Sign Windows release binaries (#429)
### Proposed changes This PR adds a new Makefile target `make sign-goreleaser-exe` target to sign all built GoReleaser windows binaries. This PR contains 2 changes: - Makefile target - Copied ci-mgmt workflow files for validation purposes (generated from: https://github.com/pulumi/ci-mgmt/pull/1318) Please see the linked ci-mgmt issue for status of GitHub actions workflows to validate that the binaries are signed.
This commit is contained in:
Ramon Quitales
37
.github/workflows/prerelease.yml
vendored
37
.github/workflows/prerelease.yml
vendored
@@ -6,6 +6,13 @@ on:
|
||||
tags:
|
||||
- v*.*.*-**
|
||||
env:
|
||||
AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
|
||||
AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
|
||||
AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
|
||||
AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
|
||||
SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' &&
|
||||
secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID
|
||||
== '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
|
||||
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|
||||
PROVIDER: docker-build
|
||||
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
|
||||
@@ -58,7 +65,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Install Go
|
||||
@@ -71,7 +78,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
|
||||
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1
|
||||
- if: github.event_name == 'pull_request'
|
||||
name: Install Schema Tools
|
||||
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0
|
||||
@@ -166,7 +173,7 @@ jobs:
|
||||
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
|
||||
pulumi-gen-${{ env.PROVIDER}}
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
|
||||
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin/provider.tar.gz
|
||||
@@ -203,7 +210,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Install Go
|
||||
@@ -216,7 +223,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
|
||||
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
|
||||
with:
|
||||
@@ -310,7 +317,7 @@ jobs:
|
||||
- name: Tar SDK folder
|
||||
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
|
||||
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
||||
with:
|
||||
name: ${{ matrix.language }}-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
|
||||
@@ -345,7 +352,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Install Go
|
||||
@@ -358,7 +365,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
|
||||
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
|
||||
with:
|
||||
@@ -461,7 +468,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Install Go
|
||||
@@ -483,7 +490,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
|
||||
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1
|
||||
- name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
|
||||
with:
|
||||
@@ -519,7 +526,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Checkout Scripts Repo
|
||||
@@ -538,7 +545,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
|
||||
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
|
||||
with:
|
||||
@@ -602,7 +609,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Install Go
|
||||
@@ -615,7 +622,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
|
||||
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
|
||||
with:
|
||||
@@ -653,7 +660,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Download go SDK
|
||||
|
||||
37
.github/workflows/release.yml
vendored
37
.github/workflows/release.yml
vendored
@@ -7,6 +7,13 @@ on:
|
||||
- v*.*.*
|
||||
- "!v*.*.*-**"
|
||||
env:
|
||||
AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
|
||||
AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
|
||||
AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
|
||||
AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
|
||||
SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' &&
|
||||
secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID
|
||||
== '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
|
||||
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|
||||
PROVIDER: docker-build
|
||||
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
|
||||
@@ -58,7 +65,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Install Go
|
||||
@@ -71,7 +78,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
|
||||
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1
|
||||
- if: github.event_name == 'pull_request'
|
||||
name: Install Schema Tools
|
||||
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0
|
||||
@@ -166,7 +173,7 @@ jobs:
|
||||
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
|
||||
pulumi-gen-${{ env.PROVIDER}}
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
|
||||
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin/provider.tar.gz
|
||||
@@ -203,7 +210,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Install Go
|
||||
@@ -216,7 +223,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
|
||||
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
|
||||
with:
|
||||
@@ -310,7 +317,7 @@ jobs:
|
||||
- name: Tar SDK folder
|
||||
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
|
||||
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
||||
with:
|
||||
name: ${{ matrix.language }}-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
|
||||
@@ -345,7 +352,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Install Go
|
||||
@@ -358,7 +365,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
|
||||
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
|
||||
with:
|
||||
@@ -461,7 +468,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Install Go
|
||||
@@ -483,7 +490,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
|
||||
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1
|
||||
- name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
|
||||
with:
|
||||
@@ -519,7 +526,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Checkout Scripts Repo
|
||||
@@ -538,7 +545,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
|
||||
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
|
||||
with:
|
||||
@@ -602,7 +609,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Install Go
|
||||
@@ -615,7 +622,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
|
||||
uses: pulumi/actions@13b8b7177d6fb736766875dac9b78aab07bd785f # v6.0.1
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
|
||||
with:
|
||||
@@ -653,7 +660,7 @@ jobs:
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
- name: Download go SDK
|
||||
|
||||
Reference in New Issue
Block a user