bitwarden · AmyLGalles · Feb 12, 2025 · Feb 6, 2025 · Feb 6, 2025 · Feb 6, 2025
@@ -17,11 +17,11 @@ permissions: # Sets permissions of the GITHUB_TOKEN
 jobs:
   version:
     name: Calculate version
-    uses: ./.github/workflows/_version.yml # Path to an existing github action
+    uses: ./.github/templates/workflow-templates/example-references/_version.yml # Path to an existing github action
 
   test:
     name: Run test
-    uses: ./.github/workflows/_test.yml
+    uses: ./.github/templates/workflow-templates/example-references/_test.yml
     with: # Parameters specific to this action that need to be defined in order for the step to be completed
       project-name: Billing.Test
       project-path: ./test/Billing.Test
@@ -31,7 +31,7 @@ jobs:
     needs:  # This job will not run until test and version jobs are complete
       - test
       - version
-    uses: ./.github/workflows/_build.yml
+    uses: ./.github/templates/workflow-templates/example-references/_build.yml
     with:
       project-name: Billing
       project-path: ./src/Billing
@@ -43,7 +43,7 @@ jobs:
       - test
       - version
       - build
-    uses: ./.github/workflows/_docker.yml
+    uses: ./.github/templates/workflow-templates/example-references/_docker.yml
     with:
       project-name: Billing
       project-path: ./src/Billing

@@ -0,0 +1,64 @@
+name: _build
+run-name: Build ${{ inputs.project-name }}
+
+on:
+  workflow_call:
+    inputs:
+      project-name:
+        type: string
+        required: true
+      project-path:
+        type: string
+        required: true
+      version:
+        type: string
+        required: true
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Set up .NET
+        uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0
+
+      - name: Cache NuGet packages
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-nuget-
+
+      - name: Install dependencies
+        run: dotnet restore ${{ inputs.project-path }}/${{ inputs.project-name }}.csproj
+
+      - name: Build
+        run: dotnet build --verbosity minimal ${{ inputs.project-path }}/${{ inputs.project-name }}.csproj
+
+      - name: Publish
+        run: |
+          echo "Publish"
+          dotnet publish ${{ inputs.project-path }}/${{ inputs.project-name }}.csproj \
+            -c Release --no-restore \
+            -o ./tmp/publish-${{ inputs.project-name }} -p:Version=${{ inputs.version }}
+
+      - name: Create artifact
+        run: |
+          cd ./tmp/publish-${{ inputs.project-name }}
+          zip -r ${{ inputs.project-name }}.zip .
+          mv ${{ inputs.project-name }}.zip ../../
+          pwd
+          ls -atlh ../../
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: ${{ inputs.project-name }}.zip
+          path: ./${{ inputs.project-name }}.zip
+          if-no-files-found: error
@@ -0,0 +1,83 @@
+name: _docker
+run-name: "Build ${{ inputs.project-name }} docker image and push ${{ inputs.push-docker-image }} to ACR"
+
+on:
+  workflow_call:
+    inputs:
+      project-name:
+        type: string
+        required: true
+      project-path:
+        type: string
+        required: true
+      version:
+        type: string
+        required: false
+      push-docker-image:
+        type: boolean
+        required: false
+        default: false
+      image-name:
+        type: string
+        required: true
+
+jobs:
+  docker:
+    name: Docker
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Log in to Azure
+        if: ${{ inputs.push-docker-image }}
+        uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v1.6.1
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Log in to ACR
+        if: ${{ inputs.push-docker-image }}
+        run: az acr login -n bitwardenprod
+
+      - name: Generate Docker image tag
+        id: tag
+        env:
+          VERSION: ${{ inputs.version }}
+        run: |
+          IMAGE_TAG=$VERSION
+          # IMAGE_TAG=$(echo "${GITHUB_REF#refs/heads/}" | sed "s#/#-#g")  # slash safe branch name
+          # if [[ "$IMAGE_TAG" == "main" ]]; then
+          #   IMAGE_TAG=$VERSION
+          # fi
+          echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
+
+      - name: Generate tag list
+        id: tag-list
+        env:
+          IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
+          IMAGE_NAME: ${{ inputs.image-name }}
+        run: echo "tags=bitwardenprod.azurecr.io/${IMAGE_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
+
+      - name: Get build artifact
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: ${{ inputs.project-name }}.zip
+
+      - name: Set up build artifact
+        run: |
+          mkdir -p ${{ inputs.project-path }}/obj/build-output/publish
+          unzip ${{ inputs.project-name }}.zip \
+            -d ${{ inputs.project-path }}/obj/build-output/publish
+
+      - name: Build Docker image
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
+        with:
+          context: ${{ inputs.project-path }}
+          file: ${{ inputs.project-path }}/Dockerfile
+          platforms: linux/amd64
+          push: ${{ inputs.push-docker-image }}
+          tags: ${{ steps.tag-list.outputs.tags }}
+        env:
+          DOCKER_BUILD_RECORD_UPLOAD: false
@@ -0,0 +1,75 @@
+name: _test
+run-name: Test ${{ inputs.project-name }}
+
+on:
+  workflow_call:
+    inputs:
+      project-name:
+        type: string
+        required: true
+      project-path:
+        type: string
+        required: true
+
+jobs:
+  check-test-secrets:
+    name: Check for test secrets
+    runs-on: ubuntu-22.04
+    outputs:
+      available: ${{ steps.check-test-secrets.outputs.available }}
+    permissions:
+      contents: read
+
+    steps:
+      - name: Check
+        id: check-test-secrets
+        run: |
+          if [ "${{ secrets.CODECOV_TOKEN }}" != '' ]; then
+            echo "available=true" >> $GITHUB_OUTPUT;
+          else
+            echo "available=false" >> $GITHUB_OUTPUT;
+          fi
+
+  testing:
+    name: Test
+    runs-on: ubuntu-22.04
+    needs: check-test-secrets
+    permissions:
+      checks: write
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Set up .NET
+        uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0
+
+      - name: Cache NuGet packages
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-nuget-
+
+      - name: Install dependencies
+        run: dotnet restore --locked-mode ${{ inputs.project-path }}/${{ inputs.project-name }}.csproj
+
+      - name: Build
+        run: dotnet build --verbosity minimal ${{ inputs.project-path }}/${{ inputs.project-name }}.csproj
+
+      - name: Test
+        run: dotnet test ${{ inputs.project-path }}/${{ inputs.project-name }}.csproj --no-build --logger "trx;LogFileName=mothership-test-results.trx"
+
+      - name: Report test results
+        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
+        if: ${{ needs.check-test-secrets.outputs.available == 'true' && !cancelled() }}
+        with:
+          name: Test Results
+          path: "**/*-test-results.trx"
+          reporter: dotnet-trx
+          fail-on-error: true
@@ -0,0 +1,68 @@
+name: _version
+run-name: Calculate version
+
+on:
+  workflow_call:
+    inputs:
+      is-release:
+        type: boolean
+        default: false
+    outputs:
+      version:
+        description: "version to be built"
+        value: ${{ jobs.version.outputs.version }}
+
+jobs:
+  version:
+    name: Calculate version
+    runs-on: ubuntu-22.04
+    outputs:
+      version: ${{ steps.version.outputs.value }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Generate version
+        id: version
+        run: |
+          ls -la
+          git fetch --prune --tags
+
+          echo "Calculating next version..."
+
+          base_version=$(cat Directory.build.props |
+            grep -o "<BaseVersion>.*</BaseVersion>" |
+            grep -Eo "[0-9]+\.[0-9]+"
+          )
+          major_version=$(echo $base_version | grep -Eo "[0-9]+" | head -1)
+          minor_version=$(echo $base_version | grep -Eo "[0-9]+" | sed -n 2p)
+
+          latest_tag_version=$(git tag --sort=committerdate --list | tail -1)
+          echo "  latest_tag_version: $latest_tag_version"
+
+          major_latest_tag_version=$(echo $latest_tag_version | grep -Eo "[0-9]+" | head -1)
+          echo "  major_latest_tag_version: $major_latest_tag_version"
+
+          minor_latest_tag_version=$(echo $latest_tag_version | grep -Eo "[0-9]+" | sed -n 2p)
+          echo "  minor_latest_tag_version: $minor_latest_tag_version"
+
+          if [[ "$major_latest_tag_version" != "$major_version" ]] || \
+          [[ "$minor_latest_tag_version" != "$minor_version" ]]; then
+            patch_version="0"
+          else
+            patch_version=$((${latest_tag_version##*.} + 1))
+          fi
+
+          echo "  patch_version: $patch_version"
+
+          version_suffix=$patch_version
+
+          if [[ "${{ inputs.is-release }}" == "false" ]]; then
+            version_suffix=$version_suffix-${GITHUB_SHA:0:7}
+          fi
+
+          echo "  version: $base_version.$version_suffix"
+          echo "value=$base_version.$version_suffix" >> $GITHUB_OUTPUT
+          echo "Done"