mirror of
https://github.com/dani-garcia/bw_web_builds.git
synced 2026-07-09 15:39:04 -04:00
Compare commits
11 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
4c9856715c |
||
|
|
effbc848cf |
||
|
|
b9697bda30 |
||
|
|
c42b223356 |
||
|
|
8f826cd68c |
||
|
|
3054af7ccc |
||
|
|
8f2a546db1 |
||
|
|
5f384e70bf |
||
|
|
88e67d7c88 |
||
|
|
71d5a4cc45 |
||
|
|
71849564c9 |
5 changed files with 108 additions and 23 deletions
17
.github/workflows/ci.yml
vendored
17
.github/workflows/ci.yml
vendored
|
|
@ -1,43 +1,48 @@
|
|||
name: CI
|
||||
permissions: {}
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- ".github/workflows/ci.yml"
|
||||
- "patches/v20*.patch"
|
||||
- "resources/**"
|
||||
- "scripts/**"
|
||||
- "Dockerfile"
|
||||
|
||||
defaults:
|
||||
run:
|
||||
shell: bash
|
||||
|
||||
jobs:
|
||||
docker-build:
|
||||
name: Test building web-vault
|
||||
permissions:
|
||||
packages: write # Needed to upload packages and artifacts
|
||||
contents: read
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-24.04
|
||||
env:
|
||||
# Force docker to output the progress in plain
|
||||
BUILDKIT_PROGRESS: plain
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: Build and Extract
|
||||
shell: bash
|
||||
run: |
|
||||
make docker-extract
|
||||
|
||||
- name: Generate checksum
|
||||
shell: bash
|
||||
run: |
|
||||
echo "sha256sum: $(sha256sum container_builds/bw_web_vault.tar.gz)"
|
||||
|
||||
- name: "Upload web-vault artifact"
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
|
||||
with:
|
||||
name: web-vault
|
||||
compression-level: 0
|
||||
|
|
|
|||
44
.github/workflows/hadolint.yml
vendored
Normal file
44
.github/workflows/hadolint.yml
vendored
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
name: Hadolint
|
||||
permissions: {}
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
on: [ push, pull_request ]
|
||||
|
||||
defaults:
|
||||
run:
|
||||
shell: bash
|
||||
|
||||
jobs:
|
||||
hadolint:
|
||||
name: Validate Dockerfile syntax
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 30
|
||||
|
||||
steps:
|
||||
# Start Docker Buildx
|
||||
- name: Setup Docker Buildx
|
||||
uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0
|
||||
|
||||
# Checkout the repo
|
||||
- name: Checkout
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||
with:
|
||||
persist-credentials: false
|
||||
# End Checkout the repo
|
||||
|
||||
# Test Dockerfiles with hadolint
|
||||
- name: Run hadolint on Dockerfile
|
||||
uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
|
||||
with:
|
||||
dockerfile: Dockerfile
|
||||
# End Test Dockerfiles with hadolint
|
||||
|
||||
# Test Dockerfiles with docker build checks
|
||||
- name: Run docker build check
|
||||
run: |
|
||||
echo "Checking Dockerfile"
|
||||
docker build --check . -f Dockerfile
|
||||
# End Test Dockerfiles with docker build checks
|
||||
64
.github/workflows/release.yml
vendored
64
.github/workflows/release.yml
vendored
|
|
@ -1,11 +1,20 @@
|
|||
name: Release
|
||||
permissions: {}
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
||||
# Don't cancel other runs when creating a tag
|
||||
cancel-in-progress: ${{ github.ref_type == 'branch' }}
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- 'v[0-9]+.[0-9]+.[0-9]+*'
|
||||
|
||||
defaults:
|
||||
run:
|
||||
shell: bash
|
||||
|
||||
jobs:
|
||||
docker-build:
|
||||
name: Release web-vault
|
||||
|
|
@ -13,9 +22,9 @@ jobs:
|
|||
permissions:
|
||||
packages: write # Needed to upload packages and artifacts
|
||||
contents: read
|
||||
# attestations: write # Needed to generate an artifact attestation for a build
|
||||
# id-token: write # Needed to mint the OIDC token necessary to request a Sigstore signing certificate
|
||||
runs-on: ubuntu-latest
|
||||
attestations: write # Needed to generate an artifact attestation for a build
|
||||
id-token: write # Needed to mint the OIDC token necessary to request a Sigstore signing certificate
|
||||
runs-on: ubuntu-24.04
|
||||
env:
|
||||
# Force docker to output the progress in plain
|
||||
BUILDKIT_PROGRESS: plain
|
||||
|
|
@ -27,18 +36,19 @@ jobs:
|
|||
HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
# Determine Docker Tag
|
||||
- name: Init Variables
|
||||
id: vars
|
||||
shell: bash
|
||||
env:
|
||||
GITHUB_REF: ${{ github.ref }}
|
||||
run: |
|
||||
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
|
||||
if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
|
||||
DOCKER_TAG="${GITHUB_REF#refs/*/}"
|
||||
elif [[ "${{ github.ref }}" == refs/heads/* ]]; then
|
||||
elif [[ "${GITHUB_REF}" == refs/heads/* ]]; then
|
||||
DOCKER_TAG="testing"
|
||||
fi
|
||||
# We use `+build.n` to version patches when there was no change to the web-vault version from upstream
|
||||
|
|
@ -48,7 +58,7 @@ jobs:
|
|||
|
||||
# Login to Docker Hub
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
|
||||
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
|
@ -56,14 +66,16 @@ jobs:
|
|||
|
||||
- name: Tags for DockerHub
|
||||
if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
|
||||
shell: bash
|
||||
env:
|
||||
DOCKERHUB_REPO: ${{ vars.DOCKERHUB_REPO }}
|
||||
DOCKER_TAG: ${{ steps.vars.outputs.DOCKER_TAG }}
|
||||
run: |
|
||||
echo "tags=${tags:+${tags},}${{ vars.DOCKERHUB_REPO }}:${{ steps.vars.outputs.DOCKER_TAG }}" \
|
||||
echo "tags=${tags:+${tags},}${DOCKERHUB_REPO}:${DOCKER_TAG}" \
|
||||
| tee -a "${GITHUB_ENV}"
|
||||
|
||||
# Login to GitHub Container Registry
|
||||
- name: Login to GitHub Container Registry
|
||||
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
|
||||
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
|
|
@ -72,14 +84,38 @@ jobs:
|
|||
|
||||
- name: Tags for ghcr.io
|
||||
if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
|
||||
shell: bash
|
||||
env:
|
||||
GHCR_REPO: ${{ vars.GHCR_REPO }}
|
||||
DOCKER_TAG: ${{ steps.vars.outputs.DOCKER_TAG }}
|
||||
run: |
|
||||
echo "tags=${tags:+${tags},}${{ vars.GHCR_REPO }}:${{ steps.vars.outputs.DOCKER_TAG }}" \
|
||||
echo "tags=${tags:+${tags},}${GHCR_REPO}:${DOCKER_TAG}" \
|
||||
| tee -a "${GITHUB_ENV}"
|
||||
|
||||
- name: Setup Docker Buildx
|
||||
uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0
|
||||
with:
|
||||
cache-binary: false
|
||||
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
|
||||
uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0
|
||||
id: build
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: ${{ env.tags }}
|
||||
|
||||
- name: Attest - docker.io
|
||||
if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
|
||||
uses: actions/attest@a1948c3f048ba23858d222213b7c278aabede763 # v4.1.1
|
||||
with:
|
||||
subject-name: ${{ vars.DOCKERHUB_REPO }}
|
||||
subject-digest: ${{ steps.build.outputs.digest }}
|
||||
push-to-registry: true
|
||||
|
||||
- name: Attest - ghcr.io
|
||||
if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
|
||||
uses: actions/attest@a1948c3f048ba23858d222213b7c278aabede763 # v4.1.1
|
||||
with:
|
||||
subject-name: ${{ vars.GHCR_REPO }}
|
||||
subject-digest: ${{ steps.build.outputs.digest }}
|
||||
push-to-registry: true
|
||||
|
|
|
|||
|
|
@ -23,8 +23,8 @@ RUN node --version && npm --version
|
|||
# Can be a tag, release, but prefer a commit hash because it's not changeable
|
||||
# https://github.com/bitwarden/clients/commit/${VAULT_VERSION}
|
||||
#
|
||||
# Using https://github.com/vaultwarden/vw_web_builds/tree/v2026.3.1
|
||||
ARG VAULT_VERSION=cd1eb788b667bdf31aee2d8b32aae7718c59097e
|
||||
# Using https://github.com/vaultwarden/vw_web_builds/tree/v2026.6.2
|
||||
ARG VAULT_VERSION=5756400aa48cc39a73984461f8d7c0ddf6feaa28
|
||||
ENV VAULT_VERSION=$VAULT_VERSION
|
||||
ENV VAULT_FOLDER=bw_clients
|
||||
ENV CHECKOUT_TAGS=false
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
set -o pipefail -o errexit
|
||||
BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")"; pwd)/$(basename "${SP}")")
|
||||
|
||||
FALLBACK_WEBVAULT_VERSION=v2026.3.1
|
||||
FALLBACK_WEBVAULT_VERSION=v2026.6.2
|
||||
|
||||
# Error handling
|
||||
handle_error() {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue