bitwarden · michalchecinski · Sep 30, 2024 · Sep 23, 2024 · Sep 23, 2024 · Sep 23, 2024
@@ -0,0 +1,95 @@
+---
+name: Build Ruby
+
+on:
+  pull_request:
+  push:
+    branches:
+      - "main"
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build Ruby
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0
+        with:
+          ruby-version: 3.2
+
+      - name: Download artifacts
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: generate_schemas.yml
+          path: languages/ruby/bitwarden_sdk_secrets/lib
+          workflow_conclusion: success
+          branch: ${{ github.ref_name }}
+          artifacts: schemas.rb
+
+      - name: Download x86_64-apple-darwin artifact
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-rust-cross-platform.yml
+          path: temp/macos-x64
+          workflow_conclusion: success
+          branch: ${{ github.ref_name }}
+          artifacts: libbitwarden_c_files-x86_64-apple-darwin
+
+      - name: Download aarch64-apple-darwin artifact
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-rust-cross-platform.yml
+          workflow_conclusion: success
+          branch: ${{ github.ref_name }}
+          artifacts: libbitwarden_c_files-aarch64-apple-darwin
+          path: temp/macos-arm64
+
+      - name: Download x86_64-unknown-linux-gnu artifact
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-rust-cross-platform.yml
+          workflow_conclusion: success
+          branch: ${{ github.ref_name }}
+          artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu
+          path: temp/linux-x64
+
+      - name: Download x86_64-pc-windows-msvc artifact
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-rust-cross-platform.yml
+          workflow_conclusion: success
+          branch: ${{ github.ref_name }}
+          artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc
+          path: temp/windows-x64
+
+      - name: Copy lib files
+        run: |
+          mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/macos-arm64
+          mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/linux-x64
+          mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/macos-x64
+          mkdir -p languages/ruby/bitwarden_sdk_secrets/lib/windows-x64
+
+          platforms=("macos-arm64" "linux-x64" "macos-x64" "windows-x64")
+          files=("libbitwarden_c.dylib" "libbitwarden_c.so" "libbitwarden_c.dylib" "bitwarden_c.dll")
+
+          for ((i=0; i<${#platforms[@]}; i++)); do
+            cp "temp/${platforms[$i]}/${files[$i]}" "languages/ruby/bitwarden_sdk_secrets/lib/${platforms[$i]}/${files[$i]}"
+          done
+
+      - name: bundle install
+        run: bundle install
+        working-directory: languages/ruby/bitwarden_sdk_secrets
+
+      - name: Build gem
+        run: gem build bitwarden-sdk-secrets.gemspec
+        working-directory: languages/ruby/bitwarden_sdk_secrets
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        with:
+          path: bitwarden-sdk-secrets-*.gem
+          name: bitwarden-sdk-secrets
@@ -1,6 +1,6 @@
 ---
-name: Release CLI
-run-name: Release CLI ${{ inputs.release_type }}
+name: Publish bws CLI
+run-name: Publish bws CLI ${{ inputs.release_type }}
 
 on:
   workflow_dispatch:
@@ -13,6 +13,11 @@ on:
         options:
           - Release
           - Dry Run
+      version:
+        description: 'Version to publish (default: latest bws cli release)'
+        required: true
+        type: string
+        default: latest
 
 env:
   _AZ_REGISTRY: bitwardenprod.azurecr.io
@@ -22,7 +27,9 @@ jobs:
     name: Setup
     runs-on: ubuntu-22.04
     outputs:
-      release-version: ${{ steps.version.outputs.version }}
+      release-version: ${{ steps.version-output.outputs.version }}
+      release-tag: ${{ steps.version-output.outputs.tag_name }}
+      deployment-id: ${{ steps.deployment.outputs.deployment_id }}
     steps:
       - name: Checkout repo
         uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
@@ -37,11 +44,21 @@ jobs:
             exit 1
           fi
 
-      - name: Check Release Version
-        id: version
+      - name: Version output
+        id: version-output
         run: |
-          VERSION=$(grep -o '^version = ".*"' crates/bws/Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")
-          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then
+            TAG_NAME=$(curl  "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("bws")) | .tag_name' | head -1)
+            VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+')
+            echo "Latest Released Version: $VERSION"
+            echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+            echo "Latest Released Tag name: $TAG_NAME"
+            echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT
+          else
+            echo "Release Version: ${{ inputs.version }}"
+            echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
+          fi
 
       - name: Create GitHub deployment
         if: ${{ inputs.release_type != 'Dry Run' }}
@@ -50,66 +67,18 @@ jobs:
         with:
           token: "${{ secrets.GITHUB_TOKEN }}"
           initial-status: "in_progress"
-          environment: "CLI - Production"
-          description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}"
+          environment: "bws CLI - Production"
+          description: "Deployment ${{ steps.version-output.outputs.version }} from branch ${{ github.ref_name }}"
           task: release
 
-      - name: Download all Release artifacts
-        uses: bitwarden/gh-actions/download-artifacts@main
-        with:
-          workflow: build-cli.yml
-          path: packages
-          workflow_conclusion: success
-          branch: ${{ github.ref_name }}
-
-      - name: Get checksum files
-        uses: bitwarden/gh-actions/get-checksum@main
-        with:
-          packages_dir: "packages"
-          file_path: "packages/bws-sha256-checksums-${{ steps.version.outputs.version }}.txt"
-
-      - name: Create release
-        if: ${{ inputs.release_type != 'Dry Run' }}
-        uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
-        env:
-          PKG_VERSION: ${{ steps.version.outputs.version }}
-        with:
-          artifacts: "packages/bws-x86_64-apple-darwin-${{ env.PKG_VERSION }}.zip,
-            packages/bws-aarch64-apple-darwin-${{ env.PKG_VERSION }}.zip,
-            packages/bws-macos-universal-${{ env.PKG_VERSION }}.zip,
-            packages/bws-x86_64-pc-windows-msvc-${{ env.PKG_VERSION }}.zip,
-            packages/bws-aarch64-pc-windows-msvc-${{ env.PKG_VERSION }}.zip,
-            packages/bws-x86_64-unknown-linux-gnu-${{ env.PKG_VERSION }}.zip,
-            packages/bws-aarch64-unknown-linux-gnu-${{ env.PKG_VERSION }}.zip,
-            packages/THIRDPARTY.html,
-            packages/bws-sha256-checksums-${{ env.PKG_VERSION }}.txt"
-          commit: ${{ github.sha }}
-          tag: bws-v${{ env.PKG_VERSION }}
-          name: bws CLI v${{ env.PKG_VERSION }}
-          body: "<insert release notes here>"
-          token: ${{ secrets.GITHUB_TOKEN }}
-          draft: true
-
-      - name: Update deployment status to Success
-        if: ${{ inputs.release_type != 'Dry Run' && success() }}
-        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
-        with:
-          token: "${{ secrets.GITHUB_TOKEN }}"
-          state: "success"
-          deployment-id: ${{ steps.deployment.outputs.deployment_id }}
-
-      - name: Update deployment status to Failure
-        if: ${{ inputs.release_type != 'Dry Run' && failure() }}
-        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
-        with:
-          token: "${{ secrets.GITHUB_TOKEN }}"
-          state: "failure"
-          deployment-id: ${{ steps.deployment.outputs.deployment_id }}
 
   publish:
     name: Publish bws to crates.io
     runs-on: ubuntu-22.04
     needs: setup
+    env:
+      _VERSION: ${{ needs.setup.outputs.release-version }}
+      _TAG_NAME: ${{ needs.setup.outputs.release-tag }}
     steps:
       - name: Checkout
         uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
@@ -118,6 +87,7 @@ jobs:
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         with:
           creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          ref: ${{ env._TAG_NAME }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -151,6 +121,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        with:
+          ref: ${{ env._TAG_NAME }}
 
       - name: Generate tag list
         id: tag-list
@@ -218,3 +190,27 @@ jobs:
         run: |
           docker logout
           echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
+
+  update_release_status:
+    name: Update GitHub deployment status
+    runs-on: ubuntu-22.04
+    needs: setup
+    if: ${{ inputs.release_type != 'Dry Run' }}
+    env:
+      _DEPLOYMENT_ID: ${{ needs.setup.outputs.deployment-id }}
+    steps:
+      - name: Update deployment status to Success
+        if: ${{ inputs.release_type != 'Dry Run' && success() }}
+        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
+        with:
+          token: "${{ secrets.GITHUB_TOKEN }}"
+          state: "success"
+          deployment-id: ${{ env._DEPLOYMENT_ID }}
+
+      - name: Update deployment status to Failure
+        if: ${{ inputs.release_type != 'Dry Run' && failure() }}
+        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
+        with:
+          token: "${{ secrets.GITHUB_TOKEN }}"
+          state: "failure"
+          deployment-id: ${{ env._DEPLOYMENT_ID }}
@@ -12,6 +12,10 @@ on:
         options:
           - Release
           - Dry Run
+      version:
+        description: "Release Version"
+        required: false
+        default: "latest"
 
 env:
   _KEY_VAULT: "bitwarden-ci"
@@ -21,43 +25,58 @@ jobs:
     name: Setup
     runs-on: ubuntu-22.04
     outputs:
-      version: ${{ steps.version.outputs.version }}
+      version: ${{ steps.version-output.outputs.version }}
     steps:
       - name: Checkout repo
         uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Branch check
         if: ${{ inputs.release_type != 'Dry Run' }}
         run: |
-          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
+          if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then
             echo "==================================="
-            echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
+            echo "[!] Can only release from the 'main' branch"
             echo "==================================="
             exit 1
           fi
 
-      - name: Install xmllint
-        run: sudo apt-get install -y libxml2-utils
-
-      - name: Get version
-        id: version
+      - name: Version output
+        id: version-output
         run: |
-          VERSION=$(xmllint --xpath 'string(/Project/PropertyGroup/Version)' languages/csharp/Bitwarden.Sdk/Bitwarden.Sdk.csproj)
-          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          if [[ "${{ inputs.version }}" == "latest" || "${{ inputs.version }}" == "" ]]; then
+            TAG_NAME=$(curl  "https://api.github.com/repos/bitwarden/sdk/releases" | jq -c '.[] | select(.tag_name | contains("dotnet")) | .tag_name' | head -1)
+            VERSION=$(echo $TAG_NAME | grep -ohE '20[0-9]{2}\.([1-9]|1[0-2])\.[0-9]+')
+            echo "Latest Released Version: $VERSION"
+            echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+            echo "Latest Released Tag name: $TAG_NAME"
+            echo "tag_name=$TAG_NAME" >> $GITHUB_OUTPUT
+          else
+            echo "Release Version: ${{ inputs.version }}"
+            echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
+          fi
 
   deploy:
     name: Deploy
     runs-on: ubuntu-22.04
     needs: validate
     steps:
-      - name: Download NuGet package
-        uses: bitwarden/gh-actions/download-artifacts@main
+      - name: Create GitHub deployment
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
+        id: deployment
         with:
-          workflow: build-dotnet.yml
-          workflow_conclusion: success
-          branch: ${{ inputs.release_type == 'Dry Run' && 'main' ||  github.ref_name }}
-          artifacts: Bitwarden.Sdk.${{ needs.validate.outputs.version }}.nupkg
-          path: ./nuget-output
+          token: '${{ secrets.GITHUB_TOKEN }}'
+          initial-status: 'in_progress'
+          environment: 'dotnet - Production'
+          description: 'Deployment ${{ needs.validate.outputs.version }} from branch ${{ github.ref_name }}'
+          task: release
+
+      - name: Download artifact
+        run: |
+          mkdir -p nuget-output
+          cd nuget-output
+          wget https://github.com/bitwarden/sdk/releases/download/dotnet-v${{ needs.validate.outputs.version }}/Bitwarden.Sdk.${{ needs.validate.outputs.version }}.nupkg
 
       - name: Login to Azure - Prod Subscription
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -76,3 +95,19 @@ jobs:
         env:
           NUGET_API_KEY: ${{ steps.retrieve-secrets.outputs.nuget-api-key }}
         run: dotnet nuget push ./nuget-output/*.nupkg -k ${{ env.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json
+
+      - name: Update deployment status to Success
+        if: ${{ inputs.release_type != 'Dry Run' && success() }}
+        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
+        with:
+          token: '${{ secrets.GITHUB_TOKEN }}'
+          state: 'success'
+          deployment-id: ${{ steps.deployment.outputs.deployment_id }}
+
+      - name: Update deployment status to Failure
+        if: ${{ inputs.release_type != 'Dry Run' && failure() }}
+        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
+        with:
+          token: '${{ secrets.GITHUB_TOKEN }}'
+          state: 'failure'
+          deployment-id: ${{ steps.deployment.outputs.deployment_id }}