# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt name: run-acceptance-tests on: repository_dispatch: types: - run-acceptance-tests-command pull_request: branches: - master - main paths-ignore: - CHANGELOG.md workflow_dispatch: {} env: GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} PROVIDER: dockerbuild PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} PYPI_USERNAME: __token__ PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} TRAVIS_OS_NAME: linux SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} GOVERSION: 1.21.x NODEVERSION: 16.x PYTHONVERSION: "3.11" DOTNETVERSION: | 6.0.x 3.1.301 JAVAVERSION: "11" AWS_REGION: us-west-2 PULUMI_API: https://api.pulumi-staging.io ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} AZURE_LOCATION: westus DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} GOLANGCI_LINT_TIMEOUT: 10m GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider GOOGLE_PROJECT_NUMBER: 895284651812 GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} jobs: comment-notification: runs-on: ubuntu-latest name: comment-notification steps: - name: Create URL to the run output id: vars run: echo run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID >> "$GITHUB_OUTPUT" - name: Update with Result uses: peter-evans/create-or-update-comment@v1 with: token: ${{ secrets.PULUMI_BOT_TOKEN }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} issue-number: ${{ github.event.client_payload.github.payload.issue.number }} body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}" if: github.event_name == 'repository_dispatch' prerequisites: runs-on: ubuntu-latest name: prerequisites steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true ref: ${{ env.PR_COMMIT_SHA }} - name: Checkout Scripts Repo uses: actions/checkout@v4 with: path: ci-scripts repository: pulumi/scripts - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go uses: actions/setup-go@v5 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@v1.11.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@v5 - if: github.event_name == 'pull_request' name: Install Schema Tools uses: jaxxstorm/action-install-gh-release@v1.11.0 with: repo: pulumi/schema-tools - name: Build codegen binaries run: make codegen - name: Build Schema run: make generate_schema - if: github.event_name == 'pull_request' name: Check Schema is Valid run: >- echo 'SCHEMA_CHANGES<> $GITHUB_ENV schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV echo 'EOF' >> $GITHUB_ENV - if: github.event_name == 'pull_request' name: Comment on PR with Details of Schema Check uses: thollander/actions-comment-pull-request@v2 with: message: | ${{ env.SCHEMA_CHANGES }} comment_tag: schemaCheck GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && github.actor == 'pulumi-bot' name: Add label if no breaking changes uses: actions-ecosystem/action-add-labels@v1.1.0 with: labels: impact/no-changelog-required number: ${{ github.event.issue.number }} github_token: ${{ secrets.GITHUB_TOKEN }} - name: Build Provider run: make provider - name: Check worktree clean run: ./ci-scripts/ci/check-worktree-is-clean - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} pulumi-gen-${{ env.PROVIDER}} - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: pulumi-${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz - name: Test Provider Library run: make test_provider - name: Upload coverage reports to Codecov uses: codecov/codecov-action@v4 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@v3 with: author_name: Failure in building provider prerequisites fields: repo,commit,author,action status: ${{ job.status }} if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository build_sdks: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: fail-fast: true matrix: language: - nodejs - python - dotnet - go - java name: build_sdks steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true ref: ${{ env.PR_COMMIT_SHA }} - name: Checkout Scripts Repo uses: actions/checkout@v4 with: path: ci-scripts repository: pulumi/scripts - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go uses: actions/setup-go@v5 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@v1.11.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@v5 - name: Setup Node uses: actions/setup-node@v4 with: node-version: ${{ env.NODEVERSION }} registry-url: https://registry.npmjs.org - name: Setup DotNet uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.DOTNETVERSION }} - name: Setup Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHONVERSION }} - name: Setup Java uses: actions/setup-java@v4 with: java-version: ${{ env.JAVAVERSION }} distribution: temurin cache: gradle - name: Setup Gradle uses: gradle/gradle-build-action@v3 with: gradle-version: "7.6" - name: Download provider + tfgen binaries uses: actions/download-artifact@v4 with: name: pulumi-${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin - name: UnTar provider binaries run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin - name: Restore Binary Permissions run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \; - name: Generate SDK run: make generate_${{ matrix.language }} - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean run: ./ci-scripts/ci/check-worktree-is-clean - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: ${{ matrix.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz retention-days: 30 - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@v3 with: author_name: Failure while building SDKs fields: repo,commit,author,action status: ${{ job.status }} if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository test: runs-on: pulumi-ubuntu-8core needs: - build_sdks strategy: fail-fast: true matrix: language: - nodejs - python - dotnet - go - java name: test permissions: contents: read id-token: write steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true ref: ${{ env.PR_COMMIT_SHA }} - name: Checkout Scripts Repo uses: actions/checkout@v4 with: path: ci-scripts repository: pulumi/scripts - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go uses: actions/setup-go@v5 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl uses: jaxxstorm/action-install-gh-release@v1.11.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI uses: pulumi/actions@v5 - name: Setup Node uses: actions/setup-node@v4 with: node-version: ${{ env.NODEVERSION }} registry-url: https://registry.npmjs.org - name: Setup DotNet uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.DOTNETVERSION }} - name: Setup Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHONVERSION }} - name: Setup Java uses: actions/setup-java@v4 with: java-version: ${{ env.JAVAVERSION }} distribution: temurin cache: gradle - name: Setup Gradle uses: gradle/gradle-build-action@v3 with: gradle-version: "7.6" - name: Download provider + tfgen binaries uses: actions/download-artifact@v4 with: name: pulumi-${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin - name: UnTar provider binaries run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin - name: Restore Binary Permissions run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \; - name: Download SDK uses: actions/download-artifact@v4 with: name: ${{ matrix.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: UnTar SDK folder run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{ github.workspace}}/sdk/${{ matrix.language}} - name: Update path run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - name: Install Node dependencies run: yarn global add typescript - run: dotnet nuget add source ${{ github.workspace }}/nuget - name: Install Python deps run: |- pip3 install virtualenv==20.0.23 pip3 install pipenv - name: Install dependencies run: make install_${{ matrix.language}}_sdk - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: ${{ env.AWS_REGION }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 3600 role-session-name: ${{ env.PROVIDER }}@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - name: Authenticate to Google Cloud uses: google-github-actions/auth@v0 with: workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} - name: Setup gcloud auth uses: google-github-actions/setup-gcloud@v2 with: install_components: gke-gcloud-auth-plugin - name: Install gotestfmt uses: GoTestTools/gotestfmt-action@v2 with: version: v2.5.0 token: ${{ secrets.GITHUB_TOKEN }} - name: Run tests run: >- set -euo pipefail cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@v3 with: author_name: Failure in SDK tests fields: repo,commit,author,action status: ${{ job.status }} if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository sentinel: runs-on: ubuntu-latest name: sentinel steps: - name: Is workflow a success run: echo yes if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository needs: - test - lint lint: runs-on: ubuntu-latest steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true ref: ${{ env.PR_COMMIT_SHA }} - name: Install Go uses: actions/setup-go@v5 with: go-version: ${{ env.GOVERSION }} - name: golangci-lint provider pkg uses: golangci/golangci-lint-action@v4 with: version: ${{ env.GOLANGCI_LINT_VERSION }} args: -c ../.golangci.yml --timeout ${{ env.GOLANGCI_LINT_TIMEOUT }} working-directory: provider name: lint if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository