Fix unauthenticated example

.devcontainer.json

@@ -0,0 +1,68 @@
+// Reference:
+// - https://containers.dev/features
+// - https://containers.dev/implementors/features
+// - https://code.visualstudio.com/docs/getstarted/settings
+{
+  "name": "pulumi",
+  "image": "ghcr.io/pulumi/devcontainer",
+  "customizations": {
+    "vscode": {
+      "settings": [
+        "go.testTags", "all",
+        "go.buildTags", "all",
+        "editor.minimap.enabled", false,
+        "explorer.openEditors.visible", 1,
+        "editor.quickSuggestionsDelay", 0,
+        "editor.suggestSelection", "first",
+        "editor.snippetSuggestions", "top",
+        "editor.gotoLocation.multipleReferences", "goto",
+        "editor.gotoLocation.multipleDefinitions", "goto",
+        "editor.gotoLocation.multipleDeclarations", "goto",
+        "editor.gotoLocation.multipleImplementations", "goto",
+        "editor.gotoLocation.multipleTypeDefinitions", "goto",
+        "editor.terminal.integrated.shell.linux", "/usr/bin/zsh",
+        "files.trimTrailingWhitespace", true,
+        "files.trimFinalNewlines", true
+      ],
+      "extensions": [
+        "golang.go",
+        "vscodevim.vim",
+        "github.copilot",
+        "ms-python.python",
+        "jetpack-io.devbox",
+        "redhat.vscode-yaml",
+        "esbenp.prettier-vscode",
+        "ms-vscode.makefile-tools",
+        "ms-azuretools.vscode-docker",
+        "github.vscode-pull-request-github",
+        "ms-vscode-remote.remote-containers",
+        "visualstudioexptteam.vscodeintellicode",
+        "bierner.markdown-preview-github-styles"
+      ]
+    }
+  },
+  "features": {
+    "ghcr.io/devcontainers/features/common-utils:2": {
+        "installZsh": true,
+        "configureZshAsDefaultShell": true,
+        "installOhMyZsh": true,
+        "installOhMyZshConfig": true,
+        "upgradePackages": true,
+        "nonFreePackages": true,
+        "username": "vscode",
+        "userUid": "automatic",
+        "userGid": "automatic"
+    },
+    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
+        "moby": false,
+        "installDockerBuildx": true,
+        "version": "latest",
+        "dockerDashComposeVersion": "v2"
+    }
+  },
+  "postCreateCommand": "git submodule update --init --recursive",
+  "remoteUser": "vscode",
+  "forwardPorts": [1313],
+  "runArgs": ["--network=host"]
+}
+

.gitattributes

@@ -0,0 +1,2 @@
+sdk/**/* linguist-generated=true
+provider/internal/mock*.go linguist-generated=true

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: daily
+    groups:
+      pulumi:
+        patterns:
+          - "github.com/pulumi/*"
+    labels:
+      - dependencies
+      - impact/no-changelog-required

.github/workflows/build.yml

@@ -0,0 +1,580 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: build
+on:
+  push:
+    branches:
+    - master
+    - main
+    - feature-**
+    paths-ignore:
+    - CHANGELOG.md
+    tags-ignore:
+    - v*
+    - sdk/*
+    - "**"
+  workflow_dispatch: {}
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+jobs:
+  prerequisites:
+    runs-on: ubuntu-latest
+    name: prerequisites
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - if: github.event_name == 'pull_request'
+      name: Install Schema Tools
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/schema-tools
+    - name: Build codegen binaries
+      run: make codegen
+    - name: Build Schema
+      run: make generate_schema
+    - if: github.event_name == 'pull_request'
+      name: Check Schema is Valid
+      run: >-
+        echo 'SCHEMA_CHANGES<<EOF' >> $GITHUB_ENV
+
+        schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV
+
+        echo 'EOF' >> $GITHUB_ENV
+      env:
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+    - if: github.event_name == 'pull_request'
+      name: Comment on PR with Details of Schema Check
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        message: |
+          ${{ env.SCHEMA_CHANGES }}
+        comment_tag: schemaCheck
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
+        github.actor == 'pulumi-bot'
+      name: Add label if no breaking changes
+      uses: actions-ecosystem/action-add-labels@v1.1.0
+      with:
+        labels: impact/no-changelog-required
+        number: ${{ github.event.issue.number }}
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Build Provider
+      run: make provider
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar provider binaries
+      run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
+        pulumi-gen-${{ env.PROVIDER}}
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin/provider.tar.gz
+    - name: Test Provider Library
+      run: make test_provider
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@v4
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in building provider prerequisites
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  build_sdks:
+    needs: prerequisites
+    runs-on: pulumi-ubuntu-8core
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: build_sdks
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Generate SDK
+      run: make generate_${{ matrix.language }}
+    - name: Build SDK
+      run: make build_${{ matrix.language }}
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar SDK folder
+      run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ matrix.language  }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
+        retention-days: 30
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure while building SDKs
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  test:
+    runs-on: pulumi-ubuntu-8core
+    needs:
+    - build_sdks
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: test
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Download SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ matrix.language }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: UnTar SDK folder
+      run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{
+        github.workspace}}/sdk/${{ matrix.language}}
+    - name: Update path
+      run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+    - name: Install Node dependencies
+      run: yarn global add typescript
+    - run: dotnet nuget add source ${{ github.workspace }}/nuget
+    - name: Install Python deps
+      run: |-
+        pip3 install virtualenv==20.0.23
+        pip3 install pipenv
+    - name: Install dependencies
+      run: make install_${{ matrix.language}}_sdk
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: ${{ env.AWS_REGION }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 3600
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@v0
+      with:
+        workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
+          }}/locations/global/workloadIdentityPools/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
+        service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
+    - name: Setup gcloud auth
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        install_components: gke-gcloud-auth-plugin
+    - name: Install gotestfmt
+      uses: GoTestTools/gotestfmt-action@v2
+      with:
+        version: v2.5.0
+        token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Run tests
+      run: >-
+        set -euo pipefail
+
+        cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in SDK tests
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish:
+    runs-on: ubuntu-latest
+    needs: test
+    name: publish
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Clear GitHub Actions Ubuntu runner disk space
+      uses: jlumbroso/free-disk-space@v1.3.1
+      with:
+        tool-cache: false
+        dotnet: false
+        android: true
+        haskell: true
+        swap-storage: true
+        large-packages: false
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: us-east-2
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 7200
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-external-id: upload-pulumi-release
+        role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
+    - name: Set PreRelease Version
+      run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)"
+        >> $GITHUB_ENV
+    - name: Run GoReleaser
+      uses: goreleaser/goreleaser-action@v5
+      with:
+        args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
+        version: latest
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in publishing binaries
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish_sdk:
+    runs-on: ubuntu-latest
+    needs: publish
+    name: publish_sdk
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Download python SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: python-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress python SDK
+      run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
+        ${{github.workspace}}/sdk/python
+    - name: Download dotnet SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: dotnet-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress dotnet SDK
+      run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
+        ${{github.workspace}}/sdk/dotnet
+    - name: Download nodejs SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: nodejs-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress nodejs SDK
+      run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C
+        ${{github.workspace}}/sdk/nodejs
+    - name: Install Twine
+      run: python -m pip install pip twine
+    - name: Publish SDKs
+      run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
+      env:
+        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        PYPI_PUBLISH_ARTIFACTS: all
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in publishing SDK
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish_java_sdk:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    needs: publish
+    name: publish_java_sdk
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download java SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: java-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress java SDK
+      run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
+        ${{github.workspace}}/sdk/java
+    - name: Set PACKAGE_VERSION to Env
+      run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >>
+        $GITHUB_ENV
+    - name: Publish Java SDK
+      uses: gradle/gradle-build-action@v3
+      with:
+        arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository
+        build-root-directory: ./sdk/java
+        gradle-version: 7.4.1
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+        ref: ${{ env.PR_COMMIT_SHA }}
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: golangci-lint provider pkg
+      uses: golangci/golangci-lint-action@v4
+      with:
+        version: ${{ env.GOLANGCI_LINT_VERSION }}
+        args: -c ../.golangci.yml
+        working-directory: provider
+    name: lint
+    if: github.event_name == 'repository_dispatch' ||
+      github.event.pull_request.head.repo.full_name == github.repository

.github/workflows/command-dispatch.yml

@@ -0,0 +1,67 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: command-dispatch
+on:
+  issue_comment:
+    types:
+    - created
+    - edited
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+jobs:
+  command-dispatch-for-testing:
+    runs-on: ubuntu-latest
+    name: command-dispatch-for-testing
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - uses: peter-evans/slash-command-dispatch@v2
+      with:
+        token: ${{ secrets.PULUMI_BOT_TOKEN }}
+        reaction-token: ${{ secrets.GITHUB_TOKEN }}
+        commands: run-acceptance-tests
+        permission: write
+        issue-type: pull-request
+        repository: pulumi/pulumi-docker-build
+    if: ${{ github.event.issue.pull_request }}

.github/workflows/prerelease.yml

@@ -0,0 +1,549 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: prerelease
+on:
+  push:
+    tags:
+    - v*.*.*-**
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+  IS_PRERELEASE: true
+jobs:
+  prerequisites:
+    runs-on: ubuntu-latest
+    name: prerequisites
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - if: github.event_name == 'pull_request'
+      name: Install Schema Tools
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/schema-tools
+    - name: Build codegen binaries
+      run: make codegen
+    - name: Build Schema
+      run: make generate_schema
+    - if: github.event_name == 'pull_request'
+      name: Check Schema is Valid
+      run: >-
+        echo 'SCHEMA_CHANGES<<EOF' >> $GITHUB_ENV
+
+        schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV
+
+        echo 'EOF' >> $GITHUB_ENV
+      env:
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+    - if: github.event_name == 'pull_request'
+      name: Comment on PR with Details of Schema Check
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        message: |
+          ${{ env.SCHEMA_CHANGES }}
+        comment_tag: schemaCheck
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
+        github.actor == 'pulumi-bot'
+      name: Add label if no breaking changes
+      uses: actions-ecosystem/action-add-labels@v1.1.0
+      with:
+        labels: impact/no-changelog-required
+        number: ${{ github.event.issue.number }}
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Build Provider
+      run: make provider
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar provider binaries
+      run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
+        pulumi-gen-${{ env.PROVIDER}}
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin/provider.tar.gz
+    - name: Test Provider Library
+      run: make test_provider
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@v4
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in building provider prerequisites
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  build_sdks:
+    needs: prerequisites
+    runs-on: pulumi-ubuntu-8core
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: build_sdks
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Generate SDK
+      run: make generate_${{ matrix.language }}
+    - name: Build SDK
+      run: make build_${{ matrix.language }}
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar SDK folder
+      run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ matrix.language  }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure while building SDKs
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  test:
+    runs-on: pulumi-ubuntu-8core
+    needs:
+    - build_sdks
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: test
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Download SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ matrix.language }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: UnTar SDK folder
+      run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{
+        github.workspace}}/sdk/${{ matrix.language}}
+    - name: Update path
+      run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+    - name: Install Node dependencies
+      run: yarn global add typescript
+    - run: dotnet nuget add source ${{ github.workspace }}/nuget
+    - name: Install Python deps
+      run: |-
+        pip3 install virtualenv==20.0.23
+        pip3 install pipenv
+    - name: Install dependencies
+      run: make install_${{ matrix.language}}_sdk
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: ${{ env.AWS_REGION }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 3600
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@v0
+      with:
+        workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
+          }}/locations/global/workloadIdentityPools/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
+        service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
+    - name: Setup gcloud auth
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        install_components: gke-gcloud-auth-plugin
+    - name: Install gotestfmt
+      uses: GoTestTools/gotestfmt-action@v2
+      with:
+        version: v2.5.0
+        token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Run tests
+      run: >-
+        set -euo pipefail
+
+        cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in SDK tests
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish:
+    runs-on: ubuntu-latest
+    needs: test
+    name: publish
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Clear GitHub Actions Ubuntu runner disk space
+      uses: jlumbroso/free-disk-space@v1.3.1
+      with:
+        tool-cache: false
+        dotnet: false
+        android: true
+        haskell: true
+        swap-storage: true
+        large-packages: false
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: us-east-2
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 7200
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-external-id: upload-pulumi-release
+        role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
+    - name: Set PreRelease Version
+      run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)"
+        >> $GITHUB_ENV
+    - name: Run GoReleaser
+      uses: goreleaser/goreleaser-action@v5
+      with:
+        args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
+        version: latest
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in publishing binaries
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish_sdk:
+    runs-on: ubuntu-latest
+    needs: publish
+    name: publish_sdk
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Download python SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: python-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress python SDK
+      run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
+        ${{github.workspace}}/sdk/python
+    - name: Download dotnet SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: dotnet-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress dotnet SDK
+      run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
+        ${{github.workspace}}/sdk/dotnet
+    - name: Download nodejs SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: nodejs-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress nodejs SDK
+      run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C
+        ${{github.workspace}}/sdk/nodejs
+    - name: Install Twine
+      run: python -m pip install pip twine
+    - name: Publish SDKs
+      run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
+      env:
+        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        PYPI_PUBLISH_ARTIFACTS: all
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in publishing SDK
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish_java_sdk:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    needs: publish
+    name: publish_java_sdk
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download java SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: java-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress java SDK
+      run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
+        ${{github.workspace}}/sdk/java
+    - name: Set PACKAGE_VERSION to Env
+      run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >>
+        $GITHUB_ENV
+    - name: Publish Java SDK
+      uses: gradle/gradle-build-action@v3
+      with:
+        arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository
+        build-root-directory: ./sdk/java
+        gradle-version: 7.4.1

.github/workflows/pull-request.yml

@@ -0,0 +1,64 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: pull-request
+on:
+  pull_request_target: {}
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+jobs:
+  comment-on-pr:
+    runs-on: ubuntu-latest
+    name: comment-on-pr
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Comment PR
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        message: >
+          PR is now waiting for a maintainer to run the acceptance tests.
+
+          **Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    if: github.event.pull_request.head.repo.full_name != github.repository

.github/workflows/release.yml

@@ -0,0 +1,579 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: release
+on:
+  push:
+    tags:
+    - v*.*.*
+    - "!v*.*.*-**"
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+jobs:
+  prerequisites:
+    runs-on: ubuntu-latest
+    name: prerequisites
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - if: github.event_name == 'pull_request'
+      name: Install Schema Tools
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/schema-tools
+    - name: Build codegen binaries
+      run: make codegen
+    - name: Build Schema
+      run: make generate_schema
+    - if: github.event_name == 'pull_request'
+      name: Check Schema is Valid
+      run: >-
+        echo 'SCHEMA_CHANGES<<EOF' >> $GITHUB_ENV
+
+        schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV
+
+        echo 'EOF' >> $GITHUB_ENV
+      env:
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+    - if: github.event_name == 'pull_request'
+      name: Comment on PR with Details of Schema Check
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        message: |
+          ${{ env.SCHEMA_CHANGES }}
+        comment_tag: schemaCheck
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
+        github.actor == 'pulumi-bot'
+      name: Add label if no breaking changes
+      uses: actions-ecosystem/action-add-labels@v1.1.0
+      with:
+        labels: impact/no-changelog-required
+        number: ${{ github.event.issue.number }}
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Build Provider
+      run: make provider
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar provider binaries
+      run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
+        pulumi-gen-${{ env.PROVIDER}}
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin/provider.tar.gz
+    - name: Test Provider Library
+      run: make test_provider
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@v4
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in building provider prerequisites
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  build_sdks:
+    needs: prerequisites
+    runs-on: pulumi-ubuntu-8core
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: build_sdks
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Generate SDK
+      run: make generate_${{ matrix.language }}
+    - name: Build SDK
+      run: make build_${{ matrix.language }}
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar SDK folder
+      run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ matrix.language  }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure while building SDKs
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  test:
+    runs-on: pulumi-ubuntu-8core
+    needs:
+    - build_sdks
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: test
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Download SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ matrix.language }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: UnTar SDK folder
+      run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{
+        github.workspace}}/sdk/${{ matrix.language}}
+    - name: Update path
+      run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+    - name: Install Node dependencies
+      run: yarn global add typescript
+    - run: dotnet nuget add source ${{ github.workspace }}/nuget
+    - name: Install Python deps
+      run: |-
+        pip3 install virtualenv==20.0.23
+        pip3 install pipenv
+    - name: Install dependencies
+      run: make install_${{ matrix.language}}_sdk
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: ${{ env.AWS_REGION }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 3600
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@v0
+      with:
+        workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
+          }}/locations/global/workloadIdentityPools/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
+        service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
+    - name: Setup gcloud auth
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        install_components: gke-gcloud-auth-plugin
+    - name: Install gotestfmt
+      uses: GoTestTools/gotestfmt-action@v2
+      with:
+        version: v2.5.0
+        token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Run tests
+      run: >-
+        set -euo pipefail
+
+        cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in SDK tests
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish:
+    runs-on: ubuntu-latest
+    needs: test
+    name: publish
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Clear GitHub Actions Ubuntu runner disk space
+      uses: jlumbroso/free-disk-space@v1.3.1
+      with:
+        tool-cache: false
+        dotnet: false
+        android: true
+        haskell: true
+        swap-storage: true
+        large-packages: false
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: us-east-2
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 7200
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-external-id: upload-pulumi-release
+        role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
+    - name: Set PreRelease Version
+      run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)"
+        >> $GITHUB_ENV
+    - name: Run GoReleaser
+      uses: goreleaser/goreleaser-action@v5
+      with:
+        args: -p 3 release --clean --timeout 60m0s
+        version: latest
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in publishing binaries
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish_sdk:
+    runs-on: ubuntu-latest
+    needs: publish
+    name: publish_sdks
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Download python SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: python-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress python SDK
+      run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
+        ${{github.workspace}}/sdk/python
+    - name: Download dotnet SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: dotnet-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress dotnet SDK
+      run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
+        ${{github.workspace}}/sdk/dotnet
+    - name: Download nodejs SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: nodejs-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress nodejs SDK
+      run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C
+        ${{github.workspace}}/sdk/nodejs
+    - name: Install Twine
+      run: python -m pip install pip twine
+    - name: Publish SDKs
+      run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
+      env:
+        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        PYPI_PUBLISH_ARTIFACTS: all
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in publishing SDK
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+  publish_java_sdk:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    needs: publish
+    name: publish_java_sdk
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download java SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: java-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: Uncompress java SDK
+      run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
+        ${{github.workspace}}/sdk/java
+    - name: Set PACKAGE_VERSION to Env
+      run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >>
+        $GITHUB_ENV
+    - name: Publish Java SDK
+      uses: gradle/gradle-build-action@v3
+      with:
+        arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository
+        build-root-directory: ./sdk/java
+        gradle-version: 7.4.1
+  tag_sdk:
+    runs-on: ubuntu-latest
+    needs: publish_sdk
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Add SDK version tag
+      run: git tag sdk/v$(pulumictl get version --language generic) && git push origin
+        sdk/v$(pulumictl get version --language generic)
+    name: tag_sdk
+  dispatch_docs_build:
+    runs-on: ubuntu-latest
+    needs: tag_sdk
+    steps:
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Dispatch Event
+      run: pulumictl create docs-build pulumi-${{ env.PROVIDER }}
+        ${GITHUB_REF#refs/tags/}
+      env:
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+    name: dispatch_docs_build

.github/workflows/run-acceptance-tests.yml

@@ -0,0 +1,427 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: run-acceptance-tests
+on:
+  repository_dispatch:
+    types:
+    - run-acceptance-tests-command
+  pull_request:
+    branches:
+    - master
+    - main
+    paths-ignore:
+    - CHANGELOG.md
+  workflow_dispatch: {}
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+  PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
+jobs:
+  comment-notification:
+    runs-on: ubuntu-latest
+    name: comment-notification
+    steps:
+    - name: Create URL to the run output
+      id: vars
+      run: echo
+        run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
+        >> "$GITHUB_OUTPUT"
+    - name: Update with Result
+      uses: peter-evans/create-or-update-comment@v1
+      with:
+        token: ${{ secrets.PULUMI_BOT_TOKEN }}
+        repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
+        issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
+        body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}"
+    if: github.event_name == 'repository_dispatch'
+  prerequisites:
+    runs-on: ubuntu-latest
+    name: prerequisites
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+        ref: ${{ env.PR_COMMIT_SHA }}
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - if: github.event_name == 'pull_request'
+      name: Install Schema Tools
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/schema-tools
+    - name: Build codegen binaries
+      run: make codegen
+    - name: Build Schema
+      run: make generate_schema
+    - if: github.event_name == 'pull_request'
+      name: Check Schema is Valid
+      run: >-
+        echo 'SCHEMA_CHANGES<<EOF' >> $GITHUB_ENV
+
+        schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV
+
+        echo 'EOF' >> $GITHUB_ENV
+      env:
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+    - if: github.event_name == 'pull_request'
+      name: Comment on PR with Details of Schema Check
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        message: |
+          ${{ env.SCHEMA_CHANGES }}
+        comment_tag: schemaCheck
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
+        github.actor == 'pulumi-bot'
+      name: Add label if no breaking changes
+      uses: actions-ecosystem/action-add-labels@v1.1.0
+      with:
+        labels: impact/no-changelog-required
+        number: ${{ github.event.issue.number }}
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Build Provider
+      run: make provider
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar provider binaries
+      run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
+        pulumi-gen-${{ env.PROVIDER}}
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin/provider.tar.gz
+    - name: Test Provider Library
+      run: make test_provider
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@v4
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in building provider prerequisites
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+    if: github.event_name == 'repository_dispatch' ||
+      github.event.pull_request.head.repo.full_name == github.repository
+  build_sdks:
+    needs: prerequisites
+    runs-on: pulumi-ubuntu-8core
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: build_sdks
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+        ref: ${{ env.PR_COMMIT_SHA }}
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Generate SDK
+      run: make generate_${{ matrix.language }}
+    - name: Build SDK
+      run: make build_${{ matrix.language }}
+    - name: Check worktree clean
+      run: ./ci-scripts/ci/check-worktree-is-clean
+    - run: git status --porcelain
+    - name: Tar SDK folder
+      run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ matrix.language  }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
+        retention-days: 30
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure while building SDKs
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+    if: github.event_name == 'repository_dispatch' ||
+      github.event.pull_request.head.repo.full_name == github.repository
+  test:
+    runs-on: pulumi-ubuntu-8core
+    needs:
+    - build_sdks
+    strategy:
+      fail-fast: true
+      matrix:
+        language:
+        - nodejs
+        - python
+        - dotnet
+        - go
+        - java
+    name: test
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+        ref: ${{ env.PR_COMMIT_SHA }}
+    - name: Checkout Scripts Repo
+      uses: actions/checkout@v4
+      with:
+        path: ci-scripts
+        repository: pulumi/scripts
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVAVERSION }}
+        distribution: temurin
+        cache: gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v3
+      with:
+        gradle-version: "7.6"
+    - name: Download provider + tfgen binaries
+      uses: actions/download-artifact@v4
+      with:
+        name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
+        path: ${{ github.workspace }}/bin
+    - name: UnTar provider binaries
+      run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
+        github.workspace}}/bin
+    - name: Restore Binary Permissions
+      run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
+        -exec chmod +x {} \;
+    - name: Download SDK
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ matrix.language }}-sdk.tar.gz
+        path: ${{ github.workspace}}/sdk/
+    - name: UnTar SDK folder
+      run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{
+        github.workspace}}/sdk/${{ matrix.language}}
+    - name: Update path
+      run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+    - name: Install Node dependencies
+      run: yarn global add typescript
+    - run: dotnet nuget add source ${{ github.workspace }}/nuget
+    - name: Install Python deps
+      run: |-
+        pip3 install virtualenv==20.0.23
+        pip3 install pipenv
+    - name: Install dependencies
+      run: make install_${{ matrix.language}}_sdk
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-region: ${{ env.AWS_REGION }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        role-duration-seconds: 3600
+        role-session-name: ${{ env.PROVIDER }}@githubActions
+        role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@v0
+      with:
+        workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
+          }}/locations/global/workloadIdentityPools/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
+          env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
+        service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
+    - name: Setup gcloud auth
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        install_components: gke-gcloud-auth-plugin
+    - name: Install gotestfmt
+      uses: GoTestTools/gotestfmt-action@v2
+      with:
+        version: v2.5.0
+        token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Run tests
+      run: >-
+        set -euo pipefail
+
+        cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt
+    - if: failure() && github.event_name == 'push'
+      name: Notify Slack
+      uses: 8398a7/action-slack@v3
+      with:
+        author_name: Failure in SDK tests
+        fields: repo,commit,author,action
+        status: ${{ job.status }}
+    if: github.event_name == 'repository_dispatch' ||
+      github.event.pull_request.head.repo.full_name == github.repository
+  sentinel:
+    runs-on: ubuntu-latest
+    name: sentinel
+    steps:
+    - name: Is workflow a success
+      run: echo yes
+    if: github.event_name == 'repository_dispatch' ||
+      github.event.pull_request.head.repo.full_name == github.repository
+    needs:
+    - test
+    - lint
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+        ref: ${{ env.PR_COMMIT_SHA }}
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: golangci-lint provider pkg
+      uses: golangci/golangci-lint-action@v4
+      with:
+        version: ${{ env.GOLANGCI_LINT_VERSION }}
+        args: -c ../.golangci.yml
+        working-directory: provider
+    name: lint
+    if: github.event_name == 'repository_dispatch' ||
+      github.event.pull_request.head.repo.full_name == github.repository

.github/workflows/weekly-pulumi-update.yml

@@ -0,0 +1,138 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+name: weekly-pulumi-update
+on:
+  schedule:
+  - cron: 35 12 * * 4
+  workflow_dispatch: {}
+env:
+  GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+  PROVIDER: docker-build
+  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+  PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
+  PYPI_USERNAME: __token__
+  PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+  TRAVIS_OS_NAME: linux
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
+  PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+  PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+  SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
+  SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
+  SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
+  GOVERSION: 1.21.x
+  NODEVERSION: 20.x
+  PYTHONVERSION: "3.11"
+  DOTNETVERSION: |
+    6.0.x
+    3.1.301
+  JAVAVERSION: "11"
+  AWS_REGION: us-west-2
+  PULUMI_API: https://api.pulumi-staging.io
+  ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
+  ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
+  ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  AZURE_LOCATION: westus
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
+  GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
+  GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
+  GOOGLE_PROJECT: pulumi-ci-gcp-provider
+  GOOGLE_PROJECT_NUMBER: 895284651812
+  GOOGLE_REGION: us-central1
+  GOOGLE_ZONE: us-central1-a
+  DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+jobs:
+  weekly-pulumi-update:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        lfs: true
+    - name: Unshallow clone for tags
+      run: git fetch --prune --unshallow --tags
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GOVERSION }}
+        cache-dependency-path: "**/*.sum"
+    - name: Install pulumictl
+      uses: jaxxstorm/action-install-gh-release@v1.11.0
+      with:
+        repo: pulumi/pulumictl
+    - name: Install Pulumi CLI
+      uses: pulumi/actions@v5
+    - name: Setup DotNet
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ env.DOTNETVERSION }}
+    - name: Setup Node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODEVERSION }}
+        registry-url: https://registry.npmjs.org
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHONVERSION }}
+    - name: Update Pulumi/Pulumi
+      id: gomod
+      run: >-
+        git config --local user.email 'bot@pulumi.com'
+
+        git config --local user.name 'pulumi-bot'
+
+        git checkout -b update-pulumi/${{ github.run_id }}-${{ github.run_number }}
+
+        for MODFILE in $(find . -name go.mod); do pushd $(dirname $MODFILE); go get github.com/pulumi/pulumi/pkg/v3 github.com/pulumi/pulumi/sdk/v3; go mod tidy; popd; done
+
+        git update-index -q --refresh
+
+        if ! git diff-files --quiet; then echo changes=1 >> "$GITHUB_OUTPUT"; fi
+    - name: Provider with Pulumi Upgrade
+      if: steps.gomod.outputs.changes != 0
+      run: >-
+        make codegen && make local_generate
+
+        git add sdk/nodejs
+
+        git commit -m "Regenerating Node.js SDK based on updated modules" || echo "ignore commit failure, may be empty"
+
+        git add sdk/python
+
+        git commit -m "Regenerating Python SDK based on updated modules" || echo "ignore commit failure, may be empty"
+
+        git add sdk/dotnet
+
+        git commit -m "Regenerating .NET SDK based on updated modules" || echo "ignore commit failure, may be empty"
+
+        git add sdk/go*
+
+        git commit -m "Regenerating Go SDK based on updated modules" || echo "ignore commit failure, may be empty"
+
+        git add sdk/java*
+
+        git commit -m "Regenerating Java SDK based on updated modules" || echo "ignore commit failure, may be empty"
+
+        git add .
+
+        git commit -m "Updated modules" || echo "ignore commit failure, may be empty"
+
+        git push origin update-pulumi/${{ github.run_id }}-${{ github.run_number }}
+    - name: Create PR
+      id: create-pr
+      if: steps.gomod.outputs.changes != 0
+      uses: repo-sync/pull-request@v2.6.2
+      with:
+        source_branch: update-pulumi/${{ github.run_id }}-${{ github.run_number }}
+        destination_branch: master
+        pr_title: Automated Pulumi/Pulumi upgrade
+        github_token: ${{ secrets.PULUMI_BOT_TOKEN }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
+    name: weekly-pulumi-update

.gitignore

@@ -0,0 +1,21 @@
+/vendor/
+**/bin/
+**/obj/
+**/node_modules/
+**/.vs
+**/.idea
+**/.ionide
+**/.vscode
+*.swp
+Pulumi.*.yaml
+yarn.lock
+ci-scripts
+nuget/
+coverage.txt
+
+
+sdk/dotnet/version.txt
+sdk/java/.gradle
+sdk/java/build/
+sdk/java/build.gradle
+sdk/python/venv

.gitmodules

@@ -0,0 +1,3 @@
+[submodule ".devcontainer"]
+	path = .devcontainer
+	url = https://github.com/pulumi/devcontainer

.golangci.yml

@@ -0,0 +1,104 @@
+run:
+  timeout: 10m
+
+linters:
+  enable-all: false
+  enable:
+    - depguard
+    - errcheck
+    - exhaustive
+    - exportloopref
+    - gci
+    - gocritic
+    - gofumpt
+    - goheader
+    - gosec
+    - govet
+    - importas
+    - ineffassign
+    - lll
+    - misspell
+    - nakedret
+    - nolintlint
+    - paralleltest
+    - perfsprint
+    - prealloc
+    - revive
+    - unconvert
+    - unused
+
+linters-settings:
+  depguard:
+    rules:
+      protobuf:
+        deny:
+          - pkg: "github.com/golang/protobuf"
+            desc: Use google.golang.org/protobuf instead
+  gci:
+    sections:
+      - standard # Standard section: captures all standard library packages.
+      - blank # Blank section: contains all blank imports.
+      - default # Default section: contains all imports that could not be matched to another section type.
+      - prefix(github.com/pulumi/) # Custom section: groups all imports with the github.com/pulumi/ prefix.
+      - prefix(github.com/pulumi/pulumi-dockerbuild/) # Custom section: local imports
+    custom-order: true
+  gocritic:
+    enable-all: true
+    disabled-checks:
+      - hugeParam
+      - importShadow
+  goheader:
+    template: |-
+      Copyright 2024, Pulumi Corporation.
+
+      Licensed under the Apache License, Version 2.0 (the "License");
+      you may not use this file except in compliance with the License.
+      You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+      Unless required by applicable law or agreed to in writing, software
+      distributed under the License is distributed on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+      See the License for the specific language governing permissions and
+      limitations under the License.
+  govet:
+    enable:
+      - nilness
+      # Reject comparisons of reflect.Value with DeepEqual or '=='.
+      - reflectvaluecompare
+      # Reject sort.Slice calls with a non-slice argument.
+      - sortslice
+      # Detect write to struct/arrays by-value that aren't read again.
+      - unusedwrite
+  nakedret:
+    # Make an issue if func has more lines of code than this setting, and it has naked returns.
+    # Default: 30
+    max-func-lines: 60
+  nolintlint:
+    # Some linter exclusions are added to generated or templated files
+    # pre-emptively.
+    # Don't complain about these.
+    allow-unused: true
+
+issues:
+  exclude-use-default: false
+  exclude-rules:
+    # Don't warn on unused parameters.
+    # Parameter names are useful; replacing them with '_' is undesirable.
+    - linters: [revive]
+      text: 'unused-parameter: parameter \S+ seems to be unused, consider removing or renaming it as _'
+
+    # staticcheck already has smarter checks for empty blocks.
+    # revive's empty-block linter has false positives.
+    # For example, as of writing this, the following is not allowed.
+    #   for foo() { }
+    - linters: [revive]
+      text: "empty-block: this block is empty, you can remove it"
+
+    # We *frequently* use the term 'new' in the context of properties
+    # (new and old properties),
+    # and we rarely use the 'new' built-in function.
+    # It's fine to ignore these cases.
+    - linters: [revive]
+      text: "redefines-builtin-id: redefinition of the built-in function new"

.goreleaser.prerelease.yml

@@ -0,0 +1,38 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+project_name: pulumi-docker-build
+builds:
+- dir: provider
+  env:
+  - CGO_ENABLED=0
+  - GO111MODULE=on
+  goos:
+  - darwin
+  - windows
+  - linux
+  goarch:
+  - amd64
+  - arm64
+  ignore: []
+  main: ./cmd/pulumi-resource-docker-build/
+  ldflags:
+  - -X
+    github.com/pulumi/pulumi-docker-build/provider/pkg/version.Version={{.Tag}}
+  - -X github.com/pulumi/pulumi-docker-build/provider.Version={{.Tag}}
+  binary: pulumi-resource-docker-build
+archives:
+- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}"
+  id: archive
+snapshot:
+  name_template: "{{ .Tag }}-SNAPSHOT"
+changelog:
+  skip: true
+release:
+  disable: true
+blobs:
+- provider: s3
+  region: us-west-2
+  bucket: get.pulumi.com
+  folder: releases/plugins/
+  ids:
+  - archive

.goreleaser.yml

@@ -0,0 +1,38 @@
+# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
+
+project_name: pulumi-docker-build
+builds:
+- dir: provider
+  env:
+  - CGO_ENABLED=0
+  - GO111MODULE=on
+  goos:
+  - darwin
+  - windows
+  - linux
+  goarch:
+  - amd64
+  - arm64
+  ignore: []
+  main: ./cmd/pulumi-resource-docker-build/
+  ldflags:
+  - -X
+    github.com/pulumi/pulumi-docker-build/provider/pkg/version.Version={{.Tag}}
+  - -X github.com/pulumi/pulumi-docker-build/provider.Version={{.Tag}}
+  binary: pulumi-resource-docker-build
+archives:
+- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}"
+  id: archive
+snapshot:
+  name_template: "{{ .Tag }}-SNAPSHOT"
+changelog:
+  skip: true
+release:
+  disable: false
+blobs:
+- provider: s3
+  region: us-west-2
+  bucket: get.pulumi.com
+  folder: releases/plugins/
+  ids:
+  - archive

Makefile

@@ -0,0 +1,248 @@
+PROJECT_NAME := Pulumi Docker Build Resource Provider
+
+PACK             := docker-build
+PACKDIR          := sdk
+PROJECT          := github.com/pulumi/pulumi-docker-build
+NODE_MODULE_NAME := @pulumi/docker-build
+NUGET_PKG_NAME   := Pulumi.DockerBuild
+
+PROVIDER         := pulumi-resource-${PACK}
+VERSION          ?= $(shell pulumictl get version)
+PROVIDER_PATH    := provider
+VERSION_PATH     := ${PROVIDER_PATH}.Version
+SCHEMA_PATH      := ${PROVIDER_PATH}/cmd/pulumi-resource-${PACK}/schema.json
+
+GOPATH			 := $(shell go env GOPATH)
+
+WORKING_DIR      := $(shell pwd)
+EXAMPLES_DIR     := ${WORKING_DIR}/examples/yaml
+TESTPARALLELISM  := 4
+
+PULUMI           := bin/pulumi
+GOGLANGCILINT    := bin/golangci-lint
+
+.PHONY: ensure
+ensure:: tidy lint test_provider examples
+
+.PHONY: tidy
+tidy:
+	go mod tidy
+
+.PHONY: provider
+provider: bin/${PROVIDER} bin/pulumi-gen-${PACK} # Required by CI
+
+provider_debug::
+	(cd provider && go build -o $(WORKING_DIR)/bin/${PROVIDER} -gcflags="all=-N -l" -ldflags "-X ${PROJECT}/${VERSION_PATH}=${VERSION}" $(PROJECT)/${PROVIDER_PATH}/cmd/$(PROVIDER))
+
+test_provider:: # Required by CI
+	go test -short -v -coverprofile="coverage.txt" -coverpkg=./provider/... -timeout 2h -parallel ${TESTPARALLELISM} ./provider/...
+
+test_examples: install_nodejs_sdk install_dotnet_sdk
+	go test -short -v -cover -tags=all -timeout 2h -parallel ${TESTPARALLELISM} ./examples/...
+
+test_all:: test_provider test_examples
+
+.PHONY:
+gen_examples:
+
+examples: $(shell mkdir -p examples)
+examples: sdk examples/yaml examples/go examples/nodejs examples/python examples/dotnet examples/java
+
+examples/yaml:
+	rm -rf ${WORKING_DIR}/examples/yaml/app
+	cp -r ${WORKING_DIR}/examples/app ${WORKING_DIR}/examples/yaml/app
+
+examples/go: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
+	$(call example,go)
+	@git checkout examples/go/go.mod
+
+examples/nodejs: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
+	$(call example,nodejs)
+	@git checkout examples/nodejs/package.json
+
+examples/python: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
+	$(call example,python)
+	@git checkout examples/python/requirements.txt
+
+examples/dotnet: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
+	$(call example,dotnet)
+	@git checkout examples/dotnet/provider-docker-build.csproj
+
+examples/java: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
+	$(call example,java)
+	@git checkout examples/java/pom.xml
+
+${PULUMI}: go.sum
+	GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/pkg/v3/cmd/pulumi
+	GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3
+
+${GOGLANGCILINT}: go.sum
+	GOBIN=${WORKING_DIR}/bin go install github.com/golangci/golangci-lint/cmd/golangci-lint
+
+define pulumi_login
+    export PULUMI_CONFIG_PASSPHRASE=asdfqwerty1234; \
+    pulumi login --local;
+endef
+
+define example
+	rm -rf ${WORKING_DIR}/examples/$(1)
+	$(PULUMI) convert \
+		--cwd ${WORKING_DIR}/examples/yaml \
+		--logtostderr \
+		--generate-only \
+		--non-interactive \
+		--language $(1) \
+		--out ${WORKING_DIR}/examples/$(1)
+	cp -r ${WORKING_DIR}/examples/app ${WORKING_DIR}/examples/$(1)/app
+endef
+
+up::
+	$(call pulumi_login) \
+	cd ${EXAMPLES_DIR} && \
+	pulumi stack init dev && \
+	pulumi stack select dev && \
+	pulumi config set name dev && \
+	pulumi up -y
+
+down::
+	$(call pulumi_login) \
+	cd ${EXAMPLES_DIR} && \
+	pulumi stack select dev && \
+	pulumi destroy -y && \
+	pulumi stack rm dev -y
+
+devcontainer::
+	git submodule update --init --recursive .devcontainer
+	git submodule update --remote --merge .devcontainer
+	cp -f .devcontainer/devcontainer.json .devcontainer.json
+
+.PHONY: build
+build:: provider dotnet_sdk go_sdk nodejs_sdk python_sdk
+
+# Required for the codegen action that runs in pulumi/pulumi
+only_build:: build
+
+.PHONY: lint
+lint: ${GOGLANGCILINT}
+	${GOGLANGCILINT} run --fix -c .golangci.yml
+
+install:: install_nodejs_sdk install_dotnet_sdk
+	cp $(WORKING_DIR)/bin/${PROVIDER} ${GOPATH}/bin
+
+
+install_dotnet_sdk:: # Required by CI
+	rm -rf $(WORKING_DIR)/nuget/$(NUGET_PKG_NAME).*.nupkg
+	mkdir -p $(WORKING_DIR)/nuget
+	find . -name '*.nupkg' -print -exec cp -p {} ${WORKING_DIR}/nuget \;
+
+install_python_sdk:: # Required by CI
+
+install_go_sdk:: # Required by CI
+
+install_nodejs_sdk:: # Required by CI
+	-yarn unlink --cwd $(WORKING_DIR)/sdk/nodejs/bin
+	yarn link --cwd $(WORKING_DIR)/sdk/nodejs/bin
+
+.PHONY: codegen
+codegen: # Required by CI
+
+.PHONY: generate_schema
+generate_schema: # Required by CI
+
+.PHONY: build_go install_go_sdk
+generate_go: sdk/go # Required by CI
+build_go: # Required by CI
+
+.PHONY: build_java install_java_sdk
+generate_java: sdk/java # Required by CI
+build_java: # Required by CI
+
+.PHONY: build_python install_python_sdk
+generate_python: sdk/python # Required by CI
+build_python: # Required by CI
+
+.PHONY: build_nodejs install_nodejs_sdk
+generate_nodejs: sdk/nodejs # Required by CI
+build_nodejs: # Required by CI
+
+.PHONY: build_dotnet install_dotnet_sdk
+generate_dotnet: sdk/dotnet # Required by CI
+build_dotnet: # Required by CI
+
+${SCHEMA_PATH}: bin/${PROVIDER}
+	pulumi package get-schema bin/${PROVIDER} > $(SCHEMA_PATH)
+
+bin/${PROVIDER}: $(shell find ./provider -name '*.go') go.mod
+	(cd provider && go build -o ../bin/${PROVIDER} -ldflags "-X ${PROJECT}/${VERSION_PATH}=${VERSION}" $(PROJECT)/${PROVIDER_PATH}/cmd/$(PROVIDER))
+
+bin/pulumi-gen-${PACK}: # Required by CI
+	touch bin/pulumi-gen-${PACK}
+
+go.mod: $(shell find . -name '*.go')
+go.sum: go.mod
+
+sdk: $(shell mkdir -p sdk)
+sdk: sdk/python sdk/nodejs sdk/java sdk/python sdk/go sdk/dotnet
+
+sdk/python: PYPI_VERSION := $(shell pulumictl get version --language python)
+sdk/python: TMPDIR := $(shell mktemp -d)
+sdk/python: $(PULUMI) bin/${PROVIDER}
+	rm -rf sdk/python
+	$(PULUMI) package gen-sdk bin/$(PROVIDER) --language python -o ${TMPDIR}
+	cp README.md ${TMPDIR}/python/
+	cd ${TMPDIR}/python/ && \
+		rm -rf ./bin/ ../python.bin/ && cp -R . ../python.bin && mv ../python.bin ./bin && \
+		sed -i.bak -e 's/^  version = .*/  version = "$(PYPI_VERSION)"/g' ./bin/pyproject.toml && \
+		rm ./bin/pyproject.toml.bak && \
+		python3 -m venv venv && \
+		./venv/bin/python -m pip install build && \
+		cd ./bin && \
+		../venv/bin/python -m build .
+	mv -f ${TMPDIR}/python ${WORKING_DIR}/sdk/.
+
+sdk/nodejs: NODE_VERSION := $(shell pulumictl get version --language javascript)
+sdk/nodejs: TMPDIR := $(shell mktemp -d)
+sdk/nodejs: $(PULUMI) bin/${PROVIDER}
+	rm -rf sdk/nodejs
+	$(PULUMI) package gen-sdk bin/$(PROVIDER) --language nodejs -o ${TMPDIR}
+	cp README.md LICENSE ${TMPDIR}/nodejs
+	cd ${TMPDIR}/nodejs/ && \
+		yarn install && \
+		yarn run tsc && \
+		cp README.md LICENSE package.json yarn.lock bin/ && \
+		sed -i.bak 's/$${VERSION}/$(NODE_VERSION)/g' bin/package.json && \
+		rm ./bin/package.json.bak
+	mv -f ${TMPDIR}/nodejs ${WORKING_DIR}/sdk/.
+
+sdk/go: TMPDIR := $(shell mktemp -d)
+sdk/go: PATH := "$(WORKING_DIR)/bin:$(PATH)"
+sdk/go: $(PULUMI) bin/${PROVIDER}
+	rm -rf sdk/go
+	PATH=$(PATH) $(PULUMI) package gen-sdk bin/$(PROVIDER) --language go -o ${TMPDIR}
+	cp go.mod ${TMPDIR}/go/dockerbuild/go.mod
+	cd ${TMPDIR}/go/dockerbuild && \
+		go mod edit -module=github.com/pulumi/pulumi-${PACK}/${PACKDIR}/go/dockerbuild && \
+		go mod tidy
+	mv -f ${TMPDIR}/go ${WORKING_DIR}/sdk/go
+
+sdk/dotnet: DOTNET_VERSION  := $(shell pulumictl get version --language dotnet)
+sdk/dotnet: TMPDIR := $(shell mktemp -d)
+sdk/dotnet: $(PULUMI) bin/${PROVIDER}
+	rm -rf sdk/dotnet
+	$(PULUMI) package gen-sdk bin/${PROVIDER} --language dotnet -o ${TMPDIR}
+	cd ${TMPDIR}/dotnet/ && \
+		echo "$(DOTNET_VERSION)" > version.txt && \
+		dotnet build /p:Version=${DOTNET_VERSION}
+	mv -f ${TMPDIR}/dotnet ${WORKING_DIR}/sdk/.
+
+sdk/java: PACKAGE_VERSION := $(shell pulumictl get version --language generic)
+sdk/java: TMPDIR := $(shell mktemp -d)
+sdk/java: $(PULUMI) bin/${PROVIDER}
+	rm -rf sdk/java
+	$(PULUMI) package gen-sdk --language java bin/${PROVIDER} -o ${TMPDIR}
+	cd ${TMPDIR}/java/ && gradle --console=plain build
+	mv -f ${TMPDIR}/java ${WORKING_DIR}/sdk/.
+
+docs: $(shell find docs/yaml -type f) $(shell find ./provider/internal/embed -name '*.md') ${SCHEMA_PATH}
+	go generate docs/generate.go
+	@touch docs

codecov.yml

@@ -0,0 +1,12 @@
+comment:
+  layout: "header, files, footer"
+  hide_project_coverage: false
+
+coverage:
+  status:
+    project:
+      default:
+        informational: true
+    patch:
+      default:
+        informational: true

docs/generate.go

@@ -0,0 +1,216 @@
+// Copyright 2024, Pulumi Corporation.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:generate go run generate.go yaml ../provider/internal/embed
+
+// Package main ingests a multi-document YAML file and converts it into
+// Markdown examples.
+package main
+
+import (
+	"fmt"
+	"io"
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"gopkg.in/yaml.v3"
+
+	"github.com/pulumi/pulumi/sdk/v3/go/common/util/contract"
+)
+
+func main() {
+	if len(os.Args) < 3 {
+		fmt.Fprintf(os.Stdout, "Usage: %s <yaml source dir path> <markdown destination path>\n", os.Args[0])
+		os.Exit(1)
+	}
+	yamlPath := os.Args[1]
+	mdPath := os.Args[2]
+
+	if !filepath.IsAbs(yamlPath) {
+		cwd, err := os.Getwd()
+		contract.AssertNoErrorf(err, "getting working directory")
+		yamlPath = filepath.Join(cwd, yamlPath)
+	}
+
+	if err := os.MkdirAll(mdPath, 0o750); err != nil {
+		panic(err)
+	}
+	fileInfo, err := os.Lstat(mdPath)
+	if err != nil || !fileInfo.IsDir() {
+		fmt.Fprintf(os.Stderr, "Expect markdown destination %q to be a directory\n", mdPath)
+		os.Exit(1)
+	}
+
+	yamlFiles, err := os.ReadDir(yamlPath)
+	if err != nil {
+		panic(err)
+	}
+	for _, yamlFile := range yamlFiles {
+		if err := processYaml(filepath.Join(yamlPath, yamlFile.Name()), mdPath); err != nil {
+			log.Fatal(fmt.Errorf("processing %q: %w", yamlFile.Name(), err))
+		}
+	}
+}
+
+func markdownExamples(examples []string) string {
+	s := "{{% examples %}}\n## Example Usage\n"
+	for _, example := range examples {
+		s += example
+	}
+	s += "{{% /examples %}}"
+	return s
+}
+
+func markdownExample(description string,
+	typescript string,
+	python string,
+	csharp string,
+	golang string,
+	yaml string,
+	java string,
+) string {
+	return fmt.Sprintf("{{%% example %%}}\n### %s\n\n"+
+		"```typescript\n%s```\n"+
+		"```python\n%s```\n"+
+		"```csharp\n%s```\n"+
+		"```go\n%s```\n"+
+		"```yaml\n%s```\n"+
+		"```java\n%s```\n"+
+		"{{%% /example %%}}\n",
+		description, typescript, python, csharp, golang, yaml, java)
+}
+
+func convert(language, tempDir, programFile string) (string, error) {
+	exampleDir := filepath.Join(tempDir, "example"+language)
+	//nolint:gosec // No user-provided input.
+	cmd := exec.Command(
+		"pulumi",
+		"convert",
+		"--language",
+		language,
+		"--out",
+		filepath.Clean(filepath.Join(tempDir, exampleDir)),
+		"--generate-only",
+	)
+
+	cmd.Stderr = os.Stderr
+	cmd.Stdout = os.Stdout
+	cmd.Dir = tempDir
+	if err := cmd.Run(); err != nil {
+		return "", fmt.Errorf("converting: %w", err)
+	}
+	content, err := os.ReadFile(filepath.Clean(filepath.Join(tempDir, exampleDir, programFile)))
+	if err != nil {
+		return "", fmt.Errorf("reading: %w", err)
+	}
+
+	return string(content), nil
+}
+
+func processYaml(path, mdDir string) error {
+	yamlFile, err := os.Open(filepath.Clean(path))
+	if err != nil {
+		return err
+	}
+
+	base := filepath.Base(path)
+	md := strings.NewReplacer(".yaml", ".md", ".yml", ".md").Replace(base)
+
+	defer contract.IgnoreClose(yamlFile)
+	decoder := yaml.NewDecoder(yamlFile)
+	exampleStrings := []string{}
+	for {
+		keepGoing, err := func() (bool, error) {
+			example := map[string]interface{}{}
+			err := decoder.Decode(&example)
+			if err == io.EOF {
+				return false, nil
+			}
+
+			description, ok := example["description"].(string)
+			if !ok {
+				description = ""
+			}
+			dir, err := os.MkdirTemp("", "")
+			if err != nil {
+				return false, err
+			}
+
+			defer func() {
+				contract.IgnoreError(os.RemoveAll(dir))
+			}()
+
+			src, err := os.OpenFile(filepath.Clean(filepath.Join(dir, "Pulumi.yaml")), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
+			if err != nil {
+				return false, err
+			}
+
+			fmt.Println("Converting:", example)
+
+			if err := yaml.NewEncoder(src).Encode(example); err != nil {
+				return false, err
+			}
+			contract.AssertNoErrorf(src.Close(), "closing")
+
+			typescript, err := convert("typescript", dir, "index.ts")
+			if err != nil {
+				return false, err
+			}
+			python, err := convert("python", dir, "__main__.py")
+			if err != nil {
+				return false, err
+			}
+			csharp, err := convert("csharp", dir, "Program.cs")
+			if err != nil {
+				return false, err
+			}
+			golang, err := convert("go", dir, "main.go")
+			if err != nil {
+				return false, err
+			}
+			java, err := convert("java", dir, "src/main/java/generated_program/App.java")
+			if err != nil {
+				return false, err
+			}
+
+			yamlContent, err := os.ReadFile(filepath.Clean(filepath.Join(dir, "Pulumi.yaml")))
+			if err != nil {
+				return false, err
+			}
+			yaml := string(yamlContent)
+
+			exampleStrings = append(exampleStrings, markdownExample(description, typescript, python, csharp, golang, yaml, java))
+
+			return true, nil
+		}()
+		if err != nil {
+			return err
+		}
+		if !keepGoing {
+			break
+		}
+	}
+	fmt.Fprintf(os.Stdout, "Writing %s\n", filepath.Join(mdDir, md))
+	f, err := os.OpenFile(filepath.Clean(filepath.Join(mdDir, md)), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
+	if err != nil {
+		return err
+	}
+	defer contract.IgnoreClose(f)
+	_, err = f.WriteString(markdownExamples(exampleStrings))
+	contract.AssertNoErrorf(err, "writing examples")
+	return nil
+}

docs/yaml/image-examples.yaml

@@ -0,0 +1,190 @@
+name: ecr
+description: Push to AWS ECR with caching
+outputs:
+  ref: ${my-image.ref}
+resources:
+  ecr-repository:
+    type: aws:ecr:Repository
+  my-image:
+    type: docker-build:Image
+    properties:
+      tags:
+        - ${ecr-repository.repositoryUrl}:latest
+      push: true
+      context:
+        location: ./app
+      cacheFrom:
+        - registry:
+            ref: ${ecr-repository.repositoryUrl}:cache
+      cacheTo:
+        - registry:
+            ref: ${ecr-repository.repositoryUrl}:cache
+            imageManifest: true
+            ociMediaTypes: true
+      registries:
+        - username: ${auth-token.userName}
+          password: ${auth-token.password}
+          address: ${ecr-repository.repositoryUrl}
+runtime: yaml
+variables:
+  auth-token:
+    fn::aws:ecr:getAuthorizationToken:
+      registryId: ${ecr-repository.registryId}
+---
+name: multi-platform
+runtime: yaml
+description: Multi-platform image
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      platforms:
+        - plan9/amd64
+        - plan9/386
+      push: false
+---
+name: registry
+runtime: yaml
+description: Registry export
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      tags:
+        - "docker.io/pulumi/pulumi:3.107.0"
+      context:
+        location: "app"
+      push: true
+      registries:
+        - address: docker.io
+          username: pulumibot
+          password: ${dockerHubPassword}
+outputs:
+  ref: ${my-image.ref}
+---
+name: caching
+runtime: yaml
+description: Caching
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      cacheTo:
+        - local:
+            dest: tmp/cache
+            mode: max
+      cacheFrom:
+        - local:
+            src: tmp/cache
+      push: false
+---
+name: dbc
+runtime: yaml
+description: Docker Build Cloud
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      exec: true
+      builder:
+        name: cloud-builder-name
+      push: false
+---
+name: build-args
+runtime: yaml
+description: Build arguments
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      buildArgs:
+        SET_ME_TO_TRUE: "true"
+      push: false
+---
+name: build-target
+runtime: yaml
+description: Build target
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      target: "build-me"
+      push: false
+---
+name: named-contexts
+runtime: yaml
+description: Named contexts
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: app
+        named:
+          "golang:latest":
+            location: "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984"
+      push: false
+---
+name: remote-context
+runtime: yaml
+description: Remote context
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile"
+      push: false
+
+---
+name: inline
+runtime: yaml
+description: Inline Dockerfile
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      dockerfile:
+        inline: |
+          FROM busybox
+          COPY hello.c ./
+      context:
+        location: "app"
+      push: false
+---
+name: remote-context
+runtime: yaml
+description: Remote context
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      dockerfile:
+        location: app/Dockerfile
+      context:
+        location: "https://github.com/docker-library/hello-world.git"
+      push: false
+---
+name: docker-load
+runtime: yaml
+description: Local export
+resources:
+  image:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      exports:
+        - docker:
+            tar: true
+      push: false

docs/yaml/index-examples.yaml

@@ -0,0 +1,48 @@
+name: registry-caching
+description: Multi-platform registry caching
+runtime: yaml
+resources:
+  arm64:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      platforms:
+        - linux/arm64
+      tags:
+        - "docker.io/pulumi/pulumi:3.107.0-arm64"
+      cacheTo:
+        - registry:
+            ref: "docker.io/pulumi/pulumi:cache-arm64"
+            mode: max
+      cacheFrom:
+        - registry:
+            ref: "docker.io/pulumi/pulumi:cache-arm64"
+
+  amd64:
+    type: docker-build:Image
+    properties:
+      context:
+        location: "app"
+      platforms:
+        - linux/amd64
+      tags:
+        - "docker.io/pulumi/pulumi:3.107.0-amd64"
+      cacheTo:
+        - registry:
+            ref: "docker.io/pulumi/pulumi:cache-amd64"
+            mode: max
+      cacheFrom:
+        - registry:
+            ref: "docker.io/pulumi/pulumi:cache-amd64"
+
+  index:
+    type: docker-build:Index
+    properties:
+      tag: "docker.io/pulumi/pulumi:3.107.0"
+      sources:
+        - ${amd64.ref}
+        - ${arm64.ref}
+
+outputs:
+  ref: ${index.ref}

examples/app/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo 👍

examples/app/Dockerfile.buildArgs

@@ -0,0 +1,5 @@
+FROM alpine
+
+ARG SET_ME_TO_TRUE
+RUN [ "$SET_ME_TO_TRUE" = "true" ]
+RUN echo "That's the correct build arg, thanks! 👍"

examples/app/Dockerfile.emptyContext

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

examples/app/Dockerfile.extraHosts

@@ -0,0 +1,3 @@
+FROM bash AS base
+
+RUN getent hosts metadata.google.internal

examples/app/Dockerfile.multiPlatform

@@ -0,0 +1,7 @@
+FROM --platform=$BUILDPLATFORM alpine as build
+RUN echo ${BUILDPLATFORM} > buildplatform
+RUN echo ${TARGETPLATFORM} > targetplatform
+
+FROM build
+RUN cat buildplatform
+RUN cat targetplatform

examples/app/Dockerfile.namedContexts

@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:1.4
+FROM golang:latest
+
+RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
+RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

examples/app/Dockerfile.secrets

@@ -0,0 +1,4 @@
+FROM alpine
+
+RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]
+

examples/app/Dockerfile.sshMount

@@ -0,0 +1,5 @@
+FROM alpine
+
+RUN apk add openssh-client
+
+RUN --mount=type=ssh ssh-add -l

examples/app/Dockerfile.target

@@ -0,0 +1,8 @@
+FROM alpine as build-me
+RUN echo 👍
+
+FROM build-me as also-build-me
+RUN echo 🤙
+
+FROM build-me as dont-build-me
+RUN [ "true" = "false" ]

examples/dotnet/.gitignore

@@ -0,0 +1,353 @@
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+##
+## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
+
+# User-specific files
+*.rsuser
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Mono auto generated files
+mono_crash.*
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+[Aa][Rr][Mm]/
+[Aa][Rr][Mm]64/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+[Ll]ogs/
+
+# Visual Studio 2015/2017 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+
+# Visual Studio 2017 auto generated files
+Generated\ Files/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUnit
+*.VisualState.xml
+TestResult.xml
+nunit-*.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+# Benchmark Results
+BenchmarkDotNet.Artifacts/
+
+# .NET Core
+project.lock.json
+project.fragment.lock.json
+artifacts/
+
+# StyleCop
+StyleCopReport.xml
+
+# Files built by Visual Studio
+*_i.c
+*_p.c
+*_h.h
+*.ilk
+*.meta
+*.obj
+*.iobj
+*.pch
+*.pdb
+*.ipdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*_wpftmp.csproj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+
+# Visual Studio Trace Files
+*.e2e
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# JustCode is a .NET coding add-in
+.JustCode
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# AxoCover is a Code Coverage Tool
+.axoCover/*
+!.axoCover/settings.json
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# Note: Comment the next line if you want to checkin your web deploy settings,
+# but database connection strings (with potential passwords) will be unencrypted
+*.pubxml
+*.publishproj
+
+# Microsoft Azure Web App publish settings. Comment the next line if you want to
+# checkin your Azure Web App publish settings, but sensitive information contained
+# in these scripts will be unencrypted
+PublishScripts/
+
+# NuGet Packages
+*.nupkg
+# NuGet Symbol Packages
+*.snupkg
+# The packages folder can be ignored because of Package Restore
+**/[Pp]ackages/*
+# except build/, which is used as an MSBuild target.
+!**/[Pp]ackages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/[Pp]ackages/repositories.config
+# NuGet v3's project.json files produces more ignorable files
+*.nuget.props
+*.nuget.targets
+
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+
+# Microsoft Azure Emulator
+ecf/
+rcf/
+
+# Windows Store app package directories and files
+AppPackages/
+BundleArtifacts/
+Package.StoreAssociation.xml
+_pkginfo.txt
+*.appx
+*.appxbundle
+*.appxupload
+
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!?*.[Cc]ache/
+
+# Others
+ClientBin/
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.jfm
+*.pfx
+*.publishsettings
+orleans.codegen.cs
+
+# Including strong name files can present a security risk
+# (https://github.com/github/gitignore/pull/2483#issue-259490424)
+#*.snk
+
+# Since there are multiple workflows, uncomment next line to ignore bower_components
+# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
+#bower_components/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+ServiceFabricBackup/
+*.rptproj.bak
+
+# SQL Server files
+*.mdf
+*.ldf
+*.ndf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+*.rptproj.rsuser
+*- [Bb]ackup.rdl
+*- [Bb]ackup ([0-9]).rdl
+*- [Bb]ackup ([0-9][0-9]).rdl
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+node_modules/
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
+*.vbw
+
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+
+# Paket dependency manager
+.paket/paket.exe
+paket-files/
+
+# FAKE - F# Make
+.fake/
+
+# CodeRush personal settings
+.cr/personal
+
+# Python Tools for Visual Studio (PTVS)
+__pycache__/
+*.pyc
+
+# Cake - Uncomment if you are using it
+# tools/**
+# !tools/packages.config
+
+# Tabs Studio
+*.tss
+
+# Telerik's JustMock configuration file
+*.jmconfig
+
+# BizTalk build output
+*.btp.cs
+*.btm.cs
+*.odx.cs
+*.xsd.cs
+
+# OpenCover UI analysis results
+OpenCover/
+
+# Azure Stream Analytics local run output
+ASALocalRun/
+
+# MSBuild Binary and Structured Log
+*.binlog
+
+# NVidia Nsight GPU debugger configuration file
+*.nvuser
+
+# MFractors (Xamarin productivity tool) working folder
+.mfractor/
+
+# Local History for Visual Studio
+.localhistory/
+
+# BeatPulse healthcheck temp database
+healthchecksdb
+
+# Backup folder for Package Reference Convert tool in Visual Studio 2017
+MigrationBackup/
+
+# Ionide (cross platform F# VS Code tools) working folder
+.ionide/

examples/dotnet/Program.cs

@@ -0,0 +1,272 @@
+using System.Collections.Generic;
+using System.Linq;
+using Pulumi;
+using DockerBuild = Pulumi.DockerBuild;
+
+return await Deployment.RunAsync(() => 
+{
+    var config = new Config();
+    var dockerHubPassword = config.Require("dockerHubPassword");
+    var multiPlatform = new DockerBuild.Image("multiPlatform", new()
+    {
+        Push = false,
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.multiPlatform",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Platforms = new[]
+        {
+            DockerBuild.Platform.Plan9_amd64,
+            DockerBuild.Platform.Plan9_386,
+        },
+    });
+
+    var registryPush = new DockerBuild.Image("registryPush", new()
+    {
+        Push = false,
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Tags = new[]
+        {
+            "docker.io/pulumibot/buildkit-e2e:example",
+        },
+        Exports = new[]
+        {
+            new DockerBuild.Inputs.ExportArgs
+            {
+                Registry = new DockerBuild.Inputs.ExportRegistryArgs
+                {
+                    OciMediaTypes = true,
+                    Push = false,
+                },
+            },
+        },
+        Registries = new[]
+        {
+            new DockerBuild.Inputs.RegistryArgs
+            {
+                Address = "docker.io",
+                Username = "pulumibot",
+                Password = dockerHubPassword,
+            },
+        },
+    });
+
+    var cached = new DockerBuild.Image("cached", new()
+    {
+        Push = false,
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        CacheTo = new[]
+        {
+            new DockerBuild.Inputs.CacheToArgs
+            {
+                Local = new DockerBuild.Inputs.CacheToLocalArgs
+                {
+                    Dest = "tmp/cache",
+                    Mode = DockerBuild.CacheMode.Max,
+                },
+            },
+        },
+        CacheFrom = new[]
+        {
+            new DockerBuild.Inputs.CacheFromArgs
+            {
+                Local = new DockerBuild.Inputs.CacheFromLocalArgs
+                {
+                    Src = "tmp/cache",
+                },
+            },
+        },
+    });
+
+    var buildArgs = new DockerBuild.Image("buildArgs", new()
+    {
+        Push = false,
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.buildArgs",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        BuildArgs = 
+        {
+            { "SET_ME_TO_TRUE", "true" },
+        },
+    });
+
+    var extraHosts = new DockerBuild.Image("extraHosts", new()
+    {
+        Push = false,
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.extraHosts",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        AddHosts = new[]
+        {
+            "metadata.google.internal:169.254.169.254",
+        },
+    });
+
+    var sshMount = new DockerBuild.Image("sshMount", new()
+    {
+        Push = false,
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.sshMount",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Ssh = new[]
+        {
+            new DockerBuild.Inputs.SSHArgs
+            {
+                Id = "default",
+            },
+        },
+    });
+
+    var secrets = new DockerBuild.Image("secrets", new()
+    {
+        Push = false,
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.secrets",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Secrets = 
+        {
+            { "password", "hunter2" },
+        },
+    });
+
+    var labels = new DockerBuild.Image("labels", new()
+    {
+        Push = false,
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Labels = 
+        {
+            { "description", "This image will get a descriptive label 👍" },
+        },
+    });
+
+    var target = new DockerBuild.Image("target", new()
+    {
+        Push = false,
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.target",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Target = "build-me",
+    });
+
+    var namedContexts = new DockerBuild.Image("namedContexts", new()
+    {
+        Push = false,
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Location = "./app/Dockerfile.namedContexts",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+            Named = 
+            {
+                { "golang:latest", new DockerBuild.Inputs.ContextArgs
+                {
+                    Location = "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
+                } },
+            },
+        },
+    });
+
+    var remoteContext = new DockerBuild.Image("remoteContext", new()
+    {
+        Push = false,
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile",
+        },
+    });
+
+    var remoteContextWithInline = new DockerBuild.Image("remoteContextWithInline", new()
+    {
+        Push = false,
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Inline = @"FROM busybox
+COPY hello.c ./
+",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "https://github.com/docker-library/hello-world.git",
+        },
+    });
+
+    var inline = new DockerBuild.Image("inline", new()
+    {
+        Push = false,
+        Dockerfile = new DockerBuild.Inputs.DockerfileArgs
+        {
+            Inline = @"FROM alpine
+RUN echo ""This uses an inline Dockerfile! 👍""
+",
+        },
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+    });
+
+    var dockerLoad = new DockerBuild.Image("dockerLoad", new()
+    {
+        Push = false,
+        Context = new DockerBuild.Inputs.BuildContextArgs
+        {
+            Location = "./app",
+        },
+        Exports = new[]
+        {
+            new DockerBuild.Inputs.ExportArgs
+            {
+                Docker = new DockerBuild.Inputs.ExportDockerArgs
+                {
+                    Tar = true,
+                },
+            },
+        },
+    });
+
+    return new Dictionary<string, object?>
+    {
+        ["platforms"] = multiPlatform.Platforms,
+    };
+});
+

examples/dotnet/Pulumi.yaml

@@ -0,0 +1,10 @@
+name: provider-docker-build
+runtime: dotnet
+config:
+  dockerHubPassword:
+    type: string
+    secret: true
+plugins:
+  providers:
+    - name: docker-build
+      path: ../../bin

examples/dotnet/app/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo 👍

examples/dotnet/app/Dockerfile.buildArgs

@@ -0,0 +1,5 @@
+FROM alpine
+
+ARG SET_ME_TO_TRUE
+RUN [ "$SET_ME_TO_TRUE" = "true" ]
+RUN echo "That's the correct build arg, thanks! 👍"

examples/dotnet/app/Dockerfile.emptyContext

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

examples/dotnet/app/Dockerfile.extraHosts

@@ -0,0 +1,3 @@
+FROM bash AS base
+
+RUN getent hosts metadata.google.internal

examples/dotnet/app/Dockerfile.multiPlatform

@@ -0,0 +1,7 @@
+FROM --platform=$BUILDPLATFORM alpine as build
+RUN echo ${BUILDPLATFORM} > buildplatform
+RUN echo ${TARGETPLATFORM} > targetplatform
+
+FROM build
+RUN cat buildplatform
+RUN cat targetplatform

examples/dotnet/app/Dockerfile.namedContexts

@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:1.4
+FROM golang:latest
+
+RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
+RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

examples/dotnet/app/Dockerfile.secrets

@@ -0,0 +1,4 @@
+FROM alpine
+
+RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]
+

examples/dotnet/app/Dockerfile.sshMount

@@ -0,0 +1,5 @@
+FROM alpine
+
+RUN apk add openssh-client
+
+RUN --mount=type=ssh ssh-add -l

examples/dotnet/app/Dockerfile.target

@@ -0,0 +1,8 @@
+FROM alpine as build-me
+RUN echo 👍
+
+FROM build-me as also-build-me
+RUN echo 🤙
+
+FROM build-me as dont-build-me
+RUN [ "true" = "false" ]

examples/dotnet/provider-docker-build.csproj

@@ -0,0 +1,14 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+	<PropertyGroup>
+		<OutputType>Exe</OutputType>
+		<TargetFramework>net6.0</TargetFramework>
+		<Nullable>enable</Nullable>
+	</PropertyGroup>
+
+	<ItemGroup>
+		<PackageReference Include="Pulumi" Version="3.*" />
+		<PackageReference Include="Pulumi.DockerBuild" Version="0.0.2-alpha.1712594380+4cd6d49b.dirty" />
+	</ItemGroup>
+
+</Project>

examples/dotnet_test.go

@@ -0,0 +1,39 @@
+//go:build dotnet || all
+// +build dotnet all
+
+package examples
+
+import (
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+	"testing"
+
+	"github.com/pulumi/pulumi/pkg/v3/testing/integration"
+	"github.com/stretchr/testify/require"
+)
+
+func TestDotNetExample(t *testing.T) {
+	cwd, err := os.Getwd()
+	require.NoError(t, err)
+
+	nuget := filepath.Join(cwd, "../nuget")
+	t.Setenv("PULUMI_LOCAL_NUGET", nuget)
+
+	cmd := exec.Command("dotnet", "nuget", "add", "source", nuget)
+	_ = cmd.Run()
+
+	test := integration.ProgramTestOptions{
+		Dir: path.Join(cwd, "dotnet"),
+		Dependencies: []string{
+			"Pulumi.DockerBuild",
+		},
+		Secrets: map[string]string{
+			"dockerHubPassword": os.Getenv("DOCKER_HUB_PASSWORD"),
+		},
+		NoParallel: true,
+	}
+
+	integration.ProgramTest(t, &test)
+}

examples/go/Pulumi.yaml

@@ -0,0 +1,10 @@
+name: provider-docker-build
+runtime: go
+config:
+  dockerHubPassword:
+    type: string
+    secret: true
+plugins:
+  providers:
+    - name: docker-build
+      path: ../../bin

examples/go/app/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo 👍

examples/go/app/Dockerfile.buildArgs

@@ -0,0 +1,5 @@
+FROM alpine
+
+ARG SET_ME_TO_TRUE
+RUN [ "$SET_ME_TO_TRUE" = "true" ]
+RUN echo "That's the correct build arg, thanks! 👍"

examples/go/app/Dockerfile.emptyContext

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

examples/go/app/Dockerfile.extraHosts

@@ -0,0 +1,3 @@
+FROM bash AS base
+
+RUN getent hosts metadata.google.internal

examples/go/app/Dockerfile.multiPlatform

@@ -0,0 +1,7 @@
+FROM --platform=$BUILDPLATFORM alpine as build
+RUN echo ${BUILDPLATFORM} > buildplatform
+RUN echo ${TARGETPLATFORM} > targetplatform
+
+FROM build
+RUN cat buildplatform
+RUN cat targetplatform

examples/go/app/Dockerfile.namedContexts

@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:1.4
+FROM golang:latest
+
+RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
+RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

examples/go/app/Dockerfile.secrets

@@ -0,0 +1,4 @@
+FROM alpine
+
+RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]
+

examples/go/app/Dockerfile.sshMount

@@ -0,0 +1,5 @@
+FROM alpine
+
+RUN apk add openssh-client
+
+RUN --mount=type=ssh ssh-add -l

examples/go/app/Dockerfile.target

@@ -0,0 +1,8 @@
+FROM alpine as build-me
+RUN echo 👍
+
+FROM build-me as also-build-me
+RUN echo 🤙
+
+FROM build-me as dont-build-me
+RUN [ "true" = "false" ]

examples/go/go.mod

@@ -0,0 +1,7 @@
+module provider-docker-build
+
+go 1.20
+
+require (
+	github.com/pulumi/pulumi/sdk/v3 v3.111.1
+)

examples/go/main.go

@@ -0,0 +1,236 @@
+package main
+
+import (
+	"github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild"
+	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
+	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
+)
+
+func main() {
+	pulumi.Run(func(ctx *pulumi.Context) error {
+		cfg := config.New(ctx, "")
+		dockerHubPassword := cfg.Require("dockerHubPassword")
+		multiPlatform, err := dockerbuild.NewImage(ctx, "multiPlatform", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.multiPlatform"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Platforms: dockerbuild.PlatformArray{
+				dockerbuild.Platform_Plan9_amd64,
+				dockerbuild.Platform_Plan9_386,
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "registryPush", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Tags: pulumi.StringArray{
+				pulumi.String("docker.io/pulumibot/buildkit-e2e:example"),
+			},
+			Exports: dockerbuild.ExportArray{
+				&dockerbuild.ExportArgs{
+					Registry: &dockerbuild.ExportRegistryArgs{
+						OciMediaTypes: pulumi.Bool(true),
+						Push:          pulumi.Bool(false),
+					},
+				},
+			},
+			Registries: dockerbuild.RegistryArray{
+				&dockerbuild.RegistryArgs{
+					Address:  pulumi.String("docker.io"),
+					Username: pulumi.String("pulumibot"),
+					Password: pulumi.String(dockerHubPassword),
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "cached", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			CacheTo: dockerbuild.CacheToArray{
+				&dockerbuild.CacheToArgs{
+					Local: &dockerbuild.CacheToLocalArgs{
+						Dest: pulumi.String("tmp/cache"),
+						Mode: dockerbuild.CacheModeMax,
+					},
+				},
+			},
+			CacheFrom: dockerbuild.CacheFromArray{
+				&dockerbuild.CacheFromArgs{
+					Local: &dockerbuild.CacheFromLocalArgs{
+						Src: pulumi.String("tmp/cache"),
+					},
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "buildArgs", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.buildArgs"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			BuildArgs: pulumi.StringMap{
+				"SET_ME_TO_TRUE": pulumi.String("true"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "extraHosts", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.extraHosts"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			AddHosts: pulumi.StringArray{
+				pulumi.String("metadata.google.internal:169.254.169.254"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "sshMount", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.sshMount"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Ssh: dockerbuild.SSHArray{
+				&dockerbuild.SSHArgs{
+					Id: pulumi.String("default"),
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "secrets", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.secrets"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Secrets: pulumi.StringMap{
+				"password": pulumi.String("hunter2"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "labels", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Labels: pulumi.StringMap{
+				"description": pulumi.String("This image will get a descriptive label 👍"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "target", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.target"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Target: pulumi.String("build-me"),
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "namedContexts", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Location: pulumi.String("./app/Dockerfile.namedContexts"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+				Named: dockerbuild.ContextMap{
+					"golang:latest": &dockerbuild.ContextArgs{
+						Location: pulumi.String("docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984"),
+					},
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "remoteContext", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "remoteContextWithInline", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Inline: pulumi.String("FROM busybox\nCOPY hello.c ./\n"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("https://github.com/docker-library/hello-world.git"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "inline", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Dockerfile: &dockerbuild.DockerfileArgs{
+				Inline: pulumi.String("FROM alpine\nRUN echo \"This uses an inline Dockerfile! 👍\"\n"),
+			},
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+		})
+		if err != nil {
+			return err
+		}
+		_, err = dockerbuild.NewImage(ctx, "dockerLoad", &dockerbuild.ImageArgs{
+			Push: pulumi.Bool(false),
+			Context: &dockerbuild.BuildContextArgs{
+				Location: pulumi.String("./app"),
+			},
+			Exports: dockerbuild.ExportArray{
+				&dockerbuild.ExportArgs{
+					Docker: &dockerbuild.ExportDockerArgs{
+						Tar: pulumi.Bool(true),
+					},
+				},
+			},
+		})
+		if err != nil {
+			return err
+		}
+		ctx.Export("platforms", multiPlatform.Platforms)
+		return nil
+	})
+}

examples/go_test.go

@@ -0,0 +1,30 @@
+//go:build go || all
+// +build go all
+
+package examples
+
+import (
+	"os"
+	"path"
+	"testing"
+
+	"github.com/pulumi/pulumi/pkg/v3/testing/integration"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGoExample(t *testing.T) {
+	cwd, err := os.Getwd()
+	require.NoError(t, err)
+
+	test := integration.ProgramTestOptions{
+		Dir: path.Join(cwd, "go"),
+		Dependencies: []string{
+			"github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild=../sdk/go/dockerbuild",
+		},
+		Secrets: map[string]string{
+			"dockerHubPassword": os.Getenv("DOCKER_HUB_PASSWORD"),
+		},
+	}
+
+	integration.ProgramTest(t, &test)
+}

examples/java/Pulumi.yaml

@@ -0,0 +1,10 @@
+name: provider-docker-build
+runtime: java
+config:
+  dockerHubPassword:
+    type: string
+    secret: true
+plugins:
+  providers:
+    - name: docker-build
+      path: ../../bin

examples/java/app/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo 👍

examples/java/app/Dockerfile.buildArgs

@@ -0,0 +1,5 @@
+FROM alpine
+
+ARG SET_ME_TO_TRUE
+RUN [ "$SET_ME_TO_TRUE" = "true" ]
+RUN echo "That's the correct build arg, thanks! 👍"

examples/java/app/Dockerfile.emptyContext

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

examples/java/app/Dockerfile.extraHosts

@@ -0,0 +1,3 @@
+FROM bash AS base
+
+RUN getent hosts metadata.google.internal

examples/java/app/Dockerfile.multiPlatform

@@ -0,0 +1,7 @@
+FROM --platform=$BUILDPLATFORM alpine as build
+RUN echo ${BUILDPLATFORM} > buildplatform
+RUN echo ${TARGETPLATFORM} > targetplatform
+
+FROM build
+RUN cat buildplatform
+RUN cat targetplatform

examples/java/app/Dockerfile.namedContexts

@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:1.4
+FROM golang:latest
+
+RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
+RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

examples/java/app/Dockerfile.secrets

@@ -0,0 +1,4 @@
+FROM alpine
+
+RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]
+

examples/java/app/Dockerfile.sshMount

@@ -0,0 +1,5 @@
+FROM alpine
+
+RUN apk add openssh-client
+
+RUN --mount=type=ssh ssh-add -l

examples/java/app/Dockerfile.target

@@ -0,0 +1,8 @@
+FROM alpine as build-me
+RUN echo 👍
+
+FROM build-me as also-build-me
+RUN echo 🤙
+
+FROM build-me as dont-build-me
+RUN [ "true" = "false" ]

examples/java/pom.xml

@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+		<project xmlns="http://maven.apache.org/POM/4.0.0"
+				 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+				 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+			<modelVersion>4.0.0</modelVersion>
+
+			<groupId>com.pulumi</groupId>
+			<artifactId>provider-docker-build</artifactId>
+			<version>1.0-SNAPSHOT</version>
+
+			<properties>
+				<encoding>UTF-8</encoding>
+				<maven.compiler.source>11</maven.compiler.source>
+				<maven.compiler.target>11</maven.compiler.target>
+				<maven.compiler.release>11</maven.compiler.release>
+				<mainClass>generated_program.App</mainClass>
+				<mainArgs/>
+			</properties>
+
+			<dependencies>
+				<dependency>
+					<groupId>com.pulumi</groupId>
+					<artifactId>pulumi</artifactId>
+					<version>(,1.0]</version>
+				</dependency>
+				<dependency>
+            		<groupId>com.pulumi</groupId>
+            		<artifactId>docker-build</artifactId>
+                    <version>[0.0.0,)</version>
+        		</dependency>
+			</dependencies>
+
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.apache.maven.plugins</groupId>
+						<artifactId>maven-jar-plugin</artifactId>
+						<version>3.2.2</version>
+						<configuration>
+							<archive>
+								<manifest>
+									<addClasspath>true</addClasspath>
+									<mainClass>${mainClass}</mainClass>
+								</manifest>
+							</archive>
+						</configuration>
+					</plugin>
+					<plugin>
+						<groupId>org.apache.maven.plugins</groupId>
+						<artifactId>maven-assembly-plugin</artifactId>
+						<version>3.4.2</version>
+						<configuration>
+							<archive>
+								<manifest>
+									<addClasspath>true</addClasspath>
+									<mainClass>${mainClass}</mainClass>
+								</manifest>
+							</archive>
+							<descriptorRefs>
+								<descriptorRef>jar-with-dependencies</descriptorRef>
+							</descriptorRefs>
+						</configuration>
+						<executions>
+							<execution>
+								<id>make-my-jar-with-dependencies</id>
+								<phase>package</phase>
+								<goals>
+									<goal>single</goal>
+								</goals>
+							</execution>
+						</executions>
+					</plugin>
+					<plugin>
+						<groupId>org.codehaus.mojo</groupId>
+						<artifactId>exec-maven-plugin</artifactId>
+						<version>3.1.0</version>
+						<configuration>
+							<mainClass>${mainClass}</mainClass>
+							<commandlineArgs>${mainArgs}</commandlineArgs>
+						</configuration>
+					</plugin>
+					<plugin>
+						<groupId>org.apache.maven.plugins</groupId>
+						<artifactId>maven-wrapper-plugin</artifactId>
+						<version>3.1.1</version>
+						<configuration>
+							<mavenVersion>3.8.5</mavenVersion>
+						</configuration>
+					</plugin>
+				</plugins>
+			</build>
+		</project>

examples/java/src/main/java/generated_program/App.java

@@ -0,0 +1,207 @@
+package generated_program;
+
+import com.pulumi.Context;
+import com.pulumi.Pulumi;
+import com.pulumi.core.Output;
+import com.pulumi.dockerbuild.Image;
+import com.pulumi.dockerbuild.ImageArgs;
+import com.pulumi.dockerbuild.inputs.DockerfileArgs;
+import com.pulumi.dockerbuild.inputs.BuildContextArgs;
+import com.pulumi.dockerbuild.inputs.ExportArgs;
+import com.pulumi.dockerbuild.inputs.ExportRegistryArgs;
+import com.pulumi.dockerbuild.inputs.RegistryArgs;
+import com.pulumi.dockerbuild.inputs.CacheToArgs;
+import com.pulumi.dockerbuild.inputs.CacheToLocalArgs;
+import com.pulumi.dockerbuild.inputs.CacheFromArgs;
+import com.pulumi.dockerbuild.inputs.CacheFromLocalArgs;
+import com.pulumi.dockerbuild.inputs.SSHArgs;
+import com.pulumi.dockerbuild.inputs.ExportDockerArgs;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.io.File;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+public class App {
+    public static void main(String[] args) {
+        Pulumi.run(App::stack);
+    }
+
+    public static void stack(Context ctx) {
+        final var config = ctx.config();
+        final var dockerHubPassword = config.get("dockerHubPassword");
+        var multiPlatform = new Image("multiPlatform", ImageArgs.builder()        
+            .push(false)
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.multiPlatform")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .platforms(            
+                "plan9/amd64",
+                "plan9/386")
+            .build());
+
+        var registryPush = new Image("registryPush", ImageArgs.builder()        
+            .push(false)
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .tags("docker.io/pulumibot/buildkit-e2e:example")
+            .exports(ExportArgs.builder()
+                .registry(ExportRegistryArgs.builder()
+                    .ociMediaTypes(true)
+                    .push(false)
+                    .build())
+                .build())
+            .registries(RegistryArgs.builder()
+                .address("docker.io")
+                .username("pulumibot")
+                .password(dockerHubPassword)
+                .build())
+            .build());
+
+        var cached = new Image("cached", ImageArgs.builder()        
+            .push(false)
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .cacheTo(CacheToArgs.builder()
+                .local(CacheToLocalArgs.builder()
+                    .dest("tmp/cache")
+                    .mode("max")
+                    .build())
+                .build())
+            .cacheFrom(CacheFromArgs.builder()
+                .local(CacheFromLocalArgs.builder()
+                    .src("tmp/cache")
+                    .build())
+                .build())
+            .build());
+
+        var buildArgs = new Image("buildArgs", ImageArgs.builder()        
+            .push(false)
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.buildArgs")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .buildArgs(Map.of("SET_ME_TO_TRUE", "true"))
+            .build());
+
+        var extraHosts = new Image("extraHosts", ImageArgs.builder()        
+            .push(false)
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.extraHosts")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .addHosts("metadata.google.internal:169.254.169.254")
+            .build());
+
+        var sshMount = new Image("sshMount", ImageArgs.builder()        
+            .push(false)
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.sshMount")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .ssh(SSHArgs.builder()
+                .id("default")
+                .build())
+            .build());
+
+        var secrets = new Image("secrets", ImageArgs.builder()        
+            .push(false)
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.secrets")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .secrets(Map.of("password", "hunter2"))
+            .build());
+
+        var labels = new Image("labels", ImageArgs.builder()        
+            .push(false)
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .labels(Map.of("description", "This image will get a descriptive label 👍"))
+            .build());
+
+        var target = new Image("target", ImageArgs.builder()        
+            .push(false)
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.target")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .target("build-me")
+            .build());
+
+        var namedContexts = new Image("namedContexts", ImageArgs.builder()        
+            .push(false)
+            .dockerfile(DockerfileArgs.builder()
+                .location("./app/Dockerfile.namedContexts")
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .named(Map.of("golang:latest", Map.of("location", "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984")))
+                .build())
+            .build());
+
+        var remoteContext = new Image("remoteContext", ImageArgs.builder()        
+            .push(false)
+            .context(BuildContextArgs.builder()
+                .location("https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile")
+                .build())
+            .build());
+
+        var remoteContextWithInline = new Image("remoteContextWithInline", ImageArgs.builder()        
+            .push(false)
+            .dockerfile(DockerfileArgs.builder()
+                .inline("""
+FROM busybox
+COPY hello.c ./
+                """)
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("https://github.com/docker-library/hello-world.git")
+                .build())
+            .build());
+
+        var inline = new Image("inline", ImageArgs.builder()        
+            .push(false)
+            .dockerfile(DockerfileArgs.builder()
+                .inline("""
+FROM alpine
+RUN echo "This uses an inline Dockerfile! 👍"
+                """)
+                .build())
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .build());
+
+        var dockerLoad = new Image("dockerLoad", ImageArgs.builder()        
+            .push(false)
+            .context(BuildContextArgs.builder()
+                .location("./app")
+                .build())
+            .exports(ExportArgs.builder()
+                .docker(ExportDockerArgs.builder()
+                    .tar(true)
+                    .build())
+                .build())
+            .build());
+
+        ctx.export("platforms", multiPlatform.platforms());
+    }
+}

examples/java_test.go

@@ -0,0 +1,29 @@
+//go:build java || all
+// +build java all
+
+package examples
+
+import (
+	"os"
+	"path"
+	"testing"
+
+	"github.com/pulumi/pulumi/pkg/v3/testing/integration"
+	"github.com/stretchr/testify/require"
+)
+
+func TestJavaExample(t *testing.T) {
+	t.Skip("not working yet")
+
+	cwd, err := os.Getwd()
+	require.NoError(t, err)
+
+	test := integration.ProgramTestOptions{
+		Dir: path.Join(cwd, "java"),
+		Secrets: map[string]string{
+			"dockerHubPassword": os.Getenv("DOCKER_HUB_PASSWORD"),
+		},
+	}
+
+	integration.ProgramTest(t, &test)
+}

examples/main_test.go

@@ -0,0 +1,61 @@
+package examples
+
+import (
+	"crypto/rsa"
+	"errors"
+	"io"
+	"math/rand"
+	"net"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"golang.org/x/crypto/ssh/agent"
+)
+
+func TestMain(m *testing.M) {
+	sock := sshagent()
+	os.Setenv("SSH_AUTH_SOCK", sock)
+
+	os.Exit(m.Run())
+}
+
+// sshagent crates an in-memory SSH agent with one identity.
+func sshagent() string {
+	dir, err := os.MkdirTemp(os.TempDir(), "docker-test-*")
+	if err != nil {
+		panic(err)
+	}
+
+	sock := filepath.Join(dir, "test.sock")
+
+	l, err := net.Listen("unix", sock)
+	if err != nil {
+		panic(err)
+	}
+
+	a := agent.NewKeyring()
+	//nolint:gosec
+	key, err := rsa.GenerateKey(rand.New(rand.NewSource(42)), 2048)
+	if err != nil {
+		panic(err)
+	}
+	err = a.Add(agent.AddedKey{PrivateKey: key})
+	if err != nil {
+		panic(err)
+	}
+
+	go func() {
+		for {
+			conn, err := l.Accept()
+			if err != nil {
+				panic(err)
+			}
+			if err := agent.ServeAgent(a, conn); err != nil && !errors.Is(err, io.EOF) {
+				panic(err)
+			}
+		}
+	}()
+
+	return sock
+}

examples/nodejs/.gitignore

@@ -0,0 +1,2 @@
+/bin/
+/node_modules/

examples/nodejs/Pulumi.yaml

@@ -0,0 +1,10 @@
+name: provider-docker-build
+runtime: nodejs
+config:
+  dockerHubPassword:
+    type: string
+    secret: true
+plugins:
+  providers:
+    - name: docker-build
+      path: ../../bin

examples/nodejs/app/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo 👍

examples/nodejs/app/Dockerfile.buildArgs

@@ -0,0 +1,5 @@
+FROM alpine
+
+ARG SET_ME_TO_TRUE
+RUN [ "$SET_ME_TO_TRUE" = "true" ]
+RUN echo "That's the correct build arg, thanks! 👍"

examples/nodejs/app/Dockerfile.emptyContext

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

examples/nodejs/app/Dockerfile.extraHosts

@@ -0,0 +1,3 @@
+FROM bash AS base
+
+RUN getent hosts metadata.google.internal

examples/nodejs/app/Dockerfile.multiPlatform

@@ -0,0 +1,7 @@
+FROM --platform=$BUILDPLATFORM alpine as build
+RUN echo ${BUILDPLATFORM} > buildplatform
+RUN echo ${TARGETPLATFORM} > targetplatform
+
+FROM build
+RUN cat buildplatform
+RUN cat targetplatform

examples/nodejs/app/Dockerfile.namedContexts

@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:1.4
+FROM golang:latest
+
+RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
+RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

examples/nodejs/app/Dockerfile.secrets

@@ -0,0 +1,4 @@
+FROM alpine
+
+RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]
+

examples/nodejs/app/Dockerfile.sshMount

@@ -0,0 +1,5 @@
+FROM alpine
+
+RUN apk add openssh-client
+
+RUN --mount=type=ssh ssh-add -l

examples/nodejs/app/Dockerfile.target

@@ -0,0 +1,8 @@
+FROM alpine as build-me
+RUN echo 👍
+
+FROM build-me as also-build-me
+RUN echo 🤙
+
+FROM build-me as dont-build-me
+RUN [ "true" = "false" ]

examples/nodejs/index.ts

@@ -0,0 +1,172 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as docker_build from "@pulumi/docker-build";
+
+const config = new pulumi.Config();
+const dockerHubPassword = config.require("dockerHubPassword");
+const multiPlatform = new docker_build.Image("multiPlatform", {
+    push: false,
+    dockerfile: {
+        location: "./app/Dockerfile.multiPlatform",
+    },
+    context: {
+        location: "./app",
+    },
+    platforms: [
+        docker_build.Platform.Plan9_amd64,
+        docker_build.Platform.Plan9_386,
+    ],
+});
+const registryPush = new docker_build.Image("registryPush", {
+    push: false,
+    context: {
+        location: "./app",
+    },
+    tags: ["docker.io/pulumibot/buildkit-e2e:example"],
+    exports: [{
+        registry: {
+            ociMediaTypes: true,
+            push: false,
+        },
+    }],
+    registries: [{
+        address: "docker.io",
+        username: "pulumibot",
+        password: dockerHubPassword,
+    }],
+});
+const cached = new docker_build.Image("cached", {
+    push: false,
+    context: {
+        location: "./app",
+    },
+    cacheTo: [{
+        local: {
+            dest: "tmp/cache",
+            mode: docker_build.CacheMode.Max,
+        },
+    }],
+    cacheFrom: [{
+        local: {
+            src: "tmp/cache",
+        },
+    }],
+});
+const buildArgs = new docker_build.Image("buildArgs", {
+    push: false,
+    dockerfile: {
+        location: "./app/Dockerfile.buildArgs",
+    },
+    context: {
+        location: "./app",
+    },
+    buildArgs: {
+        SET_ME_TO_TRUE: "true",
+    },
+});
+const extraHosts = new docker_build.Image("extraHosts", {
+    push: false,
+    dockerfile: {
+        location: "./app/Dockerfile.extraHosts",
+    },
+    context: {
+        location: "./app",
+    },
+    addHosts: ["metadata.google.internal:169.254.169.254"],
+});
+const sshMount = new docker_build.Image("sshMount", {
+    push: false,
+    dockerfile: {
+        location: "./app/Dockerfile.sshMount",
+    },
+    context: {
+        location: "./app",
+    },
+    ssh: [{
+        id: "default",
+    }],
+});
+const secrets = new docker_build.Image("secrets", {
+    push: false,
+    dockerfile: {
+        location: "./app/Dockerfile.secrets",
+    },
+    context: {
+        location: "./app",
+    },
+    secrets: {
+        password: "hunter2",
+    },
+});
+const labels = new docker_build.Image("labels", {
+    push: false,
+    context: {
+        location: "./app",
+    },
+    labels: {
+        description: "This image will get a descriptive label 👍",
+    },
+});
+const target = new docker_build.Image("target", {
+    push: false,
+    dockerfile: {
+        location: "./app/Dockerfile.target",
+    },
+    context: {
+        location: "./app",
+    },
+    target: "build-me",
+});
+const namedContexts = new docker_build.Image("namedContexts", {
+    push: false,
+    dockerfile: {
+        location: "./app/Dockerfile.namedContexts",
+    },
+    context: {
+        location: "./app",
+        named: {
+            "golang:latest": {
+                location: "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
+            },
+        },
+    },
+});
+const remoteContext = new docker_build.Image("remoteContext", {
+    push: false,
+    context: {
+        location: "https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile",
+    },
+});
+const remoteContextWithInline = new docker_build.Image("remoteContextWithInline", {
+    push: false,
+    dockerfile: {
+        inline: `FROM busybox
+COPY hello.c ./
+`,
+    },
+    context: {
+        location: "https://github.com/docker-library/hello-world.git",
+    },
+});
+const inline = new docker_build.Image("inline", {
+    push: false,
+    dockerfile: {
+        inline: `FROM alpine
+RUN echo "This uses an inline Dockerfile! 👍"
+`,
+    },
+    context: {
+        location: "./app",
+    },
+});
+const dockerLoad = new docker_build.Image("dockerLoad", {
+    push: false,
+    context: {
+        location: "./app",
+    },
+    exports: [{
+        docker: {
+            tar: true,
+        },
+    }],
+});
+export const platforms = multiPlatform.platforms;

examples/nodejs/package.json

@@ -0,0 +1,10 @@
+{
+  "name": "provider-docker-build",
+  "devDependencies": {
+    "@types/node": "^18"
+  },
+  "dependencies": {
+    "typescript": "^4.0.0",
+    "@pulumi/pulumi": "^3.0.0"
+  }
+}

examples/nodejs/tsconfig.json

@@ -0,0 +1,18 @@
+{
+	"compilerOptions": {
+		"strict": true,
+		"outDir": "bin",
+		"target": "es2016",
+		"module": "commonjs",
+		"moduleResolution": "node",
+		"sourceMap": true,
+		"experimentalDecorators": true,
+		"pretty": true,
+		"noFallthroughCasesInSwitch": true,
+		"noImplicitReturns": true,
+		"forceConsistentCasingInFileNames": true
+	},
+	"files": [
+		"index.ts",
+	]
+}

examples/nodejs_test.go

@@ -0,0 +1,28 @@
+//go:build nodejs || all
+// +build nodejs all
+
+package examples
+
+import (
+	"os"
+	"path"
+	"testing"
+
+	"github.com/pulumi/pulumi/pkg/v3/testing/integration"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNodeExample(t *testing.T) {
+	cwd, err := os.Getwd()
+	require.NoError(t, err)
+
+	test := integration.ProgramTestOptions{
+		Dir:          path.Join(cwd, "nodejs"),
+		Dependencies: []string{"@pulumi/docker-build"},
+		Secrets: map[string]string{
+			"dockerHubPassword": os.Getenv("DOCKER_HUB_PASSWORD"),
+		},
+	}
+
+	integration.ProgramTest(t, &test)
+}

examples/python/.gitignore

@@ -0,0 +1,2 @@
+*.pyc
+venv/

examples/python/Pulumi.yaml

@@ -0,0 +1,10 @@
+name: provider-docker-build
+runtime: python
+config:
+  dockerHubPassword:
+    type: string
+    secret: true
+plugins:
+  providers:
+    - name: docker-build
+      path: ../../bin

examples/python/__main__.py

@@ -0,0 +1,158 @@
+import pulumi
+import pulumi_docker_build as docker_build
+
+config = pulumi.Config()
+docker_hub_password = config.require("dockerHubPassword")
+multi_platform = docker_build.Image("multiPlatform",
+    push=False,
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.multiPlatform",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    platforms=[
+        docker_build.Platform.PLAN9_AMD64,
+        docker_build.Platform.PLAN9_386,
+    ])
+registry_push = docker_build.Image("registryPush",
+    push=False,
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    tags=["docker.io/pulumibot/buildkit-e2e:example"],
+    exports=[docker_build.ExportArgs(
+        registry=docker_build.ExportRegistryArgs(
+            oci_media_types=True,
+            push=False,
+        ),
+    )],
+    registries=[docker_build.RegistryArgs(
+        address="docker.io",
+        username="pulumibot",
+        password=docker_hub_password,
+    )])
+cached = docker_build.Image("cached",
+    push=False,
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    cache_to=[docker_build.CacheToArgs(
+        local=docker_build.CacheToLocalArgs(
+            dest="tmp/cache",
+            mode=docker_build.CacheMode.MAX,
+        ),
+    )],
+    cache_from=[docker_build.CacheFromArgs(
+        local=docker_build.CacheFromLocalArgs(
+            src="tmp/cache",
+        ),
+    )])
+build_args = docker_build.Image("buildArgs",
+    push=False,
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.buildArgs",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    build_args={
+        "SET_ME_TO_TRUE": "true",
+    })
+extra_hosts = docker_build.Image("extraHosts",
+    push=False,
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.extraHosts",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    add_hosts=["metadata.google.internal:169.254.169.254"])
+ssh_mount = docker_build.Image("sshMount",
+    push=False,
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.sshMount",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    ssh=[docker_build.SSHArgs(
+        id="default",
+    )])
+secrets = docker_build.Image("secrets",
+    push=False,
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.secrets",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    secrets={
+        "password": "hunter2",
+    })
+labels = docker_build.Image("labels",
+    push=False,
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    labels={
+        "description": "This image will get a descriptive label 👍",
+    })
+target = docker_build.Image("target",
+    push=False,
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.target",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    target="build-me")
+named_contexts = docker_build.Image("namedContexts",
+    push=False,
+    dockerfile=docker_build.DockerfileArgs(
+        location="./app/Dockerfile.namedContexts",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+        named={
+            "golang:latest": docker_build.ContextArgs(
+                location="docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
+            ),
+        },
+    ))
+remote_context = docker_build.Image("remoteContext",
+    push=False,
+    context=docker_build.BuildContextArgs(
+        location="https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile",
+    ))
+remote_context_with_inline = docker_build.Image("remoteContextWithInline",
+    push=False,
+    dockerfile=docker_build.DockerfileArgs(
+        inline="""FROM busybox
+COPY hello.c ./
+""",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="https://github.com/docker-library/hello-world.git",
+    ))
+inline = docker_build.Image("inline",
+    push=False,
+    dockerfile=docker_build.DockerfileArgs(
+        inline="""FROM alpine
+RUN echo "This uses an inline Dockerfile! 👍"
+""",
+    ),
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ))
+docker_load = docker_build.Image("dockerLoad",
+    push=False,
+    context=docker_build.BuildContextArgs(
+        location="./app",
+    ),
+    exports=[docker_build.ExportArgs(
+        docker=docker_build.ExportDockerArgs(
+            tar=True,
+        ),
+    )])
+pulumi.export("platforms", multi_platform.platforms)

examples/python/app/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo 👍

examples/python/app/Dockerfile.buildArgs

@@ -0,0 +1,5 @@
+FROM alpine
+
+ARG SET_ME_TO_TRUE
+RUN [ "$SET_ME_TO_TRUE" = "true" ]
+RUN echo "That's the correct build arg, thanks! 👍"

examples/python/app/Dockerfile.emptyContext

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

examples/python/app/Dockerfile.extraHosts

@@ -0,0 +1,3 @@
+FROM bash AS base
+
+RUN getent hosts metadata.google.internal

examples/python/app/Dockerfile.multiPlatform

@@ -0,0 +1,7 @@
+FROM --platform=$BUILDPLATFORM alpine as build
+RUN echo ${BUILDPLATFORM} > buildplatform
+RUN echo ${TARGETPLATFORM} > targetplatform
+
+FROM build
+RUN cat buildplatform
+RUN cat targetplatform

examples/python/app/Dockerfile.namedContexts

@@ -0,0 +1,5 @@
+# syntax=docker/dockerfile:1.4
+FROM golang:latest
+
+RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
+RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

examples/python/app/Dockerfile.secrets

@@ -0,0 +1,4 @@
+FROM alpine
+
+RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]
+

examples/python/app/Dockerfile.sshMount

@@ -0,0 +1,5 @@
+FROM alpine
+
+RUN apk add openssh-client
+
+RUN --mount=type=ssh ssh-add -l

examples/python/app/Dockerfile.target

@@ -0,0 +1,8 @@
+FROM alpine as build-me
+RUN echo 👍
+
+FROM build-me as also-build-me
+RUN echo 🤙
+
+FROM build-me as dont-build-me
+RUN [ "true" = "false" ]

examples/python/requirements.txt

@@ -0,0 +1 @@
+pulumi>=3.0.0,<4.0.0

examples/python_test.go

@@ -0,0 +1,31 @@
+//go:build python || all
+// +build python all
+
+package examples
+
+import (
+	"os"
+	"path"
+	"testing"
+
+	"github.com/pulumi/pulumi/pkg/v3/testing/integration"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPythonExample(t *testing.T) {
+	cwd, err := os.Getwd()
+	require.NoError(t, err)
+
+	test := integration.ProgramTestOptions{
+		Dir:             path.Join(cwd, "python"),
+		RelativeWorkDir: ".",
+		Dependencies: []string{
+			path.Join("..", "sdk", "python", "bin"),
+		},
+		Secrets: map[string]string{
+			"dockerHubPassword": os.Getenv("DOCKER_HUB_PASSWORD"),
+		},
+	}
+
+	integration.ProgramTest(t, &test)
+}