Merge remote-tracking branch 'origin' into megalinter

.github/workflows/_enforce-labels.yml

@@ -0,0 +1,16 @@
+name: Enforce PR labels
+
+on:
+  workflow_call:
+
+jobs:
+  enforce-label:
+    if: ${{ contains(github.event.*.labels.*.name, 'hold') }}
+    name: Enforce label
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check for label
+        run: |
+          echo "PRs with the hold label cannot be merged"
+          echo "### :x: PRs with the hold label cannot be merged" >> $GITHUB_STEP_SUMMARY
+          exit 1

.github/workflows/_version.yml

@@ -0,0 +1,104 @@
+---
+name: _version
+run-name: Calculate Version
+
+on:
+  workflow_call:
+    inputs:
+      is-release:
+        type: boolean
+        required: true
+    outputs:
+      version:
+        description: "version to be built"
+        value: ${{ jobs.version.outputs.version }}
+
+jobs:
+  version:
+    name: Calculate Version
+    runs-on: ubuntu-22.04
+    outputs:
+      version: ${{ steps.calculate.outputs.version }}
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0
+
+      - name: Get PR ID
+        id: pr
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          commit_message=$(
+            curl -s -L \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer $GH_TOKEN" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }} | \
+            jq -r ".commit.message"
+          )
+          ID=$(echo "$commit_message" | head -1 | grep -o "(#.*)" | grep -o "[0-9]*")
+          echo "id=$ID" >> $GITHUB_OUTPUT
+
+      - name: Get version bump type
+        if: ${{ inputs.is-release }}
+        id: bump-type
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ steps.pr.outputs.id }}
+        run: |
+          version_tag=$(
+            curl -s -L \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer $GH_TOKEN" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              https://api.github.com/repos/${{ github.repository }}/issues/$PR_NUMBER/labels | \
+            jq -r ".[].name" | grep "version"
+          )
+
+          # Single Version label Enforcement (should go in CI...)
+          if [[ $(echo $version_tag | wc -w) -gt 1 ]]; then
+              echo "[!] multiple version labels found!"
+              exit 1
+          fi
+
+          version_type=$(echo $version_tag | cut -d ":" -f 2)
+          echo "Version Bump Type: $version_type"
+          echo "type=$version_type" >> $GITHUB_OUTPUT
+
+      - name: Calculate next version
+        id: calculate
+        env:
+          VERSION_TYPE: ${{ steps.bump-type.outputs.type }}
+        run: |
+          echo -e "\nCalculating next version..."
+
+          latest_tag_version=$(git tag --sort=committerdate --list | tail -1)
+          latest_version=${latest_tag_version:1}  # remove 'v' from tag version
+
+          if [[ "${{ inputs.is-release }}" == "true" ]]; then
+            latest_major_version=$(echo $latest_version | cut -d "." -f 1)
+            latest_minor_version=$(echo $latest_version | cut -d "." -f 2)
+            latest_patch_version=$(echo $latest_version | cut -d "." -f 3)
+
+            echo "  latest_version:  $latest_version"
+            echo "  latest_major_version: $latest_major_version"
+            echo "  latest_minor_version: $latest_minor_version"
+            echo "  latest_patch_version: $latest_patch_version"
+
+            if [[ "$VERSION_TYPE" == "major" ]]; then
+              next_version="$(($latest_major_version + 1)).0.0"
+            elif [[ "$VERSION_TYPE" == "minor" ]]; then
+              next_version="${latest_major_version}.$(($latest_minor_version + 1)).0"
+            elif [[ "$VERSION_TYPE" == "patch" ]]; then
+              next_version="${latest_major_version}.${latest_minor_version}.$(($latest_patch_version + 1))"
+            else
+              next_version="$latest_version+${{ steps.pr.outputs.id }}"
+            fi
+
+            echo "Next Version: $next_version"
+            echo "version=$next_version" >> $GITHUB_OUTPUT
+          else
+            echo "version=$latest_version+${{ steps.pr.outputs.id }}" >> $GITHUB_OUTPUT
+          fi

.github/workflows/lint-ci.yml

@@ -32,31 +32,3 @@ jobs:
       - name: Test lint
         working-directory: lint-workflow
         run: pipenv run pytest tests
-
-
-  ci-lint-v2:
-    name: CI workflow-linter (v2)
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Set up Python
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
-        with:
-          python-version: "3.11"
-
-      - name: Install dependencies
-        working-directory: lint-workflow-v2
-        run: |
-          python -m pip install --upgrade pip
-          pip install pipenv
-          pipenv install --dev
-
-      - name: Test lint
-        working-directory: lint-workflow-v2
-        run: pipenv run pytest tests --cov=src
-
-      - name: Check type hinting
-        working-directory: lint-workflow-v2
-        run: pipenv run pytype src

.github/workflows/test-report-deployment-status-to-slack.yml

@@ -17,9 +17,9 @@ jobs:
         uses: ./report-deployment-status-to-slack
         with:
           project: Server
-          environment: US QA Cloud
+          environment: EU-QA Cloud
+          slack-channel: bre-alerts-test
           tag: test-workflow-start
-          slack-channel: devops-alerts-test
           event: 'start'
           commit-sha: ${{ github.sha }}
           url: https://github.com/bitwarden/gh-actions/actions/runs/${{ github.run_id }}
@@ -29,9 +29,9 @@ jobs:
         uses: ./report-deployment-status-to-slack
         with:
           project: Server
-          environment: US QA Cloud
+          environment: US-QA Cloud
+          slack-channel: bre-alerts-test
           tag: test-workflow-success
-          slack-channel: devops-alerts-test
           event: 'success'
           commit-sha: ${{ github.sha }}
           url: https://github.com/bitwarden/gh-actions/actions/runs/${{ github.run_id }}
@@ -41,9 +41,9 @@ jobs:
         uses: ./report-deployment-status-to-slack
         with:
           project: Server
-          environment: US QA Cloud
+          environment: US-QA Cloud
+          slack-channel: bre-alerts-test
           tag: test-workflow-failure
-          slack-channel: devops-alerts-test
           event: 'failure'
           commit-sha: ${{ github.sha }}
           url: https://github.com/bitwarden/gh-actions/actions/runs/${{ github.run_id }}
@@ -53,9 +53,9 @@ jobs:
         uses: ./report-deployment-status-to-slack
         with:
           project: Server
-          environment: US QA Cloud
+          environment: EU-QA Cloud
+          slack-channel: bre-alerts-test
           tag: test-workflow-failure
-          slack-channel: devops-alerts-test
           event: 'no-changes'
           commit-sha: ${{ github.sha }}
           url: https://github.com/bitwarden/gh-actions/actions/runs/${{ github.run_id }}
@@ -71,9 +71,9 @@ jobs:
         uses: ./report-deployment-status-to-slack
         with:
           project: Server
-          environment: US QA Cloud
+          environment: EU-QA Cloud
+          slack-channel: bre-alerts-test
           tag: main
-          slack-channel: devops-alerts-test
           event: 'success'
           commit-sha: ${{ github.sha }}
           db_migration_detected: true
@@ -84,9 +84,9 @@ jobs:
         uses: ./report-deployment-status-to-slack
         with:
           project: Server
-          environment: US QA Cloud
+          environment: US-QA Cloud
+          slack-channel: bre-alerts-test
           tag: main
-          slack-channel: devops-alerts-test
           event: 'failure'
           commit-sha: ${{ github.sha }}
           db_migration_detected: false
@@ -97,9 +97,9 @@ jobs:
         uses: ./report-deployment-status-to-slack
         with:
           project: Server
-          environment: US QA Cloud
+          environment: EU-QA Cloud
+          slack-channel: bre-alerts-test
           tag: test-branch-failure
-          slack-channel: devops-alerts-test
           event: 'failure'
           commit-sha: ${{ github.sha }}
           db_migration_detected: false
@@ -110,9 +110,9 @@ jobs:
         uses: ./report-deployment-status-to-slack
         with:
           project: Server
-          environment: US QA Cloud
+          environment: US-QA Cloud
+          slack-channel: bre-alerts-test
           tag: test-branch-success
-          slack-channel: devops-alerts-test
           event: 'success'
           commit-sha: ${{ github.sha }}
           db_migration_detected: true

.github/workflows/test-report-upcoming-release-version.yml

@@ -0,0 +1,22 @@
+---
+name: Test report-upcoming release version to Slack
+on:
+  pull_request:
+      paths:
+      - "report-upcoming-release-version/**"
+      - ".github/workflows/test-report-upcoming-release-version.yml"
+
+jobs:
+  test-report-upcoming-release-version:
+    name: Test report upcoming release version to Slack
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Report upcoming release version to Slack
+        uses: ./report-upcoming-release-version
+        with:
+          project: bitwarden/server
+          version: upcoming_version
+          slack-channel: bre-alerts-test
+          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

crowdin/Dockerfile

@@ -1,4 +1,4 @@
-FROM crowdin/cli:3.16.0
+FROM crowdin/cli:3.19.4
 
 RUN apk --no-cache add curl git jq gnupg;
 

download-artifacts/action.yml

@@ -58,7 +58,7 @@ inputs:
   allow_forks:
     description: Allow forks
     required: false
-    default: true
+    default: false
   check_artifacts:
     description: Check workflow run whether it has an artifact
     required: false
@@ -78,7 +78,7 @@ inputs:
     required: false
     description: |
       Choose how to exit the action if no artifact is found
-      
+
       fail, warn or ignore
     default: fail
 outputs:
@@ -91,6 +91,10 @@ outputs:
     description: Boolean output which is true if the artifact was found and false otherwise
   artifacts:
     description: JSON array with details about found artifacts
+  artifact-build-commit:
+    description: The commit related to the artifact that was found
+  artifact-build-branch:
+    description: The branch related to the artifact that was found
 runs:
   using: node20
   main: main.js

download-artifacts/main.js

@@ -191,6 +191,12 @@ async function main() {
 
         core.setOutput("artifacts", artifacts)
 
+        const artifactBuildCommit = artifacts[0].workflow_run.head_sha;
+        core.setOutput("artifact-build-commit", artifactBuildCommit);
+
+        const artifactBuildBranch = artifacts[0].workflow_run.head_branch;
+        core.setOutput("artifact-build-branch", artifactBuildBranch);
+
         if (dryRun) {
             if (artifacts.length == 0) {
                 core.setOutput("dry_run", false)
@@ -216,7 +222,7 @@ async function main() {
         }
 
         core.setOutput("found_artifact", true)
-        
+
         for (const artifact of artifacts) {
             core.info(`==> Artifact: ${artifact.id}`)
 
@@ -271,7 +277,7 @@ async function main() {
 
     function setExitMessage(ifNoArtifactFound, message) {
         core.setOutput("found_artifact", false)
-        
+
         switch (ifNoArtifactFound) {
             case "fail":
                 core.setFailed(message)