generated from pulumi/pulumi-tf-provider-boilerplate
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[internal] Update GitHub Actions workflow files
- Loading branch information
1 parent
a449551
commit 281874a
Showing
4 changed files
with
48 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -308,14 +308,21 @@ debug_tfgen: | |
|
||
# Provider cross-platform build & packaging | ||
|
||
# Set these variables to enable signing of the windows binary | ||
AZURE_SIGNING_CLIENT_ID ?= | ||
AZURE_SIGNING_CLIENT_SECRET ?= | ||
AZURE_SIGNING_TENANT_ID ?= | ||
AZURE_SIGNING_KEY_VAULT_URI ?= | ||
SKIP_SIGNING ?= | ||
|
||
# These targets assume that the schema-embed.json exists - it's generated by tfgen. | ||
# We disable CGO to ensure that the binary is statically linked. | ||
bin/linux-amd64/$(PROVIDER): TARGET := linux-amd64 | ||
bin/linux-arm64/$(PROVIDER): TARGET := linux-arm64 | ||
bin/darwin-amd64/$(PROVIDER): TARGET := darwin-amd64 | ||
bin/darwin-arm64/$(PROVIDER): TARGET := darwin-arm64 | ||
bin/windows-amd64/$(PROVIDER).exe: TARGET := windows-amd64 | ||
bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: | ||
bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: bin/jsign-6.0.jar | ||
@# check the TARGET is set | ||
test $(TARGET) | ||
cd provider && \ | ||
|
@@ -324,6 +331,37 @@ bin/%/$(PROVIDER) bin/%/$(PROVIDER).exe: | |
export CGO_ENABLED=0 && \ | ||
go build -o "${WORKING_DIR}/$@" $(PULUMI_PROVIDER_BUILD_PARALLELISM) -ldflags "$(LDFLAGS)" "$(PROJECT)/$(PROVIDER_PATH)/cmd/$(PROVIDER)" | ||
|
||
@# Only sign windows binary if fully configured. | ||
@# Test variables set by joining with | between and looking for || showing at least one variable is empty. | ||
@# Move the binary to a temporary location and sign it there to avoid the target being up-to-date if signing fails. | ||
set -e; \ | ||
if [[ "${TARGET}" = "windows-amd64" && ${SKIP_SIGNING} != "true" ]]; then \ | ||
if [[ "|${AZURE_SIGNING_CLIENT_ID}|${AZURE_SIGNING_CLIENT_SECRET}|${AZURE_SIGNING_TENANT_ID}|${AZURE_SIGNING_KEY_VAULT_URI}|" == *"||"* ]]; then \ | ||
echo "Can't sign windows binaries as required configuration not set: AZURE_SIGNING_CLIENT_ID, AZURE_SIGNING_CLIENT_SECRET, AZURE_SIGNING_TENANT_ID, AZURE_SIGNING_KEY_VAULT_URI"; \ | ||
echo "To rebuild with signing delete the unsigned $@ and rebuild with the fixed configuration"; \ | ||
if [[ ${CI} == "true" ]]; then exit 1; fi; \ | ||
else \ | ||
mv $@ [email protected]; \ | ||
az login --service-principal \ | ||
--username "${AZURE_SIGNING_CLIENT_ID}" \ | ||
--password "${AZURE_SIGNING_CLIENT_SECRET}" \ | ||
--tenant "${AZURE_SIGNING_TENANT_ID}" \ | ||
--output none; \ | ||
ACCESS_TOKEN=$$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken); \ | ||
java -jar bin/jsign-6.0.jar \ | ||
--storetype AZUREKEYVAULT \ | ||
--keystore "PulumiCodeSigning" \ | ||
--url "${AZURE_SIGNING_KEY_VAULT_URI}" \ | ||
--storepass "$${ACCESS_TOKEN}" \ | ||
[email protected]; \ | ||
mv [email protected] $@; \ | ||
az logout; \ | ||
fi; \ | ||
fi | ||
|
||
bin/jsign-6.0.jar: | ||
wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar --output-document=bin/jsign-6.0.jar | ||
|
||
provider-linux-amd64: bin/linux-amd64/$(PROVIDER) | ||
provider-linux-arm64: bin/linux-arm64/$(PROVIDER) | ||
provider-darwin-amd64: bin/darwin-amd64/$(PROVIDER) | ||
|