Skip to content

Commit

Permalink
Merge branch 'main' into scanner
Browse files Browse the repository at this point in the history
  • Loading branch information
withinfocus authored Feb 29, 2024
2 parents 821892b + c0fe4ac commit f7c46bd
Show file tree
Hide file tree
Showing 11 changed files with 326 additions and 86 deletions.
15 changes: 15 additions & 0 deletions .github/workflows/build-cli.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ jobs:
runs-on: ubuntu-22.04
outputs:
package_version: ${{ steps.retrieve-version.outputs.package_version }}
sign: ${{ steps.sign.outputs.sign }}
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand All @@ -30,6 +31,16 @@ jobs:
VERSION=$(grep -o '^version = ".*"' crates/bws/Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")
echo "package_version=$VERSION" >> $GITHUB_OUTPUT
- name: Sign if repo is owned by Bitwarden
id: sign
env:
REPO_OWNER: ${{ github.repository_owner }}
run: |
if [[ $REPO_OWNER == bitwarden ]]; then
echo "sign=true" >> $GITHUB_OUTPUT
fi
echo "sign=false" >> $GITHUB_OUTPUT
build-windows:
name: Building CLI for - ${{ matrix.settings.os }} - ${{ matrix.settings.target }}
runs-on: ${{ matrix.settings.os || 'ubuntu-latest' }}
Expand Down Expand Up @@ -66,11 +77,13 @@ jobs:
run: cargo build ${{ matrix.features }} -p bws --release --target=${{ matrix.settings.target }}

- name: Login to Azure
if: ${{ needs.setup.outputs.sign == 'true' }}
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
if: ${{ needs.setup.outputs.sign == 'true' }}
id: retrieve-secrets-windows
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
Expand All @@ -82,9 +95,11 @@ jobs:
code-signing-cert-name"

- name: Install AST
if: ${{ needs.setup.outputs.sign == 'true' }}
run: dotnet tool install --global AzureSignTool --version 4.0.1

- name: Sign windows binary
if: ${{ needs.setup.outputs.sign == 'true' }}
env:
SIGNING_VAULT_URL: ${{ steps.retrieve-secrets-windows.outputs.code-signing-vault-url }}
SIGNING_CLIENT_ID: ${{ steps.retrieve-secrets-windows.outputs.code-signing-client-id }}
Expand Down
49 changes: 49 additions & 0 deletions .github/workflows/build-go.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Build Go SDK

on:
push:
branches:
- main
- rc
- hotfix-rc

pull_request:

env:
GO111MODULE: on
GO_VERSION: "^1.18"

jobs:
build:
name: Build
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Setup Go environment
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: ${{ env.GO_VERSION }}

- name: Cache dependencies
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: npm ci
run: npm ci

- name: Generate schemas
run: npm run schemas

- name: Build
working-directory: languages/go
run: go build -v ./...

- name: Test
working-directory: languages/go
run: go test -v ./...
73 changes: 0 additions & 73 deletions .github/workflows/golang-release.yml

This file was deleted.

19 changes: 14 additions & 5 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,20 @@ jobs:
- name: Cargo fmt
run: cargo +nightly fmt --check

- name: Install clippy-sarif and sarif-fmt
run: cargo install clippy-sarif sarif-fmt --locked --git https://github.com/psastras/sarif-rs.git --rev 11c33a53f6ffeaed736856b86fb6b7b09fabdfd8

- name: Cargo clippy
run: cargo clippy --all-features --tests --message-format=json |
clippy-sarif | tee clippy_result.sarif | sarif-fmt
env:
RUSTFLAGS: "-D warnings"

- name: Upload Clippy results to GitHub
uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
with:
sarif_file: clippy_result.sarif

- name: Set up Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
Expand All @@ -52,8 +66,3 @@ jobs:
run: cargo doc --no-deps --features internal
env:
RUSTDOCFLAGS: "-D warnings"

- name: Cargo clippy
run: cargo clippy --all-features --tests
env:
RUSTFLAGS: "-D warnings"
151 changes: 151 additions & 0 deletions .github/workflows/release-go.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,151 @@
name: Release Go

on:
workflow_dispatch:
inputs:
release_type:
description: "Release Options"
required: true
default: "Release"
type: choice
options:
- Release
- Dry Run

env:
GO111MODULE: on
GO_VERSION: "^1.18"

jobs:
validate:
name: Setup
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Branch check
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
echo "==================================="
echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
echo "==================================="
exit 1
fi
- name: Get version
id: version
run: |
VERSION=$(cat languages/go/.version | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")
echo "version=$VERSION" >> $GITHUB_OUTPUT
repo-sync:
name: Push changed files to SDK Go repo
runs-on: ubuntu-22.04
needs: validate
env:
_KEY_VAULT: "bitwarden-ci"
_BOT_EMAIL: [email protected]
_BOT_NAME: bitwarden-devops-bot
_PKG_VERSION: ${{ needs.validate.outputs.version }}
steps:
- name: Checkout SDK repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
path: sdk

- name: Checkout SDK-Go repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
repository: bitwarden/sm-sdk-go
path: sm-sdk-go
ref: main

- name: Login to Azure - Prod Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope"

- name: Setup Git
working-directory: sm-sdk-go
run: |
git config --local user.email "${{ env._BOT_EMAIL }}"
git config --local user.name "${{ env._BOT_NAME }}"
- name: Update files
run: |
# Copy files to local sm-sdk-go repo path
cp --verbose -rf sdk/languages/go sm-sdk-go
- name: Push changes
working-directory: sm-sdk-go
run: |
git add .
git commit -m "Update Go SDK to ${{ github.sha }}"
if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
echo "==================================="
echo "[!] Dry Run - Skipping push"
echo "==================================="
git ls-files -m
exit 0
else
git push origin main
fi
- name: Create release tag on SDK Go repo
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
working-directory: sm-sdk-go
run: |
# Check if tag exists, set output then exit 0 if true.
if git log v${{ env._PKG_VERSION }} >/dev/null 2>&1; then
echo "==================================="
echo "[!] Tag v${{ env._PKG_VERSION }} already exists"
echo "==================================="
exit 1
fi
git tag v${{ env._PKG_VERSION }}
git push origin v${{ env._PKG_VERSION }}
github-release:
name: GitHub Release
runs-on: ubuntu-22.04
needs:
- repo-sync
- validate
env:
_PKG_VERSION: ${{ needs.validate.outputs.version }}
steps:
- name: Login to Azure - Prod Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope"

- name: Create release
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0
with:
tag: v${{ env._PKG_VERSION }}
name: v${{ env._PKG_VERSION }}
body: "<insert release notes here>"
token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
draft: true
repo: bitwarden/sm-sdk-go
6 changes: 6 additions & 0 deletions .github/workflows/version-bump.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ on:
- napi
- python-sdk
- ruby-sdk
- go-sdk
version_number:
description: "New version (example: '2024.1.0')"
required: true
Expand Down Expand Up @@ -156,6 +157,11 @@ jobs:
if: ${{ inputs.project == 'ruby-sdk' }}
run: sed -i "s/VERSION = '[0-9]\.[0-9]\.[0-9]'/VERSION = '${{ inputs.version_number }}'/" ./languages/ruby/bitwarden_sdk_secrets/lib/version.rb

### go sdk
- name: Bump go-sdk Version
if: ${{ inputs.project == 'go-sdk' }}
run: sed -i 's/[0-9]\.[0-9]\.[0-9]/${{ inputs.version_number }}/' ./languages/go/.version

############################
# VERSION BUMP SECTION END #
############################
Expand Down
Loading

0 comments on commit f7c46bd

Please sign in to comment.