Merge remote-tracking branch 'origin/main' into poc/structurizr

Author: justindbaur

.config/dotnet-tools.json

@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "swashbuckle.aspnetcore.cli": {
-      "version": "7.3.2",
+      "version": "9.0.4",
       "commands": ["swagger"]
     },
     "dotnet-ef": {

.github/CODEOWNERS

@@ -14,7 +14,7 @@
 .github/workflows/publish.yml @bitwarden/dept-bre
 
 ## These are shared workflows ##
-.github/workflows/_move_finalization_db_scripts.yml
+.github/workflows/_move_edd_db_scripts.yml
 .github/workflows/release.yml
 
 # Database Operations for database changes
@@ -33,6 +33,9 @@ util/SqliteMigrations/** @bitwarden/dept-dbops
 # Shared util projects
 util/Setup/** @bitwarden/dept-bre @bitwarden/team-platform-dev
 
+# UIF
+src/Core/MailTemplates/Mjml @bitwarden/team-ui-foundation # Teams are expected to own sub-directories of this project
+
 # Auth team
 **/Auth @bitwarden/team-auth-dev
 bitwarden_license/src/Sso @bitwarden/team-auth-dev
@@ -50,11 +53,7 @@ docs/key_management/* @bitwarden/team-key-management-dev
 docs/tools/* @bitwarden/team-tools-dev
 
 # Dirt (Data Insights & Reporting) team
-src/Api/Controllers/Dirt @bitwarden/team-data-insights-and-reporting-dev
-src/Core/Dirt @bitwarden/team-data-insights-and-reporting-dev
-src/Infrastructure.Dapper/Dirt @bitwarden/team-data-insights-and-reporting-dev
-test/Api.Test/Dirt @bitwarden/team-data-insights-and-reporting-dev
-test/Core.Test/Dirt @bitwarden/team-data-insights-and-reporting-dev
+**/Dirt @bitwarden/team-data-insights-and-reporting-dev
 
 # Vault team
 **/Vault @bitwarden/team-vault-dev
@@ -99,6 +98,8 @@ docs/billing/* @bitwarden/team-billing-dev
 **/.dockerignore @bitwarden/team-platform-dev
 **/Dockerfile @bitwarden/team-platform-dev
 **/entrypoint.sh @bitwarden/team-platform-dev
+# The PushType enum is expected to be editted by anyone without need for Platform review
+src/Core/Platform/Push/PushType.cs
 docs/platform/* @bitwarden/team-platform-dev
 
 # Multiple owners - DO NOT REMOVE (BRE)

.github/ISSUE_TEMPLATE/bw-unified.yml

@@ -1,4 +1,3 @@
-name: Bitwarden Unified Bug Report
 name: Bitwarden Unified Deployment Bug Report
 description: File a bug report
 labels: [bug, bw-unified-deploy]

.github/renovate.json5

@@ -9,18 +9,6 @@
     "nuget",
   ],
   packageRules: [
-    {
-      // Group all release-related workflows for GitHub Actions together for BRE.
-      groupName: "github-action",
-      matchManagers: ["github-actions"],
-      matchFileNames: [
-        ".github/workflows/publish.yml",
-        ".github/workflows/release.yml"
-      ],
-      commitMessagePrefix: "[deps] BRE:",
-      reviewers: ["team:dept-bre"],
-      addLabels: ["hold"],
-    },
     {
       groupName: "dockerfile minor",
       matchManagers: ["dockerfile"],
@@ -35,6 +23,7 @@
       groupName: "github-action minor",
       matchManagers: ["github-actions"],
       matchUpdateTypes: ["minor"],
+      addLabels: ["hold"],
     },
     {
       // For any Microsoft.Extensions.* and Microsoft.AspNetCore.* packages, we want to create PRs for patch updates.
@@ -95,7 +84,6 @@
         "Serilog.AspNetCore",
         "Serilog.Extensions.Logging",
         "Serilog.Extensions.Logging.File",
-        "Serilog.Sinks.AzureCosmosDB",
         "Serilog.Sinks.SyslogMessages",
         "Stripe.net",
         "Swashbuckle.AspNetCore",

…kflows/_move_finalization_db_scripts.yml …ithub/workflows/_move_edd_db_scripts.yml.github/workflows/_move_finalization_db_scripts.yml renamed to .github/workflows/_move_edd_db_scripts.yml .github/workflows/_move_finalization_db_scripts.yml renamed to .github/workflows/_move_edd_db_scripts.yml

@@ -1,5 +1,5 @@
-name: _move_finalization_db_scripts
-run-name: Move finalization database scripts
+name: _move_edd_db_scripts
+run-name: Move EDD database scripts
 
 on:
   workflow_call:
@@ -12,14 +12,20 @@ jobs:
   setup:
     name: Setup
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      id-token: write
     outputs:
       migration_filename_prefix: ${{ steps.prefix.outputs.prefix }}
-      copy_finalization_scripts: ${{ steps.check-finalization-scripts-existence.outputs.copy_finalization_scripts }}
+      copy_edd_scripts: ${{ steps.check-script-existence.outputs.copy_edd_scripts }}
+
     steps:
       - name: Log in to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -28,6 +34,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Check out branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
@@ -37,22 +46,27 @@ jobs:
         id: prefix
         run: echo "prefix=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
 
-      - name: Check if any files in DB finalization directory
-        id: check-finalization-scripts-existence
+      - name: Check if any files in DB transition or finalization directories
+        id: check-script-existence
         run: |
-          if [ -f util/Migrator/DbScripts_finalization/* ]; then
-            echo "copy_finalization_scripts=true" >> $GITHUB_OUTPUT
+          if [ -f util/Migrator/DbScripts_transition/* -o -f util/Migrator/DbScripts_finalization/* ]; then
+            echo "copy_edd_scripts=true" >> $GITHUB_OUTPUT
           else
-            echo "copy_finalization_scripts=false" >> $GITHUB_OUTPUT
+            echo "copy_edd_scripts=false" >> $GITHUB_OUTPUT
           fi
 
-  move-finalization-db-scripts:
-    name: Move finalization database scripts
+  move-scripts:
+    name: Move scripts
     runs-on: ubuntu-22.04
     needs: setup
-    if: ${{ needs.setup.outputs.copy_finalization_scripts == 'true' }}
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
+      actions: read
+    if: ${{ needs.setup.outputs.copy_edd_scripts == 'true' }}
     steps:
-      - name: Checkout
+      - name: Check out repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
@@ -61,41 +75,70 @@ jobs:
         id: branch_name
         env:
           PREFIX: ${{ needs.setup.outputs.migration_filename_prefix }}
-        run: echo "branch_name=move_finalization_db_scripts_$PREFIX" >> $GITHUB_OUTPUT
+        run: echo "branch_name=move_edd_db_scripts_$PREFIX" >> $GITHUB_OUTPUT
 
       - name: "Create branch"
         env:
           BRANCH: ${{ steps.branch_name.outputs.branch_name }}
         run: git switch -c $BRANCH
 
-      - name: Move DbScripts_finalization
+      - name: Move scripts and finalization database schema
         id: move-files
         env:
           PREFIX: ${{ needs.setup.outputs.migration_filename_prefix }}
         run: |
-          src_dir="util/Migrator/DbScripts_finalization"
+          # scripts
+          moved_files="Migration scripts moved:\n\n"
+
+          src_dirs="util/Migrator/DbScripts_transition,util/Migrator/DbScripts_finalization"
           dest_dir="util/Migrator/DbScripts"
           i=0
 
-          moved_files=""
-          for file in "$src_dir"/*; do
-            filenumber=$(printf "%02d" $i)
+          for src_dir in ${src_dirs//,/ }; do
+            for file in "$src_dir"/*; do
+              filenumber=$(printf "%02d" $i)
+
+              filename=$(basename "$file")
+              new_filename="${PREFIX}_${filenumber}_${filename}"
+              dest_file="$dest_dir/$new_filename"
 
-            filename=$(basename "$file")
-            new_filename="${PREFIX}_${filenumber}_${filename}"
-            dest_file="$dest_dir/$new_filename"
+              # Replace any finalization references due to the move
+              sed -i -e 's/dbo_finalization/dbo/g' "$file"
 
-            mv "$file" "$dest_file"
-            moved_files="$moved_files \n $filename -> $new_filename"
+              mv "$file" "$dest_file"
+              moved_files="$moved_files \n $filename -> $new_filename"
 
-            i=$((i+1))
+              i=$((i+1))
+            done
           done
+
+          # schema
+          moved_files="$moved_files\n\nFinalization scripts moved:\n\n"
+
+          src_dir="src/Sql/dbo_finalization"
+          dest_dir="src/Sql/dbo"
+
+          # sync finalization schema back to dbo, maintaining structure
+          rsync -r "$src_dir/" "$dest_dir/"
+          rm -rf $src_dir/*
+
+          # Replace any finalization references due to the move
+          find ./src/Sql/dbo -name "*.sql" -type f -exec sed -i \
+            -e 's/\[dbo_finalization\]/[dbo]/g' \
+            -e 's/dbo_finalization\./dbo./g' {} +
+
+          for file in "$src_dir"/**/*; do
+            moved_files="$moved_files \n $file"
+          done
+
           echo "moved_files=$moved_files" >> $GITHUB_OUTPUT
 
-      - name: Log in to Azure - production subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -106,8 +149,11 @@ jobs:
             github-gpg-private-key-passphrase,
             devops-alerts-slack-webhook-url"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Import GPG keys
-        uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
+        uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
         with:
           gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
           passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
@@ -121,7 +167,7 @@ jobs:
           git config --local user.name "bitwarden-devops-bot"
           if [ -n "$(git status --porcelain)" ]; then
             git add .
-            git commit -m "Move DbScripts_finalization to DbScripts" -a
+            git commit -m "Move EDD database scripts" -a
             git push -u origin ${{ steps.branch_name.outputs.branch_name }}
             echo "pr_needed=true" >> $GITHUB_OUTPUT
           else
@@ -137,16 +183,16 @@ jobs:
           BRANCH: ${{ steps.branch_name.outputs.branch_name }}
           GH_TOKEN: ${{ github.token }}
           MOVED_FILES: ${{ steps.move-files.outputs.moved_files }}
-          TITLE: "Move finalization database scripts"
+          TITLE: "Move EDD database scripts"
         run: |
           PR_URL=$(gh pr create --title "$TITLE" \
             --base "main" \
             --head "$BRANCH" \
             --label "automated pr" \
             --body "
-              ## Automated movement of DbScripts_finalization to DbScripts
+              Automated movement of EDD database scripts.
 
-              ## Files moved:
+              Files moved:
               $(echo -e "$MOVED_FILES")
               ")
           echo "pr_url=${PR_URL}" >> $GITHUB_OUTPUT
@@ -157,5 +203,5 @@ jobs:
         env:
           SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
         with:
-          message: "Created PR for moving DbScripts_finalization to DbScripts: ${{ steps.create-pr.outputs.pr_url }}"
+          message: "Created PR for moving EDD database scripts: ${{ steps.create-pr.outputs.pr_url }}"
           status: ${{ job.status }}