Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DEVOPS-1525] swift workflow for package publishing #268

Closed
Closed
Show file tree
Hide file tree
Changes from 25 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
378e04d
Add initial workflow
mimartin12 Sep 18, 2023
db8517b
Merge branch 'master' into DEVOPS-1525-swift-workflow-for-package-pub…
mimartin12 Oct 5, 2023
c9ecd14
prettier
mimartin12 Oct 5, 2023
a6a7b0c
Merge branch 'master' into DEVOPS-1525-swift-workflow-for-package-pub…
mimartin12 Oct 9, 2023
7abb657
Push changed files to sdk-swift on release
mimartin12 Oct 9, 2023
10666d5
Linting
mimartin12 Oct 9, 2023
adfcdf2
Use stable commit
mimartin12 Oct 19, 2023
962590b
Switch to bash script
mimartin12 Oct 23, 2023
b23e9aa
Add back in trigger for testing
mimartin12 Oct 23, 2023
35a251a
Update path for build.sh
mimartin12 Oct 23, 2023
6092c9a
Add artifact upload
mimartin12 Oct 24, 2023
04d6f06
Add branch, along with commit sha
mimartin12 Oct 24, 2023
6bb7087
Remove trigger filter
mimartin12 Oct 27, 2023
2b55e24
Update package.swift with url and update tag
mimartin12 Oct 30, 2023
09da1bd
Refactor release swift workflow
mimartin12 Apr 16, 2024
3ea7b7c
Switch back to hotfix-rc
mimartin12 Apr 16, 2024
3dc5f12
Fix SHA
mimartin12 Apr 16, 2024
8ebc7a7
Use step to get short sha
mimartin12 Apr 16, 2024
f8bc51e
Merge branch 'main' into DEVOPS-1525-swift-workflow-for-package-publi…
mimartin12 Apr 16, 2024
49ad024
Pull version from bws
mimartin12 Apr 17, 2024
3d799a5
Update install rust step
mimartin12 Apr 17, 2024
4327e76
Apply suggestions from code review
mimartin12 Apr 24, 2024
e336370
Update .github/workflows/build-swift.yml
mimartin12 Apr 24, 2024
a15a57a
Automatically push main commits to sdk-swift
mimartin12 Apr 30, 2024
1e1294d
Linting
mimartin12 Apr 30, 2024
86d4d72
Remove unneeded permission set
mimartin12 Jun 6, 2024
a57b82f
Merge branch 'main' into DEVOPS-1525-swift-workflow-for-package-publi…
mimartin12 Jun 6, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
102 changes: 102 additions & 0 deletions .github/workflows/build-swift.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
---
name: Build Swift Package

on:
push:
branches:
- "rc"
- "hotfix-rc"
- "main"

jobs:
version:
name: Get Version
runs-on: ubuntu-22.04
outputs:
package_version: ${{ steps.retrieve-version.outputs.package_version }}
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

- name: Get Package Version
id: retrieve-version
run: |
VERSION=$(grep -o '^version = ".*"' crates/bws/Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")
echo "package_version=$VERSION" >> $GITHUB_OUTPUT

build:
name: Build
runs-on: macos-13
mimartin12 marked this conversation as resolved.
Show resolved Hide resolved
needs: version
env:
_VERSION: ${{ needs.version.outputs.package_version }}
steps:
- name: Checkout repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

- name: Install rust
uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable
with:
toolchain: stable

- name: Cache cargo registry
uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0
with:
key: sdk-swift-cargo

- name: Rustup target
run: |
rustup target install aarch64-apple-ios-sim
rustup target install aarch64-apple-ios
rustup target install x86_64-apple-ios

- name: Build
shell: bash
working-directory: languages/swift
id: build
run: |
chmod +x build.sh
./build.sh
Hinton marked this conversation as resolved.
Show resolved Hide resolved

# SHA Short
echo "short-sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

- name: Upload BitwardenFFI.xcframework artifact
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: BitwardenFFI-${{ env._VERSION }}-${{ steps.build.outputs.short-sha }}.xcframework
path: languages/swift/BitwardenFFI.xcframework
if-no-files-found: error
Comment on lines +63 to +68
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to upload every commit from main in our artifactory, but it's never used?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I see what you mean. Yes, currently the trigger here https://github.com/bitwarden/sdk/pull/268/files/e336370aa3e6b19b4167b200c2e0df48285b4c2d#diff-055e2da2434f07c0a866c511bfa44f89960b26b18915681bd5a97ed5a8689b9fR9 is going to create an artifact that will not be used in the release workflow. If there is no value in having a GitHub artifact from main, I can remove it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From my perspective the main value is automatically pushing commits from main to the sdk-swift repository. As this repository will get more activity depending on devops to trigger development releases whenever a new feature gets merged will be tedious

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a15a57a
Does this now, I removed release process items around it, and made it simply push to the repository when a build happens on main. This adheres to the requirement to use GitHub releases to store the artifact.


trigger-swift-release:
name: Trigger Swift release
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-22.04
needs: build
steps:
- name: Login to Azure - CI Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

- name: Retrieve github PAT secrets
id: retrieve-secret-pat
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "github-pat-bitwarden-devops-bot-repo-scope"

- name: Trigger Swift release
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
script: |
await github.rest.actions.createWorkflowDispatch({
owner: 'bitwarden',
repo: 'sdk',
workflow_id: 'release-swift.yml',
ref: 'main',
inputs: {
'build-run-id': '${{ github.run_id }}'
}
})
157 changes: 157 additions & 0 deletions .github/workflows/release-swift.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
---
name: Release Swift Package

on:
workflow_call:
inputs:
build-run-id:
description: "Workflow Run ID to use for artifact download"
type: string
required: false

env:
_KEY_VAULT: "bitwarden-ci"

jobs:
validate:
name: Set Version and SHA
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.version.outputs.version }}
sha: ${{ steps.set-sha.outputs.sha }}
short_sha: ${{ steps.set-sha.outputs.short_sha }}
steps:
- name: Checkout repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Get version
id: version
run: |
VERSION=$(grep -o '^version = ".*"' crates/bitwarden/Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")
echo "version=$VERSION" >> $GITHUB_OUTPUT

- name: Download BitwardenEFI artifact
uses: bitwarden/gh-actions/download-artifacts@main
id: download-artifact
with:
workflow: build-swift.yml
workflow_conclusion: success
skip_unpack: true
run_id: ${{ inputs.build-run-id }}

- name: Set SHA
id: set-sha
run: |
echo "sha=$(${{ steps.download-artifact.outputs.artifact-build-commit }})" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ steps.download-artifact.outputs.artifact-build-commit }} | cut -c1-7)" >> $GITHUB_OUTPUT

repo-sync:
name: Push changed files to SDK Swift repo
runs-on: ubuntu-22.04
needs: validate
env:
_BOT_EMAIL: [email protected]
_BOT_NAME: bitwarden-devops-bot
_PKG_VERSION: ${{ needs.validate.outputs.version }}
steps:
- name: Checkout SDK repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
path: sdk

- name: Checkout SDK-Swift repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
repository: bitwarden/sdk-swift
path: sdk-swift
ref: main

- name: Login to Azure - Prod Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope"

- name: Setup Git
working-directory: sdk-swift
run: |
git config --local user.email "${{ env._BOT_EMAIL }}"
git config --local user.name "${{ env._BOT_NAME }}"

- name: Update files
run: |
# Update BitwardenFFI path
sed -i '' 's|.binaryTarget(name: "BitwardenFFI", path: "BitwardenFFI.xcframework")|.binaryTarget(\
name: "BitwardenFFI",\
url: "https://github.com/bitwarden/sdk-swift/releases/download/BitwardenFFI-v${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}/BitwardenFFI-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}.xcframework.zip",|' sdk/languages/swift/Package.swift

# Run swiftformat
swiftformat sdk/languages/swift/Package.swift

# Copy files to local sdk-swift repo path
cp --verbose -rf sdk/languages/swift/README.md sdk-swift/README.md
cp --verbose -rf sdk/languages/swift/Package.swift sdk-swift/Package.swift
mimartin12 marked this conversation as resolved.
Show resolved Hide resolved
cp --verbose -rf sdk/languages/swift/Sources sdk-swift/Sources
cp --verbose -rf sdk/languages/swift/Tests sdk-swift/Tests

- name: Push changes
working-directory: sdk-swift
run: |
git add .
git commit -m "Update Swift SDK to ${{ needs.validate.outputs.sha }}"
git push origin main

- name: Create release tag on SDK Swift repo
working-directory: sdk-swift
run: |
git tag ${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we want to tag "non stable" releases.

git push origin ${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}

github-release:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should only do github releases for stable.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How can we do this? How do we define stable releases of the SDK today?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When we desire external parties to use the new version of the sdk, generally whenever secrets manager wants a new release.

name: GitHub Release
runs-on: ubuntu-22.04
needs:
- validate
- repo-sync
env:
_PKG_VERSION: ${{ needs.validate.outputs.version }}
steps:
- name: Login to Azure - Prod Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope"

- name: Download BitwardenEFI artifact
uses: bitwarden/gh-actions/download-artifacts@main
id: download-artifact
with:
workflow: build-swift.yml
workflow_conclusion: success
artifacts: "BitwardenFFI-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}.xcframework"
skip_unpack: true
run_id: ${{ inputs.build-run-id }}

- name: Create release
uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0
with:
tag: v${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}
name: v${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}
body: ""
token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
draft: false
repo: sdk-swift
owner: bitwarden
artifacts: "BitwardenFFI-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}.xcframework"
Loading