# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt name: main # For consistency with bridged providers. on: push: branches: - master - main - feature-** paths-ignore: - CHANGELOG.md tags-ignore: - v* - sdk/* - "**" workflow_dispatch: {} env: PROVIDER: docker-build TRAVIS_OS_NAME: linux GOVERSION: "1.21.x" NODEVERSION: "20.x" PYTHONVERSION: "3.11.8" DOTNETVERSION: "8.0.x" JAVAVERSION: "11" GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: pulumi-ci@pulumi-ci-gcp-provider.iam.gserviceaccount.com GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT: pulumi-ci-gcp-provider GOOGLE_PROJECT_NUMBER: "895284651812" GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a PULUMI_API: https://api.pulumi-staging.io PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget TF_APPEND_USER_AGENT: pulumi jobs: prerequisites: runs-on: ubuntu-latest name: prerequisites permissions: id-token: write # For ESC secrets. pull-requests: write # For schema check comment. steps: - name: Checkout Repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - id: version name: Set Provider Version uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools with: cache: 'true' github_token: ${{ secrets.GITHUB_TOKEN }} - if: github.event_name == 'pull_request' name: Install Schema Tools uses: jaxxstorm/action-install-gh-release@25e24d2d23ae098373794ef1d6faecb48ee52da8 # v3.0.0 with: repo: pulumi/schema-tools - name: Build codegen binaries run: make codegen - name: Build Schema run: make generate_schema - if: github.event_name == 'pull_request' name: Check Schema is Valid run: >- { echo 'SCHEMA_CHANGES<> "$GITHUB_ENV" env: GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' name: Comment on PR with Details of Schema Check uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: message: | ${{ env.SCHEMA_CHANGES }} comment-tag: schemaCheck github-token: ${{ secrets.GITHUB_TOKEN }} - if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') && github.actor == 'pulumi-bot' name: Add label if no breaking changes uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 with: labels: impact/no-changelog-required number: ${{ github.event.issue.number }} github_token: ${{ secrets.GITHUB_TOKEN }} - name: Build Provider run: make provider - name: Check worktree clean id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- sdk/**/pulumi-plugin.json sdk/dotnet/*.*.csproj sdk/dotnet/version.txt sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml sdk/java/build.gradle - run: git status --porcelain - name: Tar provider binaries run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }} pulumi-gen-${{ env.PROVIDER}} - name: Upload artifacts uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: pulumi-${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz - name: Test Provider Library run: make test_provider env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload coverage reports to Codecov uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 env: CODECOV_TOKEN: ${{ steps.esc-secrets.outputs.CODECOV_TOKEN }} - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0 with: author_name: Failure in building provider prerequisites fields: repo,commit,author,action status: ${{ job.status }} env: SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} build_sdks: needs: prerequisites runs-on: pulumi-ubuntu-8core strategy: fail-fast: ${{ ! contains(github.actor, 'renovate') }} matrix: language: - nodejs - python - dotnet - go - java name: build_sdks permissions: pull-requests: write # For Renovate SDK updates. id-token: write # For ESC secrets. steps: - name: Checkout Repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - id: version name: Set Provider Version uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools with: github_token: ${{ steps.app-auth.outputs.token }} - name: Download Provider Binary uses: ./.github/actions/download-provider - name: Generate SDK run: make generate_${{ matrix.language }} - name: Build SDK run: make build_${{ matrix.language }} - name: Check worktree clean id: worktreeClean uses: pulumi/git-status-check-action@54000b91124a8dd9fd6a872cb41f5dd246a46e7c # v1.1.1 with: allowed-changes: |- sdk/**/pulumi-plugin.json sdk/dotnet/*.*.csproj sdk/dotnet/version.txt sdk/go/**/pulumiUtilities.go sdk/nodejs/package.json sdk/python/pyproject.toml sdk/java/build.gradle - run: git status --porcelain - name: Tar SDK folder run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . - name: Upload artifacts uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ matrix.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz retention-days: 30 - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0 with: author_name: Failure while building SDKs fields: repo,commit,author,action status: ${{ job.status }} env: SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} tag_release_if_labeled_needs_release: name: Tag release if labeled as needs-release needs: publish runs-on: ubuntu-latest permissions: contents: read id-token: write # For ESC secrets. steps: - name: Checkout Repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - name: check if this commit needs release if: ${{ env.RELEASE_BOT_ENDPOINT != '' }} uses: pulumi/action-release-by-pr-label@main with: command: "release-if-needed" repo: ${{ github.repository }} commit: ${{ github.sha }} slack_channel: C02MGR8JVST env: RELEASE_BOT_ENDPOINT: ${{ steps.esc-secrets.outputs.RELEASE_BOT_ENDPOINT }} RELEASE_BOT_KEY: ${{ steps.esc-secrets.outputs.RELEASE_BOT_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} test: runs-on: pulumi-ubuntu-8core needs: - build_sdks strategy: fail-fast: true matrix: language: - nodejs - python - dotnet - go - java - yaml name: test permissions: contents: read id-token: write # For ESC secrets and Pulumi access token OIDC. steps: - name: Checkout Repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - id: version name: Set Provider Version uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools with: github_token: ${{ steps.app-auth.outputs.token }} - name: Download Provider Binary uses: ./.github/actions/download-provider - name: Download SDK if: ${{ matrix.language != 'yaml' }} uses: ./.github/actions/download-sdk with: language: ${{ matrix.language }} - name: Update path run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - name: Install Node dependencies run: yarn global add typescript - run: dotnet nuget add source ${{ github.workspace }}/nuget - name: Install Python deps run: |- pip3 install virtualenv==20.0.23 pip3 install pipenv - name: Install dependencies if: ${{ matrix.language != 'yaml' }} run: make install_${{ matrix.language}}_sdk - name: Generate Pulumi Access Token id: generate_pulumi_token uses: pulumi/auth-actions@1c89817aab0c66407723cdef72b05266e7376640 # v1.0.1 with: organization: pulumi requested-token-type: urn:pulumi:token-type:access_token:organization export-environment-variables: false - name: Export AWS Credentials uses: pulumi/esc-action@f3cfbabf37488463817366338165b92b5f99117e env: PULUMI_ACCESS_TOKEN: ${{ steps.generate_pulumi_token.outputs.pulumi-access-token }} with: environment: logins/pulumi-ci - name: Authenticate to Google Cloud uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 with: workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{ env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }} - name: Setup gcloud auth uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 with: install_components: gke-gcloud-auth-plugin - name: Install gotestfmt uses: GoTestTools/gotestfmt-action@v2 with: version: v2.5.0 token: ${{ secrets.GITHUB_TOKEN }} - name: Run tests run: >- set -euo pipefail cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0 with: author_name: Failure in SDK tests fields: repo,commit,author,action status: ${{ job.status }} env: SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} publish: runs-on: ubuntu-latest needs: test name: publish permissions: contents: read id-token: write # For ESC secrets. steps: - name: Checkout Repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - id: version name: Set Provider Version uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools with: github_token: ${{ steps.app-auth.outputs.token }} - name: Clear GitHub Actions Ubuntu runner disk space uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false dotnet: false android: true haskell: true swap-storage: true large-packages: false - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 aws-secret-access-key: ${{ steps.esc-secrets.outputs.AWS_SECRET_ACCESS_KEY }} role-duration-seconds: 7200 role-session-name: ${{ env.PROVIDER }}@githubActions role-external-id: upload-pulumi-release role-to-assume: ${{ steps.esc-secrets.outputs.AWS_UPLOAD_ROLE_ARN }} - name: Run GoReleaser uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 env: GORELEASER_CURRENT_TAG: v${{ steps.version.outputs.version }} AZURE_SIGNING_CLIENT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID }} AZURE_SIGNING_CLIENT_SECRET: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET }} AZURE_SIGNING_TENANT_ID: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID }} AZURE_SIGNING_ACCOUNT_ENDPOINT: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT }} AZURE_SIGNING_ACCOUNT_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME }} AZURE_SIGNING_CERT_PROFILE_NAME: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME }} SKIP_SIGNING: ${{ steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CLIENT_SECRET == '' && steps.esc-secrets.outputs.AZURE_SIGNING_TENANT_ID == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_ENDPOINT == '' && steps.esc-secrets.outputs.AZURE_SIGNING_ACCOUNT_NAME == '' && steps.esc-secrets.outputs.AZURE_SIGNING_CERT_PROFILE_NAME == '' }} GITHUB_TOKEN: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} with: args: -p 3 -f .goreleaser.prerelease.yml --clean --skip=validate --timeout 60m0s version: latest - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0 with: author_name: Failure in publishing binaries fields: repo,commit,author,action status: ${{ job.status }} env: SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} publish_sdk: runs-on: ubuntu-latest needs: publish name: publish_sdk permissions: contents: read id-token: write # For ESC secrets. steps: - name: Checkout Repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: lfs: true - env: ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" ESC_ACTION_OIDC_AUTH: "true" ESC_ACTION_OIDC_ORGANIZATION: pulumi ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-auth with: app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - id: version name: Set Provider Version uses: pulumi/provider-version-action@3a647064cf4697c7c6352b9a1d9e554450cbe957 # v1.6.1 with: set-env: PROVIDER_VERSION env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Checkout Scripts Repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: ci-scripts repository: pulumi/scripts - run: echo "ci-scripts" >> .git/info/exclude - name: Setup Tools uses: ./.github/actions/setup-tools with: github_token: ${{ steps.app-auth.outputs.token }} - name: Download python SDK uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: python-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: Uncompress python SDK run: tar -zxf ${{github.workspace}}/sdk/python.tar.gz -C ${{github.workspace}}/sdk/python - name: Download dotnet SDK uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: dotnet-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: Uncompress dotnet SDK run: tar -zxf ${{github.workspace}}/sdk/dotnet.tar.gz -C ${{github.workspace}}/sdk/dotnet - name: Download nodejs SDK uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: nodejs-sdk.tar.gz path: ${{ github.workspace}}/sdk/ - name: Uncompress nodejs SDK run: tar -zxf ${{github.workspace}}/sdk/nodejs.tar.gz -C ${{github.workspace}}/sdk/nodejs - name: Install Twine run: python -m pip install twine==5.0.0 - name: Publish SDKs run: ./ci-scripts/ci/publish-tfgen-package ${{ github.workspace }} env: NUGET_PUBLISH_KEY: ${{ steps.esc-secrets.outputs.NUGET_PUBLISH_KEY }} NODE_AUTH_TOKEN: ${{ steps.esc-secrets.outputs.NPM_TOKEN }} PYPI_PUBLISH_ARTIFACTS: all PYPI_USERNAME: __token__ PYPI_PASSWORD: ${{ steps.esc-secrets.outputs.PYPI_API_TOKEN }} SIGNING_KEY_ID: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY_ID }} SIGNING_KEY: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_KEY }} SIGNING_PASSWORD: ${{ steps.esc-secrets.outputs.JAVA_SIGNING_PASSWORD }} PUBLISH_REPO_USERNAME: ${{ steps.esc-secrets.outputs.OSSRH_USERNAME }} PUBLISH_REPO_PASSWORD: ${{ steps.esc-secrets.outputs.OSSRH_PASSWORD }} - if: failure() && github.event_name == 'push' name: Notify Slack uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e # v3.19.0 with: author_name: Failure in publishing SDK fields: repo,commit,author,action status: ${{ job.status }} env: SLACK_WEBHOOK_URL: ${{ steps.esc-secrets.outputs.SLACK_WEBHOOK_URL }} lint: name: lint uses: ./.github/workflows/lint.yml secrets: inherit