mirror of
https://github.com/bitwarden/clients.git
synced 2026-07-04 21:05:54 +08:00
[BRE-1004] Publish web images to GHCR on release (#19679)
This commit is contained in:
parent
cfc68eff69
commit
f6f503ead8
37
.github/workflows/build-web.yml
vendored
37
.github/workflows/build-web.yml
vendored
@ -49,6 +49,7 @@ on:
|
||||
|
||||
env:
|
||||
_AZ_REGISTRY: bitwardenprod.azurecr.io
|
||||
_GHCR_REGISTRY: ghcr.io/bitwarden
|
||||
_GITHUB_PR_REPO_NAME: ${{ github.event.pull_request.head.repo.full_name }}
|
||||
|
||||
permissions:
|
||||
@ -98,6 +99,7 @@ jobs:
|
||||
permissions:
|
||||
security-events: write
|
||||
id-token: write
|
||||
packages: write
|
||||
needs: setup
|
||||
strategy:
|
||||
fail-fast: false
|
||||
@ -264,6 +266,14 @@ jobs:
|
||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
||||
run: az acr login -n "${_AZ_REGISTRY%.azurecr.io}"
|
||||
|
||||
- name: Log in to GHCR
|
||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
||||
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
########## Generate image tag and build Docker image ##########
|
||||
- name: Generate container image tag
|
||||
id: tag
|
||||
@ -300,7 +310,12 @@ jobs:
|
||||
env:
|
||||
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
|
||||
PROJECT_NAME: ${{ matrix.image_name }}
|
||||
run: echo "name=$_AZ_REGISTRY/${PROJECT_NAME}:${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
|
||||
run: |
|
||||
ACR_NAME="$_AZ_REGISTRY/${PROJECT_NAME}:${IMAGE_TAG}"
|
||||
GHCR_NAME="$_GHCR_REGISTRY/${PROJECT_NAME}:${IMAGE_TAG}"
|
||||
echo "name=$ACR_NAME" >> "$GITHUB_OUTPUT"
|
||||
echo "ghcr_name=$GHCR_NAME" >> "$GITHUB_OUTPUT"
|
||||
echo "tags=$ACR_NAME,$GHCR_NAME" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Build Docker image
|
||||
id: build-container
|
||||
@ -318,13 +333,17 @@ jobs:
|
||||
linux/arm/v7,
|
||||
linux/arm64
|
||||
push: false
|
||||
tags: ${{ steps.image-name.outputs.name }}
|
||||
tags: ${{ steps.image-name.outputs.tags }}
|
||||
|
||||
- name: Push images
|
||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
||||
env:
|
||||
IMAGE_NAME: ${{ steps.image-name.outputs.name }}
|
||||
run: docker push "$IMAGE_NAME"
|
||||
TAGS: ${{ steps.image-name.outputs.tags }}
|
||||
run: |
|
||||
IFS=',' read -r -a tags_array <<< "$TAGS"
|
||||
for tag in "${tags_array[@]}"; do
|
||||
docker push "$tag"
|
||||
done
|
||||
|
||||
- name: Zip project
|
||||
working-directory: apps/web
|
||||
@ -345,14 +364,14 @@ jobs:
|
||||
if-no-files-found: error
|
||||
|
||||
- name: Install Cosign
|
||||
if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
|
||||
if: github.event_name != 'pull_request_target' && env.is_publish_branch == 'true'
|
||||
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
|
||||
|
||||
- name: Sign image with Cosign
|
||||
if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
|
||||
if: github.event_name != 'pull_request_target' && env.is_publish_branch == 'true'
|
||||
env:
|
||||
DIGEST: ${{ steps.build-container.outputs.digest }}
|
||||
TAGS: ${{ steps.image-name.outputs.name }}
|
||||
TAGS: ${{ steps.image-name.outputs.tags }}
|
||||
run: |
|
||||
IFS=',' read -r -a tags_array <<< "${TAGS}"
|
||||
images=()
|
||||
@ -380,7 +399,9 @@ jobs:
|
||||
ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
|
||||
|
||||
- name: Log out of Docker
|
||||
run: docker logout "$_AZ_REGISTRY"
|
||||
run: |
|
||||
docker logout "$_AZ_REGISTRY"
|
||||
docker logout ghcr.io
|
||||
|
||||
- name: Log out from Azure
|
||||
if: ${{ needs.setup.outputs.has_secrets == 'true' }}
|
||||
|
||||
25
.github/workflows/publish-web.yml
vendored
25
.github/workflows/publish-web.yml
vendored
@ -16,6 +16,7 @@ on:
|
||||
|
||||
env:
|
||||
_AZ_REGISTRY: bitwardenprod.azurecr.io
|
||||
_GHCR_REGISTRY: ghcr.io/bitwarden
|
||||
|
||||
jobs:
|
||||
setup:
|
||||
@ -60,6 +61,7 @@ jobs:
|
||||
id-token: write
|
||||
contents: read
|
||||
deployments: write
|
||||
packages: write
|
||||
env:
|
||||
_BRANCH_NAME: ${{ github.ref_name }}
|
||||
_RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
|
||||
@ -89,6 +91,13 @@ jobs:
|
||||
- name: Login to Azure ACR
|
||||
run: az acr login -n bitwardenprod
|
||||
|
||||
- name: Log in to GHCR
|
||||
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Create GitHub deployment
|
||||
if: ${{ inputs.publish_type != 'Dry Run' }}
|
||||
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
|
||||
@ -114,11 +123,17 @@ jobs:
|
||||
if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then
|
||||
docker tag "$_AZ_REGISTRY/web:latest" "$_AZ_REGISTRY/web:dryrun"
|
||||
docker tag "$_AZ_REGISTRY/web:latest" "$_AZ_REGISTRY/web-sh:dryrun"
|
||||
docker tag "$_AZ_REGISTRY/web:latest" "$_GHCR_REGISTRY/web:dryrun"
|
||||
docker tag "$_AZ_REGISTRY/web:latest" "$_GHCR_REGISTRY/web-sh:dryrun"
|
||||
else
|
||||
docker tag "$_AZ_REGISTRY/web:$_BRANCH_NAME" "$_AZ_REGISTRY/web:$_RELEASE_VERSION"
|
||||
docker tag "$_AZ_REGISTRY/web:$_BRANCH_NAME" "$_AZ_REGISTRY/web-sh:$_RELEASE_VERSION"
|
||||
docker tag "$_AZ_REGISTRY/web:$_BRANCH_NAME" "$_AZ_REGISTRY/web:latest"
|
||||
docker tag "$_AZ_REGISTRY/web:$_BRANCH_NAME" "$_AZ_REGISTRY/web-sh:latest"
|
||||
docker tag "$_AZ_REGISTRY/web:$_BRANCH_NAME" "$_GHCR_REGISTRY/web:$_RELEASE_VERSION"
|
||||
docker tag "$_AZ_REGISTRY/web:$_BRANCH_NAME" "$_GHCR_REGISTRY/web-sh:$_RELEASE_VERSION"
|
||||
docker tag "$_AZ_REGISTRY/web:$_BRANCH_NAME" "$_GHCR_REGISTRY/web:latest"
|
||||
docker tag "$_AZ_REGISTRY/web:$_BRANCH_NAME" "$_GHCR_REGISTRY/web-sh:latest"
|
||||
fi
|
||||
|
||||
- name: Push version
|
||||
@ -126,11 +141,17 @@ jobs:
|
||||
if [[ "${{ inputs.publish_type }}" == "Dry Run" ]]; then
|
||||
docker push "$_AZ_REGISTRY/web:dryrun"
|
||||
docker push "$_AZ_REGISTRY/web-sh:dryrun"
|
||||
docker push "$_GHCR_REGISTRY/web:dryrun"
|
||||
docker push "$_GHCR_REGISTRY/web-sh:dryrun"
|
||||
else
|
||||
docker push "$_AZ_REGISTRY/web:$_RELEASE_VERSION"
|
||||
docker push "$_AZ_REGISTRY/web-sh:$_RELEASE_VERSION"
|
||||
docker push "$_AZ_REGISTRY/web:latest"
|
||||
docker push "$_AZ_REGISTRY/web-sh:latest"
|
||||
docker push "$_GHCR_REGISTRY/web:$_RELEASE_VERSION"
|
||||
docker push "$_GHCR_REGISTRY/web-sh:$_RELEASE_VERSION"
|
||||
docker push "$_GHCR_REGISTRY/web:latest"
|
||||
docker push "$_GHCR_REGISTRY/web-sh:latest"
|
||||
fi
|
||||
|
||||
- name: Log out from Azure
|
||||
@ -155,7 +176,9 @@ jobs:
|
||||
deployment-id: ${{ steps.deployment.outputs.deployment_id }}
|
||||
|
||||
- name: Log out of Docker
|
||||
run: docker logout
|
||||
run: |
|
||||
docker logout "$_AZ_REGISTRY"
|
||||
docker logout ghcr.io
|
||||
|
||||
bitwarden-lite-build:
|
||||
name: Trigger Bitwarden lite build
|
||||
|
||||
Loading…
Reference in New Issue
Block a user