sam_oneal/pulumi-docker-build
1
0
Fork 0
Code Actions Packages Releases Wiki Activity

Compare commits

base: sam_oneal:update-github-actions-workflows-970
Branches Tags
sam_oneal:main sam_oneal:debug-image sam_oneal:renovate/major-pulumi sam_oneal:renovate/security sam_oneal:update-pulumi/26579044728-128 sam_oneal:update-pulumi/26229658565-127 sam_oneal:renovate/major-security sam_oneal:update-pulumi/25497905451-125 sam_oneal:update-github-actions-workflows-1172 sam_oneal:update-pulumi/24511459645-122 sam_oneal:update-pulumi/24191344757-121 sam_oneal:update-pulumi/23901444046-120 sam_oneal:update-pulumi/23595431521-119 sam_oneal:update-pulumi/23295872936-118 sam_oneal:update-github-actions-workflows-704 sam_oneal:update-pulumi/23002983312-117 sam_oneal:update-pulumi/22718886647-116 sam_oneal:update-github-actions-workflows-1114 sam_oneal:update-pulumi/22442999542-115 sam_oneal:update-pulumi/22182641498-114 sam_oneal:update-github-actions-workflows-1092 sam_oneal:update-pulumi/21947465199-113 sam_oneal:iwahhbe/update-dotnet-codegen sam_oneal:update-pulumi/21712281897-112 sam_oneal:update-github-actions-workflows-642 sam_oneal:update-pulumi/21478933959-111 sam_oneal:update-pulumi/21249204200-110 sam_oneal:update-pulumi/21031979833-109 sam_oneal:update-pulumi/20817484855-108 sam_oneal:update-pulumi/20638879280-107 sam_oneal:update-pulumi/20505377620-106 sam_oneal:update-pulumi/20337605127-105 sam_oneal:update-github-actions-workflows-1025 sam_oneal:update-github-actions-workflows-1024 sam_oneal:update-github-actions-workflows-568 sam_oneal:update-github-actions-workflows-1023 sam_oneal:update-github-actions-workflows-1022 sam_oneal:update-github-actions-workflows-1021 sam_oneal:update-github-actions-workflows-1020 sam_oneal:update-github-actions-workflows-1019 sam_oneal:update-pulumi/20133762954-104 sam_oneal:update-github-actions-workflows-1016 sam_oneal:update-github-actions-workflows-1015 sam_oneal:update-github-actions-workflows-1014 sam_oneal:update-github-actions-workflows-1013 sam_oneal:update-github-actions-workflows-1012 sam_oneal:update-github-actions-workflows-1011 sam_oneal:update-pulumi/19929659171-103 sam_oneal:update-github-actions-workflows-1010 sam_oneal:update-github-actions-workflows-1009 sam_oneal:update-github-actions-workflows-1008 sam_oneal:update-github-actions-workflows-1007 sam_oneal:update-github-actions-workflows-1006 sam_oneal:update-github-actions-workflows-1005 sam_oneal:update-github-actions-workflows-1004 sam_oneal:update-github-actions-workflows-1003 sam_oneal:update-pulumi/19736920399-102 sam_oneal:update-github-actions-workflows-1002 sam_oneal:update-github-actions-workflows-1001 sam_oneal:update-github-actions-workflows-1000 sam_oneal:update-pulumi/19537526118-101 sam_oneal:update-pulumi/19332198478-100 sam_oneal:update-github-actions-workflows-985 sam_oneal:update-github-actions-workflows-984 sam_oneal:update-github-actions-workflows-983 sam_oneal:pose/fixes/golangci-lint-upgrade-to-v2 sam_oneal:update-github-actions-workflows-982 sam_oneal:update-github-actions-workflows-981 sam_oneal:update-pulumi/19136291852-99 sam_oneal:update-github-actions-workflows-980 sam_oneal:update-github-actions-workflows-979 sam_oneal:update-github-actions-workflows-978 sam_oneal:update-github-actions-workflows-977 sam_oneal:update-github-actions-workflows-976 sam_oneal:update-github-actions-workflows-975 sam_oneal:update-github-actions-workflows-974 sam_oneal:update-pulumi/18941265690-98 sam_oneal:update-github-actions-workflows-973 sam_oneal:update-github-actions-workflows-972 sam_oneal:update-github-actions-workflows-971 sam_oneal:update-github-actions-workflows-970 sam_oneal:update-github-actions-workflows-969 sam_oneal:update-github-actions-workflows-965 sam_oneal:update-pulumi/18748991289-97 sam_oneal:update-pulumi/18561908881-96 sam_oneal:update-pulumi/18376962578-95 sam_oneal:update-pulumi/18193512866-94 sam_oneal:update-github-actions-workflows-552 sam_oneal:update-github-actions-workflows-548 sam_oneal:update-github-actions-workflows-546 sam_oneal:update-pulumi/18008090346-93 sam_oneal:update-pulumi/17829264550-92 sam_oneal:update-pulumi/17645108435-91 sam_oneal:update-github-actions-workflows-920 sam_oneal:update-github-actions-workflows-913 sam_oneal:update-github-actions-workflows-912 sam_oneal:update-github-actions-workflows-911 sam_oneal:update-github-actions-workflows-910 sam_oneal:update-pulumi/17296416183-89 sam_oneal:update-pulumi/17127477815-88 sam_oneal:update-github-actions-workflows-889 sam_oneal:update-github-actions-workflows-493 sam_oneal:blampe/json-keys sam_oneal:update-pulumi/16497427062-83 sam_oneal:blampe/go-provider-bracket sam_oneal:update-github-actions-workflows-784 sam_oneal:update-pulumi/14642101166-70 sam_oneal:adopt-ci-mgmt sam_oneal:mise sam_oneal:blampe/gha-token sam_oneal:iwahbe/upgrade-go-provider sam_oneal:ci
sam_oneal:v0.0.19 sam_oneal:sdk/go/dockerbuild/v0.0.18 sam_oneal:v0.0.18 sam_oneal:sdk/go/dockerbuild/v0.0.17 sam_oneal:v0.0.17 sam_oneal:sdk/go/dockerbuild/v0.0.16 sam_oneal:v0.0.16 sam_oneal:sdk/go/dockerbuild/v0.0.15 sam_oneal:v0.0.15 sam_oneal:sdk/go/dockerbuild/v0.0.14 sam_oneal:v0.0.14 sam_oneal:sdk/go/dockerbuild/v0.0.13 sam_oneal:v0.0.13 sam_oneal:sdk/go/dockerbuild/v0.0.12 sam_oneal:v0.0.12 sam_oneal:sdk/go/dockerbuild/v0.0.11 sam_oneal:v0.0.11 sam_oneal:sdk/go/dockerbuild/v0.0.10 sam_oneal:v0.0.10 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.99 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.100 sam_oneal:v0.0.1-alpha.100 sam_oneal:v0.0.1-testwindows.signing sam_oneal:sdk/go/dockerbuild/v0.0.9 sam_oneal:v0.0.9 sam_oneal:sdk/go/dockerbuild/v0.0.8 sam_oneal:v0.0.8 sam_oneal:sdk/go/dockerbuild/v0.0.7 sam_oneal:v0.0.7 sam_oneal:sdk/go/dockerbuild/v0.0.6 sam_oneal:v0.0.6 sam_oneal:sdk/go/dockerbuild/v0.0.5 sam_oneal:v0.0.5 sam_oneal:sdk/go/dockerbuild/v0.0.4 sam_oneal:v0.0.4 sam_oneal:sdk/go/dockerbuild/v0.0.3 sam_oneal:sdk/v0.0.3 sam_oneal:v0.0.3 sam_oneal:v0.0.2 sam_oneal:sdk/v0.0.2 sam_oneal:sdk/v0.0.1 sam_oneal:v0.0.1 sam_oneal:v0.0.1-alpha.3 sam_oneal:v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.1 sam_oneal:v0.0.1-alpha.1
..
compare: sam_oneal:update-github-actions-workflows-910
Branches Tags
sam_oneal:debug-image sam_oneal:renovate/major-pulumi sam_oneal:renovate/security sam_oneal:main sam_oneal:update-pulumi/26579044728-128 sam_oneal:update-pulumi/26229658565-127 sam_oneal:renovate/major-security sam_oneal:update-pulumi/25497905451-125 sam_oneal:update-github-actions-workflows-1172 sam_oneal:update-pulumi/24511459645-122 sam_oneal:update-pulumi/24191344757-121 sam_oneal:update-pulumi/23901444046-120 sam_oneal:update-pulumi/23595431521-119 sam_oneal:update-pulumi/23295872936-118 sam_oneal:update-github-actions-workflows-704 sam_oneal:update-pulumi/23002983312-117 sam_oneal:update-pulumi/22718886647-116 sam_oneal:update-github-actions-workflows-1114 sam_oneal:update-pulumi/22442999542-115 sam_oneal:update-pulumi/22182641498-114 sam_oneal:update-github-actions-workflows-1092 sam_oneal:update-pulumi/21947465199-113 sam_oneal:iwahhbe/update-dotnet-codegen sam_oneal:update-pulumi/21712281897-112 sam_oneal:update-github-actions-workflows-642 sam_oneal:update-pulumi/21478933959-111 sam_oneal:update-pulumi/21249204200-110 sam_oneal:update-pulumi/21031979833-109 sam_oneal:update-pulumi/20817484855-108 sam_oneal:update-pulumi/20638879280-107 sam_oneal:update-pulumi/20505377620-106 sam_oneal:update-pulumi/20337605127-105 sam_oneal:update-github-actions-workflows-1025 sam_oneal:update-github-actions-workflows-1024 sam_oneal:update-github-actions-workflows-568 sam_oneal:update-github-actions-workflows-1023 sam_oneal:update-github-actions-workflows-1022 sam_oneal:update-github-actions-workflows-1021 sam_oneal:update-github-actions-workflows-1020 sam_oneal:update-github-actions-workflows-1019 sam_oneal:update-pulumi/20133762954-104 sam_oneal:update-github-actions-workflows-1016 sam_oneal:update-github-actions-workflows-1015 sam_oneal:update-github-actions-workflows-1014 sam_oneal:update-github-actions-workflows-1013 sam_oneal:update-github-actions-workflows-1012 sam_oneal:update-github-actions-workflows-1011 sam_oneal:update-pulumi/19929659171-103 sam_oneal:update-github-actions-workflows-1010 sam_oneal:update-github-actions-workflows-1009 sam_oneal:update-github-actions-workflows-1008 sam_oneal:update-github-actions-workflows-1007 sam_oneal:update-github-actions-workflows-1006 sam_oneal:update-github-actions-workflows-1005 sam_oneal:update-github-actions-workflows-1004 sam_oneal:update-github-actions-workflows-1003 sam_oneal:update-pulumi/19736920399-102 sam_oneal:update-github-actions-workflows-1002 sam_oneal:update-github-actions-workflows-1001 sam_oneal:update-github-actions-workflows-1000 sam_oneal:update-pulumi/19537526118-101 sam_oneal:update-pulumi/19332198478-100 sam_oneal:update-github-actions-workflows-985 sam_oneal:update-github-actions-workflows-984 sam_oneal:update-github-actions-workflows-983 sam_oneal:pose/fixes/golangci-lint-upgrade-to-v2 sam_oneal:update-github-actions-workflows-982 sam_oneal:update-github-actions-workflows-981 sam_oneal:update-pulumi/19136291852-99 sam_oneal:update-github-actions-workflows-980 sam_oneal:update-github-actions-workflows-979 sam_oneal:update-github-actions-workflows-978 sam_oneal:update-github-actions-workflows-977 sam_oneal:update-github-actions-workflows-976 sam_oneal:update-github-actions-workflows-975 sam_oneal:update-github-actions-workflows-974 sam_oneal:update-pulumi/18941265690-98 sam_oneal:update-github-actions-workflows-973 sam_oneal:update-github-actions-workflows-972 sam_oneal:update-github-actions-workflows-971 sam_oneal:update-github-actions-workflows-970 sam_oneal:update-github-actions-workflows-969 sam_oneal:update-github-actions-workflows-965 sam_oneal:update-pulumi/18748991289-97 sam_oneal:update-pulumi/18561908881-96 sam_oneal:update-pulumi/18376962578-95 sam_oneal:update-pulumi/18193512866-94 sam_oneal:update-github-actions-workflows-552 sam_oneal:update-github-actions-workflows-548 sam_oneal:update-github-actions-workflows-546 sam_oneal:update-pulumi/18008090346-93 sam_oneal:update-pulumi/17829264550-92 sam_oneal:update-pulumi/17645108435-91 sam_oneal:update-github-actions-workflows-920 sam_oneal:update-github-actions-workflows-913 sam_oneal:update-github-actions-workflows-912 sam_oneal:update-github-actions-workflows-911 sam_oneal:update-github-actions-workflows-910 sam_oneal:update-pulumi/17296416183-89 sam_oneal:update-pulumi/17127477815-88 sam_oneal:update-github-actions-workflows-889 sam_oneal:update-github-actions-workflows-493 sam_oneal:blampe/json-keys sam_oneal:update-pulumi/16497427062-83 sam_oneal:blampe/go-provider-bracket sam_oneal:update-github-actions-workflows-784 sam_oneal:update-pulumi/14642101166-70 sam_oneal:adopt-ci-mgmt sam_oneal:mise sam_oneal:blampe/gha-token sam_oneal:iwahbe/upgrade-go-provider sam_oneal:ci
sam_oneal:v0.0.19 sam_oneal:sdk/go/dockerbuild/v0.0.18 sam_oneal:v0.0.18 sam_oneal:sdk/go/dockerbuild/v0.0.17 sam_oneal:v0.0.17 sam_oneal:sdk/go/dockerbuild/v0.0.16 sam_oneal:v0.0.16 sam_oneal:sdk/go/dockerbuild/v0.0.15 sam_oneal:v0.0.15 sam_oneal:sdk/go/dockerbuild/v0.0.14 sam_oneal:v0.0.14 sam_oneal:sdk/go/dockerbuild/v0.0.13 sam_oneal:v0.0.13 sam_oneal:sdk/go/dockerbuild/v0.0.12 sam_oneal:v0.0.12 sam_oneal:sdk/go/dockerbuild/v0.0.11 sam_oneal:v0.0.11 sam_oneal:sdk/go/dockerbuild/v0.0.10 sam_oneal:v0.0.10 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.99 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.100 sam_oneal:v0.0.1-alpha.100 sam_oneal:v0.0.1-testwindows.signing sam_oneal:sdk/go/dockerbuild/v0.0.9 sam_oneal:v0.0.9 sam_oneal:sdk/go/dockerbuild/v0.0.8 sam_oneal:v0.0.8 sam_oneal:sdk/go/dockerbuild/v0.0.7 sam_oneal:v0.0.7 sam_oneal:sdk/go/dockerbuild/v0.0.6 sam_oneal:v0.0.6 sam_oneal:sdk/go/dockerbuild/v0.0.5 sam_oneal:v0.0.5 sam_oneal:sdk/go/dockerbuild/v0.0.4 sam_oneal:v0.0.4 sam_oneal:sdk/go/dockerbuild/v0.0.3 sam_oneal:sdk/v0.0.3 sam_oneal:v0.0.3 sam_oneal:v0.0.2 sam_oneal:sdk/v0.0.2 sam_oneal:sdk/v0.0.1 sam_oneal:v0.0.1 sam_oneal:v0.0.1-alpha.3 sam_oneal:v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.1 sam_oneal:v0.0.1-alpha.1

1 Commits
update-git ... update-git

Author SHA1 Message Date
Pulumi Bot
613dffd366 [internal] Update GitHub Actions workflow files 2025-09-01 05:35:15 +00:00
52 changed files with 1611 additions and 1571 deletions
Expand all files Collapse all files

35
.ci-mgmt.yaml
View File

@@ -4,26 +4,23 @@ major-version: 0
providerDefaultBranch: main
providerVersion: github.com/pulumi/pulumi-docker-build/provider.Version
aws: true
modulePath: .
gcp: true
sdkModuleDir: sdk/go/dockerbuild
parallel: 3
esc:
enabled: true
envOverride:
AWS_REGION: us-west-2
PULUMI_API: "https://api.pulumi-staging.io"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
AWS_REGION: us-west-2
PULUMI_API: "https://api.pulumi-staging.io"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}

87
.config/mise.lock
View File

@@ -1,87 +0,0 @@
[[tools.dotnet]]
version = "8.0.414"
backend = "asdf:dotnet"
[[tools."github:pulumi/pulumictl"]]
version = "0.0.50"
backend = "github:pulumi/pulumictl"
[tools."github:pulumi/pulumictl".platforms.linux-x64]
checksum = "blake3:c128dd74993f779c613296fe7cd21c20cbd323f24e59cb76e007620660b60348"
name = "pulumictl-v0.0.50-linux-amd64.tar.gz"
size = 27744219
url = "https://github.com/pulumi/pulumictl/releases/download/v0.0.50/pulumictl-v0.0.50-linux-amd64.tar.gz"
url_api = ""
[[tools."github:pulumi/schema-tools"]]
version = "0.6.0"
backend = "github:pulumi/schema-tools"
[tools."github:pulumi/schema-tools".platforms.linux-x64]
checksum = "blake3:82dfe616fee18b4258f6e3d2dc3c4e9f14afd43a0a4cc33eff2d2a04088d6ca3"
name = "schema-tools-v0.6.0-linux-amd64.tar.gz"
size = 14282746
url = "https://github.com/pulumi/schema-tools/releases/download/v0.6.0/schema-tools-v0.6.0-linux-amd64.tar.gz"
url_api = ""
[[tools.go]]
version = "1.24.1"
backend = "core:go"
[tools.go.platforms.linux-x64]
checksum = "sha256:cb2396bae64183cdccf81a9a6df0aea3bce9511fc21469fb89a0c00470088073"
size = 78503123
url = "https://dl.google.com/go/go1.24.1.linux-amd64.tar.gz"
[[tools.golangci-lint]]
version = "1.64.8"
backend = "aqua:golangci/golangci-lint"
[tools.golangci-lint.platforms.linux-x64]
checksum = "sha256:b6270687afb143d019f387c791cd2a6f1cb383be9b3124d241ca11bd3ce2e54e"
size = 12364828
url = "https://github.com/golangci/golangci-lint/releases/download/v1.64.8/golangci-lint-1.64.8-linux-amd64.tar.gz"
[[tools.gradle]]
version = "7.6.6"
backend = "aqua:gradle/gradle"
[tools.gradle.platforms.linux-x64]
checksum = "blake3:5cad8fc455b720b68a0bd2907d435e2919581708243f84f27845fe8812a09323"
size = 128439774
url = "https://github.com/gradle/gradle-distributions/releases/download/v7.6.6/gradle-7.6.6-bin.zip"
[[tools.java]]
version = "corretto-11.0.28.6.1"
backend = "core:java"
[tools.java.platforms.linux-x64]
checksum = "sha256:70734c46e0bbeb7f45b721756ba0b2f1f1e1ef85a11e10d5a488f06b257dadd9"
size = 195648709
url = "https://corretto.aws/downloads/resources/11.0.28.6.1/amazon-corretto-11.0.28.6.1-linux-x64.tar.gz"
[[tools.node]]
version = "20.19.5"
backend = "core:node"
[tools.node.platforms.linux-x64]
checksum = "sha256:4eba5fbe1fb10753bc06e42f001a91c5cec16798b7764a3e9257adc59af47fe1"
size = 47041607
url = "https://nodejs.org/dist/v20.19.5/node-v20.19.5-linux-x64.tar.gz"
[[tools."npm:yarn"]]
version = "1.22.22"
backend = "npm:yarn"
[[tools.pulumi]]
version = "3.192.0"
backend = "aqua:pulumi/pulumi"
[tools.pulumi.platforms.linux-x64]
checksum = "sha512:6351213bee02ade5b76407d9b43cdb243fa461ca38231b03410de5aa1f697e55ab6467da2a9e37ebbff7be6cd3485d833e9ad8f29d4de6919bbdd471fb25e45a"
size = 92867578
url = "https://github.com/pulumi/pulumi/releases/download/v3.192.0/pulumi-v3.192.0-linux-x64.tar.gz"
[[tools.python]]
version = "3.11.8"
backend = "core:python"

7
.config/mise.test.toml
View File

@@ -1,7 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
# Overrides tool versions for test workflows
[tools]
# always use pulumi latest for tests
pulumi = "latest"

29
.config/mise.toml
View File

@@ -1,29 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
# You can create your own root-level mise.toml file to override/augment this. See https://mise.jdx.dev/configuration.html
[env]
_.source = "{{config_root}}/scripts/get-versions.sh"
PULUMI_HOME = "{{config_root}}/.pulumi"
[tools]
# Runtimes
# TODO: we may not need `get_env` once https://github.com/jdx/mise/discussions/6339 is fixed
go = "{{ get_env(name='GO_VERSION_MISE', default='latest') }}"
node = '20.19.5'
python = '3.11.8'
dotnet = '8.0.414'
# Corretto version used as Java SE/OpenJDK version no longer offered
java = 'corretto-11'
# Executable tools
pulumi = "{{ get_env(name='PULUMI_VERSION_MISE', default='latest') }}"
"github:pulumi/pulumictl" = 'latest'
"github:pulumi/schema-tools" = "latest"
gradle = '7.6'
golangci-lint = "1.64.8" # See note about about overrides if you need to customize this.
"npm:yarn" = "1.22.22"
[settings]
experimental = true # Required for Go binaries (e.g. pulumictl).
lockfile = true

2
.github/actions/esc-action/index.js vendored
View File

@@ -5,7 +5,7 @@ var stream = fs.createWriteStream(file, { flags: "a" });
for (const [name, value] of Object.entries(process.env)) {
try {
stream.write(`${name}<<EEEOOOFFF\n${value}\nEEEOOOFFF\n`); // << syntax accommodates multiline strings.
stream.write(`${name}=${value}\n`);
} catch (err) {
console.log(`error: failed to set output for ${name}: ${err.message}`);
}

201
.github/workflows/build.yml vendored
View File

@@ -16,17 +16,22 @@ on:
workflow_dispatch: {}
env:
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -35,28 +40,15 @@ env:
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
jobs:
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -74,7 +66,7 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -95,7 +87,7 @@ jobs:
echo 'EOF';
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
@@ -125,7 +117,6 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -171,7 +162,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -186,15 +177,10 @@ jobs:
path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library
run: make test_provider
env:
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -203,7 +189,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
build_sdks:
needs: prerequisites
runs-on: pulumi-ubuntu-8core
@@ -217,23 +203,11 @@ jobs:
- go
- java
name: build_sdks
permissions:
pull-requests: write # For Renovate SDK updates.
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -251,18 +225,18 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
@@ -272,7 +246,7 @@ jobs:
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Download provider
@@ -301,7 +275,6 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -347,7 +320,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -367,29 +340,13 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
tag_release_if_labeled_needs_release:
name: Tag release if labeled as needs-release
needs: publish
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: check if this commit needs release
if: ${{ env.RELEASE_BOT_ENDPOINT != '' }}
uses: pulumi/action-release-by-pr-label@main
@@ -397,10 +354,10 @@ jobs:
command: "release-if-needed"
repo: ${{ github.repository }}
commit: ${{ github.sha }}
slack_channel: C02MGR8JVST
slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }}
env:
RELEASE_BOT_ENDPOINT: ${{ steps.esc-secrets.outputs.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ steps.esc-secrets.outputs.RELEASE_BOT_KEY }}
RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
test:
@@ -420,21 +377,12 @@ jobs:
name: test
permissions:
contents: read
id-token: write # For ESC secrets and Pulumi access token OIDC.
id-token: write
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -452,18 +400,18 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
@@ -473,7 +421,7 @@ jobs:
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Download provider
@@ -523,7 +471,7 @@ jobs:
with:
environment: logins/pulumi-ci
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
@@ -531,7 +479,7 @@ jobs:
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368 # v3.0.0
with:
install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt
@@ -544,8 +492,6 @@ jobs:
set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -554,28 +500,16 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish:
runs-on: ubuntu-latest
needs: test
name: publish
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -602,27 +536,27 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
with:
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }}
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
env:
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }}
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' && secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID == '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
with:
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
version: latest
@@ -634,28 +568,16 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish_sdk:
runs-on: ubuntu-latest
needs: publish
name: publish_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -679,18 +601,18 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Download python SDK
@@ -722,16 +644,16 @@ jobs:
- name: Publish SDKs
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
env:
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
PYPI_PUBLISH_ARTIFACTS: all
PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }}
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }}
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }}
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -740,7 +662,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
lint:
runs-on: ubuntu-latest
steps:
@@ -762,7 +684,8 @@ jobs:
uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2
with:
version: ${{ env.GOLANGCI_LINT_VERSION }}
working-directory: .
args: -c ../.golangci.yml
working-directory: provider
name: lint
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository

20
.github/workflows/command-dispatch.yml vendored
View File

@@ -2,10 +2,13 @@
env:
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -14,28 +17,15 @@ env:
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
jobs:
command-dispatch-for-testing:
name: command-dispatch-for-testing
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
persist-credentials: false
- uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4
with:
commands: |
@@ -45,7 +35,7 @@ jobs:
permission: write
reaction-token: ${{ secrets.GITHUB_TOKEN }}
repository: pulumi/pulumi-docker-build
token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
token: ${{ secrets.PULUMI_BOT_TOKEN }}
name: command-dispatch
on:
issue_comment:

2
.github/workflows/comment-on-stale-issues.yml vendored
View File

@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
name: Stale issue job
steps:
- uses: aws-actions/stale-issue-cleanup@5650b49bcd757a078f6ca06c373d7807b773f9bc # v7.1.0
- uses: aws-actions/stale-issue-cleanup@5650b49bcd757a078f6ca06c373d7807b773f9bc #v7.1.0
with:
issue-types: issues # only look at issues (ignore pull-requests)

2
.github/workflows/community-moderation.yml vendored
View File

@@ -1,5 +1,7 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
warn_codegen:
name: warn_codegen

2
.github/workflows/export-repo-secrets.yml vendored
View File

@@ -13,7 +13,7 @@ jobs:
app-id: 1256780 # Export Secrets GitHub App
private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }}
- name: Export secrets to ESC
uses: pulumi/esc-export-secrets-action@9d6485759b6adff2538ae91f1b77cc96265c9dad # v1
uses: pulumi/esc-export-secrets-action@v1
with:
organization: pulumi
org-environment: imports/github-secrets

193
.github/workflows/prerelease.yml vendored
View File

@@ -7,17 +7,22 @@ on:
- v*.*.*-**
env:
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -27,7 +32,6 @@ env:
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
IS_PRERELEASE: true
jobs:
prerequisites:
runs-on: ubuntu-latest
@@ -36,16 +40,7 @@ jobs:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -63,7 +58,7 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -84,7 +79,7 @@ jobs:
echo 'EOF';
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
@@ -114,7 +109,6 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -160,7 +154,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -175,15 +169,10 @@ jobs:
path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library
run: make test_provider
env:
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -192,7 +181,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
build_sdks:
needs: prerequisites
runs-on: pulumi-ubuntu-8core
@@ -206,23 +195,11 @@ jobs:
- go
- java
name: build_sdks
permissions:
pull-requests: write # For Renovate SDK updates.
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -240,18 +217,18 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
@@ -261,7 +238,7 @@ jobs:
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Download provider
@@ -290,7 +267,6 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit ${{ matrix.language }} SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -336,7 +312,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -355,7 +331,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
test:
runs-on: pulumi-ubuntu-8core
needs:
@@ -373,21 +349,12 @@ jobs:
name: test
permissions:
contents: read
id-token: write # For ESC secrets and Pulumi access token OIDC.
id-token: write
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -405,18 +372,18 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
@@ -426,7 +393,7 @@ jobs:
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Download provider
@@ -476,7 +443,7 @@ jobs:
with:
environment: logins/pulumi-ci
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
@@ -484,7 +451,7 @@ jobs:
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368 # v3.0.0
with:
install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt
@@ -497,8 +464,6 @@ jobs:
set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -507,28 +472,16 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish:
runs-on: ubuntu-latest
needs: test
name: publish
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -555,27 +508,27 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
with:
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }}
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
env:
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }}
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' && secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID == '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
with:
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
version: latest
@@ -587,28 +540,16 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish_sdk:
runs-on: ubuntu-latest
needs: publish
name: publish_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -632,18 +573,18 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Download python SDK
@@ -675,11 +616,11 @@ jobs:
- name: Publish SDKs
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
env:
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
PYPI_PUBLISH_ARTIFACTS: all
PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }}
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -688,29 +629,17 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish_java_sdk:
runs-on: ubuntu-latest
continue-on-error: true
needs: publish
name: publish_java_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -728,7 +657,7 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Java
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
@@ -736,7 +665,7 @@ jobs:
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Download java SDK
@@ -748,18 +677,18 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
${{github.workspace}}/sdk/java
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Publish Java SDK
run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository
env:
PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }}
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
publish_go_sdk:
runs-on: ubuntu-latest
name: publish-go-sdk

28
.github/workflows/pull-request.yml vendored
View File

@@ -3,7 +3,33 @@
name: pull-request
on:
pull_request_target: {}
env:
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
jobs:
comment-on-pr:
runs-on: ubuntu-latest

214
.github/workflows/release.yml vendored
View File

@@ -8,17 +8,22 @@ on:
- "!v*.*.*-**"
env:
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -27,28 +32,15 @@ env:
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
jobs:
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -66,7 +58,7 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -87,7 +79,7 @@ jobs:
echo 'EOF';
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
@@ -117,7 +109,6 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -163,7 +154,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -178,15 +169,10 @@ jobs:
path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library
run: make test_provider
env:
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -195,7 +181,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
build_sdks:
needs: prerequisites
runs-on: pulumi-ubuntu-8core
@@ -209,23 +195,11 @@ jobs:
- go
- java
name: build_sdks
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -243,18 +217,18 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
@@ -264,7 +238,7 @@ jobs:
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Download provider
@@ -293,7 +267,6 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -339,7 +312,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -358,7 +331,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
test:
runs-on: pulumi-ubuntu-8core
needs:
@@ -376,21 +349,12 @@ jobs:
name: test
permissions:
contents: read
id-token: write # For ESC secrets.
id-token: write
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -408,18 +372,18 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
@@ -429,7 +393,7 @@ jobs:
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Download provider
@@ -479,7 +443,7 @@ jobs:
with:
environment: logins/pulumi-ci
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
@@ -487,7 +451,7 @@ jobs:
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368 # v3.0.0
with:
install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt
@@ -500,8 +464,6 @@ jobs:
set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GTIHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -510,28 +472,16 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish:
runs-on: ubuntu-latest
needs: test
name: publish
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -558,27 +508,27 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
with:
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }}
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
env:
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }}
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' && secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID == '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
with:
args: -p 3 release --clean --timeout 60m0s
version: latest
@@ -590,28 +540,16 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish_sdk:
runs-on: ubuntu-latest
needs: publish
name: publish_sdks
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -635,18 +573,18 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Download python SDK
@@ -678,11 +616,11 @@ jobs:
- name: Publish SDKs
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
env:
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
PYPI_PUBLISH_ARTIFACTS: all
PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }}
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -691,29 +629,17 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish_java_sdk:
runs-on: ubuntu-latest
continue-on-error: true
needs: publish
name: publish_java_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -731,7 +657,7 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Java
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
@@ -739,7 +665,7 @@ jobs:
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Download java SDK
@@ -751,18 +677,18 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
${{github.workspace}}/sdk/java
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Publish Java SDK
run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository
env:
PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }}
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
publish_go_sdk:
runs-on: ubuntu-latest
name: publish-go-sdk
@@ -800,23 +726,7 @@ jobs:
dispatch_docs_build:
runs-on: ubuntu-latest
needs: publish_go_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Install pulumictl
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
with:
@@ -825,5 +735,5 @@ jobs:
run: pulumictl create docs-build pulumi-${{ env.PROVIDER }}
"${GITHUB_REF#refs/tags/}"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
name: dispatch_docs_build

21
.github/workflows/release_command.yml vendored
View File

@@ -13,16 +13,7 @@ jobs:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
persist-credentials: false
- name: Should release PR
uses: pulumi/action-release-by-pr-label@main
with:
@@ -30,14 +21,14 @@ jobs:
repo: ${{ github.repository }}
pr: ${{ github.event.client_payload.pull_request.number }}
version: ${{ github.event.client_payload.slash_command.args.all }}
slack_channel: ${{ steps.esc-secrets.outputs.RELEASE_OPS_STAGING_SLACK_CHANNEL }}
slack_channel: ${{ secrets.RELEASE_OPS_STAGING_SLACK_CHANNEL }}
env:
RELEASE_BOT_ENDPOINT: ${{ steps.esc-secrets.outputs.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ steps.esc-secrets.outputs.RELEASE_BOT_KEY }}
RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure()
name: Notify failure
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
@@ -46,7 +37,7 @@ jobs:
"release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
- if: success()
name: Notify success
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}

152
.github/workflows/run-acceptance-tests.yml vendored
View File

@@ -11,17 +11,22 @@ on:
workflow_dispatch: {}
env:
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -33,50 +38,32 @@ env:
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
jobs:
comment-notification:
if: github.event_name == 'repository_dispatch'
runs-on: ubuntu-latest
name: comment-notification
steps:
- name: Create URL to the run output
id: vars
run: echo
"run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
>> "$GITHUB_OUTPUT"
- name: Update with Result
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
token: ${{ secrets.PULUMI_BOT_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}"
if: github.event_name == 'repository_dispatch'
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- name: Create URL to the run output
id: vars
run: echo
"run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
>> "$GITHUB_OUTPUT"
- name: Update with Result
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}"
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -94,7 +81,7 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -115,7 +102,7 @@ jobs:
echo 'EOF';
} >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
@@ -145,7 +132,6 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -191,7 +177,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -206,15 +192,10 @@ jobs:
path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library
run: make test_provider
env:
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }}
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -223,7 +204,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
build_sdks:
@@ -239,25 +220,13 @@ jobs:
- go
- java
name: build_sdks
permissions:
contents: read
id-token: write # For ESC secrets.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
ref: ${{ env.PR_COMMIT_SHA }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -275,18 +244,18 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
@@ -296,7 +265,7 @@ jobs:
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Download provider
@@ -325,7 +294,6 @@ jobs:
sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json
sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name ==
@@ -370,7 +338,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env:
HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain
@@ -390,7 +358,7 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
test:
@@ -417,16 +385,7 @@ jobs:
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
ref: ${{ env.PR_COMMIT_SHA }}
- id: version
name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -444,18 +403,18 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
@@ -465,7 +424,7 @@ jobs:
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Download provider
@@ -515,7 +474,7 @@ jobs:
with:
environment: logins/pulumi-ci
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
@@ -523,7 +482,7 @@ jobs:
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368 # v3.0.0
with:
install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt
@@ -536,8 +495,6 @@ jobs:
set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -546,28 +503,13 @@ jobs:
fields: repo,commit,author,action
status: ${{ job.status }}
env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
sentinel:
runs-on: ubuntu-latest
name: sentinel
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Mark workflow as successful
uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13
with:
@@ -578,7 +520,6 @@ jobs:
sha: ${{ github.event.pull_request.head.sha || github.sha }}
permissions:
statuses: write
id-token: write # For ESC secrets.
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
needs:
@@ -606,7 +547,8 @@ jobs:
uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2
with:
version: ${{ env.GOLANGCI_LINT_VERSION }}
working-directory: .
args: -c ../.golangci.yml
working-directory: provider
name: lint
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository

30
.github/workflows/weekly-pulumi-update.yml vendored
View File

@@ -8,17 +8,22 @@ on:
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -27,25 +32,14 @@ env:
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
jobs:
weekly-pulumi-update:
runs-on: ubuntu-latest
permissions: write-all
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
lfs: true
- name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
@@ -56,18 +50,18 @@ jobs:
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0
uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
@@ -77,7 +71,7 @@ jobs:
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with:
gradle-version: "7.6"
- name: Update Pulumi/Pulumi
@@ -138,5 +132,5 @@ jobs:
gh pr create -t "$msg" -b "$msg" --head "$(git branch --show-current)"
env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
name: weekly-pulumi-update

2
.pulumi.version
View File

@@ -1 +1 @@
3.192.0
3.187.0

10
CHANGELOG.md
View File

@@ -1,15 +1,5 @@
## Unreleased
## Changed
- Arguments `CacheFromGitHubActions.URL` and `CacheFromGitHubActions.Token` have been removed. If the previous behaviour is desired, set the `ACTIONS_CACHE_URL` and `ACTIONS_RUNTIME_TOKEN` environment variables. (https://github.com/pulumi/pulumi-docker-build/issues/75)
## 0.0.14 (2025-09-30)
### Fixed
- A warning is no longer emitted for the reserved `__internal` key. (https://github.com/pulumi/pulumi-docker-build/issues/579)
## 0.0.13 (2025-08-27)
### Changed

45
Makefile
View File

@@ -17,9 +17,8 @@ WORKING_DIR := $(shell pwd)
EXAMPLES_DIR := ${WORKING_DIR}/examples/yaml
TESTPARALLELISM := 4
PULUMI := pulumi
GOGLANGCILINT := golangci-lint
GOTEST := go test
PULUMI := bin/pulumi
GOGLANGCILINT := bin/golangci-lint
# Override during CI using `make [TARGET] PROVIDER_VERSION=""` or by setting a PROVIDER_VERSION environment variable
# Local & branch builds will just used this fixed default version unless specified
@@ -47,10 +46,10 @@ provider_debug::
(cd provider && go build -o $(WORKING_DIR)/bin/${PROVIDER} -gcflags="all=-N -l" -ldflags "-X ${PROJECT}/${VERSION_PATH}=${VERSION_GENERIC}" $(PROJECT)/${PROVIDER_PATH}/cmd/$(PROVIDER))
test_provider:: # Required by CI
${GOTEST} -short -v -coverprofile="coverage.txt" -coverpkg=./provider/... -timeout 2h -parallel ${TESTPARALLELISM} ./provider/...
go test -short -v -coverprofile="coverage.txt" -coverpkg=./provider/... -timeout 2h -parallel ${TESTPARALLELISM} ./provider/...
test_examples: install_nodejs_sdk install_dotnet_sdk
${GOTEST} -short -v -cover -tags=all -timeout 2h -parallel ${TESTPARALLELISM} ./examples/...
go test -short -v -cover -tags=all -timeout 2h -parallel ${TESTPARALLELISM} ./examples/...
test_all:: test_provider test_examples
@@ -64,26 +63,38 @@ examples/yaml:
rm -rf ${WORKING_DIR}/examples/yaml/app
cp -r ${WORKING_DIR}/examples/app ${WORKING_DIR}/examples/yaml/app
examples/go: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
examples/go: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,go)
@git checkout examples/go/go.mod
examples/nodejs: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
examples/nodejs: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,nodejs)
@git checkout examples/nodejs/package.json
examples/python: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
examples/python: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,python)
@git checkout examples/python/requirements.txt
examples/dotnet: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
examples/dotnet: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,dotnet)
@git checkout examples/dotnet/provider-docker-build.csproj
examples/java: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
examples/java: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,java)
@git checkout examples/java/pom.xml
${PULUMI}: go.sum
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/pkg/v3/cmd/pulumi
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi-java/pkg/cmd/pulumi-language-java
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi-yaml/cmd/pulumi-converter-yaml
${GOGLANGCILINT}: go.sum
GOBIN=${WORKING_DIR}/bin go install github.com/golangci/golangci-lint/cmd/golangci-lint@8b37f14
define pulumi_login
export PULUMI_CONFIG_PASSPHRASE=asdfqwerty1234; \
pulumi login --local;
@@ -91,7 +102,7 @@ endef
define example
rm -rf ${WORKING_DIR}/examples/$(1)
pulumi convert \
$(PULUMI) convert \
--cwd ${WORKING_DIR}/examples/yaml \
--logtostderr \
--generate-only \
@@ -129,7 +140,7 @@ build:: provider sdk/dotnet sdk/go sdk/nodejs sdk/python sdk/java ${SCHEMA_PATH}
only_build:: build
.PHONY: lint
lint:
lint: ${GOGLANGCILINT}
${GOGLANGCILINT} run --fix -c .golangci.yml
install:: install_nodejs_sdk install_dotnet_sdk
@@ -194,7 +205,7 @@ sdk: sdk/python sdk/nodejs sdk/java sdk/python sdk/go sdk/dotnet
.PHONY: sdk/*
sdk/python: TMPDIR := $(shell mktemp -d)
sdk/python: bin/${PROVIDER}
sdk/python: $(PULUMI) bin/${PROVIDER}
rm -rf sdk/python
$(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language python -o ${TMPDIR}
cp README.md ${TMPDIR}/python/
@@ -207,7 +218,7 @@ sdk/python: bin/${PROVIDER}
mv -f ${TMPDIR}/python ${WORKING_DIR}/sdk/.
sdk/nodejs: TMPDIR := $(shell mktemp -d)
sdk/nodejs: bin/${PROVIDER}
sdk/nodejs: $(PULUMI) bin/${PROVIDER}
rm -rf sdk/nodejs
$(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language nodejs -o ${TMPDIR}
cp README.md LICENSE ${TMPDIR}/nodejs
@@ -219,7 +230,7 @@ sdk/nodejs: bin/${PROVIDER}
sdk/go: TMPDIR := $(shell mktemp -d)
sdk/go: PATH := "$(WORKING_DIR)/bin:$(PATH)"
sdk/go: bin/${PROVIDER}
sdk/go: $(PULUMI) bin/${PROVIDER}
rm -rf sdk/go
PATH=$(PATH) $(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language go -o ${TMPDIR}
cp go.mod ${TMPDIR}/go/dockerbuild/go.mod
@@ -229,7 +240,7 @@ sdk/go: bin/${PROVIDER}
mv -f ${TMPDIR}/go ${WORKING_DIR}/sdk/go
sdk/dotnet: TMPDIR := $(shell mktemp -d)
sdk/dotnet: bin/${PROVIDER}
sdk/dotnet: $(PULUMI) bin/${PROVIDER}
rm -rf sdk/dotnet
$(PULUMI) package gen-sdk ./bin/${PROVIDER} --language dotnet -o ${TMPDIR}
cd ${TMPDIR}/dotnet/ && \
@@ -239,7 +250,7 @@ sdk/dotnet: bin/${PROVIDER}
sdk/java: PACKAGE_VERSION := $(shell pulumictl convert-version --language generic -v "$(VERSION_GENERIC)")
sdk/java: TMPDIR := $(shell mktemp -d)
sdk/java: bin/${PROVIDER}
sdk/java: $(PULUMI) bin/${PROVIDER}
rm -rf sdk/java
$(PULUMI) package gen-sdk --language java ./bin/${PROVIDER} -o ${TMPDIR}
cd ${TMPDIR}/java/ && gradle --console=plain build

428
docs/_index.md
View File

@@ -1,428 +0,0 @@
---
title: Docker Build
meta_desc: Provides an overview of the Docker Build Provider for Pulumi.
layout: package
---
The Docker Build provider leverages [buildx and BuildKit](https://docs.docker.com/build/architecture/) to build modern Docker images with Pulumi.
Not to be confused with the earlier
[Docker](../docker) provider, which is still
appropriate for managing resources unrelated to building images.
| Provider | Use cases |
| ---------------- | ----------------------------------------------------------------------- |
| `@pulumi/docker-build` | Anything related to building images with `docker build`. |
| `@pulumi/docker` | Everything else -- including running containers and creating networks. |
## Example
If your Pulumi program has a directory called `app` alongside it, containing a
file named "Dockerfile" (which can be as simple as `FROM alpine` for the
purpose of example), then the code below shows how to build a multi-platform
image, publish it to a remote AWS ECR registry, and use an [inline
cache](https://docs.docker.com/build/cache/backends/inline/) to speed up
subsequent builds.
{{< chooser language "typescript,python,csharp,go,yaml,java" / >}}
{{% choosable language typescript %}}
```typescript
import * as aws from "@pulumi/aws";
import * as docker_build from "@pulumi/docker-build";
// Create an ECR repository for pushing.
const ecrRepository = new aws.ecr.Repository("ecr-repository", {});
// Grab auth credentials for ECR.
const authToken = aws.ecr.getAuthorizationTokenOutput({
registryId: ecrRepository.registryId,
});
// Build and push an image to ECR with inline caching.
const myImage = new docker_build.Image("my-image", {
// Tag our image with our ECR repository's address.
tags: [pulumi.interpolate`${ecrRepository.repositoryUrl}:latest`],
context: {
location: "./app",
},
// Use the pushed image as a cache source.
cacheFrom: [{
registry: {
ref: pulumi.interpolate`${ecrRepository.repositoryUrl}:latest`,
},
}],
// Include an inline cache with our pushed image.
cacheTo: [{
inline: {},
}],
// Build a multi-platform image manifest for ARM and AMD.
platforms: [
"linux/amd64",
"linux/arm64",
],
// Push the final result to ECR.
push: true,
// Provide our ECR credentials.
registries: [{
address: ecrRepository.repositoryUrl,
password: authToken.password,
username: authToken.userName,
}],
});
// Export a ref for the pushed images so we can deploy it.
export const ref = myImage.ref;
```
{{% /choosable %}}
{{% choosable language python %}}
```python
import pulumi
import pulumi_aws as aws
import pulumi_docker_build as docker_build
# Create an ECR repository for pushing.
ecr_repository = aws.ecr.Repository("ecr-repository")
# Grab auth credentials for ECR.
auth_token = aws.ecr.get_authorization_token_output(registry_id=ecr_repository.registry_id)
# Build and push an image to ECR with inline caching.
my_image = docker_build.Image("my-image",
# Tag our image with our ECR repository's address.
tags=[ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:latest")],
context=docker_build.BuildContextArgs(
location="./app",
),
# Use the pushed image as a cache source.
cache_from=[docker_build.CacheFromArgs(
registry=docker_build.CacheFromRegistryArgs(
ref=ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:latest"),
),
)],
# Include an inline cache with our pushed image.
cache_to=[docker_build.CacheToArgs(
inline=docker_build.CacheToInlineArgs(),
)],
# Build a multi-platform image manifest for ARM and AMD.
platforms=[
docker_build.Platform.LINUX_AMD64,
docker_build.Platform.LINUX_ARM64,
],
# Push the final result to ECR.
push=True,
# Provide our ECR credentials.
registries=[docker_build.RegistryArgs(
address=ecr_repository.repository_url,
password=auth_token.password,
username=auth_token.user_name,
)],
)
# Export a ref for the pushed images so we can deploy it.
pulumi.export("ref", my_image.ref)
```
{{% /choosable %}}
{{% choosable language csharp %}}
```csharp
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using DockerBuild = Pulumi.DockerBuild;
return await Deployment.RunAsync(() =>
{
// Create an ECR repository for pushing.
var ecrRepository = new Aws.Ecr.Repository("ecr-repository");
// Grab auth credentials for ECR.
var authToken = Aws.Ecr.GetAuthorizationToken.Invoke(new()
{
RegistryId = ecrRepository.RegistryId,
});
// Build and push an image to ECR with inline caching.
var myImage = new DockerBuild.Image("my-image", new()
{
// Tag our image with our ECR repository's address.
Tags = new[]
{
ecrRepository.RepositoryUrl.Apply(repositoryUrl => $"{repositoryUrl}:latest"),
},
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
// Use the pushed image as a cache source.
CacheFrom = new[]
{
new DockerBuild.Inputs.CacheFromArgs
{
Registry = new DockerBuild.Inputs.CacheFromRegistryArgs
{
Ref = ecrRepository.RepositoryUrl.Apply(repositoryUrl => $"{repositoryUrl}:latest"),
},
},
},
// Include an inline cache with our pushed image.
CacheTo = new[]
{
new DockerBuild.Inputs.CacheToArgs
{
Inline = null,
},
},
// Build a multi-platform image manifest for ARM and AMD.
Platforms = new[]
{
DockerBuild.Platform.Linux_amd64,
DockerBuild.Platform.Linux_arm64,
},
// Push the final result to ECR.
Push = true,
// Provide our ECR credentials.
Registries = new[]
{
new DockerBuild.Inputs.RegistryArgs
{
Address = ecrRepository.RepositoryUrl,
Password = authToken.Apply(getAuthorizationTokenResult => getAuthorizationTokenResult.Password),
Username = authToken.Apply(getAuthorizationTokenResult => getAuthorizationTokenResult.UserName),
},
},
});
// Export a ref for the pushed images so we can deploy it.
return new Dictionary<string, object?>
{
["ref"] = myImage.Ref,
};
});
```
{{% /choosable %}}
{{% choosable language go %}}
```go
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr"
"github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create an ECR repository for pushing.
ecrRepository, err := ecr.NewRepository(ctx, "ecr-repository", nil)
if err != nil {
return err
}
// Grab auth credentials for ECR.
authToken := ecr.GetAuthorizationTokenOutput(ctx, ecr.GetAuthorizationTokenOutputArgs{
RegistryId: ecrRepository.RegistryId,
}, nil)
// Build and push an image to ECR with inline caching.
myImage, err := dockerbuild.NewImage(ctx, "my-image", &dockerbuild.ImageArgs{
// Tag our image with our ECR repository's address.
Tags: pulumi.StringArray{
ecrRepository.RepositoryUrl.ApplyT(func(repositoryUrl string) (string, error) {
return fmt.Sprintf("%v:latest", repositoryUrl), nil
}).(pulumi.StringOutput),
},
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
// Use the pushed image as a cache source.
CacheFrom: dockerbuild.CacheFromArray{
&dockerbuild.CacheFromArgs{
Registry: &dockerbuild.CacheFromRegistryArgs{
Ref: ecrRepository.RepositoryUrl.ApplyT(func(repositoryUrl string) (string, error) {
return fmt.Sprintf("%v:latest", repositoryUrl), nil
}).(pulumi.StringOutput),
},
},
},
// Include an inline cache with our pushed image.
CacheTo: dockerbuild.CacheToArray{
&dockerbuild.CacheToArgs{
Inline: nil,
},
},
// Build a multi-platform image manifest for ARM and AMD.
Platforms: dockerbuild.PlatformArray{
dockerbuild.Platform_Linux_amd64,
dockerbuild.Platform_Linux_arm64,
},
// Push the final result to ECR.
Push: pulumi.Bool(true),
// Provide our ECR credentials.
Registries: dockerbuild.RegistryArray{
&dockerbuild.RegistryArgs{
Address: ecrRepository.RepositoryUrl,
Password: authToken.ApplyT(func(authToken ecr.GetAuthorizationTokenResult) (*string, error) {
return &authToken.Password, nil
}).(pulumi.StringPtrOutput),
Username: authToken.ApplyT(func(authToken ecr.GetAuthorizationTokenResult) (*string, error) {
return &authToken.UserName, nil
}).(pulumi.StringPtrOutput),
},
},
})
if err != nil {
return err
}
// Export a ref for the pushed images so we can deploy it.
ctx.Export("ref", myImage.Ref)
return nil
})
}
```
{{% /choosable %}}
{{% choosable language yaml %}}
```yaml
description: Push to AWS ECR with caching
name: ecr
outputs:
ref: ${my-image.ref}
resources:
# Create an ECR repository for pushing.
ecr-repository:
type: aws:ecr:Repository
# Build and push an image to ECR with inline caching.
my-image:
type: docker-build:Image
properties:
# Tag our image with our ECR repository's address.
tags:
- ${ecr-repository.repositoryUrl}:latest
context:
location: ./app
# Use the pushed image as a cache source.
cacheFrom:
- registry:
ref: ${ecr-repository.repositoryUrl}:latest
# Include an inline cache with our pushed image.
cacheTo:
- inline: {}
# Build a multi-platform image manifest for ARM and AMD.
platforms:
- linux/amd64
- linux/arm64
# Push the final result to ECR.
push: true
# Provide our ECR credentials.
registries:
- address: ${ecr-repository.repositoryUrl}
password: ${auth-token.password}
username: ${auth-token.userName}
runtime: yaml
variables:
auth-token:
# Grab auth credentials for ECR.
fn::aws:ecr:getAuthorizationToken:
registryId: ${ecr-repository.registryId}
```
{{% /choosable %}}
{{% choosable language java %}}
```java
package myapp;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ecr.Repository;
import com.pulumi.aws.ecr.EcrFunctions;
import com.pulumi.aws.ecr.inputs.GetAuthorizationTokenArgs;
import com.pulumi.dockerbuild.Image;
import com.pulumi.dockerbuild.ImageArgs;
import com.pulumi.dockerbuild.inputs.CacheFromArgs;
import com.pulumi.dockerbuild.inputs.CacheFromRegistryArgs;
import com.pulumi.dockerbuild.inputs.CacheToArgs;
import com.pulumi.dockerbuild.inputs.CacheToInlineArgs;
import com.pulumi.dockerbuild.inputs.BuildContextArgs;
import com.pulumi.dockerbuild.inputs.RegistryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create an ECR repository for pushing.
var ecrRepository = new Repository("ecrRepository");
// Grab auth credentials for ECR.
final var authToken = EcrFunctions.getAuthorizationToken(GetAuthorizationTokenArgs.builder()
.registryId(ecrRepository.registryId())
.build());
// Build and push an image to ECR with inline caching.
var myImage = new Image("myImage", ImageArgs.builder()
// Tag our image with our ECR repository's address.
.tags(ecrRepository.repositoryUrl().applyValue(repositoryUrl -> String.format("%s:latest", repositoryUrl)))
.context(BuildContextArgs.builder()
.location("./app")
.build())
// Use the pushed image as a cache source.
.cacheFrom(CacheFromArgs.builder()
.registry(CacheFromRegistryArgs.builder()
.ref(ecrRepository.repositoryUrl().applyValue(repositoryUrl -> String.format("%s:latest", repositoryUrl)))
.build())
.build())
// Include an inline cache with our pushed image.
.cacheTo(CacheToArgs.builder()
.inline()
.build())
// Build a multi-platform image manifest for ARM and AMD.
.platforms(
"linux/amd64",
"linux/arm64")
// Push the final result to ECR.
.push(true)
// Provide our ECR credentials.
.registries(RegistryArgs.builder()
.address(ecrRepository.repositoryUrl())
.password(authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult).applyValue(authToken -> authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult.password())))
.username(authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult).applyValue(authToken -> authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult.userName())))
.build())
.build());
ctx.export("ref", myImage.ref());
}
}
```
{{% /choosable %}}
{{< /chooser >}}

33
docs/installation-configuration.md
View File

@@ -1,33 +0,0 @@
---
title: Docker-Build Installation & Configuration
meta_desc: Provides an overview on how to configure the Pulumi Docker-Build Provider.
layout: package
---
The Pulumi Docker-build provider builds modern Docker images with [buildx](https://docs.docker.com/reference/cli/docker/buildx/) and [BuildKit](https://docs.docker.com/build/buildkit/).
## Installation
The Docker-Build provider is available as a package in all Pulumi languages:
* JavaScript/TypeScript: [`@pulumi/docker-build`](https://www.npmjs.com/package/@pulumi/docker-build)
* Python: [`pulumi-docker-build`](https://pypi.org/project/pulumi-docker-build/)
* Go: [`github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild`](https://github.com/pulumi/pulumi-docker-build)
* .NET: [`Pulumi.DockerBuild`](https://www.nuget.org/packages/Pulumi.DockerBuild)
* Java: [`com.pulumi/docker-build`](https://central.sonatype.com/artifact/com.pulumi/docker-build)
## Configuring The Provider
### Host
The `DOCKER_HOST` environment variable can be used to specify a custom build daemon's location.
```bash
$ export DOCKER_HOST=tcp://127.0.0.1:2376/
```
This can also be specified in your stack's configuration:
```bash
$ pulumi config set docker-build:host tcp://127.0.0.1:2376/
```

4
examples/go/go.mod
View File

@@ -6,7 +6,7 @@ toolchain go1.24.5
require (
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12
github.com/pulumi/pulumi/sdk/v3 v3.192.0
github.com/pulumi/pulumi/sdk/v3 v3.187.0
)
require (
@@ -62,7 +62,7 @@ require (
github.com/pkg/errors v0.9.1 // indirect
github.com/pkg/term v1.1.0 // indirect
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect
github.com/pulumi/esc v0.17.0 // indirect
github.com/pulumi/esc v0.14.3 // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/rogpeppe/go-internal v1.14.1 // indirect
github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect

8
examples/go/go.sum
View File

@@ -159,12 +159,12 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0=
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE=
github.com/pulumi/esc v0.17.0 h1:oaVOIyFTENlYDuqc3pW75lQT9jb2cd6ie/4/Twxn66w=
github.com/pulumi/esc v0.17.0/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc=
github.com/pulumi/esc v0.14.3 h1:Zli+9LiSDT/W+Fsfr8tITxCo+5wn969tLrE4KLv44G8=
github.com/pulumi/esc v0.14.3/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc=
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12 h1:uzmw+0iic764m0Yvh4I/jRV1x3q49dVh5Ctq9RllsQ8=
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12/go.mod h1:6zFMe786NvFDO03BVJwdw1R/Yms4F6vAU49iBHo8zbQ=
github.com/pulumi/pulumi/sdk/v3 v3.192.0 h1:sfHuR3P02wSbV3xdSMEQ0+uC/HzlMz0YfKrVAXy1hSQ=
github.com/pulumi/pulumi/sdk/v3 v3.192.0/go.mod h1:aV0+c5xpSYccWKmOjTZS9liYCqh7+peu3cQgSXu7CJw=
github.com/pulumi/pulumi/sdk/v3 v3.187.0 h1:BflBBeD/qaoKN4Tov11g4aHzJ7pTXBSb8otgmteRer0=
github.com/pulumi/pulumi/sdk/v3 v3.187.0/go.mod h1:BnpKxUc6QlxqoCqobHNZsUuIuY27H6ZFUk0Cp+0JN5U=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=

5
examples/nodejs_test.go
View File

@@ -181,9 +181,8 @@ func TestConfig(t *testing.T) {
require.NoError(t, err)
test := integration.ProgramTestOptions{
Dir: path.Join(cwd, "tests", "config"),
Dependencies: []string{"@pulumi/docker-build"},
SkipEmptyPreviewUpdate: true,
Dir: path.Join(cwd, "tests", "config"),
Dependencies: []string{"@pulumi/docker-build"},
}
integration.ProgramTest(t, &test)

6
go.mod
View File

@@ -16,14 +16,14 @@ require (
github.com/otiai10/copy v1.14.0
github.com/pulumi/providertest v0.3.1
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef
github.com/pulumi/pulumi-go-provider v1.1.2
github.com/pulumi/pulumi-go-provider v1.1.1
github.com/pulumi/pulumi-java/pkg v1.16.0
github.com/pulumi/pulumi-yaml v1.21.2
github.com/pulumi/pulumi/pkg/v3 v3.192.0
github.com/pulumi/pulumi/pkg/v3 v3.187.0
github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815
github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815
github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815
github.com/pulumi/pulumi/sdk/v3 v3.192.0
github.com/pulumi/pulumi/sdk/v3 v3.187.0
github.com/regclient/regclient v0.7.1
github.com/sirupsen/logrus v1.9.3
github.com/spf13/afero v1.14.0

12
go.sum
View File

@@ -896,22 +896,22 @@ github.com/pulumi/providertest v0.3.1 h1:vlftr7TZlObh81mL88IhhF0/9ZbLrZZos4NAvR4
github.com/pulumi/providertest v0.3.1/go.mod h1:fFHUP4/9DRyYnHWiRnwcynMtM/a7hHR/QcJfcuZKO3A=
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef h1:cxRa9R9To6OYKacIG2Em6zcM7BDNr6joC43uiV1lSVY=
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef/go.mod h1:VLcnE1lj92EfRi7CRMzdPkQ9OQvrlg2upJM1lBZzNmg=
github.com/pulumi/pulumi-go-provider v1.1.2 h1:NUQDXaftBDFTPMBPwxo8FhJUX0ymkv6a1XiXTnCDpvg=
github.com/pulumi/pulumi-go-provider v1.1.2/go.mod h1:3lNIuxT/BArFyiKrVfv+UT7gMMtplss7V69KuBZ4zIk=
github.com/pulumi/pulumi-go-provider v1.1.1 h1:4UT3LeNT9CdGhkq8OSWKJsmKTW9Tg+vsfOO/hsFVyb4=
github.com/pulumi/pulumi-go-provider v1.1.1/go.mod h1:3lNIuxT/BArFyiKrVfv+UT7gMMtplss7V69KuBZ4zIk=
github.com/pulumi/pulumi-java/pkg v1.16.0 h1:8KCiIXWv2uxfIks0SdgOezyXg4HZIoPfHID9eMg4nuM=
github.com/pulumi/pulumi-java/pkg v1.16.0/go.mod h1:VeMZ1s9LfXBypao4A1tRF3EB7fYnYZ1LwImyg6FBX0c=
github.com/pulumi/pulumi-yaml v1.21.2 h1:czqC5AazinfX6Bj0nqAAQ6x/Cr8/3oUz3HUjJg6tJ4o=
github.com/pulumi/pulumi-yaml v1.21.2/go.mod h1:KOqDnuJksfIq8belFVFN3IEI4r0NgW69M0QPSj54On4=
github.com/pulumi/pulumi/pkg/v3 v3.192.0 h1:gZRMPaNpW+VN3ng3h9r8De8wI0keWC9fIP0rcUDatMA=
github.com/pulumi/pulumi/pkg/v3 v3.192.0/go.mod h1:+Zp3EzjzGW4PlcW8oITZgeOfFzIVbLWvHtUVixvGQcs=
github.com/pulumi/pulumi/pkg/v3 v3.187.0 h1:VTbireKCxG/wKPX3slHNb3Zk3xKMr5CvcvjH8194H2I=
github.com/pulumi/pulumi/pkg/v3 v3.187.0/go.mod h1:3y5nyMg62dd+DBzYW/P4d+Ye9pJ/zhJd+aGzMzfUL1g=
github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:tipGG4aEPejP424igQYxJ6TOtWVtZJa0z679oIv00ho=
github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:V2MMs29cFeGBdZyFKxNqTGVfBgDLhIOGfrXOxheieuI=
github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:+QJTFK7UcOFTYCg3XaSTrRZHWJ6Hqza8w9oADa4pPcM=
github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:0kA9b5LsaXLEKQzo0o9UUsHtZkACthHYLyBVUDUVMxc=
github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:bkvtySMos0ij3fWZWZaU5sVrvGvU0dZCusoxpgEtX6I=
github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:SJtr0N/XFyelI7M7U0UbJXr15pgEdSmpN40cglTsRTA=
github.com/pulumi/pulumi/sdk/v3 v3.192.0 h1:sfHuR3P02wSbV3xdSMEQ0+uC/HzlMz0YfKrVAXy1hSQ=
github.com/pulumi/pulumi/sdk/v3 v3.192.0/go.mod h1:aV0+c5xpSYccWKmOjTZS9liYCqh7+peu3cQgSXu7CJw=
github.com/pulumi/pulumi/sdk/v3 v3.187.0 h1:BflBBeD/qaoKN4Tov11g4aHzJ7pTXBSb8otgmteRer0=
github.com/pulumi/pulumi/sdk/v3 v3.187.0/go.mod h1:BnpKxUc6QlxqoCqobHNZsUuIuY27H6ZFUk0Cp+0JN5U=
github.com/quasilyte/go-ruleguard v0.4.2 h1:htXcXDK6/rO12kiTHKfHuqR4kr3Y4M0J0rOL6CH/BYs=
github.com/quasilyte/go-ruleguard v0.4.2/go.mod h1:GJLgqsLeo4qgavUoL8JeGFNS7qcisx3awV/w9eWTmNI=
github.com/quasilyte/go-ruleguard/dsl v0.3.22 h1:wd8zkOhSNr+I+8Qeciml08ivDt1pSXe60+5DqOpCjPE=

19
mise.toml Normal file
View File

@@ -0,0 +1,19 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
[tools]
# Runtimes
go = '1.21'
node = '20'
python = '3.11.8'
dotnet = '8.0'
# Corretto version used as Java SE/OpenJDK version no longer offered
java = 'corretto-11'
# Executable tools
pulumi = 'latest'
"go:github.com/pulumi/pulumictl/cmd/pulumictl" = 'latest'
gradle = '7.6'
[settings]
experimental = true # Required for Go binaries (e.g. pulumictl).

44
provider/cmd/pulumi-resource-docker-build/schema.json
View File

@@ -155,12 +155,32 @@
]
},
"docker-build:index:CacheFromGitHubActions": {
"description": "Recommended for use with GitHub Actions workflows.\n\nAn action like `crazy-max/ghaction-github-runtime` is recommended to expose\nappropriate credentials to your GitHub workflow.",
"properties": {
"scope": {
"type": "string",
"description": "The scope to use for cache keys. Defaults to `buildkit`.\n\nThis should be set if building and caching multiple images in one\nworkflow, otherwise caches will overwrite each other.",
"default": "buildkit"
},
"token": {
"type": "string",
"description": "The GitHub Actions token to use. This is not a personal access tokens\nand is typically generated automatically as part of each job.\n\nDefaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like\n`crazy-max/ghaction-github-runtime` is recommended to expose this\nenvironment variable to your jobs.",
"default": "",
"defaultInfo": {
"environment": [
"ACTIONS_RUNTIME_TOKEN"
]
},
"secret": true
},
"url": {
"type": "string",
"description": "The cache server URL to use for artifacts.\n\nDefaults to `$ACTIONS_CACHE_URL`, although a separate action like\n`crazy-max/ghaction-github-runtime` is recommended to expose this\nenvironment variable to your jobs.",
"default": "",
"defaultInfo": {
"environment": [
"ACTIONS_CACHE_URL"
]
}
}
},
"type": "object"
@@ -350,7 +370,6 @@
]
},
"docker-build:index:CacheToGitHubActions": {
"description": "Recommended for use with GitHub Actions workflows.\n\nAn action like `crazy-max/ghaction-github-runtime` is recommended to expose\nappropriate credentials to your GitHub workflow.",
"properties": {
"ignoreError": {
"type": "boolean",
@@ -366,6 +385,27 @@
"type": "string",
"description": "The scope to use for cache keys. Defaults to `buildkit`.\n\nThis should be set if building and caching multiple images in one\nworkflow, otherwise caches will overwrite each other.",
"default": "buildkit"
},
"token": {
"type": "string",
"description": "The GitHub Actions token to use. This is not a personal access tokens\nand is typically generated automatically as part of each job.\n\nDefaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like\n`crazy-max/ghaction-github-runtime` is recommended to expose this\nenvironment variable to your jobs.",
"default": "",
"defaultInfo": {
"environment": [
"ACTIONS_RUNTIME_TOKEN"
]
},
"secret": true
},
"url": {
"type": "string",
"description": "The cache server URL to use for artifacts.\n\nDefaults to `$ACTIONS_CACHE_URL`, although a separate action like\n`crazy-max/ghaction-github-runtime` is recommended to expose this\nenvironment variable to your jobs.",
"default": "",
"defaultInfo": {
"environment": [
"ACTIONS_CACHE_URL"
]
}
}
},
"type": "object"

37
provider/internal/cache.go
View File

@@ -17,7 +17,6 @@ package internal
import (
"errors"
"fmt"
"os"
"strings"
controllerapi "github.com/docker/buildx/controller/pb"
@@ -149,20 +148,33 @@ func (c CacheWithOCI) String() string {
// CacheFromGitHubActions pulls cache manifests from the GitHub actions cache.
type CacheFromGitHubActions struct {
URL string `pulumi:"url,optional"`
Token string `pulumi:"token,optional" provider:"secret"`
Scope string `pulumi:"scope,optional"`
}
// Annotate sets docstrings on CacheFromGitHubActions.
func (c *CacheFromGitHubActions) Annotate(a infer.Annotator) {
a.Describe(&c, dedent(`
Recommended for use with GitHub Actions workflows.
An action like "crazy-max/ghaction-github-runtime" is recommended to expose
appropriate credentials to your GitHub workflow.
`))
a.SetDefault(&c.URL, "", "ACTIONS_CACHE_URL")
a.SetDefault(&c.Token, "", "ACTIONS_RUNTIME_TOKEN")
a.SetDefault(&c.Scope, "buildkit")
a.Describe(&c.URL, dedent(`
The cache server URL to use for artifacts.
Defaults to "$ACTIONS_CACHE_URL", although a separate action like
"crazy-max/ghaction-github-runtime" is recommended to expose this
environment variable to your jobs.
`))
a.Describe(&c.Token, dedent(`
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to "$ACTIONS_RUNTIME_TOKEN", although a separate action like
"crazy-max/ghaction-github-runtime" is recommended to expose this
environment variable to your jobs.
`))
a.Describe(&c.Scope, dedent(`
The scope to use for cache keys. Defaults to "buildkit".
@@ -179,12 +191,11 @@ func (c *CacheFromGitHubActions) String() string {
if c.Scope != "" {
parts = append(parts, "scope="+c.Scope)
}
// Preserving backwards compatibility with the old behaviour.
if token := os.Getenv("ACTIONS_RUNTIME_TOKEN"); token != "" {
parts = append(parts, "token="+token)
if c.Token != "" {
parts = append(parts, "token="+c.Token)
}
if url := os.Getenv("ACTIONS_CACHE_URL"); url != "" {
parts = append(parts, "url="+url)
if c.URL != "" {
parts = append(parts, "url="+c.URL)
}
return strings.Join(parts, ",")
}

46
provider/internal/cache_test.go
View File

@@ -24,15 +24,14 @@ import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
//nolint:paralleltest // We don't call t.Parallel here to prevent environment corruption.
func TestCacheString(t *testing.T) {
t.Parallel()
gzip := Gzip
tests := []struct {
name string
arrange func(t *testing.T)
given fmt.Stringer
want string
name string
given fmt.Stringer
want string
}{
{
name: "s3",
@@ -56,37 +55,7 @@ func TestCacheString(t *testing.T) {
{
name: "gha",
given: CacheTo{GHA: &CacheToGitHubActions{}},
arrange: func(t *testing.T) {
t.Setenv("ACTIONS_CACHE_URL", "")
t.Setenv("ACTIONS_RUNTIME_TOKEN", "")
},
want: "type=gha",
},
{
name: "gha-default-envs",
arrange: func(t *testing.T) {
t.Setenv("ACTIONS_CACHE_URL", "https://example.com")
t.Setenv("ACTIONS_RUNTIME_TOKEN", "token")
},
given: CacheTo{GHA: &CacheToGitHubActions{
CacheFromGitHubActions: CacheFromGitHubActions{
Scope: "scope",
},
}},
want: "type=gha,scope=scope,token=token,url=https://example.com",
},
{
name: "gha-with-scope",
arrange: func(t *testing.T) {
t.Setenv("ACTIONS_CACHE_URL", "")
t.Setenv("ACTIONS_RUNTIME_TOKEN", "")
},
given: CacheTo{GHA: &CacheToGitHubActions{
CacheFromGitHubActions: CacheFromGitHubActions{
Scope: "scope",
},
}},
want: "type=gha,scope=scope",
want: "type=gha",
},
{
name: "from-local",
@@ -152,12 +121,9 @@ func TestCacheString(t *testing.T) {
},
}
//nolint:paralleltest // We don't call t.Parallel here to prevent environment corruption.
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.arrange != nil {
tt.arrange(t)
}
t.Parallel()
actual := tt.given.String()
assert.Equal(t, tt.want, actual)

16
provider/internal/image_test.go
View File

@@ -917,10 +917,8 @@ func TestValidateImageArgs(t *testing.T) {
{
name: "gha environment",
envs: map[string]string{
"ACTIONS_CACHE_URL": "test-cache-url",
"ACTIONS_RUNTIME_TOKEN": "test-runtime-token",
"ACTIONS_RESULTS_URL": "test-results-url",
"ACTIONS_CACHE_SERVICE_V2": "true",
"ACTIONS_CACHE_URL": "test-cache-url",
"ACTIONS_RUNTIME_TOKEN": "test-runtime-token",
},
args: ImageArgs{
Context: &BuildContext{Context: Context{Location: "testdata/noop"}},
@@ -932,17 +930,15 @@ func TestValidateImageArgs(t *testing.T) {
wantCacheFrom: &pb.CacheOptionsEntry{
Type: "gha",
Attrs: map[string]string{
"token": "test-runtime-token",
"url": "test-cache-url",
"url_v2": "test-results-url",
"token": "test-runtime-token",
"url": "test-cache-url",
},
},
wantCacheTo: &pb.CacheOptionsEntry{
Type: "gha",
Attrs: map[string]string{
"token": "test-runtime-token",
"url": "test-cache-url",
"url_v2": "test-results-url",
"token": "test-runtime-token",
"url": "test-cache-url",
},
},
},

55
scripts/get-versions.sh
View File

@@ -1,55 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
# This script can be simplified to use go when https://github.com/jdx/mise/discussions/6374 is fixed
# e.g. go list -m -f '{{.GoVersion}}'
module_path="github.com/pulumi/pulumi/pkg/v3"
go_mod_path="."
gomod="go.mod"
if [[ "$go_mod_path" != "" && "$go_mod_path" != "." ]]; then
gomod="$go_mod_path/$gomod"
fi
if [[ ! -f "$gomod" ]]; then
echo "missing $gomod" >&2
exit 1
fi
raw_version=$(awk -v module="$module_path" '
$1 == module || $2 == module {
for (i = 1; i <= NF; i++) {
if ($i ~ /^v[0-9]/) {
sub(/^v/, "", $i)
print $i
exit
}
}
}
' "$gomod")
if [[ -z "${raw_version:-}" ]]; then
echo "failed to determine Pulumi version from $gomod" >&2
exit 1
fi
echo "PULUMI_VERSION_MISE=$raw_version"
export PULUMI_VERSION_MISE=$raw_version
# Prefer the toolchain directive if present, otherwise fall back to the `go` version line
go_toolchain=$(awk '/^toolchain[[:space:]]+go[0-9]/{ print $2; exit }' "$gomod")
if [[ -n "${go_toolchain:-}" ]]; then
go_version=${go_toolchain#go}
else
go_version=$(awk '/^go[[:space:]]+[0-9]/{ print $2; exit }' "$gomod")
fi
if [[ -z "${go_version:-}" ]]; then
echo "failed to determine Go version from $gomod" >&2
exit 1
fi
echo "GO_VERSION_MISE=$go_version"
export GO_VERSION_MISE=$go_version

39
sdk/dotnet/Inputs/CacheFromGitHubActionsArgs.cs generated
View File

@@ -10,12 +10,6 @@ using Pulumi.Serialization;
namespace Pulumi.DockerBuild.Inputs
{
/// <summary>
/// Recommended for use with GitHub Actions workflows.
///
/// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
/// appropriate credentials to your GitHub workflow.
/// </summary>
public sealed class CacheFromGitHubActionsArgs : global::Pulumi.ResourceArgs
{
/// <summary>
@@ -27,9 +21,42 @@ namespace Pulumi.DockerBuild.Inputs
[Input("scope")]
public Input<string>? Scope { get; set; }
[Input("token")]
private Input<string>? _token;
/// <summary>
/// The GitHub Actions token to use. This is not a personal access tokens
/// and is typically generated automatically as part of each job.
///
/// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public Input<string>? Token
{
get => _token;
set
{
var emptySecret = Output.CreateSecret(0);
_token = Output.Tuple<Input<string>?, int>(value, emptySecret).Apply(t => t.Item1);
}
}
/// <summary>
/// The cache server URL to use for artifacts.
///
/// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
[Input("url")]
public Input<string>? Url { get; set; }
public CacheFromGitHubActionsArgs()
{
Scope = "buildkit";
Token = Utilities.GetEnv("ACTIONS_RUNTIME_TOKEN") ?? "";
Url = Utilities.GetEnv("ACTIONS_CACHE_URL") ?? "";
}
public static new CacheFromGitHubActionsArgs Empty => new CacheFromGitHubActionsArgs();
}

39
sdk/dotnet/Inputs/CacheToGitHubActionsArgs.cs generated
View File

@@ -10,12 +10,6 @@ using Pulumi.Serialization;
namespace Pulumi.DockerBuild.Inputs
{
/// <summary>
/// Recommended for use with GitHub Actions workflows.
///
/// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
/// appropriate credentials to your GitHub workflow.
/// </summary>
public sealed class CacheToGitHubActionsArgs : global::Pulumi.ResourceArgs
{
/// <summary>
@@ -39,11 +33,44 @@ namespace Pulumi.DockerBuild.Inputs
[Input("scope")]
public Input<string>? Scope { get; set; }
[Input("token")]
private Input<string>? _token;
/// <summary>
/// The GitHub Actions token to use. This is not a personal access tokens
/// and is typically generated automatically as part of each job.
///
/// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public Input<string>? Token
{
get => _token;
set
{
var emptySecret = Output.CreateSecret(0);
_token = Output.Tuple<Input<string>?, int>(value, emptySecret).Apply(t => t.Item1);
}
}
/// <summary>
/// The cache server URL to use for artifacts.
///
/// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
[Input("url")]
public Input<string>? Url { get; set; }
public CacheToGitHubActionsArgs()
{
IgnoreError = false;
Mode = Pulumi.DockerBuild.CacheMode.Min;
Scope = "buildkit";
Token = Utilities.GetEnv("ACTIONS_RUNTIME_TOKEN") ?? "";
Url = Utilities.GetEnv("ACTIONS_CACHE_URL") ?? "";
}
public static new CacheToGitHubActionsArgs Empty => new CacheToGitHubActionsArgs();
}

32
sdk/dotnet/Outputs/CacheFromGitHubActions.cs generated
View File

@@ -10,12 +10,6 @@ using Pulumi.Serialization;
namespace Pulumi.DockerBuild.Outputs
{
/// <summary>
/// Recommended for use with GitHub Actions workflows.
///
/// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
/// appropriate credentials to your GitHub workflow.
/// </summary>
[OutputType]
public sealed class CacheFromGitHubActions
{
@@ -26,11 +20,35 @@ namespace Pulumi.DockerBuild.Outputs
/// workflow, otherwise caches will overwrite each other.
/// </summary>
public readonly string? Scope;
/// <summary>
/// The GitHub Actions token to use. This is not a personal access tokens
/// and is typically generated automatically as part of each job.
///
/// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public readonly string? Token;
/// <summary>
/// The cache server URL to use for artifacts.
///
/// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public readonly string? Url;
[OutputConstructor]
private CacheFromGitHubActions(string? scope)
private CacheFromGitHubActions(
string? scope,
string? token,
string? url)
{
Scope = scope;
Token = token;
Url = url;
}
}
}

31
sdk/dotnet/Outputs/CacheToGitHubActions.cs generated
View File

@@ -10,12 +10,6 @@ using Pulumi.Serialization;
namespace Pulumi.DockerBuild.Outputs
{
/// <summary>
/// Recommended for use with GitHub Actions workflows.
///
/// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
/// appropriate credentials to your GitHub workflow.
/// </summary>
[OutputType]
public sealed class CacheToGitHubActions
{
@@ -34,6 +28,23 @@ namespace Pulumi.DockerBuild.Outputs
/// workflow, otherwise caches will overwrite each other.
/// </summary>
public readonly string? Scope;
/// <summary>
/// The GitHub Actions token to use. This is not a personal access tokens
/// and is typically generated automatically as part of each job.
///
/// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public readonly string? Token;
/// <summary>
/// The cache server URL to use for artifacts.
///
/// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public readonly string? Url;
[OutputConstructor]
private CacheToGitHubActions(
@@ -41,11 +52,17 @@ namespace Pulumi.DockerBuild.Outputs
Pulumi.DockerBuild.CacheMode? mode,
string? scope)
string? scope,
string? token,
string? url)
{
IgnoreError = ignoreError;
Mode = mode;
Scope = scope;
Token = token;
Url = url;
}
}
}

2
sdk/go/dockerbuild/go.mod generated
View File

@@ -4,7 +4,7 @@ go 1.24.1
require (
github.com/blang/semver v3.5.1+incompatible
github.com/pulumi/pulumi/sdk/v3 v3.192.0
github.com/pulumi/pulumi/sdk/v3 v3.187.0
)
require (

4
sdk/go/dockerbuild/go.sum generated
View File

@@ -164,8 +164,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE=
github.com/pulumi/esc v0.17.0 h1:oaVOIyFTENlYDuqc3pW75lQT9jb2cd6ie/4/Twxn66w=
github.com/pulumi/esc v0.17.0/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc=
github.com/pulumi/pulumi/sdk/v3 v3.192.0 h1:sfHuR3P02wSbV3xdSMEQ0+uC/HzlMz0YfKrVAXy1hSQ=
github.com/pulumi/pulumi/sdk/v3 v3.192.0/go.mod h1:aV0+c5xpSYccWKmOjTZS9liYCqh7+peu3cQgSXu7CJw=
github.com/pulumi/pulumi/sdk/v3 v3.187.0 h1:BflBBeD/qaoKN4Tov11g4aHzJ7pTXBSb8otgmteRer0=
github.com/pulumi/pulumi/sdk/v3 v3.187.0/go.mod h1:BnpKxUc6QlxqoCqobHNZsUuIuY27H6ZFUk0Cp+0JN5U=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=

216
sdk/go/dockerbuild/pulumiTypes.go generated
View File

@@ -834,16 +834,25 @@ func (o CacheFromAzureBlobPtrOutput) SecretAccessKey() pulumi.StringPtrOutput {
}).(pulumi.StringPtrOutput)
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActions struct {
// The scope to use for cache keys. Defaults to `buildkit`.
//
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope *string `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token *string `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url *string `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheFromGitHubActions
@@ -856,6 +865,18 @@ func (val *CacheFromGitHubActions) Defaults() *CacheFromGitHubActions {
scope_ := "buildkit"
tmp.Scope = &scope_
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
token_ := d.(string)
tmp.Token = &token_
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
url_ := d.(string)
tmp.Url = &url_
}
}
return &tmp
}
@@ -870,16 +891,25 @@ type CacheFromGitHubActionsInput interface {
ToCacheFromGitHubActionsOutputWithContext(context.Context) CacheFromGitHubActionsOutput
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActionsArgs struct {
// The scope to use for cache keys. Defaults to `buildkit`.
//
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope pulumi.StringPtrInput `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token pulumi.StringPtrInput `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url pulumi.StringPtrInput `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheFromGitHubActionsArgs
@@ -891,6 +921,16 @@ func (val *CacheFromGitHubActionsArgs) Defaults() *CacheFromGitHubActionsArgs {
if tmp.Scope == nil {
tmp.Scope = pulumi.StringPtr("buildkit")
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
tmp.Token = pulumi.StringPtr(d.(string))
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
tmp.Url = pulumi.StringPtr(d.(string))
}
}
return &tmp
}
func (CacheFromGitHubActionsArgs) ElementType() reflect.Type {
@@ -958,10 +998,6 @@ func (i *cacheFromGitHubActionsPtrType) ToOutput(ctx context.Context) pulumix.Ou
}
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActionsOutput struct{ *pulumi.OutputState }
func (CacheFromGitHubActionsOutput) ElementType() reflect.Type {
@@ -1000,6 +1036,25 @@ func (o CacheFromGitHubActionsOutput) Scope() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheFromGitHubActions) *string { return v.Scope }).(pulumi.StringPtrOutput)
}
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsOutput) Token() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheFromGitHubActions) *string { return v.Token }).(pulumi.StringPtrOutput)
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsOutput) Url() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheFromGitHubActions) *string { return v.Url }).(pulumi.StringPtrOutput)
}
type CacheFromGitHubActionsPtrOutput struct{ *pulumi.OutputState }
func (CacheFromGitHubActionsPtrOutput) ElementType() reflect.Type {
@@ -1043,6 +1098,35 @@ func (o CacheFromGitHubActionsPtrOutput) Scope() pulumi.StringPtrOutput {
}).(pulumi.StringPtrOutput)
}
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsPtrOutput) Token() pulumi.StringPtrOutput {
return o.ApplyT(func(v *CacheFromGitHubActions) *string {
if v == nil {
return nil
}
return v.Token
}).(pulumi.StringPtrOutput)
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsPtrOutput) Url() pulumi.StringPtrOutput {
return o.ApplyT(func(v *CacheFromGitHubActions) *string {
if v == nil {
return nil
}
return v.Url
}).(pulumi.StringPtrOutput)
}
type CacheFromLocal struct {
// Digest of manifest to import.
Digest *string `pulumi:"digest"`
@@ -2277,10 +2361,6 @@ func (o CacheToAzureBlobPtrOutput) SecretAccessKey() pulumi.StringPtrOutput {
}).(pulumi.StringPtrOutput)
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActions struct {
// Ignore errors caused by failed cache exports.
IgnoreError *bool `pulumi:"ignoreError"`
@@ -2291,6 +2371,19 @@ type CacheToGitHubActions struct {
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope *string `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token *string `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url *string `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheToGitHubActions
@@ -2311,6 +2404,18 @@ func (val *CacheToGitHubActions) Defaults() *CacheToGitHubActions {
scope_ := "buildkit"
tmp.Scope = &scope_
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
token_ := d.(string)
tmp.Token = &token_
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
url_ := d.(string)
tmp.Url = &url_
}
}
return &tmp
}
@@ -2325,10 +2430,6 @@ type CacheToGitHubActionsInput interface {
ToCacheToGitHubActionsOutputWithContext(context.Context) CacheToGitHubActionsOutput
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActionsArgs struct {
// Ignore errors caused by failed cache exports.
IgnoreError pulumi.BoolPtrInput `pulumi:"ignoreError"`
@@ -2339,6 +2440,19 @@ type CacheToGitHubActionsArgs struct {
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope pulumi.StringPtrInput `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token pulumi.StringPtrInput `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url pulumi.StringPtrInput `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheToGitHubActionsArgs
@@ -2356,6 +2470,16 @@ func (val *CacheToGitHubActionsArgs) Defaults() *CacheToGitHubActionsArgs {
if tmp.Scope == nil {
tmp.Scope = pulumi.StringPtr("buildkit")
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
tmp.Token = pulumi.StringPtr(d.(string))
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
tmp.Url = pulumi.StringPtr(d.(string))
}
}
return &tmp
}
func (CacheToGitHubActionsArgs) ElementType() reflect.Type {
@@ -2423,10 +2547,6 @@ func (i *cacheToGitHubActionsPtrType) ToOutput(ctx context.Context) pulumix.Outp
}
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActionsOutput struct{ *pulumi.OutputState }
func (CacheToGitHubActionsOutput) ElementType() reflect.Type {
@@ -2475,6 +2595,25 @@ func (o CacheToGitHubActionsOutput) Scope() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheToGitHubActions) *string { return v.Scope }).(pulumi.StringPtrOutput)
}
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsOutput) Token() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheToGitHubActions) *string { return v.Token }).(pulumi.StringPtrOutput)
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsOutput) Url() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheToGitHubActions) *string { return v.Url }).(pulumi.StringPtrOutput)
}
type CacheToGitHubActionsPtrOutput struct{ *pulumi.OutputState }
func (CacheToGitHubActionsPtrOutput) ElementType() reflect.Type {
@@ -2538,6 +2677,35 @@ func (o CacheToGitHubActionsPtrOutput) Scope() pulumi.StringPtrOutput {
}).(pulumi.StringPtrOutput)
}
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsPtrOutput) Token() pulumi.StringPtrOutput {
return o.ApplyT(func(v *CacheToGitHubActions) *string {
if v == nil {
return nil
}
return v.Token
}).(pulumi.StringPtrOutput)
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsPtrOutput) Url() pulumi.StringPtrOutput {
return o.ApplyT(func(v *CacheToGitHubActions) *string {
if v == nil {
return nil
}
return v.Url
}).(pulumi.StringPtrOutput)
}
// Include an inline cache with the exported image.
type CacheToInline struct {
}

158
sdk/go/dockerbuild/x/pulumiTypes.go generated
View File

@@ -393,16 +393,25 @@ func (o CacheFromAzureBlobOutput) SecretAccessKey() pulumix.Output[*string] {
return pulumix.Apply[CacheFromAzureBlob](o, func(v CacheFromAzureBlob) *string { return v.SecretAccessKey })
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActions struct {
// The scope to use for cache keys. Defaults to `buildkit`.
//
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope *string `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token *string `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url *string `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheFromGitHubActions
@@ -415,19 +424,40 @@ func (val *CacheFromGitHubActions) Defaults() *CacheFromGitHubActions {
scope_ := "buildkit"
tmp.Scope = &scope_
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
token_ := d.(string)
tmp.Token = &token_
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
url_ := d.(string)
tmp.Url = &url_
}
}
return &tmp
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActionsArgs struct {
// The scope to use for cache keys. Defaults to `buildkit`.
//
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope pulumix.Input[*string] `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token pulumix.Input[*string] `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url pulumix.Input[*string] `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheFromGitHubActionsArgs
@@ -439,6 +469,16 @@ func (val *CacheFromGitHubActionsArgs) Defaults() *CacheFromGitHubActionsArgs {
if tmp.Scope == nil {
tmp.Scope = pulumix.Ptr("buildkit")
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
tmp.Token = pulumix.Ptr(d.(string))
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
tmp.Url = pulumix.Ptr(d.(string))
}
}
return &tmp
}
func (CacheFromGitHubActionsArgs) ElementType() reflect.Type {
@@ -457,10 +497,6 @@ func (i *CacheFromGitHubActionsArgs) ToOutput(ctx context.Context) pulumix.Outpu
return pulumix.Val(i)
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActionsOutput struct{ *pulumi.OutputState }
func (CacheFromGitHubActionsOutput) ElementType() reflect.Type {
@@ -489,6 +525,25 @@ func (o CacheFromGitHubActionsOutput) Scope() pulumix.Output[*string] {
return pulumix.Apply[CacheFromGitHubActions](o, func(v CacheFromGitHubActions) *string { return v.Scope })
}
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsOutput) Token() pulumix.Output[*string] {
return pulumix.Apply[CacheFromGitHubActions](o, func(v CacheFromGitHubActions) *string { return v.Token })
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsOutput) Url() pulumix.Output[*string] {
return pulumix.Apply[CacheFromGitHubActions](o, func(v CacheFromGitHubActions) *string { return v.Url })
}
type CacheFromLocal struct {
// Digest of manifest to import.
Digest *string `pulumi:"digest"`
@@ -1079,10 +1134,6 @@ func (o CacheToAzureBlobOutput) SecretAccessKey() pulumix.Output[*string] {
return pulumix.Apply[CacheToAzureBlob](o, func(v CacheToAzureBlob) *string { return v.SecretAccessKey })
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActions struct {
// Ignore errors caused by failed cache exports.
IgnoreError *bool `pulumi:"ignoreError"`
@@ -1093,6 +1144,19 @@ type CacheToGitHubActions struct {
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope *string `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token *string `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url *string `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheToGitHubActions
@@ -1113,13 +1177,21 @@ func (val *CacheToGitHubActions) Defaults() *CacheToGitHubActions {
scope_ := "buildkit"
tmp.Scope = &scope_
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
token_ := d.(string)
tmp.Token = &token_
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
url_ := d.(string)
tmp.Url = &url_
}
}
return &tmp
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActionsArgs struct {
// Ignore errors caused by failed cache exports.
IgnoreError pulumix.Input[*bool] `pulumi:"ignoreError"`
@@ -1130,6 +1202,19 @@ type CacheToGitHubActionsArgs struct {
// This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other.
Scope pulumix.Input[*string] `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token pulumix.Input[*string] `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url pulumix.Input[*string] `pulumi:"url"`
}
// Defaults sets the appropriate defaults for CacheToGitHubActionsArgs
@@ -1147,6 +1232,16 @@ func (val *CacheToGitHubActionsArgs) Defaults() *CacheToGitHubActionsArgs {
if tmp.Scope == nil {
tmp.Scope = pulumix.Ptr("buildkit")
}
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
tmp.Token = pulumix.Ptr(d.(string))
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
tmp.Url = pulumix.Ptr(d.(string))
}
}
return &tmp
}
func (CacheToGitHubActionsArgs) ElementType() reflect.Type {
@@ -1165,10 +1260,6 @@ func (i *CacheToGitHubActionsArgs) ToOutput(ctx context.Context) pulumix.Output[
return pulumix.Val(i)
}
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActionsOutput struct{ *pulumi.OutputState }
func (CacheToGitHubActionsOutput) ElementType() reflect.Type {
@@ -1207,6 +1298,25 @@ func (o CacheToGitHubActionsOutput) Scope() pulumix.Output[*string] {
return pulumix.Apply[CacheToGitHubActions](o, func(v CacheToGitHubActions) *string { return v.Scope })
}
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsOutput) Token() pulumix.Output[*string] {
return pulumix.Apply[CacheToGitHubActions](o, func(v CacheToGitHubActions) *string { return v.Token })
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsOutput) Url() pulumix.Output[*string] {
return pulumix.Apply[CacheToGitHubActions](o, func(v CacheToGitHubActions) *string { return v.Url })
}
// Include an inline cache with the exported image.
type CacheToInline struct {
}

119
sdk/java/src/main/java/com/pulumi/dockerbuild/inputs/CacheFromGitHubActionsArgs.java generated
View File

@@ -12,13 +12,6 @@ import java.util.Optional;
import javax.annotation.Nullable;
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*
*/
public final class CacheFromGitHubActionsArgs extends com.pulumi.resources.ResourceArgs {
public static final CacheFromGitHubActionsArgs Empty = new CacheFromGitHubActionsArgs();
@@ -44,10 +37,60 @@ public final class CacheFromGitHubActionsArgs extends com.pulumi.resources.Resou
return Optional.ofNullable(this.scope);
}
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
@Import(name="token")
private @Nullable Output<String> token;
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<Output<String>> token() {
return Optional.ofNullable(this.token);
}
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
@Import(name="url")
private @Nullable Output<String> url;
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<Output<String>> url() {
return Optional.ofNullable(this.url);
}
private CacheFromGitHubActionsArgs() {}
private CacheFromGitHubActionsArgs(CacheFromGitHubActionsArgs $) {
this.scope = $.scope;
this.token = $.token;
this.url = $.url;
}
public static Builder builder() {
@@ -95,8 +138,70 @@ public final class CacheFromGitHubActionsArgs extends com.pulumi.resources.Resou
return scope(Output.of(scope));
}
/**
* @param token The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder token(@Nullable Output<String> token) {
$.token = token;
return this;
}
/**
* @param token The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder token(String token) {
return token(Output.of(token));
}
/**
* @param url The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder url(@Nullable Output<String> url) {
$.url = url;
return this;
}
/**
* @param url The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder url(String url) {
return url(Output.of(url));
}
public CacheFromGitHubActionsArgs build() {
$.scope = Codegen.stringProp("scope").output().arg($.scope).def("buildkit").getNullable();
$.token = Codegen.stringProp("token").secret().arg($.token).env("ACTIONS_RUNTIME_TOKEN").def("").getNullable();
$.url = Codegen.stringProp("url").output().arg($.url).env("ACTIONS_CACHE_URL").def("").getNullable();
return $;
}
}

119
sdk/java/src/main/java/com/pulumi/dockerbuild/inputs/CacheToGitHubActionsArgs.java generated
View File

@@ -14,13 +14,6 @@ import java.util.Optional;
import javax.annotation.Nullable;
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*
*/
public final class CacheToGitHubActionsArgs extends com.pulumi.resources.ResourceArgs {
public static final CacheToGitHubActionsArgs Empty = new CacheToGitHubActionsArgs();
@@ -76,12 +69,62 @@ public final class CacheToGitHubActionsArgs extends com.pulumi.resources.Resourc
return Optional.ofNullable(this.scope);
}
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
@Import(name="token")
private @Nullable Output<String> token;
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<Output<String>> token() {
return Optional.ofNullable(this.token);
}
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
@Import(name="url")
private @Nullable Output<String> url;
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<Output<String>> url() {
return Optional.ofNullable(this.url);
}
private CacheToGitHubActionsArgs() {}
private CacheToGitHubActionsArgs(CacheToGitHubActionsArgs $) {
this.ignoreError = $.ignoreError;
this.mode = $.mode;
this.scope = $.scope;
this.token = $.token;
this.url = $.url;
}
public static Builder builder() {
@@ -171,10 +214,72 @@ public final class CacheToGitHubActionsArgs extends com.pulumi.resources.Resourc
return scope(Output.of(scope));
}
/**
* @param token The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder token(@Nullable Output<String> token) {
$.token = token;
return this;
}
/**
* @param token The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder token(String token) {
return token(Output.of(token));
}
/**
* @param url The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder url(@Nullable Output<String> url) {
$.url = url;
return this;
}
/**
* @param url The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder url(String url) {
return url(Output.of(url));
}
public CacheToGitHubActionsArgs build() {
$.ignoreError = Codegen.booleanProp("ignoreError").output().arg($.ignoreError).def(false).getNullable();
$.mode = Codegen.objectProp("mode", CacheMode.class).output().arg($.mode).def(CacheMode.Min).getNullable();
$.scope = Codegen.stringProp("scope").output().arg($.scope).def("buildkit").getNullable();
$.token = Codegen.stringProp("token").secret().arg($.token).env("ACTIONS_RUNTIME_TOKEN").def("").getNullable();
$.url = Codegen.stringProp("url").output().arg($.url).env("ACTIONS_CACHE_URL").def("").getNullable();
return $;
}
}

60
sdk/java/src/main/java/com/pulumi/dockerbuild/outputs/CacheFromGitHubActions.java generated
View File

@@ -19,6 +19,25 @@ public final class CacheFromGitHubActions {
*
*/
private @Nullable String scope;
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
private @Nullable String token;
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
private @Nullable String url;
private CacheFromGitHubActions() {}
/**
@@ -31,6 +50,29 @@ public final class CacheFromGitHubActions {
public Optional<String> scope() {
return Optional.ofNullable(this.scope);
}
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<String> token() {
return Optional.ofNullable(this.token);
}
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<String> url() {
return Optional.ofNullable(this.url);
}
public static Builder builder() {
return new Builder();
@@ -42,10 +84,14 @@ public final class CacheFromGitHubActions {
@CustomType.Builder
public static final class Builder {
private @Nullable String scope;
private @Nullable String token;
private @Nullable String url;
public Builder() {}
public Builder(CacheFromGitHubActions defaults) {
Objects.requireNonNull(defaults);
this.scope = defaults.scope;
this.token = defaults.token;
this.url = defaults.url;
}
@CustomType.Setter
@@ -54,9 +100,23 @@ public final class CacheFromGitHubActions {
this.scope = scope;
return this;
}
@CustomType.Setter
public Builder token(@Nullable String token) {
this.token = token;
return this;
}
@CustomType.Setter
public Builder url(@Nullable String url) {
this.url = url;
return this;
}
public CacheFromGitHubActions build() {
final var _resultValue = new CacheFromGitHubActions();
_resultValue.scope = scope;
_resultValue.token = token;
_resultValue.url = url;
return _resultValue;
}
}

60
sdk/java/src/main/java/com/pulumi/dockerbuild/outputs/CacheToGitHubActions.java generated
View File

@@ -31,6 +31,25 @@ public final class CacheToGitHubActions {
*
*/
private @Nullable String scope;
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
private @Nullable String token;
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
private @Nullable String url;
private CacheToGitHubActions() {}
/**
@@ -57,6 +76,29 @@ public final class CacheToGitHubActions {
public Optional<String> scope() {
return Optional.ofNullable(this.scope);
}
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<String> token() {
return Optional.ofNullable(this.token);
}
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<String> url() {
return Optional.ofNullable(this.url);
}
public static Builder builder() {
return new Builder();
@@ -70,12 +112,16 @@ public final class CacheToGitHubActions {
private @Nullable Boolean ignoreError;
private @Nullable CacheMode mode;
private @Nullable String scope;
private @Nullable String token;
private @Nullable String url;
public Builder() {}
public Builder(CacheToGitHubActions defaults) {
Objects.requireNonNull(defaults);
this.ignoreError = defaults.ignoreError;
this.mode = defaults.mode;
this.scope = defaults.scope;
this.token = defaults.token;
this.url = defaults.url;
}
@CustomType.Setter
@@ -96,11 +142,25 @@ public final class CacheToGitHubActions {
this.scope = scope;
return this;
}
@CustomType.Setter
public Builder token(@Nullable String token) {
this.token = token;
return this;
}
@CustomType.Setter
public Builder url(@Nullable String url) {
this.url = url;
return this;
}
public CacheToGitHubActions build() {
final var _resultValue = new CacheToGitHubActions();
_resultValue.ignoreError = ignoreError;
_resultValue.mode = mode;
_resultValue.scope = scope;
_resultValue.token = token;
_resultValue.url = url;
return _resultValue;
}
}

96
sdk/nodejs/image.ts generated
View File

@@ -501,7 +501,7 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--add-host` flag.
*/
declare public readonly addHosts: pulumi.Output<string[] | undefined>;
public readonly addHosts!: pulumi.Output<string[] | undefined>;
/**
* `ARG` names and values to set during the build.
*
@@ -513,7 +513,7 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--build-arg` flag.
*/
declare public readonly buildArgs: pulumi.Output<{[key: string]: string} | undefined>;
public readonly buildArgs!: pulumi.Output<{[key: string]: string} | undefined>;
/**
* Setting this to `false` will always skip image builds during previews,
* and setting it to `true` will always build images during previews.
@@ -527,35 +527,35 @@ export class Image extends pulumi.CustomResource {
* Defaults to `true` as a safeguard against broken images merging as part
* of CI pipelines.
*/
declare public readonly buildOnPreview: pulumi.Output<boolean | undefined>;
public readonly buildOnPreview!: pulumi.Output<boolean | undefined>;
/**
* Builder configuration.
*/
declare public readonly builder: pulumi.Output<outputs.BuilderConfig | undefined>;
public readonly builder!: pulumi.Output<outputs.BuilderConfig | undefined>;
/**
* Cache export configuration.
*
* Equivalent to Docker's `--cache-from` flag.
*/
declare public readonly cacheFrom: pulumi.Output<outputs.CacheFrom[] | undefined>;
public readonly cacheFrom!: pulumi.Output<outputs.CacheFrom[] | undefined>;
/**
* Cache import configuration.
*
* Equivalent to Docker's `--cache-to` flag.
*/
declare public readonly cacheTo: pulumi.Output<outputs.CacheTo[] | undefined>;
public readonly cacheTo!: pulumi.Output<outputs.CacheTo[] | undefined>;
/**
* Build context settings. Defaults to the current directory.
*
* Equivalent to Docker's `PATH | URL | -` positional argument.
*/
declare public readonly context: pulumi.Output<outputs.BuildContext | undefined>;
public readonly context!: pulumi.Output<outputs.BuildContext | undefined>;
/**
* A preliminary hash of the image's build context.
*
* Pulumi uses this to determine if an image _may_ need to be re-built.
*/
declare public /*out*/ readonly contextHash: pulumi.Output<string>;
public /*out*/ readonly contextHash!: pulumi.Output<string>;
/**
* A SHA256 digest of the image if it was exported to a registry or
* elsewhere.
@@ -565,13 +565,13 @@ export class Image extends pulumi.CustomResource {
* Registry images can be referenced precisely as `<tag>@<digest>`. The
* `ref` output provides one such reference as a convenience.
*/
declare public /*out*/ readonly digest: pulumi.Output<string>;
public /*out*/ readonly digest!: pulumi.Output<string>;
/**
* Dockerfile settings.
*
* Equivalent to Docker's `--file` flag.
*/
declare public readonly dockerfile: pulumi.Output<outputs.Dockerfile | undefined>;
public readonly dockerfile!: pulumi.Output<outputs.Dockerfile | undefined>;
/**
* Use `exec` mode to build this image.
*
@@ -594,7 +594,7 @@ export class Image extends pulumi.CustomResource {
* are temporarily written to disk in order to provide them to the
* `docker-buildx` binary.
*/
declare public readonly exec: pulumi.Output<boolean | undefined>;
public readonly exec!: pulumi.Output<boolean | undefined>;
/**
* Controls where images are persisted after building.
*
@@ -606,13 +606,13 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--output` flag.
*/
declare public readonly exports: pulumi.Output<outputs.Export[] | undefined>;
public readonly exports!: pulumi.Output<outputs.Export[] | undefined>;
/**
* Attach arbitrary key/value metadata to the image.
*
* Equivalent to Docker's `--label` flag.
*/
declare public readonly labels: pulumi.Output<{[key: string]: string} | undefined>;
public readonly labels!: pulumi.Output<{[key: string]: string} | undefined>;
/**
* When `true` the build will automatically include a `docker` export.
*
@@ -620,7 +620,7 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--load` flag.
*/
declare public readonly load: pulumi.Output<boolean | undefined>;
public readonly load!: pulumi.Output<boolean | undefined>;
/**
* Set the network mode for `RUN` instructions. Defaults to `default`.
*
@@ -628,25 +628,25 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--network` flag.
*/
declare public readonly network: pulumi.Output<enums.NetworkMode | undefined>;
public readonly network!: pulumi.Output<enums.NetworkMode | undefined>;
/**
* Do not import cache manifests when building the image.
*
* Equivalent to Docker's `--no-cache` flag.
*/
declare public readonly noCache: pulumi.Output<boolean | undefined>;
public readonly noCache!: pulumi.Output<boolean | undefined>;
/**
* Set target platform(s) for the build. Defaults to the host's platform.
*
* Equivalent to Docker's `--platform` flag.
*/
declare public readonly platforms: pulumi.Output<enums.Platform[] | undefined>;
public readonly platforms!: pulumi.Output<enums.Platform[] | undefined>;
/**
* Always pull referenced images.
*
* Equivalent to Docker's `--pull` flag.
*/
declare public readonly pull: pulumi.Output<boolean | undefined>;
public readonly pull!: pulumi.Output<boolean | undefined>;
/**
* When `true` the build will automatically include a `registry` export.
*
@@ -654,7 +654,7 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--push` flag.
*/
declare public readonly push: pulumi.Output<boolean>;
public readonly push!: pulumi.Output<boolean>;
/**
* If the image was pushed to any registries then this will contain a
* single fully-qualified tag including the build's digest.
@@ -671,7 +671,7 @@ export class Image extends pulumi.CustomResource {
* For more control over tags consumed by downstream resources you should
* use the `digest` output.
*/
declare public /*out*/ readonly ref: pulumi.Output<string>;
public /*out*/ readonly ref!: pulumi.Output<string>;
/**
* Registry credentials. Required if reading or exporting to private
* repositories.
@@ -681,7 +681,7 @@ export class Image extends pulumi.CustomResource {
*
* Similar to `docker login`.
*/
declare public readonly registries: pulumi.Output<outputs.Registry[] | undefined>;
public readonly registries!: pulumi.Output<outputs.Registry[] | undefined>;
/**
* A mapping of secret names to their corresponding values.
*
@@ -693,13 +693,13 @@ export class Image extends pulumi.CustomResource {
*
* Similar to Docker's `--secret` flag.
*/
declare public readonly secrets: pulumi.Output<{[key: string]: string} | undefined>;
public readonly secrets!: pulumi.Output<{[key: string]: string} | undefined>;
/**
* SSH agent socket or keys to expose to the build.
*
* Equivalent to Docker's `--ssh` flag.
*/
declare public readonly ssh: pulumi.Output<outputs.SSH[] | undefined>;
public readonly ssh!: pulumi.Output<outputs.SSH[] | undefined>;
/**
* Name and optionally a tag (format: `name:tag`).
*
@@ -708,7 +708,7 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--tag` flag.
*/
declare public readonly tags: pulumi.Output<string[] | undefined>;
public readonly tags!: pulumi.Output<string[] | undefined>;
/**
* Set the target build stage(s) to build.
*
@@ -716,7 +716,7 @@ export class Image extends pulumi.CustomResource {
*
* Equivalent to Docker's `--target` flag.
*/
declare public readonly target: pulumi.Output<string | undefined>;
public readonly target!: pulumi.Output<string | undefined>;
/**
* Create a Image resource with the given unique name, arguments, and options.
@@ -729,31 +729,31 @@ export class Image extends pulumi.CustomResource {
let resourceInputs: pulumi.Inputs = {};
opts = opts || {};
if (!opts.id) {
if (args?.push === undefined && !opts.urn) {
if ((!args || args.push === undefined) && !opts.urn) {
throw new Error("Missing required property 'push'");
}
resourceInputs["addHosts"] = args?.addHosts;
resourceInputs["buildArgs"] = args?.buildArgs;
resourceInputs["buildOnPreview"] = (args?.buildOnPreview) ?? true;
resourceInputs["builder"] = args?.builder;
resourceInputs["cacheFrom"] = args?.cacheFrom;
resourceInputs["cacheTo"] = args?.cacheTo;
resourceInputs["context"] = args?.context;
resourceInputs["dockerfile"] = args?.dockerfile;
resourceInputs["exec"] = args?.exec;
resourceInputs["exports"] = args?.exports;
resourceInputs["labels"] = args?.labels;
resourceInputs["load"] = args?.load;
resourceInputs["network"] = (args?.network) ?? "default";
resourceInputs["noCache"] = args?.noCache;
resourceInputs["platforms"] = args?.platforms;
resourceInputs["pull"] = args?.pull;
resourceInputs["push"] = args?.push;
resourceInputs["registries"] = args?.registries;
resourceInputs["secrets"] = args?.secrets;
resourceInputs["ssh"] = args?.ssh;
resourceInputs["tags"] = args?.tags;
resourceInputs["target"] = args?.target;
resourceInputs["addHosts"] = args ? args.addHosts : undefined;
resourceInputs["buildArgs"] = args ? args.buildArgs : undefined;
resourceInputs["buildOnPreview"] = (args ? args.buildOnPreview : undefined) ?? true;
resourceInputs["builder"] = args ? args.builder : undefined;
resourceInputs["cacheFrom"] = args ? args.cacheFrom : undefined;
resourceInputs["cacheTo"] = args ? args.cacheTo : undefined;
resourceInputs["context"] = args ? args.context : undefined;
resourceInputs["dockerfile"] = args ? args.dockerfile : undefined;
resourceInputs["exec"] = args ? args.exec : undefined;
resourceInputs["exports"] = args ? args.exports : undefined;
resourceInputs["labels"] = args ? args.labels : undefined;
resourceInputs["load"] = args ? args.load : undefined;
resourceInputs["network"] = (args ? args.network : undefined) ?? "default";
resourceInputs["noCache"] = args ? args.noCache : undefined;
resourceInputs["platforms"] = args ? args.platforms : undefined;
resourceInputs["pull"] = args ? args.pull : undefined;
resourceInputs["push"] = args ? args.push : undefined;
resourceInputs["registries"] = args ? args.registries : undefined;
resourceInputs["secrets"] = args ? args.secrets : undefined;
resourceInputs["ssh"] = args ? args.ssh : undefined;
resourceInputs["tags"] = args ? args.tags : undefined;
resourceInputs["target"] = args ? args.target : undefined;
resourceInputs["contextHash"] = undefined /*out*/;
resourceInputs["digest"] = undefined /*out*/;
resourceInputs["ref"] = undefined /*out*/;

22
sdk/nodejs/index_.ts generated
View File

@@ -113,27 +113,27 @@ export class Index extends pulumi.CustomResource {
*
* Defaults to `true`.
*/
declare public readonly push: pulumi.Output<boolean | undefined>;
public readonly push!: pulumi.Output<boolean | undefined>;
/**
* The pushed tag with digest.
*
* Identical to the tag if the index was not pushed.
*/
declare public /*out*/ readonly ref: pulumi.Output<string>;
public /*out*/ readonly ref!: pulumi.Output<string>;
/**
* Authentication for the registry where the tagged index will be pushed.
*
* Credentials can also be included with the provider's configuration.
*/
declare public readonly registry: pulumi.Output<outputs.Registry | undefined>;
public readonly registry!: pulumi.Output<outputs.Registry | undefined>;
/**
* Existing images to include in the index.
*/
declare public readonly sources: pulumi.Output<string[]>;
public readonly sources!: pulumi.Output<string[]>;
/**
* The tag to apply to the index.
*/
declare public readonly tag: pulumi.Output<string>;
public readonly tag!: pulumi.Output<string>;
/**
* Create a Index resource with the given unique name, arguments, and options.
@@ -146,16 +146,16 @@ export class Index extends pulumi.CustomResource {
let resourceInputs: pulumi.Inputs = {};
opts = opts || {};
if (!opts.id) {
if (args?.sources === undefined && !opts.urn) {
if ((!args || args.sources === undefined) && !opts.urn) {
throw new Error("Missing required property 'sources'");
}
if (args?.tag === undefined && !opts.urn) {
if ((!args || args.tag === undefined) && !opts.urn) {
throw new Error("Missing required property 'tag'");
}
resourceInputs["push"] = (args?.push) ?? true;
resourceInputs["registry"] = args?.registry;
resourceInputs["sources"] = args?.sources;
resourceInputs["tag"] = args?.tag;
resourceInputs["push"] = (args ? args.push : undefined) ?? true;
resourceInputs["registry"] = args ? args.registry : undefined;
resourceInputs["sources"] = args ? args.sources : undefined;
resourceInputs["tag"] = args ? args.tag : undefined;
resourceInputs["ref"] = undefined /*out*/;
} else {
resourceInputs["push"] = undefined /*out*/;

6
sdk/nodejs/provider.ts generated
View File

@@ -25,7 +25,7 @@ export class Provider extends pulumi.ProviderResource {
/**
* The build daemon's address.
*/
declare public readonly host: pulumi.Output<string | undefined>;
public readonly host!: pulumi.Output<string | undefined>;
/**
* Create a Provider resource with the given unique name, arguments, and options.
@@ -38,8 +38,8 @@ export class Provider extends pulumi.ProviderResource {
let resourceInputs: pulumi.Inputs = {};
opts = opts || {};
{
resourceInputs["host"] = (args?.host) ?? (utilities.getEnv("DOCKER_HOST") || "");
resourceInputs["registries"] = pulumi.output(args?.registries).apply(JSON.stringify);
resourceInputs["host"] = (args ? args.host : undefined) ?? (utilities.getEnv("DOCKER_HOST") || "");
resourceInputs["registries"] = pulumi.output(args ? args.registries : undefined).apply(JSON.stringify);
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(Provider.__pulumiType, name, resourceInputs, opts);

2
sdk/nodejs/tsconfig.json generated
View File

@@ -1,7 +1,7 @@
{
"compilerOptions": {
"outDir": "bin",
"target": "ES2020",
"target": "es2016",
"module": "commonjs",
"moduleResolution": "node",
"declaration": true,

50
sdk/nodejs/types/input.ts generated
View File

@@ -104,12 +104,6 @@ export interface CacheFromAzureBlobArgs {
secretAccessKey?: pulumi.Input<string>;
}
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*/
export interface CacheFromGitHubActionsArgs {
/**
* The scope to use for cache keys. Defaults to `buildkit`.
@@ -118,6 +112,23 @@ export interface CacheFromGitHubActionsArgs {
* workflow, otherwise caches will overwrite each other.
*/
scope?: pulumi.Input<string>;
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
token?: pulumi.Input<string>;
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
url?: pulumi.Input<string>;
}
/**
* cacheFromGitHubActionsArgsProvideDefaults sets the appropriate defaults for CacheFromGitHubActionsArgs
@@ -126,6 +137,8 @@ export function cacheFromGitHubActionsArgsProvideDefaults(val: CacheFromGitHubAc
return {
...val,
scope: (val.scope) ?? "buildkit",
token: (val.token) ?? (utilities.getEnv("ACTIONS_RUNTIME_TOKEN") || ""),
url: (val.url) ?? (utilities.getEnv("ACTIONS_CACHE_URL") || ""),
};
}
@@ -290,12 +303,6 @@ export function cacheToAzureBlobArgsProvideDefaults(val: CacheToAzureBlobArgs):
};
}
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*/
export interface CacheToGitHubActionsArgs {
/**
* Ignore errors caused by failed cache exports.
@@ -312,6 +319,23 @@ export interface CacheToGitHubActionsArgs {
* workflow, otherwise caches will overwrite each other.
*/
scope?: pulumi.Input<string>;
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
token?: pulumi.Input<string>;
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
url?: pulumi.Input<string>;
}
/**
* cacheToGitHubActionsArgsProvideDefaults sets the appropriate defaults for CacheToGitHubActionsArgs
@@ -322,6 +346,8 @@ export function cacheToGitHubActionsArgsProvideDefaults(val: CacheToGitHubAction
ignoreError: (val.ignoreError) ?? false,
mode: (val.mode) ?? "min",
scope: (val.scope) ?? "buildkit",
token: (val.token) ?? (utilities.getEnv("ACTIONS_RUNTIME_TOKEN") || ""),
url: (val.url) ?? (utilities.getEnv("ACTIONS_CACHE_URL") || ""),
};
}

50
sdk/nodejs/types/output.ts generated
View File

@@ -104,12 +104,6 @@ export interface CacheFromAzureBlob {
secretAccessKey?: string;
}
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*/
export interface CacheFromGitHubActions {
/**
* The scope to use for cache keys. Defaults to `buildkit`.
@@ -118,6 +112,23 @@ export interface CacheFromGitHubActions {
* workflow, otherwise caches will overwrite each other.
*/
scope?: string;
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
token?: string;
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
url?: string;
}
/**
* cacheFromGitHubActionsProvideDefaults sets the appropriate defaults for CacheFromGitHubActions
@@ -126,6 +137,8 @@ export function cacheFromGitHubActionsProvideDefaults(val: CacheFromGitHubAction
return {
...val,
scope: (val.scope) ?? "buildkit",
token: (val.token) ?? (utilities.getEnv("ACTIONS_RUNTIME_TOKEN") || ""),
url: (val.url) ?? (utilities.getEnv("ACTIONS_CACHE_URL") || ""),
};
}
@@ -290,12 +303,6 @@ export function cacheToAzureBlobProvideDefaults(val: CacheToAzureBlob): CacheToA
};
}
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*/
export interface CacheToGitHubActions {
/**
* Ignore errors caused by failed cache exports.
@@ -312,6 +319,23 @@ export interface CacheToGitHubActions {
* workflow, otherwise caches will overwrite each other.
*/
scope?: string;
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
token?: string;
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
url?: string;
}
/**
* cacheToGitHubActionsProvideDefaults sets the appropriate defaults for CacheToGitHubActions
@@ -322,6 +346,8 @@ export function cacheToGitHubActionsProvideDefaults(val: CacheToGitHubActions):
ignoreError: (val.ignoreError) ?? false,
mode: (val.mode) ?? "min",
scope: (val.scope) ?? "buildkit",
token: (val.token) ?? (utilities.getEnv("ACTIONS_RUNTIME_TOKEN") || ""),
url: (val.url) ?? (utilities.getEnv("ACTIONS_CACHE_URL") || ""),
};
}

166
sdk/python/pulumi_docker_build/_inputs.py generated
View File

@@ -281,12 +281,6 @@ class CacheFromAzureBlobArgs:
if not MYPY:
class CacheFromGitHubActionsArgsDict(TypedDict):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
"""
scope: NotRequired[pulumi.Input[_builtins.str]]
"""
The scope to use for cache keys. Defaults to `buildkit`.
@@ -294,27 +288,61 @@ if not MYPY:
This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other.
"""
token: NotRequired[pulumi.Input[_builtins.str]]
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
url: NotRequired[pulumi.Input[_builtins.str]]
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
elif False:
CacheFromGitHubActionsArgsDict: TypeAlias = Mapping[str, Any]
@pulumi.input_type
class CacheFromGitHubActionsArgs:
def __init__(__self__, *,
scope: Optional[pulumi.Input[_builtins.str]] = None):
scope: Optional[pulumi.Input[_builtins.str]] = None,
token: Optional[pulumi.Input[_builtins.str]] = None,
url: Optional[pulumi.Input[_builtins.str]] = None):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
:param pulumi.Input[_builtins.str] scope: The scope to use for cache keys. Defaults to `buildkit`.
This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other.
:param pulumi.Input[_builtins.str] token: The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
:param pulumi.Input[_builtins.str] url: The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
if scope is None:
scope = 'buildkit'
if scope is not None:
pulumi.set(__self__, "scope", scope)
if token is None:
token = (_utilities.get_env('ACTIONS_RUNTIME_TOKEN') or '')
if token is not None:
pulumi.set(__self__, "token", token)
if url is None:
url = (_utilities.get_env('ACTIONS_CACHE_URL') or '')
if url is not None:
pulumi.set(__self__, "url", url)
@_builtins.property
@pulumi.getter
@@ -331,6 +359,39 @@ class CacheFromGitHubActionsArgs:
def scope(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "scope", value)
@_builtins.property
@pulumi.getter
def token(self) -> Optional[pulumi.Input[_builtins.str]]:
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "token")
@token.setter
def token(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "token", value)
@_builtins.property
@pulumi.getter
def url(self) -> Optional[pulumi.Input[_builtins.str]]:
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "url")
@url.setter
def url(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "url", value)
if not MYPY:
class CacheFromLocalArgsDict(TypedDict):
@@ -916,12 +977,6 @@ class CacheToAzureBlobArgs:
if not MYPY:
class CacheToGitHubActionsArgsDict(TypedDict):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
"""
ignore_error: NotRequired[pulumi.Input[_builtins.bool]]
"""
Ignore errors caused by failed cache exports.
@@ -937,6 +992,23 @@ if not MYPY:
This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other.
"""
token: NotRequired[pulumi.Input[_builtins.str]]
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
url: NotRequired[pulumi.Input[_builtins.str]]
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
elif False:
CacheToGitHubActionsArgsDict: TypeAlias = Mapping[str, Any]
@@ -945,18 +1017,27 @@ class CacheToGitHubActionsArgs:
def __init__(__self__, *,
ignore_error: Optional[pulumi.Input[_builtins.bool]] = None,
mode: Optional[pulumi.Input['CacheMode']] = None,
scope: Optional[pulumi.Input[_builtins.str]] = None):
scope: Optional[pulumi.Input[_builtins.str]] = None,
token: Optional[pulumi.Input[_builtins.str]] = None,
url: Optional[pulumi.Input[_builtins.str]] = None):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
:param pulumi.Input[_builtins.bool] ignore_error: Ignore errors caused by failed cache exports.
:param pulumi.Input['CacheMode'] mode: The cache mode to use. Defaults to `min`.
:param pulumi.Input[_builtins.str] scope: The scope to use for cache keys. Defaults to `buildkit`.
This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other.
:param pulumi.Input[_builtins.str] token: The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
:param pulumi.Input[_builtins.str] url: The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
if ignore_error is None:
ignore_error = False
@@ -970,6 +1051,14 @@ class CacheToGitHubActionsArgs:
scope = 'buildkit'
if scope is not None:
pulumi.set(__self__, "scope", scope)
if token is None:
token = (_utilities.get_env('ACTIONS_RUNTIME_TOKEN') or '')
if token is not None:
pulumi.set(__self__, "token", token)
if url is None:
url = (_utilities.get_env('ACTIONS_CACHE_URL') or '')
if url is not None:
pulumi.set(__self__, "url", url)
@_builtins.property
@pulumi.getter(name="ignoreError")
@@ -1010,6 +1099,39 @@ class CacheToGitHubActionsArgs:
def scope(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "scope", value)
@_builtins.property
@pulumi.getter
def token(self) -> Optional[pulumi.Input[_builtins.str]]:
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "token")
@token.setter
def token(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "token", value)
@_builtins.property
@pulumi.getter
def url(self) -> Optional[pulumi.Input[_builtins.str]]:
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "url")
@url.setter
def url(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "url", value)
if not MYPY:
class CacheToInlineArgsDict(TypedDict):

116
sdk/python/pulumi_docker_build/outputs.py generated
View File

@@ -293,28 +293,39 @@ class CacheFromAzureBlob(dict):
@pulumi.output_type
class CacheFromGitHubActions(dict):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
"""
def __init__(__self__, *,
scope: Optional[_builtins.str] = None):
scope: Optional[_builtins.str] = None,
token: Optional[_builtins.str] = None,
url: Optional[_builtins.str] = None):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
:param _builtins.str scope: The scope to use for cache keys. Defaults to `buildkit`.
This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other.
:param _builtins.str token: The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
:param _builtins.str url: The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
if scope is None:
scope = 'buildkit'
if scope is not None:
pulumi.set(__self__, "scope", scope)
if token is None:
token = (_utilities.get_env('ACTIONS_RUNTIME_TOKEN') or '')
if token is not None:
pulumi.set(__self__, "token", token)
if url is None:
url = (_utilities.get_env('ACTIONS_CACHE_URL') or '')
if url is not None:
pulumi.set(__self__, "url", url)
@_builtins.property
@pulumi.getter
@@ -327,6 +338,31 @@ class CacheFromGitHubActions(dict):
"""
return pulumi.get(self, "scope")
@_builtins.property
@pulumi.getter
def token(self) -> Optional[_builtins.str]:
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "token")
@_builtins.property
@pulumi.getter
def url(self) -> Optional[_builtins.str]:
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "url")
@pulumi.output_type
class CacheFromLocal(dict):
@@ -748,12 +784,6 @@ class CacheToAzureBlob(dict):
@pulumi.output_type
class CacheToGitHubActions(dict):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
"""
@staticmethod
def __key_warning(key: str):
suggest = None
@@ -774,18 +804,27 @@ class CacheToGitHubActions(dict):
def __init__(__self__, *,
ignore_error: Optional[_builtins.bool] = None,
mode: Optional['CacheMode'] = None,
scope: Optional[_builtins.str] = None):
scope: Optional[_builtins.str] = None,
token: Optional[_builtins.str] = None,
url: Optional[_builtins.str] = None):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
:param _builtins.bool ignore_error: Ignore errors caused by failed cache exports.
:param 'CacheMode' mode: The cache mode to use. Defaults to `min`.
:param _builtins.str scope: The scope to use for cache keys. Defaults to `buildkit`.
This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other.
:param _builtins.str token: The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
:param _builtins.str url: The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
if ignore_error is None:
ignore_error = False
@@ -799,6 +838,14 @@ class CacheToGitHubActions(dict):
scope = 'buildkit'
if scope is not None:
pulumi.set(__self__, "scope", scope)
if token is None:
token = (_utilities.get_env('ACTIONS_RUNTIME_TOKEN') or '')
if token is not None:
pulumi.set(__self__, "token", token)
if url is None:
url = (_utilities.get_env('ACTIONS_CACHE_URL') or '')
if url is not None:
pulumi.set(__self__, "url", url)
@_builtins.property
@pulumi.getter(name="ignoreError")
@@ -827,6 +874,31 @@ class CacheToGitHubActions(dict):
"""
return pulumi.get(self, "scope")
@_builtins.property
@pulumi.getter
def token(self) -> Optional[_builtins.str]:
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "token")
@_builtins.property
@pulumi.getter
def url(self) -> Optional[_builtins.str]:
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "url")
@pulumi.output_type
class CacheToInline(dict):