diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS deleted file mode 100644 index 3d036b84829..00000000000 --- a/.github/CODEOWNERS +++ /dev/null @@ -1,3 +0,0 @@ -/.github @dani-garcia @BlackDex -/.github/CODEOWNERS @dani-garcia @BlackDex -/.github/workflows/** @dani-garcia @BlackDex diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index 7656fd20394..00000000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1,3 +0,0 @@ -github: dani-garcia -liberapay: dani-garcia -custom: ["https://paypal.me/DaniGG"] diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 128c5f58f05..00000000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -name: Bug report -about: Use this ONLY for bugs in vaultwarden itself. Use the Discourse forum (link below) to request features or get help with usage/configuration. If in doubt, use the forum. -title: '' -labels: '' -assignees: '' - ---- - - - - -### Subject of the issue - - -### Deployment environment - - - - - - -* vaultwarden version: - - -* Install method: - -* Clients used: - -* Reverse proxy and version: - -* MySQL/MariaDB or PostgreSQL version: - -* Other relevant details: - -### Steps to reproduce - - -### Expected behaviour - - -### Actual behaviour - - -### Troubleshooting data - diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml deleted file mode 100644 index 51a76d39151..00000000000 --- a/.github/ISSUE_TEMPLATE/config.yml +++ /dev/null @@ -1,8 +0,0 @@ -blank_issues_enabled: false -contact_links: - - name: Discourse forum for vaultwarden - url: https://vaultwarden.discourse.group/ - about: Use this forum to request features or get help with usage/configuration. - - name: GitHub Discussions for vaultwarden - url: https://github.com/dani-garcia/vaultwarden/discussions - about: An alternative to the Discourse forum, if this is easier for you. diff --git a/.github/workflows/CLEVER_CLOUD.md b/.github/workflows/CLEVER_CLOUD.md new file mode 100644 index 00000000000..456dcb4d7b1 --- /dev/null +++ b/.github/workflows/CLEVER_CLOUD.md @@ -0,0 +1,51 @@ +# Clever Cloud deployment + +## Setup + +### Clever Cloud interface + +Create 2 Rust applications with the `XS` plan: +* `vaultwarden` + +And 1 PostgreSQL databases (version 15) with any plan that you will binding to each app accordingly: +* `vaultwarden` + +Add 1 FS Bucket addons: +* `vaultwarden` + +_(depending on when you created those addonds, don't forget to bind them to the appropriate application)_ + +Now set for the app these options: +* Zero downtime deployment +* Cancel ongoing deployment on new push +* Force HTTPS + +Adjust the domain names as you want, and configure the environment variables as follow: +* `ADMIN_TOKEN`: [SECRET] _(to enable admin panel, for detail see the [wiki](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token))_ +* `CC_CACHE_DEPENDENCIES`: `true` +* `CC_FS_BUCKET`: [GENERATED] _(can be retrieved from the FS Bucket addons and use `/data:` as local folder)_ +* `CC_POST_BUILD_HOOK`: `clevercloud/post_build_hook.sh` +* `CC_PRE_BUILD_HOOK`: `clevercloud/pre_build_hook.sh` +* `DATABASE_MAX_CONNS`: `1` _(only when using DEV plan on pg addon, to avoid `too many clients` error)_ +* `DATABASE_URL`: [GENERATED] _(provided by the interface)_ +* `DOMAIN`: [GENERATED] _(either your configured domain, or the cleverapp.io one provided by the interface)_ +* `ORG_GROUPS_ENABLED`: `true` +* `ROCKET_ADDRESS`: `0.0.0.0` +* `ROCKET_PORT`: `8080` + +### GitHub interface + +#### GitHub Actions + +Configure the following repository secrets (not environment ones): + +- `CLEVER_APP_ID`: [GENERATED] _(format `app_{uuid}`, can be retrieved into the Clever Cloud interface)_ +- `CLEVER_TOKEN`: [GENERATED] _(can be retrieved from `clever login`, but be warned it gives wide access)_ +- `CLEVER_SECRET`: [GENERATED] _(can be retrieved from `clever login`, but be warned it gives wide access)_ + +## Upgrade Vaultwarden version + +1. Synchronize your fork with the original repository +2. Search for the specific commit representing the wanted version +3. Rebase your `deploy` branche to it while making sure to not take third-party files into `.github`. Make also sure to keep local changes in `Cargo.toml` +4. Force-push the branch \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index f3e0b86e910..00000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,197 +0,0 @@ -name: Build - -on: - push: - paths: - - ".github/workflows/build.yml" - - "src/**" - - "migrations/**" - - "Cargo.*" - - "build.rs" - - "rust-toolchain.toml" - - "rustfmt.toml" - - "diesel.toml" - - "docker/Dockerfile.j2" - - "docker/DockerSettings.yaml" - pull_request: - paths: - - ".github/workflows/build.yml" - - "src/**" - - "migrations/**" - - "Cargo.*" - - "build.rs" - - "rust-toolchain.toml" - - "rustfmt.toml" - - "diesel.toml" - - "docker/Dockerfile.j2" - - "docker/DockerSettings.yaml" - -jobs: - build: - runs-on: ubuntu-22.04 - timeout-minutes: 120 - # Make warnings errors, this is to prevent warnings slipping through. - # This is done globally to prevent rebuilds when the RUSTFLAGS env variable changes. - env: - RUSTFLAGS: "-D warnings" - strategy: - fail-fast: false - matrix: - channel: - - "rust-toolchain" # The version defined in rust-toolchain - - "msrv" # The supported MSRV - - name: Build and Test ${{ matrix.channel }} - - steps: - # Checkout the repo - - name: "Checkout" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 - # End Checkout the repo - - - # Install dependencies - - name: "Install dependencies Ubuntu" - run: sudo apt-get update && sudo apt-get install -y --no-install-recommends openssl build-essential libmariadb-dev-compat libpq-dev libssl-dev pkg-config - # End Install dependencies - - - # Determine rust-toolchain version - - name: Init Variables - id: toolchain - shell: bash - run: | - if [[ "${{ matrix.channel }}" == 'rust-toolchain' ]]; then - RUST_TOOLCHAIN="$(grep -oP 'channel.*"(\K.*?)(?=")' rust-toolchain.toml)" - elif [[ "${{ matrix.channel }}" == 'msrv' ]]; then - RUST_TOOLCHAIN="$(grep -oP 'rust-version.*"(\K.*?)(?=")' Cargo.toml)" - else - RUST_TOOLCHAIN="${{ matrix.channel }}" - fi - echo "RUST_TOOLCHAIN=${RUST_TOOLCHAIN}" | tee -a "${GITHUB_OUTPUT}" - # End Determine rust-toolchain version - - - # Only install the clippy and rustfmt components on the default rust-toolchain - - name: "Install rust-toolchain version" - uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # master @ 2023-12-07 - 10:22 PM GMT+1 - if: ${{ matrix.channel == 'rust-toolchain' }} - with: - toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}" - components: clippy, rustfmt - # End Uses the rust-toolchain file to determine version - - - # Install the any other channel to be used for which we do not execute clippy and rustfmt - - name: "Install MSRV version" - uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # master @ 2023-12-07 - 10:22 PM GMT+1 - if: ${{ matrix.channel != 'rust-toolchain' }} - with: - toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}" - # End Install the MSRV channel to be used - - # Set the current matrix toolchain version as default - - name: "Set toolchain ${{steps.toolchain.outputs.RUST_TOOLCHAIN}} as default" - run: | - # Remove the rust-toolchain.toml - rm rust-toolchain.toml - # Set the default - rustup default ${{steps.toolchain.outputs.RUST_TOOLCHAIN}} - - # Show environment - - name: "Show environment" - run: | - rustc -vV - cargo -vV - # End Show environment - - # Enable Rust Caching - - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0 - with: - # Use a custom prefix-key to force a fresh start. This is sometimes needed with bigger changes. - # Like changing the build host from Ubuntu 20.04 to 22.04 for example. - # Only update when really needed! Use a .[.] format. - prefix-key: "v2023.07-rust" - # End Enable Rust Caching - - # Run cargo tests - # First test all features together, afterwards test them separately. - - name: "test features: sqlite,mysql,postgresql,enable_mimalloc" - id: test_sqlite_mysql_postgresql_mimalloc - if: $${{ always() }} - run: | - cargo test --features sqlite,mysql,postgresql,enable_mimalloc - - - name: "test features: sqlite,mysql,postgresql" - id: test_sqlite_mysql_postgresql - if: $${{ always() }} - run: | - cargo test --features sqlite,mysql,postgresql - - - name: "test features: sqlite" - id: test_sqlite - if: $${{ always() }} - run: | - cargo test --features sqlite - - - name: "test features: mysql" - id: test_mysql - if: $${{ always() }} - run: | - cargo test --features mysql - - - name: "test features: postgresql" - id: test_postgresql - if: $${{ always() }} - run: | - cargo test --features postgresql - # End Run cargo tests - - - # Run cargo clippy, and fail on warnings - - name: "clippy features: sqlite,mysql,postgresql,enable_mimalloc" - id: clippy - if: ${{ always() && matrix.channel == 'rust-toolchain' }} - run: | - cargo clippy --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings - # End Run cargo clippy - - - # Run cargo fmt (Only run on rust-toolchain defined version) - - name: "check formatting" - id: formatting - if: ${{ always() && matrix.channel == 'rust-toolchain' }} - run: | - cargo fmt --all -- --check - # End Run cargo fmt - - - # Check for any previous failures, if there are stop, else continue. - # This is useful so all test/clippy/fmt actions are done, and they can all be addressed - - name: "Some checks failed" - if: ${{ failure() }} - run: | - echo "### :x: Checks Failed!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "|Job|Status|" >> $GITHUB_STEP_SUMMARY - echo "|---|------|" >> $GITHUB_STEP_SUMMARY - echo "|test (sqlite,mysql,postgresql,enable_mimalloc)|${{ steps.test_sqlite_mysql_postgresql_mimalloc.outcome }}|" >> $GITHUB_STEP_SUMMARY - echo "|test (sqlite,mysql,postgresql)|${{ steps.test_sqlite_mysql_postgresql.outcome }}|" >> $GITHUB_STEP_SUMMARY - echo "|test (sqlite)|${{ steps.test_sqlite.outcome }}|" >> $GITHUB_STEP_SUMMARY - echo "|test (mysql)|${{ steps.test_mysql.outcome }}|" >> $GITHUB_STEP_SUMMARY - echo "|test (postgresql)|${{ steps.test_postgresql.outcome }}|" >> $GITHUB_STEP_SUMMARY - echo "|clippy (sqlite,mysql,postgresql,enable_mimalloc)|${{ steps.clippy.outcome }}|" >> $GITHUB_STEP_SUMMARY - echo "|fmt|${{ steps.formatting.outcome }}|" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "Please check the failed jobs and fix where needed." >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - exit 1 - - - # Check for any previous failures, if there are stop, else continue. - # This is useful so all test/clippy/fmt actions are done, and they can all be addressed - - name: "All checks passed" - if: ${{ success() }} - run: | - echo "### :tada: Checks Passed!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/clever-cloud.yml b/.github/workflows/clever-cloud.yml new file mode 100644 index 00000000000..b3a1f7b13f4 --- /dev/null +++ b/.github/workflows/clever-cloud.yml @@ -0,0 +1,23 @@ +name: Continuous Integration +on: + push: + branches: deploy +jobs: + requirements: + name: Continuous Integration + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + name: Fetch unshallow working copy + with: + fetch-depth: 0 + + - uses: 47ng/actions-clever-cloud@v1.3.1 + name: Deploy to Clever Cloud + with: + appID: ${{ secrets.CLEVER_APP_ID }} + force: true + quiet: true # disable copying into GitHub Actions all logs from Clever Cloud + env: + CLEVER_TOKEN: ${{ secrets.CLEVER_TOKEN }} + CLEVER_SECRET: ${{ secrets.CLEVER_SECRET }} diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml deleted file mode 100644 index 82acc926308..00000000000 --- a/.github/workflows/hadolint.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Hadolint - -on: [ - push, - pull_request - ] - -jobs: - hadolint: - name: Validate Dockerfile syntax - runs-on: ubuntu-22.04 - timeout-minutes: 30 - steps: - # Checkout the repo - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - # End Checkout the repo - - # Download hadolint - https://github.com/hadolint/hadolint/releases - - name: Download hadolint - shell: bash - run: | - sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint && \ - sudo chmod +x /usr/local/bin/hadolint - env: - HADOLINT_VERSION: 2.12.0 - # End Download hadolint - - # Test Dockerfiles - - name: Run hadolint - shell: bash - run: hadolint docker/Dockerfile.{debian,alpine} - # End Test Dockerfiles diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 4beab82c1a5..00000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,268 +0,0 @@ -name: Release - -on: - push: - paths: - - ".github/workflows/release.yml" - - "src/**" - - "migrations/**" - - "docker/**" - - "Cargo.*" - - "build.rs" - - "diesel.toml" - - "rust-toolchain.toml" - - branches: # Only on paths above - - main - - tags: # Always, regardless of paths above - - '*' - -jobs: - # https://github.com/marketplace/actions/skip-duplicate-actions - # Some checks to determine if we need to continue with building a new docker. - # We will skip this check if we are creating a tag, because that has the same hash as a previous run already. - skip_check: - runs-on: ubuntu-22.04 - if: ${{ github.repository == 'dani-garcia/vaultwarden' }} - outputs: - should_skip: ${{ steps.skip_check.outputs.should_skip }} - steps: - - name: Skip Duplicates Actions - id: skip_check - uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1 - with: - cancel_others: 'true' - # Only run this when not creating a tag - if: ${{ github.ref_type == 'branch' }} - - docker-build: - runs-on: ubuntu-22.04 - timeout-minutes: 120 - needs: skip_check - if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }} - # Start a local docker registry to extract the final Alpine static build binaries - services: - registry: - image: registry:2 - ports: - - 5000:5000 - env: - SOURCE_COMMIT: ${{ github.sha }} - SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}" - # The *_REPO variables need to be configured as repository variables - # Append `/settings/variables/actions` to your repo url - # DOCKERHUB_REPO needs to be 'index.docker.io//' - # Check for Docker hub credentials in secrets - HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} - # GHCR_REPO needs to be 'ghcr.io//' - # Check for Github credentials in secrets - HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }} - # QUAY_REPO needs to be 'quay.io//' - # Check for Quay.io credentials in secrets - HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }} - strategy: - matrix: - base_image: ["debian","alpine"] - - steps: - # Checkout the repo - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - fetch-depth: 0 - - - name: Initialize QEMU binfmt support - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - with: - platforms: "arm64,arm" - - # Start Docker Buildx - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - # https://github.com/moby/buildkit/issues/3969 - # Also set max parallelism to 2, the default of 4 breaks GitHub Actions - with: - config-inline: | - [worker.oci] - max-parallelism = 2 - driver-opts: | - network=host - - # Determine Base Tags and Source Version - - name: Determine Base Tags and Source Version - shell: bash - run: | - # Check which main tag we are going to build determined by github.ref_type - if [[ "${{ github.ref_type }}" == "tag" ]]; then - echo "BASE_TAGS=latest,${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_ENV}" - elif [[ "${{ github.ref_type }}" == "branch" ]]; then - echo "BASE_TAGS=testing" | tee -a "${GITHUB_ENV}" - fi - - # Get the Source Version for this release - GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null || true)" - if [[ -n "${GIT_EXACT_TAG}" ]]; then - echo "SOURCE_VERSION=${GIT_EXACT_TAG}" | tee -a "${GITHUB_ENV}" - else - GIT_LAST_TAG="$(git describe --tags --abbrev=0)" - echo "SOURCE_VERSION=${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" - fi - # End Determine Base Tags - - # Login to Docker Hub - - name: Login to Docker Hub - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }} - - - name: Add registry for DockerHub - if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }} - shell: bash - run: | - echo "CONTAINER_REGISTRIES=${{ vars.DOCKERHUB_REPO }}" | tee -a "${GITHUB_ENV}" - - # Login to GitHub Container Registry - - name: Login to GitHub Container Registry - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - if: ${{ env.HAVE_GHCR_LOGIN == 'true' }} - - - name: Add registry for ghcr.io - if: ${{ env.HAVE_GHCR_LOGIN == 'true' }} - shell: bash - run: | - echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.GHCR_REPO }}" | tee -a "${GITHUB_ENV}" - - - name: Add registry for ghcr.io - if: ${{ env.HAVE_GHCR_LOGIN == 'true' }} - shell: bash - run: | - echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.GHCR_REPO }}" | tee -a "${GITHUB_ENV}" - - # Login to Quay.io - - name: Login to Quay.io - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_TOKEN }} - if: ${{ env.HAVE_QUAY_LOGIN == 'true' }} - - - name: Add registry for Quay.io - if: ${{ env.HAVE_QUAY_LOGIN == 'true' }} - shell: bash - run: | - echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.QUAY_REPO }}" | tee -a "${GITHUB_ENV}" - - - name: Configure build cache from/to - shell: bash - run: | - # - # Check if there is a GitHub Container Registry Login and use it for caching - if [[ -n "${HAVE_GHCR_LOGIN}" ]]; then - echo "BAKE_CACHE_FROM=type=registry,ref=${{ vars.GHCR_REPO }}-buildcache:${{ matrix.base_image }}" | tee -a "${GITHUB_ENV}" - echo "BAKE_CACHE_TO=type=registry,ref=${{ vars.GHCR_REPO }}-buildcache:${{ matrix.base_image }},mode=max" | tee -a "${GITHUB_ENV}" - else - echo "BAKE_CACHE_FROM=" - echo "BAKE_CACHE_TO=" - fi - # - - - name: Add localhost registry - if: ${{ matrix.base_image == 'alpine' }} - shell: bash - run: | - echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}localhost:5000/vaultwarden/server" | tee -a "${GITHUB_ENV}" - - - name: Bake ${{ matrix.base_image }} containers - uses: docker/bake-action@849707117b03d39aba7924c50a10376a69e88d7d # v4.1.0 - env: - BASE_TAGS: "${{ env.BASE_TAGS }}" - SOURCE_COMMIT: "${{ env.SOURCE_COMMIT }}" - SOURCE_VERSION: "${{ env.SOURCE_VERSION }}" - SOURCE_REPOSITORY_URL: "${{ env.SOURCE_REPOSITORY_URL }}" - CONTAINER_REGISTRIES: "${{ env.CONTAINER_REGISTRIES }}" - with: - pull: true - push: true - files: docker/docker-bake.hcl - targets: "${{ matrix.base_image }}-multi" - set: | - *.cache-from=${{ env.BAKE_CACHE_FROM }} - *.cache-to=${{ env.BAKE_CACHE_TO }} - - - # Extract the Alpine binaries from the containers - - name: Extract binaries - if: ${{ matrix.base_image == 'alpine' }} - shell: bash - run: | - # Check which main tag we are going to build determined by github.ref_type - if [[ "${{ github.ref_type }}" == "tag" ]]; then - EXTRACT_TAG="latest" - elif [[ "${{ github.ref_type }}" == "branch" ]]; then - EXTRACT_TAG="testing" - fi - - # After each extraction the image is removed. - # This is needed because using different platforms doesn't trigger a new pull/download - - # Extract amd64 binary - docker create --name amd64 --platform=linux/amd64 "vaultwarden/server:${EXTRACT_TAG}-alpine" - docker cp amd64:/vaultwarden vaultwarden-amd64 - docker rm --force amd64 - docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine" - - # Extract arm64 binary - docker create --name arm64 --platform=linux/arm64 "vaultwarden/server:${EXTRACT_TAG}-alpine" - docker cp arm64:/vaultwarden vaultwarden-arm64 - docker rm --force arm64 - docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine" - - # Extract armv7 binary - docker create --name armv7 --platform=linux/arm/v7 "vaultwarden/server:${EXTRACT_TAG}-alpine" - docker cp armv7:/vaultwarden vaultwarden-armv7 - docker rm --force armv7 - docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine" - - # Extract armv6 binary - docker create --name armv6 --platform=linux/arm/v6 "vaultwarden/server:${EXTRACT_TAG}-alpine" - docker cp armv6:/vaultwarden vaultwarden-armv6 - docker rm --force armv6 - docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine" - - # Upload artifacts to Github Actions - - name: "Upload amd64 artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - if: ${{ matrix.base_image == 'alpine' }} - with: - name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-amd64 - path: vaultwarden-amd64 - - - name: "Upload arm64 artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - if: ${{ matrix.base_image == 'alpine' }} - with: - name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-arm64 - path: vaultwarden-arm64 - - - name: "Upload armv7 artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - if: ${{ matrix.base_image == 'alpine' }} - with: - name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv7 - path: vaultwarden-armv7 - - - name: "Upload armv6 artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - if: ${{ matrix.base_image == 'alpine' }} - with: - name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv6 - path: vaultwarden-armv6 - # End Upload artifacts to Github Actions diff --git a/.github/workflows/releasecache-cleanup.yml b/.github/workflows/releasecache-cleanup.yml deleted file mode 100644 index 6e66a3c1960..00000000000 --- a/.github/workflows/releasecache-cleanup.yml +++ /dev/null @@ -1,25 +0,0 @@ -on: - workflow_dispatch: - inputs: - manual_trigger: - description: "Manual trigger buildcache cleanup" - required: false - default: "" - - schedule: - - cron: '0 1 * * FRI' - -name: Cleanup -jobs: - releasecache-cleanup: - name: Releasecache Cleanup - runs-on: ubuntu-22.04 - timeout-minutes: 30 - steps: - - name: Delete vaultwarden-buildcache containers - uses: actions/delete-package-versions@0d39a63126868f5eefaa47169615edd3c0f61e20 # v4.1.1 - with: - package-name: 'vaultwarden-buildcache' - package-type: 'container' - min-versions-to-keep: 0 - delete-only-untagged-versions: 'false' diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml deleted file mode 100644 index b59e2ad6c5e..00000000000 --- a/.github/workflows/trivy.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: trivy - -on: - push: - branches: - - main - tags: - - '*' - pull_request: - branches: [ "main" ] - schedule: - - cron: '00 12 * * *' - -permissions: - contents: read - -jobs: - trivy-scan: - name: Check - runs-on: ubuntu-22.04 - timeout-minutes: 30 - permissions: - contents: read - security-events: write - actions: read - steps: - - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # v0.14.0 - with: - scan-type: repo - ignore-unfixed: true - format: sarif - output: trivy-results.sarif - severity: CRITICAL,HIGH - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@bad341350a2f5616f9e048e51360cedc49181ce8 # v2.22.4 - with: - sarif_file: 'trivy-results.sarif' diff --git a/.gitignore b/.gitignore index e991430e550..dc987dd90f7 100644 --- a/.gitignore +++ b/.gitignore @@ -13,4 +13,4 @@ data .env # Web vault -web-vault +web-vault \ No newline at end of file diff --git a/clevercloud/post_build_hook.sh b/clevercloud/post_build_hook.sh new file mode 100755 index 00000000000..b147ef22c49 --- /dev/null +++ b/clevercloud/post_build_hook.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +# Define the repository +repo="dani-garcia/bw_web_builds" + +# Use GitHub API to get the latest release data +json=$(curl -s "https://api.github.com/repos/$repo/releases/latest") + +# Extract the tag name (release name) from the JSON response +# release_name=$(echo "$json" | grep -Po '"tag_name": "\K.*?(?=")') +release_name=$(echo "$json" | awk -F '"' '/tag_name/ {print $4}') + +# Construct the asset download URL +asset_url="https://github.com/$repo/releases/download/$release_name/bw_web_${release_name}.tar.gz" + +# Download the asset +curl -L -o "bw_web_${release_name}.tar.gz" "$asset_url" + +# Extract the 'web-vault' folder from the tarball +tar -xzf "bw_web_${release_name}.tar.gz" "web-vault" + +# Remove the tarball +rm -rf "bw_web_${release_name}.tar.gz" + +# test "web-vault" folder exists +if [ -d "./web-vault" ]; then + echo "web-vault folder exists" +else + echo "web-vault folder does not exist" + exit 1 +fi \ No newline at end of file diff --git a/clevercloud/pre_build_hook.sh b/clevercloud/pre_build_hook.sh new file mode 100755 index 00000000000..8843c9466d1 --- /dev/null +++ b/clevercloud/pre_build_hook.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +sed -i 's/# default = \["sqlite"\]/default = ["postgresql"]/' ./Cargo.toml