# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt name: release on: push: tags: - v*.*.* - "!v*.*.*-**" env: PROVIDER: docker-build PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget TRAVIS_OS_NAME: linux PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. GOVERSION: "1.21.x" NODEVERSION: "20.x" PYTHONVERSION: "3.11.8" DOTNETVERSION: "8.0.x" JAVAVERSION: "11" ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 AWS_REGION: us-west-2 AZURE_LOCATION: westus GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a PULUMI_API: https://api.pulumi-staging.io jobs: prerequisites: runs-on: ubuntu-latest name: prerequisites permissions: id-token: write # For ESC secrets. pull-requests: write # For schema check comment. steps: - name: Checkout Repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version: ${{ env.GOVERSION }} cache-dependency-path: "**/*.sum" - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 - if: github.event_name == 'pull_request' name: Install Schema Tools uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 with: repo: pulumi/schema-tools - name: Build codegen binaries run: make codegen - name: Build Schema run: make generate_schema - if: github.event_name == 'pull_request' name: Check Schema is Valid run: >- { echo 'SCHEMA_CHANGES<> "$GITHUB_ENV" env: GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' name: Comment on PR with Details of Schema Check uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: message: | ${{ env.SCHEMA_CHANGES }} comment-tag: schemaCheck github-token: ${{ secrets.GITHUB_TOKEN }} - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && github.actor == 'pulumi-bot' name: Add label if no breaking changes uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 with: labels: impact/no-changelog-required number: ${{ github.event.issue.number }} github_token: ${{ secrets.GITHUB_TOKEN }} - name: Build Provider run: make provider - name: Check worktree clean id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- sdk/**/pulumi-plugin.json sdk/dotnet/*.*.csproj sdk/dotnet/version.txt sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml - name: Commit SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == 'pull_request' shell: bash run: > git diff --quiet -- sdk && echo "no changes to sdk" && exit git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" # Stash local changes and check out the PR's branch directly. git stash git fetch git checkout "origin/$HEAD_REF" # Apply and add our changes, but don't commit any files we expect to # always change due to versioning. git stash pop git add sdk git reset sdk/python/*/pulumi-plugin.json \ sdk/python/pyproject.toml \ sdk/dotnet/pulumi-plugin.json \ sdk/dotnet/*.*.csproj \ sdk/dotnet/version.txt \ sdk/go/*/pulumi-plugin.json \ sdk/go/*/internal/pulumiUtilities.go \ sdk/nodejs/package.json git commit -m 'Commit SDK for Renovate' # Push with pulumi-bot credentials to trigger a re-run of the # workflow. https://github.com/orgs/community/discussions/25702 git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" env: HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} pulumi-gen-${{ env.PROVIDER}} - name: Upload artifacts uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: pulumi-${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz - name: Test Provider Library run: make test_provider env: ARM_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.ARM_CLIENT_SECRET }} DIGITALOCEAN_TOKEN: ${{ steps.esc-secrets.outputs.DIGITALOCEAN_TOKEN }} DOCKER_HUB_PASSWORD: ${{ steps.esc-secrets.outputs.DOCKER_HUB_PASSWORD }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload coverage reports to Codecov uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 env: CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }} - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 with: author_name: Failure in building provider prerequisites fields: repo,commit,author,action status: ${{ job.status }} env: SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} build_sdks: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs - python - dotnet - go - java name: build_sdks permissions: contents: read id-token: write # For ESC secrets. steps: - name: Checkout Repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version: ${{ env.GOVERSION }} cache-dependency-path: "**/*.sum" - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 - name: Setup Node uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: ${{ env.NODEVERSION }} registry-url: https://registry.npmjs.org - name: Setup DotNet uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 with: dotnet-version: ${{ env.DOTNETVERSION }} - name: Setup Python uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: ${{ env.PYTHONVERSION }} - name: Setup Java uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: ${{ env.JAVAVERSION }} distribution: temurin cache: gradle - name: Setup Gradle uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 with: gradle-version: "7.6" - name: Download provider uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: pulumi-${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin - name: UnTar provider binaries run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin - name: Restore Binary Permissions run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \; - name: Generate SDK run: make generate_${{ matrix.language }} - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- sdk/**/pulumi-plugin.json sdk/dotnet/*.*.csproj sdk/dotnet/version.txt sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml - name: Commit SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == 'pull_request' shell: bash run: > git diff --quiet -- sdk && echo "no changes to sdk" && exit git config --global user.email "bot@pulumi.com" git config --global user.name "pulumi-bot" # Stash local changes and check out the PR's branch directly. git stash git fetch git checkout "origin/$HEAD_REF" # Apply and add our changes, but don't commit any files we expect to # always change due to versioning. git stash pop git add sdk git reset sdk/python/*/pulumi-plugin.json \ sdk/python/pyproject.toml \ sdk/dotnet/pulumi-plugin.json \ sdk/dotnet/*.*.csproj \ sdk/dotnet/version.txt \ sdk/go/*/pulumi-plugin.json \ sdk/go/*/internal/pulumiUtilities.go \ sdk/nodejs/package.json git commit -m 'Commit SDK for Renovate' # Push with pulumi-bot credentials to trigger a re-run of the # workflow. https://github.com/orgs/community/discussions/25702 git push https://pulumi-bot:${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }}@github.com/${{ github.repository }} "HEAD:$HEAD_REF" env: HEAD_REF: ${{ github.head_ref }} - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . - name: Upload artifacts uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: ${{ matrix.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 with: author_name: Failure while building SDKs fields: repo,commit,author,action status: ${{ job.status }} env: SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} test: runs-on: pulumi-ubuntu-8core needs: - build_sdks strategy: fail-fast: true matrix: language: - nodejs - python - dotnet - go - java - yaml name: test permissions: contents: read id-token: write # For ESC secrets. steps: - name: Checkout Repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version: ${{ env.GOVERSION }} cache-dependency-path: "**/*.sum" - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 - name: Setup Node uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: ${{ env.NODEVERSION }} registry-url: https://registry.npmjs.org - name: Setup DotNet uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 with: dotnet-version: ${{ env.DOTNETVERSION }} - name: Setup Python uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: ${{ env.PYTHONVERSION }} - name: Setup Java uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: ${{ env.JAVAVERSION }} distribution: temurin cache: gradle - name: Setup Gradle uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 with: gradle-version: "7.6" - name: Download provider uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: pulumi-${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin - name: UnTar provider binaries run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin - name: Restore Binary Permissions run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \; - name: Download SDK if: ${{ matrix.language != 'yaml' }} uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: ${{ matrix.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: UnTar SDK folder if: ${{ matrix.language != 'yaml' }} run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ github.workspace}}/sdk/${{ matrix.language}} - name: Update path run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - name: Install Node dependencies run: yarn global add typescript - run: dotnet nuget add source ${{ github.workspace }}/nuget - name: Install Python deps run: |- pip3 install virtualenv==20.0.23 pip3 install pipenv - name: Install dependencies if: ${{ matrix.language != 'yaml' }} run: make install_${{ matrix.language}}_sdk - name: Generate Pulumi Access Token id: generate_pulumi_token uses: pulumi/auth-actions@1c89817aab0c66407723cdef72b05266e7376640 # v1.0.1 with: organization: pulumi requested-token-type: urn:pulumi:token-type:access_token:organization export-environment-variables: false - name: Export AWS Credentials uses: pulumi/esc-action@efb0bc8946938f0dfbfa00e829196ec95f0d0ea7 # v1.4.0 env: PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }} with: environment: logins/pulumi-ci - name: Authenticate to Google Cloud uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 with: workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} - name: Setup gcloud auth uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 with: install_components: gke-gcloud-auth-plugin - name: Install gotestfmt uses: GoTestTools/gotestfmt-action@v2 with: version: v2.5.0 token: ${{ secrets.GITHUB_TOKEN }} - name: Run tests run: >- set -euo pipefail cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . env: GTIHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 with: author_name: Failure in SDK tests fields: repo,commit,author,action status: ${{ job.status }} env: SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} publish: runs-on: ubuntu-latest needs: test name: publish permissions: contents: read id-token: write # For ESC secrets. steps: - name: Checkout Repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version: ${{ env.GOVERSION }} cache-dependency-path: "**/*.sum" - name: Clear GitHub Actions Ubuntu runner disk space uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false dotnet: false android: true haskell: true swap-storage: true large-packages: false - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 7200 role-session-name: ${{ env.PROVIDER }}@githubActions role-external-id: upload-pulumi-release role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }} - name: Run GoReleaser uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 env: GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }} AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }} AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }} AZURE_SIGNING_KEY_VAULT_URI: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI }} SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_KEY_VAULT_URI == '' }} GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} with: args: -p 3 release --clean --timeout 60m0s version: latest - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 with: author_name: Failure in publishing binaries fields: repo,commit,author,action status: ${{ job.status }} env: SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} publish_sdk: runs-on: ubuntu-latest needs: publish name: publish_sdks permissions: contents: read id-token: write # For ESC secrets. steps: - name: Checkout Repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Checkout Scripts Repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: path: ci-scripts repository: pulumi/scripts - run: echo "ci-scripts" >> .git/info/exclude - name: Install Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version: ${{ env.GOVERSION }} cache-dependency-path: "**/*.sum" - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 - name: Setup Node uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: ${{ env.NODEVERSION }} registry-url: https://registry.npmjs.org - name: Setup DotNet uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 with: dotnet-version: ${{ env.DOTNETVERSION }} - name: Setup Python uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: ${{ env.PYTHONVERSION }} - name: Download python SDK uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: python-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: Uncompress python SDK run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python - name: Download dotnet SDK uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: dotnet-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: Uncompress dotnet SDK run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet - name: Download nodejs SDK uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: nodejs-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: Uncompress nodejs SDK run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C ${{github.workspace}}/sdk/nodejs - name: Install Twine run: python -m pip install twine==5.0.0 - name: Publish SDKs run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} env: NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }} NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }} PYPI_PUBLISH_ARTIFACTS: all PYPI_USERNAME: __token__ PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }} - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0 with: author_name: Failure in publishing SDK fields: repo,commit,author,action status: ${{ job.status }} env: SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} publish_java_sdk: runs-on: ubuntu-latest continue-on-error: true needs: publish name: publish_java_sdk permissions: contents: read id-token: write # For ESC secrets. steps: - name: Checkout Repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - id: version name: Set Provider Version uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version: ${{ env.GOVERSION }} cache-dependency-path: "**/*.sum" - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e # v6.5.0 - name: Setup Java uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: ${{ env.JAVAVERSION }} distribution: temurin cache: gradle - name: Setup Gradle uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 with: gradle-version: "7.6" - name: Download java SDK uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: java-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: Uncompress java SDK run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C ${{github.workspace}}/sdk/java - name: Setup Gradle uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 with: gradle-version: "7.6" - name: Publish Java SDK run: gradle -p ./sdk/java publishToSonatype closeAndReleaseSonatypeStagingRepository env: PACKAGE_VERSION: ${{ env.PROVIDER_VERSION }} SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }} SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }} SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }} PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }} publish_go_sdk: runs-on: ubuntu-latest name: publish-go-sdk needs: publish_sdk steps: - name: Checkout Repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true - id: version name: Set Provider Version uses: pulumi/provider-version-action@f96d032a2758fdda7939e5728eff6c0d980ae894 # v1.6.0 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Download go SDK uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: go-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: Uncompress go SDK run: tar -zxf ${{github.workspace}}/sdk/go.tar.gz -C ${{github.workspace}}/sdk/go - name: Publish Go SDK uses: pulumi/publish-go-sdk-action@v1 with: repository: ${{ github.repository }} base-ref: ${{ github.sha }} source: sdk/go/dockerbuild path: sdk/go/dockerbuild version: ${{ steps.version.outputs.version }} additive: false files: "**" dispatch_docs_build: runs-on: ubuntu-latest needs: publish_go_sdk permissions: contents: read id-token: write # For ESC secrets. steps: - name: Checkout Repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 with: repo: pulumi/pulumictl - name: Dispatch Event run: pulumictl create docs-build pulumi-${{ env.PROVIDER }} "${GITHUB_REF#refs/tags/}" env: GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} name: dispatch_docs_build