Update Versions - Self Host #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Versions - Self Host | |
| on: | |
| workflow_dispatch: | |
| env: | |
| _BRANCH: main | |
| jobs: | |
| setup: | |
| name: Setup | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| core_version: ${{ steps.get-core.outputs.version }} | |
| core_version_update: ${{ steps.core-update.outputs.update }} | |
| web_version: ${{ steps.get-web.outputs.version }} | |
| web_version_update: ${{ steps.web-update.outputs.update }} | |
| steps: | |
| - name: Checkout Branch | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ref: main | |
| - name: Get Latest Core Version | |
| id: get-core | |
| uses: bitwarden/gh-actions/get-release-version@main | |
| with: | |
| repository: bitwarden/server | |
| trim: true | |
| - name: Check if Core Version needs updating | |
| id: core-update | |
| env: | |
| LATEST_CORE_VERSION: ${{ steps.get-core.outputs.version }} | |
| run: | | |
| CORE_VERSION=$(sed -r -n '/define "bitwarden.coreVersionDefault"/!b;n;'\ | |
| 's/\{\{- "([0-9]+\.[0-9]+\.[0-9]+)" -\}\}/\1/p' helpers.tpl) | |
| echo "Core Version: $CORE_VERSION" | |
| echo "Latest Core Version: $LATEST_CORE_VERSION" | |
| if [ "$CORE_VERSION" != "$LATEST_CORE_VERSION" ]; then | |
| echo "Needs Core update!" | |
| echo "update=1" >> $GITHUB_OUTPUT | |
| else | |
| echo "update=0" >> $GITHUB_OUTPUT | |
| fi | |
| working-directory: charts/self-host/templates | |
| - name: Get Latest Web Version | |
| id: get-web | |
| uses: bitwarden/gh-actions/get-release-version@main | |
| with: | |
| repository: bitwarden/clients | |
| monorepo: true | |
| monorepo-project: web | |
| trim: true | |
| - name: Check if Web Version needs updating | |
| id: web-update | |
| env: | |
| LATEST_WEB_VERSION: ${{ steps.get-web.outputs.version }} | |
| run: | | |
| WEB_VERSION=$(sed -r -n '/define "bitwarden.webVersionDefault"/!b;n;'\ | |
| 's/\{\{- "([0-9]+\.[0-9]+\.[0-9]+)" -\}\}/\1/p' helpers.tpl) | |
| echo "Web Version: $WEB_VERSION" | |
| echo "Latest Web Version: $LATEST_WEB_VERSION" | |
| if [ "$WEB_VERSION" != "$LATEST_WEB_VERSION" ]; then | |
| echo "Needs Web update!" | |
| echo "update=1" >> $GITHUB_OUTPUT | |
| else | |
| echo "update=0" >> $GITHUB_OUTPUT | |
| fi | |
| working-directory: charts/self-host/templates | |
| - name: Verify if image versions are on Docker Hub | |
| id: verify-versions | |
| env: | |
| COREVERSION: ${{ steps.get-core.outputs.version }} | |
| WEBVERSION: ${{ steps.get-web.outputs.version }} | |
| run: | | |
| echo "Checking..." | |
| coreimages=( "admin" "api" "attachments" "events" "icons" "identity" "notifications" "scim" "sso" "mssqlmigratorutility" ) | |
| test_image() { | |
| image=$1 | |
| version=$2 | |
| tag=$(curl -s "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/"|jq '."results"[]["name"]' | grep $version | cat) | |
| if [[ -z "$tag" ]]; then | |
| echo "$image - $version - NOT FOUND!" | |
| echo "Stopping..." | |
| exit 1 | |
| else | |
| echo "$image - $tag - FOUND" | |
| fi | |
| } | |
| echo "Core Images ($COREVERSION)..." | |
| for key in "${!coreimages[@]}" | |
| do | |
| image=${coreimages[$key]} | |
| test_image $image $COREVERSION | |
| done | |
| echo "Web Image ($WEBVERSION)..." | |
| test_image "web" $WEBVERSION | |
| update-versions: | |
| name: "Update Versions" | |
| if: | | |
| needs.setup.outputs.core_version_update == 1 || | |
| needs.setup.outputs.web_version_update == 1 | |
| runs-on: ubuntu-22.04 | |
| needs: setup | |
| environment: Production | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Log in to Azure - CI subscription | |
| uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
| with: | |
| creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| - name: Retrieve secrets | |
| id: retrieve-secrets | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "github-gpg-private-key, | |
| github-gpg-private-key-passphrase, | |
| github-pat-bitwarden-devops-bot-repo-scope" | |
| - name: Checkout Branch | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ref: main | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 | |
| with: | |
| gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }} | |
| passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - name: Set up Git | |
| run: | | |
| git config --local user.email "[email protected]" | |
| git config --local user.name "bitwarden-devops-bot" | |
| - name: Create version branch | |
| id: create-branch | |
| run: | | |
| NAME=version_bump_${{ github.ref_name }}_$(date +"%Y-%m-%d") | |
| git switch -c $NAME | |
| echo "name=$NAME" >> $GITHUB_OUTPUT | |
| - name: Update Core Version | |
| env: | |
| VERSION: ${{ needs.setup.outputs.core_version }} | |
| run: sed -i '/define "bitwarden.coreVersionDefault"/!b;n;c{{- "'$VERSION'" -}}' helpers.tpl | |
| working-directory: charts/self-host/templates | |
| - name: Update Web Version | |
| env: | |
| VERSION: ${{ needs.setup.outputs.web_version }} | |
| run: sed -i '/define "bitwarden.webVersionDefault"/!b;n;c{{- "'$VERSION'" -}}' helpers.tpl | |
| working-directory: charts/self-host/templates | |
| - name: Update Chart appVersion | |
| env: | |
| VERSION: ${{ needs.setup.outputs.core_version }} | |
| run: "sed -i -e 's/appVersion:.*/appVersion: '$VERSION'/' Chart.yaml" | |
| working-directory: charts/self-host | |
| - name: Check if version changed | |
| id: version-changed | |
| run: | | |
| if [ -n "$(git status --porcelain)" ]; then | |
| echo "changes_to_commit=TRUE" >> $GITHUB_OUTPUT | |
| else | |
| echo "changes_to_commit=FALSE" >> $GITHUB_OUTPUT | |
| echo "No changes to commit!"; | |
| fi | |
| - name: Commit files | |
| if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} | |
| run: git commit -m "Updated core and web versions" -a | |
| - name: Push changes | |
| if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} | |
| env: | |
| PR_BRANCH: ${{ steps.create-branch.outputs.name }} | |
| run: git push -u origin $PR_BRANCH | |
| - name: Create versions PR | |
| if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} | |
| env: | |
| GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} | |
| PR_BRANCH: ${{ steps.create-branch.outputs.name }} | |
| TITLE: "Update core and web versions" | |
| run: | | |
| PR_URL=$(gh pr create --title "$TITLE" \ | |
| --base "$BASE_BRANCH" \ | |
| --head "$PR_BRANCH" \ | |
| --label "automated pr" \ | |
| --body " | |
| ## Type of change | |
| - [ ] Bug fix | |
| - [ ] New feature development | |
| - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) | |
| - [ ] Build/deploy pipeline (DevOps) | |
| - [X] Other | |
| ## Objective | |
| Automated version updates to core and web versions in charts/self-host/templates/helpers.tpl. | |
| Automated version update to appVersion in charts/self-host/Chart.yaml") | |
| echo "pr_number=${PR_URL##*/}" >> $GITHUB_OUTPUT | |
| - name: Approve PR | |
| if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }} | |
| run: gh pr review $PR_NUMBER --approve | |
| - name: Merge PR | |
| if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }} | |
| env: | |
| GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} | |
| PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }} | |
| run: gh pr merge $PR_NUMBER --squash --auto --delete-branch |