artifacts
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-cli.yml
path: packages
workflow_conclusion: success
branch: ${{ github.ref_name }}

- name: Get checksum files
uses: bitwarden/gh-actions/get-checksum@main
with:
packages_dir: "packages"
file_path: "packages/bws-sha256-checksums-${{ steps.version.outputs.version }}.txt"

- name: Create release
if: ${{ inputs.release_type != 'Dry Run' }}
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
env:
PKG_VERSION: ${{ steps.version.outputs.version }}
with:
artifacts: "packages/bws-x86_64-apple-darwin-${{ env.PKG_VERSION }}.zip,
packages/bws-aarch64-apple-darwin-${{ env.PKG_VERSION }}.zip,
packages/bws-macos-universal-${{ env.PKG_VERSION }}.zip,
packages/bws-x86_64-pc-windows-msvc-${{ env.PKG_VERSION }}.zip,
packages/bws-aarch64-pc-windows-msvc-${{ env.PKG_VERSION }}.zip,
packages/bws-x86_64-unknown-linux-gnu-${{ env.PKG_VERSION }}.zip,
packages/bws-aarch64-unknown-linux-gnu-${{ env.PKG_VERSION }}.zip,
packages/THIRDPARTY.html,
packages/bws-sha256-checksums-${{ env.PKG_VERSION }}.txt"
commit: ${{ github.sha }}
tag: bws-v${{ env.PKG_VERSION }}
name: bws CLI v${{ env.PKG_VERSION }}
body: "<insert release notes here>"
token: ${{ secrets.GITHUB_TOKEN }}
draft: true

- name: Update deployment status to Success
if: ${{ inputs.release_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: "${{ secrets.GITHUB_TOKEN }}"
state: "success"
deployment-id: ${{ steps.deployment.outputs.deployment_id }}

- name: Update deployment status to Failure
if: ${{ inputs.release_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: "${{ secrets.GITHUB_TOKEN }}"
state: "failure"
deployment-id: ${{ steps.deployment.outputs.deployment_id }}

publish:
name: Publish bws to crates.io
runs-on: ubuntu-22.04
needs: setup
env:
_VERSION: ${{ needs.setup.outputs.release-version }}
_TAG_NAME: ${{ needs.setup.outputs.release-tag }}
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
Expand All @@ -118,6 +87,7 @@ jobs:
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
ref: ${{ env._TAG_NAME }}

- name: Retrieve secrets
id: retrieve-secrets
Expand Down Expand Up @@ -151,6 +121,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
ref: ${{ env._TAG_NAME }}

- name: Generate tag list
id: tag-list
Expand Down Expand Up @@ -218,3 +190,27 @@ jobs:
run: |
docker logout
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
update_release_status:
name: Update GitHub deployment status
runs-on: ubuntu-22.04
needs: setup
if: ${{ inputs.release_type != 'Dry Run' }}
env:
_DEPLOYMENT_ID: ${{ needs.setup.outputs.deployment-id }}
steps:
- name: Update deployment status to Success
if: ${{ inputs.release_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: "${{ secrets.GITHUB_TOKEN }}"
state: "success"
deployment-id: ${{ env._DEPLOYMENT_ID }}

- name: Update deployment status to Failure
if: ${{ inputs.release_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: "${{ secrets.GITHUB_TOKEN }}"
state: "failure"
deployment-id: ${{ env._DEPLOYMENT_ID }}
69 changes: 52 additions & 17 deletions .github/workflows/publish-dotnet.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ on:
options:
- Release
- Dry Run
version:
description: "Release Version"
required: false
default: "latest"

env:
_KEY_VAULT: "bitwarden-ci"
Expand All @@ -21,43 +25,58 @@ jobs:
name: Setup
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.version.outputs.version }}
version: ${{ steps.version-output.outputs.version }}
steps:
- name: Checkout repo
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0

- name: Branch check
if: ${{ inputs.release_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then
echo "==================================="
echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
echo "[!] Can only release from the 'main' branch"
echo "==================================="
exit 1
fi
- name: Install xmllint
run: sudo apt-get install -y libxml2-utils

- name: Get version
id: version
- name: Version output
id: version-output
run: |
VERSION=$(xmllint --xpath 'string(/Project/PropertyGroup/Version)' languages/csharp/Bitwarden.Sdk/Bitwarden.Sdk.csproj)
echo "version=$VERSION" >> $GITHUB_OUTPUT
if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then
TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("dotnet")) | .tag_name' | head -1)
VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+')
echo "Latest Released Version: $VERSION"
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "Latest Released Tag name: $TAG_NAME"
echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT
else
echo "Release Version: ${{ inputs.version }}"
echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
fi
deploy:
name: Deploy
runs-on: ubuntu-22.04
needs: validate
steps:
- name: Download NuGet package
uses: bitwarden/gh-actions/download-artifacts@main
- name: Create GitHub deployment
if: ${{ inputs.release_type != 'Dry Run' }}
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
id: deployment
with:
workflow: build-dotnet.yml
workflow_conclusion: success
branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }}
artifacts: Bitwarden.Sdk.${{ needs.validate.outputs.version }}.nupkg
path: ./nuget-output
token: '${{ secrets.GITHUB_TOKEN }}'
initial-status: 'in_progress'
environment: 'dotnet - Production'
description: 'Deployment ${{ needs.validate.outputs.version }} from branch ${{ github.ref_name }}'
task: release

- name: Download artifact
run: |
mkdir -p nuget-output
cd nuget-output
wget https://github.com/bitwarden/sdk/releases/download/dotnet-v${{ needs.validate.outputs.version }}/Bitwarden.Sdk.${{ needs.validate.outputs.version }}.nupkg
- name: Login to Azure - Prod Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
Expand All @@ -76,3 +95,19 @@ jobs:
env:
NUGET_API_KEY: ${{ steps.retrieve-secrets.outputs.nuget-api-key }}
run: dotnet nuget push ./nuget-output/*.nupkg -k ${{ env.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json

- name: Update deployment status to Success
if: ${{ inputs.release_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: '${{ secrets.GITHUB_TOKEN }}'
state: 'success'
deployment-id: ${{ steps.deployment.outputs.deployment_id }}

- name: Update deployment status to Failure
if: ${{ inputs.release_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
with:
token: '${{ secrets.GITHUB_TOKEN }}'
state: 'failure'
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
Loading

0 comments on commit a6fd484

Please sign in to comment.