Compare commits
1 Commits
update-git
...
update-git
| Author | SHA1 | Date | |
|---|---|---|---|
|
d6101a17de |
@@ -4,26 +4,23 @@ major-version: 0
|
||||
providerDefaultBranch: main
|
||||
providerVersion: github.com/pulumi/pulumi-docker-build/provider.Version
|
||||
aws: true
|
||||
modulePath: .
|
||||
gcp: true
|
||||
sdkModuleDir: sdk/go/dockerbuild
|
||||
parallel: 3
|
||||
esc:
|
||||
enabled: true
|
||||
envOverride:
|
||||
AWS_REGION: us-west-2
|
||||
PULUMI_API: "https://api.pulumi-staging.io"
|
||||
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
|
||||
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
|
||||
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
|
||||
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
|
||||
AZURE_LOCATION: westus
|
||||
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
|
||||
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
|
||||
GOOGLE_PROJECT: pulumi-ci-gcp-provider
|
||||
GOOGLE_PROJECT_NUMBER: 895284651812
|
||||
GOOGLE_REGION: us-central1
|
||||
GOOGLE_ZONE: us-central1-a
|
||||
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
AWS_REGION: us-west-2
|
||||
PULUMI_API: "https://api.pulumi-staging.io"
|
||||
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
|
||||
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
|
||||
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
|
||||
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
|
||||
AZURE_LOCATION: westus
|
||||
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
|
||||
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
|
||||
GOOGLE_PROJECT: pulumi-ci-gcp-provider
|
||||
GOOGLE_PROJECT_NUMBER: 895284651812
|
||||
GOOGLE_REGION: us-central1
|
||||
GOOGLE_ZONE: us-central1-a
|
||||
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
[[tools.dotnet]]
|
||||
version = "8.0.414"
|
||||
backend = "asdf:dotnet"
|
||||
|
||||
[[tools."github:pulumi/pulumictl"]]
|
||||
version = "0.0.50"
|
||||
backend = "github:pulumi/pulumictl"
|
||||
|
||||
[tools."github:pulumi/pulumictl".platforms.linux-x64]
|
||||
checksum = "blake3:c128dd74993f779c613296fe7cd21c20cbd323f24e59cb76e007620660b60348"
|
||||
size = 27744219
|
||||
url = "https://github.com/pulumi/pulumictl/releases/download/v0.0.50/pulumictl-v0.0.50-linux-amd64.tar.gz"
|
||||
|
||||
[[tools."github:pulumi/schema-tools"]]
|
||||
version = "0.6.0"
|
||||
backend = "github:pulumi/schema-tools"
|
||||
|
||||
[tools."github:pulumi/schema-tools".platforms.linux-x64]
|
||||
checksum = "blake3:82dfe616fee18b4258f6e3d2dc3c4e9f14afd43a0a4cc33eff2d2a04088d6ca3"
|
||||
size = 14282746
|
||||
url = "https://github.com/pulumi/schema-tools/releases/download/v0.6.0/schema-tools-v0.6.0-linux-amd64.tar.gz"
|
||||
|
||||
[[tools.go]]
|
||||
version = "1.21.13"
|
||||
backend = "core:go"
|
||||
|
||||
[[tools.gradle]]
|
||||
version = "7.6.6"
|
||||
backend = "aqua:gradle/gradle"
|
||||
|
||||
[[tools.java]]
|
||||
version = "corretto-11.0.28.6.1"
|
||||
backend = "core:java"
|
||||
|
||||
[[tools.node]]
|
||||
version = "20.19.5"
|
||||
backend = "core:node"
|
||||
|
||||
[[tools.pulumi]]
|
||||
version = "3.198.0"
|
||||
backend = "aqua:pulumi/pulumi"
|
||||
|
||||
[[tools.python]]
|
||||
version = "3.11.8"
|
||||
backend = "core:python"
|
||||
@@ -1,7 +0,0 @@
|
||||
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
|
||||
|
||||
# Overrides tool versions for test workflows
|
||||
|
||||
[tools]
|
||||
# always use pulumi latest for tests
|
||||
pulumi = "latest"
|
||||
@@ -1,26 +0,0 @@
|
||||
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
|
||||
# You can create your own root-level mise.toml file to override/augment this. See https://mise.jdx.dev/configuration.html
|
||||
|
||||
[env]
|
||||
_.source = "{{config_root}}/scripts/get-versions.sh"
|
||||
|
||||
[tools]
|
||||
|
||||
# Runtimes
|
||||
# TODO: we may not need `get_env` once https://github.com/jdx/mise/discussions/6339 is fixed
|
||||
go = "{{ get_env(name='MISE_GO_VERSION', default='latest') }}"
|
||||
node = '20'
|
||||
python = '3.11.8'
|
||||
dotnet = '8.0'
|
||||
# Corretto version used as Java SE/OpenJDK version no longer offered
|
||||
java = 'corretto-11'
|
||||
|
||||
# Executable tools
|
||||
pulumi = "{{ get_env(name='MISE_PULUMI_VERSION', default='latest') }}"
|
||||
"github:pulumi/pulumictl" = 'latest'
|
||||
"github:pulumi/schema-tools" = "latest"
|
||||
gradle = '7.6'
|
||||
|
||||
[settings]
|
||||
experimental = true # Required for Go binaries (e.g. pulumictl).
|
||||
lockfile = true
|
||||
12
.github/actions/esc-action/action.yaml
vendored
12
.github/actions/esc-action/action.yaml
vendored
@@ -1,12 +0,0 @@
|
||||
name: "Load secrets"
|
||||
description: |
|
||||
This is a temporary action which assists with our migration to ESC. Instead
|
||||
of surrounding every step that references secrets with an "if ESC" block, we
|
||||
instead modify those steps to consume their secrets from this step's outputs.
|
||||
Then, later, we can replace this action with esc-action to actually load
|
||||
secrets from ESC.
|
||||
inputs: {}
|
||||
outputs: {}
|
||||
runs:
|
||||
using: "node20"
|
||||
main: "index.js"
|
||||
14
.github/actions/esc-action/index.js
vendored
14
.github/actions/esc-action/index.js
vendored
@@ -1,14 +0,0 @@
|
||||
const fs = require("fs");
|
||||
|
||||
const file = process.env["GITHUB_OUTPUT"];
|
||||
var stream = fs.createWriteStream(file, { flags: "a" });
|
||||
|
||||
for (const [name, value] of Object.entries(process.env)) {
|
||||
try {
|
||||
stream.write(`${name}<<EEEOOOFFF\n${value}\nEEEOOOFFF\n`); // << syntax accommodates multiline strings.
|
||||
} catch (err) {
|
||||
console.log(`error: failed to set output for ${name}: ${err.message}`);
|
||||
}
|
||||
}
|
||||
|
||||
stream.end();
|
||||
235
.github/workflows/build.yml
vendored
235
.github/workflows/build.yml
vendored
@@ -15,6 +15,13 @@ on:
|
||||
- "**"
|
||||
workflow_dispatch: {}
|
||||
env:
|
||||
AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
|
||||
AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
|
||||
AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
|
||||
AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
|
||||
SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' &&
|
||||
secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID
|
||||
== '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
|
||||
PROVIDER: docker-build
|
||||
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
|
||||
TRAVIS_OS_NAME: linux
|
||||
@@ -25,10 +32,13 @@ env:
|
||||
DOTNETVERSION: "8.0.x"
|
||||
JAVAVERSION: "11"
|
||||
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
|
||||
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
|
||||
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
|
||||
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
|
||||
AWS_REGION: us-west-2
|
||||
AZURE_LOCATION: westus
|
||||
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
|
||||
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
|
||||
@@ -37,35 +47,20 @@ env:
|
||||
GOOGLE_REGION: us-central1
|
||||
GOOGLE_ZONE: us-central1-a
|
||||
PULUMI_API: https://api.pulumi-staging.io
|
||||
|
||||
jobs:
|
||||
prerequisites:
|
||||
runs-on: ubuntu-latest
|
||||
name: prerequisites
|
||||
permissions:
|
||||
id-token: write # For ESC secrets.
|
||||
pull-requests: write # For schema check comment.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -76,7 +71,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- if: github.event_name == 'pull_request'
|
||||
name: Install Schema Tools
|
||||
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
|
||||
@@ -97,7 +92,7 @@ jobs:
|
||||
echo 'EOF';
|
||||
} >> "$GITHUB_ENV"
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|
||||
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
|
||||
name: Comment on PR with Details of Schema Check
|
||||
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
|
||||
@@ -172,7 +167,7 @@ jobs:
|
||||
|
||||
# workflow. https://github.com/orgs/community/discussions/25702
|
||||
|
||||
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
env:
|
||||
HEAD_REF: ${{ github.head_ref }}
|
||||
- run: git status --porcelain
|
||||
@@ -187,15 +182,10 @@ jobs:
|
||||
path: ${{ github.workspace }}/bin/provider.tar.gz
|
||||
- name: Test Provider Library
|
||||
run: make test_provider
|
||||
env:
|
||||
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
|
||||
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
|
||||
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Upload coverage reports to Codecov
|
||||
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
|
||||
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
|
||||
env:
|
||||
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
|
||||
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
name: Notify Slack
|
||||
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
|
||||
@@ -204,7 +194,7 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
build_sdks:
|
||||
needs: prerequisites
|
||||
runs-on: pulumi-ubuntu-8core
|
||||
@@ -218,30 +208,16 @@ jobs:
|
||||
- go
|
||||
- java
|
||||
name: build_sdks
|
||||
permissions:
|
||||
pull-requests: write # For Renovate SDK updates.
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -252,32 +228,32 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
||||
with:
|
||||
node-version: ${{ env.NODEVERSION }}
|
||||
registry-url: https://registry.npmjs.org
|
||||
- name: Setup DotNet
|
||||
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
|
||||
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNETVERSION }}
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
||||
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
||||
with:
|
||||
python-version: ${{ env.PYTHONVERSION }}
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
||||
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
||||
with:
|
||||
java-version: ${{ env.JAVAVERSION }}
|
||||
distribution: temurin
|
||||
cache: gradle
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Download provider
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin
|
||||
@@ -347,7 +323,7 @@ jobs:
|
||||
|
||||
# workflow. https://github.com/orgs/community/discussions/25702
|
||||
|
||||
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
env:
|
||||
HEAD_REF: ${{ github.head_ref }}
|
||||
- run: git status --porcelain
|
||||
@@ -367,29 +343,13 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
|
||||
tag_release_if_labeled_needs_release:
|
||||
name: Tag release if labeled as needs-release
|
||||
needs: publish
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- name: check if this commit needs release
|
||||
if: ${{ env.RELEASE_BOT_ENDPOINT != '' }}
|
||||
uses: pulumi/action-release-by-pr-label@main
|
||||
@@ -397,10 +357,10 @@ jobs:
|
||||
command: "release-if-needed"
|
||||
repo: ${{ github.repository }}
|
||||
commit: ${{ github.sha }}
|
||||
slack_channel: C02MGR8JVST
|
||||
slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }}
|
||||
env:
|
||||
RELEASE_BOT_ENDPOINT: ${{ steps.esc-secrets.outputs.RELEASE_BOT_ENDPOINT }}
|
||||
RELEASE_BOT_KEY: ${{ steps.esc-secrets.outputs.RELEASE_BOT_KEY }}
|
||||
RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }}
|
||||
RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }}
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
test:
|
||||
@@ -420,28 +380,17 @@ jobs:
|
||||
name: test
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets and Pulumi access token OIDC.
|
||||
id-token: write
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -452,32 +401,32 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
||||
with:
|
||||
node-version: ${{ env.NODEVERSION }}
|
||||
registry-url: https://registry.npmjs.org
|
||||
- name: Setup DotNet
|
||||
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
|
||||
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNETVERSION }}
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
||||
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
||||
with:
|
||||
python-version: ${{ env.PYTHONVERSION }}
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
||||
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
||||
with:
|
||||
java-version: ${{ env.JAVAVERSION }}
|
||||
distribution: temurin
|
||||
cache: gradle
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Download provider
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin
|
||||
@@ -489,7 +438,7 @@ jobs:
|
||||
-exec chmod +x {} \;
|
||||
- name: Download SDK
|
||||
if: ${{ matrix.language != 'yaml' }}
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: ${{ matrix.language }}-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -523,7 +472,7 @@ jobs:
|
||||
with:
|
||||
environment: logins/pulumi-ci
|
||||
- name: Authenticate to Google Cloud
|
||||
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
|
||||
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
|
||||
with:
|
||||
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
|
||||
}}/locations/global/workloadIdentityPools/${{
|
||||
@@ -531,7 +480,7 @@ jobs:
|
||||
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
|
||||
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
|
||||
- name: Setup gcloud auth
|
||||
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
|
||||
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
|
||||
with:
|
||||
install_components: gke-gcloud-auth-plugin
|
||||
- name: Install gotestfmt
|
||||
@@ -544,8 +493,6 @@ jobs:
|
||||
set -euo pipefail
|
||||
|
||||
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
name: Notify Slack
|
||||
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
|
||||
@@ -554,35 +501,21 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
publish:
|
||||
runs-on: ubuntu-latest
|
||||
needs: test
|
||||
name: publish
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -602,27 +535,21 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
|
||||
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
|
||||
with:
|
||||
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
|
||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
aws-region: us-east-2
|
||||
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
role-duration-seconds: 7200
|
||||
role-session-name: ${{ env.PROVIDER }}@githubActions
|
||||
role-external-id: upload-pulumi-release
|
||||
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }}
|
||||
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
|
||||
- name: Run GoReleaser
|
||||
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
|
||||
env:
|
||||
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
|
||||
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
|
||||
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
|
||||
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
|
||||
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }}
|
||||
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }}
|
||||
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
with:
|
||||
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
|
||||
version: latest
|
||||
@@ -634,37 +561,23 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
publish_sdk:
|
||||
runs-on: ubuntu-latest
|
||||
needs: publish
|
||||
name: publish_sdk
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Checkout Scripts Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
path: ci-scripts
|
||||
repository: pulumi/scripts
|
||||
@@ -679,22 +592,22 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
||||
with:
|
||||
node-version: ${{ env.NODEVERSION }}
|
||||
registry-url: https://registry.npmjs.org
|
||||
- name: Setup DotNet
|
||||
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
|
||||
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNETVERSION }}
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
||||
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
||||
with:
|
||||
python-version: ${{ env.PYTHONVERSION }}
|
||||
- name: Download python SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: python-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -702,7 +615,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
|
||||
${{github.workspace}}/sdk/python
|
||||
- name: Download dotnet SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: dotnet-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -710,7 +623,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
|
||||
${{github.workspace}}/sdk/dotnet
|
||||
- name: Download nodejs SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: nodejs-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -722,16 +635,16 @@ jobs:
|
||||
- name: Publish SDKs
|
||||
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
|
||||
env:
|
||||
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }}
|
||||
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }}
|
||||
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
|
||||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||
PYPI_PUBLISH_ARTIFACTS: all
|
||||
PYPI_USERNAME: __token__
|
||||
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }}
|
||||
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }}
|
||||
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }}
|
||||
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }}
|
||||
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }}
|
||||
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }}
|
||||
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
|
||||
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
|
||||
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
|
||||
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
|
||||
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
|
||||
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
name: Notify Slack
|
||||
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
|
||||
@@ -740,12 +653,12 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
persist-credentials: false
|
||||
|
||||
22
.github/workflows/command-dispatch.yml
vendored
22
.github/workflows/command-dispatch.yml
vendored
@@ -2,10 +2,13 @@
|
||||
|
||||
env:
|
||||
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
|
||||
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
|
||||
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
|
||||
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
|
||||
AWS_REGION: us-west-2
|
||||
AZURE_LOCATION: westus
|
||||
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
|
||||
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
|
||||
@@ -14,28 +17,15 @@ env:
|
||||
GOOGLE_REGION: us-central1
|
||||
GOOGLE_ZONE: us-central1-a
|
||||
PULUMI_API: https://api.pulumi-staging.io
|
||||
|
||||
jobs:
|
||||
command-dispatch-for-testing:
|
||||
name: command-dispatch-for-testing
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
persist-credentials: false
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
persist-credentials: false
|
||||
- uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4
|
||||
with:
|
||||
commands: |
|
||||
@@ -45,7 +35,7 @@ jobs:
|
||||
permission: write
|
||||
reaction-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
repository: pulumi/pulumi-docker-build
|
||||
token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
token: ${{ secrets.PULUMI_BOT_TOKEN }}
|
||||
name: command-dispatch
|
||||
on:
|
||||
issue_comment:
|
||||
|
||||
4
.github/workflows/community-moderation.yml
vendored
4
.github/workflows/community-moderation.yml
vendored
@@ -1,12 +1,14 @@
|
||||
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
|
||||
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
jobs:
|
||||
warn_codegen:
|
||||
name: warn_codegen
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
persist-credentials: false
|
||||
- id: schema_changed
|
||||
|
||||
25
.github/workflows/export-repo-secrets.yml
vendored
25
.github/workflows/export-repo-secrets.yml
vendored
@@ -1,25 +0,0 @@
|
||||
permissions: write-all # Equivalent to default permissions plus id-token: write
|
||||
name: Export secrets to ESC
|
||||
on: [workflow_dispatch]
|
||||
jobs:
|
||||
export-to-esc:
|
||||
runs-on: ubuntu-latest
|
||||
name: export GitHub secrets to ESC
|
||||
steps:
|
||||
- name: Generate a GitHub token
|
||||
id: generate-token
|
||||
uses: actions/create-github-app-token@v1
|
||||
with:
|
||||
app-id: 1256780 # Export Secrets GitHub App
|
||||
private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }}
|
||||
- name: Export secrets to ESC
|
||||
uses: pulumi/esc-export-secrets-action@9d6485759b6adff2538ae91f1b77cc96265c9dad # v1
|
||||
with:
|
||||
organization: pulumi
|
||||
org-environment: imports/github-secrets
|
||||
exclude-secrets: EXPORT_SECRETS_PRIVATE_KEY
|
||||
github-token: ${{ steps.generate-token.outputs.token }}
|
||||
oidc-auth: true
|
||||
oidc-requested-token-type: urn:pulumi:token-type:access_token:organization
|
||||
env:
|
||||
GITHUB_SECRETS: ${{ toJSON(secrets) }}
|
||||
250
.github/workflows/prerelease.yml
vendored
250
.github/workflows/prerelease.yml
vendored
@@ -6,6 +6,13 @@ on:
|
||||
tags:
|
||||
- v*.*.*-**
|
||||
env:
|
||||
AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
|
||||
AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
|
||||
AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
|
||||
AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
|
||||
SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' &&
|
||||
secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID
|
||||
== '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
|
||||
PROVIDER: docker-build
|
||||
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
|
||||
TRAVIS_OS_NAME: linux
|
||||
@@ -16,10 +23,13 @@ env:
|
||||
DOTNETVERSION: "8.0.x"
|
||||
JAVAVERSION: "11"
|
||||
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
|
||||
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
|
||||
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
|
||||
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
|
||||
AWS_REGION: us-west-2
|
||||
AZURE_LOCATION: westus
|
||||
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
|
||||
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
|
||||
@@ -29,32 +39,20 @@ env:
|
||||
GOOGLE_ZONE: us-central1-a
|
||||
PULUMI_API: https://api.pulumi-staging.io
|
||||
IS_PRERELEASE: true
|
||||
|
||||
jobs:
|
||||
prerequisites:
|
||||
runs-on: ubuntu-latest
|
||||
name: prerequisites
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -65,7 +63,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- if: github.event_name == 'pull_request'
|
||||
name: Install Schema Tools
|
||||
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
|
||||
@@ -86,7 +84,7 @@ jobs:
|
||||
echo 'EOF';
|
||||
} >> "$GITHUB_ENV"
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|
||||
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
|
||||
name: Comment on PR with Details of Schema Check
|
||||
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
|
||||
@@ -161,7 +159,7 @@ jobs:
|
||||
|
||||
# workflow. https://github.com/orgs/community/discussions/25702
|
||||
|
||||
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
env:
|
||||
HEAD_REF: ${{ github.head_ref }}
|
||||
- run: git status --porcelain
|
||||
@@ -176,15 +174,10 @@ jobs:
|
||||
path: ${{ github.workspace }}/bin/provider.tar.gz
|
||||
- name: Test Provider Library
|
||||
run: make test_provider
|
||||
env:
|
||||
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
|
||||
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
|
||||
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Upload coverage reports to Codecov
|
||||
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
|
||||
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
|
||||
env:
|
||||
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
|
||||
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
name: Notify Slack
|
||||
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
|
||||
@@ -193,7 +186,7 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
build_sdks:
|
||||
needs: prerequisites
|
||||
runs-on: pulumi-ubuntu-8core
|
||||
@@ -207,30 +200,16 @@ jobs:
|
||||
- go
|
||||
- java
|
||||
name: build_sdks
|
||||
permissions:
|
||||
pull-requests: write # For Renovate SDK updates.
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -241,32 +220,32 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
||||
with:
|
||||
node-version: ${{ env.NODEVERSION }}
|
||||
registry-url: https://registry.npmjs.org
|
||||
- name: Setup DotNet
|
||||
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
|
||||
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNETVERSION }}
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
||||
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
||||
with:
|
||||
python-version: ${{ env.PYTHONVERSION }}
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
||||
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
||||
with:
|
||||
java-version: ${{ env.JAVAVERSION }}
|
||||
distribution: temurin
|
||||
cache: gradle
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Download provider
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin
|
||||
@@ -336,7 +315,7 @@ jobs:
|
||||
|
||||
# workflow. https://github.com/orgs/community/discussions/25702
|
||||
|
||||
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
env:
|
||||
HEAD_REF: ${{ github.head_ref }}
|
||||
- run: git status --porcelain
|
||||
@@ -355,7 +334,7 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
test:
|
||||
runs-on: pulumi-ubuntu-8core
|
||||
needs:
|
||||
@@ -373,28 +352,17 @@ jobs:
|
||||
name: test
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets and Pulumi access token OIDC.
|
||||
id-token: write
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -405,32 +373,32 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
||||
with:
|
||||
node-version: ${{ env.NODEVERSION }}
|
||||
registry-url: https://registry.npmjs.org
|
||||
- name: Setup DotNet
|
||||
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
|
||||
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNETVERSION }}
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
||||
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
||||
with:
|
||||
python-version: ${{ env.PYTHONVERSION }}
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
||||
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
||||
with:
|
||||
java-version: ${{ env.JAVAVERSION }}
|
||||
distribution: temurin
|
||||
cache: gradle
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Download provider
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin
|
||||
@@ -442,7 +410,7 @@ jobs:
|
||||
-exec chmod +x {} \;
|
||||
- name: Download SDK
|
||||
if: ${{ matrix.language != 'yaml' }}
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: ${{ matrix.language }}-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -476,7 +444,7 @@ jobs:
|
||||
with:
|
||||
environment: logins/pulumi-ci
|
||||
- name: Authenticate to Google Cloud
|
||||
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
|
||||
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
|
||||
with:
|
||||
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
|
||||
}}/locations/global/workloadIdentityPools/${{
|
||||
@@ -484,7 +452,7 @@ jobs:
|
||||
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
|
||||
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
|
||||
- name: Setup gcloud auth
|
||||
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
|
||||
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
|
||||
with:
|
||||
install_components: gke-gcloud-auth-plugin
|
||||
- name: Install gotestfmt
|
||||
@@ -497,8 +465,6 @@ jobs:
|
||||
set -euo pipefail
|
||||
|
||||
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
name: Notify Slack
|
||||
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
|
||||
@@ -507,35 +473,21 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
publish:
|
||||
runs-on: ubuntu-latest
|
||||
needs: test
|
||||
name: publish
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -555,27 +507,21 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
|
||||
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
|
||||
with:
|
||||
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
|
||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
aws-region: us-east-2
|
||||
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
role-duration-seconds: 7200
|
||||
role-session-name: ${{ env.PROVIDER }}@githubActions
|
||||
role-external-id: upload-pulumi-release
|
||||
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }}
|
||||
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
|
||||
- name: Run GoReleaser
|
||||
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
|
||||
env:
|
||||
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
|
||||
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
|
||||
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
|
||||
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
|
||||
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }}
|
||||
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }}
|
||||
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
with:
|
||||
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
|
||||
version: latest
|
||||
@@ -587,37 +533,23 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
publish_sdk:
|
||||
runs-on: ubuntu-latest
|
||||
needs: publish
|
||||
name: publish_sdk
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Checkout Scripts Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
path: ci-scripts
|
||||
repository: pulumi/scripts
|
||||
@@ -632,22 +564,22 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
||||
with:
|
||||
node-version: ${{ env.NODEVERSION }}
|
||||
registry-url: https://registry.npmjs.org
|
||||
- name: Setup DotNet
|
||||
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
|
||||
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNETVERSION }}
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
||||
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
||||
with:
|
||||
python-version: ${{ env.PYTHONVERSION }}
|
||||
- name: Download python SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: python-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -655,7 +587,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
|
||||
${{github.workspace}}/sdk/python
|
||||
- name: Download dotnet SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: dotnet-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -663,7 +595,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
|
||||
${{github.workspace}}/sdk/dotnet
|
||||
- name: Download nodejs SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: nodejs-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -675,11 +607,11 @@ jobs:
|
||||
- name: Publish SDKs
|
||||
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
|
||||
env:
|
||||
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }}
|
||||
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }}
|
||||
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
|
||||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||
PYPI_PUBLISH_ARTIFACTS: all
|
||||
PYPI_USERNAME: __token__
|
||||
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }}
|
||||
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
name: Notify Slack
|
||||
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
|
||||
@@ -688,36 +620,22 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
publish_java_sdk:
|
||||
runs-on: ubuntu-latest
|
||||
continue-on-error: true
|
||||
needs: publish
|
||||
name: publish_java_sdk
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -728,45 +646,45 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
||||
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
||||
with:
|
||||
java-version: ${{ env.JAVAVERSION }}
|
||||
distribution: temurin
|
||||
cache: gradle
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Download java SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: java-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
- name: Uncompress java SDK
|
||||
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
|
||||
${{github.workspace}}/sdk/java
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Publish Java SDK
|
||||
run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository
|
||||
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
|
||||
env:
|
||||
PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }}
|
||||
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }}
|
||||
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }}
|
||||
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }}
|
||||
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }}
|
||||
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }}
|
||||
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
|
||||
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
|
||||
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
|
||||
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
|
||||
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
|
||||
with:
|
||||
arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository
|
||||
build-root-directory: ./sdk/java
|
||||
gradle-version: 7.4.1
|
||||
publish_go_sdk:
|
||||
runs-on: ubuntu-latest
|
||||
name: publish-go-sdk
|
||||
needs: publish_sdk
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- id: version
|
||||
@@ -774,10 +692,8 @@ jobs:
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Download go SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: go-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
|
||||
30
.github/workflows/pull-request.yml
vendored
30
.github/workflows/pull-request.yml
vendored
@@ -3,14 +3,40 @@
|
||||
name: pull-request
|
||||
on:
|
||||
pull_request_target: {}
|
||||
|
||||
env:
|
||||
PROVIDER: docker-build
|
||||
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
|
||||
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
|
||||
TRAVIS_OS_NAME: linux
|
||||
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
|
||||
GOVERSION: "1.21.x"
|
||||
NODEVERSION: "20.x"
|
||||
PYTHONVERSION: "3.11.8"
|
||||
DOTNETVERSION: "8.0.x"
|
||||
JAVAVERSION: "11"
|
||||
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
|
||||
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
|
||||
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
|
||||
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
|
||||
AWS_REGION: us-west-2
|
||||
AZURE_LOCATION: westus
|
||||
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
|
||||
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
|
||||
GOOGLE_PROJECT: pulumi-ci-gcp-provider
|
||||
GOOGLE_PROJECT_NUMBER: "895284651812"
|
||||
GOOGLE_REGION: us-central1
|
||||
GOOGLE_ZONE: us-central1-a
|
||||
PULUMI_API: https://api.pulumi-staging.io
|
||||
jobs:
|
||||
comment-on-pr:
|
||||
runs-on: ubuntu-latest
|
||||
name: comment-on-pr
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- name: Comment PR
|
||||
|
||||
271
.github/workflows/release.yml
vendored
271
.github/workflows/release.yml
vendored
@@ -7,6 +7,13 @@ on:
|
||||
- v*.*.*
|
||||
- "!v*.*.*-**"
|
||||
env:
|
||||
AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
|
||||
AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
|
||||
AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
|
||||
AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
|
||||
SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' &&
|
||||
secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID
|
||||
== '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
|
||||
PROVIDER: docker-build
|
||||
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
|
||||
TRAVIS_OS_NAME: linux
|
||||
@@ -17,10 +24,13 @@ env:
|
||||
DOTNETVERSION: "8.0.x"
|
||||
JAVAVERSION: "11"
|
||||
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
|
||||
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
|
||||
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
|
||||
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
|
||||
AWS_REGION: us-west-2
|
||||
AZURE_LOCATION: westus
|
||||
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
|
||||
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
|
||||
@@ -29,35 +39,20 @@ env:
|
||||
GOOGLE_REGION: us-central1
|
||||
GOOGLE_ZONE: us-central1-a
|
||||
PULUMI_API: https://api.pulumi-staging.io
|
||||
|
||||
jobs:
|
||||
prerequisites:
|
||||
runs-on: ubuntu-latest
|
||||
name: prerequisites
|
||||
permissions:
|
||||
id-token: write # For ESC secrets.
|
||||
pull-requests: write # For schema check comment.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -68,7 +63,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- if: github.event_name == 'pull_request'
|
||||
name: Install Schema Tools
|
||||
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
|
||||
@@ -89,7 +84,7 @@ jobs:
|
||||
echo 'EOF';
|
||||
} >> "$GITHUB_ENV"
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|
||||
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
|
||||
name: Comment on PR with Details of Schema Check
|
||||
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
|
||||
@@ -164,7 +159,7 @@ jobs:
|
||||
|
||||
# workflow. https://github.com/orgs/community/discussions/25702
|
||||
|
||||
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
env:
|
||||
HEAD_REF: ${{ github.head_ref }}
|
||||
- run: git status --porcelain
|
||||
@@ -179,15 +174,10 @@ jobs:
|
||||
path: ${{ github.workspace }}/bin/provider.tar.gz
|
||||
- name: Test Provider Library
|
||||
run: make test_provider
|
||||
env:
|
||||
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
|
||||
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
|
||||
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Upload coverage reports to Codecov
|
||||
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
|
||||
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
|
||||
env:
|
||||
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
|
||||
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
name: Notify Slack
|
||||
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
|
||||
@@ -196,7 +186,7 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
build_sdks:
|
||||
needs: prerequisites
|
||||
runs-on: pulumi-ubuntu-8core
|
||||
@@ -210,30 +200,16 @@ jobs:
|
||||
- go
|
||||
- java
|
||||
name: build_sdks
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -244,32 +220,32 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
||||
with:
|
||||
node-version: ${{ env.NODEVERSION }}
|
||||
registry-url: https://registry.npmjs.org
|
||||
- name: Setup DotNet
|
||||
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
|
||||
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNETVERSION }}
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
||||
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
||||
with:
|
||||
python-version: ${{ env.PYTHONVERSION }}
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
||||
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
||||
with:
|
||||
java-version: ${{ env.JAVAVERSION }}
|
||||
distribution: temurin
|
||||
cache: gradle
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Download provider
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin
|
||||
@@ -339,7 +315,7 @@ jobs:
|
||||
|
||||
# workflow. https://github.com/orgs/community/discussions/25702
|
||||
|
||||
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
env:
|
||||
HEAD_REF: ${{ github.head_ref }}
|
||||
- run: git status --porcelain
|
||||
@@ -358,7 +334,7 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
test:
|
||||
runs-on: pulumi-ubuntu-8core
|
||||
needs:
|
||||
@@ -376,28 +352,17 @@ jobs:
|
||||
name: test
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
id-token: write
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -408,32 +373,32 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
||||
with:
|
||||
node-version: ${{ env.NODEVERSION }}
|
||||
registry-url: https://registry.npmjs.org
|
||||
- name: Setup DotNet
|
||||
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
|
||||
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNETVERSION }}
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
||||
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
||||
with:
|
||||
python-version: ${{ env.PYTHONVERSION }}
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
||||
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
||||
with:
|
||||
java-version: ${{ env.JAVAVERSION }}
|
||||
distribution: temurin
|
||||
cache: gradle
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Download provider
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin
|
||||
@@ -445,7 +410,7 @@ jobs:
|
||||
-exec chmod +x {} \;
|
||||
- name: Download SDK
|
||||
if: ${{ matrix.language != 'yaml' }}
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: ${{ matrix.language }}-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -479,7 +444,7 @@ jobs:
|
||||
with:
|
||||
environment: logins/pulumi-ci
|
||||
- name: Authenticate to Google Cloud
|
||||
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
|
||||
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
|
||||
with:
|
||||
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
|
||||
}}/locations/global/workloadIdentityPools/${{
|
||||
@@ -487,7 +452,7 @@ jobs:
|
||||
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
|
||||
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
|
||||
- name: Setup gcloud auth
|
||||
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
|
||||
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
|
||||
with:
|
||||
install_components: gke-gcloud-auth-plugin
|
||||
- name: Install gotestfmt
|
||||
@@ -500,8 +465,6 @@ jobs:
|
||||
set -euo pipefail
|
||||
|
||||
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
|
||||
env:
|
||||
GTIHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
name: Notify Slack
|
||||
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
|
||||
@@ -510,35 +473,21 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
publish:
|
||||
runs-on: ubuntu-latest
|
||||
needs: test
|
||||
name: publish
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -558,27 +507,21 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
|
||||
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
|
||||
with:
|
||||
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
|
||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
aws-region: us-east-2
|
||||
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
role-duration-seconds: 7200
|
||||
role-session-name: ${{ env.PROVIDER }}@githubActions
|
||||
role-external-id: upload-pulumi-release
|
||||
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }}
|
||||
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
|
||||
- name: Run GoReleaser
|
||||
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
|
||||
env:
|
||||
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
|
||||
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
|
||||
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
|
||||
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
|
||||
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }}
|
||||
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }}
|
||||
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
with:
|
||||
args: -p 3 release --clean --timeout 60m0s
|
||||
version: latest
|
||||
@@ -590,37 +533,23 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
publish_sdk:
|
||||
runs-on: ubuntu-latest
|
||||
needs: publish
|
||||
name: publish_sdks
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Checkout Scripts Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
path: ci-scripts
|
||||
repository: pulumi/scripts
|
||||
@@ -635,22 +564,22 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
||||
with:
|
||||
node-version: ${{ env.NODEVERSION }}
|
||||
registry-url: https://registry.npmjs.org
|
||||
- name: Setup DotNet
|
||||
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
|
||||
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNETVERSION }}
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
||||
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
||||
with:
|
||||
python-version: ${{ env.PYTHONVERSION }}
|
||||
- name: Download python SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: python-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -658,7 +587,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
|
||||
${{github.workspace}}/sdk/python
|
||||
- name: Download dotnet SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: dotnet-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -666,7 +595,7 @@ jobs:
|
||||
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
|
||||
${{github.workspace}}/sdk/dotnet
|
||||
- name: Download nodejs SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: nodejs-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -678,11 +607,11 @@ jobs:
|
||||
- name: Publish SDKs
|
||||
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
|
||||
env:
|
||||
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }}
|
||||
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }}
|
||||
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
|
||||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||
PYPI_PUBLISH_ARTIFACTS: all
|
||||
PYPI_USERNAME: __token__
|
||||
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }}
|
||||
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
name: Notify Slack
|
||||
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
|
||||
@@ -691,36 +620,22 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
publish_java_sdk:
|
||||
runs-on: ubuntu-latest
|
||||
continue-on-error: true
|
||||
needs: publish
|
||||
name: publish_java_sdk
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -731,45 +646,45 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
||||
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
||||
with:
|
||||
java-version: ${{ env.JAVAVERSION }}
|
||||
distribution: temurin
|
||||
cache: gradle
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Download java SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: java-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
- name: Uncompress java SDK
|
||||
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
|
||||
${{github.workspace}}/sdk/java
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Publish Java SDK
|
||||
run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository
|
||||
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
|
||||
env:
|
||||
PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }}
|
||||
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }}
|
||||
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }}
|
||||
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }}
|
||||
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }}
|
||||
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }}
|
||||
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
|
||||
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
|
||||
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
|
||||
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
|
||||
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
|
||||
with:
|
||||
arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository
|
||||
build-root-directory: ./sdk/java
|
||||
gradle-version: 7.4.1
|
||||
publish_go_sdk:
|
||||
runs-on: ubuntu-latest
|
||||
name: publish-go-sdk
|
||||
needs: publish_sdk
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- id: version
|
||||
@@ -777,10 +692,8 @@ jobs:
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Download go SDK
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: go-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -800,23 +713,7 @@ jobs:
|
||||
dispatch_docs_build:
|
||||
runs-on: ubuntu-latest
|
||||
needs: publish_go_sdk
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- name: Install pulumictl
|
||||
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
|
||||
with:
|
||||
@@ -825,5 +722,5 @@ jobs:
|
||||
run: pulumictl create docs-build pulumi-${{ env.PROVIDER }}
|
||||
"${GITHUB_REF#refs/tags/}"
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|
||||
name: dispatch_docs_build
|
||||
|
||||
19
.github/workflows/release_command.yml
vendored
19
.github/workflows/release_command.yml
vendored
@@ -11,18 +11,9 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
persist-credentials: false
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
persist-credentials: false
|
||||
- name: Should release PR
|
||||
uses: pulumi/action-release-by-pr-label@main
|
||||
with:
|
||||
@@ -30,10 +21,10 @@ jobs:
|
||||
repo: ${{ github.repository }}
|
||||
pr: ${{ github.event.client_payload.pull_request.number }}
|
||||
version: ${{ github.event.client_payload.slash_command.args.all }}
|
||||
slack_channel: ${{ steps.esc-secrets.outputs.RELEASE_OPS_STAGING_SLACK_CHANNEL }}
|
||||
slack_channel: ${{ secrets.RELEASE_OPS_STAGING_SLACK_CHANNEL }}
|
||||
env:
|
||||
RELEASE_BOT_ENDPOINT: ${{ steps.esc-secrets.outputs.RELEASE_BOT_ENDPOINT }}
|
||||
RELEASE_BOT_KEY: ${{ steps.esc-secrets.outputs.RELEASE_BOT_KEY }}
|
||||
RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }}
|
||||
RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }}
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- if: failure()
|
||||
name: Notify failure
|
||||
|
||||
141
.github/workflows/run-acceptance-tests.yml
vendored
141
.github/workflows/run-acceptance-tests.yml
vendored
@@ -20,10 +20,13 @@ env:
|
||||
DOTNETVERSION: "8.0.x"
|
||||
JAVAVERSION: "11"
|
||||
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
|
||||
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
|
||||
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
|
||||
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
|
||||
AWS_REGION: us-west-2
|
||||
AZURE_LOCATION: westus
|
||||
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
|
||||
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
|
||||
@@ -35,16 +38,9 @@ env:
|
||||
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
|
||||
jobs:
|
||||
comment-notification:
|
||||
if: github.event_name == 'repository_dispatch'
|
||||
runs-on: ubuntu-latest
|
||||
name: comment-notification
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
with:
|
||||
lfs: true
|
||||
persist-credentials: false
|
||||
ref: ${{ env.PR_COMMIT_SHA }}
|
||||
- name: Create URL to the run output
|
||||
id: vars
|
||||
run: echo
|
||||
@@ -53,39 +49,26 @@ jobs:
|
||||
- name: Update with Result
|
||||
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
token: ${{ secrets.PULUMI_BOT_TOKEN }}
|
||||
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
|
||||
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
|
||||
body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}"
|
||||
if: github.event_name == 'repository_dispatch'
|
||||
prerequisites:
|
||||
runs-on: ubuntu-latest
|
||||
name: prerequisites
|
||||
permissions:
|
||||
id-token: write # For ESC secrets.
|
||||
pull-requests: write # For schema check comment.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
persist-credentials: false
|
||||
ref: ${{ env.PR_COMMIT_SHA }}
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
ref: ${{ env.PR_COMMIT_SHA }}
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -96,7 +79,7 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- if: github.event_name == 'pull_request'
|
||||
name: Install Schema Tools
|
||||
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
|
||||
@@ -117,7 +100,7 @@ jobs:
|
||||
echo 'EOF';
|
||||
} >> "$GITHUB_ENV"
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|
||||
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
|
||||
name: Comment on PR with Details of Schema Check
|
||||
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
|
||||
@@ -192,7 +175,7 @@ jobs:
|
||||
|
||||
# workflow. https://github.com/orgs/community/discussions/25702
|
||||
|
||||
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
env:
|
||||
HEAD_REF: ${{ github.head_ref }}
|
||||
- run: git status --porcelain
|
||||
@@ -207,15 +190,10 @@ jobs:
|
||||
path: ${{ github.workspace }}/bin/provider.tar.gz
|
||||
- name: Test Provider Library
|
||||
run: make test_provider
|
||||
env:
|
||||
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
|
||||
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
|
||||
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Upload coverage reports to Codecov
|
||||
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
|
||||
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
|
||||
env:
|
||||
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
|
||||
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
name: Notify Slack
|
||||
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
|
||||
@@ -224,7 +202,7 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
if: github.event_name == 'repository_dispatch' ||
|
||||
github.event.pull_request.head.repo.full_name == github.repository
|
||||
build_sdks:
|
||||
@@ -240,32 +218,18 @@ jobs:
|
||||
- go
|
||||
- java
|
||||
name: build_sdks
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # For ESC secrets.
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
persist-credentials: false
|
||||
ref: ${{ env.PR_COMMIT_SHA }}
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
ref: ${{ env.PR_COMMIT_SHA }}
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -276,32 +240,32 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
||||
with:
|
||||
node-version: ${{ env.NODEVERSION }}
|
||||
registry-url: https://registry.npmjs.org
|
||||
- name: Setup DotNet
|
||||
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
|
||||
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNETVERSION }}
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
||||
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
||||
with:
|
||||
python-version: ${{ env.PYTHONVERSION }}
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
||||
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
||||
with:
|
||||
java-version: ${{ env.JAVAVERSION }}
|
||||
distribution: temurin
|
||||
cache: gradle
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Download provider
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin
|
||||
@@ -370,7 +334,7 @@ jobs:
|
||||
|
||||
# workflow. https://github.com/orgs/community/discussions/25702
|
||||
|
||||
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
|
||||
env:
|
||||
HEAD_REF: ${{ github.head_ref }}
|
||||
- run: git status --porcelain
|
||||
@@ -390,7 +354,7 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
if: github.event_name == 'repository_dispatch' ||
|
||||
github.event.pull_request.head.repo.full_name == github.repository
|
||||
test:
|
||||
@@ -413,27 +377,16 @@ jobs:
|
||||
id-token: write
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
persist-credentials: false
|
||||
ref: ${{ env.PR_COMMIT_SHA }}
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
ref: ${{ env.PR_COMMIT_SHA }}
|
||||
- id: version
|
||||
name: Set Provider Version
|
||||
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
|
||||
with:
|
||||
set-env: PROVIDER_VERSION
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -444,32 +397,32 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
||||
with:
|
||||
node-version: ${{ env.NODEVERSION }}
|
||||
registry-url: https://registry.npmjs.org
|
||||
- name: Setup DotNet
|
||||
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
|
||||
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNETVERSION }}
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
||||
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
||||
with:
|
||||
python-version: ${{ env.PYTHONVERSION }}
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
||||
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
|
||||
with:
|
||||
java-version: ${{ env.JAVAVERSION }}
|
||||
distribution: temurin
|
||||
cache: gradle
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Download provider
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
|
||||
path: ${{ github.workspace }}/bin
|
||||
@@ -481,7 +434,7 @@ jobs:
|
||||
-exec chmod +x {} \;
|
||||
- name: Download SDK
|
||||
if: ${{ matrix.language != 'yaml' }}
|
||||
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
||||
with:
|
||||
name: ${{ matrix.language }}-sdk.tar.gz
|
||||
path: ${{ github.workspace}}/sdk/
|
||||
@@ -515,7 +468,7 @@ jobs:
|
||||
with:
|
||||
environment: logins/pulumi-ci
|
||||
- name: Authenticate to Google Cloud
|
||||
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
|
||||
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
|
||||
with:
|
||||
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
|
||||
}}/locations/global/workloadIdentityPools/${{
|
||||
@@ -523,7 +476,7 @@ jobs:
|
||||
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
|
||||
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
|
||||
- name: Setup gcloud auth
|
||||
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
|
||||
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
|
||||
with:
|
||||
install_components: gke-gcloud-auth-plugin
|
||||
- name: Install gotestfmt
|
||||
@@ -536,8 +489,6 @@ jobs:
|
||||
set -euo pipefail
|
||||
|
||||
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- if: failure() && github.event_name == 'push'
|
||||
name: Notify Slack
|
||||
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
|
||||
@@ -546,28 +497,13 @@ jobs:
|
||||
fields: repo,commit,author,action
|
||||
status: ${{ job.status }}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
||||
if: github.event_name == 'repository_dispatch' ||
|
||||
github.event.pull_request.head.repo.full_name == github.repository
|
||||
sentinel:
|
||||
runs-on: ubuntu-latest
|
||||
name: sentinel
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
with:
|
||||
lfs: true
|
||||
persist-credentials: false
|
||||
ref: ${{ env.PR_COMMIT_SHA }}
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
- name: Mark workflow as successful
|
||||
uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13
|
||||
with:
|
||||
@@ -578,7 +514,6 @@ jobs:
|
||||
sha: ${{ github.event.pull_request.head.sha || github.sha }}
|
||||
permissions:
|
||||
statuses: write
|
||||
id-token: write # For ESC secrets.
|
||||
if: github.event_name == 'repository_dispatch' ||
|
||||
github.event.pull_request.head.repo.full_name == github.repository
|
||||
needs:
|
||||
@@ -589,7 +524,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
persist-credentials: false
|
||||
|
||||
38
.github/workflows/weekly-pulumi-update.yml
vendored
38
.github/workflows/weekly-pulumi-update.yml
vendored
@@ -17,10 +17,13 @@ env:
|
||||
DOTNETVERSION: "8.0.x"
|
||||
JAVAVERSION: "11"
|
||||
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
|
||||
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
|
||||
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
|
||||
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
|
||||
AWS_REGION: us-west-2
|
||||
AZURE_LOCATION: westus
|
||||
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
|
||||
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
|
||||
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
|
||||
@@ -29,25 +32,14 @@ env:
|
||||
GOOGLE_REGION: us-central1
|
||||
GOOGLE_ZONE: us-central1-a
|
||||
PULUMI_API: https://api.pulumi-staging.io
|
||||
|
||||
jobs:
|
||||
weekly-pulumi-update:
|
||||
runs-on: ubuntu-latest
|
||||
permissions: write-all
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
with:
|
||||
lfs: true
|
||||
- env:
|
||||
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
|
||||
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
|
||||
ESC_ACTION_OIDC_AUTH: "true"
|
||||
ESC_ACTION_OIDC_ORGANIZATION: pulumi
|
||||
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
|
||||
id: esc-secrets
|
||||
name: Fetch secrets from ESC
|
||||
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
|
||||
lfs: true
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
||||
with:
|
||||
@@ -58,30 +50,20 @@ jobs:
|
||||
with:
|
||||
repo: pulumi/pulumictl
|
||||
- name: Install Pulumi CLI
|
||||
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
|
||||
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
|
||||
- name: Setup DotNet
|
||||
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
|
||||
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNETVERSION }}
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
||||
with:
|
||||
node-version: ${{ env.NODEVERSION }}
|
||||
registry-url: https://registry.npmjs.org
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
||||
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
||||
with:
|
||||
python-version: ${{ env.PYTHONVERSION }}
|
||||
- name: Setup Java
|
||||
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
|
||||
with:
|
||||
java-version: ${{ env.JAVAVERSION }}
|
||||
distribution: temurin
|
||||
cache: gradle
|
||||
- name: Setup Gradle
|
||||
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
|
||||
with:
|
||||
gradle-version: "7.6"
|
||||
- name: Update Pulumi/Pulumi
|
||||
id: gomod
|
||||
run: >-
|
||||
@@ -140,5 +122,5 @@ jobs:
|
||||
|
||||
gh pr create -t "$msg" -b "$msg" --head "$(git branch --show-current)"
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
|
||||
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
|
||||
name: weekly-pulumi-update
|
||||
|
||||
@@ -1 +1 @@
|
||||
3.192.0
|
||||
3.187.0
|
||||
|
||||
@@ -1,15 +1,9 @@
|
||||
## Unreleased
|
||||
|
||||
## 0.0.13 (2025-08-27)
|
||||
|
||||
### Changed
|
||||
|
||||
- Docker Build Cloud and `exec` errors are more helpful. (https://github.com/pulumi/pulumi-docker-build/issues/549)
|
||||
|
||||
### Fixed
|
||||
|
||||
- The provider is no longer replaced on version changes. (https://github.com/pulumi/pulumi-docker-build/issues/581)
|
||||
|
||||
## 0.0.12 (2025-05-16)
|
||||
|
||||
### Changed
|
||||
|
||||
@@ -6,7 +6,7 @@ toolchain go1.24.5
|
||||
|
||||
require (
|
||||
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.192.0
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.187.0
|
||||
)
|
||||
|
||||
require (
|
||||
@@ -62,7 +62,7 @@ require (
|
||||
github.com/pkg/errors v0.9.1 // indirect
|
||||
github.com/pkg/term v1.1.0 // indirect
|
||||
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect
|
||||
github.com/pulumi/esc v0.17.0 // indirect
|
||||
github.com/pulumi/esc v0.14.3 // indirect
|
||||
github.com/rivo/uniseg v0.4.7 // indirect
|
||||
github.com/rogpeppe/go-internal v1.14.1 // indirect
|
||||
github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect
|
||||
|
||||
@@ -159,12 +159,12 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
|
||||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0=
|
||||
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE=
|
||||
github.com/pulumi/esc v0.17.0 h1:oaVOIyFTENlYDuqc3pW75lQT9jb2cd6ie/4/Twxn66w=
|
||||
github.com/pulumi/esc v0.17.0/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc=
|
||||
github.com/pulumi/esc v0.14.3 h1:Zli+9LiSDT/W+Fsfr8tITxCo+5wn969tLrE4KLv44G8=
|
||||
github.com/pulumi/esc v0.14.3/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc=
|
||||
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12 h1:uzmw+0iic764m0Yvh4I/jRV1x3q49dVh5Ctq9RllsQ8=
|
||||
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12/go.mod h1:6zFMe786NvFDO03BVJwdw1R/Yms4F6vAU49iBHo8zbQ=
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.192.0 h1:sfHuR3P02wSbV3xdSMEQ0+uC/HzlMz0YfKrVAXy1hSQ=
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.192.0/go.mod h1:aV0+c5xpSYccWKmOjTZS9liYCqh7+peu3cQgSXu7CJw=
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.187.0 h1:BflBBeD/qaoKN4Tov11g4aHzJ7pTXBSb8otgmteRer0=
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.187.0/go.mod h1:BnpKxUc6QlxqoCqobHNZsUuIuY27H6ZFUk0Cp+0JN5U=
|
||||
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
|
||||
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
|
||||
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
|
||||
|
||||
@@ -181,9 +181,8 @@ func TestConfig(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
test := integration.ProgramTestOptions{
|
||||
Dir: path.Join(cwd, "tests", "config"),
|
||||
Dependencies: []string{"@pulumi/docker-build"},
|
||||
SkipEmptyPreviewUpdate: true,
|
||||
Dir: path.Join(cwd, "tests", "config"),
|
||||
Dependencies: []string{"@pulumi/docker-build"},
|
||||
}
|
||||
|
||||
integration.ProgramTest(t, &test)
|
||||
|
||||
6
go.mod
6
go.mod
@@ -16,14 +16,14 @@ require (
|
||||
github.com/otiai10/copy v1.14.0
|
||||
github.com/pulumi/providertest v0.3.1
|
||||
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef
|
||||
github.com/pulumi/pulumi-go-provider v1.1.1
|
||||
github.com/pulumi/pulumi-go-provider v1.1.0
|
||||
github.com/pulumi/pulumi-java/pkg v1.16.0
|
||||
github.com/pulumi/pulumi-yaml v1.21.2
|
||||
github.com/pulumi/pulumi/pkg/v3 v3.192.0
|
||||
github.com/pulumi/pulumi/pkg/v3 v3.187.0
|
||||
github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815
|
||||
github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815
|
||||
github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.192.0
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.187.0
|
||||
github.com/regclient/regclient v0.7.1
|
||||
github.com/sirupsen/logrus v1.9.3
|
||||
github.com/spf13/afero v1.14.0
|
||||
|
||||
12
go.sum
12
go.sum
@@ -896,22 +896,22 @@ github.com/pulumi/providertest v0.3.1 h1:vlftr7TZlObh81mL88IhhF0/9ZbLrZZos4NAvR4
|
||||
github.com/pulumi/providertest v0.3.1/go.mod h1:fFHUP4/9DRyYnHWiRnwcynMtM/a7hHR/QcJfcuZKO3A=
|
||||
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef h1:cxRa9R9To6OYKacIG2Em6zcM7BDNr6joC43uiV1lSVY=
|
||||
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef/go.mod h1:VLcnE1lj92EfRi7CRMzdPkQ9OQvrlg2upJM1lBZzNmg=
|
||||
github.com/pulumi/pulumi-go-provider v1.1.1 h1:4UT3LeNT9CdGhkq8OSWKJsmKTW9Tg+vsfOO/hsFVyb4=
|
||||
github.com/pulumi/pulumi-go-provider v1.1.1/go.mod h1:3lNIuxT/BArFyiKrVfv+UT7gMMtplss7V69KuBZ4zIk=
|
||||
github.com/pulumi/pulumi-go-provider v1.1.0 h1:TNrLoQ7LrT6Z2xPbspJKXE3pKZsz+pCVo62zKFGxjBI=
|
||||
github.com/pulumi/pulumi-go-provider v1.1.0/go.mod h1:bWvFWytb2ULBefjDW/YG+GcjHbzVojwtl1RW5afMvR0=
|
||||
github.com/pulumi/pulumi-java/pkg v1.16.0 h1:8KCiIXWv2uxfIks0SdgOezyXg4HZIoPfHID9eMg4nuM=
|
||||
github.com/pulumi/pulumi-java/pkg v1.16.0/go.mod h1:VeMZ1s9LfXBypao4A1tRF3EB7fYnYZ1LwImyg6FBX0c=
|
||||
github.com/pulumi/pulumi-yaml v1.21.2 h1:czqC5AazinfX6Bj0nqAAQ6x/Cr8/3oUz3HUjJg6tJ4o=
|
||||
github.com/pulumi/pulumi-yaml v1.21.2/go.mod h1:KOqDnuJksfIq8belFVFN3IEI4r0NgW69M0QPSj54On4=
|
||||
github.com/pulumi/pulumi/pkg/v3 v3.192.0 h1:gZRMPaNpW+VN3ng3h9r8De8wI0keWC9fIP0rcUDatMA=
|
||||
github.com/pulumi/pulumi/pkg/v3 v3.192.0/go.mod h1:+Zp3EzjzGW4PlcW8oITZgeOfFzIVbLWvHtUVixvGQcs=
|
||||
github.com/pulumi/pulumi/pkg/v3 v3.187.0 h1:VTbireKCxG/wKPX3slHNb3Zk3xKMr5CvcvjH8194H2I=
|
||||
github.com/pulumi/pulumi/pkg/v3 v3.187.0/go.mod h1:3y5nyMg62dd+DBzYW/P4d+Ye9pJ/zhJd+aGzMzfUL1g=
|
||||
github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:tipGG4aEPejP424igQYxJ6TOtWVtZJa0z679oIv00ho=
|
||||
github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:V2MMs29cFeGBdZyFKxNqTGVfBgDLhIOGfrXOxheieuI=
|
||||
github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:+QJTFK7UcOFTYCg3XaSTrRZHWJ6Hqza8w9oADa4pPcM=
|
||||
github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:0kA9b5LsaXLEKQzo0o9UUsHtZkACthHYLyBVUDUVMxc=
|
||||
github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:bkvtySMos0ij3fWZWZaU5sVrvGvU0dZCusoxpgEtX6I=
|
||||
github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:SJtr0N/XFyelI7M7U0UbJXr15pgEdSmpN40cglTsRTA=
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.192.0 h1:sfHuR3P02wSbV3xdSMEQ0+uC/HzlMz0YfKrVAXy1hSQ=
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.192.0/go.mod h1:aV0+c5xpSYccWKmOjTZS9liYCqh7+peu3cQgSXu7CJw=
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.187.0 h1:BflBBeD/qaoKN4Tov11g4aHzJ7pTXBSb8otgmteRer0=
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.187.0/go.mod h1:BnpKxUc6QlxqoCqobHNZsUuIuY27H6ZFUk0Cp+0JN5U=
|
||||
github.com/quasilyte/go-ruleguard v0.4.2 h1:htXcXDK6/rO12kiTHKfHuqR4kr3Y4M0J0rOL6CH/BYs=
|
||||
github.com/quasilyte/go-ruleguard v0.4.2/go.mod h1:GJLgqsLeo4qgavUoL8JeGFNS7qcisx3awV/w9eWTmNI=
|
||||
github.com/quasilyte/go-ruleguard/dsl v0.3.22 h1:wd8zkOhSNr+I+8Qeciml08ivDt1pSXe60+5DqOpCjPE=
|
||||
|
||||
19
mise.toml
Normal file
19
mise.toml
Normal file
@@ -0,0 +1,19 @@
|
||||
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
|
||||
|
||||
[tools]
|
||||
|
||||
# Runtimes
|
||||
go = '1.21'
|
||||
node = '20'
|
||||
python = '3.11.8'
|
||||
dotnet = '8.0'
|
||||
# Corretto version used as Java SE/OpenJDK version no longer offered
|
||||
java = 'corretto-11'
|
||||
|
||||
# Executable tools
|
||||
pulumi = 'latest'
|
||||
"go:github.com/pulumi/pulumictl/cmd/pulumictl" = 'latest'
|
||||
gradle = '7.6'
|
||||
|
||||
[settings]
|
||||
experimental = true # Required for Go binaries (e.g. pulumictl).
|
||||
@@ -1,50 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# This script can be simplified to use go when https://github.com/jdx/mise/discussions/6374 is fixed
|
||||
# e.g. go list -m -f '{{.GoVersion}}'
|
||||
|
||||
module_path="github.com/pulumi/pulumi/pkg/v3"
|
||||
gomod="./go.mod"
|
||||
|
||||
if [[ ! -f "$gomod" ]]; then
|
||||
echo "missing $gomod" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
raw_version=$(awk -v module="$module_path" '
|
||||
$1 == module || $2 == module {
|
||||
for (i = 1; i <= NF; i++) {
|
||||
if ($i ~ /^v[0-9]/) {
|
||||
sub(/^v/, "", $i)
|
||||
print $i
|
||||
exit
|
||||
}
|
||||
}
|
||||
}
|
||||
' "$gomod")
|
||||
|
||||
if [[ -z "${raw_version:-}" ]]; then
|
||||
echo "failed to determine Pulumi version from $gomod" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "MISE_PULUMI_VERSION=$raw_version"
|
||||
export MISE_PULUMI_VERSION=$raw_version
|
||||
|
||||
# Prefer the toolchain directive if present, otherwise fall back to the `go` version line
|
||||
go_toolchain=$(awk '/^toolchain[[:space:]]+go[0-9]/{ print $2; exit }' "$gomod")
|
||||
|
||||
if [[ -n "${go_toolchain:-}" ]]; then
|
||||
go_version=${go_toolchain#go}
|
||||
else
|
||||
go_version=$(awk '/^go[[:space:]]+[0-9]/{ print $2; exit }' "$gomod")
|
||||
fi
|
||||
|
||||
if [[ -z "${go_version:-}" ]]; then
|
||||
echo "failed to determine Go version from $gomod" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "MISE_GO_VERSION=$go_version"
|
||||
export MISE_GO_VERSION=$go_version
|
||||
2
sdk/go/dockerbuild/go.mod
generated
2
sdk/go/dockerbuild/go.mod
generated
@@ -4,7 +4,7 @@ go 1.24.1
|
||||
|
||||
require (
|
||||
github.com/blang/semver v3.5.1+incompatible
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.192.0
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.187.0
|
||||
)
|
||||
|
||||
require (
|
||||
|
||||
4
sdk/go/dockerbuild/go.sum
generated
4
sdk/go/dockerbuild/go.sum
generated
@@ -164,8 +164,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435
|
||||
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE=
|
||||
github.com/pulumi/esc v0.17.0 h1:oaVOIyFTENlYDuqc3pW75lQT9jb2cd6ie/4/Twxn66w=
|
||||
github.com/pulumi/esc v0.17.0/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc=
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.192.0 h1:sfHuR3P02wSbV3xdSMEQ0+uC/HzlMz0YfKrVAXy1hSQ=
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.192.0/go.mod h1:aV0+c5xpSYccWKmOjTZS9liYCqh7+peu3cQgSXu7CJw=
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.187.0 h1:BflBBeD/qaoKN4Tov11g4aHzJ7pTXBSb8otgmteRer0=
|
||||
github.com/pulumi/pulumi/sdk/v3 v3.187.0/go.mod h1:BnpKxUc6QlxqoCqobHNZsUuIuY27H6ZFUk0Cp+0JN5U=
|
||||
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
|
||||
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
|
||||
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
|
||||
|
||||
96
sdk/nodejs/image.ts
generated
96
sdk/nodejs/image.ts
generated
@@ -501,7 +501,7 @@ export class Image extends pulumi.CustomResource {
|
||||
*
|
||||
* Equivalent to Docker's `--add-host` flag.
|
||||
*/
|
||||
declare public readonly addHosts: pulumi.Output<string[] | undefined>;
|
||||
public readonly addHosts!: pulumi.Output<string[] | undefined>;
|
||||
/**
|
||||
* `ARG` names and values to set during the build.
|
||||
*
|
||||
@@ -513,7 +513,7 @@ export class Image extends pulumi.CustomResource {
|
||||
*
|
||||
* Equivalent to Docker's `--build-arg` flag.
|
||||
*/
|
||||
declare public readonly buildArgs: pulumi.Output<{[key: string]: string} | undefined>;
|
||||
public readonly buildArgs!: pulumi.Output<{[key: string]: string} | undefined>;
|
||||
/**
|
||||
* Setting this to `false` will always skip image builds during previews,
|
||||
* and setting it to `true` will always build images during previews.
|
||||
@@ -527,35 +527,35 @@ export class Image extends pulumi.CustomResource {
|
||||
* Defaults to `true` as a safeguard against broken images merging as part
|
||||
* of CI pipelines.
|
||||
*/
|
||||
declare public readonly buildOnPreview: pulumi.Output<boolean | undefined>;
|
||||
public readonly buildOnPreview!: pulumi.Output<boolean | undefined>;
|
||||
/**
|
||||
* Builder configuration.
|
||||
*/
|
||||
declare public readonly builder: pulumi.Output<outputs.BuilderConfig | undefined>;
|
||||
public readonly builder!: pulumi.Output<outputs.BuilderConfig | undefined>;
|
||||
/**
|
||||
* Cache export configuration.
|
||||
*
|
||||
* Equivalent to Docker's `--cache-from` flag.
|
||||
*/
|
||||
declare public readonly cacheFrom: pulumi.Output<outputs.CacheFrom[] | undefined>;
|
||||
public readonly cacheFrom!: pulumi.Output<outputs.CacheFrom[] | undefined>;
|
||||
/**
|
||||
* Cache import configuration.
|
||||
*
|
||||
* Equivalent to Docker's `--cache-to` flag.
|
||||
*/
|
||||
declare public readonly cacheTo: pulumi.Output<outputs.CacheTo[] | undefined>;
|
||||
public readonly cacheTo!: pulumi.Output<outputs.CacheTo[] | undefined>;
|
||||
/**
|
||||
* Build context settings. Defaults to the current directory.
|
||||
*
|
||||
* Equivalent to Docker's `PATH | URL | -` positional argument.
|
||||
*/
|
||||
declare public readonly context: pulumi.Output<outputs.BuildContext | undefined>;
|
||||
public readonly context!: pulumi.Output<outputs.BuildContext | undefined>;
|
||||
/**
|
||||
* A preliminary hash of the image's build context.
|
||||
*
|
||||
* Pulumi uses this to determine if an image _may_ need to be re-built.
|
||||
*/
|
||||
declare public /*out*/ readonly contextHash: pulumi.Output<string>;
|
||||
public /*out*/ readonly contextHash!: pulumi.Output<string>;
|
||||
/**
|
||||
* A SHA256 digest of the image if it was exported to a registry or
|
||||
* elsewhere.
|
||||
@@ -565,13 +565,13 @@ export class Image extends pulumi.CustomResource {
|
||||
* Registry images can be referenced precisely as `<tag>@<digest>`. The
|
||||
* `ref` output provides one such reference as a convenience.
|
||||
*/
|
||||
declare public /*out*/ readonly digest: pulumi.Output<string>;
|
||||
public /*out*/ readonly digest!: pulumi.Output<string>;
|
||||
/**
|
||||
* Dockerfile settings.
|
||||
*
|
||||
* Equivalent to Docker's `--file` flag.
|
||||
*/
|
||||
declare public readonly dockerfile: pulumi.Output<outputs.Dockerfile | undefined>;
|
||||
public readonly dockerfile!: pulumi.Output<outputs.Dockerfile | undefined>;
|
||||
/**
|
||||
* Use `exec` mode to build this image.
|
||||
*
|
||||
@@ -594,7 +594,7 @@ export class Image extends pulumi.CustomResource {
|
||||
* are temporarily written to disk in order to provide them to the
|
||||
* `docker-buildx` binary.
|
||||
*/
|
||||
declare public readonly exec: pulumi.Output<boolean | undefined>;
|
||||
public readonly exec!: pulumi.Output<boolean | undefined>;
|
||||
/**
|
||||
* Controls where images are persisted after building.
|
||||
*
|
||||
@@ -606,13 +606,13 @@ export class Image extends pulumi.CustomResource {
|
||||
*
|
||||
* Equivalent to Docker's `--output` flag.
|
||||
*/
|
||||
declare public readonly exports: pulumi.Output<outputs.Export[] | undefined>;
|
||||
public readonly exports!: pulumi.Output<outputs.Export[] | undefined>;
|
||||
/**
|
||||
* Attach arbitrary key/value metadata to the image.
|
||||
*
|
||||
* Equivalent to Docker's `--label` flag.
|
||||
*/
|
||||
declare public readonly labels: pulumi.Output<{[key: string]: string} | undefined>;
|
||||
public readonly labels!: pulumi.Output<{[key: string]: string} | undefined>;
|
||||
/**
|
||||
* When `true` the build will automatically include a `docker` export.
|
||||
*
|
||||
@@ -620,7 +620,7 @@ export class Image extends pulumi.CustomResource {
|
||||
*
|
||||
* Equivalent to Docker's `--load` flag.
|
||||
*/
|
||||
declare public readonly load: pulumi.Output<boolean | undefined>;
|
||||
public readonly load!: pulumi.Output<boolean | undefined>;
|
||||
/**
|
||||
* Set the network mode for `RUN` instructions. Defaults to `default`.
|
||||
*
|
||||
@@ -628,25 +628,25 @@ export class Image extends pulumi.CustomResource {
|
||||
*
|
||||
* Equivalent to Docker's `--network` flag.
|
||||
*/
|
||||
declare public readonly network: pulumi.Output<enums.NetworkMode | undefined>;
|
||||
public readonly network!: pulumi.Output<enums.NetworkMode | undefined>;
|
||||
/**
|
||||
* Do not import cache manifests when building the image.
|
||||
*
|
||||
* Equivalent to Docker's `--no-cache` flag.
|
||||
*/
|
||||
declare public readonly noCache: pulumi.Output<boolean | undefined>;
|
||||
public readonly noCache!: pulumi.Output<boolean | undefined>;
|
||||
/**
|
||||
* Set target platform(s) for the build. Defaults to the host's platform.
|
||||
*
|
||||
* Equivalent to Docker's `--platform` flag.
|
||||
*/
|
||||
declare public readonly platforms: pulumi.Output<enums.Platform[] | undefined>;
|
||||
public readonly platforms!: pulumi.Output<enums.Platform[] | undefined>;
|
||||
/**
|
||||
* Always pull referenced images.
|
||||
*
|
||||
* Equivalent to Docker's `--pull` flag.
|
||||
*/
|
||||
declare public readonly pull: pulumi.Output<boolean | undefined>;
|
||||
public readonly pull!: pulumi.Output<boolean | undefined>;
|
||||
/**
|
||||
* When `true` the build will automatically include a `registry` export.
|
||||
*
|
||||
@@ -654,7 +654,7 @@ export class Image extends pulumi.CustomResource {
|
||||
*
|
||||
* Equivalent to Docker's `--push` flag.
|
||||
*/
|
||||
declare public readonly push: pulumi.Output<boolean>;
|
||||
public readonly push!: pulumi.Output<boolean>;
|
||||
/**
|
||||
* If the image was pushed to any registries then this will contain a
|
||||
* single fully-qualified tag including the build's digest.
|
||||
@@ -671,7 +671,7 @@ export class Image extends pulumi.CustomResource {
|
||||
* For more control over tags consumed by downstream resources you should
|
||||
* use the `digest` output.
|
||||
*/
|
||||
declare public /*out*/ readonly ref: pulumi.Output<string>;
|
||||
public /*out*/ readonly ref!: pulumi.Output<string>;
|
||||
/**
|
||||
* Registry credentials. Required if reading or exporting to private
|
||||
* repositories.
|
||||
@@ -681,7 +681,7 @@ export class Image extends pulumi.CustomResource {
|
||||
*
|
||||
* Similar to `docker login`.
|
||||
*/
|
||||
declare public readonly registries: pulumi.Output<outputs.Registry[] | undefined>;
|
||||
public readonly registries!: pulumi.Output<outputs.Registry[] | undefined>;
|
||||
/**
|
||||
* A mapping of secret names to their corresponding values.
|
||||
*
|
||||
@@ -693,13 +693,13 @@ export class Image extends pulumi.CustomResource {
|
||||
*
|
||||
* Similar to Docker's `--secret` flag.
|
||||
*/
|
||||
declare public readonly secrets: pulumi.Output<{[key: string]: string} | undefined>;
|
||||
public readonly secrets!: pulumi.Output<{[key: string]: string} | undefined>;
|
||||
/**
|
||||
* SSH agent socket or keys to expose to the build.
|
||||
*
|
||||
* Equivalent to Docker's `--ssh` flag.
|
||||
*/
|
||||
declare public readonly ssh: pulumi.Output<outputs.SSH[] | undefined>;
|
||||
public readonly ssh!: pulumi.Output<outputs.SSH[] | undefined>;
|
||||
/**
|
||||
* Name and optionally a tag (format: `name:tag`).
|
||||
*
|
||||
@@ -708,7 +708,7 @@ export class Image extends pulumi.CustomResource {
|
||||
*
|
||||
* Equivalent to Docker's `--tag` flag.
|
||||
*/
|
||||
declare public readonly tags: pulumi.Output<string[] | undefined>;
|
||||
public readonly tags!: pulumi.Output<string[] | undefined>;
|
||||
/**
|
||||
* Set the target build stage(s) to build.
|
||||
*
|
||||
@@ -716,7 +716,7 @@ export class Image extends pulumi.CustomResource {
|
||||
*
|
||||
* Equivalent to Docker's `--target` flag.
|
||||
*/
|
||||
declare public readonly target: pulumi.Output<string | undefined>;
|
||||
public readonly target!: pulumi.Output<string | undefined>;
|
||||
|
||||
/**
|
||||
* Create a Image resource with the given unique name, arguments, and options.
|
||||
@@ -729,31 +729,31 @@ export class Image extends pulumi.CustomResource {
|
||||
let resourceInputs: pulumi.Inputs = {};
|
||||
opts = opts || {};
|
||||
if (!opts.id) {
|
||||
if (args?.push === undefined && !opts.urn) {
|
||||
if ((!args || args.push === undefined) && !opts.urn) {
|
||||
throw new Error("Missing required property 'push'");
|
||||
}
|
||||
resourceInputs["addHosts"] = args?.addHosts;
|
||||
resourceInputs["buildArgs"] = args?.buildArgs;
|
||||
resourceInputs["buildOnPreview"] = (args?.buildOnPreview) ?? true;
|
||||
resourceInputs["builder"] = args?.builder;
|
||||
resourceInputs["cacheFrom"] = args?.cacheFrom;
|
||||
resourceInputs["cacheTo"] = args?.cacheTo;
|
||||
resourceInputs["context"] = args?.context;
|
||||
resourceInputs["dockerfile"] = args?.dockerfile;
|
||||
resourceInputs["exec"] = args?.exec;
|
||||
resourceInputs["exports"] = args?.exports;
|
||||
resourceInputs["labels"] = args?.labels;
|
||||
resourceInputs["load"] = args?.load;
|
||||
resourceInputs["network"] = (args?.network) ?? "default";
|
||||
resourceInputs["noCache"] = args?.noCache;
|
||||
resourceInputs["platforms"] = args?.platforms;
|
||||
resourceInputs["pull"] = args?.pull;
|
||||
resourceInputs["push"] = args?.push;
|
||||
resourceInputs["registries"] = args?.registries;
|
||||
resourceInputs["secrets"] = args?.secrets;
|
||||
resourceInputs["ssh"] = args?.ssh;
|
||||
resourceInputs["tags"] = args?.tags;
|
||||
resourceInputs["target"] = args?.target;
|
||||
resourceInputs["addHosts"] = args ? args.addHosts : undefined;
|
||||
resourceInputs["buildArgs"] = args ? args.buildArgs : undefined;
|
||||
resourceInputs["buildOnPreview"] = (args ? args.buildOnPreview : undefined) ?? true;
|
||||
resourceInputs["builder"] = args ? args.builder : undefined;
|
||||
resourceInputs["cacheFrom"] = args ? args.cacheFrom : undefined;
|
||||
resourceInputs["cacheTo"] = args ? args.cacheTo : undefined;
|
||||
resourceInputs["context"] = args ? args.context : undefined;
|
||||
resourceInputs["dockerfile"] = args ? args.dockerfile : undefined;
|
||||
resourceInputs["exec"] = args ? args.exec : undefined;
|
||||
resourceInputs["exports"] = args ? args.exports : undefined;
|
||||
resourceInputs["labels"] = args ? args.labels : undefined;
|
||||
resourceInputs["load"] = args ? args.load : undefined;
|
||||
resourceInputs["network"] = (args ? args.network : undefined) ?? "default";
|
||||
resourceInputs["noCache"] = args ? args.noCache : undefined;
|
||||
resourceInputs["platforms"] = args ? args.platforms : undefined;
|
||||
resourceInputs["pull"] = args ? args.pull : undefined;
|
||||
resourceInputs["push"] = args ? args.push : undefined;
|
||||
resourceInputs["registries"] = args ? args.registries : undefined;
|
||||
resourceInputs["secrets"] = args ? args.secrets : undefined;
|
||||
resourceInputs["ssh"] = args ? args.ssh : undefined;
|
||||
resourceInputs["tags"] = args ? args.tags : undefined;
|
||||
resourceInputs["target"] = args ? args.target : undefined;
|
||||
resourceInputs["contextHash"] = undefined /*out*/;
|
||||
resourceInputs["digest"] = undefined /*out*/;
|
||||
resourceInputs["ref"] = undefined /*out*/;
|
||||
|
||||
22
sdk/nodejs/index_.ts
generated
22
sdk/nodejs/index_.ts
generated
@@ -113,27 +113,27 @@ export class Index extends pulumi.CustomResource {
|
||||
*
|
||||
* Defaults to `true`.
|
||||
*/
|
||||
declare public readonly push: pulumi.Output<boolean | undefined>;
|
||||
public readonly push!: pulumi.Output<boolean | undefined>;
|
||||
/**
|
||||
* The pushed tag with digest.
|
||||
*
|
||||
* Identical to the tag if the index was not pushed.
|
||||
*/
|
||||
declare public /*out*/ readonly ref: pulumi.Output<string>;
|
||||
public /*out*/ readonly ref!: pulumi.Output<string>;
|
||||
/**
|
||||
* Authentication for the registry where the tagged index will be pushed.
|
||||
*
|
||||
* Credentials can also be included with the provider's configuration.
|
||||
*/
|
||||
declare public readonly registry: pulumi.Output<outputs.Registry | undefined>;
|
||||
public readonly registry!: pulumi.Output<outputs.Registry | undefined>;
|
||||
/**
|
||||
* Existing images to include in the index.
|
||||
*/
|
||||
declare public readonly sources: pulumi.Output<string[]>;
|
||||
public readonly sources!: pulumi.Output<string[]>;
|
||||
/**
|
||||
* The tag to apply to the index.
|
||||
*/
|
||||
declare public readonly tag: pulumi.Output<string>;
|
||||
public readonly tag!: pulumi.Output<string>;
|
||||
|
||||
/**
|
||||
* Create a Index resource with the given unique name, arguments, and options.
|
||||
@@ -146,16 +146,16 @@ export class Index extends pulumi.CustomResource {
|
||||
let resourceInputs: pulumi.Inputs = {};
|
||||
opts = opts || {};
|
||||
if (!opts.id) {
|
||||
if (args?.sources === undefined && !opts.urn) {
|
||||
if ((!args || args.sources === undefined) && !opts.urn) {
|
||||
throw new Error("Missing required property 'sources'");
|
||||
}
|
||||
if (args?.tag === undefined && !opts.urn) {
|
||||
if ((!args || args.tag === undefined) && !opts.urn) {
|
||||
throw new Error("Missing required property 'tag'");
|
||||
}
|
||||
resourceInputs["push"] = (args?.push) ?? true;
|
||||
resourceInputs["registry"] = args?.registry;
|
||||
resourceInputs["sources"] = args?.sources;
|
||||
resourceInputs["tag"] = args?.tag;
|
||||
resourceInputs["push"] = (args ? args.push : undefined) ?? true;
|
||||
resourceInputs["registry"] = args ? args.registry : undefined;
|
||||
resourceInputs["sources"] = args ? args.sources : undefined;
|
||||
resourceInputs["tag"] = args ? args.tag : undefined;
|
||||
resourceInputs["ref"] = undefined /*out*/;
|
||||
} else {
|
||||
resourceInputs["push"] = undefined /*out*/;
|
||||
|
||||
6
sdk/nodejs/provider.ts
generated
6
sdk/nodejs/provider.ts
generated
@@ -25,7 +25,7 @@ export class Provider extends pulumi.ProviderResource {
|
||||
/**
|
||||
* The build daemon's address.
|
||||
*/
|
||||
declare public readonly host: pulumi.Output<string | undefined>;
|
||||
public readonly host!: pulumi.Output<string | undefined>;
|
||||
|
||||
/**
|
||||
* Create a Provider resource with the given unique name, arguments, and options.
|
||||
@@ -38,8 +38,8 @@ export class Provider extends pulumi.ProviderResource {
|
||||
let resourceInputs: pulumi.Inputs = {};
|
||||
opts = opts || {};
|
||||
{
|
||||
resourceInputs["host"] = (args?.host) ?? (utilities.getEnv("DOCKER_HOST") || "");
|
||||
resourceInputs["registries"] = pulumi.output(args?.registries).apply(JSON.stringify);
|
||||
resourceInputs["host"] = (args ? args.host : undefined) ?? (utilities.getEnv("DOCKER_HOST") || "");
|
||||
resourceInputs["registries"] = pulumi.output(args ? args.registries : undefined).apply(JSON.stringify);
|
||||
}
|
||||
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
|
||||
super(Provider.__pulumiType, name, resourceInputs, opts);
|
||||
|
||||
2
sdk/nodejs/tsconfig.json
generated
2
sdk/nodejs/tsconfig.json
generated
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"compilerOptions": {
|
||||
"outDir": "bin",
|
||||
"target": "ES2020",
|
||||
"target": "es2016",
|
||||
"module": "commonjs",
|
||||
"moduleResolution": "node",
|
||||
"declaration": true,
|
||||
|
||||
Reference in New Issue
Block a user