sam_oneal/pulumi-docker-build
1
0
Fork 0
Code Actions Packages Releases Wiki Activity

Compare commits

base: sam_oneal:update-github-actions-workflows-493
Branches Tags
sam_oneal:main sam_oneal:debug-image sam_oneal:renovate/major-pulumi sam_oneal:renovate/security sam_oneal:update-pulumi/26579044728-128 sam_oneal:update-pulumi/26229658565-127 sam_oneal:renovate/major-security sam_oneal:update-pulumi/25497905451-125 sam_oneal:update-github-actions-workflows-1172 sam_oneal:update-pulumi/24511459645-122 sam_oneal:update-pulumi/24191344757-121 sam_oneal:update-pulumi/23901444046-120 sam_oneal:update-pulumi/23595431521-119 sam_oneal:update-pulumi/23295872936-118 sam_oneal:update-github-actions-workflows-704 sam_oneal:update-pulumi/23002983312-117 sam_oneal:update-pulumi/22718886647-116 sam_oneal:update-github-actions-workflows-1114 sam_oneal:update-pulumi/22442999542-115 sam_oneal:update-pulumi/22182641498-114 sam_oneal:update-github-actions-workflows-1092 sam_oneal:update-pulumi/21947465199-113 sam_oneal:iwahhbe/update-dotnet-codegen sam_oneal:update-pulumi/21712281897-112 sam_oneal:update-github-actions-workflows-642 sam_oneal:update-pulumi/21478933959-111 sam_oneal:update-pulumi/21249204200-110 sam_oneal:update-pulumi/21031979833-109 sam_oneal:update-pulumi/20817484855-108 sam_oneal:update-pulumi/20638879280-107 sam_oneal:update-pulumi/20505377620-106 sam_oneal:update-pulumi/20337605127-105 sam_oneal:update-github-actions-workflows-1025 sam_oneal:update-github-actions-workflows-1024 sam_oneal:update-github-actions-workflows-568 sam_oneal:update-github-actions-workflows-1023 sam_oneal:update-github-actions-workflows-1022 sam_oneal:update-github-actions-workflows-1021 sam_oneal:update-github-actions-workflows-1020 sam_oneal:update-github-actions-workflows-1019 sam_oneal:update-pulumi/20133762954-104 sam_oneal:update-github-actions-workflows-1016 sam_oneal:update-github-actions-workflows-1015 sam_oneal:update-github-actions-workflows-1014 sam_oneal:update-github-actions-workflows-1013 sam_oneal:update-github-actions-workflows-1012 sam_oneal:update-github-actions-workflows-1011 sam_oneal:update-pulumi/19929659171-103 sam_oneal:update-github-actions-workflows-1010 sam_oneal:update-github-actions-workflows-1009 sam_oneal:update-github-actions-workflows-1008 sam_oneal:update-github-actions-workflows-1007 sam_oneal:update-github-actions-workflows-1006 sam_oneal:update-github-actions-workflows-1005 sam_oneal:update-github-actions-workflows-1004 sam_oneal:update-github-actions-workflows-1003 sam_oneal:update-pulumi/19736920399-102 sam_oneal:update-github-actions-workflows-1002 sam_oneal:update-github-actions-workflows-1001 sam_oneal:update-github-actions-workflows-1000 sam_oneal:update-pulumi/19537526118-101 sam_oneal:update-pulumi/19332198478-100 sam_oneal:update-github-actions-workflows-985 sam_oneal:update-github-actions-workflows-984 sam_oneal:update-github-actions-workflows-983 sam_oneal:pose/fixes/golangci-lint-upgrade-to-v2 sam_oneal:update-github-actions-workflows-982 sam_oneal:update-github-actions-workflows-981 sam_oneal:update-pulumi/19136291852-99 sam_oneal:update-github-actions-workflows-980 sam_oneal:update-github-actions-workflows-979 sam_oneal:update-github-actions-workflows-978 sam_oneal:update-github-actions-workflows-977 sam_oneal:update-github-actions-workflows-976 sam_oneal:update-github-actions-workflows-975 sam_oneal:update-github-actions-workflows-974 sam_oneal:update-pulumi/18941265690-98 sam_oneal:update-github-actions-workflows-973 sam_oneal:update-github-actions-workflows-972 sam_oneal:update-github-actions-workflows-971 sam_oneal:update-github-actions-workflows-970 sam_oneal:update-github-actions-workflows-969 sam_oneal:update-github-actions-workflows-965 sam_oneal:update-pulumi/18748991289-97 sam_oneal:update-pulumi/18561908881-96 sam_oneal:update-pulumi/18376962578-95 sam_oneal:update-pulumi/18193512866-94 sam_oneal:update-github-actions-workflows-552 sam_oneal:update-github-actions-workflows-548 sam_oneal:update-github-actions-workflows-546 sam_oneal:update-pulumi/18008090346-93 sam_oneal:update-pulumi/17829264550-92 sam_oneal:update-pulumi/17645108435-91 sam_oneal:update-github-actions-workflows-920 sam_oneal:update-github-actions-workflows-913 sam_oneal:update-github-actions-workflows-912 sam_oneal:update-github-actions-workflows-911 sam_oneal:update-github-actions-workflows-910 sam_oneal:update-pulumi/17296416183-89 sam_oneal:update-pulumi/17127477815-88 sam_oneal:update-github-actions-workflows-889 sam_oneal:update-github-actions-workflows-493 sam_oneal:blampe/json-keys sam_oneal:update-pulumi/16497427062-83 sam_oneal:blampe/go-provider-bracket sam_oneal:update-github-actions-workflows-784 sam_oneal:update-pulumi/14642101166-70 sam_oneal:adopt-ci-mgmt sam_oneal:mise sam_oneal:blampe/gha-token sam_oneal:iwahbe/upgrade-go-provider sam_oneal:ci
sam_oneal:v0.0.19 sam_oneal:sdk/go/dockerbuild/v0.0.18 sam_oneal:v0.0.18 sam_oneal:sdk/go/dockerbuild/v0.0.17 sam_oneal:v0.0.17 sam_oneal:sdk/go/dockerbuild/v0.0.16 sam_oneal:v0.0.16 sam_oneal:sdk/go/dockerbuild/v0.0.15 sam_oneal:v0.0.15 sam_oneal:sdk/go/dockerbuild/v0.0.14 sam_oneal:v0.0.14 sam_oneal:sdk/go/dockerbuild/v0.0.13 sam_oneal:v0.0.13 sam_oneal:sdk/go/dockerbuild/v0.0.12 sam_oneal:v0.0.12 sam_oneal:sdk/go/dockerbuild/v0.0.11 sam_oneal:v0.0.11 sam_oneal:sdk/go/dockerbuild/v0.0.10 sam_oneal:v0.0.10 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.99 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.100 sam_oneal:v0.0.1-alpha.100 sam_oneal:v0.0.1-testwindows.signing sam_oneal:sdk/go/dockerbuild/v0.0.9 sam_oneal:v0.0.9 sam_oneal:sdk/go/dockerbuild/v0.0.8 sam_oneal:v0.0.8 sam_oneal:sdk/go/dockerbuild/v0.0.7 sam_oneal:v0.0.7 sam_oneal:sdk/go/dockerbuild/v0.0.6 sam_oneal:v0.0.6 sam_oneal:sdk/go/dockerbuild/v0.0.5 sam_oneal:v0.0.5 sam_oneal:sdk/go/dockerbuild/v0.0.4 sam_oneal:v0.0.4 sam_oneal:sdk/go/dockerbuild/v0.0.3 sam_oneal:sdk/v0.0.3 sam_oneal:v0.0.3 sam_oneal:v0.0.2 sam_oneal:sdk/v0.0.2 sam_oneal:sdk/v0.0.1 sam_oneal:v0.0.1 sam_oneal:v0.0.1-alpha.3 sam_oneal:v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.1 sam_oneal:v0.0.1-alpha.1
..
compare: sam_oneal:update-github-actions-workflows-973
Branches Tags
sam_oneal:debug-image sam_oneal:renovate/major-pulumi sam_oneal:renovate/security sam_oneal:main sam_oneal:update-pulumi/26579044728-128 sam_oneal:update-pulumi/26229658565-127 sam_oneal:renovate/major-security sam_oneal:update-pulumi/25497905451-125 sam_oneal:update-github-actions-workflows-1172 sam_oneal:update-pulumi/24511459645-122 sam_oneal:update-pulumi/24191344757-121 sam_oneal:update-pulumi/23901444046-120 sam_oneal:update-pulumi/23595431521-119 sam_oneal:update-pulumi/23295872936-118 sam_oneal:update-github-actions-workflows-704 sam_oneal:update-pulumi/23002983312-117 sam_oneal:update-pulumi/22718886647-116 sam_oneal:update-github-actions-workflows-1114 sam_oneal:update-pulumi/22442999542-115 sam_oneal:update-pulumi/22182641498-114 sam_oneal:update-github-actions-workflows-1092 sam_oneal:update-pulumi/21947465199-113 sam_oneal:iwahhbe/update-dotnet-codegen sam_oneal:update-pulumi/21712281897-112 sam_oneal:update-github-actions-workflows-642 sam_oneal:update-pulumi/21478933959-111 sam_oneal:update-pulumi/21249204200-110 sam_oneal:update-pulumi/21031979833-109 sam_oneal:update-pulumi/20817484855-108 sam_oneal:update-pulumi/20638879280-107 sam_oneal:update-pulumi/20505377620-106 sam_oneal:update-pulumi/20337605127-105 sam_oneal:update-github-actions-workflows-1025 sam_oneal:update-github-actions-workflows-1024 sam_oneal:update-github-actions-workflows-568 sam_oneal:update-github-actions-workflows-1023 sam_oneal:update-github-actions-workflows-1022 sam_oneal:update-github-actions-workflows-1021 sam_oneal:update-github-actions-workflows-1020 sam_oneal:update-github-actions-workflows-1019 sam_oneal:update-pulumi/20133762954-104 sam_oneal:update-github-actions-workflows-1016 sam_oneal:update-github-actions-workflows-1015 sam_oneal:update-github-actions-workflows-1014 sam_oneal:update-github-actions-workflows-1013 sam_oneal:update-github-actions-workflows-1012 sam_oneal:update-github-actions-workflows-1011 sam_oneal:update-pulumi/19929659171-103 sam_oneal:update-github-actions-workflows-1010 sam_oneal:update-github-actions-workflows-1009 sam_oneal:update-github-actions-workflows-1008 sam_oneal:update-github-actions-workflows-1007 sam_oneal:update-github-actions-workflows-1006 sam_oneal:update-github-actions-workflows-1005 sam_oneal:update-github-actions-workflows-1004 sam_oneal:update-github-actions-workflows-1003 sam_oneal:update-pulumi/19736920399-102 sam_oneal:update-github-actions-workflows-1002 sam_oneal:update-github-actions-workflows-1001 sam_oneal:update-github-actions-workflows-1000 sam_oneal:update-pulumi/19537526118-101 sam_oneal:update-pulumi/19332198478-100 sam_oneal:update-github-actions-workflows-985 sam_oneal:update-github-actions-workflows-984 sam_oneal:update-github-actions-workflows-983 sam_oneal:pose/fixes/golangci-lint-upgrade-to-v2 sam_oneal:update-github-actions-workflows-982 sam_oneal:update-github-actions-workflows-981 sam_oneal:update-pulumi/19136291852-99 sam_oneal:update-github-actions-workflows-980 sam_oneal:update-github-actions-workflows-979 sam_oneal:update-github-actions-workflows-978 sam_oneal:update-github-actions-workflows-977 sam_oneal:update-github-actions-workflows-976 sam_oneal:update-github-actions-workflows-975 sam_oneal:update-github-actions-workflows-974 sam_oneal:update-pulumi/18941265690-98 sam_oneal:update-github-actions-workflows-973 sam_oneal:update-github-actions-workflows-972 sam_oneal:update-github-actions-workflows-971 sam_oneal:update-github-actions-workflows-970 sam_oneal:update-github-actions-workflows-969 sam_oneal:update-github-actions-workflows-965 sam_oneal:update-pulumi/18748991289-97 sam_oneal:update-pulumi/18561908881-96 sam_oneal:update-pulumi/18376962578-95 sam_oneal:update-pulumi/18193512866-94 sam_oneal:update-github-actions-workflows-552 sam_oneal:update-github-actions-workflows-548 sam_oneal:update-github-actions-workflows-546 sam_oneal:update-pulumi/18008090346-93 sam_oneal:update-pulumi/17829264550-92 sam_oneal:update-pulumi/17645108435-91 sam_oneal:update-github-actions-workflows-920 sam_oneal:update-github-actions-workflows-913 sam_oneal:update-github-actions-workflows-912 sam_oneal:update-github-actions-workflows-911 sam_oneal:update-github-actions-workflows-910 sam_oneal:update-pulumi/17296416183-89 sam_oneal:update-pulumi/17127477815-88 sam_oneal:update-github-actions-workflows-889 sam_oneal:update-github-actions-workflows-493 sam_oneal:blampe/json-keys sam_oneal:update-pulumi/16497427062-83 sam_oneal:blampe/go-provider-bracket sam_oneal:update-github-actions-workflows-784 sam_oneal:update-pulumi/14642101166-70 sam_oneal:adopt-ci-mgmt sam_oneal:mise sam_oneal:blampe/gha-token sam_oneal:iwahbe/upgrade-go-provider sam_oneal:ci
sam_oneal:v0.0.19 sam_oneal:sdk/go/dockerbuild/v0.0.18 sam_oneal:v0.0.18 sam_oneal:sdk/go/dockerbuild/v0.0.17 sam_oneal:v0.0.17 sam_oneal:sdk/go/dockerbuild/v0.0.16 sam_oneal:v0.0.16 sam_oneal:sdk/go/dockerbuild/v0.0.15 sam_oneal:v0.0.15 sam_oneal:sdk/go/dockerbuild/v0.0.14 sam_oneal:v0.0.14 sam_oneal:sdk/go/dockerbuild/v0.0.13 sam_oneal:v0.0.13 sam_oneal:sdk/go/dockerbuild/v0.0.12 sam_oneal:v0.0.12 sam_oneal:sdk/go/dockerbuild/v0.0.11 sam_oneal:v0.0.11 sam_oneal:sdk/go/dockerbuild/v0.0.10 sam_oneal:v0.0.10 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.99 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.100 sam_oneal:v0.0.1-alpha.100 sam_oneal:v0.0.1-testwindows.signing sam_oneal:sdk/go/dockerbuild/v0.0.9 sam_oneal:v0.0.9 sam_oneal:sdk/go/dockerbuild/v0.0.8 sam_oneal:v0.0.8 sam_oneal:sdk/go/dockerbuild/v0.0.7 sam_oneal:v0.0.7 sam_oneal:sdk/go/dockerbuild/v0.0.6 sam_oneal:v0.0.6 sam_oneal:sdk/go/dockerbuild/v0.0.5 sam_oneal:v0.0.5 sam_oneal:sdk/go/dockerbuild/v0.0.4 sam_oneal:v0.0.4 sam_oneal:sdk/go/dockerbuild/v0.0.3 sam_oneal:sdk/v0.0.3 sam_oneal:v0.0.3 sam_oneal:v0.0.2 sam_oneal:sdk/v0.0.2 sam_oneal:sdk/v0.0.1 sam_oneal:v0.0.1 sam_oneal:v0.0.1-alpha.3 sam_oneal:v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.1 sam_oneal:v0.0.1-alpha.1

38 Commits
update-git ... update-git

Author SHA1 Message Date
Pulumi Bot
473dab6c1d [internal] Update GitHub Actions workflow files 2025-10-30 05:50:46 +00:00
Pulumi Bot
faffc8cc45 Update GitHub Actions workflows. (#633) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 5619381e924fbac90750f41b6a27cadcd11c4c2d.
 2025-10-22 05:56:54 +00:00
Alberto Pose
2b1230f252 Introduce ${GOTEST} Makefile variable to override test runner. (#632) 
Allow to use other tools like `gotestsum` locally.
 2025-10-20 15:20:48 +01:00
Pulumi Bot
eaf5461bbc Update GitHub Actions workflows. (#631) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit f0bcdaf5cb0825e542d0a2eb71f05d538135a9bc.
 2025-10-18 05:52:38 +00:00
Alberto Pose
38e65a3f81 Remove URL and Token arguments from CacheFromGitHubActions. (#626) 
Fixes #75

Arguments URL and Token have been removed but `$ACTIONS_CACHE_URL` and
`$ACTIONS_RUNTIME_TOKEN` env variables could be injected if desired.

---------

Co-authored-by: Bryce Lampe <bryce@pulumi.com>
 2025-10-17 11:00:40 +01:00
Pulumi Bot
1811524e66 Update GitHub Actions workflows. (#629) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 16969054030269fefacac22b8536d1f80ed8e2d9.
 2025-10-16 05:52:39 +00:00
Pulumi Bot
361335bba0 Update GitHub Actions workflows. (#628) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 0fccf404186fee66f0a9bb9b53959a52b4812c5e.
 2025-10-14 05:54:14 +00:00
Pulumi Bot
49deed7d9c Update GitHub Actions workflows. (#627) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit b4e68d0418afb9fa72c1e31347a01f7fae952eff.
 2025-10-10 05:51:39 +00:00
Alberto Pose
ff8995c434 Move _index.md and installation-configuration.md into the repo. (#622) 
Related to: https://github.com/pulumi/registry/pull/8814

Make this provider follow the Pulumi official convention of [using the
`_index.md` and
`installation-configuration.md`](https://www.pulumi.com/docs/iac/build-with-pulumi/publishing-packages/#write-documentation).
 2025-10-09 09:34:35 +01:00
Pulumi Bot
c159079132 Update GitHub Actions workflows. (#624) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 45de636c4cb364e6fc2ab50006d5358239005657.
 2025-10-09 05:52:11 +00:00
Pulumi Bot
24ebad1ee5 Update GitHub Actions workflows. (#623) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 93823adfede429861d981e43f485afda9292376e.
 2025-10-08 05:55:33 +00:00
Alberto Pose
40c723d82f Remove installation of pulumi CLI and golangci-lint from Makefile (#621) 
Installation of runtime and tools should now be done through `mise`.

In addition, the following binaries are included with `pulumi` CLI:

* pulumi-language-go
* pulumi-language-nodejs
* pulumi-language-python
* pulumi-language-java
* pulumi-language-dotnet
* pulumi-converter-yaml
 2025-10-07 16:18:53 +01:00
Pulumi Bot
36362d0317 Update GitHub Actions workflows. (#620) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 23f84aba12118601865d1a686c2c46a4ec3fa729.
 2025-10-03 22:26:52 +00:00
Pulumi Bot
0b684b81fb Update GitHub Actions workflows. (#619) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 58bbf9b943afc66c10382b6fa89dc3e226f18f20.
 2025-10-03 05:53:37 +00:00
Pulumi Bot
ebf4290bb2 Update GitHub Actions workflows. (#617) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 72d9a2e28cf75e7d1ba2c5e6324d26546c95e4cb.
 2025-10-02 05:55:45 +00:00
Pulumi Bot
c7b2867559 Update GitHub Actions workflows. (#616) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit d2d946e761bab19abc5e5a598d44cf709dae77e9.
 2025-10-01 05:54:01 +00:00
Bryce Lampe
5e589f61ec Upgrade go-provider to 1.1.2 (#615) 
Fixes https://github.com/pulumi/pulumi-docker-build/issues/579.
 2025-09-30 16:40:35 -07:00
Pulumi Bot
5f0c2ede72 Update GitHub Actions workflows. (#613) 
This PR was automatically generated by the
update-workflows-single-bridged-provider workflow in the pulumi/ci-mgmt
repo, from commit f16439eadce749cfc5fc959f926069e5943f4640.
 2025-09-29 22:24:54 +00:00
Pulumi Bot
d27e6d14db Update GitHub Actions workflows. (#612) 
This PR was automatically generated by the
update-workflows-single-bridged-provider workflow in the pulumi/ci-mgmt
repo, from commit e43a0e1c1f44e3e431240deb0ac363cf172ae9a9.
 2025-09-29 15:36:43 -04:00
Cory Hall
6ae16f10ff chore: update modulePath in ci-mgmt (#607) 
This is needed for https://github.com/pulumi/ci-mgmt/pull/1730
 2025-09-29 12:01:37 -04:00
Pulumi Bot
f17e43bad7 Update GitHub Actions workflows. (#604) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 2b81d6d332c32c7ebc106fb53b745cbbfec266c7.
 2025-09-16 05:49:46 +00:00
Pulumi Bot
bce330f598 Update GitHub Actions workflows. (#603) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 0337d8381eace02d1b6fb82d43e3ab543bf5774a.
 2025-09-12 23:58:08 +00:00
Pulumi Bot
5107181566 Update GitHub Actions workflows. (#602) 
This PR was automatically generated by the
update-workflows-single-bridged-provider workflow in the pulumi/ci-mgmt
repo, from commit c390ce58d72b0eb947d844358c3204353b21839c.
 2025-09-11 19:03:02 +00:00
Bryce Lampe
0a2dd6e758 Confirming ESC fixes (#599) 
Validating https://github.com/pulumi/ci-mgmt/pull/1705.
 2025-09-10 14:19:45 -07:00
Pulumi Bot
a0e387d0a8 Update GitHub Actions workflows. (#597) 
This PR was automatically generated by the
update-workflows-single-bridged-provider workflow in the pulumi/ci-mgmt
repo, from commit 42e0ba87f4de47d7ab085a3916669e193ec1ff4e.

---------

Co-authored-by: Bryce Lampe <bryce@pulumi.com>
 2025-09-10 19:49:21 +00:00
Bryce Lampe
daa144c232 Use ESC for secrets (#594) 
Refs https://github.com/pulumi/ci-mgmt/issues/1481
 2025-09-10 09:45:06 -07:00
Pulumi Bot
1203c3b31f Update GitHub Actions workflows. (#595) 
This PR was automatically generated by the
update-workflows-single-bridged-provider workflow in the pulumi/ci-mgmt
repo, from commit 4125efba3dbbc633190a388a9f8b0408d755089c.
 2025-09-10 16:11:45 +00:00
Pulumi Bot
62ff8bf2d2 Update GitHub Actions workflows. (#593) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 2ce6f269d9892f74ed14f645f41e402e7ff8d416.

Co-authored-by: Bryce Lampe <bryce@pulumi.com>
 2025-09-05 21:49:19 +00:00
Pulumi Bot
3b7e31b388 Automated upgrade: bump pulumi/pulumi to 3.192.0 (#592) 
Automated upgrade: bump pulumi/pulumi to 3.192.0

---------

Co-authored-by: Bryce Lampe <bryce@pulumi.com>
 2025-09-05 14:36:43 -07:00
Pulumi Bot
c46d343c53 Update GitHub Actions workflows. (#586) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit ed2094cef48b491325b4ceebfceb6c0a555f1c04.
 2025-08-28 05:49:05 +00:00
Pulumi Bot
4166f9da1b Update GitHub Actions workflows. (#585) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 89dd865db8cef8be4f3f0a978cf8007892e51567.
 2025-08-27 19:47:54 +00:00
Bryce Lampe
4e934974ee Update p-go-provider to fix version replacement behavior (#584) 
Updates p-go-provider to pull in
https://github.com/pulumi/pulumi-go-provider/pull/410. In particular
this fixes an issue where the provider would get replaced on version
changes.

Fixes https://github.com/pulumi/pulumi-docker-build/issues/581
 2025-08-27 11:14:21 -07:00
Pulumi Bot
4262717644 Update GitHub Actions workflows. (#582) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 19c542b12a65e3f3ec1d8213111262a9887dcda0.
 2025-08-26 05:48:46 +00:00
Pulumi Bot
997794b59f Update GitHub Actions workflows. (#580) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit dfe14f327ab8b4653dc5a4edf60e1f13814519e9.
 2025-08-23 05:46:29 +00:00
Pulumi Bot
a168c92f12 Update GitHub Actions workflows. (#577) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 9b60d6c643780f4a645273cb6a5b3dcce6687d94.
 2025-08-15 21:38:53 +00:00
Pulumi Bot
91fdae679d Update GitHub Actions workflows. (#575) 
This PR was automatically generated by the
update-workflows-single-bridged-provider workflow in the pulumi/ci-mgmt
repo, from commit 4ac37ece8be37ce71d07d3e42b89c7c306173b9b.
 2025-08-15 16:45:42 +00:00
Pulumi Bot
ee4aa2505e Update GitHub Actions workflows. (#574) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit f90df7559c86efa5ae3108b58c7d554865f2eb56.
 2025-08-15 05:47:34 +00:00
Pulumi Bot
9fa5fcabe5 Update GitHub Actions workflows. (#572) 
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit b21f824c0283ef293cdf550403adf1d4bbfcfdb1.
 2025-08-14 05:48:17 +00:00
53 changed files with 1749 additions and 1677 deletions
Expand all files Collapse all files

35
.ci-mgmt.yaml
View File

@@ -4,23 +4,26 @@ major-version: 0
providerDefaultBranch: main
providerVersion: github.com/pulumi/pulumi-docker-build/provider.Version
aws: true
modulePath: .
gcp: true
sdkModuleDir: sdk/go/dockerbuild
parallel: 3
esc:
enabled: true
envOverride:
AWS_REGION: us-west-2
PULUMI_API: "https://api.pulumi-staging.io"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
AWS_REGION: us-west-2
PULUMI_API: "https://api.pulumi-staging.io"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}

87
.config/mise.lock Normal file
View File

@@ -0,0 +1,87 @@
[[tools.dotnet]]
version = "8.0.414"
backend = "asdf:dotnet"
[[tools."github:pulumi/pulumictl"]]
version = "0.0.50"
backend = "github:pulumi/pulumictl"
[tools."github:pulumi/pulumictl".platforms.linux-x64]
checksum = "blake3:c128dd74993f779c613296fe7cd21c20cbd323f24e59cb76e007620660b60348"
name = "pulumictl-v0.0.50-linux-amd64.tar.gz"
size = 27744219
url = "https://github.com/pulumi/pulumictl/releases/download/v0.0.50/pulumictl-v0.0.50-linux-amd64.tar.gz"
url_api = ""
[[tools."github:pulumi/schema-tools"]]
version = "0.6.0"
backend = "github:pulumi/schema-tools"
[tools."github:pulumi/schema-tools".platforms.linux-x64]
checksum = "blake3:82dfe616fee18b4258f6e3d2dc3c4e9f14afd43a0a4cc33eff2d2a04088d6ca3"
name = "schema-tools-v0.6.0-linux-amd64.tar.gz"
size = 14282746
url = "https://github.com/pulumi/schema-tools/releases/download/v0.6.0/schema-tools-v0.6.0-linux-amd64.tar.gz"
url_api = ""
[[tools.go]]
version = "1.24.1"
backend = "core:go"
[tools.go.platforms.linux-x64]
checksum = "sha256:cb2396bae64183cdccf81a9a6df0aea3bce9511fc21469fb89a0c00470088073"
size = 78503123
url = "https://dl.google.com/go/go1.24.1.linux-amd64.tar.gz"
[[tools.golangci-lint]]
version = "1.64.8"
backend = "aqua:golangci/golangci-lint"
[tools.golangci-lint.platforms.linux-x64]
checksum = "sha256:b6270687afb143d019f387c791cd2a6f1cb383be9b3124d241ca11bd3ce2e54e"
size = 12364828
url = "https://github.com/golangci/golangci-lint/releases/download/v1.64.8/golangci-lint-1.64.8-linux-amd64.tar.gz"
[[tools.gradle]]
version = "7.6.6"
backend = "aqua:gradle/gradle"
[tools.gradle.platforms.linux-x64]
checksum = "blake3:5cad8fc455b720b68a0bd2907d435e2919581708243f84f27845fe8812a09323"
size = 128439774
url = "https://github.com/gradle/gradle-distributions/releases/download/v7.6.6/gradle-7.6.6-bin.zip"
[[tools.java]]
version = "corretto-11.0.28.6.1"
backend = "core:java"
[tools.java.platforms.linux-x64]
checksum = "sha256:70734c46e0bbeb7f45b721756ba0b2f1f1e1ef85a11e10d5a488f06b257dadd9"
size = 195648709
url = "https://corretto.aws/downloads/resources/11.0.28.6.1/amazon-corretto-11.0.28.6.1-linux-x64.tar.gz"
[[tools.node]]
version = "20.19.5"
backend = "core:node"
[tools.node.platforms.linux-x64]
checksum = "sha256:4eba5fbe1fb10753bc06e42f001a91c5cec16798b7764a3e9257adc59af47fe1"
size = 47041607
url = "https://nodejs.org/dist/v20.19.5/node-v20.19.5-linux-x64.tar.gz"
[[tools."npm:yarn"]]
version = "1.22.22"
backend = "npm:yarn"
[[tools.pulumi]]
version = "3.192.0"
backend = "aqua:pulumi/pulumi"
[tools.pulumi.platforms.linux-x64]
checksum = "sha512:6351213bee02ade5b76407d9b43cdb243fa461ca38231b03410de5aa1f697e55ab6467da2a9e37ebbff7be6cd3485d833e9ad8f29d4de6919bbdd471fb25e45a"
size = 92867578
url = "https://github.com/pulumi/pulumi/releases/download/v3.192.0/pulumi-v3.192.0-linux-x64.tar.gz"
[[tools.python]]
version = "3.11.8"
backend = "core:python"

11
.config/mise.test.toml Normal file
View File

@@ -0,0 +1,11 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
# Overrides for test workflows
[env]
# Acceptance (specifically providertest) tests require that PULUMI_HOME be the default
PULUMI_HOME = "{{ env.HOME }}/.pulumi"
[tools]
# always use pulumi latest for tests
pulumi = "latest"

29
.config/mise.toml Normal file
View File

@@ -0,0 +1,29 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
# You can create your own root-level mise.toml file to override/augment this. See https://mise.jdx.dev/configuration.html
[env]
_.source = "{{config_root}}/scripts/get-versions.sh"
PULUMI_HOME = "{{config_root}}/.pulumi"
[tools]
# Runtimes
# TODO: we may not need `get_env` once https://github.com/jdx/mise/discussions/6339 is fixed
go = "{{ get_env(name='GO_VERSION_MISE', default='latest') }}"
node = '20.19.5'
python = '3.11.8'
dotnet = '8.0.414'
# Corretto version used as Java SE/OpenJDK version no longer offered
java = 'corretto-11'
# Executable tools
pulumi = "{{ get_env(name='PULUMI_VERSION_MISE', default='latest') }}"
"github:pulumi/pulumictl" = 'latest'
"github:pulumi/schema-tools" = "latest"
gradle = '7.6'
golangci-lint = "1.64.8" # See note about about overrides if you need to customize this.
"npm:yarn" = "1.22.22"
[settings]
experimental = true # Required for Go binaries (e.g. pulumictl).
lockfile = true

12
.github/actions/esc-action/action.yaml vendored Normal file
View File

@@ -0,0 +1,12 @@
name: "Load secrets"
description: |
This is a temporary action which assists with our migration to ESC. Instead
of surrounding every step that references secrets with an "if ESC" block, we
instead modify those steps to consume their secrets from this step's outputs.
Then, later, we can replace this action with esc-action to actually load
secrets from ESC.
inputs: {}
outputs: {}
runs:
using: "node20"
main: "index.js"

14
.github/actions/esc-action/index.js vendored Normal file
View File

@@ -0,0 +1,14 @@
const fs = require("fs");
const file = process.env["GITHUB_OUTPUT"];
var stream = fs.createWriteStream(file, { flags: "a" });
for (const [name, value] of Object.entries(process.env)) {
try {
stream.write(`${name}<<EEEOOOFFF\n${value}\nEEEOOOFFF\n`); // << syntax accommodates multiline strings.
} catch (err) {
console.log(`error: failed to set output for ${name}: ${err.message}`);
}
}
stream.end();

244
.github/workflows/build.yml vendored
View File

@@ -15,30 +15,18 @@ on:
- "**"
workflow_dispatch: {}
env:
AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' &&
secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID
== '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -47,20 +35,35 @@ env:
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
jobs:
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -71,7 +74,7 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -92,7 +95,7 @@ jobs:
echo 'EOF';
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
@@ -122,6 +125,7 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -167,7 +171,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -182,10 +186,15 @@ jobs:
path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library
run: make test_provider
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -194,7 +203,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
build_sdks:
needs: prerequisites
runs-on: pulumi-ubuntu-8core
@@ -208,16 +217,30 @@ jobs:
- go
- java
name: build_sdks
permissions:
pull-requests: write # For Renovate SDK updates.
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -228,32 +251,32 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Download provider
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
@@ -278,6 +301,7 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -323,7 +347,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -343,13 +367,29 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
tag_release_if_labeled_needs_release:
name: Tag release if labeled as needs-release
needs: publish
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: check if this commit needs release
if: ${{ env.RELEASE_BOT_ENDPOINT != '' }}
uses: pulumi/action-release-by-pr-label@main
@@ -357,10 +397,10 @@ jobs:
command: "release-if-needed"
repo: ${{ github.repository }}
commit: ${{ github.sha }}
slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }}
slack_channel: C02MGR8JVST
env:
RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }}
RELEASE_BOT_ENDPOINT: ${{ steps.esc-secrets.outputs.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ steps.esc-secrets.outputs.RELEASE_BOT_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
test:
@@ -380,17 +420,28 @@ jobs:
name: test
permissions:
contents: read
id-token: write
id-token: write # For ESC secrets and Pulumi access token OIDC.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -401,32 +452,32 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Download provider
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
@@ -438,7 +489,7 @@ jobs:
-exec chmod +x {} \;
- name: Download SDK
if: ${{ matrix.language != 'yaml' }}
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -472,7 +523,7 @@ jobs:
with:
environment: logins/pulumi-ci
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
@@ -480,7 +531,7 @@ jobs:
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
with:
install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt
@@ -493,6 +544,8 @@ jobs:
set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -501,21 +554,35 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish:
runs-on: ubuntu-latest
needs: test
name: publish
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -535,21 +602,27 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
env:
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }}
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
with:
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
version: latest
@@ -561,23 +634,37 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish_sdk:
runs-on: ubuntu-latest
needs: publish
name: publish_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout Scripts Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
path: ci-scripts
repository: pulumi/scripts
@@ -592,22 +679,22 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Download python SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: python-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -615,7 +702,7 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
${{github.workspace}}/sdk/python
- name: Download dotnet SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: dotnet-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -623,7 +710,7 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
${{github.workspace}}/sdk/dotnet
- name: Download nodejs SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: nodejs-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -635,16 +722,16 @@ jobs:
- name: Publish SDKs
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
env:
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }}
PYPI_PUBLISH_ARTIFACTS: all
PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }}
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }}
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -653,12 +740,12 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
@@ -675,8 +762,7 @@ jobs:
uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2
with:
version: ${{ env.GOLANGCI_LINT_VERSION }}
args: -c ../.golangci.yml
working-directory: provider
working-directory: .
name: lint
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository

22
.github/workflows/command-dispatch.yml vendored
View File

@@ -2,13 +2,10 @@
env:
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -17,15 +14,28 @@ env:
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
jobs:
command-dispatch-for-testing:
name: command-dispatch-for-testing
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
persist-credentials: false
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4
with:
commands: |
@@ -35,7 +45,7 @@ jobs:
permission: write
reaction-token: ${{ secrets.GITHUB_TOKEN }}
repository: pulumi/pulumi-docker-build
token: ${{ secrets.PULUMI_BOT_TOKEN }}
token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
name: command-dispatch
on:
issue_comment:

2
.github/workflows/comment-on-stale-issues.yml vendored
View File

@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
name: Stale issue job
steps:
- uses: aws-actions/stale-issue-cleanup@5650b49bcd757a078f6ca06c373d7807b773f9bc #v7.1.0
- uses: aws-actions/stale-issue-cleanup@5650b49bcd757a078f6ca06c373d7807b773f9bc # v7.1.0
with:
issue-types: issues # only look at issues (ignore pull-requests)

4
.github/workflows/community-moderation.yml vendored
View File

@@ -1,14 +1,12 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
warn_codegen:
name: warn_codegen
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- id: schema_changed

25
.github/workflows/export-repo-secrets.yml vendored Normal file
View File

@@ -0,0 +1,25 @@
permissions: write-all # Equivalent to default permissions plus id-token: write
name: Export secrets to ESC
on: [workflow_dispatch]
jobs:
export-to-esc:
runs-on: ubuntu-latest
name: export GitHub secrets to ESC
steps:
- name: Generate a GitHub token
id: generate-token
uses: actions/create-github-app-token@v1
with:
app-id: 1256780 # Export Secrets GitHub App
private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }}
- name: Export secrets to ESC
uses: pulumi/esc-export-secrets-action@9d6485759b6adff2538ae91f1b77cc96265c9dad # v1
with:
organization: pulumi
org-environment: imports/github-secrets
exclude-secrets: EXPORT_SECRETS_PRIVATE_KEY
github-token: ${{ steps.generate-token.outputs.token }}
oidc-auth: true
oidc-requested-token-type: urn:pulumi:token-type:access_token:organization
env:
GITHUB_SECRETS: ${{ toJSON(secrets) }}

256
.github/workflows/prerelease.yml vendored
View File

@@ -6,30 +6,18 @@ on:
tags:
- v*.*.*-**
env:
AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' &&
secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID
== '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -39,20 +27,32 @@ env:
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
IS_PRERELEASE: true
jobs:
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -63,7 +63,7 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -84,7 +84,7 @@ jobs:
echo 'EOF';
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
@@ -114,6 +114,7 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -159,7 +160,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -174,10 +175,15 @@ jobs:
path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library
run: make test_provider
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -186,7 +192,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
build_sdks:
needs: prerequisites
runs-on: pulumi-ubuntu-8core
@@ -200,16 +206,30 @@ jobs:
- go
- java
name: build_sdks
permissions:
pull-requests: write # For Renovate SDK updates.
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -220,32 +240,32 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Download provider
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
@@ -270,6 +290,7 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit ${{ matrix.language }} SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -315,7 +336,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -334,7 +355,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
test:
runs-on: pulumi-ubuntu-8core
needs:
@@ -352,17 +373,28 @@ jobs:
name: test
permissions:
contents: read
id-token: write
id-token: write # For ESC secrets and Pulumi access token OIDC.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -373,32 +405,32 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Download provider
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
@@ -410,7 +442,7 @@ jobs:
-exec chmod +x {} \;
- name: Download SDK
if: ${{ matrix.language != 'yaml' }}
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -444,7 +476,7 @@ jobs:
with:
environment: logins/pulumi-ci
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
@@ -452,7 +484,7 @@ jobs:
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
with:
install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt
@@ -465,6 +497,8 @@ jobs:
set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -473,21 +507,35 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish:
runs-on: ubuntu-latest
needs: test
name: publish
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -507,21 +555,27 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
env:
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }}
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
with:
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
version: latest
@@ -533,23 +587,37 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish_sdk:
runs-on: ubuntu-latest
needs: publish
name: publish_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout Scripts Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
path: ci-scripts
repository: pulumi/scripts
@@ -564,22 +632,22 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Download python SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: python-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -587,7 +655,7 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
${{github.workspace}}/sdk/python
- name: Download dotnet SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: dotnet-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -595,7 +663,7 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
${{github.workspace}}/sdk/dotnet
- name: Download nodejs SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: nodejs-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -607,11 +675,11 @@ jobs:
- name: Publish SDKs
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
env:
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }}
PYPI_PUBLISH_ARTIFACTS: all
PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -620,22 +688,36 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish_java_sdk:
runs-on: ubuntu-latest
continue-on-error: true
needs: publish
name: publish_java_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -646,45 +728,45 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Java
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Download java SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: java-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress java SDK
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
${{github.workspace}}/sdk/java
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Publish Java SDK
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository
env:
PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
with:
arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository
build-root-directory: ./sdk/java
gradle-version: 7.4.1
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }}
publish_go_sdk:
runs-on: ubuntu-latest
name: publish-go-sdk
needs: publish_sdk
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- id: version
@@ -692,8 +774,10 @@ jobs:
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download go SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: go-sdk.tar.gz
path: ${{ github.workspace}}/sdk/

30
.github/workflows/pull-request.yml vendored
View File

@@ -3,40 +3,14 @@
name: pull-request
on:
pull_request_target: {}
env:
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
jobs:
comment-on-pr:
runs-on: ubuntu-latest
name: comment-on-pr
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- name: Comment PR

277
.github/workflows/release.yml vendored
View File

@@ -7,30 +7,18 @@ on:
- v*.*.*
- "!v*.*.*-**"
env:
AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' &&
secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID
== '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -39,20 +27,35 @@ env:
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
jobs:
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -63,7 +66,7 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -84,7 +87,7 @@ jobs:
echo 'EOF';
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
@@ -114,6 +117,7 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -159,7 +163,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -174,10 +178,15 @@ jobs:
path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library
run: make test_provider
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -186,7 +195,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
build_sdks:
needs: prerequisites
runs-on: pulumi-ubuntu-8core
@@ -200,16 +209,30 @@ jobs:
- go
- java
name: build_sdks
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -220,32 +243,32 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Download provider
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
@@ -270,6 +293,7 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -315,7 +339,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -334,7 +358,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
test:
runs-on: pulumi-ubuntu-8core
needs:
@@ -352,17 +376,28 @@ jobs:
name: test
permissions:
contents: read
id-token: write
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -373,32 +408,32 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Download provider
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
@@ -410,7 +445,7 @@ jobs:
-exec chmod +x {} \;
- name: Download SDK
if: ${{ matrix.language != 'yaml' }}
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -444,7 +479,7 @@ jobs:
with:
environment: logins/pulumi-ci
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
@@ -452,7 +487,7 @@ jobs:
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
with:
install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt
@@ -465,6 +500,8 @@ jobs:
set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GTIHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -473,21 +510,35 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish:
runs-on: ubuntu-latest
needs: test
name: publish
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -507,21 +558,27 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
env:
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }}
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
with:
args: -p 3 release --clean --timeout 60m0s
version: latest
@@ -533,23 +590,37 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish_sdk:
runs-on: ubuntu-latest
needs: publish
name: publish_sdks
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout Scripts Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
path: ci-scripts
repository: pulumi/scripts
@@ -564,22 +635,22 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Download python SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: python-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -587,7 +658,7 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
${{github.workspace}}/sdk/python
- name: Download dotnet SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: dotnet-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -595,7 +666,7 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
${{github.workspace}}/sdk/dotnet
- name: Download nodejs SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: nodejs-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -607,11 +678,11 @@ jobs:
- name: Publish SDKs
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
env:
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }}
PYPI_PUBLISH_ARTIFACTS: all
PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -620,22 +691,36 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
publish_java_sdk:
runs-on: ubuntu-latest
continue-on-error: true
needs: publish
name: publish_java_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -646,45 +731,45 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Java
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Download java SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: java-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: Uncompress java SDK
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
${{github.workspace}}/sdk/java
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Publish Java SDK
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository
env:
PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
with:
arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository
build-root-directory: ./sdk/java
gradle-version: 7.4.1
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }}
publish_go_sdk:
runs-on: ubuntu-latest
name: publish-go-sdk
needs: publish_sdk
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- id: version
@@ -692,8 +777,10 @@ jobs:
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download go SDK
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: go-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -713,7 +800,23 @@ jobs:
dispatch_docs_build:
runs-on: ubuntu-latest
needs: publish_go_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Install pulumictl
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
with:
@@ -722,5 +825,5 @@ jobs:
run: pulumictl create docs-build pulumi-${{ env.PROVIDER }}
"${GITHUB_REF#refs/tags/}"
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
name: dispatch_docs_build

23
.github/workflows/release_command.yml vendored
View File

@@ -11,9 +11,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
persist-credentials: false
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Should release PR
uses: pulumi/action-release-by-pr-label@main
with:
@@ -21,14 +30,14 @@ jobs:
repo: ${{ github.repository }}
pr: ${{ github.event.client_payload.pull_request.number }}
version: ${{ github.event.client_payload.slash_command.args.all }}
slack_channel: ${{ secrets.RELEASE_OPS_STAGING_SLACK_CHANNEL }}
slack_channel: ${{ steps.esc-secrets.outputs.RELEASE_OPS_STAGING_SLACK_CHANNEL }}
env:
RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }}
RELEASE_BOT_ENDPOINT: ${{ steps.esc-secrets.outputs.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ steps.esc-secrets.outputs.RELEASE_BOT_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure()
name: Notify failure
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
@@ -37,7 +46,7 @@ jobs:
"release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
- if: success()
name: Notify success
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}

152
.github/workflows/run-acceptance-tests.yml vendored
View File

@@ -11,22 +11,17 @@ on:
workflow_dispatch: {}
env:
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -38,37 +33,57 @@ env:
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
jobs:
comment-notification:
if: github.event_name == 'repository_dispatch'
runs-on: ubuntu-latest
name: comment-notification
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- name: Create URL to the run output
id: vars
run: echo
"run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
>> "$GITHUB_OUTPUT"
- name: Update with Result
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
with:
token: ${{ secrets.PULUMI_BOT_TOKEN }}
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}"
if: github.event_name == 'repository_dispatch'
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -79,7 +94,7 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -100,7 +115,7 @@ jobs:
echo 'EOF';
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
@@ -130,6 +145,7 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -175,7 +191,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -190,10 +206,15 @@ jobs:
path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library
run: make test_provider
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -202,7 +223,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
build_sdks:
@@ -218,18 +239,32 @@ jobs:
- go
- java
name: build_sdks
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -240,32 +275,32 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Download provider
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
@@ -290,6 +325,7 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -334,7 +370,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -354,7 +390,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
test:
@@ -377,16 +413,27 @@ jobs:
id-token: write
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
with:
set-env: PROVIDER_VERSION
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -397,32 +444,32 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Download provider
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
@@ -434,7 +481,7 @@ jobs:
-exec chmod +x {} \;
- name: Download SDK
if: ${{ matrix.language != 'yaml' }}
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
@@ -468,7 +515,7 @@ jobs:
with:
environment: logins/pulumi-ci
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
@@ -476,7 +523,7 @@ jobs:
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
with:
install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt
@@ -489,6 +536,8 @@ jobs:
set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -497,13 +546,28 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
sentinel:
runs-on: ubuntu-latest
name: sentinel
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Mark workflow as successful
uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13
with:
@@ -514,6 +578,7 @@ jobs:
sha: ${{ github.event.pull_request.head.sha || github.sha }}
permissions:
statuses: write
id-token: write # For ESC secrets.
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
needs:
@@ -524,7 +589,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
@@ -541,8 +606,7 @@ jobs:
uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2
with:
version: ${{ env.GOLANGCI_LINT_VERSION }}
args: -c ../.golangci.yml
working-directory: provider
working-directory: .
name: lint
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository

40
.github/workflows/weekly-pulumi-update.yml vendored
View File

@@ -8,22 +8,17 @@ on:
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -32,14 +27,25 @@ env:
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
jobs:
weekly-pulumi-update:
runs-on: ubuntu-latest
permissions: write-all
steps:
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -50,20 +56,30 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
- name: Setup DotNet
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
gradle-version: "7.6"
- name: Update Pulumi/Pulumi
id: gomod
run: >-
@@ -122,5 +138,5 @@ jobs:
gh pr create -t "$msg" -b "$msg" --head "$(git branch --show-current)"
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
name: weekly-pulumi-update

2
.pulumi.version
View File

@@ -1 +1 @@
3.187.0
3.192.0

16
CHANGELOG.md
View File

@@ -1,9 +1,25 @@
## Unreleased
## Changed
- Arguments `CacheFromGitHubActions.URL` and `CacheFromGitHubActions.Token` have been removed. If the previous behaviour is desired, set the `ACTIONS_CACHE_URL` and `ACTIONS_RUNTIME_TOKEN` environment variables. (https://github.com/pulumi/pulumi-docker-build/issues/75)
## 0.0.14 (2025-09-30)
### Fixed
- A warning is no longer emitted for the reserved `__internal` key. (https://github.com/pulumi/pulumi-docker-build/issues/579)
## 0.0.13 (2025-08-27)
### Changed
- Docker Build Cloud and `exec` errors are more helpful. (https://github.com/pulumi/pulumi-docker-build/issues/549)
### Fixed
- The provider is no longer replaced on version changes. (https://github.com/pulumi/pulumi-docker-build/issues/581)
## 0.0.12 (2025-05-16)
### Changed

45
Makefile
View File

@@ -17,8 +17,9 @@ WORKING_DIR := $(shell pwd)
EXAMPLES_DIR := ${WORKING_DIR}/examples/yaml
TESTPARALLELISM := 4
PULUMI := bin/pulumi
GOGLANGCILINT := bin/golangci-lint
PULUMI := pulumi
GOGLANGCILINT := golangci-lint
GOTEST := go test
# Override during CI using `make [TARGET] PROVIDER_VERSION=""` or by setting a PROVIDER_VERSION environment variable
# Local & branch builds will just used this fixed default version unless specified
@@ -46,10 +47,10 @@ provider_debug::
(cd provider && go build -o $(WORKING_DIR)/bin/${PROVIDER} -gcflags="all=-N -l" -ldflags "-X ${PROJECT}/${VERSION_PATH}=${VERSION_GENERIC}" $(PROJECT)/${PROVIDER_PATH}/cmd/$(PROVIDER))
test_provider:: # Required by CI
go test -short -v -coverprofile="coverage.txt" -coverpkg=./provider/... -timeout 2h -parallel ${TESTPARALLELISM} ./provider/...
${GOTEST} -short -v -coverprofile="coverage.txt" -coverpkg=./provider/... -timeout 2h -parallel ${TESTPARALLELISM} ./provider/...
test_examples: install_nodejs_sdk install_dotnet_sdk
go test -short -v -cover -tags=all -timeout 2h -parallel ${TESTPARALLELISM} ./examples/...
${GOTEST} -short -v -cover -tags=all -timeout 2h -parallel ${TESTPARALLELISM} ./examples/...
test_all:: test_provider test_examples
@@ -63,38 +64,26 @@ examples/yaml:
rm -rf ${WORKING_DIR}/examples/yaml/app
cp -r ${WORKING_DIR}/examples/app ${WORKING_DIR}/examples/yaml/app
examples/go: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
examples/go: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,go)
@git checkout examples/go/go.mod
examples/nodejs: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
examples/nodejs: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,nodejs)
@git checkout examples/nodejs/package.json
examples/python: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
examples/python: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,python)
@git checkout examples/python/requirements.txt
examples/dotnet: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
examples/dotnet: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,dotnet)
@git checkout examples/dotnet/provider-docker-build.csproj
examples/java: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
examples/java: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,java)
@git checkout examples/java/pom.xml
${PULUMI}: go.sum
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/pkg/v3/cmd/pulumi
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi-java/pkg/cmd/pulumi-language-java
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi-yaml/cmd/pulumi-converter-yaml
${GOGLANGCILINT}: go.sum
GOBIN=${WORKING_DIR}/bin go install github.com/golangci/golangci-lint/cmd/golangci-lint@8b37f14
define pulumi_login
export PULUMI_CONFIG_PASSPHRASE=asdfqwerty1234; \
pulumi login --local;
@@ -102,7 +91,7 @@ endef
define example
rm -rf ${WORKING_DIR}/examples/$(1)
$(PULUMI) convert \
pulumi convert \
--cwd ${WORKING_DIR}/examples/yaml \
--logtostderr \
--generate-only \
@@ -140,7 +129,7 @@ build:: provider sdk/dotnet sdk/go sdk/nodejs sdk/python sdk/java ${SCHEMA_PATH}
only_build:: build
.PHONY: lint
lint: ${GOGLANGCILINT}
lint:
${GOGLANGCILINT} run --fix -c .golangci.yml
install:: install_nodejs_sdk install_dotnet_sdk
@@ -205,7 +194,7 @@ sdk: sdk/python sdk/nodejs sdk/java sdk/python sdk/go sdk/dotnet
.PHONY: sdk/*
sdk/python: TMPDIR := $(shell mktemp -d)
sdk/python: $(PULUMI) bin/${PROVIDER}
sdk/python: bin/${PROVIDER}
rm -rf sdk/python
$(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language python -o ${TMPDIR}
cp README.md ${TMPDIR}/python/
@@ -218,7 +207,7 @@ sdk/python: $(PULUMI) bin/${PROVIDER}
mv -f ${TMPDIR}/python ${WORKING_DIR}/sdk/.
sdk/nodejs: TMPDIR := $(shell mktemp -d)
sdk/nodejs: $(PULUMI) bin/${PROVIDER}
sdk/nodejs: bin/${PROVIDER}
rm -rf sdk/nodejs
$(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language nodejs -o ${TMPDIR}
cp README.md LICENSE ${TMPDIR}/nodejs
@@ -230,7 +219,7 @@ sdk/nodejs: $(PULUMI) bin/${PROVIDER}
sdk/go: TMPDIR := $(shell mktemp -d)
sdk/go: PATH := "$(WORKING_DIR)/bin:$(PATH)"
sdk/go: $(PULUMI) bin/${PROVIDER}
sdk/go: bin/${PROVIDER}
rm -rf sdk/go
PATH=$(PATH) $(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language go -o ${TMPDIR}
cp go.mod ${TMPDIR}/go/dockerbuild/go.mod
@@ -240,7 +229,7 @@ sdk/go: $(PULUMI) bin/${PROVIDER}
mv -f ${TMPDIR}/go ${WORKING_DIR}/sdk/go
sdk/dotnet: TMPDIR := $(shell mktemp -d)
sdk/dotnet: $(PULUMI) bin/${PROVIDER}
sdk/dotnet: bin/${PROVIDER}
rm -rf sdk/dotnet
$(PULUMI) package gen-sdk ./bin/${PROVIDER} --language dotnet -o ${TMPDIR}
cd ${TMPDIR}/dotnet/ && \
@@ -250,7 +239,7 @@ sdk/dotnet: $(PULUMI) bin/${PROVIDER}
sdk/java: PACKAGE_VERSION := $(shell pulumictl convert-version --language generic -v "$(VERSION_GENERIC)")
sdk/java: TMPDIR := $(shell mktemp -d)
sdk/java: $(PULUMI) bin/${PROVIDER}
sdk/java: bin/${PROVIDER}
rm -rf sdk/java
$(PULUMI) package gen-sdk --language java ./bin/${PROVIDER} -o ${TMPDIR}
cd ${TMPDIR}/java/ && gradle --console=plain build

428
docs/_index.md Normal file
View File

@@ -0,0 +1,428 @@
---
title: Docker Build
meta_desc: Provides an overview of the Docker Build Provider for Pulumi.
layout: package
---
The Docker Build provider leverages [buildx and BuildKit](https://docs.docker.com/build/architecture/) to build modern Docker images with Pulumi.
Not to be confused with the earlier
[Docker](../docker) provider, which is still
appropriate for managing resources unrelated to building images.
| Provider | Use cases |
| ---------------- | ----------------------------------------------------------------------- |
| `@pulumi/docker-build` | Anything related to building images with `docker build`. |
| `@pulumi/docker` | Everything else -- including running containers and creating networks. |
## Example
If your Pulumi program has a directory called `app` alongside it, containing a
file named "Dockerfile" (which can be as simple as `FROM alpine` for the
purpose of example), then the code below shows how to build a multi-platform
image, publish it to a remote AWS ECR registry, and use an [inline
cache](https://docs.docker.com/build/cache/backends/inline/) to speed up
subsequent builds.
{{< chooser language "typescript,python,csharp,go,yaml,java" / >}}
{{% choosable language typescript %}}
```typescript
import * as aws from "@pulumi/aws";
import * as docker_build from "@pulumi/docker-build";
// Create an ECR repository for pushing.
const ecrRepository = new aws.ecr.Repository("ecr-repository", {});
// Grab auth credentials for ECR.
const authToken = aws.ecr.getAuthorizationTokenOutput({
registryId: ecrRepository.registryId,
});
// Build and push an image to ECR with inline caching.
const myImage = new docker_build.Image("my-image", {
// Tag our image with our ECR repository's address.
tags: [pulumi.interpolate`${ecrRepository.repositoryUrl}:latest`],
context: {
location: "./app",
},
// Use the pushed image as a cache source.
cacheFrom: [{
registry: {
ref: pulumi.interpolate`${ecrRepository.repositoryUrl}:latest`,
},
}],
// Include an inline cache with our pushed image.
cacheTo: [{
inline: {},
}],
// Build a multi-platform image manifest for ARM and AMD.
platforms: [
"linux/amd64",
"linux/arm64",
],
// Push the final result to ECR.
push: true,
// Provide our ECR credentials.
registries: [{
address: ecrRepository.repositoryUrl,
password: authToken.password,
username: authToken.userName,
}],
});
// Export a ref for the pushed images so we can deploy it.
export const ref = myImage.ref;
```
{{% /choosable %}}
{{% choosable language python %}}
```python
import pulumi
import pulumi_aws as aws
import pulumi_docker_build as docker_build
# Create an ECR repository for pushing.
ecr_repository = aws.ecr.Repository("ecr-repository")
# Grab auth credentials for ECR.
auth_token = aws.ecr.get_authorization_token_output(registry_id=ecr_repository.registry_id)
# Build and push an image to ECR with inline caching.
my_image = docker_build.Image("my-image",
# Tag our image with our ECR repository's address.
tags=[ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:latest")],
context=docker_build.BuildContextArgs(
location="./app",
),
# Use the pushed image as a cache source.
cache_from=[docker_build.CacheFromArgs(
registry=docker_build.CacheFromRegistryArgs(
ref=ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:latest"),
),
)],
# Include an inline cache with our pushed image.
cache_to=[docker_build.CacheToArgs(
inline=docker_build.CacheToInlineArgs(),
)],
# Build a multi-platform image manifest for ARM and AMD.
platforms=[
docker_build.Platform.LINUX_AMD64,
docker_build.Platform.LINUX_ARM64,
],
# Push the final result to ECR.
push=True,
# Provide our ECR credentials.
registries=[docker_build.RegistryArgs(
address=ecr_repository.repository_url,
password=auth_token.password,
username=auth_token.user_name,
)],
)
# Export a ref for the pushed images so we can deploy it.
pulumi.export("ref", my_image.ref)
```
{{% /choosable %}}
{{% choosable language csharp %}}
```csharp
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using DockerBuild = Pulumi.DockerBuild;
return await Deployment.RunAsync(() =>
{
// Create an ECR repository for pushing.
var ecrRepository = new Aws.Ecr.Repository("ecr-repository");
// Grab auth credentials for ECR.
var authToken = Aws.Ecr.GetAuthorizationToken.Invoke(new()
{
RegistryId = ecrRepository.RegistryId,
});
// Build and push an image to ECR with inline caching.
var myImage = new DockerBuild.Image("my-image", new()
{
// Tag our image with our ECR repository's address.
Tags = new[]
{
ecrRepository.RepositoryUrl.Apply(repositoryUrl => $"{repositoryUrl}:latest"),
},
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
// Use the pushed image as a cache source.
CacheFrom = new[]
{
new DockerBuild.Inputs.CacheFromArgs
{
Registry = new DockerBuild.Inputs.CacheFromRegistryArgs
{
Ref = ecrRepository.RepositoryUrl.Apply(repositoryUrl => $"{repositoryUrl}:latest"),
},
},
},
// Include an inline cache with our pushed image.
CacheTo = new[]
{
new DockerBuild.Inputs.CacheToArgs
{
Inline = null,
},
},
// Build a multi-platform image manifest for ARM and AMD.
Platforms = new[]
{
DockerBuild.Platform.Linux_amd64,
DockerBuild.Platform.Linux_arm64,
},
// Push the final result to ECR.
Push = true,
// Provide our ECR credentials.
Registries = new[]
{
new DockerBuild.Inputs.RegistryArgs
{
Address = ecrRepository.RepositoryUrl,
Password = authToken.Apply(getAuthorizationTokenResult => getAuthorizationTokenResult.Password),
Username = authToken.Apply(getAuthorizationTokenResult => getAuthorizationTokenResult.UserName),
},
},
});
// Export a ref for the pushed images so we can deploy it.
return new Dictionary<string, object?>
{
["ref"] = myImage.Ref,
};
});
```
{{% /choosable %}}
{{% choosable language go %}}
```go
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr"
"github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create an ECR repository for pushing.
ecrRepository, err := ecr.NewRepository(ctx, "ecr-repository", nil)
if err != nil {
return err
}
// Grab auth credentials for ECR.
authToken := ecr.GetAuthorizationTokenOutput(ctx, ecr.GetAuthorizationTokenOutputArgs{
RegistryId: ecrRepository.RegistryId,
}, nil)
// Build and push an image to ECR with inline caching.
myImage, err := dockerbuild.NewImage(ctx, "my-image", &dockerbuild.ImageArgs{
// Tag our image with our ECR repository's address.
Tags: pulumi.StringArray{
ecrRepository.RepositoryUrl.ApplyT(func(repositoryUrl string) (string, error) {
return fmt.Sprintf("%v:latest", repositoryUrl), nil
}).(pulumi.StringOutput),
},
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
// Use the pushed image as a cache source.
CacheFrom: dockerbuild.CacheFromArray{
&dockerbuild.CacheFromArgs{
Registry: &dockerbuild.CacheFromRegistryArgs{
Ref: ecrRepository.RepositoryUrl.ApplyT(func(repositoryUrl string) (string, error) {
return fmt.Sprintf("%v:latest", repositoryUrl), nil
}).(pulumi.StringOutput),
},
},
},
// Include an inline cache with our pushed image.
CacheTo: dockerbuild.CacheToArray{
&dockerbuild.CacheToArgs{
Inline: nil,
},
},
// Build a multi-platform image manifest for ARM and AMD.
Platforms: dockerbuild.PlatformArray{
dockerbuild.Platform_Linux_amd64,
dockerbuild.Platform_Linux_arm64,
},
// Push the final result to ECR.
Push: pulumi.Bool(true),
// Provide our ECR credentials.
Registries: dockerbuild.RegistryArray{
&dockerbuild.RegistryArgs{
Address: ecrRepository.RepositoryUrl,
Password: authToken.ApplyT(func(authToken ecr.GetAuthorizationTokenResult) (*string, error) {
return &authToken.Password, nil
}).(pulumi.StringPtrOutput),
Username: authToken.ApplyT(func(authToken ecr.GetAuthorizationTokenResult) (*string, error) {
return &authToken.UserName, nil
}).(pulumi.StringPtrOutput),
},
},
})
if err != nil {
return err
}
// Export a ref for the pushed images so we can deploy it.
ctx.Export("ref", myImage.Ref)
return nil
})
}
```
{{% /choosable %}}
{{% choosable language yaml %}}
```yaml
description: Push to AWS ECR with caching
name: ecr
outputs:
ref: ${my-image.ref}
resources:
# Create an ECR repository for pushing.
ecr-repository:
type: aws:ecr:Repository
# Build and push an image to ECR with inline caching.
my-image:
type: docker-build:Image
properties:
# Tag our image with our ECR repository's address.
tags:
- ${ecr-repository.repositoryUrl}:latest
context:
location: ./app
# Use the pushed image as a cache source.
cacheFrom:
- registry:
ref: ${ecr-repository.repositoryUrl}:latest
# Include an inline cache with our pushed image.
cacheTo:
- inline: {}
# Build a multi-platform image manifest for ARM and AMD.
platforms:
- linux/amd64
- linux/arm64
# Push the final result to ECR.
push: true
# Provide our ECR credentials.
registries:
- address: ${ecr-repository.repositoryUrl}
password: ${auth-token.password}
username: ${auth-token.userName}
runtime: yaml
variables:
auth-token:
# Grab auth credentials for ECR.
fn::aws:ecr:getAuthorizationToken:
registryId: ${ecr-repository.registryId}
```
{{% /choosable %}}
{{% choosable language java %}}
```java
package myapp;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ecr.Repository;
import com.pulumi.aws.ecr.EcrFunctions;
import com.pulumi.aws.ecr.inputs.GetAuthorizationTokenArgs;
import com.pulumi.dockerbuild.Image;
import com.pulumi.dockerbuild.ImageArgs;
import com.pulumi.dockerbuild.inputs.CacheFromArgs;
import com.pulumi.dockerbuild.inputs.CacheFromRegistryArgs;
import com.pulumi.dockerbuild.inputs.CacheToArgs;
import com.pulumi.dockerbuild.inputs.CacheToInlineArgs;
import com.pulumi.dockerbuild.inputs.BuildContextArgs;
import com.pulumi.dockerbuild.inputs.RegistryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create an ECR repository for pushing.
var ecrRepository = new Repository("ecrRepository");
// Grab auth credentials for ECR.
final var authToken = EcrFunctions.getAuthorizationToken(GetAuthorizationTokenArgs.builder()
.registryId(ecrRepository.registryId())
.build());
// Build and push an image to ECR with inline caching.
var myImage = new Image("myImage", ImageArgs.builder()
// Tag our image with our ECR repository's address.
.tags(ecrRepository.repositoryUrl().applyValue(repositoryUrl -> String.format("%s:latest", repositoryUrl)))
.context(BuildContextArgs.builder()
.location("./app")
.build())
// Use the pushed image as a cache source.
.cacheFrom(CacheFromArgs.builder()
.registry(CacheFromRegistryArgs.builder()
.ref(ecrRepository.repositoryUrl().applyValue(repositoryUrl -> String.format("%s:latest", repositoryUrl)))
.build())
.build())
// Include an inline cache with our pushed image.
.cacheTo(CacheToArgs.builder()
.inline()
.build())
// Build a multi-platform image manifest for ARM and AMD.
.platforms(
"linux/amd64",
"linux/arm64")
// Push the final result to ECR.
.push(true)
// Provide our ECR credentials.
.registries(RegistryArgs.builder()
.address(ecrRepository.repositoryUrl())
.password(authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult).applyValue(authToken -> authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult.password())))
.username(authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult).applyValue(authToken -> authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult.userName())))
.build())
.build());
ctx.export("ref", myImage.ref());
}
}
```
{{% /choosable %}}
{{< /chooser >}}

33
docs/installation-configuration.md Normal file
View File

@@ -0,0 +1,33 @@
---
title: Docker-Build Installation & Configuration
meta_desc: Provides an overview on how to configure the Pulumi Docker-Build Provider.
layout: package
---
The Pulumi Docker-build provider builds modern Docker images with [buildx](https://docs.docker.com/reference/cli/docker/buildx/) and [BuildKit](https://docs.docker.com/build/buildkit/).
## Installation
The Docker-Build provider is available as a package in all Pulumi languages:
* JavaScript/TypeScript: [`@pulumi/docker-build`](https://www.npmjs.com/package/@pulumi/docker-build)
* Python: [`pulumi-docker-build`](https://pypi.org/project/pulumi-docker-build/)
* Go: [`github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild`](https://github.com/pulumi/pulumi-docker-build)
* .NET: [`Pulumi.DockerBuild`](https://www.nuget.org/packages/Pulumi.DockerBuild)
* Java: [`com.pulumi/docker-build`](https://central.sonatype.com/artifact/com.pulumi/docker-build)
## Configuring The Provider
### Host
The `DOCKER_HOST` environment variable can be used to specify a custom build daemon's location.
```bash
$ export DOCKER_HOST=tcp://127.0.0.1:2376/
```
This can also be specified in your stack's configuration:
```bash
$ pulumi config set docker-build:host tcp://127.0.0.1:2376/
```

4
examples/go/go.mod
View File

@@ -6,7 +6,7 @@ toolchain go1.24.5
require (
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12
github.com/pulumi/pulumi/sdk/v3 v3.187.0
github.com/pulumi/pulumi/sdk/v3 v3.192.0
)
require (
@@ -62,7 +62,7 @@ require (
github.com/pkg/errors v0.9.1 // indirect
github.com/pkg/term v1.1.0 // indirect
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect
github.com/pulumi/esc v0.14.3 // indirect
github.com/pulumi/esc v0.17.0 // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/rogpeppe/go-internal v1.14.1 // indirect
github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect

8
examples/go/go.sum
View File

@@ -159,12 +159,12 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0=
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE=
github.com/pulumi/esc v0.14.3 h1:Zli+9LiSDT/W+Fsfr8tITxCo+5wn969tLrE4KLv44G8=
github.com/pulumi/esc v0.14.3/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc=
github.com/pulumi/esc v0.17.0 h1:oaVOIyFTENlYDuqc3pW75lQT9jb2cd6ie/4/Twxn66w=
github.com/pulumi/esc v0.17.0/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc=
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12 h1:uzmw+0iic764m0Yvh4I/jRV1x3q49dVh5Ctq9RllsQ8=
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12/go.mod h1:6zFMe786NvFDO03BVJwdw1R/Yms4F6vAU49iBHo8zbQ=
github.com/pulumi/pulumi/sdk/v3 v3.187.0 h1:BflBBeD/qaoKN4Tov11g4aHzJ7pTXBSb8otgmteRer0=
github.com/pulumi/pulumi/sdk/v3 v3.187.0/go.mod h1:BnpKxUc6QlxqoCqobHNZsUuIuY27H6ZFUk0Cp+0JN5U=
github.com/pulumi/pulumi/sdk/v3 v3.192.0 h1:sfHuR3P02wSbV3xdSMEQ0+uC/HzlMz0YfKrVAXy1hSQ=
github.com/pulumi/pulumi/sdk/v3 v3.192.0/go.mod h1:aV0+c5xpSYccWKmOjTZS9liYCqh7+peu3cQgSXu7CJw=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=

5
examples/nodejs_test.go
View File

@@ -181,8 +181,9 @@ func TestConfig(t *testing.T) {
require.NoError(t, err)
test := integration.ProgramTestOptions{
Dir: path.Join(cwd, "tests", "config"),
Dependencies: []string{"@pulumi/docker-build"},
Dir: path.Join(cwd, "tests", "config"),
Dependencies: []string{"@pulumi/docker-build"},
SkipEmptyPreviewUpdate: true,
}
integration.ProgramTest(t, &test)

6
go.mod
View File

@@ -16,14 +16,14 @@ require (
github.com/otiai10/copy v1.14.0
github.com/pulumi/providertest v0.3.1
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef
github.com/pulumi/pulumi-go-provider v1.1.0
github.com/pulumi/pulumi-go-provider v1.1.2
github.com/pulumi/pulumi-java/pkg v1.16.0
github.com/pulumi/pulumi-yaml v1.21.2
github.com/pulumi/pulumi/pkg/v3 v3.187.0
github.com/pulumi/pulumi/pkg/v3 v3.192.0
github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815
github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815
github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815
github.com/pulumi/pulumi/sdk/v3 v3.187.0
github.com/pulumi/pulumi/sdk/v3 v3.192.0
github.com/regclient/regclient v0.7.1
github.com/sirupsen/logrus v1.9.3
github.com/spf13/afero v1.14.0

12
go.sum
View File

@@ -896,22 +896,22 @@ github.com/pulumi/providertest v0.3.1 h1:vlftr7TZlObh81mL88IhhF0/9ZbLrZZos4NAvR4
github.com/pulumi/providertest v0.3.1/go.mod h1:fFHUP4/9DRyYnHWiRnwcynMtM/a7hHR/QcJfcuZKO3A=
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef h1:cxRa9R9To6OYKacIG2Em6zcM7BDNr6joC43uiV1lSVY=
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef/go.mod h1:VLcnE1lj92EfRi7CRMzdPkQ9OQvrlg2upJM1lBZzNmg=
github.com/pulumi/pulumi-go-provider v1.1.0 h1:TNrLoQ7LrT6Z2xPbspJKXE3pKZsz+pCVo62zKFGxjBI=
github.com/pulumi/pulumi-go-provider v1.1.0/go.mod h1:bWvFWytb2ULBefjDW/YG+GcjHbzVojwtl1RW5afMvR0=
github.com/pulumi/pulumi-go-provider v1.1.2 h1:NUQDXaftBDFTPMBPwxo8FhJUX0ymkv6a1XiXTnCDpvg=
github.com/pulumi/pulumi-go-provider v1.1.2/go.mod h1:3lNIuxT/BArFyiKrVfv+UT7gMMtplss7V69KuBZ4zIk=
github.com/pulumi/pulumi-java/pkg v1.16.0 h1:8KCiIXWv2uxfIks0SdgOezyXg4HZIoPfHID9eMg4nuM=
github.com/pulumi/pulumi-java/pkg v1.16.0/go.mod h1:VeMZ1s9LfXBypao4A1tRF3EB7fYnYZ1LwImyg6FBX0c=
github.com/pulumi/pulumi-yaml v1.21.2 h1:czqC5AazinfX6Bj0nqAAQ6x/Cr8/3oUz3HUjJg6tJ4o=
github.com/pulumi/pulumi-yaml v1.21.2/go.mod h1:KOqDnuJksfIq8belFVFN3IEI4r0NgW69M0QPSj54On4=
github.com/pulumi/pulumi/pkg/v3 v3.187.0 h1:VTbireKCxG/wKPX3slHNb3Zk3xKMr5CvcvjH8194H2I=
github.com/pulumi/pulumi/pkg/v3 v3.187.0/go.mod h1:3y5nyMg62dd+DBzYW/P4d+Ye9pJ/zhJd+aGzMzfUL1g=
github.com/pulumi/pulumi/pkg/v3 v3.192.0 h1:gZRMPaNpW+VN3ng3h9r8De8wI0keWC9fIP0rcUDatMA=
github.com/pulumi/pulumi/pkg/v3 v3.192.0/go.mod h1:+Zp3EzjzGW4PlcW8oITZgeOfFzIVbLWvHtUVixvGQcs=
github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:tipGG4aEPejP424igQYxJ6TOtWVtZJa0z679oIv00ho=
github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:V2MMs29cFeGBdZyFKxNqTGVfBgDLhIOGfrXOxheieuI=
github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:+QJTFK7UcOFTYCg3XaSTrRZHWJ6Hqza8w9oADa4pPcM=
github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:0kA9b5LsaXLEKQzo0o9UUsHtZkACthHYLyBVUDUVMxc=
github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:bkvtySMos0ij3fWZWZaU5sVrvGvU0dZCusoxpgEtX6I=
github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:SJtr0N/XFyelI7M7U0UbJXr15pgEdSmpN40cglTsRTA=
github.com/pulumi/pulumi/sdk/v3 v3.187.0 h1:BflBBeD/qaoKN4Tov11g4aHzJ7pTXBSb8otgmteRer0=
github.com/pulumi/pulumi/sdk/v3 v3.187.0/go.mod h1:BnpKxUc6QlxqoCqobHNZsUuIuY27H6ZFUk0Cp+0JN5U=
github.com/pulumi/pulumi/sdk/v3 v3.192.0 h1:sfHuR3P02wSbV3xdSMEQ0+uC/HzlMz0YfKrVAXy1hSQ=
github.com/pulumi/pulumi/sdk/v3 v3.192.0/go.mod h1:aV0+c5xpSYccWKmOjTZS9liYCqh7+peu3cQgSXu7CJw=
github.com/quasilyte/go-ruleguard v0.4.2 h1:htXcXDK6/rO12kiTHKfHuqR4kr3Y4M0J0rOL6CH/BYs=
github.com/quasilyte/go-ruleguard v0.4.2/go.mod h1:GJLgqsLeo4qgavUoL8JeGFNS7qcisx3awV/w9eWTmNI=
github.com/quasilyte/go-ruleguard/dsl v0.3.22 h1:wd8zkOhSNr+I+8Qeciml08ivDt1pSXe60+5DqOpCjPE=

19
mise.toml
View File

@@ -1,19 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
[tools]
# Runtimes
go = '1.21'
node = '20'
python = '3.11.8'
dotnet = '8.0'
# Corretto version used as Java SE/OpenJDK version no longer offered
java = 'corretto-11'
# Executable tools
pulumi = 'latest'
"go:github.com/pulumi/pulumictl/cmd/pulumictl" = 'latest'
gradle = '7.6'
[settings]
experimental = true # Required for Go binaries (e.g. pulumictl).

44
provider/cmd/pulumi-resource-docker-build/schema.json
View File

@@ -155,32 +155,12 @@
]
},
"docker-build:index:CacheFromGitHubActions": {
"description": "Recommended for use with GitHub Actions workflows.\n\nAn action like `crazy-max/ghaction-github-runtime` is recommended to expose\nappropriate credentials to your GitHub workflow.",
"properties": {
"scope": {
"type": "string",
"description": "The scope to use for cache keys. Defaults to `buildkit`.\n\nThis should be set if building and caching multiple images in one\nworkflow, otherwise caches will overwrite each other.",
"default": "buildkit"
},
"token": {
"type": "string",
"description": "The GitHub Actions token to use. This is not a personal access tokens\nand is typically generated automatically as part of each job.\n\nDefaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like\n`crazy-max/ghaction-github-runtime` is recommended to expose this\nenvironment variable to your jobs.",
"default": "",
"defaultInfo": {
"environment": [
"ACTIONS_RUNTIME_TOKEN"
]
},
"secret": true
},
"url": {
"type": "string",
"description": "The cache server URL to use for artifacts.\n\nDefaults to `$ACTIONS_CACHE_URL`, although a separate action like\n`crazy-max/ghaction-github-runtime` is recommended to expose this\nenvironment variable to your jobs.",
"default": "",
"defaultInfo": {
"environment": [
"ACTIONS_CACHE_URL"
]
}
}
},
"type": "object"
@@ -370,6 +350,7 @@
]
},
"docker-build:index:CacheToGitHubActions": {
"description": "Recommended for use with GitHub Actions workflows.\n\nAn action like `crazy-max/ghaction-github-runtime` is recommended to expose\nappropriate credentials to your GitHub workflow.",
"properties": {
"ignoreError": {
"type": "boolean",
@@ -385,27 +366,6 @@
"type": "string",
"description": "The scope to use for cache keys. Defaults to `buildkit`.\n\nThis should be set if building and caching multiple images in one\nworkflow, otherwise caches will overwrite each other.",
"default": "buildkit"
},
"token": {
"type": "string",
"description": "The GitHub Actions token to use. This is not a personal access tokens\nand is typically generated automatically as part of each job.\n\nDefaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like\n`crazy-max/ghaction-github-runtime` is recommended to expose this\nenvironment variable to your jobs.",
"default": "",
"defaultInfo": {
"environment": [
"ACTIONS_RUNTIME_TOKEN"
]
},
"secret": true
},
"url": {
"type": "string",
"description": "The cache server URL to use for artifacts.\n\nDefaults to `$ACTIONS_CACHE_URL`, although a separate action like\n`crazy-max/ghaction-github-runtime` is recommended to expose this\nenvironment variable to your jobs.",
"default": "",
"defaultInfo": {
"environment": [
"ACTIONS_CACHE_URL"
]
}
}
},
"type": "object"

37
provider/internal/cache.go
View File

@@ -17,6 +17,7 @@ package internal
import (
"errors"
"fmt"
"os"
"strings"
controllerapi "github.com/docker/buildx/controller/pb"
@@ -148,33 +149,20 @@ func (c CacheWithOCI) String() string {
// CacheFromGitHubActions pulls cache manifests from the GitHub actions cache.
type CacheFromGitHubActions struct {
URL string `pulumi:"url,optional"`
Token string `pulumi:"token,optional" provider:"secret"`
Scope string `pulumi:"scope,optional"`
}
// Annotate sets docstrings on CacheFromGitHubActions.
func (c *CacheFromGitHubActions) Annotate(a infer.Annotator) {
a.SetDefault(&c.URL, "", "ACTIONS_CACHE_URL")
a.SetDefault(&c.Token, "", "ACTIONS_RUNTIME_TOKEN")
a.Describe(&c, dedent(`
Recommended for use with GitHub Actions workflows.
An action like "crazy-max/ghaction-github-runtime" is recommended to expose
appropriate credentials to your GitHub workflow.
`))
a.SetDefault(&c.Scope, "buildkit")
a.Describe(&c.URL, dedent(`
The cache server URL to use for artifacts.
Defaults to "$ACTIONS_CACHE_URL", although a separate action like
"crazy-max/ghaction-github-runtime" is recommended to expose this
environment variable to your jobs.
`))
a.Describe(&c.Token, dedent(`
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to "$ACTIONS_RUNTIME_TOKEN", although a separate action like
"crazy-max/ghaction-github-runtime" is recommended to expose this
environment variable to your jobs.
`))
a.Describe(&c.Scope, dedent(`
The scope to use for cache keys. Defaults to "buildkit".
@@ -191,11 +179,12 @@ func (c *CacheFromGitHubActions) String() string {
if c.Scope != "" {
parts = append(parts, "scope="+c.Scope)
}
if c.Token != "" {
parts = append(parts, "token="+c.Token)
// Preserving backwards compatibility with the old behaviour.
if token := os.Getenv("ACTIONS_RUNTIME_TOKEN"); token != "" {
parts = append(parts, "token="+token)
}
if c.URL != "" {
parts = append(parts, "url="+c.URL)
if url := os.Getenv("ACTIONS_CACHE_URL"); url != "" {
parts = append(parts, "url="+url)
}
return strings.Join(parts, ",")
}

46
provider/internal/cache_test.go
View File

@@ -24,14 +24,15 @@ import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
//nolint:paralleltest // We don't call t.Parallel here to prevent environment corruption.
func TestCacheString(t *testing.T) {
t.Parallel()
gzip := Gzip
tests := []struct {
name string
given fmt.Stringer
want string
name string
arrange func(t *testing.T)
given fmt.Stringer
want string
}{
{
name: "s3",
@@ -55,7 +56,37 @@ func TestCacheString(t *testing.T) {
{
name: "gha",
given: CacheTo{GHA: &CacheToGitHubActions{}},
want: "type=gha",
arrange: func(t *testing.T) {
t.Setenv("ACTIONS_CACHE_URL", "")
t.Setenv("ACTIONS_RUNTIME_TOKEN", "")
},
want: "type=gha",
},
{
name: "gha-default-envs",
arrange: func(t *testing.T) {
t.Setenv("ACTIONS_CACHE_URL", "https://example.com")
t.Setenv("ACTIONS_RUNTIME_TOKEN", "token")
},
given: CacheTo{GHA: &CacheToGitHubActions{
CacheFromGitHubActions: CacheFromGitHubActions{
Scope: "scope",
},
}},
want: "type=gha,scope=scope,token=token,url=https://example.com",
},
{
name: "gha-with-scope",
arrange: func(t *testing.T) {
t.Setenv("ACTIONS_CACHE_URL", "")
t.Setenv("ACTIONS_RUNTIME_TOKEN", "")
},
given: CacheTo{GHA: &CacheToGitHubActions{
CacheFromGitHubActions: CacheFromGitHubActions{
Scope: "scope",
},
}},
want: "type=gha,scope=scope",
},
{
name: "from-local",
@@ -121,9 +152,12 @@ func TestCacheString(t *testing.T) {
},
}
//nolint:paralleltest // We don't call t.Parallel here to prevent environment corruption.
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
if tt.arrange != nil {
tt.arrange(t)
}
actual := tt.given.String()
assert.Equal(t, tt.want, actual)

16
provider/internal/image_test.go
View File

@@ -917,8 +917,10 @@ func TestValidateImageArgs(t *testing.T) {
{
name: "gha environment",
envs: map[string]string{
"ACTIONS_CACHE_URL": "test-cache-url",
"ACTIONS_RUNTIME_TOKEN": "test-runtime-token",
"ACTIONS_CACHE_URL": "test-cache-url",
"ACTIONS_RUNTIME_TOKEN": "test-runtime-token",
"ACTIONS_RESULTS_URL": "test-results-url",
"ACTIONS_CACHE_SERVICE_V2": "true",
},
args: ImageArgs{
Context: &BuildContext{Context: Context{Location: "testdata/noop"}},
@@ -930,15 +932,17 @@ func TestValidateImageArgs(t *testing.T) {
wantCacheFrom: &pb.CacheOptionsEntry{
Type: "gha",
Attrs: map[string]string{
"token": "test-runtime-token",
"url": "test-cache-url",
"token": "test-runtime-token",
"url": "test-cache-url",
"url_v2": "test-results-url",
},
},
wantCacheTo: &pb.CacheOptionsEntry{
Type: "gha",
Attrs: map[string]string{
"token": "test-runtime-token",
"url": "test-cache-url",
"token": "test-runtime-token",
"url": "test-cache-url",
"url_v2": "test-results-url",
},
},
},

55
scripts/get-versions.sh Executable file
View File

@@ -0,0 +1,55 @@
#!/usr/bin/env bash
set -euo pipefail
# This script can be simplified to use go when https://github.com/jdx/mise/discussions/6374 is fixed
# e.g. go list -m -f '{{.GoVersion}}'
module_path="github.com/pulumi/pulumi/pkg/v3"
go_mod_path="."
gomod="go.mod"
if [[ "$go_mod_path" != "" && "$go_mod_path" != "." ]]; then
gomod="$go_mod_path/$gomod"
fi
if [[ ! -f "$gomod" ]]; then
echo "missing $gomod" >&2
exit 1
fi
raw_version=$(awk -v module="$module_path" '
$1 == module || $2 == module {
for (i = 1; i <= NF; i++) {
if ($i ~ /^v[0-9]/) {
sub(/^v/, "", $i)
print $i
exit
}
}
}
' "$gomod")
if [[ -z "${raw_version:-}" ]]; then
echo "failed to determine Pulumi version from $gomod" >&2
exit 1
fi
echo "PULUMI_VERSION_MISE=$raw_version"
export PULUMI_VERSION_MISE=$raw_version
# Prefer the toolchain directive if present, otherwise fall back to the `go` version line
go_toolchain=$(awk '/^toolchain[[:space:]]+go[0-9]/{ print $2; exit }' "$gomod")
if [[ -n "${go_toolchain:-}" ]]; then
go_version=${go_toolchain#go}
else
go_version=$(awk '/^go[[:space:]]+[0-9]/{ print $2; exit }' "$gomod")
fi
if [[ -z "${go_version:-}" ]]; then
echo "failed to determine Go version from $gomod" >&2
exit 1
fi
echo "GO_VERSION_MISE=$go_version"
export GO_VERSION_MISE=$go_version

39
sdk/dotnet/Inputs/CacheFromGitHubActionsArgs.cs generated
View File

@@ -10,6 +10,12 @@ using Pulumi.Serialization;
namespace Pulumi.DockerBuild.Inputs
{
/// <summary>
/// Recommended for use with GitHub Actions workflows.
///
/// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
/// appropriate credentials to your GitHub workflow.
/// </summary>
public sealed class CacheFromGitHubActionsArgs : global::Pulumi.ResourceArgs
{
/// <summary>
@@ -21,42 +27,9 @@ namespace Pulumi.DockerBuild.Inputs
[Input("scope")]
public Input<string>? Scope { get; set; }
[Input("token")]
private Input<string>? _token;
/// <summary>
/// The GitHub Actions token to use. This is not a personal access tokens
/// and is typically generated automatically as part of each job.
///
/// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public Input<string>? Token
{
get => _token;
set
{
var emptySecret = Output.CreateSecret(0);
_token = Output.Tuple<Input<string>?, int>(value, emptySecret).Apply(t => t.Item1);
}
}
/// <summary>
/// The cache server URL to use for artifacts.
///
/// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
[Input("url")]
public Input<string>? Url { get; set; }
public CacheFromGitHubActionsArgs()
{
Scope = "buildkit";
Token = Utilities.GetEnv("ACTIONS_RUNTIME_TOKEN") ?? "";
Url = Utilities.GetEnv("ACTIONS_CACHE_URL") ?? "";
}
public static new CacheFromGitHubActionsArgs Empty => new CacheFromGitHubActionsArgs();
}

39
sdk/dotnet/Inputs/CacheToGitHubActionsArgs.cs generated
View File

@@ -10,6 +10,12 @@ using Pulumi.Serialization;
namespace Pulumi.DockerBuild.Inputs
{
/// <summary>
/// Recommended for use with GitHub Actions workflows.
///
/// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
/// appropriate credentials to your GitHub workflow.
/// </summary>
public sealed class CacheToGitHubActionsArgs : global::Pulumi.ResourceArgs
{
/// <summary>
@@ -33,44 +39,11 @@ namespace Pulumi.DockerBuild.Inputs
[Input("scope")]
public Input<string>? Scope { get; set; }
[Input("token")]
private Input<string>? _token;
/// <summary>
/// The GitHub Actions token to use. This is not a personal access tokens
/// and is typically generated automatically as part of each job.
///
/// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public Input<string>? Token
{
get => _token;
set
{
var emptySecret = Output.CreateSecret(0);
_token = Output.Tuple<Input<string>?, int>(value, emptySecret).Apply(t => t.Item1);
}
}
/// <summary>
/// The cache server URL to use for artifacts.
///
/// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
[Input("url")]
public Input<string>? Url { get; set; }
public CacheToGitHubActionsArgs()
{
IgnoreError = false;
Mode = Pulumi.DockerBuild.CacheMode.Min;
Scope = "buildkit";
Token = Utilities.GetEnv("ACTIONS_RUNTIME_TOKEN") ?? "";
Url = Utilities.GetEnv("ACTIONS_CACHE_URL") ?? "";
}
public static new CacheToGitHubActionsArgs Empty => new CacheToGitHubActionsArgs();
}

32
sdk/dotnet/Outputs/CacheFromGitHubActions.cs generated
View File

@@ -10,6 +10,12 @@ using Pulumi.Serialization;
namespace Pulumi.DockerBuild.Outputs
{
/// <summary>
/// Recommended for use with GitHub Actions workflows.
///
/// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
/// appropriate credentials to your GitHub workflow.
/// </summary>
[OutputType]
public sealed class CacheFromGitHubActions
{
@@ -20,35 +26,11 @@ namespace Pulumi.DockerBuild.Outputs
/// workflow, otherwise caches will overwrite each other.
/// </summary>
public readonly string? Scope;
/// <summary>
/// The GitHub Actions token to use. This is not a personal access tokens
/// and is typically generated automatically as part of each job.
///
/// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public readonly string? Token;
/// <summary>
/// The cache server URL to use for artifacts.
///
/// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public readonly string? Url;
[OutputConstructor]
private CacheFromGitHubActions(
string? scope,
string? token,
string? url)
private CacheFromGitHubActions(string? scope)
{
Scope = scope;
Token = token;
Url = url;
}
}
}

31
sdk/dotnet/Outputs/CacheToGitHubActions.cs generated
View File

@@ -10,6 +10,12 @@ using Pulumi.Serialization;
namespace Pulumi.DockerBuild.Outputs
{
/// <summary>
/// Recommended for use with GitHub Actions workflows.
///
/// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
/// appropriate credentials to your GitHub workflow.
/// </summary>
[OutputType]
public sealed class CacheToGitHubActions
{
@@ -28,23 +34,6 @@ namespace Pulumi.DockerBuild.Outputs
/// workflow, otherwise caches will overwrite each other.
/// </summary>
public readonly string? Scope;
/// <summary>
/// The GitHub Actions token to use. This is not a personal access tokens
/// and is typically generated automatically as part of each job.
///
/// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public readonly string? Token;
/// <summary>
/// The cache server URL to use for artifacts.
///
/// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public readonly string? Url;
[OutputConstructor]
private CacheToGitHubActions(
@@ -52,17 +41,11 @@ namespace Pulumi.DockerBuild.Outputs
Pulumi.DockerBuild.CacheMode? mode,
string? scope,
string? token,
string? url)
string? scope)
{
IgnoreError = ignoreError;
Mode = mode;
Scope = scope;
Token = token;
Url = url;
}
}
}

2
sdk/go/dockerbuild/go.mod generated
View File

@@ -4,7 +4,7 @@ go 1.24.1
require (
github.com/blang/semver v3.5.1+incompatible
github.com/pulumi/pulumi/sdk/v3 v3.187.0
github.com/pulumi/pulumi/sdk/v3 v3.192.0
)
require (

4
sdk/go/dockerbuild/go.sum generated
View File

@@ -164,8 +164,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE=
github.com/pulumi/esc v0.17.0 h1:oaVOIyFTENlYDuqc3pW75lQT9jb2cd6ie/4/Twxn66w=
github.com/pulumi/esc v0.17.0/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc=
github.com/pulumi/pulumi/sdk/v3 v3.187.0 h1:BflBBeD/qaoKN4Tov11g4aHzJ7pTXBSb8otgmteRer0=
github.com/pulumi/pulumi/sdk/v3 v3.187.0/go.mod h1:BnpKxUc6QlxqoCqobHNZsUuIuY27H6ZFUk0Cp+0JN5U=
github.com/pulumi/pulumi/sdk/v3 v3.192.0 h1:sfHuR3P02wSbV3xdSMEQ0+uC/HzlMz0YfKrVAXy1hSQ=
github.com/pulumi/pulumi/sdk/v3 v3.192.0/go.mod h1:aV0+c5xpSYccWKmOjTZS9liYCqh7+peu3cQgSXu7CJw=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=

216
sdk/go/dockerbuild/pulumiTypes.go generated
View File

@@ -834,25 +834,16 @@ func (o CacheFromAzureBlobPtrOutput) SecretAccessKey() pulumi.StringPtrOutput {
}).(pulumi.StringPtrOutput)
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActions struct {
// The scope to use for cache keys. Defaults to `buildkit`.
//
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope *string `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token *string `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url *string `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheFromGitHubActions
@@ -865,18 +856,6 @@ func (val *CacheFromGitHubActions) Defaults() *CacheFromGitHubActions {
scope_ := "buildkit"
tmp.Scope = &scope_
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
token_ := d.(string)
tmp.Token = &token_
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
url_ := d.(string)
tmp.Url = &url_
}
}
return &tmp
}
@@ -891,25 +870,16 @@ type CacheFromGitHubActionsInput interface {
ToCacheFromGitHubActionsOutputWithContext(context.Context) CacheFromGitHubActionsOutput
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActionsArgs struct {
// The scope to use for cache keys. Defaults to `buildkit`.
//
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope pulumi.StringPtrInput `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token pulumi.StringPtrInput `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url pulumi.StringPtrInput `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheFromGitHubActionsArgs
@@ -921,16 +891,6 @@ func (val *CacheFromGitHubActionsArgs) Defaults() *CacheFromGitHubActionsArgs {
if tmp.Scope == nil {
tmp.Scope = pulumi.StringPtr("buildkit")
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
tmp.Token = pulumi.StringPtr(d.(string))
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
tmp.Url = pulumi.StringPtr(d.(string))
}
}
return &tmp
}
func (CacheFromGitHubActionsArgs) ElementType() reflect.Type {
@@ -998,6 +958,10 @@ func (i *cacheFromGitHubActionsPtrType) ToOutput(ctx context.Context) pulumix.Ou
}
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActionsOutput struct{ *pulumi.OutputState }
func (CacheFromGitHubActionsOutput) ElementType() reflect.Type {
@@ -1036,25 +1000,6 @@ func (o CacheFromGitHubActionsOutput) Scope() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheFromGitHubActions) *string { return v.Scope }).(pulumi.StringPtrOutput)
}
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsOutput) Token() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheFromGitHubActions) *string { return v.Token }).(pulumi.StringPtrOutput)
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsOutput) Url() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheFromGitHubActions) *string { return v.Url }).(pulumi.StringPtrOutput)
}
type CacheFromGitHubActionsPtrOutput struct{ *pulumi.OutputState }
func (CacheFromGitHubActionsPtrOutput) ElementType() reflect.Type {
@@ -1098,35 +1043,6 @@ func (o CacheFromGitHubActionsPtrOutput) Scope() pulumi.StringPtrOutput {
}).(pulumi.StringPtrOutput)
}
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsPtrOutput) Token() pulumi.StringPtrOutput {
return o.ApplyT(func(v *CacheFromGitHubActions) *string {
if v == nil {
return nil
}
return v.Token
}).(pulumi.StringPtrOutput)
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsPtrOutput) Url() pulumi.StringPtrOutput {
return o.ApplyT(func(v *CacheFromGitHubActions) *string {
if v == nil {
return nil
}
return v.Url
}).(pulumi.StringPtrOutput)
}
type CacheFromLocal struct {
// Digest of manifest to import.
Digest *string `pulumi:"digest"`
@@ -2361,6 +2277,10 @@ func (o CacheToAzureBlobPtrOutput) SecretAccessKey() pulumi.StringPtrOutput {
}).(pulumi.StringPtrOutput)
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActions struct {
// Ignore errors caused by failed cache exports.
IgnoreError *bool `pulumi:"ignoreError"`
@@ -2371,19 +2291,6 @@ type CacheToGitHubActions struct {
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope *string `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token *string `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url *string `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheToGitHubActions
@@ -2404,18 +2311,6 @@ func (val *CacheToGitHubActions) Defaults() *CacheToGitHubActions {
scope_ := "buildkit"
tmp.Scope = &scope_
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
token_ := d.(string)
tmp.Token = &token_
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
url_ := d.(string)
tmp.Url = &url_
}
}
return &tmp
}
@@ -2430,6 +2325,10 @@ type CacheToGitHubActionsInput interface {
ToCacheToGitHubActionsOutputWithContext(context.Context) CacheToGitHubActionsOutput
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActionsArgs struct {
// Ignore errors caused by failed cache exports.
IgnoreError pulumi.BoolPtrInput `pulumi:"ignoreError"`
@@ -2440,19 +2339,6 @@ type CacheToGitHubActionsArgs struct {
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope pulumi.StringPtrInput `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token pulumi.StringPtrInput `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url pulumi.StringPtrInput `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheToGitHubActionsArgs
@@ -2470,16 +2356,6 @@ func (val *CacheToGitHubActionsArgs) Defaults() *CacheToGitHubActionsArgs {
if tmp.Scope == nil {
tmp.Scope = pulumi.StringPtr("buildkit")
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
tmp.Token = pulumi.StringPtr(d.(string))
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
tmp.Url = pulumi.StringPtr(d.(string))
}
}
return &tmp
}
func (CacheToGitHubActionsArgs) ElementType() reflect.Type {
@@ -2547,6 +2423,10 @@ func (i *cacheToGitHubActionsPtrType) ToOutput(ctx context.Context) pulumix.Outp
}
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActionsOutput struct{ *pulumi.OutputState }
func (CacheToGitHubActionsOutput) ElementType() reflect.Type {
@@ -2595,25 +2475,6 @@ func (o CacheToGitHubActionsOutput) Scope() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheToGitHubActions) *string { return v.Scope }).(pulumi.StringPtrOutput)
}
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsOutput) Token() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheToGitHubActions) *string { return v.Token }).(pulumi.StringPtrOutput)
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsOutput) Url() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheToGitHubActions) *string { return v.Url }).(pulumi.StringPtrOutput)
}
type CacheToGitHubActionsPtrOutput struct{ *pulumi.OutputState }
func (CacheToGitHubActionsPtrOutput) ElementType() reflect.Type {
@@ -2677,35 +2538,6 @@ func (o CacheToGitHubActionsPtrOutput) Scope() pulumi.StringPtrOutput {
}).(pulumi.StringPtrOutput)
}
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsPtrOutput) Token() pulumi.StringPtrOutput {
return o.ApplyT(func(v *CacheToGitHubActions) *string {
if v == nil {
return nil
}
return v.Token
}).(pulumi.StringPtrOutput)
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsPtrOutput) Url() pulumi.StringPtrOutput {
return o.ApplyT(func(v *CacheToGitHubActions) *string {
if v == nil {
return nil
}
return v.Url
}).(pulumi.StringPtrOutput)
}
// Include an inline cache with the exported image.
type CacheToInline struct {
}

158
sdk/go/dockerbuild/x/pulumiTypes.go generated
View File

@@ -393,25 +393,16 @@ func (o CacheFromAzureBlobOutput) SecretAccessKey() pulumix.Output[*string] {
return pulumix.Apply[CacheFromAzureBlob](o, func(v CacheFromAzureBlob) *string { return v.SecretAccessKey })
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActions struct {
// The scope to use for cache keys. Defaults to `buildkit`.
//
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope *string `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token *string `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url *string `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheFromGitHubActions
@@ -424,40 +415,19 @@ func (val *CacheFromGitHubActions) Defaults() *CacheFromGitHubActions {
scope_ := "buildkit"
tmp.Scope = &scope_
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
token_ := d.(string)
tmp.Token = &token_
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
url_ := d.(string)
tmp.Url = &url_
}
}
return &tmp
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActionsArgs struct {
// The scope to use for cache keys. Defaults to `buildkit`.
//
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope pulumix.Input[*string] `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token pulumix.Input[*string] `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url pulumix.Input[*string] `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheFromGitHubActionsArgs
@@ -469,16 +439,6 @@ func (val *CacheFromGitHubActionsArgs) Defaults() *CacheFromGitHubActionsArgs {
if tmp.Scope == nil {
tmp.Scope = pulumix.Ptr("buildkit")
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
tmp.Token = pulumix.Ptr(d.(string))
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
tmp.Url = pulumix.Ptr(d.(string))
}
}
return &tmp
}
func (CacheFromGitHubActionsArgs) ElementType() reflect.Type {
@@ -497,6 +457,10 @@ func (i *CacheFromGitHubActionsArgs) ToOutput(ctx context.Context) pulumix.Outpu
return pulumix.Val(i)
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActionsOutput struct{ *pulumi.OutputState }
func (CacheFromGitHubActionsOutput) ElementType() reflect.Type {
@@ -525,25 +489,6 @@ func (o CacheFromGitHubActionsOutput) Scope() pulumix.Output[*string] {
return pulumix.Apply[CacheFromGitHubActions](o, func(v CacheFromGitHubActions) *string { return v.Scope })
}
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsOutput) Token() pulumix.Output[*string] {
return pulumix.Apply[CacheFromGitHubActions](o, func(v CacheFromGitHubActions) *string { return v.Token })
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsOutput) Url() pulumix.Output[*string] {
return pulumix.Apply[CacheFromGitHubActions](o, func(v CacheFromGitHubActions) *string { return v.Url })
}
type CacheFromLocal struct {
// Digest of manifest to import.
Digest *string `pulumi:"digest"`
@@ -1134,6 +1079,10 @@ func (o CacheToAzureBlobOutput) SecretAccessKey() pulumix.Output[*string] {
return pulumix.Apply[CacheToAzureBlob](o, func(v CacheToAzureBlob) *string { return v.SecretAccessKey })
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActions struct {
// Ignore errors caused by failed cache exports.
IgnoreError *bool `pulumi:"ignoreError"`
@@ -1144,19 +1093,6 @@ type CacheToGitHubActions struct {
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope *string `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token *string `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url *string `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheToGitHubActions
@@ -1177,21 +1113,13 @@ func (val *CacheToGitHubActions) Defaults() *CacheToGitHubActions {
scope_ := "buildkit"
tmp.Scope = &scope_
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
token_ := d.(string)
tmp.Token = &token_
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
url_ := d.(string)
tmp.Url = &url_
}
}
return &tmp
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActionsArgs struct {
// Ignore errors caused by failed cache exports.
IgnoreError pulumix.Input[*bool] `pulumi:"ignoreError"`
@@ -1202,19 +1130,6 @@ type CacheToGitHubActionsArgs struct {
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope pulumix.Input[*string] `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token pulumix.Input[*string] `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url pulumix.Input[*string] `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheToGitHubActionsArgs
@@ -1232,16 +1147,6 @@ func (val *CacheToGitHubActionsArgs) Defaults() *CacheToGitHubActionsArgs {
if tmp.Scope == nil {
tmp.Scope = pulumix.Ptr("buildkit")
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
tmp.Token = pulumix.Ptr(d.(string))
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
tmp.Url = pulumix.Ptr(d.(string))
}
}
return &tmp
}
func (CacheToGitHubActionsArgs) ElementType() reflect.Type {
@@ -1260,6 +1165,10 @@ func (i *CacheToGitHubActionsArgs) ToOutput(ctx context.Context) pulumix.Output[
return pulumix.Val(i)
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActionsOutput struct{ *pulumi.OutputState }
func (CacheToGitHubActionsOutput) ElementType() reflect.Type {
@@ -1298,25 +1207,6 @@ func (o CacheToGitHubActionsOutput) Scope() pulumix.Output[*string] {
return pulumix.Apply[CacheToGitHubActions](o, func(v CacheToGitHubActions) *string { return v.Scope })
}
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsOutput) Token() pulumix.Output[*string] {
return pulumix.Apply[CacheToGitHubActions](o, func(v CacheToGitHubActions) *string { return v.Token })
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsOutput) Url() pulumix.Output[*string] {
return pulumix.Apply[CacheToGitHubActions](o, func(v CacheToGitHubActions) *string { return v.Url })
}
// Include an inline cache with the exported image.
type CacheToInline struct {
}

119
sdk/java/src/main/java/com/pulumi/dockerbuild/inputs/CacheFromGitHubActionsArgs.java generated
View File

@@ -12,6 +12,13 @@ import java.util.Optional;
import javax.annotation.Nullable;
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*
*/
public final class CacheFromGitHubActionsArgs extends com.pulumi.resources.ResourceArgs {
public static final CacheFromGitHubActionsArgs Empty = new CacheFromGitHubActionsArgs();
@@ -37,60 +44,10 @@ public final class CacheFromGitHubActionsArgs extends com.pulumi.resources.Resou
return Optional.ofNullable(this.scope);
}
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
@Import(name="token")
private @Nullable Output<String> token;
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<Output<String>> token() {
return Optional.ofNullable(this.token);
}
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
@Import(name="url")
private @Nullable Output<String> url;
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<Output<String>> url() {
return Optional.ofNullable(this.url);
}
private CacheFromGitHubActionsArgs() {}
private CacheFromGitHubActionsArgs(CacheFromGitHubActionsArgs $) {
this.scope = $.scope;
this.token = $.token;
this.url = $.url;
}
public static Builder builder() {
@@ -138,70 +95,8 @@ public final class CacheFromGitHubActionsArgs extends com.pulumi.resources.Resou
return scope(Output.of(scope));
}
/**
* @param token The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder token(@Nullable Output<String> token) {
$.token = token;
return this;
}
/**
* @param token The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder token(String token) {
return token(Output.of(token));
}
/**
* @param url The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder url(@Nullable Output<String> url) {
$.url = url;
return this;
}
/**
* @param url The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder url(String url) {
return url(Output.of(url));
}
public CacheFromGitHubActionsArgs build() {
$.scope = Codegen.stringProp("scope").output().arg($.scope).def("buildkit").getNullable();
$.token = Codegen.stringProp("token").secret().arg($.token).env("ACTIONS_RUNTIME_TOKEN").def("").getNullable();
$.url = Codegen.stringProp("url").output().arg($.url).env("ACTIONS_CACHE_URL").def("").getNullable();
return $;
}
}

119
sdk/java/src/main/java/com/pulumi/dockerbuild/inputs/CacheToGitHubActionsArgs.java generated
View File

@@ -14,6 +14,13 @@ import java.util.Optional;
import javax.annotation.Nullable;
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*
*/
public final class CacheToGitHubActionsArgs extends com.pulumi.resources.ResourceArgs {
public static final CacheToGitHubActionsArgs Empty = new CacheToGitHubActionsArgs();
@@ -69,62 +76,12 @@ public final class CacheToGitHubActionsArgs extends com.pulumi.resources.Resourc
return Optional.ofNullable(this.scope);
}
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
@Import(name="token")
private @Nullable Output<String> token;
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<Output<String>> token() {
return Optional.ofNullable(this.token);
}
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
@Import(name="url")
private @Nullable Output<String> url;
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<Output<String>> url() {
return Optional.ofNullable(this.url);
}
private CacheToGitHubActionsArgs() {}
private CacheToGitHubActionsArgs(CacheToGitHubActionsArgs $) {
this.ignoreError = $.ignoreError;
this.mode = $.mode;
this.scope = $.scope;
this.token = $.token;
this.url = $.url;
}
public static Builder builder() {
@@ -214,72 +171,10 @@ public final class CacheToGitHubActionsArgs extends com.pulumi.resources.Resourc
return scope(Output.of(scope));
}
/**
* @param token The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder token(@Nullable Output<String> token) {
$.token = token;
return this;
}
/**
* @param token The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder token(String token) {
return token(Output.of(token));
}
/**
* @param url The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder url(@Nullable Output<String> url) {
$.url = url;
return this;
}
/**
* @param url The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder url(String url) {
return url(Output.of(url));
}
public CacheToGitHubActionsArgs build() {
$.ignoreError = Codegen.booleanProp("ignoreError").output().arg($.ignoreError).def(false).getNullable();
$.mode = Codegen.objectProp("mode", CacheMode.class).output().arg($.mode).def(CacheMode.Min).getNullable();
$.scope = Codegen.stringProp("scope").output().arg($.scope).def("buildkit").getNullable();
$.token = Codegen.stringProp("token").secret().arg($.token).env("ACTIONS_RUNTIME_TOKEN").def("").getNullable();
$.url = Codegen.stringProp("url").output().arg($.url).env("ACTIONS_CACHE_URL").def("").getNullable();
return $;
}
}

60
sdk/java/src/main/java/com/pulumi/dockerbuild/outputs/CacheFromGitHubActions.java generated
View File

@@ -19,25 +19,6 @@ public final class CacheFromGitHubActions {
*
*/
private @Nullable String scope;
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
private @Nullable String token;
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
private @Nullable String url;
private CacheFromGitHubActions() {}
/**
@@ -50,29 +31,6 @@ public final class CacheFromGitHubActions {
public Optional<String> scope() {
return Optional.ofNullable(this.scope);
}
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<String> token() {
return Optional.ofNullable(this.token);
}
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<String> url() {
return Optional.ofNullable(this.url);
}
public static Builder builder() {
return new Builder();
@@ -84,14 +42,10 @@ public final class CacheFromGitHubActions {
@CustomType.Builder
public static final class Builder {
private @Nullable String scope;
private @Nullable String token;
private @Nullable String url;
public Builder() {}
public Builder(CacheFromGitHubActions defaults) {
Objects.requireNonNull(defaults);
this.scope = defaults.scope;
this.token = defaults.token;
this.url = defaults.url;
}
@CustomType.Setter
@@ -100,23 +54,9 @@ public final class CacheFromGitHubActions {
this.scope = scope;
return this;
}
@CustomType.Setter
public Builder token(@Nullable String token) {
this.token = token;
return this;
}
@CustomType.Setter
public Builder url(@Nullable String url) {
this.url = url;
return this;
}
public CacheFromGitHubActions build() {
final var _resultValue = new CacheFromGitHubActions();
_resultValue.scope = scope;
_resultValue.token = token;
_resultValue.url = url;
return _resultValue;
}
}

60
sdk/java/src/main/java/com/pulumi/dockerbuild/outputs/CacheToGitHubActions.java generated
View File

@@ -31,25 +31,6 @@ public final class CacheToGitHubActions {
*
*/
private @Nullable String scope;
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
private @Nullable String token;
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
private @Nullable String url;
private CacheToGitHubActions() {}
/**
@@ -76,29 +57,6 @@ public final class CacheToGitHubActions {
public Optional<String> scope() {
return Optional.ofNullable(this.scope);
}
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<String> token() {
return Optional.ofNullable(this.token);
}
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<String> url() {
return Optional.ofNullable(this.url);
}
public static Builder builder() {
return new Builder();
@@ -112,16 +70,12 @@ public final class CacheToGitHubActions {
private @Nullable Boolean ignoreError;
private @Nullable CacheMode mode;
private @Nullable String scope;
private @Nullable String token;
private @Nullable String url;
public Builder() {}
public Builder(CacheToGitHubActions defaults) {
Objects.requireNonNull(defaults);
this.ignoreError = defaults.ignoreError;
this.mode = defaults.mode;
this.scope = defaults.scope;
this.token = defaults.token;
this.url = defaults.url;
}
@CustomType.Setter
@@ -142,25 +96,11 @@ public final class CacheToGitHubActions {
this.scope = scope;
return this;
}
@CustomType.Setter
public Builder token(@Nullable String token) {
this.token = token;
return this;
}
@CustomType.Setter
public Builder url(@Nullable String url) {
this.url = url;
return this;
}
public CacheToGitHubActions build() {
final var _resultValue = new CacheToGitHubActions();
_resultValue.ignoreError = ignoreError;
_resultValue.mode = mode;
_resultValue.scope = scope;
_resultValue.token = token;
_resultValue.url = url;
return _resultValue;
}
}

96
sdk/nodejs/image.ts generated
View File

@@ -501,7 +501,7 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--add-host` flag.
*/
public readonly addHosts!: pulumi.Output<string[] | undefined>;
declare public readonly addHosts: pulumi.Output<string[] | undefined>;
/**
* `ARG` names and values to set during the build.
*
@@ -513,7 +513,7 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--build-arg` flag.
*/
public readonly buildArgs!: pulumi.Output<{[key: string]: string} | undefined>;
declare public readonly buildArgs: pulumi.Output<{[key: string]: string} | undefined>;
/**
* Setting this to `false` will always skip image builds during previews,
* and setting it to `true` will always build images during previews.
@@ -527,35 +527,35 @@ export class Image extends pulumi.CustomResource {
* Defaults to `true` as a safeguard against broken images merging as part
* of CI pipelines.
*/
public readonly buildOnPreview!: pulumi.Output<boolean | undefined>;
declare public readonly buildOnPreview: pulumi.Output<boolean | undefined>;
/**
* Builder configuration.
*/
public readonly builder!: pulumi.Output<outputs.BuilderConfig | undefined>;
declare public readonly builder: pulumi.Output<outputs.BuilderConfig | undefined>;
/**
* Cache export configuration.
*
* Equivalent to Docker's `--cache-from` flag.
*/
public readonly cacheFrom!: pulumi.Output<outputs.CacheFrom[] | undefined>;
declare public readonly cacheFrom: pulumi.Output<outputs.CacheFrom[] | undefined>;
/**
* Cache import configuration.
*
* Equivalent to Docker's `--cache-to` flag.
*/
public readonly cacheTo!: pulumi.Output<outputs.CacheTo[] | undefined>;
declare public readonly cacheTo: pulumi.Output<outputs.CacheTo[] | undefined>;
/**
* Build context settings. Defaults to the current directory.
*
* Equivalent to Docker's `PATH | URL | -` positional argument.
*/
public readonly context!: pulumi.Output<outputs.BuildContext | undefined>;
declare public readonly context: pulumi.Output<outputs.BuildContext | undefined>;
/**
* A preliminary hash of the image's build context.
*
* Pulumi uses this to determine if an image _may_ need to be re-built.
*/
public /*out*/ readonly contextHash!: pulumi.Output<string>;
declare public /*out*/ readonly contextHash: pulumi.Output<string>;
/**
* A SHA256 digest of the image if it was exported to a registry or
* elsewhere.
@@ -565,13 +565,13 @@ export class Image extends pulumi.CustomResource {
* Registry images can be referenced precisely as `<tag>@<digest>`. The
* `ref` output provides one such reference as a convenience.
*/
public /*out*/ readonly digest!: pulumi.Output<string>;
declare public /*out*/ readonly digest: pulumi.Output<string>;
/**
* Dockerfile settings.
*
* Equivalent to Docker's `--file` flag.
*/
public readonly dockerfile!: pulumi.Output<outputs.Dockerfile | undefined>;
declare public readonly dockerfile: pulumi.Output<outputs.Dockerfile | undefined>;
/**
* Use `exec` mode to build this image.
*
@@ -594,7 +594,7 @@ export class Image extends pulumi.CustomResource {
* are temporarily written to disk in order to provide them to the
* `docker-buildx` binary.
*/
public readonly exec!: pulumi.Output<boolean | undefined>;
declare public readonly exec: pulumi.Output<boolean | undefined>;
/**
* Controls where images are persisted after building.
*
@@ -606,13 +606,13 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--output` flag.
*/
public readonly exports!: pulumi.Output<outputs.Export[] | undefined>;
declare public readonly exports: pulumi.Output<outputs.Export[] | undefined>;
/**
* Attach arbitrary key/value metadata to the image.
*
* Equivalent to Docker's `--label` flag.
*/
public readonly labels!: pulumi.Output<{[key: string]: string} | undefined>;
declare public readonly labels: pulumi.Output<{[key: string]: string} | undefined>;
/**
* When `true` the build will automatically include a `docker` export.
*
@@ -620,7 +620,7 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--load` flag.
*/
public readonly load!: pulumi.Output<boolean | undefined>;
declare public readonly load: pulumi.Output<boolean | undefined>;
/**
* Set the network mode for `RUN` instructions. Defaults to `default`.
*
@@ -628,25 +628,25 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--network` flag.
*/
public readonly network!: pulumi.Output<enums.NetworkMode | undefined>;
declare public readonly network: pulumi.Output<enums.NetworkMode | undefined>;
/**
* Do not import cache manifests when building the image.
*
* Equivalent to Docker's `--no-cache` flag.
*/
public readonly noCache!: pulumi.Output<boolean | undefined>;
declare public readonly noCache: pulumi.Output<boolean | undefined>;
/**
* Set target platform(s) for the build. Defaults to the host's platform.
*
* Equivalent to Docker's `--platform` flag.
*/
public readonly platforms!: pulumi.Output<enums.Platform[] | undefined>;
declare public readonly platforms: pulumi.Output<enums.Platform[] | undefined>;
/**
* Always pull referenced images.
*
* Equivalent to Docker's `--pull` flag.
*/
public readonly pull!: pulumi.Output<boolean | undefined>;
declare public readonly pull: pulumi.Output<boolean | undefined>;
/**
* When `true` the build will automatically include a `registry` export.
*
@@ -654,7 +654,7 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--push` flag.
*/
public readonly push!: pulumi.Output<boolean>;
declare public readonly push: pulumi.Output<boolean>;
/**
* If the image was pushed to any registries then this will contain a
* single fully-qualified tag including the build's digest.
@@ -671,7 +671,7 @@ export class Image extends pulumi.CustomResource {
* For more control over tags consumed by downstream resources you should
* use the `digest` output.
*/
public /*out*/ readonly ref!: pulumi.Output<string>;
declare public /*out*/ readonly ref: pulumi.Output<string>;
/**
* Registry credentials. Required if reading or exporting to private
* repositories.
@@ -681,7 +681,7 @@ export class Image extends pulumi.CustomResource {
*
* Similar to `docker login`.
*/
public readonly registries!: pulumi.Output<outputs.Registry[] | undefined>;
declare public readonly registries: pulumi.Output<outputs.Registry[] | undefined>;
/**
* A mapping of secret names to their corresponding values.
*
@@ -693,13 +693,13 @@ export class Image extends pulumi.CustomResource {
*
* Similar to Docker's `--secret` flag.
*/
public readonly secrets!: pulumi.Output<{[key: string]: string} | undefined>;
declare public readonly secrets: pulumi.Output<{[key: string]: string} | undefined>;
/**
* SSH agent socket or keys to expose to the build.
*
* Equivalent to Docker's `--ssh` flag.
*/
public readonly ssh!: pulumi.Output<outputs.SSH[] | undefined>;
declare public readonly ssh: pulumi.Output<outputs.SSH[] | undefined>;
/**
* Name and optionally a tag (format: `name:tag`).
*
@@ -708,7 +708,7 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--tag` flag.
*/
public readonly tags!: pulumi.Output<string[] | undefined>;
declare public readonly tags: pulumi.Output<string[] | undefined>;
/**
* Set the target build stage(s) to build.
*
@@ -716,7 +716,7 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--target` flag.
*/
public readonly target!: pulumi.Output<string | undefined>;
declare public readonly target: pulumi.Output<string | undefined>;
/**
* Create a Image resource with the given unique name, arguments, and options.
@@ -729,31 +729,31 @@ export class Image extends pulumi.CustomResource {
let resourceInputs: pulumi.Inputs = {};
opts = opts || {};
if (!opts.id) {
if ((!args || args.push === undefined) && !opts.urn) {
if (args?.push === undefined && !opts.urn) {
throw new Error("Missing required property 'push'");
}
resourceInputs["addHosts"] = args ? args.addHosts : undefined;
resourceInputs["buildArgs"] = args ? args.buildArgs : undefined;
resourceInputs["buildOnPreview"] = (args ? args.buildOnPreview : undefined) ?? true;
resourceInputs["builder"] = args ? args.builder : undefined;
resourceInputs["cacheFrom"] = args ? args.cacheFrom : undefined;
resourceInputs["cacheTo"] = args ? args.cacheTo : undefined;
resourceInputs["context"] = args ? args.context : undefined;
resourceInputs["dockerfile"] = args ? args.dockerfile : undefined;
resourceInputs["exec"] = args ? args.exec : undefined;
resourceInputs["exports"] = args ? args.exports : undefined;
resourceInputs["labels"] = args ? args.labels : undefined;
resourceInputs["load"] = args ? args.load : undefined;
resourceInputs["network"] = (args ? args.network : undefined) ?? "default";
resourceInputs["noCache"] = args ? args.noCache : undefined;
resourceInputs["platforms"] = args ? args.platforms : undefined;
resourceInputs["pull"] = args ? args.pull : undefined;
resourceInputs["push"] = args ? args.push : undefined;
resourceInputs["registries"] = args ? args.registries : undefined;
resourceInputs["secrets"] = args ? args.secrets : undefined;
resourceInputs["ssh"] = args ? args.ssh : undefined;
resourceInputs["tags"] = args ? args.tags : undefined;
resourceInputs["target"] = args ? args.target : undefined;
resourceInputs["addHosts"] = args?.addHosts;
resourceInputs["buildArgs"] = args?.buildArgs;
resourceInputs["buildOnPreview"] = (args?.buildOnPreview) ?? true;
resourceInputs["builder"] = args?.builder;
resourceInputs["cacheFrom"] = args?.cacheFrom;
resourceInputs["cacheTo"] = args?.cacheTo;
resourceInputs["context"] = args?.context;
resourceInputs["dockerfile"] = args?.dockerfile;
resourceInputs["exec"] = args?.exec;
resourceInputs["exports"] = args?.exports;
resourceInputs["labels"] = args?.labels;
resourceInputs["load"] = args?.load;
resourceInputs["network"] = (args?.network) ?? "default";
resourceInputs["noCache"] = args?.noCache;
resourceInputs["platforms"] = args?.platforms;
resourceInputs["pull"] = args?.pull;
resourceInputs["push"] = args?.push;
resourceInputs["registries"] = args?.registries;
resourceInputs["secrets"] = args?.secrets;
resourceInputs["ssh"] = args?.ssh;
resourceInputs["tags"] = args?.tags;
resourceInputs["target"] = args?.target;
resourceInputs["contextHash"] = undefined /*out*/;
resourceInputs["digest"] = undefined /*out*/;
resourceInputs["ref"] = undefined /*out*/;

22
sdk/nodejs/index_.ts generated
View File

@@ -113,27 +113,27 @@ export class Index extends pulumi.CustomResource {
*
* Defaults to `true`.
*/
public readonly push!: pulumi.Output<boolean | undefined>;
declare public readonly push: pulumi.Output<boolean | undefined>;
/**
* The pushed tag with digest.
*
* Identical to the tag if the index was not pushed.
*/
public /*out*/ readonly ref!: pulumi.Output<string>;
declare public /*out*/ readonly ref: pulumi.Output<string>;
/**
* Authentication for the registry where the tagged index will be pushed.
*
* Credentials can also be included with the provider's configuration.
*/
public readonly registry!: pulumi.Output<outputs.Registry | undefined>;
declare public readonly registry: pulumi.Output<outputs.Registry | undefined>;
/**
* Existing images to include in the index.
*/
public readonly sources!: pulumi.Output<string[]>;
declare public readonly sources: pulumi.Output<string[]>;
/**
* The tag to apply to the index.
*/
public readonly tag!: pulumi.Output<string>;
declare public readonly tag: pulumi.Output<string>;
/**
* Create a Index resource with the given unique name, arguments, and options.
@@ -146,16 +146,16 @@ export class Index extends pulumi.CustomResource {
let resourceInputs: pulumi.Inputs = {};
opts = opts || {};
if (!opts.id) {
if ((!args || args.sources === undefined) && !opts.urn) {
if (args?.sources === undefined && !opts.urn) {
throw new Error("Missing required property 'sources'");
}
if ((!args || args.tag === undefined) && !opts.urn) {
if (args?.tag === undefined && !opts.urn) {
throw new Error("Missing required property 'tag'");
}
resourceInputs["push"] = (args ? args.push : undefined) ?? true;
resourceInputs["registry"] = args ? args.registry : undefined;
resourceInputs["sources"] = args ? args.sources : undefined;
resourceInputs["tag"] = args ? args.tag : undefined;
resourceInputs["push"] = (args?.push) ?? true;
resourceInputs["registry"] = args?.registry;
resourceInputs["sources"] = args?.sources;
resourceInputs["tag"] = args?.tag;
resourceInputs["ref"] = undefined /*out*/;
} else {
resourceInputs["push"] = undefined /*out*/;

6
sdk/nodejs/provider.ts generated
View File

@@ -25,7 +25,7 @@ export class Provider extends pulumi.ProviderResource {
/**
* The build daemon's address.
*/
public readonly host!: pulumi.Output<string | undefined>;
declare public readonly host: pulumi.Output<string | undefined>;
/**
* Create a Provider resource with the given unique name, arguments, and options.
@@ -38,8 +38,8 @@ export class Provider extends pulumi.ProviderResource {
let resourceInputs: pulumi.Inputs = {};
opts = opts || {};
{
resourceInputs["host"] = (args ? args.host : undefined) ?? (utilities.getEnv("DOCKER_HOST") || "");
resourceInputs["registries"] = pulumi.output(args ? args.registries : undefined).apply(JSON.stringify);
resourceInputs["host"] = (args?.host) ?? (utilities.getEnv("DOCKER_HOST") || "");
resourceInputs["registries"] = pulumi.output(args?.registries).apply(JSON.stringify);
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(Provider.__pulumiType, name, resourceInputs, opts);

2
sdk/nodejs/tsconfig.json generated
View File

@@ -1,7 +1,7 @@
{
"compilerOptions": {
"outDir": "bin",
"target": "es2016",
"target": "ES2020",
"module": "commonjs",
"moduleResolution": "node",
"declaration": true,

50
sdk/nodejs/types/input.ts generated
View File

@@ -104,6 +104,12 @@ export interface CacheFromAzureBlobArgs {
secretAccessKey?: pulumi.Input<string>;
}
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*/
export interface CacheFromGitHubActionsArgs {
/**
* The scope to use for cache keys. Defaults to `buildkit`.
@@ -112,23 +118,6 @@ export interface CacheFromGitHubActionsArgs {
* workflow, otherwise caches will overwrite each other.
*/
scope?: pulumi.Input<string>;
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
token?: pulumi.Input<string>;
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
url?: pulumi.Input<string>;
}
/**
* cacheFromGitHubActionsArgsProvideDefaults sets the appropriate defaults for CacheFromGitHubActionsArgs
@@ -137,8 +126,6 @@ export function cacheFromGitHubActionsArgsProvideDefaults(val: CacheFromGitHubAc
return {
...val,
scope: (val.scope) ?? "buildkit",
token: (val.token) ?? (utilities.getEnv("ACTIONS_RUNTIME_TOKEN") || ""),
url: (val.url) ?? (utilities.getEnv("ACTIONS_CACHE_URL") || ""),
};
}
@@ -303,6 +290,12 @@ export function cacheToAzureBlobArgsProvideDefaults(val: CacheToAzureBlobArgs):
};
}
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*/
export interface CacheToGitHubActionsArgs {
/**
* Ignore errors caused by failed cache exports.
@@ -319,23 +312,6 @@ export interface CacheToGitHubActionsArgs {
* workflow, otherwise caches will overwrite each other.
*/
scope?: pulumi.Input<string>;
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
token?: pulumi.Input<string>;
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
url?: pulumi.Input<string>;
}
/**
* cacheToGitHubActionsArgsProvideDefaults sets the appropriate defaults for CacheToGitHubActionsArgs
@@ -346,8 +322,6 @@ export function cacheToGitHubActionsArgsProvideDefaults(val: CacheToGitHubAction
ignoreError: (val.ignoreError) ?? false,
mode: (val.mode) ?? "min",
scope: (val.scope) ?? "buildkit",
token: (val.token) ?? (utilities.getEnv("ACTIONS_RUNTIME_TOKEN") || ""),
url: (val.url) ?? (utilities.getEnv("ACTIONS_CACHE_URL") || ""),
};
}

50
sdk/nodejs/types/output.ts generated
View File

@@ -104,6 +104,12 @@ export interface CacheFromAzureBlob {
secretAccessKey?: string;
}
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*/
export interface CacheFromGitHubActions {
/**
* The scope to use for cache keys. Defaults to `buildkit`.
@@ -112,23 +118,6 @@ export interface CacheFromGitHubActions {
* workflow, otherwise caches will overwrite each other.
*/
scope?: string;
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
token?: string;
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
url?: string;
}
/**
* cacheFromGitHubActionsProvideDefaults sets the appropriate defaults for CacheFromGitHubActions
@@ -137,8 +126,6 @@ export function cacheFromGitHubActionsProvideDefaults(val: CacheFromGitHubAction
return {
...val,
scope: (val.scope) ?? "buildkit",
token: (val.token) ?? (utilities.getEnv("ACTIONS_RUNTIME_TOKEN") || ""),
url: (val.url) ?? (utilities.getEnv("ACTIONS_CACHE_URL") || ""),
};
}
@@ -303,6 +290,12 @@ export function cacheToAzureBlobProvideDefaults(val: CacheToAzureBlob): CacheToA
};
}
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*/
export interface CacheToGitHubActions {
/**
* Ignore errors caused by failed cache exports.
@@ -319,23 +312,6 @@ export interface CacheToGitHubActions {
* workflow, otherwise caches will overwrite each other.
*/
scope?: string;
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
token?: string;
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
url?: string;
}
/**
* cacheToGitHubActionsProvideDefaults sets the appropriate defaults for CacheToGitHubActions
@@ -346,8 +322,6 @@ export function cacheToGitHubActionsProvideDefaults(val: CacheToGitHubActions):
ignoreError: (val.ignoreError) ?? false,
mode: (val.mode) ?? "min",
scope: (val.scope) ?? "buildkit",
token: (val.token) ?? (utilities.getEnv("ACTIONS_RUNTIME_TOKEN") || ""),
url: (val.url) ?? (utilities.getEnv("ACTIONS_CACHE_URL") || ""),
};
}

166
sdk/python/pulumi_docker_build/_inputs.py generated
View File

@@ -281,6 +281,12 @@ class CacheFromAzureBlobArgs:
if not MYPY:
class CacheFromGitHubActionsArgsDict(TypedDict):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
"""
scope: NotRequired[pulumi.Input[_builtins.str]]
"""
The scope to use for cache keys. Defaults to `buildkit`.
@@ -288,61 +294,27 @@ if not MYPY:
This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other.
"""
token: NotRequired[pulumi.Input[_builtins.str]]
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
url: NotRequired[pulumi.Input[_builtins.str]]
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
elif False:
CacheFromGitHubActionsArgsDict: TypeAlias = Mapping[str, Any]
@pulumi.input_type
class CacheFromGitHubActionsArgs:
def __init__(__self__, *,
scope: Optional[pulumi.Input[_builtins.str]] = None,
token: Optional[pulumi.Input[_builtins.str]] = None,
url: Optional[pulumi.Input[_builtins.str]] = None):
scope: Optional[pulumi.Input[_builtins.str]] = None):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
:param pulumi.Input[_builtins.str] scope: The scope to use for cache keys. Defaults to `buildkit`.
This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other.
:param pulumi.Input[_builtins.str] token: The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
:param pulumi.Input[_builtins.str] url: The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
if scope is None:
scope = 'buildkit'
if scope is not None:
pulumi.set(__self__, "scope", scope)
if token is None:
token = (_utilities.get_env('ACTIONS_RUNTIME_TOKEN') or '')
if token is not None:
pulumi.set(__self__, "token", token)
if url is None:
url = (_utilities.get_env('ACTIONS_CACHE_URL') or '')
if url is not None:
pulumi.set(__self__, "url", url)
@_builtins.property
@pulumi.getter
@@ -359,39 +331,6 @@ class CacheFromGitHubActionsArgs:
def scope(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "scope", value)
@_builtins.property
@pulumi.getter
def token(self) -> Optional[pulumi.Input[_builtins.str]]:
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "token")
@token.setter
def token(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "token", value)
@_builtins.property
@pulumi.getter
def url(self) -> Optional[pulumi.Input[_builtins.str]]:
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "url")
@url.setter
def url(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "url", value)
if not MYPY:
class CacheFromLocalArgsDict(TypedDict):
@@ -977,6 +916,12 @@ class CacheToAzureBlobArgs:
if not MYPY:
class CacheToGitHubActionsArgsDict(TypedDict):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
"""
ignore_error: NotRequired[pulumi.Input[_builtins.bool]]
"""
Ignore errors caused by failed cache exports.
@@ -992,23 +937,6 @@ if not MYPY:
This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other.
"""
token: NotRequired[pulumi.Input[_builtins.str]]
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
url: NotRequired[pulumi.Input[_builtins.str]]
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
elif False:
CacheToGitHubActionsArgsDict: TypeAlias = Mapping[str, Any]
@@ -1017,27 +945,18 @@ class CacheToGitHubActionsArgs:
def __init__(__self__, *,
ignore_error: Optional[pulumi.Input[_builtins.bool]] = None,
mode: Optional[pulumi.Input['CacheMode']] = None,
scope: Optional[pulumi.Input[_builtins.str]] = None,
token: Optional[pulumi.Input[_builtins.str]] = None,
url: Optional[pulumi.Input[_builtins.str]] = None):
scope: Optional[pulumi.Input[_builtins.str]] = None):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
:param pulumi.Input[_builtins.bool] ignore_error: Ignore errors caused by failed cache exports.
:param pulumi.Input['CacheMode'] mode: The cache mode to use. Defaults to `min`.
:param pulumi.Input[_builtins.str] scope: The scope to use for cache keys. Defaults to `buildkit`.
This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other.
:param pulumi.Input[_builtins.str] token: The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
:param pulumi.Input[_builtins.str] url: The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
if ignore_error is None:
ignore_error = False
@@ -1051,14 +970,6 @@ class CacheToGitHubActionsArgs:
scope = 'buildkit'
if scope is not None:
pulumi.set(__self__, "scope", scope)
if token is None:
token = (_utilities.get_env('ACTIONS_RUNTIME_TOKEN') or '')
if token is not None:
pulumi.set(__self__, "token", token)
if url is None:
url = (_utilities.get_env('ACTIONS_CACHE_URL') or '')
if url is not None:
pulumi.set(__self__, "url", url)
@_builtins.property
@pulumi.getter(name="ignoreError")
@@ -1099,39 +1010,6 @@ class CacheToGitHubActionsArgs:
def scope(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "scope", value)
@_builtins.property
@pulumi.getter
def token(self) -> Optional[pulumi.Input[_builtins.str]]:
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "token")
@token.setter
def token(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "token", value)
@_builtins.property
@pulumi.getter
def url(self) -> Optional[pulumi.Input[_builtins.str]]:
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "url")
@url.setter
def url(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "url", value)
if not MYPY:
class CacheToInlineArgsDict(TypedDict):

116
sdk/python/pulumi_docker_build/outputs.py generated
View File

@@ -293,39 +293,28 @@ class CacheFromAzureBlob(dict):
@pulumi.output_type
class CacheFromGitHubActions(dict):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
"""
def __init__(__self__, *,
scope: Optional[_builtins.str] = None,
token: Optional[_builtins.str] = None,
url: Optional[_builtins.str] = None):
scope: Optional[_builtins.str] = None):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
:param _builtins.str scope: The scope to use for cache keys. Defaults to `buildkit`.
This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other.
:param _builtins.str token: The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
:param _builtins.str url: The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
if scope is None:
scope = 'buildkit'
if scope is not None:
pulumi.set(__self__, "scope", scope)
if token is None:
token = (_utilities.get_env('ACTIONS_RUNTIME_TOKEN') or '')
if token is not None:
pulumi.set(__self__, "token", token)
if url is None:
url = (_utilities.get_env('ACTIONS_CACHE_URL') or '')
if url is not None:
pulumi.set(__self__, "url", url)
@_builtins.property
@pulumi.getter
@@ -338,31 +327,6 @@ class CacheFromGitHubActions(dict):
"""
return pulumi.get(self, "scope")
@_builtins.property
@pulumi.getter
def token(self) -> Optional[_builtins.str]:
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "token")
@_builtins.property
@pulumi.getter
def url(self) -> Optional[_builtins.str]:
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "url")
@pulumi.output_type
class CacheFromLocal(dict):
@@ -784,6 +748,12 @@ class CacheToAzureBlob(dict):
@pulumi.output_type
class CacheToGitHubActions(dict):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
"""
@staticmethod
def __key_warning(key: str):
suggest = None
@@ -804,27 +774,18 @@ class CacheToGitHubActions(dict):
def __init__(__self__, *,
ignore_error: Optional[_builtins.bool] = None,
mode: Optional['CacheMode'] = None,
scope: Optional[_builtins.str] = None,
token: Optional[_builtins.str] = None,
url: Optional[_builtins.str] = None):
scope: Optional[_builtins.str] = None):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
:param _builtins.bool ignore_error: Ignore errors caused by failed cache exports.
:param 'CacheMode' mode: The cache mode to use. Defaults to `min`.
:param _builtins.str scope: The scope to use for cache keys. Defaults to `buildkit`.
This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other.
:param _builtins.str token: The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
:param _builtins.str url: The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
if ignore_error is None:
ignore_error = False
@@ -838,14 +799,6 @@ class CacheToGitHubActions(dict):
scope = 'buildkit'
if scope is not None:
pulumi.set(__self__, "scope", scope)
if token is None:
token = (_utilities.get_env('ACTIONS_RUNTIME_TOKEN') or '')
if token is not None:
pulumi.set(__self__, "token", token)
if url is None:
url = (_utilities.get_env('ACTIONS_CACHE_URL') or '')
if url is not None:
pulumi.set(__self__, "url", url)
@_builtins.property
@pulumi.getter(name="ignoreError")
@@ -874,31 +827,6 @@ class CacheToGitHubActions(dict):
"""
return pulumi.get(self, "scope")
@_builtins.property
@pulumi.getter
def token(self) -> Optional[_builtins.str]:
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "token")
@_builtins.property
@pulumi.getter
def url(self) -> Optional[_builtins.str]:
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "url")
@pulumi.output_type
class CacheToInline(dict):