Don't tidy

This PR was automatically generated by the
update-native-provider-workflows workflow in the pulumi/ci-mgmt repo,
from commit 0f215352010902e51d20ed66185ecb6f5a403245.

.gitattributes

@@ -0,0 +1,2 @@
+sdk/**/* linguist-generated=true
+provider/internal/mock*.go linguist-generated=true

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: daily
+    groups:
+      pulumi:
+        patterns:
+          - "github.com/pulumi/*"
+    labels:
+      - dependencies
+      - impact/no-changelog-required

.github/workflows/build.yml

@@ -0,0 +1,580 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: build
+on:
+  push:
+    branches:
+    - master
+    - main
+    - feature-**
+    paths-ignore:
+    - CHANGELOG.md
+    tags-ignore:
+    - v*
+    - sdk/*
+    - "**"
+  workflow_dispatch: {}
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+jobs:
+  prerequisites:
+    runs-on: ubuntu-latest
+    name: prerequisites
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - if: github.event_name == 'pull_request'
+      name: Install Schema Tools
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/schema-tools
+    - name: Build codegen binaries
+      run: make codegen
+    - name: Build Schema
+      run: make generate_schema
+    - if: github.event_name == 'pull_request'
+      name: Check Schema is Valid
+      run: >-
+        echo 'SCHEMA_CHANGES<<EOF' >> $GITHUB_ENV
+
+        schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV
+
+        echo 'EOF' >> $GITHUB_ENV
+      env:
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+    - if: github.event_name == 'pull_request'
+      name: Comment on PR with Details of Schema Check
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        message: |
+          ${{ env.SCHEMA_CHANGES }}
+        comment_tag: schemaCheck
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
+        github.actor == 'pulumi-bot'
+      name: Add label if no breaking changes
+      uses: actions-ecosystem/action-add-labels@v1.1.0
+      with:
+        labels: impact/no-changelog-required
+        number: ${{ github.event.issue.number }}
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Build Provider
+      run: make provider
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar provider binaries
+      run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
+        pulumi-gen-${{ env.PROVIDER}}
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin/provider.tar.gz
+    - name: Test Provider Library
+      run: make test_provider
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@v4
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in building provider prerequisites
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  build_sdks:
+    needs: prerequisites
+    runs-on: pulumi-ubuntu-8core
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: build_sdks
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Generate SDK
+      run: make generate_${{ matrix.language }}
+    - name: Build SDK
+      run: make build_${{ matrix.language }}
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar SDK folder
+      run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ matrix.language  }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
+        retention-days: 30
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure while building SDKs
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  test:
+    runs-on: pulumi-ubuntu-8core
+    needs:
+    - build_sdks
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: test
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Download SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ matrix.language }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: UnTar SDK folder
+      run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{
+        github.workspace}}/sdk/${{ matrix.language}}
+    - name: Update path
+      run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+    - name: Install Node dependencies
+      run: yarn global add typescript
+    - run: dotnet nuget add source ${{ github.workspace }}/nuget
+    - name: Install Python deps
+      run: |-
+        pip3 install virtualenv==20.0.23
+        pip3 install pipenv
+    - name: Install dependencies
+      run: make install_${{ matrix.language}}_sdk
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: ${{ env.AWS_REGION }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 3600
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@v0
+      with:
+        workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
+          }}/locations/global/workloadIdentityPools/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
+        service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
+    - name: Setup gcloud auth
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        install_components: gke-gcloud-auth-plugin
+    - name: Install gotestfmt
+      uses: GoTestTools/gotestfmt-action@v2
+      with:
+        version: v2.5.0
+        token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Run tests
+      run: >-
+        set -euo pipefail
+
+        cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in SDK tests
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish:
+    runs-on: ubuntu-latest
+    needs: test
+    name: publish
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Clear GitHub Actions Ubuntu runner disk space
+      uses: jlumbroso/free-disk-space@v1.3.1
+      with:
+        tool-cache: false
+        dotnet: false
+        android: true
+        haskell: true
+        swap-storage: true
+        large-packages: false
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: us-east-2
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 7200
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-external-id: upload-pulumi-release
+        role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
+    - name: Set PreRelease Version
+      run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)"
+        >> $GITHUB_ENV
+    - name: Run GoReleaser
+      uses: goreleaser/goreleaser-action@v5
+      with:
+        args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
+        version: latest
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in publishing binaries
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish_sdk:
+    runs-on: ubuntu-latest
+    needs: publish
+    name: publish_sdk
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Download python SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: python-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress python SDK
+      run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
+        ${{github.workspace}}/sdk/python
+    - name: Download dotnet SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: dotnet-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress dotnet SDK
+      run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
+        ${{github.workspace}}/sdk/dotnet
+    - name: Download nodejs SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: nodejs-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress nodejs SDK
+      run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C
+        ${{github.workspace}}/sdk/nodejs
+    - name: Install Twine
+      run: python -m pip install pip twine
+    - name: Publish SDKs
+      run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
+      env:
+        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        PYPI_PUBLISH_ARTIFACTS: all
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in publishing SDK
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish_java_sdk:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    needs: publish
+    name: publish_java_sdk
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download java SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: java-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress java SDK
+      run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
+        ${{github.workspace}}/sdk/java
+    - name: Set PACKAGE_VERSION to Env
+      run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >>
+        $GITHUB_ENV
+    - name: Publish Java SDK
+      uses: gradle/gradle-build-action@v3
+      with:
+        arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository
+        build-root-directory: ./sdk/java
+        gradle-version: 7.4.1
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+        ref: ${{ env.PR_COMMIT_SHA }}
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: golangci-lint provider pkg
+      uses: golangci/golangci-lint-action@v4
+      with:
+        version: ${{ env.GOLANGCI_LINT_VERSION }}
+        args: -c ../.golangci.yml
+        working-directory: provider
+    name: lint
+    if: github.event_name == 'repository_dispatch' ||
+      github.event.pull_request.head.repo.full_name == github.repository

.github/workflows/command-dispatch.yml

@@ -0,0 +1,67 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: command-dispatch
+on:
+  issue_comment:
+    types:
+    - created
+    - edited
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+jobs:
+  command-dispatch-for-testing:
+    runs-on: ubuntu-latest
+    name: command-dispatch-for-testing
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - uses: peter-evans/slash-command-dispatch@v2
+      with:
+        token: ${{ secrets.PULUMI_BOT_TOKEN }}
+        reaction-token: ${{ secrets.GITHUB_TOKEN }}
+        commands: run-acceptance-tests
+        permission: write
+        issue-type: pull-request
+        repository: pulumi/pulumi-docker-build
+    if: ${{ github.event.issue.pull_request }}

.github/workflows/makefile.yaml

@@ -1,51 +0,0 @@
-name: Makefile
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
-  pull_request:
-    branches:
-      - main
-  schedule:
-    - cron: "0 0 * * *"
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: read
-      actions: read
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        id: git
-        with:
-          submodules: "recursive"
-
-      - name: Build
-        id: build
-        run: |
-          make build
-
-      - name: Install
-        id: install
-        run: |
-          set -ex
-          make install
-
-      - name: PulumiUp
-        id: up
-        run: make up
-
-      - name: PulumiDown
-        id: down
-        run: make down
-
-      - name: Generate multi-language examples from yaml IaC program
-        id: examples
-        run: |
-          set -ex
-          make gen_examples

.github/workflows/prerelease.yml

@@ -0,0 +1,549 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: prerelease
+on:
+  push:
+    tags:
+    - v*.*.*-**
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+  IS_PRERELEASE: true
+jobs:
+  prerequisites:
+    runs-on: ubuntu-latest
+    name: prerequisites
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - if: github.event_name == 'pull_request'
+      name: Install Schema Tools
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/schema-tools
+    - name: Build codegen binaries
+      run: make codegen
+    - name: Build Schema
+      run: make generate_schema
+    - if: github.event_name == 'pull_request'
+      name: Check Schema is Valid
+      run: >-
+        echo 'SCHEMA_CHANGES<<EOF' >> $GITHUB_ENV
+
+        schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV
+
+        echo 'EOF' >> $GITHUB_ENV
+      env:
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+    - if: github.event_name == 'pull_request'
+      name: Comment on PR with Details of Schema Check
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        message: |
+          ${{ env.SCHEMA_CHANGES }}
+        comment_tag: schemaCheck
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
+        github.actor == 'pulumi-bot'
+      name: Add label if no breaking changes
+      uses: actions-ecosystem/action-add-labels@v1.1.0
+      with:
+        labels: impact/no-changelog-required
+        number: ${{ github.event.issue.number }}
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Build Provider
+      run: make provider
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar provider binaries
+      run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
+        pulumi-gen-${{ env.PROVIDER}}
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin/provider.tar.gz
+    - name: Test Provider Library
+      run: make test_provider
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@v4
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in building provider prerequisites
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  build_sdks:
+    needs: prerequisites
+    runs-on: pulumi-ubuntu-8core
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: build_sdks
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Generate SDK
+      run: make generate_${{ matrix.language }}
+    - name: Build SDK
+      run: make build_${{ matrix.language }}
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar SDK folder
+      run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ matrix.language  }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure while building SDKs
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  test:
+    runs-on: pulumi-ubuntu-8core
+    needs:
+    - build_sdks
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: test
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Download SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ matrix.language }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: UnTar SDK folder
+      run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{
+        github.workspace}}/sdk/${{ matrix.language}}
+    - name: Update path
+      run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+    - name: Install Node dependencies
+      run: yarn global add typescript
+    - run: dotnet nuget add source ${{ github.workspace }}/nuget
+    - name: Install Python deps
+      run: |-
+        pip3 install virtualenv==20.0.23
+        pip3 install pipenv
+    - name: Install dependencies
+      run: make install_${{ matrix.language}}_sdk
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: ${{ env.AWS_REGION }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 3600
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@v0
+      with:
+        workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
+          }}/locations/global/workloadIdentityPools/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
+        service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
+    - name: Setup gcloud auth
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        install_components: gke-gcloud-auth-plugin
+    - name: Install gotestfmt
+      uses: GoTestTools/gotestfmt-action@v2
+      with:
+        version: v2.5.0
+        token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Run tests
+      run: >-
+        set -euo pipefail
+
+        cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in SDK tests
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish:
+    runs-on: ubuntu-latest
+    needs: test
+    name: publish
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Clear GitHub Actions Ubuntu runner disk space
+      uses: jlumbroso/free-disk-space@v1.3.1
+      with:
+        tool-cache: false
+        dotnet: false
+        android: true
+        haskell: true
+        swap-storage: true
+        large-packages: false
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: us-east-2
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 7200
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-external-id: upload-pulumi-release
+        role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
+    - name: Set PreRelease Version
+      run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)"
+        >> $GITHUB_ENV
+    - name: Run GoReleaser
+      uses: goreleaser/goreleaser-action@v5
+      with:
+        args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
+        version: latest
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in publishing binaries
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish_sdk:
+    runs-on: ubuntu-latest
+    needs: publish
+    name: publish_sdk
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Download python SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: python-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress python SDK
+      run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
+        ${{github.workspace}}/sdk/python
+    - name: Download dotnet SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: dotnet-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress dotnet SDK
+      run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
+        ${{github.workspace}}/sdk/dotnet
+    - name: Download nodejs SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: nodejs-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress nodejs SDK
+      run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C
+        ${{github.workspace}}/sdk/nodejs
+    - name: Install Twine
+      run: python -m pip install pip twine
+    - name: Publish SDKs
+      run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
+      env:
+        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        PYPI_PUBLISH_ARTIFACTS: all
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in publishing SDK
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish_java_sdk:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    needs: publish
+    name: publish_java_sdk
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download java SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: java-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress java SDK
+      run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
+        ${{github.workspace}}/sdk/java
+    - name: Set PACKAGE_VERSION to Env
+      run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >>
+        $GITHUB_ENV
+    - name: Publish Java SDK
+      uses: gradle/gradle-build-action@v3
+      with:
+        arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository
+        build-root-directory: ./sdk/java
+        gradle-version: 7.4.1

.github/workflows/pull-request.yml

@@ -0,0 +1,64 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: pull-request
+on:
+  pull_request_target: {}
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+jobs:
+  comment-on-pr:
+    runs-on: ubuntu-latest
+    name: comment-on-pr
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Comment PR
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        message: >
+          PR is now waiting for a maintainer to run the acceptance tests.
+
+          **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    if: github.event.pull_request.head.repo.full_name != github.repository

.github/workflows/release.yml

@@ -0,0 +1,579 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: release
+on:
+  push:
+    tags:
+    - v*.*.*
+    - "!v*.*.*-**"
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+jobs:
+  prerequisites:
+    runs-on: ubuntu-latest
+    name: prerequisites
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - if: github.event_name == 'pull_request'
+      name: Install Schema Tools
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/schema-tools
+    - name: Build codegen binaries
+      run: make codegen
+    - name: Build Schema
+      run: make generate_schema
+    - if: github.event_name == 'pull_request'
+      name: Check Schema is Valid
+      run: >-
+        echo 'SCHEMA_CHANGES<<EOF' >> $GITHUB_ENV
+
+        schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV
+
+        echo 'EOF' >> $GITHUB_ENV
+      env:
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+    - if: github.event_name == 'pull_request'
+      name: Comment on PR with Details of Schema Check
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        message: |
+          ${{ env.SCHEMA_CHANGES }}
+        comment_tag: schemaCheck
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
+        github.actor == 'pulumi-bot'
+      name: Add label if no breaking changes
+      uses: actions-ecosystem/action-add-labels@v1.1.0
+      with:
+        labels: impact/no-changelog-required
+        number: ${{ github.event.issue.number }}
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Build Provider
+      run: make provider
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar provider binaries
+      run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
+        pulumi-gen-${{ env.PROVIDER}}
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin/provider.tar.gz
+    - name: Test Provider Library
+      run: make test_provider
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@v4
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in building provider prerequisites
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  build_sdks:
+    needs: prerequisites
+    runs-on: pulumi-ubuntu-8core
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: build_sdks
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Generate SDK
+      run: make generate_${{ matrix.language }}
+    - name: Build SDK
+      run: make build_${{ matrix.language }}
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar SDK folder
+      run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ matrix.language  }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure while building SDKs
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  test:
+    runs-on: pulumi-ubuntu-8core
+    needs:
+    - build_sdks
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: test
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Download SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ matrix.language }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: UnTar SDK folder
+      run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{
+        github.workspace}}/sdk/${{ matrix.language}}
+    - name: Update path
+      run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+    - name: Install Node dependencies
+      run: yarn global add typescript
+    - run: dotnet nuget add source ${{ github.workspace }}/nuget
+    - name: Install Python deps
+      run: |-
+        pip3 install virtualenv==20.0.23
+        pip3 install pipenv
+    - name: Install dependencies
+      run: make install_${{ matrix.language}}_sdk
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: ${{ env.AWS_REGION }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 3600
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@v0
+      with:
+        workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
+          }}/locations/global/workloadIdentityPools/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
+        service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
+    - name: Setup gcloud auth
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        install_components: gke-gcloud-auth-plugin
+    - name: Install gotestfmt
+      uses: GoTestTools/gotestfmt-action@v2
+      with:
+        version: v2.5.0
+        token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Run tests
+      run: >-
+        set -euo pipefail
+
+        cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in SDK tests
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish:
+    runs-on: ubuntu-latest
+    needs: test
+    name: publish
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Clear GitHub Actions Ubuntu runner disk space
+      uses: jlumbroso/free-disk-space@v1.3.1
+      with:
+        tool-cache: false
+        dotnet: false
+        android: true
+        haskell: true
+        swap-storage: true
+        large-packages: false
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: us-east-2
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 7200
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-external-id: upload-pulumi-release
+        role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
+    - name: Set PreRelease Version
+      run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)"
+        >> $GITHUB_ENV
+    - name: Run GoReleaser
+      uses: goreleaser/goreleaser-action@v5
+      with:
+        args: -p 3 release --clean --timeout 60m0s
+        version: latest
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in publishing binaries
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish_sdk:
+    runs-on: ubuntu-latest
+    needs: publish
+    name: publish_sdks
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Download python SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: python-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress python SDK
+      run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
+        ${{github.workspace}}/sdk/python
+    - name: Download dotnet SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: dotnet-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress dotnet SDK
+      run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
+        ${{github.workspace}}/sdk/dotnet
+    - name: Download nodejs SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: nodejs-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress nodejs SDK
+      run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C
+        ${{github.workspace}}/sdk/nodejs
+    - name: Install Twine
+      run: python -m pip install pip twine
+    - name: Publish SDKs
+      run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
+      env:
+        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        PYPI_PUBLISH_ARTIFACTS: all
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in publishing SDK
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish_java_sdk:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    needs: publish
+    name: publish_java_sdk
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download java SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: java-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress java SDK
+      run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
+        ${{github.workspace}}/sdk/java
+    - name: Set PACKAGE_VERSION to Env
+      run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >>
+        $GITHUB_ENV
+    - name: Publish Java SDK
+      uses: gradle/gradle-build-action@v3
+      with:
+        arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository
+        build-root-directory: ./sdk/java
+        gradle-version: 7.4.1
+  tag_sdk:
+    runs-on: ubuntu-latest
+    needs: publish_sdk
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Add SDK version tag
+      run: git tag sdk/v$(pulumictl get version --language generic) && git push origin
+        sdk/v$(pulumictl get version --language generic)
+    name: tag_sdk
+  dispatch_docs_build:
+    runs-on: ubuntu-latest
+    needs: tag_sdk
+    steps:
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Dispatch Event
+      run: pulumictl create docs-build pulumi-${{ env.PROVIDER }}
+        ${GITHUB_REF#refs/tags/}
+      env:
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+    name: dispatch_docs_build

.github/workflows/run-acceptance-tests.yml

@@ -0,0 +1,427 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: run-acceptance-tests
+on:
+  repository_dispatch:
+    types:
+    - run-acceptance-tests-command
+  pull_request:
+    branches:
+    - master
+    - main
+    paths-ignore:
+    - CHANGELOG.md
+  workflow_dispatch: {}
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+  PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
+jobs:
+  comment-notification:
+    runs-on: ubuntu-latest
+    name: comment-notification
+    steps:
+    - name: Create URL to the run output
+      id: vars
+      run: echo
+        run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
+        >> "$GITHUB_OUTPUT"
+    - name: Update with Result
+      uses: peter-evans/create-or-update-comment@v1
+      with:
+        token: ${{ secrets.PULUMI_BOT_TOKEN }}
+        repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
+        issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
+        body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}"
+    if: github.event_name == 'repository_dispatch'
+  prerequisites:
+    runs-on: ubuntu-latest
+    name: prerequisites
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+        ref: ${{ env.PR_COMMIT_SHA }}
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - if: github.event_name == 'pull_request'
+      name: Install Schema Tools
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/schema-tools
+    - name: Build codegen binaries
+      run: make codegen
+    - name: Build Schema
+      run: make generate_schema
+    - if: github.event_name == 'pull_request'
+      name: Check Schema is Valid
+      run: >-
+        echo 'SCHEMA_CHANGES<<EOF' >> $GITHUB_ENV
+
+        schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV
+
+        echo 'EOF' >> $GITHUB_ENV
+      env:
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+    - if: github.event_name == 'pull_request'
+      name: Comment on PR with Details of Schema Check
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        message: |
+          ${{ env.SCHEMA_CHANGES }}
+        comment_tag: schemaCheck
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
+        github.actor == 'pulumi-bot'
+      name: Add label if no breaking changes
+      uses: actions-ecosystem/action-add-labels@v1.1.0
+      with:
+        labels: impact/no-changelog-required
+        number: ${{ github.event.issue.number }}
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Build Provider
+      run: make provider
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar provider binaries
+      run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
+        pulumi-gen-${{ env.PROVIDER}}
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin/provider.tar.gz
+    - name: Test Provider Library
+      run: make test_provider
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@v4
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in building provider prerequisites
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+    if: github.event_name == 'repository_dispatch' ||
+      github.event.pull_request.head.repo.full_name == github.repository
+  build_sdks:
+    needs: prerequisites
+    runs-on: pulumi-ubuntu-8core
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: build_sdks
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+        ref: ${{ env.PR_COMMIT_SHA }}
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Generate SDK
+      run: make generate_${{ matrix.language }}
+    - name: Build SDK
+      run: make build_${{ matrix.language }}
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar SDK folder
+      run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ matrix.language  }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
+        retention-days: 30
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure while building SDKs
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+    if: github.event_name == 'repository_dispatch' ||
+      github.event.pull_request.head.repo.full_name == github.repository
+  test:
+    runs-on: pulumi-ubuntu-8core
+    needs:
+    - build_sdks
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: test
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+        ref: ${{ env.PR_COMMIT_SHA }}
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Download SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ matrix.language }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: UnTar SDK folder
+      run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{
+        github.workspace}}/sdk/${{ matrix.language}}
+    - name: Update path
+      run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+    - name: Install Node dependencies
+      run: yarn global add typescript
+    - run: dotnet nuget add source ${{ github.workspace }}/nuget
+    - name: Install Python deps
+      run: |-
+        pip3 install virtualenv==20.0.23
+        pip3 install pipenv
+    - name: Install dependencies
+      run: make install_${{ matrix.language}}_sdk
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: ${{ env.AWS_REGION }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 3600
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@v0
+      with:
+        workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
+          }}/locations/global/workloadIdentityPools/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
+        service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
+    - name: Setup gcloud auth
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        install_components: gke-gcloud-auth-plugin
+    - name: Install gotestfmt
+      uses: GoTestTools/gotestfmt-action@v2
+      with:
+        version: v2.5.0
+        token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Run tests
+      run: >-
+        set -euo pipefail
+
+        cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in SDK tests
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+    if: github.event_name == 'repository_dispatch' ||
+      github.event.pull_request.head.repo.full_name == github.repository
+  sentinel:
+    runs-on: ubuntu-latest
+    name: sentinel
+    steps:
+    - name: Is workflow a success
+      run: echo yes
+    if: github.event_name == 'repository_dispatch' ||
+      github.event.pull_request.head.repo.full_name == github.repository
+    needs:
+    - test
+    - lint
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+        ref: ${{ env.PR_COMMIT_SHA }}
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: golangci-lint provider pkg
+      uses: golangci/golangci-lint-action@v4
+      with:
+        version: ${{ env.GOLANGCI_LINT_VERSION }}
+        args: -c ../.golangci.yml
+        working-directory: provider
+    name: lint
+    if: github.event_name == 'repository_dispatch' ||
+      github.event.pull_request.head.repo.full_name == github.repository

.github/workflows/weekly-pulumi-update.yml

@@ -0,0 +1,138 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: weekly-pulumi-update
+on:
+  schedule:
+  - cron: 35 12 * * 4
+  workflow_dispatch: {}
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+jobs:
+  weekly-pulumi-update:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Update Pulumi/Pulumi
+      id: gomod
+      run: >-
+        git config --local user.email 'bot@pulumi.com'
+
+        git config --local user.name 'pulumi-bot'
+
+        git checkout -b update-pulumi/${{ github.run_id }}-${{ github.run_number }}
+
+        for MODFILE in $(find . -name go.mod); do pushd $(dirname $MODFILE); go get github.com/pulumi/pulumi/pkg/v3 github.com/pulumi/pulumi/sdk/v3; go mod tidy; popd; done
+
+        git update-index -q --refresh
+
+        if ! git diff-files --quiet; then echo changes=1 >> "$GITHUB_OUTPUT"; fi
+    - name: Provider with Pulumi Upgrade
+      if: steps.gomod.outputs.changes != 0
+      run: >-
+        make codegen && make local_generate
+
+        git add sdk/nodejs
+
+        git commit -m "Regenerating Node.js SDK based on updated modules" || echo "ignore commit failure, may be empty"
+
+        git add sdk/python
+
+        git commit -m "Regenerating Python SDK based on updated modules" || echo "ignore commit failure, may be empty"
+
+        git add sdk/dotnet
+
+        git commit -m "Regenerating .NET SDK based on updated modules" || echo "ignore commit failure, may be empty"
+
+        git add sdk/go*
+
+        git commit -m "Regenerating Go SDK based on updated modules" || echo "ignore commit failure, may be empty"
+
+        git add sdk/java*
+
+        git commit -m "Regenerating Java SDK based on updated modules" || echo "ignore commit failure, may be empty"
+
+        git add .
+
+        git commit -m "Updated modules" || echo "ignore commit failure, may be empty"
+
+        git push origin update-pulumi/${{ github.run_id }}-${{ github.run_number }}
+    - name: Create PR
+      id: create-pr
+      if: steps.gomod.outputs.changes != 0
+      uses: repo-sync/pull-request@v2.6.2
+      with:
+        source_branch: update-pulumi/${{ github.run_id }}-${{ github.run_number }}
+        destination_branch: master
+        pr_title: Automated Pulumi/Pulumi upgrade
+        github_token: ${{ secrets.PULUMI_BOT_TOKEN }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+    name: weekly-pulumi-update

.gitignore

@@ -5,12 +5,17 @@
 **/.vs
 **/.idea
 **/.ionide
-.pulumi
+**/.vscode
+*.swp
 Pulumi.*.yaml
 yarn.lock
 ci-scripts
-/nuget/
+nuget/
-provider/**/schema-embed.json
+coverage.txt
 
 
+sdk/dotnet/version.txt
+sdk/java/.gradle
+sdk/java/build/
+sdk/java/build.gradle
 sdk/python/venv

.golangci.yml

@@ -0,0 +1,104 @@
+run:
+  timeout: 10m
+
+linters:
+  enable-all: false
+  enable:
+    - depguard
+    - errcheck
+    - exhaustive
+    - exportloopref
+    - gci
+    - gocritic
+    - gofumpt
+    - goheader
+    - gosec
+    - govet
+    - importas
+    - ineffassign
+    - lll
+    - misspell
+    - nakedret
+    - nolintlint
+    - paralleltest
+    - perfsprint
+    - prealloc
+    - revive
+    - unconvert
+    - unused
+
+linters-settings:
+  depguard:
+    rules:
+      protobuf:
+        deny:
+          - pkg: "github.com/golang/protobuf"
+            desc: Use google.golang.org/protobuf instead
+  gci:
+    sections:
+      - standard # Standard section: captures all standard library packages.
+      - blank # Blank section: contains all blank imports.
+      - default # Default section: contains all imports that could not be matched to another section type.
+      - prefix(github.com/pulumi/) # Custom section: groups all imports with the github.com/pulumi/ prefix.
+      - prefix(github.com/pulumi/pulumi-dockerbuild/) # Custom section: local imports
+    custom-order: true
+  gocritic:
+    enable-all: true
+    disabled-checks:
+      - hugeParam
+      - importShadow
+  goheader:
+    template: |-
+      Copyright 2024, Pulumi Corporation.
+
+      Licensed under the Apache License, Version 2.0 (the "License");
+      you may not use this file except in compliance with the License.
+      You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+      Unless required by applicable law or agreed to in writing, software
+      distributed under the License is distributed on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+      See the License for the specific language governing permissions and
+      limitations under the License.
+  govet:
+    enable:
+      - nilness
+      # Reject comparisons of reflect.Value with DeepEqual or '=='.
+      - reflectvaluecompare
+      # Reject sort.Slice calls with a non-slice argument.
+      - sortslice
+      # Detect write to struct/arrays by-value that aren't read again.
+      - unusedwrite
+  nakedret:
+    # Make an issue if func has more lines of code than this setting, and it has naked returns.
+    # Default: 30
+    max-func-lines: 60
+  nolintlint:
+    # Some linter exclusions are added to generated or templated files
+    # pre-emptively.
+    # Don't complain about these.
+    allow-unused: true
+
+issues:
+  exclude-use-default: false
+  exclude-rules:
+    # Don't warn on unused parameters.
+    # Parameter names are useful; replacing them with '_' is undesirable.
+    - linters: [revive]
+      text: 'unused-parameter: parameter \S+ seems to be unused, consider removing or renaming it as _'
+
+    # staticcheck already has smarter checks for empty blocks.
+    # revive's empty-block linter has false positives.
+    # For example, as of writing this, the following is not allowed.
+    #   for foo() { }
+    - linters: [revive]
+      text: "empty-block: this block is empty, you can remove it"
+
+    # We *frequently* use the term 'new' in the context of properties
+    # (new and old properties),
+    # and we rarely use the 'new' built-in function.
+    # It's fine to ignore these cases.
+    - linters: [revive]
+      text: "redefines-builtin-id: redefinition of the built-in function new"

.goreleaser.prerelease.yml

@@ -0,0 +1,38 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+project_name: pulumi-docker-build
+builds:
+- dir: provider
+  env:
+  - CGO_ENABLED=0
+  - GO111MODULE=on
+  goos:
+  - darwin
+  - windows
+  - linux
+  goarch:
+  - amd64
+  - arm64
+  ignore: []
+  main: ./cmd/pulumi-resource-docker-build/
+  ldflags:
+  - -X
+    github.com/pulumi/pulumi-docker-build/provider/pkg/version.Version={{.Tag}}
+  - -X github.com/pulumi/pulumi-docker-build/provider.Version={{.Tag}}
+  binary: pulumi-resource-docker-build
+archives:
+- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}"
+  id: archive
+snapshot:
+  name_template: "{{ .Tag }}-SNAPSHOT"
+changelog:
+  skip: true
+release:
+  disable: true
+blobs:
+- provider: s3
+  region: us-west-2
+  bucket: get.pulumi.com
+  folder: releases/plugins/
+  ids:
+  - archive

.goreleaser.yml

@@ -0,0 +1,38 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+project_name: pulumi-docker-build
+builds:
+- dir: provider
+  env:
+  - CGO_ENABLED=0
+  - GO111MODULE=on
+  goos:
+  - darwin
+  - windows
+  - linux
+  goarch:
+  - amd64
+  - arm64
+  ignore: []
+  main: ./cmd/pulumi-resource-docker-build/
+  ldflags:
+  - -X
+    github.com/pulumi/pulumi-docker-build/provider/pkg/version.Version={{.Tag}}
+  - -X github.com/pulumi/pulumi-docker-build/provider.Version={{.Tag}}
+  binary: pulumi-resource-docker-build
+archives:
+- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}"
+  id: archive
+snapshot:
+  name_template: "{{ .Tag }}-SNAPSHOT"
+changelog:
+  skip: true
+release:
+  disable: false
+blobs:
+- provider: s3
+  region: us-west-2
+  bucket: get.pulumi.com
+  folder: releases/plugins/
+  ids:
+  - archive

Makefile

@@ -1,93 +1,101 @@
-PROJECT_NAME := Pulumi Docker Native Resource Provider
+PROJECT_NAME := Pulumi Docker Build Resource Provider
 
-PACK             := docker-native
+PACK             := docker-build
 PACKDIR          := sdk
-PROJECT          := github.com/pulumi/pulumi-docker-native
+PROJECT          := github.com/pulumi/pulumi-docker-build
-NODE_MODULE_NAME := @pulumi/docker-native
+NODE_MODULE_NAME := @pulumi/docker-build
-NUGET_PKG_NAME   := Pulumi.DockerNative
+NUGET_PKG_NAME   := Pulumi.DockerBuild
 
-PROVIDER        := pulumi-resource-${PACK}
+PROVIDER         := pulumi-resource-${PACK}
-VERSION         ?= $(shell pulumictl get version)
+VERSION          ?= $(shell pulumictl get version)
-PROVIDER_PATH   := provider
+PROVIDER_PATH    := provider
-VERSION_PATH    := ${PROVIDER_PATH}.Version
+VERSION_PATH     := ${PROVIDER_PATH}.Version
+SCHEMA_PATH      := ${PROVIDER_PATH}/cmd/pulumi-resource-${PACK}/schema.json
 
-GOPATH			:= $(shell go env GOPATH)
+GOPATH			 := $(shell go env GOPATH)
 
-WORKING_DIR     := $(shell pwd)
+WORKING_DIR      := $(shell pwd)
-EXAMPLES_DIR    := ${WORKING_DIR}/examples/yaml
+EXAMPLES_DIR     := ${WORKING_DIR}/examples/yaml
-TESTPARALLELISM := 4
+TESTPARALLELISM  := 4
 
-ensure::
+PULUMI           := bin/pulumi
-	cd provider && go mod tidy
+GOGLANGCILINT    := bin/golangci-lint
-	cd sdk && go mod tidy
-	cd tests && go mod tidy
 
-provider::
+.PHONY: ensure
-	(cd provider && go build -o $(WORKING_DIR)/bin/${PROVIDER} -ldflags "-X ${PROJECT}/${VERSION_PATH}=${VERSION}" $(PROJECT)/${PROVIDER_PATH}/cmd/$(PROVIDER))
+ensure:: tidy lint test_provider examples
+
+.PHONY: tidy
+tidy:
+	go mod tidy
+
+.PHONY: provider
+provider: bin/${PROVIDER} bin/pulumi-gen-${PACK} # Required by CI
 
 provider_debug::
 	(cd provider && go build -o $(WORKING_DIR)/bin/${PROVIDER} -gcflags="all=-N -l" -ldflags "-X ${PROJECT}/${VERSION_PATH}=${VERSION}" $(PROJECT)/${PROVIDER_PATH}/cmd/$(PROVIDER))
 
-test_provider::
+test_provider:: # Required by CI
-	cd tests && go test -short -v -count=1 -cover -timeout 2h -parallel ${TESTPARALLELISM} ./...
+	go test -short -v -coverprofile="coverage.txt" -coverpkg=./provider/... -timeout 2h -parallel ${TESTPARALLELISM} ./provider/...
 
-codegen:
+test_examples: install_nodejs_sdk install_dotnet_sdk
+	go test -short -v -cover -tags=all -timeout 2h -parallel ${TESTPARALLELISM} ./examples/...
 
-dotnet_sdk:: DOTNET_VERSION := $(shell pulumictl get version --language dotnet)
+test_all:: test_provider test_examples
-dotnet_sdk::
-	rm -rf sdk/dotnet
-	pulumi package gen-sdk $(WORKING_DIR)/bin/$(PROVIDER) --language dotnet
-	cd ${PACKDIR}/dotnet/&& \
-		echo "${DOTNET_VERSION}" >version.txt && \
-		dotnet build /p:Version=${DOTNET_VERSION}
 
-go_sdk:: $(WORKING_DIR)/bin/$(PROVIDER)
+.PHONY:
-	rm -rf sdk/go
+gen_examples:
-	pulumi package gen-sdk $(WORKING_DIR)/bin/$(PROVIDER) --language go
 
-nodejs_sdk:: VERSION := $(shell pulumictl get version --language javascript)
+examples: $(shell mkdir -p examples)
-nodejs_sdk::
+examples: sdk examples/yaml examples/go examples/nodejs examples/python examples/dotnet examples/java
-	rm -rf sdk/nodejs
-	pulumi package gen-sdk $(WORKING_DIR)/bin/$(PROVIDER) --language nodejs
-	cd ${PACKDIR}/nodejs/ && \
-		yarn install && \
-		yarn run tsc && \
-		cp ../../README.md ../../LICENSE package.json yarn.lock bin/ && \
-		sed -i.bak 's/$${VERSION}/$(VERSION)/g' bin/package.json && \
-		rm ./bin/package.json.bak
 
-python_sdk:: PYPI_VERSION := $(shell pulumictl get version --language python)
+examples/yaml:
-python_sdk::
+	rm -rf ${WORKING_DIR}/examples/yaml/app
-	rm -rf sdk/python
+	cp -r ${WORKING_DIR}/examples/app ${WORKING_DIR}/examples/yaml/app
-	pulumi package gen-sdk $(WORKING_DIR)/bin/$(PROVIDER) --language python
-	cp README.md ${PACKDIR}/python/
-	cd ${PACKDIR}/python/ && \
-		python3 setup.py clean --all 2>/dev/null && \
-		rm -rf ./bin/ ../python.bin/ && cp -R . ../python.bin && mv ../python.bin ./bin && \
-		sed -i.bak -e 's/^VERSION = .*/VERSION = "$(PYPI_VERSION)"/g' -e 's/^PLUGIN_VERSION = .*/PLUGIN_VERSION = "$(VERSION)"/g' ./bin/setup.py && \
-		rm ./bin/setup.py.bak && \
-		cd ./bin && python3 setup.py build sdist
 
-gen_examples: gen_go_example \
+examples/go: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
-		gen_nodejs_example \
+	$(call example,go)
-		gen_python_example \
+	@git checkout examples/go/go.mod
-		gen_dotnet_example
 
-gen_%_example:
+examples/nodejs: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
-	rm -rf ${WORKING_DIR}/examples/$*
+	$(call example,nodejs)
-	pulumi convert \
+	@git checkout examples/nodejs/package.json
-		--cwd ${WORKING_DIR}/examples/yaml \
+
-		--logtostderr \
+examples/python: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
-		--generate-only \
+	$(call example,python)
-		--non-interactive \
+	@git checkout examples/python/requirements.txt
-		--language $* \
+
-		--out ${WORKING_DIR}/examples/$*
+examples/dotnet: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
+	$(call example,dotnet)
+	@git checkout examples/dotnet/provider-docker-build.csproj
+
+examples/java: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
+	$(call example,java)
+	@git checkout examples/java/pom.xml
+
+${PULUMI}: go.sum
+	GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/pkg/v3/cmd/pulumi
+	GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3
+
+${GOGLANGCILINT}: go.sum
+	GOBIN=${WORKING_DIR}/bin go install github.com/golangci/golangci-lint/cmd/golangci-lint
 
 define pulumi_login
     export PULUMI_CONFIG_PASSPHRASE=asdfqwerty1234; \
     pulumi login --local;
 endef
 
+define example
+	rm -rf ${WORKING_DIR}/examples/$(1)
+	$(PULUMI) convert \
+		--cwd ${WORKING_DIR}/examples/yaml \
+		--logtostderr \
+		--generate-only \
+		--non-interactive \
+		--language $(1) \
+		--out ${WORKING_DIR}/examples/$(1)
+	cp -r ${WORKING_DIR}/examples/app ${WORKING_DIR}/examples/$(1)/app
+endef
+
 up::
 	$(call pulumi_login) \
 	cd ${EXAMPLES_DIR} && \
@@ -109,39 +117,132 @@ devcontainer::
 	cp -f .devcontainer/devcontainer.json .devcontainer.json
 
 .PHONY: build
-
 build:: provider dotnet_sdk go_sdk nodejs_sdk python_sdk
 
 # Required for the codegen action that runs in pulumi/pulumi
 only_build:: build
 
-lint::
+.PHONY: lint
-	for DIR in "provider" "sdk" "tests" ; do \
+lint: ${GOGLANGCILINT}
-		pushd $$DIR && golangci-lint run -c ../.golangci.yml --timeout 10m && popd ; \
+	${GOGLANGCILINT} run --fix -c .golangci.yml
-	done
 
 install:: install_nodejs_sdk install_dotnet_sdk
 	cp $(WORKING_DIR)/bin/${PROVIDER} ${GOPATH}/bin
 
-GO_TEST 	 := go test -v -count=1 -cover -timeout 2h -parallel ${TESTPARALLELISM}
 
-test_all:: test_provider
+install_dotnet_sdk:: # Required by CI
-	cd tests/sdk/nodejs && $(GO_TEST) ./...
-	cd tests/sdk/python && $(GO_TEST) ./...
-	cd tests/sdk/dotnet && $(GO_TEST) ./...
-	cd tests/sdk/go && $(GO_TEST) ./...
-
-install_dotnet_sdk::
 	rm -rf $(WORKING_DIR)/nuget/$(NUGET_PKG_NAME).*.nupkg
 	mkdir -p $(WORKING_DIR)/nuget
 	find . -name '*.nupkg' -print -exec cp -p {} ${WORKING_DIR}/nuget \;
 
-install_python_sdk::
+install_python_sdk:: # Required by CI
-	#target intentionally blank
 
-install_go_sdk::
+install_go_sdk:: # Required by CI
-	#target intentionally blank
 
-install_nodejs_sdk::
+install_nodejs_sdk:: # Required by CI
 	-yarn unlink --cwd $(WORKING_DIR)/sdk/nodejs/bin
 	yarn link --cwd $(WORKING_DIR)/sdk/nodejs/bin
+
+.PHONY: codegen
+codegen: # Required by CI
+
+.PHONY: generate_schema
+generate_schema: # Required by CI
+
+.PHONY: build_go install_go_sdk
+generate_go: sdk/go # Required by CI
+build_go: # Required by CI
+
+.PHONY: build_java install_java_sdk
+generate_java: sdk/java # Required by CI
+build_java: # Required by CI
+
+.PHONY: build_python install_python_sdk
+generate_python: sdk/python # Required by CI
+build_python: # Required by CI
+
+.PHONY: build_nodejs install_nodejs_sdk
+generate_nodejs: sdk/nodejs # Required by CI
+build_nodejs: # Required by CI
+
+.PHONY: build_dotnet install_dotnet_sdk
+generate_dotnet: sdk/dotnet # Required by CI
+build_dotnet: # Required by CI
+
+${SCHEMA_PATH}: bin/${PROVIDER}
+	pulumi package get-schema bin/${PROVIDER} > $(SCHEMA_PATH)
+
+bin/${PROVIDER}: $(shell find ./provider -name '*.go') go.mod
+	(cd provider && go build -o ../bin/${PROVIDER} -ldflags "-X ${PROJECT}/${VERSION_PATH}=${VERSION}" $(PROJECT)/${PROVIDER_PATH}/cmd/$(PROVIDER))
+
+bin/pulumi-gen-${PACK}: # Required by CI
+	touch bin/pulumi-gen-${PACK}
+
+go.mod: $(shell find . -name '*.go')
+go.sum: go.mod
+
+sdk: $(shell mkdir -p sdk)
+sdk: sdk/python sdk/nodejs sdk/java sdk/python sdk/go sdk/dotnet
+
+sdk/python: PYPI_VERSION := $(shell pulumictl get version --language python)
+sdk/python: TMPDIR := $(shell mktemp -d)
+sdk/python: $(PULUMI) bin/${PROVIDER}
+	rm -rf sdk/python
+	$(PULUMI) package gen-sdk bin/$(PROVIDER) --language python -o ${TMPDIR}
+	cp README.md ${TMPDIR}/python/
+	cd ${TMPDIR}/python/ && \
+		rm -rf ./bin/ ../python.bin/ && cp -R . ../python.bin && mv ../python.bin ./bin && \
+		sed -i.bak -e 's/^  version = .*/  version = "$(PYPI_VERSION)"/g' ./bin/pyproject.toml && \
+		rm ./bin/pyproject.toml.bak && \
+		python3 -m venv venv && \
+		./venv/bin/python -m pip install build && \
+		cd ./bin && \
+		../venv/bin/python -m build .
+	mv -f ${TMPDIR}/python ${WORKING_DIR}/sdk/.
+
+sdk/nodejs: NODE_VERSION := $(shell pulumictl get version --language javascript)
+sdk/nodejs: TMPDIR := $(shell mktemp -d)
+sdk/nodejs: $(PULUMI) bin/${PROVIDER}
+	rm -rf sdk/nodejs
+	$(PULUMI) package gen-sdk bin/$(PROVIDER) --language nodejs -o ${TMPDIR}
+	cp README.md LICENSE ${TMPDIR}/nodejs
+	cd ${TMPDIR}/nodejs/ && \
+		yarn install && \
+		yarn run tsc && \
+		cp README.md LICENSE package.json yarn.lock bin/ && \
+		sed -i.bak 's/$${VERSION}/$(NODE_VERSION)/g' bin/package.json && \
+		rm ./bin/package.json.bak
+	mv -f ${TMPDIR}/nodejs ${WORKING_DIR}/sdk/.
+
+sdk/go: TMPDIR := $(shell mktemp -d)
+sdk/go: PATH := "$(WORKING_DIR)/bin:$(PATH)"
+sdk/go: $(PULUMI) bin/${PROVIDER}
+	rm -rf sdk/go
+	PATH=$(PATH) $(PULUMI) package gen-sdk bin/$(PROVIDER) --language go -o ${TMPDIR}
+	cp go.mod ${TMPDIR}/go/dockerbuild/go.mod
+	cd ${TMPDIR}/go/dockerbuild && \
+		go mod edit -module=github.com/pulumi/pulumi-${PACK}/${PACKDIR}/go/dockerbuild && \
+		go mod tidy
+	mv -f ${TMPDIR}/go ${WORKING_DIR}/sdk/go
+
+sdk/dotnet: DOTNET_VERSION  := $(shell pulumictl get version --language dotnet)
+sdk/dotnet: TMPDIR := $(shell mktemp -d)
+sdk/dotnet: $(PULUMI) bin/${PROVIDER}
+	rm -rf sdk/dotnet
+	$(PULUMI) package gen-sdk bin/${PROVIDER} --language dotnet -o ${TMPDIR}
+	cd ${TMPDIR}/dotnet/ && \
+		echo "$(DOTNET_VERSION)" > version.txt && \
+		dotnet build /p:Version=${DOTNET_VERSION}
+	mv -f ${TMPDIR}/dotnet ${WORKING_DIR}/sdk/.
+
+sdk/java: PACKAGE_VERSION := $(shell pulumictl get version --language generic)
+sdk/java: TMPDIR := $(shell mktemp -d)
+sdk/java: $(PULUMI) bin/${PROVIDER}
+	rm -rf sdk/java
+	$(PULUMI) package gen-sdk --language java bin/${PROVIDER} -o ${TMPDIR}
+	cd ${TMPDIR}/java/ && gradle --console=plain build
+	mv -f ${TMPDIR}/java ${WORKING_DIR}/sdk/.
+
+docs: $(shell find docs/yaml -type f) $(shell find ./provider/internal/embed -name '*.md') ${SCHEMA_PATH}
+	go generate docs/generate.go
+	@touch docs

README.md

@@ -1,106 +1,23 @@
-# Pulumi Native Provider Boilerplate
+[![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com)
+[![NPM version](https://badge.fury.io/js/%40pulumi%2fdocker-build.svg)](https://www.npmjs.com/package/@pulumi/docker-build)
+[![Python version](https://badge.fury.io/py/pulumi-docker-build.svg)](https://pypi.org/project/pulumi-docker-build)
+[![NuGet version](https://badge.fury.io/nu/pulumi.dockerbuild.svg)](https://badge.fury.io/nu/pulumi.dockerbuild)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/pulumi/pulumi-docker-build/sdk/go)](https://pkg.go.dev/github.com/pulumi/pulumi-docker-build/sdk/go)
+[![License](https://img.shields.io/npm/l/%40pulumi%2Fpulumi.svg)](https://github.com/pulumi/pulumi-docker-build/blob/main/LICENSE)
 
-This repository is a boilerplate showing how to create and locally test a native Pulumi provider.
+# Docker-Build Resource Provider
 
-## Authoring a Pulumi Native Provider
+A [Pulumi](http://pulumi.com) provider for building modern Docker images with [buildx](https://docs.docker.com/build/architecture/) and [BuildKit](https://docs.docker.com/build/buildkit/).
 
-This boilerplate creates a working Pulumi-owned provider named `xyz`.
+Not to be confused with the earlier
-It implements a random number generator that you can [build and test out for yourself](#test-against-the-example) and then replace the Random code with code specific to your provider.
+[Docker](http://github.com/pulumi/pulumi-docker) provider, which is still
+appropriate for managing resources unrelated to building images.
 
+| Provider               | Use cases                                                                                                                                                |
+| ----------------       | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `@pulumi/docker-build` | Anything related to building images with `docker build`.                                                                                                 |
+| `@pulumi/docker`       | Everything else -- including running containers and creating networks.                                                                                   |
 
-### Prerequisites
+## Reference
 
-Prerequisites for this repository are already satisfied by the [Pulumi Devcontainer](https://github.com/pulumi/devcontainer) if you are using Github Codespaces, or VSCode.
+For more information, including examples and migration guidance, please see the Docker-Build provider's detailed [API documentation](https://www.pulumi.com/registry/packages/docker-build/).
-
-If you are not using VSCode, you will need to ensure the following tools are installed and present in your `$PATH`:
-
-* [`pulumictl`](https://github.com/pulumi/pulumictl#installation)
-* [Go 1.21](https://golang.org/dl/) or 1.latest
-* [NodeJS](https://nodejs.org/en/) 14.x.  We recommend using [nvm](https://github.com/nvm-sh/nvm) to manage NodeJS installations.
-* [Yarn](https://yarnpkg.com/)
-* [TypeScript](https://www.typescriptlang.org/)
-* [Python](https://www.python.org/downloads/) (called as `python3`).  For recent versions of MacOS, the system-installed version is fine.
-* [.NET](https://dotnet.microsoft.com/download)
-
-
-### Build & test the boilerplate XYZ provider
-
-1. Create a new Github CodeSpaces environment using this repository.
-1. Open a terminal in the CodeSpaces environment.
-1. Run `make build install` to build and install the provider.
-1. Run `make gen_examples` to generate the example programs in `examples/` off of the source `examples/yaml` example program.
-1. Run `make up` to run the example program in `examples/yaml`.
-1. Run `make down` to tear down the example program.
-
-### Creating a new provider repository
-
-Pulumi offers this repository as a [GitHub template repository](https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-repository-from-a-template) for convenience.  From this repository:
-
-1. Click "Use this template".
-1. Set the following options:
-   * Owner: pulumi 
-   * Repository name: pulumi-xyz-native (replace "xyz" with the name of your provider)
-   * Description: Pulumi provider for xyz
-   * Repository type: Public
-1. Clone the generated repository.
-
-From the templated repository:
-
-1. Search-replace `xyz` with the name of your desired provider.
-
-#### Build the provider and install the plugin
-
-   ```bash
-   $ make build install
-   ```
-   
-This will:
-
-1. Create the SDK codegen binary and place it in a `./bin` folder (gitignored)
-2. Create the provider binary and place it in the `./bin` folder (gitignored)
-3. Generate the dotnet, Go, Node, and Python SDKs and place them in the `./sdk` folder
-4. Install the provider on your machine.
-
-#### Test against the example
-   
-```bash
-$ cd examples/simple
-$ yarn link @pulumi/xyz
-$ yarn install
-$ pulumi stack init test
-$ pulumi up
-```
-
-Now that you have completed all of the above steps, you have a working provider that generates a random string for you.
-
-#### A brief repository overview
-
-You now have:
-
-1. A `provider/` folder containing the building and implementation logic
-    1. `cmd/pulumi-resource-xyz/main.go` - holds the provider's sample implementation logic.
-2. `deployment-templates` - a set of files to help you around deployment and publication
-3. `sdk` - holds the generated code libraries created by `pulumi-gen-xyz/main.go`
-4. `examples` a folder of Pulumi programs to try locally and/or use in CI.
-5. A `Makefile` and this `README`.
-
-#### Additional Details
-
-This repository depends on the pulumi-go-provider library. For more details on building providers, please check
-the [Pulumi Go Provider docs](https://github.com/pulumi/pulumi-go-provider).
-
-### Build Examples
-
-Create an example program using the resources defined in your provider, and place it in the `examples/` folder.
-
-You can now repeat the steps for [build, install, and test](#test-against-the-example).
-
-## Configuring CI and releases
-
-1. Follow the instructions laid out in the [deployment templates](./deployment-templates/README-DEPLOYMENT.md).
-
-## References
-
-Other resources/examples for implementing providers:
-* [Pulumi Command provider](https://github.com/pulumi/pulumi-command/blob/master/provider/pkg/provider/provider.go)
-* [Pulumi Go Provider repository](https://github.com/pulumi/pulumi-go-provider)

codecov.yml

@@ -0,0 +1,12 @@
+comment:
+  layout: "header, files, footer"
+  hide_project_coverage: false
+
+coverage:
+  status:
+    project:
+      default:
+        informational: true
+    patch:
+      default:
+        informational: true

docs/generate.go

@@ -0,0 +1,216 @@
+// Copyright 2024, Pulumi Corporation.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:generate go run generate.go yaml ../provider/internal/embed
+
+// Package main ingests a multi-document YAML file and converts it into
+// Markdown examples.
+package main
+
+import (
+	"fmt"
+	"io"
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"gopkg.in/yaml.v3"
+
+	"github.com/pulumi/pulumi/sdk/v3/go/common/util/contract"
+)
+
+func main() {
+	if len(os.Args) < 3 {
+		fmt.Fprintf(os.Stdout, "Usage: %s <yaml source dir path> <markdown destination path>\n", os.Args[0])
+		os.Exit(1)
+	}
+	yamlPath := os.Args[1]
+	mdPath := os.Args[2]
+
+	if !filepath.IsAbs(yamlPath) {
+		cwd, err := os.Getwd()
+		contract.AssertNoErrorf(err, "getting working directory")
+		yamlPath = filepath.Join(cwd, yamlPath)
+	}
+
+	if err := os.MkdirAll(mdPath, 0o750); err != nil {
+		panic(err)
+	}
+	fileInfo, err := os.Lstat(mdPath)
+	if err != nil || !fileInfo.IsDir() {
+		fmt.Fprintf(os.Stderr, "Expect markdown destination %q to be a directory\n", mdPath)
+		os.Exit(1)
+	}
+
+	yamlFiles, err := os.ReadDir(yamlPath)
+	if err != nil {
+		panic(err)
+	}
+	for _, yamlFile := range yamlFiles {
+		if err := processYaml(filepath.Join(yamlPath, yamlFile.Name()), mdPath); err != nil {
+			log.Fatal(fmt.Errorf("processing %q: %w", yamlFile.Name(), err))
+		}
+	}
+}
+
+func markdownExamples(examples []string) string {
+	s := "{{% examples %}}\n## Example Usage\n"
+	for _, example := range examples {
+		s += example
+	}
+	s += "{{% /examples %}}"
+	return s
+}
+
+func markdownExample(description string,
+	typescript string,
+	python string,
+	csharp string,
+	golang string,
+	yaml string,
+	java string,
+) string {
+	return fmt.Sprintf("{{%% example %%}}\n### %s\n\n"+
+		"```typescript\n%s```\n"+
+		"```python\n%s```\n"+
+		"```csharp\n%s```\n"+
+		"```go\n%s```\n"+
+		"```yaml\n%s```\n"+
+		"```java\n%s```\n"+
+		"{{%% /example %%}}\n",
+		description, typescript, python, csharp, golang, yaml, java)
+}
+
+func convert(language, tempDir, programFile string) (string, error) {
+	exampleDir := filepath.Join(tempDir, "example"+language)
+	//nolint:gosec // No user-provided input.
+	cmd := exec.Command(
+		"pulumi",
+		"convert",
+		"--language",
+		language,
+		"--out",
+		filepath.Clean(filepath.Join(tempDir, exampleDir)),
+		"--generate-only",
+	)
+
+	cmd.Stderr = os.Stderr
+	cmd.Stdout = os.Stdout
+	cmd.Dir = tempDir
+	if err := cmd.Run(); err != nil {
+		return "", fmt.Errorf("converting: %w", err)
+	}
+	content, err := os.ReadFile(filepath.Clean(filepath.Join(tempDir, exampleDir, programFile)))
+	if err != nil {
+		return "", fmt.Errorf("reading: %w", err)
+	}
+
+	return string(content), nil
+}
+
+func processYaml(path, mdDir string) error {
+	yamlFile, err := os.Open(filepath.Clean(path))
+	if err != nil {
+		return err
+	}
+
+	base := filepath.Base(path)
+	md := strings.NewReplacer(".yaml", ".md", ".yml", ".md").Replace(base)
+
+	defer contract.IgnoreClose(yamlFile)
+	decoder := yaml.NewDecoder(yamlFile)
+	exampleStrings := []string{}
+	for {
+		keepGoing, err := func() (bool, error) {
+			example := map[string]interface{}{}
+			err := decoder.Decode(&example)
+			if err == io.EOF {
+				return false, nil
+			}
+
+			description, ok := example["description"].(string)
+			if !ok {
+				description = ""
+			}
+			dir, err := os.MkdirTemp("", "")
+			if err != nil {
+				return false, err
+			}
+
+			defer func() {
+				contract.IgnoreError(os.RemoveAll(dir))
+			}()
+
+			src, err := os.OpenFile(filepath.Clean(filepath.Join(dir, "Pulumi.yaml")), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
+			if err != nil {
+				return false, err
+			}
+
+			fmt.Println("Converting:", example)
+
+			if err := yaml.NewEncoder(src).Encode(example); err != nil {
+				return false, err
+			}
+			contract.AssertNoErrorf(src.Close(), "closing")
+
+			typescript, err := convert("typescript", dir, "index.ts")
+			if err != nil {
+				return false, err
+			}
+			python, err := convert("python", dir, "__main__.py")
+			if err != nil {
+				return false, err
+			}
+			csharp, err := convert("csharp", dir, "Program.cs")
+			if err != nil {
+				return false, err
+			}
+			golang, err := convert("go", dir, "main.go")
+			if err != nil {
+				return false, err
+			}
+			java, err := convert("java", dir, "src/main/java/generated_program/App.java")
+			if err != nil {
+				return false, err
+			}
+
+			yamlContent, err := os.ReadFile(filepath.Clean(filepath.Join(dir, "Pulumi.yaml")))
+			if err != nil {
+				return false, err
+			}
+			yaml := string(yamlContent)
+
+			exampleStrings = append(exampleStrings, markdownExample(description, typescript, python, csharp, golang, yaml, java))
+
+			return true, nil
+		}()
+		if err != nil {
+			return err
+		}
+		if !keepGoing {
+			break
+		}
+	}
+	fmt.Fprintf(os.Stdout, "Writing %s\n", filepath.Join(mdDir, md))
+	f, err := os.OpenFile(filepath.Clean(filepath.Join(mdDir, md)), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
+	if err != nil {
+		return err
+	}
+	defer contract.IgnoreClose(f)
+	_, err = f.WriteString(markdownExamples(exampleStrings))
+	contract.AssertNoErrorf(err, "writing examples")
+	return nil
+}

docs/yaml/image-examples.yaml

@@ -0,0 +1,180 @@
+name: ecr
+description: Push to AWS ECR with caching
+outputs:
+  ref: ${my-image.ref}
+resources:
+  ecr-repository:
+    type: aws:ecr:Repository
+  my-image:
+    type: docker-build:Image
+    properties:
+      tags:
+        - ${ecr-repository.repositoryUrl}:latest
+      push: true
+      context:
+        location: ./app
+      cacheFrom:
+        - registry:
+            ref: ${ecr-repository.repositoryUrl}:cache
+      cacheTo:
+        - registry:
+            ref: ${ecr-repository.repositoryUrl}:cache
+            imageManifest: true
+            ociMediaTypes: true
+      registries:
+        - username: ${auth-token.userName}
+          password: ${auth-token.password}
+          address: ${ecr-repository.repositoryUrl}
+runtime: yaml
+variables:
+  auth-token:
+    fn::aws:ecr:getAuthorizationToken:
+      registryId: ${ecr-repository.registryId}
+---
+name: multi-platform
+runtime: yaml
+description: Multi-platform image
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      platforms:
+        - plan9/amd64
+        - plan9/386
+---
+name: registry
+runtime: yaml
+description: Registry export
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      tags:
+        - "docker.io/pulumi/pulumi:3.107.0"
+      context:
+        location: "app"
+      push: true
+      registries:
+        - address: docker.io
+          username: pulumibot
+          password: ${dockerHubPassword}
+outputs:
+  ref: ${my-image.ref}
+---
+name: caching
+runtime: yaml
+description: Caching
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      cacheTo:
+        - local:
+            dest: tmp/cache
+            mode: max
+      cacheFrom:
+        - local:
+            src: tmp/cache
+---
+name: dbc
+runtime: yaml
+description: Docker Build Cloud
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      exec: true
+      builder:
+        name: cloud-builder-name
+---
+name: build-args
+runtime: yaml
+description: Build arguments
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      buildArgs:
+        SET_ME_TO_TRUE: "true"
+---
+name: build-target
+runtime: yaml
+description: Build target
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      target: "build-me"
+---
+name: named-contexts
+runtime: yaml
+description: Named contexts
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: app
+        named:
+          "golang:latest":
+            location: "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984"
+---
+name: remote-context
+runtime: yaml
+description: Remote context
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile"
+
+---
+name: inline
+runtime: yaml
+description: Inline Dockerfile
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      dockerfile:
+        inline: |
+          FROM busybox
+          COPY hello.c ./
+      context:
+        location: "app"
+---
+name: remote-context
+runtime: yaml
+description: Remote context
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      dockerfile:
+        location: app/Dockerfile
+      context:
+        location: "https://github.com/docker-library/hello-world.git"
+---
+name: docker-load
+runtime: yaml
+description: Local export
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      exports:
+        - docker:
+            tar: true

docs/yaml/index-examples.yaml

@@ -0,0 +1,48 @@
+name: registry-caching
+description: Multi-platform registry caching
+runtime: yaml
+resources:
+  arm64:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      platforms:
+        - linux/arm64
+      tags:
+        - "docker.io/pulumi/pulumi:3.107.0-arm64"
+      cacheTo:
+        - registry:
+            ref: "docker.io/pulumi/pulumi:cache-arm64"
+            mode: max
+      cacheFrom:
+        - registry:
+            ref: "docker.io/pulumi/pulumi:cache-arm64"
+
+  amd64:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      platforms:
+        - linux/amd64
+      tags:
+        - "docker.io/pulumi/pulumi:3.107.0-amd64"
+      cacheTo:
+        - registry:
+            ref: "docker.io/pulumi/pulumi:cache-amd64"
+            mode: max
+      cacheFrom:
+        - registry:
+            ref: "docker.io/pulumi/pulumi:cache-amd64"
+
+  index:
+    type: docker-build:Index
+    properties:
+      tag: "docker.io/pulumi/pulumi:3.107.0"
+      sources:
+        - ${amd64.ref}
+        - ${arm64.ref}
+
+outputs:
+  ref: ${index.ref}

examples/app/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo 👍

examples/app/Dockerfile.buildArgs

@@ -0,0 +1,5 @@
+FROM alpine
+
+ARG SET_ME_TO_TRUE
+RUN [ "$SET_ME_TO_TRUE" = "true" ]
+RUN echo "That's the correct build arg, thanks! 👍"

examples/app/Dockerfile.emptyContext

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

examples/app/Dockerfile.extraHosts

@@ -0,0 +1,3 @@
+FROM bash AS base
+
+RUN getent hosts metadata.google.internal

examples/app/Dockerfile.multiPlatform

@@ -0,0 +1,7 @@
+FROM --platform=$BUILDPLATFORM alpine as build
+RUN echo ${BUILDPLATFORM} > buildplatform
+RUN echo ${TARGETPLATFORM} > targetplatform
+
+FROM build
+RUN cat buildplatform
+RUN cat targetplatform

examples/app/Dockerfile.namedContexts

@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:1.4
+FROM golang:latest
+
+RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
+RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

examples/app/Dockerfile.secrets

@@ -0,0 +1,4 @@
+FROM alpine
+
+RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]
+

examples/app/Dockerfile.sshMount

@@ -0,0 +1,5 @@
+FROM alpine
+
+RUN apk add openssh-client
+
+RUN --mount=type=ssh ssh-add -l

examples/app/Dockerfile.target

@@ -0,0 +1,8 @@
+FROM alpine as build-me
+RUN echo 👍
+
+FROM build-me as also-build-me
+RUN echo 🤙
+
+FROM build-me as dont-build-me
+RUN [ "true" = "false" ]

examples/dotnet/Program.cs

@@ -1,21 +1,258 @@
 using System.Collections.Generic;
 using System.Linq;
 using Pulumi;
-using DockerNative = Pulumi.DockerNative;
+using DockerBuild = Pulumi.DockerBuild;
 
 return await Deployment.RunAsync(() => 
 {
-    var myRandomResource = new DockerNative.Random("myRandomResource", new()
+    var config = new Config();
+    var dockerHubPassword = config.Require("dockerHubPassword");
+    var multiPlatform = new DockerBuild.Image("multiPlatform", new()
     {
-        Length = 24,
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.multiPlatform",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Platforms = new[]
+        {
+            DockerBuild.Platform.Plan9_amd64,
+            DockerBuild.Platform.Plan9_386,
+        },
+    });
+
+    var registryPush = new DockerBuild.Image("registryPush", new()
+    {
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Tags = new[]
+        {
+            "docker.io/pulumibot/buildkit-e2e:example",
+        },
+        Exports = new[]
+        {
+            new DockerBuild.Inputs.ExportArgs
+            {
+                Registry = new DockerBuild.Inputs.ExportRegistryArgs
+                {
+                    OciMediaTypes = true,
+                    Push = false,
+                },
+            },
+        },
+        Registries = new[]
+        {
+            new DockerBuild.Inputs.RegistryArgs
+            {
+                Address = "docker.io",
+                Username = "pulumibot",
+                Password = dockerHubPassword,
+            },
+        },
+    });
+
+    var cached = new DockerBuild.Image("cached", new()
+    {
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        CacheTo = new[]
+        {
+            new DockerBuild.Inputs.CacheToArgs
+            {
+                Local = new DockerBuild.Inputs.CacheToLocalArgs
+                {
+                    Dest = "tmp/cache",
+                    Mode = DockerBuild.CacheMode.Max,
+                },
+            },
+        },
+        CacheFrom = new[]
+        {
+            new DockerBuild.Inputs.CacheFromArgs
+            {
+                Local = new DockerBuild.Inputs.CacheFromLocalArgs
+                {
+                    Src = "tmp/cache",
+                },
+            },
+        },
+    });
+
+    var buildArgs = new DockerBuild.Image("buildArgs", new()
+    {
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.buildArgs",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        BuildArgs = 
+        {
+            { "SET_ME_TO_TRUE", "true" },
+        },
+    });
+
+    var extraHosts = new DockerBuild.Image("extraHosts", new()
+    {
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.extraHosts",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        AddHosts = new[]
+        {
+            "metadata.google.internal:169.254.169.254",
+        },
+    });
+
+    var sshMount = new DockerBuild.Image("sshMount", new()
+    {
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.sshMount",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Ssh = new[]
+        {
+            new DockerBuild.Inputs.SSHArgs
+            {
+                Id = "default",
+            },
+        },
+    });
+
+    var secrets = new DockerBuild.Image("secrets", new()
+    {
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.secrets",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Secrets = 
+        {
+            { "password", "hunter2" },
+        },
+    });
+
+    var labels = new DockerBuild.Image("labels", new()
+    {
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Labels = 
+        {
+            { "description", "This image will get a descriptive label 👍" },
+        },
+    });
+
+    var target = new DockerBuild.Image("target", new()
+    {
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.target",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Target = "build-me",
+    });
+
+    var namedContexts = new DockerBuild.Image("namedContexts", new()
+    {
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.namedContexts",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+            Named = 
+            {
+                { "golang:latest", new DockerBuild.Inputs.ContextArgs
+                {
+                    Location = "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
+                } },
+            },
+        },
+    });
+
+    var remoteContext = new DockerBuild.Image("remoteContext", new()
+    {
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile",
+        },
+    });
+
+    var remoteContextWithInline = new DockerBuild.Image("remoteContextWithInline", new()
+    {
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Inline = @"FROM busybox
+COPY hello.c ./
+",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "https://github.com/docker-library/hello-world.git",
+        },
+    });
+
+    var inline = new DockerBuild.Image("inline", new()
+    {
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Inline = @"FROM alpine
+RUN echo ""This uses an inline Dockerfile! 👍""
+",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+    });
+
+    var dockerLoad = new DockerBuild.Image("dockerLoad", new()
+    {
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Exports = new[]
+        {
+            new DockerBuild.Inputs.ExportArgs
+            {
+                Docker = new DockerBuild.Inputs.ExportDockerArgs
+                {
+                    Tar = true,
+                },
+            },
+        },
     });
 
     return new Dictionary<string, object?>
     {
-        ["output"] = 
+        ["platforms"] = multiPlatform.Platforms,
-        {
-            { "value", myRandomResource.Result },
-        },
     };
 });
 

examples/dotnet/Pulumi.yaml

@@ -1,6 +1,10 @@
-name: provider-docker-native
+name: provider-docker-build
 runtime: dotnet
+config:
+  dockerHubPassword:
+    type: string
+    secret: true
 plugins:
   providers:
-    - name: docker-native
+    - name: docker-build
       path: ../../bin

examples/dotnet/app/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo 👍

examples/dotnet/app/Dockerfile.buildArgs

@@ -0,0 +1,5 @@
+FROM alpine
+
+ARG SET_ME_TO_TRUE
+RUN [ "$SET_ME_TO_TRUE" = "true" ]
+RUN echo "That's the correct build arg, thanks! 👍"

examples/dotnet/app/Dockerfile.emptyContext

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

examples/dotnet/app/Dockerfile.extraHosts

@@ -0,0 +1,3 @@
+FROM bash AS base
+
+RUN getent hosts metadata.google.internal

examples/dotnet/app/Dockerfile.multiPlatform

@@ -0,0 +1,7 @@
+FROM --platform=$BUILDPLATFORM alpine as build
+RUN echo ${BUILDPLATFORM} > buildplatform
+RUN echo ${TARGETPLATFORM} > targetplatform
+
+FROM build
+RUN cat buildplatform
+RUN cat targetplatform

examples/dotnet/app/Dockerfile.namedContexts

@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:1.4
+FROM golang:latest
+
+RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
+RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

examples/dotnet/app/Dockerfile.secrets

@@ -0,0 +1,4 @@
+FROM alpine
+
+RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]
+

examples/dotnet/app/Dockerfile.sshMount

@@ -0,0 +1,5 @@
+FROM alpine
+
+RUN apk add openssh-client
+
+RUN --mount=type=ssh ssh-add -l

examples/dotnet/app/Dockerfile.target

@@ -0,0 +1,8 @@
+FROM alpine as build-me
+RUN echo 👍
+
+FROM build-me as also-build-me
+RUN echo 🤙
+
+FROM build-me as dont-build-me
+RUN [ "true" = "false" ]

examples/dotnet/provider-docker-build.csproj

@@ -8,7 +8,7 @@
 
 	<ItemGroup>
 		<PackageReference Include="Pulumi" Version="3.*" />
-		<PackageReference Include="Pulumi.DockerNative" Version="0.0.1-alpha.1709848295+3427e611.dirty" />
+		<PackageReference Include="Pulumi.DockerBuild" Version="0.0.2-alpha.1712594380+4cd6d49b.dirty" />
 	</ItemGroup>
 
 </Project>

examples/dotnet_test.go

@@ -0,0 +1,39 @@
+//go:build dotnet || all
+// +build dotnet all
+
+package examples
+
+import (
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"testing"
+
+	"github.com/pulumi/pulumi/pkg/v3/testing/integration"
+	"github.com/stretchr/testify/require"
+)
+
+func TestDotNetExample(t *testing.T) {
+	cwd, err := os.Getwd()
+	require.NoError(t, err)
+
+	nuget := filepath.Join(cwd, "../nuget")
+	t.Setenv("PULUMI_LOCAL_NUGET", nuget)
+
+	cmd := exec.Command("dotnet", "nuget", "add", "source", nuget)
+	_ = cmd.Run()
+
+	test := integration.ProgramTestOptions{
+		Dir: path.Join(cwd, "dotnet"),
+		Dependencies: []string{
+			"Pulumi.DockerBuild",
+		},
+		Secrets: map[string]string{
+			"dockerHubPassword": os.Getenv("DOCKER_HUB_PASSWORD"),
+		},
+		NoParallel: true,
+	}
+
+	integration.ProgramTest(t, &test)
+}

examples/go/Pulumi.yaml

@@ -1,6 +1,10 @@
-name: provider-docker-native
+name: provider-docker-build
 runtime: go
+config:
+  dockerHubPassword:
+    type: string
+    secret: true
 plugins:
   providers:
-    - name: docker-native
+    - name: docker-build
       path: ../../bin

examples/go/app/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo 👍

examples/go/app/Dockerfile.buildArgs

@@ -0,0 +1,5 @@
+FROM alpine
+
+ARG SET_ME_TO_TRUE
+RUN [ "$SET_ME_TO_TRUE" = "true" ]
+RUN echo "That's the correct build arg, thanks! 👍"

examples/go/app/Dockerfile.emptyContext

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

examples/go/app/Dockerfile.extraHosts

@@ -0,0 +1,3 @@
+FROM bash AS base
+
+RUN getent hosts metadata.google.internal

examples/go/app/Dockerfile.multiPlatform

@@ -0,0 +1,7 @@
+FROM --platform=$BUILDPLATFORM alpine as build
+RUN echo ${BUILDPLATFORM} > buildplatform
+RUN echo ${TARGETPLATFORM} > targetplatform
+
+FROM build
+RUN cat buildplatform
+RUN cat targetplatform

examples/go/app/Dockerfile.namedContexts

@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:1.4
+FROM golang:latest
+
+RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
+RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

examples/go/app/Dockerfile.secrets

@@ -0,0 +1,4 @@
+FROM alpine
+
+RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]
+

examples/go/app/Dockerfile.sshMount

@@ -0,0 +1,5 @@
+FROM alpine
+
+RUN apk add openssh-client
+
+RUN --mount=type=ssh ssh-add -l

examples/go/app/Dockerfile.target

@@ -0,0 +1,8 @@
+FROM alpine as build-me
+RUN echo 👍
+
+FROM build-me as also-build-me
+RUN echo 🤙
+
+FROM build-me as dont-build-me
+RUN [ "true" = "false" ]

examples/go/go.mod

@@ -1,7 +1,7 @@
-module provider-docker-native
+module provider-docker-build
 
 go 1.20
 
 require (
-	github.com/pulumi/pulumi/sdk/v3 v3.30.0
+	github.com/pulumi/pulumi/sdk/v3 v3.111.1
 )

examples/go/main.go

@@ -1,21 +1,222 @@
 package main
 
 import (
-	"github.com/pulumi/pulumi-docker-native/sdk/go/docker"
+	"github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild"
 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
+	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
 )
 
 func main() {
 	pulumi.Run(func(ctx *pulumi.Context) error {
-		myRandomResource, err := docker.NewRandom(ctx, "myRandomResource", &docker.RandomArgs{
+		cfg := config.New(ctx, "")
-			Length: pulumi.Int(24),
+		dockerHubPassword := cfg.Require("dockerHubPassword")
+		multiPlatform, err := dockerbuild.NewImage(ctx, "multiPlatform", &dockerbuild.ImageArgs{
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.multiPlatform"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Platforms: dockerbuild.PlatformArray{
+				dockerbuild.Platform_Plan9_amd64,
+				dockerbuild.Platform_Plan9_386,
+			},
 		})
 		if err != nil {
 			return err
 		}
-		ctx.Export("output", map[string]interface{}{
+		_, err = dockerbuild.NewImage(ctx, "registryPush", &dockerbuild.ImageArgs{
-			"value": myRandomResource.Result,
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Tags: pulumi.StringArray{
+				pulumi.String("docker.io/pulumibot/buildkit-e2e:example"),
+			},
+			Exports: dockerbuild.ExportArray{
+				&dockerbuild.ExportArgs{
+					Registry: &dockerbuild.ExportRegistryArgs{
+						OciMediaTypes: pulumi.Bool(true),
+						Push:          pulumi.Bool(false),
+					},
+				},
+			},
+			Registries: dockerbuild.RegistryArray{
+				&dockerbuild.RegistryArgs{
+					Address:  pulumi.String("docker.io"),
+					Username: pulumi.String("pulumibot"),
+					Password: pulumi.String(dockerHubPassword),
+				},
+			},
 		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "cached", &dockerbuild.ImageArgs{
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			CacheTo: dockerbuild.CacheToArray{
+				&dockerbuild.CacheToArgs{
+					Local: &dockerbuild.CacheToLocalArgs{
+						Dest: pulumi.String("tmp/cache"),
+						Mode: dockerbuild.CacheModeMax,
+					},
+				},
+			},
+			CacheFrom: dockerbuild.CacheFromArray{
+				&dockerbuild.CacheFromArgs{
+					Local: &dockerbuild.CacheFromLocalArgs{
+						Src: pulumi.String("tmp/cache"),
+					},
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "buildArgs", &dockerbuild.ImageArgs{
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.buildArgs"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			BuildArgs: pulumi.StringMap{
+				"SET_ME_TO_TRUE": pulumi.String("true"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "extraHosts", &dockerbuild.ImageArgs{
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.extraHosts"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			AddHosts: pulumi.StringArray{
+				pulumi.String("metadata.google.internal:169.254.169.254"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "sshMount", &dockerbuild.ImageArgs{
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.sshMount"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Ssh: dockerbuild.SSHArray{
+				&dockerbuild.SSHArgs{
+					Id: pulumi.String("default"),
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "secrets", &dockerbuild.ImageArgs{
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.secrets"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Secrets: pulumi.StringMap{
+				"password": pulumi.String("hunter2"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "labels", &dockerbuild.ImageArgs{
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Labels: pulumi.StringMap{
+				"description": pulumi.String("This image will get a descriptive label 👍"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "target", &dockerbuild.ImageArgs{
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.target"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Target: pulumi.String("build-me"),
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "namedContexts", &dockerbuild.ImageArgs{
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.namedContexts"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+				Named: dockerbuild.ContextMap{
+					"golang:latest": &dockerbuild.ContextArgs{
+						Location: pulumi.String("docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984"),
+					},
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "remoteContext", &dockerbuild.ImageArgs{
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "remoteContextWithInline", &dockerbuild.ImageArgs{
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Inline: pulumi.String("FROM busybox\nCOPY hello.c ./\n"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("https://github.com/docker-library/hello-world.git"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "inline", &dockerbuild.ImageArgs{
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Inline: pulumi.String("FROM alpine\nRUN echo \"This uses an inline Dockerfile! 👍\"\n"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "dockerLoad", &dockerbuild.ImageArgs{
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Exports: dockerbuild.ExportArray{
+				&dockerbuild.ExportArgs{
+					Docker: &dockerbuild.ExportDockerArgs{
+						Tar: pulumi.Bool(true),
+					},
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+		ctx.Export("platforms", multiPlatform.Platforms)
 		return nil
 	})
 }

examples/go_test.go

@@ -0,0 +1,30 @@
+//go:build go || all
+// +build go all
+
+package examples
+
+import (
+	"os"
+	"path"
+	"testing"
+
+	"github.com/pulumi/pulumi/pkg/v3/testing/integration"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGoExample(t *testing.T) {
+	cwd, err := os.Getwd()
+	require.NoError(t, err)
+
+	test := integration.ProgramTestOptions{
+		Dir: path.Join(cwd, "go"),
+		Dependencies: []string{
+			"github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild=../sdk/go/dockerbuild",
+		},
+		Secrets: map[string]string{
+			"dockerHubPassword": os.Getenv("DOCKER_HUB_PASSWORD"),
+		},
+	}
+
+	integration.ProgramTest(t, &test)
+}

examples/java/Pulumi.yaml

@@ -0,0 +1,10 @@
+name: provider-docker-build
+runtime: java
+config:
+  dockerHubPassword:
+    type: string
+    secret: true
+plugins:
+  providers:
+    - name: docker-build
+      path: ../../bin

examples/java/app/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo 👍

examples/java/app/Dockerfile.buildArgs

@@ -0,0 +1,5 @@
+FROM alpine
+
+ARG SET_ME_TO_TRUE
+RUN [ "$SET_ME_TO_TRUE" = "true" ]
+RUN echo "That's the correct build arg, thanks! 👍"

examples/java/app/Dockerfile.emptyContext

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

examples/java/app/Dockerfile.extraHosts

@@ -0,0 +1,3 @@
+FROM bash AS base
+
+RUN getent hosts metadata.google.internal

examples/java/app/Dockerfile.multiPlatform

@@ -0,0 +1,7 @@
+FROM --platform=$BUILDPLATFORM alpine as build
+RUN echo ${BUILDPLATFORM} > buildplatform
+RUN echo ${TARGETPLATFORM} > targetplatform
+
+FROM build
+RUN cat buildplatform
+RUN cat targetplatform

examples/java/app/Dockerfile.namedContexts

@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:1.4
+FROM golang:latest
+
+RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
+RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

examples/java/app/Dockerfile.secrets

@@ -0,0 +1,4 @@
+FROM alpine
+
+RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]
+

examples/java/app/Dockerfile.sshMount

@@ -0,0 +1,5 @@
+FROM alpine
+
+RUN apk add openssh-client
+
+RUN --mount=type=ssh ssh-add -l

examples/java/app/Dockerfile.target

@@ -0,0 +1,8 @@
+FROM alpine as build-me
+RUN echo 👍
+
+FROM build-me as also-build-me
+RUN echo 🤙
+
+FROM build-me as dont-build-me
+RUN [ "true" = "false" ]

examples/java/pom.xml

@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+		<project xmlns="http://maven.apache.org/POM/4.0.0"
+				 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+				 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+			<modelVersion>4.0.0</modelVersion>
+
+			<groupId>com.pulumi</groupId>
+			<artifactId>provider-docker-build</artifactId>
+			<version>1.0-SNAPSHOT</version>
+
+			<properties>
+				<encoding>UTF-8</encoding>
+				<maven.compiler.source>11</maven.compiler.source>
+				<maven.compiler.target>11</maven.compiler.target>
+				<maven.compiler.release>11</maven.compiler.release>
+				<mainClass>generated_program.App</mainClass>
+				<mainArgs/>
+			</properties>
+
+			<dependencies>
+				<dependency>
+					<groupId>com.pulumi</groupId>
+					<artifactId>pulumi</artifactId>
+					<version>(,1.0]</version>
+				</dependency>
+				<dependency>
+            		<groupId>com.pulumi</groupId>
+            		<artifactId>docker-build</artifactId>
+                    <version>[0.0.0,)</version>
+        		</dependency>
+			</dependencies>
+
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.apache.maven.plugins</groupId>
+						<artifactId>maven-jar-plugin</artifactId>
+						<version>3.2.2</version>
+						<configuration>
+							<archive>
+								<manifest>
+									<addClasspath>true</addClasspath>
+									<mainClass>${mainClass}</mainClass>
+								</manifest>
+							</archive>
+						</configuration>
+					</plugin>
+					<plugin>
+						<groupId>org.apache.maven.plugins</groupId>
+						<artifactId>maven-assembly-plugin</artifactId>
+						<version>3.4.2</version>
+						<configuration>
+							<archive>
+								<manifest>
+									<addClasspath>true</addClasspath>
+									<mainClass>${mainClass}</mainClass>
+								</manifest>
+							</archive>
+							<descriptorRefs>
+								<descriptorRef>jar-with-dependencies</descriptorRef>
+							</descriptorRefs>
+						</configuration>
+						<executions>
+							<execution>
+								<id>make-my-jar-with-dependencies</id>
+								<phase>package</phase>
+								<goals>
+									<goal>single</goal>
+								</goals>
+							</execution>
+						</executions>
+					</plugin>
+					<plugin>
+						<groupId>org.codehaus.mojo</groupId>
+						<artifactId>exec-maven-plugin</artifactId>
+						<version>3.1.0</version>
+						<configuration>
+							<mainClass>${mainClass}</mainClass>
+							<commandlineArgs>${mainArgs}</commandlineArgs>
+						</configuration>
+					</plugin>
+					<plugin>
+						<groupId>org.apache.maven.plugins</groupId>
+						<artifactId>maven-wrapper-plugin</artifactId>
+						<version>3.1.1</version>
+						<configuration>
+							<mavenVersion>3.8.5</mavenVersion>
+						</configuration>
+					</plugin>
+				</plugins>
+			</build>
+		</project>

examples/java/src/main/java/generated_program/App.java

@@ -0,0 +1,193 @@
+package generated_program;
+
+import com.pulumi.Context;
+import com.pulumi.Pulumi;
+import com.pulumi.core.Output;
+import com.pulumi.dockerbuild.Image;
+import com.pulumi.dockerbuild.ImageArgs;
+import com.pulumi.dockerbuild.inputs.DockerfileArgs;
+import com.pulumi.dockerbuild.inputs.BuildContextArgs;
+import com.pulumi.dockerbuild.inputs.ExportArgs;
+import com.pulumi.dockerbuild.inputs.ExportRegistryArgs;
+import com.pulumi.dockerbuild.inputs.RegistryArgs;
+import com.pulumi.dockerbuild.inputs.CacheToArgs;
+import com.pulumi.dockerbuild.inputs.CacheToLocalArgs;
+import com.pulumi.dockerbuild.inputs.CacheFromArgs;
+import com.pulumi.dockerbuild.inputs.CacheFromLocalArgs;
+import com.pulumi.dockerbuild.inputs.SSHArgs;
+import com.pulumi.dockerbuild.inputs.ExportDockerArgs;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.io.File;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+public class App {
+    public static void main(String[] args) {
+        Pulumi.run(App::stack);
+    }
+
+    public static void stack(Context ctx) {
+        final var config = ctx.config();
+        final var dockerHubPassword = config.get("dockerHubPassword");
+        var multiPlatform = new Image("multiPlatform", ImageArgs.builder()        
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.multiPlatform")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .platforms(            
+                "plan9/amd64",
+                "plan9/386")
+            .build());
+
+        var registryPush = new Image("registryPush", ImageArgs.builder()        
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .tags("docker.io/pulumibot/buildkit-e2e:example")
+            .exports(ExportArgs.builder()
+                .registry(ExportRegistryArgs.builder()
+                    .ociMediaTypes(true)
+                    .push(false)
+                    .build())
+                .build())
+            .registries(RegistryArgs.builder()
+                .address("docker.io")
+                .username("pulumibot")
+                .password(dockerHubPassword)
+                .build())
+            .build());
+
+        var cached = new Image("cached", ImageArgs.builder()        
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .cacheTo(CacheToArgs.builder()
+                .local(CacheToLocalArgs.builder()
+                    .dest("tmp/cache")
+                    .mode("max")
+                    .build())
+                .build())
+            .cacheFrom(CacheFromArgs.builder()
+                .local(CacheFromLocalArgs.builder()
+                    .src("tmp/cache")
+                    .build())
+                .build())
+            .build());
+
+        var buildArgs = new Image("buildArgs", ImageArgs.builder()        
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.buildArgs")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .buildArgs(Map.of("SET_ME_TO_TRUE", "true"))
+            .build());
+
+        var extraHosts = new Image("extraHosts", ImageArgs.builder()        
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.extraHosts")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .addHosts("metadata.google.internal:169.254.169.254")
+            .build());
+
+        var sshMount = new Image("sshMount", ImageArgs.builder()        
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.sshMount")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .ssh(SSHArgs.builder()
+                .id("default")
+                .build())
+            .build());
+
+        var secrets = new Image("secrets", ImageArgs.builder()        
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.secrets")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .secrets(Map.of("password", "hunter2"))
+            .build());
+
+        var labels = new Image("labels", ImageArgs.builder()        
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .labels(Map.of("description", "This image will get a descriptive label 👍"))
+            .build());
+
+        var target = new Image("target", ImageArgs.builder()        
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.target")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .target("build-me")
+            .build());
+
+        var namedContexts = new Image("namedContexts", ImageArgs.builder()        
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.namedContexts")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .named(Map.of("golang:latest", Map.of("location", "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984")))
+                .build())
+            .build());
+
+        var remoteContext = new Image("remoteContext", ImageArgs.builder()        
+            .context(BuildContextArgs.builder()
+                .location("https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile")
+                .build())
+            .build());
+
+        var remoteContextWithInline = new Image("remoteContextWithInline", ImageArgs.builder()        
+            .dockerfile(DockerfileArgs.builder()
+                .inline("""
+FROM busybox
+COPY hello.c ./
+                """)
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("https://github.com/docker-library/hello-world.git")
+                .build())
+            .build());
+
+        var inline = new Image("inline", ImageArgs.builder()        
+            .dockerfile(DockerfileArgs.builder()
+                .inline("""
+FROM alpine
+RUN echo "This uses an inline Dockerfile! 👍"
+                """)
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .build());
+
+        var dockerLoad = new Image("dockerLoad", ImageArgs.builder()        
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .exports(ExportArgs.builder()
+                .docker(ExportDockerArgs.builder()
+                    .tar(true)
+                    .build())
+                .build())
+            .build());
+
+        ctx.export("platforms", multiPlatform.platforms());
+    }
+}

examples/java_test.go

@@ -0,0 +1,29 @@
+//go:build java || all
+// +build java all
+
+package examples
+
+import (
+	"os"
+	"path"
+	"testing"
+
+	"github.com/pulumi/pulumi/pkg/v3/testing/integration"
+	"github.com/stretchr/testify/require"
+)
+
+func TestJavaExample(t *testing.T) {
+	t.Skip("not working yet")
+
+	cwd, err := os.Getwd()
+	require.NoError(t, err)
+
+	test := integration.ProgramTestOptions{
+		Dir: path.Join(cwd, "java"),
+		Secrets: map[string]string{
+			"dockerHubPassword": os.Getenv("DOCKER_HUB_PASSWORD"),
+		},
+	}
+
+	integration.ProgramTest(t, &test)
+}

examples/main_test.go

@@ -0,0 +1,61 @@
+package examples
+
+import (
+	"crypto/rsa"
+	"errors"
+	"io"
+	"math/rand"
+	"net"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"golang.org/x/crypto/ssh/agent"
+)
+
+func TestMain(m *testing.M) {
+	sock := sshagent()
+	os.Setenv("SSH_AUTH_SOCK", sock)
+
+	os.Exit(m.Run())
+}
+
+// sshagent crates an in-memory SSH agent with one identity.
+func sshagent() string {
+	dir, err := os.MkdirTemp(os.TempDir(), "docker-test-*")
+	if err != nil {
+		panic(err)
+	}
+
+	sock := filepath.Join(dir, "test.sock")
+
+	l, err := net.Listen("unix", sock)
+	if err != nil {
+		panic(err)
+	}
+
+	a := agent.NewKeyring()
+	//nolint:gosec
+	key, err := rsa.GenerateKey(rand.New(rand.NewSource(42)), 2048)
+	if err != nil {
+		panic(err)
+	}
+	err = a.Add(agent.AddedKey{PrivateKey: key})
+	if err != nil {
+		panic(err)
+	}
+
+	go func() {
+		for {
+			conn, err := l.Accept()
+			if err != nil {
+				panic(err)
+			}
+			if err := agent.ServeAgent(a, conn); err != nil && !errors.Is(err, io.EOF) {
+				panic(err)
+			}
+		}
+	}()
+
+	return sock
+}

examples/nodejs/Pulumi.yaml

@@ -1,6 +1,10 @@
-name: provider-docker-native
+name: provider-docker-build
 runtime: nodejs
+config:
+  dockerHubPassword:
+    type: string
+    secret: true
 plugins:
   providers:
-    - name: docker-native
+    - name: docker-build
       path: ../../bin

examples/nodejs/app/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo 👍

examples/nodejs/app/Dockerfile.buildArgs

@@ -0,0 +1,5 @@
+FROM alpine
+
+ARG SET_ME_TO_TRUE
+RUN [ "$SET_ME_TO_TRUE" = "true" ]
+RUN echo "That's the correct build arg, thanks! 👍"

examples/nodejs/app/Dockerfile.emptyContext

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

examples/nodejs/app/Dockerfile.extraHosts

@@ -0,0 +1,3 @@
+FROM bash AS base
+
+RUN getent hosts metadata.google.internal

examples/nodejs/app/Dockerfile.multiPlatform

@@ -0,0 +1,7 @@
+FROM --platform=$BUILDPLATFORM alpine as build
+RUN echo ${BUILDPLATFORM} > buildplatform
+RUN echo ${TARGETPLATFORM} > targetplatform
+
+FROM build
+RUN cat buildplatform
+RUN cat targetplatform

examples/nodejs/app/Dockerfile.namedContexts

@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:1.4
+FROM golang:latest
+
+RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
+RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

examples/nodejs/app/Dockerfile.secrets

@@ -0,0 +1,4 @@
+FROM alpine
+
+RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]
+

examples/nodejs/app/Dockerfile.sshMount

@@ -0,0 +1,5 @@
+FROM alpine
+
+RUN apk add openssh-client
+
+RUN --mount=type=ssh ssh-add -l

examples/nodejs/app/Dockerfile.target

@@ -0,0 +1,8 @@
+FROM alpine as build-me
+RUN echo 👍
+
+FROM build-me as also-build-me
+RUN echo 🤙
+
+FROM build-me as dont-build-me
+RUN [ "true" = "false" ]

examples/nodejs/index.ts

@@ -1,7 +1,156 @@
 import * as pulumi from "@pulumi/pulumi";
-import * as docker_native from "@pulumi/docker-native";
+import * as docker_build from "@pulumi/docker-build";
 
-const myRandomResource = new docker_native.Random("myRandomResource", {length: 24});
+const config = new pulumi.Config();
-export const output = {
+const dockerHubPassword = config.require("dockerHubPassword");
-    value: myRandomResource.result,
+const multiPlatform = new docker_build.Image("multiPlatform", {
-};
+    dockerfile: {
+        location: "./app/Dockerfile.multiPlatform",
+    },
+    context: {
+        location: "./app",
+    },
+    platforms: [
+        docker_build.Platform.Plan9_amd64,
+        docker_build.Platform.Plan9_386,
+    ],
+});
+const registryPush = new docker_build.Image("registryPush", {
+    context: {
+        location: "./app",
+    },
+    tags: ["docker.io/pulumibot/buildkit-e2e:example"],
+    exports: [{
+        registry: {
+            ociMediaTypes: true,
+            push: false,
+        },
+    }],
+    registries: [{
+        address: "docker.io",
+        username: "pulumibot",
+        password: dockerHubPassword,
+    }],
+});
+const cached = new docker_build.Image("cached", {
+    context: {
+        location: "./app",
+    },
+    cacheTo: [{
+        local: {
+            dest: "tmp/cache",
+            mode: docker_build.CacheMode.Max,
+        },
+    }],
+    cacheFrom: [{
+        local: {
+            src: "tmp/cache",
+        },
+    }],
+});
+const buildArgs = new docker_build.Image("buildArgs", {
+    dockerfile: {
+        location: "./app/Dockerfile.buildArgs",
+    },
+    context: {
+        location: "./app",
+    },
+    buildArgs: {
+        SET_ME_TO_TRUE: "true",
+    },
+});
+const extraHosts = new docker_build.Image("extraHosts", {
+    dockerfile: {
+        location: "./app/Dockerfile.extraHosts",
+    },
+    context: {
+        location: "./app",
+    },
+    addHosts: ["metadata.google.internal:169.254.169.254"],
+});
+const sshMount = new docker_build.Image("sshMount", {
+    dockerfile: {
+        location: "./app/Dockerfile.sshMount",
+    },
+    context: {
+        location: "./app",
+    },
+    ssh: [{
+        id: "default",
+    }],
+});
+const secrets = new docker_build.Image("secrets", {
+    dockerfile: {
+        location: "./app/Dockerfile.secrets",
+    },
+    context: {
+        location: "./app",
+    },
+    secrets: {
+        password: "hunter2",
+    },
+});
+const labels = new docker_build.Image("labels", {
+    context: {
+        location: "./app",
+    },
+    labels: {
+        description: "This image will get a descriptive label 👍",
+    },
+});
+const target = new docker_build.Image("target", {
+    dockerfile: {
+        location: "./app/Dockerfile.target",
+    },
+    context: {
+        location: "./app",
+    },
+    target: "build-me",
+});
+const namedContexts = new docker_build.Image("namedContexts", {
+    dockerfile: {
+        location: "./app/Dockerfile.namedContexts",
+    },
+    context: {
+        location: "./app",
+        named: {
+            "golang:latest": {
+                location: "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
+            },
+        },
+    },
+});
+const remoteContext = new docker_build.Image("remoteContext", {context: {
+    location: "https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile",
+}});
+const remoteContextWithInline = new docker_build.Image("remoteContextWithInline", {
+    dockerfile: {
+        inline: `FROM busybox
+COPY hello.c ./
+`,
+    },
+    context: {
+        location: "https://github.com/docker-library/hello-world.git",
+    },
+});
+const inline = new docker_build.Image("inline", {
+    dockerfile: {
+        inline: `FROM alpine
+RUN echo "This uses an inline Dockerfile! 👍"
+`,
+    },
+    context: {
+        location: "./app",
+    },
+});
+const dockerLoad = new docker_build.Image("dockerLoad", {
+    context: {
+        location: "./app",
+    },
+    exports: [{
+        docker: {
+            tar: true,
+        },
+    }],
+});
+export const platforms = multiPlatform.platforms;

examples/nodejs/package.json

@@ -1,11 +1,10 @@
 {
-	"name": "provider-docker-native",
+  "name": "provider-docker-build",
-	"devDependencies": {
+  "devDependencies": {
-		"@types/node": "^14"
+    "@types/node": "^18"
-	},
+  },
-	"dependencies": {
+  "dependencies": {
-		"typescript": "^4.0.0",
+    "typescript": "^4.0.0",
-		"@pulumi/pulumi": "^3.0.0",
+    "@pulumi/pulumi": "^3.0.0"
-		"@pulumi/docker-native": "0.0.1-alpha.1709848295+3427e611.dirty"
+  }
-	}
 }

examples/nodejs_test.go

@@ -0,0 +1,28 @@
+//go:build nodejs || all
+// +build nodejs all
+
+package examples
+
+import (
+	"os"
+	"path"
+	"testing"
+
+	"github.com/pulumi/pulumi/pkg/v3/testing/integration"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNodeExample(t *testing.T) {
+	cwd, err := os.Getwd()
+	require.NoError(t, err)
+
+	test := integration.ProgramTestOptions{
+		Dir:          path.Join(cwd, "nodejs"),
+		Dependencies: []string{"@pulumi/docker-build"},
+		Secrets: map[string]string{
+			"dockerHubPassword": os.Getenv("DOCKER_HUB_PASSWORD"),
+		},
+	}
+
+	integration.ProgramTest(t, &test)
+}

examples/python/Pulumi.yaml

@@ -1,6 +1,10 @@
-name: provider-docker-native
+name: provider-docker-build
 runtime: python
+config:
+  dockerHubPassword:
+    type: string
+    secret: true
 plugins:
   providers:
-    - name: docker-native
+    - name: docker-build
       path: ../../bin

examples/python/__main__.py

@@ -1,7 +1,143 @@
 import pulumi
-import pulumi_docker_native as docker_native
+import pulumi_docker_build as docker_build
 
-my_random_resource = docker_native.Random("myRandomResource", length=24)
+config = pulumi.Config()
-pulumi.export("output", {
+docker_hub_password = config.require("dockerHubPassword")
-    "value": my_random_resource.result,
+multi_platform = docker_build.Image("multiPlatform",
-})
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.multiPlatform",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    platforms=[
+        docker_build.Platform.PLAN9_AMD64,
+        docker_build.Platform.PLAN9_386,
+    ])
+registry_push = docker_build.Image("registryPush",
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    tags=["docker.io/pulumibot/buildkit-e2e:example"],
+    exports=[docker_build.ExportArgs(
+        registry=docker_build.ExportRegistryArgs(
+            oci_media_types=True,
+            push=False,
+        ),
+    )],
+    registries=[docker_build.RegistryArgs(
+        address="docker.io",
+        username="pulumibot",
+        password=docker_hub_password,
+    )])
+cached = docker_build.Image("cached",
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    cache_to=[docker_build.CacheToArgs(
+        local=docker_build.CacheToLocalArgs(
+            dest="tmp/cache",
+            mode=docker_build.CacheMode.MAX,
+        ),
+    )],
+    cache_from=[docker_build.CacheFromArgs(
+        local=docker_build.CacheFromLocalArgs(
+            src="tmp/cache",
+        ),
+    )])
+build_args = docker_build.Image("buildArgs",
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.buildArgs",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    build_args={
+        "SET_ME_TO_TRUE": "true",
+    })
+extra_hosts = docker_build.Image("extraHosts",
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.extraHosts",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    add_hosts=["metadata.google.internal:169.254.169.254"])
+ssh_mount = docker_build.Image("sshMount",
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.sshMount",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    ssh=[docker_build.SSHArgs(
+        id="default",
+    )])
+secrets = docker_build.Image("secrets",
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.secrets",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    secrets={
+        "password": "hunter2",
+    })
+labels = docker_build.Image("labels",
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    labels={
+        "description": "This image will get a descriptive label 👍",
+    })
+target = docker_build.Image("target",
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.target",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    target="build-me")
+named_contexts = docker_build.Image("namedContexts",
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.namedContexts",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+        named={
+            "golang:latest": docker_build.ContextArgs(
+                location="docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
+            ),
+        },
+    ))
+remote_context = docker_build.Image("remoteContext", context=docker_build.BuildContextArgs(
+    location="https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile",
+))
+remote_context_with_inline = docker_build.Image("remoteContextWithInline",
+    dockerfile=docker_build.DockerfileArgs(
+        inline="""FROM busybox
+COPY hello.c ./
+""",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="https://github.com/docker-library/hello-world.git",
+    ))
+inline = docker_build.Image("inline",
+    dockerfile=docker_build.DockerfileArgs(
+        inline="""FROM alpine
+RUN echo "This uses an inline Dockerfile! 👍"
+""",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ))
+docker_load = docker_build.Image("dockerLoad",
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    exports=[docker_build.ExportArgs(
+        docker=docker_build.ExportDockerArgs(
+            tar=True,
+        ),
+    )])
+pulumi.export("platforms", multi_platform.platforms)

examples/python/app/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo 👍

examples/python/app/Dockerfile.buildArgs

@@ -0,0 +1,5 @@
+FROM alpine
+
+ARG SET_ME_TO_TRUE
+RUN [ "$SET_ME_TO_TRUE" = "true" ]
+RUN echo "That's the correct build arg, thanks! 👍"

examples/python/app/Dockerfile.emptyContext

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

examples/python/app/Dockerfile.extraHosts

@@ -0,0 +1,3 @@
+FROM bash AS base
+
+RUN getent hosts metadata.google.internal

examples/python/app/Dockerfile.multiPlatform

@@ -0,0 +1,7 @@
+FROM --platform=$BUILDPLATFORM alpine as build
+RUN echo ${BUILDPLATFORM} > buildplatform
+RUN echo ${TARGETPLATFORM} > targetplatform
+
+FROM build
+RUN cat buildplatform
+RUN cat targetplatform

examples/python/app/Dockerfile.namedContexts

@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:1.4
+FROM golang:latest
+
+RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
+RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

examples/python/app/Dockerfile.secrets

@@ -0,0 +1,4 @@
+FROM alpine
+
+RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]
+

examples/python/app/Dockerfile.sshMount

@@ -0,0 +1,5 @@
+FROM alpine
+
+RUN apk add openssh-client
+
+RUN --mount=type=ssh ssh-add -l

examples/python/app/Dockerfile.target

@@ -0,0 +1,8 @@
+FROM alpine as build-me
+RUN echo 👍
+
+FROM build-me as also-build-me
+RUN echo 🤙
+
+FROM build-me as dont-build-me
+RUN [ "true" = "false" ]

examples/python/requirements.txt

@@ -1,2 +1 @@
 pulumi>=3.0.0,<4.0.0
-pulumi-docker-native==0.0.1-alpha.1709848295+3427e611.dirty

examples/python_test.go

@@ -0,0 +1,31 @@
+//go:build python || all
+// +build python all
+
+package examples
+
+import (
+	"os"
+	"path"
+	"testing"
+
+	"github.com/pulumi/pulumi/pkg/v3/testing/integration"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPythonExample(t *testing.T) {
+	cwd, err := os.Getwd()
+	require.NoError(t, err)
+
+	test := integration.ProgramTestOptions{
+		Dir:             path.Join(cwd, "python"),
+		RelativeWorkDir: ".",
+		Dependencies: []string{
+			path.Join("..", "sdk", "python", "bin"),
+		},
+		Secrets: map[string]string{
+			"dockerHubPassword": os.Getenv("DOCKER_HUB_PASSWORD"),
+		},
+	}
+
+	integration.ProgramTest(t, &test)
+}

examples/tests/dockerhub/.dockerignore

@@ -0,0 +1 @@
+*

examples/tests/dockerhub/Pulumi.yaml

@@ -0,0 +1,34 @@
+name: dockerhub
+description: Push to DockerHub with caching
+runtime: yaml
+plugins:
+  providers:
+    - name: docker-build
+      path: ../../../bin
+outputs:
+  ref: ${my-image.ref}
+resources:
+  my-image:
+    type: docker-build:Image
+    properties:
+      tags:
+        - docker.io/pulumibot/buildkit-e2e
+      push: true
+      context:
+        location: .
+      dockerfile:
+        inline: FROM alpine
+      cacheFrom:
+        - registry:
+            ref: docker.io/pulumibot/buildkit-e2e:cache
+      cacheTo:
+        - registry:
+            ref: docker.io/pulumibot/buildkit-e2e:cache
+      registries:
+        - username: pulumibot
+          address: docker.io
+          password: ${dockerHubPassword}
+config:
+  dockerHubPassword:
+    type: string
+    secret: true

examples/tests/ecr/.dockerignore

@@ -0,0 +1 @@
+*

examples/tests/ecr/Pulumi.yaml

@@ -0,0 +1,40 @@
+name: ecr
+description: Push to AWS ECR with caching
+runtime: yaml
+plugins:
+  providers:
+    - name: docker-build
+      path: ../../../bin
+outputs:
+  ref: ${my-image.ref}
+resources:
+  ecr-repository:
+    type: aws:ecr:Repository
+    properties:
+      forceDelete: true
+  my-image:
+    type: docker-build:Image
+    properties:
+      tags:
+        - ${ecr-repository.repositoryUrl}:latest
+      push: true
+      context:
+        location: .
+      dockerfile:
+        inline: FROM alpine
+      cacheFrom:
+        - registry:
+            ref: ${ecr-repository.repositoryUrl}:cache
+      cacheTo:
+        - registry:
+            ref: ${ecr-repository.repositoryUrl}:cache
+            imageManifest: true
+            ociMediaTypes: true
+      registries:
+        - username: ${auth-token.userName}
+          password: ${auth-token.password}
+          address: ${ecr-repository.repositoryUrl}
+variables:
+  auth-token:
+    fn::aws:ecr:getAuthorizationToken:
+      registryId: ${ecr-repository.registryId}

examples/tests/unauthenticated/.dockerignore

@@ -0,0 +1 @@
+*