.github/workflows/release.yml

---
name: Release

on:
  workflow_dispatch:
    inputs:
      release_type:
        description: 'Release Options'
        required: true
        default: 'Initial Release'
        type: choice
        options:
          - Initial Release
          - Redeploy
          - Dry Run

jobs:
  setup:
    name: Setup
    runs-on: ubuntu-20.04
    outputs:
      package_version: ${{ steps.retrieve-version.outputs.package_version }}
      branch-name: ${{ steps.branch.outputs.branch-name }}
    steps:
      - name: Branch check
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
        run: |
          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
            echo "==================================="
            echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
            echo "==================================="
            exit 1
          fi

      - name: Checkout repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4

      - name: Get Package Version
        id: retrieve-version
        run: |
          PKG_VERSION=$(jq -r .version src/package.json)
          echo "::set-output name=package_version::$PKG_VERSION"

      - name: Check to make sure Desktop release version has been bumped
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          latest_ver=$(hub release -L 1 -f '%T')
          latest_ver=${latest_ver:1}
          echo "Latest version: $latest_ver"
          ver=${{ steps.retrieve-version.outputs.package_version }}
          echo "Version: $ver"
          if [ "$latest_ver" = "$ver" ] && \
          [ "${{ github.event.inputs.release_type }}" == "Initial Release" ]; then
            echo "Version has not been bumped!"
            exit 1
          fi

      - name: Get branch name
        id: branch
        run: |
          BRANCH_NAME=$(basename ${{ github.ref }})
          echo "::set-output name=branch-name::$BRANCH_NAME"

      - name: Login to Azure
        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010
        with:
          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
        with:
          keyvault: "bitwarden-prod-kv"
          secrets: "aws-electron-access-id, aws-electron-access-key"

      - name: Download all artifacts
        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
        with:
          workflow: build.yml
          workflow_conclusion: success
          branch: ${{ steps.branch.outputs.branch-name }}
          path: ./artifacts

      - name: Rename .pkg to .pkg.archive
        env:
          PKG_VERSION: ${{ steps.retrieve-version.outputs.package_version }}
        working-directory: ./artifacts
        run: mv Bitwarden-${{ env.PKG_VERSION }}-universal.pkg Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive

      - name: Publish artifacts to S3
        env:
          AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }}
          AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }}
          AWS_DEFAULT_REGION: 'us-west-2'
        run: |
          aws s3 cp ./artifacts s3://public-s3-electron-artifacts/desktop/ \
          --acl "public-read" \
          --recursive \
          --quiet

      - name: Create release
        uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09  # v2.8.5
        env:
          PKG_VERSION: ${{ steps.retrieve-version.outputs.package_version }}
        with:
          artifacts: "artifacts/Bitwarden-${{ env.PKG_VERSION }}-amd64.deb,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-x86_64.rpm,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64.freebsd,
            artifacts/bitwarden_${{ env.PKG_VERSION }}_amd64.snap,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-x86_64.AppImage,
            artifacts/Bitwarden-Portable-${{ env.PKG_VERSION }}.exe,
            artifacts/Bitwarden-Installer-${{ env.PKG_VERSION }}.exe,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-ia32-store.appx,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-ia32.appx,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-ia32.nsis.7z,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64-store.appx,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64.appx,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-x64.nsis.7z,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-arm64-store.appx,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-arm64.appx,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-arm64.nsis.7z,
            artifacts/bitwarden.${{ env.PKG_VERSION }}.nupkg,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal-mac.zip,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.dmg,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.dmg.blockmap,
            artifacts/Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive"
          commit: ${{ github.sha }}
          tag: v${{ env.PKG_VERSION }}
          name: Version ${{ env.PKG_VERSION }}
          body: "<insert release notes here>"
          token: ${{ secrets.GITHUB_TOKEN }}
          draft: true

  snap:
    name: Deploy Snap
    runs-on: ubuntu-20.04
    needs: setup
    env:
      _PKG_VERSION: ${{ needs.setup.outputs.package_version }}
    steps:
      - name: Checkout Repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4

      - name: Login to Azure
        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
        with:
          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
        with:
          keyvault: "bitwarden-prod-kv"
          secrets: "snapcraft-store-token"

      - name: Install Snap
        uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d  # v1.2.0
        with:
          snapcraft_token: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }}

      - name: Setup
        run: mkdir dist

      - name: Download Snap artifact
        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
        with:
          workflow: build.yml
          workflow_conclusion: success
          branch: ${{ needs.setup.outputs.branch-name }}
          artifacts: bitwarden_${{ env._PKG_VERSION }}_amd64.snap
          path: ./dist

      - name: Deploy to Snap Store
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
        run: |
          snapcraft upload dist/bitwarden_${{ env._PKG_VERSION }}_amd64.snap --release stable
          snapcraft logout

  choco:
    name: Deploy Choco
    runs-on: windows-2019
    needs: setup
    env:
      _PKG_VERSION: ${{ needs.setup.outputs.package_version }}
    steps:
      - name: Checkout Repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4

      - name: Setup Chocolatey
        run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
        env:
          CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }}

      - name: Make dist dir
        shell: pwsh
        run: New-Item -ItemType directory -Path ./dist

      - name: Download choco artifact
        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
        with:
          workflow: build.yml
          workflow_conclusion: success
          branch: ${{ needs.setup.outputs.branch-name }}
          artifacts: bitwarden.${{ env._PKG_VERSION }}.nupkg
          path: ./dist

      - name: Push to Chocolatey
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
        shell: pwsh
        run: |
          cd dist
          choco push