1919jobs :
2020 lint :
2121 name : Lint
22- runs-on : ubuntu-22 .04
22+ runs-on : ubuntu-24 .04
2323 steps :
2424 - name : Check out repo
2525 uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -33,46 +33,62 @@ jobs:
3333 run : dotnet format --verify-no-changes
3434
3535 build-artifacts :
36- name : Build artifacts
37- runs-on : ubuntu-22 .04
36+ name : Build Docker images
37+ runs-on : ubuntu-24 .04
3838 needs :
3939 - lint
4040 outputs :
4141 has_secrets : ${{ steps.check-secrets.outputs.has_secrets }}
42+ permissions :
43+ security-events : write
44+ id-token : write
4245 strategy :
4346 fail-fast : false
4447 matrix :
4548 include :
4649 - project_name : Admin
4750 base_path : ./src
51+ dotnet : true
4852 node : true
4953 - project_name : Api
5054 base_path : ./src
55+ dotnet : true
56+ - project_name : Attachments
57+ base_path : ./util
5158 - project_name : Billing
5259 base_path : ./src
60+ dotnet : true
5361 - project_name : Events
5462 base_path : ./src
63+ dotnet : true
5564 - project_name : EventsProcessor
5665 base_path : ./src
66+ dotnet : true
5767 - project_name : Icons
5868 base_path : ./src
69+ dotnet : true
5970 - project_name : Identity
6071 base_path : ./src
72+ dotnet : true
73+ - project_name : MsSql
74+ base_path : ./util
6175 - project_name : MsSqlMigratorUtility
6276 base_path : ./util
6377 dotnet : true
78+ - project_name : Nginx
79+ base_path : ./util
6480 - project_name : Notifications
6581 base_path : ./src
82+ dotnet : true
6683 - project_name : Scim
6784 base_path : ./bitwarden_license/src
6885 dotnet : true
69- - project_name : Server
70- base_path : ./util
7186 - project_name : Setup
7287 base_path : ./util
88+ dotnet : true
7389 - project_name : Sso
7490 base_path : ./bitwarden_license/src
75- node : true
91+ dotnet : true
7692 steps :
7793 - name : Check secrets
7894 id : check-secrets
@@ -87,6 +103,18 @@ jobs:
87103 with :
88104 ref : ${{ github.event.pull_request.head.sha }}
89105
106+ - name : Check branch to publish
107+ env :
108+ PUBLISH_BRANCHES : " main,rc,hotfix-rc"
109+ id : publish-branch-check
110+ run : |
111+ IFS="," read -a publish_branches <<< $PUBLISH_BRANCHES
112+ if [[ " ${publish_branches[*]} " =~ " ${GITHUB_REF:11} " ]]; then
113+ echo "is_publish_branch=true" >> $GITHUB_ENV
114+ else
115+ echo "is_publish_branch=false" >> $GITHUB_ENV
116+ fi
117+
90118name : Set up .NET
91119 uses : actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0
92120
@@ -115,6 +143,7 @@ jobs:
115143
116144name : Publish project
117145 working-directory : ${{ matrix.base_path }}/${{ matrix.project_name }}
146+ if : ${{ matrix.dotnet }}
118147 run : |
119148 echo "Publish"
120149 dotnet publish -c "Release" -o obj/build-output/publish
@@ -128,87 +157,18 @@ jobs:
128157
129158name : Upload project artifact
130159 uses : actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
160+ if : ${{ matrix.dotnet }}
131161 with :
132162 name : ${{ matrix.project_name }}.zip
133163 path : ${{ matrix.base_path }}/${{ matrix.project_name }}/${{ matrix.project_name }}.zip
134164 if-no-files-found : error
135165
136- build-docker :
137- name : Build Docker images
138- runs-on : ubuntu-22.04
139- permissions :
140- security-events : write
141- id-token : write
142- needs :
143- - build-artifacts
144- if : ${{ needs.build-artifacts.outputs.has_secrets == 'true' }}
145- strategy :
146- fail-fast : false
147- matrix :
148- include :
149- - project_name : Admin
150- base_path : ./src
151- dotnet : true
152- - project_name : Api
153- base_path : ./src
154- dotnet : true
155- - project_name : Attachments
156- base_path : ./util
157- - project_name : Billing
158- base_path : ./src
159- dotnet : true
160- - project_name : Events
161- base_path : ./src
162- dotnet : true
163- - project_name : EventsProcessor
164- base_path : ./src
165- dotnet : true
166- - project_name : Icons
167- base_path : ./src
168- dotnet : true
169- - project_name : Identity
170- base_path : ./src
171- dotnet : true
172- - project_name : MsSql
173- base_path : ./util
174- - project_name : MsSqlMigratorUtility
175- base_path : ./util
176- dotnet : true
177- - project_name : Nginx
178- base_path : ./util
179- - project_name : Notifications
180- base_path : ./src
181- dotnet : true
182- - project_name : Scim
183- base_path : ./bitwarden_license/src
184- dotnet : true
185- - project_name : Server
186- base_path : ./util
187- dotnet : true
188- - project_name : Setup
189- base_path : ./util
190- dotnet : true
191- - project_name : Sso
192- base_path : ./bitwarden_license/src
193- dotnet : true
194- steps :
195- - name : Check out repo
196- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
197- with :
198- ref : ${{ github.event.pull_request.head.sha }}
166+ # ######### Set up Docker ##########
167+ - name : Set up QEMU emulators
168+ uses : docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
199169
200- - name : Check branch to publish
201- env :
202- PUBLISH_BRANCHES : " main,rc,hotfix-rc"
203- id : publish-branch-check
204- run : |
205- IFS="," read -a publish_branches <<< $PUBLISH_BRANCHES
206-
207- if [[ " ${publish_branches[*]} " =~ " ${GITHUB_REF:11} " ]]; then
208- echo "is_publish_branch=true" >> $GITHUB_ENV
209- else
210- echo "is_publish_branch=false" >> $GITHUB_ENV
211- fi
170+ - name : Set up Docker Buildx
171+ uses : docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
212172
213173 # ######### ACRs ##########
214174 - name : Log in to Azure - production subscription
@@ -277,26 +237,24 @@ jobs:
277237 fi
278238 echo "tags=$TAGS" >> $GITHUB_OUTPUT
279239
280- name : Get build artifact
281- if : ${{ matrix.dotnet }}
282- uses : actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
283- with :
284- name : ${{ matrix.project_name }}.zip
285-
286- - name : Set up build artifact
287- if : ${{ matrix.dotnet }}
288- run : |
289- mkdir -p ${{ matrix.base_path}}/${{ matrix.project_name }}/obj/build-output/publish
290- unzip ${{ matrix.project_name }}.zip \
291- -d ${{ matrix.base_path }}/${{ matrix.project_name }}/obj/build-output/publish
240+ name : Generate image full name
241+ id : cache-name
242+ env :
243+ PROJECT_NAME : ${{ steps.setup.outputs.project_name }}
244+ run : echo "name=${_AZ_REGISTRY}/${PROJECT_NAME}:buildcache" >> $GITHUB_OUTPUT
292245
293246 - name : Build Docker image
294- id : build-docker
247+ id : build-artifacts
295248 uses : docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
296249 with :
297- context : ${{ matrix.base_path }}/${{ matrix.project_name }}
250+ cache-from : type=registry,ref=${{ steps.cache-name.outputs.name }}
251+ cache-to : type=registry,ref=${{ steps.cache-name.outputs.name}},mode=max
252+ context : .
298253 file : ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile
299- platforms : linux/amd64
254+ platforms : |
255+ linux/amd64,
256+ linux/arm/v7,
257+ linux/arm64
300258push : true
301259 tags : ${{ steps.image-tags.outputs.tags }}
302260 secrets : |
@@ -309,7 +267,7 @@ jobs:
309267 - name : Sign image with Cosign
310268 if : github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
311269 env :
312- DIGEST : ${{ steps.build-docker .outputs.digest }}
270+ DIGEST : ${{ steps.build-artifacts .outputs.digest }}
313271 TAGS : ${{ steps.image-tags.outputs.tags }}
314272 run : |
315273 IFS="," read -a tags <<< "${TAGS}"
@@ -336,8 +294,8 @@ jobs:
336294
337295 upload :
338296 name : Upload
339- runs-on : ubuntu-22 .04
340- needs : build-docker
297+ runs-on : ubuntu-24 .04
298+ needs : build-artifacts
341299 steps :
342300 - name : Check out repo
343301 uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -377,9 +335,9 @@ jobs:
377335
378336 # Run setup
379337 docker run -i --rm --name setup -v $STUB_OUTPUT/US:/bitwarden $SETUP_IMAGE \
380- dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin -cloud-region US
338+ /app/ Setup -stub 1 -install 1 -domain bitwarden.example.com -os lin -cloud-region US
381339 docker run -i --rm --name setup -v $STUB_OUTPUT/EU:/bitwarden $SETUP_IMAGE \
382- dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin -cloud-region EU
340+ /app/ Setup -stub 1 -install 1 -domain bitwarden.example.com -os lin -cloud-region EU
383341
384342 sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT
385343
@@ -512,7 +470,7 @@ jobs:
512470
513471 build-mssqlmigratorutility :
514472 name : Build MSSQL migrator utility
515- runs-on : ubuntu-22 .04
473+ runs-on : ubuntu-24 .04
516474 needs :
517475 - lint
518476 defaults :
@@ -568,9 +526,9 @@ jobs:
568526 if : |
569527 github.event_name != 'pull_request'
570528 && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc')
571- runs-on : ubuntu-22 .04
529+ runs-on : ubuntu-24 .04
572530 needs :
573- - build-docker
531+ - build-artifacts
574532 steps :
575533 - name : Log in to Azure - CI subscription
576534 uses : Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -604,7 +562,7 @@ jobs:
604562 if : github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
605563 runs-on : ubuntu-22.04
606564 needs :
607- - build-docker
565+ - build-artifacts
608566 steps :
609567 - name : Log in to Azure - CI subscription
610568 uses : Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -638,7 +596,6 @@ jobs:
638596 name : Setup Ephemeral Environment
639597 needs :
640598 - build-artifacts
641- - build-docker
642599 if : |
643600 needs.build-artifacts.outputs.has_secrets == 'true'
644601 && github.event_name == 'pull_request'
@@ -656,7 +613,6 @@ jobs:
656613 needs :
657614 - lint
658615 - build-artifacts
659- - build-docker
660616 - upload
661617 - build-mssqlmigratorutility
662618 - self-host-build
0 commit comments