From fafaa4d1bfc79bc8f3884a32726b9d788a669788 Mon Sep 17 00:00:00 2001 From: Pulumi Bot Date: Mon, 24 Jun 2024 05:16:24 +0000 Subject: [PATCH] [internal] Update GitHub Actions workflow files --- .github/workflows/build_sdk.yml | 10 ++-- .github/workflows/master.yml | 41 +++++++------ .github/workflows/prerelease.yml | 63 ++++++++++++-------- .github/workflows/prerequisites.yml | 7 +++ .github/workflows/release.yml | 68 +++++++++++++--------- .github/workflows/run-acceptance-tests.yml | 31 +++++----- .github/workflows/verify-release.yml | 67 +++++++++++++++++++++ scripts/upstream.sh | 2 +- 8 files changed, 202 insertions(+), 87 deletions(-) create mode 100644 .github/workflows/verify-release.yml diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml index 2ed4dc370..16432b70b 100644 --- a/.github/workflows/build_sdk.yml +++ b/.github/workflows/build_sdk.yml @@ -1,7 +1,11 @@ name: "Build SDK" on: - workflow_call: {} + workflow_call: + inputs: + version: + required: true + type: string env: DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }} @@ -23,6 +27,7 @@ env: SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi + PROVIDER_VERSION: ${{ inputs.version }} jobs: build_sdk: @@ -40,9 +45,6 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v4 - - uses: pulumi/provider-version-action@v1 - with: - set-env: 'PROVIDER_VERSION' - name: Cache examples generation uses: actions/cache@v4 with: diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index ba8102876..c7c2bf9b6 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -21,11 +21,21 @@ env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + build_sdk: name: build_sdk needs: prerequisites uses: ./.github/workflows/build_sdk.yml secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} generate_coverage_data: continue-on-error: true @@ -85,17 +95,11 @@ jobs: name: License Check uses: ./.github/workflows/license.yml secrets: inherit - prerequisites: - uses: ./.github/workflows/prerequisites.yml - secrets: inherit - with: - default_branch: ${{ github.event.repository.default_branch }} - is_pr: ${{ github.event_name == 'pull_request' }} - is_automated: ${{ github.actor == 'dependabot[bot]' }} publish: name: publish needs: + - prerequisites - test - license_check runs-on: ubuntu-latest @@ -134,13 +138,11 @@ jobs: role-external-id: upload-pulumi-release role-session-name: datadog@githubActions role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - id: version - uses: pulumi/provider-version-action@v1 - name: Run GoReleaser uses: goreleaser/goreleaser-action@v5 env: - GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} - PROVIDER_VERSION: ${{ steps.version.outputs.version }} + GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} with: args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout 60m0s @@ -154,16 +156,16 @@ jobs: status: ${{ job.status }} publish_sdk: name: publish_sdk - needs: publish + needs: + - prerequisites + - publish runs-on: ubuntu-latest steps: - - id: version - uses: pulumi/provider-version-action@v1 - name: Publish SDKs uses: pulumi/pulumi-package-publisher@v0.0.18 with: sdk: all - version: ${{ steps.version.outputs.version }} + version: ${{ needs.prerequisites.outputs.version }} dotnet-version: "6.0.x" java-version: "11" node-version: "20.x" @@ -199,17 +201,18 @@ jobs: test: name: test - needs: build_sdk + needs: + - prerequisites + - build_sdk permissions: contents: read id-token: write runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - name: Checkout Repo uses: actions/checkout@v4 - - uses: pulumi/provider-version-action@v1 - with: - set-env: 'PROVIDER_VERSION' - name: Install Go uses: actions/setup-go@v5 with: diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index c3bdfb926..a0934303a 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -22,27 +22,31 @@ env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + build_sdk: name: build_sdk needs: prerequisites uses: ./.github/workflows/build_sdk.yml secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} license_check: name: License Check uses: ./.github/workflows/license.yml secrets: inherit - prerequisites: - uses: ./.github/workflows/prerequisites.yml - secrets: inherit - with: - default_branch: ${{ github.event.repository.default_branch }} - is_pr: ${{ github.event_name == 'pull_request' }} - is_automated: ${{ github.actor == 'dependabot[bot]' }} publish: name: publish needs: + - prerequisites - test - license_check runs-on: ubuntu-latest @@ -81,13 +85,11 @@ jobs: role-external-id: upload-pulumi-release role-session-name: datadog@githubActions role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - id: version - uses: pulumi/provider-version-action@v1 - name: Run GoReleaser uses: goreleaser/goreleaser-action@v5 env: - GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} - PROVIDER_VERSION: ${{ steps.version.outputs.version }} + GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} with: args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout 60m0s @@ -101,16 +103,16 @@ jobs: status: ${{ job.status }} publish_sdk: name: publish_sdk - needs: publish + needs: + - prerequisites + - publish runs-on: ubuntu-latest steps: - - id: version - uses: pulumi/provider-version-action@v1 - name: Publish SDKs uses: pulumi/pulumi-package-publisher@v0.0.18 with: sdk: all - version: ${{ steps.version.outputs.version }} + version: ${{ needs.prerequisites.outputs.version }} dotnet-version: "6.0.x" java-version: "11" node-version: "20.x" @@ -128,7 +130,9 @@ jobs: uses: rtCamp/action-slack-notify@v2 publish_go_sdk: name: publish_go_sdk - needs: publish_sdk + needs: + - prerequisites + - publish_sdk runs-on: ubuntu-latest steps: - name: Checkout Repo @@ -138,8 +142,6 @@ jobs: with: tag: v0.0.46 repo: pulumi/pulumictl - - id: version - uses: pulumi/provider-version-action@v1 - name: Download Go SDK uses: actions/download-artifact@v4 with: @@ -155,7 +157,7 @@ jobs: base-ref: ${{ github.sha }} source: sdk path: sdk - version: ${{ steps.version.outputs.version }} + version: ${{ needs.prerequisites.outputs.version }} additive: false # Avoid including other language SDKs & artifacts in the commit files: | @@ -164,17 +166,18 @@ jobs: !*.tar.gz test: name: test - needs: build_sdk + needs: + - prerequisites + - build_sdk permissions: contents: read id-token: write runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - name: Checkout Repo uses: actions/checkout@v4 - - uses: pulumi/provider-version-action@v1 - with: - set-env: 'PROVIDER_VERSION' - name: Install Go uses: actions/setup-go@v5 with: @@ -271,6 +274,20 @@ jobs: - dotnet - go - java + verify-release: + name: verify-release + needs: + - prerequisites + - publish + - publish_sdk + - publish_go_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ needs.prerequisites.outputs.version }} + # Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release. + enableMacosRunner: false + name: prerelease on: push: diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 0a36ad40f..e1a38d5b9 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -12,6 +12,10 @@ on: default_branch: type: string required: true + outputs: + version: + description: "Provider version being built" + value: ${{ jobs.prerequisites.outputs.version }} env: DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }} @@ -38,10 +42,13 @@ jobs: prerequisites: name: prerequisites runs-on: ubuntu-latest + outputs: + version: ${{ steps.provider-version.outputs.version }} steps: - name: Checkout Repo uses: actions/checkout@v4 - uses: pulumi/provider-version-action@v1 + id: provider-version with: set-env: 'PROVIDER_VERSION' - name: Cache examples generation diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 12bc54093..87d5f9c1f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,15 +21,25 @@ env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} TF_APPEND_USER_AGENT: pulumi jobs: + prerequisites: + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + build_sdk: name: build_sdk needs: prerequisites uses: ./.github/workflows/build_sdk.yml secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} create_docs_build: name: create_docs_build - needs: tag_sdk + needs: publish_go_sdk runs-on: ubuntu-latest steps: - name: Dispatch Metadata build @@ -48,17 +58,11 @@ jobs: name: License Check uses: ./.github/workflows/license.yml secrets: inherit - prerequisites: - uses: ./.github/workflows/prerequisites.yml - secrets: inherit - with: - default_branch: ${{ github.event.repository.default_branch }} - is_pr: ${{ github.event_name == 'pull_request' }} - is_automated: ${{ github.actor == 'dependabot[bot]' }} publish: name: publish needs: + - prerequisites - test - license_check runs-on: ubuntu-latest @@ -97,13 +101,11 @@ jobs: role-external-id: upload-pulumi-release role-session-name: datadog@githubActions role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - - id: version - uses: pulumi/provider-version-action@v1 - name: Run GoReleaser uses: goreleaser/goreleaser-action@v5 env: - GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} - PROVIDER_VERSION: ${{ steps.version.outputs.version }} + GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }} + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} with: args: -p 3 release --rm-dist --timeout 60m0s version: latest @@ -116,16 +118,16 @@ jobs: status: ${{ job.status }} publish_sdk: name: publish_sdk - needs: publish + needs: + - prerequisites + - publish runs-on: ubuntu-latest steps: - - id: version - uses: pulumi/provider-version-action@v1 - name: Publish SDKs uses: pulumi/pulumi-package-publisher@v0.0.18 with: sdk: all - version: ${{ steps.version.outputs.version }} + version: ${{ needs.prerequisites.outputs.version }} dotnet-version: "6.0.x" java-version: "11" node-version: "20.x" @@ -141,9 +143,11 @@ jobs: if: failure() name: Send Publish Failure To Slack uses: rtCamp/action-slack-notify@v2 - tag_sdk: - name: tag_sdk - needs: publish_sdk + publish_go_sdk: + name: publish_go_sdk + needs: + - prerequisites + - publish_sdk runs-on: ubuntu-latest steps: - name: Checkout Repo @@ -153,8 +157,6 @@ jobs: with: tag: v0.0.46 repo: pulumi/pulumictl - - id: version - uses: pulumi/provider-version-action@v1 - name: Download Go SDK uses: actions/download-artifact@v4 with: @@ -170,7 +172,7 @@ jobs: base-ref: ${{ github.sha }} source: sdk path: sdk - version: ${{ steps.version.outputs.version }} + version: ${{ needs.prerequisites.outputs.version }} additive: false # Avoid including other language SDKs & artifacts in the commit files: | @@ -197,17 +199,18 @@ jobs: test: name: test - needs: build_sdk + needs: + - prerequisites + - build_sdk permissions: contents: read id-token: write runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - name: Checkout Repo uses: actions/checkout@v4 - - uses: pulumi/provider-version-action@v1 - with: - set-env: 'PROVIDER_VERSION' - name: Install Go uses: actions/setup-go@v5 with: @@ -304,6 +307,19 @@ jobs: - dotnet - go - java + verify-release: + name: verify-release + needs: + - prerequisites + - publish + - publish_sdk + - publish_go_sdk + uses: ./.github/workflows/verify-release.yml + secrets: inherit + with: + providerVersion: ${{ needs.prerequisites.outputs.version }} + enableMacosRunner: true + name: release on: push: diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 34c46aae8..f2e86795a 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -27,6 +27,16 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: + prerequisites: + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + uses: ./.github/workflows/prerequisites.yml + secrets: inherit + with: + default_branch: ${{ github.event.repository.default_branch }} + is_pr: ${{ github.event_name == 'pull_request' }} + is_automated: ${{ github.actor == 'dependabot[bot]' }} + build_sdk: if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository @@ -34,6 +44,8 @@ jobs: needs: prerequisites uses: ./.github/workflows/build_sdk.yml secrets: inherit + with: + version: ${{ needs.prerequisites.outputs.version }} comment-notification: if: github.event_name == 'repository_dispatch' @@ -50,16 +62,6 @@ jobs: issue-number: ${{ github.event.client_payload.github.payload.issue.number }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} token: ${{ secrets.PULUMI_BOT_TOKEN }} - prerequisites: - if: github.event_name == 'repository_dispatch' || - github.event.pull_request.head.repo.full_name == github.repository - uses: ./.github/workflows/prerequisites.yml - secrets: inherit - with: - default_branch: ${{ github.event.repository.default_branch }} - is_pr: ${{ github.event_name == 'pull_request' }} - is_automated: ${{ github.actor == 'dependabot[bot]' }} - sentinel: name: sentinel if: github.event_name == 'repository_dispatch' || @@ -85,19 +87,20 @@ jobs: if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository name: test - needs: build_sdk + needs: + - prerequisites + - build_sdk permissions: contents: read id-token: write runs-on: ubuntu-latest + env: + PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - name: Checkout Repo uses: actions/checkout@v4 with: ref: ${{ env.PR_COMMIT_SHA }} - - uses: pulumi/provider-version-action@v1 - with: - set-env: 'PROVIDER_VERSION' - name: Checkout p/examples if: matrix.testTarget == 'pulumiExamples' uses: actions/checkout@v4 diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml new file mode 100644 index 000000000..c5ef16bd9 --- /dev/null +++ b/.github/workflows/verify-release.yml @@ -0,0 +1,67 @@ +name: "Verify Release" + +on: + workflow_dispatch: + inputs: + providerVersion: + description: "The version of the provider to verify" + required: true + type: string + enableMacRunner: + description: "Enable the MacOS runner in addition to Linux and Windows. Defaults to 'false'." + required: false + type: boolean + workflow_call: + inputs: + providerVersion: + description: "The version of the provider to verify" + required: true + type: string + enableMacosRunner: + description: "Enable the macos-latest runner in addition to ubuntu-latest and windows-latest. Defaults to 'false'." + required: false + type: boolean + default: false + +env: + DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }} + DATADOG_APP_KEY: ${{ secrets.DATADOG_APP_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_API: https://api.pulumi-staging.io + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + PYPI_USERNAME: __token__ + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + TF_APPEND_USER_AGENT: pulumi + +jobs: + verify-release: + name: verify-release + # We don't have any release verification configurations, so we never run this workflow. + # Configure your .ci-mgmt.yaml files to include the release verification configurations e.g. + # releaseVerification: + # nodejs: path/to/nodejs/project + # python: path/to/python/project + # dotnet: path/to/dotnet/project + # go: path/to/go/project + if: false + strategy: + matrix: + # We don't have any release verification configurations, so we only run on Linux to print warnings to help users configure the release verification. + runner: ["ubuntu-latest"] + runs-on: ${{ matrix.runner }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + - name: Setup tools + uses: ./.github/actions/setup-tools diff --git a/scripts/upstream.sh b/scripts/upstream.sh index d35932e0e..fdbdecbec 100755 --- a/scripts/upstream.sh +++ b/scripts/upstream.sh @@ -91,7 +91,7 @@ start_rebase() { for patch in ../patches/*.patch; do echo "Applying $patch" - if ! git am --3way "$patch"; then + if ! git am --3way "$patch" --allow-empty; then echo echo "Failed to apply ${patch}. Please run 'make upstream.rebase FROM=$TAG' where '$TAG' allows the patch set to apply cleanly" echo