From b8348c12b5468c077baf9cc5cae86f6dbfc74ecf Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 13 Mar 2024 11:14:34 +0100 Subject: [PATCH 1/6] Align publish PHP sdk with devops standards --- .github/workflows/publish-php.yml | 67 ++++++++++++++++++++++--------- 1 file changed, 49 insertions(+), 18 deletions(-) diff --git a/.github/workflows/publish-php.yml b/.github/workflows/publish-php.yml index 00b34c23f..61d1e7876 100644 --- a/.github/workflows/publish-php.yml +++ b/.github/workflows/publish-php.yml @@ -1,20 +1,25 @@ name: Publish PHP SDK +run-name: Publish PHP SDK ${{ inputs.release_type }} on: - push: - branches: - - main + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run -jobs: - build_rust: - uses: ./.github/workflows/build-rust-cross-platform.yml +env: + _KEY_VAULT: "bitwarden-ci" +jobs: setup_php: name: Setup PHP runs-on: ubuntu-22.04 - needs: - - build_rust - steps: - name: Checkout Repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -33,27 +38,39 @@ jobs: working-directory: languages/php/ - name: Download x86_64-apple-darwin files - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: bitwarden/gh-actions/download-artifacts@main with: - name: libbitwarden_c_files-x86_64-apple-darwin + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + artifacts: libbitwarden_c_files-x86_64-apple-darwin path: temp/macos-x64 - name: Download aarch64-apple-darwin files - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: bitwarden/gh-actions/download-artifacts@main with: - name: libbitwarden_c_files-aarch64-apple-darwin + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + artifacts: libbitwarden_c_files-aarch64-apple-darwin path: temp/macos-arm64 - name: Download x86_64-unknown-linux-gnu files - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: bitwarden/gh-actions/download-artifacts@main with: - name: libbitwarden_c_files-x86_64-unknown-linux-gnu + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu path: temp/linux-x64 - name: Download x86_64-pc-windows-msvc files - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: bitwarden/gh-actions/download-artifacts@main with: - name: libbitwarden_c_files-x86_64-pc-windows-msvc + workflow: build-rust-cross-platform.yml + workflow_conclusion: success + branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc path: temp/windows-x64 - name: Copy lib files @@ -70,6 +87,20 @@ jobs: cp "temp/${platforms[$i]}/${files[$i]}" "languages/php/src/lib/${platforms[$i]}/${files[$i]}" done + - name: Login to Azure - Prod Subscription + uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 + with: + creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c + with: + keyvault: ${{ env._KEY_VAULT }} + secrets: "packagist-key" + - name: Publish version - run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=malirobot&apiToken=${{secrets.PACKAGIST_KEY}}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/sdk"}}' + env: + PACKAGIST_KEY: ${{ steps.retrieve-secrets.outputs.packagist-key }} + run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=malirobot&apiToken=${{ env.PACKAGIST_KEY }}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/sdk"}}' working-directory: languages/php/ From 954f15bed013284b7695d0ce21616fa01ca2c3f9 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 13 Mar 2024 12:33:39 +0100 Subject: [PATCH 2/6] Add version to composer.json --- languages/php/composer.json | 1 + 1 file changed, 1 insertion(+) diff --git a/languages/php/composer.json b/languages/php/composer.json index 18b333eac..fd55b1b93 100644 --- a/languages/php/composer.json +++ b/languages/php/composer.json @@ -4,6 +4,7 @@ "type": "library", "keywords": ["bitwarden","sdk","password-manager"], "homepage": "https://github.com/bitwarden/sdk", + "version": "0.1.0", "require": { "php": "^8.0", "swaggest/json-schema": "^0.12.42", From 670eae3f67c6464753055c89c4925191d190d275 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Wed, 13 Mar 2024 12:33:52 +0100 Subject: [PATCH 3/6] Add php version update to version bump --- .github/workflows/version-bump.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 8298781fc..b4f41b5ef 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -21,6 +21,7 @@ on: - python-sdk - ruby-sdk - go-sdk + - php-sdk version_number: description: "New version (example: '2024.1.0')" required: true @@ -162,6 +163,12 @@ jobs: if: ${{ inputs.project == 'go-sdk' }} run: sed -i 's/[0-9]\.[0-9]\.[0-9]/${{ inputs.version_number }}/' ./languages/go/.version + ### php sdk + - name: Bump php-sdk Version + if: ${{ inputs.project == 'php-sdk' }} + run: | + sed -i 's/"version": "[0-9]\.[0-9]\.[0-9]"/"version": "${{ inputs.version_number }}"/' ./languages/php/composer.json + ############################ # VERSION BUMP SECTION END # ############################ From 5a3c0efd6491a05f4b965b868888f04e56fb09cd Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 14 Mar 2024 12:15:42 +0100 Subject: [PATCH 4/6] Change release pipeline --- .github/workflows/publish-php.yml | 208 ++++++++++++++++++++++++++---- languages/php/composer.json | 2 +- 2 files changed, 186 insertions(+), 24 deletions(-) diff --git a/.github/workflows/publish-php.yml b/.github/workflows/publish-php.yml index 61d1e7876..ca23d6f11 100644 --- a/.github/workflows/publish-php.yml +++ b/.github/workflows/publish-php.yml @@ -17,7 +17,32 @@ env: _KEY_VAULT: "bitwarden-ci" jobs: - setup_php: + validate: + name: Setup + runs-on: ubuntu-22.04 + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Branch check + if: ${{ inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + echo "===================================" + echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "===================================" + exit 1 + fi + + - name: Get version + id: version + run: | + VERSION=$(cat languages/php/composer.json | grep -Eo '"version": "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + setup-php: name: Setup PHP runs-on: ubuntu-22.04 steps: @@ -37,56 +62,183 @@ jobs: composer validate working-directory: languages/php/ - - name: Download x86_64-apple-darwin files + repo-sync: + name: Push changed files to SDK PHP repo + runs-on: ubuntu-22.04 + needs: + - validate + - setup-php + env: + _BOT_EMAIL: 106330231+bitwarden-devops-bot@users.noreply.github.com + _BOT_NAME: bitwarden-devops-bot + _PKG_VERSION: ${{ needs.validate.outputs.version }} + steps: + - name: Checkout SDK repo + uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0 + with: + path: sdk + + - name: Login to Azure - Prod Subscription + uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 + with: + creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c + with: + keyvault: ${{ env._KEY_VAULT }} + secrets: "github-pat-bitwarden-devops-bot-repo-scope" + + - name: Checkout SDK-PHP repo + uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0 + with: + repository: bitwarden/sm-sdk-php + path: sm-sdk-php + ref: main + token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} + + - name: Setup Git + working-directory: sm-sdk-php + run: | + git config --local user.email "${{ env._BOT_EMAIL }}" + git config --local user.name "${{ env._BOT_NAME }}" + + - name: Update files + run: | + # Copy files to local sm-sdk-php repo path + cp --verbose -rf sdk/languages/php/. sm-sdk-php + + - name: Replace repo name + working-directory: sm-sdk-php + run: | + find . -name '*' -exec \ + sed -i -e 's/github.com\/bitwarden\/sdk\/languages\/php/github.com\/bitwarden\/sm-sdk-go/g' {} \; + + find . -name '*' -exec \ + sed -i -e 's/github.com\/bitwarden\/sdk/github.com\/bitwarden\/sm-sdk-php/g' {} \; + + - name: Push changes + working-directory: sm-sdk-php + run: | + git add . + git commit -m "Update Go SDK to ${{ github.sha }}" + + if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then + echo "===================================" + echo "[!] Dry Run - Skipping push" + echo "===================================" + git ls-files -m + exit 0 + else + git push origin main + fi + + - name: Create release tag on SDK Go repo + if: ${{ inputs.release_type != 'Dry Run' }} + working-directory: sm-sdk-php + run: | + # Check if tag exists, set output then exit 0 if true. + if git log v${{ env._PKG_VERSION }} >/dev/null 2>&1; then + echo "===================================" + echo "[!] Tag v${{ env._PKG_VERSION }} already exists" + echo "===================================" + exit 1 + fi + + git tag v${{ env._PKG_VERSION }} + git push origin v${{ env._PKG_VERSION }} + + github-release: + name: GitHub Release + runs-on: ubuntu-22.04 + needs: + - setup-php + - repo-sync + - validate + env: + _PKG_VERSION: ${{ needs.validate.outputs.version }} + steps: + - name: Login to Azure - Prod Subscription + uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 + with: + creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c + with: + keyvault: ${{ env._KEY_VAULT }} + secrets: "github-pat-bitwarden-devops-bot-repo-scope" + + - name: Download x86_64-apple-darwin artifact uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-rust-cross-platform.yml workflow_conclusion: success branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: libbitwarden_c_files-x86_64-apple-darwin - path: temp/macos-x64 + skip_unpack: true - - name: Download aarch64-apple-darwin files + - name: Download aarch64-apple-darwin artifact uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-rust-cross-platform.yml workflow_conclusion: success branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: libbitwarden_c_files-aarch64-apple-darwin - path: temp/macos-arm64 + skip_unpack: true - - name: Download x86_64-unknown-linux-gnu files + - name: Download x86_64-unknown-linux-gnu artifact uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-rust-cross-platform.yml workflow_conclusion: success branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu - path: temp/linux-x64 + skip_unpack: true - - name: Download x86_64-pc-windows-msvc files + - name: Download x86_64-pc-windows-msvc artifact uses: bitwarden/gh-actions/download-artifacts@main with: workflow: build-rust-cross-platform.yml workflow_conclusion: success branch: ${{ inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc - path: temp/windows-x64 + skip_unpack: true - - name: Copy lib files + - name: Rename build artifacts run: | - mkdir -p languages/php/src/lib/macos-arm64 - mkdir -p languages/php/src/lib/linux-x64 - mkdir -p languages/php/src/lib/macos-x64 - mkdir -p languages/php/src/lib/windows-x64 + mv libbitwarden_c_files-x86_64-apple-darwin.zip libbitwarden_c_files-x86_64-apple-darwin-$_PKG_VERSION.zip + mv libbitwarden_c_files-aarch64-apple-darwin.zip libbitwarden_c_files-aarch64-apple-darwin-$_PKG_VERSION.zip + mv libbitwarden_c_files-x86_64-unknown-linux-gnu.zip libbitwarden_c_files-x86_64-unknown-linux-gnu-$_PKG_VERSION.zip + mv libbitwarden_c_files-x86_64-pc-windows-msvc.zip libbitwarden_c_files-x86_64-pc-windows-msvc-$_PKG_VERSION.zip - platforms=("macos-arm64" "linux-x64" "macos-x64" "windows-x64") - files=("libbitwarden_c.dylib" "libbitwarden_c.so" "libbitwarden_c.dylib" "bitwarden_c.dll") - - for ((i=0; i<${#platforms[@]}; i++)); do - cp "temp/${platforms[$i]}/${files[$i]}" "languages/php/src/lib/${platforms[$i]}/${files[$i]}" - done + - name: Create release + if: ${{ inputs.release_type != 'Dry Run' }} + uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0 + with: + tag: v${{ env._PKG_VERSION }} + name: v${{ env._PKG_VERSION }} + body: "" + token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} + draft: true + repo: sm-sdk-php + owner: bitwarden + artifacts: "libbitwarden_c_files-x86_64-apple-darwin-${{ env._PKG_VERSION }}.zip, + libbitwarden_c_files-aarch64-apple-darwin-${{ env._PKG_VERSION }}.zip, + libbitwarden_c_files-x86_64-unknown-linux-gnu-${{ env._PKG_VERSION }}.zip, + libbitwarden_c_files-x86_64-pc-windows-msvc-${{ env._PKG_VERSION }}.zip" + packagist-publish: + name: Publish to Packagist + runs-on: ubuntu-22.04 + needs: + - validate + - setup-php + - repo-sync + - github-release + steps: - name: Login to Azure - Prod Subscription uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: @@ -97,10 +249,20 @@ jobs: uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c with: keyvault: ${{ env._KEY_VAULT }} - secrets: "packagist-key" + secrets: "github-pat-bitwarden-devops-bot-repo-scope, + packagist-key" + + - name: Checkout SDK-PHP repo + uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0 + with: + repository: bitwarden/sm-sdk-php + path: sm-sdk-php + ref: main + token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} - name: Publish version + if: ${{ inputs.release_type != 'Dry Run' }} env: PACKAGIST_KEY: ${{ steps.retrieve-secrets.outputs.packagist-key }} - run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=malirobot&apiToken=${{ env.PACKAGIST_KEY }}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/sdk"}}' - working-directory: languages/php/ + run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=bitwarden&apiToken=${{ env.PACKAGIST_KEY }}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/bitwarden-sdk-secrets"}}' + working-directory: sm-sdk-php diff --git a/languages/php/composer.json b/languages/php/composer.json index fd55b1b93..f0c3148c6 100644 --- a/languages/php/composer.json +++ b/languages/php/composer.json @@ -1,5 +1,5 @@ { - "name": "bitwarden/sdk", + "name": "bitwarden/bitwarden-sdk-secrets", "description": "PHP bindings for interacting with the Bitwarden Secrets Manager. This is a beta release and might be missing some functionality.", "type": "library", "keywords": ["bitwarden","sdk","password-manager"], From 3647b64442c826a28c38a823f23512e7496429ef Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Thu, 14 Mar 2024 12:17:43 +0100 Subject: [PATCH 5/6] Change name of the php package --- .github/workflows/publish-php.yml | 2 +- languages/php/composer.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-php.yml b/.github/workflows/publish-php.yml index ca23d6f11..bce9aa3f3 100644 --- a/.github/workflows/publish-php.yml +++ b/.github/workflows/publish-php.yml @@ -264,5 +264,5 @@ jobs: if: ${{ inputs.release_type != 'Dry Run' }} env: PACKAGIST_KEY: ${{ steps.retrieve-secrets.outputs.packagist-key }} - run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=bitwarden&apiToken=${{ env.PACKAGIST_KEY }}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/bitwarden-sdk-secrets"}}' + run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=bitwarden&apiToken=${{ env.PACKAGIST_KEY }}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/sdk-secrets"}}' working-directory: sm-sdk-php diff --git a/languages/php/composer.json b/languages/php/composer.json index f0c3148c6..85447e72a 100644 --- a/languages/php/composer.json +++ b/languages/php/composer.json @@ -1,5 +1,5 @@ { - "name": "bitwarden/bitwarden-sdk-secrets", + "name": "bitwarden/sdk-secrets", "description": "PHP bindings for interacting with the Bitwarden Secrets Manager. This is a beta release and might be missing some functionality.", "type": "library", "keywords": ["bitwarden","sdk","password-manager"], From f0fd16e9a4e125359c6ee50cd48aad0ebf7aa525 Mon Sep 17 00:00:00 2001 From: Michal Checinski Date: Tue, 19 Mar 2024 10:52:13 +0100 Subject: [PATCH 6/6] fix --- .github/workflows/publish-php.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-php.yml b/.github/workflows/publish-php.yml index bce9aa3f3..aefeae60a 100644 --- a/.github/workflows/publish-php.yml +++ b/.github/workflows/publish-php.yml @@ -113,7 +113,7 @@ jobs: working-directory: sm-sdk-php run: | find . -name '*' -exec \ - sed -i -e 's/github.com\/bitwarden\/sdk\/languages\/php/github.com\/bitwarden\/sm-sdk-go/g' {} \; + sed -i -e 's/github.com\/bitwarden\/sdk\/languages\/php/github.com\/bitwarden\/sm-sdk-php/g' {} \; find . -name '*' -exec \ sed -i -e 's/github.com\/bitwarden\/sdk/github.com\/bitwarden\/sm-sdk-php/g' {} \;