bitwarden · michalchecinski · Mar 19, 2024 · Mar 13, 2024 · Mar 13, 2024 · Mar 13, 2024
@@ -1,20 +1,50 @@
 name: Publish PHP SDK
+run-name: Publish PHP SDK ${{ inputs.release_type }}
 
 on:
-  push:
-    branches:
-      - main
+  workflow_dispatch:
+    inputs:
+      release_type:
+        description: "Release Options"
+        required: true
+        default: "Release"
+        type: choice
+        options:
+          - Release
+          - Dry Run
+
+env:
+  _KEY_VAULT: "bitwarden-ci"
 
 jobs:
-  build_rust:
-    uses: ./.github/workflows/build-rust-cross-platform.yml
+  validate:
+    name: Setup
+    runs-on: ubuntu-22.04
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-  setup_php:
+      - name: Branch check
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        run: |
+          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
+            echo "==================================="
+            echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
+            echo "==================================="
+            exit 1
+          fi
+
+      - name: Get version
+        id: version
+        run: |
+          VERSION=$(cat languages/php/composer.json | grep -Eo '"version": "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+  setup-php:
     name: Setup PHP
     runs-on: ubuntu-22.04
-    needs:
-      - build_rust
-
     steps:
       - name: Checkout Repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -32,44 +62,207 @@ jobs:
           composer validate
         working-directory: languages/php/
 
-      - name: Download x86_64-apple-darwin files
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+  repo-sync:
+    name: Push changed files to SDK PHP repo
+    runs-on: ubuntu-22.04
+    needs:
+      - validate
+      - setup-php
+    env:
+      _BOT_EMAIL: [email protected]
+      _BOT_NAME: bitwarden-devops-bot
+      _PKG_VERSION: ${{ needs.validate.outputs.version }}
+    steps:
+      - name: Checkout SDK repo
+        uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0
         with:
-          name: libbitwarden_c_files-x86_64-apple-darwin
-          path: temp/macos-x64
+          path: sdk
 
-      - name: Download aarch64-apple-darwin files
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+      - name: Login to Azure - Prod Subscription
+        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
         with:
-          name: libbitwarden_c_files-aarch64-apple-darwin
-          path: temp/macos-arm64
+          creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}
 
-      - name: Download x86_64-unknown-linux-gnu files
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c
         with:
-          name: libbitwarden_c_files-x86_64-unknown-linux-gnu
-          path: temp/linux-x64
+          keyvault: ${{ env._KEY_VAULT }}
+          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
-      - name: Download x86_64-pc-windows-msvc files
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+      - name: Checkout SDK-PHP repo
+        uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0
         with:
-          name: libbitwarden_c_files-x86_64-pc-windows-msvc
-          path: temp/windows-x64
+          repository: bitwarden/sm-sdk-php
+          path: sm-sdk-php
+          ref: main
+          token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
 
-      - name: Copy lib files
+      - name: Setup Git
+        working-directory: sm-sdk-php
         run: |
-          mkdir -p languages/php/src/lib/macos-arm64
-          mkdir -p languages/php/src/lib/linux-x64
-          mkdir -p languages/php/src/lib/macos-x64
-          mkdir -p languages/php/src/lib/windows-x64
+          git config --local user.email "${{ env._BOT_EMAIL }}"
+          git config --local user.name "${{ env._BOT_NAME }}"
 
-          platforms=("macos-arm64" "linux-x64" "macos-x64" "windows-x64")
-          files=("libbitwarden_c.dylib" "libbitwarden_c.so" "libbitwarden_c.dylib" "bitwarden_c.dll")
+      - name: Update files
+        run: |
+          # Copy files to local sm-sdk-php repo path
+          cp --verbose -rf sdk/languages/php/. sm-sdk-php
+
+      - name: Replace repo name
+        working-directory: sm-sdk-php
+        run: |
+          find . -name '*' -exec \
+            sed -i -e 's/github.com\/bitwarden\/sdk\/languages\/php/github.com\/bitwarden\/sm-sdk-php/g' {} \;
 
-          for ((i=0; i<${#platforms[@]}; i++)); do
-            cp "temp/${platforms[$i]}/${files[$i]}" "languages/php/src/lib/${platforms[$i]}/${files[$i]}"
-          done
+          find . -name '*' -exec \
+            sed -i -e 's/github.com\/bitwarden\/sdk/github.com\/bitwarden\/sm-sdk-php/g' {} \;
+
+      - name: Push changes
+        working-directory: sm-sdk-php
+        run: |
+          git add .
+          git commit -m "Update Go SDK to ${{ github.sha }}"
+
+          if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then
+            echo "==================================="
+            echo "[!] Dry Run - Skipping push"
+            echo "==================================="
+            git ls-files -m
+            exit 0
+          else
+            git push origin main
+          fi
+
+      - name: Create release tag on SDK Go repo
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        working-directory: sm-sdk-php
+        run: |
+          # Check if tag exists, set output then exit 0 if true.
+          if git log v${{ env._PKG_VERSION }} >/dev/null 2>&1; then
+            echo "==================================="
+            echo "[!] Tag v${{ env._PKG_VERSION }} already exists"
+            echo "==================================="
+            exit 1
+          fi
+
+          git tag v${{ env._PKG_VERSION }}
+          git push origin v${{ env._PKG_VERSION }}
+
+  github-release:
+    name: GitHub Release
+    runs-on: ubuntu-22.04
+    needs:
+      - setup-php
+      - repo-sync
+      - validate
+    env:
+      _PKG_VERSION: ${{ needs.validate.outputs.version }}
+    steps:
+      - name: Login to Azure - Prod Subscription
+        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
+        with:
+          creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c
+        with:
+          keyvault: ${{ env._KEY_VAULT }}
+          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
+
+      - name: Download x86_64-apple-darwin artifact
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-rust-cross-platform.yml
+          workflow_conclusion: success
+          branch: ${{ inputs.release_type == 'Dry Run' && 'main' ||  github.ref_name }}
+          artifacts: libbitwarden_c_files-x86_64-apple-darwin
+          skip_unpack: true
+
+      - name: Download aarch64-apple-darwin artifact
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-rust-cross-platform.yml
+          workflow_conclusion: success
+          branch: ${{ inputs.release_type == 'Dry Run' && 'main' ||  github.ref_name }}
+          artifacts: libbitwarden_c_files-aarch64-apple-darwin
+          skip_unpack: true
+
+      - name: Download x86_64-unknown-linux-gnu artifact
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-rust-cross-platform.yml
+          workflow_conclusion: success
+          branch: ${{ inputs.release_type == 'Dry Run' && 'main' ||  github.ref_name }}
+          artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu
+          skip_unpack: true
+
+      - name: Download x86_64-pc-windows-msvc artifact
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-rust-cross-platform.yml
+          workflow_conclusion: success
+          branch: ${{ inputs.release_type == 'Dry Run' && 'main' ||  github.ref_name }}
+          artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc
+          skip_unpack: true
+
+      - name: Rename build artifacts
+        run: |
+          mv libbitwarden_c_files-x86_64-apple-darwin.zip libbitwarden_c_files-x86_64-apple-darwin-$_PKG_VERSION.zip
+          mv libbitwarden_c_files-aarch64-apple-darwin.zip libbitwarden_c_files-aarch64-apple-darwin-$_PKG_VERSION.zip
+          mv libbitwarden_c_files-x86_64-unknown-linux-gnu.zip libbitwarden_c_files-x86_64-unknown-linux-gnu-$_PKG_VERSION.zip
+          mv libbitwarden_c_files-x86_64-pc-windows-msvc.zip libbitwarden_c_files-x86_64-pc-windows-msvc-$_PKG_VERSION.zip
+
+      - name: Create release
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0
+        with:
+          tag: v${{ env._PKG_VERSION }}
+          name: v${{ env._PKG_VERSION }}
+          body: "<insert release notes here>"
+          token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+          draft: true
+          repo: sm-sdk-php
+          owner: bitwarden
+          artifacts: "libbitwarden_c_files-x86_64-apple-darwin-${{ env._PKG_VERSION }}.zip,
+            libbitwarden_c_files-aarch64-apple-darwin-${{ env._PKG_VERSION }}.zip,
+            libbitwarden_c_files-x86_64-unknown-linux-gnu-${{ env._PKG_VERSION }}.zip,
+            libbitwarden_c_files-x86_64-pc-windows-msvc-${{ env._PKG_VERSION }}.zip"
+
+  packagist-publish:
+    name: Publish to Packagist
+    runs-on: ubuntu-22.04
+    needs:
+      - validate
+      - setup-php
+      - repo-sync
+      - github-release
+    steps:
+      - name: Login to Azure - Prod Subscription
+        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
+        with:
+          creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c
+        with:
+          keyvault: ${{ env._KEY_VAULT }}
+          secrets: "github-pat-bitwarden-devops-bot-repo-scope,
+            packagist-key"
+
+      - name: Checkout SDK-PHP repo
+        uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0
+        with:
+          repository: bitwarden/sm-sdk-php
+          path: sm-sdk-php
+          ref: main
+          token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
 
       - name: Publish version
-        run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=malirobot&apiToken=${{secrets.PACKAGIST_KEY}}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/sdk"}}'
-        working-directory: languages/php/
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        env:
+          PACKAGIST_KEY: ${{ steps.retrieve-secrets.outputs.packagist-key }}
+        run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=bitwarden&apiToken=${{ env.PACKAGIST_KEY }}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/sdk-secrets"}}'
+        working-directory: sm-sdk-php
@@ -21,6 +21,7 @@ on:
           - python-sdk
           - ruby-sdk
           - go-sdk
+          - php-sdk
       version_number:
         description: "New version (example: '2024.1.0')"
         required: true
@@ -162,6 +163,12 @@ jobs:
         if: ${{ inputs.project == 'go-sdk' }}
         run: sed -i 's/[0-9]\.[0-9]\.[0-9]/${{ inputs.version_number }}/' ./languages/go/.version
 
+      ### php sdk
+      - name: Bump php-sdk Version
+        if: ${{ inputs.project == 'php-sdk' }}
+        run: |
+          sed -i 's/"version": "[0-9]\.[0-9]\.[0-9]"/"version": "${{ inputs.version_number }}"/' ./languages/php/composer.json
+
       ############################
       # VERSION BUMP SECTION END #
       ############################

diff --git a/languages/php/composer.json b/languages/php/composer.json
@@ -1,9 +1,10 @@
 {
-  "name": "bitwarden/sdk",
+  "name": "bitwarden/sdk-secrets",
   "description": "PHP bindings for interacting with the Bitwarden Secrets Manager. This is a beta release and might be missing some functionality.",
   "type": "library",
   "keywords": ["bitwarden","sdk","password-manager"],
   "homepage": "https://github.com/bitwarden/sdk",
+  "version": "0.1.0",
   "require": {
     "php": "^8.0",
     "swaggest/json-schema": "^0.12.42",