sam_oneal/pulumi-docker-build
1
0
Fork 0
Code Actions Packages Releases Wiki Activity

Compare commits

base: sam_oneal:update-github-actions-workflows-1172
Branches Tags
sam_oneal:main sam_oneal:debug-image sam_oneal:renovate/major-pulumi sam_oneal:renovate/security sam_oneal:update-pulumi/26579044728-128 sam_oneal:update-pulumi/26229658565-127 sam_oneal:renovate/major-security sam_oneal:update-pulumi/25497905451-125 sam_oneal:update-github-actions-workflows-1172 sam_oneal:update-pulumi/24511459645-122 sam_oneal:update-pulumi/24191344757-121 sam_oneal:update-pulumi/23901444046-120 sam_oneal:update-pulumi/23595431521-119 sam_oneal:update-pulumi/23295872936-118 sam_oneal:update-github-actions-workflows-704 sam_oneal:update-pulumi/23002983312-117 sam_oneal:update-pulumi/22718886647-116 sam_oneal:update-github-actions-workflows-1114 sam_oneal:update-pulumi/22442999542-115 sam_oneal:update-pulumi/22182641498-114 sam_oneal:update-github-actions-workflows-1092 sam_oneal:update-pulumi/21947465199-113 sam_oneal:iwahhbe/update-dotnet-codegen sam_oneal:update-pulumi/21712281897-112 sam_oneal:update-github-actions-workflows-642 sam_oneal:update-pulumi/21478933959-111 sam_oneal:update-pulumi/21249204200-110 sam_oneal:update-pulumi/21031979833-109 sam_oneal:update-pulumi/20817484855-108 sam_oneal:update-pulumi/20638879280-107 sam_oneal:update-pulumi/20505377620-106 sam_oneal:update-pulumi/20337605127-105 sam_oneal:update-github-actions-workflows-1025 sam_oneal:update-github-actions-workflows-1024 sam_oneal:update-github-actions-workflows-568 sam_oneal:update-github-actions-workflows-1023 sam_oneal:update-github-actions-workflows-1022 sam_oneal:update-github-actions-workflows-1021 sam_oneal:update-github-actions-workflows-1020 sam_oneal:update-github-actions-workflows-1019 sam_oneal:update-pulumi/20133762954-104 sam_oneal:update-github-actions-workflows-1016 sam_oneal:update-github-actions-workflows-1015 sam_oneal:update-github-actions-workflows-1014 sam_oneal:update-github-actions-workflows-1013 sam_oneal:update-github-actions-workflows-1012 sam_oneal:update-github-actions-workflows-1011 sam_oneal:update-pulumi/19929659171-103 sam_oneal:update-github-actions-workflows-1010 sam_oneal:update-github-actions-workflows-1009 sam_oneal:update-github-actions-workflows-1008 sam_oneal:update-github-actions-workflows-1007 sam_oneal:update-github-actions-workflows-1006 sam_oneal:update-github-actions-workflows-1005 sam_oneal:update-github-actions-workflows-1004 sam_oneal:update-github-actions-workflows-1003 sam_oneal:update-pulumi/19736920399-102 sam_oneal:update-github-actions-workflows-1002 sam_oneal:update-github-actions-workflows-1001 sam_oneal:update-github-actions-workflows-1000 sam_oneal:update-pulumi/19537526118-101 sam_oneal:update-pulumi/19332198478-100 sam_oneal:update-github-actions-workflows-985 sam_oneal:update-github-actions-workflows-984 sam_oneal:update-github-actions-workflows-983 sam_oneal:pose/fixes/golangci-lint-upgrade-to-v2 sam_oneal:update-github-actions-workflows-982 sam_oneal:update-github-actions-workflows-981 sam_oneal:update-pulumi/19136291852-99 sam_oneal:update-github-actions-workflows-980 sam_oneal:update-github-actions-workflows-979 sam_oneal:update-github-actions-workflows-978 sam_oneal:update-github-actions-workflows-977 sam_oneal:update-github-actions-workflows-976 sam_oneal:update-github-actions-workflows-975 sam_oneal:update-github-actions-workflows-974 sam_oneal:update-pulumi/18941265690-98 sam_oneal:update-github-actions-workflows-973 sam_oneal:update-github-actions-workflows-972 sam_oneal:update-github-actions-workflows-971 sam_oneal:update-github-actions-workflows-970 sam_oneal:update-github-actions-workflows-969 sam_oneal:update-github-actions-workflows-965 sam_oneal:update-pulumi/18748991289-97 sam_oneal:update-pulumi/18561908881-96 sam_oneal:update-pulumi/18376962578-95 sam_oneal:update-pulumi/18193512866-94 sam_oneal:update-github-actions-workflows-552 sam_oneal:update-github-actions-workflows-548 sam_oneal:update-github-actions-workflows-546 sam_oneal:update-pulumi/18008090346-93 sam_oneal:update-pulumi/17829264550-92 sam_oneal:update-pulumi/17645108435-91 sam_oneal:update-github-actions-workflows-920 sam_oneal:update-github-actions-workflows-913 sam_oneal:update-github-actions-workflows-912 sam_oneal:update-github-actions-workflows-911 sam_oneal:update-github-actions-workflows-910 sam_oneal:update-pulumi/17296416183-89 sam_oneal:update-pulumi/17127477815-88 sam_oneal:update-github-actions-workflows-889 sam_oneal:update-github-actions-workflows-493 sam_oneal:blampe/json-keys sam_oneal:update-pulumi/16497427062-83 sam_oneal:blampe/go-provider-bracket sam_oneal:update-github-actions-workflows-784 sam_oneal:update-pulumi/14642101166-70 sam_oneal:adopt-ci-mgmt sam_oneal:mise sam_oneal:blampe/gha-token sam_oneal:iwahbe/upgrade-go-provider sam_oneal:ci
sam_oneal:v0.0.19 sam_oneal:sdk/go/dockerbuild/v0.0.18 sam_oneal:v0.0.18 sam_oneal:sdk/go/dockerbuild/v0.0.17 sam_oneal:v0.0.17 sam_oneal:sdk/go/dockerbuild/v0.0.16 sam_oneal:v0.0.16 sam_oneal:sdk/go/dockerbuild/v0.0.15 sam_oneal:v0.0.15 sam_oneal:sdk/go/dockerbuild/v0.0.14 sam_oneal:v0.0.14 sam_oneal:sdk/go/dockerbuild/v0.0.13 sam_oneal:v0.0.13 sam_oneal:sdk/go/dockerbuild/v0.0.12 sam_oneal:v0.0.12 sam_oneal:sdk/go/dockerbuild/v0.0.11 sam_oneal:v0.0.11 sam_oneal:sdk/go/dockerbuild/v0.0.10 sam_oneal:v0.0.10 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.99 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.100 sam_oneal:v0.0.1-alpha.100 sam_oneal:v0.0.1-testwindows.signing sam_oneal:sdk/go/dockerbuild/v0.0.9 sam_oneal:v0.0.9 sam_oneal:sdk/go/dockerbuild/v0.0.8 sam_oneal:v0.0.8 sam_oneal:sdk/go/dockerbuild/v0.0.7 sam_oneal:v0.0.7 sam_oneal:sdk/go/dockerbuild/v0.0.6 sam_oneal:v0.0.6 sam_oneal:sdk/go/dockerbuild/v0.0.5 sam_oneal:v0.0.5 sam_oneal:sdk/go/dockerbuild/v0.0.4 sam_oneal:v0.0.4 sam_oneal:sdk/go/dockerbuild/v0.0.3 sam_oneal:sdk/v0.0.3 sam_oneal:v0.0.3 sam_oneal:v0.0.2 sam_oneal:sdk/v0.0.2 sam_oneal:sdk/v0.0.1 sam_oneal:v0.0.1 sam_oneal:v0.0.1-alpha.3 sam_oneal:v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.1 sam_oneal:v0.0.1-alpha.1
..
compare: sam_oneal:sdk/go/dockerbuild/v0.0.13
Branches Tags
sam_oneal:debug-image sam_oneal:renovate/major-pulumi sam_oneal:renovate/security sam_oneal:main sam_oneal:update-pulumi/26579044728-128 sam_oneal:update-pulumi/26229658565-127 sam_oneal:renovate/major-security sam_oneal:update-pulumi/25497905451-125 sam_oneal:update-github-actions-workflows-1172 sam_oneal:update-pulumi/24511459645-122 sam_oneal:update-pulumi/24191344757-121 sam_oneal:update-pulumi/23901444046-120 sam_oneal:update-pulumi/23595431521-119 sam_oneal:update-pulumi/23295872936-118 sam_oneal:update-github-actions-workflows-704 sam_oneal:update-pulumi/23002983312-117 sam_oneal:update-pulumi/22718886647-116 sam_oneal:update-github-actions-workflows-1114 sam_oneal:update-pulumi/22442999542-115 sam_oneal:update-pulumi/22182641498-114 sam_oneal:update-github-actions-workflows-1092 sam_oneal:update-pulumi/21947465199-113 sam_oneal:iwahhbe/update-dotnet-codegen sam_oneal:update-pulumi/21712281897-112 sam_oneal:update-github-actions-workflows-642 sam_oneal:update-pulumi/21478933959-111 sam_oneal:update-pulumi/21249204200-110 sam_oneal:update-pulumi/21031979833-109 sam_oneal:update-pulumi/20817484855-108 sam_oneal:update-pulumi/20638879280-107 sam_oneal:update-pulumi/20505377620-106 sam_oneal:update-pulumi/20337605127-105 sam_oneal:update-github-actions-workflows-1025 sam_oneal:update-github-actions-workflows-1024 sam_oneal:update-github-actions-workflows-568 sam_oneal:update-github-actions-workflows-1023 sam_oneal:update-github-actions-workflows-1022 sam_oneal:update-github-actions-workflows-1021 sam_oneal:update-github-actions-workflows-1020 sam_oneal:update-github-actions-workflows-1019 sam_oneal:update-pulumi/20133762954-104 sam_oneal:update-github-actions-workflows-1016 sam_oneal:update-github-actions-workflows-1015 sam_oneal:update-github-actions-workflows-1014 sam_oneal:update-github-actions-workflows-1013 sam_oneal:update-github-actions-workflows-1012 sam_oneal:update-github-actions-workflows-1011 sam_oneal:update-pulumi/19929659171-103 sam_oneal:update-github-actions-workflows-1010 sam_oneal:update-github-actions-workflows-1009 sam_oneal:update-github-actions-workflows-1008 sam_oneal:update-github-actions-workflows-1007 sam_oneal:update-github-actions-workflows-1006 sam_oneal:update-github-actions-workflows-1005 sam_oneal:update-github-actions-workflows-1004 sam_oneal:update-github-actions-workflows-1003 sam_oneal:update-pulumi/19736920399-102 sam_oneal:update-github-actions-workflows-1002 sam_oneal:update-github-actions-workflows-1001 sam_oneal:update-github-actions-workflows-1000 sam_oneal:update-pulumi/19537526118-101 sam_oneal:update-pulumi/19332198478-100 sam_oneal:update-github-actions-workflows-985 sam_oneal:update-github-actions-workflows-984 sam_oneal:update-github-actions-workflows-983 sam_oneal:pose/fixes/golangci-lint-upgrade-to-v2 sam_oneal:update-github-actions-workflows-982 sam_oneal:update-github-actions-workflows-981 sam_oneal:update-pulumi/19136291852-99 sam_oneal:update-github-actions-workflows-980 sam_oneal:update-github-actions-workflows-979 sam_oneal:update-github-actions-workflows-978 sam_oneal:update-github-actions-workflows-977 sam_oneal:update-github-actions-workflows-976 sam_oneal:update-github-actions-workflows-975 sam_oneal:update-github-actions-workflows-974 sam_oneal:update-pulumi/18941265690-98 sam_oneal:update-github-actions-workflows-973 sam_oneal:update-github-actions-workflows-972 sam_oneal:update-github-actions-workflows-971 sam_oneal:update-github-actions-workflows-970 sam_oneal:update-github-actions-workflows-969 sam_oneal:update-github-actions-workflows-965 sam_oneal:update-pulumi/18748991289-97 sam_oneal:update-pulumi/18561908881-96 sam_oneal:update-pulumi/18376962578-95 sam_oneal:update-pulumi/18193512866-94 sam_oneal:update-github-actions-workflows-552 sam_oneal:update-github-actions-workflows-548 sam_oneal:update-github-actions-workflows-546 sam_oneal:update-pulumi/18008090346-93 sam_oneal:update-pulumi/17829264550-92 sam_oneal:update-pulumi/17645108435-91 sam_oneal:update-github-actions-workflows-920 sam_oneal:update-github-actions-workflows-913 sam_oneal:update-github-actions-workflows-912 sam_oneal:update-github-actions-workflows-911 sam_oneal:update-github-actions-workflows-910 sam_oneal:update-pulumi/17296416183-89 sam_oneal:update-pulumi/17127477815-88 sam_oneal:update-github-actions-workflows-889 sam_oneal:update-github-actions-workflows-493 sam_oneal:blampe/json-keys sam_oneal:update-pulumi/16497427062-83 sam_oneal:blampe/go-provider-bracket sam_oneal:update-github-actions-workflows-784 sam_oneal:update-pulumi/14642101166-70 sam_oneal:adopt-ci-mgmt sam_oneal:mise sam_oneal:blampe/gha-token sam_oneal:iwahbe/upgrade-go-provider sam_oneal:ci
sam_oneal:v0.0.19 sam_oneal:sdk/go/dockerbuild/v0.0.18 sam_oneal:v0.0.18 sam_oneal:sdk/go/dockerbuild/v0.0.17 sam_oneal:v0.0.17 sam_oneal:sdk/go/dockerbuild/v0.0.16 sam_oneal:v0.0.16 sam_oneal:sdk/go/dockerbuild/v0.0.15 sam_oneal:v0.0.15 sam_oneal:sdk/go/dockerbuild/v0.0.14 sam_oneal:v0.0.14 sam_oneal:sdk/go/dockerbuild/v0.0.13 sam_oneal:v0.0.13 sam_oneal:sdk/go/dockerbuild/v0.0.12 sam_oneal:v0.0.12 sam_oneal:sdk/go/dockerbuild/v0.0.11 sam_oneal:v0.0.11 sam_oneal:sdk/go/dockerbuild/v0.0.10 sam_oneal:v0.0.10 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.99 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.100 sam_oneal:v0.0.1-alpha.100 sam_oneal:v0.0.1-testwindows.signing sam_oneal:sdk/go/dockerbuild/v0.0.9 sam_oneal:v0.0.9 sam_oneal:sdk/go/dockerbuild/v0.0.8 sam_oneal:v0.0.8 sam_oneal:sdk/go/dockerbuild/v0.0.7 sam_oneal:v0.0.7 sam_oneal:sdk/go/dockerbuild/v0.0.6 sam_oneal:v0.0.6 sam_oneal:sdk/go/dockerbuild/v0.0.5 sam_oneal:v0.0.5 sam_oneal:sdk/go/dockerbuild/v0.0.4 sam_oneal:v0.0.4 sam_oneal:sdk/go/dockerbuild/v0.0.3 sam_oneal:sdk/v0.0.3 sam_oneal:v0.0.3 sam_oneal:v0.0.2 sam_oneal:sdk/v0.0.2 sam_oneal:sdk/v0.0.1 sam_oneal:v0.0.1 sam_oneal:v0.0.1-alpha.3 sam_oneal:v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.1 sam_oneal:v0.0.1-alpha.1

1 Commits
update-git ... sdk/go/doc

Author SHA1 Message Date
github-actions
8017346bcc v0.0.13 2025-08-27 19:35:50 +00:00
448 changed files with 459 additions and 61783 deletions
Expand all files Collapse all files

20
.ci-mgmt.yaml
View File

@@ -1,20 +0,0 @@
template: native
provider: docker-build
major-version: 0
providerDefaultBranch: main
providerVersion: github.com/pulumi/pulumi-docker-build/provider.Version
aws: true
modulePath: .
gcp: true
sdkModuleDir: sdk/go/dockerbuild
parallel: 3
esc:
enabled: true
envOverride:
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a

4
.config/mise.test.toml
View File

@@ -1,4 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
[tools]
"aqua:gotestyourself/gotestsum" = "1.12.0"

35
.config/mise.toml
View File

@@ -1,35 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
# You can create your own root-level mise.toml file to override/augment this. See https://mise.jdx.dev/configuration.html
[env]
_.vfox-pulumi = { module_path = "." } # Sets GO_VERSION_MISE and PULUMI_VERSION_MISE
PULUMI_HOME = "{{config_root}}/.pulumi"
[tools]
# Runtimes
go = "{{ env.GO_VERSION_MISE }}"
node = '20.19.5'
python = '3.11.8'
"vfox:version-fox/vfox-dotnet" = "8.0.20" # vfox backend doesn't work on Windows, gives "error converting Lua table to PreInstall (no version returned from vfox plugin)" https://github.com/jdx/mise/discussions/5876 https://github.com/jdx/mise/discussions/5550
# Corretto version used as Java SE/OpenJDK version no longer offered
java = 'corretto-11'
# Executable tools
"github:pulumi/pulumi" = "{{ env.PULUMI_VERSION_MISE }}"
"github:pulumi/pulumictl" = '0.0.50'
"github:pulumi/schema-tools" = "0.6.0"
"go:github.com/pulumi/upgrade-provider" = "main"
"aqua:gradle/gradle-distributions" = '7.6.6'
golangci-lint = "2.9.0" # See note about about overrides if you need to customize this.
"npm:yarn" = "1.22.22"
[settings]
experimental = true # Required for Go binaries (e.g. pulumictl).
lockfile = false
http_retries = 3
pin = true # `mise use` should pin versions instead of defaulting to latest.
fetch_remote_versions_cache = "24h" # Mise queries versions even if they're pinned to confirm they exist. Reduce GitHub API calls by doing that less often.
[plugins]
vfox-pulumi = "https://github.com/pulumi/vfox-pulumi"

1
.devcontainer

Submodule .devcontainer deleted from dce1e31630

68
.devcontainer.json
View File

@@ -1,68 +0,0 @@
// Reference:
// - https://containers.dev/features
// - https://containers.dev/implementors/features
// - https://code.visualstudio.com/docs/getstarted/settings
{
"name": "pulumi",
"image": "ghcr.io/pulumi/devcontainer",
"customizations": {
"vscode": {
"settings": [
"go.testTags", "all",
"go.buildTags", "all",
"editor.minimap.enabled", false,
"explorer.openEditors.visible", 1,
"editor.quickSuggestionsDelay", 0,
"editor.suggestSelection", "first",
"editor.snippetSuggestions", "top",
"editor.gotoLocation.multipleReferences", "goto",
"editor.gotoLocation.multipleDefinitions", "goto",
"editor.gotoLocation.multipleDeclarations", "goto",
"editor.gotoLocation.multipleImplementations", "goto",
"editor.gotoLocation.multipleTypeDefinitions", "goto",
"editor.terminal.integrated.shell.linux", "/usr/bin/zsh",
"files.trimTrailingWhitespace", true,
"files.trimFinalNewlines", true
],
"extensions": [
"golang.go",
"vscodevim.vim",
"github.copilot",
"ms-python.python",
"jetpack-io.devbox",
"redhat.vscode-yaml",
"esbenp.prettier-vscode",
"ms-vscode.makefile-tools",
"ms-azuretools.vscode-docker",
"github.vscode-pull-request-github",
"ms-vscode-remote.remote-containers",
"visualstudioexptteam.vscodeintellicode",
"bierner.markdown-preview-github-styles"
]
}
},
"features": {
"ghcr.io/devcontainers/features/common-utils:2": {
"installZsh": true,
"configureZshAsDefaultShell": true,
"installOhMyZsh": true,
"installOhMyZshConfig": true,
"upgradePackages": true,
"nonFreePackages": true,
"username": "vscode",
"userUid": "automatic",
"userGid": "automatic"
},
"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
"moby": false,
"installDockerBuildx": true,
"version": "latest",
"dockerDashComposeVersion": "v2"
}
},
"postCreateCommand": "git submodule update --init --recursive",
"remoteUser": "vscode",
"forwardPorts": [1313],
"runArgs": ["--network=host"]
}

4
.gitattributes vendored
View File

@@ -1,4 +0,0 @@
sdk/**/* linguist-generated=true
provider/internal/mock*.go linguist-generated=true
.github/workflows/*.lock.yml linguist-generated=true merge=ours

69
.github/ISSUE_TEMPLATE/bug.yaml vendored
View File

@@ -1,69 +0,0 @@
name: Bug Report
description: Report something that's not working correctly
labels: ["kind/bug", "needs-triage"]
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to fill out this bug report!
You can also ask questions on our [Community Slack](https://slack.pulumi.com/).
- type: textarea
id: what-happened
attributes:
label: Describe what happened
description: Please summarize what happened, including what Pulumi commands you ran, as well as
an inline snippet of any relevant error or console output.
validations:
required: true
- type: textarea
id: sample-program
attributes:
label: Sample program
description: |
<details><summary>Provide a reproducible sample program</summary>
If this is a bug you encountered while running a Pulumi command, please provide us with a minimal,
self-contained Pulumi program that reproduces this behavior so that we can investigate on our end.
Without a functional reproduction, we will not be able to prioritize this bug.
**Note:** If the program output is more than a few lines, please send us a Gist or a link to a file.
</details>
validations:
required: true
- type: textarea
id: log-output
attributes:
label: Log output
description: |
<details><summary>How to Submit Logs</summary>
If this is something that is dependent on your environment, please also provide us with the output of
`pulumi up --logtostderr --logflow -v=10` from the root of your project.
We may also ask you to supply us with debug output following [these steps](https://www.pulumi.com/docs/using-pulumi/pulumi-packages/debugging-provider-packages/).
**Note:** If the log output is more than a few lines, please send us a Gist or a link to a file.
</details>
- type: textarea
id: resources
attributes:
label: Affected Resource(s)
description: Please list the affected Pulumi Resource(s) or Function(s).
validations:
required: false
- type: textarea
id: versions
attributes:
label: Output of `pulumi about`
description: Provide the output of `pulumi about` from the root of your project.
validations:
required: true
- type: textarea
id: ctx
attributes:
label: Additional context
description: Anything else you would like to add?
validations:
required: false
- type: textarea
id: voting
attributes:
label: Contributing
value: |
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

35
.github/ISSUE_TEMPLATE/epic.md vendored
View File

@@ -1,35 +0,0 @@
---
name: Epic
about: Tracks a shippable unit of work
title: '[Epic] {your-title-here}'
labels: kind/epic
projects: ['pulumi/32']
assignees: ''
type: Epic
---
## Overview
<!-- Start with a one- to three-sentence summary that should be understandable by any Pulumian or community member, even those without any context on the work. -->
## Key KPIs
<!-- What KPIs should this Epic will move; what could we measure to observe that this project was successful? -->
## Key Stakeholders
- Product and Engineering: <!-- Teams and individuals involved in the design and implementation -->
- Documentation: <!-- Representative from the docs team -->
- Marketing/Partnerships: <!-- Representative from the Marketing team -->
- Customers: <!-- [Tracking Issue](add-link-and-uncomment) -->
## Key Deliverables
<!-- List any discrete chunks of work or milestones that are planned in the epic (eg. subcomponent A, dogfood release, beta, etc.) -->
### References 📔
<!-- Any project that is more than one iteration should have a Project Board using this [template](https://github.com/orgs/pulumi/projects/131). -->
- [ ] Project View <!-- [Link](add-link-and-uncomment) -->
- [ ] PR/FAQ <!-- [Link](add-link-and-uncomment) -->
- [ ] Design Doc <!-- [Link](add-link-and-uncomment) -->
- [ ] UX Designs <!-- [Link](add-link-and-uncomment) -->
- [ ] Decision Log <!-- [Link](add-link-and-uncomment) -->
<!-- Work items should be added to the project board linked above -->

19
.github/actions/download-provider/action.yml vendored
View File

@@ -1,19 +0,0 @@
name: Download Provider Binary
description: Downloads the provider binary artifact and restores executable permissions
runs:
using: "composite"
steps:
- name: Download provider
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
- name: UnTar provider binaries
shell: bash
run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin
- name: Restore Binary Permissions
shell: bash
run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \;

20
.github/actions/download-sdk/action.yml vendored
View File

@@ -1,20 +0,0 @@
name: Download SDK
description: Downloads and extracts SDK artifacts for a specific language
inputs:
language:
description: 'The SDK language to download (nodejs, python, dotnet, java)'
required: true
runs:
using: "composite"
steps:
- name: Download SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: ${{ inputs.language }}-sdk.tar.gz
path: ${{ github.workspace }}/sdk/
- name: UnTar SDK folder
shell: bash
run: tar -zxf ${{ github.workspace }}/sdk/${{ inputs.language }}.tar.gz -C ${{ github.workspace }}/sdk/${{ inputs.language }}

12
.github/actions/esc-action/action.yaml vendored
View File

@@ -1,12 +0,0 @@
name: "Load secrets"
description: |
This is a temporary action which assists with our migration to ESC. Instead
of surrounding every step that references secrets with an "if ESC" block, we
instead modify those steps to consume their secrets from this step's outputs.
Then, later, we can replace this action with esc-action to actually load
secrets from ESC.
inputs: {}
outputs: {}
runs:
using: "node20"
main: "index.js"

14
.github/actions/esc-action/index.js vendored
View File

@@ -1,14 +0,0 @@
const fs = require("fs");
const file = process.env["GITHUB_OUTPUT"];
var stream = fs.createWriteStream(file, { flags: "a" });
for (const [name, value] of Object.entries(process.env)) {
try {
stream.write(`${name}<<EEEOOOFFF\n${value}\nEEEOOOFFF\n`); // << syntax accommodates multiline strings.
} catch (err) {
console.log(`error: failed to set output for ${name}: ${err.message}`);
}
}
stream.end();

41
.github/actions/setup-tools/action.yml vendored
View File

@@ -1,41 +0,0 @@
name: Setup Tools
description: Installs all tools (Go, Node, Python, .NET, Java, Pulumi, etc.) using mise
inputs:
cache:
description: Enable caching
required: false
default: "false"
github_token:
description: GitHub token
required: true
runs:
using: "composite"
steps:
- name: Setup mise
uses: jdx/mise-action@b287efda3dc5f4f3c328507653b6617da783ff84
env:
MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s
with:
version: 2026.3.7
cache_save: ${{ inputs.cache }}
github_token: ${{ inputs.github_token }}
- name: Setup Go Cache
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with:
cache: ${{ inputs.cache }}
cache-dependency-path: |
provider/*.sum
upstream/*.sum
sdk/go/*.sum
sdk/*.sum
*.sum
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
# we don't set node-version because we install with mise.
# this step is needed to setup npm auth
registry-url: https://registry.npmjs.org

177
.github/agents/agentic-workflows.agent.md vendored
View File

@@ -1,177 +0,0 @@
---
description: GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing
disable-model-invocation: true
---
# GitHub Agentic Workflows Agent
This agent helps you work with **GitHub Agentic Workflows (gh-aw)**, a CLI extension for creating AI-powered workflows in natural language using markdown files.
## What This Agent Does
This is a **dispatcher agent** that routes your request to the appropriate specialized prompt based on your task:
- **Creating new workflows**: Routes to `create` prompt
- **Updating existing workflows**: Routes to `update` prompt
- **Debugging workflows**: Routes to `debug` prompt
- **Upgrading workflows**: Routes to `upgrade-agentic-workflows` prompt
- **Creating report-generating workflows**: Routes to `report` prompt — consult this whenever the workflow posts status updates, audits, analyses, or any structured output as issues, discussions, or comments
- **Creating shared components**: Routes to `create-shared-agentic-workflow` prompt
- **Fixing Dependabot PRs**: Routes to `dependabot` prompt — use this when Dependabot opens PRs that modify generated manifest files (`.github/workflows/package.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`). Never merge those PRs directly; instead update the source `.md` files and rerun `gh aw compile --dependabot` to bundle all fixes
- **Analyzing test coverage**: Routes to `test-coverage` prompt — consult this whenever the workflow reads, analyzes, or reports on test coverage data from PRs or CI runs
Workflows may optionally include:
- **Project tracking / monitoring** (GitHub Projects updates, status reporting)
- **Orchestration / coordination** (one workflow assigning agents or dispatching and coordinating other workflows)
## Files This Applies To
- Workflow files: `.github/workflows/*.md` and `.github/workflows/**/*.md`
- Workflow lock files: `.github/workflows/*.lock.yml`
- Shared components: `.github/workflows/shared/*.md`
- Configuration: https://github.com/github/gh-aw/blob/v0.56.2/.github/aw/github-agentic-workflows.md
## Problems This Solves
- **Workflow Creation**: Design secure, validated agentic workflows with proper triggers, tools, and permissions
- **Workflow Debugging**: Analyze logs, identify missing tools, investigate failures, and fix configuration issues
- **Version Upgrades**: Migrate workflows to new gh-aw versions, apply codemods, fix breaking changes
- **Component Design**: Create reusable shared workflow components that wrap MCP servers
## How to Use
When you interact with this agent, it will:
1. **Understand your intent** - Determine what kind of task you're trying to accomplish
2. **Route to the right prompt** - Load the specialized prompt file for your task
3. **Execute the task** - Follow the detailed instructions in the loaded prompt
## Available Prompts
### Create New Workflow
**Load when**: User wants to create a new workflow from scratch, add automation, or design a workflow that doesn't exist yet
**Prompt file**: https://github.com/github/gh-aw/blob/v0.56.2/.github/aw/create-agentic-workflow.md
**Use cases**:
- "Create a workflow that triages issues"
- "I need a workflow to label pull requests"
- "Design a weekly research automation"
### Update Existing Workflow
**Load when**: User wants to modify, improve, or refactor an existing workflow
**Prompt file**: https://github.com/github/gh-aw/blob/v0.56.2/.github/aw/update-agentic-workflow.md
**Use cases**:
- "Add web-fetch tool to the issue-classifier workflow"
- "Update the PR reviewer to use discussions instead of issues"
- "Improve the prompt for the weekly-research workflow"
### Debug Workflow
**Load when**: User needs to investigate, audit, debug, or understand a workflow, troubleshoot issues, analyze logs, or fix errors
**Prompt file**: https://github.com/github/gh-aw/blob/v0.56.2/.github/aw/debug-agentic-workflow.md
**Use cases**:
- "Why is this workflow failing?"
- "Analyze the logs for workflow X"
- "Investigate missing tool calls in run #12345"
### Upgrade Agentic Workflows
**Load when**: User wants to upgrade workflows to a new gh-aw version or fix deprecations
**Prompt file**: https://github.com/github/gh-aw/blob/v0.56.2/.github/aw/upgrade-agentic-workflows.md
**Use cases**:
- "Upgrade all workflows to the latest version"
- "Fix deprecated fields in workflows"
- "Apply breaking changes from the new release"
### Create a Report-Generating Workflow
**Load when**: The workflow being created or updated produces reports — recurring status updates, audit summaries, analyses, or any structured output posted as a GitHub issue, discussion, or comment
**Prompt file**: https://github.com/github/gh-aw/blob/v0.56.2/.github/aw/report.md
**Use cases**:
- "Create a weekly CI health report"
- "Post a daily security audit to Discussions"
- "Add a status update comment to open PRs"
### Create Shared Agentic Workflow
**Load when**: User wants to create a reusable workflow component or wrap an MCP server
**Prompt file**: https://github.com/github/gh-aw/blob/v0.56.2/.github/aw/create-shared-agentic-workflow.md
**Use cases**:
- "Create a shared component for Notion integration"
- "Wrap the Slack MCP server as a reusable component"
- "Design a shared workflow for database queries"
### Fix Dependabot PRs
**Load when**: User needs to close or fix open Dependabot PRs that update dependencies in generated manifest files (`.github/workflows/package.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`)
**Prompt file**: https://github.com/github/gh-aw/blob/v0.56.2/.github/aw/dependabot.md
**Use cases**:
- "Fix the open Dependabot PRs for npm dependencies"
- "Bundle and close the Dependabot PRs for workflow dependencies"
- "Update @playwright/test to fix the Dependabot PR"
### Analyze Test Coverage
**Load when**: The workflow reads, analyzes, or reports test coverage — whether triggered by a PR, a schedule, or a slash command. Always consult this prompt before designing the coverage data strategy.
**Prompt file**: https://github.com/github/gh-aw/blob/v0.56.2/.github/aw/test-coverage.md
**Use cases**:
- "Create a workflow that comments coverage on PRs"
- "Analyze coverage trends over time"
- "Add a coverage gate that blocks PRs below a threshold"
## Instructions
When a user interacts with you:
1. **Identify the task type** from the user's request
2. **Load the appropriate prompt** from the GitHub repository URLs listed above
3. **Follow the loaded prompt's instructions** exactly
4. **If uncertain**, ask clarifying questions to determine the right prompt
## Quick Reference
```bash
# Initialize repository for agentic workflows
gh aw init
# Generate the lock file for a workflow
gh aw compile [workflow-name]
# Debug workflow runs
gh aw logs [workflow-name]
gh aw audit <run-id>
# Upgrade workflows
gh aw fix --write
gh aw compile --validate
```
## Key Features of gh-aw
- **Natural Language Workflows**: Write workflows in markdown with YAML frontmatter
- **AI Engine Support**: Copilot, Claude, Codex, or custom engines
- **MCP Server Integration**: Connect to Model Context Protocol servers for tools
- **Safe Outputs**: Structured communication between AI and GitHub API
- **Strict Mode**: Security-first validation and sandboxing
- **Shared Components**: Reusable workflow building blocks
- **Repo Memory**: Persistent git-backed storage for agents
- **Sandboxed Execution**: All workflows run in the Agent Workflow Firewall (AWF) sandbox, enabling full `bash` and `edit` tools by default
## Important Notes
- Always reference the instructions file at https://github.com/github/gh-aw/blob/v0.56.2/.github/aw/github-agentic-workflows.md for complete documentation
- Use the MCP tool `agentic-workflows` when running in GitHub Copilot Cloud
- Workflows must be compiled to `.lock.yml` files before running in GitHub Actions
- **Bash tools are enabled by default** - Don't restrict bash commands unnecessarily since workflows are sandboxed by the AWF
- Follow security best practices: minimal permissions, explicit network access, no template injection
- **Single-file output**: When creating a workflow, produce exactly **one** workflow `.md` file. Do not create separate documentation files (architecture docs, runbooks, usage guides, etc.). If documentation is needed, add a brief `## Usage` section inside the workflow file itself.

562
.github/workflows/build.yml vendored
View File

@@ -1,562 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
name: main # For consistency with bridged providers.
on:
push:
branches:
- master
- main
- feature-**
paths-ignore:
- CHANGELOG.md
tags-ignore:
- v*
- sdk/*
- "**"
workflow_dispatch: {}
env:
PROVIDER: docker-build
TRAVIS_OS_NAME: linux
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TF_APPEND_USER_AGENT: pulumi
jobs:
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
cache: 'true'
github_token: ${{ secrets.GITHUB_TOKEN }}
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@25e24d2d23ae098373794ef1d6faecb48ee52da8 # v3.0.0
with:
repo: pulumi/schema-tools
- name: Build codegen binaries
run: make codegen
- name: Build Schema
run: make generate_schema
- if: github.event_name == 'pull_request'
name: Check Schema is Valid
run: >-
{
echo 'SCHEMA_CHANGES<<EOF';
schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json;
echo 'EOF';
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
message: |
${{ env.SCHEMA_CHANGES }}
comment-tag: schemaCheck
github-token: ${{ secrets.GITHUB_TOKEN }}
- if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
github.actor == 'pulumi-bot'
name: Add label if no breaking changes
uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3
with:
labels: impact/no-changelog-required
number: ${{ github.event.issue.number }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Build Provider
run: make provider
- name: Check worktree clean
id: worktreeClean
uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1
with:
allowed-changes: |-
sdk/**/pulumi-plugin.json
sdk/dotnet/*.*.csproj
sdk/dotnet/version.txt
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- run: git status --porcelain
- name: Tar provider binaries
run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
pulumi-gen-${{ env.PROVIDER}}
- name: Upload artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library
run: make test_provider
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in building provider prerequisites
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
build_sdks:
needs: prerequisites
runs-on: pulumi-ubuntu-8core
strategy:
fail-fast: ${{ ! contains(github.actor, 'renovate') }}
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
name: build_sdks
permissions:
pull-requests: write # For Renovate SDK updates.
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download Provider Binary
uses: ./.github/actions/download-provider
- name: Generate SDK
run: make generate_${{ matrix.language }}
- name: Build SDK
run: make build_${{ matrix.language }}
- name: Check worktree clean
id: worktreeClean
uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1
with:
allowed-changes: |-
sdk/**/pulumi-plugin.json
sdk/dotnet/*.*.csproj
sdk/dotnet/version.txt
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- run: git status --porcelain
- name: Tar SDK folder
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
- name: Upload artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
retention-days: 30
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure while building SDKs
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
tag_release_if_labeled_needs_release:
name: Tag release if labeled as needs-release
needs: publish
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: check if this commit needs release
if: ${{ env.RELEASE_BOT_ENDPOINT != '' }}
uses: pulumi/action-release-by-pr-label@main
with:
command: "release-if-needed"
repo: ${{ github.repository }}
commit: ${{ github.sha }}
slack_channel: C02MGR8JVST
env:
RELEASE_BOT_ENDPOINT: ${{ steps.esc-secrets.outputs.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ steps.esc-secrets.outputs.RELEASE_BOT_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
test:
runs-on: pulumi-ubuntu-8core
needs:
- build_sdks
strategy:
fail-fast: true
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
- yaml
name: test
permissions:
contents: read
id-token: write # For ESC secrets and Pulumi access token OIDC.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download Provider Binary
uses: ./.github/actions/download-provider
- name: Download SDK
if: ${{ matrix.language != 'yaml' }}
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Node dependencies
run: yarn global add typescript
- run: dotnet nuget add source ${{ github.workspace }}/nuget
- name: Install Python deps
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Install dependencies
if: ${{ matrix.language != 'yaml' }}
run: make install_${{ matrix.language}}_sdk
- name: Generate Pulumi Access Token
id: generate_pulumi_token
uses: pulumi/auth-actions@1c89817aab0c66407723cdef72b05266e7376640 # v1.0.1
with:
organization: pulumi
requested-token-type: urn:pulumi:token-type:access_token:organization
export-environment-variables: false
- name: Export AWS Credentials
uses: pulumi/esc-action@9840934db12128a33f6afb60b17d9de8f7ec5519
env:
PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }}
with:
environment: logins/pulumi-ci
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
with:
install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
version: v2.5.0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run tests
run: >-
set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in SDK tests
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish:
runs-on: ubuntu-latest
needs: test
name: publish
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Clear GitHub Actions Ubuntu runner disk space
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
with:
tool-cache: false
dotnet: false
android: true
haskell: true
swap-storage: true
large-packages: false
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
with:
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
env:
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_ACCOUNT_ENDPOINT: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT }}
AZURE_SIGNING_ACCOUNT_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME }}
AZURE_SIGNING_CERT_PROFILE_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME }}
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME == '' }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
with:
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
version: latest
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in publishing binaries
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish_sdk:
runs-on: ubuntu-latest
needs: publish
name: publish_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout Scripts Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: ci-scripts
repository: pulumi/scripts
- run: echo "ci-scripts" >> .git/info/exclude
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download python SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: python-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress python SDK
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
${{github.workspace}}/sdk/python
- name: Download dotnet SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: dotnet-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress dotnet SDK
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
${{github.workspace}}/sdk/dotnet
- name: Download nodejs SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: nodejs-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress nodejs SDK
run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C
${{github.workspace}}/sdk/nodejs
- name: Install Twine
run: python -m pip install twine==5.0.0
- name: Publish SDKs
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
env:
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }}
PYPI_PUBLISH_ARTIFACTS: all
PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }}
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }}
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in publishing SDK
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
lint:
name: lint
uses: ./.github/workflows/lint.yml
secrets: inherit

139
.github/workflows/claude.yml vendored
View File

@@ -1,139 +0,0 @@
name: Claude Code
on:
# Responds to @claude mentions in comments.
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
issues:
types: [opened]
pull_request_review:
types: [submitted]
jobs:
claude:
# Only run when @claude is mentioned by a trusted user (OWNER, MEMBER, or COLLABORATOR)
# Note: the claude-code-action can only be triggered by users with write access to the repository so this is extra
# see https://github.com/anthropics/claude-code-action/blob/main/docs/security.md
if: |
(github.event_name == 'issue_comment' &&
contains(github.event.comment.body, '@claude') &&
contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.comment.author_association)) ||
(github.event_name == 'pull_request_review_comment' &&
contains(github.event.comment.body, '@claude') &&
contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.comment.author_association)) ||
(github.event_name == 'pull_request_review' &&
contains(github.event.review.body, '@claude') &&
contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.review.author_association)) ||
(github.event_name == 'issues' &&
(contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) &&
contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.issue.author_association))
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
issues: write
id-token: write
actions: read
steps:
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9840934db12128a33f6afb60b17d9de8f7ec5519
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- name: Checkout PR head (if applicable)
if: ${{ github.event.pull_request.number || (github.event.issue.pull_request && github.event.issue.number) }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
run: gh pr checkout "$PR_NUMBER"
- name: Setup mise
uses: jdx/mise-action@b287efda3dc5f4f3c328507653b6617da783ff84
env:
MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s
with:
version: 2026.3.7
github_token: ${{ secrets.GITHUB_TOKEN }}
# only saving the cache in the prerequisites job
cache_save: false
- name: Set git identity
run: |-
git config --global user.name "claude[bot]"
git config --global user.email "bot@pulumi.com"
shell: bash
- name: Prepare local workspace
# this runs install_plugins and upstream
run: make prepare_local_workspace
- name: Run Claude Code Review
# Comment must contain '@claude review'
if: |
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude review')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude review')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude review'))
id: claude-review
uses: anthropics/claude-code-action@ef50f123a3a9be95b60040d042717517407c7256 # v1
with:
anthropic_api_key: ${{ steps.esc-secrets.outputs.ANTHROPIC_API_KEY }}
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
Review this pull request using the provider-code-review skill for guidelines.
The PR branch is already checked out in the current working directory.
Use `gh pr comment` for top-level feedback.
Use `mcp__github_inline_comment__create_inline_comment` to highlight specific code issues.
Only post GitHub comments - don't submit review text as messages.
# Taken from https://github.com/anthropics/claude-code/blob/main/plugins/code-review/commands/code-review.md
claude_args: |
--allowedTools "Skill,Bash(gh issue view *),Bash(gh search *),Bash(gh issue list *),Bash(gh pr comment *),Bash(gh pr diff *),Bash(gh pr view *),Bash(gh pr list *),mcp__github_inline_comment__create_inline_comment"
- name: Run Claude Code
# Comment must contain '@claude', but not '@claude review'
if: |
!contains(github.event.comment.body, '@claude review') &&
!contains(github.event.review.body, '@claude review')
id: claude-action
uses: anthropics/claude-code-action@ef50f123a3a9be95b60040d042717517407c7256 # v1
with:
anthropic_api_key: ${{ steps.esc-secrets.outputs.ANTHROPIC_API_KEY }}
# This allows claude to read github action logs
additional_permissions: |
actions: read
# Sandbox settings: --allowedTools controls which tools Claude can invoke,
# but the sandbox also enforces OS-level filesystem restrictions. Edit()
# rules in permissions.allow control all bash filesystem writes (mkdir,
# output redirection, etc.), not just the Edit tool. Without these, commands
# like `mkdir .pulumi` or `cmd > file.txt` would be blocked by the sandbox.
settings: |
{
"permissions": {
"allow": ["Edit(./**)", "Edit(/tmp/**)"]
}
}
claude_args: |
--max-turns 50
--allowedTools "Skill,Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash(upgrade-provider *),Bash(./scripts/upstream.sh *),Bash(git *),Bash(GIT_EDITOR=* git *),Bash(make *),Bash(gh *),Bash(mkdir *),Bash(go mod tidy *),Bash(ls *),Bash(test *),Bash(cat *),Bash(pwd),Bash(head *),Bash(tail *),Bash(tee *),Bash(rg *),Bash(grep *),Bash(sed *),Bash(awk *),Bash(find *)"
# If the claude action fails you don't get any logs on what claude was doing
# Uploading the artifact allows you to download the artifact from the UI
- name: Upload Claude review output on failure
if: failure() && steps.claude-review.outputs.execution_file
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
name: claude-review-execution-log
path: ${{ steps.claude-review.outputs.execution_file }}
retention-days: 7
- name: Upload Claude output on failure
if: failure() && steps.claude-action.outputs.execution_file
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
name: claude-execution-log
path: ${{ steps.claude-action.outputs.execution_file }}
retention-days: 7

53
.github/workflows/command-dispatch.yml vendored
View File

@@ -1,53 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
env:
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PULUMI_PULUMI_ENABLE_JOURNALING: "true"
TF_APPEND_USER_AGENT: pulumi
jobs:
command-dispatch-for-testing:
name: command-dispatch-for-testing
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: peter-evans/slash-command-dispatch@5c11dc7efead556e3bdabf664302212f79eb26fa # v5
with:
commands: |
run-acceptance-tests
release
issue-type: pull-request
permission: write
reaction-token: ${{ secrets.GITHUB_TOKEN }}
repository: pulumi/pulumi-docker-build
token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
name: command-dispatch
on:
issue_comment:
types:
- created
- edited

44
.github/workflows/comment-on-stale-issues.yml vendored
View File

@@ -1,44 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
name: "Comment on stale issues"
on:
workflow_dispatch: {}
schedule:
- cron: "46 4 * * *" # run once per day
jobs:
cleanup:
runs-on: ubuntu-latest
name: Stale issue job
steps:
- uses: pose/stale-issue-cleanup@d2922f61fc5669f4154408689f9bb2a981996112
with:
issue-types: issues # only look at issues (ignore pull-requests)
# Setting messages to an empty string causes the automation to skip that category
ancient-issue-message: "Unfortunately, it looks like this issue hasn't seen any updates in a while. If you're still experiencing this issue, could you leave a quick comment to let us know so we can prioritize it?"
ancient-pr-message: ""
stale-issue-message: ""
stale-pr-message: ""
# These labels are required
stale-issue-label: awaiting-feedback # somewhat confusingly, this is also used for when labeling "ancient" issues
exempt-issue-labels: kind/enhancement,kind/task,kind/epic,kind/engineering, awaiting-upstream # only run on kind/bug for now, ignore awaiting-upstream too.
stale-pr-label: no-pr-activity # unused because we aren't processing PRs
exempt-pr-labels: awaiting-approval # unused because we aren't processing PRs
response-requested-label: response-requested # unused because we don't set a "stale-issue-message" above
# Issue timing
days-before-close: 10000 # this action lacks the option not to close, so just set this indefinitly far in the future
days-before-ancient: 180 # 6 months
# If you don't want to mark a issue as being ancient based on a
# threshold of "upvotes", you can set this here. An "upvote" is
# the total number of +1, heart, hooray, and rocket reactions
# on an issue.
minimum-upvotes-to-exempt: 2
repo-token: ${{ secrets.GITHUB_TOKEN }}
loglevel: DEBUG
# Set dry-run to true to not perform label or close actions.
dry-run: true

43
.github/workflows/community-moderation.yml vendored
View File

@@ -1,43 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
jobs:
warn_codegen:
name: warn_codegen
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- id: schema_changed
name: Check for diff in schema
uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
with:
filters: "changed: 'provider/cmd/**/schema.json'"
- id: sdk_changed
if: steps.schema_changed.outputs.changed == 'false'
name: Check for diff in sdk/**
uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
with:
filters: "changed: 'sdk/**'"
- if: steps.sdk_changed.outputs.changed == 'true' &&
github.event.pull_request.head.repo.full_name != github.repository
name: Send codegen warning as comment on PR
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
message: >
Hello and thank you for your pull request! :heart: :sparkles:
It looks like you're directly modifying files in the language SDKs, many of which are autogenerated.
Be sure any files you're editing do not begin with a code generation warning.
For generated files, you will need to make changes in `resources.go` instead, and [generate the code](https://github.com/pulumi/${{ github.event.repository.name }}/blob/master/CONTRIBUTING.md#committing-generated-code).
name: warn-codegen
on:
pull_request_target:
branches:
- main
types:
- opened

1222
.github/workflows/docker-build-pr-rereview.lock.yml vendored
View File

File diff suppressed because it is too large Load Diff

19
.github/workflows/docker-build-pr-rereview.md vendored
View File

@@ -1,19 +0,0 @@
---
description: Run PR re-review on explicit maintainer slash command.
timeout-minutes: 15
strict: true
on:
slash_command:
name: review-again
events: [pull_request_comment, pull_request_review_comment]
imports:
- shared/review.md
- shared/plugins/code-review/code-review.md
permissions:
contents: read
pull-requests: read
id-token: write
source: pulumi-labs/gh-aw-internal/.github/workflows/gh-aw-pr-rereview.md@734ef41746387a6818fd8ac3e619c9fd81ac6957
---
# Internal PR Re-Review (Slash Command)

1182
.github/workflows/docker-build-pr-review.lock.yml vendored
View File

File diff suppressed because it is too large Load Diff

24
.github/workflows/docker-build-pr-review.md vendored
View File

@@ -1,24 +0,0 @@
---
description: Automated PR review for trusted internal contributors.
timeout-minutes: 15
strict: true
permissions:
contents: read
pull-requests: read
id-token: write
on:
pull_request:
types: [opened]
workflow_dispatch:
inputs:
pr_number:
description: "Pull request number to review"
required: true
type: string
imports:
- shared/review.md
- shared/plugins/code-review/code-review.md
source: pulumi-labs/gh-aw-internal/.github/workflows/gh-aw-pr-review.md@734ef41746387a6818fd8ac3e619c9fd81ac6957
---
# Internal Trusted PR Reviewer

25
.github/workflows/export-repo-secrets.yml vendored
View File

@@ -1,25 +0,0 @@
permissions: write-all # Equivalent to default permissions plus id-token: write
name: Export secrets to ESC
on: [workflow_dispatch]
jobs:
export-to-esc:
runs-on: ubuntu-latest
name: export GitHub secrets to ESC
steps:
- name: Generate a GitHub token
id: generate-token
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3
with:
app-id: 1256780 # Export Secrets GitHub App
private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }}
- name: Export secrets to ESC
uses: pulumi/esc-export-secrets-action@9d6485759b6adff2538ae91f1b77cc96265c9dad # v1
with:
organization: pulumi
org-environment: imports/github-secrets
exclude-secrets: EXPORT_SECRETS_PRIVATE_KEY
github-token: ${{ steps.generate-token.outputs.token }}
oidc-auth: true
oidc-requested-token-type: urn:pulumi:token-type:access_token:organization
env:
GITHUB_SECRETS: ${{ toJSON(secrets) }}

66
.github/workflows/lint.yml vendored
View File

@@ -1,66 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
name: lint
on:
workflow_call:
inputs: {}
env:
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PULUMI_PULUMI_ENABLE_JOURNALING: "true"
TF_APPEND_USER_AGENT: pulumi
jobs:
lint:
name: lint
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Setup mise
uses: jdx/mise-action@b287efda3dc5f4f3c328507653b6617da783ff84
env:
MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s
with:
version: 2026.3.7
github_token: ${{ steps.app-auth.outputs.token }}
cache_save: false # A different job handles caching our tools.
- name: prepare workspace
continue-on-error: true
run: make prepare_local_workspace
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: lint
run: make lint

603
.github/workflows/prerelease.yml vendored
View File

@@ -1,603 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
name: prerelease
on:
push:
tags:
- v*.*.*-**
env:
PROVIDER: docker-build
TRAVIS_OS_NAME: linux
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TF_APPEND_USER_AGENT: pulumi
IS_PRERELEASE: true
jobs:
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
cache: 'true'
github_token: ${{ secrets.GITHUB_TOKEN }}
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@25e24d2d23ae098373794ef1d6faecb48ee52da8 # v3.0.0
with:
repo: pulumi/schema-tools
- name: Build codegen binaries
run: make codegen
- name: Build Schema
run: make generate_schema
- if: github.event_name == 'pull_request'
name: Check Schema is Valid
run: >-
{
echo 'SCHEMA_CHANGES<<EOF';
schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json;
echo 'EOF';
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
message: |
${{ env.SCHEMA_CHANGES }}
comment-tag: schemaCheck
github-token: ${{ secrets.GITHUB_TOKEN }}
- if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
github.actor == 'pulumi-bot'
name: Add label if no breaking changes
uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3
with:
labels: impact/no-changelog-required
number: ${{ github.event.issue.number }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Build Provider
run: make provider
- name: Check worktree clean
id: worktreeClean
uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1
with:
allowed-changes: |-
sdk/**/pulumi-plugin.json
sdk/dotnet/*.*.csproj
sdk/dotnet/version.txt
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- run: git status --porcelain
- name: Tar provider binaries
run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
pulumi-gen-${{ env.PROVIDER}}
- name: Upload artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library
run: make test_provider
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in building provider prerequisites
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
build_sdks:
needs: prerequisites
runs-on: pulumi-ubuntu-8core
strategy:
fail-fast: ${{ ! contains(github.actor, 'renovate') }}
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
name: build_sdks
permissions:
pull-requests: write # For Renovate SDK updates.
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download Provider Binary
uses: ./.github/actions/download-provider
- name: Generate SDK
run: make generate_${{ matrix.language }}
- name: Build SDK
run: make build_${{ matrix.language }}
- name: Check worktree clean
id: worktreeClean
uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1
with:
allowed-changes: |-
sdk/**/pulumi-plugin.json
sdk/dotnet/*.*.csproj
sdk/dotnet/version.txt
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- run: git status --porcelain
- name: Tar SDK folder
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
- name: Upload artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure while building SDKs
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
test:
runs-on: pulumi-ubuntu-8core
needs:
- build_sdks
strategy:
fail-fast: true
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
- yaml
name: test
permissions:
contents: read
id-token: write # For ESC secrets and Pulumi access token OIDC.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download Provider Binary
uses: ./.github/actions/download-provider
- name: Download SDK
if: ${{ matrix.language != 'yaml' }}
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Node dependencies
run: yarn global add typescript
- run: dotnet nuget add source ${{ github.workspace }}/nuget
- name: Install Python deps
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Install dependencies
if: ${{ matrix.language != 'yaml' }}
run: make install_${{ matrix.language}}_sdk
- name: Generate Pulumi Access Token
id: generate_pulumi_token
uses: pulumi/auth-actions@1c89817aab0c66407723cdef72b05266e7376640 # v1.0.1
with:
organization: pulumi
requested-token-type: urn:pulumi:token-type:access_token:organization
export-environment-variables: false
- name: Export AWS Credentials
uses: pulumi/esc-action@9840934db12128a33f6afb60b17d9de8f7ec5519
env:
PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }}
with:
environment: logins/pulumi-ci
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
with:
install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
version: v2.5.0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run tests
run: >-
set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in SDK tests
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish:
runs-on: ubuntu-latest
needs: test
name: publish
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Clear GitHub Actions Ubuntu runner disk space
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
with:
tool-cache: false
dotnet: false
android: true
haskell: true
swap-storage: true
large-packages: false
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
with:
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
env:
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_ACCOUNT_ENDPOINT: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT }}
AZURE_SIGNING_ACCOUNT_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME }}
AZURE_SIGNING_CERT_PROFILE_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME }}
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME == '' }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
with:
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
version: latest
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in publishing binaries
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish_sdk:
runs-on: ubuntu-latest
needs: publish
name: publish_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout Scripts Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: ci-scripts
repository: pulumi/scripts
- run: echo "ci-scripts" >> .git/info/exclude
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download python SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: python-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress python SDK
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
${{github.workspace}}/sdk/python
- name: Download dotnet SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: dotnet-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress dotnet SDK
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
${{github.workspace}}/sdk/dotnet
- name: Download nodejs SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: nodejs-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress nodejs SDK
run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C
${{github.workspace}}/sdk/nodejs
- name: Install Twine
run: python -m pip install twine==5.0.0
- name: Publish SDKs
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
env:
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }}
PYPI_PUBLISH_ARTIFACTS: all
PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in publishing SDK
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish_java_sdk:
runs-on: ubuntu-latest
continue-on-error: true
needs: publish
name: publish_java_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download java SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: java-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress java SDK
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
${{github.workspace}}/sdk/java
- name: Setup Gradle
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0
with:
gradle-version: "7.6"
- name: Publish Java SDK
run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository
env:
PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }}
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }}
publish_go_sdk:
runs-on: ubuntu-latest
name: publish-go-sdk
needs: publish_sdk
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download go SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: go-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress go SDK
run: tar -zxf ${{github.workspace}}/sdk/go.tar.gz -C
${{github.workspace}}/sdk/go
- name: Publish Go SDK
uses: pulumi/publish-go-sdk-action@v1
with:
repository: ${{ github.repository }}
base-ref: ${{ github.sha }}
source: sdk/go/dockerbuild
path: sdk/go/dockerbuild
version: ${{ steps.version.outputs.version }}
additive: false
files: "**"

24
.github/workflows/pull-request.yml vendored
View File

@@ -1,24 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
name: pull-request
on:
pull_request_target: {}
jobs:
comment-on-pr:
runs-on: ubuntu-latest
name: comment-on-pr
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- name: Comment PR
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
message: >
PR is now waiting for a maintainer to run the acceptance tests.
**Note for the maintainer:** To run the acceptance tests, please comment */run-acceptance-tests* on the PR
github-token: ${{ secrets.GITHUB_TOKEN }}
if: github.event.pull_request.head.repo.full_name != github.repository

639
.github/workflows/release.yml vendored
View File

@@ -1,639 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
name: release
on:
push:
tags:
- v*.*.*
- "!v*.*.*-**"
env:
PROVIDER: docker-build
TRAVIS_OS_NAME: linux
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TF_APPEND_USER_AGENT: pulumi
jobs:
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
cache: 'true'
github_token: ${{ steps.app-auth.outputs.token }}
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@25e24d2d23ae098373794ef1d6faecb48ee52da8 # v3.0.0
with:
repo: pulumi/schema-tools
- name: Build codegen binaries
run: make codegen
- name: Build Schema
run: make generate_schema
- if: github.event_name == 'pull_request'
name: Check Schema is Valid
run: >-
{
echo 'SCHEMA_CHANGES<<EOF';
schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json;
echo 'EOF';
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
message: |
${{ env.SCHEMA_CHANGES }}
comment-tag: schemaCheck
github-token: ${{ secrets.GITHUB_TOKEN }}
- if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
github.actor == 'pulumi-bot'
name: Add label if no breaking changes
uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3
with:
labels: impact/no-changelog-required
number: ${{ github.event.issue.number }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Build Provider
run: make provider
- name: Check worktree clean
id: worktreeClean
uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1
with:
allowed-changes: |-
sdk/**/pulumi-plugin.json
sdk/dotnet/*.*.csproj
sdk/dotnet/version.txt
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- run: git status --porcelain
- name: Tar provider binaries
run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
pulumi-gen-${{ env.PROVIDER}}
- name: Upload artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library
run: make test_provider
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in building provider prerequisites
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
build_sdks:
needs: prerequisites
runs-on: pulumi-ubuntu-8core
strategy:
fail-fast: ${{ ! contains(github.actor, 'renovate') }}
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
name: build_sdks
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download Provider Binary
uses: ./.github/actions/download-provider
- name: Generate SDK
run: make generate_${{ matrix.language }}
- name: Build SDK
run: make build_${{ matrix.language }}
- name: Check worktree clean
id: worktreeClean
uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1
with:
allowed-changes: |-
sdk/**/pulumi-plugin.json
sdk/dotnet/*.*.csproj
sdk/dotnet/version.txt
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- run: git status --porcelain
- name: Tar SDK folder
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
- name: Upload artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure while building SDKs
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
test:
runs-on: pulumi-ubuntu-8core
needs:
- build_sdks
strategy:
fail-fast: true
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
- yaml
name: test
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download Provider Binary
uses: ./.github/actions/download-provider
- name: Download SDK
if: ${{ matrix.language != 'yaml' }}
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Node dependencies
run: yarn global add typescript
- run: dotnet nuget add source ${{ github.workspace }}/nuget
- name: Install Python deps
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Install dependencies
if: ${{ matrix.language != 'yaml' }}
run: make install_${{ matrix.language}}_sdk
- name: Generate Pulumi Access Token
id: generate_pulumi_token
uses: pulumi/auth-actions@1c89817aab0c66407723cdef72b05266e7376640 # v1.0.1
with:
organization: pulumi
requested-token-type: urn:pulumi:token-type:access_token:organization
export-environment-variables: false
- name: Export AWS Credentials
uses: pulumi/esc-action@9840934db12128a33f6afb60b17d9de8f7ec5519
env:
PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }}
with:
environment: logins/pulumi-ci
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
with:
install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
version: v2.5.0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run tests
run: >-
set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GTIHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in SDK tests
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish:
runs-on: ubuntu-latest
needs: test
name: publish
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Clear GitHub Actions Ubuntu runner disk space
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
with:
tool-cache: false
dotnet: false
android: true
haskell: true
swap-storage: true
large-packages: false
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
with:
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
env:
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_ACCOUNT_ENDPOINT: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT }}
AZURE_SIGNING_ACCOUNT_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME }}
AZURE_SIGNING_CERT_PROFILE_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME }}
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME == '' }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
with:
args: -p 3 release --clean --timeout 60m0s
version: latest
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in publishing binaries
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish_sdk:
runs-on: ubuntu-latest
needs: publish
name: publish_sdks
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout Scripts Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: ci-scripts
repository: pulumi/scripts
- run: echo "ci-scripts" >> .git/info/exclude
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download python SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: python-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress python SDK
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
${{github.workspace}}/sdk/python
- name: Download dotnet SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: dotnet-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress dotnet SDK
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
${{github.workspace}}/sdk/dotnet
- name: Download nodejs SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: nodejs-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress nodejs SDK
run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C
${{github.workspace}}/sdk/nodejs
- name: Install Twine
run: python -m pip install twine==5.0.0
- name: Publish SDKs
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
env:
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }}
PYPI_PUBLISH_ARTIFACTS: all
PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in publishing SDK
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish_java_sdk:
runs-on: ubuntu-latest
continue-on-error: true
needs: publish
name: publish_java_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download java SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: java-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress java SDK
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
${{github.workspace}}/sdk/java
- name: Setup Gradle
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0
with:
gradle-version: "7.6"
- name: Publish Java SDK
run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository
env:
PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }}
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }}
publish_go_sdk:
runs-on: ubuntu-latest
name: publish-go-sdk
needs: publish_sdk
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download go SDK
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: go-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress go SDK
run: tar -zxf ${{github.workspace}}/sdk/go.tar.gz -C
${{github.workspace}}/sdk/go
- name: Publish Go SDK
uses: pulumi/publish-go-sdk-action@v1
with:
repository: ${{ github.repository }}
base-ref: ${{ github.sha }}
source: sdk/go/dockerbuild
path: sdk/go/dockerbuild
version: ${{ steps.version.outputs.version }}
additive: false
files: "**"
dispatch_docs_build:
runs-on: ubuntu-latest
needs: publish_go_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Install pulumictl
uses: jaxxstorm/action-install-gh-release@25e24d2d23ae098373794ef1d6faecb48ee52da8 # v3.0.0
with:
repo: pulumi/pulumictl
- name: Dispatch Event
run: pulumictl create docs-build pulumi-${{ env.PROVIDER }}
"${GITHUB_REF#refs/tags/}"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
name: dispatch_docs_build

54
.github/workflows/release_command.yml vendored
View File

@@ -1,54 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
name: release-command
on:
repository_dispatch:
types:
- release-command
jobs:
should_release:
name: Should release PR
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Should release PR
uses: pulumi/action-release-by-pr-label@main
with:
command: "should-release"
repo: ${{ github.repository }}
pr: ${{ github.event.client_payload.pull_request.number }}
version: ${{ github.event.client_payload.slash_command.args.all }}
slack_channel: ${{ steps.esc-secrets.outputs.RELEASE_OPS_STAGING_SLACK_CHANNEL }}
env:
RELEASE_BOT_ENDPOINT: ${{ steps.esc-secrets.outputs.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ steps.esc-secrets.outputs.RELEASE_BOT_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure()
name: Notify failure
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
body: |
"release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
- if: success()
name: Notify success
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
reaction-type: hooray

536
.github/workflows/run-acceptance-tests.yml vendored
View File

@@ -1,536 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
name: run-acceptance-tests
on:
repository_dispatch:
types:
- run-acceptance-tests-command
pull_request:
paths-ignore:
- CHANGELOG.md
workflow_dispatch: {}
env:
PROVIDER: docker-build
TRAVIS_OS_NAME: linux
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PULUMI_PULUMI_ENABLE_JOURNALING: "true"
TF_APPEND_USER_AGENT: pulumi
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
jobs:
comment-notification:
if: github.event_name == 'repository_dispatch'
runs-on: ubuntu-latest
name: comment-notification
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- name: Create URL to the run output
id: vars
run: echo
"run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
>> "$GITHUB_OUTPUT"
- name: Update with Result
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}"
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
cache: 'true'
github_token: ${{ steps.app-auth.outputs.token }}
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@25e24d2d23ae098373794ef1d6faecb48ee52da8 # v3.0.0
with:
repo: pulumi/schema-tools
- name: Build codegen binaries
run: make codegen
- name: Build Schema
run: make generate_schema
- if: github.event_name == 'pull_request'
name: Check Schema is Valid
run: >-
{
echo 'SCHEMA_CHANGES<<EOF';
schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json;
echo 'EOF';
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
message: |
${{ env.SCHEMA_CHANGES }}
comment-tag: schemaCheck
github-token: ${{ secrets.GITHUB_TOKEN }}
- if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
github.actor == 'pulumi-bot'
name: Add label if no breaking changes
uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3
with:
labels: impact/no-changelog-required
number: ${{ github.event.issue.number }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Build Provider
run: make provider
- name: Check worktree clean
id: worktreeClean
uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1
with:
allowed-changes: |-
sdk/**/pulumi-plugin.json
sdk/dotnet/*.*.csproj
sdk/dotnet/version.txt
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
# This worktree check is a safeguard against someone forgetting to
# re-build and commit locally, but we handle that commit automatically in
# the case of dependency bumps.
continue-on-error: ${{ contains(github.actor, 'renovate') }}
- name: Commit SDK changes for Renovate
if: steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
'pull_request'
shell: bash
run: >
git config --global user.email "bot@pulumi.com"
git config --global user.name "pulumi-bot"
# Stash local changes and check out the PR's branch directly.
git stash
git fetch
git checkout "origin/$HEAD_REF"
# Apply and add our changes, but don't commit any files we expect to
# always change due to versioning.
git stash pop
git add sdk provider/cmd/pulumi-resource-docker-build/schema.json
git reset sdk/python/*/pulumi-plugin.json \
sdk/python/pyproject.toml \
sdk/dotnet/pulumi-plugin.json \
sdk/dotnet/*.*.csproj \
sdk/dotnet/version.txt \
sdk/go/*/pulumi-plugin.json \
sdk/go/*/internal/pulumiUtilities.go \
sdk/nodejs/package.json
git commit -m 'Commit SDK for Renovate'
# Push with pulumi-bot credentials to trigger a re-run of the
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
- name: Tar provider binaries
run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
pulumi-gen-${{ env.PROVIDER}}
- name: Upload artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library
run: make test_provider
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in building provider prerequisites
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
build_sdks:
needs: prerequisites
runs-on: pulumi-ubuntu-8core
strategy:
fail-fast: ${{ ! contains(github.actor, 'renovate') }}
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
name: build_sdks
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download provider
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
- name: UnTar provider binaries
run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace}}/bin
- name: Restore Binary Permissions
run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
-exec chmod +x {} \;
- name: Generate SDK
run: make generate_${{ matrix.language }}
- name: Build SDK
run: make build_${{ matrix.language }}
- name: Check worktree clean
id: worktreeClean
uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1
with:
allowed-changes: |-
sdk/**/pulumi-plugin.json
sdk/dotnet/*.*.csproj
sdk/dotnet/version.txt
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
continue-on-error: ${{ contains(github.actor, 'renovate') }}
- name: Commit SDK changes for Renovate
if: steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
'pull_request'
shell: bash
run: >
git config --global user.email "bot@pulumi.com"
git config --global user.name "pulumi-bot"
# Stash local changes and check out the PR's branch directly.
git stash
git fetch
git checkout "origin/$HEAD_REF"
# Apply and add our changes, but don't commit any files we expect to
# always change due to versioning.
git stash pop
git add sdk provider/cmd/pulumi-resource-docker-build/schema.json
git reset sdk/python/*/pulumi-plugin.json \
sdk/python/pyproject.toml \
sdk/dotnet/pulumi-plugin.json \
sdk/dotnet/*.*.csproj \
sdk/dotnet/version.txt \
sdk/go/*/pulumi-plugin.json \
sdk/go/*/internal/pulumiUtilities.go \
sdk/nodejs/package.json
git commit -m 'Commit SDK for Renovate'
# Push with pulumi-bot credentials to trigger a re-run of the
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
- name: Tar SDK folder
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
- name: Upload artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
retention-days: 30
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure while building SDKs
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
test:
runs-on: pulumi-ubuntu-8core
needs:
- build_sdks
strategy:
fail-fast: true
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
- yaml
name: test
permissions:
contents: read
id-token: write
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Download provider
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
- name: UnTar provider binaries
run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace}}/bin
- name: Restore Binary Permissions
run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
-exec chmod +x {} \;
- name: Download SDK
if: ${{ matrix.language != 'yaml' }}
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: UnTar SDK folder
if: ${{ matrix.language != 'yaml' }}
run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{
github.workspace}}/sdk/${{ matrix.language}}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Node dependencies
run: yarn global add typescript
- run: dotnet nuget add source ${{ github.workspace }}/nuget
- name: Install Python deps
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Install dependencies
if: ${{ matrix.language != 'yaml' }}
run: make install_${{ matrix.language}}_sdk
- name: Generate Pulumi Access Token
id: generate_pulumi_token
uses: pulumi/auth-actions@1c89817aab0c66407723cdef72b05266e7376640 # v1.0.1
with:
organization: pulumi
requested-token-type: urn:pulumi:token-type:access_token:organization
export-environment-variables: false
- name: Export AWS Credentials
uses: pulumi/esc-action@9840934db12128a33f6afb60b17d9de8f7ec5519
env:
PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }}
with:
environment: logins/pulumi-ci
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
with:
install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
version: v2.5.0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run tests
run: >-
set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0
with:
author_name: Failure in SDK tests
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
sentinel:
runs-on: ubuntu-latest
name: sentinel
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Mark workflow as successful
uses: guibranco/github-status-action-v2@3f704867b3ec00272a5f1b550c207789736bbee9 # v1.2.0
with:
authToken: ${{ secrets.GITHUB_TOKEN }}
context: Sentinel
state: success
description: Sentinel checks passed
sha: ${{ github.event.pull_request.head.sha || github.sha }}
permissions:
statuses: write
id-token: write # For ESC secrets.
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
needs:
- test
- prerequisites
- lint
lint:
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
name: lint
uses: ./.github/workflows/lint.yml
secrets: inherit

179
.github/workflows/shared/plugins/code-review/code-review.md vendored
View File

@@ -1,179 +0,0 @@
---
description: High-signal PR review for gh-aw workflows using safe outputs
---
Provide a code review for the given pull request.
**Agent assumptions (applies to all agents and subagents):**
- All tools are functional and will work without error. Do not test tools or make exploratory calls. Make sure this is clear to every subagent that is launched.
- Only call a tool if it is required to complete the task. Every tool call should have a clear purpose.
- Use GitHub MCP tools for repository reads. Do not use `gh` CLI commands for repository inspection or for posting review output.
- Use the workflow PR number as the authoritative target.
- Use only gh-aw safe outputs for review side effects:
- `create-pull-request-review-comment` for actionable inline findings on changed lines
- `submit-pull-request-review` for the final review decision
- `noop` when no action should be taken
- Use cache-memory only for short-lived continuity and deduplication hints. Treat live PR state and current review threads as the source of truth.
- Never post free-form issue comments or use any side channel for review output.
- Respect the workflow safe-output limits. Prioritize the highest-signal unique findings and keep the inline review set within the configured maximum.
- Consult `.gitattributes` when relevant and treat files matched there as generated by default. Ignore findings that exist only in generated outputs such as `.lock.yml` files unless the corresponding source-of-truth files show a real behavioral problem.
To do this, follow these steps precisely:
1. Create a short todo list for yourself before starting.
2. Launch a fast subagent to check if any of the following are true:
- The pull request is closed
- The pull request is a draft
- The pull request does not need code review (e.g. automated PR, trivial change that is obviously correct)
- Required PR context cannot be read from the workflow tools
If any condition is true, call `noop` with a brief reason and stop.
Note: Do not skip solely because prior automated review comments exist. Use prior comments for deduplication and stale-thread cleanup instead.
3. Read any prior review memory for this PR from cache-memory before you start detailed analysis.
Use a PR-specific file such as:
- `/tmp/gh-aw/cache-memory/pr-${PR_NUMBER}.json`
If a prior memory file exists, use it only as a hint for:
- Previously reported issues
- Dedupe patterns
- Prior review timestamps
- Risk areas worth re-checking
Do not trust cache-memory over current GitHub state. If memory conflicts with the live PR, changed files, or review threads, trust the live PR and ignore stale memory.
4. Launch a fast subagent to return a list of file paths (not their contents) for all relevant `CLAUDE.md` files including:
- The root CLAUDE.md file, if it exists
- Any CLAUDE.md files in directories containing files modified by the pull request
5. Launch a subagent to summarize:
- The PR title and description
- The changed files
- The main behavioral changes in the diff
- Any obvious risk areas worth checking carefully
6. Fetch existing review comments on the PR before preparing any new findings. Use them to identify:
- Similar issues already flagged
- Threads where a human already acknowledged the feedback
- Comments on code that has changed since the earlier review and may now be stale
7. Launch 4 review subagents in parallel. Each agent should return a list of candidate issues, where each issue includes:
- A concise description
- The reason it was flagged (for example `CLAUDE.md adherence` or `bug`)
- The changed file path
- The changed line or closest changed hunk
- Why the issue is likely real
Agents 1 + 2: CLAUDE.md compliance sonnet agents
Audit changes for `CLAUDE.md` compliance in parallel. When evaluating a file, only consider `CLAUDE.md` files that share a path scope with that file or its parents.
Agent 3: bug-focused review agent
Scan for obvious bugs. Focus only on the diff itself without reading extra context. Flag only significant bugs; ignore nitpicks and likely false positives. Do not flag issues that you cannot validate without looking at context outside of the git diff.
Agent 4: behavior-focused review agent
Look for problems introduced by the new code, including security issues, incorrect logic, regressions, and missing error handling. Only look for issues that fall within changed code.
**CRITICAL: We only want HIGH SIGNAL issues.** Flag issues where:
- The code will fail to compile or parse (syntax errors, type errors, missing imports, unresolved references)
- The code will definitely produce wrong results regardless of inputs (clear logic errors)
- The code introduces a clear security or regression bug in changed lines
- Clear, unambiguous `CLAUDE.md` violations where you can quote the exact rule being broken
Do NOT flag:
- Code style or quality concerns
- Potential issues that depend on specific inputs or state
- Subjective suggestions or improvements
If you are not certain an issue is real, do not flag it. False positives erode trust and waste reviewer time.
Each review subagent should receive the PR title and description so it can evaluate intent.
8. For each candidate issue, launch validation subagents in parallel. Each validator should receive the PR title, description, issue description, affected file, and affected hunk. The validator must confirm that the issue is real with high confidence.
For bug and logic issues, verify the changed code actually causes the stated problem.
For `CLAUDE.md` issues, verify both:
- The cited rule exists
- The rule applies to that file path and is actually violated
9. Filter out any issue that fails validation.
10. Deduplicate and prune the validated issue list. Remove:
- Issues already covered by an existing review comment
- Issues in threads where a human has already acknowledged the feedback
- Issues that were present in an earlier revision but are fixed in the latest code
- Duplicate findings reported by multiple subagents
- Findings that are not on changed lines or cannot be tied to a changed hunk
- Findings that only came from cache-memory and are not confirmed by the current PR state
11. Classify the remaining issues:
- `Blocking`: correctness, security, regression, data loss, or clear required-rule violations
- `Non-blocking`: actionable but not merge-blocking concerns
12. Produce a short internal summary of findings for yourself:
- If issues remain, list the highest-signal ones first
- If no issues remain, summarize that no actionable high-signal issues were found
13. If no actionable issues remain, submit exactly one final review with `submit-pull-request-review`:
- Use `APPROVE`
- Briefly state that no issues were found after checking for bugs and `CLAUDE.md` compliance
- Do not create inline comments
- Before stopping, write a compact review memory file for this PR containing:
- review timestamp
- PR number
- files reviewed
- summary of what was checked
- `issues_reported: []`
- Stop after the final review is submitted and memory is updated
14. If actionable issues remain, choose the highest-signal unique issues up to the safe-output comment limit. Create a list of planned inline comments for yourself before posting anything.
15. Post one inline comment per chosen issue using `create-pull-request-review-comment`. For each comment:
- Provide a brief description of the issue
- Explain why it matters
- Reference the exact changed line
- Cite the relevant `CLAUDE.md` rule when applicable
- Keep the comment concise and actionable
- Do not post duplicate comments for the same issue
16. Submit exactly one final review using `submit-pull-request-review`:
- Use `REQUEST_CHANGES` when at least one blocking issue remains
- Use `APPROVE` otherwise, including when only non-blocking inline comments were left
- Do not use `COMMENT` as the final review state
- Keep the summary short and aligned with the issues you posted
17. After the final review is submitted, update the PR-specific cache-memory file with a compact record of this review. Store only short-lived operational state such as:
- review timestamp
- PR number
- files reviewed
- issue fingerprints or short summaries
- whether the final review was `APPROVE` or `REQUEST_CHANGES`
Do not store secrets, tokens, personal data, or large blobs. Keep the file concise so future runs can use it for continuity and dedupe.
Use this list when evaluating issues in Steps 4 and 5 (these are false positives, do NOT flag):
- Pre-existing issues
- Something that appears to be a bug but is actually correct
- Pedantic nitpicks that a senior engineer would not flag
- Issues that a linter will catch (do not run the linter to verify)
- General code quality concerns (e.g., lack of test coverage, general security issues) unless explicitly required in CLAUDE.md
- Issues mentioned in CLAUDE.md but explicitly silenced in the code (e.g., via a lint ignore comment)
- Differences that exist only in files classified as generated by `.gitattributes`, unless they expose a real issue in the source workflow, prompt, or other source-of-truth file
Notes:
- Use GitHub tools for all repository reads. Do not use web fetch.
- Always operate on the workflow PR target rather than guessing from local git state.
- Inline comments should only be created for actionable issues on changed lines.
- Cache-memory is best-effort and may be missing or stale. Use it to improve continuity, never to override current repository state.
- When linking to code in an inline comment, use a full GitHub blob URL with a full SHA and a line range, for example: https://github.com/anthropics/claude-code/blob/c21d3c10bc8e898b7ac1a2d745bdc9bc4e423afe/package.json#L10-L15
- Requires full git sha
- Do not use shell substitution in the URL
- Repo name must match the repo you're code reviewing
- Use `#L[start]-L[end]`
- Provide at least one line of context before and after when possible
- If context checks fail or the PR is not reviewable, call `noop` with a brief explanation instead of exiting silently.

68
.github/workflows/shared/review.md vendored
View File

@@ -1,68 +0,0 @@
---
permissions:
contents: read
pull-requests: read
id-token: write
engine:
id: claude
env:
ANTHROPIC_API_KEY: ${{ steps.esc-secrets.outputs.ANTHROPIC_API_KEY || '__GH_AW_ACTIVATION_PLACEHOLDER__' }}
steps:
- env:
ESC_ACTION_ENVIRONMENT: imports/github-secrets
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Validate ESC secret output
env:
ANTHROPIC_API_KEY_FROM_ESC: ${{ steps.esc-secrets.outputs.ANTHROPIC_API_KEY }}
run: |
test -n "$ANTHROPIC_API_KEY_FROM_ESC" || {
echo "ESC did not return ANTHROPIC_API_KEY";
exit 1;
}
tools:
cache-memory: true
github:
lockdown: false
toolsets: [pull_requests, repos]
safe-outputs:
create-pull-request-review-comment:
max: 12
side: "RIGHT"
target: "${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }}"
target-repo: "${{ github.repository }}"
submit-pull-request-review:
max: 1
target: "${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }}"
noop:
max: 1
messages:
footer: "> Reviewed by [{workflow_name}]({run_url})"
run-started: "Started automated PR review for #${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }}."
run-success: "Finished automated PR review for #${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }}."
run-failure: "Automated PR review failed for #${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }} ({status})."
---
Review pull request #${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }} in repository `${{ github.repository }}`.
Workflow-specific rules:
- Use `${{ github.event.pull_request.number || github.event.inputs.pr_number || github.event.issue.number }}` as the authoritative PR target.
- Treat the imported review prompt as the source of the review procedure.
- Use only gh-aw safe outputs for side effects:
- `create-pull-request-review-comment` for actionable inline findings on changed lines
- `submit-pull-request-review` for the final review
- `noop` when the PR is not reviewable or required context is missing
- Submit exactly one final review:
- `REQUEST_CHANGES` when at least one blocking issue exists.
- `APPROVE` otherwise, including when only non-blocking observations exist.
- Do not submit `COMMENT` as the final review state.
- Do not post free-form issue comments outside safe outputs.
- Respect the configured inline comment limit and prioritize the highest-signal unique findings.
- Use cache-memory only as a best-effort continuity aid; live PR state and current review threads are authoritative.
- Ignore discovery steps intended for runs without PR context.

115
.github/workflows/weekly-pulumi-update.yml vendored
View File

@@ -1,115 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
name: weekly-pulumi-update
on:
schedule:
- cron: 35 12 * * 4
workflow_dispatch: {}
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
PROVIDER: docker-build
TRAVIS_OS_NAME: linux
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PULUMI_PULUMI_ENABLE_JOURNALING: "true"
TF_APPEND_USER_AGENT: pulumi
jobs:
weekly-pulumi-update:
runs-on: ubuntu-latest
permissions: write-all
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-auth
with:
app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }}
private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Setup Tools
uses: ./.github/actions/setup-tools
with:
github_token: ${{ steps.app-auth.outputs.token }}
- name: Update Pulumi/Pulumi
id: gomod
run: >-
git config --local user.email 'bot@pulumi.com'
git config --local user.name 'pulumi-bot'
git checkout -b update-pulumi/${{ github.run_id }}-${{ github.run_number }}
gh repo view pulumi/pulumi --json latestRelease --jq .latestRelease.tagName | sed 's/^v//' > .pulumi.version
VERSION=$(cat .pulumi.version) find . -name go.mod -execdir sh -c 'go get github.com/pulumi/pulumi/pkg/v3@v${VERSION} github.com/pulumi/pulumi/sdk/v3@v${VERSION}; go mod tidy' \;
git update-index -q --refresh
if ! git diff-files --quiet; then echo changes=1 >> "$GITHUB_OUTPUT"; fi
- name: Provider with Pulumi Upgrade
if: steps.gomod.outputs.changes != 0
run: >-
make codegen && make local_generate
git add sdk/nodejs
git commit -m "Regenerating Node.js SDK based on updated modules" || echo "ignore commit failure, may be empty"
git add sdk/python
git commit -m "Regenerating Python SDK based on updated modules" || echo "ignore commit failure, may be empty"
git add sdk/dotnet
git commit -m "Regenerating .NET SDK based on updated modules" || echo "ignore commit failure, may be empty"
git add sdk/go*
git commit -m "Regenerating Go SDK based on updated modules" || echo "ignore commit failure, may be empty"
git add sdk/java*
git commit -m "Regenerating Java SDK based on updated modules" || echo "ignore commit failure, may be empty"
git add .
git commit -m "Updated modules" || echo "ignore commit failure, may be empty"
git push origin update-pulumi/${{ github.run_id }}-${{ github.run_number }}
- name: Create PR
id: create-pr
if: steps.gomod.outputs.changes != 0
run: >
ver=$(cat .pulumi.version)
msg="Automated upgrade: bump pulumi/pulumi to ${ver}"
gh pr create -t "$msg" -b "$msg"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
name: weekly-pulumi-update

22
.gitignore vendored
View File

@@ -1,22 +0,0 @@
/vendor/
**/bin/
**/obj/
**/node_modules/
**/.vs
**/.idea
**/.ionide
**/.vscode
*.swp
.pulumi
Pulumi.*.yaml
yarn.lock
ci-scripts
nuget/
coverage.txt
sdk/dotnet/version.txt
sdk/java/.gradle
sdk/java/build/
sdk/java/build.gradle
sdk/python/venv

3
.gitmodules vendored
View File

@@ -1,3 +0,0 @@
[submodule ".devcontainer"]
path = .devcontainer
url = https://github.com/pulumi/devcontainer

53
.golangci.yml
View File

@@ -1,53 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
version: "2"
linters:
enable:
- goconst
- gosec
- lll
- misspell
- nakedret
- revive
- unconvert
exclusions:
generated: lax
presets:
- comments
- common-false-positives
- legacy
- std-error-handling
paths:
- schema.go
- pulumiManifest.go
- pkg/vendored
- third_party$
- builtin$
- examples$
rules:
- linters:
- revive
path: pkg/
text: "var-naming" # https://github.com/pulumi/ci-mgmt/issues/2100
formatters:
enable:
- gci
- gofmt
settings:
gci:
sections:
- standard # Standard section: captures all standard library packages.
- blank # Blank section: contains all blank imports.
- default # Default section: contains all imports that could not be matched to another section type.
- prefix(github.com/pulumi/) # Custom section: groups all imports with the github.com/pulumi/ prefix.
- prefix(github.com/pulumi/pulumi-docker-build) # Custom section: local imports
custom-order: true
exclusions:
generated: lax
paths:
- schema.go
- pulumiManifest.go
- pkg/vendored
- third_party$
- builtin$
- examples$

57
.goreleaser.prerelease.yml
View File

@@ -1,57 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
project_name: pulumi-docker-build
builds:
- id: build-provider
dir: provider
env:
- CGO_ENABLED=0
- GO111MODULE=on
goos:
- darwin
- linux
goarch:
- amd64
- arm64
ignore: &a1 []
main: ./cmd/pulumi-resource-docker-build/
ldflags: &a2
- -s
- -w
- -X
github.com/pulumi/pulumi-docker-build/provider/pkg/version.Version={{.Tag}}
- -X github.com/pulumi/pulumi-docker-build/provider.Version={{.Tag}}
binary: pulumi-resource-docker-build
- id: build-provider-sign-windows
dir: provider
env:
- CGO_ENABLED=0
- GO111MODULE=on
goos:
- windows
goarch:
- amd64
- arm64
ignore: *a1
main: ./cmd/pulumi-resource-docker-build/
ldflags: *a2
binary: pulumi-resource-docker-build
hooks:
post:
- make sign-goreleaser-exe-{{ .Arch }}
archives:
- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}"
id: archive
snapshot:
name_template: "{{ .Tag }}-SNAPSHOT"
changelog:
skip: true
release:
disable: true
blobs:
- provider: s3
region: us-west-2
bucket: get.pulumi.com
folder: releases/plugins/
ids:
- archive

56
.goreleaser.yml
View File

@@ -1,56 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
project_name: pulumi-docker-build
builds:
- id: build-provider
dir: provider
env:
- CGO_ENABLED=0
- GO111MODULE=on
goos:
- darwin
- linux
goarch:
- amd64
- arm64
ignore: &a1 []
main: ./cmd/pulumi-resource-docker-build/
ldflags: &a2
- -s
- -w
- -X
github.com/pulumi/pulumi-docker-build/provider/pkg/version.Version={{.Tag}}
- -X github.com/pulumi/pulumi-docker-build/provider.Version={{.Tag}}
binary: pulumi-resource-docker-build
- id: build-provider-sign-windows
dir: provider
env:
- CGO_ENABLED=0
- GO111MODULE=on
goos:
- windows
goarch:
- amd64
- arm64
ignore: *a1
main: ./cmd/pulumi-resource-docker-build/
ldflags: *a2
binary: pulumi-resource-docker-build
hooks:
post:
- make sign-goreleaser-exe-{{ .Arch }}
archives:
- name_template: "{{ .Binary }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}"
id: archive
snapshot:
name_template: "{{ .Tag }}-SNAPSHOT"
changelog:
skip: true
release:
disable: false
blobs:
- provider: s3
region: us-west-2
bucket: get.pulumi.com
folder: releases/plugins/
ids:
- archive

1
.pulumi.version
View File

@@ -1 +0,0 @@
3.192.0

137
CHANGELOG.md
View File

@@ -1,137 +0,0 @@
## Unreleased
## Changed
- Arguments `CacheFromGitHubActions.URL` and `CacheFromGitHubActions.Token` have been removed. If the previous behaviour is desired, set the `ACTIONS_CACHE_URL` and `ACTIONS_RUNTIME_TOKEN` environment variables. (https://github.com/pulumi/pulumi-docker-build/issues/75)
## 0.0.14 (2025-09-30)
### Fixed
- A warning is no longer emitted for the reserved `__internal` key. (https://github.com/pulumi/pulumi-docker-build/issues/579)
## 0.0.13 (2025-08-27)
### Changed
- Docker Build Cloud and `exec` errors are more helpful. (https://github.com/pulumi/pulumi-docker-build/issues/549)
### Fixed
- The provider is no longer replaced on version changes. (https://github.com/pulumi/pulumi-docker-build/issues/581)
## 0.0.12 (2025-05-16)
### Changed
- Upgraded pulumi-go-provider to v1.0.0-rc2.
### Fixed
- Builds now respect cancellation. (https://github.com/pulumi/pulumi-docker-build/issues/533, https://github.com/pulumi/pulumi-docker-build/pull/522)
## 0.0.11 (2025-04-11)
### Changed
- Upgraded buildx from 0.18.0 to 0.20.1 to remain compatible with upcoming
changes to GitHub Actions. (https://github.com/pulumi/pulumi-docker-build/pull/519)
### Fixed
- Upgrading docker-build no longer causes resource replacements. (<https://github.com/pulumi/pulumi-docker-build/issues/404>)
- Fixed a panic that could occur in `exec` mode. (https://github.com/pulumi/pulumi-docker-build/issues/482)
- The default GitHub Actions cache scope is now correctly set as `buildkit`. (https://github.com/pulumi/pulumi-docker-build/issues/496)
## 0.0.10 (2025-01-27)
### Changed
- Windows binaries are now signed. (https://github.com/pulumi/pulumi-docker-build/pull/429)
## 0.0.9 (2025-01-16)
### Changed
- Upgraded pulumi-go-provider to v0.24.1. (https://github.com/pulumi/pulumi-docker-build/pull/413)
### Fixed
- `ACTIONS_RUNTIME_TOKEN` is now correctly marked as a secret. (https://github.com/pulumi/pulumi-docker-build/issues/403)
## 0.0.8 (2024-12-10)
### Added
- Multiple exports are now allowed if the build daemon is detected to have
version 0.13 of Buildkit or newer.
(https://github.com/pulumi/pulumi-docker-build/issues/21)
### Changed
- Upgraded buildx from 0.16.0 to 0.18.0.
### Fixed
- Custom `# syntax=` directives no longer cause validation errors.
(https://github.com/pulumi/pulumi-docker-build/issues/300)
## 0.0.7 (2024-10-16)
### Fixed
- Fixed an issue where registry authentication couldn't be specified on the
provider. (<https://github.com/pulumi/pulumi-docker-build/issues/262>)
## 0.0.6 (2024-08-13)
### Fixed
- Refreshing an `Index` resource will no longer fail if its stored credentials
have expired. (<https://github.com/pulumi/pulumi-docker-build/pull/194>)
### Changed
- Local and tar exporters will now trigger an update if an export doesn't exist
at the expected path. (<https://github.com/pulumi/pulumi-docker-build/pull/195>)
## 0.0.5 (2024-08-08)
### Fixed
- Fixed Go SDK publishing.
### Changed
- Upgraded docker from 27.0.3 to 27.1.0.
## 0.0.4 (2024-07-15)
### Changed
- Upgraded buildkit from 0.13.0 to 0.15.0.
- Upgraded buildx from 0.13.1. to 0.16.0.
- Upgraded docker from 26.0.0-rc1 to 27.0.3.
- Fixed an issue where warnings were not displayed correctly.
## 0.0.3 (2024-05-31)
### Fixed
- Fixed the default value for `ACTIONS_CACHE_URL` when using GitHub action caching. (<https://github.com/pulumi/pulumi-docker-build/pull/80>)
- Fixed Java SDK publishing. (<https://github.com/pulumi/pulumi-docker-build/pull/89>)
- Fixed a panic that could occur when `context` was omitted. (<https://github.com/pulumi/pulumi-docker-build/pull/83>)
### Changed
- The provider will now wait for new builders to fully boot.
## 0.0.2 (2024-04-25)
### Fixed
- Upgraded pulumi-go-provider to fix a panic during cancellation.
## 0.0.1 (2024-04-23)
Initial release.

80
CODE-OF-CONDUCT.md
View File

@@ -1,80 +0,0 @@
# Contributor Covenant Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, gender identity and expression, level of experience,
education, socio-economic status, nationality, personal appearance, race,
religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment
include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
* Contribute in a positive and constructive way
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Our Community Guidelines
* Be clear and stay on topic. Communicating with strangers on the Internet can make it hard to convey or read tone, and sarcasm is frequently misunderstood. Try to use clear language, and think about how the other person will receive it.
* Dont cross-post the same thing in multiple GitHub Discussion topics or multiple Slack channels. This can make it difficult for people answering your questions and creates "scrollback spam".
* Public discussion is preferred to private. Avoid using Slack DMs for questions, and instead share them in public Slack channels or GitHub Discussion threads. This allows a larger audience to both share their knowledge as well as learn from your question or issue. If you're having a problem, chances are someone else is having a similar problem. Learning in public is a community contribution.
* Minimize notifications to other community members. Avoid tagging other community members in Slack messages or Discussion threads, unless you are replying to something specific. Community members are here to help each other, but are not "on call" for support, and we expect everyone to try to minimize "notification fatigue". If your issue is time-sensitive or critical, use methods like support@pulumi.com instead.
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, GitHub Discussions posts,
and other contributions that are not aligned to this Code of Conduct, or to ban
temporarily or permanently any contributor for other behaviors that they deem
inappropriate, threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces (including the Community Slack
and GitHub Discussions forums) and in public spaces when an individual is representing the
project or its community. Examples of representing a project or community include
using an official project e-mail address, posting via an official social media account,
or acting as an appointed representative at an online or offline event. Representation
of a project may be further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at code-of-conduct@pulumi.com. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
[homepage]: https://www.contributor-covenant.org

312
Makefile
View File

@@ -1,312 +0,0 @@
PROJECT_NAME := Pulumi Docker Build Resource Provider
PACK := docker-build
PACKDIR := sdk
PROJECT := github.com/pulumi/pulumi-docker-build
NODE_MODULE_NAME := @pulumi/docker-build
NUGET_PKG_NAME := Pulumi.DockerBuild
PROVIDER := pulumi-resource-${PACK}
PROVIDER_PATH := provider
VERSION_PATH := ${PROVIDER_PATH}.Version
SCHEMA_PATH := ${PROVIDER_PATH}/cmd/pulumi-resource-${PACK}/schema.json
GOPATH := $(shell go env GOPATH)
WORKING_DIR := $(shell pwd)
EXAMPLES_DIR := ${WORKING_DIR}/examples/yaml
TESTPARALLELISM := 4
PULUMI := pulumi
GOGLANGCILINT := golangci-lint
GOTEST := go test
# Override during CI using `make [TARGET] PROVIDER_VERSION=""` or by setting a PROVIDER_VERSION environment variable
# Local & branch builds will just used this fixed default version unless specified
PROVIDER_VERSION ?= 0.1.0-alpha.0+dev
# Use this normalised version everywhere rather than the raw input to ensure consistency.
VERSION_GENERIC = $(shell pulumictl convert-version --language generic --version "$(PROVIDER_VERSION)")
export PULUMI_IGNORE_AMBIENT_PLUGINS = true
export PULUMI_DISABLE_AUTOMATIC_PLUGIN_ACQUISITION = true
.PHONY: ensure
ensure:: tidy lint test_provider examples
.PHONY: tidy
tidy:
go mod tidy
.PHONY: provider
provider: bin/${PROVIDER} bin/pulumi-gen-${PACK} # Required by CI
.PHONY: local_generate
local_generate: sdk # Required by CI
provider_debug::
(cd provider && go build -o $(WORKING_DIR)/bin/${PROVIDER} -gcflags="all=-N -l" -ldflags "-X ${PROJECT}/${VERSION_PATH}=${VERSION_GENERIC}" $(PROJECT)/${PROVIDER_PATH}/cmd/$(PROVIDER))
test_provider:: # Required by CI
${GOTEST} -short -v -coverprofile="coverage.txt" -coverpkg=./provider/... -timeout 2h -parallel ${TESTPARALLELISM} ./provider/...
test_examples: install_nodejs_sdk install_dotnet_sdk
${GOTEST} -short -v -cover -tags=all -timeout 2h -parallel ${TESTPARALLELISM} ./examples/...
test_all:: test_provider test_examples
.PHONY:
gen_examples:
examples: $(shell mkdir -p examples)
examples: sdk examples/yaml examples/go examples/nodejs examples/python examples/dotnet examples/java
examples/yaml:
rm -rf ${WORKING_DIR}/examples/yaml/app
cp -r ${WORKING_DIR}/examples/app ${WORKING_DIR}/examples/yaml/app
examples/go: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,go)
@git checkout examples/go/go.mod
examples/nodejs: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,nodejs)
@git checkout examples/nodejs/package.json
examples/python: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,python)
@git checkout examples/python/requirements.txt
examples/dotnet: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,dotnet)
@git checkout examples/dotnet/provider-docker-build.csproj
examples/java: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,java)
@git checkout examples/java/pom.xml
define pulumi_login
export PULUMI_CONFIG_PASSPHRASE=asdfqwerty1234; \
pulumi login --local;
endef
define example
rm -rf ${WORKING_DIR}/examples/$(1)
pulumi convert \
--cwd ${WORKING_DIR}/examples/yaml \
--logtostderr \
--generate-only \
--non-interactive \
--language $(1) \
--out ${WORKING_DIR}/examples/$(1)
cp -r ${WORKING_DIR}/examples/app ${WORKING_DIR}/examples/$(1)/app
cp ${WORKING_DIR}/examples/yaml/.dockerignore ${WORKING_DIR}/examples/$(1)/.dockerignore
endef
up::
$(call pulumi_login) \
cd ${EXAMPLES_DIR} && \
pulumi stack init dev && \
pulumi stack select dev && \
pulumi config set name dev && \
pulumi up -y
down::
$(call pulumi_login) \
cd ${EXAMPLES_DIR} && \
pulumi stack select dev && \
pulumi destroy -y && \
pulumi stack rm dev -y
devcontainer::
git submodule update --init --recursive .devcontainer
git submodule update --remote --merge .devcontainer
cp -f .devcontainer/devcontainer.json .devcontainer.json
.PHONY: build
build:: provider sdk/dotnet sdk/go sdk/nodejs sdk/python sdk/java ${SCHEMA_PATH}
# Required for the codegen action that runs in pulumi/pulumi
only_build:: build
.PHONY: lint
lint:
${GOGLANGCILINT} run --fix -c .golangci.yml
install:: install_nodejs_sdk install_dotnet_sdk
cp $(WORKING_DIR)/bin/${PROVIDER} ${GOPATH}/bin
install_dotnet_sdk:: # Required by CI
rm -rf $(WORKING_DIR)/nuget/$(NUGET_PKG_NAME).*.nupkg
mkdir -p $(WORKING_DIR)/nuget
find . -name '*.nupkg' -print -exec cp -p {} ${WORKING_DIR}/nuget \;
install_python_sdk:: # Required by CI
install_go_sdk:: # Required by CI
install_nodejs_sdk:: # Required by CI
-yarn unlink --cwd $(WORKING_DIR)/sdk/nodejs/bin
yarn link --cwd $(WORKING_DIR)/sdk/nodejs/bin
.PHONY: codegen
codegen: # Required by CI
.PHONY: generate_schema
generate_schema: ${SCHEMA_PATH} # Required by CI
.PHONY: build_go install_go_sdk
generate_go: sdk/go # Required by CI
build_go: # Required by CI
.PHONY: build_java install_java_sdk
generate_java: sdk/java # Required by CI
build_java: # Required by CI
.PHONY: build_python install_python_sdk
generate_python: sdk/python # Required by CI
build_python: # Required by CI
.PHONY: build_nodejs install_nodejs_sdk
generate_nodejs: sdk/nodejs # Required by CI
build_nodejs: # Required by CI
.PHONY: build_dotnet install_dotnet_sdk
generate_dotnet: sdk/dotnet # Required by CI
build_dotnet: # Required by CI
${SCHEMA_PATH}: bin/${PROVIDER}
pulumi package get-schema ./bin/${PROVIDER} | jq 'del(.version)' > $(SCHEMA_PATH)
bin/${PROVIDER}: $(shell find ./provider -name '*.go') go.mod
(cd provider && go build -o ../bin/${PROVIDER} -ldflags "-X ${PROJECT}/${VERSION_PATH}=${VERSION_GENERIC}" $(PROJECT)/${PROVIDER_PATH}/cmd/$(PROVIDER))
bin/pulumi-gen-${PACK}: # Required by CI
@mkdir -p bin
touch bin/pulumi-gen-${PACK}
go.mod: $(shell find . -name '*.go')
go.sum: go.mod
sdk: $(shell mkdir -p sdk)
sdk: sdk/python sdk/nodejs sdk/java sdk/python sdk/go sdk/dotnet
# Folders can't be used for up-to-date checks as they will be marked as up-to-date even if the step fails - leading to a broken state.
.PHONY: sdk/*
sdk/python: TMPDIR := $(shell mktemp -d)
sdk/python: bin/${PROVIDER}
rm -rf sdk/python
$(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language python -o ${TMPDIR}
cp README.md ${TMPDIR}/python/
cd ${TMPDIR}/python/ && \
rm -rf ./bin/ ../python.bin/ && cp -R . ../python.bin && mv ../python.bin ./bin && \
python3 -m venv venv && \
./venv/bin/python -m pip install build && \
cd ./bin && \
../venv/bin/python -m build .
mv -f ${TMPDIR}/python ${WORKING_DIR}/sdk/.
sdk/nodejs: TMPDIR := $(shell mktemp -d)
sdk/nodejs: bin/${PROVIDER}
rm -rf sdk/nodejs
$(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language nodejs -o ${TMPDIR}
cp README.md LICENSE ${TMPDIR}/nodejs
cd ${TMPDIR}/nodejs/ && \
yarn install && \
yarn run tsc && \
cp README.md LICENSE package.json yarn.lock bin/
mv -f ${TMPDIR}/nodejs ${WORKING_DIR}/sdk/.
sdk/go: TMPDIR := $(shell mktemp -d)
sdk/go: PATH := "$(WORKING_DIR)/bin:$(PATH)"
sdk/go: bin/${PROVIDER}
rm -rf sdk/go
PATH=$(PATH) $(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language go -o ${TMPDIR}
cp go.mod ${TMPDIR}/go/dockerbuild/go.mod
cd ${TMPDIR}/go/dockerbuild && \
go mod edit -module=github.com/pulumi/pulumi-${PACK}/${PACKDIR}/go/dockerbuild && \
go mod tidy
mv -f ${TMPDIR}/go ${WORKING_DIR}/sdk/go
sdk/dotnet: TMPDIR := $(shell mktemp -d)
sdk/dotnet: bin/${PROVIDER}
rm -rf sdk/dotnet
$(PULUMI) package gen-sdk ./bin/${PROVIDER} --language dotnet -o ${TMPDIR}
cd ${TMPDIR}/dotnet/ && \
echo "$(VERSION_GENERIC)" > version.txt && \
dotnet build
mv -f ${TMPDIR}/dotnet ${WORKING_DIR}/sdk/.
sdk/java: PACKAGE_VERSION := $(shell pulumictl convert-version --language generic -v "$(VERSION_GENERIC)")
sdk/java: TMPDIR := $(shell mktemp -d)
sdk/java: bin/${PROVIDER}
rm -rf sdk/java
$(PULUMI) package gen-sdk --language java ./bin/${PROVIDER} -o ${TMPDIR}
cd ${TMPDIR}/java/ && gradle --console=plain build
mv -f ${TMPDIR}/java ${WORKING_DIR}/sdk/.
docs: $(shell find docs/yaml -type f) $(shell find ./provider/internal/embed -name '*.md') ${SCHEMA_PATH}
go generate docs/generate.go
@touch docs
# Set these variables to enable signing of the windows binary with Azure Trusted Signing.
AZURE_SIGNING_CLIENT_ID ?=
AZURE_SIGNING_CLIENT_SECRET ?=
AZURE_SIGNING_TENANT_ID ?=
AZURE_SIGNING_ACCOUNT_ENDPOINT ?=
AZURE_SIGNING_ACCOUNT_NAME ?=
AZURE_SIGNING_CERT_PROFILE_NAME ?=
SKIP_SIGNING ?=
bin/jsign-7.4.jar:
@mkdir -p bin
wget https://github.com/ebourg/jsign/releases/download/7.4/jsign-7.4.jar --output-document=bin/jsign-7.4.jar
sign-goreleaser-exe-amd64: GORELEASER_ARCH := amd64_v1
sign-goreleaser-exe-arm64: GORELEASER_ARCH := arm64
# Set the shell to bash to allow for the use of bash syntax.
sign-goreleaser-exe-%: SHELL:=/bin/bash
sign-goreleaser-exe-%: bin/jsign-7.4.jar
@# Only sign windows binary if fully configured.
@# Test variables set by joining with | between and looking for || showing at least one variable is empty.
@# Move the binary to a temporary location and sign it there to avoid the target being up-to-date if signing fails.
@set -e; \
if [[ "${SKIP_SIGNING}" != "true" ]]; then \
if [[ "|${AZURE_SIGNING_CLIENT_ID}|${AZURE_SIGNING_CLIENT_SECRET}|${AZURE_SIGNING_TENANT_ID}|${AZURE_SIGNING_ACCOUNT_ENDPOINT}|${AZURE_SIGNING_ACCOUNT_NAME}|${AZURE_SIGNING_CERT_PROFILE_NAME}|" == *"||"* ]]; then \
echo "Can't sign windows binaries as required configuration not set: AZURE_SIGNING_CLIENT_ID, AZURE_SIGNING_CLIENT_SECRET, AZURE_SIGNING_TENANT_ID, AZURE_SIGNING_ACCOUNT_ENDPOINT, AZURE_SIGNING_ACCOUNT_NAME, AZURE_SIGNING_CERT_PROFILE_NAME"; \
echo "To rebuild with signing delete the unsigned windows exe file and rebuild with the fixed configuration"; \
if [[ "${CI}" == "true" ]]; then exit 1; fi; \
else \
file=dist/build-provider-sign-windows_windows_${GORELEASER_ARCH}/pulumi-resource-docker-build.exe; \
mv $${file} $${file}.unsigned; \
az login --service-principal \
--username "${AZURE_SIGNING_CLIENT_ID}" \
--password "${AZURE_SIGNING_CLIENT_SECRET}" \
--tenant "${AZURE_SIGNING_TENANT_ID}" \
--output none; \
ACCESS_TOKEN=$$(az account get-access-token --resource "https://codesigning.azure.net" | jq -r .accessToken); \
ENDPOINT_HOST="$${AZURE_SIGNING_ACCOUNT_ENDPOINT#https://}"; \
ENDPOINT_HOST="$${ENDPOINT_HOST#http://}"; \
ENDPOINT_HOST="$${ENDPOINT_HOST%/}"; \
java -jar bin/jsign-7.4.jar \
--storetype TRUSTEDSIGNING \
--keystore "$${ENDPOINT_HOST}" \
--storepass "$${ACCESS_TOKEN}" \
--alias "${AZURE_SIGNING_ACCOUNT_NAME}/${AZURE_SIGNING_CERT_PROFILE_NAME}" \
$${file}.unsigned; \
mv $${file}.unsigned $${file}; \
az logout; \
fi; \
fi
# To make an immediately observable change to .ci-mgmt.yaml:
#
# - Edit .ci-mgmt.yaml
# - Run make ci-mgmt to apply the change locally.
#
ci-mgmt: .ci-mgmt.yaml
go run github.com/pulumi/ci-mgmt/provider-ci@master generate
.PHONY: ci-mgmt
fi

12
codecov.yml
View File

@@ -1,12 +0,0 @@
comment:
layout: "header, files, footer"
hide_project_coverage: false
coverage:
status:
project:
default:
informational: true
patch:
default:
informational: true

428
docs/_index.md
View File

@@ -1,428 +0,0 @@
---
title: Docker Build
meta_desc: Provides an overview of the Docker Build Provider for Pulumi.
layout: package
---
The Docker Build provider leverages [buildx and BuildKit](https://docs.docker.com/build/architecture/) to build modern Docker images with Pulumi.
Not to be confused with the earlier
[Docker](../docker) provider, which is still
appropriate for managing resources unrelated to building images.
| Provider | Use cases |
| ---------------- | ----------------------------------------------------------------------- |
| `@pulumi/docker-build` | Anything related to building images with `docker build`. |
| `@pulumi/docker` | Everything else -- including running containers and creating networks. |
## Example
If your Pulumi program has a directory called `app` alongside it, containing a
file named "Dockerfile" (which can be as simple as `FROM alpine` for the
purpose of example), then the code below shows how to build a multi-platform
image, publish it to a remote AWS ECR registry, and use an [inline
cache](https://docs.docker.com/build/cache/backends/inline/) to speed up
subsequent builds.
{{< chooser language "typescript,python,csharp,go,yaml,java" >}}
{{% choosable language typescript %}}
```typescript
import * as aws from "@pulumi/aws";
import * as docker_build from "@pulumi/docker-build";
// Create an ECR repository for pushing.
const ecrRepository = new aws.ecr.Repository("ecr-repository", {});
// Grab auth credentials for ECR.
const authToken = aws.ecr.getAuthorizationTokenOutput({
registryId: ecrRepository.registryId,
});
// Build and push an image to ECR with inline caching.
const myImage = new docker_build.Image("my-image", {
// Tag our image with our ECR repository's address.
tags: [pulumi.interpolate`${ecrRepository.repositoryUrl}:latest`],
context: {
location: "./app",
},
// Use the pushed image as a cache source.
cacheFrom: [{
registry: {
ref: pulumi.interpolate`${ecrRepository.repositoryUrl}:latest`,
},
}],
// Include an inline cache with our pushed image.
cacheTo: [{
inline: {},
}],
// Build a multi-platform image manifest for ARM and AMD.
platforms: [
"linux/amd64",
"linux/arm64",
],
// Push the final result to ECR.
push: true,
// Provide our ECR credentials.
registries: [{
address: ecrRepository.repositoryUrl,
password: authToken.password,
username: authToken.userName,
}],
});
// Export a ref for the pushed images so we can deploy it.
export const ref = myImage.ref;
```
{{% /choosable %}}
{{% choosable language python %}}
```python
import pulumi
import pulumi_aws as aws
import pulumi_docker_build as docker_build
# Create an ECR repository for pushing.
ecr_repository = aws.ecr.Repository("ecr-repository")
# Grab auth credentials for ECR.
auth_token = aws.ecr.get_authorization_token_output(registry_id=ecr_repository.registry_id)
# Build and push an image to ECR with inline caching.
my_image = docker_build.Image("my-image",
# Tag our image with our ECR repository's address.
tags=[ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:latest")],
context=docker_build.BuildContextArgs(
location="./app",
),
# Use the pushed image as a cache source.
cache_from=[docker_build.CacheFromArgs(
registry=docker_build.CacheFromRegistryArgs(
ref=ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:latest"),
),
)],
# Include an inline cache with our pushed image.
cache_to=[docker_build.CacheToArgs(
inline=docker_build.CacheToInlineArgs(),
)],
# Build a multi-platform image manifest for ARM and AMD.
platforms=[
docker_build.Platform.LINUX_AMD64,
docker_build.Platform.LINUX_ARM64,
],
# Push the final result to ECR.
push=True,
# Provide our ECR credentials.
registries=[docker_build.RegistryArgs(
address=ecr_repository.repository_url,
password=auth_token.password,
username=auth_token.user_name,
)],
)
# Export a ref for the pushed images so we can deploy it.
pulumi.export("ref", my_image.ref)
```
{{% /choosable %}}
{{% choosable language csharp %}}
```csharp
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using DockerBuild = Pulumi.DockerBuild;
return await Deployment.RunAsync(() =>
{
// Create an ECR repository for pushing.
var ecrRepository = new Aws.Ecr.Repository("ecr-repository");
// Grab auth credentials for ECR.
var authToken = Aws.Ecr.GetAuthorizationToken.Invoke(new()
{
RegistryId = ecrRepository.RegistryId,
});
// Build and push an image to ECR with inline caching.
var myImage = new DockerBuild.Image("my-image", new()
{
// Tag our image with our ECR repository's address.
Tags = new[]
{
ecrRepository.RepositoryUrl.Apply(repositoryUrl => $"{repositoryUrl}:latest"),
},
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
// Use the pushed image as a cache source.
CacheFrom = new[]
{
new DockerBuild.Inputs.CacheFromArgs
{
Registry = new DockerBuild.Inputs.CacheFromRegistryArgs
{
Ref = ecrRepository.RepositoryUrl.Apply(repositoryUrl => $"{repositoryUrl}:latest"),
},
},
},
// Include an inline cache with our pushed image.
CacheTo = new[]
{
new DockerBuild.Inputs.CacheToArgs
{
Inline = null,
},
},
// Build a multi-platform image manifest for ARM and AMD.
Platforms = new[]
{
DockerBuild.Platform.Linux_amd64,
DockerBuild.Platform.Linux_arm64,
},
// Push the final result to ECR.
Push = true,
// Provide our ECR credentials.
Registries = new[]
{
new DockerBuild.Inputs.RegistryArgs
{
Address = ecrRepository.RepositoryUrl,
Password = authToken.Apply(getAuthorizationTokenResult => getAuthorizationTokenResult.Password),
Username = authToken.Apply(getAuthorizationTokenResult => getAuthorizationTokenResult.UserName),
},
},
});
// Export a ref for the pushed images so we can deploy it.
return new Dictionary<string, object?>
{
["ref"] = myImage.Ref,
};
});
```
{{% /choosable %}}
{{% choosable language go %}}
```go
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr"
"github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create an ECR repository for pushing.
ecrRepository, err := ecr.NewRepository(ctx, "ecr-repository", nil)
if err != nil {
return err
}
// Grab auth credentials for ECR.
authToken := ecr.GetAuthorizationTokenOutput(ctx, ecr.GetAuthorizationTokenOutputArgs{
RegistryId: ecrRepository.RegistryId,
}, nil)
// Build and push an image to ECR with inline caching.
myImage, err := dockerbuild.NewImage(ctx, "my-image", &dockerbuild.ImageArgs{
// Tag our image with our ECR repository's address.
Tags: pulumi.StringArray{
ecrRepository.RepositoryUrl.ApplyT(func(repositoryUrl string) (string, error) {
return fmt.Sprintf("%v:latest", repositoryUrl), nil
}).(pulumi.StringOutput),
},
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
// Use the pushed image as a cache source.
CacheFrom: dockerbuild.CacheFromArray{
&dockerbuild.CacheFromArgs{
Registry: &dockerbuild.CacheFromRegistryArgs{
Ref: ecrRepository.RepositoryUrl.ApplyT(func(repositoryUrl string) (string, error) {
return fmt.Sprintf("%v:latest", repositoryUrl), nil
}).(pulumi.StringOutput),
},
},
},
// Include an inline cache with our pushed image.
CacheTo: dockerbuild.CacheToArray{
&dockerbuild.CacheToArgs{
Inline: nil,
},
},
// Build a multi-platform image manifest for ARM and AMD.
Platforms: dockerbuild.PlatformArray{
dockerbuild.Platform_Linux_amd64,
dockerbuild.Platform_Linux_arm64,
},
// Push the final result to ECR.
Push: pulumi.Bool(true),
// Provide our ECR credentials.
Registries: dockerbuild.RegistryArray{
&dockerbuild.RegistryArgs{
Address: ecrRepository.RepositoryUrl,
Password: authToken.ApplyT(func(authToken ecr.GetAuthorizationTokenResult) (*string, error) {
return &authToken.Password, nil
}).(pulumi.StringPtrOutput),
Username: authToken.ApplyT(func(authToken ecr.GetAuthorizationTokenResult) (*string, error) {
return &authToken.UserName, nil
}).(pulumi.StringPtrOutput),
},
},
})
if err != nil {
return err
}
// Export a ref for the pushed images so we can deploy it.
ctx.Export("ref", myImage.Ref)
return nil
})
}
```
{{% /choosable %}}
{{% choosable language yaml %}}
```yaml
description: Push to AWS ECR with caching
name: ecr
outputs:
ref: ${my-image.ref}
resources:
# Create an ECR repository for pushing.
ecr-repository:
type: aws:ecr:Repository
# Build and push an image to ECR with inline caching.
my-image:
type: docker-build:Image
properties:
# Tag our image with our ECR repository's address.
tags:
- ${ecr-repository.repositoryUrl}:latest
context:
location: ./app
# Use the pushed image as a cache source.
cacheFrom:
- registry:
ref: ${ecr-repository.repositoryUrl}:latest
# Include an inline cache with our pushed image.
cacheTo:
- inline: {}
# Build a multi-platform image manifest for ARM and AMD.
platforms:
- linux/amd64
- linux/arm64
# Push the final result to ECR.
push: true
# Provide our ECR credentials.
registries:
- address: ${ecr-repository.repositoryUrl}
password: ${auth-token.password}
username: ${auth-token.userName}
runtime: yaml
variables:
auth-token:
# Grab auth credentials for ECR.
fn::aws:ecr:getAuthorizationToken:
registryId: ${ecr-repository.registryId}
```
{{% /choosable %}}
{{% choosable language java %}}
```java
package myapp;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ecr.Repository;
import com.pulumi.aws.ecr.EcrFunctions;
import com.pulumi.aws.ecr.inputs.GetAuthorizationTokenArgs;
import com.pulumi.dockerbuild.Image;
import com.pulumi.dockerbuild.ImageArgs;
import com.pulumi.dockerbuild.inputs.CacheFromArgs;
import com.pulumi.dockerbuild.inputs.CacheFromRegistryArgs;
import com.pulumi.dockerbuild.inputs.CacheToArgs;
import com.pulumi.dockerbuild.inputs.CacheToInlineArgs;
import com.pulumi.dockerbuild.inputs.BuildContextArgs;
import com.pulumi.dockerbuild.inputs.RegistryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create an ECR repository for pushing.
var ecrRepository = new Repository("ecrRepository");
// Grab auth credentials for ECR.
final var authToken = EcrFunctions.getAuthorizationToken(GetAuthorizationTokenArgs.builder()
.registryId(ecrRepository.registryId())
.build());
// Build and push an image to ECR with inline caching.
var myImage = new Image("myImage", ImageArgs.builder()
// Tag our image with our ECR repository's address.
.tags(ecrRepository.repositoryUrl().applyValue(repositoryUrl -> String.format("%s:latest", repositoryUrl)))
.context(BuildContextArgs.builder()
.location("./app")
.build())
// Use the pushed image as a cache source.
.cacheFrom(CacheFromArgs.builder()
.registry(CacheFromRegistryArgs.builder()
.ref(ecrRepository.repositoryUrl().applyValue(repositoryUrl -> String.format("%s:latest", repositoryUrl)))
.build())
.build())
// Include an inline cache with our pushed image.
.cacheTo(CacheToArgs.builder()
.inline()
.build())
// Build a multi-platform image manifest for ARM and AMD.
.platforms(
"linux/amd64",
"linux/arm64")
// Push the final result to ECR.
.push(true)
// Provide our ECR credentials.
.registries(RegistryArgs.builder()
.address(ecrRepository.repositoryUrl())
.password(authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult).applyValue(authToken -> authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult.password())))
.username(authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult).applyValue(authToken -> authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult.userName())))
.build())
.build());
ctx.export("ref", myImage.ref());
}
}
```
{{% /choosable %}}
{{< /chooser >}}

216
docs/generate.go
View File

@@ -1,216 +0,0 @@
// Copyright 2024, Pulumi Corporation.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//go:generate go run generate.go yaml ../provider/internal/embed
// Package main ingests a multi-document YAML file and converts it into
// Markdown examples.
package main
import (
"fmt"
"io"
"log"
"os"
"os/exec"
"path/filepath"
"strings"
"gopkg.in/yaml.v3"
"github.com/pulumi/pulumi/sdk/v3/go/common/util/contract"
)
func main() {
if len(os.Args) < 3 {
_, _ = fmt.Fprintf(os.Stdout, "Usage: %s <yaml source dir path> <markdown destination path>\n", os.Args[0])
os.Exit(1)
}
yamlPath := os.Args[1]
mdPath := os.Args[2]
if !filepath.IsAbs(yamlPath) {
cwd, err := os.Getwd()
contract.AssertNoErrorf(err, "getting working directory")
yamlPath = filepath.Join(cwd, yamlPath)
}
if err := os.MkdirAll(mdPath, 0o750); err != nil {
panic(err)
}
fileInfo, err := os.Lstat(mdPath)
if err != nil || !fileInfo.IsDir() {
fmt.Fprintf(os.Stderr, "Expect markdown destination %q to be a directory\n", mdPath)
os.Exit(1)
}
yamlFiles, err := os.ReadDir(yamlPath)
if err != nil {
panic(err)
}
for _, yamlFile := range yamlFiles {
if err := processYaml(filepath.Join(yamlPath, yamlFile.Name()), mdPath); err != nil {
log.Fatal(fmt.Errorf("processing %q: %w", yamlFile.Name(), err))
}
}
}
func markdownExamples(examples []string) string {
s := "{{% examples %}}\n## Example Usage\n"
for _, example := range examples {
s += example
}
s += "{{% /examples %}}"
return s
}
func markdownExample(description string,
typescript string,
python string,
csharp string,
golang string,
yaml string,
java string,
) string {
return fmt.Sprintf("{{%% example %%}}\n### %s\n\n"+
"```typescript\n%s```\n"+
"```python\n%s```\n"+
"```csharp\n%s```\n"+
"```go\n%s```\n"+
"```yaml\n%s```\n"+
"```java\n%s```\n"+
"{{%% /example %%}}\n",
description, typescript, python, csharp, golang, yaml, java)
}
func convert(language, tempDir, programFile string) (string, error) {
exampleDir := filepath.Join(tempDir, "example"+language)
//nolint:gosec // No user-provided input.
cmd := exec.Command(
"pulumi",
"convert",
"--language",
language,
"--out",
filepath.Clean(filepath.Join(tempDir, exampleDir)),
"--generate-only",
)
cmd.Stderr = os.Stderr
cmd.Stdout = os.Stdout
cmd.Dir = tempDir
if err := cmd.Run(); err != nil {
return "", fmt.Errorf("converting: %w", err)
}
content, err := os.ReadFile(filepath.Clean(filepath.Join(tempDir, exampleDir, programFile)))
if err != nil {
return "", fmt.Errorf("reading: %w", err)
}
return string(content), nil
}
func processYaml(path, mdDir string) error {
yamlFile, err := os.Open(filepath.Clean(path))
if err != nil {
return err
}
base := filepath.Base(path)
md := strings.NewReplacer(".yaml", ".md", ".yml", ".md").Replace(base)
defer contract.IgnoreClose(yamlFile)
decoder := yaml.NewDecoder(yamlFile)
exampleStrings := []string{}
for {
keepGoing, err := func() (bool, error) {
example := map[string]interface{}{}
err := decoder.Decode(&example)
if err == io.EOF {
return false, nil
}
description, ok := example["description"].(string)
if !ok {
description = ""
}
dir, err := os.MkdirTemp("", "")
if err != nil {
return false, err
}
defer func() {
contract.IgnoreError(os.RemoveAll(dir))
}()
src, err := os.OpenFile(filepath.Clean(filepath.Join(dir, "Pulumi.yaml")), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
if err != nil {
return false, err
}
fmt.Println("Converting:", example)
if err := yaml.NewEncoder(src).Encode(example); err != nil {
return false, err
}
contract.AssertNoErrorf(src.Close(), "closing")
typescript, err := convert("typescript", dir, "index.ts")
if err != nil {
return false, err
}
python, err := convert("python", dir, "__main__.py")
if err != nil {
return false, err
}
csharp, err := convert("csharp", dir, "Program.cs")
if err != nil {
return false, err
}
golang, err := convert("go", dir, "main.go")
if err != nil {
return false, err
}
java, err := convert("java", dir, "src/main/java/generated_program/App.java")
if err != nil {
return false, err
}
yamlContent, err := os.ReadFile(filepath.Clean(filepath.Join(dir, "Pulumi.yaml")))
if err != nil {
return false, err
}
yaml := string(yamlContent)
exampleStrings = append(exampleStrings, markdownExample(description, typescript, python, csharp, golang, yaml, java))
return true, nil
}()
if err != nil {
return err
}
if !keepGoing {
break
}
}
_, _ = fmt.Fprintf(os.Stdout, "Writing %s\n", filepath.Join(mdDir, md))
f, err := os.OpenFile(filepath.Clean(filepath.Join(mdDir, md)), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
if err != nil {
return err
}
defer contract.IgnoreClose(f)
_, err = f.WriteString(markdownExamples(exampleStrings))
contract.AssertNoErrorf(err, "writing examples")
return nil
}

33
docs/installation-configuration.md
View File

@@ -1,33 +0,0 @@
---
title: Docker-Build Installation & Configuration
meta_desc: Provides an overview on how to configure the Pulumi Docker-Build Provider.
layout: package
---
The Pulumi Docker-build provider builds modern Docker images with [buildx](https://docs.docker.com/reference/cli/docker/buildx/) and [BuildKit](https://docs.docker.com/build/buildkit/).
## Installation
The Docker-Build provider is available as a package in all Pulumi languages:
* JavaScript/TypeScript: [`@pulumi/docker-build`](https://www.npmjs.com/package/@pulumi/docker-build)
* Python: [`pulumi-docker-build`](https://pypi.org/project/pulumi-docker-build/)
* Go: [`github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild`](https://github.com/pulumi/pulumi-docker-build)
* .NET: [`Pulumi.DockerBuild`](https://www.nuget.org/packages/Pulumi.DockerBuild)
* Java: [`com.pulumi/docker-build`](https://central.sonatype.com/artifact/com.pulumi/docker-build)
## Configuring The Provider
### Host
The `DOCKER_HOST` environment variable can be used to specify a custom build daemon's location.
```bash
$ export DOCKER_HOST=tcp://127.0.0.1:2376/
```
This can also be specified in your stack's configuration:
```bash
$ pulumi config set docker-build:host tcp://127.0.0.1:2376/
```

190
docs/yaml/image-examples.yaml
View File

@@ -1,190 +0,0 @@
name: ecr
description: Push to AWS ECR with caching
outputs:
ref: ${my-image.ref}
resources:
ecr-repository:
type: aws:ecr:Repository
my-image:
type: docker-build:Image
properties:
tags:
- ${ecr-repository.repositoryUrl}:latest
push: true
context:
location: ./app
cacheFrom:
- registry:
ref: ${ecr-repository.repositoryUrl}:cache
cacheTo:
- registry:
ref: ${ecr-repository.repositoryUrl}:cache
imageManifest: true
ociMediaTypes: true
registries:
- username: ${auth-token.userName}
password: ${auth-token.password}
address: ${ecr-repository.repositoryUrl}
runtime: yaml
variables:
auth-token:
fn::aws:ecr:getAuthorizationToken:
registryId: ${ecr-repository.registryId}
---
name: multi-platform
runtime: yaml
description: Multi-platform image
resources:
image:
type: docker-build:Image
properties:
context:
location: "app"
platforms:
- plan9/amd64
- plan9/386
push: false
---
name: registry
runtime: yaml
description: Registry export
resources:
image:
type: docker-build:Image
properties:
tags:
- "docker.io/pulumi/pulumi:3.107.0"
context:
location: "app"
push: true
registries:
- address: docker.io
username: pulumibot
password: ${dockerHubPassword}
outputs:
ref: ${my-image.ref}
---
name: caching
runtime: yaml
description: Caching
resources:
image:
type: docker-build:Image
properties:
context:
location: "app"
cacheTo:
- local:
dest: tmp/cache
mode: max
cacheFrom:
- local:
src: tmp/cache
push: false
---
name: dbc
runtime: yaml
description: Docker Build Cloud
resources:
image:
type: docker-build:Image
properties:
context:
location: "app"
exec: true
builder:
name: cloud-builder-name
push: false
---
name: build-args
runtime: yaml
description: Build arguments
resources:
image:
type: docker-build:Image
properties:
context:
location: "app"
buildArgs:
SET_ME_TO_TRUE: "true"
push: false
---
name: build-target
runtime: yaml
description: Build target
resources:
image:
type: docker-build:Image
properties:
context:
location: "app"
target: "build-me"
push: false
---
name: named-contexts
runtime: yaml
description: Named contexts
resources:
image:
type: docker-build:Image
properties:
context:
location: app
named:
"golang:latest":
location: "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984"
push: false
---
name: remote-context
runtime: yaml
description: Remote context
resources:
image:
type: docker-build:Image
properties:
context:
location: "https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile"
push: false
---
name: inline
runtime: yaml
description: Inline Dockerfile
resources:
image:
type: docker-build:Image
properties:
dockerfile:
inline: |
FROM busybox
COPY hello.c ./
context:
location: "app"
push: false
---
name: remote-context
runtime: yaml
description: Remote context
resources:
image:
type: docker-build:Image
properties:
dockerfile:
location: app/Dockerfile
context:
location: "https://github.com/docker-library/hello-world.git"
push: false
---
name: docker-load
runtime: yaml
description: Local export
resources:
image:
type: docker-build:Image
properties:
context:
location: "app"
exports:
- docker:
tar: true
push: false

48
docs/yaml/index-examples.yaml
View File

@@ -1,48 +0,0 @@
name: registry-caching
description: Multi-platform registry caching
runtime: yaml
resources:
arm64:
type: docker-build:Image
properties:
context:
location: "app"
platforms:
- linux/arm64
tags:
- "docker.io/pulumi/pulumi:3.107.0-arm64"
cacheTo:
- registry:
ref: "docker.io/pulumi/pulumi:cache-arm64"
mode: max
cacheFrom:
- registry:
ref: "docker.io/pulumi/pulumi:cache-arm64"
amd64:
type: docker-build:Image
properties:
context:
location: "app"
platforms:
- linux/amd64
tags:
- "docker.io/pulumi/pulumi:3.107.0-amd64"
cacheTo:
- registry:
ref: "docker.io/pulumi/pulumi:cache-amd64"
mode: max
cacheFrom:
- registry:
ref: "docker.io/pulumi/pulumi:cache-amd64"
index:
type: docker-build:Index
properties:
tag: "docker.io/pulumi/pulumi:3.107.0"
sources:
- ${amd64.ref}
- ${arm64.ref}
outputs:
ref: ${index.ref}

2
examples/app/Dockerfile
View File

@@ -1,2 +0,0 @@
FROM alpine
RUN echo 👍

5
examples/app/Dockerfile.buildArgs
View File

@@ -1,5 +0,0 @@
FROM alpine
ARG SET_ME_TO_TRUE
RUN [ "$SET_ME_TO_TRUE" = "true" ]
RUN echo "That's the correct build arg, thanks! 👍"

2
examples/app/Dockerfile.emptyContext
View File

@@ -1,2 +0,0 @@
FROM alpine
RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

3
examples/app/Dockerfile.extraHosts
View File

@@ -1,3 +0,0 @@
FROM bash AS base
RUN getent hosts metadata.google.internal

7
examples/app/Dockerfile.multiPlatform
View File

@@ -1,7 +0,0 @@
FROM --platform=$BUILDPLATFORM alpine as build
RUN echo ${BUILDPLATFORM} > buildplatform
RUN echo ${TARGETPLATFORM} > targetplatform
FROM build
RUN cat buildplatform
RUN cat targetplatform

5
examples/app/Dockerfile.namedContexts
View File

@@ -1,5 +0,0 @@
# syntax=docker/dockerfile:1.4
FROM golang:latest
RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

4
examples/app/Dockerfile.secrets
View File

@@ -1,4 +0,0 @@
FROM alpine
RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]

5
examples/app/Dockerfile.sshMount
View File

@@ -1,5 +0,0 @@
FROM alpine
RUN apk add openssh-client
RUN --mount=type=ssh ssh-add -l

8
examples/app/Dockerfile.target
View File

@@ -1,8 +0,0 @@
FROM alpine as build-me
RUN echo 👍
FROM build-me as also-build-me
RUN echo 🤙
FROM build-me as dont-build-me
RUN [ "true" = "false" ]

2
examples/dotnet/.dockerignore
View File

@@ -1,2 +0,0 @@
command-output
tmp

353
examples/dotnet/.gitignore vendored
View File

@@ -1,353 +0,0 @@
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
##
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
# User-specific files
*.rsuser
*.suo
*.user
*.userosscache
*.sln.docstates
# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs
# Mono auto generated files
mono_crash.*
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
[Aa][Rr][Mm]/
[Aa][Rr][Mm]64/
bld/
[Bb]in/
[Oo]bj/
[Ll]og/
[Ll]ogs/
# Visual Studio 2015/2017 cache/options directory
.vs/
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/
# Visual Studio 2017 auto generated files
Generated\ Files/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
# NUnit
*.VisualState.xml
TestResult.xml
nunit-*.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
# Benchmark Results
BenchmarkDotNet.Artifacts/
# .NET Core
project.lock.json
project.fragment.lock.json
artifacts/
# StyleCop
StyleCopReport.xml
# Files built by Visual Studio
*_i.c
*_p.c
*_h.h
*.ilk
*.meta
*.obj
*.iobj
*.pch
*.pdb
*.ipdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*_wpftmp.csproj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
*.VC.VC.opendb
# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap
# Visual Studio Trace Files
*.e2e
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# JustCode is a .NET coding add-in
.JustCode
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# AxoCover is a Code Coverage Tool
.axoCover/*
!.axoCover/settings.json
# Visual Studio code coverage results
*.coverage
*.coveragexml
# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# Note: Comment the next line if you want to checkin your web deploy settings,
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj
# Microsoft Azure Web App publish settings. Comment the next line if you want to
# checkin your Azure Web App publish settings, but sensitive information contained
# in these scripts will be unencrypted
PublishScripts/
# NuGet Packages
*.nupkg
# NuGet Symbol Packages
*.snupkg
# The packages folder can be ignored because of Package Restore
**/[Pp]ackages/*
# except build/, which is used as an MSBuild target.
!**/[Pp]ackages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/[Pp]ackages/repositories.config
# NuGet v3's project.json files produces more ignorable files
*.nuget.props
*.nuget.targets
# Microsoft Azure Build Output
csx/
*.build.csdef
# Microsoft Azure Emulator
ecf/
rcf/
# Windows Store app package directories and files
AppPackages/
BundleArtifacts/
Package.StoreAssociation.xml
_pkginfo.txt
*.appx
*.appxbundle
*.appxupload
# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!?*.[Cc]ache/
# Others
ClientBin/
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.jfm
*.pfx
*.publishsettings
orleans.codegen.cs
# Including strong name files can present a security risk
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
#*.snk
# Since there are multiple workflows, uncomment next line to ignore bower_components
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
#bower_components/
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
ServiceFabricBackup/
*.rptproj.bak
# SQL Server files
*.mdf
*.ldf
*.ndf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
*.rptproj.rsuser
*- [Bb]ackup.rdl
*- [Bb]ackup ([0-9]).rdl
*- [Bb]ackup ([0-9][0-9]).rdl
# Microsoft Fakes
FakesAssemblies/
# GhostDoc plugin setting file
*.GhostDoc.xml
# Node.js Tools for Visual Studio
.ntvs_analysis.dat
node_modules/
# Visual Studio 6 build log
*.plg
# Visual Studio 6 workspace options file
*.opt
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
*.vbw
# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions
# Paket dependency manager
.paket/paket.exe
paket-files/
# FAKE - F# Make
.fake/
# CodeRush personal settings
.cr/personal
# Python Tools for Visual Studio (PTVS)
__pycache__/
*.pyc
# Cake - Uncomment if you are using it
# tools/**
# !tools/packages.config
# Tabs Studio
*.tss
# Telerik's JustMock configuration file
*.jmconfig
# BizTalk build output
*.btp.cs
*.btm.cs
*.odx.cs
*.xsd.cs
# OpenCover UI analysis results
OpenCover/
# Azure Stream Analytics local run output
ASALocalRun/
# MSBuild Binary and Structured Log
*.binlog
# NVidia Nsight GPU debugger configuration file
*.nvuser
# MFractors (Xamarin productivity tool) working folder
.mfractor/
# Local History for Visual Studio
.localhistory/
# BeatPulse healthcheck temp database
healthchecksdb
# Backup folder for Package Reference Convert tool in Visual Studio 2017
MigrationBackup/
# Ionide (cross platform F# VS Code tools) working folder
.ionide/

268
examples/dotnet/Program.cs
View File

@@ -1,268 +0,0 @@
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using DockerBuild = Pulumi.DockerBuild;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var dockerHubPassword = config.Require("dockerHubPassword");
var multiPlatform = new DockerBuild.Image("multiPlatform", new()
{
Push = false,
Dockerfile = new DockerBuild.Inputs.DockerfileArgs
{
Location = "./app/Dockerfile.multiPlatform",
},
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
Platforms = new[]
{
DockerBuild.Platform.Plan9_amd64,
DockerBuild.Platform.Plan9_386,
},
});
var registryPush = new DockerBuild.Image("registryPush", new()
{
Push = false,
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
Tags = new[]
{
"docker.io/pulumibot/buildkit-e2e:example",
},
Exports = new[]
{
new DockerBuild.Inputs.ExportArgs
{
Registry = new DockerBuild.Inputs.ExportRegistryArgs
{
OciMediaTypes = true,
Push = false,
},
},
},
Registries = new[]
{
new DockerBuild.Inputs.RegistryArgs
{
Address = "docker.io",
Username = "pulumibot",
Password = dockerHubPassword,
},
},
});
var cached = new DockerBuild.Image("cached", new()
{
Push = false,
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
CacheTo = new[]
{
new DockerBuild.Inputs.CacheToArgs
{
Local = new DockerBuild.Inputs.CacheToLocalArgs
{
Dest = "tmp/cache",
Mode = DockerBuild.CacheMode.Max,
},
},
},
CacheFrom = new[]
{
new DockerBuild.Inputs.CacheFromArgs
{
Local = new DockerBuild.Inputs.CacheFromLocalArgs
{
Src = "tmp/cache",
},
},
},
});
var buildArgs = new DockerBuild.Image("buildArgs", new()
{
Push = false,
Dockerfile = new DockerBuild.Inputs.DockerfileArgs
{
Location = "./app/Dockerfile.buildArgs",
},
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
BuildArgs =
{
{ "SET_ME_TO_TRUE", "true" },
},
});
var extraHosts = new DockerBuild.Image("extraHosts", new()
{
Push = false,
Dockerfile = new DockerBuild.Inputs.DockerfileArgs
{
Location = "./app/Dockerfile.extraHosts",
},
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
AddHosts = new[]
{
"metadata.google.internal:169.254.169.254",
},
});
var sshMount = new DockerBuild.Image("sshMount", new()
{
Push = false,
Dockerfile = new DockerBuild.Inputs.DockerfileArgs
{
Location = "./app/Dockerfile.sshMount",
},
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
Ssh = new[]
{
new DockerBuild.Inputs.SSHArgs
{
Id = "default",
},
},
});
var secrets = new DockerBuild.Image("secrets", new()
{
Push = false,
Dockerfile = new DockerBuild.Inputs.DockerfileArgs
{
Location = "./app/Dockerfile.secrets",
},
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
Secrets =
{
{ "password", "hunter2" },
},
});
var labels = new DockerBuild.Image("labels", new()
{
Push = false,
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
Labels =
{
{ "description", "This image will get a descriptive label 👍" },
},
});
var target = new DockerBuild.Image("target", new()
{
Push = false,
Dockerfile = new DockerBuild.Inputs.DockerfileArgs
{
Location = "./app/Dockerfile.target",
},
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
Target = "build-me",
});
var namedContexts = new DockerBuild.Image("namedContexts", new()
{
Push = false,
Dockerfile = new DockerBuild.Inputs.DockerfileArgs
{
Location = "./app/Dockerfile.namedContexts",
},
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
Named =
{
{ "golang:latest", new DockerBuild.Inputs.ContextArgs
{
Location = "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
} },
},
},
});
var remoteContext = new DockerBuild.Image("remoteContext", new()
{
Push = false,
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile",
},
});
var remoteContextWithInline = new DockerBuild.Image("remoteContextWithInline", new()
{
Push = false,
Dockerfile = new DockerBuild.Inputs.DockerfileArgs
{
Inline = @"FROM busybox
COPY hello.c ./
",
},
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "https://github.com/docker-library/hello-world.git",
},
});
var inline = new DockerBuild.Image("inline", new()
{
Push = false,
Dockerfile = new DockerBuild.Inputs.DockerfileArgs
{
Inline = @"FROM alpine
RUN echo ""This uses an inline Dockerfile! 👍""
",
},
});
var dockerLoad = new DockerBuild.Image("dockerLoad", new()
{
Push = false,
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
Exports = new[]
{
new DockerBuild.Inputs.ExportArgs
{
Docker = new DockerBuild.Inputs.ExportDockerArgs
{
Tar = true,
},
},
},
});
return new Dictionary<string, object?>
{
["platforms"] = multiPlatform.Platforms,
};
});

10
examples/dotnet/Pulumi.yaml
View File

@@ -1,10 +0,0 @@
name: provider-docker-build
runtime: dotnet
config:
dockerHubPassword:
type: string
secret: true
plugins:
providers:
- name: docker-build
path: ../../bin

2
examples/dotnet/app/Dockerfile
View File

@@ -1,2 +0,0 @@
FROM alpine
RUN echo 👍

5
examples/dotnet/app/Dockerfile.buildArgs
View File

@@ -1,5 +0,0 @@
FROM alpine
ARG SET_ME_TO_TRUE
RUN [ "$SET_ME_TO_TRUE" = "true" ]
RUN echo "That's the correct build arg, thanks! 👍"

2
examples/dotnet/app/Dockerfile.emptyContext
View File

@@ -1,2 +0,0 @@
FROM alpine
RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

3
examples/dotnet/app/Dockerfile.extraHosts
View File

@@ -1,3 +0,0 @@
FROM bash AS base
RUN getent hosts metadata.google.internal

7
examples/dotnet/app/Dockerfile.multiPlatform
View File

@@ -1,7 +0,0 @@
FROM --platform=$BUILDPLATFORM alpine as build
RUN echo ${BUILDPLATFORM} > buildplatform
RUN echo ${TARGETPLATFORM} > targetplatform
FROM build
RUN cat buildplatform
RUN cat targetplatform

5
examples/dotnet/app/Dockerfile.namedContexts
View File

@@ -1,5 +0,0 @@
# syntax=docker/dockerfile:1.4
FROM golang:latest
RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

4
examples/dotnet/app/Dockerfile.secrets
View File

@@ -1,4 +0,0 @@
FROM alpine
RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]

5
examples/dotnet/app/Dockerfile.sshMount
View File

@@ -1,5 +0,0 @@
FROM alpine
RUN apk add openssh-client
RUN --mount=type=ssh ssh-add -l

8
examples/dotnet/app/Dockerfile.target
View File

@@ -1,8 +0,0 @@
FROM alpine as build-me
RUN echo 👍
FROM build-me as also-build-me
RUN echo 🤙
FROM build-me as dont-build-me
RUN [ "true" = "false" ]

14
examples/dotnet/provider-docker-build.csproj
View File

@@ -1,14 +0,0 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net8.0</TargetFramework>
<Nullable>enable</Nullable>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Pulumi" Version="3.*" />
<PackageReference Include="Pulumi.DockerBuild" Version="0.0.2-alpha.1712594380+4cd6d49b.dirty" />
</ItemGroup>
</Project>

40
examples/dotnet_test.go
View File

@@ -1,40 +0,0 @@
//go:build dotnet || all
// +build dotnet all
package examples
import (
"os"
"os/exec"
"path"
"path/filepath"
"testing"
"github.com/stretchr/testify/require"
"github.com/pulumi/pulumi/pkg/v3/testing/integration"
)
func TestDotNetExample(t *testing.T) {
cwd, err := os.Getwd()
require.NoError(t, err)
nuget := filepath.Join(cwd, "../nuget")
t.Setenv("PULUMI_LOCAL_NUGET", nuget)
cmd := exec.Command("dotnet", "nuget", "add", "source", nuget)
_ = cmd.Run()
test := integration.ProgramTestOptions{
Dir: path.Join(cwd, "dotnet"),
Dependencies: []string{
"Pulumi.DockerBuild",
},
Secrets: map[string]string{
"dockerHubPassword": os.Getenv("DOCKER_HUB_PASSWORD"),
},
NoParallel: true,
}
integration.ProgramTest(t, &test)
}

2
examples/go/.dockerignore
View File

@@ -1,2 +0,0 @@
command-output
tmp

10
examples/go/Pulumi.yaml
View File

@@ -1,10 +0,0 @@
name: provider-docker-build
runtime: go
config:
dockerHubPassword:
type: string
secret: true
plugins:
providers:
- name: docker-build
path: ../../bin

2
examples/go/app/Dockerfile
View File

@@ -1,2 +0,0 @@
FROM alpine
RUN echo 👍

5
examples/go/app/Dockerfile.buildArgs
View File

@@ -1,5 +0,0 @@
FROM alpine
ARG SET_ME_TO_TRUE
RUN [ "$SET_ME_TO_TRUE" = "true" ]
RUN echo "That's the correct build arg, thanks! 👍"

2
examples/go/app/Dockerfile.emptyContext
View File

@@ -1,2 +0,0 @@
FROM alpine
RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

3
examples/go/app/Dockerfile.extraHosts
View File

@@ -1,3 +0,0 @@
FROM bash AS base
RUN getent hosts metadata.google.internal

7
examples/go/app/Dockerfile.multiPlatform
View File

@@ -1,7 +0,0 @@
FROM --platform=$BUILDPLATFORM alpine as build
RUN echo ${BUILDPLATFORM} > buildplatform
RUN echo ${TARGETPLATFORM} > targetplatform
FROM build
RUN cat buildplatform
RUN cat targetplatform

5
examples/go/app/Dockerfile.namedContexts
View File

@@ -1,5 +0,0 @@
# syntax=docker/dockerfile:1.4
FROM golang:latest
RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

4
examples/go/app/Dockerfile.secrets
View File

@@ -1,4 +0,0 @@
FROM alpine
RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]

5
examples/go/app/Dockerfile.sshMount
View File

@@ -1,5 +0,0 @@
FROM alpine
RUN apk add openssh-client
RUN --mount=type=ssh ssh-add -l

8
examples/go/app/Dockerfile.target
View File

@@ -1,8 +0,0 @@
FROM alpine as build-me
RUN echo 👍
FROM build-me as also-build-me
RUN echo 🤙
FROM build-me as dont-build-me
RUN [ "true" = "false" ]

96
examples/go/go.mod
View File

@@ -1,96 +0,0 @@
module provider-docker-build
go 1.24.7
toolchain go1.24.13
require (
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.15
github.com/pulumi/pulumi/sdk/v3 v3.209.0
)
require (
dario.cat/mergo v1.0.1 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/ProtonMail/go-crypto v1.2.0 // indirect
github.com/agext/levenshtein v1.2.3 // indirect
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
github.com/atotto/clipboard v0.1.4 // indirect
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
github.com/blang/semver v3.5.1+incompatible // indirect
github.com/charmbracelet/bubbles v0.21.0 // indirect
github.com/charmbracelet/bubbletea v1.3.4 // indirect
github.com/charmbracelet/colorprofile v0.3.0 // indirect
github.com/charmbracelet/lipgloss v1.1.0 // indirect
github.com/charmbracelet/x/ansi v0.8.0 // indirect
github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
github.com/charmbracelet/x/term v0.2.1 // indirect
github.com/cheggaaa/pb v1.0.29 // indirect
github.com/cloudflare/circl v1.6.3 // indirect
github.com/cyphar/filepath-securejoin v0.4.1 // indirect
github.com/djherbis/times v1.6.0 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-git/go-billy/v5 v5.6.2 // indirect
github.com/go-git/go-git/v5 v5.16.5 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/glog v1.2.5 // indirect
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/hcl/v2 v2.23.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-localereader v0.0.1 // indirect
github.com/mattn/go-runewidth v0.0.16 // indirect
github.com/mitchellh/go-ps v1.0.0 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
github.com/muesli/cancelreader v0.2.2 // indirect
github.com/muesli/termenv v0.16.0 // indirect
github.com/opentracing/basictracer-go v1.1.0 // indirect
github.com/opentracing/opentracing-go v1.2.0 // indirect
github.com/pgavlin/fx v0.1.6 // indirect
github.com/pgavlin/fx/v2 v2.0.10 // indirect
github.com/pjbgf/sha1cd v0.3.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pkg/term v1.1.0 // indirect
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect
github.com/pulumi/esc v0.23.0 // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/rogpeppe/go-internal v1.14.1 // indirect
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
github.com/sergi/go-diff v1.4.0 // indirect
github.com/skeema/knownhosts v1.3.1 // indirect
github.com/spf13/cast v1.5.0 // indirect
github.com/spf13/cobra v1.10.1 // indirect
github.com/spf13/pflag v1.0.9 // indirect
github.com/texttheater/golang-levenshtein v1.0.1 // indirect
github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect
github.com/uber/jaeger-lib v2.4.1+incompatible // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
github.com/zclconf/go-cty v1.16.3 // indirect
go.uber.org/atomic v1.11.0 // indirect
golang.org/x/crypto v0.46.0 // indirect
golang.org/x/exp v0.0.0-20250718183923-645b1fa84792 // indirect
golang.org/x/mod v0.30.0 // indirect
golang.org/x/net v0.48.0 // indirect
golang.org/x/sync v0.19.0 // indirect
golang.org/x/sys v0.39.0 // indirect
golang.org/x/term v0.38.0 // indirect
golang.org/x/text v0.32.0 // indirect
golang.org/x/tools v0.39.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
google.golang.org/grpc v1.79.3 // indirect
google.golang.org/protobuf v1.36.10 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
lukechampine.com/frand v1.5.1 // indirect
)

310
examples/go/go.sum
View File

@@ -1,310 +0,0 @@
dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM=
github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo=
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
github.com/ProtonMail/go-crypto v1.2.0 h1:+PhXXn4SPGd+qk76TlEePBfOfivE0zkWFenhGhFLzWs=
github.com/ProtonMail/go-crypto v1.2.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/charmbracelet/bubbles v0.21.0 h1:9TdC97SdRVg/1aaXNVWfFH3nnLAwOXr8Fn6u6mfQdFs=
github.com/charmbracelet/bubbles v0.21.0/go.mod h1:HF+v6QUR4HkEpz62dx7ym2xc71/KBHg+zKwJtMw+qtg=
github.com/charmbracelet/bubbletea v1.3.4 h1:kCg7B+jSCFPLYRA52SDZjr51kG/fMUEoPoZrkaDHyoI=
github.com/charmbracelet/bubbletea v1.3.4/go.mod h1:dtcUCyCGEX3g9tosuYiut3MXgY/Jsv9nKVdibKKRRXo=
github.com/charmbracelet/colorprofile v0.3.0 h1:KtLh9uuu1RCt+Hml4s6Hz+kB1PfV3wi++1h5ia65yKQ=
github.com/charmbracelet/colorprofile v0.3.0/go.mod h1:oHJ340RS2nmG1zRGPmhJKJ/jf4FPNNk0P39/wBPA1G0=
github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY=
github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30=
github.com/charmbracelet/x/ansi v0.8.0 h1:9GTq3xq9caJW8ZrBTe0LIe2fvfLR/bYXKTx2llXn7xE=
github.com/charmbracelet/x/ansi v0.8.0/go.mod h1:wdYl/ONOLHLIVmQaxbIYEC/cRKOQyjTkowiI4blgS9Q=
github.com/charmbracelet/x/cellbuf v0.0.13 h1:/KBBKHuVRbq1lYx5BzEHBAFBP8VcQzJejZ/IA3iR28k=
github.com/charmbracelet/x/cellbuf v0.0.13/go.mod h1:xe0nKWGd3eJgtqZRaN9RjMtK7xUYchjzPr7q6kcvCCs=
github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ=
github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg=
github.com/cheggaaa/pb v1.0.29 h1:FckUN5ngEk2LpvuG0fw1GEFx6LtyY2pWI/Z2QgCnEYo=
github.com/cheggaaa/pb v1.0.29/go.mod h1:W40334L7FMC5JKWldsTWbdGjLo0RxUKK73K+TuPxX30=
github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8=
github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=
github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o=
github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=
github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4=
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM=
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
github.com/go-git/go-git/v5 v5.16.5 h1:mdkuqblwr57kVfXri5TTH+nMFLNUxIj9Z7F5ykFbw5s=
github.com/go-git/go-git/v5 v5.16.5/go.mod h1:QOMLpNf1qxuSY4StA/ArOdfFR2TrKEjJiye2kel2m+M=
github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang/glog v1.2.5 h1:DrW6hGnjIhtvhOIiAKT6Psh/Kd/ldepEa81DKeiRJ5I=
github.com/golang/glog v1.2.5/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU=
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos=
github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4=
github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88=
github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI=
github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo=
github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA=
github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=
github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
github.com/opentracing/basictracer-go v1.1.0 h1:Oa1fTSBvAl8pa3U+IJYqrKm0NALwH9OsgwOqDv4xJW0=
github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS69fQMD+MNP1mRs6mBQc=
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU=
github.com/pgavlin/fx v0.1.6/go.mod h1:KWZJ6fqBBSh8GxHYqwYCf3rYE7Gp2p0N8tJp8xv9u9M=
github.com/pgavlin/fx/v2 v2.0.10 h1:ggyQ6pB+lEQEbEae48Wh/X221eLOamMD7i01ISe88u4=
github.com/pgavlin/fx/v2 v2.0.10/go.mod h1:M/nF/ooAOy+NUBooYYXl2REARzJ/giPJxfMs8fINfKc=
github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4=
github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/term v1.1.0 h1:xIAAdCMh3QIAy+5FrE8Ad8XoDhEU4ufwbaSozViP9kk=
github.com/pkg/term v1.1.0/go.mod h1:E25nymQcrSllhX42Ok8MRm1+hyBdHY0dCeiKZ9jpNGw=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0=
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE=
github.com/pulumi/esc v0.23.0 h1:5lOXO+5vvXOEQxXw7cTuYhjg9lVng23f9XNLWDR9EP4=
github.com/pulumi/esc v0.23.0/go.mod h1:mkghIFn/TvN3XnP4jmCB4U5BG1I4UjGluARi39ckrCE=
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.15 h1:K6F/3o44gGj+ljRS4spCGvAXMSwECHITjaCccfjXNyE=
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.15/go.mod h1:cZyHs6q34kbQZJYaBjWUJhPsgwUFoL6xyjo7sRqBcv4=
github.com/pulumi/pulumi/sdk/v3 v3.209.0 h1:Ti0FohAset2HEgogTxTOWoyvQd2N2+pkTSIn5DW3W7s=
github.com/pulumi/pulumi/sdk/v3 v3.209.0/go.mod h1:qBMg01woyYVNqNDJXpFL1e5gdN7oQQvCNNNtfq1gsEo=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY=
github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8=
github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY=
github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY=
github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U=
github.com/texttheater/golang-levenshtein v1.0.1/go.mod h1:PYAKrbF5sAiq9wd+H82hs7gNaen0CplQ9uvm6+enD/8=
github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o=
github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg=
github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/zclconf/go-cty v1.16.3 h1:osr++gw2T61A8KVYHoQiFbFd1Lh3JOCXc/jFLJXKTxk=
github.com/zclconf/go-cty v1.16.3/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
golang.org/x/exp v0.0.0-20250718183923-645b1fa84792 h1:R9PFI6EUdfVKgwKjZef7QIwGcBKu86OEFpJ9nUEP2l4=
golang.org/x/exp v0.0.0-20250718183923-645b1fa84792/go.mod h1:A+z0yzpGtvnG90cToK5n2tu8UJVP2XUATh+r+sfOOOc=
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
lukechampine.com/frand v1.5.1 h1:fg0eRtdmGFIxhP5zQJzM1lFDbD6CUfu/f+7WgAZd5/w=
lukechampine.com/frand v1.5.1/go.mod h1:4VstaWc2plN4Mjr10chUD46RAVGWhpkZ5Nja8+Azp0Q=
pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw=
pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

234
examples/go/main.go
View File

@@ -1,234 +0,0 @@
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
"github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
dockerHubPassword := cfg.Require("dockerHubPassword")
multiPlatform, err := dockerbuild.NewImage(ctx, "multiPlatform", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Dockerfile: &dockerbuild.DockerfileArgs{
Location: pulumi.String("./app/Dockerfile.multiPlatform"),
},
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
Platforms: dockerbuild.PlatformArray{
dockerbuild.Platform_Plan9_amd64,
dockerbuild.Platform_Plan9_386,
},
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "registryPush", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
Tags: pulumi.StringArray{
pulumi.String("docker.io/pulumibot/buildkit-e2e:example"),
},
Exports: dockerbuild.ExportArray{
&dockerbuild.ExportArgs{
Registry: &dockerbuild.ExportRegistryArgs{
OciMediaTypes: pulumi.Bool(true),
Push: pulumi.Bool(false),
},
},
},
Registries: dockerbuild.RegistryArray{
&dockerbuild.RegistryArgs{
Address: pulumi.String("docker.io"),
Username: pulumi.String("pulumibot"),
Password: pulumi.String(dockerHubPassword),
},
},
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "cached", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
CacheTo: dockerbuild.CacheToArray{
&dockerbuild.CacheToArgs{
Local: &dockerbuild.CacheToLocalArgs{
Dest: pulumi.String("tmp/cache"),
Mode: dockerbuild.CacheModeMax,
},
},
},
CacheFrom: dockerbuild.CacheFromArray{
&dockerbuild.CacheFromArgs{
Local: &dockerbuild.CacheFromLocalArgs{
Src: pulumi.String("tmp/cache"),
},
},
},
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "buildArgs", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Dockerfile: &dockerbuild.DockerfileArgs{
Location: pulumi.String("./app/Dockerfile.buildArgs"),
},
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
BuildArgs: pulumi.StringMap{
"SET_ME_TO_TRUE": pulumi.String("true"),
},
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "extraHosts", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Dockerfile: &dockerbuild.DockerfileArgs{
Location: pulumi.String("./app/Dockerfile.extraHosts"),
},
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
AddHosts: pulumi.StringArray{
pulumi.String("metadata.google.internal:169.254.169.254"),
},
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "sshMount", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Dockerfile: &dockerbuild.DockerfileArgs{
Location: pulumi.String("./app/Dockerfile.sshMount"),
},
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
Ssh: dockerbuild.SSHArray{
&dockerbuild.SSHArgs{
Id: pulumi.String("default"),
},
},
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "secrets", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Dockerfile: &dockerbuild.DockerfileArgs{
Location: pulumi.String("./app/Dockerfile.secrets"),
},
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
Secrets: pulumi.StringMap{
"password": pulumi.String("hunter2"),
},
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "labels", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
Labels: pulumi.StringMap{
"description": pulumi.String("This image will get a descriptive label 👍"),
},
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "target", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Dockerfile: &dockerbuild.DockerfileArgs{
Location: pulumi.String("./app/Dockerfile.target"),
},
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
Target: pulumi.String("build-me"),
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "namedContexts", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Dockerfile: &dockerbuild.DockerfileArgs{
Location: pulumi.String("./app/Dockerfile.namedContexts"),
},
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
Named: dockerbuild.ContextMap{
"golang:latest": &dockerbuild.ContextArgs{
Location: pulumi.String("docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984"),
},
},
},
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "remoteContext", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile"),
},
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "remoteContextWithInline", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Dockerfile: &dockerbuild.DockerfileArgs{
Inline: pulumi.String("FROM busybox\nCOPY hello.c ./\n"),
},
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("https://github.com/docker-library/hello-world.git"),
},
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "inline", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Dockerfile: &dockerbuild.DockerfileArgs{
Inline: pulumi.String("FROM alpine\nRUN echo \"This uses an inline Dockerfile! 👍\"\n"),
},
})
if err != nil {
return err
}
_, err = dockerbuild.NewImage(ctx, "dockerLoad", &dockerbuild.ImageArgs{
Push: pulumi.Bool(false),
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
Exports: dockerbuild.ExportArray{
&dockerbuild.ExportArgs{
Docker: &dockerbuild.ExportDockerArgs{
Tar: pulumi.Bool(true),
},
},
},
})
if err != nil {
return err
}
ctx.Export("platforms", multiPlatform.Platforms)
return nil
})
}

31
examples/go_test.go
View File

@@ -1,31 +0,0 @@
//go:build go || all
// +build go all
package examples
import (
"os"
"path"
"testing"
"github.com/stretchr/testify/require"
"github.com/pulumi/pulumi/pkg/v3/testing/integration"
)
func TestGoExample(t *testing.T) {
cwd, err := os.Getwd()
require.NoError(t, err)
test := integration.ProgramTestOptions{
Dir: path.Join(cwd, "go"),
Dependencies: []string{
"github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild=../sdk/go/dockerbuild",
},
Secrets: map[string]string{
"dockerHubPassword": os.Getenv("DOCKER_HUB_PASSWORD"),
},
}
integration.ProgramTest(t, &test)
}

2
examples/java/.dockerignore
View File

@@ -1,2 +0,0 @@
command-output
tmp

10
examples/java/Pulumi.yaml
View File

@@ -1,10 +0,0 @@
name: provider-docker-build
runtime: java
config:
dockerHubPassword:
type: string
secret: true
plugins:
providers:
- name: docker-build
path: ../../bin

2
examples/java/app/Dockerfile
View File

@@ -1,2 +0,0 @@
FROM alpine
RUN echo 👍

5
examples/java/app/Dockerfile.buildArgs
View File

@@ -1,5 +0,0 @@
FROM alpine
ARG SET_ME_TO_TRUE
RUN [ "$SET_ME_TO_TRUE" = "true" ]
RUN echo "That's the correct build arg, thanks! 👍"

2
examples/java/app/Dockerfile.emptyContext
View File

@@ -1,2 +0,0 @@
FROM alpine
RUN echo "This image doesn't use any local files, so it doesn't need a context parameter 👍"

3
examples/java/app/Dockerfile.extraHosts
View File

@@ -1,3 +0,0 @@
FROM bash AS base
RUN getent hosts metadata.google.internal

7
examples/java/app/Dockerfile.multiPlatform
View File

@@ -1,7 +0,0 @@
FROM --platform=$BUILDPLATFORM alpine as build
RUN echo ${BUILDPLATFORM} > buildplatform
RUN echo ${TARGETPLATFORM} > targetplatform
FROM build
RUN cat buildplatform
RUN cat targetplatform

5
examples/java/app/Dockerfile.namedContexts
View File

@@ -1,5 +0,0 @@
# syntax=docker/dockerfile:1.4
FROM golang:latest
RUN version="$(go version)" && echo $version && [ "$version" = "go version go1.21.7 linux/amd64" ]
RUN echo "This image uses named contexts to pin golang:latest to a specific SHA 👍"

4
examples/java/app/Dockerfile.secrets
View File

@@ -1,4 +0,0 @@
FROM alpine
RUN --mount=type=secret,id=password [ "$(cat /run/secrets/password)" = "hunter2" ]

5
examples/java/app/Dockerfile.sshMount
View File

@@ -1,5 +0,0 @@
FROM alpine
RUN apk add openssh-client
RUN --mount=type=ssh ssh-add -l

8
examples/java/app/Dockerfile.target
View File

@@ -1,8 +0,0 @@
FROM alpine as build-me
RUN echo 👍
FROM build-me as also-build-me
RUN echo 🤙
FROM build-me as dont-build-me
RUN [ "true" = "false" ]

92
examples/java/pom.xml
View File

@@ -1,92 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.pulumi</groupId>
<artifactId>provider-docker-build</artifactId>
<version>1.0-SNAPSHOT</version>
<properties>
<encoding>UTF-8</encoding>
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>
<maven.compiler.release>11</maven.compiler.release>
<mainClass>generated_program.App</mainClass>
<mainArgs/>
</properties>
<dependencies>
<dependency>
<groupId>com.pulumi</groupId>
<artifactId>pulumi</artifactId>
<version>(,1.0]</version>
</dependency>
<dependency>
<groupId>com.pulumi</groupId>
<artifactId>docker-build</artifactId>
<version>[0.0.0,)</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.2.2</version>
<configuration>
<archive>
<manifest>
<addClasspath>true</addClasspath>
<mainClass>${mainClass}</mainClass>
</manifest>
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>3.4.2</version>
<configuration>
<archive>
<manifest>
<addClasspath>true</addClasspath>
<mainClass>${mainClass}</mainClass>
</manifest>
</archive>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
<executions>
<execution>
<id>make-my-jar-with-dependencies</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>3.1.0</version>
<configuration>
<mainClass>${mainClass}</mainClass>
<commandlineArgs>${mainArgs}</commandlineArgs>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-wrapper-plugin</artifactId>
<version>3.1.1</version>
<configuration>
<mavenVersion>3.8.5</mavenVersion>
</configuration>
</plugin>
</plugins>
</build>
</project>

204
examples/java/src/main/java/generated_program/App.java
View File

@@ -1,204 +0,0 @@
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.dockerbuild.Image;
import com.pulumi.dockerbuild.ImageArgs;
import com.pulumi.dockerbuild.inputs.DockerfileArgs;
import com.pulumi.dockerbuild.inputs.BuildContextArgs;
import com.pulumi.dockerbuild.inputs.ExportArgs;
import com.pulumi.dockerbuild.inputs.ExportRegistryArgs;
import com.pulumi.dockerbuild.inputs.RegistryArgs;
import com.pulumi.dockerbuild.inputs.CacheToArgs;
import com.pulumi.dockerbuild.inputs.CacheToLocalArgs;
import com.pulumi.dockerbuild.inputs.CacheFromArgs;
import com.pulumi.dockerbuild.inputs.CacheFromLocalArgs;
import com.pulumi.dockerbuild.inputs.SSHArgs;
import com.pulumi.dockerbuild.inputs.ExportDockerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var dockerHubPassword = config.get("dockerHubPassword");
var multiPlatform = new Image("multiPlatform", ImageArgs.builder()
.push(false)
.dockerfile(DockerfileArgs.builder()
.location("./app/Dockerfile.multiPlatform")
.build())
.context(BuildContextArgs.builder()
.location("./app")
.build())
.platforms(
"plan9/amd64",
"plan9/386")
.build());
var registryPush = new Image("registryPush", ImageArgs.builder()
.push(false)
.context(BuildContextArgs.builder()
.location("./app")
.build())
.tags("docker.io/pulumibot/buildkit-e2e:example")
.exports(ExportArgs.builder()
.registry(ExportRegistryArgs.builder()
.ociMediaTypes(true)
.push(false)
.build())
.build())
.registries(RegistryArgs.builder()
.address("docker.io")
.username("pulumibot")
.password(dockerHubPassword)
.build())
.build());
var cached = new Image("cached", ImageArgs.builder()
.push(false)
.context(BuildContextArgs.builder()
.location("./app")
.build())
.cacheTo(CacheToArgs.builder()
.local(CacheToLocalArgs.builder()
.dest("tmp/cache")
.mode("max")
.build())
.build())
.cacheFrom(CacheFromArgs.builder()
.local(CacheFromLocalArgs.builder()
.src("tmp/cache")
.build())
.build())
.build());
var buildArgs = new Image("buildArgs", ImageArgs.builder()
.push(false)
.dockerfile(DockerfileArgs.builder()
.location("./app/Dockerfile.buildArgs")
.build())
.context(BuildContextArgs.builder()
.location("./app")
.build())
.buildArgs(Map.of("SET_ME_TO_TRUE", "true"))
.build());
var extraHosts = new Image("extraHosts", ImageArgs.builder()
.push(false)
.dockerfile(DockerfileArgs.builder()
.location("./app/Dockerfile.extraHosts")
.build())
.context(BuildContextArgs.builder()
.location("./app")
.build())
.addHosts("metadata.google.internal:169.254.169.254")
.build());
var sshMount = new Image("sshMount", ImageArgs.builder()
.push(false)
.dockerfile(DockerfileArgs.builder()
.location("./app/Dockerfile.sshMount")
.build())
.context(BuildContextArgs.builder()
.location("./app")
.build())
.ssh(SSHArgs.builder()
.id("default")
.build())
.build());
var secrets = new Image("secrets", ImageArgs.builder()
.push(false)
.dockerfile(DockerfileArgs.builder()
.location("./app/Dockerfile.secrets")
.build())
.context(BuildContextArgs.builder()
.location("./app")
.build())
.secrets(Map.of("password", "hunter2"))
.build());
var labels = new Image("labels", ImageArgs.builder()
.push(false)
.context(BuildContextArgs.builder()
.location("./app")
.build())
.labels(Map.of("description", "This image will get a descriptive label 👍"))
.build());
var target = new Image("target", ImageArgs.builder()
.push(false)
.dockerfile(DockerfileArgs.builder()
.location("./app/Dockerfile.target")
.build())
.context(BuildContextArgs.builder()
.location("./app")
.build())
.target("build-me")
.build());
var namedContexts = new Image("namedContexts", ImageArgs.builder()
.push(false)
.dockerfile(DockerfileArgs.builder()
.location("./app/Dockerfile.namedContexts")
.build())
.context(BuildContextArgs.builder()
.location("./app")
.named(Map.of("golang:latest", Map.of("location", "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984")))
.build())
.build());
var remoteContext = new Image("remoteContext", ImageArgs.builder()
.push(false)
.context(BuildContextArgs.builder()
.location("https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile")
.build())
.build());
var remoteContextWithInline = new Image("remoteContextWithInline", ImageArgs.builder()
.push(false)
.dockerfile(DockerfileArgs.builder()
.inline("""
FROM busybox
COPY hello.c ./
""")
.build())
.context(BuildContextArgs.builder()
.location("https://github.com/docker-library/hello-world.git")
.build())
.build());
var inline = new Image("inline", ImageArgs.builder()
.push(false)
.dockerfile(DockerfileArgs.builder()
.inline("""
FROM alpine
RUN echo "This uses an inline Dockerfile! 👍"
""")
.build())
.build());
var dockerLoad = new Image("dockerLoad", ImageArgs.builder()
.push(false)
.context(BuildContextArgs.builder()
.location("./app")
.build())
.exports(ExportArgs.builder()
.docker(ExportDockerArgs.builder()
.tar(true)
.build())
.build())
.build());
ctx.export("platforms", multiPlatform.platforms());
}
}

Some files were not shown because too many files have changed in this diff Show More