# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt name: run-acceptance-tests on: repository_dispatch: types: - run-acceptance-tests-command pull_request: paths-ignore: - CHANGELOG.md workflow_dispatch: {} env: GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} PROVIDER: docker-build PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} PYPI_USERNAME: __token__ PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} TRAVIS_OS_NAME: linux SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} AWS_REGION: us-west-2 PULUMI_API: https://api.pulumi-staging.io ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} AZURE_LOCATION: westus DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }} GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider GOOGLE_PROJECT_NUMBER: 895284651812 GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} jobs: comment-notification: runs-on: ubuntu-latest name: comment-notification steps: - name: Create URL to the run output id: vars run: echo run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID >> "$GITHUB_OUTPUT" - name: Update with Result uses: peter-evans/create-or-update-comment@v1 with: token: ${{ secrets.PULUMI_BOT_TOKEN }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} issue-number: ${{ github.event.client_payload.github.payload.issue.number }} body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}" if: github.event_name == 'repository_dispatch' prerequisites: if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository runs-on: ubuntu-latest permissions: contents: read id-token: write actions: write # For telemetry. pull-requests: write # For schema comment. steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true ref: ${{ env.PR_COMMIT_SHA }} - name: Setup tools uses: ./.github/actions/setup-tools - id: version name: Set Provider Version uses: pulumi/provider-version-action@v1 with: set-env: PROVIDER_VERSION - name: Build codegen binaries run: make codegen - name: Build Schema run: make generate_schema - if: github.event_name == 'pull_request' name: Check Schema is Valid run: >- echo 'SCHEMA_CHANGES<> $GITHUB_ENV schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV echo 'EOF' >> $GITHUB_ENV env: GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} - if: github.event_name == 'pull_request' name: Comment on PR with Details of Schema Check uses: thollander/actions-comment-pull-request@v2 with: message: | ${{ env.SCHEMA_CHANGES }} comment_tag: schemaCheck GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && github.actor == 'pulumi-bot' name: Add label if no breaking changes uses: actions-ecosystem/action-add-labels@v1.1.0 with: labels: impact/no-changelog-required number: ${{ github.event.issue.number }} github_token: ${{ secrets.GITHUB_TOKEN }} - name: Build Provider run: make provider - name: Check worktree clean uses: pulumi/git-status-check-action@v1 with: allowed-changes: |- sdk/**/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} pulumi-gen-${{ env.PROVIDER}} - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: pulumi-${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz - name: Test Provider Library run: make test_provider - name: Upload coverage reports to Codecov uses: codecov/codecov-action@v4 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@v3 with: author_name: Failure in building provider prerequisites fields: repo,commit,author,action status: ${{ job.status }} - name: Generate & Build SDK run: mise run sdk - name: Check worktree clean uses: pulumi/git-status-check-action@v1 with: allowed-changes: |- sdk/**/pulumi-plugin.json sdk/dotnet/Pulumi.*.csproj sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk.tar.gz -C sdk . - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: sdk.tar.gz path: ${{ github.workspace}}/sdk.tar.gz retention-days: 30 - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@v3 with: author_name: Failure while building SDKs fields: repo,commit,author,action status: ${{ job.status }} test: runs-on: ubuntu-latest permissions: contents: read id-token: write actions: write # For telemetry. needs: - prerequisites strategy: fail-fast: true matrix: shard: [0, 1, 2, 3, 4, 5, 6, 7] steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true ref: ${{ env.PR_COMMIT_SHA }} - name: Setup tools uses: ./.github/actions/setup-tools - id: version name: Set Provider Version uses: pulumi/provider-version-action@v1 with: set-env: PROVIDER_VERSION - name: Download provider + tfgen binaries uses: actions/download-artifact@v4 with: name: pulumi-${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin - name: UnTar provider binaries run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin - name: Restore Binary Permissions run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \; - name: Download SDK uses: actions/download-artifact@v4 with: name: sdk.tar.gz path: ${{ github.workspace}} - name: UnTar SDK folder run: tar -zxf ${{ github.workspace}}/sdk.tar.gz -C ${{github.workspace}}/sdk - name: Update path run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - name: Install Node dependencies run: yarn global add typescript - run: dotnet nuget add source ${{ github.workspace }}/nuget - name: Install dependencies run: mise run install - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: ${{ env.AWS_REGION }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 3600 role-session-name: ${{ env.PROVIDER }}@githubActions role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} - name: Authenticate to Google Cloud uses: google-github-actions/auth@v0 with: workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} - name: Setup gcloud auth uses: google-github-actions/setup-gcloud@v2 with: skip_install: true - name: Shard tests run: mise run "test:examples:shard" -- --total ${{ strategy.job-total }} --index ${{ strategy.job-index }} > go-test - name: Run tests run: mise run "test:examples" $(cat go-test) 2>&1 | tee /tmp/gotest.log | gotestfmt - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@v3 with: author_name: Failure in SDK tests fields: repo,commit,author,action status: ${{ job.status }} if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository sentinel: runs-on: ubuntu-latest name: sentinel steps: - name: Mark workflow as successful uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 with: authToken: ${{ secrets.GITHUB_TOKEN }} context: Sentinel state: success description: Sentinel checks passed sha: ${{ github.event.pull_request.head.sha || github.sha }} if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository needs: - test - lint lint: if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository runs-on: ubuntu-latest permissions: contents: read id-token: write actions: write # For telemetry. steps: - name: Checkout Repo uses: actions/checkout@v4 with: lfs: true ref: ${{ env.PR_COMMIT_SHA }} - name: Setup tools uses: ./.github/actions/setup-tools - run: make lint