Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update GitHub Actions workflows. #537

Merged
merged 1 commit into from
Jun 29, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 8 additions & 54 deletions .github/workflows/master.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,63 +92,16 @@ jobs:
- prerequisites
- test
- license_check
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/[email protected]
with:
# this might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tool-cache: false
swap-storage: false
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, go
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-external-id: upload-pulumi-release
role-session-name: keycloak@githubActions
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
env:
GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }}
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }}
with:
args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout
60m0s
version: latest

publish_sdk:
name: publish_sdk
needs:
- prerequisites
- publish
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumicli, pulumictl, go, node, dotnet, python, java
- name: Publish SDKs
uses: pulumi/[email protected]
with:
sdk: all
version: ${{ needs.prerequisites.outputs.version }}
uses: ./.github/workflows/publish.yml
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}
isPrerelease: true
skipGoSdk: true

tag_release_if_labeled_needs_release:
name: Tag release if labeled as needs-release
needs: publish_sdk
needs: publish
runs-on: ubuntu-latest
steps:
- name: check if this commit needs release
Expand Down Expand Up @@ -222,6 +175,7 @@ jobs:
- java
name: master
on:
workflow_dispatch: {}
push:
branches:
- master
Expand Down
102 changes: 6 additions & 96 deletions .github/workflows/prerelease.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,89 +55,12 @@ jobs:
- prerequisites
- test
- license_check
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/[email protected]
with:
# this might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tool-cache: false
swap-storage: false
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, go
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-external-id: upload-pulumi-release
role-session-name: keycloak@githubActions
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
env:
GORELEASER_CURRENT_TAG: v${{ needs.prerequisites.outputs.version }}
PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }}
with:
args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout
60m0s
version: latest
publish_sdk:
name: publish_sdk
needs:
- prerequisites
- publish
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumicli, pulumictl, go, node, dotnet, python, java
- name: Publish SDKs
uses: pulumi/[email protected]
with:
sdk: all
version: ${{ needs.prerequisites.outputs.version }}
publish_go_sdk:
name: publish_go_sdk
needs:
- prerequisites
- publish_sdk
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Download Go SDK
uses: actions/download-artifact@v4
with:
name: go-sdk.tar.gz
path: ${{ github.workspace }}/sdk/
- name: Uncompress Go SDK
run: tar -zxf ${{ github.workspace }}/sdk/go.tar.gz -C
${{ github.workspace }}/sdk/go
shell: bash
- uses: pulumi/publish-go-sdk-action@v1
with:
repository: ${{ github.repository }}
base-ref: ${{ github.sha }}
source: sdk
path: sdk
version: ${{ needs.prerequisites.outputs.version }}
additive: false
# Avoid including other language SDKs & artifacts in the commit
files: |
go.*
go/**
!*.tar.gz
uses: ./.github/workflows/publish.yml
secrets: inherit
with:
version: ${{ needs.prerequisites.outputs.version }}
isPrerelease: true

test:
name: test
needs:
Expand Down Expand Up @@ -195,19 +118,6 @@ jobs:
- dotnet
- go
- java
verify-release:
name: verify-release
needs:
- prerequisites
- publish
- publish_sdk
- publish_go_sdk
uses: ./.github/workflows/verify-release.yml
secrets: inherit
with:
providerVersion: ${{ needs.prerequisites.outputs.version }}
# Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release.
enableMacosRunner: false

name: prerelease
on:
Expand Down
178 changes: 178 additions & 0 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,178 @@
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
name: Publish

on:
workflow_call:
inputs:
version:
required: true
type: string
isPrerelease:
required: true
type: boolean
skipGoSdk:
default: false
type: boolean
description: Skip publishing & verifying the Go SDK

env:
IS_PRERELEASE: ${{ inputs.isPrerelease }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
KEYCLOAK_CLIENT_ID: terraform
KEYCLOAK_CLIENT_SECRET: 884e0f95-0f42-4a63-9b1f-94274655669e
KEYCLOAK_PASSWORD: password
KEYCLOAK_URL: http://localhost:8080
KEYCLOAK_USER: keycloak
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
PULUMI_API: https://api.pulumi-staging.io
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
PYPI_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
PYPI_USERNAME: __token__
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
TF_APPEND_USER_AGENT: pulumi

jobs:
publish:
name: publish
runs-on: ubuntu-latest
steps:
- name: Validate prerelease
if: inputs.isPrerelease == false && (contains(inputs.version, '-') || contains(inputs.version, '+'))
run: echo "Can't publish a prerelease version as a stable release. This is likely a bug in the calling workflow." && exit 1
- name: Validate skipGoSdk
if: inputs.skipGoSdk && inputs.isPrerelease == false
run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/[email protected]
with:
# this might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tool-cache: false
swap-storage: false
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, go
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: us-east-2
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 7200
role-external-id: upload-pulumi-release
role-session-name: keycloak@githubActions
role-to-assume: ${{ secrets.AWS_UPLOAD_ROLE_ARN }}
- name: Run GoReleaser
if: inputs.isPrerelease == false
uses: goreleaser/goreleaser-action@v5
env:
GORELEASER_CURRENT_TAG: v${{ inputs.version }}
PROVIDER_VERSION: ${{ inputs.version }}
with:
args: -p 3 release --rm-dist --timeout 60m0s
version: latest
- name: Run GoReleaser (prerelease)
if: inputs.isPrerelease == true
uses: goreleaser/goreleaser-action@v5
env:
GORELEASER_CURRENT_TAG: v${{ inputs.version }}
PROVIDER_VERSION: ${{ inputs.version }}
with:
args: -p 3 -f .goreleaser.prerelease.yml --rm-dist --skip-validate --timeout
60m0s
version: latest

publish_sdk:
name: publish_sdk
needs: publish
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup tools
uses: ./.github/actions/setup-tools
with:
tools: pulumictl, pulumicli, go, node, dotnet, python, java
- name: Publish SDKs
uses: pulumi/[email protected]
with:
sdk: all
version: ${{ inputs.version }}
- name: Download Go SDK
uses: ./.github/actions/download-sdk
with:
language: go
- uses: pulumi/publish-go-sdk-action@v1
if: inputs.skipGoSdk == false
with:
repository: ${{ github.repository }}
base-ref: ${{ github.sha }}
source: sdk
path: sdk
version: ${{ inputs.version }}
additive: false
# Avoid including other language SDKs & artifacts in the commit
files: |
go.*
go/**
!*.tar.gz
create_docs_build:
name: create_docs_build
needs: publish_sdk
# Only run for non-prerelease, if the publish_go_sdk job was successful or skipped
if: inputs.isPrerelease == false
runs-on: ubuntu-latest
steps:
- name: Dispatch Metadata build
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.PULUMI_BOT_TOKEN }}
repository: pulumi/registry
event-type: resource-provider
client-payload: |-
{
"project": "${{ github.repository }}",
"project-shortname": "keycloak",
"ref": "${{ github.ref_name }}"
}

clean_up_release_labels:
name: Clean up release labels
# Only run for non-prerelease, if the publish_go_sdk job was successful or skipped
if: inputs.isPrerelease == false
needs: create_docs_build

runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Clean up release labels
uses: pulumi/action-release-by-pr-label@main
with:
command: "clean-up-release-labels"
repo: ${{ github.repository }}
commit: ${{ github.sha }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

verify_release:
name: verify_release
needs: publish_sdk
uses: ./.github/workflows/verify-release.yml
secrets: inherit
with:
providerVersion: ${{ inputs.version }}
# Prelease is run often but we only have 5 concurrent macos runners, so we only test after the stable release.
enableMacosRunner: ${{ inputs.isPrerelease == false }}
skipGoSdk: ${{ inputs.skipGoSdk }}
Loading
Loading