From ab17803a13b57064dbdd8dcd4e32b2c39e1df227 Mon Sep 17 00:00:00 2001 From: Pulumi Bot Date: Fri, 8 Mar 2024 00:33:32 +0000 Subject: [PATCH] [internal] Update GitHub Actions workflow files --- .github/workflows/build.yml | 542 ++++++++++++++++++++ .github/workflows/command-dispatch.yml | 67 +++ .github/workflows/prerelease.yml | 533 +++++++++++++++++++ .github/workflows/pull-request.yml | 64 +++ .github/workflows/release.yml | 562 +++++++++++++++++++++ .github/workflows/run-acceptance-tests.yml | 400 +++++++++++++++ .github/workflows/weekly-pulumi-update.yml | 137 +++++ .goreleaser.prerelease.yml | 37 ++ .goreleaser.yml | 37 ++ 9 files changed, 2379 insertions(+) create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/command-dispatch.yml create mode 100644 .github/workflows/prerelease.yml create mode 100644 .github/workflows/pull-request.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/run-acceptance-tests.yml create mode 100644 .github/workflows/weekly-pulumi-update.yml create mode 100644 .goreleaser.prerelease.yml create mode 100644 .goreleaser.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..c01ce5e --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,542 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: build +on: + push: + branches: + - master + - main + - feature-** + paths-ignore: + - CHANGELOG.md + tags-ignore: + - v* + - sdk/* + - "**" + workflow_dispatch: {} +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: docker-native + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 16.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" + AWS_REGION: us-west-2 + PULUMI_API: https://api.pulumi-staging.io + ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e + ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 + ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 + ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} + AZURE_LOCATION: westus + DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} + GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com + GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci + GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci + GOOGLE_PROJECT: pulumi-ci-gcp-provider + GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_REGION: us-central1 + GOOGLE_ZONE: us-central1-a + DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} +jobs: + prerequisites: + runs-on: ubuntu-latest + name: prerequisites + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - if: github.event_name == 'pull_request' + name: Install Schema Tools + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/schema-tools + - name: Build codegen binaries + run: make codegen + - name: Build Schema + run: make generate_schema + - if: github.event_name == 'pull_request' + name: Check Schema is Valid + run: >- + echo 'SCHEMA_CHANGES<> $GITHUB_ENV + + schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV + + echo 'EOF' >> $GITHUB_ENV + - if: github.event_name == 'pull_request' + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@v2 + with: + message: | + ${{ env.SCHEMA_CHANGES }} + comment_tag: schemaCheck + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && + github.actor == 'pulumi-bot' + name: Add label if no breaking changes + uses: actions-ecosystem/action-add-labels@v1.1.0 + with: + labels: impact/no-changelog-required + number: ${{ github.event.issue.number }} + github_token: ${{ secrets.GITHUB_TOKEN }} + - name: Build Provider + run: make provider + - name: Check worktree clean + run: ./ci-scripts/ci/check-worktree-is-clean + - run: git status --porcelain + - name: Tar provider binaries + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} + pulumi-gen-${{ env.PROVIDER}} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + - name: Test Provider Library + run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in building provider prerequisites + fields: repo,commit,author,action + status: ${{ job.status }} + build_sdks: + needs: prerequisites + runs-on: pulumi-ubuntu-8core + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: build_sdks + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@v3 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Generate SDK + run: make generate_${{ matrix.language }} + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + run: ./ci-scripts/ci/check-worktree-is-clean + - run: git status --porcelain + - name: Tar SDK folder + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + retention-days: 30 + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure while building SDKs + fields: repo,commit,author,action + status: ${{ job.status }} + test: + runs-on: pulumi-ubuntu-8core + needs: + - build_sdks + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: test + permissions: + contents: read + id-token: write + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@v3 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Download SDK + uses: actions/download-artifact@v4 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: UnTar SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ + github.workspace}}/sdk/${{ matrix.language}} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + - name: Install Node dependencies + run: yarn global add typescript + - run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 3600 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v0 + with: + workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER + }}/locations/global/workloadIdentityPools/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} + - name: Setup gcloud auth + uses: google-github-actions/setup-gcloud@v2 + with: + install_components: gke-gcloud-auth-plugin + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + version: v2.5.0 + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run tests + run: >- + set -euo pipefail + + cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in SDK tests + fields: repo,commit,author,action + status: ${{ job.status }} + publish: + runs-on: ubuntu-latest + needs: test + name: publish + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-external-id: upload-pulumi-release + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Set PreRelease Version + run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)" + >> $GITHUB_ENV + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v5 + with: + args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout + 60m0s + version: latest + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in publishing binaries + fields: repo,commit,author,action + status: ${{ job.status }} + publish_sdk: + runs-on: ubuntu-latest + needs: publish + name: publish_sdk + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Download python SDK + uses: actions/download-artifact@v4 + with: + name: python-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress python SDK + run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C + ${{github.workspace}}/sdk/python + - name: Download dotnet SDK + uses: actions/download-artifact@v4 + with: + name: dotnet-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress dotnet SDK + run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C + ${{github.workspace}}/sdk/dotnet + - name: Download nodejs SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress nodejs SDK + run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C + ${{github.workspace}}/sdk/nodejs + - name: Install Twine + run: python -m pip install pip twine + - name: Publish SDKs + run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + PYPI_PUBLISH_ARTIFACTS: all + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in publishing SDK + fields: repo,commit,author,action + status: ${{ job.status }} + publish_java_sdk: + runs-on: ubuntu-latest + continue-on-error: true + needs: publish + name: publish_java_sdk + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@v3 + with: + gradle-version: "7.6" + - name: Download java SDK + uses: actions/download-artifact@v4 + with: + name: java-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress java SDK + run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C + ${{github.workspace}}/sdk/java + - name: Set PACKAGE_VERSION to Env + run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >> + $GITHUB_ENV + - name: Publish Java SDK + uses: gradle/gradle-build-action@v3 + with: + arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository + build-root-directory: ./sdk/java + gradle-version: 7.4.1 diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml new file mode 100644 index 0000000..698b08d --- /dev/null +++ b/.github/workflows/command-dispatch.yml @@ -0,0 +1,67 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: command-dispatch +on: + issue_comment: + types: + - created + - edited +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: docker-native + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 16.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" + AWS_REGION: us-west-2 + PULUMI_API: https://api.pulumi-staging.io + ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e + ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 + ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 + ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} + AZURE_LOCATION: westus + DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} + GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com + GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci + GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci + GOOGLE_PROJECT: pulumi-ci-gcp-provider + GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_REGION: us-central1 + GOOGLE_ZONE: us-central1-a + DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} +jobs: + command-dispatch-for-testing: + runs-on: ubuntu-latest + name: command-dispatch-for-testing + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - uses: peter-evans/slash-command-dispatch@v2 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + reaction-token: ${{ secrets.GITHUB_TOKEN }} + commands: run-acceptance-tests + permission: write + issue-type: pull-request + repository: pulumi/pulumi-docker-native + if: ${{ github.event.issue.pull_request }} diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml new file mode 100644 index 0000000..36a67fb --- /dev/null +++ b/.github/workflows/prerelease.yml @@ -0,0 +1,533 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: prerelease +on: + push: + tags: + - v*.*.*-** +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: docker-native + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 16.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" + AWS_REGION: us-west-2 + PULUMI_API: https://api.pulumi-staging.io + ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e + ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 + ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 + ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} + AZURE_LOCATION: westus + DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} + GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com + GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci + GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci + GOOGLE_PROJECT: pulumi-ci-gcp-provider + GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_REGION: us-central1 + GOOGLE_ZONE: us-central1-a + DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} + IS_PRERELEASE: true +jobs: + prerequisites: + runs-on: ubuntu-latest + name: prerequisites + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - if: github.event_name == 'pull_request' + name: Install Schema Tools + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/schema-tools + - name: Build codegen binaries + run: make codegen + - name: Build Schema + run: make generate_schema + - if: github.event_name == 'pull_request' + name: Check Schema is Valid + run: >- + echo 'SCHEMA_CHANGES<> $GITHUB_ENV + + schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV + + echo 'EOF' >> $GITHUB_ENV + - if: github.event_name == 'pull_request' + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@v2 + with: + message: | + ${{ env.SCHEMA_CHANGES }} + comment_tag: schemaCheck + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && + github.actor == 'pulumi-bot' + name: Add label if no breaking changes + uses: actions-ecosystem/action-add-labels@v1.1.0 + with: + labels: impact/no-changelog-required + number: ${{ github.event.issue.number }} + github_token: ${{ secrets.GITHUB_TOKEN }} + - name: Build Provider + run: make provider + - name: Check worktree clean + run: ./ci-scripts/ci/check-worktree-is-clean + - run: git status --porcelain + - name: Tar provider binaries + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} + pulumi-gen-${{ env.PROVIDER}} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + - name: Test Provider Library + run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in building provider prerequisites + fields: repo,commit,author,action + status: ${{ job.status }} + build_sdks: + needs: prerequisites + runs-on: pulumi-ubuntu-8core + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: build_sdks + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@v3 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Generate SDK + run: make generate_${{ matrix.language }} + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + run: ./ci-scripts/ci/check-worktree-is-clean + - run: git status --porcelain + - name: Tar SDK folder + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure while building SDKs + fields: repo,commit,author,action + status: ${{ job.status }} + test: + runs-on: pulumi-ubuntu-8core + needs: + - build_sdks + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: test + permissions: + contents: read + id-token: write + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@v3 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Download SDK + uses: actions/download-artifact@v4 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: UnTar SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ + github.workspace}}/sdk/${{ matrix.language}} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + - name: Install Node dependencies + run: yarn global add typescript + - run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 3600 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v0 + with: + workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER + }}/locations/global/workloadIdentityPools/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} + - name: Setup gcloud auth + uses: google-github-actions/setup-gcloud@v2 + with: + install_components: gke-gcloud-auth-plugin + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + version: v2.5.0 + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run tests + run: >- + set -euo pipefail + + cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in SDK tests + fields: repo,commit,author,action + status: ${{ job.status }} + publish: + runs-on: ubuntu-latest + needs: test + name: publish + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-external-id: upload-pulumi-release + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Set PreRelease Version + run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)" + >> $GITHUB_ENV + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v5 + with: + args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout + 60m0s + version: latest + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in publishing binaries + fields: repo,commit,author,action + status: ${{ job.status }} + publish_sdk: + runs-on: ubuntu-latest + needs: publish + name: publish_sdk + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Download python SDK + uses: actions/download-artifact@v4 + with: + name: python-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress python SDK + run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C + ${{github.workspace}}/sdk/python + - name: Download dotnet SDK + uses: actions/download-artifact@v4 + with: + name: dotnet-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress dotnet SDK + run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C + ${{github.workspace}}/sdk/dotnet + - name: Download nodejs SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress nodejs SDK + run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C + ${{github.workspace}}/sdk/nodejs + - name: Install Twine + run: python -m pip install pip twine + - name: Publish SDKs + run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + PYPI_PUBLISH_ARTIFACTS: all + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in publishing SDK + fields: repo,commit,author,action + status: ${{ job.status }} + publish_java_sdk: + runs-on: ubuntu-latest + continue-on-error: true + needs: publish + name: publish_java_sdk + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@v3 + with: + gradle-version: "7.6" + - name: Download java SDK + uses: actions/download-artifact@v4 + with: + name: java-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress java SDK + run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C + ${{github.workspace}}/sdk/java + - name: Set PACKAGE_VERSION to Env + run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >> + $GITHUB_ENV + - name: Publish Java SDK + uses: gradle/gradle-build-action@v3 + with: + arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository + build-root-directory: ./sdk/java + gradle-version: 7.4.1 diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml new file mode 100644 index 0000000..96447dc --- /dev/null +++ b/.github/workflows/pull-request.yml @@ -0,0 +1,64 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: pull-request +on: + pull_request_target: {} +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: docker-native + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 16.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" + AWS_REGION: us-west-2 + PULUMI_API: https://api.pulumi-staging.io + ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e + ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 + ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 + ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} + AZURE_LOCATION: westus + DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} + GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com + GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci + GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci + GOOGLE_PROJECT: pulumi-ci-gcp-provider + GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_REGION: us-central1 + GOOGLE_ZONE: us-central1-a + DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} +jobs: + comment-on-pr: + runs-on: ubuntu-latest + name: comment-on-pr + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Comment PR + uses: thollander/actions-comment-pull-request@v2 + with: + message: > + PR is now waiting for a maintainer to run the acceptance tests. + + **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + if: github.event.pull_request.head.repo.full_name != github.repository diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..158466b --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,562 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: release +on: + push: + tags: + - v*.*.* + - "!v*.*.*-**" +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: docker-native + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 16.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" + AWS_REGION: us-west-2 + PULUMI_API: https://api.pulumi-staging.io + ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e + ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 + ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 + ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} + AZURE_LOCATION: westus + DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} + GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com + GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci + GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci + GOOGLE_PROJECT: pulumi-ci-gcp-provider + GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_REGION: us-central1 + GOOGLE_ZONE: us-central1-a + DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} +jobs: + prerequisites: + runs-on: ubuntu-latest + name: prerequisites + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - if: github.event_name == 'pull_request' + name: Install Schema Tools + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/schema-tools + - name: Build codegen binaries + run: make codegen + - name: Build Schema + run: make generate_schema + - if: github.event_name == 'pull_request' + name: Check Schema is Valid + run: >- + echo 'SCHEMA_CHANGES<> $GITHUB_ENV + + schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV + + echo 'EOF' >> $GITHUB_ENV + - if: github.event_name == 'pull_request' + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@v2 + with: + message: | + ${{ env.SCHEMA_CHANGES }} + comment_tag: schemaCheck + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && + github.actor == 'pulumi-bot' + name: Add label if no breaking changes + uses: actions-ecosystem/action-add-labels@v1.1.0 + with: + labels: impact/no-changelog-required + number: ${{ github.event.issue.number }} + github_token: ${{ secrets.GITHUB_TOKEN }} + - name: Build Provider + run: make provider + - name: Check worktree clean + run: ./ci-scripts/ci/check-worktree-is-clean + - run: git status --porcelain + - name: Tar provider binaries + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} + pulumi-gen-${{ env.PROVIDER}} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + - name: Test Provider Library + run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in building provider prerequisites + fields: repo,commit,author,action + status: ${{ job.status }} + build_sdks: + needs: prerequisites + runs-on: pulumi-ubuntu-8core + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: build_sdks + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@v3 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Generate SDK + run: make generate_${{ matrix.language }} + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + run: ./ci-scripts/ci/check-worktree-is-clean + - run: git status --porcelain + - name: Tar SDK folder + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure while building SDKs + fields: repo,commit,author,action + status: ${{ job.status }} + test: + runs-on: pulumi-ubuntu-8core + needs: + - build_sdks + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: test + permissions: + contents: read + id-token: write + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@v3 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Download SDK + uses: actions/download-artifact@v4 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: UnTar SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ + github.workspace}}/sdk/${{ matrix.language}} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + - name: Install Node dependencies + run: yarn global add typescript + - run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 3600 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v0 + with: + workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER + }}/locations/global/workloadIdentityPools/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} + - name: Setup gcloud auth + uses: google-github-actions/setup-gcloud@v2 + with: + install_components: gke-gcloud-auth-plugin + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + version: v2.5.0 + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run tests + run: >- + set -euo pipefail + + cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in SDK tests + fields: repo,commit,author,action + status: ${{ job.status }} + publish: + runs-on: ubuntu-latest + needs: test + name: publish + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: us-east-2 + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 7200 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-external-id: upload-pulumi-release + role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} + - name: Set PreRelease Version + run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)" + >> $GITHUB_ENV + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v5 + with: + args: -p 3 release --rm-dist --timeout 60m0s + version: latest + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in publishing binaries + fields: repo,commit,author,action + status: ${{ job.status }} + publish_sdk: + runs-on: ubuntu-latest + needs: publish + name: publish_sdks + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Download python SDK + uses: actions/download-artifact@v4 + with: + name: python-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress python SDK + run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C + ${{github.workspace}}/sdk/python + - name: Download dotnet SDK + uses: actions/download-artifact@v4 + with: + name: dotnet-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress dotnet SDK + run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C + ${{github.workspace}}/sdk/dotnet + - name: Download nodejs SDK + uses: actions/download-artifact@v4 + with: + name: nodejs-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress nodejs SDK + run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C + ${{github.workspace}}/sdk/nodejs + - name: Install Twine + run: python -m pip install pip twine + - name: Publish SDKs + run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + PYPI_PUBLISH_ARTIFACTS: all + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in publishing SDK + fields: repo,commit,author,action + status: ${{ job.status }} + publish_java_sdk: + runs-on: ubuntu-latest + continue-on-error: true + needs: publish + name: publish_java_sdk + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@v3 + with: + gradle-version: "7.6" + - name: Download java SDK + uses: actions/download-artifact@v4 + with: + name: java-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: Uncompress java SDK + run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C + ${{github.workspace}}/sdk/java + - name: Set PACKAGE_VERSION to Env + run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >> + $GITHUB_ENV + - name: Publish Java SDK + uses: gradle/gradle-build-action@v3 + with: + arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository + build-root-directory: ./sdk/java + gradle-version: 7.4.1 + tag_sdk: + runs-on: ubuntu-latest + needs: publish_sdk + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Add SDK version tag + run: git tag sdk/v$(pulumictl get version --language generic) && git push origin + sdk/v$(pulumictl get version --language generic) + name: tag_sdk + dispatch_docs_build: + runs-on: ubuntu-latest + needs: tag_sdk + steps: + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Dispatch Event + run: pulumictl create docs-build pulumi-${{ env.PROVIDER }} + ${GITHUB_REF#refs/tags/} + env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + name: dispatch_docs_build diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml new file mode 100644 index 0000000..213071c --- /dev/null +++ b/.github/workflows/run-acceptance-tests.yml @@ -0,0 +1,400 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: run-acceptance-tests +on: + repository_dispatch: + types: + - run-acceptance-tests-command + pull_request: + branches: + - master + - main + paths-ignore: + - CHANGELOG.md + workflow_dispatch: {} +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: docker-native + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 16.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" + AWS_REGION: us-west-2 + PULUMI_API: https://api.pulumi-staging.io + ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e + ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 + ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 + ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} + AZURE_LOCATION: westus + DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} + GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com + GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci + GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci + GOOGLE_PROJECT: pulumi-ci-gcp-provider + GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_REGION: us-central1 + GOOGLE_ZONE: us-central1-a + DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} + PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} +jobs: + comment-notification: + runs-on: ubuntu-latest + name: comment-notification + steps: + - name: Create URL to the run output + id: vars + run: echo + run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID + >> "$GITHUB_OUTPUT" + - name: Update with Result + uses: peter-evans/create-or-update-comment@v1 + with: + token: ${{ secrets.PULUMI_BOT_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}" + if: github.event_name == 'repository_dispatch' + prerequisites: + runs-on: ubuntu-latest + name: prerequisites + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + ref: ${{ env.PR_COMMIT_SHA }} + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - if: github.event_name == 'pull_request' + name: Install Schema Tools + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/schema-tools + - name: Build codegen binaries + run: make codegen + - name: Build Schema + run: make generate_schema + - if: github.event_name == 'pull_request' + name: Check Schema is Valid + run: >- + echo 'SCHEMA_CHANGES<> $GITHUB_ENV + + schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV + + echo 'EOF' >> $GITHUB_ENV + - if: github.event_name == 'pull_request' + name: Comment on PR with Details of Schema Check + uses: thollander/actions-comment-pull-request@v2 + with: + message: | + ${{ env.SCHEMA_CHANGES }} + comment_tag: schemaCheck + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && + github.actor == 'pulumi-bot' + name: Add label if no breaking changes + uses: actions-ecosystem/action-add-labels@v1.1.0 + with: + labels: impact/no-changelog-required + number: ${{ github.event.issue.number }} + github_token: ${{ secrets.GITHUB_TOKEN }} + - name: Build Provider + run: make provider + - name: Check worktree clean + run: ./ci-scripts/ci/check-worktree-is-clean + - run: git status --porcelain + - name: Tar provider binaries + run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} + pulumi-gen-${{ env.PROVIDER}} + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin/provider.tar.gz + - name: Test Provider Library + run: make test_provider + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in building provider prerequisites + fields: repo,commit,author,action + status: ${{ job.status }} + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + build_sdks: + needs: prerequisites + runs-on: pulumi-ubuntu-8core + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: build_sdks + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + ref: ${{ env.PR_COMMIT_SHA }} + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@v3 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Generate SDK + run: make generate_${{ matrix.language }} + - name: Build SDK + run: make build_${{ matrix.language }} + - name: Check worktree clean + run: ./ci-scripts/ci/check-worktree-is-clean + - run: git status --porcelain + - name: Tar SDK folder + run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz + retention-days: 30 + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure while building SDKs + fields: repo,commit,author,action + status: ${{ job.status }} + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + test: + runs-on: pulumi-ubuntu-8core + needs: + - build_sdks + strategy: + fail-fast: true + matrix: + language: + - nodejs + - python + - dotnet + - go + - java + name: test + permissions: + contents: read + id-token: write + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + ref: ${{ env.PR_COMMIT_SHA }} + - name: Checkout Scripts Repo + uses: actions/checkout@v4 + with: + path: ci-scripts + repository: pulumi/scripts + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: ${{ env.JAVAVERSION }} + distribution: temurin + cache: gradle + - name: Setup Gradle + uses: gradle/gradle-build-action@v3 + with: + gradle-version: "7.6" + - name: Download provider + tfgen binaries + uses: actions/download-artifact@v4 + with: + name: pulumi-${{ env.PROVIDER }}-provider.tar.gz + path: ${{ github.workspace }}/bin + - name: UnTar provider binaries + run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ + github.workspace}}/bin + - name: Restore Binary Permissions + run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print + -exec chmod +x {} \; + - name: Download SDK + uses: actions/download-artifact@v4 + with: + name: ${{ matrix.language }}-sdk.tar.gz + path: ${{ github.workspace}}/sdk/ + - name: UnTar SDK folder + run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ + github.workspace}}/sdk/${{ matrix.language}} + - name: Update path + run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + - name: Install Node dependencies + run: yarn global add typescript + - run: dotnet nuget add source ${{ github.workspace }}/nuget + - name: Install Python deps + run: |- + pip3 install virtualenv==20.0.23 + pip3 install pipenv + - name: Install dependencies + run: make install_${{ matrix.language}}_sdk + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-region: ${{ env.AWS_REGION }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-duration-seconds: 3600 + role-session-name: ${{ env.PROVIDER }}@githubActions + role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v0 + with: + workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER + }}/locations/global/workloadIdentityPools/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ + env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} + - name: Setup gcloud auth + uses: google-github-actions/setup-gcloud@v2 + with: + install_components: gke-gcloud-auth-plugin + - name: Install gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + with: + version: v2.5.0 + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run tests + run: >- + set -euo pipefail + + cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt + - if: failure() && github.event_name == 'push' + name: Notify Slack + uses: 8398a7/action-slack@v3 + with: + author_name: Failure in SDK tests + fields: repo,commit,author,action + status: ${{ job.status }} + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + sentinel: + runs-on: ubuntu-latest + name: sentinel + steps: + - name: Is workflow a success + run: echo yes + if: github.event_name == 'repository_dispatch' || + github.event.pull_request.head.repo.full_name == github.repository + needs: + - test + - lint diff --git a/.github/workflows/weekly-pulumi-update.yml b/.github/workflows/weekly-pulumi-update.yml new file mode 100644 index 0000000..e1281d3 --- /dev/null +++ b/.github/workflows/weekly-pulumi-update.yml @@ -0,0 +1,137 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +name: weekly-pulumi-update +on: + schedule: + - cron: 35 12 * * 4 + workflow_dispatch: {} +env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + PROVIDER: docker-native + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} + PYPI_USERNAME: __token__ + PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} + TRAVIS_OS_NAME: linux + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. + PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} + PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} + GOVERSION: 1.21.x + NODEVERSION: 16.x + PYTHONVERSION: "3.11" + DOTNETVERSION: | + 6.0.x + 3.1.301 + JAVAVERSION: "11" + AWS_REGION: us-west-2 + PULUMI_API: https://api.pulumi-staging.io + ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e + ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 + ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 + ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} + AZURE_LOCATION: westus + DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} + GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com + GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci + GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci + GOOGLE_PROJECT: pulumi-ci-gcp-provider + GOOGLE_PROJECT_NUMBER: 895284651812 + GOOGLE_REGION: us-central1 + GOOGLE_ZONE: us-central1-a + DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} +jobs: + weekly-pulumi-update: + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + lfs: true + - name: Unshallow clone for tags + run: git fetch --prune --unshallow --tags + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOVERSION }} + - name: Install pulumictl + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: pulumi/pulumictl + - name: Install Pulumi CLI + uses: pulumi/actions@v5 + - name: Setup DotNet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNETVERSION }} + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODEVERSION }} + registry-url: https://registry.npmjs.org + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHONVERSION }} + - name: Update Pulumi/Pulumi + id: gomod + run: >- + git config --local user.email 'bot@pulumi.com' + + git config --local user.name 'pulumi-bot' + + git checkout -b update-pulumi/${{ github.run_id }}-${{ github.run_number }} + + for MODFILE in $(find . -name go.mod); do pushd $(dirname $MODFILE); go get github.com/pulumi/pulumi/pkg/v3 github.com/pulumi/pulumi/sdk/v3; go mod tidy; popd; done + + git update-index -q --refresh + + if ! git diff-files --quiet; then echo changes=1 >> "$GITHUB_OUTPUT"; fi + - name: Provider with Pulumi Upgrade + if: steps.gomod.outputs.changes != 0 + run: >- + make codegen && make local_generate + + git add sdk/nodejs + + git commit -m "Regenerating Node.js SDK based on updated modules" || echo "ignore commit failure, may be empty" + + git add sdk/python + + git commit -m "Regenerating Python SDK based on updated modules" || echo "ignore commit failure, may be empty" + + git add sdk/dotnet + + git commit -m "Regenerating .NET SDK based on updated modules" || echo "ignore commit failure, may be empty" + + git add sdk/go* + + git commit -m "Regenerating Go SDK based on updated modules" || echo "ignore commit failure, may be empty" + + git add sdk/java* + + git commit -m "Regenerating Java SDK based on updated modules" || echo "ignore commit failure, may be empty" + + git add . + + git commit -m "Updated modules" || echo "ignore commit failure, may be empty" + + git push origin update-pulumi/${{ github.run_id }}-${{ github.run_number }} + - name: Create PR + id: create-pr + if: steps.gomod.outputs.changes != 0 + uses: repo-sync/pull-request@v2.6.2 + with: + source_branch: update-pulumi/${{ github.run_id }}-${{ github.run_number }} + destination_branch: master + pr_title: Automated Pulumi/Pulumi upgrade + github_token: ${{ secrets.PULUMI_BOT_TOKEN }} + env: + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + name: weekly-pulumi-update diff --git a/.goreleaser.prerelease.yml b/.goreleaser.prerelease.yml new file mode 100644 index 0000000..b5ebbd8 --- /dev/null +++ b/.goreleaser.prerelease.yml @@ -0,0 +1,37 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +project_name: pulumi-docker-native +builds: +- dir: provider + env: + - CGO_ENABLED=0 + - GO111MODULE=on + goos: + - darwin + - windows + - linux + goarch: + - amd64 + - arm64 + ignore: [] + main: ./cmd/pulumi-resource-docker-native/ + ldflags: + - -X + github.com/pulumi/pulumi-docker-native/provider/pkg/version.Version={{.Tag}} + binary: pulumi-resource-docker-native +archives: +- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}" + id: archive +snapshot: + name_template: "{{ .Tag }}-SNAPSHOT" +changelog: + skip: true +release: + disable: true +blobs: +- provider: s3 + region: us-west-2 + bucket: get.pulumi.com + folder: releases/plugins/ + ids: + - archive diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000..d41c8c8 --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,37 @@ +# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt + +project_name: pulumi-docker-native +builds: +- dir: provider + env: + - CGO_ENABLED=0 + - GO111MODULE=on + goos: + - darwin + - windows + - linux + goarch: + - amd64 + - arm64 + ignore: [] + main: ./cmd/pulumi-resource-docker-native/ + ldflags: + - -X + github.com/pulumi/pulumi-docker-native/provider/pkg/version.Version={{.Tag}} + binary: pulumi-resource-docker-native +archives: +- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}" + id: archive +snapshot: + name_template: "{{ .Tag }}-SNAPSHOT" +changelog: + skip: true +release: + disable: false +blobs: +- provider: s3 + region: us-west-2 + bucket: get.pulumi.com + folder: releases/plugins/ + ids: + - archive