sam_oneal/pulumi-docker-build
1
0
Fork 0
Code Actions Packages Releases Wiki Activity

Compare commits

base: sam_oneal:update-github-actions-workflows-980
Branches Tags
sam_oneal:main sam_oneal:debug-image sam_oneal:renovate/major-pulumi sam_oneal:renovate/security sam_oneal:update-pulumi/26579044728-128 sam_oneal:update-pulumi/26229658565-127 sam_oneal:renovate/major-security sam_oneal:update-pulumi/25497905451-125 sam_oneal:update-github-actions-workflows-1172 sam_oneal:update-pulumi/24511459645-122 sam_oneal:update-pulumi/24191344757-121 sam_oneal:update-pulumi/23901444046-120 sam_oneal:update-pulumi/23595431521-119 sam_oneal:update-pulumi/23295872936-118 sam_oneal:update-github-actions-workflows-704 sam_oneal:update-pulumi/23002983312-117 sam_oneal:update-pulumi/22718886647-116 sam_oneal:update-github-actions-workflows-1114 sam_oneal:update-pulumi/22442999542-115 sam_oneal:update-pulumi/22182641498-114 sam_oneal:update-github-actions-workflows-1092 sam_oneal:update-pulumi/21947465199-113 sam_oneal:iwahhbe/update-dotnet-codegen sam_oneal:update-pulumi/21712281897-112 sam_oneal:update-github-actions-workflows-642 sam_oneal:update-pulumi/21478933959-111 sam_oneal:update-pulumi/21249204200-110 sam_oneal:update-pulumi/21031979833-109 sam_oneal:update-pulumi/20817484855-108 sam_oneal:update-pulumi/20638879280-107 sam_oneal:update-pulumi/20505377620-106 sam_oneal:update-pulumi/20337605127-105 sam_oneal:update-github-actions-workflows-1025 sam_oneal:update-github-actions-workflows-1024 sam_oneal:update-github-actions-workflows-568 sam_oneal:update-github-actions-workflows-1023 sam_oneal:update-github-actions-workflows-1022 sam_oneal:update-github-actions-workflows-1021 sam_oneal:update-github-actions-workflows-1020 sam_oneal:update-github-actions-workflows-1019 sam_oneal:update-pulumi/20133762954-104 sam_oneal:update-github-actions-workflows-1016 sam_oneal:update-github-actions-workflows-1015 sam_oneal:update-github-actions-workflows-1014 sam_oneal:update-github-actions-workflows-1013 sam_oneal:update-github-actions-workflows-1012 sam_oneal:update-github-actions-workflows-1011 sam_oneal:update-pulumi/19929659171-103 sam_oneal:update-github-actions-workflows-1010 sam_oneal:update-github-actions-workflows-1009 sam_oneal:update-github-actions-workflows-1008 sam_oneal:update-github-actions-workflows-1007 sam_oneal:update-github-actions-workflows-1006 sam_oneal:update-github-actions-workflows-1005 sam_oneal:update-github-actions-workflows-1004 sam_oneal:update-github-actions-workflows-1003 sam_oneal:update-pulumi/19736920399-102 sam_oneal:update-github-actions-workflows-1002 sam_oneal:update-github-actions-workflows-1001 sam_oneal:update-github-actions-workflows-1000 sam_oneal:update-pulumi/19537526118-101 sam_oneal:update-pulumi/19332198478-100 sam_oneal:update-github-actions-workflows-985 sam_oneal:update-github-actions-workflows-984 sam_oneal:update-github-actions-workflows-983 sam_oneal:pose/fixes/golangci-lint-upgrade-to-v2 sam_oneal:update-github-actions-workflows-982 sam_oneal:update-github-actions-workflows-981 sam_oneal:update-pulumi/19136291852-99 sam_oneal:update-github-actions-workflows-980 sam_oneal:update-github-actions-workflows-979 sam_oneal:update-github-actions-workflows-978 sam_oneal:update-github-actions-workflows-977 sam_oneal:update-github-actions-workflows-976 sam_oneal:update-github-actions-workflows-975 sam_oneal:update-github-actions-workflows-974 sam_oneal:update-pulumi/18941265690-98 sam_oneal:update-github-actions-workflows-973 sam_oneal:update-github-actions-workflows-972 sam_oneal:update-github-actions-workflows-971 sam_oneal:update-github-actions-workflows-970 sam_oneal:update-github-actions-workflows-969 sam_oneal:update-github-actions-workflows-965 sam_oneal:update-pulumi/18748991289-97 sam_oneal:update-pulumi/18561908881-96 sam_oneal:update-pulumi/18376962578-95 sam_oneal:update-pulumi/18193512866-94 sam_oneal:update-github-actions-workflows-552 sam_oneal:update-github-actions-workflows-548 sam_oneal:update-github-actions-workflows-546 sam_oneal:update-pulumi/18008090346-93 sam_oneal:update-pulumi/17829264550-92 sam_oneal:update-pulumi/17645108435-91 sam_oneal:update-github-actions-workflows-920 sam_oneal:update-github-actions-workflows-913 sam_oneal:update-github-actions-workflows-912 sam_oneal:update-github-actions-workflows-911 sam_oneal:update-github-actions-workflows-910 sam_oneal:update-pulumi/17296416183-89 sam_oneal:update-pulumi/17127477815-88 sam_oneal:update-github-actions-workflows-889 sam_oneal:update-github-actions-workflows-493 sam_oneal:blampe/json-keys sam_oneal:update-pulumi/16497427062-83 sam_oneal:blampe/go-provider-bracket sam_oneal:update-github-actions-workflows-784 sam_oneal:update-pulumi/14642101166-70 sam_oneal:adopt-ci-mgmt sam_oneal:mise sam_oneal:blampe/gha-token sam_oneal:iwahbe/upgrade-go-provider sam_oneal:ci
sam_oneal:v0.0.19 sam_oneal:sdk/go/dockerbuild/v0.0.18 sam_oneal:v0.0.18 sam_oneal:sdk/go/dockerbuild/v0.0.17 sam_oneal:v0.0.17 sam_oneal:sdk/go/dockerbuild/v0.0.16 sam_oneal:v0.0.16 sam_oneal:sdk/go/dockerbuild/v0.0.15 sam_oneal:v0.0.15 sam_oneal:sdk/go/dockerbuild/v0.0.14 sam_oneal:v0.0.14 sam_oneal:sdk/go/dockerbuild/v0.0.13 sam_oneal:v0.0.13 sam_oneal:sdk/go/dockerbuild/v0.0.12 sam_oneal:v0.0.12 sam_oneal:sdk/go/dockerbuild/v0.0.11 sam_oneal:v0.0.11 sam_oneal:sdk/go/dockerbuild/v0.0.10 sam_oneal:v0.0.10 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.99 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.100 sam_oneal:v0.0.1-alpha.100 sam_oneal:v0.0.1-testwindows.signing sam_oneal:sdk/go/dockerbuild/v0.0.9 sam_oneal:v0.0.9 sam_oneal:sdk/go/dockerbuild/v0.0.8 sam_oneal:v0.0.8 sam_oneal:sdk/go/dockerbuild/v0.0.7 sam_oneal:v0.0.7 sam_oneal:sdk/go/dockerbuild/v0.0.6 sam_oneal:v0.0.6 sam_oneal:sdk/go/dockerbuild/v0.0.5 sam_oneal:v0.0.5 sam_oneal:sdk/go/dockerbuild/v0.0.4 sam_oneal:v0.0.4 sam_oneal:sdk/go/dockerbuild/v0.0.3 sam_oneal:sdk/v0.0.3 sam_oneal:v0.0.3 sam_oneal:v0.0.2 sam_oneal:sdk/v0.0.2 sam_oneal:sdk/v0.0.1 sam_oneal:v0.0.1 sam_oneal:v0.0.1-alpha.3 sam_oneal:v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.1 sam_oneal:v0.0.1-alpha.1
..
compare: sam_oneal:update-github-actions-workflows-910
Branches Tags
sam_oneal:debug-image sam_oneal:renovate/major-pulumi sam_oneal:renovate/security sam_oneal:main sam_oneal:update-pulumi/26579044728-128 sam_oneal:update-pulumi/26229658565-127 sam_oneal:renovate/major-security sam_oneal:update-pulumi/25497905451-125 sam_oneal:update-github-actions-workflows-1172 sam_oneal:update-pulumi/24511459645-122 sam_oneal:update-pulumi/24191344757-121 sam_oneal:update-pulumi/23901444046-120 sam_oneal:update-pulumi/23595431521-119 sam_oneal:update-pulumi/23295872936-118 sam_oneal:update-github-actions-workflows-704 sam_oneal:update-pulumi/23002983312-117 sam_oneal:update-pulumi/22718886647-116 sam_oneal:update-github-actions-workflows-1114 sam_oneal:update-pulumi/22442999542-115 sam_oneal:update-pulumi/22182641498-114 sam_oneal:update-github-actions-workflows-1092 sam_oneal:update-pulumi/21947465199-113 sam_oneal:iwahhbe/update-dotnet-codegen sam_oneal:update-pulumi/21712281897-112 sam_oneal:update-github-actions-workflows-642 sam_oneal:update-pulumi/21478933959-111 sam_oneal:update-pulumi/21249204200-110 sam_oneal:update-pulumi/21031979833-109 sam_oneal:update-pulumi/20817484855-108 sam_oneal:update-pulumi/20638879280-107 sam_oneal:update-pulumi/20505377620-106 sam_oneal:update-pulumi/20337605127-105 sam_oneal:update-github-actions-workflows-1025 sam_oneal:update-github-actions-workflows-1024 sam_oneal:update-github-actions-workflows-568 sam_oneal:update-github-actions-workflows-1023 sam_oneal:update-github-actions-workflows-1022 sam_oneal:update-github-actions-workflows-1021 sam_oneal:update-github-actions-workflows-1020 sam_oneal:update-github-actions-workflows-1019 sam_oneal:update-pulumi/20133762954-104 sam_oneal:update-github-actions-workflows-1016 sam_oneal:update-github-actions-workflows-1015 sam_oneal:update-github-actions-workflows-1014 sam_oneal:update-github-actions-workflows-1013 sam_oneal:update-github-actions-workflows-1012 sam_oneal:update-github-actions-workflows-1011 sam_oneal:update-pulumi/19929659171-103 sam_oneal:update-github-actions-workflows-1010 sam_oneal:update-github-actions-workflows-1009 sam_oneal:update-github-actions-workflows-1008 sam_oneal:update-github-actions-workflows-1007 sam_oneal:update-github-actions-workflows-1006 sam_oneal:update-github-actions-workflows-1005 sam_oneal:update-github-actions-workflows-1004 sam_oneal:update-github-actions-workflows-1003 sam_oneal:update-pulumi/19736920399-102 sam_oneal:update-github-actions-workflows-1002 sam_oneal:update-github-actions-workflows-1001 sam_oneal:update-github-actions-workflows-1000 sam_oneal:update-pulumi/19537526118-101 sam_oneal:update-pulumi/19332198478-100 sam_oneal:update-github-actions-workflows-985 sam_oneal:update-github-actions-workflows-984 sam_oneal:update-github-actions-workflows-983 sam_oneal:pose/fixes/golangci-lint-upgrade-to-v2 sam_oneal:update-github-actions-workflows-982 sam_oneal:update-github-actions-workflows-981 sam_oneal:update-pulumi/19136291852-99 sam_oneal:update-github-actions-workflows-980 sam_oneal:update-github-actions-workflows-979 sam_oneal:update-github-actions-workflows-978 sam_oneal:update-github-actions-workflows-977 sam_oneal:update-github-actions-workflows-976 sam_oneal:update-github-actions-workflows-975 sam_oneal:update-github-actions-workflows-974 sam_oneal:update-pulumi/18941265690-98 sam_oneal:update-github-actions-workflows-973 sam_oneal:update-github-actions-workflows-972 sam_oneal:update-github-actions-workflows-971 sam_oneal:update-github-actions-workflows-970 sam_oneal:update-github-actions-workflows-969 sam_oneal:update-github-actions-workflows-965 sam_oneal:update-pulumi/18748991289-97 sam_oneal:update-pulumi/18561908881-96 sam_oneal:update-pulumi/18376962578-95 sam_oneal:update-pulumi/18193512866-94 sam_oneal:update-github-actions-workflows-552 sam_oneal:update-github-actions-workflows-548 sam_oneal:update-github-actions-workflows-546 sam_oneal:update-pulumi/18008090346-93 sam_oneal:update-pulumi/17829264550-92 sam_oneal:update-pulumi/17645108435-91 sam_oneal:update-github-actions-workflows-920 sam_oneal:update-github-actions-workflows-913 sam_oneal:update-github-actions-workflows-912 sam_oneal:update-github-actions-workflows-911 sam_oneal:update-github-actions-workflows-910 sam_oneal:update-pulumi/17296416183-89 sam_oneal:update-pulumi/17127477815-88 sam_oneal:update-github-actions-workflows-889 sam_oneal:update-github-actions-workflows-493 sam_oneal:blampe/json-keys sam_oneal:update-pulumi/16497427062-83 sam_oneal:blampe/go-provider-bracket sam_oneal:update-github-actions-workflows-784 sam_oneal:update-pulumi/14642101166-70 sam_oneal:adopt-ci-mgmt sam_oneal:mise sam_oneal:blampe/gha-token sam_oneal:iwahbe/upgrade-go-provider sam_oneal:ci
sam_oneal:v0.0.19 sam_oneal:sdk/go/dockerbuild/v0.0.18 sam_oneal:v0.0.18 sam_oneal:sdk/go/dockerbuild/v0.0.17 sam_oneal:v0.0.17 sam_oneal:sdk/go/dockerbuild/v0.0.16 sam_oneal:v0.0.16 sam_oneal:sdk/go/dockerbuild/v0.0.15 sam_oneal:v0.0.15 sam_oneal:sdk/go/dockerbuild/v0.0.14 sam_oneal:v0.0.14 sam_oneal:sdk/go/dockerbuild/v0.0.13 sam_oneal:v0.0.13 sam_oneal:sdk/go/dockerbuild/v0.0.12 sam_oneal:v0.0.12 sam_oneal:sdk/go/dockerbuild/v0.0.11 sam_oneal:v0.0.11 sam_oneal:sdk/go/dockerbuild/v0.0.10 sam_oneal:v0.0.10 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.101 sam_oneal:v0.0.1-alpha.99 sam_oneal:sdk/go/dockerbuild/v0.0.1-alpha.100 sam_oneal:v0.0.1-alpha.100 sam_oneal:v0.0.1-testwindows.signing sam_oneal:sdk/go/dockerbuild/v0.0.9 sam_oneal:v0.0.9 sam_oneal:sdk/go/dockerbuild/v0.0.8 sam_oneal:v0.0.8 sam_oneal:sdk/go/dockerbuild/v0.0.7 sam_oneal:v0.0.7 sam_oneal:sdk/go/dockerbuild/v0.0.6 sam_oneal:v0.0.6 sam_oneal:sdk/go/dockerbuild/v0.0.5 sam_oneal:v0.0.5 sam_oneal:sdk/go/dockerbuild/v0.0.4 sam_oneal:v0.0.4 sam_oneal:sdk/go/dockerbuild/v0.0.3 sam_oneal:sdk/v0.0.3 sam_oneal:v0.0.3 sam_oneal:v0.0.2 sam_oneal:sdk/v0.0.2 sam_oneal:sdk/v0.0.1 sam_oneal:v0.0.1 sam_oneal:v0.0.1-alpha.3 sam_oneal:v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.2 sam_oneal:sdk/v0.0.1-alpha.1 sam_oneal:v0.0.1-alpha.1

1 Commits
update-git ... update-git

Author SHA1 Message Date
Pulumi Bot
613dffd366 [internal] Update GitHub Actions workflow files 2025-09-01 05:35:15 +00:00
52 changed files with 1644 additions and 1607 deletions
Expand all files Collapse all files

35
.ci-mgmt.yaml
View File

@@ -4,26 +4,23 @@ major-version: 0
providerDefaultBranch: main providerDefaultBranch: main
providerVersion: github.com/pulumi/pulumi-docker-build/provider.Version providerVersion: github.com/pulumi/pulumi-docker-build/provider.Version
aws: true aws: true
modulePath: .
gcp: true gcp: true
sdkModuleDir: sdk/go/dockerbuild sdkModuleDir: sdk/go/dockerbuild
parallel: 3 parallel: 3
esc:
enabled: true
envOverride: envOverride:
AWS_REGION: us-west-2 AWS_REGION: us-west-2
PULUMI_API: "https://api.pulumi-staging.io" PULUMI_API: "https://api.pulumi-staging.io"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
AZURE_LOCATION: westus AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812 GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1 GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a GOOGLE_ZONE: us-central1-a
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}

87
.config/mise.lock
View File

@@ -1,87 +0,0 @@
[[tools.dotnet]]
version = "8.0.414"
backend = "asdf:dotnet"
[[tools."github:pulumi/pulumictl"]]
version = "0.0.50"
backend = "github:pulumi/pulumictl"
[tools."github:pulumi/pulumictl".platforms.linux-x64]
checksum = "blake3:c128dd74993f779c613296fe7cd21c20cbd323f24e59cb76e007620660b60348"
name = "pulumictl-v0.0.50-linux-amd64.tar.gz"
size = 27744219
url = "https://github.com/pulumi/pulumictl/releases/download/v0.0.50/pulumictl-v0.0.50-linux-amd64.tar.gz"
url_api = ""
[[tools."github:pulumi/schema-tools"]]
version = "0.6.0"
backend = "github:pulumi/schema-tools"
[tools."github:pulumi/schema-tools".platforms.linux-x64]
checksum = "blake3:82dfe616fee18b4258f6e3d2dc3c4e9f14afd43a0a4cc33eff2d2a04088d6ca3"
name = "schema-tools-v0.6.0-linux-amd64.tar.gz"
size = 14282746
url = "https://github.com/pulumi/schema-tools/releases/download/v0.6.0/schema-tools-v0.6.0-linux-amd64.tar.gz"
url_api = ""
[[tools.go]]
version = "1.24.1"
backend = "core:go"
[tools.go.platforms.linux-x64]
checksum = "sha256:cb2396bae64183cdccf81a9a6df0aea3bce9511fc21469fb89a0c00470088073"
size = 78503123
url = "https://dl.google.com/go/go1.24.1.linux-amd64.tar.gz"
[[tools.golangci-lint]]
version = "1.64.8"
backend = "aqua:golangci/golangci-lint"
[tools.golangci-lint.platforms.linux-x64]
checksum = "sha256:b6270687afb143d019f387c791cd2a6f1cb383be9b3124d241ca11bd3ce2e54e"
size = 12364828
url = "https://github.com/golangci/golangci-lint/releases/download/v1.64.8/golangci-lint-1.64.8-linux-amd64.tar.gz"
[[tools.gradle]]
version = "7.6.6"
backend = "aqua:gradle/gradle"
[tools.gradle.platforms.linux-x64]
checksum = "blake3:5cad8fc455b720b68a0bd2907d435e2919581708243f84f27845fe8812a09323"
size = 128439774
url = "https://github.com/gradle/gradle-distributions/releases/download/v7.6.6/gradle-7.6.6-bin.zip"
[[tools.java]]
version = "corretto-11.0.28.6.1"
backend = "core:java"
[tools.java.platforms.linux-x64]
checksum = "sha256:70734c46e0bbeb7f45b721756ba0b2f1f1e1ef85a11e10d5a488f06b257dadd9"
size = 195648709
url = "https://corretto.aws/downloads/resources/11.0.28.6.1/amazon-corretto-11.0.28.6.1-linux-x64.tar.gz"
[[tools.node]]
version = "20.19.5"
backend = "core:node"
[tools.node.platforms.linux-x64]
checksum = "sha256:4eba5fbe1fb10753bc06e42f001a91c5cec16798b7764a3e9257adc59af47fe1"
size = 47041607
url = "https://nodejs.org/dist/v20.19.5/node-v20.19.5-linux-x64.tar.gz"
[[tools."npm:yarn"]]
version = "1.22.22"
backend = "npm:yarn"
[[tools.pulumi]]
version = "3.192.0"
backend = "aqua:pulumi/pulumi"
[tools.pulumi.platforms.linux-x64]
checksum = "sha512:6351213bee02ade5b76407d9b43cdb243fa461ca38231b03410de5aa1f697e55ab6467da2a9e37ebbff7be6cd3485d833e9ad8f29d4de6919bbdd471fb25e45a"
size = 92867578
url = "https://github.com/pulumi/pulumi/releases/download/v3.192.0/pulumi-v3.192.0-linux-x64.tar.gz"
[[tools.python]]
version = "3.11.8"
backend = "core:python"

11
.config/mise.test.toml
View File

@@ -1,11 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
# Overrides for test workflows
[env]
# Acceptance (specifically providertest) tests require that PULUMI_HOME be the default
PULUMI_HOME = "{{ env.HOME }}/.pulumi"
[tools]
# always use pulumi latest for tests
pulumi = "latest"

28
.config/mise.toml
View File

@@ -1,28 +0,0 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
# You can create your own root-level mise.toml file to override/augment this. See https://mise.jdx.dev/configuration.html
[env]
_.source = "{{config_root}}/scripts/get-versions.sh"
[tools]
# Runtimes
# TODO: we may not need `get_env` once https://github.com/jdx/mise/discussions/6339 is fixed
go = "{{ get_env(name='GO_VERSION_MISE', default='latest') }}"
node = '20.19.5'
python = '3.11.8'
dotnet = '8.0.414'
# Corretto version used as Java SE/OpenJDK version no longer offered
java = 'corretto-11'
# Executable tools
pulumi = "{{ get_env(name='PULUMI_VERSION_MISE', default='latest') }}"
"github:pulumi/pulumictl" = 'latest'
"github:pulumi/schema-tools" = "latest"
gradle = '7.6'
golangci-lint = "1.64.8" # See note about about overrides if you need to customize this.
"npm:yarn" = "1.22.22"
[settings]
experimental = true # Required for Go binaries (e.g. pulumictl).
lockfile = true

2
.github/actions/esc-action/index.js vendored
View File

@@ -5,7 +5,7 @@ var stream = fs.createWriteStream(file, { flags: "a" });
for (const [name, value] of Object.entries(process.env)) { for (const [name, value] of Object.entries(process.env)) {
try { try {
stream.write(`${name}<<EEEOOOFFF\n${value}\nEEEOOOFFF\n`); // << syntax accommodates multiline strings. stream.write(`${name}=${value}\n`);
} catch (err) { } catch (err) {
console.log(`error: failed to set output for ${name}: ${err.message}`); console.log(`error: failed to set output for ${name}: ${err.message}`);
} }

217
.github/workflows/build.yml vendored
View File

@@ -16,17 +16,22 @@ on:
workflow_dispatch: {} workflow_dispatch: {}
env: env:
PROVIDER: docker-build PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x" GOVERSION: "1.21.x"
NODEVERSION: "20.x" NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8" PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x" DOTNETVERSION: "8.0.x"
JAVAVERSION: "11" JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2 AWS_REGION: us-west-2
AZURE_LOCATION: westus AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -35,28 +40,15 @@ env:
GOOGLE_REGION: us-central1 GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io PULUMI_API: https://api.pulumi-staging.io
jobs: jobs:
prerequisites: prerequisites:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: prerequisites name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -74,7 +66,7 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- if: github.event_name == 'pull_request' - if: github.event_name == 'pull_request'
name: Install Schema Tools name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -95,7 +87,7 @@ jobs:
echo 'EOF'; echo 'EOF';
} >> "$GITHUB_ENV" } >> "$GITHUB_ENV"
env: env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' - if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
@@ -125,7 +117,6 @@ jobs:
sdk/go/**/pulumiUtilities.go sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json sdk/nodejs/package.json
sdk/python/pyproject.toml sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate - name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' && if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name == contains(github.actor, 'renovate') && github.event_name ==
@@ -171,7 +162,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702 # workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env: env:
HEAD_REF: ${{ github.head_ref }} HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain - run: git status --porcelain
@@ -180,21 +171,16 @@ jobs:
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
pulumi-gen-${{ env.PROVIDER}} pulumi-gen-${{ env.PROVIDER}}
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with: with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin/provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library - name: Test Provider Library
run: make test_provider run: make test_provider
env:
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov - name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
env: env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }} CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push' - if: failure() && github.event_name == 'push'
name: Notify Slack name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -203,7 +189,7 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
build_sdks: build_sdks:
needs: prerequisites needs: prerequisites
runs-on: pulumi-ubuntu-8core runs-on: pulumi-ubuntu-8core
@@ -217,23 +203,11 @@ jobs:
- go - go
- java - java
name: build_sdks name: build_sdks
permissions:
pull-requests: write # For Renovate SDK updates.
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -251,18 +225,18 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node - name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version: ${{ env.NODEVERSION }} node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
- name: Setup DotNet - name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with: with:
dotnet-version: ${{ env.DOTNETVERSION }} dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python - name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with: with:
python-version: ${{ env.PYTHONVERSION }} python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java - name: Setup Java
@@ -272,11 +246,11 @@ jobs:
distribution: temurin distribution: temurin
cache: gradle cache: gradle
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Download provider - name: Download provider
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin path: ${{ github.workspace }}/bin
@@ -301,7 +275,6 @@ jobs:
sdk/go/**/pulumiUtilities.go sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json sdk/nodejs/package.json
sdk/python/pyproject.toml sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate - name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' && if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name == contains(github.actor, 'renovate') && github.event_name ==
@@ -347,14 +320,14 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702 # workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env: env:
HEAD_REF: ${{ github.head_ref }} HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain - run: git status --porcelain
- name: Tar SDK folder - name: Tar SDK folder
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with: with:
name: ${{ matrix.language }}-sdk.tar.gz name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
@@ -367,29 +340,13 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
tag_release_if_labeled_needs_release: tag_release_if_labeled_needs_release:
name: Tag release if labeled as needs-release name: Tag release if labeled as needs-release
needs: publish needs: publish
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: check if this commit needs release - name: check if this commit needs release
if: ${{ env.RELEASE_BOT_ENDPOINT != '' }} if: ${{ env.RELEASE_BOT_ENDPOINT != '' }}
uses: pulumi/action-release-by-pr-label@main uses: pulumi/action-release-by-pr-label@main
@@ -397,10 +354,10 @@ jobs:
command: "release-if-needed" command: "release-if-needed"
repo: ${{ github.repository }} repo: ${{ github.repository }}
commit: ${{ github.sha }} commit: ${{ github.sha }}
slack_channel: C02MGR8JVST slack_channel: ${{ secrets.RELEASE_OPS_SLACK_CHANNEL }}
env: env:
RELEASE_BOT_ENDPOINT: ${{ steps.esc-secrets.outputs.RELEASE_BOT_ENDPOINT }} RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ steps.esc-secrets.outputs.RELEASE_BOT_KEY }} RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
test: test:
@@ -420,21 +377,12 @@ jobs:
name: test name: test
permissions: permissions:
contents: read contents: read
id-token: write # For ESC secrets and Pulumi access token OIDC. id-token: write
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -452,18 +400,18 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node - name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version: ${{ env.NODEVERSION }} node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
- name: Setup DotNet - name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with: with:
dotnet-version: ${{ env.DOTNETVERSION }} dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python - name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with: with:
python-version: ${{ env.PYTHONVERSION }} python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java - name: Setup Java
@@ -473,11 +421,11 @@ jobs:
distribution: temurin distribution: temurin
cache: gradle cache: gradle
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Download provider - name: Download provider
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin path: ${{ github.workspace }}/bin
@@ -489,7 +437,7 @@ jobs:
-exec chmod +x {} \; -exec chmod +x {} \;
- name: Download SDK - name: Download SDK
if: ${{ matrix.language != 'yaml' }} if: ${{ matrix.language != 'yaml' }}
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: ${{ matrix.language }}-sdk.tar.gz name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -523,7 +471,7 @@ jobs:
with: with:
environment: logins/pulumi-ci environment: logins/pulumi-ci
- name: Authenticate to Google Cloud - name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
with: with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{ }}/locations/global/workloadIdentityPools/${{
@@ -531,7 +479,7 @@ jobs:
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth - name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368 # v3.0.0
with: with:
install_components: gke-gcloud-auth-plugin install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt - name: Install gotestfmt
@@ -544,8 +492,6 @@ jobs:
set -euo pipefail set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push' - if: failure() && github.event_name == 'push'
name: Notify Slack name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -554,28 +500,16 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish: publish:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: test needs: test
name: publish name: publish
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -602,27 +536,27 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Configure AWS Credentials - name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
with: with:
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2 aws-region: us-east-2
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200 role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release role-external-id: upload-pulumi-release
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }} role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser - name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
env: env:
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }} GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }} AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }} AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }} AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }} AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' && secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID == '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
with: with:
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
version: latest version: latest
@@ -634,28 +568,16 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish_sdk: publish_sdk:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: publish needs: publish
name: publish_sdk name: publish_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -679,22 +601,22 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node - name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version: ${{ env.NODEVERSION }} node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
- name: Setup DotNet - name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with: with:
dotnet-version: ${{ env.DOTNETVERSION }} dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python - name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with: with:
python-version: ${{ env.PYTHONVERSION }} python-version: ${{ env.PYTHONVERSION }}
- name: Download python SDK - name: Download python SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: python-sdk.tar.gz name: python-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -702,7 +624,7 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
${{github.workspace}}/sdk/python ${{github.workspace}}/sdk/python
- name: Download dotnet SDK - name: Download dotnet SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: dotnet-sdk.tar.gz name: dotnet-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -710,7 +632,7 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
${{github.workspace}}/sdk/dotnet ${{github.workspace}}/sdk/dotnet
- name: Download nodejs SDK - name: Download nodejs SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: nodejs-sdk.tar.gz name: nodejs-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -722,16 +644,16 @@ jobs:
- name: Publish SDKs - name: Publish SDKs
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
env: env:
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
PYPI_PUBLISH_ARTIFACTS: all PYPI_PUBLISH_ARTIFACTS: all
PYPI_USERNAME: __token__ PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }} PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }} SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
- if: failure() && github.event_name == 'push' - if: failure() && github.event_name == 'push'
name: Notify Slack name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -740,7 +662,7 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
lint: lint:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@@ -762,7 +684,8 @@ jobs:
uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2 uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2
with: with:
version: ${{ env.GOLANGCI_LINT_VERSION }} version: ${{ env.GOLANGCI_LINT_VERSION }}
working-directory: . args: -c ../.golangci.yml
working-directory: provider
name: lint name: lint
if: github.event_name == 'repository_dispatch' || if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository github.event.pull_request.head.repo.full_name == github.repository

20
.github/workflows/command-dispatch.yml vendored
View File

@@ -2,10 +2,13 @@
env: env:
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2 AWS_REGION: us-west-2
AZURE_LOCATION: westus AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -14,28 +17,15 @@ env:
GOOGLE_REGION: us-central1 GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io PULUMI_API: https://api.pulumi-staging.io
jobs: jobs:
command-dispatch-for-testing: command-dispatch-for-testing:
name: command-dispatch-for-testing name: command-dispatch-for-testing
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4 - uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4
with: with:
commands: | commands: |
@@ -45,7 +35,7 @@ jobs:
permission: write permission: write
reaction-token: ${{ secrets.GITHUB_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }}
repository: pulumi/pulumi-docker-build repository: pulumi/pulumi-docker-build
token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} token: ${{ secrets.PULUMI_BOT_TOKEN }}
name: command-dispatch name: command-dispatch
on: on:
issue_comment: issue_comment:

2
.github/workflows/comment-on-stale-issues.yml vendored
View File

@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Stale issue job name: Stale issue job
steps: steps:
- uses: aws-actions/stale-issue-cleanup@5650b49bcd757a078f6ca06c373d7807b773f9bc # v7.1.0 - uses: aws-actions/stale-issue-cleanup@5650b49bcd757a078f6ca06c373d7807b773f9bc #v7.1.0
with: with:
issue-types: issues # only look at issues (ignore pull-requests) issue-types: issues # only look at issues (ignore pull-requests)

2
.github/workflows/community-moderation.yml vendored
View File

@@ -1,5 +1,7 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt # WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs: jobs:
warn_codegen: warn_codegen:
name: warn_codegen name: warn_codegen

2
.github/workflows/export-repo-secrets.yml vendored
View File

@@ -13,7 +13,7 @@ jobs:
app-id: 1256780 # Export Secrets GitHub App app-id: 1256780 # Export Secrets GitHub App
private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }} private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }}
- name: Export secrets to ESC - name: Export secrets to ESC
uses: pulumi/esc-export-secrets-action@9d6485759b6adff2538ae91f1b77cc96265c9dad # v1 uses: pulumi/esc-export-secrets-action@v1
with: with:
organization: pulumi organization: pulumi
org-environment: imports/github-secrets org-environment: imports/github-secrets

213
.github/workflows/prerelease.yml vendored
View File

@@ -7,17 +7,22 @@ on:
- v*.*.*-** - v*.*.*-**
env: env:
PROVIDER: docker-build PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x" GOVERSION: "1.21.x"
NODEVERSION: "20.x" NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8" PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x" DOTNETVERSION: "8.0.x"
JAVAVERSION: "11" JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2 AWS_REGION: us-west-2
AZURE_LOCATION: westus AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -27,7 +32,6 @@ env:
GOOGLE_ZONE: us-central1-a GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io PULUMI_API: https://api.pulumi-staging.io
IS_PRERELEASE: true IS_PRERELEASE: true
jobs: jobs:
prerequisites: prerequisites:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -36,16 +40,7 @@ jobs:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -63,7 +58,7 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- if: github.event_name == 'pull_request' - if: github.event_name == 'pull_request'
name: Install Schema Tools name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -84,7 +79,7 @@ jobs:
echo 'EOF'; echo 'EOF';
} >> "$GITHUB_ENV" } >> "$GITHUB_ENV"
env: env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' - if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
@@ -114,7 +109,6 @@ jobs:
sdk/go/**/pulumiUtilities.go sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json sdk/nodejs/package.json
sdk/python/pyproject.toml sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate - name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' && if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name == contains(github.actor, 'renovate') && github.event_name ==
@@ -160,7 +154,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702 # workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env: env:
HEAD_REF: ${{ github.head_ref }} HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain - run: git status --porcelain
@@ -169,21 +163,16 @@ jobs:
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
pulumi-gen-${{ env.PROVIDER}} pulumi-gen-${{ env.PROVIDER}}
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with: with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin/provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library - name: Test Provider Library
run: make test_provider run: make test_provider
env:
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov - name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
env: env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }} CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push' - if: failure() && github.event_name == 'push'
name: Notify Slack name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -192,7 +181,7 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
build_sdks: build_sdks:
needs: prerequisites needs: prerequisites
runs-on: pulumi-ubuntu-8core runs-on: pulumi-ubuntu-8core
@@ -206,23 +195,11 @@ jobs:
- go - go
- java - java
name: build_sdks name: build_sdks
permissions:
pull-requests: write # For Renovate SDK updates.
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -240,18 +217,18 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node - name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version: ${{ env.NODEVERSION }} node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
- name: Setup DotNet - name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with: with:
dotnet-version: ${{ env.DOTNETVERSION }} dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python - name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with: with:
python-version: ${{ env.PYTHONVERSION }} python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java - name: Setup Java
@@ -261,11 +238,11 @@ jobs:
distribution: temurin distribution: temurin
cache: gradle cache: gradle
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Download provider - name: Download provider
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin path: ${{ github.workspace }}/bin
@@ -290,7 +267,6 @@ jobs:
sdk/go/**/pulumiUtilities.go sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json sdk/nodejs/package.json
sdk/python/pyproject.toml sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit ${{ matrix.language }} SDK changes for Renovate - name: Commit ${{ matrix.language }} SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' && if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name == contains(github.actor, 'renovate') && github.event_name ==
@@ -336,14 +312,14 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702 # workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env: env:
HEAD_REF: ${{ github.head_ref }} HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain - run: git status --porcelain
- name: Tar SDK folder - name: Tar SDK folder
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with: with:
name: ${{ matrix.language }}-sdk.tar.gz name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
@@ -355,7 +331,7 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
test: test:
runs-on: pulumi-ubuntu-8core runs-on: pulumi-ubuntu-8core
needs: needs:
@@ -373,21 +349,12 @@ jobs:
name: test name: test
permissions: permissions:
contents: read contents: read
id-token: write # For ESC secrets and Pulumi access token OIDC. id-token: write
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -405,18 +372,18 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node - name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version: ${{ env.NODEVERSION }} node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
- name: Setup DotNet - name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with: with:
dotnet-version: ${{ env.DOTNETVERSION }} dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python - name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with: with:
python-version: ${{ env.PYTHONVERSION }} python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java - name: Setup Java
@@ -426,11 +393,11 @@ jobs:
distribution: temurin distribution: temurin
cache: gradle cache: gradle
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Download provider - name: Download provider
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin path: ${{ github.workspace }}/bin
@@ -442,7 +409,7 @@ jobs:
-exec chmod +x {} \; -exec chmod +x {} \;
- name: Download SDK - name: Download SDK
if: ${{ matrix.language != 'yaml' }} if: ${{ matrix.language != 'yaml' }}
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: ${{ matrix.language }}-sdk.tar.gz name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -476,7 +443,7 @@ jobs:
with: with:
environment: logins/pulumi-ci environment: logins/pulumi-ci
- name: Authenticate to Google Cloud - name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
with: with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{ }}/locations/global/workloadIdentityPools/${{
@@ -484,7 +451,7 @@ jobs:
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth - name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368 # v3.0.0
with: with:
install_components: gke-gcloud-auth-plugin install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt - name: Install gotestfmt
@@ -497,8 +464,6 @@ jobs:
set -euo pipefail set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push' - if: failure() && github.event_name == 'push'
name: Notify Slack name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -507,28 +472,16 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish: publish:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: test needs: test
name: publish name: publish
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -555,27 +508,27 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Configure AWS Credentials - name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
with: with:
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2 aws-region: us-east-2
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200 role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release role-external-id: upload-pulumi-release
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }} role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser - name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
env: env:
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }} GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }} AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }} AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }} AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }} AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' && secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID == '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
with: with:
args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s
version: latest version: latest
@@ -587,28 +540,16 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish_sdk: publish_sdk:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: publish needs: publish
name: publish_sdk name: publish_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -632,22 +573,22 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node - name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version: ${{ env.NODEVERSION }} node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
- name: Setup DotNet - name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with: with:
dotnet-version: ${{ env.DOTNETVERSION }} dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python - name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with: with:
python-version: ${{ env.PYTHONVERSION }} python-version: ${{ env.PYTHONVERSION }}
- name: Download python SDK - name: Download python SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: python-sdk.tar.gz name: python-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -655,7 +596,7 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
${{github.workspace}}/sdk/python ${{github.workspace}}/sdk/python
- name: Download dotnet SDK - name: Download dotnet SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: dotnet-sdk.tar.gz name: dotnet-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -663,7 +604,7 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
${{github.workspace}}/sdk/dotnet ${{github.workspace}}/sdk/dotnet
- name: Download nodejs SDK - name: Download nodejs SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: nodejs-sdk.tar.gz name: nodejs-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -675,11 +616,11 @@ jobs:
- name: Publish SDKs - name: Publish SDKs
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
env: env:
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
PYPI_PUBLISH_ARTIFACTS: all PYPI_PUBLISH_ARTIFACTS: all
PYPI_USERNAME: __token__ PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }} PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
- if: failure() && github.event_name == 'push' - if: failure() && github.event_name == 'push'
name: Notify Slack name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -688,29 +629,17 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish_java_sdk: publish_java_sdk:
runs-on: ubuntu-latest runs-on: ubuntu-latest
continue-on-error: true continue-on-error: true
needs: publish needs: publish
name: publish_java_sdk name: publish_java_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -728,7 +657,7 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Java - name: Setup Java
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with: with:
@@ -736,11 +665,11 @@ jobs:
distribution: temurin distribution: temurin
cache: gradle cache: gradle
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Download java SDK - name: Download java SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: java-sdk.tar.gz name: java-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -748,18 +677,18 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
${{github.workspace}}/sdk/java ${{github.workspace}}/sdk/java
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Publish Java SDK - name: Publish Java SDK
run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository
env: env:
PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }} PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }}
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }} SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
publish_go_sdk: publish_go_sdk:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: publish-go-sdk name: publish-go-sdk
@@ -777,7 +706,7 @@ jobs:
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download go SDK - name: Download go SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: go-sdk.tar.gz name: go-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/

28
.github/workflows/pull-request.yml vendored
View File

@@ -3,7 +3,33 @@
name: pull-request name: pull-request
on: on:
pull_request_target: {} pull_request_target: {}
env:
PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x"
NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x"
JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2
AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: "895284651812"
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io
jobs: jobs:
comment-on-pr: comment-on-pr:
runs-on: ubuntu-latest runs-on: ubuntu-latest

234
.github/workflows/release.yml vendored
View File

@@ -8,17 +8,22 @@ on:
- "!v*.*.*-**" - "!v*.*.*-**"
env: env:
PROVIDER: docker-build PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x" GOVERSION: "1.21.x"
NODEVERSION: "20.x" NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8" PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x" DOTNETVERSION: "8.0.x"
JAVAVERSION: "11" JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2 AWS_REGION: us-west-2
AZURE_LOCATION: westus AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -27,28 +32,15 @@ env:
GOOGLE_REGION: us-central1 GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io PULUMI_API: https://api.pulumi-staging.io
jobs: jobs:
prerequisites: prerequisites:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: prerequisites name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -66,7 +58,7 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- if: github.event_name == 'pull_request' - if: github.event_name == 'pull_request'
name: Install Schema Tools name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -87,7 +79,7 @@ jobs:
echo 'EOF'; echo 'EOF';
} >> "$GITHUB_ENV" } >> "$GITHUB_ENV"
env: env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' - if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
@@ -117,7 +109,6 @@ jobs:
sdk/go/**/pulumiUtilities.go sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json sdk/nodejs/package.json
sdk/python/pyproject.toml sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate - name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' && if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name == contains(github.actor, 'renovate') && github.event_name ==
@@ -163,7 +154,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702 # workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env: env:
HEAD_REF: ${{ github.head_ref }} HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain - run: git status --porcelain
@@ -172,21 +163,16 @@ jobs:
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
pulumi-gen-${{ env.PROVIDER}} pulumi-gen-${{ env.PROVIDER}}
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with: with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin/provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library - name: Test Provider Library
run: make test_provider run: make test_provider
env:
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov - name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
env: env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }} CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push' - if: failure() && github.event_name == 'push'
name: Notify Slack name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -195,7 +181,7 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
build_sdks: build_sdks:
needs: prerequisites needs: prerequisites
runs-on: pulumi-ubuntu-8core runs-on: pulumi-ubuntu-8core
@@ -209,23 +195,11 @@ jobs:
- go - go
- java - java
name: build_sdks name: build_sdks
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -243,18 +217,18 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node - name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version: ${{ env.NODEVERSION }} node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
- name: Setup DotNet - name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with: with:
dotnet-version: ${{ env.DOTNETVERSION }} dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python - name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with: with:
python-version: ${{ env.PYTHONVERSION }} python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java - name: Setup Java
@@ -264,11 +238,11 @@ jobs:
distribution: temurin distribution: temurin
cache: gradle cache: gradle
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Download provider - name: Download provider
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin path: ${{ github.workspace }}/bin
@@ -293,7 +267,6 @@ jobs:
sdk/go/**/pulumiUtilities.go sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json sdk/nodejs/package.json
sdk/python/pyproject.toml sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate - name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' && if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name == contains(github.actor, 'renovate') && github.event_name ==
@@ -339,14 +312,14 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702 # workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env: env:
HEAD_REF: ${{ github.head_ref }} HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain - run: git status --porcelain
- name: Tar SDK folder - name: Tar SDK folder
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with: with:
name: ${{ matrix.language }}-sdk.tar.gz name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
@@ -358,7 +331,7 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
test: test:
runs-on: pulumi-ubuntu-8core runs-on: pulumi-ubuntu-8core
needs: needs:
@@ -376,21 +349,12 @@ jobs:
name: test name: test
permissions: permissions:
contents: read contents: read
id-token: write # For ESC secrets. id-token: write
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -408,18 +372,18 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node - name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version: ${{ env.NODEVERSION }} node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
- name: Setup DotNet - name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with: with:
dotnet-version: ${{ env.DOTNETVERSION }} dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python - name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with: with:
python-version: ${{ env.PYTHONVERSION }} python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java - name: Setup Java
@@ -429,11 +393,11 @@ jobs:
distribution: temurin distribution: temurin
cache: gradle cache: gradle
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Download provider - name: Download provider
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin path: ${{ github.workspace }}/bin
@@ -445,7 +409,7 @@ jobs:
-exec chmod +x {} \; -exec chmod +x {} \;
- name: Download SDK - name: Download SDK
if: ${{ matrix.language != 'yaml' }} if: ${{ matrix.language != 'yaml' }}
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: ${{ matrix.language }}-sdk.tar.gz name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -479,7 +443,7 @@ jobs:
with: with:
environment: logins/pulumi-ci environment: logins/pulumi-ci
- name: Authenticate to Google Cloud - name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
with: with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{ }}/locations/global/workloadIdentityPools/${{
@@ -487,7 +451,7 @@ jobs:
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth - name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368 # v3.0.0
with: with:
install_components: gke-gcloud-auth-plugin install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt - name: Install gotestfmt
@@ -500,8 +464,6 @@ jobs:
set -euo pipefail set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GTIHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push' - if: failure() && github.event_name == 'push'
name: Notify Slack name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -510,28 +472,16 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish: publish:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: test needs: test
name: publish name: publish
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -558,27 +508,27 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Configure AWS Credentials - name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
with: with:
aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2 aws-region: us-east-2
aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200 role-duration-seconds: 7200
role-session-name: ${{ env.PROVIDER }}@githubActions role-session-name: ${{ env.PROVIDER }}@githubActions
role-external-id: upload-pulumi-release role-external-id: upload-pulumi-release
role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }} role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser - name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
env: env:
GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }}
AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }} GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }} AZURE_SIGNING_CLIENT_ID: ${{ secrets.AZURE_SIGNING_CLIENT_ID }}
AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }} AZURE_SIGNING_CLIENT_SECRET: ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }}
AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }} AZURE_SIGNING_TENANT_ID: ${{ secrets.AZURE_SIGNING_TENANT_ID }}
SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }} AZURE_SIGNING_KEY_VAULT_URI: ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }}
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} SKIP_SIGNING: ${{ secrets.AZURE_SIGNING_CLIENT_ID == '' && secrets.AZURE_SIGNING_CLIENT_SECRET == '' && secrets.AZURE_SIGNING_TENANT_ID == '' && secrets.AZURE_SIGNING_KEY_VAULT_URI == '' }}
with: with:
args: -p 3 release --clean --timeout 60m0s args: -p 3 release --clean --timeout 60m0s
version: latest version: latest
@@ -590,28 +540,16 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish_sdk: publish_sdk:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: publish needs: publish
name: publish_sdks name: publish_sdks
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -635,22 +573,22 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node - name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version: ${{ env.NODEVERSION }} node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
- name: Setup DotNet - name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with: with:
dotnet-version: ${{ env.DOTNETVERSION }} dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python - name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with: with:
python-version: ${{ env.PYTHONVERSION }} python-version: ${{ env.PYTHONVERSION }}
- name: Download python SDK - name: Download python SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: python-sdk.tar.gz name: python-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -658,7 +596,7 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C
${{github.workspace}}/sdk/python ${{github.workspace}}/sdk/python
- name: Download dotnet SDK - name: Download dotnet SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: dotnet-sdk.tar.gz name: dotnet-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -666,7 +604,7 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C
${{github.workspace}}/sdk/dotnet ${{github.workspace}}/sdk/dotnet
- name: Download nodejs SDK - name: Download nodejs SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: nodejs-sdk.tar.gz name: nodejs-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -678,11 +616,11 @@ jobs:
- name: Publish SDKs - name: Publish SDKs
run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }}
env: env:
NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
PYPI_PUBLISH_ARTIFACTS: all PYPI_PUBLISH_ARTIFACTS: all
PYPI_USERNAME: __token__ PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }} PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
- if: failure() && github.event_name == 'push' - if: failure() && github.event_name == 'push'
name: Notify Slack name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -691,29 +629,17 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
publish_java_sdk: publish_java_sdk:
runs-on: ubuntu-latest runs-on: ubuntu-latest
continue-on-error: true continue-on-error: true
needs: publish needs: publish
name: publish_java_sdk name: publish_java_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -731,7 +657,7 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Java - name: Setup Java
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with: with:
@@ -739,11 +665,11 @@ jobs:
distribution: temurin distribution: temurin
cache: gradle cache: gradle
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Download java SDK - name: Download java SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: java-sdk.tar.gz name: java-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -751,18 +677,18 @@ jobs:
run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C
${{github.workspace}}/sdk/java ${{github.workspace}}/sdk/java
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Publish Java SDK - name: Publish Java SDK
run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository
env: env:
PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }} PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }}
SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }} SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }} PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
publish_go_sdk: publish_go_sdk:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: publish-go-sdk name: publish-go-sdk
@@ -780,7 +706,7 @@ jobs:
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download go SDK - name: Download go SDK
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: go-sdk.tar.gz name: go-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -800,23 +726,7 @@ jobs:
dispatch_docs_build: dispatch_docs_build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: publish_go_sdk needs: publish_go_sdk
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Install pulumictl - name: Install pulumictl
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
with: with:
@@ -825,5 +735,5 @@ jobs:
run: pulumictl create docs-build pulumi-${{ env.PROVIDER }} run: pulumictl create docs-build pulumi-${{ env.PROVIDER }}
"${GITHUB_REF#refs/tags/}" "${GITHUB_REF#refs/tags/}"
env: env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
name: dispatch_docs_build name: dispatch_docs_build

21
.github/workflows/release_command.yml vendored
View File

@@ -13,16 +13,7 @@ jobs:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
persist-credentials: false persist-credentials: false
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Should release PR - name: Should release PR
uses: pulumi/action-release-by-pr-label@main uses: pulumi/action-release-by-pr-label@main
with: with:
@@ -30,14 +21,14 @@ jobs:
repo: ${{ github.repository }} repo: ${{ github.repository }}
pr: ${{ github.event.client_payload.pull_request.number }} pr: ${{ github.event.client_payload.pull_request.number }}
version: ${{ github.event.client_payload.slash_command.args.all }} version: ${{ github.event.client_payload.slash_command.args.all }}
slack_channel: ${{ steps.esc-secrets.outputs.RELEASE_OPS_STAGING_SLACK_CHANNEL }} slack_channel: ${{ secrets.RELEASE_OPS_STAGING_SLACK_CHANNEL }}
env: env:
RELEASE_BOT_ENDPOINT: ${{ steps.esc-secrets.outputs.RELEASE_BOT_ENDPOINT }} RELEASE_BOT_ENDPOINT: ${{ secrets.RELEASE_BOT_ENDPOINT }}
RELEASE_BOT_KEY: ${{ steps.esc-secrets.outputs.RELEASE_BOT_KEY }} RELEASE_BOT_KEY: ${{ secrets.RELEASE_BOT_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() - if: failure()
name: Notify failure name: Notify failure
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
@@ -46,7 +37,7 @@ jobs:
"release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" "release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
- if: success() - if: success()
name: Notify success name: Notify success
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }}

162
.github/workflows/run-acceptance-tests.yml vendored
View File

@@ -11,17 +11,22 @@ on:
workflow_dispatch: {} workflow_dispatch: {}
env: env:
PROVIDER: docker-build PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x" GOVERSION: "1.21.x"
NODEVERSION: "20.x" NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8" PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x" DOTNETVERSION: "8.0.x"
JAVAVERSION: "11" JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2 AWS_REGION: us-west-2
AZURE_LOCATION: westus AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -33,50 +38,32 @@ env:
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
jobs: jobs:
comment-notification: comment-notification:
if: github.event_name == 'repository_dispatch'
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: comment-notification name: comment-notification
steps: steps:
- name: Create URL to the run output
id: vars
run: echo
"run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
>> "$GITHUB_OUTPUT"
- name: Update with Result
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
token: ${{ secrets.PULUMI_BOT_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}"
if: github.event_name == 'repository_dispatch'
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
persist-credentials: false persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }} ref: ${{ env.PR_COMMIT_SHA }}
- name: Create URL to the run output
id: vars
run: echo
"run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
>> "$GITHUB_OUTPUT"
- name: Update with Result
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}"
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
permissions:
id-token: write # For ESC secrets.
pull-requests: write # For schema check comment.
steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -94,7 +81,7 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- if: github.event_name == 'pull_request' - if: github.event_name == 'pull_request'
name: Install Schema Tools name: Install Schema Tools
uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0
@@ -115,7 +102,7 @@ jobs:
echo 'EOF'; echo 'EOF';
} >> "$GITHUB_ENV" } >> "$GITHUB_ENV"
env: env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' - if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]'
name: Comment on PR with Details of Schema Check name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
@@ -145,7 +132,6 @@ jobs:
sdk/go/**/pulumiUtilities.go sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json sdk/nodejs/package.json
sdk/python/pyproject.toml sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate - name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' && if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name == contains(github.actor, 'renovate') && github.event_name ==
@@ -191,7 +177,7 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702 # workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env: env:
HEAD_REF: ${{ github.head_ref }} HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain - run: git status --porcelain
@@ -200,21 +186,16 @@ jobs:
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
pulumi-gen-${{ env.PROVIDER}} pulumi-gen-${{ env.PROVIDER}}
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with: with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin/provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz
- name: Test Provider Library - name: Test Provider Library
run: make test_provider run: make test_provider
env:
ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }}
DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload coverage reports to Codecov - name: Upload coverage reports to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
env: env:
CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }} CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- if: failure() && github.event_name == 'push' - if: failure() && github.event_name == 'push'
name: Notify Slack name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -223,7 +204,7 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
if: github.event_name == 'repository_dispatch' || if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository github.event.pull_request.head.repo.full_name == github.repository
build_sdks: build_sdks:
@@ -239,25 +220,13 @@ jobs:
- go - go
- java - java
name: build_sdks name: build_sdks
permissions:
contents: read
id-token: write # For ESC secrets.
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
persist-credentials: false persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }} ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -275,18 +244,18 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node - name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version: ${{ env.NODEVERSION }} node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
- name: Setup DotNet - name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with: with:
dotnet-version: ${{ env.DOTNETVERSION }} dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python - name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with: with:
python-version: ${{ env.PYTHONVERSION }} python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java - name: Setup Java
@@ -296,11 +265,11 @@ jobs:
distribution: temurin distribution: temurin
cache: gradle cache: gradle
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Download provider - name: Download provider
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin path: ${{ github.workspace }}/bin
@@ -325,7 +294,6 @@ jobs:
sdk/go/**/pulumiUtilities.go sdk/go/**/pulumiUtilities.go
sdk/nodejs/package.json sdk/nodejs/package.json
sdk/python/pyproject.toml sdk/python/pyproject.toml
sdk/java/build.gradle
- name: Commit SDK changes for Renovate - name: Commit SDK changes for Renovate
if: failure() && steps.worktreeClean.outcome == 'failure' && if: failure() && steps.worktreeClean.outcome == 'failure' &&
contains(github.actor, 'renovate') && github.event_name == contains(github.actor, 'renovate') && github.event_name ==
@@ -370,14 +338,14 @@ jobs:
# workflow. https://github.com/orgs/community/discussions/25702 # workflow. https://github.com/orgs/community/discussions/25702
git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" git push https://pulumi-bot:${{ secrets.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF"
env: env:
HEAD_REF: ${{ github.head_ref }} HEAD_REF: ${{ github.head_ref }}
- run: git status --porcelain - run: git status --porcelain
- name: Tar SDK folder - name: Tar SDK folder
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with: with:
name: ${{ matrix.language }}-sdk.tar.gz name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
@@ -390,7 +358,7 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
if: github.event_name == 'repository_dispatch' || if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository github.event.pull_request.head.repo.full_name == github.repository
test: test:
@@ -417,16 +385,7 @@ jobs:
with: with:
lfs: true lfs: true
persist-credentials: false persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }} ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- id: version - id: version
name: Set Provider Version name: Set Provider Version
uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0
@@ -444,18 +403,18 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup Node - name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version: ${{ env.NODEVERSION }} node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
- name: Setup DotNet - name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with: with:
dotnet-version: ${{ env.DOTNETVERSION }} dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python - name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with: with:
python-version: ${{ env.PYTHONVERSION }} python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java - name: Setup Java
@@ -465,11 +424,11 @@ jobs:
distribution: temurin distribution: temurin
cache: gradle cache: gradle
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Download provider - name: Download provider
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin path: ${{ github.workspace }}/bin
@@ -481,7 +440,7 @@ jobs:
-exec chmod +x {} \; -exec chmod +x {} \;
- name: Download SDK - name: Download SDK
if: ${{ matrix.language != 'yaml' }} if: ${{ matrix.language != 'yaml' }}
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with: with:
name: ${{ matrix.language }}-sdk.tar.gz name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/ path: ${{ github.workspace}}/sdk/
@@ -515,7 +474,7 @@ jobs:
with: with:
environment: logins/pulumi-ci environment: logins/pulumi-ci
- name: Authenticate to Google Cloud - name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
with: with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{ }}/locations/global/workloadIdentityPools/${{
@@ -523,7 +482,7 @@ jobs:
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth - name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368 # v3.0.0
with: with:
install_components: gke-gcloud-auth-plugin install_components: gke-gcloud-auth-plugin
- name: Install gotestfmt - name: Install gotestfmt
@@ -536,8 +495,6 @@ jobs:
set -euo pipefail set -euo pipefail
cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 .
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: failure() && github.event_name == 'push' - if: failure() && github.event_name == 'push'
name: Notify Slack name: Notify Slack
uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
@@ -546,28 +503,13 @@ jobs:
fields: repo,commit,author,action fields: repo,commit,author,action
status: ${{ job.status }} status: ${{ job.status }}
env: env:
SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
if: github.event_name == 'repository_dispatch' || if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository github.event.pull_request.head.repo.full_name == github.repository
sentinel: sentinel:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: sentinel name: sentinel
steps: steps:
- name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
lfs: true
persist-credentials: false
ref: ${{ env.PR_COMMIT_SHA }}
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Mark workflow as successful - name: Mark workflow as successful
uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13
with: with:
@@ -578,7 +520,6 @@ jobs:
sha: ${{ github.event.pull_request.head.sha || github.sha }} sha: ${{ github.event.pull_request.head.sha || github.sha }}
permissions: permissions:
statuses: write statuses: write
id-token: write # For ESC secrets.
if: github.event_name == 'repository_dispatch' || if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository github.event.pull_request.head.repo.full_name == github.repository
needs: needs:
@@ -606,7 +547,8 @@ jobs:
uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2 uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2
with: with:
version: ${{ env.GOLANGCI_LINT_VERSION }} version: ${{ env.GOLANGCI_LINT_VERSION }}
working-directory: . args: -c ../.golangci.yml
working-directory: provider
name: lint name: lint
if: github.event_name == 'repository_dispatch' || if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository github.event.pull_request.head.repo.full_name == github.repository

30
.github/workflows/weekly-pulumi-update.yml vendored
View File

@@ -8,17 +8,22 @@ on:
env: env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
PROVIDER: docker-build PROVIDER: docker-build
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
TRAVIS_OS_NAME: linux TRAVIS_OS_NAME: linux
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
GOVERSION: "1.21.x" GOVERSION: "1.21.x"
NODEVERSION: "20.x" NODEVERSION: "20.x"
PYTHONVERSION: "3.11.8" PYTHONVERSION: "3.11.8"
DOTNETVERSION: "8.0.x" DOTNETVERSION: "8.0.x"
JAVAVERSION: "11" JAVAVERSION: "11"
ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1
ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7
AWS_REGION: us-west-2 AWS_REGION: us-west-2
AZURE_LOCATION: westus AZURE_LOCATION: westus
DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
@@ -27,25 +32,14 @@ env:
GOOGLE_REGION: us-central1 GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a GOOGLE_ZONE: us-central1-a
PULUMI_API: https://api.pulumi-staging.io PULUMI_API: https://api.pulumi-staging.io
jobs: jobs:
weekly-pulumi-update: weekly-pulumi-update:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: write-all
steps: steps:
- name: Checkout Repo - name: Checkout Repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
lfs: true lfs: true
- env:
ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }}
ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false"
ESC_ACTION_OIDC_AUTH: "true"
ESC_ACTION_OIDC_ORGANIZATION: pulumi
ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization
id: esc-secrets
name: Fetch secrets from ESC
uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b
- name: Install Go - name: Install Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with: with:
@@ -56,18 +50,18 @@ jobs:
with: with:
repo: pulumi/pulumictl repo: pulumi/pulumictl
- name: Install Pulumi CLI - name: Install Pulumi CLI
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 uses: pulumi/actions@df5a93ad715135263c732ba288301bd044c383c0 # v6.3.0
- name: Setup DotNet - name: Setup DotNet
uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
with: with:
dotnet-version: ${{ env.DOTNETVERSION }} dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Node - name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version: ${{ env.NODEVERSION }} node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org registry-url: https://registry.npmjs.org
- name: Setup Python - name: Setup Python
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with: with:
python-version: ${{ env.PYTHONVERSION }} python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java - name: Setup Java
@@ -77,7 +71,7 @@ jobs:
distribution: temurin distribution: temurin
cache: gradle cache: gradle
- name: Setup Gradle - name: Setup Gradle
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
with: with:
gradle-version: "7.6" gradle-version: "7.6"
- name: Update Pulumi/Pulumi - name: Update Pulumi/Pulumi
@@ -138,5 +132,5 @@ jobs:
gh pr create -t "$msg" -b "$msg" --head "$(git branch --show-current)" gh pr create -t "$msg" -b "$msg" --head "$(git branch --show-current)"
env: env:
GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
name: weekly-pulumi-update name: weekly-pulumi-update

2
.pulumi.version
View File

@@ -1 +1 @@
3.192.0 3.187.0

10
CHANGELOG.md
View File

@@ -1,15 +1,5 @@
## Unreleased ## Unreleased
## Changed
- Arguments `CacheFromGitHubActions.URL` and `CacheFromGitHubActions.Token` have been removed. If the previous behaviour is desired, set the `ACTIONS_CACHE_URL` and `ACTIONS_RUNTIME_TOKEN` environment variables. (https://github.com/pulumi/pulumi-docker-build/issues/75)
## 0.0.14 (2025-09-30)
### Fixed
- A warning is no longer emitted for the reserved `__internal` key. (https://github.com/pulumi/pulumi-docker-build/issues/579)
## 0.0.13 (2025-08-27) ## 0.0.13 (2025-08-27)
### Changed ### Changed

45
Makefile
View File

@@ -17,9 +17,8 @@ WORKING_DIR := $(shell pwd)
EXAMPLES_DIR := ${WORKING_DIR}/examples/yaml EXAMPLES_DIR := ${WORKING_DIR}/examples/yaml
TESTPARALLELISM := 4 TESTPARALLELISM := 4
PULUMI := pulumi PULUMI := bin/pulumi
GOGLANGCILINT := golangci-lint GOGLANGCILINT := bin/golangci-lint
GOTEST := go test
# Override during CI using `make [TARGET] PROVIDER_VERSION=""` or by setting a PROVIDER_VERSION environment variable # Override during CI using `make [TARGET] PROVIDER_VERSION=""` or by setting a PROVIDER_VERSION environment variable
# Local & branch builds will just used this fixed default version unless specified # Local & branch builds will just used this fixed default version unless specified
@@ -47,10 +46,10 @@ provider_debug::
(cd provider && go build -o $(WORKING_DIR)/bin/${PROVIDER} -gcflags="all=-N -l" -ldflags "-X ${PROJECT}/${VERSION_PATH}=${VERSION_GENERIC}" $(PROJECT)/${PROVIDER_PATH}/cmd/$(PROVIDER)) (cd provider && go build -o $(WORKING_DIR)/bin/${PROVIDER} -gcflags="all=-N -l" -ldflags "-X ${PROJECT}/${VERSION_PATH}=${VERSION_GENERIC}" $(PROJECT)/${PROVIDER_PATH}/cmd/$(PROVIDER))
test_provider:: # Required by CI test_provider:: # Required by CI
${GOTEST} -short -v -coverprofile="coverage.txt" -coverpkg=./provider/... -timeout 2h -parallel ${TESTPARALLELISM} ./provider/... go test -short -v -coverprofile="coverage.txt" -coverpkg=./provider/... -timeout 2h -parallel ${TESTPARALLELISM} ./provider/...
test_examples: install_nodejs_sdk install_dotnet_sdk test_examples: install_nodejs_sdk install_dotnet_sdk
${GOTEST} -short -v -cover -tags=all -timeout 2h -parallel ${TESTPARALLELISM} ./examples/... go test -short -v -cover -tags=all -timeout 2h -parallel ${TESTPARALLELISM} ./examples/...
test_all:: test_provider test_examples test_all:: test_provider test_examples
@@ -64,26 +63,38 @@ examples/yaml:
rm -rf ${WORKING_DIR}/examples/yaml/app rm -rf ${WORKING_DIR}/examples/yaml/app
cp -r ${WORKING_DIR}/examples/app ${WORKING_DIR}/examples/yaml/app cp -r ${WORKING_DIR}/examples/app ${WORKING_DIR}/examples/yaml/app
examples/go: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml examples/go: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,go) $(call example,go)
@git checkout examples/go/go.mod @git checkout examples/go/go.mod
examples/nodejs: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml examples/nodejs: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,nodejs) $(call example,nodejs)
@git checkout examples/nodejs/package.json @git checkout examples/nodejs/package.json
examples/python: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml examples/python: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,python) $(call example,python)
@git checkout examples/python/requirements.txt @git checkout examples/python/requirements.txt
examples/dotnet: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml examples/dotnet: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,dotnet) $(call example,dotnet)
@git checkout examples/dotnet/provider-docker-build.csproj @git checkout examples/dotnet/provider-docker-build.csproj
examples/java: bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml examples/java: ${PULUMI} bin/${PROVIDER} ${WORKING_DIR}/examples/yaml/Pulumi.yaml
$(call example,java) $(call example,java)
@git checkout examples/java/pom.xml @git checkout examples/java/pom.xml
${PULUMI}: go.sum
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/pkg/v3/cmd/pulumi
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi-java/pkg/cmd/pulumi-language-java
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3
GOBIN=${WORKING_DIR}/bin go install github.com/pulumi/pulumi-yaml/cmd/pulumi-converter-yaml
${GOGLANGCILINT}: go.sum
GOBIN=${WORKING_DIR}/bin go install github.com/golangci/golangci-lint/cmd/golangci-lint@8b37f14
define pulumi_login define pulumi_login
export PULUMI_CONFIG_PASSPHRASE=asdfqwerty1234; \ export PULUMI_CONFIG_PASSPHRASE=asdfqwerty1234; \
pulumi login --local; pulumi login --local;
@@ -91,7 +102,7 @@ endef
define example define example
rm -rf ${WORKING_DIR}/examples/$(1) rm -rf ${WORKING_DIR}/examples/$(1)
pulumi convert \ $(PULUMI) convert \
--cwd ${WORKING_DIR}/examples/yaml \ --cwd ${WORKING_DIR}/examples/yaml \
--logtostderr \ --logtostderr \
--generate-only \ --generate-only \
@@ -129,7 +140,7 @@ build:: provider sdk/dotnet sdk/go sdk/nodejs sdk/python sdk/java ${SCHEMA_PATH}
only_build:: build only_build:: build
.PHONY: lint .PHONY: lint
lint: lint: ${GOGLANGCILINT}
${GOGLANGCILINT} run --fix -c .golangci.yml ${GOGLANGCILINT} run --fix -c .golangci.yml
install:: install_nodejs_sdk install_dotnet_sdk install:: install_nodejs_sdk install_dotnet_sdk
@@ -194,7 +205,7 @@ sdk: sdk/python sdk/nodejs sdk/java sdk/python sdk/go sdk/dotnet
.PHONY: sdk/* .PHONY: sdk/*
sdk/python: TMPDIR := $(shell mktemp -d) sdk/python: TMPDIR := $(shell mktemp -d)
sdk/python: bin/${PROVIDER} sdk/python: $(PULUMI) bin/${PROVIDER}
rm -rf sdk/python rm -rf sdk/python
$(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language python -o ${TMPDIR} $(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language python -o ${TMPDIR}
cp README.md ${TMPDIR}/python/ cp README.md ${TMPDIR}/python/
@@ -207,7 +218,7 @@ sdk/python: bin/${PROVIDER}
mv -f ${TMPDIR}/python ${WORKING_DIR}/sdk/. mv -f ${TMPDIR}/python ${WORKING_DIR}/sdk/.
sdk/nodejs: TMPDIR := $(shell mktemp -d) sdk/nodejs: TMPDIR := $(shell mktemp -d)
sdk/nodejs: bin/${PROVIDER} sdk/nodejs: $(PULUMI) bin/${PROVIDER}
rm -rf sdk/nodejs rm -rf sdk/nodejs
$(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language nodejs -o ${TMPDIR} $(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language nodejs -o ${TMPDIR}
cp README.md LICENSE ${TMPDIR}/nodejs cp README.md LICENSE ${TMPDIR}/nodejs
@@ -219,7 +230,7 @@ sdk/nodejs: bin/${PROVIDER}
sdk/go: TMPDIR := $(shell mktemp -d) sdk/go: TMPDIR := $(shell mktemp -d)
sdk/go: PATH := "$(WORKING_DIR)/bin:$(PATH)" sdk/go: PATH := "$(WORKING_DIR)/bin:$(PATH)"
sdk/go: bin/${PROVIDER} sdk/go: $(PULUMI) bin/${PROVIDER}
rm -rf sdk/go rm -rf sdk/go
PATH=$(PATH) $(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language go -o ${TMPDIR} PATH=$(PATH) $(PULUMI) package gen-sdk ./bin/$(PROVIDER) --language go -o ${TMPDIR}
cp go.mod ${TMPDIR}/go/dockerbuild/go.mod cp go.mod ${TMPDIR}/go/dockerbuild/go.mod
@@ -229,7 +240,7 @@ sdk/go: bin/${PROVIDER}
mv -f ${TMPDIR}/go ${WORKING_DIR}/sdk/go mv -f ${TMPDIR}/go ${WORKING_DIR}/sdk/go
sdk/dotnet: TMPDIR := $(shell mktemp -d) sdk/dotnet: TMPDIR := $(shell mktemp -d)
sdk/dotnet: bin/${PROVIDER} sdk/dotnet: $(PULUMI) bin/${PROVIDER}
rm -rf sdk/dotnet rm -rf sdk/dotnet
$(PULUMI) package gen-sdk ./bin/${PROVIDER} --language dotnet -o ${TMPDIR} $(PULUMI) package gen-sdk ./bin/${PROVIDER} --language dotnet -o ${TMPDIR}
cd ${TMPDIR}/dotnet/ && \ cd ${TMPDIR}/dotnet/ && \
@@ -239,7 +250,7 @@ sdk/dotnet: bin/${PROVIDER}
sdk/java: PACKAGE_VERSION := $(shell pulumictl convert-version --language generic -v "$(VERSION_GENERIC)") sdk/java: PACKAGE_VERSION := $(shell pulumictl convert-version --language generic -v "$(VERSION_GENERIC)")
sdk/java: TMPDIR := $(shell mktemp -d) sdk/java: TMPDIR := $(shell mktemp -d)
sdk/java: bin/${PROVIDER} sdk/java: $(PULUMI) bin/${PROVIDER}
rm -rf sdk/java rm -rf sdk/java
$(PULUMI) package gen-sdk --language java ./bin/${PROVIDER} -o ${TMPDIR} $(PULUMI) package gen-sdk --language java ./bin/${PROVIDER} -o ${TMPDIR}
cd ${TMPDIR}/java/ && gradle --console=plain build cd ${TMPDIR}/java/ && gradle --console=plain build

428
docs/_index.md
View File

@@ -1,428 +0,0 @@
---
title: Docker Build
meta_desc: Provides an overview of the Docker Build Provider for Pulumi.
layout: package
---
The Docker Build provider leverages [buildx and BuildKit](https://docs.docker.com/build/architecture/) to build modern Docker images with Pulumi.
Not to be confused with the earlier
[Docker](../docker) provider, which is still
appropriate for managing resources unrelated to building images.
| Provider | Use cases |
| ---------------- | ----------------------------------------------------------------------- |
| `@pulumi/docker-build` | Anything related to building images with `docker build`. |
| `@pulumi/docker` | Everything else -- including running containers and creating networks. |
## Example
If your Pulumi program has a directory called `app` alongside it, containing a
file named "Dockerfile" (which can be as simple as `FROM alpine` for the
purpose of example), then the code below shows how to build a multi-platform
image, publish it to a remote AWS ECR registry, and use an [inline
cache](https://docs.docker.com/build/cache/backends/inline/) to speed up
subsequent builds.
{{< chooser language "typescript,python,csharp,go,yaml,java" / >}}
{{% choosable language typescript %}}
```typescript
import * as aws from "@pulumi/aws";
import * as docker_build from "@pulumi/docker-build";
// Create an ECR repository for pushing.
const ecrRepository = new aws.ecr.Repository("ecr-repository", {});
// Grab auth credentials for ECR.
const authToken = aws.ecr.getAuthorizationTokenOutput({
registryId: ecrRepository.registryId,
});
// Build and push an image to ECR with inline caching.
const myImage = new docker_build.Image("my-image", {
// Tag our image with our ECR repository's address.
tags: [pulumi.interpolate`${ecrRepository.repositoryUrl}:latest`],
context: {
location: "./app",
},
// Use the pushed image as a cache source.
cacheFrom: [{
registry: {
ref: pulumi.interpolate`${ecrRepository.repositoryUrl}:latest`,
},
}],
// Include an inline cache with our pushed image.
cacheTo: [{
inline: {},
}],
// Build a multi-platform image manifest for ARM and AMD.
platforms: [
"linux/amd64",
"linux/arm64",
],
// Push the final result to ECR.
push: true,
// Provide our ECR credentials.
registries: [{
address: ecrRepository.repositoryUrl,
password: authToken.password,
username: authToken.userName,
}],
});
// Export a ref for the pushed images so we can deploy it.
export const ref = myImage.ref;
```
{{% /choosable %}}
{{% choosable language python %}}
```python
import pulumi
import pulumi_aws as aws
import pulumi_docker_build as docker_build
# Create an ECR repository for pushing.
ecr_repository = aws.ecr.Repository("ecr-repository")
# Grab auth credentials for ECR.
auth_token = aws.ecr.get_authorization_token_output(registry_id=ecr_repository.registry_id)
# Build and push an image to ECR with inline caching.
my_image = docker_build.Image("my-image",
# Tag our image with our ECR repository's address.
tags=[ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:latest")],
context=docker_build.BuildContextArgs(
location="./app",
),
# Use the pushed image as a cache source.
cache_from=[docker_build.CacheFromArgs(
registry=docker_build.CacheFromRegistryArgs(
ref=ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:latest"),
),
)],
# Include an inline cache with our pushed image.
cache_to=[docker_build.CacheToArgs(
inline=docker_build.CacheToInlineArgs(),
)],
# Build a multi-platform image manifest for ARM and AMD.
platforms=[
docker_build.Platform.LINUX_AMD64,
docker_build.Platform.LINUX_ARM64,
],
# Push the final result to ECR.
push=True,
# Provide our ECR credentials.
registries=[docker_build.RegistryArgs(
address=ecr_repository.repository_url,
password=auth_token.password,
username=auth_token.user_name,
)],
)
# Export a ref for the pushed images so we can deploy it.
pulumi.export("ref", my_image.ref)
```
{{% /choosable %}}
{{% choosable language csharp %}}
```csharp
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using DockerBuild = Pulumi.DockerBuild;
return await Deployment.RunAsync(() =>
{
// Create an ECR repository for pushing.
var ecrRepository = new Aws.Ecr.Repository("ecr-repository");
// Grab auth credentials for ECR.
var authToken = Aws.Ecr.GetAuthorizationToken.Invoke(new()
{
RegistryId = ecrRepository.RegistryId,
});
// Build and push an image to ECR with inline caching.
var myImage = new DockerBuild.Image("my-image", new()
{
// Tag our image with our ECR repository's address.
Tags = new[]
{
ecrRepository.RepositoryUrl.Apply(repositoryUrl => $"{repositoryUrl}:latest"),
},
Context = new DockerBuild.Inputs.BuildContextArgs
{
Location = "./app",
},
// Use the pushed image as a cache source.
CacheFrom = new[]
{
new DockerBuild.Inputs.CacheFromArgs
{
Registry = new DockerBuild.Inputs.CacheFromRegistryArgs
{
Ref = ecrRepository.RepositoryUrl.Apply(repositoryUrl => $"{repositoryUrl}:latest"),
},
},
},
// Include an inline cache with our pushed image.
CacheTo = new[]
{
new DockerBuild.Inputs.CacheToArgs
{
Inline = null,
},
},
// Build a multi-platform image manifest for ARM and AMD.
Platforms = new[]
{
DockerBuild.Platform.Linux_amd64,
DockerBuild.Platform.Linux_arm64,
},
// Push the final result to ECR.
Push = true,
// Provide our ECR credentials.
Registries = new[]
{
new DockerBuild.Inputs.RegistryArgs
{
Address = ecrRepository.RepositoryUrl,
Password = authToken.Apply(getAuthorizationTokenResult => getAuthorizationTokenResult.Password),
Username = authToken.Apply(getAuthorizationTokenResult => getAuthorizationTokenResult.UserName),
},
},
});
// Export a ref for the pushed images so we can deploy it.
return new Dictionary<string, object?>
{
["ref"] = myImage.Ref,
};
});
```
{{% /choosable %}}
{{% choosable language go %}}
```go
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr"
"github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create an ECR repository for pushing.
ecrRepository, err := ecr.NewRepository(ctx, "ecr-repository", nil)
if err != nil {
return err
}
// Grab auth credentials for ECR.
authToken := ecr.GetAuthorizationTokenOutput(ctx, ecr.GetAuthorizationTokenOutputArgs{
RegistryId: ecrRepository.RegistryId,
}, nil)
// Build and push an image to ECR with inline caching.
myImage, err := dockerbuild.NewImage(ctx, "my-image", &dockerbuild.ImageArgs{
// Tag our image with our ECR repository's address.
Tags: pulumi.StringArray{
ecrRepository.RepositoryUrl.ApplyT(func(repositoryUrl string) (string, error) {
return fmt.Sprintf("%v:latest", repositoryUrl), nil
}).(pulumi.StringOutput),
},
Context: &dockerbuild.BuildContextArgs{
Location: pulumi.String("./app"),
},
// Use the pushed image as a cache source.
CacheFrom: dockerbuild.CacheFromArray{
&dockerbuild.CacheFromArgs{
Registry: &dockerbuild.CacheFromRegistryArgs{
Ref: ecrRepository.RepositoryUrl.ApplyT(func(repositoryUrl string) (string, error) {
return fmt.Sprintf("%v:latest", repositoryUrl), nil
}).(pulumi.StringOutput),
},
},
},
// Include an inline cache with our pushed image.
CacheTo: dockerbuild.CacheToArray{
&dockerbuild.CacheToArgs{
Inline: nil,
},
},
// Build a multi-platform image manifest for ARM and AMD.
Platforms: dockerbuild.PlatformArray{
dockerbuild.Platform_Linux_amd64,
dockerbuild.Platform_Linux_arm64,
},
// Push the final result to ECR.
Push: pulumi.Bool(true),
// Provide our ECR credentials.
Registries: dockerbuild.RegistryArray{
&dockerbuild.RegistryArgs{
Address: ecrRepository.RepositoryUrl,
Password: authToken.ApplyT(func(authToken ecr.GetAuthorizationTokenResult) (*string, error) {
return &authToken.Password, nil
}).(pulumi.StringPtrOutput),
Username: authToken.ApplyT(func(authToken ecr.GetAuthorizationTokenResult) (*string, error) {
return &authToken.UserName, nil
}).(pulumi.StringPtrOutput),
},
},
})
if err != nil {
return err
}
// Export a ref for the pushed images so we can deploy it.
ctx.Export("ref", myImage.Ref)
return nil
})
}
```
{{% /choosable %}}
{{% choosable language yaml %}}
```yaml
description: Push to AWS ECR with caching
name: ecr
outputs:
ref: ${my-image.ref}
resources:
# Create an ECR repository for pushing.
ecr-repository:
type: aws:ecr:Repository
# Build and push an image to ECR with inline caching.
my-image:
type: docker-build:Image
properties:
# Tag our image with our ECR repository's address.
tags:
- ${ecr-repository.repositoryUrl}:latest
context:
location: ./app
# Use the pushed image as a cache source.
cacheFrom:
- registry:
ref: ${ecr-repository.repositoryUrl}:latest
# Include an inline cache with our pushed image.
cacheTo:
- inline: {}
# Build a multi-platform image manifest for ARM and AMD.
platforms:
- linux/amd64
- linux/arm64
# Push the final result to ECR.
push: true
# Provide our ECR credentials.
registries:
- address: ${ecr-repository.repositoryUrl}
password: ${auth-token.password}
username: ${auth-token.userName}
runtime: yaml
variables:
auth-token:
# Grab auth credentials for ECR.
fn::aws:ecr:getAuthorizationToken:
registryId: ${ecr-repository.registryId}
```
{{% /choosable %}}
{{% choosable language java %}}
```java
package myapp;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ecr.Repository;
import com.pulumi.aws.ecr.EcrFunctions;
import com.pulumi.aws.ecr.inputs.GetAuthorizationTokenArgs;
import com.pulumi.dockerbuild.Image;
import com.pulumi.dockerbuild.ImageArgs;
import com.pulumi.dockerbuild.inputs.CacheFromArgs;
import com.pulumi.dockerbuild.inputs.CacheFromRegistryArgs;
import com.pulumi.dockerbuild.inputs.CacheToArgs;
import com.pulumi.dockerbuild.inputs.CacheToInlineArgs;
import com.pulumi.dockerbuild.inputs.BuildContextArgs;
import com.pulumi.dockerbuild.inputs.RegistryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create an ECR repository for pushing.
var ecrRepository = new Repository("ecrRepository");
// Grab auth credentials for ECR.
final var authToken = EcrFunctions.getAuthorizationToken(GetAuthorizationTokenArgs.builder()
.registryId(ecrRepository.registryId())
.build());
// Build and push an image to ECR with inline caching.
var myImage = new Image("myImage", ImageArgs.builder()
// Tag our image with our ECR repository's address.
.tags(ecrRepository.repositoryUrl().applyValue(repositoryUrl -> String.format("%s:latest", repositoryUrl)))
.context(BuildContextArgs.builder()
.location("./app")
.build())
// Use the pushed image as a cache source.
.cacheFrom(CacheFromArgs.builder()
.registry(CacheFromRegistryArgs.builder()
.ref(ecrRepository.repositoryUrl().applyValue(repositoryUrl -> String.format("%s:latest", repositoryUrl)))
.build())
.build())
// Include an inline cache with our pushed image.
.cacheTo(CacheToArgs.builder()
.inline()
.build())
// Build a multi-platform image manifest for ARM and AMD.
.platforms(
"linux/amd64",
"linux/arm64")
// Push the final result to ECR.
.push(true)
// Provide our ECR credentials.
.registries(RegistryArgs.builder()
.address(ecrRepository.repositoryUrl())
.password(authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult).applyValue(authToken -> authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult.password())))
.username(authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult).applyValue(authToken -> authToken.applyValue(getAuthorizationTokenResult -> getAuthorizationTokenResult.userName())))
.build())
.build());
ctx.export("ref", myImage.ref());
}
}
```
{{% /choosable %}}
{{< /chooser >}}

33
docs/installation-configuration.md
View File

@@ -1,33 +0,0 @@
---
title: Docker-Build Installation & Configuration
meta_desc: Provides an overview on how to configure the Pulumi Docker-Build Provider.
layout: package
---
The Pulumi Docker-build provider builds modern Docker images with [buildx](https://docs.docker.com/reference/cli/docker/buildx/) and [BuildKit](https://docs.docker.com/build/buildkit/).
## Installation
The Docker-Build provider is available as a package in all Pulumi languages:
* JavaScript/TypeScript: [`@pulumi/docker-build`](https://www.npmjs.com/package/@pulumi/docker-build)
* Python: [`pulumi-docker-build`](https://pypi.org/project/pulumi-docker-build/)
* Go: [`github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild`](https://github.com/pulumi/pulumi-docker-build)
* .NET: [`Pulumi.DockerBuild`](https://www.nuget.org/packages/Pulumi.DockerBuild)
* Java: [`com.pulumi/docker-build`](https://central.sonatype.com/artifact/com.pulumi/docker-build)
## Configuring The Provider
### Host
The `DOCKER_HOST` environment variable can be used to specify a custom build daemon's location.
```bash
$ export DOCKER_HOST=tcp://127.0.0.1:2376/
```
This can also be specified in your stack's configuration:
```bash
$ pulumi config set docker-build:host tcp://127.0.0.1:2376/
```

4
examples/go/go.mod
View File

@@ -6,7 +6,7 @@ toolchain go1.24.5
require ( require (
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12 github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12
github.com/pulumi/pulumi/sdk/v3 v3.192.0 github.com/pulumi/pulumi/sdk/v3 v3.187.0
) )
require ( require (
@@ -62,7 +62,7 @@ require (
github.com/pkg/errors v0.9.1 // indirect github.com/pkg/errors v0.9.1 // indirect
github.com/pkg/term v1.1.0 // indirect github.com/pkg/term v1.1.0 // indirect
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect
github.com/pulumi/esc v0.17.0 // indirect github.com/pulumi/esc v0.14.3 // indirect
github.com/rivo/uniseg v0.4.7 // indirect github.com/rivo/uniseg v0.4.7 // indirect
github.com/rogpeppe/go-internal v1.14.1 // indirect github.com/rogpeppe/go-internal v1.14.1 // indirect
github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect

8
examples/go/go.sum
View File

@@ -159,12 +159,12 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0=
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE=
github.com/pulumi/esc v0.17.0 h1:oaVOIyFTENlYDuqc3pW75lQT9jb2cd6ie/4/Twxn66w= github.com/pulumi/esc v0.14.3 h1:Zli+9LiSDT/W+Fsfr8tITxCo+5wn969tLrE4KLv44G8=
github.com/pulumi/esc v0.17.0/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc= github.com/pulumi/esc v0.14.3/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc=
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12 h1:uzmw+0iic764m0Yvh4I/jRV1x3q49dVh5Ctq9RllsQ8= github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12 h1:uzmw+0iic764m0Yvh4I/jRV1x3q49dVh5Ctq9RllsQ8=
github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12/go.mod h1:6zFMe786NvFDO03BVJwdw1R/Yms4F6vAU49iBHo8zbQ= github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.12/go.mod h1:6zFMe786NvFDO03BVJwdw1R/Yms4F6vAU49iBHo8zbQ=
github.com/pulumi/pulumi/sdk/v3 v3.192.0 h1:sfHuR3P02wSbV3xdSMEQ0+uC/HzlMz0YfKrVAXy1hSQ= github.com/pulumi/pulumi/sdk/v3 v3.187.0 h1:BflBBeD/qaoKN4Tov11g4aHzJ7pTXBSb8otgmteRer0=
github.com/pulumi/pulumi/sdk/v3 v3.192.0/go.mod h1:aV0+c5xpSYccWKmOjTZS9liYCqh7+peu3cQgSXu7CJw= github.com/pulumi/pulumi/sdk/v3 v3.187.0/go.mod h1:BnpKxUc6QlxqoCqobHNZsUuIuY27H6ZFUk0Cp+0JN5U=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=

5
examples/nodejs_test.go
View File

@@ -181,9 +181,8 @@ func TestConfig(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
test := integration.ProgramTestOptions{ test := integration.ProgramTestOptions{
Dir: path.Join(cwd, "tests", "config"), Dir: path.Join(cwd, "tests", "config"),
Dependencies: []string{"@pulumi/docker-build"}, Dependencies: []string{"@pulumi/docker-build"},
SkipEmptyPreviewUpdate: true,
} }
integration.ProgramTest(t, &test) integration.ProgramTest(t, &test)

6
go.mod
View File

@@ -16,14 +16,14 @@ require (
github.com/otiai10/copy v1.14.0 github.com/otiai10/copy v1.14.0
github.com/pulumi/providertest v0.3.1 github.com/pulumi/providertest v0.3.1
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef
github.com/pulumi/pulumi-go-provider v1.1.2 github.com/pulumi/pulumi-go-provider v1.1.1
github.com/pulumi/pulumi-java/pkg v1.16.0 github.com/pulumi/pulumi-java/pkg v1.16.0
github.com/pulumi/pulumi-yaml v1.21.2 github.com/pulumi/pulumi-yaml v1.21.2
github.com/pulumi/pulumi/pkg/v3 v3.192.0 github.com/pulumi/pulumi/pkg/v3 v3.187.0
github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815 github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815
github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815 github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815
github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815 github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815
github.com/pulumi/pulumi/sdk/v3 v3.192.0 github.com/pulumi/pulumi/sdk/v3 v3.187.0
github.com/regclient/regclient v0.7.1 github.com/regclient/regclient v0.7.1
github.com/sirupsen/logrus v1.9.3 github.com/sirupsen/logrus v1.9.3
github.com/spf13/afero v1.14.0 github.com/spf13/afero v1.14.0

12
go.sum
View File

@@ -896,22 +896,22 @@ github.com/pulumi/providertest v0.3.1 h1:vlftr7TZlObh81mL88IhhF0/9ZbLrZZos4NAvR4
github.com/pulumi/providertest v0.3.1/go.mod h1:fFHUP4/9DRyYnHWiRnwcynMtM/a7hHR/QcJfcuZKO3A= github.com/pulumi/providertest v0.3.1/go.mod h1:fFHUP4/9DRyYnHWiRnwcynMtM/a7hHR/QcJfcuZKO3A=
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef h1:cxRa9R9To6OYKacIG2Em6zcM7BDNr6joC43uiV1lSVY= github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef h1:cxRa9R9To6OYKacIG2Em6zcM7BDNr6joC43uiV1lSVY=
github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef/go.mod h1:VLcnE1lj92EfRi7CRMzdPkQ9OQvrlg2upJM1lBZzNmg= github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3 v3.0.0-20250806132441-44ca9a522cef/go.mod h1:VLcnE1lj92EfRi7CRMzdPkQ9OQvrlg2upJM1lBZzNmg=
github.com/pulumi/pulumi-go-provider v1.1.2 h1:NUQDXaftBDFTPMBPwxo8FhJUX0ymkv6a1XiXTnCDpvg= github.com/pulumi/pulumi-go-provider v1.1.1 h1:4UT3LeNT9CdGhkq8OSWKJsmKTW9Tg+vsfOO/hsFVyb4=
github.com/pulumi/pulumi-go-provider v1.1.2/go.mod h1:3lNIuxT/BArFyiKrVfv+UT7gMMtplss7V69KuBZ4zIk= github.com/pulumi/pulumi-go-provider v1.1.1/go.mod h1:3lNIuxT/BArFyiKrVfv+UT7gMMtplss7V69KuBZ4zIk=
github.com/pulumi/pulumi-java/pkg v1.16.0 h1:8KCiIXWv2uxfIks0SdgOezyXg4HZIoPfHID9eMg4nuM= github.com/pulumi/pulumi-java/pkg v1.16.0 h1:8KCiIXWv2uxfIks0SdgOezyXg4HZIoPfHID9eMg4nuM=
github.com/pulumi/pulumi-java/pkg v1.16.0/go.mod h1:VeMZ1s9LfXBypao4A1tRF3EB7fYnYZ1LwImyg6FBX0c= github.com/pulumi/pulumi-java/pkg v1.16.0/go.mod h1:VeMZ1s9LfXBypao4A1tRF3EB7fYnYZ1LwImyg6FBX0c=
github.com/pulumi/pulumi-yaml v1.21.2 h1:czqC5AazinfX6Bj0nqAAQ6x/Cr8/3oUz3HUjJg6tJ4o= github.com/pulumi/pulumi-yaml v1.21.2 h1:czqC5AazinfX6Bj0nqAAQ6x/Cr8/3oUz3HUjJg6tJ4o=
github.com/pulumi/pulumi-yaml v1.21.2/go.mod h1:KOqDnuJksfIq8belFVFN3IEI4r0NgW69M0QPSj54On4= github.com/pulumi/pulumi-yaml v1.21.2/go.mod h1:KOqDnuJksfIq8belFVFN3IEI4r0NgW69M0QPSj54On4=
github.com/pulumi/pulumi/pkg/v3 v3.192.0 h1:gZRMPaNpW+VN3ng3h9r8De8wI0keWC9fIP0rcUDatMA= github.com/pulumi/pulumi/pkg/v3 v3.187.0 h1:VTbireKCxG/wKPX3slHNb3Zk3xKMr5CvcvjH8194H2I=
github.com/pulumi/pulumi/pkg/v3 v3.192.0/go.mod h1:+Zp3EzjzGW4PlcW8oITZgeOfFzIVbLWvHtUVixvGQcs= github.com/pulumi/pulumi/pkg/v3 v3.187.0/go.mod h1:3y5nyMg62dd+DBzYW/P4d+Ye9pJ/zhJd+aGzMzfUL1g=
github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:tipGG4aEPejP424igQYxJ6TOtWVtZJa0z679oIv00ho= github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:tipGG4aEPejP424igQYxJ6TOtWVtZJa0z679oIv00ho=
github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:V2MMs29cFeGBdZyFKxNqTGVfBgDLhIOGfrXOxheieuI= github.com/pulumi/pulumi/sdk/go/pulumi-language-go/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:V2MMs29cFeGBdZyFKxNqTGVfBgDLhIOGfrXOxheieuI=
github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:+QJTFK7UcOFTYCg3XaSTrRZHWJ6Hqza8w9oADa4pPcM= github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:+QJTFK7UcOFTYCg3XaSTrRZHWJ6Hqza8w9oADa4pPcM=
github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:0kA9b5LsaXLEKQzo0o9UUsHtZkACthHYLyBVUDUVMxc= github.com/pulumi/pulumi/sdk/nodejs/cmd/pulumi-language-nodejs/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:0kA9b5LsaXLEKQzo0o9UUsHtZkACthHYLyBVUDUVMxc=
github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:bkvtySMos0ij3fWZWZaU5sVrvGvU0dZCusoxpgEtX6I= github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815 h1:bkvtySMos0ij3fWZWZaU5sVrvGvU0dZCusoxpgEtX6I=
github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:SJtr0N/XFyelI7M7U0UbJXr15pgEdSmpN40cglTsRTA= github.com/pulumi/pulumi/sdk/python/cmd/pulumi-language-python/v3 v3.0.0-20250806165243-bee5e4fa4815/go.mod h1:SJtr0N/XFyelI7M7U0UbJXr15pgEdSmpN40cglTsRTA=
github.com/pulumi/pulumi/sdk/v3 v3.192.0 h1:sfHuR3P02wSbV3xdSMEQ0+uC/HzlMz0YfKrVAXy1hSQ= github.com/pulumi/pulumi/sdk/v3 v3.187.0 h1:BflBBeD/qaoKN4Tov11g4aHzJ7pTXBSb8otgmteRer0=
github.com/pulumi/pulumi/sdk/v3 v3.192.0/go.mod h1:aV0+c5xpSYccWKmOjTZS9liYCqh7+peu3cQgSXu7CJw= github.com/pulumi/pulumi/sdk/v3 v3.187.0/go.mod h1:BnpKxUc6QlxqoCqobHNZsUuIuY27H6ZFUk0Cp+0JN5U=
github.com/quasilyte/go-ruleguard v0.4.2 h1:htXcXDK6/rO12kiTHKfHuqR4kr3Y4M0J0rOL6CH/BYs= github.com/quasilyte/go-ruleguard v0.4.2 h1:htXcXDK6/rO12kiTHKfHuqR4kr3Y4M0J0rOL6CH/BYs=
github.com/quasilyte/go-ruleguard v0.4.2/go.mod h1:GJLgqsLeo4qgavUoL8JeGFNS7qcisx3awV/w9eWTmNI= github.com/quasilyte/go-ruleguard v0.4.2/go.mod h1:GJLgqsLeo4qgavUoL8JeGFNS7qcisx3awV/w9eWTmNI=
github.com/quasilyte/go-ruleguard/dsl v0.3.22 h1:wd8zkOhSNr+I+8Qeciml08ivDt1pSXe60+5DqOpCjPE= github.com/quasilyte/go-ruleguard/dsl v0.3.22 h1:wd8zkOhSNr+I+8Qeciml08ivDt1pSXe60+5DqOpCjPE=

19
mise.toml Normal file
View File

@@ -0,0 +1,19 @@
# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt
[tools]
# Runtimes
go = '1.21'
node = '20'
python = '3.11.8'
dotnet = '8.0'
# Corretto version used as Java SE/OpenJDK version no longer offered
java = 'corretto-11'
# Executable tools
pulumi = 'latest'
"go:github.com/pulumi/pulumictl/cmd/pulumictl" = 'latest'
gradle = '7.6'
[settings]
experimental = true # Required for Go binaries (e.g. pulumictl).

44
provider/cmd/pulumi-resource-docker-build/schema.json
View File

@@ -155,12 +155,32 @@
] ]
}, },
"docker-build:index:CacheFromGitHubActions": { "docker-build:index:CacheFromGitHubActions": {
"description": "Recommended for use with GitHub Actions workflows.\n\nAn action like `crazy-max/ghaction-github-runtime` is recommended to expose\nappropriate credentials to your GitHub workflow.",
"properties": { "properties": {
"scope": { "scope": {
"type": "string", "type": "string",
"description": "The scope to use for cache keys. Defaults to `buildkit`.\n\nThis should be set if building and caching multiple images in one\nworkflow, otherwise caches will overwrite each other.", "description": "The scope to use for cache keys. Defaults to `buildkit`.\n\nThis should be set if building and caching multiple images in one\nworkflow, otherwise caches will overwrite each other.",
"default": "buildkit" "default": "buildkit"
},
"token": {
"type": "string",
"description": "The GitHub Actions token to use. This is not a personal access tokens\nand is typically generated automatically as part of each job.\n\nDefaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like\n`crazy-max/ghaction-github-runtime` is recommended to expose this\nenvironment variable to your jobs.",
"default": "",
"defaultInfo": {
"environment": [
"ACTIONS_RUNTIME_TOKEN"
]
},
"secret": true
},
"url": {
"type": "string",
"description": "The cache server URL to use for artifacts.\n\nDefaults to `$ACTIONS_CACHE_URL`, although a separate action like\n`crazy-max/ghaction-github-runtime` is recommended to expose this\nenvironment variable to your jobs.",
"default": "",
"defaultInfo": {
"environment": [
"ACTIONS_CACHE_URL"
]
}
} }
}, },
"type": "object" "type": "object"
@@ -350,7 +370,6 @@
] ]
}, },
"docker-build:index:CacheToGitHubActions": { "docker-build:index:CacheToGitHubActions": {
"description": "Recommended for use with GitHub Actions workflows.\n\nAn action like `crazy-max/ghaction-github-runtime` is recommended to expose\nappropriate credentials to your GitHub workflow.",
"properties": { "properties": {
"ignoreError": { "ignoreError": {
"type": "boolean", "type": "boolean",
@@ -366,6 +385,27 @@
"type": "string", "type": "string",
"description": "The scope to use for cache keys. Defaults to `buildkit`.\n\nThis should be set if building and caching multiple images in one\nworkflow, otherwise caches will overwrite each other.", "description": "The scope to use for cache keys. Defaults to `buildkit`.\n\nThis should be set if building and caching multiple images in one\nworkflow, otherwise caches will overwrite each other.",
"default": "buildkit" "default": "buildkit"
},
"token": {
"type": "string",
"description": "The GitHub Actions token to use. This is not a personal access tokens\nand is typically generated automatically as part of each job.\n\nDefaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like\n`crazy-max/ghaction-github-runtime` is recommended to expose this\nenvironment variable to your jobs.",
"default": "",
"defaultInfo": {
"environment": [
"ACTIONS_RUNTIME_TOKEN"
]
},
"secret": true
},
"url": {
"type": "string",
"description": "The cache server URL to use for artifacts.\n\nDefaults to `$ACTIONS_CACHE_URL`, although a separate action like\n`crazy-max/ghaction-github-runtime` is recommended to expose this\nenvironment variable to your jobs.",
"default": "",
"defaultInfo": {
"environment": [
"ACTIONS_CACHE_URL"
]
}
} }
}, },
"type": "object" "type": "object"

37
provider/internal/cache.go
View File

@@ -17,7 +17,6 @@ package internal
import ( import (
"errors" "errors"
"fmt" "fmt"
"os"
"strings" "strings"
controllerapi "github.com/docker/buildx/controller/pb" controllerapi "github.com/docker/buildx/controller/pb"
@@ -149,20 +148,33 @@ func (c CacheWithOCI) String() string {
// CacheFromGitHubActions pulls cache manifests from the GitHub actions cache. // CacheFromGitHubActions pulls cache manifests from the GitHub actions cache.
type CacheFromGitHubActions struct { type CacheFromGitHubActions struct {
URL string `pulumi:"url,optional"`
Token string `pulumi:"token,optional" provider:"secret"`
Scope string `pulumi:"scope,optional"` Scope string `pulumi:"scope,optional"`
} }
// Annotate sets docstrings on CacheFromGitHubActions. // Annotate sets docstrings on CacheFromGitHubActions.
func (c *CacheFromGitHubActions) Annotate(a infer.Annotator) { func (c *CacheFromGitHubActions) Annotate(a infer.Annotator) {
a.Describe(&c, dedent(` a.SetDefault(&c.URL, "", "ACTIONS_CACHE_URL")
Recommended for use with GitHub Actions workflows. a.SetDefault(&c.Token, "", "ACTIONS_RUNTIME_TOKEN")
An action like "crazy-max/ghaction-github-runtime" is recommended to expose
appropriate credentials to your GitHub workflow.
`))
a.SetDefault(&c.Scope, "buildkit") a.SetDefault(&c.Scope, "buildkit")
a.Describe(&c.URL, dedent(`
The cache server URL to use for artifacts.
Defaults to "$ACTIONS_CACHE_URL", although a separate action like
"crazy-max/ghaction-github-runtime" is recommended to expose this
environment variable to your jobs.
`))
a.Describe(&c.Token, dedent(`
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to "$ACTIONS_RUNTIME_TOKEN", although a separate action like
"crazy-max/ghaction-github-runtime" is recommended to expose this
environment variable to your jobs.
`))
a.Describe(&c.Scope, dedent(` a.Describe(&c.Scope, dedent(`
The scope to use for cache keys. Defaults to "buildkit". The scope to use for cache keys. Defaults to "buildkit".
@@ -179,12 +191,11 @@ func (c *CacheFromGitHubActions) String() string {
if c.Scope != "" { if c.Scope != "" {
parts = append(parts, "scope="+c.Scope) parts = append(parts, "scope="+c.Scope)
} }
// Preserving backwards compatibility with the old behaviour. if c.Token != "" {
if token := os.Getenv("ACTIONS_RUNTIME_TOKEN"); token != "" { parts = append(parts, "token="+c.Token)
parts = append(parts, "token="+token)
} }
if url := os.Getenv("ACTIONS_CACHE_URL"); url != "" { if c.URL != "" {
parts = append(parts, "url="+url) parts = append(parts, "url="+c.URL)
} }
return strings.Join(parts, ",") return strings.Join(parts, ",")
} }

46
provider/internal/cache_test.go
View File

@@ -24,15 +24,14 @@ import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
) )
//nolint:paralleltest // We don't call t.Parallel here to prevent environment corruption.
func TestCacheString(t *testing.T) { func TestCacheString(t *testing.T) {
t.Parallel()
gzip := Gzip gzip := Gzip
tests := []struct { tests := []struct {
name string name string
arrange func(t *testing.T) given fmt.Stringer
given fmt.Stringer want string
want string
}{ }{
{ {
name: "s3", name: "s3",
@@ -56,37 +55,7 @@ func TestCacheString(t *testing.T) {
{ {
name: "gha", name: "gha",
given: CacheTo{GHA: &CacheToGitHubActions{}}, given: CacheTo{GHA: &CacheToGitHubActions{}},
arrange: func(t *testing.T) { want: "type=gha",
t.Setenv("ACTIONS_CACHE_URL", "")
t.Setenv("ACTIONS_RUNTIME_TOKEN", "")
},
want: "type=gha",
},
{
name: "gha-default-envs",
arrange: func(t *testing.T) {
t.Setenv("ACTIONS_CACHE_URL", "https://example.com")
t.Setenv("ACTIONS_RUNTIME_TOKEN", "token")
},
given: CacheTo{GHA: &CacheToGitHubActions{
CacheFromGitHubActions: CacheFromGitHubActions{
Scope: "scope",
},
}},
want: "type=gha,scope=scope,token=token,url=https://example.com",
},
{
name: "gha-with-scope",
arrange: func(t *testing.T) {
t.Setenv("ACTIONS_CACHE_URL", "")
t.Setenv("ACTIONS_RUNTIME_TOKEN", "")
},
given: CacheTo{GHA: &CacheToGitHubActions{
CacheFromGitHubActions: CacheFromGitHubActions{
Scope: "scope",
},
}},
want: "type=gha,scope=scope",
}, },
{ {
name: "from-local", name: "from-local",
@@ -152,12 +121,9 @@ func TestCacheString(t *testing.T) {
}, },
} }
//nolint:paralleltest // We don't call t.Parallel here to prevent environment corruption.
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
if tt.arrange != nil { t.Parallel()
tt.arrange(t)
}
actual := tt.given.String() actual := tt.given.String()
assert.Equal(t, tt.want, actual) assert.Equal(t, tt.want, actual)

16
provider/internal/image_test.go
View File

@@ -917,10 +917,8 @@ func TestValidateImageArgs(t *testing.T) {
{ {
name: "gha environment", name: "gha environment",
envs: map[string]string{ envs: map[string]string{
"ACTIONS_CACHE_URL": "test-cache-url", "ACTIONS_CACHE_URL": "test-cache-url",
"ACTIONS_RUNTIME_TOKEN": "test-runtime-token", "ACTIONS_RUNTIME_TOKEN": "test-runtime-token",
"ACTIONS_RESULTS_URL": "test-results-url",
"ACTIONS_CACHE_SERVICE_V2": "true",
}, },
args: ImageArgs{ args: ImageArgs{
Context: &BuildContext{Context: Context{Location: "testdata/noop"}}, Context: &BuildContext{Context: Context{Location: "testdata/noop"}},
@@ -932,17 +930,15 @@ func TestValidateImageArgs(t *testing.T) {
wantCacheFrom: &pb.CacheOptionsEntry{ wantCacheFrom: &pb.CacheOptionsEntry{
Type: "gha", Type: "gha",
Attrs: map[string]string{ Attrs: map[string]string{
"token": "test-runtime-token", "token": "test-runtime-token",
"url": "test-cache-url", "url": "test-cache-url",
"url_v2": "test-results-url",
}, },
}, },
wantCacheTo: &pb.CacheOptionsEntry{ wantCacheTo: &pb.CacheOptionsEntry{
Type: "gha", Type: "gha",
Attrs: map[string]string{ Attrs: map[string]string{
"token": "test-runtime-token", "token": "test-runtime-token",
"url": "test-cache-url", "url": "test-cache-url",
"url_v2": "test-results-url",
}, },
}, },
}, },

55
scripts/get-versions.sh
View File

@@ -1,55 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
# This script can be simplified to use go when https://github.com/jdx/mise/discussions/6374 is fixed
# e.g. go list -m -f '{{.GoVersion}}'
module_path="github.com/pulumi/pulumi/pkg/v3"
go_mod_path="."
gomod="go.mod"
if [[ "$go_mod_path" != "" && "$go_mod_path" != "." ]]; then
gomod="$go_mod_path/$gomod"
fi
if [[ ! -f "$gomod" ]]; then
echo "missing $gomod" >&2
exit 1
fi
raw_version=$(awk -v module="$module_path" '
$1 == module || $2 == module {
for (i = 1; i <= NF; i++) {
if ($i ~ /^v[0-9]/) {
sub(/^v/, "", $i)
print $i
exit
}
}
}
' "$gomod")
if [[ -z "${raw_version:-}" ]]; then
echo "failed to determine Pulumi version from $gomod" >&2
exit 1
fi
echo "PULUMI_VERSION_MISE=$raw_version"
export PULUMI_VERSION_MISE=$raw_version
# Prefer the toolchain directive if present, otherwise fall back to the `go` version line
go_toolchain=$(awk '/^toolchain[[:space:]]+go[0-9]/{ print $2; exit }' "$gomod")
if [[ -n "${go_toolchain:-}" ]]; then
go_version=${go_toolchain#go}
else
go_version=$(awk '/^go[[:space:]]+[0-9]/{ print $2; exit }' "$gomod")
fi
if [[ -z "${go_version:-}" ]]; then
echo "failed to determine Go version from $gomod" >&2
exit 1
fi
echo "GO_VERSION_MISE=$go_version"
export GO_VERSION_MISE=$go_version

39
sdk/dotnet/Inputs/CacheFromGitHubActionsArgs.cs generated
View File

@@ -10,12 +10,6 @@ using Pulumi.Serialization;
namespace Pulumi.DockerBuild.Inputs namespace Pulumi.DockerBuild.Inputs
{ {
/// <summary>
/// Recommended for use with GitHub Actions workflows.
///
/// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
/// appropriate credentials to your GitHub workflow.
/// </summary>
public sealed class CacheFromGitHubActionsArgs : global::Pulumi.ResourceArgs public sealed class CacheFromGitHubActionsArgs : global::Pulumi.ResourceArgs
{ {
/// <summary> /// <summary>
@@ -27,9 +21,42 @@ namespace Pulumi.DockerBuild.Inputs
[Input("scope")] [Input("scope")]
public Input<string>? Scope { get; set; } public Input<string>? Scope { get; set; }
[Input("token")]
private Input<string>? _token;
/// <summary>
/// The GitHub Actions token to use. This is not a personal access tokens
/// and is typically generated automatically as part of each job.
///
/// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public Input<string>? Token
{
get => _token;
set
{
var emptySecret = Output.CreateSecret(0);
_token = Output.Tuple<Input<string>?, int>(value, emptySecret).Apply(t => t.Item1);
}
}
/// <summary>
/// The cache server URL to use for artifacts.
///
/// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
[Input("url")]
public Input<string>? Url { get; set; }
public CacheFromGitHubActionsArgs() public CacheFromGitHubActionsArgs()
{ {
Scope = "buildkit"; Scope = "buildkit";
Token = Utilities.GetEnv("ACTIONS_RUNTIME_TOKEN") ?? "";
Url = Utilities.GetEnv("ACTIONS_CACHE_URL") ?? "";
} }
public static new CacheFromGitHubActionsArgs Empty => new CacheFromGitHubActionsArgs(); public static new CacheFromGitHubActionsArgs Empty => new CacheFromGitHubActionsArgs();
} }

39
sdk/dotnet/Inputs/CacheToGitHubActionsArgs.cs generated
View File

@@ -10,12 +10,6 @@ using Pulumi.Serialization;
namespace Pulumi.DockerBuild.Inputs namespace Pulumi.DockerBuild.Inputs
{ {
/// <summary>
/// Recommended for use with GitHub Actions workflows.
///
/// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
/// appropriate credentials to your GitHub workflow.
/// </summary>
public sealed class CacheToGitHubActionsArgs : global::Pulumi.ResourceArgs public sealed class CacheToGitHubActionsArgs : global::Pulumi.ResourceArgs
{ {
/// <summary> /// <summary>
@@ -39,11 +33,44 @@ namespace Pulumi.DockerBuild.Inputs
[Input("scope")] [Input("scope")]
public Input<string>? Scope { get; set; } public Input<string>? Scope { get; set; }
[Input("token")]
private Input<string>? _token;
/// <summary>
/// The GitHub Actions token to use. This is not a personal access tokens
/// and is typically generated automatically as part of each job.
///
/// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public Input<string>? Token
{
get => _token;
set
{
var emptySecret = Output.CreateSecret(0);
_token = Output.Tuple<Input<string>?, int>(value, emptySecret).Apply(t => t.Item1);
}
}
/// <summary>
/// The cache server URL to use for artifacts.
///
/// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
[Input("url")]
public Input<string>? Url { get; set; }
public CacheToGitHubActionsArgs() public CacheToGitHubActionsArgs()
{ {
IgnoreError = false; IgnoreError = false;
Mode = Pulumi.DockerBuild.CacheMode.Min; Mode = Pulumi.DockerBuild.CacheMode.Min;
Scope = "buildkit"; Scope = "buildkit";
Token = Utilities.GetEnv("ACTIONS_RUNTIME_TOKEN") ?? "";
Url = Utilities.GetEnv("ACTIONS_CACHE_URL") ?? "";
} }
public static new CacheToGitHubActionsArgs Empty => new CacheToGitHubActionsArgs(); public static new CacheToGitHubActionsArgs Empty => new CacheToGitHubActionsArgs();
} }

32
sdk/dotnet/Outputs/CacheFromGitHubActions.cs generated
View File

@@ -10,12 +10,6 @@ using Pulumi.Serialization;
namespace Pulumi.DockerBuild.Outputs namespace Pulumi.DockerBuild.Outputs
{ {
/// <summary>
/// Recommended for use with GitHub Actions workflows.
///
/// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
/// appropriate credentials to your GitHub workflow.
/// </summary>
[OutputType] [OutputType]
public sealed class CacheFromGitHubActions public sealed class CacheFromGitHubActions
{ {
@@ -26,11 +20,35 @@ namespace Pulumi.DockerBuild.Outputs
/// workflow, otherwise caches will overwrite each other. /// workflow, otherwise caches will overwrite each other.
/// </summary> /// </summary>
public readonly string? Scope; public readonly string? Scope;
/// <summary>
/// The GitHub Actions token to use. This is not a personal access tokens
/// and is typically generated automatically as part of each job.
///
/// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public readonly string? Token;
/// <summary>
/// The cache server URL to use for artifacts.
///
/// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public readonly string? Url;
[OutputConstructor] [OutputConstructor]
private CacheFromGitHubActions(string? scope) private CacheFromGitHubActions(
string? scope,
string? token,
string? url)
{ {
Scope = scope; Scope = scope;
Token = token;
Url = url;
} }
} }
} }

31
sdk/dotnet/Outputs/CacheToGitHubActions.cs generated
View File

@@ -10,12 +10,6 @@ using Pulumi.Serialization;
namespace Pulumi.DockerBuild.Outputs namespace Pulumi.DockerBuild.Outputs
{ {
/// <summary>
/// Recommended for use with GitHub Actions workflows.
///
/// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
/// appropriate credentials to your GitHub workflow.
/// </summary>
[OutputType] [OutputType]
public sealed class CacheToGitHubActions public sealed class CacheToGitHubActions
{ {
@@ -34,6 +28,23 @@ namespace Pulumi.DockerBuild.Outputs
/// workflow, otherwise caches will overwrite each other. /// workflow, otherwise caches will overwrite each other.
/// </summary> /// </summary>
public readonly string? Scope; public readonly string? Scope;
/// <summary>
/// The GitHub Actions token to use. This is not a personal access tokens
/// and is typically generated automatically as part of each job.
///
/// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public readonly string? Token;
/// <summary>
/// The cache server URL to use for artifacts.
///
/// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
/// `crazy-max/ghaction-github-runtime` is recommended to expose this
/// environment variable to your jobs.
/// </summary>
public readonly string? Url;
[OutputConstructor] [OutputConstructor]
private CacheToGitHubActions( private CacheToGitHubActions(
@@ -41,11 +52,17 @@ namespace Pulumi.DockerBuild.Outputs
Pulumi.DockerBuild.CacheMode? mode, Pulumi.DockerBuild.CacheMode? mode,
string? scope) string? scope,
string? token,
string? url)
{ {
IgnoreError = ignoreError; IgnoreError = ignoreError;
Mode = mode; Mode = mode;
Scope = scope; Scope = scope;
Token = token;
Url = url;
} }
} }
} }

2
sdk/go/dockerbuild/go.mod generated
View File

@@ -4,7 +4,7 @@ go 1.24.1
require ( require (
github.com/blang/semver v3.5.1+incompatible github.com/blang/semver v3.5.1+incompatible
github.com/pulumi/pulumi/sdk/v3 v3.192.0 github.com/pulumi/pulumi/sdk/v3 v3.187.0
) )
require ( require (

4
sdk/go/dockerbuild/go.sum generated
View File

@@ -164,8 +164,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435
github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE=
github.com/pulumi/esc v0.17.0 h1:oaVOIyFTENlYDuqc3pW75lQT9jb2cd6ie/4/Twxn66w= github.com/pulumi/esc v0.17.0 h1:oaVOIyFTENlYDuqc3pW75lQT9jb2cd6ie/4/Twxn66w=
github.com/pulumi/esc v0.17.0/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc= github.com/pulumi/esc v0.17.0/go.mod h1:XnSxlt5NkmuAj304l/gK4pRErFbtqq6XpfX1tYT9Jbc=
github.com/pulumi/pulumi/sdk/v3 v3.192.0 h1:sfHuR3P02wSbV3xdSMEQ0+uC/HzlMz0YfKrVAXy1hSQ= github.com/pulumi/pulumi/sdk/v3 v3.187.0 h1:BflBBeD/qaoKN4Tov11g4aHzJ7pTXBSb8otgmteRer0=
github.com/pulumi/pulumi/sdk/v3 v3.192.0/go.mod h1:aV0+c5xpSYccWKmOjTZS9liYCqh7+peu3cQgSXu7CJw= github.com/pulumi/pulumi/sdk/v3 v3.187.0/go.mod h1:BnpKxUc6QlxqoCqobHNZsUuIuY27H6ZFUk0Cp+0JN5U=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=

216
sdk/go/dockerbuild/pulumiTypes.go generated
View File

@@ -834,16 +834,25 @@ func (o CacheFromAzureBlobPtrOutput) SecretAccessKey() pulumi.StringPtrOutput {
}).(pulumi.StringPtrOutput) }).(pulumi.StringPtrOutput)
} }
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActions struct { type CacheFromGitHubActions struct {
// The scope to use for cache keys. Defaults to `buildkit`. // The scope to use for cache keys. Defaults to `buildkit`.
// //
// This should be set if building and caching multiple images in one // This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other. // workflow, otherwise caches will overwrite each other.
Scope *string `pulumi:"scope"` Scope *string `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token *string `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url *string `pulumi:"url"`
} }
// Defaults sets the appropriate defaults for CacheFromGitHubActions // Defaults sets the appropriate defaults for CacheFromGitHubActions
@@ -856,6 +865,18 @@ func (val *CacheFromGitHubActions) Defaults() *CacheFromGitHubActions {
scope_ := "buildkit" scope_ := "buildkit"
tmp.Scope = &scope_ tmp.Scope = &scope_
} }
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
token_ := d.(string)
tmp.Token = &token_
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
url_ := d.(string)
tmp.Url = &url_
}
}
return &tmp return &tmp
} }
@@ -870,16 +891,25 @@ type CacheFromGitHubActionsInput interface {
ToCacheFromGitHubActionsOutputWithContext(context.Context) CacheFromGitHubActionsOutput ToCacheFromGitHubActionsOutputWithContext(context.Context) CacheFromGitHubActionsOutput
} }
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActionsArgs struct { type CacheFromGitHubActionsArgs struct {
// The scope to use for cache keys. Defaults to `buildkit`. // The scope to use for cache keys. Defaults to `buildkit`.
// //
// This should be set if building and caching multiple images in one // This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other. // workflow, otherwise caches will overwrite each other.
Scope pulumi.StringPtrInput `pulumi:"scope"` Scope pulumi.StringPtrInput `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token pulumi.StringPtrInput `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url pulumi.StringPtrInput `pulumi:"url"`
} }
// Defaults sets the appropriate defaults for CacheFromGitHubActionsArgs // Defaults sets the appropriate defaults for CacheFromGitHubActionsArgs
@@ -891,6 +921,16 @@ func (val *CacheFromGitHubActionsArgs) Defaults() *CacheFromGitHubActionsArgs {
if tmp.Scope == nil { if tmp.Scope == nil {
tmp.Scope = pulumi.StringPtr("buildkit") tmp.Scope = pulumi.StringPtr("buildkit")
} }
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
tmp.Token = pulumi.StringPtr(d.(string))
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
tmp.Url = pulumi.StringPtr(d.(string))
}
}
return &tmp return &tmp
} }
func (CacheFromGitHubActionsArgs) ElementType() reflect.Type { func (CacheFromGitHubActionsArgs) ElementType() reflect.Type {
@@ -958,10 +998,6 @@ func (i *cacheFromGitHubActionsPtrType) ToOutput(ctx context.Context) pulumix.Ou
} }
} }
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActionsOutput struct{ *pulumi.OutputState } type CacheFromGitHubActionsOutput struct{ *pulumi.OutputState }
func (CacheFromGitHubActionsOutput) ElementType() reflect.Type { func (CacheFromGitHubActionsOutput) ElementType() reflect.Type {
@@ -1000,6 +1036,25 @@ func (o CacheFromGitHubActionsOutput) Scope() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheFromGitHubActions) *string { return v.Scope }).(pulumi.StringPtrOutput) return o.ApplyT(func(v CacheFromGitHubActions) *string { return v.Scope }).(pulumi.StringPtrOutput)
} }
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsOutput) Token() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheFromGitHubActions) *string { return v.Token }).(pulumi.StringPtrOutput)
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsOutput) Url() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheFromGitHubActions) *string { return v.Url }).(pulumi.StringPtrOutput)
}
type CacheFromGitHubActionsPtrOutput struct{ *pulumi.OutputState } type CacheFromGitHubActionsPtrOutput struct{ *pulumi.OutputState }
func (CacheFromGitHubActionsPtrOutput) ElementType() reflect.Type { func (CacheFromGitHubActionsPtrOutput) ElementType() reflect.Type {
@@ -1043,6 +1098,35 @@ func (o CacheFromGitHubActionsPtrOutput) Scope() pulumi.StringPtrOutput {
}).(pulumi.StringPtrOutput) }).(pulumi.StringPtrOutput)
} }
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsPtrOutput) Token() pulumi.StringPtrOutput {
return o.ApplyT(func(v *CacheFromGitHubActions) *string {
if v == nil {
return nil
}
return v.Token
}).(pulumi.StringPtrOutput)
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsPtrOutput) Url() pulumi.StringPtrOutput {
return o.ApplyT(func(v *CacheFromGitHubActions) *string {
if v == nil {
return nil
}
return v.Url
}).(pulumi.StringPtrOutput)
}
type CacheFromLocal struct { type CacheFromLocal struct {
// Digest of manifest to import. // Digest of manifest to import.
Digest *string `pulumi:"digest"` Digest *string `pulumi:"digest"`
@@ -2277,10 +2361,6 @@ func (o CacheToAzureBlobPtrOutput) SecretAccessKey() pulumi.StringPtrOutput {
}).(pulumi.StringPtrOutput) }).(pulumi.StringPtrOutput)
} }
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActions struct { type CacheToGitHubActions struct {
// Ignore errors caused by failed cache exports. // Ignore errors caused by failed cache exports.
IgnoreError *bool `pulumi:"ignoreError"` IgnoreError *bool `pulumi:"ignoreError"`
@@ -2291,6 +2371,19 @@ type CacheToGitHubActions struct {
// This should be set if building and caching multiple images in one // This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other. // workflow, otherwise caches will overwrite each other.
Scope *string `pulumi:"scope"` Scope *string `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token *string `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url *string `pulumi:"url"`
} }
// Defaults sets the appropriate defaults for CacheToGitHubActions // Defaults sets the appropriate defaults for CacheToGitHubActions
@@ -2311,6 +2404,18 @@ func (val *CacheToGitHubActions) Defaults() *CacheToGitHubActions {
scope_ := "buildkit" scope_ := "buildkit"
tmp.Scope = &scope_ tmp.Scope = &scope_
} }
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
token_ := d.(string)
tmp.Token = &token_
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
url_ := d.(string)
tmp.Url = &url_
}
}
return &tmp return &tmp
} }
@@ -2325,10 +2430,6 @@ type CacheToGitHubActionsInput interface {
ToCacheToGitHubActionsOutputWithContext(context.Context) CacheToGitHubActionsOutput ToCacheToGitHubActionsOutputWithContext(context.Context) CacheToGitHubActionsOutput
} }
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActionsArgs struct { type CacheToGitHubActionsArgs struct {
// Ignore errors caused by failed cache exports. // Ignore errors caused by failed cache exports.
IgnoreError pulumi.BoolPtrInput `pulumi:"ignoreError"` IgnoreError pulumi.BoolPtrInput `pulumi:"ignoreError"`
@@ -2339,6 +2440,19 @@ type CacheToGitHubActionsArgs struct {
// This should be set if building and caching multiple images in one // This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other. // workflow, otherwise caches will overwrite each other.
Scope pulumi.StringPtrInput `pulumi:"scope"` Scope pulumi.StringPtrInput `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token pulumi.StringPtrInput `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url pulumi.StringPtrInput `pulumi:"url"`
} }
// Defaults sets the appropriate defaults for CacheToGitHubActionsArgs // Defaults sets the appropriate defaults for CacheToGitHubActionsArgs
@@ -2356,6 +2470,16 @@ func (val *CacheToGitHubActionsArgs) Defaults() *CacheToGitHubActionsArgs {
if tmp.Scope == nil { if tmp.Scope == nil {
tmp.Scope = pulumi.StringPtr("buildkit") tmp.Scope = pulumi.StringPtr("buildkit")
} }
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
tmp.Token = pulumi.StringPtr(d.(string))
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
tmp.Url = pulumi.StringPtr(d.(string))
}
}
return &tmp return &tmp
} }
func (CacheToGitHubActionsArgs) ElementType() reflect.Type { func (CacheToGitHubActionsArgs) ElementType() reflect.Type {
@@ -2423,10 +2547,6 @@ func (i *cacheToGitHubActionsPtrType) ToOutput(ctx context.Context) pulumix.Outp
} }
} }
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActionsOutput struct{ *pulumi.OutputState } type CacheToGitHubActionsOutput struct{ *pulumi.OutputState }
func (CacheToGitHubActionsOutput) ElementType() reflect.Type { func (CacheToGitHubActionsOutput) ElementType() reflect.Type {
@@ -2475,6 +2595,25 @@ func (o CacheToGitHubActionsOutput) Scope() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheToGitHubActions) *string { return v.Scope }).(pulumi.StringPtrOutput) return o.ApplyT(func(v CacheToGitHubActions) *string { return v.Scope }).(pulumi.StringPtrOutput)
} }
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsOutput) Token() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheToGitHubActions) *string { return v.Token }).(pulumi.StringPtrOutput)
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsOutput) Url() pulumi.StringPtrOutput {
return o.ApplyT(func(v CacheToGitHubActions) *string { return v.Url }).(pulumi.StringPtrOutput)
}
type CacheToGitHubActionsPtrOutput struct{ *pulumi.OutputState } type CacheToGitHubActionsPtrOutput struct{ *pulumi.OutputState }
func (CacheToGitHubActionsPtrOutput) ElementType() reflect.Type { func (CacheToGitHubActionsPtrOutput) ElementType() reflect.Type {
@@ -2538,6 +2677,35 @@ func (o CacheToGitHubActionsPtrOutput) Scope() pulumi.StringPtrOutput {
}).(pulumi.StringPtrOutput) }).(pulumi.StringPtrOutput)
} }
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsPtrOutput) Token() pulumi.StringPtrOutput {
return o.ApplyT(func(v *CacheToGitHubActions) *string {
if v == nil {
return nil
}
return v.Token
}).(pulumi.StringPtrOutput)
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsPtrOutput) Url() pulumi.StringPtrOutput {
return o.ApplyT(func(v *CacheToGitHubActions) *string {
if v == nil {
return nil
}
return v.Url
}).(pulumi.StringPtrOutput)
}
// Include an inline cache with the exported image. // Include an inline cache with the exported image.
type CacheToInline struct { type CacheToInline struct {
} }

158
sdk/go/dockerbuild/x/pulumiTypes.go generated
View File

@@ -393,16 +393,25 @@ func (o CacheFromAzureBlobOutput) SecretAccessKey() pulumix.Output[*string] {
return pulumix.Apply[CacheFromAzureBlob](o, func(v CacheFromAzureBlob) *string { return v.SecretAccessKey }) return pulumix.Apply[CacheFromAzureBlob](o, func(v CacheFromAzureBlob) *string { return v.SecretAccessKey })
} }
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActions struct { type CacheFromGitHubActions struct {
// The scope to use for cache keys. Defaults to `buildkit`. // The scope to use for cache keys. Defaults to `buildkit`.
// //
// This should be set if building and caching multiple images in one // This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other. // workflow, otherwise caches will overwrite each other.
Scope *string `pulumi:"scope"` Scope *string `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token *string `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url *string `pulumi:"url"`
} }
// Defaults sets the appropriate defaults for CacheFromGitHubActions // Defaults sets the appropriate defaults for CacheFromGitHubActions
@@ -415,19 +424,40 @@ func (val *CacheFromGitHubActions) Defaults() *CacheFromGitHubActions {
scope_ := "buildkit" scope_ := "buildkit"
tmp.Scope = &scope_ tmp.Scope = &scope_
} }
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
token_ := d.(string)
tmp.Token = &token_
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
url_ := d.(string)
tmp.Url = &url_
}
}
return &tmp return &tmp
} }
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActionsArgs struct { type CacheFromGitHubActionsArgs struct {
// The scope to use for cache keys. Defaults to `buildkit`. // The scope to use for cache keys. Defaults to `buildkit`.
// //
// This should be set if building and caching multiple images in one // This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other. // workflow, otherwise caches will overwrite each other.
Scope pulumix.Input[*string] `pulumi:"scope"` Scope pulumix.Input[*string] `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token pulumix.Input[*string] `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url pulumix.Input[*string] `pulumi:"url"`
} }
// Defaults sets the appropriate defaults for CacheFromGitHubActionsArgs // Defaults sets the appropriate defaults for CacheFromGitHubActionsArgs
@@ -439,6 +469,16 @@ func (val *CacheFromGitHubActionsArgs) Defaults() *CacheFromGitHubActionsArgs {
if tmp.Scope == nil { if tmp.Scope == nil {
tmp.Scope = pulumix.Ptr("buildkit") tmp.Scope = pulumix.Ptr("buildkit")
} }
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
tmp.Token = pulumix.Ptr(d.(string))
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
tmp.Url = pulumix.Ptr(d.(string))
}
}
return &tmp return &tmp
} }
func (CacheFromGitHubActionsArgs) ElementType() reflect.Type { func (CacheFromGitHubActionsArgs) ElementType() reflect.Type {
@@ -457,10 +497,6 @@ func (i *CacheFromGitHubActionsArgs) ToOutput(ctx context.Context) pulumix.Outpu
return pulumix.Val(i) return pulumix.Val(i)
} }
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheFromGitHubActionsOutput struct{ *pulumi.OutputState } type CacheFromGitHubActionsOutput struct{ *pulumi.OutputState }
func (CacheFromGitHubActionsOutput) ElementType() reflect.Type { func (CacheFromGitHubActionsOutput) ElementType() reflect.Type {
@@ -489,6 +525,25 @@ func (o CacheFromGitHubActionsOutput) Scope() pulumix.Output[*string] {
return pulumix.Apply[CacheFromGitHubActions](o, func(v CacheFromGitHubActions) *string { return v.Scope }) return pulumix.Apply[CacheFromGitHubActions](o, func(v CacheFromGitHubActions) *string { return v.Scope })
} }
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsOutput) Token() pulumix.Output[*string] {
return pulumix.Apply[CacheFromGitHubActions](o, func(v CacheFromGitHubActions) *string { return v.Token })
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheFromGitHubActionsOutput) Url() pulumix.Output[*string] {
return pulumix.Apply[CacheFromGitHubActions](o, func(v CacheFromGitHubActions) *string { return v.Url })
}
type CacheFromLocal struct { type CacheFromLocal struct {
// Digest of manifest to import. // Digest of manifest to import.
Digest *string `pulumi:"digest"` Digest *string `pulumi:"digest"`
@@ -1079,10 +1134,6 @@ func (o CacheToAzureBlobOutput) SecretAccessKey() pulumix.Output[*string] {
return pulumix.Apply[CacheToAzureBlob](o, func(v CacheToAzureBlob) *string { return v.SecretAccessKey }) return pulumix.Apply[CacheToAzureBlob](o, func(v CacheToAzureBlob) *string { return v.SecretAccessKey })
} }
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActions struct { type CacheToGitHubActions struct {
// Ignore errors caused by failed cache exports. // Ignore errors caused by failed cache exports.
IgnoreError *bool `pulumi:"ignoreError"` IgnoreError *bool `pulumi:"ignoreError"`
@@ -1093,6 +1144,19 @@ type CacheToGitHubActions struct {
// This should be set if building and caching multiple images in one // This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other. // workflow, otherwise caches will overwrite each other.
Scope *string `pulumi:"scope"` Scope *string `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token *string `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url *string `pulumi:"url"`
} }
// Defaults sets the appropriate defaults for CacheToGitHubActions // Defaults sets the appropriate defaults for CacheToGitHubActions
@@ -1113,13 +1177,21 @@ func (val *CacheToGitHubActions) Defaults() *CacheToGitHubActions {
scope_ := "buildkit" scope_ := "buildkit"
tmp.Scope = &scope_ tmp.Scope = &scope_
} }
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
token_ := d.(string)
tmp.Token = &token_
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
url_ := d.(string)
tmp.Url = &url_
}
}
return &tmp return &tmp
} }
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActionsArgs struct { type CacheToGitHubActionsArgs struct {
// Ignore errors caused by failed cache exports. // Ignore errors caused by failed cache exports.
IgnoreError pulumix.Input[*bool] `pulumi:"ignoreError"` IgnoreError pulumix.Input[*bool] `pulumi:"ignoreError"`
@@ -1130,6 +1202,19 @@ type CacheToGitHubActionsArgs struct {
// This should be set if building and caching multiple images in one // This should be set if building and caching multiple images in one
// workflow, otherwise caches will overwrite each other. // workflow, otherwise caches will overwrite each other.
Scope pulumix.Input[*string] `pulumi:"scope"` Scope pulumix.Input[*string] `pulumi:"scope"`
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Token pulumix.Input[*string] `pulumi:"token"`
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
Url pulumix.Input[*string] `pulumi:"url"`
} }
// Defaults sets the appropriate defaults for CacheToGitHubActionsArgs // Defaults sets the appropriate defaults for CacheToGitHubActionsArgs
@@ -1147,6 +1232,16 @@ func (val *CacheToGitHubActionsArgs) Defaults() *CacheToGitHubActionsArgs {
if tmp.Scope == nil { if tmp.Scope == nil {
tmp.Scope = pulumix.Ptr("buildkit") tmp.Scope = pulumix.Ptr("buildkit")
} }
if tmp.Token == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_RUNTIME_TOKEN"); d != nil {
tmp.Token = pulumix.Ptr(d.(string))
}
}
if tmp.Url == nil {
if d := internal.GetEnvOrDefault("", nil, "ACTIONS_CACHE_URL"); d != nil {
tmp.Url = pulumix.Ptr(d.(string))
}
}
return &tmp return &tmp
} }
func (CacheToGitHubActionsArgs) ElementType() reflect.Type { func (CacheToGitHubActionsArgs) ElementType() reflect.Type {
@@ -1165,10 +1260,6 @@ func (i *CacheToGitHubActionsArgs) ToOutput(ctx context.Context) pulumix.Output[
return pulumix.Val(i) return pulumix.Val(i)
} }
// Recommended for use with GitHub Actions workflows.
//
// An action like `crazy-max/ghaction-github-runtime` is recommended to expose
// appropriate credentials to your GitHub workflow.
type CacheToGitHubActionsOutput struct{ *pulumi.OutputState } type CacheToGitHubActionsOutput struct{ *pulumi.OutputState }
func (CacheToGitHubActionsOutput) ElementType() reflect.Type { func (CacheToGitHubActionsOutput) ElementType() reflect.Type {
@@ -1207,6 +1298,25 @@ func (o CacheToGitHubActionsOutput) Scope() pulumix.Output[*string] {
return pulumix.Apply[CacheToGitHubActions](o, func(v CacheToGitHubActions) *string { return v.Scope }) return pulumix.Apply[CacheToGitHubActions](o, func(v CacheToGitHubActions) *string { return v.Scope })
} }
// The GitHub Actions token to use. This is not a personal access tokens
// and is typically generated automatically as part of each job.
//
// Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsOutput) Token() pulumix.Output[*string] {
return pulumix.Apply[CacheToGitHubActions](o, func(v CacheToGitHubActions) *string { return v.Token })
}
// The cache server URL to use for artifacts.
//
// Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
// `crazy-max/ghaction-github-runtime` is recommended to expose this
// environment variable to your jobs.
func (o CacheToGitHubActionsOutput) Url() pulumix.Output[*string] {
return pulumix.Apply[CacheToGitHubActions](o, func(v CacheToGitHubActions) *string { return v.Url })
}
// Include an inline cache with the exported image. // Include an inline cache with the exported image.
type CacheToInline struct { type CacheToInline struct {
} }

119
sdk/java/src/main/java/com/pulumi/dockerbuild/inputs/CacheFromGitHubActionsArgs.java generated
View File

@@ -12,13 +12,6 @@ import java.util.Optional;
import javax.annotation.Nullable; import javax.annotation.Nullable;
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*
*/
public final class CacheFromGitHubActionsArgs extends com.pulumi.resources.ResourceArgs { public final class CacheFromGitHubActionsArgs extends com.pulumi.resources.ResourceArgs {
public static final CacheFromGitHubActionsArgs Empty = new CacheFromGitHubActionsArgs(); public static final CacheFromGitHubActionsArgs Empty = new CacheFromGitHubActionsArgs();
@@ -44,10 +37,60 @@ public final class CacheFromGitHubActionsArgs extends com.pulumi.resources.Resou
return Optional.ofNullable(this.scope); return Optional.ofNullable(this.scope);
} }
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
@Import(name="token")
private @Nullable Output<String> token;
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<Output<String>> token() {
return Optional.ofNullable(this.token);
}
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
@Import(name="url")
private @Nullable Output<String> url;
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<Output<String>> url() {
return Optional.ofNullable(this.url);
}
private CacheFromGitHubActionsArgs() {} private CacheFromGitHubActionsArgs() {}
private CacheFromGitHubActionsArgs(CacheFromGitHubActionsArgs $) { private CacheFromGitHubActionsArgs(CacheFromGitHubActionsArgs $) {
this.scope = $.scope; this.scope = $.scope;
this.token = $.token;
this.url = $.url;
} }
public static Builder builder() { public static Builder builder() {
@@ -95,8 +138,70 @@ public final class CacheFromGitHubActionsArgs extends com.pulumi.resources.Resou
return scope(Output.of(scope)); return scope(Output.of(scope));
} }
/**
* @param token The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder token(@Nullable Output<String> token) {
$.token = token;
return this;
}
/**
* @param token The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder token(String token) {
return token(Output.of(token));
}
/**
* @param url The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder url(@Nullable Output<String> url) {
$.url = url;
return this;
}
/**
* @param url The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder url(String url) {
return url(Output.of(url));
}
public CacheFromGitHubActionsArgs build() { public CacheFromGitHubActionsArgs build() {
$.scope = Codegen.stringProp("scope").output().arg($.scope).def("buildkit").getNullable(); $.scope = Codegen.stringProp("scope").output().arg($.scope).def("buildkit").getNullable();
$.token = Codegen.stringProp("token").secret().arg($.token).env("ACTIONS_RUNTIME_TOKEN").def("").getNullable();
$.url = Codegen.stringProp("url").output().arg($.url).env("ACTIONS_CACHE_URL").def("").getNullable();
return $; return $;
} }
} }

119
sdk/java/src/main/java/com/pulumi/dockerbuild/inputs/CacheToGitHubActionsArgs.java generated
View File

@@ -14,13 +14,6 @@ import java.util.Optional;
import javax.annotation.Nullable; import javax.annotation.Nullable;
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*
*/
public final class CacheToGitHubActionsArgs extends com.pulumi.resources.ResourceArgs { public final class CacheToGitHubActionsArgs extends com.pulumi.resources.ResourceArgs {
public static final CacheToGitHubActionsArgs Empty = new CacheToGitHubActionsArgs(); public static final CacheToGitHubActionsArgs Empty = new CacheToGitHubActionsArgs();
@@ -76,12 +69,62 @@ public final class CacheToGitHubActionsArgs extends com.pulumi.resources.Resourc
return Optional.ofNullable(this.scope); return Optional.ofNullable(this.scope);
} }
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
@Import(name="token")
private @Nullable Output<String> token;
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<Output<String>> token() {
return Optional.ofNullable(this.token);
}
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
@Import(name="url")
private @Nullable Output<String> url;
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<Output<String>> url() {
return Optional.ofNullable(this.url);
}
private CacheToGitHubActionsArgs() {} private CacheToGitHubActionsArgs() {}
private CacheToGitHubActionsArgs(CacheToGitHubActionsArgs $) { private CacheToGitHubActionsArgs(CacheToGitHubActionsArgs $) {
this.ignoreError = $.ignoreError; this.ignoreError = $.ignoreError;
this.mode = $.mode; this.mode = $.mode;
this.scope = $.scope; this.scope = $.scope;
this.token = $.token;
this.url = $.url;
} }
public static Builder builder() { public static Builder builder() {
@@ -171,10 +214,72 @@ public final class CacheToGitHubActionsArgs extends com.pulumi.resources.Resourc
return scope(Output.of(scope)); return scope(Output.of(scope));
} }
/**
* @param token The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder token(@Nullable Output<String> token) {
$.token = token;
return this;
}
/**
* @param token The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder token(String token) {
return token(Output.of(token));
}
/**
* @param url The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder url(@Nullable Output<String> url) {
$.url = url;
return this;
}
/**
* @param url The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
* @return builder
*
*/
public Builder url(String url) {
return url(Output.of(url));
}
public CacheToGitHubActionsArgs build() { public CacheToGitHubActionsArgs build() {
$.ignoreError = Codegen.booleanProp("ignoreError").output().arg($.ignoreError).def(false).getNullable(); $.ignoreError = Codegen.booleanProp("ignoreError").output().arg($.ignoreError).def(false).getNullable();
$.mode = Codegen.objectProp("mode", CacheMode.class).output().arg($.mode).def(CacheMode.Min).getNullable(); $.mode = Codegen.objectProp("mode", CacheMode.class).output().arg($.mode).def(CacheMode.Min).getNullable();
$.scope = Codegen.stringProp("scope").output().arg($.scope).def("buildkit").getNullable(); $.scope = Codegen.stringProp("scope").output().arg($.scope).def("buildkit").getNullable();
$.token = Codegen.stringProp("token").secret().arg($.token).env("ACTIONS_RUNTIME_TOKEN").def("").getNullable();
$.url = Codegen.stringProp("url").output().arg($.url).env("ACTIONS_CACHE_URL").def("").getNullable();
return $; return $;
} }
} }

60
sdk/java/src/main/java/com/pulumi/dockerbuild/outputs/CacheFromGitHubActions.java generated
View File

@@ -19,6 +19,25 @@ public final class CacheFromGitHubActions {
* *
*/ */
private @Nullable String scope; private @Nullable String scope;
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
private @Nullable String token;
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
private @Nullable String url;
private CacheFromGitHubActions() {} private CacheFromGitHubActions() {}
/** /**
@@ -31,6 +50,29 @@ public final class CacheFromGitHubActions {
public Optional<String> scope() { public Optional<String> scope() {
return Optional.ofNullable(this.scope); return Optional.ofNullable(this.scope);
} }
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<String> token() {
return Optional.ofNullable(this.token);
}
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<String> url() {
return Optional.ofNullable(this.url);
}
public static Builder builder() { public static Builder builder() {
return new Builder(); return new Builder();
@@ -42,10 +84,14 @@ public final class CacheFromGitHubActions {
@CustomType.Builder @CustomType.Builder
public static final class Builder { public static final class Builder {
private @Nullable String scope; private @Nullable String scope;
private @Nullable String token;
private @Nullable String url;
public Builder() {} public Builder() {}
public Builder(CacheFromGitHubActions defaults) { public Builder(CacheFromGitHubActions defaults) {
Objects.requireNonNull(defaults); Objects.requireNonNull(defaults);
this.scope = defaults.scope; this.scope = defaults.scope;
this.token = defaults.token;
this.url = defaults.url;
} }
@CustomType.Setter @CustomType.Setter
@@ -54,9 +100,23 @@ public final class CacheFromGitHubActions {
this.scope = scope; this.scope = scope;
return this; return this;
} }
@CustomType.Setter
public Builder token(@Nullable String token) {
this.token = token;
return this;
}
@CustomType.Setter
public Builder url(@Nullable String url) {
this.url = url;
return this;
}
public CacheFromGitHubActions build() { public CacheFromGitHubActions build() {
final var _resultValue = new CacheFromGitHubActions(); final var _resultValue = new CacheFromGitHubActions();
_resultValue.scope = scope; _resultValue.scope = scope;
_resultValue.token = token;
_resultValue.url = url;
return _resultValue; return _resultValue;
} }
} }

60
sdk/java/src/main/java/com/pulumi/dockerbuild/outputs/CacheToGitHubActions.java generated
View File

@@ -31,6 +31,25 @@ public final class CacheToGitHubActions {
* *
*/ */
private @Nullable String scope; private @Nullable String scope;
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
private @Nullable String token;
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
private @Nullable String url;
private CacheToGitHubActions() {} private CacheToGitHubActions() {}
/** /**
@@ -57,6 +76,29 @@ public final class CacheToGitHubActions {
public Optional<String> scope() { public Optional<String> scope() {
return Optional.ofNullable(this.scope); return Optional.ofNullable(this.scope);
} }
/**
* @return The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<String> token() {
return Optional.ofNullable(this.token);
}
/**
* @return The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*
*/
public Optional<String> url() {
return Optional.ofNullable(this.url);
}
public static Builder builder() { public static Builder builder() {
return new Builder(); return new Builder();
@@ -70,12 +112,16 @@ public final class CacheToGitHubActions {
private @Nullable Boolean ignoreError; private @Nullable Boolean ignoreError;
private @Nullable CacheMode mode; private @Nullable CacheMode mode;
private @Nullable String scope; private @Nullable String scope;
private @Nullable String token;
private @Nullable String url;
public Builder() {} public Builder() {}
public Builder(CacheToGitHubActions defaults) { public Builder(CacheToGitHubActions defaults) {
Objects.requireNonNull(defaults); Objects.requireNonNull(defaults);
this.ignoreError = defaults.ignoreError; this.ignoreError = defaults.ignoreError;
this.mode = defaults.mode; this.mode = defaults.mode;
this.scope = defaults.scope; this.scope = defaults.scope;
this.token = defaults.token;
this.url = defaults.url;
} }
@CustomType.Setter @CustomType.Setter
@@ -96,11 +142,25 @@ public final class CacheToGitHubActions {
this.scope = scope; this.scope = scope;
return this; return this;
} }
@CustomType.Setter
public Builder token(@Nullable String token) {
this.token = token;
return this;
}
@CustomType.Setter
public Builder url(@Nullable String url) {
this.url = url;
return this;
}
public CacheToGitHubActions build() { public CacheToGitHubActions build() {
final var _resultValue = new CacheToGitHubActions(); final var _resultValue = new CacheToGitHubActions();
_resultValue.ignoreError = ignoreError; _resultValue.ignoreError = ignoreError;
_resultValue.mode = mode; _resultValue.mode = mode;
_resultValue.scope = scope; _resultValue.scope = scope;
_resultValue.token = token;
_resultValue.url = url;
return _resultValue; return _resultValue;
} }
} }

96
sdk/nodejs/image.ts generated
View File

@@ -501,7 +501,7 @@ export class Image extends pulumi.CustomResource {
* *
* Equivalent to Docker's `--add-host` flag. * Equivalent to Docker's `--add-host` flag.
*/ */
declare public readonly addHosts: pulumi.Output<string[] | undefined>; public readonly addHosts!: pulumi.Output<string[] | undefined>;
/** /**
* `ARG` names and values to set during the build. * `ARG` names and values to set during the build.
* *
@@ -513,7 +513,7 @@ export class Image extends pulumi.CustomResource {
* *
* Equivalent to Docker's `--build-arg` flag. * Equivalent to Docker's `--build-arg` flag.
*/ */
declare public readonly buildArgs: pulumi.Output<{[key: string]: string} | undefined>; public readonly buildArgs!: pulumi.Output<{[key: string]: string} | undefined>;
/** /**
* Setting this to `false` will always skip image builds during previews, * Setting this to `false` will always skip image builds during previews,
* and setting it to `true` will always build images during previews. * and setting it to `true` will always build images during previews.
@@ -527,35 +527,35 @@ export class Image extends pulumi.CustomResource {
* Defaults to `true` as a safeguard against broken images merging as part * Defaults to `true` as a safeguard against broken images merging as part
* of CI pipelines. * of CI pipelines.
*/ */
declare public readonly buildOnPreview: pulumi.Output<boolean | undefined>; public readonly buildOnPreview!: pulumi.Output<boolean | undefined>;
/** /**
* Builder configuration. * Builder configuration.
*/ */
declare public readonly builder: pulumi.Output<outputs.BuilderConfig | undefined>; public readonly builder!: pulumi.Output<outputs.BuilderConfig | undefined>;
/** /**
* Cache export configuration. * Cache export configuration.
* *
* Equivalent to Docker's `--cache-from` flag. * Equivalent to Docker's `--cache-from` flag.
*/ */
declare public readonly cacheFrom: pulumi.Output<outputs.CacheFrom[] | undefined>; public readonly cacheFrom!: pulumi.Output<outputs.CacheFrom[] | undefined>;
/** /**
* Cache import configuration. * Cache import configuration.
* *
* Equivalent to Docker's `--cache-to` flag. * Equivalent to Docker's `--cache-to` flag.
*/ */
declare public readonly cacheTo: pulumi.Output<outputs.CacheTo[] | undefined>; public readonly cacheTo!: pulumi.Output<outputs.CacheTo[] | undefined>;
/** /**
* Build context settings. Defaults to the current directory. * Build context settings. Defaults to the current directory.
* *
* Equivalent to Docker's `PATH | URL | -` positional argument. * Equivalent to Docker's `PATH | URL | -` positional argument.
*/ */
declare public readonly context: pulumi.Output<outputs.BuildContext | undefined>; public readonly context!: pulumi.Output<outputs.BuildContext | undefined>;
/** /**
* A preliminary hash of the image's build context. * A preliminary hash of the image's build context.
* *
* Pulumi uses this to determine if an image _may_ need to be re-built. * Pulumi uses this to determine if an image _may_ need to be re-built.
*/ */
declare public /*out*/ readonly contextHash: pulumi.Output<string>; public /*out*/ readonly contextHash!: pulumi.Output<string>;
/** /**
* A SHA256 digest of the image if it was exported to a registry or * A SHA256 digest of the image if it was exported to a registry or
* elsewhere. * elsewhere.
@@ -565,13 +565,13 @@ export class Image extends pulumi.CustomResource {
* Registry images can be referenced precisely as `<tag>@<digest>`. The * Registry images can be referenced precisely as `<tag>@<digest>`. The
* `ref` output provides one such reference as a convenience. * `ref` output provides one such reference as a convenience.
*/ */
declare public /*out*/ readonly digest: pulumi.Output<string>; public /*out*/ readonly digest!: pulumi.Output<string>;
/** /**
* Dockerfile settings. * Dockerfile settings.
* *
* Equivalent to Docker's `--file` flag. * Equivalent to Docker's `--file` flag.
*/ */
declare public readonly dockerfile: pulumi.Output<outputs.Dockerfile | undefined>; public readonly dockerfile!: pulumi.Output<outputs.Dockerfile | undefined>;
/** /**
* Use `exec` mode to build this image. * Use `exec` mode to build this image.
* *
@@ -594,7 +594,7 @@ export class Image extends pulumi.CustomResource {
* are temporarily written to disk in order to provide them to the * are temporarily written to disk in order to provide them to the
* `docker-buildx` binary. * `docker-buildx` binary.
*/ */
declare public readonly exec: pulumi.Output<boolean | undefined>; public readonly exec!: pulumi.Output<boolean | undefined>;
/** /**
* Controls where images are persisted after building. * Controls where images are persisted after building.
* *
@@ -606,13 +606,13 @@ export class Image extends pulumi.CustomResource {
* *
* Equivalent to Docker's `--output` flag. * Equivalent to Docker's `--output` flag.
*/ */
declare public readonly exports: pulumi.Output<outputs.Export[] | undefined>; public readonly exports!: pulumi.Output<outputs.Export[] | undefined>;
/** /**
* Attach arbitrary key/value metadata to the image. * Attach arbitrary key/value metadata to the image.
* *
* Equivalent to Docker's `--label` flag. * Equivalent to Docker's `--label` flag.
*/ */
declare public readonly labels: pulumi.Output<{[key: string]: string} | undefined>; public readonly labels!: pulumi.Output<{[key: string]: string} | undefined>;
/** /**
* When `true` the build will automatically include a `docker` export. * When `true` the build will automatically include a `docker` export.
* *
@@ -620,7 +620,7 @@ export class Image extends pulumi.CustomResource {
* *
* Equivalent to Docker's `--load` flag. * Equivalent to Docker's `--load` flag.
*/ */
declare public readonly load: pulumi.Output<boolean | undefined>; public readonly load!: pulumi.Output<boolean | undefined>;
/** /**
* Set the network mode for `RUN` instructions. Defaults to `default`. * Set the network mode for `RUN` instructions. Defaults to `default`.
* *
@@ -628,25 +628,25 @@ export class Image extends pulumi.CustomResource {
* *
* Equivalent to Docker's `--network` flag. * Equivalent to Docker's `--network` flag.
*/ */
declare public readonly network: pulumi.Output<enums.NetworkMode | undefined>; public readonly network!: pulumi.Output<enums.NetworkMode | undefined>;
/** /**
* Do not import cache manifests when building the image. * Do not import cache manifests when building the image.
* *
* Equivalent to Docker's `--no-cache` flag. * Equivalent to Docker's `--no-cache` flag.
*/ */
declare public readonly noCache: pulumi.Output<boolean | undefined>; public readonly noCache!: pulumi.Output<boolean | undefined>;
/** /**
* Set target platform(s) for the build. Defaults to the host's platform. * Set target platform(s) for the build. Defaults to the host's platform.
* *
* Equivalent to Docker's `--platform` flag. * Equivalent to Docker's `--platform` flag.
*/ */
declare public readonly platforms: pulumi.Output<enums.Platform[] | undefined>; public readonly platforms!: pulumi.Output<enums.Platform[] | undefined>;
/** /**
* Always pull referenced images. * Always pull referenced images.
* *
* Equivalent to Docker's `--pull` flag. * Equivalent to Docker's `--pull` flag.
*/ */
declare public readonly pull: pulumi.Output<boolean | undefined>; public readonly pull!: pulumi.Output<boolean | undefined>;
/** /**
* When `true` the build will automatically include a `registry` export. * When `true` the build will automatically include a `registry` export.
* *
@@ -654,7 +654,7 @@ export class Image extends pulumi.CustomResource {
* *
* Equivalent to Docker's `--push` flag. * Equivalent to Docker's `--push` flag.
*/ */
declare public readonly push: pulumi.Output<boolean>; public readonly push!: pulumi.Output<boolean>;
/** /**
* If the image was pushed to any registries then this will contain a * If the image was pushed to any registries then this will contain a
* single fully-qualified tag including the build's digest. * single fully-qualified tag including the build's digest.
@@ -671,7 +671,7 @@ export class Image extends pulumi.CustomResource {
* For more control over tags consumed by downstream resources you should * For more control over tags consumed by downstream resources you should
* use the `digest` output. * use the `digest` output.
*/ */
declare public /*out*/ readonly ref: pulumi.Output<string>; public /*out*/ readonly ref!: pulumi.Output<string>;
/** /**
* Registry credentials. Required if reading or exporting to private * Registry credentials. Required if reading or exporting to private
* repositories. * repositories.
@@ -681,7 +681,7 @@ export class Image extends pulumi.CustomResource {
* *
* Similar to `docker login`. * Similar to `docker login`.
*/ */
declare public readonly registries: pulumi.Output<outputs.Registry[] | undefined>; public readonly registries!: pulumi.Output<outputs.Registry[] | undefined>;
/** /**
* A mapping of secret names to their corresponding values. * A mapping of secret names to their corresponding values.
* *
@@ -693,13 +693,13 @@ export class Image extends pulumi.CustomResource {
* *
* Similar to Docker's `--secret` flag. * Similar to Docker's `--secret` flag.
*/ */
declare public readonly secrets: pulumi.Output<{[key: string]: string} | undefined>; public readonly secrets!: pulumi.Output<{[key: string]: string} | undefined>;
/** /**
* SSH agent socket or keys to expose to the build. * SSH agent socket or keys to expose to the build.
* *
* Equivalent to Docker's `--ssh` flag. * Equivalent to Docker's `--ssh` flag.
*/ */
declare public readonly ssh: pulumi.Output<outputs.SSH[] | undefined>; public readonly ssh!: pulumi.Output<outputs.SSH[] | undefined>;
/** /**
* Name and optionally a tag (format: `name:tag`). * Name and optionally a tag (format: `name:tag`).
* *
@@ -708,7 +708,7 @@ export class Image extends pulumi.CustomResource {
* *
* Equivalent to Docker's `--tag` flag. * Equivalent to Docker's `--tag` flag.
*/ */
declare public readonly tags: pulumi.Output<string[] | undefined>; public readonly tags!: pulumi.Output<string[] | undefined>;
/** /**
* Set the target build stage(s) to build. * Set the target build stage(s) to build.
* *
@@ -716,7 +716,7 @@ export class Image extends pulumi.CustomResource {
* *
* Equivalent to Docker's `--target` flag. * Equivalent to Docker's `--target` flag.
*/ */
declare public readonly target: pulumi.Output<string | undefined>; public readonly target!: pulumi.Output<string | undefined>;
/** /**
* Create a Image resource with the given unique name, arguments, and options. * Create a Image resource with the given unique name, arguments, and options.
@@ -729,31 +729,31 @@ export class Image extends pulumi.CustomResource {
let resourceInputs: pulumi.Inputs = {}; let resourceInputs: pulumi.Inputs = {};
opts = opts || {}; opts = opts || {};
if (!opts.id) { if (!opts.id) {
if (args?.push === undefined && !opts.urn) { if ((!args || args.push === undefined) && !opts.urn) {
throw new Error("Missing required property 'push'"); throw new Error("Missing required property 'push'");
} }
resourceInputs["addHosts"] = args?.addHosts; resourceInputs["addHosts"] = args ? args.addHosts : undefined;
resourceInputs["buildArgs"] = args?.buildArgs; resourceInputs["buildArgs"] = args ? args.buildArgs : undefined;
resourceInputs["buildOnPreview"] = (args?.buildOnPreview) ?? true; resourceInputs["buildOnPreview"] = (args ? args.buildOnPreview : undefined) ?? true;
resourceInputs["builder"] = args?.builder; resourceInputs["builder"] = args ? args.builder : undefined;
resourceInputs["cacheFrom"] = args?.cacheFrom; resourceInputs["cacheFrom"] = args ? args.cacheFrom : undefined;
resourceInputs["cacheTo"] = args?.cacheTo; resourceInputs["cacheTo"] = args ? args.cacheTo : undefined;
resourceInputs["context"] = args?.context; resourceInputs["context"] = args ? args.context : undefined;
resourceInputs["dockerfile"] = args?.dockerfile; resourceInputs["dockerfile"] = args ? args.dockerfile : undefined;
resourceInputs["exec"] = args?.exec; resourceInputs["exec"] = args ? args.exec : undefined;
resourceInputs["exports"] = args?.exports; resourceInputs["exports"] = args ? args.exports : undefined;
resourceInputs["labels"] = args?.labels; resourceInputs["labels"] = args ? args.labels : undefined;
resourceInputs["load"] = args?.load; resourceInputs["load"] = args ? args.load : undefined;
resourceInputs["network"] = (args?.network) ?? "default"; resourceInputs["network"] = (args ? args.network : undefined) ?? "default";
resourceInputs["noCache"] = args?.noCache; resourceInputs["noCache"] = args ? args.noCache : undefined;
resourceInputs["platforms"] = args?.platforms; resourceInputs["platforms"] = args ? args.platforms : undefined;
resourceInputs["pull"] = args?.pull; resourceInputs["pull"] = args ? args.pull : undefined;
resourceInputs["push"] = args?.push; resourceInputs["push"] = args ? args.push : undefined;
resourceInputs["registries"] = args?.registries; resourceInputs["registries"] = args ? args.registries : undefined;
resourceInputs["secrets"] = args?.secrets; resourceInputs["secrets"] = args ? args.secrets : undefined;
resourceInputs["ssh"] = args?.ssh; resourceInputs["ssh"] = args ? args.ssh : undefined;
resourceInputs["tags"] = args?.tags; resourceInputs["tags"] = args ? args.tags : undefined;
resourceInputs["target"] = args?.target; resourceInputs["target"] = args ? args.target : undefined;
resourceInputs["contextHash"] = undefined /*out*/; resourceInputs["contextHash"] = undefined /*out*/;
resourceInputs["digest"] = undefined /*out*/; resourceInputs["digest"] = undefined /*out*/;
resourceInputs["ref"] = undefined /*out*/; resourceInputs["ref"] = undefined /*out*/;

22
sdk/nodejs/index_.ts generated
View File

@@ -113,27 +113,27 @@ export class Index extends pulumi.CustomResource {
* *
* Defaults to `true`. * Defaults to `true`.
*/ */
declare public readonly push: pulumi.Output<boolean | undefined>; public readonly push!: pulumi.Output<boolean | undefined>;
/** /**
* The pushed tag with digest. * The pushed tag with digest.
* *
* Identical to the tag if the index was not pushed. * Identical to the tag if the index was not pushed.
*/ */
declare public /*out*/ readonly ref: pulumi.Output<string>; public /*out*/ readonly ref!: pulumi.Output<string>;
/** /**
* Authentication for the registry where the tagged index will be pushed. * Authentication for the registry where the tagged index will be pushed.
* *
* Credentials can also be included with the provider's configuration. * Credentials can also be included with the provider's configuration.
*/ */
declare public readonly registry: pulumi.Output<outputs.Registry | undefined>; public readonly registry!: pulumi.Output<outputs.Registry | undefined>;
/** /**
* Existing images to include in the index. * Existing images to include in the index.
*/ */
declare public readonly sources: pulumi.Output<string[]>; public readonly sources!: pulumi.Output<string[]>;
/** /**
* The tag to apply to the index. * The tag to apply to the index.
*/ */
declare public readonly tag: pulumi.Output<string>; public readonly tag!: pulumi.Output<string>;
/** /**
* Create a Index resource with the given unique name, arguments, and options. * Create a Index resource with the given unique name, arguments, and options.
@@ -146,16 +146,16 @@ export class Index extends pulumi.CustomResource {
let resourceInputs: pulumi.Inputs = {}; let resourceInputs: pulumi.Inputs = {};
opts = opts || {}; opts = opts || {};
if (!opts.id) { if (!opts.id) {
if (args?.sources === undefined && !opts.urn) { if ((!args || args.sources === undefined) && !opts.urn) {
throw new Error("Missing required property 'sources'"); throw new Error("Missing required property 'sources'");
} }
if (args?.tag === undefined && !opts.urn) { if ((!args || args.tag === undefined) && !opts.urn) {
throw new Error("Missing required property 'tag'"); throw new Error("Missing required property 'tag'");
} }
resourceInputs["push"] = (args?.push) ?? true; resourceInputs["push"] = (args ? args.push : undefined) ?? true;
resourceInputs["registry"] = args?.registry; resourceInputs["registry"] = args ? args.registry : undefined;
resourceInputs["sources"] = args?.sources; resourceInputs["sources"] = args ? args.sources : undefined;
resourceInputs["tag"] = args?.tag; resourceInputs["tag"] = args ? args.tag : undefined;
resourceInputs["ref"] = undefined /*out*/; resourceInputs["ref"] = undefined /*out*/;
} else { } else {
resourceInputs["push"] = undefined /*out*/; resourceInputs["push"] = undefined /*out*/;

6
sdk/nodejs/provider.ts generated
View File

@@ -25,7 +25,7 @@ export class Provider extends pulumi.ProviderResource {
/** /**
* The build daemon's address. * The build daemon's address.
*/ */
declare public readonly host: pulumi.Output<string | undefined>; public readonly host!: pulumi.Output<string | undefined>;
/** /**
* Create a Provider resource with the given unique name, arguments, and options. * Create a Provider resource with the given unique name, arguments, and options.
@@ -38,8 +38,8 @@ export class Provider extends pulumi.ProviderResource {
let resourceInputs: pulumi.Inputs = {}; let resourceInputs: pulumi.Inputs = {};
opts = opts || {}; opts = opts || {};
{ {
resourceInputs["host"] = (args?.host) ?? (utilities.getEnv("DOCKER_HOST") || ""); resourceInputs["host"] = (args ? args.host : undefined) ?? (utilities.getEnv("DOCKER_HOST") || "");
resourceInputs["registries"] = pulumi.output(args?.registries).apply(JSON.stringify); resourceInputs["registries"] = pulumi.output(args ? args.registries : undefined).apply(JSON.stringify);
} }
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(Provider.__pulumiType, name, resourceInputs, opts); super(Provider.__pulumiType, name, resourceInputs, opts);

2
sdk/nodejs/tsconfig.json generated
View File

@@ -1,7 +1,7 @@
{ {
"compilerOptions": { "compilerOptions": {
"outDir": "bin", "outDir": "bin",
"target": "ES2020", "target": "es2016",
"module": "commonjs", "module": "commonjs",
"moduleResolution": "node", "moduleResolution": "node",
"declaration": true, "declaration": true,

50
sdk/nodejs/types/input.ts generated
View File

@@ -104,12 +104,6 @@ export interface CacheFromAzureBlobArgs {
secretAccessKey?: pulumi.Input<string>; secretAccessKey?: pulumi.Input<string>;
} }
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*/
export interface CacheFromGitHubActionsArgs { export interface CacheFromGitHubActionsArgs {
/** /**
* The scope to use for cache keys. Defaults to `buildkit`. * The scope to use for cache keys. Defaults to `buildkit`.
@@ -118,6 +112,23 @@ export interface CacheFromGitHubActionsArgs {
* workflow, otherwise caches will overwrite each other. * workflow, otherwise caches will overwrite each other.
*/ */
scope?: pulumi.Input<string>; scope?: pulumi.Input<string>;
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
token?: pulumi.Input<string>;
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
url?: pulumi.Input<string>;
} }
/** /**
* cacheFromGitHubActionsArgsProvideDefaults sets the appropriate defaults for CacheFromGitHubActionsArgs * cacheFromGitHubActionsArgsProvideDefaults sets the appropriate defaults for CacheFromGitHubActionsArgs
@@ -126,6 +137,8 @@ export function cacheFromGitHubActionsArgsProvideDefaults(val: CacheFromGitHubAc
return { return {
...val, ...val,
scope: (val.scope) ?? "buildkit", scope: (val.scope) ?? "buildkit",
token: (val.token) ?? (utilities.getEnv("ACTIONS_RUNTIME_TOKEN") || ""),
url: (val.url) ?? (utilities.getEnv("ACTIONS_CACHE_URL") || ""),
}; };
} }
@@ -290,12 +303,6 @@ export function cacheToAzureBlobArgsProvideDefaults(val: CacheToAzureBlobArgs):
}; };
} }
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*/
export interface CacheToGitHubActionsArgs { export interface CacheToGitHubActionsArgs {
/** /**
* Ignore errors caused by failed cache exports. * Ignore errors caused by failed cache exports.
@@ -312,6 +319,23 @@ export interface CacheToGitHubActionsArgs {
* workflow, otherwise caches will overwrite each other. * workflow, otherwise caches will overwrite each other.
*/ */
scope?: pulumi.Input<string>; scope?: pulumi.Input<string>;
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
token?: pulumi.Input<string>;
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
url?: pulumi.Input<string>;
} }
/** /**
* cacheToGitHubActionsArgsProvideDefaults sets the appropriate defaults for CacheToGitHubActionsArgs * cacheToGitHubActionsArgsProvideDefaults sets the appropriate defaults for CacheToGitHubActionsArgs
@@ -322,6 +346,8 @@ export function cacheToGitHubActionsArgsProvideDefaults(val: CacheToGitHubAction
ignoreError: (val.ignoreError) ?? false, ignoreError: (val.ignoreError) ?? false,
mode: (val.mode) ?? "min", mode: (val.mode) ?? "min",
scope: (val.scope) ?? "buildkit", scope: (val.scope) ?? "buildkit",
token: (val.token) ?? (utilities.getEnv("ACTIONS_RUNTIME_TOKEN") || ""),
url: (val.url) ?? (utilities.getEnv("ACTIONS_CACHE_URL") || ""),
}; };
} }

50
sdk/nodejs/types/output.ts generated
View File

@@ -104,12 +104,6 @@ export interface CacheFromAzureBlob {
secretAccessKey?: string; secretAccessKey?: string;
} }
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*/
export interface CacheFromGitHubActions { export interface CacheFromGitHubActions {
/** /**
* The scope to use for cache keys. Defaults to `buildkit`. * The scope to use for cache keys. Defaults to `buildkit`.
@@ -118,6 +112,23 @@ export interface CacheFromGitHubActions {
* workflow, otherwise caches will overwrite each other. * workflow, otherwise caches will overwrite each other.
*/ */
scope?: string; scope?: string;
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
token?: string;
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
url?: string;
} }
/** /**
* cacheFromGitHubActionsProvideDefaults sets the appropriate defaults for CacheFromGitHubActions * cacheFromGitHubActionsProvideDefaults sets the appropriate defaults for CacheFromGitHubActions
@@ -126,6 +137,8 @@ export function cacheFromGitHubActionsProvideDefaults(val: CacheFromGitHubAction
return { return {
...val, ...val,
scope: (val.scope) ?? "buildkit", scope: (val.scope) ?? "buildkit",
token: (val.token) ?? (utilities.getEnv("ACTIONS_RUNTIME_TOKEN") || ""),
url: (val.url) ?? (utilities.getEnv("ACTIONS_CACHE_URL") || ""),
}; };
} }
@@ -290,12 +303,6 @@ export function cacheToAzureBlobProvideDefaults(val: CacheToAzureBlob): CacheToA
}; };
} }
/**
* Recommended for use with GitHub Actions workflows.
*
* An action like `crazy-max/ghaction-github-runtime` is recommended to expose
* appropriate credentials to your GitHub workflow.
*/
export interface CacheToGitHubActions { export interface CacheToGitHubActions {
/** /**
* Ignore errors caused by failed cache exports. * Ignore errors caused by failed cache exports.
@@ -312,6 +319,23 @@ export interface CacheToGitHubActions {
* workflow, otherwise caches will overwrite each other. * workflow, otherwise caches will overwrite each other.
*/ */
scope?: string; scope?: string;
/**
* The GitHub Actions token to use. This is not a personal access tokens
* and is typically generated automatically as part of each job.
*
* Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
token?: string;
/**
* The cache server URL to use for artifacts.
*
* Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
* `crazy-max/ghaction-github-runtime` is recommended to expose this
* environment variable to your jobs.
*/
url?: string;
} }
/** /**
* cacheToGitHubActionsProvideDefaults sets the appropriate defaults for CacheToGitHubActions * cacheToGitHubActionsProvideDefaults sets the appropriate defaults for CacheToGitHubActions
@@ -322,6 +346,8 @@ export function cacheToGitHubActionsProvideDefaults(val: CacheToGitHubActions):
ignoreError: (val.ignoreError) ?? false, ignoreError: (val.ignoreError) ?? false,
mode: (val.mode) ?? "min", mode: (val.mode) ?? "min",
scope: (val.scope) ?? "buildkit", scope: (val.scope) ?? "buildkit",
token: (val.token) ?? (utilities.getEnv("ACTIONS_RUNTIME_TOKEN") || ""),
url: (val.url) ?? (utilities.getEnv("ACTIONS_CACHE_URL") || ""),
}; };
} }

166
sdk/python/pulumi_docker_build/_inputs.py generated
View File

@@ -281,12 +281,6 @@ class CacheFromAzureBlobArgs:
if not MYPY: if not MYPY:
class CacheFromGitHubActionsArgsDict(TypedDict): class CacheFromGitHubActionsArgsDict(TypedDict):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
"""
scope: NotRequired[pulumi.Input[_builtins.str]] scope: NotRequired[pulumi.Input[_builtins.str]]
""" """
The scope to use for cache keys. Defaults to `buildkit`. The scope to use for cache keys. Defaults to `buildkit`.
@@ -294,27 +288,61 @@ if not MYPY:
This should be set if building and caching multiple images in one This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other. workflow, otherwise caches will overwrite each other.
""" """
token: NotRequired[pulumi.Input[_builtins.str]]
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
url: NotRequired[pulumi.Input[_builtins.str]]
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
elif False: elif False:
CacheFromGitHubActionsArgsDict: TypeAlias = Mapping[str, Any] CacheFromGitHubActionsArgsDict: TypeAlias = Mapping[str, Any]
@pulumi.input_type @pulumi.input_type
class CacheFromGitHubActionsArgs: class CacheFromGitHubActionsArgs:
def __init__(__self__, *, def __init__(__self__, *,
scope: Optional[pulumi.Input[_builtins.str]] = None): scope: Optional[pulumi.Input[_builtins.str]] = None,
token: Optional[pulumi.Input[_builtins.str]] = None,
url: Optional[pulumi.Input[_builtins.str]] = None):
""" """
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
:param pulumi.Input[_builtins.str] scope: The scope to use for cache keys. Defaults to `buildkit`. :param pulumi.Input[_builtins.str] scope: The scope to use for cache keys. Defaults to `buildkit`.
This should be set if building and caching multiple images in one This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other. workflow, otherwise caches will overwrite each other.
:param pulumi.Input[_builtins.str] token: The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
:param pulumi.Input[_builtins.str] url: The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
""" """
if scope is None: if scope is None:
scope = 'buildkit' scope = 'buildkit'
if scope is not None: if scope is not None:
pulumi.set(__self__, "scope", scope) pulumi.set(__self__, "scope", scope)
if token is None:
token = (_utilities.get_env('ACTIONS_RUNTIME_TOKEN') or '')
if token is not None:
pulumi.set(__self__, "token", token)
if url is None:
url = (_utilities.get_env('ACTIONS_CACHE_URL') or '')
if url is not None:
pulumi.set(__self__, "url", url)
@_builtins.property @_builtins.property
@pulumi.getter @pulumi.getter
@@ -331,6 +359,39 @@ class CacheFromGitHubActionsArgs:
def scope(self, value: Optional[pulumi.Input[_builtins.str]]): def scope(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "scope", value) pulumi.set(self, "scope", value)
@_builtins.property
@pulumi.getter
def token(self) -> Optional[pulumi.Input[_builtins.str]]:
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "token")
@token.setter
def token(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "token", value)
@_builtins.property
@pulumi.getter
def url(self) -> Optional[pulumi.Input[_builtins.str]]:
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "url")
@url.setter
def url(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "url", value)
if not MYPY: if not MYPY:
class CacheFromLocalArgsDict(TypedDict): class CacheFromLocalArgsDict(TypedDict):
@@ -916,12 +977,6 @@ class CacheToAzureBlobArgs:
if not MYPY: if not MYPY:
class CacheToGitHubActionsArgsDict(TypedDict): class CacheToGitHubActionsArgsDict(TypedDict):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
"""
ignore_error: NotRequired[pulumi.Input[_builtins.bool]] ignore_error: NotRequired[pulumi.Input[_builtins.bool]]
""" """
Ignore errors caused by failed cache exports. Ignore errors caused by failed cache exports.
@@ -937,6 +992,23 @@ if not MYPY:
This should be set if building and caching multiple images in one This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other. workflow, otherwise caches will overwrite each other.
""" """
token: NotRequired[pulumi.Input[_builtins.str]]
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
url: NotRequired[pulumi.Input[_builtins.str]]
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
elif False: elif False:
CacheToGitHubActionsArgsDict: TypeAlias = Mapping[str, Any] CacheToGitHubActionsArgsDict: TypeAlias = Mapping[str, Any]
@@ -945,18 +1017,27 @@ class CacheToGitHubActionsArgs:
def __init__(__self__, *, def __init__(__self__, *,
ignore_error: Optional[pulumi.Input[_builtins.bool]] = None, ignore_error: Optional[pulumi.Input[_builtins.bool]] = None,
mode: Optional[pulumi.Input['CacheMode']] = None, mode: Optional[pulumi.Input['CacheMode']] = None,
scope: Optional[pulumi.Input[_builtins.str]] = None): scope: Optional[pulumi.Input[_builtins.str]] = None,
token: Optional[pulumi.Input[_builtins.str]] = None,
url: Optional[pulumi.Input[_builtins.str]] = None):
""" """
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
:param pulumi.Input[_builtins.bool] ignore_error: Ignore errors caused by failed cache exports. :param pulumi.Input[_builtins.bool] ignore_error: Ignore errors caused by failed cache exports.
:param pulumi.Input['CacheMode'] mode: The cache mode to use. Defaults to `min`. :param pulumi.Input['CacheMode'] mode: The cache mode to use. Defaults to `min`.
:param pulumi.Input[_builtins.str] scope: The scope to use for cache keys. Defaults to `buildkit`. :param pulumi.Input[_builtins.str] scope: The scope to use for cache keys. Defaults to `buildkit`.
This should be set if building and caching multiple images in one This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other. workflow, otherwise caches will overwrite each other.
:param pulumi.Input[_builtins.str] token: The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
:param pulumi.Input[_builtins.str] url: The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
""" """
if ignore_error is None: if ignore_error is None:
ignore_error = False ignore_error = False
@@ -970,6 +1051,14 @@ class CacheToGitHubActionsArgs:
scope = 'buildkit' scope = 'buildkit'
if scope is not None: if scope is not None:
pulumi.set(__self__, "scope", scope) pulumi.set(__self__, "scope", scope)
if token is None:
token = (_utilities.get_env('ACTIONS_RUNTIME_TOKEN') or '')
if token is not None:
pulumi.set(__self__, "token", token)
if url is None:
url = (_utilities.get_env('ACTIONS_CACHE_URL') or '')
if url is not None:
pulumi.set(__self__, "url", url)
@_builtins.property @_builtins.property
@pulumi.getter(name="ignoreError") @pulumi.getter(name="ignoreError")
@@ -1010,6 +1099,39 @@ class CacheToGitHubActionsArgs:
def scope(self, value: Optional[pulumi.Input[_builtins.str]]): def scope(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "scope", value) pulumi.set(self, "scope", value)
@_builtins.property
@pulumi.getter
def token(self) -> Optional[pulumi.Input[_builtins.str]]:
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "token")
@token.setter
def token(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "token", value)
@_builtins.property
@pulumi.getter
def url(self) -> Optional[pulumi.Input[_builtins.str]]:
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "url")
@url.setter
def url(self, value: Optional[pulumi.Input[_builtins.str]]):
pulumi.set(self, "url", value)
if not MYPY: if not MYPY:
class CacheToInlineArgsDict(TypedDict): class CacheToInlineArgsDict(TypedDict):

116
sdk/python/pulumi_docker_build/outputs.py generated
View File

@@ -293,28 +293,39 @@ class CacheFromAzureBlob(dict):
@pulumi.output_type @pulumi.output_type
class CacheFromGitHubActions(dict): class CacheFromGitHubActions(dict):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
"""
def __init__(__self__, *, def __init__(__self__, *,
scope: Optional[_builtins.str] = None): scope: Optional[_builtins.str] = None,
token: Optional[_builtins.str] = None,
url: Optional[_builtins.str] = None):
""" """
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
:param _builtins.str scope: The scope to use for cache keys. Defaults to `buildkit`. :param _builtins.str scope: The scope to use for cache keys. Defaults to `buildkit`.
This should be set if building and caching multiple images in one This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other. workflow, otherwise caches will overwrite each other.
:param _builtins.str token: The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
:param _builtins.str url: The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
""" """
if scope is None: if scope is None:
scope = 'buildkit' scope = 'buildkit'
if scope is not None: if scope is not None:
pulumi.set(__self__, "scope", scope) pulumi.set(__self__, "scope", scope)
if token is None:
token = (_utilities.get_env('ACTIONS_RUNTIME_TOKEN') or '')
if token is not None:
pulumi.set(__self__, "token", token)
if url is None:
url = (_utilities.get_env('ACTIONS_CACHE_URL') or '')
if url is not None:
pulumi.set(__self__, "url", url)
@_builtins.property @_builtins.property
@pulumi.getter @pulumi.getter
@@ -327,6 +338,31 @@ class CacheFromGitHubActions(dict):
""" """
return pulumi.get(self, "scope") return pulumi.get(self, "scope")
@_builtins.property
@pulumi.getter
def token(self) -> Optional[_builtins.str]:
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "token")
@_builtins.property
@pulumi.getter
def url(self) -> Optional[_builtins.str]:
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "url")
@pulumi.output_type @pulumi.output_type
class CacheFromLocal(dict): class CacheFromLocal(dict):
@@ -748,12 +784,6 @@ class CacheToAzureBlob(dict):
@pulumi.output_type @pulumi.output_type
class CacheToGitHubActions(dict): class CacheToGitHubActions(dict):
"""
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
"""
@staticmethod @staticmethod
def __key_warning(key: str): def __key_warning(key: str):
suggest = None suggest = None
@@ -774,18 +804,27 @@ class CacheToGitHubActions(dict):
def __init__(__self__, *, def __init__(__self__, *,
ignore_error: Optional[_builtins.bool] = None, ignore_error: Optional[_builtins.bool] = None,
mode: Optional['CacheMode'] = None, mode: Optional['CacheMode'] = None,
scope: Optional[_builtins.str] = None): scope: Optional[_builtins.str] = None,
token: Optional[_builtins.str] = None,
url: Optional[_builtins.str] = None):
""" """
Recommended for use with GitHub Actions workflows.
An action like `crazy-max/ghaction-github-runtime` is recommended to expose
appropriate credentials to your GitHub workflow.
:param _builtins.bool ignore_error: Ignore errors caused by failed cache exports. :param _builtins.bool ignore_error: Ignore errors caused by failed cache exports.
:param 'CacheMode' mode: The cache mode to use. Defaults to `min`. :param 'CacheMode' mode: The cache mode to use. Defaults to `min`.
:param _builtins.str scope: The scope to use for cache keys. Defaults to `buildkit`. :param _builtins.str scope: The scope to use for cache keys. Defaults to `buildkit`.
This should be set if building and caching multiple images in one This should be set if building and caching multiple images in one
workflow, otherwise caches will overwrite each other. workflow, otherwise caches will overwrite each other.
:param _builtins.str token: The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
:param _builtins.str url: The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
""" """
if ignore_error is None: if ignore_error is None:
ignore_error = False ignore_error = False
@@ -799,6 +838,14 @@ class CacheToGitHubActions(dict):
scope = 'buildkit' scope = 'buildkit'
if scope is not None: if scope is not None:
pulumi.set(__self__, "scope", scope) pulumi.set(__self__, "scope", scope)
if token is None:
token = (_utilities.get_env('ACTIONS_RUNTIME_TOKEN') or '')
if token is not None:
pulumi.set(__self__, "token", token)
if url is None:
url = (_utilities.get_env('ACTIONS_CACHE_URL') or '')
if url is not None:
pulumi.set(__self__, "url", url)
@_builtins.property @_builtins.property
@pulumi.getter(name="ignoreError") @pulumi.getter(name="ignoreError")
@@ -827,6 +874,31 @@ class CacheToGitHubActions(dict):
""" """
return pulumi.get(self, "scope") return pulumi.get(self, "scope")
@_builtins.property
@pulumi.getter
def token(self) -> Optional[_builtins.str]:
"""
The GitHub Actions token to use. This is not a personal access tokens
and is typically generated automatically as part of each job.
Defaults to `$ACTIONS_RUNTIME_TOKEN`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "token")
@_builtins.property
@pulumi.getter
def url(self) -> Optional[_builtins.str]:
"""
The cache server URL to use for artifacts.
Defaults to `$ACTIONS_CACHE_URL`, although a separate action like
`crazy-max/ghaction-github-runtime` is recommended to expose this
environment variable to your jobs.
"""
return pulumi.get(self, "url")
@pulumi.output_type @pulumi.output_type
class CacheToInline(dict): class CacheToInline(dict):