From b6db9cc8f5b15181b91fe1c9a5def016385abde9 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Thu, 6 Oct 2022 11:21:52 -0400 Subject: [PATCH 1/2] Fix all retrieve-secret steps in workflows to use our action --- .github/workflows/brew-bump-cli.yml | 15 ++----- .github/workflows/brew-bump-desktop.yml | 15 ++----- .github/workflows/build-browser.yml | 45 ++++++--------------- .github/workflows/build-cli.yml | 15 ++----- .github/workflows/build-desktop.yml | 47 ++++++---------------- .github/workflows/build-web.yml | 30 ++++---------- .github/workflows/crowdin-pull.yml | 15 ++----- .github/workflows/release-cli.yml | 45 ++++++--------------- .github/workflows/release-desktop-beta.yml | 34 +++++----------- .github/workflows/release-desktop.yml | 47 ++++++---------------- .github/workflows/version-auto-bump.yml | 11 ++--- 11 files changed, 88 insertions(+), 231 deletions(-) diff --git a/.github/workflows/brew-bump-cli.yml b/.github/workflows/brew-bump-cli.yml index 5487095bf758..88a8cdefe508 100644 --- a/.github/workflows/brew-bump-cli.yml +++ b/.github/workflows/brew-bump-cli.yml @@ -23,17 +23,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - brew-bump-workflow-pat - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "brew-bump-workflow-pat" - name: Update Homebrew formula uses: dawidd6/action-homebrew-bump-formula@dd221ff435f42fa8102b5871bb1929af9d76476c diff --git a/.github/workflows/brew-bump-desktop.yml b/.github/workflows/brew-bump-desktop.yml index fba2685f2347..249c5a57d482 100644 --- a/.github/workflows/brew-bump-desktop.yml +++ b/.github/workflows/brew-bump-desktop.yml @@ -23,17 +23,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - brew-bump-workflow-pat - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "brew-bump-workflow-pat" - name: Update Homebrew cask uses: macauley/action-homebrew-bump-cask@445c42390d790569d938f9068d01af39ca030feb diff --git a/.github/workflows/build-browser.yml b/.github/workflows/build-browser.yml index 91134cbab65a..9a5e4ebd33b2 100644 --- a/.github/workflows/build-browser.yml +++ b/.github/workflows/build-browser.yml @@ -338,17 +338,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - crowdin-api-token - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "crowdin-api-token" - name: Upload Sources uses: crowdin/github-action@ecd7eb0ef6f3cfa16293c79e9cbc4bc5b5fd9c49 # v1.4.9 @@ -378,17 +371,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - github-pat-bitwarden-devops-bot-repo-scope - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "github-pat-bitwarden-devops-bot-repo-scope" - name: Extract branch name id: extract_branch @@ -459,17 +445,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets if: failure() - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - devops-alerts-slack-webhook-url - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 # v1.5.0 diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml index 9147ed1b7eba..e32dbedb24c0 100644 --- a/.github/workflows/build-cli.yml +++ b/.github/workflows/build-cli.yml @@ -361,17 +361,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets if: failure() - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - devops-alerts-slack-webhook-url - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index fe8df982c269..2cb34fb47e85 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -298,21 +298,14 @@ jobs: - name: Retrieve secrets id: retrieve-secrets shell: bash - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - code-signing-vault-url, + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "code-signing-vault-url, code-signing-client-id, code-signing-tenant-id, code-signing-client-secret, - code-signing-cert-name - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + code-signing-cert-name" - name: Install Node dependencies run: npm ci @@ -1242,17 +1235,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - crowdin-api-token - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "crowdin-api-token" - name: Upload Sources uses: crowdin/github-action@ecd7eb0ef6f3cfa16293c79e9cbc4bc5b5fd9c49 # v1.4.9 @@ -1324,17 +1310,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets if: failure() - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - devops-alerts-slack-webhook-url - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml index 675f5bbc55ad..b8fbbf500d7f 100644 --- a/.github/workflows/build-web.yml +++ b/.github/workflows/build-web.yml @@ -337,17 +337,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - crowdin-api-token - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "crowdin-api-token" - name: Upload Sources uses: crowdin/github-action@ecd7eb0ef6f3cfa16293c79e9cbc4bc5b5fd9c49 # v1.4.9 @@ -407,17 +400,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets if: failure() - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - devops-alerts-slack-webhook-url - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 # v1.5.1 diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml index 9aca46ebd69d..abb3fca703da 100644 --- a/.github/workflows/crowdin-pull.yml +++ b/.github/workflows/crowdin-pull.yml @@ -32,17 +32,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - crowdin-api-token - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "crowdin-api-token" - name: Download translations uses: bitwarden/gh-actions/crowdin@05052c5c575ceb09ceea397fe241879e199ed44b diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index c3ddbb981440..33d70a794fa2 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -148,17 +148,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - snapcraft-store-token - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "snapcraft-store-token" - name: Install Snap uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d # v1.2.0 @@ -209,17 +202,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - cli-choco-api-key - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "cli-choco-api-key" - name: Setup Chocolatey run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/ @@ -275,17 +261,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - cli-npm-api-key - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "cli-npm-api-key" - name: Download artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} diff --git a/.github/workflows/release-desktop-beta.yml b/.github/workflows/release-desktop-beta.yml index 79a4eaa24cb9..542973e49f15 100644 --- a/.github/workflows/release-desktop-beta.yml +++ b/.github/workflows/release-desktop-beta.yml @@ -249,21 +249,14 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - code-signing-vault-url, + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "code-signing-vault-url, code-signing-client-id, code-signing-tenant-id, code-signing-client-secret, - code-signing-cert-name - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + code-signing-cert-name" - name: Install Node dependencies run: npm ci @@ -939,23 +932,16 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - aws-electron-access-id, + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "aws-electron-access-id, aws-electron-access-key, aws-electron-bucket-name, r2-electron-access-id, r2-electron-access-key, r2-electron-bucket-name, - cf-prod-account - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + cf-prod-account" - name: Download all artifacts uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3.0.0 diff --git a/.github/workflows/release-desktop.yml b/.github/workflows/release-desktop.yml index f4e28c71460f..2746918099b6 100644 --- a/.github/workflows/release-desktop.yml +++ b/.github/workflows/release-desktop.yml @@ -93,23 +93,16 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - aws-electron-access-id, + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "aws-electron-access-id, aws-electron-access-key, aws-electron-bucket-name, r2-electron-access-id, r2-electron-access-key, r2-electron-bucket-name, - cf-prod-account - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + cf-prod-account" - name: Download all artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} @@ -236,17 +229,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - snapcraft-store-token - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "snapcraft-store-token" - name: Install Snap uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d # v1.2.0 @@ -307,17 +293,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - cli-choco-api-key - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "cli-choco-api-key" - name: Setup Chocolatey shell: pwsh diff --git a/.github/workflows/version-auto-bump.yml b/.github/workflows/version-auto-bump.yml index 4c1b0f6e8f1e..ba1ca63c8160 100644 --- a/.github/workflows/version-auto-bump.yml +++ b/.github/workflows/version-auto-bump.yml @@ -46,13 +46,10 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRET: "github-pat-bitwarden-devops-bot-repo-scope" - run: | - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $SECRET --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$SECRET::$VALUE" + uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af + with: + keyvault: "bitwarden-prod-kv" + secrets: "github-pat-bitwarden-devops-bot-repo-scope" - name: Call GitHub API to trigger workflow bump env: From da50c8d5c16a148b2983500b8ffe8f7e61e15da0 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Thu, 6 Oct 2022 11:37:33 -0400 Subject: [PATCH 2/2] Fix errors, formatting --- .github/workflows/build-desktop.yml | 43 +++++++++++----------- .github/workflows/build-web.yml | 6 +-- .github/workflows/release-cli.yml | 1 - .github/workflows/release-desktop-beta.yml | 3 +- 4 files changed, 25 insertions(+), 28 deletions(-) diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index 2cb34fb47e85..8f8529320c2d 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -142,7 +142,7 @@ jobs: uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Set up Node - uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a with: cache: 'npm' cache-dependency-path: '**/package-lock.json' @@ -176,7 +176,7 @@ jobs: working-directory: ./ - name: Cache Native Module - uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 # v3.0.2 + uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 id: cache with: path: | @@ -257,7 +257,7 @@ jobs: uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Set up Node - uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a with: cache: 'npm' cache-dependency-path: '**/package-lock.json' @@ -297,7 +297,6 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - shell: bash uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af with: keyvault: "bitwarden-prod-kv" @@ -312,7 +311,7 @@ jobs: working-directory: ./ - name: Cache Native Module - uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 # v3.0.2 + uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 id: cache with: path: apps/desktop/desktop_native/*.node @@ -471,7 +470,7 @@ jobs: uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Set up Node - uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a with: cache: 'npm' cache-dependency-path: '**/package-lock.json' @@ -584,7 +583,7 @@ jobs: working-directory: ./ - name: Cache Native Module - uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 # v3.0.2 + uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 id: cache with: path: apps/desktop/desktop_native/*.node @@ -616,7 +615,7 @@ jobs: uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Set up Node - uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a with: cache: 'npm' cache-dependency-path: '**/package-lock.json' @@ -729,7 +728,7 @@ jobs: working-directory: ./ - name: Cache Native Module - uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 # v3.0.2 + uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 id: cache with: path: apps/desktop/desktop_native/*.node @@ -747,7 +746,7 @@ jobs: - name: Download artifact from hotfix-rc-desktop if: github.ref == 'refs/heads/hotfix-rc-desktop' - uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0 + uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 with: workflow: build-browser.yml workflow_conclusion: success @@ -756,7 +755,7 @@ jobs: - name: Download artifact from rc if: github.ref == 'refs/heads/rc' - uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0 + uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 with: workflow: build-browser.yml workflow_conclusion: success @@ -765,7 +764,7 @@ jobs: - name: Download artifact from master if: ${{ github.ref != 'refs/heads/rc' && github.ref != 'refs/heads/hotfix-rc-desktop' }} - uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0 + uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 with: workflow: build-browser.yml workflow_conclusion: success @@ -834,7 +833,7 @@ jobs: uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Set up Node - uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a with: cache: 'npm' cache-dependency-path: '**/package-lock.json' @@ -947,7 +946,7 @@ jobs: working-directory: ./ - name: Cache Native Module - uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 # v3.0.2 + uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 id: cache with: path: apps/desktop/desktop_native/*.node @@ -965,7 +964,7 @@ jobs: - name: Download artifact from hotfix-rc-desktop if: github.ref == 'refs/heads/hotfix-rc-desktop' - uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0 + uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 with: workflow: build-browser.yml workflow_conclusion: success @@ -974,7 +973,7 @@ jobs: - name: Download artifact from rc if: github.ref == 'refs/heads/rc' - uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0 + uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 with: workflow: build-browser.yml workflow_conclusion: success @@ -983,7 +982,7 @@ jobs: - name: Download artifact from master if: ${{ github.ref != 'refs/heads/rc' && github.ref != 'refs/heads/hotfix-rc-desktop' }} - uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0 + uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 with: workflow: build-browser.yml workflow_conclusion: success @@ -1044,7 +1043,7 @@ jobs: uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 - name: Set up Node - uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a # v3.0.0 + uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a with: cache: 'npm' cache-dependency-path: '**/package-lock.json' @@ -1152,7 +1151,7 @@ jobs: working-directory: ./ - name: Cache Native Module - uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 # v3.0.2 + uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 id: cache with: path: apps/desktop/desktop_native/*.node @@ -1170,7 +1169,7 @@ jobs: - name: Download artifact from rc if: github.ref == 'refs/heads/rc' - uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0 + uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 with: workflow: build-browser.yml workflow_conclusion: success @@ -1179,7 +1178,7 @@ jobs: - name: Download artifact from master if: github.ref != 'refs/heads/rc' - uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 # v2.19.0 + uses: dawidd6/action-download-artifact@b2abf1705491048a2d7074f7d90513044fd25d39 with: workflow: build-browser.yml workflow_conclusion: success @@ -1241,7 +1240,7 @@ jobs: secrets: "crowdin-api-token" - name: Upload Sources - uses: crowdin/github-action@ecd7eb0ef6f3cfa16293c79e9cbc4bc5b5fd9c49 # v1.4.9 + uses: crowdin/github-action@ecd7eb0ef6f3cfa16293c79e9cbc4bc5b5fd9c49 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml index b8fbbf500d7f..f65358eee39d 100644 --- a/.github/workflows/build-web.yml +++ b/.github/workflows/build-web.yml @@ -363,8 +363,8 @@ jobs: - cloc - setup - build-artifacts - - build-containers - build-commercial-selfhost-image + - build-containers - crowdin-push steps: - name: Check if any job failed @@ -374,7 +374,7 @@ jobs: SETUP_STATUS: ${{ needs.setup.result }} ARTIFACT_STATUS: ${{ needs.build-artifacts.result }} BUILD_SELFHOST_STATUS: ${{ needs.build-commercial-selfhost-image.result }} - BUILD_QA_STATUS: ${{ needs.build-qa.result }} + BUILD_QA_STATUS: ${{ needs.build-containers.result }} CROWDIN_PUSH_STATUS: ${{ needs.crowdin-push.result }} run: | if [ "$CLOC_STATUS" = "failure" ]; then @@ -385,7 +385,7 @@ jobs: exit 1 elif [ "$BUILD_SELFHOST_STATUS" = "failure" ]; then exit 1 - elif [ "$BUILD_QA_STATUS" = "failure" ]; then + elif [ "$BUILD_CONTAINERS_STATUS" = "failure" ]; then exit 1 elif [ "$CROWDIN_PUSH_STATUS" = "failure" ]; then exit 1 diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index 33d70a794fa2..0cc151f91233 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -299,4 +299,3 @@ jobs: - name: Publish NPM if: ${{ github.event.inputs.release_type != 'Dry Run' }} run: npm publish --access public --regsitry=https://registry.npmjs.org/ --userconfig=./.npmrc - diff --git a/.github/workflows/release-desktop-beta.yml b/.github/workflows/release-desktop-beta.yml index 542973e49f15..7dbc110a04dd 100644 --- a/.github/workflows/release-desktop-beta.yml +++ b/.github/workflows/release-desktop-beta.yml @@ -944,7 +944,7 @@ jobs: cf-prod-account" - name: Download all artifacts - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3.0.0 + uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 with: path: apps/desktop/artifacts @@ -1023,4 +1023,3 @@ jobs: env: BRANCH: ${{ needs.setup.outputs.branch-name }} run: git push origin --delete $BRANCH -