From c3925a5184398b5167d8b9433a5d82033ec6b263 Mon Sep 17 00:00:00 2001
From: Lilian Saget-Lethias <lilian.sagetlethias@gmail.com>
Date: Tue, 16 Jan 2024 19:39:21 +0100
Subject: [PATCH] feat: update for ATE
---
.github/CODEOWNERS | 3 -
.github/FUNDING.yml | 3 -
.github/ISSUE_TEMPLATE/bug_report.md | 66 -----
.github/ISSUE_TEMPLATE/config.yml | 8 -
.github/workflows/CLEVER_CLOUD.md | 47 ++++
.github/workflows/build.yml | 197 ---------------
.github/workflows/clever-cloud.yml | 23 ++
.github/workflows/hadolint.yml | 33 ---
.github/workflows/release.yml | 268 ---------------------
.github/workflows/releasecache-cleanup.yml | 25 --
.github/workflows/trivy.yml | 42 ----
.gitignore | 2 +
Cargo.toml | 4 +-
build.rs | 22 +-
clevercloud/post_build_hook.sh | 31 +++
15 files changed, 116 insertions(+), 658 deletions(-)
delete mode 100644 .github/CODEOWNERS
delete mode 100644 .github/FUNDING.yml
delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md
delete mode 100644 .github/ISSUE_TEMPLATE/config.yml
create mode 100644 .github/workflows/CLEVER_CLOUD.md
delete mode 100644 .github/workflows/build.yml
create mode 100644 .github/workflows/clever-cloud.yml
delete mode 100644 .github/workflows/hadolint.yml
delete mode 100644 .github/workflows/release.yml
delete mode 100644 .github/workflows/releasecache-cleanup.yml
delete mode 100644 .github/workflows/trivy.yml
create mode 100755 clevercloud/post_build_hook.sh
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
deleted file mode 100644
index 3d036b84829..00000000000
--- a/.github/CODEOWNERS
+++ /dev/null
@@ -1,3 +0,0 @@
-/.github @dani-garcia @BlackDex
-/.github/CODEOWNERS @dani-garcia @BlackDex
-/.github/workflows/** @dani-garcia @BlackDex
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
deleted file mode 100644
index 7656fd20394..00000000000
--- a/.github/FUNDING.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-github: dani-garcia
-liberapay: dani-garcia
-custom: ["https://paypal.me/DaniGG"]
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
deleted file mode 100644
index 128c5f58f05..00000000000
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ /dev/null
@@ -1,66 +0,0 @@
----
-name: Bug report
-about: Use this ONLY for bugs in vaultwarden itself. Use the Discourse forum (link below) to request features or get help with usage/configuration. If in doubt, use the forum.
-title: ''
-labels: ''
-assignees: ''
-
----
-<!--
- # ###
- NOTE: Please update to the latest version of vaultwarden before reporting an issue!
- This saves you and us a lot of time and troubleshooting.
- See:
- * https://github.com/dani-garcia/vaultwarden/issues/1180
- * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image
- # ###
--->
-
-<!--
-Please fill out the following template to make solving your problem easier and faster for us.
-This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them.
-
-Remember to hide/redact personal or confidential information,
-such as passwords, IP addresses, and DNS names as appropriate.
--->
-
-### Subject of the issue
-<!-- Describe your issue here. -->
-
-### Deployment environment
-
-<!--
- =========================================================================================
- Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab.
- That will auto-generate most of the info requested in this section.
- =========================================================================================
--->
-
-<!-- The version number, obtained from the logs (at startup) or the admin diagnostics page -->
-<!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden -->
-<!-- Remember to check if your issue exists on the latest version first! -->
-* vaultwarden version:
-
-<!-- How the server was installed: Docker image, OS package, built from source, etc. -->
-* Install method:
-
-* Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) -->
-
-* Reverse proxy and version: <!-- if applicable -->
-
-* MySQL/MariaDB or PostgreSQL version: <!-- if applicable -->
-
-* Other relevant details:
-
-### Steps to reproduce
-<!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults)
-and how did you start vaultwarden? -->
-
-### Expected behaviour
-<!-- Tell us what you expected to happen -->
-
-### Actual behaviour
-<!-- Tell us what actually happened -->
-
-### Troubleshooting data
-<!-- Share any log files, screenshots, or other relevant troubleshooting data -->
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
deleted file mode 100644
index 51a76d39151..00000000000
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-blank_issues_enabled: false
-contact_links:
- - name: Discourse forum for vaultwarden
- url: https://vaultwarden.discourse.group/
- about: Use this forum to request features or get help with usage/configuration.
- - name: GitHub Discussions for vaultwarden
- url: https://github.com/dani-garcia/vaultwarden/discussions
- about: An alternative to the Discourse forum, if this is easier for you.
diff --git a/.github/workflows/CLEVER_CLOUD.md b/.github/workflows/CLEVER_CLOUD.md
new file mode 100644
index 00000000000..f6b866bae12
--- /dev/null
+++ b/.github/workflows/CLEVER_CLOUD.md
@@ -0,0 +1,47 @@
+# Clever Cloud deployment
+
+## Setup
+
+### Clever Cloud interface
+
+Create 1 Rust applications with the `XS` plan:
+* `vaultwarden`
+
+And 1 PostgreSQL databases (version 12) with any plan that you will binding to each app accordingly:
+* `vaultwarden`
+
+Add 1 FS Bucket addons:
+* `vaultwarden`
+
+_(depending on when you created those addonds, don't forget to bind them to the appropriate application)_
+
+Now set for the app these options:
+* Zero downtime deployment
+* Enable dedicated build instance: `XL`
+* Cancel ongoing deployment on new push
+* Force HTTPS
+
+Adjust the domain names as you want, and configure the environment variables as follow:
+* `CC_FS_BUCKET`: [GENERATED] _(can be retrieved from the FS Bucket addons and use `/data:` as local folder)_
+* `CC_POST_BUILD_HOOK`: `clevercloud/post_build_hook.sh`
+* `DATABASE_URL`: [GENERATED] _(provided by the interface, but you must add as query parameter `sslmode=prefer`)_
+* `ORG_GROUPS_ENABLED`: `true`
+* `ROCKET_PORT`: `8080`
+* `ADMIN_TOKEN`: [SECRET] _(for detail see the [wiki](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token))_
+
+### GitHub interface
+
+#### GitHub Actions
+
+Configure the following repository secrets (not environment ones):
+
+- `CLEVER_APP_ID`: [GENERATED] _(format `app_{uuid}`, can be retrieved into the Clever Cloud interface)_
+- `CLEVER_TOKEN`: [GENERATED] _(can be retrieved from `clever login`, but be warned it gives wide access)_
+- `CLEVER_SECRET`: [GENERATED] _(can be retrieved from `clever login`, but be warned it gives wide access)_
+
+## Upgrade Vaultwarden version
+
+1. Synchronize your fork with the original repository
+2. Search for the specific commit representing the wanted version
+3. Rebase your `deploy` branche to it while making sure to not take third-party files into `.github`. Makes also sure to keep local changes in `build.rs` and `Cargo.toml`
+4. Force-push the branch
\ No newline at end of file
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
deleted file mode 100644
index f3e0b86e910..00000000000
--- a/.github/workflows/build.yml
+++ /dev/null
@@ -1,197 +0,0 @@
-name: Build
-
-on:
- push:
- paths:
- - ".github/workflows/build.yml"
- - "src/**"
- - "migrations/**"
- - "Cargo.*"
- - "build.rs"
- - "rust-toolchain.toml"
- - "rustfmt.toml"
- - "diesel.toml"
- - "docker/Dockerfile.j2"
- - "docker/DockerSettings.yaml"
- pull_request:
- paths:
- - ".github/workflows/build.yml"
- - "src/**"
- - "migrations/**"
- - "Cargo.*"
- - "build.rs"
- - "rust-toolchain.toml"
- - "rustfmt.toml"
- - "diesel.toml"
- - "docker/Dockerfile.j2"
- - "docker/DockerSettings.yaml"
-
-jobs:
- build:
- runs-on: ubuntu-22.04
- timeout-minutes: 120
- # Make warnings errors, this is to prevent warnings slipping through.
- # This is done globally to prevent rebuilds when the RUSTFLAGS env variable changes.
- env:
- RUSTFLAGS: "-D warnings"
- strategy:
- fail-fast: false
- matrix:
- channel:
- - "rust-toolchain" # The version defined in rust-toolchain
- - "msrv" # The supported MSRV
-
- name: Build and Test ${{ matrix.channel }}
-
- steps:
- # Checkout the repo
- - name: "Checkout"
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
- # End Checkout the repo
-
-
- # Install dependencies
- - name: "Install dependencies Ubuntu"
- run: sudo apt-get update && sudo apt-get install -y --no-install-recommends openssl build-essential libmariadb-dev-compat libpq-dev libssl-dev pkg-config
- # End Install dependencies
-
-
- # Determine rust-toolchain version
- - name: Init Variables
- id: toolchain
- shell: bash
- run: |
- if [[ "${{ matrix.channel }}" == 'rust-toolchain' ]]; then
- RUST_TOOLCHAIN="$(grep -oP 'channel.*"(\K.*?)(?=")' rust-toolchain.toml)"
- elif [[ "${{ matrix.channel }}" == 'msrv' ]]; then
- RUST_TOOLCHAIN="$(grep -oP 'rust-version.*"(\K.*?)(?=")' Cargo.toml)"
- else
- RUST_TOOLCHAIN="${{ matrix.channel }}"
- fi
- echo "RUST_TOOLCHAIN=${RUST_TOOLCHAIN}" | tee -a "${GITHUB_OUTPUT}"
- # End Determine rust-toolchain version
-
-
- # Only install the clippy and rustfmt components on the default rust-toolchain
- - name: "Install rust-toolchain version"
- uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # master @ 2023-12-07 - 10:22 PM GMT+1
- if: ${{ matrix.channel == 'rust-toolchain' }}
- with:
- toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
- components: clippy, rustfmt
- # End Uses the rust-toolchain file to determine version
-
-
- # Install the any other channel to be used for which we do not execute clippy and rustfmt
- - name: "Install MSRV version"
- uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # master @ 2023-12-07 - 10:22 PM GMT+1
- if: ${{ matrix.channel != 'rust-toolchain' }}
- with:
- toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
- # End Install the MSRV channel to be used
-
- # Set the current matrix toolchain version as default
- - name: "Set toolchain ${{steps.toolchain.outputs.RUST_TOOLCHAIN}} as default"
- run: |
- # Remove the rust-toolchain.toml
- rm rust-toolchain.toml
- # Set the default
- rustup default ${{steps.toolchain.outputs.RUST_TOOLCHAIN}}
-
- # Show environment
- - name: "Show environment"
- run: |
- rustc -vV
- cargo -vV
- # End Show environment
-
- # Enable Rust Caching
- - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0
- with:
- # Use a custom prefix-key to force a fresh start. This is sometimes needed with bigger changes.
- # Like changing the build host from Ubuntu 20.04 to 22.04 for example.
- # Only update when really needed! Use a <year>.<month>[.<inc>] format.
- prefix-key: "v2023.07-rust"
- # End Enable Rust Caching
-
- # Run cargo tests
- # First test all features together, afterwards test them separately.
- - name: "test features: sqlite,mysql,postgresql,enable_mimalloc"
- id: test_sqlite_mysql_postgresql_mimalloc
- if: $${{ always() }}
- run: |
- cargo test --features sqlite,mysql,postgresql,enable_mimalloc
-
- - name: "test features: sqlite,mysql,postgresql"
- id: test_sqlite_mysql_postgresql
- if: $${{ always() }}
- run: |
- cargo test --features sqlite,mysql,postgresql
-
- - name: "test features: sqlite"
- id: test_sqlite
- if: $${{ always() }}
- run: |
- cargo test --features sqlite
-
- - name: "test features: mysql"
- id: test_mysql
- if: $${{ always() }}
- run: |
- cargo test --features mysql
-
- - name: "test features: postgresql"
- id: test_postgresql
- if: $${{ always() }}
- run: |
- cargo test --features postgresql
- # End Run cargo tests
-
-
- # Run cargo clippy, and fail on warnings
- - name: "clippy features: sqlite,mysql,postgresql,enable_mimalloc"
- id: clippy
- if: ${{ always() && matrix.channel == 'rust-toolchain' }}
- run: |
- cargo clippy --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings
- # End Run cargo clippy
-
-
- # Run cargo fmt (Only run on rust-toolchain defined version)
- - name: "check formatting"
- id: formatting
- if: ${{ always() && matrix.channel == 'rust-toolchain' }}
- run: |
- cargo fmt --all -- --check
- # End Run cargo fmt
-
-
- # Check for any previous failures, if there are stop, else continue.
- # This is useful so all test/clippy/fmt actions are done, and they can all be addressed
- - name: "Some checks failed"
- if: ${{ failure() }}
- run: |
- echo "### :x: Checks Failed!" >> $GITHUB_STEP_SUMMARY
- echo "" >> $GITHUB_STEP_SUMMARY
- echo "|Job|Status|" >> $GITHUB_STEP_SUMMARY
- echo "|---|------|" >> $GITHUB_STEP_SUMMARY
- echo "|test (sqlite,mysql,postgresql,enable_mimalloc)|${{ steps.test_sqlite_mysql_postgresql_mimalloc.outcome }}|" >> $GITHUB_STEP_SUMMARY
- echo "|test (sqlite,mysql,postgresql)|${{ steps.test_sqlite_mysql_postgresql.outcome }}|" >> $GITHUB_STEP_SUMMARY
- echo "|test (sqlite)|${{ steps.test_sqlite.outcome }}|" >> $GITHUB_STEP_SUMMARY
- echo "|test (mysql)|${{ steps.test_mysql.outcome }}|" >> $GITHUB_STEP_SUMMARY
- echo "|test (postgresql)|${{ steps.test_postgresql.outcome }}|" >> $GITHUB_STEP_SUMMARY
- echo "|clippy (sqlite,mysql,postgresql,enable_mimalloc)|${{ steps.clippy.outcome }}|" >> $GITHUB_STEP_SUMMARY
- echo "|fmt|${{ steps.formatting.outcome }}|" >> $GITHUB_STEP_SUMMARY
- echo "" >> $GITHUB_STEP_SUMMARY
- echo "Please check the failed jobs and fix where needed." >> $GITHUB_STEP_SUMMARY
- echo "" >> $GITHUB_STEP_SUMMARY
- exit 1
-
-
- # Check for any previous failures, if there are stop, else continue.
- # This is useful so all test/clippy/fmt actions are done, and they can all be addressed
- - name: "All checks passed"
- if: ${{ success() }}
- run: |
- echo "### :tada: Checks Passed!" >> $GITHUB_STEP_SUMMARY
- echo "" >> $GITHUB_STEP_SUMMARY
diff --git a/.github/workflows/clever-cloud.yml b/.github/workflows/clever-cloud.yml
new file mode 100644
index 00000000000..b3a1f7b13f4
--- /dev/null
+++ b/.github/workflows/clever-cloud.yml
@@ -0,0 +1,23 @@
+name: Continuous Integration
+on:
+ push:
+ branches: deploy
+jobs:
+ requirements:
+ name: Continuous Integration
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ name: Fetch unshallow working copy
+ with:
+ fetch-depth: 0
+
+ - uses: 47ng/actions-clever-cloud@v1.3.1
+ name: Deploy to Clever Cloud
+ with:
+ appID: ${{ secrets.CLEVER_APP_ID }}
+ force: true
+ quiet: true # disable copying into GitHub Actions all logs from Clever Cloud
+ env:
+ CLEVER_TOKEN: ${{ secrets.CLEVER_TOKEN }}
+ CLEVER_SECRET: ${{ secrets.CLEVER_SECRET }}
diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml
deleted file mode 100644
index 82acc926308..00000000000
--- a/.github/workflows/hadolint.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-name: Hadolint
-
-on: [
- push,
- pull_request
- ]
-
-jobs:
- hadolint:
- name: Validate Dockerfile syntax
- runs-on: ubuntu-22.04
- timeout-minutes: 30
- steps:
- # Checkout the repo
- - name: Checkout
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- # End Checkout the repo
-
- # Download hadolint - https://github.com/hadolint/hadolint/releases
- - name: Download hadolint
- shell: bash
- run: |
- sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint && \
- sudo chmod +x /usr/local/bin/hadolint
- env:
- HADOLINT_VERSION: 2.12.0
- # End Download hadolint
-
- # Test Dockerfiles
- - name: Run hadolint
- shell: bash
- run: hadolint docker/Dockerfile.{debian,alpine}
- # End Test Dockerfiles
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
deleted file mode 100644
index 4beab82c1a5..00000000000
--- a/.github/workflows/release.yml
+++ /dev/null
@@ -1,268 +0,0 @@
-name: Release
-
-on:
- push:
- paths:
- - ".github/workflows/release.yml"
- - "src/**"
- - "migrations/**"
- - "docker/**"
- - "Cargo.*"
- - "build.rs"
- - "diesel.toml"
- - "rust-toolchain.toml"
-
- branches: # Only on paths above
- - main
-
- tags: # Always, regardless of paths above
- - '*'
-
-jobs:
- # https://github.com/marketplace/actions/skip-duplicate-actions
- # Some checks to determine if we need to continue with building a new docker.
- # We will skip this check if we are creating a tag, because that has the same hash as a previous run already.
- skip_check:
- runs-on: ubuntu-22.04
- if: ${{ github.repository == 'dani-garcia/vaultwarden' }}
- outputs:
- should_skip: ${{ steps.skip_check.outputs.should_skip }}
- steps:
- - name: Skip Duplicates Actions
- id: skip_check
- uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
- with:
- cancel_others: 'true'
- # Only run this when not creating a tag
- if: ${{ github.ref_type == 'branch' }}
-
- docker-build:
- runs-on: ubuntu-22.04
- timeout-minutes: 120
- needs: skip_check
- if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
- # Start a local docker registry to extract the final Alpine static build binaries
- services:
- registry:
- image: registry:2
- ports:
- - 5000:5000
- env:
- SOURCE_COMMIT: ${{ github.sha }}
- SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}"
- # The *_REPO variables need to be configured as repository variables
- # Append `/settings/variables/actions` to your repo url
- # DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
- # Check for Docker hub credentials in secrets
- HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
- # GHCR_REPO needs to be 'ghcr.io/<user>/<repo>'
- # Check for Github credentials in secrets
- HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }}
- # QUAY_REPO needs to be 'quay.io/<user>/<repo>'
- # Check for Quay.io credentials in secrets
- HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }}
- strategy:
- matrix:
- base_image: ["debian","alpine"]
-
- steps:
- # Checkout the repo
- - name: Checkout
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- with:
- fetch-depth: 0
-
- - name: Initialize QEMU binfmt support
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- with:
- platforms: "arm64,arm"
-
- # Start Docker Buildx
- - name: Setup Docker Buildx
- uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- # https://github.com/moby/buildkit/issues/3969
- # Also set max parallelism to 2, the default of 4 breaks GitHub Actions
- with:
- config-inline: |
- [worker.oci]
- max-parallelism = 2
- driver-opts: |
- network=host
-
- # Determine Base Tags and Source Version
- - name: Determine Base Tags and Source Version
- shell: bash
- run: |
- # Check which main tag we are going to build determined by github.ref_type
- if [[ "${{ github.ref_type }}" == "tag" ]]; then
- echo "BASE_TAGS=latest,${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_ENV}"
- elif [[ "${{ github.ref_type }}" == "branch" ]]; then
- echo "BASE_TAGS=testing" | tee -a "${GITHUB_ENV}"
- fi
-
- # Get the Source Version for this release
- GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null || true)"
- if [[ -n "${GIT_EXACT_TAG}" ]]; then
- echo "SOURCE_VERSION=${GIT_EXACT_TAG}" | tee -a "${GITHUB_ENV}"
- else
- GIT_LAST_TAG="$(git describe --tags --abbrev=0)"
- echo "SOURCE_VERSION=${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}"
- fi
- # End Determine Base Tags
-
- # Login to Docker Hub
- - name: Login to Docker Hub
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
- if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-
- - name: Add registry for DockerHub
- if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
- shell: bash
- run: |
- echo "CONTAINER_REGISTRIES=${{ vars.DOCKERHUB_REPO }}" | tee -a "${GITHUB_ENV}"
-
- # Login to GitHub Container Registry
- - name: Login to GitHub Container Registry
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
- with:
- registry: ghcr.io
- username: ${{ github.repository_owner }}
- password: ${{ secrets.GITHUB_TOKEN }}
- if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
-
- - name: Add registry for ghcr.io
- if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
- shell: bash
- run: |
- echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.GHCR_REPO }}" | tee -a "${GITHUB_ENV}"
-
- - name: Add registry for ghcr.io
- if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
- shell: bash
- run: |
- echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.GHCR_REPO }}" | tee -a "${GITHUB_ENV}"
-
- # Login to Quay.io
- - name: Login to Quay.io
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
- with:
- registry: quay.io
- username: ${{ secrets.QUAY_USERNAME }}
- password: ${{ secrets.QUAY_TOKEN }}
- if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}
-
- - name: Add registry for Quay.io
- if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}
- shell: bash
- run: |
- echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.QUAY_REPO }}" | tee -a "${GITHUB_ENV}"
-
- - name: Configure build cache from/to
- shell: bash
- run: |
- #
- # Check if there is a GitHub Container Registry Login and use it for caching
- if [[ -n "${HAVE_GHCR_LOGIN}" ]]; then
- echo "BAKE_CACHE_FROM=type=registry,ref=${{ vars.GHCR_REPO }}-buildcache:${{ matrix.base_image }}" | tee -a "${GITHUB_ENV}"
- echo "BAKE_CACHE_TO=type=registry,ref=${{ vars.GHCR_REPO }}-buildcache:${{ matrix.base_image }},mode=max" | tee -a "${GITHUB_ENV}"
- else
- echo "BAKE_CACHE_FROM="
- echo "BAKE_CACHE_TO="
- fi
- #
-
- - name: Add localhost registry
- if: ${{ matrix.base_image == 'alpine' }}
- shell: bash
- run: |
- echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}localhost:5000/vaultwarden/server" | tee -a "${GITHUB_ENV}"
-
- - name: Bake ${{ matrix.base_image }} containers
- uses: docker/bake-action@849707117b03d39aba7924c50a10376a69e88d7d # v4.1.0
- env:
- BASE_TAGS: "${{ env.BASE_TAGS }}"
- SOURCE_COMMIT: "${{ env.SOURCE_COMMIT }}"
- SOURCE_VERSION: "${{ env.SOURCE_VERSION }}"
- SOURCE_REPOSITORY_URL: "${{ env.SOURCE_REPOSITORY_URL }}"
- CONTAINER_REGISTRIES: "${{ env.CONTAINER_REGISTRIES }}"
- with:
- pull: true
- push: true
- files: docker/docker-bake.hcl
- targets: "${{ matrix.base_image }}-multi"
- set: |
- *.cache-from=${{ env.BAKE_CACHE_FROM }}
- *.cache-to=${{ env.BAKE_CACHE_TO }}
-
-
- # Extract the Alpine binaries from the containers
- - name: Extract binaries
- if: ${{ matrix.base_image == 'alpine' }}
- shell: bash
- run: |
- # Check which main tag we are going to build determined by github.ref_type
- if [[ "${{ github.ref_type }}" == "tag" ]]; then
- EXTRACT_TAG="latest"
- elif [[ "${{ github.ref_type }}" == "branch" ]]; then
- EXTRACT_TAG="testing"
- fi
-
- # After each extraction the image is removed.
- # This is needed because using different platforms doesn't trigger a new pull/download
-
- # Extract amd64 binary
- docker create --name amd64 --platform=linux/amd64 "vaultwarden/server:${EXTRACT_TAG}-alpine"
- docker cp amd64:/vaultwarden vaultwarden-amd64
- docker rm --force amd64
- docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine"
-
- # Extract arm64 binary
- docker create --name arm64 --platform=linux/arm64 "vaultwarden/server:${EXTRACT_TAG}-alpine"
- docker cp arm64:/vaultwarden vaultwarden-arm64
- docker rm --force arm64
- docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine"
-
- # Extract armv7 binary
- docker create --name armv7 --platform=linux/arm/v7 "vaultwarden/server:${EXTRACT_TAG}-alpine"
- docker cp armv7:/vaultwarden vaultwarden-armv7
- docker rm --force armv7
- docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine"
-
- # Extract armv6 binary
- docker create --name armv6 --platform=linux/arm/v6 "vaultwarden/server:${EXTRACT_TAG}-alpine"
- docker cp armv6:/vaultwarden vaultwarden-armv6
- docker rm --force armv6
- docker rmi --force "vaultwarden/server:${EXTRACT_TAG}-alpine"
-
- # Upload artifacts to Github Actions
- - name: "Upload amd64 artifact"
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
- if: ${{ matrix.base_image == 'alpine' }}
- with:
- name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-amd64
- path: vaultwarden-amd64
-
- - name: "Upload arm64 artifact"
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
- if: ${{ matrix.base_image == 'alpine' }}
- with:
- name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-arm64
- path: vaultwarden-arm64
-
- - name: "Upload armv7 artifact"
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
- if: ${{ matrix.base_image == 'alpine' }}
- with:
- name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv7
- path: vaultwarden-armv7
-
- - name: "Upload armv6 artifact"
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
- if: ${{ matrix.base_image == 'alpine' }}
- with:
- name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-armv6
- path: vaultwarden-armv6
- # End Upload artifacts to Github Actions
diff --git a/.github/workflows/releasecache-cleanup.yml b/.github/workflows/releasecache-cleanup.yml
deleted file mode 100644
index 6e66a3c1960..00000000000
--- a/.github/workflows/releasecache-cleanup.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-on:
- workflow_dispatch:
- inputs:
- manual_trigger:
- description: "Manual trigger buildcache cleanup"
- required: false
- default: ""
-
- schedule:
- - cron: '0 1 * * FRI'
-
-name: Cleanup
-jobs:
- releasecache-cleanup:
- name: Releasecache Cleanup
- runs-on: ubuntu-22.04
- timeout-minutes: 30
- steps:
- - name: Delete vaultwarden-buildcache containers
- uses: actions/delete-package-versions@0d39a63126868f5eefaa47169615edd3c0f61e20 # v4.1.1
- with:
- package-name: 'vaultwarden-buildcache'
- package-type: 'container'
- min-versions-to-keep: 0
- delete-only-untagged-versions: 'false'
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
deleted file mode 100644
index b59e2ad6c5e..00000000000
--- a/.github/workflows/trivy.yml
+++ /dev/null
@@ -1,42 +0,0 @@
-name: trivy
-
-on:
- push:
- branches:
- - main
- tags:
- - '*'
- pull_request:
- branches: [ "main" ]
- schedule:
- - cron: '00 12 * * *'
-
-permissions:
- contents: read
-
-jobs:
- trivy-scan:
- name: Check
- runs-on: ubuntu-22.04
- timeout-minutes: 30
- permissions:
- contents: read
- security-events: write
- actions: read
- steps:
- - name: Checkout code
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
-
- - name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # v0.14.0
- with:
- scan-type: repo
- ignore-unfixed: true
- format: sarif
- output: trivy-results.sarif
- severity: CRITICAL,HIGH
-
- - name: Upload Trivy scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@bad341350a2f5616f9e048e51360cedc49181ce8 # v2.22.4
- with:
- sarif_file: 'trivy-results.sarif'
diff --git a/.gitignore b/.gitignore
index e991430e550..2da11e0eb5a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,5 @@ data
# Web vault
web-vault
+
+.clever.json
\ No newline at end of file
diff --git a/Cargo.toml b/Cargo.toml
index 39fa1142bda..b8039583d04 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,7 +13,7 @@ publish = false
build = "build.rs"
[features]
-# default = ["sqlite"]
+default = ["diesel/postgres", "diesel_migrations/postgres"]
# Empty to keep compatibility, prefer to set USE_SYSLOG=true
enable_syslog = []
mysql = ["diesel/mysql", "diesel_migrations/mysql"]
@@ -74,7 +74,7 @@ serde = { version = "1.0.195", features = ["derive"] }
serde_json = "1.0.111"
# A safe, extensible ORM and Query builder
-diesel = { version = "2.1.4", features = ["chrono", "r2d2"] }
+diesel = { version = "2.1.4", features = ["chrono", "r2d2", "postgres"] }
diesel_migrations = "2.1.0"
diesel_logger = { version = "0.3.0", optional = true }
diff --git a/build.rs b/build.rs
index 63b3bc45442..180ceb4437d 100644
--- a/build.rs
+++ b/build.rs
@@ -3,19 +3,19 @@ use std::process::Command;
fn main() {
// This allow using #[cfg(sqlite)] instead of #[cfg(feature = "sqlite")], which helps when trying to add them through macros
- #[cfg(feature = "sqlite")]
- println!("cargo:rustc-cfg=sqlite");
- #[cfg(feature = "mysql")]
- println!("cargo:rustc-cfg=mysql");
- #[cfg(feature = "postgresql")]
+ // #[cfg(feature = "sqlite")]
+ // println!("cargo:rustc-cfg=sqlite");
+ // #[cfg(feature = "mysql")]
+ // println!("cargo:rustc-cfg=mysql");
+ // #[cfg(feature = "postgresql")]
println!("cargo:rustc-cfg=postgresql");
- #[cfg(feature = "query_logger")]
- println!("cargo:rustc-cfg=query_logger");
+ // #[cfg(feature = "query_logger")]
+ // println!("cargo:rustc-cfg=query_logger");
- #[cfg(not(any(feature = "sqlite", feature = "mysql", feature = "postgresql")))]
- compile_error!(
- "You need to enable one DB backend. To build with previous defaults do: cargo build --features sqlite"
- );
+ // #[cfg(not(any(feature = "sqlite", feature = "mysql", feature = "postgresql")))]
+ // compile_error!(
+ // "You need to enable one DB backend. To build with previous defaults do: cargo build --features sqlite"
+ // );
// Rerun when these paths are changed.
// Someone could have checked-out a tag or specific commit, but no other files changed.
diff --git a/clevercloud/post_build_hook.sh b/clevercloud/post_build_hook.sh
new file mode 100755
index 00000000000..b147ef22c49
--- /dev/null
+++ b/clevercloud/post_build_hook.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+# Define the repository
+repo="dani-garcia/bw_web_builds"
+
+# Use GitHub API to get the latest release data
+json=$(curl -s "https://api.github.com/repos/$repo/releases/latest")
+
+# Extract the tag name (release name) from the JSON response
+# release_name=$(echo "$json" | grep -Po '"tag_name": "\K.*?(?=")')
+release_name=$(echo "$json" | awk -F '"' '/tag_name/ {print $4}')
+
+# Construct the asset download URL
+asset_url="https://github.com/$repo/releases/download/$release_name/bw_web_${release_name}.tar.gz"
+
+# Download the asset
+curl -L -o "bw_web_${release_name}.tar.gz" "$asset_url"
+
+# Extract the 'web-vault' folder from the tarball
+tar -xzf "bw_web_${release_name}.tar.gz" "web-vault"
+
+# Remove the tarball
+rm -rf "bw_web_${release_name}.tar.gz"
+
+# test "web-vault" folder exists
+if [ -d "./web-vault" ]; then
+ echo "web-vault folder exists"
+else
+ echo "web-vault folder does not exist"
+ exit 1
+fi
\ No newline at end of file