Update first-party Pulumi dependencies to v3.147.0 (#3446) #452
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt | |
name: build | |
on: | |
push: | |
branches: | |
- master | |
- main | |
- feature-** | |
paths-ignore: | |
- CHANGELOG.md | |
tags-ignore: | |
- v* | |
- sdk/* | |
- "**" | |
workflow_dispatch: {} | |
env: | |
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} | |
PROVIDER: kubernetes | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} | |
PYPI_USERNAME: __token__ | |
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | |
TRAVIS_OS_NAME: linux | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} | |
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} | |
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} | |
GOVERSION: 1.21.x | |
NODEVERSION: 20.x | |
PYTHONVERSION: "3.11" | |
DOTNETVERSION: | | |
6.0.x | |
3.1.301 | |
JAVAVERSION: "11" | |
AWS_REGION: us-west-2 | |
PULUMI_TEST_OWNER: moolumi | |
GOLANGCI_LINT_VERSION: v1.61.0 | |
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected] | |
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci | |
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci | |
GOOGLE_PROJECT_NUMBER: 637339343727 | |
jobs: | |
prerequisites: | |
runs-on: ubuntu-latest | |
name: prerequisites | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
lfs: true | |
- id: version | |
name: Set Provider Version | |
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 | |
with: | |
set-env: PROVIDER_VERSION | |
- name: Install Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
cache-dependency-path: "**/*.sum" | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1 | |
with: | |
pulumi-version-file: .pulumi.version | |
- if: github.event_name == 'pull_request' | |
name: Install Schema Tools | |
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 | |
with: | |
repo: pulumi/schema-tools | |
- name: Build K8sgen | |
run: make k8sgen | |
- name: Prepare OpenAPI file | |
run: make openapi_file | |
- name: Prepare Schema | |
run: make schema | |
- name: Make Kubernetes provider | |
run: make k8sprovider | |
- if: github.event_name == 'pull_request' | |
name: Check Schema is Valid | |
run: >- | |
echo 'SCHEMA_CHANGES<<EOF' >> $GITHUB_ENV | |
schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV | |
echo 'EOF' >> $GITHUB_ENV | |
env: | |
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} | |
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' | |
name: Comment on PR with Details of Schema Check | |
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 | |
with: | |
message: | | |
${{ env.SCHEMA_CHANGES }} | |
comment-tag: schemaCheck | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && | |
github.actor == 'pulumi-bot' | |
name: Add label if no breaking changes | |
uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 | |
with: | |
labels: impact/no-changelog-required | |
number: ${{ github.event.issue.number }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check worktree clean | |
id: worktreeClean | |
uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 | |
with: | |
allowed-changes: |- | |
sdk/**/pulumi-plugin.json | |
sdk/dotnet/Pulumi.*.csproj | |
sdk/go/**/pulumiUtilities.go | |
sdk/nodejs/package.json | |
sdk/python/pyproject.toml | |
- name: Commit ${{ matrix.language }} SDK changes for Renovate | |
if: failure() && steps.worktreeClean.outcome == 'failure' && | |
contains(github.actor, 'renovate') && github.event_name == | |
'pull_request' | |
shell: bash | |
run: > | |
git diff --quiet -- sdk && echo "no changes to sdk" && exit | |
git config --global user.email "[email protected]" | |
git config --global user.name "pulumi-bot" | |
# Stash local changes and check out the PR's branch directly. | |
git stash | |
git fetch | |
git checkout "origin/$HEAD_REF" | |
# Apply and add our changes, but don't commit any files we expect to | |
# always change due to versioning. | |
git stash pop | |
git add sdk | |
git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json | |
git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' | |
# Push with pulumi-bot credentials to trigger a re-run of the | |
# workflow. https://github.com/orgs/community/discussions/25702 | |
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" | |
env: | |
HEAD_REF: ${{ github.head_ref }} | |
- run: git status --porcelain | |
- name: Tar provider binaries | |
run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} | |
pulumi-gen-${{ env.PROVIDER}} | |
- name: Upload artifacts | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
with: | |
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz | |
path: ${{ github.workspace }}/bin/provider.tar.gz | |
- name: Test Provider Library | |
run: make test_provider | |
- name: Upload coverage reports to Codecov | |
uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 | |
with: | |
author_name: Failure in building provider prerequisites | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
build_sdks: | |
needs: prerequisites | |
runs-on: pulumi-ubuntu-8core | |
strategy: | |
fail-fast: ${{ ! contains(github.actor, 'renovate') }} | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
name: build_sdks | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
lfs: true | |
- id: version | |
name: Set Provider Version | |
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 | |
with: | |
set-env: PROVIDER_VERSION | |
- name: Install Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
cache-dependency-path: "**/*.sum" | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1 | |
with: | |
pulumi-version-file: .pulumi.version | |
- name: Setup Node | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: ${{ env.NODEVERSION }} | |
registry-url: https://registry.npmjs.org | |
- name: Setup DotNet | |
uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 | |
with: | |
dotnet-version: ${{ env.DOTNETVERSION }} | |
- name: Setup Python | |
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
with: | |
python-version: ${{ env.PYTHONVERSION }} | |
- name: Setup Java | |
uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 | |
with: | |
java-version: ${{ env.JAVAVERSION }} | |
distribution: temurin | |
cache: gradle | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 | |
with: | |
gradle-version: "7.6" | |
- name: Download provider + tfgen binaries | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz | |
path: ${{ github.workspace }}/bin | |
- name: UnTar provider binaries | |
run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace}}/bin | |
- name: Restore Binary Permissions | |
run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print | |
-exec chmod +x {} \; | |
- name: Generate SDK | |
run: make ${{ matrix.language }}_sdk | |
- name: Check worktree clean | |
id: worktreeClean | |
uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 | |
with: | |
allowed-changes: |- | |
sdk/**/pulumi-plugin.json | |
sdk/dotnet/Pulumi.*.csproj | |
sdk/go/**/pulumiUtilities.go | |
sdk/nodejs/package.json | |
sdk/python/pyproject.toml | |
- name: Commit ${{ matrix.language }} SDK changes for Renovate | |
if: failure() && steps.worktreeClean.outcome == 'failure' && | |
contains(github.actor, 'renovate') && github.event_name == | |
'pull_request' | |
shell: bash | |
run: > | |
git diff --quiet -- sdk && echo "no changes to sdk" && exit | |
git config --global user.email "[email protected]" | |
git config --global user.name "pulumi-bot" | |
# Stash local changes and check out the PR's branch directly. | |
git stash | |
git fetch | |
git checkout "origin/$HEAD_REF" | |
# Apply and add our changes, but don't commit any files we expect to | |
# always change due to versioning. | |
git stash pop | |
git add sdk | |
git reset sdk/python/*/pulumi-plugin.json sdk/python/pyproject.toml sdk/dotnet/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/*/pulumi-plugin.json sdk/go/*/internal/pulumiUtilities.go sdk/nodejs/package.json | |
git commit -m 'Commit ${{ matrix.language }} SDK for Renovate' | |
# Push with pulumi-bot credentials to trigger a re-run of the | |
# workflow. https://github.com/orgs/community/discussions/25702 | |
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" | |
env: | |
HEAD_REF: ${{ github.head_ref }} | |
- run: git status --porcelain | |
- name: Tar SDK folder | |
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . | |
- name: Upload artifacts | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz | |
retention-days: 30 | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 | |
with: | |
author_name: Failure while building SDKs | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
test: | |
runs-on: pulumi-ubuntu-8core | |
needs: | |
- build_sdks | |
- build-test-cluster | |
strategy: | |
fail-fast: true | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
name: test | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
lfs: true | |
- id: version | |
name: Set Provider Version | |
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 | |
with: | |
set-env: PROVIDER_VERSION | |
- name: Install Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
cache-dependency-path: "**/*.sum" | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1 | |
with: | |
pulumi-version-file: .pulumi.version | |
- name: Setup Node | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: ${{ env.NODEVERSION }} | |
registry-url: https://registry.npmjs.org | |
- name: Setup DotNet | |
uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 | |
with: | |
dotnet-version: ${{ env.DOTNETVERSION }} | |
- name: Setup Python | |
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
with: | |
python-version: ${{ env.PYTHONVERSION }} | |
- name: Setup Java | |
uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 | |
with: | |
java-version: ${{ env.JAVAVERSION }} | |
distribution: temurin | |
cache: gradle | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 | |
with: | |
gradle-version: "7.6" | |
- name: Download provider + tfgen binaries | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz | |
path: ${{ github.workspace }}/bin | |
- name: UnTar provider binaries | |
run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace}}/bin | |
- name: Restore Binary Permissions | |
run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print | |
-exec chmod +x {} \; | |
- name: Download SDK | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: UnTar SDK folder | |
run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ | |
github.workspace}}/sdk/${{ matrix.language}} | |
- name: Update path | |
run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH | |
- name: Install Node dependencies | |
run: yarn global add typescript | |
- run: dotnet nuget add source ${{ github.workspace }}/nuget | |
- name: Install Python deps | |
run: |- | |
pip3 install virtualenv==20.0.23 | |
pip3 install pipenv | |
- name: Install dependencies | |
run: make install_${{ matrix.language}}_sdk | |
- name: Make Kube Directory | |
run: mkdir -p "~/.kube/" | |
- name: Download Kubeconfig | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: config | |
path: ~/.kube/ | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-region: ${{ env.AWS_REGION }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-duration-seconds: 3600 | |
role-session-name: ${{ env.PROVIDER }}@githubActions | |
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
- name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
with: | |
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER | |
}}/locations/global/workloadIdentityPools/${{ | |
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ | |
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} | |
- name: Setup gcloud auth | |
uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 | |
with: | |
install_components: gke-gcloud-auth-plugin | |
- name: Install Kubectl | |
run: > | |
curl -LO | |
https://storage.googleapis.com/kubernetes-release/release/$(curl -s | |
https://storage.googleapis.com/kubernetes-release/release/stable-1.28.txt)/bin/linux/amd64/kubectl | |
chmod +x ./kubectl | |
sudo mv kubectl /usr/local/bin | |
- name: Install and configure Helm | |
run: | | |
curl -LO https://get.helm.sh/helm-v3.8.0-linux-amd64.tar.gz | |
tar -xvf helm-v3.8.0-linux-amd64.tar.gz | |
sudo mv linux-amd64/helm /usr/local/bin | |
helm repo add stable https://charts.helm.sh/stable | |
helm repo update | |
- name: Install gotestfmt | |
uses: GoTestTools/gotestfmt-action@v2 | |
with: | |
version: v2.5.0 | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run tests | |
run: cd tests/sdk/${{ matrix.language }} && go test -v -count=1 -cover -timeout | |
2h -parallel 4 ./... | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 | |
with: | |
author_name: Failure in SDK tests | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
publish: | |
runs-on: ubuntu-latest | |
needs: test | |
name: publish | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
lfs: true | |
- id: version | |
name: Set Provider Version | |
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 | |
with: | |
set-env: PROVIDER_VERSION | |
- name: Install Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
cache-dependency-path: "**/*.sum" | |
- name: Clear GitHub Actions Ubuntu runner disk space | |
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 | |
with: | |
tool-cache: false | |
dotnet: false | |
android: true | |
haskell: true | |
swap-storage: true | |
large-packages: false | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1 | |
with: | |
pulumi-version-file: .pulumi.version | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-region: us-east-2 | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-duration-seconds: 7200 | |
role-session-name: ${{ env.PROVIDER }}@githubActions | |
role-external-id: upload-pulumi-release | |
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 | |
env: | |
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} | |
with: | |
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s | |
version: latest | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 | |
with: | |
author_name: Failure in publishing binaries | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
publish_sdk: | |
runs-on: ubuntu-latest | |
needs: publish | |
name: publish_sdk | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
lfs: true | |
- id: version | |
name: Set Provider Version | |
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 | |
with: | |
set-env: PROVIDER_VERSION | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
- run: echo "ci-scripts" >> .git/info/exclude | |
- name: Install Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
cache-dependency-path: "**/*.sum" | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1 | |
- name: Setup Node | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: ${{ env.NODEVERSION }} | |
registry-url: https://registry.npmjs.org | |
- name: Setup DotNet | |
uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 | |
with: | |
dotnet-version: ${{ env.DOTNETVERSION }} | |
- name: Setup Python | |
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
with: | |
python-version: ${{ env.PYTHONVERSION }} | |
- name: Download python SDK | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: python-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress python SDK | |
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C | |
${{github.workspace}}/sdk/python | |
- name: Download dotnet SDK | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: dotnet-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress dotnet SDK | |
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C | |
${{github.workspace}}/sdk/dotnet | |
- name: Download nodejs SDK | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: nodejs-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress nodejs SDK | |
run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C | |
${{github.workspace}}/sdk/nodejs | |
- name: Install Twine | |
run: python -m pip install twine==5.0.0 | |
- name: Publish SDKs | |
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
PYPI_PUBLISH_ARTIFACTS: all | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2 | |
with: | |
author_name: Failure in publishing SDK | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
lfs: true | |
persist-credentials: false | |
ref: ${{ env.PR_COMMIT_SHA }} | |
- name: Install Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
cache-dependency-path: "**/*.sum" | |
- name: Disarm go:embed directives to enable linters that compile source code | |
run: git grep -l 'go:embed' -- provider | xargs --no-run-if-empty sed -i | |
's/go:embed/ goembed/g' | |
- name: golangci-lint provider pkg | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
args: -c ../.golangci.yml | |
working-directory: provider | |
name: lint | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
build-test-cluster: | |
runs-on: ubuntu-latest | |
name: build-test-cluster | |
outputs: | |
stack-name: ${{ steps.stackname.outputs.stack-name }} | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
lfs: true | |
- name: Install Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
cache-dependency-path: "**/*.sum" | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1 | |
with: | |
pulumi-version-file: .pulumi.version | |
- name: Setup Node | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: ${{ env.NODEVERSION }} | |
registry-url: https://registry.npmjs.org | |
- name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
with: | |
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER | |
}}/locations/global/workloadIdentityPools/${{ | |
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ | |
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} | |
- name: Setup gcloud auth | |
uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 | |
with: | |
install_components: gke-gcloud-auth-plugin | |
- name: Install Kubectl | |
run: > | |
curl -LO | |
https://storage.googleapis.com/kubernetes-release/release/$(curl -s | |
https://storage.googleapis.com/kubernetes-release/release/stable-1.28.txt)/bin/linux/amd64/kubectl | |
chmod +x ./kubectl | |
sudo mv kubectl /usr/local/bin | |
- name: Login to Google Cloud Registry | |
run: gcloud --quiet auth configure-docker | |
- name: Set stack name in output | |
id: stackname | |
run: echo 'stack-name=${{ env.PULUMI_TEST_OWNER }}/${{ github.sha }}-${{ | |
github.run_id }}-${{ github.run_attempt }}' >> "$GITHUB_OUTPUT" | |
- name: Create test infrastructure | |
run: ./scripts/ci-cluster-create.sh ${{ steps.stackname.outputs.stack-name }} | |
- name: Upload Kubernetes Artifacts | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
with: | |
name: config | |
path: ~/.kube/config | |
destroy-test-cluster: | |
runs-on: ubuntu-latest | |
name: teardown-test-cluster | |
needs: | |
- build-test-cluster | |
- test | |
if: ${{ always() }} && github.event.pull_request.head.repo.full_name == | |
github.repository | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
lfs: true | |
- name: Install Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
cache-dependency-path: "**/*.sum" | |
- name: Install Pulumi CLI | |
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1 | |
with: | |
pulumi-version-file: .pulumi.version | |
- name: Setup Node | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: ${{ env.NODEVERSION }} | |
registry-url: https://registry.npmjs.org | |
- name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
with: | |
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER | |
}}/locations/global/workloadIdentityPools/${{ | |
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ | |
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} | |
- name: Setup gcloud auth | |
uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 | |
with: | |
install_components: gke-gcloud-auth-plugin | |
- name: Install Kubectl | |
run: > | |
curl -LO | |
https://storage.googleapis.com/kubernetes-release/release/$(curl -s | |
https://storage.googleapis.com/kubernetes-release/release/stable-1.28.txt)/bin/linux/amd64/kubectl | |
chmod +x ./kubectl | |
sudo mv kubectl /usr/local/bin | |
- name: Login to Google Cloud Registry | |
run: gcloud --quiet auth configure-docker | |
- name: Destroy test infra | |
run: ./scripts/ci-cluster-destroy.sh ${{ | |
needs.build-test-cluster.outputs.stack-name }} | |
- uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 | |
with: | |
name: config |