Skip to content

fix: do not hit API Server for CSA preview #1530

fix: do not hit API Server for CSA preview

fix: do not hit API Server for CSA preview #1530

# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt
name: run-acceptance-tests
on:
repository_dispatch:
types:
- run-acceptance-tests-command
pull_request:
branches:
- master
- main
- v4
paths-ignore:
- CHANGELOG.md
workflow_dispatch: {}
env:
GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}
PROVIDER: kubernetes
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }}
PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
TRAVIS_OS_NAME: linux
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/..
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }}
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
GOVERSION: 1.20.x
NODEVERSION: 16.x
PYTHONVERSION: "3.7"
DOTNETVERSION: |
6.0.x
3.1.301
JAVAVERSION: "11"
AWS_REGION: us-west-2
PULUMI_TEST_OWNER: moolumi
GOLANGCI_LINT_VERSION: v1.52.2
GOLANGCI_LINT_TIMEOUT: 10m
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected]
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT_NUMBER: 637339343727
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }}
jobs:
comment-notification:
runs-on: ubuntu-latest
name: comment-notification
steps:
- name: Create URL to the run output
id: vars
run: echo ::set-output
name=run-url::https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
- name: Update with Result
uses: peter-evans/create-or-update-comment@v1
with:
token: ${{ secrets.PULUMI_BOT_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
issue-number: ${{ github.event.client_payload.github.payload.issue.number }}
body: "Please view the PR build: ${{ steps.vars.outputs.run-url }}"
if: github.event_name == 'repository_dispatch'
prerequisites:
runs-on: ubuntu-latest
name: prerequisites
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
lfs: true
ref: ${{ env.PR_COMMIT_SHA }}
- name: Checkout Scripts Repo
uses: actions/checkout@v3
with:
path: ci-scripts
repository: pulumi/scripts
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/action-install-pulumi-cli@v2
- if: github.event_name == 'pull_request'
name: Install Schema Tools
uses: jaxxstorm/[email protected]
with:
repo: mikhailshilkov/schema-tools
- name: Build K8sgen
run: make k8sgen
- name: Prepare OpenAPI file
run: make openapi_file
- name: Prepare Schema
run: make schema
- name: Make Kubernetes provider
run: make k8sprovider
- if: github.event_name == 'pull_request'
name: Check Schema is Valid
run: >-
echo 'SCHEMA_CHANGES<<EOF' >> $GITHUB_ENV
schema-tools compare ${{ env.PROVIDER }} master --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
- if: github.event_name == 'pull_request'
name: Comment on PR with Details of Schema Check
uses: thollander/actions-comment-pull-request@v2
with:
message: |
### Does the PR have any schema changes?
${{ env.SCHEMA_CHANGES }}
comment_tag: schemaCheck
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: contains(env.SCHEMA_CHANGES, 'Looking good! No breaking changes found.') &&
github.actor == 'pulumi-bot'
name: Add label if no breaking changes
uses: actions-ecosystem/[email protected]
with:
labels: impact/no-changelog-required
number: ${{ github.event.issue.number }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Check worktree clean
run: ./ci-scripts/ci/check-worktree-is-clean
- run: git status --porcelain
- name: Tar provider binaries
run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace}}/bin/ pulumi-resource-${{ env.PROVIDER }}
pulumi-gen-${{ env.PROVIDER}}
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin/provider.tar.gz
retention-days: 30
- name: Test Provider Library
run: make test_provider
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@v3
with:
author_name: Failure in building provider prerequisites
fields: repo,commit,author,action
status: ${{ job.status }}
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
build_sdks:
needs: prerequisites
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
name: build_sdks
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
lfs: true
ref: ${{ env.PR_COMMIT_SHA }}
- name: Checkout Scripts Repo
uses: actions/checkout@v3
with:
path: ci-scripts
repository: pulumi/scripts
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/action-install-pulumi-cli@v2
- name: Setup Node
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@v1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@v3
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
with:
gradle-version: "7.6"
- name: Download provider + tfgen binaries
uses: actions/download-artifact@v2
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
- name: UnTar provider binaries
run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace}}/bin
- name: Restore Binary Permissions
run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
-exec chmod +x {} \;
- name: Generate SDK
run: make ${{ matrix.language }}_sdk
- name: Check worktree clean
run: ./ci-scripts/ci/check-worktree-is-clean
- run: git status --porcelain
- name: Tar SDK folder
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} .
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz
retention-days: 30
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@v3
with:
author_name: Failure while building SDKs
fields: repo,commit,author,action
status: ${{ job.status }}
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
test:
runs-on: ubuntu-latest
needs:
- build_sdks
- build-test-cluster
strategy:
fail-fast: true
matrix:
language:
- nodejs
- python
- dotnet
- go
- java
name: test
permissions:
contents: read
id-token: write
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
lfs: true
ref: ${{ env.PR_COMMIT_SHA }}
- name: Checkout Scripts Repo
uses: actions/checkout@v3
with:
path: ci-scripts
repository: pulumi/scripts
- name: Unshallow clone for tags
run: git fetch --prune --unshallow --tags
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: Install pulumictl
uses: jaxxstorm/[email protected]
with:
repo: pulumi/pulumictl
- name: Install Pulumi CLI
uses: pulumi/action-install-pulumi-cli@v2
- name: Setup Node
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Setup DotNet
uses: actions/setup-dotnet@v1
with:
dotnet-version: ${{ env.DOTNETVERSION }}
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: ${{ env.PYTHONVERSION }}
- name: Setup Java
uses: actions/setup-java@v3
with:
java-version: ${{ env.JAVAVERSION }}
distribution: temurin
cache: gradle
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
with:
gradle-version: "7.6"
- name: Download provider + tfgen binaries
uses: actions/download-artifact@v2
with:
name: pulumi-${{ env.PROVIDER }}-provider.tar.gz
path: ${{ github.workspace }}/bin
- name: UnTar provider binaries
run: tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{
github.workspace}}/bin
- name: Restore Binary Permissions
run: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print
-exec chmod +x {} \;
- name: Download SDK
uses: actions/download-artifact@v2
with:
name: ${{ matrix.language }}-sdk.tar.gz
path: ${{ github.workspace}}/sdk/
- name: UnTar SDK folder
run: tar -zxf ${{ github.workspace}}/sdk/${{ matrix.language}}.tar.gz -C ${{
github.workspace}}/sdk/${{ matrix.language}}
- name: Update path
run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
- name: Install Node dependencies
run: yarn global add typescript
- run: dotnet nuget add source ${{ github.workspace }}/nuget
- name: Install Python deps
run: |-
pip3 install virtualenv==20.0.23
pip3 install pipenv
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Make Kube Directory
run: mkdir -p "~/.kube/"
- name: Download Kubeconfig
uses: actions/download-artifact@v2
with:
name: config
path: ~/.kube/
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-region: ${{ env.AWS_REGION }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 3600
role-session-name: ${{ env.PROVIDER }}@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@v0
with:
install_components: gke-gcloud-auth-plugin
- name: Install Kubectl
run: >
curl -LO
https://storage.googleapis.com/kubernetes-release/release/$(curl -s
https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv kubectl /usr/local/bin
- name: Install and configure Helm
run: |
curl -LO https://get.helm.sh/helm-v3.8.0-linux-amd64.tar.gz
tar -xvf helm-v3.8.0-linux-amd64.tar.gz
sudo mv linux-amd64/helm /usr/local/bin
helm repo add stable https://charts.helm.sh/stable
helm repo update
- name: Install gotestfmt
uses: GoTestTools/gotestfmt-action@v2
with:
version: v2.4.0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run tests
run: cd tests/sdk/${{ matrix.language }} && go test -v -count=1 -cover -timeout
2h -parallel 4 ./...
- if: failure() && github.event_name == 'push'
name: Notify Slack
uses: 8398a7/action-slack@v3
with:
author_name: Failure in SDK tests
fields: repo,commit,author,action
status: ${{ job.status }}
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
sentinel:
runs-on: ubuntu-latest
name: sentinel
steps:
- name: Is workflow a success
run: echo yes
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
needs:
- test
- lint
- destroy-test-cluster
build-test-cluster:
runs-on: ubuntu-latest
name: build-test-cluster
outputs:
stack-name: ${{ steps.stackname.outputs.stack-name }}
permissions:
contents: read
id-token: write
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
lfs: true
ref: ${{ env.PR_COMMIT_SHA }}
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: Install Pulumi CLI
uses: pulumi/action-install-pulumi-cli@v2
- name: Setup Node
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@v0
with:
install_components: gke-gcloud-auth-plugin
- name: Install Kubectl
run: >
curl -LO
https://storage.googleapis.com/kubernetes-release/release/$(curl -s
https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv kubectl /usr/local/bin
- name: Login to Google Cloud Registry
run: gcloud --quiet auth configure-docker
- name: Set stack name in output
id: stackname
run: echo '::set-output name=stack-name::${{ env.PULUMI_TEST_OWNER }}/${{
github.sha }}-${{ github.run_id }}-${{ github.run_attempt }}'
- name: Create test infrastructure
run: ./scripts/ci-cluster-create.sh ${{ steps.stackname.outputs.stack-name }}
- name: Upload Kubernetes Artifacts
uses: actions/upload-artifact@v3
with:
name: config
path: ~/.kube/config
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository
destroy-test-cluster:
runs-on: ubuntu-latest
name: teardown-test-cluster
needs:
- build-test-cluster
- test
if: ${{ always() }} && github.event.pull_request.head.repo.full_name ==
github.repository
permissions:
contents: read
id-token: write
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
lfs: true
ref: ${{ env.PR_COMMIT_SHA }}
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: Install Pulumi CLI
uses: pulumi/action-install-pulumi-cli@v2
- name: Setup Node
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODEVERSION }}
registry-url: https://registry.npmjs.org
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@v0
with:
install_components: gke-gcloud-auth-plugin
- name: Install Kubectl
run: >
curl -LO
https://storage.googleapis.com/kubernetes-release/release/$(curl -s
https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv kubectl /usr/local/bin
- name: Login to Google Cloud Registry
run: gcloud --quiet auth configure-docker
- name: Destroy test infra
run: ./scripts/ci-cluster-destroy.sh ${{
needs.build-test-cluster.outputs.stack-name }}
- uses: geekyeggo/delete-artifact@v1
with:
name: config
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v3
with:
lfs: true
ref: ${{ env.PR_COMMIT_SHA }}
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: golangci-lint provider pkg
uses: golangci/golangci-lint-action@v3
with:
version: ${{ env.GOLANGCI_LINT_VERSION }}
args: -c ../../.golangci.yml --timeout ${{ env.GOLANGCI_LINT_TIMEOUT }}
working-directory: provider/pkg
name: lint
if: github.event_name == 'repository_dispatch' ||
github.event.pull_request.head.repo.full_name == github.repository