Update core and web versions #263

Workflow file for this run

	name: Tests

	on:
	pull_request:
	paths:
	- 'charts/**'
	push:
	branches:
	- main
	paths:
	- 'charts/**'
	workflow_dispatch:

	jobs:
	test:
	name: Test Helm charts
	runs-on: ubuntu-22.04
	environment: Production
	steps:
	- name: Checkout repo
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 0

	- name: Set up Helm
	uses: Azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
	with:
	version: 'v3.13.1'

	- name: Login to Azure - CI Subscription
	uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
	with:
	creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

	- name: Retrieve secrets
	id: retrieve-secrets
	uses: bitwarden/gh-actions/get-keyvault-secrets@main
	with:
	keyvault: "bitwarden-ci"
	secrets: "helm-sm-operator-ci-test-access-token"

	- name: Set up lynx
	run: sudo apt install lynx

	- name: Set up Python
	uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
	with:
	python-version: '3.12'
	check-latest: true

	- name: Set up chart-testing
	uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

	- name: Run chart-testing (list-changed)
	id: list-changed
	run: \|
	CHANGED=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
	if [[ -n "$CHANGED" ]]; then
	echo "changed=true" >> $GITHUB_OUTPUT
	echo "changed-list=$CHANGED" >> $GITHUB_OUTPUT
	fi

	- name: Create kind cluster
	if: steps.list-changed.outputs.changed == 'true'
	uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
	with:
	config: .github/workflows/config/cluster.yaml

	- name: Set up cluster
	if: steps.list-changed.outputs.changed == 'true'
	run: \|
	installation_id=$(uuidgen)
	echo $installation_id
	installation_key=$(openssl rand -base64 12)
	sa_password=$(openssl rand -base64 12)
	cert_pass=$(openssl rand -base64 12)

	#TLS setup
	echo "Creating root CA cert"
	openssl req -x509 -sha256 -days 1 -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt -subj "/CN=Bitwarden Ingress" --passout pass:$cert_pass
	echo "Generating TLS key"
	openssl genrsa -out bitwarden.localhost.key 2048
	echo "Generating TLS cert"
	openssl req -key bitwarden.localhost.key -new -out bitwarden.localhost.csr --passin pass:$cert_pass -subj "/CN=bitwarden.localhost"

	echo "Signing TLS cert"
	cat > bitwarden.localhost.ext << EOF
	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:FALSE
	subjectAltName = @alt_names
	[alt_names]
	DNS.1 = bitwarden.localhost
	EOF

	openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in bitwarden.localhost.csr -out bitwarden.localhost.crt -days 1 -CAcreateserial -extfile bitwarden.localhost.ext --passin pass:$cert_pass

	echo "Exporting TLS certs to PEM"
	openssl x509 -in bitwarden.localhost.crt -out bitwarden.localhost.pem --passin pass:$cert_pass
	openssl x509 -in rootCA.crt -out rootCA.pem --passin pass:$cert_pass

	#Ingress
	kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
	kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission
	sudo echo "127.0.0.1 bitwarden.localhost" \| sudo tee -a /etc/hosts

	#Namespace
	kubectl create ns bitwarden

	kubectl config set-context --current --namespace=bitwarden

	#Secrets
	kubectl create secret generic custom-secret \
	--from-literal=globalSettings__installation__id=$installation_id \
	--from-literal=globalSettings__installation__key=$installation_key \
	--from-literal=globalSettings__mail__smtp__username="REPLACE" \
	--from-literal=globalSettings__mail__smtp__password="REPLACE" \
	--from-literal=globalSettings__yubico__clientId="REPLACE" \
	--from-literal=globalSettings__yubico__key="REPLACE" \
	--from-literal=SA_PASSWORD=$sa_password

	kubectl create secret tls tls-secret --cert=bitwarden.localhost.pem --key=bitwarden.localhost.key

	- name: Run chart-testing (install)
	if: steps.list-changed.outputs.changed == 'true'
	run: ct install --target-branch ${{ github.event.repository.default_branch }} --skip-clean-up --namespace bitwarden

	- name: Test install (self-host)
	if: steps.list-changed.outputs.changed == 'true' && contains(steps.list-changed.outputs.changed-list,'self-host')
	run: \|
	#For review purposes
	echo "***DEPLOYMENTS***"
	kubectl get deployments
	echo "***PODS***"
	kubectl get pods
	echo "***SERVICES***"
	kubectl get svc
	echo "***JOBS***"
	kubectl get jobs
	echo "***INGRESS***"
	kubectl describe ingress

	echo "***HOME***"
	home=$(curl -Ls https://bitwarden.localhost -w httpcode=%{http_code} --cacert rootCA.pem)
	echo $home \| lynx -stdin -dump -width=100
	httpCode=$(echo "${home}" \| grep -Po 'httpcode=\K(\d\d\d)')
	bodyCheck=$(echo "${home}" \| grep -Po 'Bitwarden Web Vault')
	if [[ ${httpCode} -ne 200 ]]; then
	echo "::error::ERROR: Home page failed to load. HTTP code was $httpCode"
	exit 1
	fi
	if [[ "$bodyCheck" != "Bitwarden Web Vault" ]]; then
	echo "::error::ERROR: Home page failed to load. Please check body output above."
	exit 1
	fi

	echo "Home OK."

	echo "***API/CONFIG***"
	config=$(curl -Ls https://bitwarden.localhost/api/config -w httpcode=%{http_code} --cacert rootCA.pem)
	echo $config \| lynx -stdin -dump -width=100
	httpCode=$(echo "${config}" \| grep -Po 'httpcode=\K(\d\d\d)')
	bodyCheck=$(echo "${config}" \| grep -Po '\"vault\":\"https://bitwarden\.localhost\"')
	if [[ ${httpCode} -ne 200 ]]; then
	echo "::error::ERROR: Home page failed to load. HTTP code was $httpCode"
	exit 1
	fi
	if [[ "$bodyCheck" != '"vault":"https://bitwarden.localhost"' ]]; then
	echo "::error::ERROR: API/Config page failed to load. Please check body output above."
	exit 1
	fi

	echo "API/Config OK."

	echo "***ADMIN***"
	admin=$(curl -Ls https://bitwarden.localhost/admin -w httpcode=%{http_code} --cacert rootCA.pem)
	echo $admin \| lynx -stdin -dump -width=100

	httpCode=$(echo "${admin}" \| grep -Po 'httpcode=\K(\d\d\d)')
	bodyCheck=$(echo "${admin}" \| grep -Po "We'll email you a secure login link")
	if [[ ${httpCode} -ne 200 ]]; then
	echo "::error::ERROR: Home page failed to load. HTTP code was $httpCode"
	exit 1
	fi
	if [[ "$bodyCheck" != "We'll email you a secure login link" ]]; then
	echo "::error::ERROR: Admin page failed to load. Please check body output above."
	exit 1
	fi

	echo "Admin OK."


	- name: Test install (sm-operator)
	if: steps.list-changed.outputs.changed == 'true' && contains(steps.list-changed.outputs.changed-list,'sm-operator')
	run: \|
	#For review purposes
	echo "***DEPLOYMENTS***"
	kubectl get deployments

	echo "***PODS***"
	pods=$(kubectl get pods -l app.kubernetes.io/name=sm-operator \| grep 2/2)
	echo $pods

	if [[ -z "$pods" ]]; then
	echo "::error::No pods found."
	exit 1
	fi

	echo "***CREATING AUTH SECRET***"
	kubectl create secret generic bw-auth-token -n bitwarden --from-literal=token="$AUTH_TOKEN"
	echo "***CREATING BW SECRET***"
	kubectl apply -f .github/workflows/config/sample-bw-secret.yaml

	# Sleeping while BitwardenSecret is being created and synced
	sleep 2s

	echo "***LOGS***"
	logs=$(kubectl logs -l app.kubernetes.io/name=sm-operator -c manager)
	echo "$logs"

	completed=$(echo "$logs"\| grep "Completed sync for bitwarden/bitwardensecret-sample")

	if [[ -z "$completed" ]]; then
	echo "::error::Secret did not sync."
	exit 1
	fi

	# Sleeping to ensure everything completes
	sleep 2s


	echo "***RESULTING SECRETS***"
	secrets=$(kubectl get secrets)
	echo "$secrets"

	secretCreated=$(echo "$secrets" \| grep -Po "bw-sample-secret\s+Opaque\s+3")

	if [[ -z "$secretCreated" ]]; then
	echo "::error::Secret not created correctly."
	exit 1
	fi

	echo "***OPERATOR OK***"
	env:
	AUTH_TOKEN: ${{ steps.retrieve-secrets.outputs.helm-sm-operator-ci-test-access-token }}

	- name: Clean-up
	if: steps.list-changed.outputs.changed == 'true'
	run: \|
	helm ls --all --short \| xargs -L1 helm delete
	kubectl delete ns bitwarden
	kind delete cluster

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update core and web versions #263

Workflow file

Update core and web versions #263

Jobs

Run details

Workflow file for this run