Fix the failed test after dotnet format #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build Self-Host | |
| on: | |
| push: | |
| branches-ignore: | |
| - "l10n_master" | |
| - "gh-pages" | |
| paths-ignore: | |
| - ".github/workflows/**" | |
| workflow_dispatch: | |
| pull_request: | |
| branches-ignore: | |
| - "l10n_master" | |
| - "gh-pages" | |
| paths: | |
| - ".github/workflows/build-self-host.yml" | |
| jobs: | |
| build-docker: | |
| name: Build Docker image | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 | |
| - name: Check Branch to Publish | |
| env: | |
| PUBLISH_BRANCHES: "master,rc,hotfix-rc" | |
| id: publish-branch-check | |
| run: | | |
| IFS="," read -a publish_branches <<< $PUBLISH_BRANCHES | |
| if [[ " ${publish_branches[*]} " =~ " ${GITHUB_REF:11} " ]]; then | |
| echo "is_publish_branch=true" >> $GITHUB_ENV | |
| else | |
| echo "is_publish_branch=false" >> $GITHUB_ENV | |
| fi | |
| ########## Set up Docker ########## | |
| - name: Set up QEMU emulators | |
| uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 | |
| ########## Login to Docker registries ########## | |
| - name: Login to Azure - QA Subscription | |
| uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 | |
| with: | |
| creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} | |
| - name: Login to Azure ACR | |
| run: az acr login -n bitwardenqa | |
| - name: Login to Azure - Prod Subscription | |
| uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 | |
| with: | |
| creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} | |
| - name: Login to Azure ACR | |
| run: az acr login -n bitwardenprod | |
| - name: Login to Azure - CI Subscription | |
| uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 | |
| with: | |
| creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| - name: Retrieve github PAT secrets | |
| id: retrieve-secret-pat | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "github-pat-bitwarden-devops-bot-repo-scope" | |
| - name: Retrieve secrets | |
| if: ${{ env.is_publish_branch == 'true' }} | |
| id: retrieve-secrets | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "docker-password, | |
| docker-username, | |
| dct-delegate-2-repo-passphrase, | |
| dct-delegate-2-key" | |
| - name: Log into Docker | |
| if: ${{ env.is_publish_branch == 'true' }} | |
| env: | |
| DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} | |
| DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} | |
| run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
| - name: Setup Docker Trust | |
| if: ${{ env.is_publish_branch == 'true' }} | |
| env: | |
| DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" | |
| DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} | |
| DCT_REPO_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} | |
| run: | | |
| mkdir -p ~/.docker/trust/private | |
| echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key | |
| echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV | |
| echo "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$DCT_REPO_PASSPHRASE" >> $GITHUB_ENV | |
| ########## Generate image tag and build Docker image ########## | |
| - name: Generate Docker image tag | |
| id: tag | |
| run: | | |
| IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name | |
| if [[ "$IMAGE_TAG" == "master" ]]; then | |
| IMAGE_TAG=dev | |
| elif [[ "$IMAGE_TAG" == "rc" ]] || [[ "$IMAGE_TAG" == "hotfix-rc" ]]; then | |
| IMAGE_TAG=beta | |
| fi | |
| echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| - name: Generate tag list | |
| id: tag-list | |
| env: | |
| IMAGE_TAG: ${{ steps.tag.outputs.image_tag }} | |
| run: | | |
| if [ "$IMAGE_TAG" = "dev" ] || [ "$IMAGE_TAG" = "beta" ]; then | |
| echo "tags=bitwardenqa.azurecr.io/self-host:${IMAGE_TAG},bitwardenprod.azurecr.io/self-host:${IMAGE_TAG},bitwarden/self-host:${IMAGE_TAG}" >> $GITHUB_OUTPUT | |
| else | |
| echo "tags=bitwardenqa.azurecr.io/self-host:${IMAGE_TAG},bitwardenprod.azurecr.io/self-host:${IMAGE_TAG}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Build Docker image | |
| uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v3.2.0 | |
| with: | |
| context: . | |
| file: docker-unified/Dockerfile | |
| platforms: | | |
| linux/amd64, | |
| linux/arm/v7, | |
| linux/arm64/v8 | |
| push: true | |
| tags: ${{ steps.tag-list.outputs.tags }} | |
| secrets: | | |
| "GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}" | |
| - name: Log out of Docker and disable Docker Notary | |
| if: ${{ env.is_publish_branch == 'true' }} | |
| run: | | |
| docker logout | |
| echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV | |
| check-failures: | |
| name: Check for failures | |
| if: always() | |
| runs-on: ubuntu-22.04 | |
| needs: build-docker | |
| steps: | |
| - name: Check if any job failed | |
| if: | | |
| github.ref == 'refs/heads/master' | |
| || github.ref == 'refs/heads/rc' | |
| || github.ref == 'refs/heads/hotfix-rc' | |
| env: | |
| BUILD_DOCKER_STATUS: ${{ needs.build-docker.result }} | |
| run: | | |
| if [ "$BUILD_DOCKER_STATUS" = "failure" ]; then | |
| exit 1 | |
| fi | |
| - name: Login to Azure - CI subscription | |
| uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf # v1.4.3 | |
| if: failure() | |
| with: | |
| creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| - name: Retrieve secrets | |
| id: retrieve-secrets | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@c86ced0dc8c9daeecf057a6333e6f318db9c5a2b | |
| if: failure() | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "devops-alerts-slack-webhook-url" | |
| - name: Notify Slack on failure | |
| uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 | |
| if: failure() | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} | |
| with: | |
| status: ${{ job.status }} |