.github/workflows/build_provider.yml

name: "Build Provider"

on:
  workflow_call:
    inputs:
      version:
        required: true
        type: string
        description: Version of the provider to build

jobs:
  build_provider:
    name: Build ${{ matrix.platform.os }}-${{ matrix.platform.arch }}
    runs-on: ubuntu-latest
    env:
      PROVIDER_VERSION: ${{ inputs.version }}
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      AZURE_SIGNING_CONFIGURED: ${{ secrets.AZURE_SIGNING_CLIENT_ID != '' && secrets.AZURE_SIGNING_CLIENT_SECRET != '' && secrets.AZURE_SIGNING_TENANT_ID != '' && secrets.AZURE_SIGNING_KEY_VAULT_URI != '' }}
    strategy:
      fail-fast: true
      matrix:
        platform:
          - os: linux
            arch: amd64
          - os: linux
            arch: arm64
          - os: darwin
            arch: amd64
          - os: darwin
            arch: arm64
          - os: windows
            arch: amd64
    steps:
      - name: Checkout Repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Setup tools
        uses: ./.github/actions/setup-tools
        with:
          tools: pulumictl, go
      - name: Prepare local workspace before restoring previously built
        run: make prepare_local_workspace
      - name: Download schema-embed.json
        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          # Use a pattern to avoid failing if the artifact doesn't exist
          pattern: schema-embed.*
          # Avoid creating directories for each artifact
          merge-multiple: true
          path: provider/cmd/pulumi-resource-fastly
      - name: Restore makefile progress
        run: make --touch provider schema

      - name: Build provider
        run: make "provider-${{ matrix.platform.os }}-${{ matrix.platform.arch }}"

      - name: Sign windows provider
        if: matrix.platform.os == 'windows' && env.AZURE_SIGNING_CONFIGURED == 'true'
        run: |
          az login --service-principal \
            -u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \
            -p ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} \
            -t ${{ secrets.AZURE_SIGNING_TENANT_ID }} \
            -o none;

          wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar;

          java -jar jsign-6.0.jar \
             --storetype AZUREKEYVAULT \
             --keystore "PulumiCodeSigning" \
             --url ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} \
             --storepass "$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken)" \
             bin/windows-amd64/pulumi-resource-fastly.exe;

      - name: Package provider
        run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }}

      - name: Upload artifacts
        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: pulumi-resource-fastly-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz
          path: bin/pulumi-resource-fastly-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz
          retention-days: 30