Update GitHub Actions workflows. #168
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt | |
env: | |
PROVIDER: ns1 | |
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} | |
DOTNETVERSION: | | |
6.0.x | |
3.1.301 | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GOVERSION: 1.21.x | |
JAVAVERSION: "11" | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NODEVERSION: 16.x | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NS1_APIKEY: ${{ secrets.NS1_APIKEY }} | |
NUGET_PUBLISH_KEY: ${{ secrets.NUGET_PUBLISH_KEY }} | |
PUBLISH_REPO_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} | |
PUBLISH_REPO_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
PULUMI_API: https://api.pulumi-staging.io | |
PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. | |
PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget | |
PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }} | |
PYTHONVERSION: "3.9" | |
SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }} | |
SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }} | |
SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
TF_APPEND_USER_AGENT: pulumi | |
TRAVIS_OS_NAME: linux | |
jobs: | |
build_sdk: | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
name: build_sdk | |
needs: prerequisites | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.PR_COMMIT_SHA }} | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@v3 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
cache-dependency-path: | | |
sdk/go.sum | |
go-version: 1.21.x | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/action-install-pulumi-cli@v2 | |
- name: Setup Node | |
uses: actions/setup-node@v2 | |
with: | |
node-version: ${{ env.NODEVERSION }} | |
registry-url: https://registry.npmjs.org | |
- name: Setup DotNet | |
uses: actions/setup-dotnet@v1 | |
with: | |
dotnet-version: ${{ env.DOTNETVERSION }} | |
- name: Setup Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: ${{ env.PYTHONVERSION }} | |
- name: Setup Java | |
uses: actions/setup-java@v3 | |
with: | |
cache: gradle | |
distribution: temurin | |
java-version: ${{ env.JAVAVERSION }} | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v2 | |
with: | |
gradle-version: "7.6" | |
- name: Download provider + tfgen binaries | |
uses: actions/download-artifact@v2 | |
with: | |
name: ${{ env.PROVIDER }}-provider.tar.gz | |
path: ${{ github.workspace }}/bin | |
- name: Untar provider binaries | |
run: >- | |
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace}}/bin | |
find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \; | |
- name: Install plugins | |
run: make install_plugins | |
- name: Update path | |
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
- name: Set PACKAGE_VERSION to Env | |
run: echo "PACKAGE_VERSION=$(pulumictl get version --language generic)" >> | |
"$GITHUB_ENV" | |
- name: Build SDK | |
run: make build_${{ matrix.language }} | |
- name: Check worktree clean | |
run: ./ci-scripts/ci/check-worktree-is-clean | |
- name: Compress SDK folder | |
run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz | |
retention-days: 30 | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in building ${{ matrix.language }} sdk | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
strategy: | |
fail-fast: true | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
comment-notification: | |
if: github.event_name == 'repository_dispatch' | |
name: comment-notification | |
runs-on: ubuntu-latest | |
steps: | |
- id: run-url | |
name: Create URL to the run output | |
run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" | |
- name: Update with Result | |
uses: peter-evans/create-or-update-comment@v1 | |
with: | |
body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" | |
issue-number: ${{ github.event.client_payload.github.payload.issue.number }} | |
repository: ${{ github.event.client_payload.github.payload.repository.full_name }} | |
token: ${{ secrets.PULUMI_BOT_TOKEN }} | |
lint: | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
name: lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.PR_COMMIT_SHA }} | |
- name: disarm go:embed directives to enable lint | |
run: | | |
git grep -l 'go:embed' -- provider | xargs sed -i 's/go:embed/ goembed/g' | |
- name: prepare upstream | |
continue-on-error: true | |
run: make upstream | |
- name: Install go | |
uses: actions/setup-go@v4 | |
with: | |
# The versions of golangci-lint and setup-go here cross-depend and need to update together. | |
go-version: 1.21 | |
# Either this action or golangci-lint needs to disable the cache | |
cache: false | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
version: v1.54.1 | |
working-directory: provider | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in linting provider | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
prerequisites: | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
name: prerequisites | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.PR_COMMIT_SHA }} | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@v3 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
cache-dependency-path: | | |
sdk/go.sum | |
go-version: 1.21.x | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/action-install-pulumi-cli@v2 | |
- if: github.event_name == 'pull_request' | |
name: Install Schema Tools | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: pulumi/schema-tools | |
- name: Build tfgen & provider binaries | |
run: make provider | |
- if: github.event_name == 'pull_request' | |
name: Check Schema is Valid | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
{ | |
echo "SCHEMA_CHANGES<<$EOF"; | |
schema-tools compare -p ${{ env.PROVIDER }} -o ${{ github.event.repository.default_branch }} -n --local-path=provider/cmd/pulumi-resource-${{ env.PROVIDER }}/schema.json; | |
echo "$EOF"; | |
} >> "$GITHUB_ENV" | |
- if: github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' | |
name: Comment on PR with Details of Schema Check | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
comment_tag: schemaCheck | |
message: >+ | |
### Does the PR have any schema changes? | |
${{ env.SCHEMA_CHANGES }} | |
Maintainer note: consult the [runbook](https://github.com/pulumi/platform-providers-team/blob/main/playbooks/tf-provider-updating.md) for dealing with any breaking changes. | |
- name: Tar provider binaries | |
run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace }}/bin/ pulumi-resource-${{ env.PROVIDER }} | |
pulumi-tfgen-${{ env.PROVIDER }} | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{ env.PROVIDER }}-provider.tar.gz | |
path: ${{ github.workspace }}/bin/provider.tar.gz | |
retention-days: 30 | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in building provider prerequisites | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
sentinel: | |
name: sentinel | |
# We would like to be able to specify `sentinel` as the only required job for this | |
# workflow. To do that, we need `sentinel` to succeed only when it is safe to | |
# merge and fail in all other cases. | |
# | |
# We can't use the default `if: success()`, since GitHub interprets a skipped job as a | |
# success, and by default a dependee job failing will skip a dependent job. That means | |
# if a test step fails, then it will skip `sentinel` so GitHub will register | |
# `sentinel` as succeeded. | |
# | |
# GitHub documents `jobs.result` as: | |
# | |
# The result of a job in the reusable workflow. Possible values are success, | |
# failure, cancelled, or skipped. | |
# | |
# GitHub documents `cancelled()` as: | |
# | |
# Returns true if the workflow was canceled. | |
# | |
# Combining these terms gives us an intuitive definition of success: | |
# | |
# We have succeeded when no dependent workflow has failed and the job was | |
# not cancelled. | |
# | |
if: (github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository) && | |
! cancelled() | |
needs: | |
- test | |
- lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Workflow is not a success | |
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') | |
run: exit 1 | |
- name: Workflow is a success | |
run: echo "🎉🎈🎉🎈🎉" | |
test: | |
if: github.event_name == 'repository_dispatch' || | |
github.event.pull_request.head.repo.full_name == github.repository | |
name: test | |
needs: build_sdk | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.PR_COMMIT_SHA }} | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@v3 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
cache-dependency-path: | | |
sdk/go.sum | |
go-version: 1.21.x | |
- name: Install pulumictl | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/action-install-pulumi-cli@v2 | |
- name: Setup Node | |
uses: actions/setup-node@v2 | |
with: | |
node-version: ${{ env.NODEVERSION }} | |
registry-url: https://registry.npmjs.org | |
- name: Setup DotNet | |
uses: actions/setup-dotnet@v1 | |
with: | |
dotnet-version: ${{ env.DOTNETVERSION }} | |
- name: Setup Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: ${{ env.PYTHONVERSION }} | |
- name: Setup Java | |
uses: actions/setup-java@v3 | |
with: | |
cache: gradle | |
distribution: temurin | |
java-version: ${{ env.JAVAVERSION }} | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v2 | |
with: | |
gradle-version: "7.6" | |
- name: Download provider + tfgen binaries | |
uses: actions/download-artifact@v2 | |
with: | |
name: ${{ env.PROVIDER }}-provider.tar.gz | |
path: ${{ github.workspace }}/bin | |
- name: Untar provider binaries | |
run: >- | |
tar -zxf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ | |
github.workspace}}/bin | |
find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \; | |
- run: dotnet nuget add source ${{ github.workspace }}/nuget | |
- name: Download SDK | |
uses: actions/download-artifact@v2 | |
with: | |
name: ${{ matrix.language }}-sdk.tar.gz | |
path: ${{ github.workspace}}/sdk/ | |
- name: Uncompress SDK folder | |
run: tar -zxf ${{ github.workspace }}/sdk/${{ matrix.language }}.tar.gz -C ${{ | |
github.workspace }}/sdk/${{ matrix.language }} | |
- name: Update path | |
run: echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" | |
- name: Install Python deps | |
run: |- | |
pip3 install virtualenv==20.0.23 | |
pip3 install pipenv | |
- name: Install dependencies | |
run: make install_${{ matrix.language}}_sdk | |
- name: Install gotestfmt | |
uses: GoTestTools/gotestfmt-action@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
version: v2.4.0 | |
- name: Run tests | |
run: cd examples && go test -v -json -count=1 -cover -timeout 2h -tags=${{ | |
matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | |
- if: failure() && github.event_name == 'push' | |
name: Notify Slack | |
uses: 8398a7/action-slack@v3 | |
with: | |
author_name: Failure in running ${{ matrix.language }} tests | |
fields: repo,commit,author,action | |
status: ${{ job.status }} | |
strategy: | |
fail-fast: false | |
matrix: | |
language: | |
- nodejs | |
- python | |
- dotnet | |
- go | |
- java | |
name: run-acceptance-tests | |
on: | |
pull_request: | |
branches: | |
- master | |
paths-ignore: | |
- CHANGELOG.md | |
repository_dispatch: | |
types: | |
- run-acceptance-tests-command |