diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index e15b1ec..a115f8c 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -4,10 +4,10 @@ name: run-acceptance-tests on: repository_dispatch: types: - - run-acceptance-tests-command + - run-acceptance-tests-command pull_request: paths-ignore: - - CHANGELOG.md + - CHANGELOG.md workflow_dispatch: {} env: GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} @@ -54,166 +54,173 @@ jobs: runs-on: ubuntu-latest name: comment-notification steps: - - name: Create URL to the run output - id: vars - run: echo - "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" - >> "$GITHUB_OUTPUT" - - name: Update with Result - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - with: - token: ${{ secrets.PULUMI_BOT_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - issue-number: ${{ github.event.client_payload.github.payload.issue.number }} - body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}" + - name: Create URL to the run output + id: vars + run: echo + "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" + >> "$GITHUB_OUTPUT" + - name: Update with Result + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}" if: github.event_name == 'repository_dispatch' prerequisites: runs-on: ubuntu-latest name: prerequisites steps: - - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - lfs: true - persist-credentials: false - ref: ${{ env.PR_COMMIT_SHA }} - - id: version - name: Set Provider Version - uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 - with: - set-env: PROVIDER_VERSION - - name: Install Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 - with: - go-version: ${{ env.GOVERSION }} - cache-dependency-path: "**/*.sum" - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0 - - if: github.event_name == 'pull_request' - name: Install Schema Tools - uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 - with: - repo: pulumi/schema-tools - - name: Build codegen binaries - run: make codegen - - name: Build Schema - run: make generate_schema - - if: github.event_name == 'pull_request' - name: Check Schema is Valid - run: >- - { - echo 'SCHEMA_CHANGES<- + { + echo 'SCHEMA_CHANGES<> "$GITHUB_ENV" - env: - GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - - if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' - name: Comment on PR with Details of Schema Check - uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 - with: - message: | - ${{ env.SCHEMA_CHANGES }} - comment-tag: schemaCheck - github-token: ${{ secrets.GITHUB_TOKEN }} - - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && - github.actor == 'pulumi-bot' - name: Add label if no breaking changes - uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 - with: - labels: impact/no-changelog-required - number: ${{ github.event.issue.number }} - github_token: ${{ secrets.GITHUB_TOKEN }} - - name: Build Provider - run: make provider - - name: Check worktree clean - id: worktreeClean - uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 - with: - allowed-changes: |- - sdk/**/pulumi-plugin.json - sdk/dotnet/*.*.csproj - sdk/dotnet/version.txt - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Commit SDK changes for Renovate - if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') && github.event_name == - 'pull_request' - shell: bash - run: > - git diff --quiet -- sdk && echo "no changes to sdk" && exit + schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json; - git config --global user.email "bot@pulumi.com" - - git config --global user.name "pulumi-bot" - - # Stash local changes and check out the PR's branch directly. - - git stash - - git fetch - - git checkout "origin/$HEAD_REF" - - - # Apply and add our changes, but don't commit any files we expect to - - # always change due to versioning. - - git stash pop - - git add sdk - - git reset sdk/python/*/pulumi-plugin.json \ - sdk/python/pyproject.toml \ - sdk/dotnet/pulumi-plugin.json \ - sdk/dotnet/*.*.csproj \ - sdk/dotnet/version.txt \ - sdk/go/*/pulumi-plugin.json \ - sdk/go/*/internal/pulumiUtilities.go \ + echo 'EOF'; + } >> "$GITHUB_ENV" + env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + - if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + message: | + ${{ env.SCHEMA_CHANGES }} + comment-tag: schemaCheck + github-token: ${{ secrets.GITHUB_TOKEN }} + - if: + contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && + github.actor == 'pulumi-bot' + name: Add label if no breaking changes + uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 + with: + labels: impact/no-changelog-required + number: ${{ github.event.issue.number }} + github_token: ${{ secrets.GITHUB_TOKEN }} + - name: Build Provider + run: make provider + - name: Check worktree clean + id: worktreeClean + uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 + with: + allowed-changes: |- + sdk/**/pulumi-plugin.json + sdk/dotnet/*.*.csproj + sdk/dotnet/version.txt + sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Commit SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit - git commit -m 'Commit SDK for Renovate' + git config --global user.email "bot@pulumi.com" + + git config --global user.name "pulumi-bot" + + # Stash local changes and check out the PR's branch directly. + + git stash + + git fetch + + git checkout "origin/$HEAD_REF" - # Push with pulumi-bot credentials to trigger a re-run of the + # Apply and add our changes, but don't commit any files we expect to - # workflow. https://github.com/orgs/community/discussions/25702 + # always change due to versioning. - git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" - env: - HEAD_REF: ${{ github.head_ref }} - - run: git status --porcelain - - name: Tar provider binaries - run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ - github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} - pulumi-gen-${{ env.PROVIDER}} - - name: Upload artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: pulumi-${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin/provider.tar.gz - - name: Test Provider Library - run: make test_provider - - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - - if: failure() && github.event_name == 'push' - name: Notify Slack - uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 - with: - author_name: Failure in building provider prerequisites - fields: repo,commit,author,action - status: ${{ job.status }} + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json \ + sdk/python/pyproject.toml \ + sdk/dotnet/pulumi-plugin.json \ + sdk/dotnet/*.*.csproj \ + sdk/dotnet/version.txt \ + sdk/go/*/pulumi-plugin.json \ + sdk/go/*/internal/pulumiUtilities.go \ + sdk/nodejs/package.json + + git commit -m 'Commit SDK for Renovate' + + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} + - run: git status --porcelain + - name: Tar provider binaries + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} + pulumi-gen-${{ env.PROVIDER}} + - name: Upload artifacts + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + - name: Test Provider Library + run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 + with: + author_name: Failure in building provider prerequisites + fields: repo,commit,author,action + status: ${{ job.status }} if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository build_sdks: @@ -223,333 +230,336 @@ jobs: fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - - nodejs - - python - - dotnet - - go - - java + - nodejs + - python + - dotnet + - go + - java name: build_sdks steps: - - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - lfs: true - persist-credentials: false - ref: ${{ env.PR_COMMIT_SHA }} - - id: version - name: Set Provider Version - uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 - with: - set-env: PROVIDER_VERSION - - name: Install Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 - with: - go-version: ${{ env.GOVERSION }} - cache-dependency-path: "**/*.sum" - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0 - - name: Setup Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 - with: - node-version: ${{ env.NODEVERSION }} - registry-url: https://registry.npmjs.org - - name: Setup DotNet - uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Setup Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Setup Java - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: ${{ env.JAVAVERSION }} - distribution: temurin - cache: gradle - - name: Setup Gradle - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 - with: - gradle-version: "7.6" - - name: Download provider - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - name: pulumi-${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: UnTar provider binaries - run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ - github.workspace}}/bin - - name: Restore Binary Permissions - run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Generate SDK - run: make generate_${{ matrix.language }} - - name: Build SDK - run: make build_${{ matrix.language }} - - name: Check worktree clean - id: worktreeClean - uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 - with: - allowed-changes: |- - sdk/**/pulumi-plugin.json - sdk/dotnet/*.*.csproj - sdk/dotnet/version.txt - sdk/go/**/pulumiUtilities.go - sdk/nodejs/package.json - sdk/python/pyproject.toml - - name: Commit SDK changes for Renovate - if: failure() && steps.worktreeClean.outcome == 'failure' && - contains(github.actor, 'renovate') && github.event_name == - 'pull_request' - shell: bash - run: > - git diff --quiet -- sdk && echo "no changes to sdk" && exit - - git config --global user.email "bot@pulumi.com" - - git config --global user.name "pulumi-bot" - - # Stash local changes and check out the PR's branch directly. - - git stash - - git fetch - - git checkout "origin/$HEAD_REF" - - - # Apply and add our changes, but don't commit any files we expect to - - # always change due to versioning. - - git stash pop - - git add sdk - - git reset sdk/python/*/pulumi-plugin.json \ - sdk/python/pyproject.toml \ - sdk/dotnet/pulumi-plugin.json \ - sdk/dotnet/*.*.csproj \ - sdk/dotnet/version.txt \ - sdk/go/*/pulumi-plugin.json \ - sdk/go/*/internal/pulumiUtilities.go \ + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + persist-credentials: false + ref: ${{ env.PR_COMMIT_SHA }} + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0 + - name: Setup Node + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + with: + gradle-version: "7.6" + - name: Download provider + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Generate SDK + run: make generate_${{ matrix.language }} + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + id: worktreeClean + uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 + with: + allowed-changes: |- + sdk/**/pulumi-plugin.json + sdk/dotnet/*.*.csproj + sdk/dotnet/version.txt + sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json + sdk/python/pyproject.toml + - name: Commit SDK changes for Renovate + if: failure() && steps.worktreeClean.outcome == 'failure' && + contains(github.actor, 'renovate') && github.event_name == + 'pull_request' + shell: bash + run: > + git diff --quiet -- sdk && echo "no changes to sdk" && exit - git commit -m 'Commit SDK for Renovate' + git config --global user.email "bot@pulumi.com" - # Push with pulumi-bot credentials to trigger a re-run of the + git config --global user.name "pulumi-bot" - # workflow. https://github.com/orgs/community/discussions/25702 + # Stash local changes and check out the PR's branch directly. - git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" - env: - HEAD_REF: ${{ github.head_ref }} - - run: git status --porcelain - - name: Tar SDK folder - run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . - - name: Upload artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz - retention-days: 30 - - if: failure() && github.event_name == 'push' - name: Notify Slack - uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 - with: - author_name: Failure while building SDKs - fields: repo,commit,author,action - status: ${{ job.status }} + git stash + + git fetch + + git checkout "origin/$HEAD_REF" + + + # Apply and add our changes, but don't commit any files we expect to + + # always change due to versioning. + + git stash pop + + git add sdk + + git reset sdk/python/*/pulumi-plugin.json \ + sdk/python/pyproject.toml \ + sdk/dotnet/pulumi-plugin.json \ + sdk/dotnet/*.*.csproj \ + sdk/dotnet/version.txt \ + sdk/go/*/pulumi-plugin.json \ + sdk/go/*/internal/pulumiUtilities.go \ + sdk/nodejs/package.json + + git commit -m 'Commit SDK for Renovate' + + # Push with pulumi-bot credentials to trigger a re-run of the + + # workflow. https://github.com/orgs/community/discussions/25702 + + git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" + env: + HEAD_REF: ${{ github.head_ref }} + - run: git status --porcelain + - name: Tar SDK folder + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + retention-days: 30 + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 + with: + author_name: Failure while building SDKs + fields: repo,commit,author,action + status: ${{ job.status }} if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository test: runs-on: pulumi-ubuntu-8core needs: - - build_sdks + - build_sdks strategy: fail-fast: true matrix: language: - - nodejs - - python - - dotnet - - go - - java - - yaml + - nodejs + - python + - dotnet + - go + - java + - yaml name: test permissions: contents: read id-token: write steps: - - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - lfs: true - persist-credentials: false - ref: ${{ env.PR_COMMIT_SHA }} - - id: version - name: Set Provider Version - uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 - with: - set-env: PROVIDER_VERSION - - name: Install Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 - with: - go-version: ${{ env.GOVERSION }} - cache-dependency-path: "**/*.sum" - - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 - with: - repo: pulumi/pulumictl - - name: Install Pulumi CLI - uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0 - - name: Setup Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 - with: - node-version: ${{ env.NODEVERSION }} - registry-url: https://registry.npmjs.org - - name: Setup DotNet - uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 - with: - dotnet-version: ${{ env.DOTNETVERSION }} - - name: Setup Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: ${{ env.PYTHONVERSION }} - - name: Setup Java - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - java-version: ${{ env.JAVAVERSION }} - distribution: temurin - cache: gradle - - name: Setup Gradle - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 - with: - gradle-version: "7.6" - - name: Download provider - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - name: pulumi-${{ env.PROVIDER }}-provider.tar.gz - path: ${{ github.workspace }}/bin - - name: UnTar provider binaries - run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ - github.workspace}}/bin - - name: Restore Binary Permissions - run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print - -exec chmod +x {} \; - - name: Download SDK - if: ${{ matrix.language != 'yaml' }} - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - name: ${{ matrix.language }}-sdk.tar.gz - path: ${{ github.workspace}}/sdk/ - - name: UnTar SDK folder - if: ${{ matrix.language != 'yaml' }} - run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ - github.workspace}}/sdk/${{ matrix.language}} - - name: Update path - run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - - name: Install Node dependencies - run: yarn global add typescript - - run: dotnet nuget add source ${{ github.workspace }}/nuget - - name: Install Python deps - run: |- - pip3 install virtualenv==20.0.23 - pip3 install pipenv - - name: Install dependencies - if: ${{ matrix.language != 'yaml' }} - run: make install_${{ matrix.language}}_sdk - - name: Generate Pulumi Access Token - id: generate_pulumi_token - uses: pulumi/auth-actions@1c89817aab0c66407723cdef72b05266e7376640 # v1.0.1 - with: - organization: pulumi - requested-token-type: urn:pulumi:token-type:access_token:organization - export-environment-variables: false - - name: Export AWS Credentials - uses: pulumi/esc-action@efb0bc8946938f0dfbfa00e829196ec95f0d0ea7 # v1.4.0 - env: - PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }} - with: - environment: logins/pulumi-ci - - name: Authenticate to Google Cloud - uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10 - with: - workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER - }}/locations/global/workloadIdentityPools/${{ - env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ - env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} - service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} - - name: Setup gcloud auth - uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4 - with: - install_components: gke-gcloud-auth-plugin - - name: Install gotestfmt - uses: GoTestTools/gotestfmt-action@v2 - with: - version: v2.5.0 - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run tests - run: >- - set -euo pipefail + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + persist-credentials: false + ref: ${{ env.PR_COMMIT_SHA }} + - id: version + name: Set Provider Version + uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 + with: + set-env: PROVIDER_VERSION + - name: Install Go + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0 + - name: Setup Node + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 + with: + gradle-version: "7.6" + - name: Download provider + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: + find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Download SDK + if: ${{ matrix.language != 'yaml' }} + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: UnTar SDK folder + if: ${{ matrix.language != 'yaml' }} + run: + tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ + github.workspace}}/sdk/${{ matrix.language}} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" + - name: Install Node dependencies + run: yarn global add typescript + - run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + if: ${{ matrix.language != 'yaml' }} + run: make install_${{ matrix.language}}_sdk + - name: Generate Pulumi Access Token + id: generate_pulumi_token + uses: pulumi/auth-actions@1c89817aab0c66407723cdef72b05266e7376640 # v1.0.1 + with: + organization: pulumi + requested-token-type: urn:pulumi:token-type:access_token:organization + export-environment-variables: false + - name: Export AWS Credentials + uses: pulumi/esc-action@efb0bc8946938f0dfbfa00e829196ec95f0d0ea7 # v1.4.0 + env: + PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }} + with: + environment: logins/pulumi-ci + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10 + with: + workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER + }}/locations/global/workloadIdentityPools/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} + - name: Setup gcloud auth + uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4 + with: + install_components: gke-gcloud-auth-plugin + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + version: v2.5.0 + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run tests + run: >- + set -euo pipefail - cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . - - if: failure() && github.event_name == 'push' - name: Notify Slack - uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 - with: - author_name: Failure in SDK tests - fields: repo,commit,author,action - status: ${{ job.status }} + cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 + with: + author_name: Failure in SDK tests + fields: repo,commit,author,action + status: ${{ job.status }} if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository sentinel: runs-on: ubuntu-latest name: sentinel steps: - - name: Mark workflow as successful - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 - with: - authToken: ${{ secrets.GITHUB_TOKEN }} - context: Sentinel - state: success - description: Sentinel checks passed - sha: ${{ github.event.pull_request.head.sha || github.sha }} + - name: Mark workflow as successful + uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 + with: + authToken: ${{ secrets.GITHUB_TOKEN }} + context: Sentinel + state: success + description: Sentinel checks passed + sha: ${{ github.event.pull_request.head.sha || github.sha }} permissions: statuses: write if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository needs: - - test - - prerequisites - - lint + - test + - prerequisites + - lint lint: runs-on: ubuntu-latest steps: - - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - lfs: true - persist-credentials: false - ref: ${{ env.PR_COMMIT_SHA }} - - name: Install Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 - with: - go-version: ${{ env.GOVERSION }} - cache-dependency-path: "**/*.sum" - - name: Disarm go:embed directives to enable linters that compile source code - run: git grep -l 'go:embed' -- provider | xargs --no-run-if-empty sed -i - 's/go:embed/ goembed/g' - - name: golangci-lint provider pkg - uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2 - with: - version: ${{ env.GOLANGCI_LINT_VERSION }} - args: -c ../.golangci.yml - working-directory: provider + - name: Checkout Repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + lfs: true + persist-credentials: false + ref: ${{ env.PR_COMMIT_SHA }} + - name: Install Go + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + with: + go-version: ${{ env.GOVERSION }} + cache-dependency-path: "**/*.sum" + - name: Disarm go:embed directives to enable linters that compile source code + run: git grep -l 'go:embed' -- provider | xargs --no-run-if-empty sed -i + 's/go:embed/ goembed/g' + - name: golangci-lint provider pkg + uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2 + with: + version: ${{ env.GOLANGCI_LINT_VERSION }} + args: -c ../.golangci.yml + working-directory: provider name: lint if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository