Skip to content

Commit

Permalink
Update GitHub Actions workflows. (#537)
Browse files Browse the repository at this point in the history
This PR was automatically generated by the
update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt
repo, from commit 57219950805273c97b591da6e009acfbf6a74430.
  • Loading branch information
pulumi-bot authored Jun 29, 2024
1 parent 2fcfcbf commit afd7aa6
Show file tree
Hide file tree
Showing 5 changed files with 202 additions and 278 deletions.
62 changes: 8 additions & 54 deletions .github/workflows/master.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,63 +92,16 @@ jobs:
- prerequisites
- test
- license_check
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/[email protected]
with:
# this might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tool-cache: false
swap-storage: false
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, go
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-external-id: upload-pulumi-release
role-session-name: keycloak@githubActions
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
env:
GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }}
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }}
with:
args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout
60m0s
version: latest

publish_sdk:
name: publish_sdk
needs:
- prerequisites
- publish
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumicli, pulumictl, go, node, dotnet, python, java
- name: Publish SDKs
uses: pulumi/[email protected]
with:
sdk: all
version: ${{ needs.prerequisites.outputs.version }}
uses: ./.github/workflows/publish.yml
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}
isPrerelease: true
skipGoSdk: true

tag_release_if_labeled_needs_release:
name: Tag release if labeled as needs-release
needs: publish_sdk
needs: publish
runs-on: ubuntu-latest
steps:
- name: check if this commit needs release
Expand Down Expand Up @@ -222,6 +175,7 @@ jobs:
- java
name: master
on:
workflow_dispatch: {}
push:
branches:
- master
Expand Down
102 changes: 6 additions & 96 deletions .github/workflows/prerelease.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,89 +55,12 @@ jobs:
- prerequisites
- test
- license_check
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/[email protected]
with:
# this might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tool-cache: false
swap-storage: false
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, go
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-external-id: upload-pulumi-release
role-session-name: keycloak@githubActions
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
env:
GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }}
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }}
with:
args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout
60m0s
version: latest
publish_sdk:
name: publish_sdk
needs:
- prerequisites
- publish
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumicli, pulumictl, go, node, dotnet, python, java
- name: Publish SDKs
uses: pulumi/[email protected]
with:
sdk: all
version: ${{ needs.prerequisites.outputs.version }}
publish_go_sdk:
name: publish_go_sdk
needs:
- prerequisites
- publish_sdk
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Download Go SDK
uses: actions/download-artifact@v4
with:
name: go-sdk.tar.gz
path: ${{ github.workspace }}/sdk/
- name: Uncompress Go SDK
run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C
${{ github.workspace }}/sdk/go
shell: bash
- uses: pulumi/publish-go-sdk-action@v1
with:
repository: ${{ github.repository }}
base-ref: ${{ github.sha }}
source: sdk
path: sdk
version: ${{ needs.prerequisites.outputs.version }}
additive: false
# Avoid including other language SDKs & artifacts in the commit
files: |
go.*
go/**
!*.tar.gz
uses: ./.github/workflows/publish.yml
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}
isPrerelease: true

test:
name: test
needs:
Expand Down Expand Up @@ -195,19 +118,6 @@ jobs:
- dotnet
- go
- java
verify-release:
name: verify-release
needs:
- prerequisites
- publish
- publish_sdk
- publish_go_sdk
uses: ./.github/workflows/verify-release.yml
secrets: inherit
with:
providerVersion: ${{ needs.prerequisites.outputs.version }}
# Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release.
enableMacosRunner: false

name: prerelease
on:
Expand Down
178 changes: 178 additions & 0 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,178 @@
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
name: Publish

on:
workflow_call:
inputs:
version:
required: true
type: string
isPrerelease:
required: true
type: boolean
skipGoSdk:
default: false
type: boolean
description: Skip publishing & verifying the Go SDK

env:
IS_PRERELEASE: ${{ inputs.isPrerelease }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
KEYCLOAK_CLIENT_ID: terraform
KEYCLOAK_CLIENT_SECRET: 884e0f95-0f42-4a63-9b1f-94274655669e
KEYCLOAK_PASSWORD: password
KEYCLOAK_URL: http://localhost:8080
KEYCLOAK_USER: keycloak
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
PYPI_USERNAME: __token__
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
TF_APPEND_USER_AGENT: pulumi

jobs:
publish:
name: publish
runs-on: ubuntu-latest
steps:
- name: Validate prerelease
if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+'))
run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1
- name: Validate skipGoSdk
if: inputs.skipGoSdk && inputs.isPrerelease == false
run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/[email protected]
with:
# this might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tool-cache: false
swap-storage: false
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, go
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-external-id: upload-pulumi-release
role-session-name: keycloak@githubActions
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
if: inputs.isPrerelease == false
uses: goreleaser/goreleaser-action@v5
env:
GORELEASER_CURRENT_TAG: v${{ inputs.version }}
PROVIDER_VERSION: ${{ inputs.version }}
with:
args: -p 3 release --rm-dist --timeout 60m0s
version: latest
- name: Run GoReleaser (prerelease)
if: inputs.isPrerelease == true
uses: goreleaser/goreleaser-action@v5
env:
GORELEASER_CURRENT_TAG: v${{ inputs.version }}
PROVIDER_VERSION: ${{ inputs.version }}
with:
args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout
60m0s
version: latest

publish_sdk:
name: publish_sdk
needs: publish
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, go, node, dotnet, python, java
- name: Publish SDKs
uses: pulumi/[email protected]
with:
sdk: all
version: ${{ inputs.version }}
- name: Download Go SDK
uses: ./.github/actions/download-sdk
with:
language: go
- uses: pulumi/publish-go-sdk-action@v1
if: inputs.skipGoSdk == false
with:
repository: ${{ github.repository }}
base-ref: ${{ github.sha }}
source: sdk
path: sdk
version: ${{ inputs.version }}
additive: false
# Avoid including other language SDKs & artifacts in the commit
files: |
go.*
go/**
!*.tar.gz
create_docs_build:
name: create_docs_build
needs: publish_sdk
# Only run for non-prerelease, if the publish_go_sdk job was successful or skipped
if: inputs.isPrerelease == false
runs-on: ubuntu-latest
steps:
- name: Dispatch Metadata build
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.PULUMI_BOT_TOKEN }}
repository: pulumi/registry
event-type: resource-provider
client-payload: |-
{
"project": "${{ github.repository }}",
"project-shortname": "keycloak",
"ref": "${{ github.ref_name }}"
}
clean_up_release_labels:
name: Clean up release labels
# Only run for non-prerelease, if the publish_go_sdk job was successful or skipped
if: inputs.isPrerelease == false
needs: create_docs_build

runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Clean up release labels
uses: pulumi/action-release-by-pr-label@main
with:
command: "clean-up-release-labels"
repo: ${{ github.repository }}
commit: ${{ github.sha }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

verify_release:
name: verify_release
needs: publish_sdk
uses: ./.github/workflows/verify-release.yml
secrets: inherit
with:
providerVersion: ${{ inputs.version }}
# Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release.
enableMacosRunner: ${{ inputs.isPrerelease == false }}
skipGoSdk: ${{ inputs.skipGoSdk }}
Loading

0 comments on commit afd7aa6

Please sign in to comment.