# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt name: build on: push: branches: - master - main - feature-** paths-ignore: - CHANGELOG.md tags-ignore: - v* - sdk/* - "**" workflow_dispatch: {} env: GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} PROVIDER: dockerbuild PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} PYPI_USERNAME: __token__ PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} TRAVIS_OS_NAME: linux SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} GOVERSION: 1.21.x NODEVERSION: 16.x PYTHONVERSION: "3.11" DOTNETVERSION: | 6.0.x 3.1.301 JAVAVERSION: "11" AWS_REGION: us-west-2 PULUMI_API: https://api.pulumi-staging.io ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} AZURE_LOCATION: westus DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} GOLANGCI_LINT_TIMEOUT: 10m GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider GOOGLE_PROJECT_NUMBER: 895284651812 GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} jobs: prerequisites: runs-on: ubuntu-latest name: prerequisites steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true - name: Checkout Scripts Repo uses: actions/checkout@v4 with: path: ci-scripts repository: pulumi/scripts - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go uses: actions/setup-go@v5 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@v1.11.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@v5 - if: github.event_name == 'pull_request' name: Install Schema Tools uses: jaxxstorm/action-install-gh-release@v1.11.0 with: repo: pulumi/schema-tools - name: Build codegen binaries run: make codegen - name: Build Schema run: make generate_schema - if: github.event_name == 'pull_request' name: Check Schema is Valid run: >- echo 'SCHEMA_CHANGES<> $GITHUB_ENV schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV echo 'EOF' >> $GITHUB_ENV - if: github.event_name == 'pull_request' name: Comment on PR with Details of Schema Check uses: thollander/actions-comment-pull-request@v2 with: message: | ${{ env.SCHEMA_CHANGES }} comment_tag: schemaCheck GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && github.actor == 'pulumi-bot' name: Add label if no breaking changes uses: actions-ecosystem/action-add-labels@v1.1.0 with: labels: impact/no-changelog-required number: ${{ github.event.issue.number }} github_token: ${{ secrets.GITHUB_TOKEN }} - name: Build Provider run: make provider - name: Check worktree clean run: ./ci-scripts/ci/check-worktree-is-clean - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} pulumi-gen-${{ env.PROVIDER}} - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: pulumi-${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz - name: Test Provider Library run: make test_provider - name: Upload coverage reports to Codecov uses: codecov/codecov-action@v4 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@v3 with: author_name: Failure in building provider prerequisites fields: repo,commit,author,action status: ${{ job.status }} build_sdks: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: fail-fast: true matrix: language: - nodejs - python - dotnet - go - java name: build_sdks steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true - name: Checkout Scripts Repo uses: actions/checkout@v4 with: path: ci-scripts repository: pulumi/scripts - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go uses: actions/setup-go@v5 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@v1.11.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@v5 - name: Setup Node uses: actions/setup-node@v4 with: node-version: ${{ env.NODEVERSION }} registry-url: https://registry.npmjs.org - name: Setup DotNet uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.DOTNETVERSION }} - name: Setup Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHONVERSION }} - name: Setup Java uses: actions/setup-java@v4 with: java-version: ${{ env.JAVAVERSION }} distribution: temurin cache: gradle - name: Setup Gradle uses: gradle/gradle-build-action@v3 with: gradle-version: "7.6" - name: Download provider + tfgen binaries uses: actions/download-artifact@v4 with: name: pulumi-${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin - name: UnTar provider binaries run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin - name: Restore Binary Permissions run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \; - name: Generate SDK run: make generate_${{ matrix.language }} - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean run: ./ci-scripts/ci/check-worktree-is-clean - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: ${{ matrix.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz retention-days: 30 - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@v3 with: author_name: Failure while building SDKs fields: repo,commit,author,action status: ${{ job.status }} test: runs-on: pulumi-ubuntu-8core needs: - build_sdks strategy: fail-fast: true matrix: language: - nodejs - python - dotnet - go - java name: test permissions: contents: read id-token: write steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true - name: Checkout Scripts Repo uses: actions/checkout@v4 with: path: ci-scripts repository: pulumi/scripts - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go uses: actions/setup-go@v5 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@v1.11.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@v5 - name: Setup Node uses: actions/setup-node@v4 with: node-version: ${{ env.NODEVERSION }} registry-url: https://registry.npmjs.org - name: Setup DotNet uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.DOTNETVERSION }} - name: Setup Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHONVERSION }} - name: Setup Java uses: actions/setup-java@v4 with: java-version: ${{ env.JAVAVERSION }} distribution: temurin cache: gradle - name: Setup Gradle uses: gradle/gradle-build-action@v3 with: gradle-version: "7.6" - name: Download provider + tfgen binaries uses: actions/download-artifact@v4 with: name: pulumi-${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin - name: UnTar provider binaries run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin - name: Restore Binary Permissions run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \; - name: Download SDK uses: actions/download-artifact@v4 with: name: ${{ matrix.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: UnTar SDK folder run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ github.workspace}}/sdk/${{ matrix.language}} - name: Update path run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - name: Install Node dependencies run: yarn global add typescript - run: dotnet nuget add source ${{ github.workspace }}/nuget - name: Install Python deps run: |- pip3 install virtualenv==20.0.23 pip3 install pipenv - name: Install dependencies run: make install_${{ matrix.language}}_sdk - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: ${{ env.AWS_REGION }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 3600 role-session-name: ${{ env.PROVIDER }}@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - name: Authenticate to Google Cloud uses: google-github-actions/auth@v0 with: workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} - name: Setup gcloud auth uses: google-github-actions/setup-gcloud@v2 with: install_components: gke-gcloud-auth-plugin - name: Install gotestfmt uses: GoTestTools/gotestfmt-action@v2 with: version: v2.5.0 token: ${{ secrets.GITHUB_TOKEN }} - name: Run tests run: >- set -euo pipefail cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@v3 with: author_name: Failure in SDK tests fields: repo,commit,author,action status: ${{ job.status }} publish: runs-on: ubuntu-latest needs: test name: publish steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go uses: actions/setup-go@v5 with: go-version: ${{ env.GOVERSION }} - name: Clear GitHub Actions Ubuntu runner disk space uses: jlumbroso/free-disk-space@v1.3.1 with: tool-cache: false dotnet: false android: true haskell: true swap-storage: true large-packages: false - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@v1.11.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@v5 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 7200 role-session-name: ${{ env.PROVIDER }}@githubActions role-external-id: upload-pulumi-release role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }} - name: Set PreRelease Version run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)" >> $GITHUB_ENV - name: Run GoReleaser uses: goreleaser/goreleaser-action@v5 with: args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s version: latest - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@v3 with: author_name: Failure in publishing binaries fields: repo,commit,author,action status: ${{ job.status }} publish_sdk: runs-on: ubuntu-latest needs: publish name: publish_sdk steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true - name: Checkout Scripts Repo uses: actions/checkout@v4 with: path: ci-scripts repository: pulumi/scripts - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go uses: actions/setup-go@v5 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@v1.11.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@v5 - name: Setup Node uses: actions/setup-node@v4 with: node-version: ${{ env.NODEVERSION }} registry-url: https://registry.npmjs.org - name: Setup DotNet uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.DOTNETVERSION }} - name: Setup Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHONVERSION }} - name: Download python SDK uses: actions/download-artifact@v4 with: name: python-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: Uncompress python SDK run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python - name: Download dotnet SDK uses: actions/download-artifact@v4 with: name: dotnet-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: Uncompress dotnet SDK run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet - name: Download nodejs SDK uses: actions/download-artifact@v4 with: name: nodejs-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: Uncompress nodejs SDK run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C ${{github.workspace}}/sdk/nodejs - name: Install Twine run: python -m pip install pip twine - name: Publish SDKs run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} PYPI_PUBLISH_ARTIFACTS: all - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@v3 with: author_name: Failure in publishing SDK fields: repo,commit,author,action status: ${{ job.status }} publish_java_sdk: runs-on: ubuntu-latest continue-on-error: true needs: publish name: publish_java_sdk steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true - name: Checkout Scripts Repo uses: actions/checkout@v4 with: path: ci-scripts repository: pulumi/scripts - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go uses: actions/setup-go@v5 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@v1.11.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@v5 - name: Setup Java uses: actions/setup-java@v4 with: java-version: ${{ env.JAVAVERSION }} distribution: temurin cache: gradle - name: Setup Gradle uses: gradle/gradle-build-action@v3 with: gradle-version: "7.6" - name: Download java SDK uses: actions/download-artifact@v4 with: name: java-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: Uncompress java SDK run: tar -zxf ${{github.workspace}}/sdk/java.tar.gz -C ${{github.workspace}}/sdk/java - name: Set PACKAGE_VERSION to Env run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >> $GITHUB_ENV - name: Publish Java SDK uses: gradle/gradle-build-action@v3 with: arguments: publishToSonatype closeAndReleaseSonatypeStagingRepository build-root-directory: ./sdk/java gradle-version: 7.4.1 lint: runs-on: ubuntu-latest steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true ref: ${{ env.PR_COMMIT_SHA }} - name: Install Go uses: actions/setup-go@v5 with: go-version: ${{ env.GOVERSION }} - name: golangci-lint provider pkg uses: golangci/golangci-lint-action@v4 with: version: ${{ env.GOLANGCI_LINT_VERSION }} args: -c ../.golangci.yml --timeout ${{ env.GOLANGCI_LINT_TIMEOUT }} working-directory: provider name: lint if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository