[deps] Tools: Update oidc-client-ts to v3 #18871
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build Web | |
| on: | |
| pull_request: | |
| branches-ignore: | |
| - 'l10n_master' | |
| - 'cf-pages' | |
| paths: | |
| - 'apps/web/**' | |
| - 'libs/**' | |
| - '*' | |
| - '!*.md' | |
| - '!*.txt' | |
| - '.github/workflows/build-web.yml' | |
| push: | |
| branches: | |
| - 'main' | |
| - 'rc' | |
| - 'hotfix-rc-web' | |
| paths: | |
| - 'apps/web/**' | |
| - 'libs/**' | |
| - '*' | |
| - '!*.md' | |
| - '!*.txt' | |
| - '.github/workflows/build-web.yml' | |
| workflow_dispatch: | |
| inputs: | |
| custom_tag_extension: | |
| description: "Custom image tag extension" | |
| required: false | |
| env: | |
| _AZ_REGISTRY: bitwardenprod.azurecr.io | |
| jobs: | |
| cloc: | |
| name: CLOC | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: Set up cloc | |
| run: | | |
| sudo apt update | |
| sudo apt -y install cloc | |
| - name: Print lines of code | |
| working-directory: apps/web | |
| run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git | |
| setup: | |
| name: Setup | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| version: ${{ steps.version.outputs.value }} | |
| node_version: ${{ steps.retrieve-node-version.outputs.node_version }} | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: Get GitHub sha as version | |
| id: version | |
| run: echo "value=${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT | |
| - name: Get Node Version | |
| id: retrieve-node-version | |
| run: | | |
| NODE_NVMRC=$(cat .nvmrc) | |
| NODE_VERSION=${NODE_NVMRC/v/''} | |
| echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT | |
| build-artifacts: | |
| name: Build artifacts | |
| runs-on: ubuntu-22.04 | |
| needs: setup | |
| env: | |
| _VERSION: ${{ needs.setup.outputs.version }} | |
| _NODE_VERSION: ${{ needs.setup.outputs.node_version }} | |
| strategy: | |
| matrix: | |
| include: | |
| - name: "selfhosted-open-source" | |
| npm_command: "dist:oss:selfhost" | |
| - name: "cloud-COMMERCIAL" | |
| npm_command: "dist:bit:cloud" | |
| - name: "selfhosted-COMMERCIAL" | |
| npm_command: "dist:bit:selfhost" | |
| - name: "cloud-QA" | |
| npm_command: "build:bit:qa" | |
| - name: "ee" | |
| npm_command: "build:bit:ee" | |
| - name: "cloud-euprd" | |
| npm_command: "build:bit:euprd" | |
| - name: "cloud-euqa" | |
| npm_command: "build:bit:euqa" | |
| - name: "cloud-usdev" | |
| npm_command: "build:bit:usdev" | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: Set up Node | |
| uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
| with: | |
| cache: 'npm' | |
| cache-dependency-path: '**/package-lock.json' | |
| node-version: ${{ env._NODE_VERSION }} | |
| - name: Print environment | |
| run: | | |
| whoami | |
| node --version | |
| npm --version | |
| gulp --version | |
| docker --version | |
| echo "GitHub ref: $GITHUB_REF" | |
| echo "GitHub event: $GITHUB_EVENT" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Setup QA metadata | |
| working-directory: apps/web | |
| if: matrix.name == 'cloud-QA' | |
| run: | | |
| VERSION=$( jq -r ".version" package.json) | |
| jq --arg version "$VERSION+${GITHUB_SHA:0:7}" '.version = $version' package.json > package.json.tmp | |
| mv package.json.tmp package.json | |
| - name: Build ${{ matrix.name }} | |
| working-directory: apps/web | |
| run: npm run ${{ matrix.npm_command }} | |
| - name: Package artifact | |
| working-directory: apps/web | |
| run: zip -r web-${{ env._VERSION }}-${{ matrix.name }}.zip build | |
| - name: Upload ${{ matrix.name }} artifact | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: web-${{ env._VERSION }}-${{ matrix.name }}.zip | |
| path: apps/web/web-${{ env._VERSION }}-${{ matrix.name }}.zip | |
| if-no-files-found: error | |
| build-containers: | |
| name: Build Docker images | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - setup | |
| - build-artifacts | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - artifact_name: cloud-QA | |
| image_name: web-qa-cloud | |
| - artifact_name: ee | |
| image_name: web-ee | |
| - artifact_name: selfhosted-COMMERCIAL | |
| image_name: web | |
| env: | |
| _VERSION: ${{ needs.setup.outputs.version }} | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: Check Branch to Publish | |
| env: | |
| PUBLISH_BRANCHES: "main,rc,hotfix-rc-web" | |
| id: publish-branch-check | |
| run: | | |
| IFS="," read -a publish_branches <<< $PUBLISH_BRANCHES | |
| if [[ " ${publish_branches[*]} " =~ " ${GITHUB_REF:11} " ]]; then | |
| echo "is_publish_branch=true" >> $GITHUB_ENV | |
| else | |
| echo "is_publish_branch=false" >> $GITHUB_ENV | |
| fi | |
| ########## ACRs ########## | |
| - name: Login to Prod Azure | |
| uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
| with: | |
| creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} | |
| - name: Log into Prod container registry | |
| run: az acr login -n bitwardenprod | |
| - name: Login to Azure - CI Subscription | |
| uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
| with: | |
| creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| - name: Retrieve github PAT secrets | |
| id: retrieve-secret-pat | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "github-pat-bitwarden-devops-bot-repo-scope" | |
| - name: Download ${{ matrix.artifact_name }} artifact | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: web-${{ env._VERSION }}-${{ matrix.artifact_name }}.zip | |
| path: apps/web | |
| ########## Generate image tag and build Docker image ########## | |
| - name: Generate Docker image tag | |
| id: tag | |
| run: | | |
| if [[ $(grep "pull" <<< "${GITHUB_REF}") ]]; then | |
| IMAGE_TAG=$(echo "${GITHUB_HEAD_REF}" | sed "s#/#-#g") | |
| else | |
| IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") | |
| fi | |
| if [[ "$IMAGE_TAG" == "main" ]]; then | |
| IMAGE_TAG=dev | |
| fi | |
| TAG_EXTENSION=${{ github.event.inputs.custom_tag_extension }} | |
| if [[ $TAG_EXTENSION ]]; then | |
| IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION | |
| fi | |
| echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| ########## Build Image ########## | |
| - name: Extract artifact | |
| working-directory: apps/web | |
| run: unzip web-${{ env._VERSION }}-${{ matrix.artifact_name }}.zip | |
| - name: Generate image full name | |
| id: image-name | |
| env: | |
| IMAGE_TAG: ${{ steps.tag.outputs.image_tag }} | |
| PROJECT_NAME: ${{ matrix.image_name }} | |
| run: echo "name=$_AZ_REGISTRY/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT | |
| - name: Build Docker image | |
| uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 | |
| with: | |
| context: apps/web | |
| file: apps/web/Dockerfile | |
| platforms: linux/amd64 | |
| push: true | |
| tags: ${{ steps.image-name.outputs.name }} | |
| secrets: | | |
| "GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}" | |
| - name: Log out of Docker | |
| run: docker logout | |
| crowdin-push: | |
| name: Crowdin Push | |
| if: github.ref == 'refs/heads/main' | |
| needs: build-artifacts | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: Login to Azure | |
| uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
| with: | |
| creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| - name: Retrieve secrets | |
| id: retrieve-secrets | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "crowdin-api-token" | |
| - name: Upload Sources | |
| uses: crowdin/github-action@ee4ab4ea2feadc0fdc3b200729c7b1c4cf4b38f3 # v1.11.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} | |
| CROWDIN_PROJECT_ID: "308189" | |
| with: | |
| config: apps/web/crowdin.yml | |
| crowdin_branch_name: main | |
| upload_sources: true | |
| upload_translations: false | |
| trigger-web-vault-deploy: | |
| name: Trigger web vault deploy | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-22.04 | |
| needs: build-artifacts | |
| steps: | |
| - name: Login to Azure - CI Subscription | |
| uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
| with: | |
| creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| - name: Retrieve github PAT secrets | |
| id: retrieve-secret-pat | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "github-pat-bitwarden-devops-bot-repo-scope" | |
| - name: Trigger web vault deploy | |
| uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 | |
| with: | |
| github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: 'bitwarden', | |
| repo: 'clients', | |
| workflow_id: 'deploy-web.yml', | |
| ref: 'main', | |
| inputs: { | |
| 'environment': 'USDEV', | |
| 'branch-or-tag': 'main' | |
| } | |
| }) | |
| check-failures: | |
| name: Check for failures | |
| if: always() | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - cloc | |
| - setup | |
| - build-artifacts | |
| - build-containers | |
| - crowdin-push | |
| - trigger-web-vault-deploy | |
| steps: | |
| - name: Check if any job failed | |
| if: ${{ (github.ref == 'refs/heads/main') || (github.ref == 'refs/heads/rc') }} | |
| env: | |
| CLOC_STATUS: ${{ needs.cloc.result }} | |
| SETUP_STATUS: ${{ needs.setup.result }} | |
| ARTIFACT_STATUS: ${{ needs.build-artifacts.result }} | |
| BUILD_CONTAINERS_STATUS: ${{ needs.build-containers.result }} | |
| CROWDIN_PUSH_STATUS: ${{ needs.crowdin-push.result }} | |
| TRIGGER_WEB_VAULT_DEPLOY_STATUS: ${{ needs.trigger-web-vault-deploy.result }} | |
| run: | | |
| if [ "$CLOC_STATUS" = "failure" ]; then | |
| exit 1 | |
| elif [ "$SETUP_STATUS" = "failure" ]; then | |
| exit 1 | |
| elif [ "$ARTIFACT_STATUS" = "failure" ]; then | |
| exit 1 | |
| elif [ "$BUILD_SELFHOST_STATUS" = "failure" ]; then | |
| exit 1 | |
| elif [ "$BUILD_CONTAINERS_STATUS" = "failure" ]; then | |
| exit 1 | |
| elif [ "$CROWDIN_PUSH_STATUS" = "failure" ]; then | |
| exit 1 | |
| elif [ "$TRIGGER_WEB_VAULT_DEPLOY_STATUS" = "failure" ]; then | |
| exit 1 | |
| fi | |
| - name: Login to Azure - Prod Subscription | |
| uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 | |
| if: failure() | |
| with: | |
| creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| - name: Retrieve secrets | |
| id: retrieve-secrets | |
| if: failure() | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "devops-alerts-slack-webhook-url" | |
| - name: Notify Slack on failure | |
| uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 | |
| if: failure() | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} | |
| with: | |
| status: ${{ job.status }} |