Skip to content

[deps]: Lock file maintenance #2705

[deps]: Lock file maintenance

[deps]: Lock file maintenance #2705

Workflow file for this run

name: docker
on:
push:
branches:
- main
pull_request:
branches:
- main
release:
types:
- published
workflow_dispatch:
inputs:
version:
description: Application version to use when publishing the project
required: false
image-tag:
description: Additional Docker image tag to apply on deployment
required: false
jobs:
# Determine version
version:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Determine stable version
id: stable-version
if: ${{ inputs.version || github.event_name == 'release' }}
run: |
version="${{ inputs.version || github.event.release.tag_name }}"
if ! [[ $version =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z].*)?$ ]]; then
echo "Invalid version: $version"
exit 1
fi
echo "version=$version" >> $GITHUB_OUTPUT
- name: Determine prerelease version
id: pre-version
run: |
hash="${{ github.event.pull_request.head.sha || github.sha }}"
echo "version=0.0.0-ci-${hash:0:7}" >> $GITHUB_OUTPUT
outputs:
version: ${{ steps.stable-version.outputs.version || steps.pre-version.outputs.version }}
# Build the image without deploying just to make sure the dockerfile is valid
pack:
needs: version
strategy:
matrix:
app:
- Api
#- AdminConsole
- Self-Host
include:
- app: Api
dockerfile: Api.dockerfile
#- app: AdminConsole
# dockerfile: AdminConsole.dockerfile
- app: Self-Host
dockerfile: self-host/Dockerfile
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Build image
run: >
docker buildx build .
--file ${{ matrix.dockerfile }}
--platform linux/amd64,linux/arm64
--build-arg VERSION=${{ needs.version.outputs.version }}
--output type=tar,dest=image.tar
# Build and deploy the image
deploy:
if: ${{ github.event_name != 'pull_request' }}
needs: version
strategy:
matrix:
app:
- Api
#- AdminConsole
- Self-Host
include:
- app: Api
dockerfile: Api.dockerfile
name: passwordless-test-api
#- app: AdminConsole
# dockerfile: AdminConsole.dockerfile
# repository: passwordless-test-admin-console
- app: Self-Host
dockerfile: self-host/Dockerfile
name: passwordless-self-host
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Setup Docker Content Trust
id: setup-dct
uses: bitwarden/gh-actions/setup-docker-trust@main
with:
azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
azure-keyvault-name: "bitwarden-ci"
- name: Build & push image
env:
DOCKER_CONTAINER_NAMESPACE: bitwarden
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
run: >
docker buildx build .
--file ${{ matrix.dockerfile }}
--platform linux/amd64,linux/arm64
--build-arg VERSION=${{ needs.version.outputs.version }}
--push
${{ format('--tag {0}/{1}:dev', env.DOCKER_CONTAINER_NAMESPACE, matrix.name) }}
${{ github.event_name == 'release' && format('--tag {0}/{1}:qa', env.DOCKER_CONTAINER_NAMESPACE, matrix.name) || '' }}
${{ github.event_name == 'release' && !github.event.release.prerelease && format('--tag {0}/{1}:latest', env.DOCKER_CONTAINER_NAMESPACE, matrix.name) || '' }}
${{ github.event_name == 'release' && !github.event.release.prerelease && format('--tag {0}/{1}:stable', env.DOCKER_CONTAINER_NAMESPACE, matrix.name) || '' }}
${{ github.event_name == 'release' && format('--tag {0}/{1}:{2}', env.DOCKER_CONTAINER_NAMESPACE, matrix.name, github.ref_name) || '' }}
${{ inputs.image-tag && format('--tag {0}/{1}:{2}', env.DOCKER_CONTAINER_NAMESPACE, matrix.name, inputs.image-tag) || '' }}
- name: Log out of Docker and disable Docker Notary
run: |
docker logout
echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV