[PM-3169] Login decryption options in extension popup #8558
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Build Web | |
on: | |
pull_request: | |
branches-ignore: | |
- 'l10n_master' | |
- 'cf-pages' | |
paths: | |
- 'apps/web/**' | |
- 'libs/**' | |
- '*' | |
- '!*.md' | |
- '!*.txt' | |
- '.github/workflows/build-web.yml' | |
push: | |
branches: | |
- 'master' | |
- 'rc' | |
- 'hotfix-rc-web' | |
paths: | |
- 'apps/web/**' | |
- 'libs/**' | |
- '*' | |
- '!*.md' | |
- '!*.txt' | |
- '.github/workflows/build-web.yml' | |
workflow_dispatch: | |
inputs: | |
custom_tag_extension: | |
description: "Custom image tag extension" | |
required: false | |
jobs: | |
cloc: | |
name: CLOC | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Set up cloc | |
run: | | |
sudo apt update | |
sudo apt -y install cloc | |
- name: Print lines of code | |
working-directory: apps/web | |
run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git | |
setup: | |
name: Setup | |
runs-on: ubuntu-22.04 | |
outputs: | |
version: ${{ steps.version.outputs.value }} | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Get GitHub sha as version | |
id: version | |
run: echo "value=${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT | |
build-artifacts: | |
name: Build artifacts | |
runs-on: ubuntu-22.04 | |
needs: | |
- setup | |
env: | |
_VERSION: ${{ needs.setup.outputs.version }} | |
strategy: | |
matrix: | |
include: | |
- name: "selfhosted-open-source" | |
npm_command: "dist:oss:selfhost" | |
- name: "cloud-COMMERCIAL" | |
npm_command: "dist:bit:cloud" | |
- name: "selfhosted-COMMERCIAL" | |
npm_command: "dist:bit:selfhost" | |
- name: "cloud-QA" | |
npm_command: "build:bit:qa" | |
- name: "ee" | |
npm_command: "build:bit:ee" | |
- name: "cloud-euprd" | |
npm_command: "build:bit:euprd" | |
- name: "cloud-euqa" | |
npm_command: "build:bit:euqa" | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Set up Node | |
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
with: | |
cache: 'npm' | |
cache-dependency-path: '**/package-lock.json' | |
node-version: "16" | |
- name: Print environment | |
run: | | |
whoami | |
node --version | |
npm --version | |
gulp --version | |
docker --version | |
echo "GitHub ref: $GITHUB_REF" | |
echo "GitHub event: $GITHUB_EVENT" | |
- name: Install dependencies | |
run: npm ci | |
- name: Setup QA metadata | |
working-directory: apps/web | |
if: matrix.name == 'cloud-QA' | |
run: | | |
VERSION=$( jq -r ".version" package.json) | |
jq --arg version "$VERSION+${GITHUB_SHA:0:7}" '.version = $version' package.json > package.json.tmp | |
mv package.json.tmp package.json | |
- name: Build ${{ matrix.name }} | |
working-directory: apps/web | |
run: npm run ${{ matrix.npm_command }} | |
- name: Package artifact | |
working-directory: apps/web | |
run: zip -r web-${{ env._VERSION }}-${{ matrix.name }}.zip build | |
- name: Upload ${{ matrix.name }} artifact | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
with: | |
name: web-${{ env._VERSION }}-${{ matrix.name }}.zip | |
path: apps/web/web-${{ env._VERSION }}-${{ matrix.name }}.zip | |
if-no-files-found: error | |
build-containers: | |
name: Build Docker images | |
runs-on: ubuntu-22.04 | |
needs: | |
- setup | |
- build-artifacts | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- artifact_name: cloud-QA | |
registries: [bitwardenprod.azurecr.io, bitwardenqa.azurecr.io] | |
image_name: web-qa-cloud | |
- artifact_name: ee | |
registries: [bitwardenprod.azurecr.io, bitwardenqa.azurecr.io] | |
image_name: web-ee | |
- artifact_name: selfhosted-COMMERCIAL | |
registries: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io] | |
image_name: web | |
env: | |
_VERSION: ${{ needs.setup.outputs.version }} | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Check Branch to Publish | |
env: | |
PUBLISH_BRANCHES: "master,rc,hotfix-rc-web" | |
id: publish-branch-check | |
run: | | |
IFS="," read -a publish_branches <<< $PUBLISH_BRANCHES | |
if [[ " ${publish_branches[*]} " =~ " ${GITHUB_REF:11} " ]]; then | |
echo "is_publish_branch=true" >> $GITHUB_ENV | |
else | |
echo "is_publish_branch=false" >> $GITHUB_ENV | |
fi | |
########## ACRs ########## | |
- name: Login to Azure - QA | |
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
with: | |
creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }} | |
- name: Log into QA container registry | |
run: az acr login -n bitwardenqa | |
- name: Login to Azure - Prod | |
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
with: | |
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} | |
- name: Log into Prod container registry | |
run: az acr login -n bitwardenprod | |
- name: Download ${{ matrix.artifact_name }} artifact | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: web-${{ env._VERSION }}-${{ matrix.artifact_name }}.zip | |
path: apps/web | |
########## Generate image tag and build Docker image ########## | |
- name: Generate Docker image tag | |
id: tag | |
run: | | |
if [[ $(grep "pull" <<< "${GITHUB_REF}") ]]; then | |
IMAGE_TAG=$(echo "${GITHUB_HEAD_REF}" | sed "s#/#-#g") | |
else | |
IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") | |
fi | |
if [[ "$IMAGE_TAG" == "master" ]]; then | |
IMAGE_TAG=dev | |
fi | |
TAG_EXTENSION=${{ github.event.inputs.custom_tag_extension }} | |
if [[ $TAG_EXTENSION ]]; then | |
IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION | |
fi | |
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT | |
- name: Generate tag list | |
id: tag-list | |
env: | |
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }} | |
PROJECT_NAME: ${{ matrix.image_name }} | |
run: echo "tags=bitwardenqa.azurecr.io/${PROJECT_NAME}:${IMAGE_TAG},bitwardenprod.azurecr.io/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT | |
########## Build Image ########## | |
- name: Extract artifact | |
working-directory: apps/web | |
run: unzip web-${{ env._VERSION }}-${{ matrix.artifact_name }}.zip | |
- name: Login to Azure | |
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
with: | |
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
- name: Retrieve github PAT secrets | |
id: retrieve-secret-pat | |
uses: bitwarden/gh-actions/get-keyvault-secrets@a30e9c3d658dc97c4c2e61ec749fdab64b83386c | |
with: | |
keyvault: "bitwarden-ci" | |
secrets: "github-pat-bitwarden-devops-bot-repo-scope" | |
- name: Setup DCT | |
if: ${{ env.is_publish_branch == 'true' }} | |
id: setup-dct | |
uses: bitwarden/gh-actions/setup-docker-trust@a30e9c3d658dc97c4c2e61ec749fdab64b83386c | |
with: | |
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
azure-keyvault-name: "bitwarden-ci" | |
- name: Build Docker image | |
uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 | |
with: | |
context: apps/web | |
file: apps/web/Dockerfile | |
platforms: linux/amd64 | |
push: true | |
tags: ${{ steps.tag-list.outputs.tags }} | |
secrets: | | |
"GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}" | |
- name: Push to DockerHub | |
if: contains(matrix.registries, 'bitwarden') && env.is_publish_branch == 'true' | |
env: | |
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }} | |
PROJECT_NAME: ${{ matrix.image_name }} | |
DOCKER_CONTENT_TRUST: 1 | |
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} | |
run: | | |
docker tag bitwardenprod.azurecr.io/$PROJECT_NAME:$IMAGE_TAG bitwarden/$PROJECT_NAME:$IMAGE_TAG | |
docker push bitwarden/$PROJECT_NAME:$IMAGE_TAG | |
- name: Log out of Docker | |
run: docker logout | |
crowdin-push: | |
name: Crowdin Push | |
if: github.ref == 'refs/heads/master' | |
needs: | |
- build-artifacts | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Login to Azure | |
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
with: | |
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
- name: Retrieve secrets | |
id: retrieve-secrets | |
uses: bitwarden/gh-actions/get-keyvault-secrets@a30e9c3d658dc97c4c2e61ec749fdab64b83386c | |
with: | |
keyvault: "bitwarden-ci" | |
secrets: "crowdin-api-token" | |
- name: Upload Sources | |
uses: crowdin/github-action@ee4ab4ea2feadc0fdc3b200729c7b1c4cf4b38f3 # v1.11.0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} | |
CROWDIN_PROJECT_ID: "308189" | |
with: | |
config: apps/web/crowdin.yml | |
crowdin_branch_name: master | |
upload_sources: true | |
upload_translations: false | |
check-failures: | |
name: Check for failures | |
if: always() | |
runs-on: ubuntu-22.04 | |
needs: | |
- cloc | |
- setup | |
- build-artifacts | |
- build-containers | |
- crowdin-push | |
steps: | |
- name: Check if any job failed | |
if: ${{ (github.ref == 'refs/heads/master') || (github.ref == 'refs/heads/rc') }} | |
env: | |
CLOC_STATUS: ${{ needs.cloc.result }} | |
SETUP_STATUS: ${{ needs.setup.result }} | |
ARTIFACT_STATUS: ${{ needs.build-artifacts.result }} | |
BUILD_CONTAINERS_STATUS: ${{ needs.build-containers.result }} | |
CROWDIN_PUSH_STATUS: ${{ needs.crowdin-push.result }} | |
run: | | |
if [ "$CLOC_STATUS" = "failure" ]; then | |
exit 1 | |
elif [ "$SETUP_STATUS" = "failure" ]; then | |
exit 1 | |
elif [ "$ARTIFACT_STATUS" = "failure" ]; then | |
exit 1 | |
elif [ "$BUILD_SELFHOST_STATUS" = "failure" ]; then | |
exit 1 | |
elif [ "$BUILD_CONTAINERS_STATUS" = "failure" ]; then | |
exit 1 | |
elif [ "$CROWDIN_PUSH_STATUS" = "failure" ]; then | |
exit 1 | |
fi | |
- name: Login to Azure - Prod Subscription | |
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
if: failure() | |
with: | |
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
- name: Retrieve secrets | |
id: retrieve-secrets | |
if: failure() | |
uses: bitwarden/gh-actions/get-keyvault-secrets@a30e9c3d658dc97c4c2e61ec749fdab64b83386c | |
with: | |
keyvault: "bitwarden-ci" | |
secrets: "devops-alerts-slack-webhook-url" | |
- name: Notify Slack on failure | |
uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 | |
if: failure() | |
env: | |
SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} | |
with: | |
status: ${{ job.status }} |