Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update GitHub Actions workflows. #4920

Merged
merged 1 commit into from
Dec 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 11 additions & 3 deletions .github/actions/setup-tools/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,23 +14,31 @@ inputs:
dotnet
java
default: all
cache-go:
description: |
Whether to enable the GitHub cache for Go. Appropriate for disabling in
smaller jobs that typically completely before the "real" job has an
opportunity to populate the cache.
default: "true"

runs:
using: "composite"
steps:
- name: Install Go
if: inputs.tools == 'all' || contains(inputs.tools, 'go')
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version: "1.23.x"
cache-dependency-path: |
provider/*.sum
upstream/*.sum
sdk/*.sum
# TODO(https://github.com/actions/setup-go/issues/316): Restore but don't save the cache.
cache: ${{ inputs.cache-go }}

- name: Install pulumictl
if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl')
uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0
with:
tag: v0.0.46
repo: pulumi/pulumictl
Expand All @@ -43,7 +51,7 @@ runs:

- name: Install Schema Tools
if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools')
uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0
with:
repo: pulumi/schema-tools

Expand Down
27 changes: 26 additions & 1 deletion .github/workflows/build_provider.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ jobs:
env:
PROVIDER_VERSION: ${{ inputs.version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AZURE_SIGNING_CONFIGURED: ${{ secrets.AZURE_SIGNING_CLIENT_ID != '' && secrets.AZURE_SIGNING_CLIENT_SECRET != '' && secrets.AZURE_SIGNING_TENANT_ID != '' && secrets.AZURE_SIGNING_KEY_VAULT_URI != '' }}
strategy:
fail-fast: true
matrix:
Expand All @@ -37,6 +38,7 @@ jobs:
tool-cache: false
swap-storage: false
dotnet: false
large-packages: false
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
Expand All @@ -58,8 +60,31 @@ jobs:
path: provider/cmd/pulumi-resource-aws
- name: Restore makefile progress
run: make --touch provider schema
- name: Build & package provider

- name: Build provider
run: make "provider-${{ matrix.platform.os }}-${{ matrix.platform.arch }}"

- name: Sign windows provider
if: matrix.platform.os == 'windows' && env.AZURE_SIGNING_CONFIGURED == 'true'
run: |
az login --service-principal \
-u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \
-p ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} \
-t ${{ secrets.AZURE_SIGNING_TENANT_ID }} \
-o none;

wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar;

java -jar jsign-6.0.jar \
--storetype AZUREKEYVAULT \
--keystore "PulumiCodeSigning" \
--url ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} \
--storepass "$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken)" \
bin/windows-amd64/pulumi-resource-aws.exe;

- name: Package provider
run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }}

- name: Upload artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build_sdk.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ jobs:
submodules: true
persist-credentials: false
- name: Cache examples generation
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
with:
path: |
.pulumi/examples-cache
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/community-moderation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
- if: steps.sdk_changed.outputs.changed == 'true' &&
github.event.pull_request.head.repo.full_name != github.repository
name: Send codegen warning as comment on PR
uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
message: >
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/license.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ jobs:
uses: ./.github/actions/setup-tools
with:
tools: go
cache-go: false
- run: make upstream
- uses: pulumi/license-check-action@main
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
submodules: true
persist-credentials: false
- name: Install go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
# The versions of golangci-lint and setup-go here cross-depend and need to update together.
go-version: 1.23
Expand Down
101 changes: 4 additions & 97 deletions .github/workflows/master.yml
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,6 @@ jobs:
- build_provider
- test
- license_check
- upstream_lint
uses: ./.github/workflows/publish.yml
secrets: inherit
with:
Expand Down Expand Up @@ -127,106 +126,14 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

test:
name: test
uses: ./.github/workflows/test.yml
needs:
- prerequisites
- build_provider
- build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
env:
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }}
steps:
# Run as first step so we don't delete things that have just been installed
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
with:
tool-cache: false
swap-storage: false
dotnet: false
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: true
persist-credentials: false
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, ${{ matrix.language }}
- name: Prepare local workspace
run: make prepare_local_workspace
- name: Download bin
uses: ./.github/actions/download-bin
- name: Download SDK
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Restore makefile progress
run: make --touch provider schema build_${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Python deps
if: matrix.language == 'python'
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.5.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: ${{ env.AWS_REGION }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: aws@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Make upstream
run: make upstream
- name: Run tests
run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4
strategy:
fail-fast: false
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
upstream_lint:
name: Run upstream provider-lint
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
swap-storage: false
tool-cache: false
- name: Checkout Repo
uses: actions/checkout@v4
with:
ref: ${{ env.PR_COMMIT_SHA }}
submodules: true
- name: Install Go
uses: actions/setup-go@v5
with:
cache: false
go-version: 1.23.x
- name: Prepare local workspace
run: make prepare_local_workspace
- name: upstream lint
run: |
cd upstream
make provider-lint
timeout-minutes: 60
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}

name: master
on:
Expand Down
75 changes: 5 additions & 70 deletions .github/workflows/nightly-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,80 +45,15 @@ jobs:
version: ${{ needs.prerequisites.outputs.version }}

test:
name: test
uses: ./.github/workflows/test.yml
needs:
- prerequisites
- build_provider
- build_sdk
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
env:
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }}
steps:
# Run as first step so we don't delete things that have just been installed
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
with:
tool-cache: false
swap-storage: false
dotnet: false
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: true
persist-credentials: false
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, ${{ matrix.language}}
- name: Prepare local workspace
run: make prepare_local_workspace
- name: Download bin
uses: ./.github/actions/download-bin
- name: Download SDK
uses: ./.github/actions/download-sdk
with:
language: ${{ matrix.language }}
- name: Restore makefile progress
run: make --touch provider schema build_${{ matrix.language }}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Install Python deps
if: matrix.language == 'python'
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
version: v2.5.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: ${{ env.AWS_REGION }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-session-name: aws@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Make upstream
run: make upstream
- name: Run tests
run: cd examples && go test -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4
strategy:
fail-fast: false
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}

name: cron
on:
schedule:
Expand Down
Loading
Loading