Skip to content

Commit

Permalink
[DEVOPS-1786] Update release pipeline for PHP SDK (#659)
Browse files Browse the repository at this point in the history 
## Type of change

<!-- (mark with an `X`) -->

```
- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [x] Build/deploy pipeline (DevOps)
- [ ] Other
```

## Objective

Update release pipeline for PHP SDK.

<!--Describe what the purpose of this PR is. For example: what bug
you're fixing or what new feature you're adding-->

## Code changes

<!--Explain the changes you've made to each file or major component.
This should help the reviewer understand your changes-->
<!--Also refer to any related changes or PRs in other repositories-->

- **file.ext:** Description of what was changed and why

## Before you submit

- Please add **unit tests** where it makes sense to do so
  • Loading branch information
@michalchecinski
michalchecinski authored Mar 19, 2024
1 parent b6d36ea commit a518551
Show file tree
Hide file tree
Showing 3 changed files with 239 additions and 38 deletions.
267 changes: 230 additions & 37 deletions .github/workflows/publish-php.yml
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,50 @@
name: Publish PHP SDK
run-name: Publish PHP SDK ${{ inputs.release_type }}

on:
push:
branches:
- main
workflow_dispatch:
inputs:
release_type:
description: "Release Options"
required: true
default: "Release"
type: choice
options:
- Release
- Dry Run

env:
_KEY_VAULT: "bitwarden-ci"

jobs:
build_rust:
uses: ./.github/workflows/build-rust-cross-platform.yml
validate:
name: Setup
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

setup_php:
- name: Branch check
if: ${{ inputs.release_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
echo "==================================="
echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
echo "==================================="
exit 1
fi
- name: Get version
id: version
run: |
VERSION=$(cat languages/php/composer.json | grep -Eo '"version": "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
echo "version=$VERSION" >> $GITHUB_OUTPUT
setup-php:
name: Setup PHP
runs-on: ubuntu-22.04
needs:
- build_rust

steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand All @@ -32,44 +62,207 @@ jobs:
composer validate
working-directory: languages/php/

- name: Download x86_64-apple-darwin files
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
repo-sync:
name: Push changed files to SDK PHP repo
runs-on: ubuntu-22.04
needs:
- validate
- setup-php
env:
_BOT_EMAIL: [email protected]
_BOT_NAME: bitwarden-devops-bot
_PKG_VERSION: ${{ needs.validate.outputs.version }}
steps:
- name: Checkout SDK repo
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0
with:
name: libbitwarden_c_files-x86_64-apple-darwin
path: temp/macos-x64
path: sdk

- name: Download aarch64-apple-darwin files
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
- name: Login to Azure - Prod Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
name: libbitwarden_c_files-aarch64-apple-darwin
path: temp/macos-arm64
creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}

- name: Download x86_64-unknown-linux-gnu files
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c
with:
name: libbitwarden_c_files-x86_64-unknown-linux-gnu
path: temp/linux-x64
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope"

- name: Download x86_64-pc-windows-msvc files
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
- name: Checkout SDK-PHP repo
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0
with:
name: libbitwarden_c_files-x86_64-pc-windows-msvc
path: temp/windows-x64
repository: bitwarden/sm-sdk-php
path: sm-sdk-php
ref: main
token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}

- name: Copy lib files
- name: Setup Git
working-directory: sm-sdk-php
run: |
mkdir -p languages/php/src/lib/macos-arm64
mkdir -p languages/php/src/lib/linux-x64
mkdir -p languages/php/src/lib/macos-x64
mkdir -p languages/php/src/lib/windows-x64
git config --local user.email "${{ env._BOT_EMAIL }}"
git config --local user.name "${{ env._BOT_NAME }}"
platforms=("macos-arm64" "linux-x64" "macos-x64" "windows-x64")
files=("libbitwarden_c.dylib" "libbitwarden_c.so" "libbitwarden_c.dylib" "bitwarden_c.dll")
- name: Update files
run: |
# Copy files to local sm-sdk-php repo path
cp --verbose -rf sdk/languages/php/. sm-sdk-php
- name: Replace repo name
working-directory: sm-sdk-php
run: |
find . -name '*' -exec \
sed -i -e 's/github.com\/bitwarden\/sdk\/languages\/php/github.com\/bitwarden\/sm-sdk-php/g' {} \;
for ((i=0; i<${#platforms[@]}; i++)); do
cp "temp/${platforms[$i]}/${files[$i]}" "languages/php/src/lib/${platforms[$i]}/${files[$i]}"
done
find . -name '*' -exec \
sed -i -e 's/github.com\/bitwarden\/sdk/github.com\/bitwarden\/sm-sdk-php/g' {} \;
- name: Push changes
working-directory: sm-sdk-php
run: |
git add .
git commit -m "Update Go SDK to ${{ github.sha }}"
if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then
echo "==================================="
echo "[!] Dry Run - Skipping push"
echo "==================================="
git ls-files -m
exit 0
else
git push origin main
fi
- name: Create release tag on SDK Go repo
if: ${{ inputs.release_type != 'Dry Run' }}
working-directory: sm-sdk-php
run: |
# Check if tag exists, set output then exit 0 if true.
if git log v${{ env._PKG_VERSION }} >/dev/null 2>&1; then
echo "==================================="
echo "[!] Tag v${{ env._PKG_VERSION }} already exists"
echo "==================================="
exit 1
fi
git tag v${{ env._PKG_VERSION }}
git push origin v${{ env._PKG_VERSION }}
github-release:
name: GitHub Release
runs-on: ubuntu-22.04
needs:
- setup-php
- repo-sync
- validate
env:
_PKG_VERSION: ${{ needs.validate.outputs.version }}
steps:
- name: Login to Azure - Prod Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope"

- name: Download x86_64-apple-darwin artifact
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-rust-cross-platform.yml
workflow_conclusion: success
branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }}
artifacts: libbitwarden_c_files-x86_64-apple-darwin
skip_unpack: true

- name: Download aarch64-apple-darwin artifact
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-rust-cross-platform.yml
workflow_conclusion: success
branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }}
artifacts: libbitwarden_c_files-aarch64-apple-darwin
skip_unpack: true

- name: Download x86_64-unknown-linux-gnu artifact
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-rust-cross-platform.yml
workflow_conclusion: success
branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }}
artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu
skip_unpack: true

- name: Download x86_64-pc-windows-msvc artifact
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-rust-cross-platform.yml
workflow_conclusion: success
branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }}
artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc
skip_unpack: true

- name: Rename build artifacts
run: |
mv libbitwarden_c_files-x86_64-apple-darwin.zip libbitwarden_c_files-x86_64-apple-darwin-$_PKG_VERSION.zip
mv libbitwarden_c_files-aarch64-apple-darwin.zip libbitwarden_c_files-aarch64-apple-darwin-$_PKG_VERSION.zip
mv libbitwarden_c_files-x86_64-unknown-linux-gnu.zip libbitwarden_c_files-x86_64-unknown-linux-gnu-$_PKG_VERSION.zip
mv libbitwarden_c_files-x86_64-pc-windows-msvc.zip libbitwarden_c_files-x86_64-pc-windows-msvc-$_PKG_VERSION.zip
- name: Create release
if: ${{ inputs.release_type != 'Dry Run' }}
uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0
with:
tag: v${{ env._PKG_VERSION }}
name: v${{ env._PKG_VERSION }}
body: "<insert release notes here>"
token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
draft: true
repo: sm-sdk-php
owner: bitwarden
artifacts: "libbitwarden_c_files-x86_64-apple-darwin-${{ env._PKG_VERSION }}.zip,
libbitwarden_c_files-aarch64-apple-darwin-${{ env._PKG_VERSION }}.zip,
libbitwarden_c_files-x86_64-unknown-linux-gnu-${{ env._PKG_VERSION }}.zip,
libbitwarden_c_files-x86_64-pc-windows-msvc-${{ env._PKG_VERSION }}.zip"

packagist-publish:
name: Publish to Packagist
runs-on: ubuntu-22.04
needs:
- validate
- setup-php
- repo-sync
- github-release
steps:
- name: Login to Azure - Prod Subscription
uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
with:
creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope,
packagist-key"

- name: Checkout SDK-PHP repo
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0
with:
repository: bitwarden/sm-sdk-php
path: sm-sdk-php
ref: main
token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}

- name: Publish version
run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=malirobot&apiToken=${{secrets.PACKAGIST_KEY}}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/sdk"}}'
working-directory: languages/php/
if: ${{ inputs.release_type != 'Dry Run' }}
env:
PACKAGIST_KEY: ${{ steps.retrieve-secrets.outputs.packagist-key }}
run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=bitwarden&apiToken=${{ env.PACKAGIST_KEY }}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/sdk-secrets"}}'
working-directory: sm-sdk-php
7 changes: 7 additions & 0 deletions .github/workflows/version-bump.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ on:
- python-sdk
- ruby-sdk
- go-sdk
- php-sdk
version_number:
description: "New version (example: '2024.1.0')"
required: true
Expand Down Expand Up @@ -162,6 +163,12 @@ jobs:
if: ${{ inputs.project == 'go-sdk' }}
run: sed -i 's/[0-9]\.[0-9]\.[0-9]/${{ inputs.version_number }}/' ./languages/go/.version

### php sdk
- name: Bump php-sdk Version
if: ${{ inputs.project == 'php-sdk' }}
run: |
sed -i 's/"version": "[0-9]\.[0-9]\.[0-9]"/"version": "${{ inputs.version_number }}"/' ./languages/php/composer.json
############################
# VERSION BUMP SECTION END #
############################
Expand Down
3 changes: 2 additions & 1 deletion languages/php/composer.json
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
{
"name": "bitwarden/sdk",
"name": "bitwarden/sdk-secrets",
"description": "PHP bindings for interacting with the Bitwarden Secrets Manager. This is a beta release and might be missing some functionality.",
"type": "library",
"keywords": ["bitwarden","sdk","password-manager"],
"homepage": "https://github.com/bitwarden/sdk",
"version": "0.1.0",
"require": {
"php": "^8.0",
"swaggest/json-schema": "^0.12.42",
Expand Down

0 comments on commit a518551

Please sign in to comment.