From ea1aebadcaf894893d14bc8ac495d53ba197fdc4 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Mon, 23 Sep 2024 15:55:59 +0200 Subject: [PATCH 01/36] Split bws release and publish --- .../{release-cli.yml => publish-bws.yml} | 114 +++++++++--------- .github/workflows/release-bws.yml | 80 ++++++++++++ 2 files changed, 135 insertions(+), 59 deletions(-) rename .github/workflows/{release-cli.yml => publish-bws.yml} (73%) create mode 100644 .github/workflows/release-bws.yml diff --git a/.github/workflows/release-cli.yml b/.github/workflows/publish-bws.yml similarity index 73% rename from .github/workflows/release-cli.yml rename to .github/workflows/publish-bws.yml index 80c09142e..912c4eaf7 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/publish-bws.yml @@ -1,6 +1,6 @@ --- -name: Release CLI -run-name: Release CLI ${{ inputs.release_type }} +name: Publish bws CLI +run-name: Publish bws CLI ${{ inputs.release_type }} on: workflow_dispatch: @@ -13,6 +13,11 @@ on: options: - Release - Dry Run + version: + description: 'Version to publish (default: latest bws cli release)' + required: true + type: string + default: latest env: _AZ_REGISTRY: bitwardenprod.azurecr.io @@ -22,7 +27,9 @@ jobs: name: Setup runs-on: ubuntu-22.04 outputs: - release-version: ${{ steps.version.outputs.version }} + release-version: ${{ steps.version-output.outputs.version }} + release-tag: ${{ steps.version-output.outputs.tag_name }} + deployment-id: ${{ steps.deployment.outputs.deployment_id }} steps: - name: Checkout repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -37,11 +44,21 @@ jobs: exit 1 fi - - name: Check Release Version - id: version + - name: Version output + id: version-output run: | - VERSION=$(grep -o '^version = ".*"' crates/bws/Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") - echo "version=$VERSION" >> $GITHUB_OUTPUT + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("bws")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi - name: Create GitHub deployment if: ${{ inputs.release_type != 'Dry Run' }} @@ -50,66 +67,18 @@ jobs: with: token: "${{ secrets.GITHUB_TOKEN }}" initial-status: "in_progress" - environment: "CLI - Production" + environment: "bws CLI - Production" description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" task: release - - name: Download all Release artifacts - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-cli.yml - path: packages - workflow_conclusion: success - branch: ${{ github.ref_name }} - - - name: Get checksum files - uses: bitwarden/gh-actions/get-checksum@main - with: - packages_dir: "packages" - file_path: "packages/bws-sha256-checksums-${{ steps.version.outputs.version }}.txt" - - - name: Create release - if: ${{ inputs.release_type != 'Dry Run' }} - uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 - env: - PKG_VERSION: ${{ steps.version.outputs.version }} - with: - artifacts: "packages/bws-x86_64-apple-darwin-${{ env.PKG_VERSION }}.zip, - packages/bws-aarch64-apple-darwin-${{ env.PKG_VERSION }}.zip, - packages/bws-macos-universal-${{ env.PKG_VERSION }}.zip, - packages/bws-x86_64-pc-windows-msvc-${{ env.PKG_VERSION }}.zip, - packages/bws-aarch64-pc-windows-msvc-${{ env.PKG_VERSION }}.zip, - packages/bws-x86_64-unknown-linux-gnu-${{ env.PKG_VERSION }}.zip, - packages/bws-aarch64-unknown-linux-gnu-${{ env.PKG_VERSION }}.zip, - packages/THIRDPARTY.html, - packages/bws-sha256-checksums-${{ env.PKG_VERSION }}.txt" - commit: ${{ github.sha }} - tag: bws-v${{ env.PKG_VERSION }} - name: bws CLI v${{ env.PKG_VERSION }} - body: "" - token: ${{ secrets.GITHUB_TOKEN }} - draft: true - - - name: Update deployment status to Success - if: ${{ inputs.release_type != 'Dry Run' && success() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: "${{ secrets.GITHUB_TOKEN }}" - state: "success" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - - name: Update deployment status to Failure - if: ${{ inputs.release_type != 'Dry Run' && failure() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: "${{ secrets.GITHUB_TOKEN }}" - state: "failure" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} publish: name: Publish bws to crates.io runs-on: ubuntu-22.04 needs: setup + env: + _VERSION: ${{ needs.setup.outputs.release-version }} + _TAG_NAME: ${{ needs.setup.outputs.release-tag }} steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -118,6 +87,7 @@ jobs: uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + ref: ${{ env._TAG_NAME }} - name: Retrieve secrets id: retrieve-secrets @@ -151,6 +121,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ env._TAG_NAME }} - name: Generate tag list id: tag-list @@ -218,3 +190,27 @@ jobs: run: | docker logout echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV + + update_release_status: + name: Update GitHub deployment status + runs-on: ubuntu-22.04 + needs: setup + if: ${{ inputs.release_type != 'Dry Run' }} + env: + _DEPLOYMENT_ID: ${{ needs.setup.outputs.deployment-id }} + steps: + - name: Update deployment status to Success + if: ${{ inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "success" + deployment-id: ${{ env._DEPLOYMENT_ID }} + + - name: Update deployment status to Failure + if: ${{ inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "failure" + deployment-id: ${{ env._DEPLOYMENT_ID }} diff --git a/.github/workflows/release-bws.yml b/.github/workflows/release-bws.yml new file mode 100644 index 000000000..5c4b03868 --- /dev/null +++ b/.github/workflows/release-bws.yml @@ -0,0 +1,80 @@ +--- +name: Release bws CLI +run-name: Release bws CLI ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +env: + _AZ_REGISTRY: bitwardenprod.azurecr.io + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Check Release Version + id: version + run: | + VERSION=$(grep -o '^version = ".*"' crates/bws/Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Download all Release artifacts + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-cli.yml + path: packages + workflow_conclusion: success + branch: ${{ github.ref_name }} + + - name: Get checksum files + uses: bitwarden/gh-actions/get-checksum@main + with: + packages_dir: "packages" + file_path: "packages/bws-sha256-checksums-${{ steps.version.outputs.version }}.txt" + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + env: + PKG_VERSION: ${{ steps.version.outputs.version }} + with: + artifacts: "packages/bws-x86_64-apple-darwin-${{ env.PKG_VERSION }}.zip, + packages/bws-aarch64-apple-darwin-${{ env.PKG_VERSION }}.zip, + packages/bws-macos-universal-${{ env.PKG_VERSION }}.zip, + packages/bws-x86_64-pc-windows-msvc-${{ env.PKG_VERSION }}.zip, + packages/bws-aarch64-pc-windows-msvc-${{ env.PKG_VERSION }}.zip, + packages/bws-x86_64-unknown-linux-gnu-${{ env.PKG_VERSION }}.zip, + packages/bws-aarch64-unknown-linux-gnu-${{ env.PKG_VERSION }}.zip, + packages/THIRDPARTY.html, + packages/bws-sha256-checksums-${{ env.PKG_VERSION }}.txt" + commit: ${{ github.sha }} + tag: bws-v${{ env.PKG_VERSION }} + name: bws CLI v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true From e6fd79e4fd9df1cb11f60a21687c668d0f31f8c8 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Mon, 23 Sep 2024 15:58:28 +0200 Subject: [PATCH 02/36] Remove unused global environment variable --- .github/workflows/release-bws.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/release-bws.yml b/.github/workflows/release-bws.yml index 5c4b03868..92a8544b8 100644 --- a/.github/workflows/release-bws.yml +++ b/.github/workflows/release-bws.yml @@ -14,9 +14,6 @@ on: - Release - Dry Run -env: - _AZ_REGISTRY: bitwardenprod.azurecr.io - jobs: setup: name: Setup From e759c41ec34f6d009a9393e294eb0b63d073909e Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Mon, 23 Sep 2024 16:17:08 +0200 Subject: [PATCH 03/36] Split publish & release workflows for rust crates --- .github/workflows/publish-rust-crates.yml | 38 +++++++++++++++- .github/workflows/release-rust-crates.yml | 53 +++++++++++++++++++++++ 2 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/release-rust-crates.yml diff --git a/.github/workflows/publish-rust-crates.yml b/.github/workflows/publish-rust-crates.yml index bdb39d9b7..8bde5b80f 100644 --- a/.github/workflows/publish-rust-crates.yml +++ b/.github/workflows/publish-rust-crates.yml @@ -14,11 +14,19 @@ on: - Initial Release - Redeploy - Dry Run + version: + description: 'Version to publish (default: latest rust crates release)' + required: true + type: string + default: latest jobs: - publish: - name: Publish + setup: + name: setup runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version-output.outputs.version }} + release-tag: ${{ steps.version-output.outputs.tag_name }} steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -33,6 +41,32 @@ jobs: exit 1 fi + - name: Version output + id: version-output + run: | + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("rust")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi + + publish: + name: Publish + runs-on: ubuntu-22.04 + needs: setup + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ needs.setup.outputs.release-tag }} + - name: Login to Azure uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 with: diff --git a/.github/workflows/release-rust-crates.yml b/.github/workflows/release-rust-crates.yml new file mode 100644 index 000000000..9e14a7f99 --- /dev/null +++ b/.github/workflows/release-rust-crates.yml @@ -0,0 +1,53 @@ +name: Release Rust crates +run-name: Publish Rust crates ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Get version + id: version + run: | + VERSION=$(grep -o '^version = ".*"' Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + env: + PKG_VERSION: ${{ steps.version.outputs.version }} + with: + commit: ${{ github.sha }} + tag: rust-v${{ env.PKG_VERSION }} + name: Rust crates v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true From efd828d886d993ccd5337d7dcc4d7e7062c849dc Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Mon, 23 Sep 2024 16:24:22 +0200 Subject: [PATCH 04/36] Relase cpp only from main branch --- .github/workflows/release-cpp.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-cpp.yml b/.github/workflows/release-cpp.yml index c96b8e088..00ca8d9ac 100644 --- a/.github/workflows/release-cpp.yml +++ b/.github/workflows/release-cpp.yml @@ -29,9 +29,9 @@ jobs: - name: Branch check if: ${{ inputs.release_type != 'Dry Run' }} run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + if [[ "$GITHUB_REF" != "refs/heads/main" ]] ; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "[!] Can only release from the 'main' branches" echo "===================================" exit 1 fi From f3d8dd0c4d9bdf49a4592ccb33a42c3615821dce Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Tue, 24 Sep 2024 12:14:34 +0200 Subject: [PATCH 05/36] Split publish and release dotnet --- .github/workflows/publish-dotnet.yml | 63 +++++++++++++++++------ .github/workflows/release-dotnet.yml | 76 ++++++++++++++++++++++++++++ 2 files changed, 123 insertions(+), 16 deletions(-) create mode 100644 .github/workflows/release-dotnet.yml diff --git a/.github/workflows/publish-dotnet.yml b/.github/workflows/publish-dotnet.yml index 1c4cf5840..d38b03102 100644 --- a/.github/workflows/publish-dotnet.yml +++ b/.github/workflows/publish-dotnet.yml @@ -29,35 +29,50 @@ jobs: - name: Branch check if: ${{ inputs.release_type != 'Dry Run' }} run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "[!] Can only release from the 'main' branch" echo "===================================" exit 1 fi - - name: Install xmllint - run: sudo apt-get install -y libxml2-utils - - - name: Get version - id: version + - name: Version output + id: version-output run: | - VERSION=$(xmllint --xpath 'string(/Project/PropertyGroup/Version)' languages/csharp/Bitwarden.Sdk/Bitwarden.Sdk.csproj) - echo "version=$VERSION" >> $GITHUB_OUTPUT + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("dotnet")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi deploy: name: Deploy runs-on: ubuntu-22.04 needs: validate steps: - - name: Download NuGet package - uses: bitwarden/gh-actions/download-artifacts@main + - name: Create GitHub deployment + if: ${{ inputs.release_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment with: - workflow: build-dotnet.yml - workflow_conclusion: success - branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} - artifacts: Bitwarden.Sdk.${{ needs.validate.outputs.version }}.nupkg - path: ./nuget-output + token: '${{ secrets.GITHUB_TOKEN }}' + initial-status: 'in_progress' + environment: 'dotnet - Production' + description: 'Deployment ${{ steps.version-output.outputs.version }} from branch ${{ github.ref_name }}' + task: release + + - name: Download artifact + run: | + mkdir -p nuget-output + cd nuget-output + wget https://github.com/bitwarden/clients/releases/download/dotnet-v${{ needs.validate.outputs.version }}/Bitwarden.Sdk.${{ needs.validate.outputs.version }}.nupkg - name: Login to Azure - Prod Subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 @@ -76,3 +91,19 @@ jobs: env: NUGET_API_KEY: ${{ steps.retrieve-secrets.outputs.nuget-api-key }} run: dotnet nuget push ./nuget-output/*.nupkg -k ${{ env.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json + + - name: Update deployment status to Success + if: ${{ inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: '${{ secrets.GITHUB_TOKEN }}' + state: 'success' + deployment-id: ${{ steps.deployment.outputs.deployment-id }} + + - name: Update deployment status to Failure + if: ${{ inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: '${{ secrets.GITHUB_TOKEN }}' + state: 'failure' + deployment-id: ${{ steps.deployment.outputs.deployment-id }} diff --git a/.github/workflows/release-dotnet.yml b/.github/workflows/release-dotnet.yml new file mode 100644 index 000000000..2e08e8a76 --- /dev/null +++ b/.github/workflows/release-dotnet.yml @@ -0,0 +1,76 @@ +name: Release .NET NuGet +run-name: Release .NET NuGet Package ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Install xmllint + run: sudo apt-get install -y libxml2-utils + + - name: Get version + id: version + run: | + VERSION=$(xmllint --xpath 'string(/Project/PropertyGroup/Version)' languages/csharp/Bitwarden.Sdk/Bitwarden.Sdk.csproj) + echo "version=$VERSION" >> $GITHUB_OUTPUT + + release: + name: Create GitHub release + runs-on: ubuntu-22.04 + needs: setup + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Download NuGet package + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-dotnet.yml + workflow_conclusion: success + branch: main + artifacts: Bitwarden.Sdk.${{ needs.setup.outputs.version }}.nupkg + path: ./nuget-output + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + env: + PKG_VERSION: ${{ needs.setup.outputs.version }} + with: + commit: ${{ github.sha }} + tag: dotnet-v${{ env.PKG_VERSION }} + name: .NET NuGet v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + artifacts: | + ./nuget-output/Bitwarden.Sdk.${{ needs.setup.outputs.version }}.nupkg From d63f804d34abc023273642af4cc4afc00e51fffb Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Tue, 24 Sep 2024 12:18:54 +0200 Subject: [PATCH 06/36] Add version input to publish-dotnet.yml --- .github/workflows/publish-dotnet.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/publish-dotnet.yml b/.github/workflows/publish-dotnet.yml index d38b03102..c5015422e 100644 --- a/.github/workflows/publish-dotnet.yml +++ b/.github/workflows/publish-dotnet.yml @@ -12,6 +12,10 @@ on: options: - Release - Dry Run + version: + description: "Release Version" + required: false + default: "latest" env: _KEY_VAULT: "bitwarden-ci" From 0b23b133634e30a3eece04e3eb3069ecf210611c Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Tue, 24 Sep 2024 12:19:07 +0200 Subject: [PATCH 07/36] Split release and publish java --- .github/workflows/publish-java.yml | 24 ++++++++++-- .github/workflows/release-java.yml | 61 ++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/release-java.yml diff --git a/.github/workflows/publish-java.yml b/.github/workflows/publish-java.yml index fdf0be986..26b79b0e4 100644 --- a/.github/workflows/publish-java.yml +++ b/.github/workflows/publish-java.yml @@ -12,6 +12,10 @@ on: options: - Release - Dry Run + version: + description: "Release Version" + required: false + default: "latest" env: _KEY_VAULT: "bitwarden-ci" @@ -36,11 +40,21 @@ jobs: exit 1 fi - - name: Get version - id: version + - name: Version output + id: version-output run: | - VERSION=$(cat languages/java/build.gradle | grep -Eo 'version = "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') - echo "version=$VERSION" >> $GITHUB_OUTPUT + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("java")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi publish: name: Publish @@ -49,6 +63,8 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ needs.validate.outputs.tag_name }} - name: Azure login uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 diff --git a/.github/workflows/release-java.yml b/.github/workflows/release-java.yml new file mode 100644 index 000000000..6898932d5 --- /dev/null +++ b/.github/workflows/release-java.yml @@ -0,0 +1,61 @@ +name: Release Java SDK +run-name: Release Java SDK ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Get version + id: version + run: | + VERSION=$(cat languages/java/build.gradle | grep -Eo 'version = "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + release: + name: Release + runs-on: ubuntu-22.04 + needs: setup + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + env: + PKG_VERSION: ${{ needs.setup.outputs.version }} + with: + commit: ${{ github.sha }} + tag: java-v${{ env.PKG_VERSION }} + name: Java SDK v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true From 21f6e9881cec8e1a4964a047c83741672024e930 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 25 Sep 2024 11:10:46 +0200 Subject: [PATCH 08/36] Fix dotnet --- .github/workflows/publish-dotnet.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-dotnet.yml b/.github/workflows/publish-dotnet.yml index c5015422e..bd8f04ea8 100644 --- a/.github/workflows/publish-dotnet.yml +++ b/.github/workflows/publish-dotnet.yml @@ -76,7 +76,7 @@ jobs: run: | mkdir -p nuget-output cd nuget-output - wget https://github.com/bitwarden/clients/releases/download/dotnet-v${{ needs.validate.outputs.version }}/Bitwarden.Sdk.${{ needs.validate.outputs.version }}.nupkg + wget https://github.com/bitwarden/sdk/releases/download/dotnet-v${{ needs.validate.outputs.version }}/Bitwarden.Sdk.${{ needs.validate.outputs.version }}.nupkg - name: Login to Azure - Prod Subscription uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 From 4cadcec3a07ab64fcb31c298837c8b4a1cdcfd1b Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 25 Sep 2024 11:10:56 +0200 Subject: [PATCH 09/36] Split napi publish and release --- .github/workflows/publish-napi.yml | 162 +++++++++++++++++++++++++++++ .github/workflows/release-napi.yml | 136 ++++++------------------ 2 files changed, 191 insertions(+), 107 deletions(-) create mode 100644 .github/workflows/publish-napi.yml diff --git a/.github/workflows/publish-napi.yml b/.github/workflows/publish-napi.yml new file mode 100644 index 000000000..3e6cca9e0 --- /dev/null +++ b/.github/workflows/publish-napi.yml @@ -0,0 +1,162 @@ +--- +name: Publish @bitwarden/sdk-napi +run-name: Publish @bitwarden/sdk-napi ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + npm_publish: + description: "Publish to NPM registry" + required: true + default: true + type: boolean + version: + description: "Release Version" + required: false + default: "latest" + +defaults: + run: + shell: bash + working-directory: crates/bitwarden-napi + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version.outputs.version }} + tag-name: ${{ steps.version.outputs.tag_name }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Version output + id: version-output + run: | + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("napi")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi + + npm: + name: Publish NPM + runs-on: ubuntu-22.04 + needs: setup + if: inputs.npm_publish + env: + _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + _TAG_NAME: ${{ needs.setup.outputs.tag-name }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ env._TAG_NAME }} + + - name: Create GitHub deployment + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment + with: + token: "${{ secrets.GITHUB_TOKEN }}" + initial-status: "in_progress" + environment: "Bitwarden SDK NAPI - Production" + description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" + task: release + + - name: Setup Node + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + with: + node-version: 18 + cache: "npm" + cache-dependency-path: crates/bitwarden-napi/package-lock.json + + - name: Download schemas.ts artifact + run: | + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ needs.validate.outputs.version }}/schemas.ts + mv schemas.ts ${{ github.workspace }}/crates/bitwarden-napi/src-ts/bitwarden_client/schemas.ts + + - name: Install dependencies + run: npm ci + + - name: Run tsc + run: npm run tsc + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "npm-api-key" + + - name: Download sdk-napi artifacts + run: | + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ needs.validate.outputs.version }}/sdk-napi.darwin-arm64.node + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ needs.validate.outputs.version }}/sdk-napi.darwin-x64.node + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ needs.validate.outputs.version }}/sdk-napi.win32-x64-msvc.node + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ needs.validate.outputs.version }}/sdk-napi.linux-x64-gnu.node + mv sdk-napi.*.node ${{ github.workspace }}/crates/bitwarden-napi/artifacts + + - name: Move artifacts + run: npm run artifacts + + - name: Setup NPM + run: | + echo 'registry="https://registry.npmjs.org/"' > ./.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc + + echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + env: + NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} + + - name: Publish NPM + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc + + - name: Update deployment status to Success + if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "success" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + - name: Update deployment status to Failure + if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "failure" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} diff --git a/.github/workflows/release-napi.yml b/.github/workflows/release-napi.yml index bdb579ec2..9121abb81 100644 --- a/.github/workflows/release-napi.yml +++ b/.github/workflows/release-napi.yml @@ -38,9 +38,9 @@ jobs: - name: Branch check if: ${{ github.event.inputs.release_type != 'Dry Run' }} run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "[!] Can only release from the 'main' branch" echo "===================================" exit 1 fi @@ -54,120 +54,42 @@ jobs: file: crates/bitwarden-napi/package.json monorepo: false - - name: Create GitHub deployment - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 - id: deployment - with: - token: "${{ secrets.GITHUB_TOKEN }}" - initial-status: "in_progress" - environment: "Bitwarden SDK NAPI - Production" - description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" - task: release - - - name: Update deployment status to Success - if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: "${{ secrets.GITHUB_TOKEN }}" - state: "success" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - - name: Update deployment status to Failure - if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: "${{ secrets.GITHUB_TOKEN }}" - state: "failure" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - npm: - name: Publish NPM + release: + name: Create GitHub release runs-on: ubuntu-22.04 needs: setup - if: inputs.npm_publish - env: - _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: - - name: Checkout repo + - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Setup Node - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 - with: - node-version: 18 - cache: "npm" - cache-dependency-path: crates/bitwarden-napi/package-lock.json - - - name: Download schemas - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-napi.yml - artifacts: schemas.ts - path: ${{ github.workspace }}/crates/bitwarden-napi/src-ts/bitwarden_client/ - workflow_conclusion: success - branch: ${{ github.ref_name }} - - - name: Dry Run - Download schemas - if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-napi.yml - artifacts: schemas.ts - path: ${{ github.workspace }}/crates/bitwarden-napi/src-ts/bitwarden_client/ - workflow_conclusion: success - branch: main - - - name: Install dependencies - run: npm ci - - - name: Run tsc - run: npm run tsc - - - name: Login to Azure - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "npm-api-key" - - name: Download artifacts - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-napi.yml - path: ${{ github.workspace }}/crates/bitwarden-napi/artifacts - workflow_conclusion: success - branch: ${{ github.ref_name }} - - - name: Dry Run - Download artifacts - if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-napi.yml - path: ${{ github.workspace }}/crates/bitwarden-napi/artifacts workflow_conclusion: success branch: main - - - name: Move artifacts - run: npm run artifacts - - - name: Setup NPM - run: | - echo 'registry="https://registry.npmjs.org/"' > ./.npmrc - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc - - echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + artifacts: | + sdk-bitwarden-napi-aarch64-apple-darwin + sdk-bitwarden-napi-x86_64-apple-darwin + sdk-bitwarden-napi-x86_64-pc-windows-msvc + sdk-bitwarden-napi-x86_64-unknown-linux-gnu + schemas.ts + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 env: - NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} - - - name: Publish NPM - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc + PKG_VERSION: ${{ needs.setup.outputs.version }} + with: + commit: ${{ github.sha }} + tag: napi-v${{ env.PKG_VERSION }} + name: napi v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + artifacts: | + sdk-napi.darwin-arm64.node + sdk-napi.darwin-x64.node + sdk-napi.win32-x64-msvc.node + sdk-napi.linux-x64-gnu.node + schemas.ts From 14fe7cc42c7240ff400718f858bca5f1851044b6 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 25 Sep 2024 11:20:44 +0200 Subject: [PATCH 10/36] Fix nampi --- .github/workflows/publish-napi.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish-napi.yml b/.github/workflows/publish-napi.yml index 3e6cca9e0..b05c9f437 100644 --- a/.github/workflows/publish-napi.yml +++ b/.github/workflows/publish-napi.yml @@ -99,7 +99,7 @@ jobs: - name: Download schemas.ts artifact run: | - wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ needs.validate.outputs.version }}/schemas.ts + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ env._PKG_VERSION }}/schemas.ts mv schemas.ts ${{ github.workspace }}/crates/bitwarden-napi/src-ts/bitwarden_client/schemas.ts - name: Install dependencies @@ -122,10 +122,10 @@ jobs: - name: Download sdk-napi artifacts run: | - wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ needs.validate.outputs.version }}/sdk-napi.darwin-arm64.node - wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ needs.validate.outputs.version }}/sdk-napi.darwin-x64.node - wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ needs.validate.outputs.version }}/sdk-napi.win32-x64-msvc.node - wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ needs.validate.outputs.version }}/sdk-napi.linux-x64-gnu.node + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ env._PKG_VERSION }}/sdk-napi.darwin-arm64.node + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ env._PKG_VERSION }}/sdk-napi.darwin-x64.node + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ env._PKG_VERSION }}/sdk-napi.win32-x64-msvc.node + wget https://github.com/bitwarden/sdk/releases/download/napi-v${{ env._PKG_VERSION }}/sdk-napi.linux-x64-gnu.node mv sdk-napi.*.node ${{ github.workspace }}/crates/bitwarden-napi/artifacts - name: Move artifacts From b837c9402c2997a8b3a0fab0080f7ebd46f08eea Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 25 Sep 2024 11:26:30 +0200 Subject: [PATCH 11/36] Add build ruby workflow --- .github/workflows/build-ruby.yml | 95 ++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 .github/workflows/build-ruby.yml diff --git a/.github/workflows/build-ruby.yml b/.github/workflows/build-ruby.yml new file mode 100644 index 000000000..03acb0145 --- /dev/null +++ b/.github/workflows/build-ruby.yml @@ -0,0 +1,95 @@ +--- +name: Build Ruby + +on: + pull_request: + push: + branches: + - "main" + workflow_dispatch: + +jobs: + build: + name: Build Ruby + runs-on: ubuntu-22.04 + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Set up Ruby + uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0 + with: + ruby-version: 3.2 + + - name: Download artifacts + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: generate_schemas.yml + path: languages/ruby/bitwarden_sdk_secrets/lib + workflow_conclusion: success + branch: main + artifacts: schemas.rb + + - name: Download x86_64-apple-darwin artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-rust-cross-platform.yml + path: temp/macos-x64 + workflow_conclusion: success + branch: main + artifacts: libbitwarden_c_files-x86_64-apple-darwin + + - name: Download aarch64-apple-darwin artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: main + artifacts: libbitwarden_c_files-aarch64-apple-darwin + path: temp/macos-arm64 + + - name: Download x86_64-unknown-linux-gnu artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: main + artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu + path: temp/linux-x64 + + - name: Download x86_64-pc-windows-msvc artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: main + artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc + path: temp/windows-x64 + + - name: Copy lib files + run: | + mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/macos-arm64 + mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/linux-x64 + mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/macos-x64 + mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/windows-x64 + + platforms=("macos-arm64" "linux-x64" "macos-x64" "windows-x64") + files=("libbitwarden_c.dylib" "libbitwarden_c.so" "libbitwarden_c.dylib" "bitwarden_c.dll") + + for ((i=0; i<${#platforms[@]}; i++)); do + cp "temp/${platforms[$i]}/${files[$i]}" "languages/ruby/bitwarden_sdk_secrets/lib/${platforms[$i]}/${files[$i]}" + done + + - name: bundle install + run: bundle install + working-directory: languages/ruby/bitwarden_sdk_secrets + + - name: Build gem + run: gem build bitwarden-sdk-secrets.gemspec + working-directory: languages/ruby/bitwarden_sdk_secrets + + - name: Publish artifact + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + with: + path: bitwarden-sdk-secrets-*.gem + name: bitwarden-sdk-secrets \ No newline at end of file From b3eabe9eeae2a18dc48195f31b0de3c99ff446f5 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 25 Sep 2024 11:26:41 +0200 Subject: [PATCH 12/36] Split publish & release ruby wrkflows --- .github/workflows/publish-ruby.yml | 131 ++++++++++++++--------------- .github/workflows/release-ruby.yml | 71 ++++++++++++++++ 2 files changed, 134 insertions(+), 68 deletions(-) create mode 100644 .github/workflows/release-ruby.yml diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index a2390953e..df6b43541 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -12,15 +12,22 @@ on: options: - Release - Dry Run + version: + description: "Release Version" + required: false + default: "latest" permissions: contents: read id-token: write jobs: - publish_ruby: - name: Publish Ruby + setup: + name: Setup runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version.outputs.version }} + tag-name: ${{ steps.version.outputs.tag_name }} steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -35,69 +42,45 @@ jobs: exit 1 fi - - name: Set up Ruby - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0 - with: - ruby-version: 3.2 - - - name: Download artifacts - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: generate_schemas.yml - path: languages/ruby/bitwarden_sdk_secrets/lib - workflow_conclusion: success - branch: main - artifacts: schemas.rb - - - name: Download x86_64-apple-darwin artifact - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-rust-cross-platform.yml - path: temp/macos-x64 - workflow_conclusion: success - branch: main - artifacts: libbitwarden_c_files-x86_64-apple-darwin - - - name: Download aarch64-apple-darwin artifact - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-rust-cross-platform.yml - workflow_conclusion: success - branch: main - artifacts: libbitwarden_c_files-aarch64-apple-darwin - path: temp/macos-arm64 + - name: Version output + id: version-output + run: | + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("ruby")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi - - name: Download x86_64-unknown-linux-gnu artifact - uses: bitwarden/gh-actions/download-artifacts@main + publish: + name: Publish + runs-on: ubuntu-22.04 + needs: setup + env: + _VERSION: ${{ needs.setup.outputs.release-version }} + _TAG_NAME: ${{ needs.setup.outputs.tag-name }} + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: - workflow: build-rust-cross-platform.yml - workflow_conclusion: success - branch: main - artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu - path: temp/linux-x64 + ref: ${{ env._TAG_NAME }} - - name: Download x86_64-pc-windows-msvc artifact - uses: bitwarden/gh-actions/download-artifacts@main + - name: Create GitHub deployment + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment with: - workflow: build-rust-cross-platform.yml - workflow_conclusion: success - branch: main - artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc - path: temp/windows-x64 - - - name: Copy lib files - run: | - mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/macos-arm64 - mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/linux-x64 - mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/macos-x64 - mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/windows-x64 - - platforms=("macos-arm64" "linux-x64" "macos-x64" "windows-x64") - files=("libbitwarden_c.dylib" "libbitwarden_c.so" "libbitwarden_c.dylib" "bitwarden_c.dll") - - for ((i=0; i<${#platforms[@]}; i++)); do - cp "temp/${platforms[$i]}/${files[$i]}" "languages/ruby/bitwarden_sdk_secrets/lib/${platforms[$i]}/${files[$i]}" - done + token: "${{ secrets.GITHUB_TOKEN }}" + initial-status: "in_progress" + environment: "Bitwarden Ruby SDK - Production" + description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" + task: release - name: Login to Azure uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 @@ -111,13 +94,9 @@ jobs: keyvault: "bitwarden-ci" secrets: "rubygem-api-key" - - name: bundle install - run: bundle install - working-directory: languages/ruby/bitwarden_sdk_secrets - - - name: Build gem - run: gem build bitwarden-sdk-secrets.gemspec - working-directory: languages/ruby/bitwarden_sdk_secrets + - name: Download ruby artifact + run: | + wget https://github.com/bitwarden/sdk/releases/download/ruby-v${{ env._VERSION }}/bitwarden-sdk-secrets-${{ env._VERSION }}.gem - name: Push gem to Rubygems if: ${{ inputs.release_type != 'Dry Run' }} @@ -130,3 +109,19 @@ jobs: env: GEM_HOST_API_KEY: ${{ steps.retrieve-secrets.outputs.rubygem-api-key }} working-directory: languages/ruby/bitwarden_sdk_secrets + + - name: Update deployment status to Success + if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "success" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + - name: Update deployment status to Failure + if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "failure" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} diff --git a/.github/workflows/release-ruby.yml b/.github/workflows/release-ruby.yml new file mode 100644 index 000000000..9c3e82b77 --- /dev/null +++ b/.github/workflows/release-ruby.yml @@ -0,0 +1,71 @@ +name: Release Ruby SDK +run-name: Release Ruby SDK ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Get version + id: version + run: | + VERSION=$(cat languages/ruby/lib/version.rb | grep -Eo 'VERSION = "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + release: + name: Create GitHub release + runs-on: ubuntu-22.04 + needs: setup + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Download ruby artifact + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-ruby.yml + workflow_conclusion: success + branch: main + artifacts: bitwarden-sdk-secrets + + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + env: + PKG_VERSION: ${{ needs.setup.outputs.version }} + with: + commit: ${{ github.sha }} + tag: ruby-v${{ env.PKG_VERSION }} + name: Ruby v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + artifacts: | + bitwarden-sdk-secrets-${{ env.PKG_VERSION }}.gem From 7ff352566fb0717925aeda96c9a881054ab87b1b Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 25 Sep 2024 16:42:02 +0200 Subject: [PATCH 13/36] Split release and publish python --- .github/workflows/publish-python.yml | 55 ++++++++++++++++---- .github/workflows/release-python.yml | 78 ++++++++++++++++++++++++++++ 2 files changed, 122 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/release-python.yml diff --git a/.github/workflows/publish-python.yml b/.github/workflows/publish-python.yml index ef30d6598..27ad5d8fd 100644 --- a/.github/workflows/publish-python.yml +++ b/.github/workflows/publish-python.yml @@ -13,6 +13,10 @@ on: options: - Release - Dry Run + version: + description: "Release Version" + required: false + default: "latest" defaults: run: @@ -22,6 +26,9 @@ jobs: setup: name: Setup runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version-output.outputs.version }} + tag_name: ${{ steps.version-output.outputs.tag_name }} steps: - name: Checkout repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -29,18 +36,39 @@ jobs: - name: Branch check if: ${{ inputs.release_type != 'Dry Run' }} run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "[!] Can only release from the 'main' branch" echo "===================================" exit 1 fi + - name: Version output + id: version-output + run: | + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("python")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi + publish: name: Publish runs-on: ubuntu-22.04 needs: setup steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ steps.version-output.outputs.tag_name }} + - name: Install Python uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: @@ -49,15 +77,20 @@ jobs: - name: Install twine run: pip install twine - - name: Download artifacts - uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 - with: - workflow: build-python-wheels.yml - path: ${{ github.workspace }}/target/wheels/dist - workflow_conclusion: success - branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} - name: bitwarden_sdk(.*) - name_is_regexp: true + - name: Get release assets + working-directory: ${{ github.workspace }}/target/wheels/dist + run: | + ARTIFACT_URLS=$(curl -sSL https://api.github.com/repos/bitwarden/sdk/releases/tags/${{ steps.version-output.outputs.tag_name }} | jq -r '.assets[].browser_download_url') + for url in $ARTIFACT_URLS; do + wget $url + done + + - name: Unpack release assets + working-directory: ${{ github.workspace }}/target/wheels/dist + run: | + for file in *.zip; do + unzip $file + done - name: Move files working-directory: ${{ github.workspace }}/target/wheels/dist diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml new file mode 100644 index 000000000..6e3618806 --- /dev/null +++ b/.github/workflows/release-python.yml @@ -0,0 +1,78 @@ +--- +name: Publish Python SDK +run-name: Publish Python SDK ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + +defaults: + run: + shell: bash + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Get version + id: version + run: | + VERSION=$(cat languages/python/pyproject.toml | grep -Eo 'version = "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') + echo "version=$VERSION" >> $GITHUB_ENV + + release: + name: Release + runs-on: ubuntu-22.04 + needs: setup + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Download artifacts + uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 + with: + workflow: build-python-wheels.yml + path: ${{ github.workspace }}/target/wheels/dist + workflow_conclusion: success + branch: main + name: bitwarden_sdk(.*) + name_is_regexp: true + + - name: Create GitHub release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + env: + PKG_VERSION: ${{ needs.setup.outputs.version }} + with: + commit: ${{ github.sha }} + tag: python-v${{ env.PKG_VERSION }} + name: Python v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + artifacts: | + ${{ github.workspace }}/target/wheels/dist/bitwarden_sdk-*.whl From 4c2330c9aae211987bc452f5f9841010d637a0e3 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 25 Sep 2024 17:55:46 +0200 Subject: [PATCH 14/36] Split wasm release and publish --- .github/workflows/publish-wasm.yml | 154 +++++++++++++++++++++++++++++ .github/workflows/release-wasm.yml | 86 ++++------------ 2 files changed, 173 insertions(+), 67 deletions(-) create mode 100644 .github/workflows/publish-wasm.yml diff --git a/.github/workflows/publish-wasm.yml b/.github/workflows/publish-wasm.yml new file mode 100644 index 000000000..105b9e77f --- /dev/null +++ b/.github/workflows/publish-wasm.yml @@ -0,0 +1,154 @@ +--- +name: Publish @bitwarden/sdk-wasm +run-name: Publish @bitwarden/sdk-wasm ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + npm_publish: + description: "Publish to NPM registry" + required: true + default: true + type: boolean + version: + description: "Release Version" + required: false + default: "latest" + +defaults: + run: + shell: bash + working-directory: languages/js/wasm + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version.outputs.version }} + tag-name: ${{ steps.version.outputs.tag_name }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Branch check + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then + echo "===================================" + echo "[!] Can only release from the 'main' branch" + echo "===================================" + exit 1 + fi + + - name: Version output + id: version-output + run: | + if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then + TAG_NAME=$(curl "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("napi")) | .tag_name' | head -1) + VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+') + echo "Latest Released Version: $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + echo "Latest Released Tag name: $TAG_NAME" + echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT + else + echo "Release Version: ${{ inputs.version }}" + echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT + fi + + npm: + name: Publish NPM + runs-on: ubuntu-22.04 + needs: setup + if: inputs.npm_publish + env: + _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ needs.setup.outputs.tag_name }} + + - name: Setup Node + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + with: + node-version: 18 + cache: "npm" + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "npm-api-key" + + - name: Download artifacts + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-wasm.yml + path: ${{ github.workspace }}/languages/js/wasm + workflow_conclusion: success + branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + + + - name: Download artifact + run: | + cd ${{ github.workspace }}/languages/js/wasm + wget https://github.com/bitwarden/sdk/releases/download/wasm-v${{ needs.validate.outputs.version }}/sdk-bitwarden-wasm.zip + unzip sdk-bitwarden-wasm.zip + rm sdk-bitwarden-wasm.zip + + - name: Create GitHub deployment + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment + with: + token: "${{ secrets.GITHUB_TOKEN }}" + initial-status: "in_progress" + environment: "Bitwarden SDK WASM - Production" + description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" + task: release + + - name: Setup NPM + run: | + echo 'registry="https://registry.npmjs.org/"' > ./.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc + + echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + env: + NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} + + - name: Publish NPM + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc + + - name: Update deployment status to Success + if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "success" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + - name: Update deployment status to Failure + if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "failure" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} \ No newline at end of file diff --git a/.github/workflows/release-wasm.yml b/.github/workflows/release-wasm.yml index 268dd1ce2..d556854c1 100644 --- a/.github/workflows/release-wasm.yml +++ b/.github/workflows/release-wasm.yml @@ -37,9 +37,9 @@ jobs: - name: Branch check if: ${{ github.event.inputs.release_type != 'Dry Run' }} run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "[!] Can only release from the 'main' branch" echo "===================================" exit 1 fi @@ -53,80 +53,32 @@ jobs: file: languages/js/wasm/package.json monorepo: false - - name: Create GitHub deployment - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 - id: deployment - with: - token: "${{ secrets.GITHUB_TOKEN }}" - initial-status: "in_progress" - environment: "Bitwarden SDK WASM - Production" - description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" - task: release - - - name: Update deployment status to Success - if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: "${{ secrets.GITHUB_TOKEN }}" - state: "success" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - - name: Update deployment status to Failure - if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} - uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 - with: - token: "${{ secrets.GITHUB_TOKEN }}" - state: "failure" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - - npm: - name: Publish NPM + release: + name: Release runs-on: ubuntu-22.04 needs: setup - if: inputs.npm_publish - env: - _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: - name: Checkout repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Setup Node - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 - with: - node-version: 18 - cache: "npm" - - - name: Login to Azure - uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 - with: - creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@main - with: - keyvault: "bitwarden-ci" - secrets: "npm-api-key" - - name: Download artifacts - uses: bitwarden/gh-actions/download-artifacts@main + uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 with: workflow: build-wasm.yml - path: ${{ github.workspace }}/languages/js/wasm + skip_unpack: true workflow_conclusion: success - branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: main - - name: Setup NPM - run: | - echo 'registry="https://registry.npmjs.org/"' > ./.npmrc - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc - - echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + - name: Create GitHub release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 env: - NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} - - - name: Publish NPM - if: ${{ github.event.inputs.release_type != 'Dry Run' }} - run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc + PKG_VERSION: ${{ needs.setup.outputs.release-version }} + with: + commit: ${{ github.sha }} + tag: wasm-v${{ env.PKG_VERSION }} + name: WASM v${{ env.PKG_VERSION }} + body: "" + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + artifacts: sdk-bitwarden-wasm.zip From 8d5513b6eae9beb88c8501c752f8d8bfccff6a06 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 25 Sep 2024 18:01:05 +0200 Subject: [PATCH 15/36] Fix --- .github/workflows/publish-bws.yml | 2 +- .github/workflows/publish-dotnet.yml | 2 +- .github/workflows/publish-java.yml | 2 +- .github/workflows/publish-napi.yml | 4 ++-- .github/workflows/publish-ruby.yml | 4 ++-- .github/workflows/publish-wasm.yml | 4 ++-- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish-bws.yml b/.github/workflows/publish-bws.yml index 912c4eaf7..4477d5e26 100644 --- a/.github/workflows/publish-bws.yml +++ b/.github/workflows/publish-bws.yml @@ -68,7 +68,7 @@ jobs: token: "${{ secrets.GITHUB_TOKEN }}" initial-status: "in_progress" environment: "bws CLI - Production" - description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" + description: "Deployment ${{ steps.version-output.outputs.version }} from branch ${{ github.ref_name }}" task: release diff --git a/.github/workflows/publish-dotnet.yml b/.github/workflows/publish-dotnet.yml index bd8f04ea8..bda63b44a 100644 --- a/.github/workflows/publish-dotnet.yml +++ b/.github/workflows/publish-dotnet.yml @@ -25,7 +25,7 @@ jobs: name: Setup runs-on: ubuntu-22.04 outputs: - version: ${{ steps.version.outputs.version }} + version: ${{ steps.version-output.outputs.version }} steps: - name: Checkout repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/.github/workflows/publish-java.yml b/.github/workflows/publish-java.yml index 26b79b0e4..dedbdce13 100644 --- a/.github/workflows/publish-java.yml +++ b/.github/workflows/publish-java.yml @@ -25,7 +25,7 @@ jobs: name: Setup runs-on: ubuntu-22.04 outputs: - version: ${{ steps.version.outputs.version }} + version: ${{ steps.version-output.outputs.version }} steps: - name: Checkout repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/.github/workflows/publish-napi.yml b/.github/workflows/publish-napi.yml index b05c9f437..2a03bf593 100644 --- a/.github/workflows/publish-napi.yml +++ b/.github/workflows/publish-napi.yml @@ -33,8 +33,8 @@ jobs: name: Setup runs-on: ubuntu-22.04 outputs: - release-version: ${{ steps.version.outputs.version }} - tag-name: ${{ steps.version.outputs.tag_name }} + release-version: ${{ steps.version-output.outputs.version }} + tag-name: ${{ steps.version-output.outputs.tag_name }} steps: - name: Checkout repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index df6b43541..c2b506d03 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -26,8 +26,8 @@ jobs: name: Setup runs-on: ubuntu-22.04 outputs: - release-version: ${{ steps.version.outputs.version }} - tag-name: ${{ steps.version.outputs.tag_name }} + release-version: ${{ steps.version-output.outputs.version }} + tag-name: ${{ steps.version-output.outputs.tag_name }} steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/.github/workflows/publish-wasm.yml b/.github/workflows/publish-wasm.yml index 105b9e77f..42e70d73a 100644 --- a/.github/workflows/publish-wasm.yml +++ b/.github/workflows/publish-wasm.yml @@ -33,8 +33,8 @@ jobs: name: Setup runs-on: ubuntu-22.04 outputs: - release-version: ${{ steps.version.outputs.version }} - tag-name: ${{ steps.version.outputs.tag_name }} + release-version: ${{ steps.version-output.outputs.version }} + tag-name: ${{ steps.version-output.outputs.tag_name }} steps: - name: Checkout repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 From 6da6fb0813b62c3d33e41cf496587336913bbf45 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 25 Sep 2024 18:08:13 +0200 Subject: [PATCH 16/36] Fix --- .github/workflows/publish-dotnet.yml | 2 +- .github/workflows/publish-java.yml | 1 + .github/workflows/publish-napi.yml | 2 +- .github/workflows/publish-python.yml | 4 ++-- .github/workflows/publish-ruby.yml | 2 +- .github/workflows/publish-wasm.yml | 8 ++++---- .github/workflows/release-cpp.yml | 4 +--- .github/workflows/release-napi.yml | 8 ++++---- 8 files changed, 15 insertions(+), 16 deletions(-) diff --git a/.github/workflows/publish-dotnet.yml b/.github/workflows/publish-dotnet.yml index bda63b44a..9f283a6fd 100644 --- a/.github/workflows/publish-dotnet.yml +++ b/.github/workflows/publish-dotnet.yml @@ -69,7 +69,7 @@ jobs: token: '${{ secrets.GITHUB_TOKEN }}' initial-status: 'in_progress' environment: 'dotnet - Production' - description: 'Deployment ${{ steps.version-output.outputs.version }} from branch ${{ github.ref_name }}' + description: 'Deployment ${{ needs.validate.outputs.version }} from branch ${{ github.ref_name }}' task: release - name: Download artifact diff --git a/.github/workflows/publish-java.yml b/.github/workflows/publish-java.yml index dedbdce13..52cc25b0d 100644 --- a/.github/workflows/publish-java.yml +++ b/.github/workflows/publish-java.yml @@ -26,6 +26,7 @@ jobs: runs-on: ubuntu-22.04 outputs: version: ${{ steps.version-output.outputs.version }} + tag_name: ${{ steps.version-output.outputs.tag_name }} steps: - name: Checkout repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/.github/workflows/publish-napi.yml b/.github/workflows/publish-napi.yml index 2a03bf593..9a4b13908 100644 --- a/.github/workflows/publish-napi.yml +++ b/.github/workflows/publish-napi.yml @@ -87,7 +87,7 @@ jobs: token: "${{ secrets.GITHUB_TOKEN }}" initial-status: "in_progress" environment: "Bitwarden SDK NAPI - Production" - description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" + description: "Deployment ${{ env._PKG_VERSION }} from branch ${{ github.ref_name }}" task: release - name: Setup Node diff --git a/.github/workflows/publish-python.yml b/.github/workflows/publish-python.yml index 27ad5d8fd..8bb0bffc8 100644 --- a/.github/workflows/publish-python.yml +++ b/.github/workflows/publish-python.yml @@ -67,7 +67,7 @@ jobs: - name: Checkout repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: - ref: ${{ steps.version-output.outputs.tag_name }} + ref: ${{ needs.setup.outputs.tag_name }} - name: Install Python uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 @@ -80,7 +80,7 @@ jobs: - name: Get release assets working-directory: ${{ github.workspace }}/target/wheels/dist run: | - ARTIFACT_URLS=$(curl -sSL https://api.github.com/repos/bitwarden/sdk/releases/tags/${{ steps.version-output.outputs.tag_name }} | jq -r '.assets[].browser_download_url') + ARTIFACT_URLS=$(curl -sSL https://api.github.com/repos/bitwarden/sdk/releases/tags/${{ needs.setup.outputs.tag_name }} | jq -r '.assets[].browser_download_url') for url in $ARTIFACT_URLS; do wget $url done diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index c2b506d03..039ece6b0 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -79,7 +79,7 @@ jobs: token: "${{ secrets.GITHUB_TOKEN }}" initial-status: "in_progress" environment: "Bitwarden Ruby SDK - Production" - description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" + description: "Deployment ${{ env._VERSION }} from branch ${{ github.ref_name }}" task: release - name: Login to Azure diff --git a/.github/workflows/publish-wasm.yml b/.github/workflows/publish-wasm.yml index 42e70d73a..4d0298d42 100644 --- a/.github/workflows/publish-wasm.yml +++ b/.github/workflows/publish-wasm.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-22.04 outputs: release-version: ${{ steps.version-output.outputs.version }} - tag-name: ${{ steps.version-output.outputs.tag_name }} + tag_name: ${{ steps.version-output.outputs.tag_name }} steps: - name: Checkout repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -71,7 +71,7 @@ jobs: needs: setup if: inputs.npm_publish env: - _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + _VERSION: ${{ needs.setup.outputs.release-version }} steps: - name: Checkout repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -108,7 +108,7 @@ jobs: - name: Download artifact run: | cd ${{ github.workspace }}/languages/js/wasm - wget https://github.com/bitwarden/sdk/releases/download/wasm-v${{ needs.validate.outputs.version }}/sdk-bitwarden-wasm.zip + wget https://github.com/bitwarden/sdk/releases/download/wasm-v${{ env._VERSION }}/sdk-bitwarden-wasm.zip unzip sdk-bitwarden-wasm.zip rm sdk-bitwarden-wasm.zip @@ -120,7 +120,7 @@ jobs: token: "${{ secrets.GITHUB_TOKEN }}" initial-status: "in_progress" environment: "Bitwarden SDK WASM - Production" - description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" + description: "Deployment ${{ env._VERSION }} from branch ${{ github.ref_name }}" task: release - name: Setup NPM diff --git a/.github/workflows/release-cpp.yml b/.github/workflows/release-cpp.yml index 00ca8d9ac..431639354 100644 --- a/.github/workflows/release-cpp.yml +++ b/.github/workflows/release-cpp.yml @@ -45,9 +45,7 @@ jobs: github-release: name: GitHub Release runs-on: ubuntu-22.04 - needs: - - repo-sync - - validate + needs: validate env: _PKG_VERSION: ${{ needs.validate.outputs.version }} steps: diff --git a/.github/workflows/release-napi.yml b/.github/workflows/release-napi.yml index 9121abb81..68e46662d 100644 --- a/.github/workflows/release-napi.yml +++ b/.github/workflows/release-napi.yml @@ -30,7 +30,7 @@ jobs: name: Setup runs-on: ubuntu-22.04 outputs: - release-version: ${{ steps.version.outputs.version }} + version: ${{ steps.version.outputs.version }} steps: - name: Checkout repo uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -79,11 +79,11 @@ jobs: if: ${{ inputs.release_type != 'Dry Run' }} uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 env: - PKG_VERSION: ${{ needs.setup.outputs.version }} + _VERSION: ${{ needs.setup.outputs.version }} with: commit: ${{ github.sha }} - tag: napi-v${{ env.PKG_VERSION }} - name: napi v${{ env.PKG_VERSION }} + tag: napi-v${{ env._VERSION }} + name: napi v${{ env._VERSION }} body: "" token: ${{ secrets.GITHUB_TOKEN }} draft: true From 92aaac6833c9e0972036369c12f3dfd4c958ce0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Thu, 26 Sep 2024 12:00:41 +0200 Subject: [PATCH 17/36] Update .github/workflows/publish-dotnet.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/publish-dotnet.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-dotnet.yml b/.github/workflows/publish-dotnet.yml index 9f283a6fd..6795c6117 100644 --- a/.github/workflows/publish-dotnet.yml +++ b/.github/workflows/publish-dotnet.yml @@ -110,4 +110,4 @@ jobs: with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'failure' - deployment-id: ${{ steps.deployment.outputs.deployment-id }} + deployment-id: ${{ steps.deployment.outputs.deployment_id }} From 2176c74e2f9811ec5f929e77525f39421bdbd064 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Thu, 26 Sep 2024 12:00:50 +0200 Subject: [PATCH 18/36] Update .github/workflows/publish-dotnet.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/publish-dotnet.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-dotnet.yml b/.github/workflows/publish-dotnet.yml index 6795c6117..969b65df6 100644 --- a/.github/workflows/publish-dotnet.yml +++ b/.github/workflows/publish-dotnet.yml @@ -102,7 +102,7 @@ jobs: with: token: '${{ secrets.GITHUB_TOKEN }}' state: 'success' - deployment-id: ${{ steps.deployment.outputs.deployment-id }} + deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update deployment status to Failure if: ${{ inputs.release_type != 'Dry Run' && failure() }} From 9576e40f23e7ce95bafe6e4595aa153ada945a09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Thu, 26 Sep 2024 12:12:38 +0200 Subject: [PATCH 19/36] Update .github/workflows/publish-napi.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/publish-napi.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish-napi.yml b/.github/workflows/publish-napi.yml index 9a4b13908..fa90d9d61 100644 --- a/.github/workflows/publish-napi.yml +++ b/.github/workflows/publish-napi.yml @@ -25,7 +25,6 @@ on: defaults: run: - shell: bash working-directory: crates/bitwarden-napi jobs: From 916f428a2385f190429eccb2f6ab9f9462417880 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 26 Sep 2024 12:14:57 +0200 Subject: [PATCH 20/36] Fix --- .github/workflows/release-wasm.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/release-wasm.yml b/.github/workflows/release-wasm.yml index d556854c1..7396ba10e 100644 --- a/.github/workflows/release-wasm.yml +++ b/.github/workflows/release-wasm.yml @@ -13,15 +13,9 @@ on: options: - Release - Dry Run - npm_publish: - description: "Publish to NPM registry" - required: true - default: true - type: boolean defaults: run: - shell: bash working-directory: languages/js/wasm jobs: @@ -35,7 +29,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Branch check - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + if: ${{ inputs.release_type != 'Dry Run' }} run: | if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" From 1a3dad717591fe5242d4b9728ab0530ff484f30b Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 26 Sep 2024 12:16:28 +0200 Subject: [PATCH 21/36] fix --- .github/workflows/publish-ruby.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish-ruby.yml b/.github/workflows/publish-ruby.yml index 039ece6b0..70486bdbe 100644 --- a/.github/workflows/publish-ruby.yml +++ b/.github/workflows/publish-ruby.yml @@ -72,7 +72,7 @@ jobs: ref: ${{ env._TAG_NAME }} - name: Create GitHub deployment - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + if: ${{ inputs.release_type != 'Dry Run' }} uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 id: deployment with: @@ -95,8 +95,7 @@ jobs: secrets: "rubygem-api-key" - name: Download ruby artifact - run: | - wget https://github.com/bitwarden/sdk/releases/download/ruby-v${{ env._VERSION }}/bitwarden-sdk-secrets-${{ env._VERSION }}.gem + run: wget https://github.com/bitwarden/sdk/releases/download/ruby-v${{ env._VERSION }}/bitwarden-sdk-secrets-${{ env._VERSION }}.gem - name: Push gem to Rubygems if: ${{ inputs.release_type != 'Dry Run' }} @@ -111,7 +110,7 @@ jobs: working-directory: languages/ruby/bitwarden_sdk_secrets - name: Update deployment status to Success - if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} + if: ${{ inputs.release_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: "${{ secrets.GITHUB_TOKEN }}" @@ -119,7 +118,7 @@ jobs: deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update deployment status to Failure - if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} + if: ${{ inputs.release_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: "${{ secrets.GITHUB_TOKEN }}" From d4e06a2d7e882afcd2cec15caaad88dede59af09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Thu, 26 Sep 2024 12:18:03 +0200 Subject: [PATCH 22/36] Update .github/workflows/release-rust-crates.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/release-rust-crates.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-rust-crates.yml b/.github/workflows/release-rust-crates.yml index 9e14a7f99..54845e148 100644 --- a/.github/workflows/release-rust-crates.yml +++ b/.github/workflows/release-rust-crates.yml @@ -1,5 +1,5 @@ name: Release Rust crates -run-name: Publish Rust crates ${{ inputs.release_type }} +run-name: Release Rust crates ${{ inputs.release_type }} on: workflow_dispatch: From 8256d6e9d82df8d90dee9c20b279c7fca912f907 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Thu, 26 Sep 2024 12:18:10 +0200 Subject: [PATCH 23/36] Update .github/workflows/release-python.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/release-python.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index 6e3618806..9e1e72f4f 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -1,6 +1,6 @@ --- -name: Publish Python SDK -run-name: Publish Python SDK ${{ inputs.release_type }} +name: Release Python SDK +run-name: Release Python SDK ${{ inputs.release_type }} on: workflow_dispatch: From 7bd81ef8795dc30e176250fff92e18c1b288a31c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Thu, 26 Sep 2024 12:18:18 +0200 Subject: [PATCH 24/36] Update .github/workflows/release-python.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/release-python.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index 9e1e72f4f..10b451fc5 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -14,10 +14,6 @@ on: - Release - Dry Run -defaults: - run: - shell: bash - jobs: setup: name: Setup From 2f7314758f2809f24a937ee08d0bd1f881967fc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Thu, 26 Sep 2024 12:18:39 +0200 Subject: [PATCH 25/36] Update .github/workflows/publish-napi.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/publish-napi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-napi.yml b/.github/workflows/publish-napi.yml index fa90d9d61..03b7bf82c 100644 --- a/.github/workflows/publish-napi.yml +++ b/.github/workflows/publish-napi.yml @@ -153,7 +153,7 @@ jobs: deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update deployment status to Failure - if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} + if: ${{ inputs.release_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: "${{ secrets.GITHUB_TOKEN }}" From 808ddc43f7e256ed473647b545ad1a300b759931 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 26 Sep 2024 14:28:59 +0200 Subject: [PATCH 26/36] Update build-ruby.yml to use the current branch name for artifact downloads --- .github/workflows/build-ruby.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-ruby.yml b/.github/workflows/build-ruby.yml index 03acb0145..387ba246a 100644 --- a/.github/workflows/build-ruby.yml +++ b/.github/workflows/build-ruby.yml @@ -27,7 +27,7 @@ jobs: workflow: generate_schemas.yml path: languages/ruby/bitwarden_sdk_secrets/lib workflow_conclusion: success - branch: main + branch: ${{ github.ref_name }} artifacts: schemas.rb - name: Download x86_64-apple-darwin artifact @@ -36,7 +36,7 @@ jobs: workflow: build-rust-cross-platform.yml path: temp/macos-x64 workflow_conclusion: success - branch: main + branch: ${{ github.ref_name }} artifacts: libbitwarden_c_files-x86_64-apple-darwin - name: Download aarch64-apple-darwin artifact @@ -44,7 +44,7 @@ jobs: with: workflow: build-rust-cross-platform.yml workflow_conclusion: success - branch: main + branch: ${{ github.ref_name }} artifacts: libbitwarden_c_files-aarch64-apple-darwin path: temp/macos-arm64 @@ -53,7 +53,7 @@ jobs: with: workflow: build-rust-cross-platform.yml workflow_conclusion: success - branch: main + branch: ${{ github.ref_name }} artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu path: temp/linux-x64 @@ -62,7 +62,7 @@ jobs: with: workflow: build-rust-cross-platform.yml workflow_conclusion: success - branch: main + branch: ${{ github.ref_name }} artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc path: temp/windows-x64 From ef38e7aa1711fd5551d172cfb95e0f3b69a1a9c6 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 26 Sep 2024 14:59:34 +0200 Subject: [PATCH 27/36] Remove `github.event.` for inputs --- .github/workflows/publish-napi.yml | 8 ++++---- .github/workflows/publish-wasm.yml | 12 ++++++------ .github/workflows/release-napi.yml | 4 ++-- .github/workflows/release-wasm.yml | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/publish-napi.yml b/.github/workflows/publish-napi.yml index 03b7bf82c..e785d06f8 100644 --- a/.github/workflows/publish-napi.yml +++ b/.github/workflows/publish-napi.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Branch check - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + if: ${{ inputs.release_type != 'Dry Run' }} run: | if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" @@ -79,7 +79,7 @@ jobs: ref: ${{ env._TAG_NAME }} - name: Create GitHub deployment - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + if: ${{ inputs.release_type != 'Dry Run' }} uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 id: deployment with: @@ -141,11 +141,11 @@ jobs: NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} - name: Publish NPM - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + if: ${{ inputs.release_type != 'Dry Run' }} run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc - name: Update deployment status to Success - if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} + if: ${{ inputs.release_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/publish-wasm.yml b/.github/workflows/publish-wasm.yml index 4d0298d42..df6b3fd55 100644 --- a/.github/workflows/publish-wasm.yml +++ b/.github/workflows/publish-wasm.yml @@ -40,7 +40,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Branch check - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + if: ${{ inputs.release_type != 'Dry Run' }} run: | if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" @@ -102,7 +102,7 @@ jobs: workflow: build-wasm.yml path: ${{ github.workspace }}/languages/js/wasm workflow_conclusion: success - branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} - name: Download artifact @@ -113,7 +113,7 @@ jobs: rm sdk-bitwarden-wasm.zip - name: Create GitHub deployment - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + if: ${{ inputs.release_type != 'Dry Run' }} uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 id: deployment with: @@ -134,11 +134,11 @@ jobs: NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} - name: Publish NPM - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + if: ${{ inputs.release_type != 'Dry Run' }} run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc - name: Update deployment status to Success - if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} + if: ${{ inputs.release_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: "${{ secrets.GITHUB_TOKEN }}" @@ -146,7 +146,7 @@ jobs: deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update deployment status to Failure - if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} + if: ${{ inputs.release_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3 with: token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/release-napi.yml b/.github/workflows/release-napi.yml index 68e46662d..1e41ddcb2 100644 --- a/.github/workflows/release-napi.yml +++ b/.github/workflows/release-napi.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Branch check - if: ${{ github.event.inputs.release_type != 'Dry Run' }} + if: ${{ inputs.release_type != 'Dry Run' }} run: | if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" @@ -49,7 +49,7 @@ jobs: id: version uses: bitwarden/gh-actions/release-version-check@main with: - release-type: ${{ github.event.inputs.release_type }} + release-type: ${{ inputs.release_type }} project-type: ts file: crates/bitwarden-napi/package.json monorepo: false diff --git a/.github/workflows/release-wasm.yml b/.github/workflows/release-wasm.yml index 7396ba10e..852273188 100644 --- a/.github/workflows/release-wasm.yml +++ b/.github/workflows/release-wasm.yml @@ -42,7 +42,7 @@ jobs: id: version uses: bitwarden/gh-actions/release-version-check@main with: - release-type: ${{ github.event.inputs.release_type }} + release-type: ${{ inputs.release_type }} project-type: ts file: languages/js/wasm/package.json monorepo: false From 59a844e7b0413cb1901fefbd51a04628ad8aee5b Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 26 Sep 2024 15:00:47 +0200 Subject: [PATCH 28/36] Update branch check in publish-java.yml to only allow releases from the 'main' branch --- .github/workflows/publish-java.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-java.yml b/.github/workflows/publish-java.yml index 5217b34f3..1ae47d080 100644 --- a/.github/workflows/publish-java.yml +++ b/.github/workflows/publish-java.yml @@ -34,9 +34,9 @@ jobs: - name: Branch check if: ${{ inputs.release_type != 'Dry Run' }} run: | - if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then echo "===================================" - echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "[!] Can only release from the 'main' branch" echo "===================================" exit 1 fi From 9b497cc75b3857e29d12e86d7b219e71d25831c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Thu, 26 Sep 2024 15:40:38 +0200 Subject: [PATCH 29/36] Update .github/workflows/build-ruby.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/build-ruby.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-ruby.yml b/.github/workflows/build-ruby.yml index 387ba246a..68e76ad87 100644 --- a/.github/workflows/build-ruby.yml +++ b/.github/workflows/build-ruby.yml @@ -88,7 +88,7 @@ jobs: run: gem build bitwarden-sdk-secrets.gemspec working-directory: languages/ruby/bitwarden_sdk_secrets - - name: Publish artifact + - name: Upload artifact uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: path: bitwarden-sdk-secrets-*.gem From efef868bbfc61b1085e1672819b3a04b3aa0d239 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Thu, 26 Sep 2024 15:40:51 +0200 Subject: [PATCH 30/36] Update .github/workflows/build-ruby.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/build-ruby.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-ruby.yml b/.github/workflows/build-ruby.yml index 68e76ad87..5a3f1a016 100644 --- a/.github/workflows/build-ruby.yml +++ b/.github/workflows/build-ruby.yml @@ -92,4 +92,4 @@ jobs: uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: path: bitwarden-sdk-secrets-*.gem - name: bitwarden-sdk-secrets \ No newline at end of file + name: bitwarden-sdk-secrets From 3f230646793dfb06afe02afd8836402d4ab0b7d3 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 26 Sep 2024 15:41:37 +0200 Subject: [PATCH 31/36] Fix --- .github/workflows/publish-wasm.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/publish-wasm.yml b/.github/workflows/publish-wasm.yml index df6b3fd55..99423ff41 100644 --- a/.github/workflows/publish-wasm.yml +++ b/.github/workflows/publish-wasm.yml @@ -96,15 +96,6 @@ jobs: keyvault: "bitwarden-ci" secrets: "npm-api-key" - - name: Download artifacts - uses: bitwarden/gh-actions/download-artifacts@main - with: - workflow: build-wasm.yml - path: ${{ github.workspace }}/languages/js/wasm - workflow_conclusion: success - branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} - - - name: Download artifact run: | cd ${{ github.workspace }}/languages/js/wasm From ab7ea799d05311d76bdf3573b529468b91f6d538 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 26 Sep 2024 15:43:08 +0200 Subject: [PATCH 32/36] Fix --- .github/workflows/publish-napi.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/publish-napi.yml b/.github/workflows/publish-napi.yml index e785d06f8..6a284d4a4 100644 --- a/.github/workflows/publish-napi.yml +++ b/.github/workflows/publish-napi.yml @@ -13,11 +13,6 @@ on: options: - Release - Dry Run - npm_publish: - description: "Publish to NPM registry" - required: true - default: true - type: boolean version: description: "Release Version" required: false @@ -68,7 +63,6 @@ jobs: name: Publish NPM runs-on: ubuntu-22.04 needs: setup - if: inputs.npm_publish env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} _TAG_NAME: ${{ needs.setup.outputs.tag-name }} From 1e48491bc779587ded1ec17222a6a4b2e88bdd5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Thu, 26 Sep 2024 15:45:22 +0200 Subject: [PATCH 33/36] Update .github/workflows/publish-wasm.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/publish-wasm.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish-wasm.yml b/.github/workflows/publish-wasm.yml index 99423ff41..f0367d6df 100644 --- a/.github/workflows/publish-wasm.yml +++ b/.github/workflows/publish-wasm.yml @@ -25,7 +25,6 @@ on: defaults: run: - shell: bash working-directory: languages/js/wasm jobs: From 71f47128a4b72800712b7d6625e246a7c1df9bc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Fri, 27 Sep 2024 12:13:36 +0200 Subject: [PATCH 34/36] Update .github/workflows/publish-wasm.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/publish-wasm.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/publish-wasm.yml b/.github/workflows/publish-wasm.yml index f0367d6df..6e61c5faa 100644 --- a/.github/workflows/publish-wasm.yml +++ b/.github/workflows/publish-wasm.yml @@ -13,11 +13,6 @@ on: options: - Release - Dry Run - npm_publish: - description: "Publish to NPM registry" - required: true - default: true - type: boolean version: description: "Release Version" required: false From 64913791c30a35ff24562c27013236a0b7148c6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Fri, 27 Sep 2024 12:13:45 +0200 Subject: [PATCH 35/36] Update .github/workflows/publish-wasm.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/publish-wasm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-wasm.yml b/.github/workflows/publish-wasm.yml index 6e61c5faa..6a72a8188 100644 --- a/.github/workflows/publish-wasm.yml +++ b/.github/workflows/publish-wasm.yml @@ -136,4 +136,4 @@ jobs: with: token: "${{ secrets.GITHUB_TOKEN }}" state: "failure" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} \ No newline at end of file + deployment-id: ${{ steps.deployment.outputs.deployment_id }} From f71be461f74a11a82ef23a2589a96617438a8839 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Fri, 27 Sep 2024 12:13:50 +0200 Subject: [PATCH 36/36] Update .github/workflows/publish-wasm.yml Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> --- .github/workflows/publish-wasm.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish-wasm.yml b/.github/workflows/publish-wasm.yml index 6a72a8188..95a86a0c4 100644 --- a/.github/workflows/publish-wasm.yml +++ b/.github/workflows/publish-wasm.yml @@ -63,7 +63,6 @@ jobs: name: Publish NPM runs-on: ubuntu-22.04 needs: setup - if: inputs.npm_publish env: _VERSION: ${{ needs.setup.outputs.release-version }} steps: